Sophos Cloud Optix
With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight.
The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees.
Part of the message read:
YEAH YEAH
WE KNOW...
SABU SNITCHED ON US
AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY
WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)IT'S SAD AND WE CANT IMAGINE HOW IT FEELS HAVING TO LOOK AT THE MIRROR EACH MORNING
AND SEE THERE THE GUY WHO SHOPPED THEIR FRIENDS TO POLICE.
ANYWAY...LOVE TO LULZSEC / ANTISEC FALLEN FRIENDS
THOSE WHO TRULY BELIEVED WE COULD MAKE A DIFFERENCE
LOVE TO THOSE BUSTED ANONS, FRIENDS WHO ARE FIGHTING FOR THEIR OWN FREEDOM NOW
LOVE TO THOSE WHO FIGHTED FOR THEIR FREEDOM IN TUNISIA, EGYPT, LIBYA
SYRIA, BAHRAIN, YEMEN, IRAN, ETC AND ETC AND ETC
LOVE TO THOSE WHO FIGHTED FOR FREEDOM OF SPEECH, FOR A REAL DEMOCRACY,
FOR A GOVT FREE OF CORRUPTION,
FOR A FREE WORLD WHERE WE ARE ABLE TO SHARE OUR KNOWLEDGE FREELYLOVE TO THOSE WHO FIGHT FOR SOMETHING THEY BELIEVE IN
WE ARE ANTISEC
WE LL FIGHT TILL THE END
The message went on to claim that Panda Security had assisted the authorities in identifying LulzSec hackers, and that the hacking group had planted backdoors into Panda’s anti-virus software.
The hackers appeared to single out yesterday’s blog post (currently offline) by Luis Corrons, technical director at PandaLabs, who asked “Where is the lulz now?” which welcomed the action against Sabu and other alleged LulzSec hacktivists.
As Luis pointed out on Twitter, clearly whoever defaced the Panda Security websites has something of a problem with free speech:
Lads defending freedom of speech until they don't like what you say #sadlulz
— Luis Corrons (@Luis_Corrons) March 7, 2012
Luis confirmed to me that there is no truth in the hackers’ claim that their security software has been compromised with backdoors.
Furthermore, an official statement on Panda’s Facebook page, makes clear that the compromised web server – that was used for marketing campaigns and blogs – was outside Panda’s internal network, and that no customer data was accessed, and that source code and update servers were not compromised.
That’s good news.
The statement goes on to say that the login credentials posted by the hackers are obsolete.
It appears that the affected websites have now been taken offline, presumably temporarily, while Panda Security fixes any outstanding issues.
At least the Luis Corrons has kept his sense of humour, as the following tweet proves:
No, it is not true I selfdefaced the blog to promote my Twitter account #reallulz 🙂
— Luis Corrons (@Luis_Corrons) March 7, 2012
I suspect few companies would be brave enough (crazy enough?) to say that they are 100% invulnerable to hackers throughout their organisation – and whenever you have external websites used by your marketing departments there is the risk that they may not be as well secured as your business critical systems at the heart of your organisation.
I have no doubt that Panda Security will be putting in place tighter guidelines to ensure that its marketing and blog activities are better protected in future. Fortunately, the defacement was not serious and no customers were adversely affected. It’s more of a bee sting for Panda than a stab wound.
Many will feel sympathy with Panda Security today – all they did was comment on the news reports surrounding Sabu and LulzSec. They didn’t deserve to be hacked like this. Thank goodness it wasn’t that serious, and the company will be not be damaged long term by this incident.
Something I find amusing about this whole hack though is all the grammar and spelling errors they put on the page. It makes me question if it really was anon or not. Just as the reasoning behind this attack doesn't seem like anon. It could easily be some person claiming to be them.
exactly I believe more that the guy doing the twitter activity being the culprit to draw attention then anon
Wait – spelling and grammar errors make you question whether it was really Anonymous?
Have you actually read any of their previous statements?!
You ever stop to think that not all hackers are in the US? Some speak other languages and are not fluent in English. Then there are also those that know that your writing style is an identifier. If you write notes like that on your hacks and you write it like you would your English paper then you might as well sign your real name to the thing.
That's the funniest part of the article 😀
How more serious it could be when a company like Panda Security is a victim of such an attack?
It would have been much more serious if customer data had been stolen, source code had been accessed, security updates had been tampered with… etc etc..
As it is, it's just a bunch of marketing webpages that have had graffiti scrawled on them.
NO servers under a security company’s domain name should be compromised, period. They want to sell security to their prospects and to keep their customers confident about the purchased solutions (and to renew their contracts as they expire), they have ought to do better than that.
Panda vs Lulzsec 😀