HBGary Federal Hacked By Anonymous

An anonymous reader writes "As the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership. HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing. Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills."

Re:Ambivlance

[kyz]

And the company Anonymous is going after probably helps stop real security threats that most of us would agree merit stopping; not just Cablegate-related stuff.

To help you out: HBGary is still running. HBGary Federal is a new spin-off company started in December 2009 to try and sell "cybersecurity" products to the Feds.

If they were cybersecurity experts, ones that were worth paying for with your tax dollars, then Anonymous would not have been able to pwn their website, twitter accounts, email, ....

According to some of those recently pwned emails, the spokesperson Aaron Barr admitted to his own staff that he was deliberately provoking Anonymous, because he knew that the press was interested in anything to do with Anonymous and they'd get good publicity and possibly sales.

The money quote from Aaron's company email: But it's not about them... it's about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic to speak because they are on Al Jazeera, ABC, CNN, etc. I am going to keep up the debate because I think it's good business, but I will be smart about my public responses.

Does that help you swing one way or the other?

Misleading summary as always

[SignalFreq]

source article [yahoo.com]

There was no FBI involved in this. It was some random company's attempt at PR (I'm sure they regret it now). The original article even says that the information would not be useful to police and that they planned to give it away at a conference in San Fransisco next week.

Not exactly "cooperation with an FBI investigation"

Seriously Slashdot... when are you going to hire editors who actually verify submissions before letting them onto the front page. No better than the national enquirer...

Why bother with proxys

[Doodlesmcpooh]

If the hackers were UK based then they just have to buy a wireless dongle. You just lie about the information on the registration screen and away you go untraceable. Granted they will be able to triangulate the signal but its easy enough to drive somewhere quiet with a laptop and do it. Failing that they could just hack some poor old ladys wireless and use that. Both of these options are simple to do and less hassle than proxys.

Greg Hoglund the other owner of HBGary?

[Securityemo]

That guy's a really well-known security author/researcher, mostly from his books and from the rootkit devel community rootkit.com, which now seems to be down as well. Take a look at http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/ [krebsonsecurity.com]

They managed to social engineer a site network admin into giving them SSH access. Hoglund has apparently given a phone interview of some sort, but I can't find a transcription if one exists.

Lessons in security will never be learned

[erroneus]

Good security is too inconvenient for the typical business person. Easy security is invariably bad security. "We want to work from home or the coffee shop and not have to remember stupid passwords!" Tough!

This is especially bad when this is supposed to be a cyber-security focused company! If I were in a decision-making position in the FBI, I would simply walk away from this company without another word. This company is clearly not up to the task of defending itself. How can they be trusted to do good research and deliver good information?

Why is it that when the government(s) refuse to listen to their people, the people get angry? Why is it that governments don't understand or appreciate that this is no small matter? And isn't it a terrible sign that when a people begin acting out against the government and parties involved that the government closes up even tighter refusing to hear anything at all? The result of this behavior is ALWAYS the same -- the angry people get even more angry and will push back even harder.

Wouldn't it be more responsible for the government to at least open up some talks before things get like this and worse? No... I know that won't happen. "We don't negotiate with terrorists!" Fine. Who WILL you negotiate? They wouldn't be "terrorists" if you didn't listen and respond!!

Re:Line between Civil Disobedience. . .

[poity]

Blacks in America sat in whites-only establishments in direct contravention of an unjust law -- they broke laws of segregation in order to highlight to the public the systemic injustices placed upon black Americans. What law is Anon directly disobeying to highlight its injustice? All they've broken are laws against computer fraud and abuse. What injustices within computer fraud laws does that highlight? I can understand if Wikileaks mirrors were shut down or reading WL material were made forbidden to the public, and individuals come together to help each other set up servers and to access them in defiance of government censorship. You could draw an equivalence if that were to happen, but what Anon is doing right now is NOT the same as civil rights era civil disobedience.