HBGary’s systems and website hacked by Anonymous
Following HBGary Federal’s COO Aaron Barr’s claim that he discovered the identities of Anonymous’ leaders through the use of social networks, the internet group reacted by hacking into the security company’s networks and website.
For a while, the website contained a message from Anonymous, in which the group claims that Barr is so far off when it comes to their real identities, that it would share the information with the FBI for free. This jibe is a reaction to an e-mail sent by Barr to the federal agency in which he talks about selling the gathered information.
“We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve “extracted’ is publicly available via our IRC networks,” they said. “Your glorious fallacious work can be a wonder for all to scour, as will all of your private emails (more than 66,000 beauties for the public to enjoy).”
According to Brian Krebs, Greg Hoglund – a well known-security researcher and one of the founders of HBGary – says that the attackers who breached the company’s system have shown skills that surpass those used in typical website-oriented Anonymous hacks.
“They broke into one of HBGary’s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal,” he says. “They used that to get the credentials for Aaron, who happened to be an administrator on our email system, which is how they got into everything else.”
They also managed to gain access to the e-mail account used by him and used it to ask the admin of rootkit.com (a security research site maintained by Hoglund) to open the firewall and reset Hoglund’s password.
In addition to all that, Anonymous members have hijacked Barr’s Twitter account – along with accounts of other HBGary employees – and published his Social Security number and address, along with a series of offensive messages.
The Tech Herald reports that Anonymous had gained access to the company e-mails, malware data, financial data, PBX systems and more and has already made public many of its internal documents in the form of a torrent file.
The company’s President Penny Leavy, Greg Hoglund and Aaron Barr have attempted to do some damage control by talking to the Anonymous members on an IRC channel used by them and asking them to put a brake on their actions – especially when it comes to the disclosure of e-mails that have not yet been published.
Barr denied that he was talking about the selling of the data to the FBI. “The email you are referring to about selling data was about a model built on this type of research. It was not to sell specifically this data,” he claimed, and delivered a parting blow: “-¦guys you hacked our servers, took our data, and posted it to the public…it’s criminal now… it’s out of my hands…”