HBGary Federal hacked and exposed by Anonymous

Filed Under: Data loss, Law & order, Privacy, Social networks, Vulnerability

Anonymous logoAs the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership.

HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing.

Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills. Anonymous compromised the HBGary website and replaced it with an image explaining their motivation. In addition to the defacement, they downloaded over 60,000 emails from the company and posted them on The Pirate Bay.

The Twitter account of HBGary's CEO, Aaron Barr, was also compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised "in minutes."
Aaron Barr's hacked Twitter feed

The research, which HBGary was preparing to sell to the FBI and which allegedly contains names, addresses and other information on Anonymous, was also posted as part of the attack. Anonymous maintains the information is largely bogus and says they are providing it publicly to prove it.

A writer for the DailyKos claims that, in addition to the other damages, Anonymous also deleted the firm's backups.

From a legal perspective, Anonymous had better hope they remain anonymous. The criminal activities outlined by their own bragging could get them some serious prison time in the US, UK and other countries with strict cybersecurity laws.

While we do not know the methods employed (perhaps Anonymous will tell us that as well) it is a good time to review the basics of security. Audit your own sites, never use the same password on more than one site and try to maintain separation of privileges to prevent the compromise of one account from affecting all of your services.

As of the time of this post hbgary.com is still offline.

Update: According to information from krebsonsecurity.com it appears HBGary was victimized by a combination of social engineering and a shared password between systems. Training employees on the proper verification of identity before exposing secure systems is an essential part of a corporate security program. Staff who feel they need to take any action when someone important like a company executive is apparently asking for help can create disastrous results. The CEO and founders must be subjected to the same rules as everyone else. Employees challenging their superiors should be praised rather than chastised when they follow the policy.

, , , ,

You might like

92 Responses to HBGary Federal hacked and exposed by Anonymous

  1. Michael · 1167 days ago

    Hi. You're going to call off your rigorous investigation. You're going to publicly state that there is no underground group. Or... these guys are going to take your balls. They're going to send one to the New York Times, one to the LA Times press-release style. Look, the people you are after are the people you depend on. We cook your meals, we haul your trash, we connect your calls, we drive your ambulances. We guard you while you sleep. Do not... f*** with us.

    • Rick Gray · 1166 days ago

      Whats with the censorship --Am i in grade school ?
      If "Anonymous" can be that good, so be it !
      "If" someone wants to go to the extreme and send a DOS to the world...Hey that's not really a bad idea. !!!
      Maybe, just maybe , you'll go outside for a change and meet your neighbors.

      • Chester Wisniewski · 1166 days ago

        We prefer this to be a family friendly area Rick. I think you understand the content that has been omitted and if you wish to find the original, you won't have a problem.

    • Marvin · 1158 days ago

      Looks like the Anonymous vote bots have been at this comment.

      Who is Michael addressing anyway? Is it HBGary or Sophos? Sophos and others have the right to report the news.

      Besides, the above comment by Michael appears to me to be a threat of blackmail with violence.

      Michael, you don't speak for anyone except yourself and maybe a bunch of petty kids and adult basement dwellers with too much time on their hands who have a warped sense of the world due to lack of regular social contact. Never claim to speak for the ordinary people again. Thank you.

      Now, that's not to say that every goal of "Anonymous" is bad... but their methods are highly debatable and they shouldn't be surprised when the law comes after them for doing illegal things.

      • notballin · 1158 days ago

        Marvin- calm down, if you were familiar with pop culture of the past 15 years you'd know that michael's statement is quoted verbatim from a popular '90s book called Fight Club. the statement was also used as dialogue in the movie by the same name.

      • Grady · 1157 days ago

        He's quoting Fight Club, for God's sake. Maybe you need to get out a little more yourself.

      • anon · 1156 days ago

        Epic Fail

    • mEeEeE · 1147 days ago

      KEEP UP THE GOOD WORK! U HAVE PEOPLE ALL AROUND THE WORLD LOOKING UP AT YOU!

  2. I find it ironic that a security firm got hacked. By what the media calls Script Kiddies.

    • They aren't script kiddies though. They are captains of technology.

    • Alan · 1166 days ago

      Oh, everyone is a script kiddy in the eyes of people who want to charge hundreds thousands of dollars for "IT Security Consulting"

    • someone · 1166 days ago

      More evidence that being a Security Researcher does not make you a Security Best Practices Follower.

    • anon · 1165 days ago

      Really? Because I thought the media had been calling them 'cyber terrorists'.

  3. Spiderman · 1167 days ago

    haha brilliant, I must admit that I do enjoy the antics that are Anon. I will also say I don't really see the lines crossed by Anon, although I am sure someone will draw them for me. I suspect these lines crossed arn't particular rigid, most likely more malleable for Anon.

    It's kinda funny, not really, but I am scared to post this... I worry, I dont know how to reroute my IP, I will end up on some sort of black list. This feeling really makes me want to know more about computer mechanics. I don't like the idea of being helpless, especially if it is the government that is suppose to be helping me... I suppose it doesn't help that this website is also trying to get my information for business use, which they will be more then happy to disclose to the government if asked.

  4. Lisa Reed · 1166 days ago

    hahaha. Anonymous 1 - HBGary - 0

  5. Anon · 1166 days ago

    Anon are terrible hackers,
    A true hacker, well, never leaves a trace he was even on the system.

    • Anon · 1166 days ago

      A true hacker only worries about not leaving a trace if there is still work to be done. After the demolition job Anonymous just pulled on HBGary's credibility it's unlikely they will need to gain access again.

    • Tuttle · 1166 days ago

      The purpose of this hack was not to steal and get away with it. It was not to secretly compromise security. It was not to hijack zombie machines.

      The purpose of this hack was to publicly embarrass the target. A security firm. To do that, you publish the hack.

      Duh.

    • noneya · 1166 days ago

      But they want to be known, thats the whole point. Or are you really that stupid?

    • Anon · 1165 days ago

      Guess someone has never heard of hacktivism...christ that term shows up in even the most primitive it security introductory texts...guess you have business pronouncing who is and who isn't a terrible hacker, considering you obviously don't know much about the subject.

    • Mad Fritz · 1155 days ago

      They're not hackers but defenders of freedom. And anon made a reputable "security" company like HBGary (federal) looking like running (ruined?) by amateurs :-))

  6. ConspiracyTheorist · 1166 days ago

    It screams of an inside job to me -- make a public spectacle by "hacking" someone's Twitter account and posting their personal information? Please. I think the whole thing was faked to create a public spectacle as a smokescreen to the shoddy work done by HBGary. Who else would be able to successfully socially engineer them besides someone at the company? I hope "Anonymous" is good at covering their tracks, because if anyone really investigates it, I believe it will come out that the whole thing is a hoax perpetrated to keep HBGary's investigation going.

    • Name · 1166 days ago

      Really? A guy who makes a living protecting websites from hackers willfully lets his own website get hacked?

      • ConspiracyTheorist · 1166 days ago

        Somehow, I overlooked the part about 60K emails before posting this. It does appear to be a legitimate hack. But think about this: if it were an inside job done to leverage pressure to bring down Anonymous, it could create enough outrage to push things to another level.

        We don't know what emails weren't published or what data isn't in the public domain at this point, and the information in that .pdf they published is not complete. It looks like a series of pseudo dead ends.

        • yeahokrightman · 1166 days ago

          Yeah I mean when I want to cover up my shoddy work I usually tweet my own Social Security number and address also.

    • Alan1 · 1166 days ago

      Taken from that angle, it's plausible. It's also been done that way in the past by many other companies.

    • Michael · 1166 days ago

      Does this sound like the script to the movie Hackers to anybody 'cept me?

  7. o_P · 1166 days ago

    We're never going to give you up Aaron!

  8. ABC DEF · 1166 days ago

    Will somebody please tell me what's going on? I would love to know since I support Anonymous for their wonderful work against the cult of Scientology/Dianetics/Mind Sciences!

    • Anonymous · 1151 days ago

      A security attempted get information on Anonymous member to sell the info to the FBI. Anonymous got mad hacked his company, download a bunch of emails, and erased their backup files. However, when it was all said and done. The emails Anonymous downloaded show the Company was involved in illegal activity at a very high level the implications went all the way up the Chain to the United States Chamber of Commerce. Much much more as well.

  9. Anonymous is a cyber terrorist , all members are criminal person.

    • NoHope · 1166 days ago

      First it was "Communist", then "Homosexual", and now "Terrorist". What do all these things have in common? Words used to label anyone "not like us". Pathetic.

      • Wintermute · 1166 days ago

        I can only hope that one day it will be "person using despicable grammar"... Or maybe "close-minded luddite"

    • Someone · 1166 days ago

      That's an awfully broad brush. Anonymous is a lot bigger than just these idiots, and it's virtually guaranteed that whoever did this hack job is going to do a lot of hard time, proxies or no. To say that all members are "criminal peson" is staggeringly stupid and ignorant. Most are misanthropic teenagers with no sense of shame, but criminal? Thanks for proving you have absolutely no idea what you're talking about.

    • Joe · 1166 days ago

      with that reasoning all americans are terrorists, ask anyone in Iraq or Afghanistan

    • Ano Nymous · 1166 days ago

      Anonymous are dispensers of Justice. They are the A-team.

    • Anon · 1165 days ago

      Wrong....wrong, wrong, wrong, wrong. Anonymous is one of the few groups with the testicular fortitude to stand up to the terrorists that lord over us and hate our freedom. The ones that conceal evidence of their crimes against humanity beneath an impenetrable cloak of "national security". The ones that capitulate to law enforcement's baseless and unconstitutional demands for the personal information of so-called "free citizens" without offering up even the tiniest bit of resistance to protect the people who butter their bread. The ones that feed the security state with endless lies, invasive technology, unforgivable, intolerable arrogance, and contempt for the rule of law. Just law. Not the beast the federal system has created, the beast that implicates anyone and everyone, the beast that devours the lives of those who have offended its masters without even the semblance of justice, due process, or respect for the natural rights of mankind. People like you are the problem. And one day, if enough people (like Anonymous) take a stand against your spirit-crushing, authority-bootlicking, servile, pathetic perspective of the world in which we live, good will prevail over evil.

    • Robyn Banx · 1161 days ago

      Oh! So that's what is going on. I had no idea, except for a huge pile of weapon's grade stupidity called "Aaron Barr."

  10. Anontards · 1166 days ago

    Meme meme meme
    V For Vendetta meme here
    Meme meme meme
    Derp derp derp /b/

    Typical 4chan discussion

    • Anon Amos · 1166 days ago

      Boxxy Boxxy Boxxy
      Herp derp.
      RAGE EGYPT
      I'm so cool herp derp
      /b/ 4EVAR YOU CANNOT BEAT US

      The rest of 4Chan isn't as bad as /b/. /hr/ is an OK place to find desktop wallpapers.

  11. nothere · 1166 days ago

    nice one, security firm gets hacked by script kiddies. nice company ;-) just a fun news story

  12. SomeGuy McFee · 1166 days ago

    I assure you, there are a couple of Agencies that know exactly who the perps are. Why not bring them to justice, you say? Why not take down anon, you ask? Simple. It's a place to attribute plausible blame when a state sponsored event is to take place. Anon is a pawn in the greater game.

  13. lolipop · 1166 days ago

    I loved it. I have just applied for a new credit card with his ssn. Now I am going to buy something large and have it delievered to the whores address. ahhahaha

    If you do not have neither the skills nor the knowledge do not say you are a security anything and specially do not mess with anonymous !

    Congratulations anonymous.

  14. Cowrad · 1166 days ago

    Pathetic gathering of media-whoring money-grabbers sycophants... well said..

  15. Tacgnol · 1166 days ago

    All of this begs an important question. How should the Internet Hate Machine express their pride at continuing to effortlessly outmanoeuvre the lumbering federales, angry mubarakites, would-be lynchers of Bradley Manning and all that ilk across three continents? I'd say what's needed isn't a lot of childish taunting but a sense of dignity and honor.

    First, they should choose the appropriate time. Perhaps no moment is more opportune than when a so-called expert claiming to know all about them and planning to make it into the big leagues out of shopping them to FBI gets professionally ruined. This is the perfect moment for an Anon to respond:

    "Excuse me Mr Barr, what were you just saying? I'm sorry, I was distracted because I was trying to remember who just got the entirety of their dox and data splashed all across the internet. Was it us? Was it Anonymous? Did we get all our infrastructure compromised? Is this our end? Huh? Oh wait, gosh, how could I forget! It's not Anonymous or anyone else who got doxxed and bitchslapped. It's... it's you! You lose! Anon wins! Anon kicked your butt! Aaahhh-hah-hah-hah! A-non! A-non! A-non! See ya in the funny papers, Aaron!!!"

    Or:

    "I'd really like to answer your concerns about the pressing issues of identity and security on social networks, but I'm too worried about the fact that... your dox, mail and data are now a TORRENT ON PIRATE BAY! Ah-hah-hah-hah!"

    Mocking people while they're down and you're up: It's worked for the rest of us, and I believe it will work for Anon, too.

  16. chris · 1166 days ago

    what you are not including in your below average assessment is this...how do you know that Anon doesnt have some computer savant on their side? Thats right...you dont. For all we know...the most gifted IT brain in the world could be on their side. No one knows. So...your idea that the government with its many IT guys can be better than one amazing brain at computers is not based on fact.

    There are so many possibilities.

    How do you know that IT guys working for the government that side with Anon arent doing this? And...who is going to uncover it? You are going to need other professionals of equal or better knowledge to uncover what some other IT hacker is cooking up. What if that hacker is better than all others? Who can track him and uncover is doings?

    I get what you are saying...but there are many things that can be happening here. To post the bs you posted is just annoying

  17. Joey · 1166 days ago

    This all poses an interesting debate. Most people will concede that Wiki Leaks is threatened (or at least attacked by) governments (cut off credit card processing, web hosting, domain name, founder (possibly) falsely accused, etc. etc.) Considering what they do is largely protected by freedom of speech and betters the world, shouldn't they be protected by the world community? Shouldn't those who try to counter defending WikiLeaks from this (illegal) government attacks be punished?

    Fundamentally governments tend to creep over the rights of their citizens and defend themselves from threats, even if the threat is justified. Aren't we all as citizens of the world obligated to defend, or support, WikiLeaks in some way?

  18. Peter · 1166 days ago

    Passwords have been the weakest link since Matthew Broderick played Thermo Nuclear War with Joshua.

    Peter

  19. James Joliet · 1166 days ago

    They are completely pwnd. our sales rep in dc, one of the founders of HBGary, called to reassure us that none of our data or any federal agency or SI"s data has been compromised. Only their email, financials and source code. Source Code! i said, and he said it was no big deal, i am seeing the same info on the blogs and in comments on some of the articles i have been reading. pretty bad stuff, because if they have their source code, then they can develop countermeasures for their products. We are ripping out ur hbgary products until everything can be verified, thankfully we only have three small licenses.

    • voice of concern · 1166 days ago

      Mr Joliet. If you turn your back on HBGary Federal now, in their moment of need, that would mean only one thing - the terrorists win.

      Are you sure you want to go on record saying that American patriots are pwned and terrorists win? Because you know, those words could come back to haunt you some day. Please, Mr. Joliet, reconsider. Don't let the bad guys win. Stand by Aaron Barr. Buy more of his products.

      • Information Warfare · 1165 days ago

        Voice of concern: anyone having any services from a "security" company that just got caught without pants, should be concerned.

        We should also be concerned about anyone trying to smoke with galant words like Patriot or Terrorist.

      • Anon · 1165 days ago

        Mr. Joliet. If you turn your back on HBGary Federal now, in their moment of need, that would mean only one thing - the terrorists lose.

        Are you sure you want to go on record saying that Feds and their cronies are fighting a losing battle against Anonymous and everyone who values freedom, honesty, and transparency in government (THE ONLY WAY TO KEEP THEM IN LINE). Because, you know, these benevolent public servants could be offended by your words and could use resources financed by taxpayers to make your life a living hell simply to satisfy their petty need for revenge. They need not worry about violating the law, as they are above it, as are all Federal Soldiers in our Glorious Security State of Freedom. The executive branch of our government will not enforce the law against its own, unless they have been disowned, and if failure to enforce is not enough the legislative branch will simply make a new law to immunize their criminal behavior. The sad truth is this: There is absolutely no legal or moral barrier to stop these people from destroying your life and freedom simply because you had the gall to speak up. If there is one thing they cannot stand, cannot tolerate, it is honest appraisal of their treasonous, greed and powerlust driven crimes against the world and against our once honorable republic.

        Please, Mr. Joliet, do not reconsider. Don't let the bad guys win. Don't let "security" firms who cannot secure their own networks continue to profit from deceiving you. Wave goodbye to Aaron Barr and his collection of oils, salves, and miracle IT security all-in-one cures for whatever ails you.

      • i hope you are being sarcastic

      • Dereck · 1162 days ago

        Admiral Aaron (Ak)Barr says this is a trap. (please publish this comment for the sake of the pun)

  20. anon · 1166 days ago

    Anonymous is the democratic voice of the people, for now at least. Whoever hunts them is on the wrong side of history.

    OUr only chance in the face of global corporations, is a global popular response. Anonymous is just an example of that.

    Voice of the people GG!

  21. macman · 1166 days ago

    I concur with mr ConspiracyTheorist surely if you had been hacked by anon the last thing you would want to do is let the world know about it. Problem, reaction, solution - never forget it.

  22. Brendan · 1166 days ago

    This is this civil disobedience in the digital age. Get use to it people, all you information r belong to everyone.

  23. Bob · 1166 days ago

    and what progress have the US, UK and other countries with strict cybersecurity laws made in tracking down those who attacked the wikileaks website?

    • Anonymous · 1162 days ago

      Seem to be forgetting that Anonymous has a long history of DDos'ing websites. Usually the reason for the DDos is: "They don't think we are as great as we think we are."

  24. Travis · 1165 days ago

    I find it hilarious that some of you think this is a hoax, or that Anonymous left traces that can be investigated by supposed "better government hackers". Let me clear up some points:

    1. This is not a hoax. I, personally, don't involve myself with Anonymous because I'm terrible at covering my tracks, but I know this isn't a hoax. It even looks like what Anon would do.

    2. They have not left traces. If they ever left traces, they wouldn't be Anon. Anon has hundreds of thousands of members, if not millions, so that should prove the tiny amount of arrests the police make mean nothing.

    3. There are no "Senior figures" in Anon. It is like a terrorist organization, everyone doesn't know each other, and all communication is does anonymously, not only to the public, but to each other.

    4. The government barely even knows what the internet is made of. They only started to discover Anon's true power. They are very far away from ever tracking down any of the members of Anon, and by the time they reach that point, each member is behind 20 more proxies and defence mechanisms.

    Give up, Anon is not to be f***ed with. The radicals will even take the fight to real life, if forced to.

    • Dereck · 1162 days ago

      I'd like to clarify. Now, I've never participated in Anon's activity but I know their whole public image.

      1. This is all real indeed. They do things for what they consider justice (so far, I agree with them) and laughs.

      2. As an anarchic group, they're basically drafting people on a voluntary basis: they leave instructions, and it's up to anyone to follow them. They always repeat you should only take part in the actions if you know what you're doing. People always get arrested after an Anon action. However, they're not hundreds of thousands. Worldwide, about 10k people participate in their public protests. Considering the Internet is universal, you can add some people but also have to retract those that don't participate because of various issues. To successfully carry out a DDOS you'd need about these ten thousand people, so that's pretty much the maximum people they have. 15k if we really push things.

      3. I'd like to add something to this: everybody has the same rank, and they meet in clusters on various IRC channels and websites - 4Chan is one, usually the most quoted. Some friends meet, and they decide to take action against someone. They quickly make an image and publish it on more public websites that are accessible to a wider population (it begins with 10 people on one IRC, which then spreads to an IRC with 500, then with 1500, etc) and people join in if they wish to. Anyone can be part of Anon and then retract a second later.

      4. That is true. Governments don't know anything about the Internet and probably think there's a machine that controls everything. But they employ people who know what they're doing and as I said earlier, a lot of people - more than we think - have been arrested for participating in illegal activities. As I also said, only participate if you know what you're doing. Most of the Anons have been using the Internet since it appeared and can answer any question regarding computers.

      • Sam · 1159 days ago

        4Chan sounded so radical & anti-establishment that I've just had a look at the website and am disheartened to find that it is simply another porn site. From all the reading I have done I understand that this is not what it started out as but nevertheless that is what it now is :(
        Whilst there may still be lots of anarchy happening - it's a hard ask to trawl through the smut to find it.
        It doesn't surprise me though, one of my websites a couple of years ago was targeted by this one guy who kept posting his smutty stories on the forum - not sure what the gain was for him; I had a valuable lesson in internet security but the website was just a learning one anyway - definitely no real life information on it.
        Still, the revolutionary in me hopes that Anonymous does exist and will keep fighting - just because there's an establishment doesn't mean it goes without saying that they are working in the best interests of the many.

        • poop · 1151 days ago

          lulz 4chan is, always has been, and always will be just a bunch of junk, everyone knows that.

    • JBond007 · 1138 days ago

      That's not true, [former] United States Senator Ted Stevens (R-Alaska) knows what the internet is made of. A series of tubes! lol

  25. Animegaido · 1165 days ago

    What happend after 9/11? Security law all over the world has been tightened, and the explanaition to the public was that countries have to protect themselves from further attacks. This way we became more controlled.

    Now, internet is free from many restrictions and many people can post on forums anonymously and do other stuff without being controlled, enough is just a few proxies or vpn and youre sorted.

    Ok, so what to do to have controll over that, hmmmm....

    I know! Lets do some attacks on various companies all over the world, lets make public hear about it and lets make a terrorists out of these bad, bad hackers!

    Right, hmmm, we would need to hire some group of hackers, lets give them our technology, money and resources. Let them use our contacts in Russia, China and other places to provide an exit point for communication :D

    After a year or 2 we will have uncompromised evidence that all internet users should be legitimated (like Mr. Obama suggested few weeks ago).

    Now we will know who and what not only in physical world but also on the net - everyone under magnifying glass.

    • Eggmunkee · 1165 days ago

      You may be right. It is admitted that the US government has done many things under false flag (i.e. pretending to be an enemy) through history to further their goals and provoke public responses which are beneficial. Whether Anonymous is legitimate or not, there is no doubt governments will use the threat of it to further impose control over the web, such as Obama and Cass Sunstein (regulatory czar) have proposed clamping down the internet where you need a government ID to get on the web. Even if a minority can circumvent such a system, it will do much harm to the web as a medium of free speech. The web as needs to defended and any such plans must be stalled.

    • This paints a horrid picture, but I've been thinking similar thoughts for a while. I'd wondered if I was just becoming paranoid in my old age, but too many folks are saying the same things... We are the cattle on the giant Federal Farm, and it seems that some of us are learning to jump the fence!

    • Anonymous · 1151 days ago

      Anonymous is one of the few groups attempting to make a change. They are not the only hacktivist group out there. They are just the most vocal.

  26. Anon · 1165 days ago

    I have to admit, back when Anonymous was going after the like of Gene Simmons, I was amused but hardly impressed. It seemed horrifically childish and futile - does anyone really care what Simmons thinks about piracy anyway?

    But my mind has been changed by the Wikileaks debacle. I applaud Anonymous, as do many others, judging from the comments here and elsewhere. Those who dismiss them, insult them, or stumble over themselves trying to defend the security state generally get rated down. For every comment they leave defending secrecy and railing against terrorists (aka people they don't like), there are ten backing up Anonymous. I don't know if the Brownshirts have realized yet just how outnumbered they really are. They should've known all along, history should have already taught them what free people think of tyrants and those who enable and support them. But ignorance is their crowning characteristic, the cherry on top of their sundae.

    This is the new era of civil disobedience. It is the moral duty of every sovereign citizen to stand against injustice, and anyone who believes that our government is just is either a wannabe fed (real feds know the truth, they just bottle it or sanctimoniously rationalize it) or just horribly misguided. The people have not been represented for a VERY long time in the halls of Capitol Hill. Corporate interests drive EVERYTHING in our society, including law, and its time someone knocked them off their pedestal to remind them that they're earthbound just like the rest of us. We cannot compete with their legions of lobbyists armed with briefcases full of bribes, favors, and pre-written bills lacking only the rubberstamp vote of some congress critter that needs a new beach house and doesn't want to pay for it. Anonymous gives us a voice, and more importantly, gives us a way to strike back. They will not hear us - no matter how loud we speak up - but when their profit stream is interrupted, when their reputations are publicly exposed for the BS they are, they will no longer be able to drown us out. This is bigger than script kiddies and ez-hacks. Anonymous is more than just a collection of misanthropic, bored teenagers. The war they are fighting is the one we should've been fighting all along, the one they wouldn't have to fight if we didn't let the government stomp all over our rights. I sincerely hope they continue to succeed.

  27. Anonymous · 1165 days ago

    "Training employees on the proper verification of identity..." Of course, the assumption is that there's a meticulous set of security procedures brilliantly designed and rigorously implemented, but employees are the weak link in the chain.

    Wow, what an ass.

    Let me let you in on a little secret. For the most part, the neckbeard industry doesn't work that way. People who sit on corporate boards design procedures by committee, and frankly don't care what kind of Frankensteins they produce. As long as middle management keeps repeating the mantra "everything is fine, don't worry", the ugly details of how a jumbled pile of aphoristic thinking gets implemented by people who actually do work is somebody else's problem.

    The kind of "training" that Chester Wisniewski (Jesus, is that his real name or is this some kind of elaborate troll?) is alluding to is more akin to demanding loyalty or patriotism; a kind of workplace morality theater, utterly devoid of any real meaning or purpose. It was ever thus.

    And finally, a little nugget of wisdom from the crazy dog lady that lives in my apartment building, "the hardest part of training the dog is training the owner." I think she's onto something.

  28. yeah i said it · 1165 days ago

    what you are not including in your below average assessment is this...how do you know that Anon doesnt have some computer savant on their side? Thats right...you dont. For all we know...the most gifted IT brain in the world could be on their side. No one knows. So...your idea that the government with its many IT divisions/men can be better than one amazing brain at computers is not based on fact...its based on your personal belief. How do you know that there is not a defector from the government helping Anon out because they like what Anon is about? Maybe Anon has a superb IT brain on their side that even government units of IT specialists cant track? Maybe there is someone so good that only someone of equal or better skills can track?

    There is so much that can be happening...and all you are doing is trying to shove your opinion down our throat. For all we know...the most amazing IT brain in the world could be on Anon side...someone so good that no one can track.

  29. Anon · 1165 days ago

    Aaron Barr is an incredibly arrogant man who has been kicked in the ass.

    His "security" company is a joke, I would be very unhappy if I'd bought one of his "security" products. (or had any form of email contact with him or his company)

    He brought all of this on himself. I have no sympathy.

  30. Gavib · 1163 days ago

    Annoymous are a bunch of pathetic jerk longing for attention and their own gratification. The sooner we either eliminate these people's waste existence or can just come to the Universal realisation of how retraded they are, the better we'll be for it.

  31. finmp · 1163 days ago

    Look at the language they use, these are contract thugs requested by corporations on the tax payers dollar. Every news story is leaked, Wikileaks is no different.

  32. smilidon · 1161 days ago

    The fact that people think anonymous has members is what makes them so effective. A membership requires no more than participation. There is no list of members or a newsletter. No leader, founder, or associate. That is why it is effective. Someone being accused of being part of anonymous is about as verifiable as calling someone part of the Illuminati.

    • Chris · 1159 days ago

      Exactly! I laughed quite hard when I saw that a company had said that they were going to infiltrate anonymous to uncover the leaders identities. I've visited that site and there is no such thing as a leader for anonymous. Maybe mr. Barr just wanted an excuse to watch porn during working hours

  33. Ernest Jones · 1160 days ago

    FTA: Employees challenging their superiors should be praised rather than chastised when they follow the policy.

    Yes. And whoever did the big U.S. Government leak to Wikileaks should be praised instead of chastised because they tried to follow the policy.

  34. Anonymous · 1157 days ago

    HBGary was not even a real security firm. They were a scam organization trying to sell information to the government that the government easily could have gotten themselves.

    Just another example of old men in suits trying to pose as experts. Good work anonymous! Next target is Bank of America...

  35. ANONOPS · 1154 days ago

    for we are legion
    we do not forgive
    we do not forget

  36. Anonymous · 1151 days ago

    Lets consider this since you brought up STUXNET
    Aaron Barr was attempting to social engineer a Nuclear Power Plant at the same time he was going after Anonymous. Why a Nuclear Power Plant? Dont forget what these firms all did for a living. Wonder why the FBI has gone absolutely insane about hunting down Anons.

  37. GARY TEBAY · 1135 days ago

    I AM 55 YEARS OLD, AND IT DOES NOT MATTER WHAT HAPPENS TO ME AT MY AGE, LIVE, RIDE, PRISON, or DIE!

  38. Nugem · 1133 days ago

    Many people say Anon are script kiddies, Anon are just unorganized hackers etc. Has anyone read the HBGary emails? These guys made and sold exploits for software, hacked organizations, and spoke to one another with "lol dude pwned!!" type Ninja Turtle language. These guys were script kiddies, there are conversations between them saying they will "Google code" and write better programs than NMap etc. Oh, and the exploits these guys wrote, were sold to our government as high end root kits. Whether Anon are kids, unorganized, or script kiddies doesn't really matter, they unmasked some devious behavior.

    Breaking security on PS3 = Jail time.
    Selling root kits to government and exploiting software of others for a government advantage = Money.

    Correct me if I am wrong, I would love to hear a different perspective.

  39. Anonymous · 1128 days ago

    You mess with the best, you fail like the rest.

    Anonymous prevails

  40. JimDim · 1105 days ago

    Check out the article about hbgary in the business week mag of march 14-20 2011 for a glimpse of how sleazy hbgary and hbgary federal in fact are.

    btw, for those not familiar, business week is pubbed by bloomberg and is not a rad, leftie, commie, or hacker magazine.

  41. pretty · 1037 days ago

    not part of ano, nor do i like them.

    But seriously, this guy supposed to be bigboss of a security compagny and use the same password for evrysingle thing he does (company password too...).
    But worst than that he does use the same apssword as a welcome password for conferences? comon, be serious!

  42. Anonymous · 921 days ago

    I find it ironically hilarious that this is an internet security firm that got hacked.

  43. jojo · 914 days ago

    the major muscle that perpetuates these are not in anywhere u.s. or its allies can reach. china, russia. you cant do ZIT against those people. so u.s. and its cronies should just stop harassing their own citizens for these.

  44. dustin · 431 days ago

    I find it funny and interesting that the FBI and justice department can LEGALLY commit cyber crimes against American citizens everyday and we have to deal with it. They do exactly what criminals do and not for good. Only to use it against you in any way possible. All of a sudden the people and hackers fight back and expose them exposing us and all of sudden the hackers are the criminals here??!! I don't think so. I commend you hackers for exposing these crooks activities. All hackers should work together to expose not only these ridiculous companies poised with gathering information on us, but also attack the justice department, cia and all other federal agencies and release all information that the public should know about. I realize some of you would like to remain ignorant and bias to the fact that you think some information should remain secret for national security, in which I do agree with to a point. Real security risks, like the operations of our nuclear weapons systems, etc. But all the information on the illegal activities of our government and all the decisions they are making on our behalf. I know when our government truly decides to kill someone in our country and other countries, I would like to know about and have a vote in whether or not our country should be ending lives in my name. Etc. Just making a point, we should be allowed to be more aware of what is going on and the activities of delving into personal lives should seize to exist.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.