It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.
When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.
Over the last week, I've talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary's defenses and gave the company such a stunning black eye - and what the HBGary example means for the rest of us mere mortals who use the Internet.{ Read on}
The RSA security conference took place February 14-18 in San Francisco, and malware response company HBGary planned on a big announcement. The firm was about to unveil a new appliance called "Razor," a specialized computer plugged into corporate networks that could scan company computers for viruses, rootkits, and custom malware—even malicious code that had never been seen before.
Razor "captures all executable code within the Windows operating system and running programs that can be found in physical memory," said HBGary, and it then "'detonates' these captured files within a virtual machine and performs extremely low level tracing of all instructions." Certain behaviors—rather than confirmed signatures—would suggest the presence of malware inside the company.
The HBGary team headed over early to the RSA venue at the Moscone Center in order to set up their booth on the exhibition floor. Nerves were on edge. A week before, HBGary and related company HBGary Federal were both infiltrated by members of the hacker collective Anonymous, which was upset that HBGary Federal CEO Aaron Barr had compiled a dossier of their alleged real names. In the wake of the attack, huge batches of sensitive company e-mail had been splashed across the 'Net. HBGary employees spent days cleaning up the electronic mess and mending fences with customers. {Read on}