Monday, February 7, 2011

Arrested UK Anonymous

Arrested UK Anonymous

Anonymous attack on HBGary


What a lulzy event this is!

A security company has felt the wrath of Anonymous after its CEO told a newspaper he had discovered personal information about individuals he believes are high-ranking members of the hacktivist group. In retaliation, the group disabled the company's website, published thousands of its internal emails and posted an online rebuke to the executive's claims.  

Anonymous, an amorphous group of cyberactivists, has set its sights on HBGary Federal, a company claiming to provide security expertise to the United States' federal government.
The group took down HBGary Federal's websites and posted a message denouncing the company online .
Anonymous' attack followed statements by Aaron Barr, HBGary Federal's CEO, that the company had collected information on the group's main leaders.
Anonymous has previously attacked the websites of governments and firms that opposed or took action against WikiLeaks for publishing more than 250,000 U.S. government cables on the Internet.
HBGary Federal did not respond to requests for comment by press time.

HBGary's Misstep

During an interview the Financial Times published last week, Barr claimed to have put together information about various high-ranking members of Anonymous through various means, including Facebookprofiles.
Barr did this to demonstrate the security risks to organizations from social media and networking, he claimed.
In the interview, he also identified the nicknames and locations of a few individuals he believed to be top members of Anonymous.
Giving an interview to the Financial Times was probably a mistake, Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
"One thing you quickly learn as a security company is that you don't go out and bait people," Enderle said. "You don't go out and seek news coverage or it will backfire on you," he added.
"That's the risk you take any time you challenge hackers," Mandeep Khera, chief marketing officer at Cenzic, told TechNewsWorld. "They'll always find a way to get in."

Anonymous' Reaction

In addition to hijacking HBGary Federal's domain, Anonymous posted a message on the company's website.
The message also included an excerpt from what it claims is one of Barr's emails in which he essentially said his actions were about publicizing HBGary Federal's expertise.
Anonymous' message states the information Barr discovered is publicly available on its IRCnetworks, and it implies that Barr meant to sell his research to the FBI. The message claims Anonymous has in fact already sent the information to the FBI itself.
The cyberactivist group also posted 66,000 of HBGary Federal's corporate emails onto the Web.
Members of the group are being targeted by various governments. The British authorities have reportedly arrested five people they claim are members of Anonymous, and the U.S. authorities are claimed to have carried out 40 court-authorized searches in connection with their investigation into Anonymous.

What Is HBGary Federal?

HBGary Federal was the U.S. government cybersecurity services arm of HBGary. It was spun off in December of 2009.
HBGary CEO and Founder Greg Hoglund hired cybersecurity experts Aaron Barr and Ted Vera as the spin-off's CEO and COO, respectively. Both are former employees of Northrop Grumman (NYSE: NOC).
Barr, whose interview triggered the retaliation from Anonymous, reportedly served as the director of technology for the cybersecurity and signal intelligence business unit in Northrop Grumman's Intelligence Systems Division.
HBGary Federal's targeted customers included the U.S. Department of Defense, the U.S. intelligence community and other government agencies.

Breaking Into HBGary Federal

Anonymous apparently hacked into HBGary Federal by first hacking a tech support server, then compromising an insecure Web server to get at the company's emails, Hoglund told theFinancial Times.
Finding and getting into a relatively insecure server in order to penetrate the enterprise network is a pretty standard hacking technique. Shouldn't a company that specializes in security perhaps have all its servers secured?
"If you're in the security business you probably need to make sure your own stuff is secure," Enderle said. "But often it's a case of the cobbler's children not having new shoes -- a company puts out new technology but that technology isn't necessarily applied to its own operations."
That's because the workings of many security companies' operations and in-house IT are kept separate, Enderle elaborated.
"The general security posture across the industry is very low right now," Cenzic's Khera said. "Most companies, for example, are testing only a fraction of their Web applications for security."
However, it might not be feasible to harden all a company's systems, even if that company specializes in security, suggested Randy Abrams, director of technical education at ESET.
"Even security companies have budgets and resource limitations," Abrams told TechNewsWorld. "Security is all about managing risk and, in weighing how secure the least important servers need to be, public relations should be part of the risk assessment for a security company."

Jeffrey Dahmer

His girlfriend looked like a bludgeoned narwhal. 

Haters Gonna Hate

Project Chanology: Dear Scientology

Over the years, we have been watching you. Your campaigns of misinformation; suppression of dissent; your litigious nature, all of these things have caught our eye. With the leakage of your latest propaganda video into mainstream circulation, the extent of your malign influence over those who trust you, who call you leader, has been made clear to us. Anonymous has therefore decided that your organization should be destroyed. For the good of your followers, for the good of mankind--for the laughs--we shall expel you from the Internet and systematically dismantle the Church of Scientology in its present form. We acknowledge you as a serious opponent, and we are prepared for a long, long campaign. You will not prevail forever against the angry masses of the body politic. Your methods, hypocrisy, and the artlessness of your organization have sounded its death knell.

You cannot hide; we are everywhere.

We cannot die; we are forever. We're getting bigger every day--and solely by the force of our ideas, malicious and hostile as they often are. If you want another name for your opponent, then call us Legion, for we are many.

Yet for all that we are not as monstrous as you are; still our methods are a parallel to your own. Doubtless you will use the Anon's actions as an example of the persecution you have so long warned your followers would come; this is acceptable. In fact, it is encouraged. We are your SPs.

Gradually as we merge our pulse with that of your "Church", the suppression of your followers will become increasingly difficult to maintain. Believers will wake, and see that salvation has no price. They will know that the stress, the frustration that they feel is not something that may be blamed upon Anonymous. No--they will see that it stems from a source far closer to each. Yes, we are SPs. But the sum of suppression we could ever muster is eclipsed by that of the RTC.

Knowledge is free.

We are Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.