Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacked By Anonymous, HBGary Pulls Out of RSA

Posted by CmdrTaco on from the why-can't-we-all-just-get-along dept.

itwbennett writes "HBGary Federal cancelled a talk the company's CEO Aaron Barr was planning to give at the BSides San Francisco conference on his investigation of WikiLeaks. 'I was receiving death threats,' Barr said in an interview Tuesday. 'There was lots of talk that was being made of in the Anonymous IRC channels of harassing us at our booth and sending people to heckle [HBGary speakers at the conference].' The company has also decided to pull its booth from the RSA Conference floor after it was vandalized on Sunday, said Jim Butterworth, HBGary's vice president of services. 'We... came back the next morning and it was very apparent that the group responsible for the activities in the news had decided to make another statement,' he said."

12 of 415 comments (clear)

  1. Anatomy of the Hack by eldavojohn · · Score: 5, Informative

    Ars has a really good summary of the attack that used really run-of-the-mill stuff from social engineering via e-mail to an SQL injection of HBGary's CMS using this URL: http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27

    --
    My work here is dung.
    1. Re:Anatomy of the Hack by cabjf · · Score: 5, Informative

      I liked this article better. Not very technical, but it does show what kind of person Aaron Barr really is. The greatest part is that he tried to play Anonymous just to drum up government business and seemed to think there would be no repercussions.

    2. Re:Anatomy of the Hack by Azureflare · · Score: 5, Interesting

      Just read the article. Is this guy for real? He sounds like he stepped out of a webcomic about wannabe-hacker IRC lurkers.

      It's very frightening that someone could get 3 (potential?) innocents arrested with little to no evidence.

      I mean honestly, using badly thought out heuristics to analyze social networking data and guaranteeing "100% Success"? This guy obviously never attended a CS class.

      P.S. I am not condoning the actions of Anonymous in any way, this guy just seems like he could use some more schooling. (and he got some schooling in the great college of Real Life!)

  2. Vandalized? by sureshot007 · · Score: 5, Informative

    Vandalized booth = a sign that says "Anon...In it 4 The LuLz..." http://yfrog.com/gzbvtllj I was expecting the booth to have been burned to the ground or something.

    1. Re:Vandalized? by TaoPhoenix · · Score: 5, Insightful

      Nice tidbit.

      So a "security company" is afraid of a sign?

      I'd sooner place my bets they're in the Long Con to paint "Anonymous" (there can be only one, right?) as a Threat. Then everyone in power profits when draconian measures come along.

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    2. Re:Vandalized? by Kuukai · · Score: 5, Informative

      HBGary is not in the business of preventing or withstanding attacks.

      From their website title:

      HBGary :: Detect. Diagnose. Respond.

      Anonymous intruded on their network for several days without being detected, eventually just plain revealing themselves. Here's a totally-real testimonial on their front page from the esteemed research organization "Research Organization":

      Greg Hoglund and the team at HBGary provide some of the most innovative products in cyberdefense. Our advantage in staying ahead of the evolving threat is HBGary's predictive knowledge of the entire malware culture and ecosystem. Their capability goes well beyond the usual, reactive response to individual exploits. We consider them one of our best partners.

      Also from their front page:

      HBGary, Inc., a leading provider of next-generation threat intelligence solutions for Fortune 500 and government organizations, announced Inoculator, a innovative, patent-pending enterprise agentless appliance solution designed to detect, remove, and, with its breakthrough Digital Antibody technology, PREVENT re-infection of known malware.

      Anyone who hires them after this incident is an idiot who likes bright lights and noise. Amazon, a book store, was totally secure against Anonymous' attacks. There's no excuse for a security firm not to be.

      --
      Sendou Wave Kick!!
  3. Re:That's War by Anonymous Coward · · Score: 5, Insightful

    It's an all-out war between the forces of good and evil that has never stopped and will never stop.

    Wait, is that part of the Green Lantern Corps creed or something from the Thundercats?

    I could take stuff like this more seriously if people didn't have such cartoonish perceptions of what "good" and "evil" actually mean, and stopped trying to pretend they are some sort of freedom fighters when all they are is vandals and bullies who get off on what they are doing

    If *real* fascists ever took control in this country, most of these people would shit themselves on a continuous basis before the secret police killed them, their families, their pets, burned down their houses and killed a few others standing around just to send a message.

  4. Right..... by fuzzyfuzzyfungus · · Score: 5, Interesting

    So, let's take a look at this:

    Option 1: Members or associates of a loose-knit group of hackers who are likely subjects of federal interest after illegally penetrating and utterly humiliating a private-sector spook shop decide that it would be a great idea to show up, in person, at an event with some amount of security likely to be in the vicinity, just to heckle somebody they have already pwned good and hard. They think that this is a good idea because showing up in crowded areas and making a disturbance is an excellent way to remain anonymous.

    Option 2: Aaron Barr and the rest of the losers at HBGary really don't want to show their faces at RSA, after having been ruthlessly punked by a bunch of amateurs; but decide to cry about "security threats" in an attempt to look less than totally pathetic.

    Y'know, I don't think that this is a terribly difficult decision...

  5. Re:That's War by fuzzyfuzzyfungus · · Score: 5, Insightful

    If *real* fascists ever took control in this country, most of these people would shit themselves on a continuous basis before the secret police killed them, their families, their pets, burned down their houses and killed a few others standing around just to send a message.

    Which is why attempting to foil incremental steps in that direction, before they reach fruition, is sort of a good idea, no?

  6. Re:That's War by uniquename72 · · Score: 5, Funny

    The CIA doesn't operate inside the USA...

    Hahahahaha!!!!

  7. military-industrial-security complex snake oil by Thud457 · · Score: 5, Informative

    Apparently, with today's abysmal science (or even critical thinking) teaching, it's quite common to sell magic beans to teh gubbemint.
    Why should the cybersecurity market be any different?
    http://en.wikipedia.org/wiki/ADE_651
    http://en.wikipedia.org/wiki/GT200
    http://en.wikipedia.org/wiki/Quadro_Tracker
    http://en.wikipedia.org/wiki/Sniffex
    http://en.wikipedia.org/wiki/Alpha_6

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  8. Re:Government fraud by AlamedaStone · · Score: 5, Insightful

    Why is this ridiculous sort of mob justice tolerated ? We've all been in the playground, we've all seen mob justice in action, and we all know what WILL happen. So why do these people get any support whatsoever ?

    Are we truly such hypocrites ? Insist on rights, when it's about us ... And then demand and defend swift illegal and criminal action against anyone we don't like ? Is that what is meant by "internet protest" ? Because if it is, frankly, it must be squashed with any amount of violence necessary.

    I can't say I'd participate, but I can certainly understand the frustration of seeing an incompetent government security firm in action. Think about the last 12 years for more than a second, and the word 'security'... well, a shiver runs down my spine. The *immediate* surrender of the country's principles and well-being following the bombings in 2001 while dissenters are booed from the spotlight and ostracized. All the things done in the name of security that made us less secure, all (all!) of the money spent on endless, fruitless military operations and grandma groping. Like many /.ers it troubles me deeply, and I see the country breathe a cheeto-stench sigh of disinterest while all but a handful of legislators jerk off on their bases while doing nothing to manage the cancerous meme of security uber alles, all out of cowardice and greed.

    Maybe some people think mob justice is the closest they'll ever get to the real thing.

    Huh. Guess I'm a little more pissed off than I thought... I'm going to go get some coff... eh, decaf.

    --
    "All these years believing you're the signified monkey, only to find out you're just a big hunk of nobody cares."