Overnight the battle continued with attacks on PandaLabs’ websites. At the time of writing this report, PandaLabs’ website is unavailable. The main company website for Panda Security is still operating, but the press page is unavailable. Luis Corrons, PandaLabs technical director, told Infosecurity “I can tell you that an external server that hosted some subdomains was attacked – that’s why the main site of Panda has not been defaced. All operations (updates, cloud, etc) are working as usual, as they are not related to this server. We have shut down the attacked server to study how the attack has been performed.”
The message left by Anonymous on the PandaLabs website is unequivocal: “pandasecurity.com... has earning money working with Law Enforcement to lurk and snitch on anonymous activists. they helped to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others.” Associating Panda with the 25 arrests is not surprising since five of the arrests were of Spaniards (Panda is based in Spain). However, the timing of the Anonymous attack seems to be more associated with the FBI’s news that LulzSec leader Sabu has been an FBI informant since last summer. Yesterday the FBI announced that six hackers associated with Anonymous and LulzSec had been charged “with stealing confidential information from approximately 860,000 clients and subscribers of Stratfor”, and that Hector Xavier Monsegur “who also identified himself as a member of Anonymous, Internet Feds, and LulzSec, pled guilty on August 15, 2011...”
The implication is clearly that Sabu has been an FBI informant since at least last August. Indeed, the message left by Anonymous on PandaLabs starts:
YEAH YEAH
WE KNOW...
SABU SNITCHED ON US
AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY
WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)
It is likely that Anonymous has known since the end of last summer that Sabu had been ‘turned’ by the FBI. Firstly, he went quiet for a while and then returned. Anonymous ‘wondered’ where he had been. But there is also and IRC conversation between Sabu and ‘Virus’ posted on Pastebin, dated 16 August 2011. At one point Virus says “regarding topiary, you ratted him out.” Topiary was arrested by the British police in the Shetland Islands in July 2011, and is one of the six hackers charged by the FBI yesterday. Later on, Virus says: “I'm absolutely positive, you already got raided, and are setting your friends up and when they're done draining you for information and arrests they'll sentence you and it'll make nose.”
It is also worth noting that in December Anonymous denied any involvement in the Stratfor hack named in the FBI statement. In an announcement posted to pastebin on Christmas Day, it says: “Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly.”
All of this leaves a very confused picture about what is really going on. The big news at the moment is that Sabu is an FBI informant – but it would appear that Anonymous has known this since the end of last summer. Furthermore, Sabu is more associated with LulzSec than Anonymous itself. LulzSec could have been described as a faction within Anonymous; but while Anonymous leans more towards hacking for political purposes, LulzSec hacked for fun. One thing is certain, as Trend Micro’s Rik Ferguson said yesterday, “Anonymous is a very different organisation to LulzSec... LulzSec may be finished, but it would be premature to say the same about Anonymous.”