Um, I think what they are showing is just an example of what they have
They aren't going to publicize everything they have, then ask people for cash. There are people out there that can look at what they are publicizing and see it for the potential threat it is, not just recognize what it came from :P
Anyway I've worked for 2 kind of big companies recently with full access to their customer data interfaces. If they are good examples of other corps customer databases and how they are run; the windows systems have internet access, and with windows they can be infected easily; they tend to be secured by the popular anti viruses to hack around, so really no security there; if someone were to actually get into the system itself through a windows terminal (as all clients have it turned on by default so the IT guys can fix and admin the computers easily (yey windows) then all they need to do is run the same program I do to access customer data and just export the database contents slowly over time, or better yet, use my profile to do it while I'm already using it, as I can log into more than one PC to do this at the same time if I really wanted to on most customer database systems. They can learn all this by just watching what we are all doing for a week or two remotely.
To do this is well within the power of the hackers that do it for a living, and with people VPN'ing from home and such with full access to the data, the hackers could just as easily go through the corporate presidents VPN'ed from home system if they get lucky enough to take it over. I've worked remotely on user's systems where they use it as their home computer, with family member users created on it and everything. Or the users that use their own home computers to access data on the corporate network... over home wireless (everyone should know by now NO ONE really knows how to secure their wireless network). There's about as many geeks out there that can take a car engine apart and put it back together as there are home users that know anything about wireless, or any kind of basic security, or basic PC tech of any kind really. But they all own them. I own a car, but if it broke I use AAA, I try not to pretend to know what it's doing inside just because I own one :P If we as tech's don't make things as simple as putting a button on the computer, that when you press it, it lights up showing your security is turned on your computer, then we can't expect people to know what the "right thing" to do is. Especially when the best of us have all gotten a virus (or hundreds, when we find our AV has completely failed), our advantage is some of us know how to clean it off without reinstalling everything from scratch. But the average person is very used to having to blow their system away and start over, after the first time(s) it happens to them. I really shouldn't have to explain any of this :P
I'm actually surprised something like this didn't happen sooner, or maybe this is just the first company they went public with.
The companies I mention having worked for are Bausch & Lomb and Globalcrossing, both take their security very seriously, but like most (or all if they are big) companies, they bought into windows faster than they knew how. Ease of use has been more important than security for a loooong time. At least Globalcrossing has people who hover over the servers and network making sure nothing strange is going on. Non-IT companies have to rely on faith that the security is actually working properly, because they go cheap on the IT staff that only knows how to play with windows, not actually use it :-P When your IT can't explain to your boss that it isn't you who is popping the porn up on your computer screen, the company is pretty much relying on borrowed time.
So what I was getting at initially is, showing they can see what the DNS knows is just an example, what should be a BIG example as it is one of the key servers for any functioning network. If they have the same access to the rest of the network, which is I think what they are trying to get at, then they literally could have everything on every customer that has ever existed. And people who do this for a living have plenty of cash to buy HDD to store the DB data. I probably have enough cash to buy the HDD to store the data, it's not like it's mine, I'm not going to set up a raid array to keep it safe ;P lol maybe burn a couple hard copies though if I wanna make money off of it. But this is all common sense kind of things, or should be to the IT crowd.
Anonymous because I said and know waay too much, between the required IT classes I have taken, and the radio communications -> wireless networking course taught by an ex Navy radio man, and ham radio officio, and working so much helpdesk for home and corporate users, the main thing I have learned is ignorance is really bliss. And the idea that there are a lot of people who know enough to be dangerous, but not enough to be helpful, has never been more appropriate than today ;-P Best thing about when the present gets this crazy is that it will be our past soon enough.
Boy I had a lot of hot air backed up in there.