A number of 34 sites owned by Panda Security and the one of the Spanish National Cyber-Security Advisory Council (CNCCS), an organization managed by Panda and other IT security leaders, were defaced by AntiSec hackers who wanted to leave a message to Sabu.
The FBI revealed yesterday that Sabu, or Hector Xavier Monsegur, a respected hacker that was an inspiration to many newcomers of the hacking scene, acted as an informant since the summer of 2011.
His aid led to the arrest of many LulzSec and Anonymous hackers, who were considered to be responsible for breaches that targeted companies such as Stratfor, Sony, Fox, PBS and many others.
Once they learned of this incident, hackers that operate under the AntiSec logo wanted to leave a message for the traitor and since there’s no better way to do it than to deface a major website, they gained unauthorized access to the 35 domains, altering them to host their protest.
A Pastebin post shows that domains and subdomains such as cybercrime, cloudofficeprotection, blog.cloudantivirus.com, forgetsecurity.es, wiki.cloudantivirus.com, suporte.pandasecurity.com, and many others, were hacked, some information being leaked from the servers they were hosted on.
“We know…Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too (remember what you liked to say?) It’s sad and we can’t imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police,” the hackers wrote.
The same post reveals that Panda was not a random target. The company is considered to be responsible for helping authorities identify the 25 Anonymous hackers arrested last week.
“They contribute to bring activist to jail. Activists, not even hackers. Common people who are trying desperately to denounce the injustices happening on their countries right now,” they added.
Shortly after the incident, Pedro Bustamante, senior research advisor at Panda Security, came forward with a statement to reassure customers and partners that no sensitive information has been compromised.
“On March 6 th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network. This server was used only for marketing campaigns and to host some of the company’s blogs,” he said.
“Neither the main website www.pandasecurity.com nor www.cloudantivirus.com were affected in the attack. The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed.
“The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years.”