A company that is helping the federal government track down cyberactivists who have been attacking business which refused to support Wikileaks has itself been hacked by the very same activists.
At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month, authorities in the U.K. and the U.S. moved against at least 45 suspected Anonymous activists. Then, on Saturday, the Financial Times ran a story quoting Aaron Barr, the head of security services firm HBGary Federal, saying he had uncovered the identities of Anonymousâ€™ leaders using social networking sites. Barr said he planned to release his findings at a security conference in San Francisco next week.
Anonymous responded by hacking into HBGaryâ€™s networks and posting archives of company executive emails on file-trading networks. The group also hacked the firmâ€™s Web site and replaced it with a message saying it was releasing Barrâ€™s findings on its own because the group was confident Barrâ€™s conclusions were wrong.
â€œWeâ€™ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information youâ€™ve â€˜extractedâ€™ is publicly available via our IRC networks,â€ the statement reads. â€œThe personal details of Anonymous â€˜membersâ€™ you think youâ€™ve acquired are, quite simply, nonsense. So why canâ€™t you sell this information to the FBI like you intended? Because weâ€™re going to give it to them for free.â€
I tuned into this conflict late Sunday evening, after HBGary President Penny Leavy had waded into Anonymousâ€™ public chat channel in an attempt to reason with the group. Earlier in the evening, Anonymous sympathizers hijacked several Twitter accounts belonging to HBGary employees, and used them to post offensive comments and personal information about the account holders.
The topic of the IRC channel Leavy joined said it all: â€œMission: Aaron Bratt FIRED. His salary donated to Bradley Manning Defense Fund. Simple.â€ Leavy said the group was planning to publish online the entire email archive belonging to Greg Hoglund, the security researcher in California who co-founded HBGary, which is part owner of HBGary Federal.
A snippet from that conversation:
â€œ[20:06:12] <+Penny> Guys, I canâ€™t fire someone that owns a portion of the company What i can promise is we will have a meeting to discuss next stepsâ€
In a phone interview late Sunday evening, Hoglund said that unlike the more traditional Web-site attacking activities of Anonymous, the hackers who infiltrated HBGaryâ€™s system showed real skills, even social engineering a network administrator into giving them complete control over rootkit.com, a security research site Hoglund has long maintained.
â€œThey broke into one of HBGaryâ€™s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal,â€ Hoglund said. â€œThey used that to get the credentials for Aaron, who happened to be an administrator on our email system, which is how they got into everything else. So itâ€™s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.â€
Hoglund said Anonymous had crossed a line, and that posting the companyâ€™s email online would expose internal, proprietary data that would likely cost HBGary millions of dollars. He added that Anonymous activists should be able to see â€” if they read the email theyâ€™ve stolen â€” that HBGary ultimately decided not to publicly air any of the members it had identified.
â€œBefore this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where theyâ€™re committing a federal crime, stealing private data and posting it on a torrent,â€ Hoglund said. â€œThey didnâ€™t just pick on any company, but we try to protect the US government from hackers. They couldnâ€™t have chosen a worse company to pick on.â€
Personally i absolutely love that last sentence. It’s like they think they had to spank a kid and suddenly found out the kid isn’t a kid anymore, but a more serious threat.
I wonder what the Feds will do. Probably arrest some people and think peace is preserved. Except on the large torrent fields it isn’t.