Hugh Pickens writes writes "Nicole Perlroth writes in the NY Times that Kevin Mandia has spent his entire career cleaning up problems much like the recent breach at Stratfor where Anonymous defaced Stratfor’s Web site, published over 50,000 of its customers’ credit card numbers online and have threatened to release a trove of 3.3 million e-mails putting Stratfor is in the position of trying to recover from a potentially devastating attack without knowing whether the worst is over. “They’re in a bad place,” says Mandia, who is not involved in the Stratfor case. “If the attacker is going to release their e-mails, there’s no way to shut them down.” Mandia, who has responded to breaches, extortion attacks and economic espionage campaigns at 22 companies in the Fortune 100 in the last two years and has told Congress that if an advanced attacker targets your company then a breach is inevitable (PDF), calls the first hour he spends with companies “upchuck hour" as he asks for firewall logs, web logs, and emails to quickly determine the “fingerprint” of the intrusion and its scope. "“Every minute you take to figure this out, you could be losing more e-mails and more credit data." The first thing a forensics team will do is try to get the hackers off the company’s network, which entails simultaneously plugging any security holes, removing any back doors into the company’s network that the intruders might have installed, and changing all the company’s passwords. “This is something most people fail at. It’s like removing cancer. You have to remove it all at once. If you only remove the cancer in your leg, but you have it in your arm, you might as well have not had the operation on your leg.” In the case of Stratfor, hackers have taken to Twitter to announce that they plan to release more Stratfor data over the next several days offering a ray of hope as experts say the most dangerous breaches are the quiet ones that leave no trace. “The hacks that do the most damage don’t have Twitter feeds.”"