Kludge
02-07-2011, 10:08 PM
"Internet vigilante group Anonymous turned its sights on security firm HBGary on Sunday evening in an attempt to "teach [HBGary] a lesson you'll never forget." The firm had been working with the Federal Bureau of Investigation (FBI) to unmask members of Anonymous following the group's pro-WikiLeaks attacks on financial services companies, and was prepared to release its findings next week.
HBGary had been collecting information about Anonymous members after the group's DDoS attacks on companies perceived to be anti-WikiLeaks. The firm had targeted a number of senior Anonymous members, including a US-based member going by the name of Owen, as well as another member known as Q. In addition to working with the FBI (for a fee, of course), HBGary's CEO Aaron Barr was preparing to release the findings this month at a security conference in San Francisco.
Anonymous, however, felt that HBGary's findings were "nonsense" and immediately retaliated—but this time with something other than a DDoS attack. Instead, Anonymous compromised the company's website, gained access to the documents that HBGary had collected on its members, and published more than 60,000 of HBGary's e-mails to BitTorrent. They also vandalized Barr's Twitter and LinkedIn accounts with harsh messages and personal data about Barr, such as his social security number and home address.
"We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks," Anonymous wrote in a statement posted to HBGary's site on Sunday. "So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free."
HBGary cofounder and security researcher Greg Hoglund confirmed on Sunday evening that the latest attacks were sophisticated compared to the group's past shenanigans. "They broke into one of HBGary’s servers that was used for tech support, and they got e-mails through compromising an insecure Web server at HBGary Federal," Hoglund told KrebsonSecurity. "They used that to get the credentials for Aaron, who happened to be an administrator on our e-mail system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time."
As for the 60,000 e-mails that are now available to anyone with a torrent client, Hoglund argued that their publication was irresponsible and would cost HBGary millions of dollars in losses due to the exposure of proprietary information. "Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent," Hoglund said.
It's unlikely that Anonymous cares about what Hoglund thinks, though. Several of the company's e-mails indicated that Barr was looking for ways to spin its info about Anonymous as a pro-HBGary PR move, which Anonymous took special issue with. The group warned HBGary that it had "charged into the Anonymous hive" and now the company is "being stung."
"It would appear that security experts are not expertly secured," Anonymous wrote."
Story, with reference links & comments @ http://arstechnica.com/tech-policy/news/2011/02/anonymous-to-security-firm-working-with-fbi-youve-angered-the-hive.ars -- article by Jacqui Cheng
HBGary had been collecting information about Anonymous members after the group's DDoS attacks on companies perceived to be anti-WikiLeaks. The firm had targeted a number of senior Anonymous members, including a US-based member going by the name of Owen, as well as another member known as Q. In addition to working with the FBI (for a fee, of course), HBGary's CEO Aaron Barr was preparing to release the findings this month at a security conference in San Francisco.
Anonymous, however, felt that HBGary's findings were "nonsense" and immediately retaliated—but this time with something other than a DDoS attack. Instead, Anonymous compromised the company's website, gained access to the documents that HBGary had collected on its members, and published more than 60,000 of HBGary's e-mails to BitTorrent. They also vandalized Barr's Twitter and LinkedIn accounts with harsh messages and personal data about Barr, such as his social security number and home address.
"We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks," Anonymous wrote in a statement posted to HBGary's site on Sunday. "So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free."
HBGary cofounder and security researcher Greg Hoglund confirmed on Sunday evening that the latest attacks were sophisticated compared to the group's past shenanigans. "They broke into one of HBGary’s servers that was used for tech support, and they got e-mails through compromising an insecure Web server at HBGary Federal," Hoglund told KrebsonSecurity. "They used that to get the credentials for Aaron, who happened to be an administrator on our e-mail system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time."
As for the 60,000 e-mails that are now available to anyone with a torrent client, Hoglund argued that their publication was irresponsible and would cost HBGary millions of dollars in losses due to the exposure of proprietary information. "Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent," Hoglund said.
It's unlikely that Anonymous cares about what Hoglund thinks, though. Several of the company's e-mails indicated that Barr was looking for ways to spin its info about Anonymous as a pro-HBGary PR move, which Anonymous took special issue with. The group warned HBGary that it had "charged into the Anonymous hive" and now the company is "being stung."
"It would appear that security experts are not expertly secured," Anonymous wrote."
Story, with reference links & comments @ http://arstechnica.com/tech-policy/news/2011/02/anonymous-to-security-firm-working-with-fbi-youve-angered-the-hive.ars -- article by Jacqui Cheng