QUOTE (Golgoth @ Jul 6 2017, 01:49 PM)
Over the past several days, I assume CGL, Topps, and probably Rackspace have likely been doing triage on their webserver (it's been up for at least a couple of days, you could ping it, etc, but the webpages themselves were offline). Instead of getting a working website going, they went with the option of keeping everything offline for X amount of time. I assume to try and continue to look into how they were hacked, make sure all trojans, rootkits, etc have been removed (which could very well mean someone had to change out hardware).
... Okay, as I look more into this, I think I need to get in touch with their forensics people / whoever they hired for forensics just so I can get a few things straight and potentially provide a bit of insight. If this post looks chaotic, it's because I was changing what I had typed on the fly. Most of this stuff I've known over the past several days, but there is more and more information I'm seeing (this is all publically available if you look, btw) since I decided to care more (Shadowrun has been my favorite game since the 90s and is literally the reason why I do the job I do right now).
Ahahaha, "forensics people"?
I'm sorry, but you seem to have a very wrong impression of scale here: There is no triage and no forensics team looking into possibly replacing hardware after a sophisticated attack on a high-value target. CGL is a tiny company with an off the self hosting package who had their website defaced. Topps isn't involved anywhere in this, the hoster doesn't care as long as the server isn't used for anything criminal or disruptive to others, and even CGL themselves are not exactly in a hurry...