Slashdot Mirror

← Back to Stories (view on slashdot.org)

HBGary Federal Hacked By Anonymous

Posted by CmdrTaco on from the are-you-anonymous dept.

An anonymous reader writes "As the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership. HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing. Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills."

22 of 377 comments (clear)

  1. hack by Anonymous Coward · · Score: 4, Insightful

    And by true hacking, we mean true cracking.

    1. Re:hack by 93+Escort+Wagon · · Score: 5, Insightful

      And by true hacking, we mean true cracking.

      Languages are fluid, and you can't prevent it from happening. You've already lost this battle.

      --
      #DeleteChrome
    2. Re:hack by Myopic · · Score: 4, Insightful

      Agreed. In fact, this battle was lost before it began. The world had settled on the word "hacker" before the word "cracker" was invented. Plus, "cracker" is a racial slur. There's even a damn movie called "Hackers". It's long since time to let it go.

    3. Re:hack by haderytn · · Score: 4, Funny

      We should call them...blackhats.

  2. Sigh by hirvonen · · Score: 5, Insightful

    Ought to have been better prepared if you go kicking a nest full of hornets...

    1. Re:Sigh by Spad · · Score: 4, Funny

      Unlikely, these guys were probably behind 7 proxies.

    2. Re:Sigh by man_of_mr_e · · Score: 4, Interesting

      Even worse, this may have been a honeypot, meant to attract more anonymous actions to gain more evidence to put them away for longer terms.

      Those guys don't even think.

      --
      If you need web hosting, you could do worse than here
    3. Re:Sigh by BitZtream · · Score: 4, Interesting

      Idiot.

      They are completely prepared.

      'Anonymous' just walked into an ambush.

      These guys have been watching whats going on, following what they've been doing, and are working with the FBI ... do you really think no one thought in advanced 'hey, when we piss them off, they'll come after us too!'

      No ... they thought of it in advanced and said 'perfect, now lets set it up so we can have it setup in a perfect way for us to gleen the absolute most information in the process.

      Anyone stupid enough to do this isn't a major player anyway, or won't be for long. They basically just started a war with the cops, the only thing you can do to piss off a cop more than embarrassing them is killing one of them. So now they've changed it from being an annoying bunch of twits who don't really do any damage and no one is going to invest any serious effort into finding ... into a matter of personal pride for every person working on it. They also have the advantage of funding and not having to cower in mommies basement.

      This just shows the ignorance 'anonymous' has ...

      If you'd have payed attention in school you'd know mob justice isn't a good idea, perfect example here.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  3. Security is for Other people! by Herkum01 · · Score: 5, Insightful

    From the article,

    HBGary was victimized by a combination of social engineering and a shared password between systems

    Evidently, being a security firm means not having to following good security practices.

    1. Re:Security is for Other people! by Piata · · Score: 4, Interesting

      I work for a telecom dealer that specializes in fulfilling corporate needs. All corporate sales are done through our website. A few of our clients are security companies. One of them (which will go unnamed) has a key purchaser who is completely computer illiterate. When trying to troubleshoot her difficulties using our website, I asked what browser she was using. She replied "Office 2003".

      After patiently instructing her on how to determine her browser and version number, it turned out she was using IE6. That was about 2 years ago. They still use IE6 to this day and have no intentions of switching off of it. Having dealt with a large variety of companies over the years, I think security firms are the most technically inept and the most likely to completely disregard online security.

  4. Re:Well, that'll be helpful by Rakshasa+Taisab · · Score: 4, Insightful

    Yeah, they should have been doing renditions to Egypt of those responsible, like grown-ups do.

    --
    - These characters were randomly selected.
  5. Ambivlance by DoofusOfDeath · · Score: 4, Insightful

    It's hard to know how to feel about someone waging war against your own society.

    Anonymous is fighting partially on behalf of Wikileaks. Wikileaks' recent releases put some sunlight on goverment/industry malfeasance, but also pointlessly harmed some diplomatic efforts by publishing unflattering personal opinions about people the US probably needs to get along with.

    And the company Anonymous is going after probably helps stop real security threats that most of us would agree merit stopping; not just Cablegate-related stuff.

    What a tangled mess of virtue and vice.

    1. Re:Ambivlance by kyz · · Score: 5, Informative

      And the company Anonymous is going after probably helps stop real security threats that most of us would agree merit stopping; not just Cablegate-related stuff.

      To help you out: HBGary is still running. HBGary Federal is a new spin-off company started in December 2009 to try and sell "cybersecurity" products to the Feds.

      If they were cybersecurity experts, ones that were worth paying for with your tax dollars, then Anonymous would not have been able to pwn their website, twitter accounts, email, ....

      According to some of those recently pwned emails, the spokesperson Aaron Barr admitted to his own staff that he was deliberately provoking Anonymous, because he knew that the press was interested in anything to do with Anonymous and they'd get good publicity and possibly sales.

      The money quote from Aaron's company email: But it's not about them... it's about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic to speak because they are on Al Jazeera, ABC, CNN, etc. I am going to keep up the debate because I think it's good business, but I will be smart about my public responses.

      Does that help you swing one way or the other?

      --
      Does my bum look big in this?
    2. Re:Ambivlance by fuzzyfuzzyfungus · · Score: 4, Insightful

      You really have to define "your own society" in clear terms to work this little moral conundrum out...

      Wikileaks, and their anonymous friends, are definitely attacking the secrecy of certain state and corporate entities that exist on American soil and/or are paid for with US taxpayer funds. Is that enough to make them "our own society"? Or does the fact that a clandestine morass of opaque state functionaries, often quite a few levels removed from anything resembling a "representative" is dubiously in line with a democratic republic make them a sort of cancerous outgrowth of "our own society"?

      I'm not playing the "Well, man, it's like, all relative; because one person's hero is another's terrorist, man." card. These are real questions that, arguably, have cogent answers(albeit ones reliant on certain axiomatic assumptions that the answerer brings to the table).

      Societies constantly attack themselves in order to survive: the police spend basically all their time hunting down and hauling in for trial citizens and residents whose behavior is considered to have put them against society rather than in it. Politicians constantly attack one anothers' programmes, in a process intended to produce the best or most representative outcome. Assorted NGOs and individuals constantly bring suits against one another and the state trying to redress various perceived wrongs. As with a complex multicellular organism, where killing abberant cells before they metastasize and kill you is as important a job as killing external pathogens before they kill you, the maintenance of a complex society is a constant process of defense from external enemies and(particularly for a militarily strong and geographically lucky country like the US) culling internal enemies and dangerous trends.

      Unless we define "our society" more or less tautologically as "whatever society we are participating in at the moment"; it is the case that there is an ideal "our society" and an actual "the society we are doing". When the two differ too much, "our society" becomes a dead letter, used primarily for propaganda purposes by "the society we are doing". Fighting against that trend, which frequently means attacking, sometimes in accordance with the rules of "the society we are doing"(as with constitutional challenge court cases), sometimes against those rules(leaks, hacks, etc.) "the society we are doing", is a necessary part of staying reasonably in line with "our society".

      It is a matter of legitimate debate whether or not Wikileaks is attacking "our society" or "the society we are actually doing", and how different those two are; but it is not a matter of trivial debate.

  6. Re:clever! by Anonymous Coward · · Score: 5, Insightful

    So, Americans decide to peacefully toss a few sacks of tea into Boston harbor and get the entire harbor shutdown.. so they counter with even more illegal activity and a revolution that will get them even further into the shit

    great plan numbnuts

    Point being... if everyone on Earth was afraid to break a few laws, we'd still be under the rule of British monarchs. Thank god some people don't tuck tail and run whenever Big Brother stares in their direction.

  7. The moral of the story... by Assmasher · · Score: 4, Insightful

    ...don't jump into the deep end if you don't know how to swim.

    --
    Loading...
  8. Re:Line between Civil Disobedience. . . by Rakshasa+Taisab · · Score: 4, Insightful

    The myth of 'Civil Disobedience is all about getting caught' is spread by those who don't like the goals of today's civil disobedience, only those of yesterday.

    Seriously, imprisonment is how you _FIGHT_ civil disobedience, and you're a moron for thinking that's somehow how you go about succeeding in changing anything.

    --
    - These characters were randomly selected.
  9. Misleading summary as always by SignalFreq · · Score: 4, Informative

    source article

    There was no FBI involved in this. It was some random company's attempt at PR (I'm sure they regret it now). The original article even says that the information would not be useful to police and that they planned to give it away at a conference in San Fransisco next week.

    Not exactly "cooperation with an FBI investigation"

    Seriously Slashdot... when are you going to hire editors who actually verify submissions before letting them onto the front page. No better than the national enquirer...

  10. Re:Line between Civil Disobedience. . . by fuzzyfuzzyfungus · · Score: 5, Insightful

    I suspect that neither Wikileaks nor Anonymous are interested in engaging in "Civil disobedience".

    In the case of Wikileaks, they aren't "Civily disobedient"; because they don't actually tend to break laws. They do obviously have some contact with people who do; but their operations(while deeply unpopular) are not illegal.

    Anonymous, on the other hand, is perfectly happy to do illegal things; but doesn't seem to see the point in getting punished in an effort to maintain the moral high ground. They are(aside from the ones who are in it purely for amusement), essentially engaging in the logic of retributive or revolutionary violence, albeit in bloodless and electronic forms. Irregular resistance fighters have no interest in being caught to "generate sympathy", they have an interest in inflicting damage on strategic targets, obtaining intelligence, discrediting their enemies, and then getting away(so do criminals, of course. The classification depends on the percieved legitimacy of their actions).

    As you say, these guys are definitely not in the same class as the followers of Ghandi or MLK. This appears to be by design. Wikileaks, by all appearances, is interested in maintaining a legal operation to lower the cost of whistle-blowing in situations where that could open one to heavy retribution. Anonymous, while too nebulous to have a single agenda, consists of a sort of core that has embraced the logic of violent(but bloodless) direct action, along with a cloud of recreational me-toos who participate in some of the more trivial ops.

    Whether you think that this is good, bad, or just a matter of style is a different question; but it would appear that they are not aiming at "Civil disobedience"(having judged it as either too personally costly, too ineffective, or perhaps both)...

  11. Re:clever! by Anonymous Coward · · Score: 4, Insightful

    If it's a label, not an entity, then how can it have "members"?

    I don't know why people act as if "Anonymous" is a new thing. It's not. It's just a present-day version of something ancient - the lynch mob. The mob doesn't think, the mob doesn't consider, the mob just destroys. The mob is the barbarian horde burning down civilisation.

    For a historical example of an earlier "Anonymous", think about the KKK. Just why did they wear those white hoods? The answer is easy. They did it to be "Anonymous", because if you are "Anonymous", you are released from the obligation to be a civilised human. You do what you like without consequence, so why not lynch a few negroes before they get uppity?

    As XKCD says, "Anonymity + Audience = Asshole". Now, that's "Anonymous".

  12. Why bother with proxys by Doodlesmcpooh · · Score: 4, Informative

    If the hackers were UK based then they just have to buy a wireless dongle. You just lie about the information on the registration screen and away you go untraceable. Granted they will be able to triangulate the signal but its easy enough to drive somewhere quiet with a laptop and do it. Failing that they could just hack some poor old ladys wireless and use that. Both of these options are simple to do and less hassle than proxys.

  13. Re:Well, that'll be helpful by copponex · · Score: 4, Insightful

    Defacing a website and causing data loss is the same thing as torturing someone to death, or subverting democracy to keep an autocratic regime in power? That's news to anyone with an elementary understanding of ethics.