Cybersecurity firm HBGary hacked by anonymous

[Cadsuane]

A company that is helping the federal government track down cyberactivists who have been attacking business which refused to support Wikileaks has itself been hacked by the very same activists.

At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month, authorities in the U.K. and the U.S. moved against at least 45 suspected Anonymous activists. Then, on Saturday, the Financial Times ran a story quoting Aaron Barr, the head of security services firm HBGary Federal, saying he had uncovered the identities of Anonymous’ leaders using social networking sites. Barr said he planned to release his findings at a security conference in San Francisco next week.

Anonymous responded by hacking into HBGary’s networks and posting archives of company executive emails on file-trading networks. The group also hacked the firm’s Web site and replaced it with a message saying it was releasing Barr’s findings on its own because the group was confident Barr’s conclusions were wrong.

“We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks,” the statement reads. “The personal details of Anonymous ‘members’ you think you’ve acquired are, quite simply, nonsense. So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free.”

I tuned into this conflict late Sunday evening, after HBGary President Penny Leavy had waded into Anonymous’ public chat channel in an attempt to reason with the group. Earlier in the evening, Anonymous sympathizers hijacked several Twitter accounts belonging to HBGary employees, and used them to post offensive comments and personal information about the account holders.

The topic of the IRC channel Leavy joined said it all: “Mission: Aaron Bratt FIRED. His salary donated to Bradley Manning Defense Fund. Simple.” Leavy said the group was planning to publish online the entire email archive belonging to Greg Hoglund, the security researcher in California who co-founded HBGary, which is part owner of HBGary Federal.

A snippet from that conversation:

“[20:06:12] <+Penny> Guys, I can’t fire someone that owns a portion of the company What i can promise is we will have a meeting to discuss next steps”

In a phone interview late Sunday evening, Hoglund said that unlike the more traditional Web-site attacking activities of Anonymous, the hackers who infiltrated HBGary’s system showed real skills, even social engineering a network administrator into giving them complete control over rootkit.com, a security research site Hoglund has long maintained.

“They broke into one of HBGary’s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal,” Hoglund said. “They used that to get the credentials for Aaron, who happened to be an administrator on our email system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.”

Hoglund said Anonymous had crossed a line, and that posting the company’s email online would expose internal, proprietary data that would likely cost HBGary millions of dollars. He added that Anonymous activists should be able to see — if they read the email they’ve stolen — that HBGary ultimately decided not to publicly name any of the members it had identified.

“Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent,” Hoglund said. “They didn’t just pick on any company, but we try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on.”

http://krebsonsecurity.com/2011/02/h...-by-anonymous/

WLCentral kneejerk commentary:

HBGary Federal, provider of classified cybersecurity services to the Department of Defense, Intelligence Community and other US government agencies, has opted over the past months to go to war with the group of WikiLeaks supporters known as Anonymous. The Tech Herald reported today on HBGary Federal and two other data intelligence firms “strategic plan” for an attack against WikiLeaks.

The company is considered to be “a leading provider of best-in-class threat intelligence solutions for government agencies and Fortune 500 organizations.” It provides "enhanced threat intelligence" so "the federal government can better protect our national cyber infrastructure."

Almost a year ago, the company received an extension to their contract with the US Department of Homeland Security to “conduct a series of hands-on memory forensics and malware analysis training events with local, state, and federal law enforcement officials around the country.”

Isn’t it great that a company contracted by the government to help out with cybersecurity initiatives for the United States is wasting company time and resources and possibly even taxpayer money going after individuals who support WikiLeaks and spend lots of time in a chat room talking about what they can do to defend freedom of expression? Isn’t it great that the CEO of this cybersecurity service company is targeting a group that poses no threat to the government infrastructures it is supposed to be protecting from real cyber criminals?

Along with Palantir Technologies and Berico Technologies, which both have worked to help the government in some capacity, HBGary developed a proposal called “The WikiLeaks Threat.” They requested that the law firm Hunton and Williams meet with Bank of America. The law firm held a meeting on December 3. They all began to conspire against WikiLeaks. According to Tech Herald, Hunton and Williams would “act as outside council on retainer,” Palantir would “take care of network and insider threat investigations” and Berico Technologies and HBGary would “analyze WikiLeaks” to see if t hey could find out if “WikiLeaks was hosting data in certain countries and make prosecution easier.”

CEO Aaron Barr also led an infiltration into Anonymous, hoping to unearth identification information that could unveil who these people are that are operating in support of WikiLeaks.

HBGary and Palantir are partners. Palantir Technologies has been sought by the CIA, DHS and FBI to help government analysts “integrate unstructured open source information with data from various agency databases to analyze them for outstanding correlations and connections in an attempt to mitigate the burden of rummaging around through the immense amount of information available to them.”

Somehow Palantir Technologies found the time to http://csis.org/blog/palantir-privat...sector-problem
">stop serving government and work with Hunton and Williams and help Bank of America stop WikiLeaks from releasing documents that might impact Bank of America operations. (Or, maybe the government had given tacit approval to Palantir to participate in this operation.)

Berico Technologies worked with the National Security Agency (NSA) to invent technology that “made finding roadside-bomb makers easier and helped stanch the number of casualties from improvised explosive.” Apparently to add to their prestigious history, they decided to participate in this initiative (or, again, maybe someone in government suggested private corporations begin to go after WikiLeaks).

The three security service companies proposed the following tactics for going after WikiLeaks: “Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.” Part of their plan foolishly involves turning Salon's Glenn Greenwald against WikiLeaks.

Consider that along with the fact that HBGary counts as an advisor Andy Purdy, who was a member of the White House staff team that helped to draft the U.S. National Strategy to Secure Cyberspace in 2003. He joined the Department of Homeland Security and served on “the tiger team that helped to form the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).” He worked for three and a half years and spent the last two heading the NCSD and US-CERT as a “Cyber Czar.”

Now ask, did Purdy think when he joined HBGary he would one day become ensnared in an operation that only groups of hacktivists like Anonymous would attempt? Is this really why one gets into the business? To harass cyber geeks who believe in freedom and justice?

For fiscal year 2011, the federal budget for homeland security will provide “$364 million to the Department of Homeland Security to support the operations of the National Cyber Security Division which protects Federal systems as well as continuing efforts under the Comprehensive National Cybersecurity Initiative to protect our information networks from the threat of attacks or disruptions.” This begs the question: should companies engaged in this kind of conduct really be allowed to take government money to fund their company’s operations, which are supposed to protect government cyber infrastructure?

Incidentally, HBGary's infiltration led to the company "getting pwned." Anonymous figured out what was going on and seized HBGary's domain temporarily posting this image—a letter with an opening line that reads "claims of 'infiltrating' Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself."

Even though Anonymous is known to have hacked into companies like PayPal and Visa, does HBGary or any other cybersecurity service have any business mounting operations to infiltrate or target anyone linked to Anonymous? Unless HBGary is working for the FBI, it does not seem like they should be allowed to engage in such activity.

The president of HBGary, Penny Leavy, says, “Today’s sophisticated cybercriminals require a sophisticated approach to network security.” That may be true. But, one might ask Leavy, "Do today’s sophisticated cyber activists require amateur cyber snoops?"

http://wlcentral.org/node/1250

[Kuya]

More on Glenn:

As TechHerald reports, among those documents was a presentation, “The Wikileaks Threat,” put together by three data intelligence firms for Bank of America in December. As part of it, they put together what they claimed was a list of important contributors to WikiLeaks. They suggested that Glenn Greenwald’s support was key to WikiLeaks’ ongoing survival.

The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.

One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.

Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.

“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.

As TechHerald notes, an earlier version of the slide said support from people like Glenn needed to be “attacked.”

http://emptywheel.firedoglake.com/20...enn-greenwald/

[Kuya]

It's amazing how these private companies took it upong themselves to play spy games for both themselves and the government.

[archibaldcrane]

How long will it take for the "anonymous hackers" to get ID'ed because they took no precautions to cover their tracks?

[KoD]

I find it funny that a company who ment 2 protect the goverment cyber network, is it self not protected, I wouldn't be going to them for cyber security w, bad bussiness when your task is to protect something but can't even protect your own systems

[Cantih]

How long will it take for the "anonymous hackers" to get ID'ed because they took no precautions to cover their tracks?

Reminds me, the whole reason this happened is because the LOIC didn't really hide who you were.
Since it's open source, has anybody been working on a fork of LOIC that is more in line with what anonymous needs?

[Yabby]

How long will it take for the "anonymous hackers" to get ID'ed because they took no precautions to cover their tracks?

The guys using Ion and the guys pulling this off are on totally different levels. Don't expect ID's.

[Plow]

he had uncovered the identities of Anonymous’ leaders using social networking sites

funniest shit ever to involve 4chan in any way shape or form

[Cayos]

http://gawker.com/#!5757995/an-inter...nonymous-probe

The FBI raided the home of one of 4chan's IRC mods.

Spoiler: show

An Interview With a Target of the FBI’s Anonymous Probe

An Interview With a Target of the FBI's Anonymous ProbeThe feds are taking Operation Payback seriously: In response to the Anonymous attacks on Paypal, Mastercard, Amazon, and other corporations that severed ties to Wikileaks in the wake of Cablegate, the FBI has served more than 40 search warrants and subpoenas as part of an ongoing grand jury investigation into the attacks based in San Jose, Calif. We spoke to one target of the investigation, a 19-year-old woman who lives on the West Coast, anonymously about the FBI raid on her home, her participation in the movement, and the FBI's fundamental cluelessness about the nature of Anonymous.

The woman, who operated Internet Relay Chat (IRC) rooms where efforts to shut down Paypal and other sites were planned under the screen name "No," was raided late last month. Agents served a search warrant, questioned her, and seized two computers, her iPhone, and a router. Far from being a devious "hacker" who used her skills to undermine global corporations, "No" describes herself as a computer illiterate—"everything I know about computers I have learned since November"—who simply helped keep order and crack jokes in IRC channels. She says she never actually participated in DDOS attacks or cracking corporate security. And the FBI agents who raided her house at 6 a.m. displayed disconcerting naivete about what they were investigating: One agent asked her if she had a Guy Fawkes mask, the ad hoc symbol of anonymous that was adopted as a real-world totem by some protesters against Scientology but remains largely a digital badge. It would be weird if she actually had one.

The interview was conducted via e-mail and has been edited into a coherent Q-and-A.

Why did you get involved in Anonymous?

I saw something about them. Some web article. I said, "Wow, wtf are these people?" So I initially joined the IRC to watch them. It seemed like an interesting concept. A large group of angry people with supposedly no control structure tearing shit up online. I wanted to know if they really had no command structure. I wanted to know how it worked. Like a clock, sort of. Watch it. Take it apart. See how it ticks. And I liked what they were doing. I disagree with copyright. I disagree with how companies can shit on our rights and the government stands by and does nothing. I disagree with how a single mother can be sued for millions of dollars over 15 or 20 songs when those same songs are 99 cents on iTunes.

So what did you do? Did you participate in any DDOS attacks?

The phrase I used to use is "I don't lead Anonymous. I don't lead anyone. I just troll with authority." I never hosted a hivemind. I never wrote a piece of DDOS software. I never touched a server. I was a channel operator, or IRCop. Meaning, I had the ability to ban people from the channels I was operator on, kick them from those channels, change the [rules] of the channels. As far as the "did participate in DDOS, etc." question: That is, ironically, the same question the FBI asked me. "Do you have to DDOS or vandalize websites or hack to gain operator status in Anonymous?" My answer was: "No. That would be stupid. What if you are a horrible op and you abuse your privilege?" We give op to the people who we think will do a good job of maintaining the channels.

Why did the FBI target you?

My personal opinion is that, when I was "no," I got away with quite a bit of bullshit on the servers. I had op in quite a few channels. I was allowed to do things that the average user would have been banned for. I was friends with a few of the people that the FBI considers higher up in Anonymous. I helped in some of the setup channels. I think the FBI came to my house that morning thinking that I either was "high up" in Anonymous, or could and would hand them the people they are looking for. None of these things are true. I am just a user the IRCops find particularly amusing and so they let me get away with the ridiculous amount of running amok that I have a tendency to take part in.

Can you describe the raid?

It was six in the morning. I had just woken up to get ready for work. Obnoxious people in vests banged on my door and pointed guns at me when I was in my fucking pajamas. Later they told my family that I was "arrogant and belligerent." I disagree. I think they expected me to cry. I think they expected me to ask for forgiveness. I think they expected me to panic and give them everything I knew. I think that these are stupid expectations based on the fact that I am 19 and female. I think that they were disappointed with what I gave them.

What were they looking for?

The warrant said they were looking for anything that could store files connected to, or software for, hacking, infiltrating, DDOS attacks, etc. This could be anything from a phone, to a USB stick, to a microSD [Flash card], to a computer, to a backup disk. I think they are still looking for a leader of Anonymous. The sad thing is, there is no leader to give them. If they catch an IRCop, if they seize the servers, someone will just make new servers, build a new IRC network, new IRCops will step forward. No one person or select group of people select the targets. If enough people say "Lets DDOS Paypal," Paypal gets DDOS'd. Not by everyone. There is rarely an op where everyone takes part. Because, who is going to make them DDOS? There is no governing body. If they are looking for the responsible party in the Paypal raids, they should look at Paypal. I did not convince 7,000 people to attack Paypal. Paypal convinced 7,000 people to attack Paypal.

So what did they take from you?

The whole thing was sort of a botch. I had this flier hanging on my fridge. It's a picture of my little sister, and it says "The [insert little sister's name] Liberation Front." I made it as a joke about how strict my mother is. It looks quite like some of the fliers that have been made for Anonymous. They brought it into the living room where they were asking me questions and asked very seriously, "Is this an upcoming operation for Anonymous?" I laughed and almost said, "Yes."

The whole time they are asking me questions in my living room, I can hear the rest of the team in my kitchen looking over my laptop giggling and all excited like little kids. You expect the FBI to be professional. I mean, they have the vest, the gun, the little LED flashlight that leaves spots on your eyes. They all have the over exaggerated adjective "special" in front of their "agent". The whole 9 yards. And then you hear them gasping and cooing over my Mac because they are so excited they think they caught a cyber terrorist. (Who cyber terrorizes from a Mac?) I think, that to them, the raid was a game. The agent in charge of my particular warrant actually asked me if I owned a Guy Fawkes mask. I told him no and then asked him if he was disappointed that he wouldn't have a picture of "a real live Anon's mask" to hang in his office. He actually said yes. He gave me his card before he left. Later on, when he talked to my family, he told them that if I released his info to Anonymous, he would bring "the full force of the FBI" down upon me.

They found my German dictionary in my room and kept it with them when they were asking questions. Rather funny in my opinion. Very "Boondocks Saints". Like I might start insulting them in German and think they couldn't look it up later.

I think the American public sometimes has this general image of the FBI as professional and well informed and omniscient. Up until this point, I sort of held this same belief.

Do you fear you will be indicted?

There is a tiny little part of me that is like, "Oh shit. It's the FBI." But in honesty, there is nothing I can do if they choose to press charges. All I can do is try to not give them more evidence against me and not make it easy for them to reach a conviction.

Or do you just think it was just that they were digging through your stuff to look for bigger fish?

I think they thought they were catching a bigger fish, or that I would lead them to bigger fish. I am not a big fish. I am rather harmless. I have a propensity for teaching other Mac users how to use their Macs. Last I checked, this is not a crime. Although, I think that certain government agencies (including Steve Jobs, who I am convinced is a government agency) would like to make it illegal.

Have you also been called to testify before the grand jury?

No I have not. I was disappointed by this. I think I would have been a fun person to question. Maybe because they didn't want to pay for a German translator?

Why do you think the feds consider some folks "leaders"? Just that they're more active?

I think the Feds need there to be a leader. How do you cut the head off a snake that doesn't have a head? They are looking for the fastest most efficient way to kill Anonymous. If they ever kill Anonymous, it won't be fast and it wont be efficient. They would have to oppress many, many civil rights to do so. As far as taking out those who are more active—I can tell you that we had a boy in the Netherlands who used to help a lot with Anonymous. He got caught. He was 16. Before he got caught, Anonymous had maybe 15 Dutch on the whole IRC. After he got caught a special channel had to be made just for all the Dutch people that were coming in.

How'd they find you?

They found me through the IRC. I did not make myself a particularly hard person to track down, because I did not believe and still do not believe that I am worth prosecuting. I am harmless. The warrant said they were looking for anything that could be used to hack or infiltrate. I do not hack or infiltrate. Everything I know about computers I have learned since November. That is if you can consider a Macintosh a computer.

How has this affected you financially? Emotionally?

Well, I had a surplus when they hit. I have since moved out of my father's house. We disagree on my civil rights. He believes I should give them everything. I believe I should give them nothing. He believes I am not entitled to privacy and a doorknob. I believe he is a drunk who needs to learn how to clean the kitchen. Me and my father no longer speak and he refuses to call me by my name. He calls me either "terrorist" or "enemy of state." I find these amusing. I am even thinking of making t-shirts.

[Acturus]

http://gawker.com/#!5757995/an-inter...nonymous-probe

The FBI raided the home of one of 4chan's IRC mods.

She gave a fantastic interview.

[Silenka]

I think I am in love with that girl, lol. I wouldn't have made nearly as eloquent a response, and she's younger than me. Not to mention her amazing composure when the FBI knocked on her door, if she's telling the truth about that.

The government's lack of knowledge about Anon is not surprising to me, but it is a little disappointing. Anon delivers enough lulz that I wouldn't want the government to somehow find a way to keep the masses from acting, but their lack of knowledge could be so easily remedied it's not even funny. I thought they would have, you know, intelligent people figuring these things out, but it seems while they are seriously acting on "the threat of Anon", they are not taking it seriously at all (evidenced by the agents giggling over her lolmac). Just regular people on a job they consider stupid, maybe.

With what just recently happened in Egypt, the FBI might take a clue from that kind of organizing of the masses and realize that Anon will never be stopped since it can be everyone or no one. Everything the girl said was right on the money, of course, it's just a wonder it's taking them this long to figure it out, I mean, Mulder would have caught on by now

[edit] I suppose that the ignorant media's response to Anon makes up over half the lulz Anon delivers, though.

[rog]

The government's lack of knowledge about Anon is not surprising to me

It surprises me. It really isn't too hard to figure out. There aren't many secrets with anonymous. Almost everything is done right out in the open, you just have to look.

[Indalecia]

That is one level-headed young woman.

[Kytele]

It surprises me. It really isn't too hard to figure out. There aren't many secrets with anonymous. Almost everything is done right out in the open, you just have to look.

The problem is that imo the FBI has long used the same training tactics at the same slowly evolving speed and simply cannot catch up with the fast current that is something like Anonymous. There is no FBI "training" to "defeat" Anonymous nor could one really exist because of the nature of Anonymous itself.

[chiyio]

That girl sounds bad ass, heh.

[Norellicus]

/b/ != Anonymous

Just sayin

[rog]

/b/ != Anonymous

Just sayin

Obviously, but it's a good place to start.

[Khajit]

I'm halfway tempted to go onto /b/ claiming to be an FBI agent and going on about how they're in big trouble.

[Overburn]

I'm halfway tempted to go onto /b/ claiming to be an FBI agent and going on about how they're in big trouble.

This has never been done before.

[Khajit]

No shit Sherlock.