Anonymous hijacked the Twitter account of HBGary chief executive Aaron Barr


The loose hacker collective Anonymous says it has taken revenge on a US security company whose principal claimed to have penetrated the group and identified some of its key people.

They hacked the Twitter account of Aaron Barr, the chief executive of HBGary, and sent out a series of angry tweets while many Americans were watching the Super Bowl match on Sunday night, allegedly including Barr's social security number and address, and his mobile phone number.

The tweets link to torrents of the company's emails. Members of the group also put up a brutal set of claims: "Anonymous has:

"entire control of all emails for the company of hbgary.com. we have full admin control of

"hbgaryfederal.com. we have wordpress control of hbgary.com

"all emails will be put up in a torrent.

"full access to all their finincials

"their ssns [social security numbers]

"their w2s [US tax reporting statement]

"their 1099s [US tax identification certificate]

"their software products

"their malware data (although Anonymous rm'd [deleted] their entire terabyte of data sorry)

"their backup server was wiped.

"access to their pbx system via 8x8.com

"control of their support server and their clients logins

"root access to rootkit.com, personal website of greg hoglund

"aaron barr's ipad is now wiped"

Barr could not be contacted to find out how many of these details were correct. The HBGary site had been replaced by a placeholder this morning.

Anonymous claimed that they replaced the front page of HBGary's site with an image rebuking the company and saying "you're nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiculous prices for simple things like NMAPs, and you don't deserve praise or even recognition as security experts."

It added: "If you swing a sword of malice into Anonymous' innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried."

The company was targeted after Barr was quoted in the Financial Times saying that he had identified two key members of Anonymous, including a co-founder in the US, and senior members in Britain, Germany, the Netherlands, Italy and Australia. He said he had picked up clues about their identities via online sources such as email, Facebook and Internet Relay Chat (IRC).

In January UK police arrested five people accused of having taken part in attacks against sites such as PayPal in December as revenge for its withdrawal of payment facilities for WikiLeaks. US authorities and other European police forces have also arrested people accused of taking part in the online attacks.

The Anonymous attack was claimed to have been carried out by five people who alleged that Barr had planned to meet US authorities on Monday morning and sell his findings to the FBI. The attackers made the file with the details Barr had planned to release public, but asserted that the numbers given were incorrect and that the names were "random".

In a sarcastic press release on the AnonNews site, someone from the group posted a release (though dated 6 January, it was actually posted on 6 February) saying "Mr Barr has successfully broken through our over 9000 proxy field and into our entirely non-public and secret insurgent IRC lair, where he then smashed through our fire labyrinth with vigor, collected all the gold rings on the way, opened a 50 silver key chest to find Anon's legendary hackers on steroids password."

http://www.guardian.co.uk/technology/20 ... any-hbgary

My sympathies are with Anon. The best bit was wiping the iPad. That will hurt him personally.

A net security company laid open by a bunch of hackers.

ooops.

Regardless of the damage "Anonymous" have done, the publicity surrounding the hack will probably kill the company.

sometime I'm in love with anonymous. Most of the time though they scare me

As it should be. Anonymous is the collective conciousness of a mob. Sometimes they rally to worthy causes, sometimes they act like hooligans.

It always amuses me when someone with no comprehension of how the internet works somehow tries to go up against it. A mob has it's own momentum. It has no head and no heart. It is sometimes unpredictable and always dangerous. It's highly symbolic of that knowledge gap that a "security company" should be so ignorant.

then all i can say/add is
thank god for the freedom of the internet ...

And why you should treat everyone with respect on the internet.

Wikileaks Wasn't The Only Operation HBGary Federal, Palantir And Berico Planned To Defraud

from the with-the-help-of-the-government dept

By now the exposed plan of HBGary Federal, Palantir and Berico to attack Wikileaks and its supporters through fraud and deception, in order to help Bank of America, has been discussed widely. However, the leaked HBGary Federal emails suggest that this sort of plan involving these three companies had been used elsewhere. Apparently the US Chamber of Commerce had approached the same three firms to plan a remarkably similar attack on groups that oppose the US Chamber of Commerce.

That leaked plan (embedded below) includes a similar plan to create fake documents and give them to these groups to publish, with the intent of "exposing" them later, to raise questions about their credibility.

That giant US companies and lobbyist organizations are interested in underhanded, dirty tricks is no surprise (though, there's no evidence that either BofA or the CoC agreed to these proposals). However, as Glenn Greenwald (a key target in the original proposal for BofA) explains, what's really troubling is the chummy relationship between these organizations and the US government. The US government is supposed to protect people from frauds perpetrated by big companies. But the evidence here suggests that the federal government was pretty closely connected to all of this.

The reason HBGary Federal, Palantir and Berico were even talking to BofA in the first place was because BofA contacted the Justice Department to ask what to do about Wikileaks, and the Justice Department turned them on to the law firm of Huntoon and Williams, who was instrumental in arranging both of these proposals.

But the real issue highlighted by this episode is just how lawless and unrestrained is the unified axis of government and corporate power. I've written many times about this issue -- the full-scale merger between public and private spheres -- because it's easily one of the most critical yet under-discussed political topics. Especially (though by no means only) in the worlds of the Surveillance and National Security State, the powers of the state have become largely privatized. There is very little separation between government power and corporate power. Those who wield the latter intrinsically wield the former. The revolving door between the highest levels of government and corporate offices rotates so fast and continuously that it has basically flown off its track and no longer provides even the minimal barrier it once did. It's not merely that corporate power is unrestrained; it's worse than that: corporations actively exploit the power of the state to further entrench and enhance their power.

That's what this anti-WikiLeaks campaign is generally: it's a concerted, unified effort between government and the most powerful entities in the private sector (Bank of America is the largest bank in the nation). The firms the Bank has hired (such as Booz Allen) are suffused with the highest level former defense and intelligence officials, while these other outside firms (including Hunton Williams and Palantir) are extremely well-connected to the U.S. Government. The U.S. Government's obsession with destroying WikiLeaks has been well-documented. And because the U.S. Government is free to break the law without any constraints, oversight or accountability, so, too, are its "private partners" able to act lawlessly. That was the lesson of the Congressional vesting of full retroactive immunity on lawbreaking telecoms, of the refusal to prosecute any of the important Wall Street criminals who caused the 2008 financial crisis, and of the instinctive efforts of the political class to protect defrauding mortgage banks.

The exemption from the rule of law has been fully transferred from the highest level political elites to their counterparts in the private sector. "Law" is something used to restrain ordinary Americans and especially those who oppose this consortium of government and corporate power, but it manifestly does not apply to restrain these elites. Just consider one amazing example illustrating how this works.

Greenwald's language may be a bit hyperbolic (though, considering he was one of the people "targeted," that seems entirely understandable), but he has a point. And his very next paragraph shows how the government isn't doing its job of protecting people in law enforcement, but is selectively picking what laws to enforce mainly when it protects themselves and big corporations. For example, while the FBI is spending so much time trying to track down Anonymous for its brief virtual sit-ins in the form of temporary DDoS attacks, it has not bothered to put any effort into looking at a similar DDoS attack on Wikileaks itself.

Why? Because crimes carried out that serve the Government's agenda and target its opponents are permitted and even encouraged; cyber-attacks are "crimes" only when undertaken by those whom the Government dislikes, but are perfectly permissible when the Government itself or those with a sympathetic agenda unleash them. Whoever launched those cyber attacks at WikiLeaks (whether government or private actors) had no more legal right to do so than Anonymous, but only the latter will be prosecuted.

That's the same dynamic that causes the Obama administration to be obsessed with prosecuting WikiLeaks but not The New York Times or Bob Woodward, even though the latter have published far more sensitive government secrets; WikiLeaks is adverse to the government while the NYT and Woodward aren't, and thus "law" applies to punish only the former. The same mindset drives the Government to shield high-level political officials who commit the most serious crimes, while relentlessly pursuing whistle-blowers who expose their wrongdoing. Those with proximity to government power and who serve and/or control it are free from the constraints of law; those who threaten or subvert it have the full weight of law come crashing down upon them.

This really should trouble people. I'm not a big fan of "conspiracy theories," and I don't believe there's any big Hollywood-style conspiracy going on here. But I do think that the incentives are screwed up, and that our federal government is way too beholden to large private companies whose main goal is protectionism and survival, rather than in benefiting the American public the most. It's incredibly disheartening.

http://www.techdirt.com/articles/201102 ... raud.shtml

Nothing short of sickening, and exactly where this country is headed

While wilileaks should be careful over what they disclose so not endanger anyone still working undercover somewhere much of the leaks are more embarrassing. Yes they were embarrassing but would any of us disagree with their comments about our leaders? I think that they were pretty accurate.

Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead

Nate Anderson has put together an excellent play-by-play of the whole HBGary Federal fiasco, mainly by going through the emails that Anonymous leaked. It's well worth reading the whole thing, so I won't repeat the key points here, but what's really fascinating is the back-and-forth between HBGary Federal CEO Aaron Barr and others at HBGary Federal, including his main technical guy, who clearly thinks Barr's methodology is worthless. It becomes clear that the technical guy sympathizes with Anonymous and Wikileaks and Barr even calls him on this point (admitting that he too sort of feels that way, but he recognizes this as a PR opportunity). The coder at one point mocks the whole plan as:

Step 1 : Gather all the data

Step 2 : ???

Step 3 : Profit

Yup. That's a coder alright. Then there's this fascinating argument where the coder points out that the statistical basis for Barr's claims (basically analyzing who people's friends on Facebook are is about as accurate as your daily horoscope:

Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.

Coder: No it won't. It will tell you how mindless their friends are at clicking stupid [LIFTED] that comes up on a friends page. especially when they first join facebook.

Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.

Coder: You keep assuming you're right, and basing that assumption off of guilt by association.

Barr: Noooo....its about probabilty based on frequency...c'mon ur way smarter at math than me.

Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don't want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.

Barr: [redacted]

Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.

Barr: [some information redacted] On the gut feeling thing...dude I don't just go by gut feeling...I spend hours doing analysis and come to conclusions that I know can be automated...so put the taco down and get to work!

Coder: I'm not doubting that you're doing analysis. I'm doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it's right. You're still working off of the idea that the data is accurate. mmmm…..taco!

That same coder later warned another company exec saying that "I feel his arrogance is catching up to him again and that has never ended well...for any of us." Fascinating read all around.

http://www.techdirt.com/articles/201102 ... tead.shtml

Priceless, in fact, I think I'll start a thread in the meeting place once I've read the whole thing