RSAC 2011: Inside the talk that started a war with Anonymous

Posted: February 14, 2011 in Uncategorized


Last weekend, Aaron Barr, the CEO of HBGary Federal, gave an interview to the Financial Times that eventually led to a war with Anonymous. The interview centered on a talk he was giving during the B-Sides security conference this week. He has since canceled his talk, but here is a breakdown of what he was expected to discuss.

Details of the HBGary and HBGary Federal attacks by Anonymous are here.

A war started:

“I have been researching the Anonymous group over the last few weeks in preparation for a social media talk I will be giving at the B-Sides conference in San Francisco on Feb. 14th. My focus is to show the power of social media analytics to derive intelligence and for potential exploitation,” an email from Barr, dated January 29 and viewed by The Tech Herald reads.

“In the talk I will be focusing how effective it is to penetrate three organizations, one military (INSCOM), one Critical Infrastructure (Nuclear PowerPlant in PA), and the Anonymous Group.”

Additionally, Barr said in the email that he was surprised at the level of success he was having on the Anonymous group.

“I am able to tie IRC Alias to Facebook account to real people. I have laid out the organizations communications and operational structure. Determined the leadership of the organization…I have to believe this data would be valuable to someone in government, and if so I would like to get this data in front of those that are interested prior to my talk.”

Barr’s claims to the press that he had discovered the identities of key members in Anonymous were the spark; the notion that he would sell or give this information to the government was the fuel that led Anonymous to explode and respond. Part of their response was to leak HBGary’s internal communications to the public.

Barr knew that such claims would make HBGary and HBGary Federal targets; he said so in a January 22 email to the other senior executives. The problem was that HBGary expected Anonymous to respond with the normal Denial of Service attack.

HBGary CEO, Greg Hoglund, asked, “I don’t really want to get DDOS’d, so assuming we do get DDOS’d then what? How do we make lemonade from that?”

As it turns out, it was so much more. Anonymous responded by leaking emails, taking down both HBGary and HBGary Federal domains, hijacking Twitter and LinkedIn accounts maintained by company officials, and they compromised a separate domain co-founded by Hoglund, rootkit.com

So what was this information on Anonymous? Was it legitimate? Barr maintains that it was, but Anonymous disagreed and released it to the public. You can view the Anonymous PDF report created by Barr here. LINK HERE

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s