SophosLabs/NakedSecurity: With alleged Anonymous hackers belonging to the LulzSec group arrested and charged yesterday, and the startling relevation that prominent hacker Sabu had been working undercover for the FBI for months, hacktivists defaced a number of websites belonging to anti-virus firm Panda Security overnight.
The hackers changed two dozen pandasecurity.com subdomains to include a YouTube video, showing a pot pourri of Anonymous/LulzSec activity during 2011, and posted what appeared to be the username and password details of over 100 Panda employees.
Part of the message read:
SABU SNITCHED ON US
AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY
WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)
IT'S SAD AND WE CANT IMAGINE HOW IT FEELS HAVING TO LOOK AT THE MIRROR EACH MORNING
AND SEE THERE THE GUY WHO SHOPPED THEIR FRIENDS TO POLICE.
LOVE TO LULZSEC / ANTISEC FALLEN FRIENDS
THOSE WHO TRULY BELIEVED WE COULD MAKE A DIFFERENCE
LOVE TO THOSE BUSTED ANONS, FRIENDS WHO ARE FIGHTING FOR THEIR OWN FREEDOM NOW
LOVE TO THOSE WHO FIGHTED FOR THEIR FREEDOM IN TUNISIA, EGYPT, LIBYA
SYRIA, BAHRAIN, YEMEN, IRAN, ETC AND ETC AND ETC
LOVE TO THOSE WHO FIGHTED FOR FREEDOM OF SPEECH, FOR A REAL DEMOCRACY,
FOR A GOVT FREE OF CORRUPTION,
FOR A FREE WORLD WHERE WE ARE ABLE TO SHARE OUR KNOWLEDGE FREELY
LOVE TO THOSE WHO FIGHT FOR SOMETHING THEY BELIEVE IN
WE ARE ANTISEC
WE LL FIGHT TILL THE END
The message went on to claim that Panda Security had assisted the authorities in identifying LulzSec hackers, and that the hacking group had planted backdoors into Panda’s anti-virus software.
The hackers appeared to single out yesterday’s blog post (currently offline) by Luis Corrons, technical director at PandaLabs, who asked “Where is the lulz now?” which welcomed the action against Sabu and other alleged LulzSec hacktivists.
As Luis pointed out on Twitter, clearly whoever defaced the Panda Security websites has something of a problem with free speech:
Luis confirmed to me that there is no truth in the hackers’ claim that their security software has been compromised with backdoors.
Furthermore, an official statement on Panda’s Facebook page, makes clear that the compromised web server – that was used for marketing campaigns and blogs – was outside Panda’s internal network, and that no customer data was accessed, and that source code and update servers were not compromised.
That’s good news.
The statement goes on to say that the login credentials posted by the hackers are obsolete.
It appears that the affected websites have now been taken offline, presumably temporarily, while Panda Security fixes any outstanding issues.
At least the Luis Corrons has kept his sense of humor, as the following tweet proves:
I suspect few companies would be brave enough (crazy enough?) to say that they are 100% invulnerable to hackers throughout their organization – and whenever you have external websites used by your marketing departments there is the risk that they may not be as well secured as your business critical systems at the heart of your organization.
I have no doubt that Panda Security will be putting in place tighter guidelines to ensure that its marketing and blog activities are better protected in future. Fortunately, the defacement was not serious and no customers were adversely affected. It’s more of a bee sting for Panda than a stab wound.
Many will feel sympathy with Panda Security today – all they did was comment on the news reports surrounding Sabu and LulzSec. They didn’t deserve to be hacked like this. Thank goodness it wasn’t that serious, and the company will be not be damaged long term by this incident.