Slashdot Mirror

← Back to Stories (view on slashdot.org)

HBGary Hack In Depth

Posted by timothy on from the injectification-nation dept.

Udo Schmitz writes "Heise's UK site has the English translation of an article from the latest issue of their magazine c't about Anonymous's HBGary hack. It shows that there was much more involved than just social engineering to get passwords, and how anonymous evolved following OpTunisia and OpEgypt."

18 of 65 comments (clear)

  1. Lots of Security Holes by WrongSizeGlass · · Score: 4, Funny

    HBGary's systems were just riddled with security holes. From URL parameters that weren't scrubbed to straight MD5 password hashing to using the same password for several (and possibly many) accounts on different systems (servers, email, Twitter, LinkedIn, etc). I'm sure glad something as important as our government didn't use their security services. Oh, wait ... D'oh!

    1. Re:Lots of Security Holes by Anonymous Coward · · Score: 2, Insightful

      Interestingly, HBGary Federal never won any actual government contracts.

    2. Re:Lots of Security Holes by cpscotti · · Score: 3, Insightful

      Out of curiosity, who says? I really doubt that if there where any contracts, they would be left unclassified.



      Duhh..... Well, I think all the data Anonymous "de-"classified would contain any hint to that if that was the case!
      We're not talking about all the things they "left unclassified" here; someone force-declassified everything!
  2. Well that was a load of crap by AmonTheMetalhead · · Score: 5, Insightful

    Check out Ars Technica's coverage, much much better

    1. Re:Well that was a load of crap by RafaelAngel · · Score: 2

      link?

    2. Re:Well that was a load of crap by RenHoek · · Score: 4, Informative

      It's here, in the Slashdot story that was already posted about 3 weeks ago:
      http://it.slashdot.org/story/11/02/17/0041208/Anatomy-of-the-HBGary-Hack

    3. Re:Well that was a load of crap by Udo+Schmitz · · Score: 3, Informative

      It's here, in the Slashdot story that was already posted about 3 weeks ago:
      http://it.slashdot.org/story/11/02/17/0041208/Anatomy-of-the-HBGary-Hack

      I missed that. Well ... what would /. be without dupes ...

      Another one:

      http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars

    4. Re:Well that was a load of crap by Carewolf · · Score: 3, Insightful

      Isn't this essential the Ars Technica's article translated to german, and then translated back to english?

    5. Re:Well that was a load of crap by AmonTheMetalhead · · Score: 2

      That would explain the odd writing i guess

    6. Re:Well that was a load of crap by Jaqi · · Score: 2

      Here's the link: http://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars

  3. New villain by proverbialcow · · Score: 3, Funny

    Why do I get the feeling HBGary is just filling the void left by SCO as Slashdot's "villain to post about in the absence of real news"?

    --
    The only surefire protection against Microsoft infections is abstinence. - The Onion
  4. We Can All Be Anonymous by Anonymous Coward · · Score: 3, Interesting

    We can all be anonymous. It helps to really know what you're doing, it helps to have no "skeletons" in the closet, it helps to have some passion about what's happening in the world and to want to do something about it. Who's in control? Does that matter? We all can be anonymous.

    ---Jack O

    1. Re:We Can All Be Anonymous by Anonymous Coward · · Score: 5, Funny

      The first step of being anonymous would be to not sign your name at the end of a post...

  5. Re:Anonymous by Anonymous Coward · · Score: 5, Insightful

    They're not a Hydra, which is a monolithic monster with no single termination point and self-repair to incremental attacks.

    They're a stand-alone complex, which is not even a single entity to begin with.

    Which makes them even harder to kill, and, to established powers they oppose, even more fearsome. (OTOH, to the extent they can be developed and manipulated to suit one's ends, they're a most powerful weapon. You can bet the shadowier sides of governments have any number of would-be Kazundo Gouda types analyzing the phenomenon.)

  6. What a waste of time by Anonymous Coward · · Score: 5, Interesting

    Don't bother reading this article, it's horribly written and not particularly correct. They make it sound like HBGary Federal was some giant security company when in reality is was a small-time 4 person company. Oh my god you broke into a 4 person company's email and the idiot manager's twitter account!

    So tired of seeing this "hack" replayed on Slashdot.

    1. Re:What a waste of time by Runaway1956 · · Score: 5, Informative

      Actually, you overplay your attempt to downplay HBGary Federal. While they never actually won any government contracts, they did have credibility with the US government, they did have access to a lot of "insider" stuff, and they were in negotiations with other contractors to provide some rather big-time stuff. They enjoyed the backing of their parent company, a major figure in the corporate world.

      Note that I do NOT claim that thier credibility was justified, nor do I claim that their wares were anything more than vaporware - but they were much, much more than some upstart company operating on less than a shoestring in someone's garage with only 4 employees.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    2. Re:What a waste of time by Anonymous Coward · · Score: 2, Interesting

      Greg Hoglund is quite a major figure, after his work on rootkit.com and lectures at Blackhat Briefings.

  7. Re:Coons by Anonymous Coward · · Score: 3, Funny

    "Why do you feel that Python is so bad? What do you find wrong with it?"