Monitoring subscriptions raise eyebrows. http://www.bit-tech.net/news/bits/2014/08/06/hold-security/1
I think I came across this syndicate, had infected a vulnerable windows server that was querying every public ip for vulnerabilities and logging them. They had used a MySQL exploit to high jacked the system account and generated themselves their own local admin and had RDP'd into the server loaded their software and launched their attack from the server, it appeared like it had acted like a worm, compromised the server and used it to spread to more compromised, collecting vulnerable servers in its wake. I changed their local password and logged in on their active login connection to see the exploit running. I took all their data and the source ip from where the initial exploit on our server had come from. And send it onto authorities.
This sound so much like a scam. If it wasn't that this Hold Security was (from what i read) the same firm that revealed the Adobe and Target breaches i would outright say it is a scam.
It does indeed (that timing is seriously suspicious), but they seem to indeed have the experience to back it (I confirmed the Adobe work when I tracked it down, but got bored and didn't check the Target announce). /me primes Keepass' password generator.
It seems this has attracted the attention of the FBI. FBI probing reported theft of 1.2 billion Internet credentials http://www.reuters.com/article/2014/08/19/us-cybercrime-breach-russia-idUSKBN0GJ2AH20140819