If they’d bother getting a contract first, they’d probably make good money in pen testing.
A Cayman Islands security firm got a bit of unsolicited web security advice on March 30 from MalSec, a group of “malicious security” hackers who recently broke into a server belonging to the Nigerian Senate. But unlike some of the nastier site defacements done recently by members of Anonymous’ #AntiSec collective—including takedowns of two Federal Trade Commission sites—the MalSec hackers left the site itself intact, posting only a replacement home page to advise the company, The Security Centre Ltd., of their vulnerability.
“Whilst no harm was done to the original site,” the hackers wrote on their replacement home page, “we urge you to secure your site before claiming to be ‘the best of the best’ in any kind of security. We were not first—traces of previous security breaches were found.” The page gave instructions on how to return the site to normal, and advised the company to “please oversee your security before somebody else with more harmful intent does. You can thank us later <3.”
In Security Centre’s defense, they are a physical security company, not information security.