Martian Sunset. Garrybrandrick. LulzSec: You know why they got owne...
LulzSec: You know what else he used... AnonymousIRC: Breaking into #HBGary is a... Spy games: Inside the convoluted plot to bring down WikiLeaks. The parent company also had issues. A few weeks after the discussions about closing up HBGary Federal, HBGary President Penny Leavy-Hoglund (Greg's wife), sent an e-mail to her sales team, telling them "to work a quota and to bring in revenue in a timely manner. It's not 'optional' as to when it needs to close, if you haven't met your number, the closing needs to happen now, not later.
You need to live, eat, breath and ensure you meet your number, not kind of hit it, MEET IT... Guys, no one is making their quota. " She concluded darkly, "I have some serious doubts about some people's ability to do their job. And then, unexpectedly, came the hope of salvation. "Bond, Q, and Monneypenny" By October 2010, Barr was under considerable stress. On October 19, a note arrived. Palantir would provide its expensive link analysis software running on a hosted server, while Berico would "prime the contract supplying the project management, development resources, and process/methodology development. " Anonymous vs. HBGary: the aftermath. The RSA security conference took place February 14-18 in San Francisco, and malware response company HBGary planned on a big announcement. The firm was about to unveil a new appliance called "Razor," a specialized computer plugged into corporate networks that could scan company computers for viruses, rootkits, and custom malware—even malicious code that had never been seen before.
Razor "captures all executable code within the Windows operating system and running programs that can be found in physical memory," said HBGary, and it then "'detonates' these captured files within a virtual machine and performs extremely low level tracing of all instructions. " Certain behaviors—rather than confirmed signatures—would suggest the presence of malware inside the company. The HBGary team headed over early to the RSA venue at the Moscone Center in order to set up their booth on the exhibition floor. On the RSA floor, a team put together the HBGary booth and prepared for the Razor announcement. Lookup - Domain Names Search, Registration, & Availability | Whois.net. PLEASE READ: Financial Times Article on HBGary Federal CEO AaronBarr's Research on Anonymous Group - Sat, 5 Feb 2011 09:30:22 -0800.
Anonymous Hacks Security Company HBGary, Dumps 50,000 Emails Online. A security company that’s been working with the government to track down the cyber-activists involved with Anonymous has now become the target of that very group. HBGary‘s website has been defaced and its CEO Aaron Barr has had his social media accounts hijacked and his personal information leaked online – all in retribution for his claims that he had infiltrated Anonymous, the loosely-affiliated collective of hacktivists. The actions by Anonymous follow a recent story in The Financial Times in which Barr claimed that he had “penetrated Anonymous as part of a project to demonstrate the security risks to organisations from social media and networking.”
In the article, Barr identified people he said were key members of the Anonymous “hierarchy,” including a co-founder in the U.S. and leaders in Britain, Germany, the Netherlands, Italy and Australia. Barr claimed he had discovered these individuals’ identities via Facebook and Internet Relay Chat (IRC). Anonymous Hackers Release Stuxnet Worm Online ! Internetsanon.jpg (1583×1546) Forever-the-game.gif (439×500) Anonymous Claims Possession of Stuxnet Worm. Anonymous speaks: the inside story of the HBGary hack. HBGary owner Penny Leavy said in a later IRC chat with Anonymous that the company responsible for implementing the CMS has since been fired. Password problems Still, badly chosen passwords aren't such a big deal, are they? They might have allowed someone to deface the hbgaryfederal.com website—admittedly embarrassing—but since everybody knows that you shouldn't reuse passwords across different systems, that should have been the extent of the damage, surely?
Unfortunately for HBGary Federal, it was not. Neither Aaron nor Ted followed best practices. Along with its webserver, HBGary had a Linux machine, support.hbgary.com, on which many HBGary employees had shell accounts with ssh access, each with a password used to authenticate the user. Ssh doesn't have to use passwords for authentication. Lessons from Anonymous on cyberwar. "Cyberwar" is a heavily loaded term, which conjures up Hollywood inspired images of hackers causing oil refineries to explode. Some security celebrities came out very strongly against the thought of it, claiming that cyberwar was less science, and more science fiction. Last year on May 21, the United States Cyber Command (USCYBERCOM) reported reaching initial operational capability, and news stories abound of US soldiers undergoing basic cyber training, which all point to the idea that traditional super powers are starting to explore this arena.
Recent activities with one government contractor and Anonymous, however, show clearly that cyber operations have been going on for a long while, and that the private sector has been only too ready to fill the cyber mercenary role for piles of cash. Anonymous vs. Early in 2011, Aaron Barr submitted a talk to a security conference in which he planned to "focus on outing the major players of the anonymous group". Anonymous were quick to respond.
Anonymous Takes Revenge On Security Firm For Trying To Sell Supporters’ Details To FBI - Parmy Olson - Disruptors. Anonymous: US security firms 'planned to attack WikiLeaks' | Media. The hacker collective Anonymous claims to have unearthed proposals by a consortium of US security firms to attack WikiLeaks, ahead of reportedly planned disclosures about the Bank of America. Leaked emails apparently suggest that three private security firms – HBGary Federal, Palantir Technologies and Berico Technologies – pitched a plan to undermine the whistleblowers' site to a law firm which has represented the Bank of America. BoA, the largest US bank, is thought to be the next target of WikiLeaks releases. Anonymous began releasing tens of thousands of emails sent by HBGary Federal late last week, after the loose-knit "hacktivist" group attacked the security firm's computer systems.
Aaron Barr, the company's chief executive, was targeted by Anonymous following a newspaper interview in which he claimed to be able to expose senior members of the shadowy internet collective. "Anonymous should be regarded as the criminal group it is," Leavy told a security conference in San Francisco. How one man tracked down Anonymous—and paid a heavy price. Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them.
But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code. In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project. "They think I have nothing but a heirarchy based on IRC [Internet Relay Chat] aliases! " he wrote. But had he? "We are kind of pissed at him right now" Barr's "pwning" meant finding out the names and addresses of the top Anonymous leadership. "At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls," he wrote in an internal e-mail.
Indeed, publicity was the plan. HBGary Federal quits RSA over Anonymous WikiLeaks email. Anonymous on Colbert Report. (Virtually) face to face: how Aaron Barr revealed himself to Anonymous. Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out. Our lengthy investigation of that story generated such interest that we wanted to flesh out one compelling facet of the story in even more detail. In a sea of technical jargon, social media analysis, and digital detective work, it stands out as a truly human moment, when Barr revealed himself to Anonymous and dialogued directly with senior leaders and "members" of the group.
The encounter began on February 5. Barr had managed to get his work written up in a Financial Times story the day before, and now strange traffic was pouring in to HBGary Federal. Barr's apparent motives were multiple: to mitigate any revenge upon his company, but also to meet as equals with his hacker subjects. HBGary: Online Smear Campaigns. Owning rootkit.com. HBGary Emails A Sweet Valentine For Social Engineers. 'Anonymous' Hacker Group Teaches Shady Cyber-Security Companies a Lesson They'll Never Forget | Media. HBGary's open letter: full of denials that don't hold water. HBGary, the security firm that saw its servers hacked and its e-mails released after its HBGary Federal offshoot angered the Anonymous hive, published a rather peculiar open letter this past Friday in an effort to address the "large amount of misinformation reported in the press.
" But the letter makes some questionable claims of its own. The unsigned letter outlines the basics of the attack and asserts that HBGary's internal systems remained safe and uncompromised. To ward off future attacks, the letter also claimed that HBGary's website, which was hacked using a basic security flaw, and its e-mail system, which fell victim to weak, re-used passwords, were now back in operation with "even stronger cyber defense mechanisms.
" HBGary says that the company's concern in the immediate aftermath was to determine if customers had been affected by the intrusion. Deny everything The main thrust of the letter is an effort to distance HBGary from the entire hack and its subsequent aftermath. Aaron Barr's New Look. Archives of all of HBGary's conversations with the FBi, NSA, CIA, US Army, House and Senate. : netsec. HBGary Email Viewer: Portal - AnonLeaks. UPDATED: The HB Gary Email That Should Concern Us All. As I wrote yesterday , there is a leaked email that has gotten surprisingly little attention around here. It's the one where Aaron Barr discusses his intention to post at Daily Kos - presumably something negative about Anonymous, the hacking group. But that's not the email I'm talking about here. As I also mentioned yesterday, in some of the emails, HBGary people are talking about creating "personas", what we would call sockpuppets.
This is not new. PR firms have been using fake "people" to promote products and other things for a while now, both online and even in bars and coffee houses. But for a defense contractor with ties to the federal government, Hunton & Williams, DOD, NSA, and the CIA - whose enemies are labor unions, progressive organizations, journalists, and progressive bloggers, a persona apparently goes far beyond creating a mere sockpuppet. Yes!!! In another Word document, one of the team spells out how automation can work so one person can be many personas: Really? Link. Nmap Development: HBGary planned to BLOW THE BALLS OFF OF NMAP! HBGary search Emails. Anonymous on the ropes. This blog set to diaplay 20 days of posts. Sorry Blogspot only shows 3 days, waiting for a Google fix, G Prologue: Anonymous has no idea of the shit storm headed their way.
Our "paradigm engine" and BSU's picked up the intel. Good Luck Guys G The Post Wikileaks and Anonymous current cyber war is doomed. It is not a fight for free speech, They are not publishing material wrong doings, they are publishing everything, just to violate privacy. This act against WWW privacy will have deep and long reaching effects on Anonymous and Wilileaks. Very negative impacts. Wikileaks and Anonymous fight against privacy is EVIL. Wikileaks primary motive seems to be profit $$$, just like the Wall St Banks, without morals.
They are at risk in this fight, because their cause is BAD. Even Gov.s have a right to privacy, now I'm not talking about releasing reports on US wrong doing, that they might be able to get away with. Private or "Secret" is going to cause a huge backwash. And both groups will find it very expensive.