Security firm Chubb Australia, had its website defaced over the weekend, but it was all part of its security strategy,according to the company.
The company's website was splashed with the phrase "Owned by L4m4. Chubb time to review your online security! L4m4".
Defacement archive alldas.de - which keeps an archive of web defacements that they are notified of - is now hosting amirror of the hack.
Aldo Travia, data centre manager for Chubb, said the company wasn't perturbed by the breach, and that the defacementwas the desired result of security testing Chubb was undertaking.
"It's actually a honeypot that we put out there recently just to sus out whether we'd get hit or not," he said, addingthat the company was actually "chuffed" about the attack.
When asked about what strategies the company would employ to prevent future defacements, Travia said, "We're not goingto put anything in place, it's exactly what we wanted to happen".
Travia said the www.chubb.com.au site is "just a test site" that is not visited by customers.
However, security specialist Skeeve Stevens said that it was unlikely that Chubb would be using its main website as ahoneypot, and argues that the site is more than just a test site.
"Of course clients would use www.chubb.com.au as their main gateway to the company's public internet information," hesaid. "The currently restored www.chubb.com.au is obviously the main customer site - to say it was a honeypot is Chubbtrying to hide the fact that they dropped the ball".
Peter Gasparovic, group IT manager of Chubb, was unable to disclose why the chubb.com.au site was used as a honeypot,in fear of compromising Chubb's security strategy.