Security compromised at security companies -- during Cyber Security Month

Now who do you trust?

To celebrate the beginning of National Cyber Security Month, hackers have turned up the heat on the security companies themselves.

On Tuesday morning, hackers briefly compromised the website of AVG, the maker of one of the world’s most popular free anti-virus products, as well as fellow software firm Avira. Meanwhile, the servers of popular secure-networking company PureVPN were pilfered by pirates last week -- leaving digital egg on the faces of all firms involved.


"There is no full security” was the message greeting visitors to the website Tuesday morning, accompanied by a Palestinian national anthem and an anti-Israel screed by a group calling itself KDMS. “We can catch you!”

More On This...

The anti-virus companies AVG and Avira themselves weren’t hacked, but rather the underlying DNS system that directs Internet traffic, as though the Internet phone number for the website were changed in a giant digital phonebook. It's nonetheless embarrassing, wrote security expert Graham Cluley.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers,” Cluley noted on his blog. No customer information or sensitive data appeared to have been compromised, he added.

Not so in an unrelated affront to National Cyber Security Month, which kicked off Oct. 1 on a the Department of Homeland Security's website, despite the lapse in federal funding.

In that incident, virtual networking provider PureVPN was the object of a hack assault that compromised customer databases. On Oct. 5, customers received what turned out to be a fake email sent by the company warning of “legal issues” PureVPN was facing.

Between Sunday and Monday the company issued several advisories, first saying nothing had happened before ultimately admitting that email IDs and the names of registered users had been compromised.

“In [the] wake of the hack attempt we have been continuously testing our systems for any further possible security lapses,” reads an email sent to customers and posted to the company’s website. “The user database breach that occurred yesterday ... has been identified as an isolated breach that compromised Email IDs and names of a subset of our registered users.”

PureVPN blamed the hack on third-party software running on its website.

Regardless, it's an inauspicious start to Cyber Security Month.