Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aaron Barr Talks About DEFCON, Anonymous Attacks

Posted by CmdrTaco on from the between-the-barrs dept.

Trailrunner7 writes "Finding Aaron Barr at this year's DEFCON hacker conference in Las Vegas was like a giant game of 'Where's Waldo.' Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a 'teaching moment' for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his own counsel. But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits."

47 of 77 comments (clear)

  1. Fuck Aaron Barr by WrongSizeGlass · · Score: 1, Flamebait

    It reads like they emailed him the questions and he replied in writing. Fuck him. I hope you're proud of what you put your family through just so you could try to thump your chest a little bit. Pride goeth before destruction, and a haughty spirit before a fall. Reap what you sow you lying asshat.

    1. Re:Fuck Aaron Barr by fuzzyfuzzyfungus · · Score: 4, Insightful

      It's worse than that, honestly. If he were just a chest-thumping internet blowhard, that would just put him among the untold millions of gratingly defective personalities infesting the internet. No big deal.

      However, for all his pleasant protests to the contrary "Oh, look at me, I'm against Wal-mart and the Iraq war!", he is basically the smiley face standing in front of a bunch of unsavory characters(HB Gary's work on rootkits, for instance, was not exactly "defensive" in nature...)

      Choice little bits like "Good threat intelligence requires comprehensive real-time collection and analysis on all threats, and in a constantly connected, social media-dominated world, this appears to some as an encroachment by governments or companies on privacy in the name of security. In my opinion, well-intentioned efforts run afoul of some civil libertarians and privacy advocates because of the perception of encroachment. But with mediums like social networking Web sites, which enable easy manipulation of identity, it is getting difficult to separate the actual threats from the bystanders." certainly do sound all nice and 'nuanced'; but are basically a polite re-statement of the justification for the too-creepy-even-for-congress Total Information Awareness stuff.

      In a slightly different vein, his "The need for anonymity for in the latter case is critical to protect whistleblowers or dissidents. In the case of the former - online protests - I believe anonymity and the lack of personal accountability is absolutely corrupting what I think are some of the key tenets of lawful protest. These include personal sacrifice and a willingness for individuals to stand up and be associated with a cause or idea with boots on the ground, as it were." sure does sound nice, except for its implied premise that there are "whistleblowers or dissidents", the good guys, who can be clearly separated from mere "protesters" who had better be ready to wear nametags and stand neatly in the free speech zone. Fantastic... Earth to Aaron Barr... Entities being attacked always classify their attackers, whatever their means, as the most dangerous/evil category available. Nobody says "Well, gosh, I guess that the guy who just leaked our secret plans is just a good, honest, whistleblower. Good on him!".

      For all his 'shades of grey' droning, assertions of 'liberalism', and whatnot, this guy is a dirty little cog doing his bit for surveillance society(but not to fear, he says he is a "white hat"). At best, he maintains the oh-so-not-at-all-daring position that other people's dissidents are good guys who are worthy of protection; but the(apparently not "dissident") actions of 'attacking' "Law Enforcement" and "Sony" are just evil criminal stuff. Apparently they are in the way of "Western Information Dominance"...

    2. Re:Fuck Aaron Barr by AngryDeuce · · Score: 3, Insightful
      From TFA

      Board rooms now regularly discuss corporate vulnerabilities and mitigation strategies. In turn, they are spending more on security as a result of these threats. That is a good thing right? Maybe.

      Maybe?? Did this guy not work for a fucking security firm? Now it's "maybe" a good thing they are spending more on security?

      Is he trolling himself now?

      Funny how the conversation always comes around to it being all because of those damn dirty hackers. You don't see anyone in the mainstream media saying "Hey, Sony, maybe you shouldn't have been storing customer info in plaintext on your poorly secured servers?" Anonymous gets a hold of that, and they embarrass people. Eastern European or Chinese hacker groups get a hold of it, we're in a far worse position.

      We can sit here and pray for a day when there won't be hackers, it'll never happen, but whatever. But what we can't do is just ignore the woefully inadequate security measures being used in these companies that, frankly, can afford a lot better. They refuse to let us use these services without every piece of information about us they can get short of a DNA sample, throw said info on an open server with no protection, and then blame everyone else when they get hacked and lose customer data.

      This is why customer data should be regulated the same as medical data. If our medical records were stored like our credit card numbers are on so many sites, people would have a shit fit. It's time to start holding these companies liable for gross negligence when they can't maintain the security of our data within reason.

    3. Re:Fuck Aaron Barr by AngryDeuce · · Score: 2

      (HB Gary's work on rootkits, for instance, was not exactly "defensive" in nature...)

      And the astroturfing software, too, that gave me the warm and fuzzies:

      It was also revealed that HBGary Federal was contracted by the U.S. government to develop astroturfing software which could create an "army" of multiple fake social media profiles to manipulate and sway public opinion on controversial issues. This software could also scan for people with points of view the powers-that-be didn't like and then have the "fake" profiles attempt to discredit those "real" people.

      source

      Yeah, he's one of the "good guys" alright. Give me a fucking break.

    4. Re:Fuck Aaron Barr by fuzzyfuzzyfungus · · Score: 1

      The "Team Themis" work for Bank of America also appears to have been heartwarmingly benign. I can't tell if this guy has a serious case of cognitive dissonance, or whether he is just lying.

    5. Re:Fuck Aaron Barr by gnick · · Score: 1

      ...and his quixotic efforts to takedown Anonymous makes him look like a clown.

      What do you mean? He's obviously a hero that's going to reform Anonymous. "We turned our attention to more constructive pursuits for the lulz."

      --
      He's getting rather old, but he's a good mouse.
    6. Re:Fuck Aaron Barr by rubycodez · · Score: 1

      LOL

      for those who slept in U.S. history class:

      http://en.wikipedia.org/wiki/Aaron_Burr

    7. Re:Fuck Aaron Barr by _Sprocket_ · · Score: 1

      In my view, that "maybe" is important. Spending more money on "security" may or may not actually improve security posture. Money spent in fear without understanding isn't guaranteed to go towards sane, educated decisions.

    8. Re:Fuck Aaron Barr by cavreader · · Score: 1

      "But with mediums like social networking Web sites, which enable easy manipulation of identity, it is getting difficult to separate the actual threats from the bystanders." This is one of the better observations I have heard regarding the current state of the Internet. "protesters" who had better be ready to wear name tags and stand neatly in the free speech zone" This is just your interpretation of what he actually said or do you really know what he is thinking and consider yourself a fucking psychic truth detector? If your cause is so damn righteous eventually you will need to step forward and identify yourself to make any changes or do you think people will just listen to someone standing in the shadows screaming about the injustice they have to put up with. By the way if I hack into any databases containing information about you such as your financial account balances, criminal records, spending habits, tax returns, home address, work address, children's schools, or any other pieces of information readily available in the digital world would I be a good guy or a bad guy in your eyes? What if I only did this to people that don't happen to share your political ideology and ideals on how the world operates? Would it be OK in that instance?

    9. Re:Fuck Aaron Barr by Requiem18th · · Score: 1

      Or those of us not form the US. I've heard there's quite a lot of US around.

      --
      But... the future refused to change.
    10. Re:Fuck Aaron Barr by Requiem18th · · Score: 1

      Fuck damn it!

      --
      But... the future refused to change.
    11. Re:Fuck Aaron Barr by Anonymous Coward · · Score: 1

      Maybe he's convinced himself to truly believe it. Only way to sleep at night.

    12. Re:Fuck Aaron Barr by rubycodez · · Score: 1

      those not from the U.S. should disregard this thread altogether, and mostly disregard U.S. vice presidents who never became president as they historically didn't do much. Except for twisted evil fucks like Dick Cheney

    13. Re:Fuck Aaron Barr by fuzzyfuzzyfungus · · Score: 1

      There are several prongs to why: One, it isn't clear that their rootkit development is restricted to fed work. The leaked emails related to their rootkit work specifically mention an "intent to commercialize". Even if they were restricted to fed work, there is certainly no evidence that their customers are only those entities concerned with external surveillance. Given the eagerness and creepiness of the HB Gary/Palantir/Berlico proposal to BoA to deal with wikileaks and a journalist who was considered troublesome(and similar work for the 'US Chamber of Commerce') I'm inclined to find the development of purely offensive tools, like rootkits, rather sinister.

      Second, their emphasis on selling exploit code, even if their customer list is a bunch of squeaky-clean boy scouts, creates a perverse incentive for them as a security company: to stockpile and conceal a variety of zero-day vulnerabilities in assorted common software(the phrase to look for, in the leaked email archives is "juicy fruit", they enthusiastically collected them). Given the very high dependence of US, and 1st world generally, nations on their computers working properly, a situation where 'defense' contractors have an incentive to make virtually all software users less safe, just so the feds have an easier time inserting rootkits, is a deeply perverse and undesirable one.

    14. Re:Fuck Aaron Barr by fuzzyfuzzyfungus · · Score: 1

      It struck me as the surveillance geek analog to the "Honor Bound to Defend Freedom" sign that hangs, without a hint of irony, in front of Gitmo...

  2. "More Constructive Pursuits"? by fuzzyfuzzyfungus · · Score: 2

    Is he implying, by the notion of "more constructive" that crushing him and shedding some light on his creepy private-sector-spook buddies was not, in fact, a valuable use of time?

    If it were possible to do so more widely and efficiently that would certainly be "more constructive"; but I'm suspecting that he has something else entirely in mind...

    1. Re:"More Constructive Pursuits"? by Moryath · · Score: 1

      I have to agree. Aaron Barr's dishonesty seems to know very few bounds. I'd be happier if a lot of people like him suddenly found themselves jobless.

    2. Re:"More Constructive Pursuits"? by Hatta · · Score: 2

      Hm, can we rig up some sort of VOIP system so we can hear the lamentations of their women?

      --
      Give me Classic Slashdot or give me death!
    3. Re:"More Constructive Pursuits"? by fuzzyfuzzyfungus · · Score: 1

      Does the time when that HB Gary exec came in to the anon IRC channel and begged for mercy count?

      It wasn't strictly audible; but it was both hilarious and the lamentations of one of their women...

  3. Aaron Barr attacked anonymous first by Anonymous Coward · · Score: 1

    If I recall correctly he was attempting to attack anonymous, and once they found this out they ripped him apart.
    I'm not condoning the actions of either party, but you don't walk into a pit of wolves without being fully aware of the risks you are taking. Ars has a detailed series on this saga that gives the full detail:
    http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars

    1. Re:Aaron Barr attacked anonymous first by Requiem18th · · Score: 1

      Also relevant:

      http://www.colbertnation.com/the-colbert-report-videos/375428/february-24-2011/corporate-hacker-tries-to-take-down-wikileaks

      --
      But... the future refused to change.
  4. Barr had it coming, but... by blahblahwoofwoof · · Score: 2

    ...Anonymous are just a bunch of thugs now. Had they stuck to their original purpose they could have been a force for good. Now they're farce - no different from every ego-centric hacker group that came before them.

    1. Re:Barr had it coming, but... by Nursie · · Score: 1

      Anonymous original purpose? Which one were you thinking of -

      Do it for the lulz?
      Because none of us is as bad as all of us?
      Internet hate machine?

      Anonymous has always been about pissing people off and messing with their lives for fun.

    2. Re:Barr had it coming, but... by nedlohs · · Score: 1

      Doing shit because you find it funny is a force for good? What "good" came of creating lots of black men in suits avatars and blocking off areas in a stupid social networking/virtual hotel thing and forming swastikas and declaring the pool closed due to AIDS? Aside from being funny of course.

    3. Re:Barr had it coming, but... by BitZtream · · Score: 5, Interesting

      Now? As if at some point in the past they were different? Are you really that stupid?

      There is a reason why mob justice isn't legal, because its never about the fucking justice and always about one group making another group or individual suffer for various reasons of personal gain.

      The Internet is not DIFFERENT than anything else, people there are EXACTLY THE SAME as everywhere else.

      Just because at one point in the past they were picking on people that you didn't like, doesn't mean they were trying to do something good. You just happen to share a common foe for the moment, nothing more. Stop trying to make some random group of losers on the Internet a romantic fairy tale.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    4. Re:Barr had it coming, but... by morethanapapercert · · Score: 1

      lulz

      --
      I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
    5. Re:Barr had it coming, but... by poetmatt · · Score: 1

      troll more creatively please.

      Aaron Barr got his ass handed to him, almost specifically for being unethical. This shouldn't exactly be a surprise.

    6. Re:Barr had it coming, but... by Gunkerty+Jeb · · Score: 1

      If that's is true, then why does Anonymous release a super melodramatic, self-important manifesto every time they deface a website? If it's for the Lulz then laugh. It's not for the lulz though, it's for the attention.

    7. Re:Barr had it coming, but... by sunderland56 · · Score: 1

      The Internet is not DIFFERENT than anything else, people there are EXACTLY THE SAME as everywhere else.

      People are the same, but what they are allowed to do is different. At one time public stonings were universally accepted; now they are frowned upon in most countries. However, on the Internet, they are still a common occurence.

    8. Re:Barr had it coming, but... by idontgno · · Score: 1

      Nota bene: "lulz" is not an alternate spelling of "lol" and isn't necessarily about any commonsense notion of laughing. Most of lulz is, in fact, about attention. Sometimes, a manifesto is sincerely meant, and sometimes it's just more trolling. And sometimes it's just not there (which happens too). And since lulz are about attention and power and self-satisfaction, and since website defacing is pretty much always about "look at what I did" (cracking culture has always been this way), it'd be silly to expect anything else.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  5. not everything is black and white by rbrausse · · Score: 1

    Barr's world view is IMO too simplistic, the answer to "'Building a better Anonymous.’ Is that possible?" shows his black/white thinking.

    the first sentences of the second paragraph read slightly rephrased like: "Anonymous is only a serious activist organization when the targets are political opportune, e.g. Egypt and Tunesia. Attacking Law Enforcement (but not the Egypt and Tunesian ones) or Sony is straight criminal"

    1. Re:not everything is black and white by fuzzyfuzzyfungus · · Score: 1

      It isn't just black-and-white, it's either blindingly idiotic or sheer jingoism...

      Can he seriously doubt that his hypothetical counterparts in Egypt and Tunisia were doing anything other than denouncing the merely criminal activities of those who, unlike legitimate activists, simply attacked Law Enforcement?

      If he can, and somehow imagines that 'evil' regimes consist entirely of bad guys twirling their mustaches and congratulating themselves on how evil they are, then he is being idiotic. If he can't, then his point amounts to little more than "Our Law Enforcement good, their law enforcement evil!" That may, as it turns out, incidentally be true; but you can't usefully hold such a position with some standards for determining what actions make a given entity 'bad' or 'good', a 'legitimate activist' target, or something that only a 'mere criminal' would attack. He seems to have skipped that part.

  6. Anyone can join by Oswald+McWeany · · Score: 2

    Anonymous's theoretical view is that anyone can join.

    That means they will attract both "good" and "bad" (and perhaps some "ugly"). Therefore "more constructive pursuits, " whatever that may be- will be followed, as will more dumbarse pursuits, more juvenile pursuits, and more lulzish pursuits.

    You have to think what type of people will be attracted to the un"organization" to see what direction it will take.

    Outright criminals are unlikely- no profit.
    Professionals are unlikely
    Bored, younger, tech-savy singles are most likely

    I suspect therefore their targets in general are going to continue to be more for the mischievious and disruptful.

    --
    "That's the way to do it" - Punch
  7. No Constructive Checks! by jimmerz28 · · Score: 1

    To me "constructive" is outing worthless government contractors who are worthless.

    Shedding light on how our government throws money away on these inept (and most likely friends') contractors is what we need.

  8. choice quote by dirtyhippie · · Score: 2

    FTA: "I would have loved the opportunity to convey a few misunderstandings about me." Nothing to see here, move along.

  9. Aaron who? by Svartormr · · Score: 1

    For a minute there, I thought they were talking about Aaron Burr.

    1. Re:Aaron who? by FFOMelchior · · Score: 1

      For a minute there, I thought they were talking about Aaron Burr.

      For a minute there, I thought they meant Aaawooon Baaauuuh.

  10. wait... by Anonymous Coward · · Score: 1

    so, this guy gets hacked and proven to be a failure in the security world, and scum, and it BOOSTS his career? i'm i lost? is this earth? i can't believe anyone would listen to him about anything at this point. much less large conferences, and the /. crowd...

  11. Constructive by macraig · · Score: 1

    But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits.

    For Aaron Barr, the definition of "constructive" begins and ends with making money... by whatever means available.

  12. Constructive by horza · · Score: 1

    "and whether it's possible for the group to turn its attentions to more constructive pursuits."

    Take a look at the list of charges against Aaron Barr in the comments above. How is taking him out of circulation not constructive?

    Phillip.

    --
    Property for sale in Nice, France
  13. "More constructive pursuits" by unity100 · · Score: 1

    What can be more constructive than pursuing hired whores that are out to spy on the citizens for the profit of a few private parties or a repressive regime.

    --
    Read radical news here
  14. Wait! What? by hedronist · · Score: 1
    You wouldn't believe the Tour of the Internet I just took to see if the HBGary Aaron Barr was (somehow) the same guy who was a housemate of mine back in the 70s.

    No, thank God, he's not. My guy is the one who wrote The Handbook of Artificial Intelligence back in the early 80s.

  15. what about his victims? by decora · · Score: 1

    what about the rights of people like Glenn Greenwald and others? what about the invasions of privacy committed by Team Themis and others like them? What about the leaked emails that would allegedly place Barr in the position of hacker, as he experimented with his companies own 'offensive' (as opposed to defensive) tools and practices?

  16. how can we separate Gary from what happened? by decora · · Score: 1

    Team Themis was being payed, purposely, to do the kind of work that Barr was doing.

    Barr's actions against anonymous were simply a logical extension of his ordinary job description. Find 'targets' who are opposed to your clients interests, and then collect intelligence on them, for purposes of character assassination.

    I mean, thats what HBGary was payed to do as part of Team Themis. Not Aaron Barr, HB Gary, Berico Technologies, and Palantir Technologies.

  17. because their targets are journalists? by decora · · Score: 1

    and labor unions?

  18. Re:Way to miss the point by Pseudonym+Authority · · Score: 1

    Shill.

  19. Aaron Barr is a bad guy by Sean · · Score: 1

    Anonymous is in fact giving voice and force to the dispossessed. Aaron Barr doesn't see it that way because he built his career working for the bad guys.

    The existence of child pornography is not a serious issue we face. As reprehensible as sexual abuse of children is, mere possession of images of it should not be a crime. Child pornography is mostly used as a pretext for border guards to go on fishing expeditions.