update One of the Defence Materiel Organisation's (DMO) websites has been compromised by hackers, while Panasonic Australia has taken its website down after one of its subdomains was also hacked and then defaced.
A hacker was able to compromise the DMO's site that promotes its Defence and Industry conference, with the website still showing signs of the attack on Thursday morning.
The hacker had managed to upload their own content to the web server, as well as several subdomains, but didn't make any changes to the front-facing site itself. Instead, they just left a calling card in a text file that read "Owend By HaCker-1420". This was removed shortly after ZDNet Australia alerted the Department of Defence (DoD) of the incident.
DoD said that the incident occurred just three hours before the organisation had been notified by ZDNet Australia of the breach, and the intrusion had not affected "any departmental or department-managed systems". Furthermore, the website is externally hosted, and contains only public information.
The site's external site administrator has begun an investigation into the matter, and is further reviewing security for the website.
The act of leaving behind a calling card is not new, as there have been several government websites falling victim to hackers who simply wanted to let others know they has gained access to the web server, without attracting undue attention to themselves. In many cases, this had led to sites remaining vulnerable for months on end, since the signs of a compromise were not as obvious.
However, in Panasonic Australia's case, hacking group 4Nokta was less subtle and had completely defaced one of the technology giant's sites. The company's blog had been replaced with a defacement page that contained messages from the four members of the Turkish hacking group.
Panasonic's blog last night
(Credit: Screenshot by Michael Lee/ZDNet Australia)
The company's website and subdomains were later replaced with a static page that read that its "website is down for maintenance", indicating that Panasonic was aware of the issue. At the time of writing, it redirected to Panasonic.net.
Panasonic told ZDNet Australia that the defacement was only visible for about two to four hours and that, although the main Panasonic Australia website was unaffected, it chose to take down the entire local site as a precautionary measure.
The company does not yet know how the attackers gained access to its systems, but it has brought in specialists to restore its site and conduct a further investigation of the breach. It pointed out, however, that the blog is completely separate to its other systems.
"We don't host any transactional or customer information on this subdomain. Information contained on blog posts, web pages and other site information can all be easily restored," Panasonic said in a statement.
Although Panasonic already conducts periodic stress testing of its systems, including the main Panasonic.com.au website, it admitted that it hadn't managed to catch the incident in time. Nevertheless, the company said it had learned from its mistake and, with the advice of the specialists it has brought on, hopes it will be better prepared in the future. It is also accelerating its online structural overhaul, which the company was already in the process of implementing.
Panasonic expects to have the local site properly operating again sometime today, although the timing of this will depend on how long the investigation will take to complete. In the meantime, users will continue to be directed to the Panasonic.net website; users can also contact the company through Twitter, Facebook or its customer call centre.
Updated at 3.28pm, 8 June 2012: added comment from DoD.