Hacked and Vandalized, HBGary Pulls Out of RSA Security Conference

[Serra]

Source

The California security company that is at the center of a controversy over a plan to discredit WikiLeaks and its supporters abruptly pulled itself out of the RSA security conference in San Francisco this week, citing security concerns.
...
HBGary has been under fire for several days now after its Web sites, corporate email system and Twitter accounts were hacked, and details of a company business proposal to discredit WikiLeaks were posted to the Internet. The attack was apparently launched by Anonymous in response to HBGary Federal's CEO Aaron Barr's talk, which had been slated for Monday morning. Barr said he had discovered the identities of many of Anonymous's leaders, and had planned to discuss his investigation in a talk at the BSides San Francisco conference, which runs in tandem with RSA.

Apparently a large customer identified in the article and two business partners have already distanced themselves from HBGary. This is corporate terrorism that could destroy this company.

On the other hand, they were targeted in the first place for offering to conduct corporate terrorism for Bank of America - for money - themselves...

[Iconyu]

"Barr said he had discovered the identities of many of Anonymous's leaders..."

Leaders? He might have found leaders from hacker groups, or maybe people who initiated a certain action, but people who talk to each other as anon tend not to have leaders.
I witnessed them try to organise for trouble making but unless they are already angry and have a target their collective attention span is about 15 minutes. Seriously the best you can hope for with these guys is to point them in a direction and hop it amuses them. Any attempt to 'lead' will be met with derision.

[Buckeye]

The source link seems to be down for me. I found another tho., not sure if it's the same text but it has additional info

http://arstechnica.com/tech-policy/n...bgary-hack.ars

[god_43]

i say the company got what was coming to them, they were waging massive propaganda wars, and barr was going to meet with the fbi and try to sell them false info about anon (waste tax payers money)...i have no love for this company. this link explains the whole situation much better. they were not targeted because of the talks lol.



paid in full

[Serra]

"Barr said he had discovered the identities of many of Anonymous's leaders..."

Leaders? He might have found leaders from hacker groups, or maybe people who initiated a certain action, but people who talk to each other as anon tend not to have leaders.
I witnessed them try to organise for trouble making but unless they are already angry and have a target their collective attention span is about 15 minutes. Seriously the best you can hope for with these guys is to point them in a direction and hop it amuses them. Any attempt to 'lead' will be met with derision.

I think the useful arm of Anon is probably a much smaller group than people tend to think. There are some top-notch people who pull off a number of the hacks that they get credit for, but there just aren't many of those types in the world. Tons of script kiddies who can run programs they are told to, and certainly some hands-and-feet personnel, but as far as the real "brains" go, I doubt there are many. Cut those out and all you really have is a league of script-kiddies, which are more of a danger to themselves than anyone else.

As far as whether they have identified any of those brains go, well, that's another question. If they were working with clients interested in finding out, I'm sure it's possible... but who knows where they got.


You get +10 points for spotting the bot in this thread, BTW. I've never seen one that copies forums posts before, it was probably one of the better and longer-lived bots we've had here in awhile.

[osiris999]

dont forget source code for stuxnet was also in the emails. now anon can use stuxnet in its attacks.

[IvanAndreevich]

Does anyone else think HBGary is a name designed to fail?

[STEvil]

the more I read about it the more I laugh out loud at the idiocy of the guy.. LOL!

I mean, really....

He continued in this philosophical vein:

But dude whos evil?

US Gov? Wikileaks? Anonymous?

Its all about power. The Wikileaks and Anonymous guys think they are doing the people justice by without much investigation or education exposing information or targeting organizations? BS. Its about trying to take power from others and give it to themeselves.

I follow one law.

Mine.

[antiacid]

"HBGary are the Tacoma Narrows bridge of the IT security world now."

lol, these guys are a joke. And to think they contracted for 3-letters agencies...

[STEvil]

"HBGary are the Tacoma Narrows bridge of the IT security world now."

lol, these guys are a joke. And to think they contracted for 3-letters agencies...

http://www.cbc.ca/politics/story/201...g.html?ref=rss


hmm...

[antiacid]

http://www.cbc.ca/politics/story/201...g.html?ref=rss


hmm...

"For years, experts including the federal auditor general have been warning that security on the government’s networks is woefully inadequate and open to cyberattack."

I think that sums it up.

[KGB7]

http://www.cbc.ca/politics/story/201...g.html?ref=rss


hmm...

Canada has sensitive information? Let me guess, a recipe for a maple syrup?

[Aerwidh]

Canada has sensitive information? Let me guess, a recipe for a maple syrup?

You know about the maple syrup recipe?

[zalbard]

If you try to piss off the hackers, you get hacked...
Being overly confident and arrogant gets people in trouble.

[Serra]

dont forget source code for stuxnet was also in the emails. now anon can use stuxnet in its attacks.

In that case we can only hope that FBGary doesn't have any uranium centrifuges run by Siemens PLC's, or they may/may not be totally screwed by having higher than average replacement costs over a long-term period. Stuxnet was designed to target a ridiculously specific equipment set, and even modified to go beyond that it's still only basically useful against Siemens PLC's, which are used almost exclusively in manufacturing equipment, not computer systems. Sure, it can travel through computers, but it doesn't really navigate through computer systems in any particularly novel way and patches have been out for so long it's not even worth the amount of time required to re-engineer it.

[SMTB1963]

SourceApparently a large customer identified in the article and two business partners have already distanced themselves from HBGary. This is corporate terrorism that could destroy this company.

As well they should. Hell, if I was one of their customers, I wouldn't be just distancing from them - I'd be dropping them entirely.

If Barr's claims of death threats are true, then yes, I guess you could call it corporate terrorism. Otherwise, I think that's a pretty strong word for what anon did (although it was unquestionably illegal). I'm by no means an expert on anon, but death threats don't seem to be their style. Could it be that HBGary just needed an excuse to withdraw from the RSA security conference?

You get +10 points for spotting the bot in this thread, BTW. I've never seen one that copies forums posts before, it was probably one of the better and longer-lived bots we've had here in awhile.

...mmm...better and longer-lived...better and longer lived...it must be STEvil!!!



(second choice would be internetometer)

[Serra]

As well they should. Hell, if I was one of their customers, I wouldn't be just distancing from them - I'd be dropping them entirely.

If Barr's claims of death threats are true, then yes, I guess you could call it corporate terrorism. Otherwise, I think that's a pretty strong word for what anon did (although it was unquestionably illegal). I'm by no means an expert on anon, but death threats don't seem to be their style. Could it be that HBGary just needed an excuse to withdraw from the RSA security conference?

"Anon" is a loose group, largely comprised of fly-by-night 14 year olds who "join" because they want to be "hackers" (I mean, all you have to do to join is say to no-one "I am part of Anon" and support the cause in a way, be it vague or concrete). They'll go with the herd when someone provides them a simple 2-button tool, but otherwise they'll do whatever they feel helps the "cause" because there is no central organization that tells them what should/should not be done... I suspect death threats and many other kinds of threats made over the Internet by such members are very common in any case that is taken up by the group. I mean, let's be honest about it, how high do you think the ratio of people willing to do send a hateful e-mail is compared to the number of people willing/able to break into a space and vandalize a booth? 1000:1? 10,000:1?

As far as corporate terrorism goes, this absolutely qualifies. It is the use of fear to stop companies from pursuing profitable endeavors which they have a legal (though not necessarily moral) right to. They have been acting as corporate terrorists to fight anyone who offends or distances themselves from Wikileaks for some time now, for example.

[osiris999]

Anon doesn't send death threats. Also it isn't a bunch of highschool kids like it once was. They also do far more than just use loic to ddos attack.

[SMTB1963]

"Anon" is a loose group, largely comprised of fly-by-night 14 year olds who "join" because they want to be "hackers" (I mean, all you have to do to join is say to no-one "I am part of Anon" and support the cause in a way, be it vague or concrete). They'll go with the herd when someone provides them a simple 2-button tool, but otherwise they'll do whatever they feel helps the "cause" because there is no central organization that tells them what should/should not be done... I suspect death threats and many other kinds of threats made over the Internet by such members are very common in any case that is taken up by the group. I mean, let's be honest about it, how high do you think the ratio of people willing to do send a hateful e-mail is compared to the number of people willing/able to break into a space and vandalize a booth? 1000:1? 10,000:1?

As far as corporate terrorism goes, this absolutely qualifies. It is the use of fear to stop companies from pursuing profitable endeavors which they have a legal (though not necessarily moral) right to. They have been acting as corporate terrorists to fight anyone who offends or distances themselves from Wikileaks for some time now, for example.

You make some excellent points. But I've never heard of anon being tied to death threats. Again, I'm not an expert - just going by what I've read on the net. Oh, and if placing this sign



at HBGary's booth constitutes an act of vandalism, then maybe I have a different definition of "vandalism" than you do. I don't know...was any property at the booth defaced/destroyed?

I'll grant you that anon's attacks on Amazon, PayPal, Visa, etc. could qualify as "the use of fear to stop companies from pursuing profitable endeavors which they have a legal (though not necessarily moral) right to." They should expect to pay the consequences for those actions. But personally, I don't consider HBGary's sucking up to our government's fight against Wikileaks and it's supporters to be a legitimate pursuit of profitable endeavors. I also fail to see how PayPal freezing Wikileaks accounts is profitable for PayPal. If PayPal froze the accounts out of fear of goverment action against them, who's really the terrorist?

Be that as it may, I guess I like the outcome in this specific case, while not approving of the means to achieve it. DoS against Visa...10yrs in prison + $10,000,000 fine. Exposing a "Security" company as completely unqualified...priceless!

[Serra]

Anon doesn't send death threats. Also it isn't a bunch of highschool kids like it once was. They also do far more than just use loic to ddos attack.

Anon is a collection of individuals who have themselves decided that they are part of anon. It is made of whoever wants to join, no skill required, no test to take. As a result, it is indeed largely a bunch of junior high kids like it once was and always will be. And yes, in that large group of self-appointed members of Anon are people who will send threats... it's not like they lose their decoder ring for doing so. The truth is that sending threatening e-mails is probably the most contribution most members of Anon can make without someone fork feeding them an application.

As a whole, Anon can do more than basic DDOS... but the individual "they" that can is a very, very small clique within the larger group. When speaking of what Anon does as a mass (not a few individuals who are part of the group), the truth of it is that the only attacks the multitude as a collective have ever done were simple attacks that only required members to install an application and press a button. It's not an insult, it's just the practical nature of the beast. In fact, I would even go so far as to say that 99% or more of "anon" has no idea how the tools they are being asked to use actually work.


Truthfully, a lot of the tools and such that people who claim to be part of Anon distribute end up in the spectrum somewhere between being malware and being a legitimate tool that is easily tied back to the person launching it, who does not have the technical expertise required to avoid detection. This is caused by the fact that ANYONE can claim to be part of Anon and distribute software anywhere under that name. It's more a matter of whether it catches on to actually use the software, which for malware is going to be pretty low, which is why you don't hear large reports about it.

You make some excellent points. But I've never heard of anon being tied to death threats. Again, I'm not an expert - just going by what I've read on the net. Oh, and if placing this sign

at HBGary's booth constitutes an act of vandalism, then maybe I have a different definition of "vandalism" than you do. I don't know...was any property at the booth defaced/destroyed?

I'll grant you that anon's attacks on Amazon, PayPal, Visa, etc. could qualify as "the use of fear to stop companies from pursuing profitable endeavors which they have a legal (though not necessarily moral) right to." They should expect to pay the consequences for those actions. But personally, I don't consider HBGary's sucking up to our government's fight against Wikileaks and it's supporters to be a legitimate pursuit of profitable endeavors. I also fail to see how PayPal freezing Wikileaks accounts is profitable for PayPal. If PayPal froze the accounts out of fear of goverment action against them, who's really the terrorist?

Be that as it may, I guess I like the outcome in this specific case, while not approving of the means to achieve it. DoS against Visa...10yrs in prison + $10,000,000 fine. Exposing a "Security" company as completely unqualified...priceless!

I had read in one link that there was some property destruction; if there wasn't, then I agree it wasn't vandalism. I guess someone will need to dig up a link confirming it one way or another, but that isn't the point of what I was saying anyway... the point was that there are few people in the area of the conference that could have done something physically for Anon let alone who WOULD, but there are a LOT that are outside of the area unable to and probably a larger percentage who WOULD take what action they could, because there is little or no risk or effor at all for doing so from an Internet console. Like, orders of magnitude more.

I won't comment on whether Anon is "justified" or not in what it does. Legally, they aren't and they are using fear to try to push their agenda, and that is terrorism. Is it a morally righteous form of terrorism? I won't comment on that. Strictly speaking, guerillas fighting a genocidal dictatorship are also terrorists if they use fear, even if they just want peace and democracy.

[Vinas]

The real problem is that HB Gary is a joke!

[SMTB1963]

Legally, they aren't and they are using fear to try to push their agenda, and that is terrorism.

While I'm inclined to agree with your position at some level, the "Terrorist" label is being attached to so many activities these days (illegal or otherwise) that it's becoming meaningless. Under your broad definition, that chucklehead lawyer at ACS:Law who threatened people with lawsuits could be considered a terrorist of sorts.

One of my agendas is to keep the neighbor's kids off my lawn. If on halloween I jump out of the bushes and scare the snot out of them in furtherance of my agenda, am I a terrorist? Gitmo, here I come!


Look, I'm not trying to be argumentative, but to me there's a huge difference between this guy:



and this guy:



The guy strapping explosives to himself and blowing up a crowded market? Yeah, he's a terrorist. The guy(s) hacking an internet "security" company - then taunting them with a sign at their booth after they got completely punked? Criminal? Yes. Terrorist? Not in my book. IMO, any reasonable definition of the word "terrorist" has to include a tie to violence/bloodshed against innocents.

I'm not arguing that what anon's been up to with their HBGary activities falls into the category of legitimate protest. But I'm not sure what is to be gained by labeling garden-variety criminals "terrorists".

EDIT: Anonymous, if you're listening, you guys are anything but "garden-variety"...um, what I meant to say is...you're AWESOME!

[saaya]

dont forget source code for stuxnet was also in the emails. now anon can use stuxnet in its attacks.

ROFL really?
I <3 Anon
Wtg guys!

[Aerwidh]

But I'm not sure what is to be gained by labeling garden-variety criminals "terrorists".

Love the term "garden-variety criminals"
Tell me, do you know if it is difficult to grow Anons? Or does one simply plant one somewhere and watch them grow like crazy? Know of any suitable fertilizer?

On a more serious note, I agree one shouldn't call them terrorists. Some of them might be guilty of vandalism, or of threatening people, but that's still quite a ways from terrorism. There is enough incorrect usage of such a term from various sources (the US government, for example) as it is, without us doing it.

[RaZz!]

ROFL really?
I <3 Anon
Wtg guys!

i wouldn't want neither anon nor anybody else to get their hands on smth like this :x