Stratum protocol wasn't the subect of the attack vector either. From what I've read, it's an exploit of the way all TCP/IP (internet protcol) traffic is routed from source to destination. There is inevitably several hops where the infrastructure of the internet (run by big telecom corporations) makes decisions as to where to send TCP/IP packets next as a part of completing the trip. The hackers targetted this part of the infrastructure, redirecting hashing from known pools to other pools (or possibly to their own mining setup, which adds even more intrigue). Comment suggested that insiders at telecoms were potential suspects, although this new report suggests otherwise.