Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacked By Anonymous, HBGary Pulls Out of RSA

Posted by CmdrTaco on from the why-can't-we-all-just-get-along dept.

itwbennett writes "HBGary Federal cancelled a talk the company's CEO Aaron Barr was planning to give at the BSides San Francisco conference on his investigation of WikiLeaks. 'I was receiving death threats,' Barr said in an interview Tuesday. 'There was lots of talk that was being made of in the Anonymous IRC channels of harassing us at our booth and sending people to heckle [HBGary speakers at the conference].' The company has also decided to pull its booth from the RSA Conference floor after it was vandalized on Sunday, said Jim Butterworth, HBGary's vice president of services. 'We... came back the next morning and it was very apparent that the group responsible for the activities in the news had decided to make another statement,' he said."

5 of 415 comments (clear)

  1. Anatomy of the Hack by eldavojohn · · Score: 5, Informative

    Ars has a really good summary of the attack that used really run-of-the-mill stuff from social engineering via e-mail to an SQL injection of HBGary's CMS using this URL: http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27

    --
    My work here is dung.
    1. Re:Anatomy of the Hack by cabjf · · Score: 5, Informative

      I liked this article better. Not very technical, but it does show what kind of person Aaron Barr really is. The greatest part is that he tried to play Anonymous just to drum up government business and seemed to think there would be no repercussions.

  2. Vandalized? by sureshot007 · · Score: 5, Informative

    Vandalized booth = a sign that says "Anon...In it 4 The LuLz..." http://yfrog.com/gzbvtllj I was expecting the booth to have been burned to the ground or something.

    1. Re:Vandalized? by Kuukai · · Score: 5, Informative

      HBGary is not in the business of preventing or withstanding attacks.

      From their website title:

      HBGary :: Detect. Diagnose. Respond.

      Anonymous intruded on their network for several days without being detected, eventually just plain revealing themselves. Here's a totally-real testimonial on their front page from the esteemed research organization "Research Organization":

      Greg Hoglund and the team at HBGary provide some of the most innovative products in cyberdefense. Our advantage in staying ahead of the evolving threat is HBGary's predictive knowledge of the entire malware culture and ecosystem. Their capability goes well beyond the usual, reactive response to individual exploits. We consider them one of our best partners.

      Also from their front page:

      HBGary, Inc., a leading provider of next-generation threat intelligence solutions for Fortune 500 and government organizations, announced Inoculator, a innovative, patent-pending enterprise agentless appliance solution designed to detect, remove, and, with its breakthrough Digital Antibody technology, PREVENT re-infection of known malware.

      Anyone who hires them after this incident is an idiot who likes bright lights and noise. Amazon, a book store, was totally secure against Anonymous' attacks. There's no excuse for a security firm not to be.

      --
      Sendou Wave Kick!!
  3. military-industrial-security complex snake oil by Thud457 · · Score: 5, Informative

    Apparently, with today's abysmal science (or even critical thinking) teaching, it's quite common to sell magic beans to teh gubbemint.
    Why should the cybersecurity market be any different?
    http://en.wikipedia.org/wiki/ADE_651
    http://en.wikipedia.org/wiki/GT200
    http://en.wikipedia.org/wiki/Quadro_Tracker
    http://en.wikipedia.org/wiki/Sniffex
    http://en.wikipedia.org/wiki/Alpha_6

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff