One logical explanation is the following:
Somebody got ahold of the root ssh key, likely an ex employee or current employee.
They logged into all the machines, changed the root pass/keys or replaced the ssh server with a custom one and then systematically disabled apache/lighttpd/nginx/mysql/pgsql etc (you'll notice that the sites running apache show forbidden but the ones that were running lighttpd just time out), then they gave rcn an ultimatum, effectively holding them hostage for a calculated sum of money (somebody who knows what is at stake, again, likely an employee/ex-employee). They probably also had the insight to make sure backups were affected as this really don't seem like a heat-of-the-moment thing. This is premeditated. The servers are still online, they are still 'running' the dns is still working... nothing was 'corrupted' or trashed, RCN just doesn't have access any more, holding them in a tight position as the servers are spread out in multiple locations and they don't have anyone 'infront' of them to use the console or do mass operating system re-installs+backup recoveries.
This is the only situation that really makes sense, there is NO gain to be made from hacking RCN and deleting everything. There is always motive involved, almost always monetary. As such, I assume somebody is doing this for financial gain and they are likely holding it hostage until they get the money, which if it is a wire, would be quite a few days. :\ I know of a registrar that was in a very similar situation recently. This registrar was being ddosed by a disgruntled ex-customer who had their domains deleted or blocked and they basically kept ddossing the domain servers until the registrar finally gave in.
I really don't want this to turn into an epass drama thread/situation and incite pandemonium or mass exodus, but this is really the most probable situation as it stands now.
