Cybersecurity firm HBGary hacked by anonymous

[Demosthenes11]

So are you one of those guys who posts on tor backforums about government conspiracy theories and how pedophilia really isn't a big deal?

duh?

[Cadsuane]

You know, in seriousness now, it kinda puts anonymous in a different light when you realize alot of anons are anti-establishment and learn network security basically just because they aren't allowed to have sex with children.

[Acturus]

You know, in seriousness now, it kinda puts anonymous in a different light when you realize alot of anons are anti-establishment and learn network security basically just because they aren't allowed to have sex with children.

Which is a shame, because there's always the Super Adventure Club.

[Max™]

http://arstechnica.com/tech-policy/n...ry-federal.ars

Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a Congressional investigation loomed. A dozen Democrats in Congress asked various Republican committee chairs to launch probes of HBGary Federal's idea for a "reconnaissance cell" targeting pro-union organizers.
HBGary Federal was hacked last month by Anonymous after Aaron Barr believed he had unmasked much of the group's leadership—and Barr's entire cache of corporate e-mails was made public. Those messages revealed that Barr had joined up with two other security firms, Palantir and Berico, to pitch the powerhouse DC law firm of Hunton & Williams on an idea to go after union-backed websites who opposed the US Chamber of Commerce. The scheme, if adopted, would have cost the Chamber up to $2 million a month.
The three companies called themselves Team Themis, and instead of providing simple "business intelligence," they had a few other ideas:

Uh oh...

• Create a false document, perhaps highlighting periodical financial information, and monitor to see if US Chamber Watch acquires it. Afterward, present explicit evidence proving that such transactions never occurred. Also, create a fake insider persona and generate communications with [union-backed Change to Win]. Afterward, release the actual documents at a specified time and explain the activity as a CtW contrived operation.
• If needed, create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second. Such work is complicated, but a well-thought out approach will give way to a variety of strategies that can sufficiently aid the formation of vetting questions US Chamber Watch will likely ask.
• Create a humor piece about the leaders of CtW.

Shit just got lulzier.

Now, some members of Congress want an investigation. "The [Team Themis] techniques may have been developed at US government expense to target terrorists and other security threats," said a letter signed by the representatives.
"The e-mails indicate that these defense contractors planned to mine social network sites for information on Chamber critics; planned to plant 'false documents' and 'fake insider personas' that would be used to discredit the groups; and discussed the use of malicious and intrusive software ('malware') to steal private information from the groups and disrupt their internal electronic communications."
Did anything illegal happen? The letter suggests that forgery, wire fraud, and computer fraud might have taken place and that Congress should investigate the ways that private contractors turn their military contracting experience on private targets.
Going after the lawyers

Hunton & Williams, the middleman law firm in all this (and the middleman between a major US bank and Team Themis' similar plan to take down WikiLeaks), has steadfastly refused to comment on the whole story. But it too may find itself in trouble after a professional conduct complaint (PDF) was lodged against it last week in Washington, DC.
The complaint was filed by Stop the Chamber and Velvet Revolution, two of the groups targeted for the potential Chamber of Commerce campaign. It accuses the three Hunton & Williams lawyers named in the HBGary Federal e-mails of "an extended pattern of unethical behavior that included likely criminal conduct."

Specifically, they solicited, conspired with and counseled three of its investigative private security firms to engage in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.

Most of this alleged bad behavior was done, of course, by Team Themis and not by Hunton & Williams. Still, they reviewed (and appear to have had no problems with) the material. As the complaint puts it, "none of the H&W lawyers ever expressed any reservation or doubt about the unethical conduct proposed and committed by their investigators. In fact, they actively solicited and approved everything that was proposed and presented."
The complaint asks the DC Board of Professional Responsibility to strip all three Hunton & Williams lawyers of their licenses.

http://arstechnica.com/dragons/breat...49230&50447569

[Acturus]

Delicious cake

[Ragnus]

Delicious cake

^

[Drex]

and then you realize that the people who did this are probably posting in a ponies thread right now. i loved how they interpreted the little piece of paper as an attack and bailed as if they were doing everyone there a great service though. trolled hard.

[Saga]

Now, with the appearance of the note in their RSA booth, the team felt not just electronically exposed; they felt physically threatened and stalked. "They decided to follow us to a public place where we were to do business and make a public mockery of our company," Butterworth said.

I dare say, Butterworth, it wasn't until the sharpie-scrawled piece of poster board appeared that your company was made a mockery of. Bravo, old chap!

[Cantih]

and then you realize that the people who did this are probably posting in a ponies thread right now.

Oh god

[Senoska]

You know, in seriousness now, it kinda puts anonymous in a different light when you realize alot of anons are anti-establishment and learn network security basically just because they aren't allowed to have sex with children.

I know you're trolling but I'm hardly anti-establishment. Personally, I'm for establishment, just not a corrupted one. As to the latter point, I learned about security through breaking other people's stuff. Trial and error. I'm sure others in Anonymous are similar. When you're bored and have nothing to do, why not break into some shit? There's a surprising amount of control that you feel you have when bringing down or subverting a website's security. Just saying.

[Shuvo]

Finally found a proper breakdown of what Anon actually did:

http://www.h-online.com/security/fea...tml?view=print

Was a bit better then what I thought, I guess I take back what I said earlier XD