HBGary breach revelations and repercussions

A few days ago, the Internet group Anonymous downed security firm HBGary’s website and breached its networks, downloading a serious amount of confidential information (e-mails, malware data, financial data, PBX systems) belonging to the enterprise and publishing some of it.

Judging by the picture painted by the released e-mails and ars technica, HBGary Federal’s COO Aaron Barr infiltrated the group by creating different false personas, monitored and used various social networks and believed he managed to discover who Anonymous’ leaders are.

The e-mails also reveal that the claim that started it all was actually not a threat against Anonymous, but a way to get them to start a feud that would bring more attention to Barr’s work, his scheduled speech at the B-Sides Conference about his results and, finally, to the problem of Anonymous attacks present for enterprises, which would, hopefully, be also good for HBGary and HBGary Federal.

But things didn’t go as planned. Anonymous reacted with fury, and we have all witnessed the results.

Whether the results of Barr’s research are right or wrong it’s anyone’s guess now. Anonymous claims they are not, Barr says they are. Internal company memos and correspondence shows that many of his colleagues had doubts about the quality of the results and about the public exposure Barr was getting due to the claims.

“He’s on a bad path. He’s talking about his analytics and that he can prove things statistically but he hasn’t proven anything mathematically nor has he had any of his data vetted for accuracy, yet he keeps briefing people and giving interviews,” warned a company coder who was privy to Barr’s work. “It’s irresponsible to make claims/accusations based off of a guess from his best gut feeling when he has even told me that he believes his gut, but more often than not it’s been proven wrong. I feel his arrogance is catching up to him again and that has never ended well…for any of us.”

But for better or for worse, the damage was done, and HBGary did suffer major consequences – money- and reputation-wise. It will probably continue to suffer them for quite some time, because the released company documents seem to be a goldmine of interesting and possibly damning information.

Among those is a set of e-mails exchanged between HBGary Federal and two other data intelligence companies: Palantir Technologies and Berico Technologies.

Also included is a proposal that was developed by them for a law firm that, among other clients, caters also to the Bank of America – an institution that supposedly has a lot to lose if WikiLeaks publishes some of its internal documents the organization claims it has in its possession. The proposal contained ideas on how to disrupt WikiLeaks’ operations and its credibility, The Tech Herald reports.

It begins with some general information on WikiLeaks and its head Julian Assange, then lists a number of people who are either current or former volunteers with the organization – singling out the well-known American journalist and WikiLeaks supporter Glenn Greenwald as a potential future target.

“These are established professionals that have a liberal bent,” claims the report about Greenwald and other high-profile supporters, “but ultimately most of them if pushed will choose professional preservation over cause.”

“It is this level of support that needs to be disrupted,” the security experts maintain. So, what general tactics do they suggest?

The report concludes with a short overview of the capabilities of the three firms and with a warning that “the insider threat represents an ongoing and persistent threat even if WikiLeaks is shut down.”

It is unknown whether the proposal achieved its purpose, but HBGary claims that “any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.”

Anonymous refutes the claim. The Tech Herald’s journalist himself says that the documents he has seem seem legitimate and that it is unlikely Anonymous would bother to forge this massive amount of data.

All in all, this saga is far from over, and I guess it will unravel in the next few days and weeks. Will Anonymous widen its attack to the other two companies? Will it release the rest of the e-mails it harvested in the HBGary attack? We’ll have to wait and see.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss