The only way to be sure is a full system restore. Backups are essential but I wouldn't back up any executable or dll files...
Two points of failure: this rolling metal brick totally stands out and the tires are not reinforced. Armor or not if you find yourself in an immobile vehicle you're just asking to get gassed. If you can't drive in an area with your loot without turning heads and painting a giant target on your forehead then your mode of transportation is largely ineffective.
The best security is one that admits that it can be defeated, a layered approach is best. After they've hacked the webserver where can they go from there? your SQL server will be wide open.
Consider using a grsec patched kernel, chrooting your webserver and restricting everything that isn't absolutely necessary. Grsec supports the feature to prevent binaries from executing on a specified chroot, this may prevent many attacks that would escalate their access. Don't provide compilers, don't have perl/ruby/etc available unless you need to. They may be able to penetrate with a staged payload dropping the privilege escalating exploit at the end and in this case the chroot may restrict their access. If they do manage to break past the chroot you want a fully configured RBAC system. Root shouldn't mean ring 0 in most cases. Disable loading kernel modules, disable
If you can afford it put a bridged firewall/IDS between the webserver and the database. Log everything, make sure your alerts work! Alerts are extremely important in that you can detect a hack in progress and possibly prevent further data extraction! Use white-listing instead of blacklisting. Only allow the absolute minimum. The idea here is that you want to reduce your attack surface as much as possible whilst still keeping functionality.
That is just on the IT aspect tho. Consider the scenario in which an employee goes rogue: disable firewire port (DMA attacks are easily possible), disable usb ports, lock the server room, immediately lock out/revoke IDs to an employee about to be fired (preferably before they're fired), and for god's sake screen your applicants.
The 'Anonymous' name gives crackers that already were hacking before a name to go under. Basically anyone who can quote "We are legion" and is already hacking can now put up a sweet little front.
So NATO: stop chasing ghosts. Sure they could make a few arrests but I imagine there are more sects of anonymous than there are nations. The terrible truth to this situation is that once they start openly prosecuting who they think is "Anonymous" every blackhat will be given an excuse to start their campaigns on them. "Provoking the wrath of anonymous" actually means "painting targets on hackers and paying the price". Anonymous wants to stay anonymous they shouldn't go provoking an enemy they don't know or understand.
The quintessential example is HBGary; learn from history.
It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome