Anonymous takes down internet security firm

[Whomp]

Have any of you been following the Anonymous/HBGary saga? This has gone way beyond the typical DDoS attack we see from Anonymous. This is a full frontal facial.

Should this send shivers down a IT administrators spine?

(Virtually) face to face: how Aaron Barr revealed himself to Anonymous

Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out.

Our lengthy investigation of that story generated such interest that we wanted to flesh out one compelling facet of the story in even more detail. In a sea of technical jargon, social media analysis, and digital detective work, it stands out as a truly human moment, when Barr revealed himself to Anonymous and dialogued directly with senior leaders and "members" of the group.

The encounter began on February 5. Barr had managed to get his work written up in a Financial Times story the day before, and now strange traffic was pouring in to HBGary Federal. With his research done and his story in print, Barr needed only to work up some conference slides and prepare for a meeting with the FBI, which had been tracking Anonymous for some time. So Barr ditched the covert identities he had been using to watch the group, and on February 5 he approached a person on Facebook whom he believed was the powerful CommanderX.

Barr's apparent motives were multiple: to mitigate any revenge upon his company, but also to meet as equals with his hacker subjects. No harm, no foul, right? Anonymous didn't agree. (Quotes in this article are provided verbatim, typos and all.)

Spoiler :

Barr: CommanderX. This is my research… I am not going to release names I am merely doing security research to prove the vulnerability of social media so please tell [redacted] and [redacted] or whoever else is hitting our site to stop.

CommanderX: Uhhh…. not my doing! Just as a thought… wouldn't that be valuable data to your research?

Barr: I am done with my research…doing my slides…I am not out to gut u guys. My focus is on social media vulnerabilities only. So please tell the folks there that I am not out to get you guys… I knew you guys were a risky target but nothing risked nothing gained. People can show their bravado thats fine I can deal with that. Just want the 'leadership' to know what my intent is…that will filter as it needs to I am sure.

CommanderX: 'Leadership' lmao [laughing my ass off] it has grown beyond my control, just as I intended.

Barr: … I will talk about aliases. I won't talk about names. But please don't play me a chump any more than you have to to protect anons cred. I know more than IRC aliases…. u have a lot of firepower and know how in some dark corners…hell some of them may even know Greg Hoglund the CEO of our other company. So if it is some of your guys just want to make sure they don't get too aggressive.

CommanderX: Which website?

Barr: hbgaryfederal.com

CommanderX … I warn you that your vulnerabilities are far more material. One look at your website locates all of your facilities. You might want to do something about that. Just being friendly. I hope you are being paid well.

"Come at us, bro"

Barr then entered an Anonymous IRC chat room, where his "CogAnon" profile had already been exposed. When he showed up, this is what greeted him. (Anonymous handles have been altered in this non-public section of chat.)

Spoiler :

[23:47] <CogAnon> guys I'll tell you...it was only research...it has now become a criminal matter...

[23:48] <CogAnon> our website was hacked...twitter account... email.... ok...guys if thats the way u want to play it.

[23:48] <ANON2> CogAnon: come at us bro

[23:48] <CogAnon> I won't...

[23:48] <ANON1> CogAnon: Hello.

[23:48] <ANON2> CogAnon: nice screencap earlier by the way, did Ted and [HBGary CEO] Penny enjoy it, ?

[23:49] <CogAnon> not sure why u had to make it personal...I had 2 other usecases...

[23:49] <CogAnon> but ok... I figured this might happen...I am not upset... it just takes a differnt path...

[23:51] <CogAnon> ok see you guys later...not even close to end of career... need to finish my talk.

[23:52] <ANON2> maybe CogAnon will enjoy what's uploading right now

[00:18] * CogAnon is now known as AaronBarr

The material "uploading right now" was apparently Barr's private e-mails; Anonymous had infiltrated his company e-mail server, where Barr was the admin, and had taken more than 40,000 messages from three top execs. They were then uploaded to The Pirate Bay.

"What's coming next is the delicious cake"

The next day, February 6, the attacks turned serious, and Barr realized the extent of what Anonymous had done to him and to his company, which was currently in negotiations to sell itself to a pair of interested buyers. This was no longer a game; it looked more like war. The sheer freewheeling raucousness of what follows illustrates as well as anything the nature of Anonymous, and it's worth quoting at length. (A few unimportant bits have been stripped for clarity, denoted by an ellipsis.)

Note that several members of the channel have already seen Barr's e-mails.
(Read the full public log.)http://pastebin.com/p8Pt60Fu

Spoiler :

[23:53:49] <q> Ohai CogAnon

[23:53:56] <tflow> Hello, Mr. Barr.

[23:54:12] <Topiary> Mr. Barr and his infiltration of Anonymous; "Now they're threatening us directly", amirite?

[23:54:16] <tflow> I apologize for what's about to happen to you and your company.

[23:54:20] <q> Enjoying the Superbowl, I hope?

[23:54:25] <CogAnon> high one sec. please

[23:54:25] <tflow> I really do, Mr. Barr.

[23:54:36] <tflow> You have no idea what's coming next.

[23:54:36] <Topiary> tflow: How are things going with that, anyway?

[23:55:24] <Topiary> CogAnon is clearly super 1337 with his PM psyops skills in the Washington area

[23:55:29] <CogAnon> ok...sure I figured something like this might happen.

[23:55:42] <Topiary> CogAnon: nah, you won't like what's coming next

[23:55:51] <tflow> CogAnon: Can you guess what's coming next?

[23:56:00] <Topiary> Ooh, a fun game - guess!

[23:56:02] <CogAnon> dude...you just don't get it. it was research on social media vulnerabilities...I was never going to release the names...

[23:56:11] <Sabu> LIAR

[23:56:14] <CogAnon> as I told CommanderX last night.

[23:56:16] <BarrettBrown> CogAnon: You went to press

[23:56:22] <Topiary> CogAnon: yeah we read the facebook conversation, and every other conversation

[23:56:23] <BarrettBrown> With info that was largely false

[23:56:24] <q> CogAnon: only that your research like totally failed and all your info was

[23:56:25] c0s> CogAnon: that article was a hit peice.

[23:56:27] <CogAnon> ok whatever...whoever has done this has tied my hands now though.

[23:56:37] <BarrettBrown> I suggest you go to Bloomberg and explain

[23:56:38] <Sabu> CogAnon: Don't you have a meeting with the FBI Monday morning?

[23:56:39] <CogAnon> ok

[23:56:42] <Topiary> Sabu: he totally does

[23:56:44] <tflow> CogAnon: I feel sorry for what's about to happen. I really do.

[23:56:45] <Sabu> Tomorrow @ 11am?

[23:56:46] <q> CogAnon: we'll send that to your FBI friends, so they have that before your talk tomorrow

[23:56:49] <CogAnon> yep...they called me.

[23:56:51] <n0pants> Moral of the Story: Don't drum up business by banging on a hornet's nest.

[23:57:01] <CogAnon> I have a lot of people calling me.

[23:57:02] <Sabu> You intended of battling anonymous in the media for media gain and attention

[23:57:04] <Sabu> well let me ask you

[23:57:08] <Sabu> you got the media attention now

[23:57:10] <Sabu> how does it feel

[23:57:11] <Sabu> ?

[23:57:14] <CogAnon> yep

…

[23:57:34] <Topiary> Oh guys, what's coming next is the delicious cake.

…

[23:58:53] <nigg> so who wants all of

[23:58:55] <nigg> his emails?

[23:59:06] <Sabu> uhm you have his emails????

[23:59:10] <Sabu> DAMN!

[23:59:14] <nigg> 2.3gb's of gold

[23:59:15] <Topiary> sure, I'd enjoy some 68,000 emails

[23:59:19] <Topiary> can we please have 68,000 of their emails?

[23:59:21] <blergh> lol

[23:59:21] <`k> nigg not ehre

[23:59:22] <tflow> I already have them

[23:59:23] <blergh> what is this?

[23:59:25] <c0s> those emails are going to be pretty

[23:59:25] <Topiary> oh wait we totally already have them

[23:59:26] <`k> here

[23:59:27] <nigg> 68,000?

[23:59:27] <Topiary> trolololol

…

[23:59:50] <tflow> I have Barr's, Ted's and Phil's emails

[23:59:50] <nigg> im talking

[23:59:50] <CogAnon> lol..ok guys well u got me right.

On February 7, Barr's compromised Twitter account contained the following posts, which appear to be from Barr himself—though it's hard to say. (Those from his Anonymous persecutors have a very different tone, and contain more links and profanity.)

Ok. Well this has been fun. Anon has certainly done a number on me for the last, wow has it only been 24hrs? Seems longer...

site defaced, twitter hacked, email taken...priceless.

Does this mean I have become an internet celebrity...not quite how I imagined it?

ok. So Anon has done a number on me. Probably going to take a bit to piece things together, probably more to come.

But there has been no more to come. Twitter has now locked the account, according to Anonymous.

The persecution was brutal. People began defacing images of Barr, hosting them all in a central repository for easy viewing—they even dredged up a personal picture of the man dressed as The Hulk for a round of trick-or-treating with his kid. HBGary, a part owner of HBGary Federal, sent its own President Penny Leavy into the Anonymous chat rooms to ask them to stop—or at least to keep the e-mails private. Anonymous did not, demanding instead Barr's resignation.

Members of the group have spent today apparently prepping to release a new e-mail archive from Leavy's husband, the respected security pro Greg Hoglund, whose own site rootkit.com was compromised by (allegedly) a 16-year-old through a bit of social engineering. The persecution continues.

The other stories on this subject.
The HBGary saga:
Anonymous to security firm working with FBI: "You've angered the hive"
How one security firm tracked down Anonymous—and paid a heavy price
(Virtually) face to face: how Aaron Barr revealed himself to Anonymous
Spy games: Inside the convoluted plot to bring down WikiLeaks
Anonymous speaks: the inside story of the HBGary hack
Black ops: How HBGary wrote backdoors for the government

 

[Ajidica]

So wait, what exactly happened?
As far as I can make out a person who was 'infiltrating' Anonymous revealed his actual identity and Anonymous decided to act like pricks and commit some illegal acts? It the guy has the info he needs then he can prosecute them.

 

[Whomp]

So wait, what exactly happened?
As far as I can make out a person who was 'infiltrating' Anonymous revealed his actual identity and Anonymous decided to act like pricks and commit some illegal acts? It the guy has the info he needs then he can prosecute them.

Apparently, he didn't have the info he needed. However, thanks to Anonymous the companies information is on the net and some of it has become pretty embarrassing including:
HBGary Stuxnet Raw Data
HBGary PDF Exploit Botnet Packet Analysis
HBGary EndGames Systems DoD-Spying Capabilities
HBGary EndGames Russian Federation Infections
HBGary China Cyber Espionage
HBGary Project C General Dynamics Back Doors
etc.

From the first article ARS wrote (linked above) that exposed this "Anonymous Speaks: the inside story of the HBGary Hack"

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

 

[Rashiminos]

I'm sure Anon adding tools to their toolbag is something that we all feel great about...

 

[Souron]

Man, this guy is a creep. A pro creep.

 

[emzie]

So wait, what exactly happened?
As far as I can make out a person who was 'infiltrating' Anonymous revealed his actual identity and Anonymous decided to act like pricks and commit some illegal acts? It the guy has the info he needs then he can prosecute them.

The guy is a self-proclaimed internet defender, which means he sells useless malware detection software.

He took it upon himself to bring down anonymous, apparently under the belief that anonymous is an underground institution comprising of a hierarchy, leadership ect.... He collected "dox" by attempting to match up trivial bits of information tossed out in chat rooms to people on social networking sites. His end goal was to create a lot of drama and bring attention to his company.

Well he got his drama and was made to look like a total fool when his internet security company was hacked. Quite unfortunate for the owner and other employees.

 

[azzaman333]

Confronting Anon is a stupid idea that can never end well.

 

[Skwink]

Anon=/=terrorists

 

[Defiant47]

Anon = legion

 

[Mise]

I came here expecting cake, but apparently that was a lie

 

[JerichoHill]

The cake wasn't a lie!!!!

On topic; Whomp, I learned a long time ago that you should be very nice to elite computer hackers. Benefit of going to Georgia Tech, there were a few Cult of the Dead Cow folks there.

 

[warpus]

Some "internet security" firm this guy was in charge of

If your data is so easily hackable and accessible, you don't deserve to be in business. Guys beat him at his own game.

 

[Flying Pig]

This is why we need more legislation and enforcability over the internet. Whatever we think about the victim, for people to be able to break into private and often confidential parts of someone's computer and publish the contents without reprecussions is awful. If somebody did this for real; stole somebody's post, graffitied their place of work and sent letters in their name, we would justly call them criminals at best. Any support for these people worries and sickens me.

 

[aimeeandbeatles]

Some "internet security" firm this guy was in charge of

If your data is so easily hackable and accessible, you don't deserve to be in business. Guys beat him at his own game.

That's my first thought too.

I emailed one of my friends: "Did you hear about the guy who tried to identify Anonymous? He sort of ... failed."

 

[aelf]

This is why we need more legislation and enforcability over the internet.

That's what this guy thought too. Not so easy, eh?

 

[Flying Pig]

That's what this guy thought too. Not so easy, eh?

Only because at present there's not been moves by the government - and of course governments acting in unison - to bring it about.

 

[warpus]

This is why we need more legislation and enforcability over the internet. Whatever we think about the victim, for people to be able to break into private and often confidential parts of someone's computer and publish the contents without reprecussions is awful. If somebody did this for real; stole somebody's post, graffitied their place of work and sent letters in their name, we would justly call them criminals at best. Any support for these people worries and sickens me.

As long as you're connected to the internet you're hackable. (heck, even if you're not) It's a matter of how easy it is to get into your system and steal your data.

These people are vigilantes, and yes, criminal, but for the most part they have been fighting moral battles (egypt, tunisia, libya, scientology, etc.) I suppor them in most of what they do.. not all.

 

[aelf]

Only because at present there's not been moves by the government - and of course governments acting in unison - to bring it about.

And you'll find that some of the necessary measures are quite draconian. Law and order at all costs?

 

[bhsup]

I'll just paste a a snippet of a conversation from "another place" that covers my thoughts on this...

[23:10:17] <Vr> [22:52:43] <CONCEALED_ID_#1> Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous&#8212;only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out.

[23:10:24] <Vr> They need to be uncovered and imprisoned

[23:10:40] <CONCEALED_ID_#2> Vr: Have you seen some of the uncovered emails?

[23:10:46] <Vr> Nope

[23:10:50] <Vr> Don't care about them either

[23:10:57] <Vr> The criminals who did it should be found and punished.

[23:11:24] <Vr> Hacking into someone else's computer is the electronic equivalent of kicking in a front door and stealing the contents of a home.

[23:11:46] <Vr> I could legally shoot such an intruder, so why do we humor these electronic counterparts?

[23:12:54] <CONCEALED_ID_#3> anonymous really isn't a group

[23:13:13] <CONCEALED_ID_#3> it's more of a collective identify

[23:13:24] <CONCEALED_ID_#2> They didn't kick in a door

[23:13:31] <CONCEALED_ID_#2> They called a HBGary admin and asked for the key

[23:14:10] <CONCEALED_ID_#2> Or to skip the metaphors, they emailed one of their sysadmins like "It's aaron, I'm in europe and need to ssh, drop the firewalls and give me root"

[23:14:13] <CONCEALED_ID_#2> And he obliged

[23:15:21] <Vr> So they had an accomplise inside.

[23:15:26] <Vr> Doesn't really change anything

[23:16:33] <Vr> If a beseiging army bribed a gatekeeper to raise the gate, does the defending army suddenly have to just stand by and let the beseiging army sack the city just because someone on the inside betrayed them?

[23:16:35] <CONCEALED_ID_#2> Also Vr, http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars

[23:16:55] <CONCEALED_ID_#1> man who knew to little haha

[23:18:03] <CONCEALED_ID_#2> Seriously though, the implications of some of those are worrying

[23:18:09] <Vr> So this barr is a douche. Two wrongs don't make a right.

 

[Flying Pig]

And you'll find that some of the necessary measures are quite draconian. Law and order at all costs?

This sounds rather clichéd, but I'd rather the government and the police kept the power to get into my computer than anybody who cared to have a look be given that power. If it took that, I'd happily vote for it.