A little over two months have passed from the HBGary breach, and the unfortunate incident seemed to have somewhat faded from public consciousness, supplanted by the slew of other high-profile breaches (RSA, Comodo – among others) that happened after it.
Only, it actually hasn’t. The damage to the reputation of both HBGary and HBGary Federal has been considerable, and both firms are still taking measures aimed at rebuilding it.
The latest one by HBGary is an open letter to its customers and the cyber defense marketplace that has been published on the company site late last week. In it, the company points out that its internal network haven’t been penetrated. “The forensic examination confirmed that software development servers and workstations were not affected by the incident. Despite allegations otherwise, our commercial product source code was not stolen,” it says.
Saying that their decision not to comment much on what happened in the press has proven not to be the best since it lead to a large amount of misinformation being reported in the press, the company is bent on painting itself like a victim of circumstance – “caught within the storm of a vengeful retribution attack against Mr. Barr for his claim that he had infiltrated the hacking group.”
Trying to make it seem that the two companies have absolutely nothing to do one with the other – except sharing the same cloud-based email system – HBGary is determined on offering benign interpretations of the various “misinformations” that have been floating around the Internet since the breach.
For details, I suggest you read the open letter yourselves. As for myself, I loved the parting blow delivered in the last sentence: “We wish the journalistic standards of fact-checking and verification were uniform across the press, but unfortunately, the blog-o-sphere makes that impossible.” As if official company statements contain always the undeniable, absolute truth.