Anonymous Targets Panda Labs Following Lulzsec Arrests
March 8, 2012

Anonymous Targets Panda Labs Following Lulzsec Arrests

A website belonging to antivirus software and Internet security firm Panda Security was targeted by members of the hacking collective Anonymous Tuesday in what various media outlets are calling retaliation for the arrest of five members of the Lulzsec group earlier this week.

According to BBC News reports Wednesday, the hackers identified themselves as members of AntiSec, a collaborative cybercrime effort involving members of both Lulzsec and Anonymous, targeted "the website of Panda Labs' anti-malware products."

The British news organization said that the hackers replaced the front page of the website with a message saying "Love to Lulzsec/Antisec fallen friends." Panda Labs was said to be targeted by the group because Anonymous believes that they helped law enforcement officials arrest hackers in February.

" has earned money working with law enforcement to lurk and snitch on Anonymous activists," the hackers said, according to the British news agency. "They helped to jail 25 Anonymous in different countries and they were actively participating in our IRC channels trying to dox [obtain personal information about] many others."

The company has denied those accusations, according to the BBC. tech reporter Suzanne Choney said that the hackers also posted what they claimed were the usernames and passwords belonging to over 100 employees of the Spanish spyware, antivirus, and security outfit. Graham Cluley of Sophos' Naked Security blog added that they also posted a YouTube video featuring Anonymous and LulzSec activity from throughout last year.

Panda Security confirmed the attack on their official Facebook page, but said that the hackers had only "obtained access to a Panda Security webserver hosted outside of the Panda Security internal network. This server was used only for marketing campaigns and to host some of the company´s blogs."

They said that neither their main website nor the websites were affected by the attack. They said that no customer or partner data had been compromised, and noted that the hackers "did not breach Panda Security´s internal network and neither source code, update servers nor customer data was accessed."

"The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years," they continued, noting that they would continue to investigate the incident and would provide more details "as soon as they become available."

A message posted during the attack also mentioned Hector Xavier Monsegur, the former LulzSec leader who played an instrumental role in the March 6 arrests, said Jeffrey Burt of Monsegur, who Burt says was known as "Sabu" when he was a member of the hacking team, "snitched" on AntiSec, the message posted by those responsible for the attack allegedly said.

They also challenged the FBI to "come at us“¦ we are waiting for you," Burt said.

As previously reported here on redOrbit, information provided by Monsegur led to a coordinated, international sting operation targeting cybercriminals in the US, England, and Ireland as part of a conspiracy case that has been filed in a New York-based federal courtroom.

Jana Winters of, who broke the story on Tuesday, said that Monsegur had been providing information to the FBI regarding the that activities and whereabouts of Lulzsec members for at least three months. However, Winters notes the exact terms and conditions of his cooperation with the FBI has not yet been revealed.

Monsegur´s cooperation led to the arrest of London-based hackers Ryan Ackroyd (alias “Kayla and Jake Davis (alias “Topiary”) as well as Darren Martyn (alias “pwnsauce”) and Donncha O´Cearrbhail (alias “palladium”) of Ireland, and Jeremy Hammond (alias “Anarchaos”) of Chicago, Illinois.

Cluely believes that PandaLabs was targeted due to a blog post written Tuesday by Technical Director Luis Corrons. That post, which was currently offline as of Cluely's report on Wednesday, "welcomed the action against Sabu and other alleged LulzSec hacktivists."

The Sophos' senior technology consultant said that he had "no doubt" that the company would be taking greater care in protecting its marketing and blog websites would be "better protected" in the future. He also pointed out that the defacement was "not serious" and that none of the company's customers were harmed as a result of the attack.

"It's more of a bee sting for Panda than a stab wound," he added. "Many will feel sympathy with Panda Security today -- all they did was comment on the news reports surrounding Sabu and LulzSec. They didn't deserve to be hacked like this. Thank goodness it wasn't that serious, and the company will be not be damaged long term by this incident."


On the Net: