Ars Technica has an interesting article describing in detail how the group Anonymous was able to penetrate and embarrass the security firm HBGary and the rootkit.com site.
This was not a particularly advanced attack, but rather one that focused on known weaknesses, bad practices, and social engineering of people who should know better.
Most frustrating for HBGary must be the knowledge that they know what they did wrong, and they were perfectly aware of best practices; they just didn’t actually use them. Everybody knows you don’t use easy-to-crack passwords, but some employees did. Everybody knows you don’t re-use passwords, but some of them did. Everybody knows that you should patch servers to keep them free of known security flaws, but they didn’t.