tagged w/ HBGary
-
Governments of the Industrial World, you weary giants of flesh and steel, we come from the Internet, the new home of Mind.
On behalf of the future, we ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
Moar here:
http://rezn8d.net/2012/03/02/a-declaration-of-the-independence-of-cyberspace/Governments of the Industrial World, you weary giants of flesh and steel, we come from... more
-
-
R3zn8D
-
added this
-
3 months ago
- |
-
Surveillance Who’s Who exposes the government agencies that attended six ISS World conferences between 2006 and 2009. ISS world is a surveillance trade show known to industry insiders as ‘The Wiretappers’ Ball’. This project is part of our Big Brother Incorporated investigation into the sale of surveillance technology. Read more…
Help us investigate
ISS World is attended by brutal dictatorships and Western democracies alike. Governments and companies from all over the world meet, mingle, buy and sell – we want to know who’s dealing with who. Many countries publish government spending, which you can use in conjunction with our data and the WikiLeaks Spyfiles to dig around. Take direct action by submitting Freedom of Information requests or writing to your elected representative. A little data goes a long way in this sort of investigation. Join our discussion list to be kept up to date and share your findings.
Surveillance Who’s Who exposes the government agencies that attended six ISS World conferences between 2006 and 2009. ISS world is a surveillance trade show known to industry insiders as ‘The Wiretappers’ Ball’. This project is part of our Big Brother Incorporated investigation into the sale of surveillance technology. Read more…
Privacy International Big Brother Company Map
http://www.spyfiles.org/#embed
Help us investigate
ISS World is attended by brutal dictatorships and Western democracies alike. Governments and companies from all over the world meet, mingle, buy and sell – we want to know who’s dealing with who. Many countries publish government spending, which you can use in conjunction with our data and the WikiLeaks Spyfiles to dig around. Take direct action by submitting Freedom of Information requests or writing to your elected representative. A little data goes a long way in this sort of investigation. Join our discussion list to be kept up to date and share your findings.Surveillance Who’s Who exposes the government agencies that attended six ISS... more
-
-
R3zn8D
-
added this
-
4 months ago
- |
-
The freedom of our internet is at stake, 1984 is here, Big Brother is watching you, tracking your every move, and he is slowly dissolving your connections to uncensored content. Google's actions have prompted me to write a "State of the Internet" address regarding our current Orwellian existence.
In addition to Google's new privacy concerns, this page will seek to document any programs, software, and companies or organizations that help fund, effect, or support censorship and/or tracking on the internet; as well as ways to protect yourself and browse anonymously online. This page will be updated from time to time with no notice.The freedom of our internet is at stake, 1984 is here, Big Brother is watching you,... more
-
-
R3zn8D
-
added this
-
4 months ago
- |
-
Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a Congressional investigation loomed. A dozen Democrats in Congress asked various Republican committee chairs to launch probes of HBGary Federal's idea for a "reconnaissance cell" targeting pro-union organizers.
http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022805810.html
HBGary Federal was hacked last month by Anonymous after Aaron Barr believed he had unmasked much of the group's leadership—and Barr's entire cache of corporate e-mails was made public. Those messages revealed that Barr had joined up with two other security firms, Palantir and Berico, to pitch the powerhouse DC law firm of Hunton & Williams on an idea to go after union-backed websites who opposed the US Chamber of Commerce. The scheme, if adopted, would have cost the Chamber up to $2 million a month.
The three companies called themselves Team Themis, and instead of providing simple "business intelligence," they had a few other ideas:
* Create a false document, perhaps highlighting periodical financial information, and monitor to see if US Chamber Watch acquires it. Afterward, present explicit evidence proving that such transactions never occurred. Also, create a fake insider persona and generate communications with [union-backed Change to Win]. Afterward, release the actual documents at a specified time and explain the activity as a CtW contrived operation.
* If needed, create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second. Such work is complicated, but a well-thought out approach will give way to a variety of strategies that can sufficiently aid the formation of vetting questions US Chamber Watch will likely ask.
* Create a humor piece about the leaders of CtW.
Now, some members of Congress want an investigation. "The [Team Themis] techniques may have been developed at US government expense to target terrorists and other security threats," said a letter signed by the representatives.
http://www.scribd.com/doc/49777524/Hunton-Williams-Investigation-letter
"The e-mails indicate that these defense contractors planned to mine social network sites for information on Chamber critics; planned to plant 'false documents' and 'fake insider personas' that would be used to discredit the groups; and discussed the use of malicious and intrusive software ('malware') to steal private information from the groups and disrupt their internal electronic communications."
Did anything illegal happen? The letter suggests that forgery, wire fraud, and computer fraud might have taken place and that Congress should investigate the ways that private contractors turn their military contracting experience on private targets.
Going after the lawyers
Hunton & Williams, the middleman law firm in all this (and the middleman between a major US bank and Team Themis' similar plan to take down WikiLeaks), has steadfastly refused to comment on the whole story. But it too may find itself in trouble after a professional conduct complaint (PDF) was lodged against it last week in Washington, DC. http://www.velvetrevolution.us/images/H_W_Bar_complaint.pdf
The complaint was filed by Stop the Chamber and Velvet Revolution, two of the groups targeted for the potential Chamber of Commerce campaign. It accuses the three Hunton & Williams lawyers named in the HBGary Federal e-mails of "an extended pattern of unethical behavior that included likely criminal conduct."
> Specifically, they solicited, conspired with and counseled three of its investigative private security firms to engage in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.
Most of this alleged bad behavior was done, of course, by Team Themis and not by Hunton & Williams. Still, they reviewed (and appear to have had no problems with) the material. As the complaint puts it, "none of the H&W lawyers ever expressed any reservation or doubt about the unethical conduct proposed and committed by their investigators. In fact, they actively solicited and approved everything that was proposed and presented."
The complaint asks the DC Board of Professional Responsibility to strip all three Hunton & Williams lawyers of their licenses.Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a... more
-
-
http://www.dewereldmorgen.be/sites/default/files/2011/02/20/aaron_barr_forever-the-game.gif
Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.
The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal's computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr's resignation.
In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack.
“I need to focus on taking care of my family and rebuilding my reputation," Barr said in a phone interview. "It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”
The group conducted a preemptive strike on HBGary after Barr was quoted in a published article saying that he had identified the leadership of the group and planned to disclose their identities at the B-Sides Security Conference in San Francisco.
By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks, the group gained access to the company's Web- and e-mail servers as well as the Rootkit.com Web site, a site also launched by HBGary founder Greg Hoaglund. Ultimately, the group defaced HBGary's Web site and disgorged the full contents of e-mail accounts belonging to Barr, Hoglund and other company executives.
Though Barr and HBGary were the victims of the hack, the contents of the e-mail messages divulged plans that cast both in an unflattering light. Among them were data mining efforts and mentions of possible disinformation campaigns on behalf of a "large U.S. bank" and the law firm that represents the U.S. Chamber of Commerce that seem to run afoul of civil liberties and professional ethics.
HBGary counted many U.S. government agencies, including the Department of Defense, CIA and NSA as customers. The disclosure of e-mail messages from the company poses a major security risk to those organizations, as well as individuals who had corresponded with the firm. The breach also raises troubling questions about the direction that HBGary and other Beltway firms have taken. Email exchanges published online revealed the firm to be at work on a variety of plans to do data mining and information operations on U.S. organizations and journalists on behalf of clients including law firms representing a large U.S. bank and the U.S. Chamber of Commerce. Most recently, the incident spilled into the mainstream, with comedian Stephen Colbert devoting a segment of his Colbert Report program on February 24 to the HBGary hack.http://www.dewereldmorgen.be/sites/default/files/2011/02/20/aaron_barr_forever-the-game... more
-
-
-
On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.
"I got this word doc linked off a dangler site for Al Qaeda peeps," wrote Hoglund. "I think it has a US govvy payload buried inside. Would be neat to [analyze] it and see what it's about. DONT open it unless in a [virtual machine] obviously… DONT let it FONE HOME unless you want black suits landing on your front acre. :-)"
The attached document, which is in English, begins: "LESSON SIXTEEN: ASSASSINATIONS USING POISONS AND COLD STEEL (UK/BM-154 TRANSLATION)."
It purports to be an Al-Qaeda document on dispatching one's enemies with knives (try "the area directly above the genitals"), with ropes ("Choking… there is no other area besides the neck"), with blunt objects ("Top of the stomach, with the end of the stick."), and with hands ("Poking the fingers into one or both eyes and gouging them.").
But the poison recipes, for ricin and other assorted horrific bioweapons, are the main draw. One, purposefully made from a specific combination of spoiled food, requires "about two spoonfuls of fresh excrement." The document praises the effectiveness of the resulting poison: "During the time of the destroyer, Jamal Abdul Nasser, someone who was being severely tortured in prison (he had no connection with Islam), ate some feces after losing sanity from the severity of the torture. A few hours after he ate the feces, he was found dead."On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent... more
-
-
As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.
ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.
Barr Says He’s Done this with Terrorists
I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.
The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.
He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.
On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.
In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.
His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.
Now it’s not at all clear that it is valid (I’ll have more to say on this in the future, too). Barr’s coder argued that what he’s measuring is only guilt by association, not real association (see where this begins to sound familiar?). TechHerald, in a useful analysis of the paper he was going to give on Anonymous, judges,
His research has plenty of interesting aspects, but seems to have several flaws as well. He is right when he says social media can be used to target and exploit people and organizations, but wrong when he assumes the spider web links between people are proof positive of anything criminal or malicious.
In other words, what Barr has done has mapped out associations with no guarantee the associations mean anything, much less any involvement in a particular group.
Our Intelligence Agencies Talk to HBGary
The fact that Barr’s project is so dubious is all the more troubling, given that DOJ and our intelligence community seemed prepared to take his work seriously. Barr’s emails make it clear that he was in talks on February 4 with several branches of our intelligence community about sharing his analysis of Anonymous.
>> Interesting Day.
>>
>> So I have been contacted by OSD (Rosemary [Wenschel, head of Cyberops at DOD]), FBI, USG, and now DNI…all today.
>>
>> I have a meeting with FBI/OSD Monday @ 11am.
>>
>> Met with some folks at my old customer today (I should fill u in on that).
>>
>> And looks like a meeting to be set up with Dawn [Meyerriecks, head of DNI's Acquisition and Technology]…
>>
>> Let me know if you would like to get together.
>>
>> Aaron
The reference to USG or “my old customer” may mean the CIA, as someone signing an email MFM that was sent from CIA’s public domain name contacted Barr about “timely capabilities” on the 4th as well. (“My old customer” may also mean TASC and/or NSC, since Barr was in talks about being bought out to work in TASC’s Ft. Meade office.)
Barr’s contemplated work (and in some cases, ongoing discussions) with entities like DOD’s Cyberops, NSA, and CIA is all the more troubling given an exchange he had with his former colleague from Northrup Grumman. Barr described the meeting with his former client, emphasizing that that client was not capable of “doing the right activities” “because of authority and policy restrictions.”
The conversation was very interesting today. The admit they had no idea this was happening until it hit the streets. They have no idea how to manage things like this in the future. And the agree they are not capable of doing the right activities (like I did) to be better prepared in the future because of authority and policy restrictions.
That is, whoever the client was, they agreed that they couldn’t do the kind of spying domestically Barr could because of policy restrictions.
Barr’s former colleague asked “Do you suppose there might be a market for an offshore intel gathering organization that would sell results?” To which Barr responded, “absolutely needed. Government is not going to get out of their way anytime soon to be able to do this work.”
As I will show in the future, Barr had already done this kind of analysis within the intelligence community. He had pushed to apply it to citizen activism (as well as Anonymous, though some of the people he targeted may also have engaged solely in First Amendment protected activites), and the intelligence community was anxious to hear about his Anonymous work (though there’s no indication they knew how dubious it was).
GO TO STORY:
http://emptywheel.firedoglake.com/2011/02/14/the-hbgary-scandal-using-counterterrorism-tactics-on-citizen-activism/As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his... more
-
-
In the new emails released by Anonymous we discover that HBGary Inc. may have been working on the development of a new type of Windows rootkit that was undetectable and almost impossible to remove.
Crowdleaks.org cannot confirm how far into development this project went. However we do know by looking at the following email that the Magenta Rootkit proposal was forwarded from Greg Hoglund at HBGary to Ray Owen, President of Farallon Research LLC.
From: Greg Hoglund To: Ray.owen@farallon-research.com Date: Fri, 7 Jan 2011 14:29:25 -0800 Subject: Fwd: Magenta Rootkit (for Ray)
Full headers
—–
mime-version: 1.0
received: by 10.147.181.12 with HTTP; Fri, 7 Jan 2011 14:29:25 -0800 (PST)
in-reply-to:
references:
date: Fri, 7 Jan 2011 14:29:25 -0800
delivered-to: greg@hbgary.com
message-id:
subject: Fwd: Magenta Rootkit (for Ray)
from: Greg Hoglund
to: Ray.owen@farallon-research.com
content-type: multipart/mixed; boundary=000e0cd3ea788d10dc0499492677
Attachments: MAGENTA.docx (13878 bytes)
Farallon Research LLC is privately held government contractor based in Gatos, CA. Their website offers no insight into who they are or what they do other than an “About Us” page which simply states: “The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government.”
In the following message we can see that Shawn Bracken, Principal Research Scientist at HBGary, attached and sent the initial Magenta Rootkit proposal to Greg Hoglund.
———- Forwarded message ———-
From: Shawn Bracken
Date: Fri, Jan 7, 2011 at 11:07 AM
Subject: Magenta Rootkit (for Ray)
To: Greg Hoglund
G,
Attached is the requested rootkit proposal � let me know what you think.
Cheers,
-SB
Shawn Bracken
Principal Research Scientist
HBGary, Inc.
(916) 459-4727 x 106
shawn@hbgary.com
In the attached word document (MAGENTA.docx) we find:
Description: Magenta would be a new breed of windows based rootkit, which HBGary refers to as a multi-context rootkit. Magenta is a 100% pure assembly language implemented rootkit. The magenta rootkit body is injected into kernel memory via the DriverEntry() partial-load technique. Once loaded into kernel memory, Magenta would automatically identify an active process/thread context to inject itself into via an APC (Asynchronous Procedure Call). Once the APC fires in the new process context, the body of the rootkit will be executed. Finally, At the completion of each APC activation, magenta will move itself to a new location in memory and automatically identify one or more new activation PROCESS/THREAD combination’s to queue one or more additional activation APC’s into.
When Activated, the Magenta rootkit will be capable of searching for and executing imbedded command and control messages by finding them wherever they may exist in physical memory on the compromised host. This is ideal because it’s trivial to remotely seed C&C messages into any networked windows host – even if the host in question has full windows firewalling enabled. The Magenta payload will also contain imbedded capabilities for injecting these C&C payloads directly into user-mode processes. This will allow injectable C&C payloads to be written to perform user-mode tasks on the compromised host.
Key Features:
New breed of rootkit – There isn’t anything like this publicly
Extremely small memory footprint – (4k or less)
Almost impossible to remove from a live running system
o Once the injected Magenta rootkit body is loaded into kernel memory, it will be fire-and-forget. You can delete the original .sys file used to load it if you wish.
o Any physical memory based tools that would allow you to see the current location of Magenta body would only be of limited use since by the time the responder tried to verify his results Magenta will have already moved to a new location & context
Elegant/powerful C&C message system. There is a near endless amount of ways to get a small seeded C&C message into the physical memory of a networked computer even with zero credentials.
Invisible to kernel mode defense components that rely on the PsSetLoadImageNotifyRoutine() notification routine to detect/analyze/block drivers.
o HINT: PsSetLoadImageNotify() callbacks only get called for drivers who returned TRUE in their DriverEntry()
Project Development Phases:
HBGary recommends using at least a two phase project to build out Magenta. In Phase-1 HBGary would build a fully functional prototype for Windows XP – Service Pack 3 (X86). This would allow an end-to-end proof of concept prototype to be developed and demonstrated. Phase-2 would purely consist of porting the Magenta rootkit to all current flavors of Microsoft Windows (x86 & x64)
Crowdleaks.org cannot confirm that the Magenta Rootkit proposal was even accepted but given HBGary’s involvement in Stuxnet research, it’s a chilling proposal that was likely taken seriously by HBgary INC. and probably not the first of its kind.
GO TO STORY:
http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/In the new emails released by Anonymous we discover that HBGary Inc. may have been... more
-
-
General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device. The enabling kernel mode implant will cater to a command and control element via the serial port. The demonstration will utilize an exploit in Outlook as the delivery mechanism for said software application. The subsequently loaded implant will be stable and will not crash the demonstration system. A usermode component will be included as part of the exploitation package that exercises the kernel mode implant for demonstration purposes. The loaded implant will use the connected serial port to remotely enable functions which can be visible on the collection computer connected on the other end of the serial line. The purpose of the demonstration setup is to verify the functionality for the customer and validate that all work has been completed.
Primary Objectives:
• Development of a kernel-mode implant that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station. For demonstration, a null modem cable will be used to connect the collection station
• The use of a standard Outlook Exploit as a delivery mechanism for the implant, with the intention being that any suitable exploit could be used for the same.
• As part of the exploit delivery package, a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant.
• Test set (which will consist of two computers networked together via a null modem cable using HyperTerminal) that can reliably and repeatedly demonstrate the exploit and subsequent implant capability of the system.
GO TO STORY:
http://publicintelligence.net/hbgary-general-dynamics-malware-development-project-c/General Dynamics has selected HBGary Inc to provide this proposal for development of a... more
-
-
Hunton & Williams, the law firm that solicited HBGary and two other security firms to spy on Chamber of Commerce opponents, has remained silent so far about its efforts.
But it hasn’t covered its tracks. The SEIU reports that people from Hunton & Williams spent 20 hours last November–at the time when Themis was pitching H&W to use a JSOC approach to go after Chamber opponents–on the SEIU sites.
Server logs and leaked emails reveal that employees at Hunton & Williams, the principal law firm of the U.S. Chamber of Commerce, spent 20 hours on SEIU websites last November while partners from the firm were working with private security firms on an illegal “dirty tricks” campaign aimed at undermining the credibility of the Chamber’s political opponents, including the Service Employees International Union (SEIU).
And of course SEIU is able to see precisely what H&W was looking at in that period: top H&W page views in 2010 include SEIU’s page on the Chamber and on big banks. People from H&W searched on individuals at SEIU as well as on SEIU’s organizing of protests outside of BoA’s General Counsel. They even searched on “hourly pay for SEIU organizers.” (Whatever that is, it’s less than Themis was going to charge for its paid trolls.)
No wonder H&W has been so quiet about their role in this campaign.
Update: This post has been edited for accuracy.
http://timeoutcorner.files.wordpress.com/2011/02/hbgary-sparta2.jpg?w=640&h=392&crop=1Hunton & Williams, the law firm that solicited HBGary and two other security firms... more
-
-
Spy games: Inside the convoluted plot to bring down WikiLeaks
When Aaron Barr was finalizing a recent computer security presentation for the US Transportation Security Administration, a colleague had a bit of good-natured advice for him: "Scare the sh*t out of them!"
In retrospect, this may not have been the advice Barr needed. As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients—and quickly—as the startup business hemorrhaged cash. To do so, he had no problem with trying to "scare the sh*t out of them." When working with a major DC law firm in late 2010 on a potential deal involving social media, for instance, Barr decided that scraping Facebook to stalk a key partner and his family might be a good idea. When he sent his law firm contact a note filled with personal information about the partner, his wife, her family, and her photography business, the result was immediate.
"Thanks. I am not sure I will share what you sent last night—he might freak out."
This rather creepy behavior became common; Barr used it as a sign of his social media prowess. Another target of his investigations went to "a Jewish Church in DC, the Temple Micah." Someone else "married @ the Inn at Perry Cabin in St. Michaels, MD (non-denominational ceremony)." Barr was even willing to helpfully guesstimate the ages of children in photographs ("they have 2 kids, son and daughter look to be 7 and 4").
-------------------- /~/-------------------
With one potential client, Barr sifted the man's social media data and then noted that "I am tempted to create a person from his highschool and send him a request, but that might be overstepping it."
As the money ran out on HBGary Federal, Barr increasingly had no problem "overstepping it." In November, when a major US bank wanted a strategy for taking down WikiLeaks, Barr immediately drafted a presentation in which he suggested "cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France, putting a team together to get access is more straightforward."
GO NEXT PAGE:
http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.arsSpy games: Inside the convoluted plot to bring down WikiLeaks
When Aaron Barr was... more
-
-
By Byron Acohido, USA TODAY
Comment
15Recommend
CAPTIONBy Ian Murphy Photography
The U.S. Chamber of Commerce -- like the Bank of America -- is scrambling to distance itself from a cache of stolen e-mails that continue to disgorge stunning details of how high-stakes, corporate-backed disinformation campaigns get birthed.
The chamber and BofA are embroiled in mirror-image controversies stemming directly from the spontaneous hack last Sunday of HBGary Federal, a digital intelligence firm. The hack was pulled off by the elite global hacking group known as Anonymous.
That's not all. More e-mails swiped during that hack are very likely to be released publicly in the next few days, says Gregg Housh, a well-known activist and close observer of Anonymous.
For more on what stirred Anonymous to hack into HBGary Federal, and specifically target its CEO Aaron Barr, see our post from earlier today.
Housh emphasized that he does not participate in Anonymous' attacks, nor is he a spokesman for the hacking group, which may be best known for seeking revenge on corporations that attempted to cripple WikiLeaks.
But Housh regularly hangs around public Internet Relay Chat rooms where Anonymous members are known to congregate. He was in such a chat room with about 100 others last weekend when the HBGary hack was hatched. So he had a ring side seat.
Housh says a 16- year-old girl who part of a team of five elite hackers that conducted the hack played a pivotal role. She tricked a systems administrator into giving her access deep inside the company's network by persuading the admin into letting her use a temporary password: changeme123.
The team then swooped in to quickly deface the company's website and destroy data and applications, including wiping out back-up programs. They broke into the company's Google Enterprise cloud-based e-mail service and spent several hours downloading e-mail from Barr and five other senior employees. The entire hack took about eight or nine hours, with most of that time spent downloading emails, estimates Housh.
About 50,000 of Barr's e-mails very quickly got released on the Internet. But roughly 27,000 e-mails from the account of HBGary co-founder Greg Hoglund were held in reserve.
Anonymous group members who did not participate in the hack, along with a handful of reporters, began poring through Barr's email. On Wednesday, Feb. 9, Steve Ragan, Security Editor for The Tech Herald, published this story tying Bank of America to a campaign to muzzle WikiLeaks founder Julian Assange.
And on Thursday, Feb. 10, Lee Fang, a reporter for ThinkProgress.org, published this story tying the U.S. Chamber to preparations for a $2 million dirty-tricks campaign to undermine non-profit and labor groups who oppose the chamber's lobbying missions on behalf of large corporations.
Barr's e-mails contained details of plans to create faked personas to try to infiltrate such groups. One tactic discussed was how to entice opponent groups to go public with the bogus documents smearing the chamber, then exposing the documents as erroneous.
Even more worrisome were plans to harvest and circulate sensitive and unflattering information about spouses and children of progressive group leaders, says ThinkProgress reporter Scott Keyes.
In a Feb. 3 e-mail received by Barr, the sender grouses about not being able to collect an anticipated fee for preparing a preliminary plan. However the sender optimistically points to a Feb. 14 meeting at which he expects a deal to be nailed down under which the Chamber would pay $250,000 to $300,000 per month for "services and license fees."
"It's important to note that the smears and disinformation plans only saw the light of day because these e-mails were leaked," says Keyes. "Otherwise all this stuff very likely would have ended up in the mainstream dialogue, without people realizing that this was a smear plot deliberately hatched by the U.S. Chamber of Commerce."
The e-mail revelations may not be over. Housh says Anonymous members late Friday were pushing ahead with plans to begin releasing Hoglund's e-mails -- on a user-friendly web page.
"So now they're working on a searchable, web-based interface that allows anyone to go through and categorize 27,000 more pieces of e-mail," says Housh. "They're saying very clearly that some of this next stuff to come out is worse. We'll see."
GO TO STORY:
http://content.usatoday.com/communities/technologylive/post/2011/02/us-chamber-joins-bofa-in-denying-ties-to-disinformation-campaigns/1By Byron Acohido, USA TODAY
Comment
15Recommend
CAPTIONBy Ian Murphy Photography... more
-
-
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code.
In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project.
"They think I have nothing but a heirarchy based on IRC [Internet Relay Chat] aliases!" he wrote. "As 1337 as these guys are suppsed to be they don't get it. I have pwned them! :)"
But had he?
"We are kind of pissed at him right now"
Barr's "pwning" meant finding out the names and addresses of the top Anonymous leadership. While the group claimed to be headless, Barr believed this to be a lie; indeed, he told others that Anonymous was a tiny group.
"At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls," he wrote in an internal e-mail. (All e-mails in this investigative report are provided verbatim, typos and all.) "Most of the people in the IRC channel are zombies to inflate the numbers."
The show was run by a couple of admins he identified as "Q," "Owen," and "CommanderX"—and Barr had used social media data and subterfuge to map those names to three real people, two in California and one in New York.
Near the end of January, Barr began publicizing his information, though without divulging the names of the Anonymous admins. When the Financial Times picked up the story and ran a piece on it on February 4, it wasn't long before Barr got what he wanted—contacts from the FBI, the Director of National Intelligence, and the US military. The FBI had been after Anonymous for some time, recently kicking in doors while executing 40 search warrants against group members.
Confident in his abilities, Barr told one of the programmers who helped him on the project, "You just need to program as good as I analyze."
But on February 5, one day after the Financial Times article and six days before Barr's sit-down with the FBI, Anonymous did some "pwning" of its own. "Ddos!!! Fckers," Barr sent from his iPhone as a distributed denial of service attack hit his corporate network. He then pledged to "take the gloves off."
When the liberal blog Daily Kos ran a story on Barr's work later that day, some Anonymous users commented on it. Barr sent out an e-mail to colleagues, and he was getting worked up: "They think all I know is their irc names!!!!! I know their real fing names. Karen [HBGary Federal's public relations head] I need u to help moderate me because I am getting angry. I am planning on releasing a few names of folks that were already arrested. This battle between us will help spur publicity anyway."
Indeed, publicity was the plan. Barr hoped his research would "start a verbal braul between us and keep it going because that will bring more media and more attention to a very important topic."
But within a day, Anonymous had managed to infiltrate HBGary Federal's website and take it down, replacing it with a pro-Anonymous message ("now the Anonymous hand is bitch-slapping you in the face.") Anonymous got into HBGary Federal's e-mail server, for which Barr was the admin, and compromised it, extracting over 40,000 e-mails and putting them up on The Pirate Bay, all after watching his communications for 30 hours, undetected. In an after-action IRC chat, Anonymous members bragged about how they had gone even further, deleting 1TB of HBGary backup data.
They even claimed to have wiped Barr's iPad remotely.
The situation got so bad for the security company that HBGary, the company which partially owns HBGary Federal, sent its president Penny Leavy into the Anonymous IRC chat rooms to swim with the sharks—and to beg them to leave her company alone. (Read the bizarre chat log.) Instead, Anonymous suggested that, to avoid more problems, Leavy should fire Barr and "take your investment in aaron's company and donate it to BRADLEY MANNINGS DEFENCE FUND." Barr should cough off up a personal contribution, too; say, one month's salary?
As for Barr's "pwning," Leavy couldn't backtrack from it fast enough. "We have not seen the list [of Anonymous admins] and we are kind of pissed at him right now."
Were Barr's vaunted names even correct? Anonymous insisted repeatedly that they were not. As one admin put it in the IRC chat with Leavy, "Did you also know that aaron was peddling fake/wrong/false information leading to the potential arrest of innocent people?" The group then made that information public, claiming that it was all ridiculous.
Thanks to the leaked e-mails, we now have the full story of how Barr infiltrated Anonymous, used social media to compile his lists, and even resorted to attacks on the codebase of the Low Orbit Ion Cannon used in attacks—and how others at his own company warned him about the pitfalls of his own research.
THIS IS ONLY PART OF IT, KEEP READING ITS FUNNY!Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been... more
-
-
Anonymous attacks US security company HBGary chief Aaron Barr's Twitter account hijacked and personal details leaked in revenge for infiltration of hacking collective...
Anonymous hijacked the Twitter account of HBGary chief executive Aaron Barr
The loose hacker collective Anonymous says it has taken revenge on a US security company whose principal claimed to have penetrated the group and identified some of its key people.
They hacked the Twitter account of Aaron Barr, the chief executive of HBGary, and sent out a series of angry tweets while many Americans were watching the Super Bowl match on Sunday night, allegedly including Barr's social security number and address, and his mobile phone number.
The tweets link to torrents of the company's emails. Members of the group also put up a brutal set of claims: "Anonymous has:
"entire control of all emails for the company of hbgary.com. we have full admin control of
"hbgaryfederal.com. we have wordpress control of hbgary.com
"all emails will be put up in a torrent.
"full access to all their finincials
"their ssns [social security numbers]
"their w2s [US tax reporting statement]
"their 1099s [US tax identification certificate]
"their software products
"their malware data (although Anonymous rm'd [deleted] their entire terabyte of data sorry)
"their backup server was wiped.
"access to their pbx system via 8x8.com
"control of their support server and their clients logins
"root access to rootkit.com, personal website of greg hoglund
"aaron barr's ipad is now wiped"
Barr could not be contacted to find out how many of these details were correct. The HBGary site had been replaced by a placeholder this morning.
Anonymous claimed that they replaced the front page of HBGary's site with an image rebuking the company and saying "you're nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiculous prices for simple things like NMAPs, and you don't deserve praise or even recognition as security experts."
It added: "If you swing a sword of malice into Anonymous' innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried."
The company was targeted after Barr was quoted in the Financial Times saying that he had identified two key members of Anonymous, including a co-founder in the US, and senior members in Britain, Germany, the Netherlands, Italy and Australia. He said he had picked up clues about their identities via online sources such as email, Facebook and Internet Relay Chat (IRC).
In January UK police arrested five people accused of having taken part in attacks against sites such as PayPal in December as revenge for its withdrawal of payment facilities for WikiLeaks. US authorities and other European police forces have also arrested people accused of taking part in the online attacks.
The Anonymous attack was claimed to have been carried out by five people who alleged that Barr had planned to meet US authorities on Monday morning and sell his findings to the FBI. The attackers made the file with the details Barr had planned to release public, but asserted that the numbers given were incorrect and that the names were "random".
In a sarcastic press release on the AnonNews site, someone from the group posted a release (though dated 6 January, it was actually posted on 6 February) saying "Mr Barr has successfully broken through our over 9000 proxy field and into our entirely non-public and secret insurgent IRC lair, where he then smashed through our fire labyrinth with vigor, collected all the gold rings on the way, opened a 50 silver key chest to find Anon's legendary hackers on steroids password."
GO TO STORY:
http://www.guardian.co.uk/technology/2011/feb/07/anonymous-attacks-us-security-company-hbgaryAnonymous attacks US security company HBGary chief Aaron Barr's Twitter account... more
-
