Profile
Search
Register
Log in
Anonymous Destroys HBGary
View previous topic | View next topic >

Post new topic Reply to topic
Strange Famous Forum > Hall of Fame

Author Message
redball



Joined: 12 May 2006
Posts: 6871
Location: Northern New Jersey
Anonymous Destroys HBGary  Reply with quote  

So I'm pretty sure this was mentioned elsewhere on the forum, but as things unfold this has become really interesting. Here's the short take: Anonymous recently went after companies in retaliation for actions against Wikileaks, and apparently provided some support to people trying to get information out of Egypt. This has pissed off our government, among others. So HBGary, some company you and I have never heard of before but still a government and private sector "security" contractor, investigated and claimed to have information on Anonymous members. Anonymous responded by obliterating the company's data and, more importantly, their reputation.

Here's NPR's summary article:


Quote:

The hacktivist group Anonymous is at it again. This time, it has humiliated an Internet security firm that threatened to out the group's hierarchy.

If you remember, Anonymous has been in the news, first, because in support of WikiLeaks, it undertook cyberattacks that brought down the websites of Visa and Mastercard. Second, because it brought down the sites of some government entities in Egypt and helped the anti-government protesters with technical help. Third, because as NPR's Martin Kaste reported, the FBI is hot on the group's heels. (Kaste has more on tonight's All Things Considered.)

Today, the website ArsTechnica ran a piece that details how Anonymous methodically went after HBGary Federal's digital infrastructure. Earlier this month, HBGary Federal's CEO Aaron Barr said the company, which specializes in analyzing vulnerabilities in computer security for companies and even some government agencies, had undertaken an investigation of Anonymous and had used social media to unmask the group's most important people.

The Financial Times reported:

Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions," Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.

Barr said an HBGary representative was set to give a presentation at a security conference in San Francisco, but as soon as Anonymous got wind of their plans, it hacked into HBGary's servers, rifled through their e-mails and published them to the web. The group defaced HBGary's website and published the user registration database of another site owned by Greg Hoglund, owner of HBGary.

Amazingly, reports ArsTechnica, Anonymous managed all this by exploiting easy and everyday security flaws. First, it found that the content management system — a program that allows for easy publishing to the web — had a security vulnerability. The group was able to get into the usernames and passwords from the database and, as ArsTechnica puts it, HBGary employees did not follow Internet best practices and used the same passwords over and over on different sites including their e-mail accounts, Twitter and LinkedIn accounts.

If you're interested in the details of the operation, ArsTechnica does a great job at putting it in easy-to-understand words. But perhaps one of the more interesting things the piece manages to cull is a profile of the people behind Anonymous.

The popular characterization has been that it's a bunch of kids. But ArsTechnica, which spoke to Anonymous members, says that:

Anonymous is a diverse bunch: though they tend to be younger rather than older, their age group spans decades. Some may still be in school, but many others are gainfully employed office-workers, software developers, or IT support technicians, among other things. With that diversity in age and experience comes a diversity of expertise and ability.

As for HBGary, the attacks forced it to pull out of the RSA Security conference in San Francisco, the biggest of its kind. The company posted a sign outside its booth with the same note that's on its website:

A group of aggressive hackers known as "Anonymous" illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.

In addition to the data theft, HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks.

HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.

Thank you to all of our employees, our customers and the security community for your continued support.

HBGary, Inc.

Forbes reports that HBGary has become "toxic," its clients and partners cutting ties. It reports that CEO Barr also canceled the talk at the B-Sides conference, which was supposed to be about Anonymous.


go to the link for links to other articles:
http://www.npr.org/blogs/thetwo-way/2011/02/16/133814783/how-anonymous-exacted-revenge-on-firm-that-threatened-to-out-them

More than anything, don't miss the Ars write up which details how this had a lot to do with shitty software, bad security practices, and most of all weak and reused passwords:
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/

Here's what was put on HBGary's website:

Post Wed Feb 16, 2011 9:47 pm
 View user's profile Send private message Visit poster's website
MCGF



Joined: 22 Feb 2010
Posts: 367
 Reply with quote  

these guys are badass
Post Wed Feb 16, 2011 9:58 pm
 View user's profile Send private message
Confidential



Joined: 23 Jan 2004
Posts: 2040
 Reply with quote  

That is so win.
Post Wed Feb 16, 2011 10:04 pm
 View user's profile Send private message
Szechwan



Joined: 19 Mar 2007
Posts: 587
Location: Vancouver Island
 Reply with quote  

Boooom.

I've been loosely following this for a little bit but this was the first time I've actually seen a full write up of their shenanigans. Pretty hilarious stuff.

"..under section 14 of the Rules of the Internet."
Post Wed Feb 16, 2011 10:05 pm
 View user's profile Send private message
bakemosphere



Joined: 05 Apr 2005
Posts: 701
Location: 304
 Reply with quote  

"Rule 14 of the internet: Do not argue with trolls; it means that they win."
Post Wed Feb 16, 2011 11:13 pm
 View user's profile Send private message
OM3N



Joined: 30 Jun 2002
Posts: 1297
Location: Thailand
 Reply with quote  

Ha! I just saw this on France24 news (great news station btw). They actually managed to secure a webcam interview with a member of this "Anonymous". Needless to say it was hilarious as well.

Some 20something basement dweller with a Guy Fawkes mask basically saying memes the whole time. The reporter was dumbfounded.
Post Thu Feb 17, 2011 12:30 am
 View user's profile Send private message
xGasPricesx



Joined: 23 May 2008
Posts: 1553
 Reply with quote  

This is awesome on so many levels.
Post Thu Feb 17, 2011 2:17 am
 View user's profile Send private message
Jesse Custer



Joined: 01 Dec 2006
Posts: 1258
Location: London
 Reply with quote  

Why do they have to go and spoil the cool things they do by acting like a bunch of smug nerds? They need someone better drafting their statements.
Post Thu Feb 17, 2011 4:18 am
 View user's profile Send private message Visit poster's website
OM3N



Joined: 30 Jun 2002
Posts: 1297
Location: Thailand
 Reply with quote  

Jesse Custer wrote:
Why do they have to go and spoil the cool things they do by acting like a bunch of smug nerds? They need someone better drafting their statements.


I think the arrogance of the message is all part of the joke. When journalists get their hands on this stuff, hilarity ensues.
Post Thu Feb 17, 2011 4:45 am
 View user's profile Send private message
neveragainlikesheep



Joined: 22 May 2008
Posts: 2536
Location: TKO from Tokyo
 Reply with quote  

Good. Serves him right.

I think Anon is a pretty cool guy. eh pwns scientistologies and doesnt afraid of anything.
Post Thu Feb 17, 2011 5:47 am
 View user's profile Send private message Send e-mail
OM3N



Joined: 30 Jun 2002
Posts: 1297
Location: Thailand
 Reply with quote  

neveragainlikesheep wrote:

I think Anon is a pretty cool guy. eh pwns scientistologies and doesnt afraid of anything.


Post Thu Feb 17, 2011 6:07 am
 View user's profile Send private message
firefly



Joined: 27 Sep 2002
Posts: 3990
Location: Montreal
 Reply with quote  

I think that these "anonymous" guys are either idiots or agents.

For the little bit of disruption that they are causing they are going to give excuses to governments to lock down the internet if this shit keeps up.
Post Thu Feb 17, 2011 9:05 am
 View user's profile Send private message Send e-mail
neveragainlikesheep



Joined: 22 May 2008
Posts: 2536
Location: TKO from Tokyo
 Reply with quote  

firefly wrote:
I think that these "anonymous" guys are either idiots or agents.

For the little bit of disruption that they are causing they are going to give excuses to governments to lock down the internet if this shit keeps up.


And governments don't already do that all the time at the moment?
Post Thu Feb 17, 2011 9:12 am
 View user's profile Send private message Send e-mail
crash



Joined: 07 Aug 2003
Posts: 5456
Location: the chocolate city with a marshmallow center and a graham cracker crust of corruption
 Reply with quote  

this is pretty awesome, but i'm a little worried where this could lead. i've heard people refer to DoS attacks as a sort of cyber protest - like a sit in - but a lot of this stuff seems similar to terrorism.

the point of protest is to highlight an injustice by garnering media attention. anonymous, on the other hand, is discouraging companies from acting against their or wikileak's interest by taking direct action against those companies. this sends the message to other companies "watch your behavior or you will be attacked." that's terrorism, right?

it seems like the script kiddies are far more adept at this sort of warfare than the government / big business. i guess that being an internet vigilante is a lot more alluring than wearing a tie and making lots of money. as long as that's how things are working then i think these actions will be anti-authoritarian... but when the interests of the vigilantes and the govt are the same (like in china)... that has me worried.
Post Thu Feb 17, 2011 9:25 am
 View user's profile Send private message AIM Address
redball



Joined: 12 May 2006
Posts: 6871
Location: Northern New Jersey
 Reply with quote  

Ya know, I don't think Anonymous are the great freedom fighters of our day. I think "hacktivist" is probably the most apt term for them. The shit they do is typically on the level of your basic protester or tagger.

Except this. This is the equivalent of demolishing a line of riot police. Here was a firm that was out to try to make an example of a few of them and instead they've basically been put out of business. There's few other cases I can think of where a group of hackers actually ruined a business. That's what makes it so interesting to me.

But I will vehemently disagree with the shitty circular logic that someone doing something to upset authority is always a covert operation by government forces to give them the excuse to exert power. That situation is the exception, not the rule. To argue this is to basically subvert any anti-establishment action that isn't entirely within the law... and that actually helps the establishment.
Post Thu Feb 17, 2011 9:35 am
 View user's profile Send private message Visit poster's website

Post new topic Reply to topic
Jump to:  
Goto page 1, 2, 3, 4, 5, 6  Next
All times are GMT - 6 Hours.
The time now is Thu Oct 30, 2014 11:08 pm
  Display posts from previous:      


Powered by phpBB: © 2001 phpBB Group
Template created by The Fathom
Based on template of Nick Mahon