Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacked By Anonymous, HBGary Pulls Out of RSA

Posted by CmdrTaco on from the why-can't-we-all-just-get-along dept.

itwbennett writes "HBGary Federal cancelled a talk the company's CEO Aaron Barr was planning to give at the BSides San Francisco conference on his investigation of WikiLeaks. 'I was receiving death threats,' Barr said in an interview Tuesday. 'There was lots of talk that was being made of in the Anonymous IRC channels of harassing us at our booth and sending people to heckle [HBGary speakers at the conference].' The company has also decided to pull its booth from the RSA Conference floor after it was vandalized on Sunday, said Jim Butterworth, HBGary's vice president of services. 'We... came back the next morning and it was very apparent that the group responsible for the activities in the news had decided to make another statement,' he said."

24 of 415 comments (clear)

  1. Anatomy of the Hack by eldavojohn · · Score: 5, Informative

    Ars has a really good summary of the attack that used really run-of-the-mill stuff from social engineering via e-mail to an SQL injection of HBGary's CMS using this URL: http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27

    --
    My work here is dung.
    1. Re:Anatomy of the Hack by cabjf · · Score: 5, Informative

      I liked this article better. Not very technical, but it does show what kind of person Aaron Barr really is. The greatest part is that he tried to play Anonymous just to drum up government business and seemed to think there would be no repercussions.

    2. Re:Anatomy of the Hack by amicusNYCL · · Score: 4, Insightful

      I'm going to go out on a limb and say that putting a "large paper poster" on their booth doesn't really count as "vandalism".

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    3. Re:Anatomy of the Hack by Azureflare · · Score: 5, Interesting

      Just read the article. Is this guy for real? He sounds like he stepped out of a webcomic about wannabe-hacker IRC lurkers.

      It's very frightening that someone could get 3 (potential?) innocents arrested with little to no evidence.

      I mean honestly, using badly thought out heuristics to analyze social networking data and guaranteeing "100% Success"? This guy obviously never attended a CS class.

      P.S. I am not condoning the actions of Anonymous in any way, this guy just seems like he could use some more schooling. (and he got some schooling in the great college of Real Life!)

    4. Re:Anatomy of the Hack by Black+Parrot · · Score: 4, Informative

      I liked this article better. Not very technical, but it does show what kind of person Aaron Barr really is. The greatest part is that he tried to play Anonymous just to drum up government business and seemed to think there would be no repercussions.

      He also got caught managing a dirty tricks campaign to smear Wikileaks and critics of the US Chamber of Commerce. He was disseminating personal information about the people he wanted smeared, but threw a crybaby fit when his name came out in connection with it.

      --
      Sheesh, evil *and* a jerk. -- Jade
  2. Vandalized? by sureshot007 · · Score: 5, Informative

    Vandalized booth = a sign that says "Anon...In it 4 The LuLz..." http://yfrog.com/gzbvtllj I was expecting the booth to have been burned to the ground or something.

    1. Re:Vandalized? by TaoPhoenix · · Score: 5, Insightful

      Nice tidbit.

      So a "security company" is afraid of a sign?

      I'd sooner place my bets they're in the Long Con to paint "Anonymous" (there can be only one, right?) as a Threat. Then everyone in power profits when draconian measures come along.

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    2. Re:Vandalized? by jovius · · Score: 4, Funny

      )

      Whew!

    3. Re:Vandalized? by Kuukai · · Score: 5, Informative

      HBGary is not in the business of preventing or withstanding attacks.

      From their website title:

      HBGary :: Detect. Diagnose. Respond.

      Anonymous intruded on their network for several days without being detected, eventually just plain revealing themselves. Here's a totally-real testimonial on their front page from the esteemed research organization "Research Organization":

      Greg Hoglund and the team at HBGary provide some of the most innovative products in cyberdefense. Our advantage in staying ahead of the evolving threat is HBGary's predictive knowledge of the entire malware culture and ecosystem. Their capability goes well beyond the usual, reactive response to individual exploits. We consider them one of our best partners.

      Also from their front page:

      HBGary, Inc., a leading provider of next-generation threat intelligence solutions for Fortune 500 and government organizations, announced Inoculator, a innovative, patent-pending enterprise agentless appliance solution designed to detect, remove, and, with its breakthrough Digital Antibody technology, PREVENT re-infection of known malware.

      Anyone who hires them after this incident is an idiot who likes bright lights and noise. Amazon, a book store, was totally secure against Anonymous' attacks. There's no excuse for a security firm not to be.

      --
      Sendou Wave Kick!!
    4. Re:Vandalized? by horza · · Score: 4, Insightful

      HBGary is not in the business of preventing or withstanding attacks. They're the guys who will investigate events after the fact, compiling nice piles of evidence to hand over to the FBI/police/whomever.

      Did you not read the leaked emails? All the slides about pre-emptive attacks, infiltration, planting of fraudulent documents, etc. Interesting use of the word 'nice' to try and paint HBGary as one of the 'good' guys instead of a company planning criminal acts.

      The sign on the booth is a threat. Note that "vandalized" was ITworld's chosen word. The message is clear: "Anonymous is here, and has the same utter lack of respect in real life as online." Given that there were many threats ranging from harassing the booth staff to heckling the speakers, and even up to death, the sign potentially serves as a last warning: Let Anonymous ravage whatever they want, or die.

      Ok now we know you are astro-turfing for a snake oil security company. Some kid drops a note on a stand with the standard Anon catch-phrase, known by all apart from yourself, and you try and hype up some massive imaginary drama. Pathetic.

      It makes sense for HBGary to step out of the line of fire, just in case somebody's crazy enough to act on those death threats. Death is not their business.

      Or maybe they've been busted, and have the decency to leave out of shame?

      I expect that the sign is being checked for fingerprints, the conference attendee list is being subpoenaed, and security cameras are being reviewed.

      Again the melo-drama. I am sure the whole attendee list is quaking.

      I'd also expect that HBGary will use this incident to paint Anonymous as a group of people who constitute a real threat

      Did you miss the Anon arrests that have already happened?

      They stalk and harass a target organization for as long as they're interested, with expenses and lost income costs rising daily.

      Do you even read Slashdot? Try doing a search for 'scientology'

      This dedication is as much a problem to Anonymous as to their targets, and HBGary is now playing a great game: they're trolling the trolls. With every public move HBGary makes, Anonymous is drawn into acting. That's another 4chan post, another analysis, another page in HBGary's final report on Anonymous, and another customer impressed by the company's thorough attention to detail.

      No, HBGary are screwed.

      Phillip.

      --
      Property for sale in Nice, France
  3. Re:That's War by Anonymous Coward · · Score: 5, Insightful

    It's an all-out war between the forces of good and evil that has never stopped and will never stop.

    Wait, is that part of the Green Lantern Corps creed or something from the Thundercats?

    I could take stuff like this more seriously if people didn't have such cartoonish perceptions of what "good" and "evil" actually mean, and stopped trying to pretend they are some sort of freedom fighters when all they are is vandals and bullies who get off on what they are doing

    If *real* fascists ever took control in this country, most of these people would shit themselves on a continuous basis before the secret police killed them, their families, their pets, burned down their houses and killed a few others standing around just to send a message.

  4. Right..... by fuzzyfuzzyfungus · · Score: 5, Interesting

    So, let's take a look at this:

    Option 1: Members or associates of a loose-knit group of hackers who are likely subjects of federal interest after illegally penetrating and utterly humiliating a private-sector spook shop decide that it would be a great idea to show up, in person, at an event with some amount of security likely to be in the vicinity, just to heckle somebody they have already pwned good and hard. They think that this is a good idea because showing up in crowded areas and making a disturbance is an excellent way to remain anonymous.

    Option 2: Aaron Barr and the rest of the losers at HBGary really don't want to show their faces at RSA, after having been ruthlessly punked by a bunch of amateurs; but decide to cry about "security threats" in an attempt to look less than totally pathetic.

    Y'know, I don't think that this is a terribly difficult decision...

  5. Re:That's War by fuzzyfuzzyfungus · · Score: 5, Insightful

    If *real* fascists ever took control in this country, most of these people would shit themselves on a continuous basis before the secret police killed them, their families, their pets, burned down their houses and killed a few others standing around just to send a message.

    Which is why attempting to foil incremental steps in that direction, before they reach fruition, is sort of a good idea, no?

  6. You can't beat the crowd by GoNINzo · · Score: 4, Insightful

    Anonymous is just the first of many future darknets that will be nearly impossible to destroy. You might take out a ringleader or two, but 4 others would stand up to take their place if they felt that it was unjust. And in the end, it's death by a thousand harmless cuts, or in this case, 1,000 users that don't like something running the their Ion cannons under central control. In this case, this dude is using social networking like facebook to figure out who are hackers. I doubt they have many connections to other hackers on facebook or twitter. It's most likely random unrelated acquaintances, so I think the guy's research is flawed anyway.

    The best example of what one of these organized systems could do is a story by Bruce Sterling called Maneki Neko. It is what happens when people get organized but maintain some level of anonymity. We are not to this level yet, but I suspect it right around the corner. It will do strictly good at first, but eventually it will ruin someone's life. Just as Anonymous has ruined some people's lives, they've done a little good for some, like a great birthday. It doesn't justify the destruction, but it's bored kids on the internet, so what are you going to do?

    The news media will make a big deal about future 'attacks', but some will be harmless kids having fun. But if you start to push that everyone involved in these groups must be destroyed, those people who are marginally involved will suddenly get VERY involved in your destruction. So be careful.

    --
    Gonzo Granzeau
    "Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
  7. Re:Death threats and vandalism = NOT okay by GameboyRMH · · Score: 4, Informative

    This doesn't look like destruction of property:

    http://yfrog.com/gzbvtllj

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  8. Re:That's War by spun · · Score: 4, Insightful

    If *real* fascists ever took control in this country, most of these people would shit themselves on a continuous basis before the secret police killed them, their families, their pets, burned down their houses and killed a few others standing around just to send a message.

    Which is why attempting to foil incremental steps in that direction, before they reach fruition, is sort of a good idea, no?

    Yes, but there is the whole "boy who cried wolf" aspect to constantly calling everything you don't like "fascism." Not everything presages the immanent collapse of American civilization. And the AC has a good point about people's cartoonish perception of good and evil.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  9. No, still not getting it by SmallFurryCreature · · Score: 4, Insightful

    You are still in Fox mode, trying to see the conspiracy behind events because your mind cannot grasp that shit just happens.

    Anonymous has no organization, it cannot by its very nature. Some people who HAVE grouped together have used the name for themselves BUT by that they have seized to become Anonymous.

    Is it really that hard to grasp? Just because you know the identity of ONE A. Nonymous author doesn't mean that every other book written under that name is linked to it in anyway. Anonymous, the concept to give a mystic to the random actions of people that sometimes seem to work together and groups calling themselves anonymous are NOT the same thing.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

    1. Re:No, still not getting it by ElectricTurtle · · Score: 4, Insightful

      It does matter, because if you kill/capture "people calling themselves Anonymous" and the attacks don't stop because somebody completely new/different steps in to do the same things, you're creating martyrs that create more Anons. Anonymous is a headless horseman. You can't cut off its head because it doesn't have one.

      --
      I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
    2. Re:No, still not getting it by ElectricTurtle · · Score: 4, Insightful

      Several have been imprisoned already. How much momentum has been lost? How much more momentum has been potentially gained by those acts fostering a vengeful sentiment? Unknowable, but it certainly hasn't stopped anything, that's for damn sure.

      --
      I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
  10. Re:Irony of Anonymous' position by TexVex · · Score: 4, Insightful

    It's not ironic or hypocritical at all!

    When you are in a position of authority over other people, you must be held to a higher standard. With your greater authority comes greater responsibility. Responsibility requires transparency. Therefore, the more power you have, the less secrecy you should be allowed to have, because secrecy allows you to abuse your power.

    All of the above applies to groups as well as individuals. Churches and their clergy, goverments and their bureaucrats, corporations and their executives, military and their officers, ALL have great power over people and therefore must be held accountable for their use of that power. However, private individuals who do not exercise power over others should have no requirement for higher transparency. If you aren't in a position to harm others, any exposition of your private affairs won't do anything to help anyone else. It can only be used to harm you, and is an abuse of power. Therefore, you in fact should have a right to privacy.

    Consider the issue of gun ownership. If you choose to own a gun, you are taking some power. With that power comes responsibility. That gun's characteristics should be on file with law enforcement, so they can potentially match crime scene bullets fired from your gun. Make sense? More power = more transparency.

    --
    Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
  11. Re:That's War by uniquename72 · · Score: 5, Funny

    The CIA doesn't operate inside the USA...

    Hahahahaha!!!!

  12. military-industrial-security complex snake oil by Thud457 · · Score: 5, Informative

    Apparently, with today's abysmal science (or even critical thinking) teaching, it's quite common to sell magic beans to teh gubbemint.
    Why should the cybersecurity market be any different?
    http://en.wikipedia.org/wiki/ADE_651
    http://en.wikipedia.org/wiki/GT200
    http://en.wikipedia.org/wiki/Quadro_Tracker
    http://en.wikipedia.org/wiki/Sniffex
    http://en.wikipedia.org/wiki/Alpha_6

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  13. Re:Government fraud by AlamedaStone · · Score: 5, Insightful

    Why is this ridiculous sort of mob justice tolerated ? We've all been in the playground, we've all seen mob justice in action, and we all know what WILL happen. So why do these people get any support whatsoever ?

    Are we truly such hypocrites ? Insist on rights, when it's about us ... And then demand and defend swift illegal and criminal action against anyone we don't like ? Is that what is meant by "internet protest" ? Because if it is, frankly, it must be squashed with any amount of violence necessary.

    I can't say I'd participate, but I can certainly understand the frustration of seeing an incompetent government security firm in action. Think about the last 12 years for more than a second, and the word 'security'... well, a shiver runs down my spine. The *immediate* surrender of the country's principles and well-being following the bombings in 2001 while dissenters are booed from the spotlight and ostracized. All the things done in the name of security that made us less secure, all (all!) of the money spent on endless, fruitless military operations and grandma groping. Like many /.ers it troubles me deeply, and I see the country breathe a cheeto-stench sigh of disinterest while all but a handful of legislators jerk off on their bases while doing nothing to manage the cancerous meme of security uber alles, all out of cowardice and greed.

    Maybe some people think mob justice is the closest they'll ever get to the real thing.

    Huh. Guess I'm a little more pissed off than I thought... I'm going to go get some coff... eh, decaf.

    --
    "All these years believing you're the signified monkey, only to find out you're just a big hunk of nobody cares."
  14. Re:Government fraud by Zeinfeld · · Score: 4, Informative
    They are self confessed liars. So why accept the claims of vandalism at face value?

    I am at RSA, I was part of a long conversation with Art Coviello last night and he did not mention it. It his his confernce and it is a security conference. If the ckaim was true and had been reported i would have expected it to be mentined.

    I think it rather more likely that they did not have the courage to show their faces.

    They have been punked for a start. That is an embarrassment. But what would make them pariahs was the proposal to engage in criminal attacks and political misinformation. Many of us are ex law enforcement or ex intelligence. Others work closely with them. You cant do that if you are committing criminal acts yourself.

    If i thought there was a chance he might show his face i would have gone to his session earlier. But that was never likely.

    Last year he was talking about hacking online games and club penguin.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/