LG hacked - website defaced to show simulated intrusion

          One of the Australian websites belonging to global electronics giant LG has been hacked by a collective calling itself the Intra Web Security Exploit Team. According to Asher Moses of the Sydney Morning Herald, the site, lge dot com dot au, was pwned over the weekend, and was still in embarrassing post-hack distress this morning:
The attackers replaced the site with some lightly-obfuscated JavaScript. The script pretends to be conducting an injection attack as you watch, whilst an expletive-laden track by nerdcore hacker-rapper BeWiz plays in the background.

(The BeWiz track is called TwistedWanted. I'm not sure if that's a reference to Twisted Matrix, the event-driven networking engine written in Python, to UK indie music company Twisted Music, or something else. Listening to BeWiz's whole track was a mission I was unwilling to accept.)

When the simulated attack is complete, the attackers announce, perhaps not without some justification:

It seems as though your website has been hacked.

How did we get past your security?

What security? ;)

          The LGE site was taken off the air mid-afternoon Sydney time:

It's back now, redirecting to an apparently-unsullied www.lg.com/au. Don't end up in this sort of situation. Being defaced is bad enough, but at least you can see what's gone wrong and take action to fix it. Most cybercrooks don't seek publicity by advertising your insecurity. They take what they can get and deliberately avoid drawing attention to themselves. You might become aware of their intrusion only after your customers' personal information has been sold on underground forums and used to commit fraud or identity theft.

Posted in: Hacking news