Update on the Slicehost STL-A outage recently (DC routers got owned)
forum.slicehost.comWow that's bad. When someone has full control of your routers you can never be sure what they made off with. Remember that not everything is secured with TLS/SSL. Heck think about all the traffic that is unencrypted that isn't HTTP. Someone exploiting the management port of IOS could conceivably just log all data and review at their leisure. Wiping IOS was most likely to cover their tracks.
The simplistic conclusion is to blame it on people hacking for lols. The more troubling thought is that someone malicious and methodical had taken control of their routers secretly for an unknown amount of time and only caused damage when they thought they'd got enough of what they wanted or were in danger of being found out.
As you say that second rabbit hole could go pretty deep.
What frightens me even more than Luke taking the edge routers to Anchorhead, is this phrase: "When we received alerts and reports from customers, our operations team began to check our infrastructure." which suggests that they didn't have monitoring in place that could detect and alert on even such a coarse-grained event.