Panda Security’s blog and several other sub-domains were defaced Tuesday evening by supporters of the AntiSec movement. In addition to the defacement, AntiSec also claimed that Panda’s anti-Virus offerings were compromised. Moreover, the statement left behind after the attack claimed that Panda was actively helping law enforcement capture associates of Anonymous.
The message left behind after the AntiSec attack alleged that Panda “...has earning money working with Law Enforcement to lurk and snitch on anonymous activists (sic).”
According to AntiSec’s claims, Panda has helped put 25 people behind bars for their involvement in various operations championed by Anonymous, in addition to lurking on their public IRC space in an attempt to identify various chat participants.
Panda was attacked shortly after a blog post titled “Where is the lulz now?” appeared on the site. Written by Panda’s Technical Director, Luis Corrons, the post reported the news of the FBI’s moves against LulzSec, and the status of its leader Sabu.
“I have just read that LulzSec members have been arrested and that their main head Sabu has been working as an informant for the FBI. It turns out he was arrested last year, and since then he has been working with Law Enforcement. As I said, really good news :),” Corrons wrote before the blog was attacked.
“Will this mean the end of Anonymous? No. It will mean the end of LulzSec, but Anonymous existed before LulzSec and will continue existing. However we probably won’t see any more hacks as the ones LulzSec had been perpetrating, and Anonymous will only use their known childish tactic of DDoS using their LOIC tool.”
In addition to the claims against Panda, the AntiSec defacement noted, “he asked for the lulz...,” and included details related to LogMeIn accounts, the contents of the server’s Shadow file, and dozens of email addresses and passwords.
On top of all of this, the AntiSec message claimed that Panda’s anti-Virus products were being shipped with a backdoor.
Within minutes of the attack becoming public, Corrons noted on Twitter that it would be a funny night. Asked for comment and why it would be a funny night, he told us that the allegations against the company were false, and that, “we have our team taking a look into the defacement right now. And investigations to catch criminals are always fun.”
“Even though we have not helped LE to bring to jail any LulzSec member, I would have loved to be involved in that,” he added.
In all, more than 30 sub-domains were active on Panda’s server at the time it was attacked. Each of them contained the same defacement notice left behind by AntiSec. The main domain, pandasecurity.com was not included in AntiSec’s raid.
At the time this story was published, aside from the main domain, Panda’s sub-domains were still defaced.
It is worth noting that this isn’t the first time Panda has come under fire for writing about Anonymous or those supporting them. In 2010, during Operation Payback, the Panda Labs blog was hit by a DDoS attack for actively reporting on the operation.