Panda Security cleans up defaced websites after LulzSec arrest revenge attack

Filed Under: Featured, Vulnerability

With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight.

The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees.

Panda Security website hacked. Click for larger version

Part of the message read:

YEAH YEAH
WE KNOW...
SABU SNITCHED ON US
AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY
WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)

IT'S SAD AND WE CANT IMAGINE HOW IT FEELS HAVING TO LOOK AT THE MIRROR EACH MORNING
AND SEE THERE THE GUY WHO SHOPPED THEIR FRIENDS TO POLICE.

ANYWAY...

LOVE TO LULZSEC / ANTISEC FALLEN FRIENDS
THOSE WHO TRULY BELIEVED WE COULD MAKE A DIFFERENCE
LOVE TO THOSE BUSTED ANONS, FRIENDS WHO ARE FIGHTING FOR THEIR OWN FREEDOM NOW
LOVE TO THOSE WHO FIGHTED FOR THEIR FREEDOM IN TUNISIA, EGYPT, LIBYA
SYRIA, BAHRAIN, YEMEN, IRAN, ETC AND ETC AND ETC

LOVE TO THOSE WHO FIGHTED FOR FREEDOM OF SPEECH, FOR A REAL DEMOCRACY,
FOR A GOVT FREE OF CORRUPTION,

FOR A FREE WORLD WHERE WE ARE ABLE TO SHARE OUR KNOWLEDGE FREELY

LOVE TO THOSE WHO FIGHT FOR SOMETHING THEY BELIEVE IN

WE ARE ANTISEC
WE LL FIGHT TILL THE END

The message went on to claim that Panda Security had assisted the authorities in identifying LulzSec hackers, and that the hacking group had planted backdoors into Panda's anti-virus software.

The hackers appeared to single out yesterday's blog post (currently offline) by Luis Corrons, technical director at PandaLabs, who asked "Where is the lulz now?" which welcomed the action against Sabu and other alleged LulzSec hacktivists.

As Luis pointed out on Twitter, clearly whoever defaced the Panda Security websites has something of a problem with free speech:

Luis confirmed to me that there is no truth in the hackers' claim that their security software has been compromised with backdoors.

Furthermore, an official statement on Panda's Facebook page, makes clear that the compromised web server - that was used for marketing campaigns and blogs - was outside Panda's internal network, and that no customer data was accessed, and that source code and update servers were not compromised.

That's good news.

The statement goes on to say that the login credentials posted by the hackers are obsolete.

Panda statement

It appears that the affected websites have now been taken offline, presumably temporarily, while Panda Security fixes any outstanding issues.

At least the Luis Corrons has kept his sense of humour, as the following tweet proves:

I suspect few companies would be brave enough (crazy enough?) to say that they are 100% invulnerable to hackers throughout their organisation - and whenever you have external websites used by your marketing departments there is the risk that they may not be as well secured as your business critical systems at the heart of your organisation.

I have no doubt that Panda Security will be putting in place tighter guidelines to ensure that its marketing and blog activities are better protected in future. Fortunately, the defacement was not serious and no customers were adversely affected. It's more of a bee sting for Panda than a stab wound.

Many will feel sympathy with Panda Security today - all they did was comment on the news reports surrounding Sabu and LulzSec. They didn't deserve to be hacked like this. Thank goodness it wasn't that serious, and the company will be not be damaged long term by this incident.

, , , , , ,

You might like

8 Responses to Panda Security cleans up defaced websites after LulzSec arrest revenge attack

  1. JamJulLison · 778 days ago

    Something I find amusing about this whole hack though is all the grammar and spelling errors they put on the page. It makes me question if it really was anon or not. Just as the reasoning behind this attack doesn't seem like anon. It could easily be some person claiming to be them.

    • shadowulf · 778 days ago

      exactly I believe more that the guy doing the twitter activity being the culprit to draw attention then anon

    • Richard · 778 days ago

      Wait - spelling and grammar errors make you question whether it was really Anonymous?

      Have you actually read any of their previous statements?!

    • Machin Shin · 777 days ago

      You ever stop to think that not all hackers are in the US? Some speak other languages and are not fluent in English. Then there are also those that know that your writing style is an identifier. If you write notes like that on your hacks and you write it like you would your English paper then you might as well sign your real name to the thing.

  2. Thank goodness it wasn't that serious, and the company will be not be damaged long term by this incident.

    That's the funniest part of the article :D
    How more serious it could be when a company like Panda Security is a victim of such an attack?

    • It would have been much more serious if customer data had been stolen, source code had been accessed, security updates had been tampered with... etc etc..

      As it is, it's just a bunch of marketing webpages that have had graffiti scrawled on them.

      • Mo · 777 days ago

        NO servers under a security company's domain name should be compromised, period. They want to sell security to their prospects and to keep their customers confident about the purchased solutions (and to renew their contracts as they expire), they have ought to do better than that.

  3. Aulia · 777 days ago

    Panda vs Lulzsec :D

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.