Anonymous hacks Panda Security in response to LulzSec arrests
The hacktivist group Anonymous has attacked security firm Panda Security shortly after authorities today arrested five men part of Lulz Security (LulzSec), another hacktivist group loosely associated with the former. 28-year-old Hector Xavier Monsegur (Sabu), the leader of LulzSec, allegedly informed U.S. law enforcement of his fellow comrades' names: Ryan Ackroyd (Kayla), Jake Davis (Topiary), Darren Martyn (pwnsauce), Donncha O'Cearrbhail (palladium), and Jeremy Hammond (Anarchaos).
Now, Anonymous has stolen the account credentials (e-mail address and passwords) of 114 employees working at Panda Security, and posted them online for everyone to see. Internal server details were also revealed. Lastly, they defaced more than two dozen subdomains within "pandasecurity.com" and other several domains owned by the security firm by modifying them to show a video recounting some of LulzSec's hacking highlights from last year. The video is embedded above.
Here is what Anonymous posted in response to today's events (AntiSec refers to both Anonymous and LulzSec working together):
#ANTISEC IS BACK ONCE AGAIN KNOCKING SNITCHES DOORS CAUSE TRAISON IS SOMETHING WE DONT FORGIVE
YEAH YEAH WE KNOW... SABU SNITCHED ON US AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)
IT'S SAD AND WE CANT IMAGINE HOW IT FEELS HAVING TO LOOK AT THE MIRROR EACH MORNING AND SEE THERE THE GUY WHO SHOPPED THEIR FRIENDS TO POLICE. ANYWAY...
LOVE TO LULZSEC / ANTISEC FALLEN FRIENDS THOSE WHO TRULY BELIEVED WE COULD MAKE A DIFFERENCE LOVE TO THOSE BUSTED ANONS, FRIENDS WHO ARE FIGHTING FOR THEIR OWN FREEDOM NOW LOVE TO THOSE WHO FIGHTED FOR THEIR FREEDOM IN TUNISIA, EGYPT, LIBYA SYRIA, BAHRAIN, YEMEN, IRAN, ETC AND ETC AND ETC LOVE TO THOSE WHO FIGHTED FOR FREEDOM OF SPEECH, FOR A REAL DEMOCRACY, FOR A GOVT FREE OF CORRUPTION, FOR A FREE WORLD WHERE WE ARE ABLE TO SHARE OUR KNOWLEDGE FREELY
LOVE TO THOSE WHO FIGHT FOR SOMETHING THEY BELIEVE IN
WE ARE ANTISEC WE LL FIGHT TILL THE END
TO FBI AND OTHER SHITS COME AT US BROS WE ARE WAITING FOR YOU
Visit the Sexy AntiSec Embassy: [Tor] http://ibhg35kgdvnb7jvw.onion/ Follow the Antisec Crew: https://twitter.com/AnonymousIRC Chat: irc.anonops.li #antisec
Here is what AnonymousIRC posted on Twitter in regards to the attack:
http://pandalabs.pandasecurity.com OWNED HARD by #AntiSec - Reason:Snitching on Anons for Money #Anonymous #OWS #AntiVirusBackdoored #ROOTED http://cybercrime.pandasecurity.com OWNED HARD by #AntiSec - Reason:Snitching on Anons for Money #Anonymous #OWS #AntiVirusBackdoored #ROOTED http://cloudprotection.pandasecurity.com OWNED HARD by #AntiSec - Reason:Snitching on Anons for Money #Anonymous #OWS #AntiVirusBackdoored #ROOTED Ohai Pandalabs and FBI. Whose head was cut off? We forgot. http://pandalabs.pandasecurity.com/ #AntiSec #Anonymous Expect us. ALL YOUR BASE ARE BELONG TO US #Anonymous #AntiSec #LulzSec For the history books: https://pastebin.com/LM9vdNWy | FBI, you think now you don't need to expect us anymore? You've angered some retired pirates. http://pandalabs.pandasecurity.com oh shit. they're still locked out from their own servers... #Anonymous #LulzSec #OWS #IfUAskForLulzLulzWillFindU #LulzSec advices Panda AntiVirus users to get rid of it. Reason:injected shellcode #Anonymous #AntiSec #OWS #FrontalCockCrash PandaSecurity:'Where is the lulz now?' #LulzSec:'here http://cybercrime.pandasecurity.com/ ' #Anonymous #BrutalButtRaeping #OWS #AntiSec
Here are all the URLs that were hacked:
cybercrime.pandasecurity.com antivirus-offers.pandasecurity.com blog.cloudantivirus.com cloudofficeprotection.pandasecurity.com cloud.pandasecurity.com cloudpartnercenter.pandasecurity.com cloudprotectionbeta.pandasecurity.com.tar.gz cloudprotection.pandasecurity.com facebookfriends.pandasecurity.com forgetsecurity.co.uk forgetsecurity.co.za forgetsecurity.es go.pandasecurity.com info.pandasecurity.com information.pandasecurity.com lavuelta.pandasecurity.com maintenance.pandasecurity.com momentos.pandasecurity.com ondersteuning.pandasecurity.com pandacompetition.pandasecurity.com pandalabs.pandasecurity.com prensa.pandasecurity.com press.pandasecurity.com promo.pandasecurity.com protectyourfamily.pandasecurity.com research.pandasecurity.com securitytothecloud.pandasecurity.com serviciospro.pandasecurity.com servicos.pandasecurity.com suporte.pandasecurity.com techcenter.pandasecurity.com uninstall.cloudantivirus.com wiki.cloudantivirus.com www.cnccs.es www.forgetsecurity.de www.forgetsecurity.se
Luis Corrons, PandaLabs Technical Director, was singled out by the hackers for praising the arrests in a blog post earlier today. It was titled "Where is the lulz now?" Anonymous included links to his personal blog, his Facebook profile, his Twitter profile, and his Google+ profile.
Here is what Anonymous wrote:
hello friends! pandasecurity.com, better known for its shitty ANTIVIRUS WE HAVE BACKDOORED, has earning money working with Law Enforcement to lurk and snitch on anonymous activists. they helped to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others. Aside how clueless they are and how disgusting they look sucking police tiny dicks and even how much fun we got when they are trying to sell IT security services xD that only helps to endanger people even more; they contribute to bring activist to jail. activists, not even hackers. common people who are trying desperately to denounce the injustices happening on their countries right now. we should just say:
yep we know about you. how does it feels being the spied one? eat cock now.
Where is the lulz now?
Really good news. I have just read that LulzSec members have been arrested and that their main head Sabu has been working as an informant for the FBI. It turns out he was arrested last year, and since then he has been working with Law Enforcement.
As I said, really good news :)
Will this mean the end of Anonymous? No. It will mean the end of LulzSec, but Anonymous existed before LulzSec and will continue existing. However we probably won’t see any more hacks as the ones LulzSec had been perpetrating, and Anonymous will only use their known childish tactic of DDoS using their LOIC tool.
Posted on 03/6/12 by Luis Corrons
LOL HE ASKED FOR THE LULZ!!!!
HERE IT IS THE LULZ
"Another problem is that sometimes if you want to infiltrate and you have to be one of the criminals, you have to do things that you shouldn’t. In that case, you need to be with law enforcement. We have to find ways to cooperate even better with law enforcement." says Luis Corrons, research director of PandaLabs.
In short, Anonymous is accusing Panda Security of aiding law enforcement. Corrons denies the claims. Here is what he said on Twitter:
This is going to be a funny night #lulztojail :) We have our team taking a look into the defacement right now. And investigations to catch criminals are always fun ;) this has just happend a few minutes ago, so we are still investigating, it will take some time. all the allegations they make are fake, no surprise at all on that :) Even though we have not helped LE to bring to jail any lulzsec member, I would have loved to be involved in that.
Panda Security has followed up with an official statement on Facebook:
On March 6th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network. This server was used only for marketing campaigns and to host some of the company’s blogs. Neither the main website www.pandasecurity.com nor www.cloudantivirus.com were affected in the attack. The attack did not breach Panda Security's internal network and neither source code, update servers nor customer data was accessed. The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years.
We continue investigating the cause of the intrusion and will provide more details as soon as they become available. Meanwhile we assure all our customers and partners that none of their information has been compromised and that our products and services continue functioning as normal.
You can read everything Anonymous wrote for yourself over on Pastebin.
See also: