LG Australia's website hacked
LG's Australian website was hijacked and defaced with an elaborate message over the weekend.
The website, lge.com.au, was down on Saturday morning after it was defaced by a hacker team calling itself "Intra". LG's other website, lg.com.au, doesn't appear to have been affected.
"It seems as though your website has been hacked. How did we get past your security? ....... What security? ;)," read a message on the site before it was pulled down.
The breach has been archived by Zone-H.com, which is a comprehensive database of website takeovers. It sends out a daily alert containing dozens of new compromised websites and it is not uncommon for Australian government and company websites to be included on the list.
"Website defacements occur worldwide many times on a daily basis. Here in Australia we have one significant Australian website defacement probably at least once a week," said Chris Gatford, a private security consultant with Hack Labs.
Gatford said that although website defacements were often limited to simple vandalism, it was difficult to tell whether the vandals had accessed other sensitive information such as passwords, which are commonly re-used for multiple accounts and systems.
"There's all sorts of other gotchas from just a website defacement. While it is embarrassing when you have a website defacement there is perhaps a bigger impact in terms of what information the attacker obtained," he said.
Ty Miller, CTO with security firm Pure Hacking, said the attacker had compromised the web server hosting LG's site. This is usually more serious than another common website defacement method called an SQL Injection, which allows websites to be defaced via exploiting a hole in a web application without the hackers accessing the web server itself.
"It looks like the attacker has compromised the web server itself as the website home page has been replaced completely," said Miller.
"Usually if the web application itself was compromised via Stored Cross Site Scripting or SQL Injection then you would still see the original home page HTML code containing the malicious code."
LG said it was alerted to the hack on Friday morning and immediately suspended the site "until the incident is fully investigated". It said the attack only affected lge.com.au, not lg.com.au, which had replaced the former as the "local primary hosting solution" a number of years ago.
Sydney Morning Herald