Slashdot Mirror
HBGary Federal Hacked By Anonymous
An anonymous reader writes "As the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership. HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing. Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills."
And by true hacking, we mean true cracking.
So anonymous is now bumming code late night on green screens?
Another mature contribution from those grown-ups at Anonymous.
Ought to have been better prepared if you go kicking a nest full of hornets...
so... "members" of "Anonymous" get investigated by the feds, and criminal charges brought.
so they counter this with more illegal activity which is even more serious and will get them even further into the shit
great plan numbnuts
From the article,
HBGary was victimized by a combination of social engineering and a shared password between systems
Evidently, being a security firm means not having to following good security practices.
This reeks of an inside job.
It's hard to know how to feel about someone waging war against your own society.
Anonymous is fighting partially on behalf of Wikileaks. Wikileaks' recent releases put some sunlight on goverment/industry malfeasance, but also pointlessly harmed some diplomatic efforts by publishing unflattering personal opinions about people the US probably needs to get along with.
And the company Anonymous is going after probably helps stop real security threats that most of us would agree merit stopping; not just Cablegate-related stuff.
What a tangled mess of virtue and vice.
Anonymous, I neither approve nor disapprove of your actions here, but I am impress. This is the real stuff.
...is we don't talk about Anonymous. Second rule of Anonymous is we don't talk about Anonymous. Third rule of Anonymous is ..... ?
Profit!
Sugapablo
They deleted all the content on his iPad.
that's beyond hilarious
Being cracked.
...don't jump into the deep end if you don't know how to swim.
Loading...
HBGary- Good god we didn't see this coming. We pissed off a bunch of volatile crackers and didn't prepare for this unexpected attack Hmmmmmm. But we a security experts :(
Federal pound you in the ass prison. Seriously... It may be a laugh riot for the mob of 15 year old script kiddies to thumb their pimply noses at the suits and squares, and hide behind a "we r legion, lutz!"... but with any criminal conspiracy, the actions of one of the members all are attributable to the rest. All it will take is a few supoenas, some jail time for a few members, and anonymous will go away. No, for reals, yo. It's real brave to participate in a ddos when they can't fathom any consequences for their acts, but once they see other members getting thrown in the hoosegow, the whole "you can't shut us down!" becomes "gee, i hope the community college down the street will admit convicted felons." petty vandals hiding behind anonymity, not a bunch of masked crusaders for great justice.
And I really do hope they get away with it...kinda like LeoDi's character in "Catch Me if You Can", but these things generally end up badly for the bad guys when things start to go public like this. HBGary will probably hire someone who actually knows his shit and tack them down; eventually someone will screw up and put a decimal in the wrong place or some mundane detail like that.
Loading...
Civil Disobedience is, as far as I know, marked by breaking unjust laws, and then *accepting the consequences* by going to jail, or whatever, to show society the unjustness of the laws, and to win sympathy to your cause.
I believe Anonymous stepped way over the line of Civil Disobedience long ago, with retaliation upon retaliation and attempting to avoid being caught. I really just have to view Anonymous as largely a group of criminals who deserve to be in jail for engaging in openly criminal activity - I can't see that laws which make it illegal to perform DDoSes against legal businesses, or to make unauthorized access to other people's computers, are fundamentally unjust.
These guys are definitely not in the same class as the followers of Ghandi or MLK.
From screenshot of defacement in TFA:
"But its not about themits about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that, and they have the mic so to speak because they are on Al Jazeera, ABC, CNN, etc. I am going to keep up the debate because I think it is good business but I will be smart about my public responses."
Wow, just wow. I'm sure what just happened is "good business" for this security firm, since they have been "hacked" by a group perceived to be nothing more (or sometimes even less) than "script kiddies". Embarrassing.
Just reading the ./ post from yesterday and now this!
This is the best Monday EVAR!
source article
There was no FBI involved in this. It was some random company's attempt at PR (I'm sure they regret it now). The original article even says that the information would not be useful to police and that they planned to give it away at a conference in San Fransisco next week.
Not exactly "cooperation with an FBI investigation"
Seriously Slashdot... when are you going to hire editors who actually verify submissions before letting them onto the front page. No better than the national enquirer...
HBGary investigates and attempts to infiltrate Anonymous:Good guys just doin' their jobs.
Anonymous investigates and succeeds in infiltrating HBGary: Criminals... sick sick criminals.
How can "anonymous" be a group?? People just say the act in the name of "anonymous" but they could say they act in the name of Holy Grail - it means nothing..
Maybe slashdot needs to change the name of the "not logged in user" because this is getting fucking ridicules. Anonymous is NOT a group. Anonymous is NOT a "movement". Anonymous is an idea that you can have privacy in today's world. Even fake privacy, like Anonymous Coward on slashdot.
People "acting in name of anonymous" or whatever is just retarded. There is no "anonymous" yet at almost all times we want to have that privacy - we all want all be anonymous. Anonymous is no one and it is everyone. How can people not understand something so simple???
*sigh* You people are clueless. Anonymous is not an organization. It's a meme. "Anonymous" only exists as a phenomenon. You don't join Anonymous; you don't participate with Anonymous. You just do something and then tell people it was Anonymous. Stop trying to ascribe intentions to a meme.
I am sure that if they dig deep enough into "HBGary Federal" they will find enough crap to make the world say well screw you HBGary Federal , All the stuff they have hidden away that they have NO rights having at all in the first place like stuff on 90+% of you lot on here most of which you would rather was not known that would make you sweat like a stuffed pig if it got out .
If anything groups like Anonymous need your support
If the hackers were UK based then they just have to buy a wireless dongle. You just lie about the information on the registration screen and away you go untraceable. Granted they will be able to triangulate the signal but its easy enough to drive somewhere quiet with a laptop and do it. Failing that they could just hack some poor old ladys wireless and use that. Both of these options are simple to do and less hassle than proxys.
"They belvin'd me!"
That guy's a really well-known security author/researcher, mostly from his books and from the rootkit devel community rootkit.com, which now seems to be down as well. Take a look at http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
They managed to social engineer a site network admin into giving them SSH access. Hoglund has apparently given a phone interview of some sort, but I can't find a transcription if one exists.
Emotions! In your brain!
Normally, I would agree with you, but the DDoS, in particular, upon the credit card companies was an organized, concerted effort by a *group* of people all working together. They all communicate together in a common forum (4chan). They aren't acting individually, they are acting corporately.
Anonymous are not hackers, and anyone who equates them with hackers is quite ignorant at best, and a drooling idiot at worst.
Anonymous and indeed most if not all of /b from 4chan are just bored children who bully people or sites for fun. To think otherwise is to extremely naive. They aren't doing it for justice, they just get off on causing problems... which is no different than bullies in real life.
There might be a few core people out there that spread the lulz around, but it's unlikely they will be caught as they have no epeen to whip out. It's the ones having epeen contests that get caught. No hackers get caught because Anonymous doesn't have any. Maybe a few script kiddies have been caught, but don't equate those babies with hackers. LOL.
Or in otherwords, the media is using the "hacker = business boogeyman" trope. *rolls eyes*
There are no "members" of Anonymous. People just do ridiculous shit on the internet and then publicize it as "Anonymous." It's a fucking gag used by pranksters and hackers alike. It's kind of like Santa Claus. Just because the presents show up doesn't mean he really exists. Just because lots of parents are putting the presents there does not mean there is some sort of giant, coordinated Santa Claus organization.
Ever heard of a Joe Job (http://en.wikipedia.org/wiki/Joe_job)?
Glad to see I'm not the only one who thinks this is totally fucking funny and seriously entertaining.
Nothing quite like a skilled display of (digital) violence between two worth competitors. Well, maybe HBGary Fed was not worthy after all. OWNED.
Website defacing, facebook and twitter hijacking are not hacking. Hacking is taking control of a remote computer. 99% of the web hosting companies out there have less than good security. So some script kiddies defaced a website, brute forced a facebook or twitter account. This is like some disguntleted teenager spray painting profanity in a highschool hallway. These anonymous guys are looking more and more like a joke. If they want to do something useful they should be gaining access to the corporate intranet and wiping out the servers. Take control of the e-mail server and black hole every e-mail the company sends to anyone, better yet auto forward decrypted e-mails that the executives send or receive to every reporter in the world. Do some real hacking, not network vandalism.
The only place where two wrongs make a right is boolean algebra
You hopefully are amng those who opposed bombing Afghanistan. Or invading Iraq.
Because carpet-bombing a country is wrong at a significantly more important level than defacing a web site that even naming both in one sentence (as I'm doing now) is not funny.
Personally, I don't give a rat's ass about HBGary's website. Much less than about one of those uncountable Afghan civilian lives. Heck, less than about one of those Afghan's shelter.
Good security is too inconvenient for the typical business person. Easy security is invariably bad security. "We want to work from home or the coffee shop and not have to remember stupid passwords!" Tough!
This is especially bad when this is supposed to be a cyber-security focused company! If I were in a decision-making position in the FBI, I would simply walk away from this company without another word. This company is clearly not up to the task of defending itself. How can they be trusted to do good research and deliver good information?
Why is it that when the government(s) refuse to listen to their people, the people get angry? Why is it that governments don't understand or appreciate that this is no small matter? And isn't it a terrible sign that when a people begin acting out against the government and parties involved that the government closes up even tighter refusing to hear anything at all? The result of this behavior is ALWAYS the same -- the angry people get even more angry and will push back even harder.
Wouldn't it be more responsible for the government to at least open up some talks before things get like this and worse? No... I know that won't happen. "We don't negotiate with terrorists!" Fine. Who WILL you negotiate? They wouldn't be "terrorists" if you didn't listen and respond!!
I read the article to see that this was true hacking, some twitter accounts were compromised, and people's personal data was found, such as address and cell phone info...I guess if someone wants to they can track anyone down, who has not already thought of hiding themselves, but I wonder how they would fair against someone who off the bat, thought against being found, and acted accordingly in their every scenarios....
In the end, the message was made evident...screw with us, you get burned....they are sending a message, at first was just enough to let them know that they supported assange, and wikileaks, but not enough to deal out true damage, now they have gone 1 step further and shown that they can compromise a security firm within minutes...and ruin people's identity and social standing within minutes...seriously, let's look at what is going on....we heard the message, and need to ponder, but the government acting out is just an act of defiance to accept their ....so US gov. please accept that you did some wrong, and should maybe pull back
accountability in this....and that only leads to more
From the article:
"The Twitter account of HBGary's CEO, Aaron Barr, was also compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised "in minutes.""
That's a pretty piss-poor honeypot if you're a security firm in the business of assuring clients that you have the technical ability to protect private data.
Which side are you talking about, exactly? The stuff done here was presumably a lot more traceable and punishable than a DDoS attack by thousands of angsty teenagers.
The DDoS was using that point-and-click "LOIC" tool that doesn't even attempt to conceal the user's IP Address; what about this attack makes it "a lot more traceable" than the simplest of script-kiddie tools?
Are you next going to tell us that black Americans invented the term 'motherfucker' and that all other cultures have translated and adopted it? (always as a nice short word, strangely)
That a prehistoric black scientist invented white people?
Black Muslims have an interesting mythology that says more about them then anything else.
Remember "the only way to deal with the devil is don't" and white people are the racists.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
These are the same guys who attacked EVERY Fox station's public Blogs because one independently owned station upset them. As usual they did not have their story straight. Some people just love to hate. Does not matter what it is. They just need to vent at something. Anonymous...meet new rope....Let the complaining begin!!!
“They didn’t just pick on any company, but we try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on.” -Greg Hoglund, co-founder HBGary Source: http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
...should've been using Windows Server.
Ohcrap. 4chan lusers with leet skillz?
We're doomed.
this Anonymous around slashdot for years?
no matter how good it is, it is human nature always wants to make things better
Well, like, that's just your opinion, man. I'm also confused as to where people got the idea that Anonymous is anything other than basically the political idea of Anarchy in practice came from. Or that at least a handful of them aren't Black Hat hackers. Or that removing a few kids is going to stop an opt in group where no one else knows you. Or that this was going to be effective. And because I'm unfamiliar with law, is what HBGary did illegal or what?
There is no -1 Disagree.
How can "anonymous" be a group?? People just say the act in the name of "anonymous" but they could say they act in the name of Holy Grail - it means nothing..
Maybe slashdot needs to change the name of the "not logged in user" because this is getting fucking ridicules. Anonymous is NOT a group. Anonymous is NOT a "movement". Anonymous is an idea that you can have privacy in today's world. Even fake privacy, like Anonymous Coward on slashdot.
People "acting in name of anonymous" or whatever is just retarded. There is no "anonymous" yet at almost all times we want to have that privacy - we all want all be anonymous. Anonymous is no one and it is everyone. How can people not understand something so simple???
You're too late, the word is already a proper noun in this context. Whether you agree with the semantics of the name or not, they are a group because they acted like a group against MasterCard, and they have claimed the protective cloak of anonymity. Lacking anything else to call them, yet needing a name in order to work with the phenomenon, they are now effectively a group called Anonymous. And that's happened regardless of how the individuals who fired the LOIC feel about the name.
It's just like a virus researcher calling a new worm Win32.Derp because he found the string "DERP" in the binary. People will create working names to refer to a thing. And several people acting in an organized or coordinated fashion is a thing we refer to as a group. The group who fired the LOIC at MasterCard did so beneath a screed that used the words "We are anonymous." It seems to me the rest of the people are perfectly justified in calling their group "Anonymous."
Your argument reads exactly like this: "But packers are a profession, they wrap meat in paper and cellophane! You can't call a football team Packers because they don't wrap meat in paper!" The fact that it's a word that you use to mean something else won't take away the new meaning.
John
Lets just score this:
Anonymous: No damage. No arrests, no lawsuits, no exposure of anyone that wasn't already in the open.
HBGary: Emails stolen. Websited pwnd. Crap security protocols exposed. Significant reputational damage. Corporate imaged tarnished (looking like fools will do that to you).
Summary: There IS such a thing as bad publicity.
Final Score:
Anonymous 5, HBGary, 0.
What matrix/grid/standard should be used to determine who was right and wrong? As the U.S. culture is becoming more relativistic. Anything goes. Morality is private. Obedience to laws (speeding, copywrite) is an option. There is no accountability to God and no virtue seen in obeying the rule of law.
Where there is no accountability to God and no objective standard for truth and morality, then any law can be disobeyed if someone decides it’s wrong or inconvenient. If the law is evil according to God’s revealed standard, it can be disobeyed with a clear conscience. If the law is not good public policy, it should be changed within our political and legal system. Othewise, God expects the laws to be obeyed. And he expects his commandments to be obeyed as well.
Otherwise, life becomes a free-for-all.
Cleartext rootkit.com passwords published at http://dazzlepod.com/rootkit/. Many passwords appear to be reused @ twitter, facebook, gmail, etc. Reminder to users to keep password unique to the site where it is used.
Hurray for Wikileaks! Hurray for Anonymous!
I can't wait to see them battle Bank of America! Go ahead and arrest 45 members of anonymous because there are thousands of us ready to take their place and if need be, become martyrs for the cause. Anonymous, thus far is the only successful weapon we have had against corporate kulture and their corporate vultures.
Who do you think the majority of (thinking) people are going to side with? The goons who caused the economic bubbles and stole their jobs and houses or the champions of truth who go after them?
Fuck anyone who disagrees with Anonymous and Wikileaks!
Think we need a well researched article on what percentage of U.S. tech work is not military or federal government related? After you pull out H1-B visas, just looking at the commercial tech jobs available to U.S. citizens. Not that I...'m against immigration but just to get an idea of the situation for U.S. citizen tech workers. Note that according to the "top secret America" Washington Post article there are 850,000 people with top secret security clearance, a large portion of the jobs that require a top secret clearance are related in intelligence collection technology or advanced weapons systems. Everything leaked by wikileaks so far has been classified as secret or lower, no top secret documents. Many of these government jobs have a 'don't ask, don't tell' policy on corruption.