It’s always sad, and more than a little embarrassing, when a security site gets owned. But that’s what happened to PandaLabs yesterday evening. AntiSec hit back in retaliation, it said, for PandaLabs’ involvement in the arrest of 25 Anonymous members reported on 28 February. The timing, and indeed the opening statement on AntiSec’s defacement, suggests that it had just as much to do with the FBI yesterday charging six LulzSec hackers, including Sabu (so-called leader of LulzSec) over the Stratfor hack. Sabu had been arrested last summer, but it was never officially announced. Yesterday it became clear that he ‘pled guilty’ at the time – which pretty much confirms that he has been acting as an informant for the FBI ever since.
Reports suggested that he turned President’s Evidence to minimize any
prison term away from his family – and any parent will recognize the
pressure. AntiSec’s opening statement on the PandaLabs’ defacement
accuses PandaLabs of ‘traison’ – “something we don’t forgive”. But then
it immediately goes on to say, “Yeah, yeah, we know… Sabu snitched on
us. As usually happens FBI menaced him to take his sons away. We
understand, but we were your family too (remember what you liked to
So in one sense PandaLabs was chosen to make a statement to the
world: “We’re still here – expect us.”
However, AntiSec specifically accuses PandaLabs of helping “to jail
25 anonymous in different countries and they were actively participating
in our IRC channels trying to dox many others.” At the time, because
five of the 25 were arrested in Spain, I specifically asked Panda if it
had been involved. “This time, we were not involved on this case,” came a
very clear reply. I had earlier talked to Panda about its involvement
in the takedown of the Mariposa botnet. “We co-operate with the Spanish
police and some other institution on a regular basis,” he added, “but we
were not informed about it.”
AntiSec also makes it clear that it takes exception to PandaLabs’
technical director, Luis Corrons. It’s personal. He is quoted: “Really
good news. I have just read that LulzSec members have been arrested and
that their main head Sabu has been working as an informant for the FBI.
It turns out he was arrested last year, and since then he has been
working with Law Enforcement. As I said, really good news ” He is also quoted as saying “sometimes if
you want to infiltrate and you have to be one of the criminals, you
have to do things that you shouldn’t. In that case, you need to be with
law enforcement.” To be frank, neither of these statements sound like
the Luis Corrons I know – but time will unravel all.
Perhaps more worryingly, AntiSec also claims to have back-doored
Panda’s security products. Again, Panda is categoric: “Neither the main
website www.pandasecurity.com nor www.cloudantivirus.com were affected
in the attack. The attack did not breach Panda Security’s internal
network and neither source code, update servers nor customer data was
accessed. The only information accessed was related to marketing
campaigns such as landing pages and some obsolete credentials, including
supposed credentials for employees that have not been working at Panda
for over five years.”
The difficult thing, however, is to see the wider picture and to
determine what is really going on. Remember Luis comment: “you have to
do things that you shouldn’t.” Well, law enforcement has certainly been
doing that in recent years. There’s the German police spyware, and the
FBI’s very own CIPAV – and God know’s what that we haven’t heard about.
So let’s look at the last week. Twenty-five Anonymous arrests rapidly
followed by the disclosure that the Anonymous free DDoS tool (slowloris)
had been poisoned with the, frankly, most well-known and feared malware
of the day – Zeus – closely followed by charges against the main
figures in LulzSec. That reads like a campaign organized by a marketing
company to discredit Anonymous and sow seeds of distrust.
Read the DDoS-hacked announcement from Symantec here.
Make up your own mind, but to me it simply doesn’t hang together
properly. I’ve got a question mark there. Did the FBI poison slowloris?
Now go back the Stratfor hack (late December 2011). It happened after
Sabu became an informant, yet he is charged over it. Anonymous very
clearly denied any involvement, stating “Sabu and his crew are nothing
more than opportunistic attention whores who are possibly agent
provocateurs.” And yes, Anonymous knew that Sabu had been turned by the
FBI. But the wider and more worrying question is this: if Sabu was
already working for the FBI when LulzSec hacked Stratfor, does that mean
that Stratfor was sacrificed by the FBI on the altar of misinformation?
As Luis is quoted: “you have to do things that you shouldn’t.” But if
this is true, it’s going too far.