Jump to content

Anonymous Strikes Back


Lancer
 Share

Recommended Posts

Anonymous to security firm working with FBI: "You've angered the hive"

anonymous-lulz-lol-ars-thumb-640xauto-19460.jpg

Internet vigilante group Anonymous turned its sights on security firm HBGary on Sunday evening in an attempt to "teach [HBGary] a lesson you'll never forget." The firm had been working with the Federal Bureau of Investigation (FBI) to unmask members of Anonymous following the group's pro-WikiLeaks attacks on financial services companies, and was prepared to release its findings next week.

HBGary had been collecting information about Anonymous members after the group's DDoS attacks on companies perceived to be anti-WikiLeaks. The firm had targeted a number of senior Anonymous members, including a US-based member going by the name of Owen, as well as another member known as Q. In addition to working with the FBI (for a fee, of course), HBGary's CEO Aaron Barr was preparing to release the findings this month at a security conference in San Francisco.

Anonymous, however, felt that HBGary's findings were "nonsense" and immediately retaliated—but this time with something other than a DDoS attack. Instead, Anonymous compromised the company's website, gained access to the documents that HBGary had collected on its members, and published more than 60,000 of HBGary's e-mails to BitTorrent. They also vandalized Barr's Twitter and LinkedIn accounts with harsh messages and personal data about Barr, such as his social security number and home address.

"We've seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you've 'extracted' is publicly available via our IRC networks," Anonymous wrote in a statement posted to HBGary's site on Sunday. "So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free."

HBGary cofounder and security researcher Greg Hoglund confirmed on Sunday evening that the latest attacks were sophisticated compared to the group's past shenanigans. "They broke into one of HBGary's servers that was used for tech support, and they got e-mails through compromising an insecure Web server at HBGary Federal," Hoglund told KrebsonSecurity. "They used that to get the credentials for Aaron, who happened to be an administrator on our e-mail system, which is how they got into everything else. So it's a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time."

As for the 60,000 e-mails that are now available to anyone with a torrent client, Hoglund argued that their publication was irresponsible and would cost HBGary millions of dollars in losses due to the exposure of proprietary information. "Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they're committing a federal crime, stealing private data and posting it on a torrent," Hoglund said.

It's unlikely that Anonymous cares about what Hoglund thinks, though. Several of the company's e-mails indicated that Barr was looking for ways to spin its info about Anonymous as a pro-HBSecurity PR move, which Anonymous took special issue with. The group warned HBGary that it had "charged into the Anonymous hive" and now the company is "being stung."

"It would appear that security experts are not expertly secured," Anonymous wrote

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.