tagged w/ HBGary Federal
-
-
-
IP based authentication is somewhat helpful, but can be hurtful. While an administrator can define who can and cannot visit locations, servers, pages, this can become a cumbersome process. It also does little against a potential client side attack where an attacker accesses a trusted machine...
https://www.infosecisland.com/blogview/12612-HBGary-Federal-Security-Fail-Again.htmlIP based authentication is somewhat helpful, but can be hurtful. While an... more
-
-
This is secret War going on in the media. With CIA Trickery and Deception the main tools used to intentionally hide the truth. By armies of psy-ops teams skilled in the science of manipulating public opinion are targeting and attacking Anonymous, Wikileaks and Bradley Manning... This is an operation to twist public perception by use of sociological warfare techniques (psy-ops) with disseminating untruths and disinformation to manipulate the public.... All Standard procedures and Techniques that have been used by CIA psy-ops in "Operation Mockingbird" in the media for many years ~ All without the public even catching on...
Recently the foundations of that corruption and their ~ business as usual has been shaken to its core... Finally their Status quo of on going manipulation of public opinion and day to day operations came into question by Wikileaks exposing US Diplomatic Cables.
Currently...The government is in damage control... still watching and preparing for what could come next. Since then, they have observing two CIA allies ( & dictators); Tunisia and Egypt's both face overwhelming public mass outrage as both of the governments Failed. Now, this same Tsunami Wave that Wikileaks started has hit in the USA ... Starting in Madison Wisconsin...and already spreading across the nation.
Why so much attention? To stop any more unraveling of the exposure to the public of even more damaging corruption acts... They should be scared! They know what they are hiding... Because Wikileaks exposed the truth....By pulling back the Curtain on the systematic disinformation campaign waged against the American public. What we see today...Like..."The Great OZ" when he goes into damage control saying... "pay no attention to that man behind the curtain over there!!!" The only thing we haven't seen "yet" is... The Flying Monkeys! Their cover has been blown... The corruption and hypocrisy exposed and noted... with a caveat of.... more to come.
It is more than just having confidence in We Are Anonymous.... It is knowing the core of what tricks... are to come as they fight their long practiced psy-ops attacks to confuse the public and to discredit and hide the truth. IT IS A DIRTY GAME THEY PLAY!
If the public really knew the depth of what really is going on... things would be much different for everyone on the planet... The Truth is "TOP PRIORITY" in any democracy... Without the truth we have Fascism. In a democracy we can't have the Government using sociological warfare techniques against out public as they do today!
=== WARNING: (PSY-OPS) DISINFORMATION CAMPAIGN STARTS BELOW ===
BY OLD BRUTUS, ON MARCH 6TH, 2011
Washington, D.C.–Anonymous Internet users discovered Thursday that the United States Government plays a major role in the day-to-day operations of the most popular Internet news source used by internet activists, or “hacktivists.”
Anonnews.org claims to serve decentralized hacker group Anonymous as its central source of information, including targets and Anonymous press releases, which anyone can submit.
A number of Internet users frequenting both the chronicle.SU and anonnews.org websites discovered that the website selectively runs articles that only fall in line with the agenda of the U.S. Government, and brought this to the attention of chronicle.SU senior executives.
[Editor's note: Due to the close-hitting nature of this piece,
subjective articles such as "we," "us" and "I" will be foundin the following paragraphs.]
As perhaps only a handful of our readers know, anonnews.org, whose slogan is Everything Anonymous, actively deletes any and all content submissions originating from chronicle.SU. We have fought this for a long time, out of fairness to Anonymous and outside objectors, but we too have come to realize anonnews.org is either owned by, or in collusion with, various government agencies.
This clampdown on information is akin to what many of us learn in college courses, or from history itself, to expect from oppressive regimes, and compares in no small way to the aggressive reaction from the USG when news hit of daily-leaking diplomatic cables.
It is worth noting that anonnews.org no longer accepts press releases relating to Wikileaks.
Anonymous purports to expose and crush oppressive regimes, and even went on the record with Al Jazeera Saturday morning to take credit for the unprecedented attacks on websites owned by Mastercard, PayPal, Amazon, and outside governments. Anonymous’ spokesperson, which could literally be anyone in the world, compared their actions with those of protesters in the streets of Tunisia, Libya and Egypt.
VIEW THE FULL PSY-OPS DISINFORMATION ON THE LINK BELOW:
http://www.chronicle.su/news/anonnews-org-run-by-united-states-government/
~This is secret War going on in the media. With CIA Trickery and Deception the main... more
-
-
There was nothing terribly sophisticated about the denial of service attack executed by the activist hackers at Anonymous to temporarily knock out the website of Americans for Prosperity, the conservative advocacy group backed by billionaire brothers David and Charles Koch.
But the senior execs at Georgia Pacific and other corporate holdings controlled by the Koch brothers ought to be very nervous. Anonymous, best known for similarly crippling websites of firms hostile to WikiLeaks, says it has begun actively probing for network weaknesses in Georgia Pacific and other Koch brothers' holdings.
Should the activist hackers succeed in cracking into any of the Koch brothers' corporate networks, Anonymous could solidify its emerging persona as a digital-age Robin Hood, says Josh Shaul, Chief Technology Officer of network security company Application Security.
"These guys have so much attitude and spunk," says Shaul. "Anonymous is coming out of its shell and seems to be saying, 'Hey, we'll be the voice of the people, we'll be the Robin Hood fighting for the poor against the powerful.' "
In this statement, Anonymous accuses the Koch brothers of "fabricating grassroots organizations and advertising campaigns to sway voters based on their falsehoods." The statement concludes:
Anonymous hears the voice of the downtrodden American people, whose rights and liberties are being systematically removed one by one, even when their own government refuses to listen or worse - is complicit in these attacks. We are actively seeking vulnerabilities, but in the mean time we are calling for all supporters of true Democracy, and Freedom of The People, to boycott all Koch Industries' paper products. We welcome unions across the globe to join us in this boycott to show that you will not allow big business to dictate your freedom.
The group's highest profile hack to date shows what it is capable of. On Feb. 5, a group of five elite hackers gained deep access into data intelligence firm HBGary, defaced and damaged most if its systems, and stole 77,000 e-mails from the Google Enterprise cloud-based service used by the company.
Upon being made public on the Internet, the stolen e-mails were pored over by reporters and activists; they revealed stunning details of how high-stakes, corporate-backed disinformation campaigns get birthed.
Click here to read about the pivotal role a 16-year-old girl played in that hack. The lightning rod in that caper -- HBGary Federal CEO Aaron Barr -- on Monday announced his resignation. Barr will go down in tech history as the disinformation expert who stirred Anonymous into a higher gear -- by bragging that he had identified the group's leaders and planning to expose them on Valentines Day at the B-Sides Security Conference in San Francisco.
Though corporations have spent billions shoring up network perimeter defenses, determined hackers routinely gain deep access into corporate systems. They do so by combining simple social-engineering trickery with proven hacking tools.
We recently published this news story about how one cybergang stole more than $50 million by setting up an elaborate series of stings of European companies participating in Europe's carbon-credits exchange. Another gang got deep into Nasdaq's Directors Desk cloud collabartion tool for senior executives, where they lurked for more than a year before recently being detected.
The activist hackers at Anonymyous have demonstrated knowledge and skills of the techniques used by top hacking groups that concentrate on breaking into corporate networks for profit.
"They better be concerned," Shaul says of the Koch brothers. "What Anonymous is saying is 'we're getting ready to execute whatever attack we can, so you better be worried; in the meantime, we're going to be a big pain.' "
Update: 5:50 p.m Eastern. A Michael Goldfarb called Technology Live and identified himself as a spokeman for Koch Industries. Goldfarb requested to go off the record for a "substantive discussion." We declined. The caller declined to comment on the Anonymous attack.
GO TO STORY:
http://content.usatoday.com/communities/technologylive/post/2011/03/anonymous-actively-probing-koch-brothers-corporate-networks-/1There was nothing terribly sophisticated about the denial of service attack executed... more
-
-
Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a Congressional investigation loomed. A dozen Democrats in Congress asked various Republican committee chairs to launch probes of HBGary Federal's idea for a "reconnaissance cell" targeting pro-union organizers.
http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022805810.html
HBGary Federal was hacked last month by Anonymous after Aaron Barr believed he had unmasked much of the group's leadership—and Barr's entire cache of corporate e-mails was made public. Those messages revealed that Barr had joined up with two other security firms, Palantir and Berico, to pitch the powerhouse DC law firm of Hunton & Williams on an idea to go after union-backed websites who opposed the US Chamber of Commerce. The scheme, if adopted, would have cost the Chamber up to $2 million a month.
The three companies called themselves Team Themis, and instead of providing simple "business intelligence," they had a few other ideas:
* Create a false document, perhaps highlighting periodical financial information, and monitor to see if US Chamber Watch acquires it. Afterward, present explicit evidence proving that such transactions never occurred. Also, create a fake insider persona and generate communications with [union-backed Change to Win]. Afterward, release the actual documents at a specified time and explain the activity as a CtW contrived operation.
* If needed, create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second. Such work is complicated, but a well-thought out approach will give way to a variety of strategies that can sufficiently aid the formation of vetting questions US Chamber Watch will likely ask.
* Create a humor piece about the leaders of CtW.
Now, some members of Congress want an investigation. "The [Team Themis] techniques may have been developed at US government expense to target terrorists and other security threats," said a letter signed by the representatives.
http://www.scribd.com/doc/49777524/Hunton-Williams-Investigation-letter
"The e-mails indicate that these defense contractors planned to mine social network sites for information on Chamber critics; planned to plant 'false documents' and 'fake insider personas' that would be used to discredit the groups; and discussed the use of malicious and intrusive software ('malware') to steal private information from the groups and disrupt their internal electronic communications."
Did anything illegal happen? The letter suggests that forgery, wire fraud, and computer fraud might have taken place and that Congress should investigate the ways that private contractors turn their military contracting experience on private targets.
Going after the lawyers
Hunton & Williams, the middleman law firm in all this (and the middleman between a major US bank and Team Themis' similar plan to take down WikiLeaks), has steadfastly refused to comment on the whole story. But it too may find itself in trouble after a professional conduct complaint (PDF) was lodged against it last week in Washington, DC. http://www.velvetrevolution.us/images/H_W_Bar_complaint.pdf
The complaint was filed by Stop the Chamber and Velvet Revolution, two of the groups targeted for the potential Chamber of Commerce campaign. It accuses the three Hunton & Williams lawyers named in the HBGary Federal e-mails of "an extended pattern of unethical behavior that included likely criminal conduct."
> Specifically, they solicited, conspired with and counseled three of its investigative private security firms to engage in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.
Most of this alleged bad behavior was done, of course, by Team Themis and not by Hunton & Williams. Still, they reviewed (and appear to have had no problems with) the material. As the complaint puts it, "none of the H&W lawyers ever expressed any reservation or doubt about the unethical conduct proposed and committed by their investigators. In fact, they actively solicited and approved everything that was proposed and presented."
The complaint asks the DC Board of Professional Responsibility to strip all three Hunton & Williams lawyers of their licenses.Embattled HBGary Federal CEO Aaron Barr quit his job yesterday as the prospect of a... more
-
-
http://www.dewereldmorgen.be/sites/default/files/2011/02/20/aaron_barr_forever-the-game.gif
Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.
The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal's computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr's resignation.
In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack.
“I need to focus on taking care of my family and rebuilding my reputation," Barr said in a phone interview. "It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”
The group conducted a preemptive strike on HBGary after Barr was quoted in a published article saying that he had identified the leadership of the group and planned to disclose their identities at the B-Sides Security Conference in San Francisco.
By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks, the group gained access to the company's Web- and e-mail servers as well as the Rootkit.com Web site, a site also launched by HBGary founder Greg Hoaglund. Ultimately, the group defaced HBGary's Web site and disgorged the full contents of e-mail accounts belonging to Barr, Hoglund and other company executives.
Though Barr and HBGary were the victims of the hack, the contents of the e-mail messages divulged plans that cast both in an unflattering light. Among them were data mining efforts and mentions of possible disinformation campaigns on behalf of a "large U.S. bank" and the law firm that represents the U.S. Chamber of Commerce that seem to run afoul of civil liberties and professional ethics.
HBGary counted many U.S. government agencies, including the Department of Defense, CIA and NSA as customers. The disclosure of e-mail messages from the company poses a major security risk to those organizations, as well as individuals who had corresponded with the firm. The breach also raises troubling questions about the direction that HBGary and other Beltway firms have taken. Email exchanges published online revealed the firm to be at work on a variety of plans to do data mining and information operations on U.S. organizations and journalists on behalf of clients including law firms representing a large U.S. bank and the U.S. Chamber of Commerce. Most recently, the incident spilled into the mainstream, with comedian Stephen Colbert devoting a segment of his Colbert Report program on February 24 to the HBGary hack.http://www.dewereldmorgen.be/sites/default/files/2011/02/20/aaron_barr_forever-the-game... more
-
-
-
Last time we checked in with PayPal, it, along with MasterCard, Visa and others had blocked its services with regards to donations to WikiLeaks foundation.
Today it is being reported that PayPal has taken further action against another WikiLeaks-related fund, in freezing the account of the Courage To Resist foundation which, in conjunction with the Bradley Manning Support Network, gives donations to the Bradley Manning legal defense fund. The imprisoned Manning is allegedly the source of the US Embassy cables leaked by WikiLeaks.
In a phone call earlier today, PayPal representative Anuj Nayar told me that this action is not WikiLeaks related and that PayPal has only temporarily restricted the fund, “This has nothing to do with WikiLeaks.”
Courage To Resist and PayPal are still in talks, and according to Nayar the former is infringing against PayPal’s policy on 501 3c non-profits, which hold that a non-profit needs to have a bank account associated with their PayPal account. “For the vast majority of none profits this is not an issue,” says Najar.
Nayar also takes up CTR’s claim that PayPal would not un-restrict the account unless CTR authorized PayPal to withdraw funds from the checking account by default, “We can’t do that without the authorization of an account holder, so a) We can’t do it b) We don’t do it c) Even if we did the bank would resist the charge.”
So why make this a WikiLeaks issue? “That’s a question for them,” he says.
The company’s official statement, below:
“Today’s temporary limitation of the Courage to Resist organization’s PayPal account is due to PayPal regulations requiring non profits to associate a bank account to their PayPal account. It is nothing to do with Wikileaks. Back in December 2010, we permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity. We’ve notified the account holder of this action. This is not the case with Courage to Resist”
GO TO STORY:
http://techcrunch.com/2011/02/24/paypal-on-cutting-off-courage-to-resist-this-has-nothing-to-do-with-wikileaks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29Last time we checked in with PayPal, it, along with MasterCard, Visa and others had... more
-
-
The Westboro Baptist Church is best-known for picketing military funerals and gay pride gatherings with "God Hates Fags" and other slogans deemed offensive and shocking by most who see them. They're led by the incendiary Fred Phelps, who burned a Koran last September. WBC and Phelps always seem to be looking for new ways to push the envelope when it comes to hate.
While their actions might be protected as free speech, that's not going to stop "Anonymous", a hacker group with a simple name but an already-impressive list of accomplishments. Anonymous is best-known for shutting down Mubarak government websites earlier this month, and bringing down the websites of Visa and Mastercard last year, in defense of Wikileaks. More recently, Anonymous absolutely destroyed security firm HBGary and delivered a scathing come-uppance letter on the firm's hacked front page.
Now Anonymous has written an open letter to the congregation and supporters of the Westboro Baptist Church, calling them "an assembly of graceless sociopaths and maniacal chauvinists & religious zealots."
The letter goes on to warn:
"Cease & desist your protest campaign in the year 2011, return to your homes in Kansas, & close your public Web sites.
Should you ignore this warning, you will meet with the vicious retaliatory arm of ANONYMOUS: We will target your public Websites, and the propaganda & detestable doctrine that you promote will be eradicated; the damage incurred will be irreversible, and neither your institution nor your congregation will ever be able to fully recover."
As outlined above, Anonymous has both the ability and experience needed to deliver on these threats. The letter concludes with their standard signature:
WE ARE ANONYMOUS.
WE ARE LEGION.
WE DO NOT FORGIVE.
WE DO NOT FORGET.
EXPECT US.
Before everyone raises a glass to cheer on this new breed of renegade "hacktivists", consider what the implications are for the future of free speech. In this arena, the arm of the law is not long, and Anonymous is essentially unstoppable, at least for the time being. Where does such a group draw the line? What if their next target is something or someone which you don't find so offensive?
Anonymous essentially has the power to fully circumvent the First Amendment, and in the process, they are rewriting the rules on how we react to speech we don't like. With new tools like the Low-Orbit Ion Cannon becoming more widely available to the average computer user, the future of protest is changing in front of our eyes.
Or should we take heart that citizens are rising up to challenge the old paradigm and the hate-mongers who misuse it? Should we accept that times are changing, and that certain kinds of speech should not be allowed? Certainly the sentiments expressed publicly by WBC are unwelcome by the vast majority of the population. The government's hands are tied when it comes to restricting hate speech — is it time for us to take matters into our own hands?
Original article w/ links to sources: http://talkingskull.com/article/should-anonymous-hack-westboro-baptist-churchThe Westboro Baptist Church is best-known for picketing military funerals and gay... more
-
-
-
On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.
"I got this word doc linked off a dangler site for Al Qaeda peeps," wrote Hoglund. "I think it has a US govvy payload buried inside. Would be neat to [analyze] it and see what it's about. DONT open it unless in a [virtual machine] obviously… DONT let it FONE HOME unless you want black suits landing on your front acre. :-)"
The attached document, which is in English, begins: "LESSON SIXTEEN: ASSASSINATIONS USING POISONS AND COLD STEEL (UK/BM-154 TRANSLATION)."
It purports to be an Al-Qaeda document on dispatching one's enemies with knives (try "the area directly above the genitals"), with ropes ("Choking… there is no other area besides the neck"), with blunt objects ("Top of the stomach, with the end of the stick."), and with hands ("Poking the fingers into one or both eyes and gouging them.").
But the poison recipes, for ricin and other assorted horrific bioweapons, are the main draw. One, purposefully made from a specific combination of spoiled food, requires "about two spoonfuls of fresh excrement." The document praises the effectiveness of the resulting poison: "During the time of the destroyer, Jamal Abdul Nasser, someone who was being severely tortured in prison (he had no connection with Islam), ate some feces after losing sanity from the severity of the torture. A few hours after he ate the feces, he was found dead."On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent... more
-
-
As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.
ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.
Barr Says He’s Done this with Terrorists
I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.
The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.
He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.
On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.
In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.
His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.
Now it’s not at all clear that it is valid (I’ll have more to say on this in the future, too). Barr’s coder argued that what he’s measuring is only guilt by association, not real association (see where this begins to sound familiar?). TechHerald, in a useful analysis of the paper he was going to give on Anonymous, judges,
His research has plenty of interesting aspects, but seems to have several flaws as well. He is right when he says social media can be used to target and exploit people and organizations, but wrong when he assumes the spider web links between people are proof positive of anything criminal or malicious.
In other words, what Barr has done has mapped out associations with no guarantee the associations mean anything, much less any involvement in a particular group.
Our Intelligence Agencies Talk to HBGary
The fact that Barr’s project is so dubious is all the more troubling, given that DOJ and our intelligence community seemed prepared to take his work seriously. Barr’s emails make it clear that he was in talks on February 4 with several branches of our intelligence community about sharing his analysis of Anonymous.
>> Interesting Day.
>>
>> So I have been contacted by OSD (Rosemary [Wenschel, head of Cyberops at DOD]), FBI, USG, and now DNI…all today.
>>
>> I have a meeting with FBI/OSD Monday @ 11am.
>>
>> Met with some folks at my old customer today (I should fill u in on that).
>>
>> And looks like a meeting to be set up with Dawn [Meyerriecks, head of DNI's Acquisition and Technology]…
>>
>> Let me know if you would like to get together.
>>
>> Aaron
The reference to USG or “my old customer” may mean the CIA, as someone signing an email MFM that was sent from CIA’s public domain name contacted Barr about “timely capabilities” on the 4th as well. (“My old customer” may also mean TASC and/or NSC, since Barr was in talks about being bought out to work in TASC’s Ft. Meade office.)
Barr’s contemplated work (and in some cases, ongoing discussions) with entities like DOD’s Cyberops, NSA, and CIA is all the more troubling given an exchange he had with his former colleague from Northrup Grumman. Barr described the meeting with his former client, emphasizing that that client was not capable of “doing the right activities” “because of authority and policy restrictions.”
The conversation was very interesting today. The admit they had no idea this was happening until it hit the streets. They have no idea how to manage things like this in the future. And the agree they are not capable of doing the right activities (like I did) to be better prepared in the future because of authority and policy restrictions.
That is, whoever the client was, they agreed that they couldn’t do the kind of spying domestically Barr could because of policy restrictions.
Barr’s former colleague asked “Do you suppose there might be a market for an offshore intel gathering organization that would sell results?” To which Barr responded, “absolutely needed. Government is not going to get out of their way anytime soon to be able to do this work.”
As I will show in the future, Barr had already done this kind of analysis within the intelligence community. He had pushed to apply it to citizen activism (as well as Anonymous, though some of the people he targeted may also have engaged solely in First Amendment protected activites), and the intelligence community was anxious to hear about his Anonymous work (though there’s no indication they knew how dubious it was).
GO TO STORY:
http://emptywheel.firedoglake.com/2011/02/14/the-hbgary-scandal-using-counterterrorism-tactics-on-citizen-activism/As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his... more
-
-
General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device. The enabling kernel mode implant will cater to a command and control element via the serial port. The demonstration will utilize an exploit in Outlook as the delivery mechanism for said software application. The subsequently loaded implant will be stable and will not crash the demonstration system. A usermode component will be included as part of the exploitation package that exercises the kernel mode implant for demonstration purposes. The loaded implant will use the connected serial port to remotely enable functions which can be visible on the collection computer connected on the other end of the serial line. The purpose of the demonstration setup is to verify the functionality for the customer and validate that all work has been completed.
Primary Objectives:
• Development of a kernel-mode implant that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station. For demonstration, a null modem cable will be used to connect the collection station
• The use of a standard Outlook Exploit as a delivery mechanism for the implant, with the intention being that any suitable exploit could be used for the same.
• As part of the exploit delivery package, a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant.
• Test set (which will consist of two computers networked together via a null modem cable using HyperTerminal) that can reliably and repeatedly demonstrate the exploit and subsequent implant capability of the system.
GO TO STORY:
http://publicintelligence.net/hbgary-general-dynamics-malware-development-project-c/General Dynamics has selected HBGary Inc to provide this proposal for development of a... more
-
-
In the new emails released by Anonymous we discover that HBGary Inc. may have been working on the development of a new type of Windows rootkit that was undetectable and almost impossible to remove.
Crowdleaks.org cannot confirm how far into development this project went. However we do know by looking at the following email that the Magenta Rootkit proposal was forwarded from Greg Hoglund at HBGary to Ray Owen, President of Farallon Research LLC.
From: Greg Hoglund To: Ray.owen@farallon-research.com Date: Fri, 7 Jan 2011 14:29:25 -0800 Subject: Fwd: Magenta Rootkit (for Ray)
Full headers
—–
mime-version: 1.0
received: by 10.147.181.12 with HTTP; Fri, 7 Jan 2011 14:29:25 -0800 (PST)
in-reply-to:
references:
date: Fri, 7 Jan 2011 14:29:25 -0800
delivered-to: greg@hbgary.com
message-id:
subject: Fwd: Magenta Rootkit (for Ray)
from: Greg Hoglund
to: Ray.owen@farallon-research.com
content-type: multipart/mixed; boundary=000e0cd3ea788d10dc0499492677
Attachments: MAGENTA.docx (13878 bytes)
Farallon Research LLC is privately held government contractor based in Gatos, CA. Their website offers no insight into who they are or what they do other than an “About Us” page which simply states: “The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government.”
In the following message we can see that Shawn Bracken, Principal Research Scientist at HBGary, attached and sent the initial Magenta Rootkit proposal to Greg Hoglund.
———- Forwarded message ———-
From: Shawn Bracken
Date: Fri, Jan 7, 2011 at 11:07 AM
Subject: Magenta Rootkit (for Ray)
To: Greg Hoglund
G,
Attached is the requested rootkit proposal � let me know what you think.
Cheers,
-SB
Shawn Bracken
Principal Research Scientist
HBGary, Inc.
(916) 459-4727 x 106
shawn@hbgary.com
In the attached word document (MAGENTA.docx) we find:
Description: Magenta would be a new breed of windows based rootkit, which HBGary refers to as a multi-context rootkit. Magenta is a 100% pure assembly language implemented rootkit. The magenta rootkit body is injected into kernel memory via the DriverEntry() partial-load technique. Once loaded into kernel memory, Magenta would automatically identify an active process/thread context to inject itself into via an APC (Asynchronous Procedure Call). Once the APC fires in the new process context, the body of the rootkit will be executed. Finally, At the completion of each APC activation, magenta will move itself to a new location in memory and automatically identify one or more new activation PROCESS/THREAD combination’s to queue one or more additional activation APC’s into.
When Activated, the Magenta rootkit will be capable of searching for and executing imbedded command and control messages by finding them wherever they may exist in physical memory on the compromised host. This is ideal because it’s trivial to remotely seed C&C messages into any networked windows host – even if the host in question has full windows firewalling enabled. The Magenta payload will also contain imbedded capabilities for injecting these C&C payloads directly into user-mode processes. This will allow injectable C&C payloads to be written to perform user-mode tasks on the compromised host.
Key Features:
New breed of rootkit – There isn’t anything like this publicly
Extremely small memory footprint – (4k or less)
Almost impossible to remove from a live running system
o Once the injected Magenta rootkit body is loaded into kernel memory, it will be fire-and-forget. You can delete the original .sys file used to load it if you wish.
o Any physical memory based tools that would allow you to see the current location of Magenta body would only be of limited use since by the time the responder tried to verify his results Magenta will have already moved to a new location & context
Elegant/powerful C&C message system. There is a near endless amount of ways to get a small seeded C&C message into the physical memory of a networked computer even with zero credentials.
Invisible to kernel mode defense components that rely on the PsSetLoadImageNotifyRoutine() notification routine to detect/analyze/block drivers.
o HINT: PsSetLoadImageNotify() callbacks only get called for drivers who returned TRUE in their DriverEntry()
Project Development Phases:
HBGary recommends using at least a two phase project to build out Magenta. In Phase-1 HBGary would build a fully functional prototype for Windows XP – Service Pack 3 (X86). This would allow an end-to-end proof of concept prototype to be developed and demonstrated. Phase-2 would purely consist of porting the Magenta rootkit to all current flavors of Microsoft Windows (x86 & x64)
Crowdleaks.org cannot confirm that the Magenta Rootkit proposal was even accepted but given HBGary’s involvement in Stuxnet research, it’s a chilling proposal that was likely taken seriously by HBgary INC. and probably not the first of its kind.
GO TO STORY:
http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/In the new emails released by Anonymous we discover that HBGary Inc. may have been... more
-
-
Hunton & Williams, the law firm that solicited HBGary and two other security firms to spy on Chamber of Commerce opponents, has remained silent so far about its efforts.
But it hasn’t covered its tracks. The SEIU reports that people from Hunton & Williams spent 20 hours last November–at the time when Themis was pitching H&W to use a JSOC approach to go after Chamber opponents–on the SEIU sites.
Server logs and leaked emails reveal that employees at Hunton & Williams, the principal law firm of the U.S. Chamber of Commerce, spent 20 hours on SEIU websites last November while partners from the firm were working with private security firms on an illegal “dirty tricks” campaign aimed at undermining the credibility of the Chamber’s political opponents, including the Service Employees International Union (SEIU).
And of course SEIU is able to see precisely what H&W was looking at in that period: top H&W page views in 2010 include SEIU’s page on the Chamber and on big banks. People from H&W searched on individuals at SEIU as well as on SEIU’s organizing of protests outside of BoA’s General Counsel. They even searched on “hourly pay for SEIU organizers.” (Whatever that is, it’s less than Themis was going to charge for its paid trolls.)
No wonder H&W has been so quiet about their role in this campaign.
Update: This post has been edited for accuracy.
http://timeoutcorner.files.wordpress.com/2011/02/hbgary-sparta2.jpg?w=640&h=392&crop=1Hunton & Williams, the law firm that solicited HBGary and two other security firms... more
-
-
Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out.
Our lengthy investigation of that story generated such interest that we wanted to flesh out one compelling facet of the story in even more detail. In a sea of technical jargon, social media analysis, and digital detective work, it stands out as a truly human moment, when Barr revealed himself to Anonymous and dialogued directly with senior leaders and "members" of the group.
The encounter began on February 5. Barr had managed to get his work written up in a Financial Times story the day before, and now strange traffic was pouring in to HBGary Federal. With his research done and his story in print, Barr needed only to work up some conference slides and prepare for a meeting with the FBI, which had been tracking Anonymous for some time. So Barr ditched the covert identities he had been using to watch the group, and on February 5 he approached a person on Facebook whom he believed was the powerful CommanderX.
Barr's apparent motives were multiple: to mitigate any revenge upon his company, but also to meet as equals with his hacker subjects. No harm, no foul, right? Anonymous didn't agree. (Quotes in this article are provided verbatim, typos and all.)
Barr: CommanderX. This is my research… I am not going to release names I am merely doing security research to prove the vulnerability of social media so please tell [redacted] and [redacted] or whoever else is hitting our site to stop.
CommanderX: Uhhh…. not my doing! Just as a thought… wouldn't that be valuable data to your research?
Barr: I am done with my research…doing my slides…I am not out to gut u guys. My focus is on social media vulnerabilities only. So please tell the folks there that I am not out to get you guys… I knew you guys were a risky target but nothing risked nothing gained. People can show their bravado thats fine I can deal with that. Just want the 'leadership' to know what my intent is…that will filter as it needs to I am sure.
CommanderX: 'Leadership' lmao [laughing my ass off] it has grown beyond my control, just as I intended.
Barr: … I will talk about aliases. I won't talk about names. But please don't play me a chump any more than you have to to protect anons cred. I know more than IRC aliases…. u have a lot of firepower and know how in some dark corners…hell some of them may even know Greg Hoglund the CEO of our other company. So if it is some of your guys just want to make sure they don't get too aggressive.
CommanderX: Which website?
Barr: hbgaryfederal.com
CommanderX … I warn you that your vulnerabilities are far more material. One look at your website locates all of your facilities. You might want to do something about that. Just being friendly. I hope you are being paid well.
"Come at us, bro"
Barr then entered an Anonymous IRC chat room, where his "CogAnon" profile had already been exposed. When he showed up, this is what greeted him. (Anonymous handles have been altered in this non-public section of chat.)
[23:47] guys I'll tell you...it was only research...it has now become a criminal matter...
[23:48] our website was hacked...twitter account... email.... ok...guys if thats the way u want to play it.
[23:48] CogAnon: come at us bro
[23:48] I won't...
[23:48] CogAnon: Hello.
[23:48] CogAnon: nice screencap earlier by the way, did Ted and [HBGary CEO] Penny enjoy it, faggot?
[23:49] not sure why u had to make it personal...I had 2 other usecases...
[23:49] but ok... I figured this might happen...I am not upset... it just takes a differnt path...
[23:51] ok see you guys later...not even close to end of career... :) need to finish my talk.
[23:52] maybe CogAnon will enjoy what's uploading right now
[00:18] * CogAnon is now known as AaronBarr
The material "uploading right now" was apparently Barr's private e-mails; Anonymous had infiltrated his company e-mail server, where Barr was the admin, and had taken more than 40,000 messages from three top execs. They were then uploaded to The Pirate Bay.
"What's coming next is the delicious cake"
The next day, February 6, the attacks turned serious, and Barr realized the extent of what Anonymous had done to him and to his company, which was currently in negotiations to sell itself to a pair of interested buyers. This was no longer a game; it looked more like war.
GO TO NEXT PAGE:
http://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.arsAaron Barr, CEO of security company HBGary Federal, spent the month of January trying... more
-
-
NEW TECHNOLOGY...
LANTERN 2.0
One application
Katana Forensics designs tools that target iOS devices and "EXTRACT ALL DATA LEGALLY". Katana delivers tools that supports Apple mobile devices, and doesn’t portend to support thousands.Lantern 2.0 will analyze devices, backups, and physical images.
Lantern Version 2.0 Features
Completely Redesigned Interface with FULL Device Details & Artifact Summary
Recover Deleted SMS
Read Gmail & Yahoo Email
Parse SKYPE Calls & Messages
Parse Facebook Data
Cellular Sites & Wi-Fi Location Geo Data
Wi-Fi Connections History
Improved Internet History
Geo Locate Videos & Photos
Application Usage Data
Analysis from .dd Images & Backups
Data Carving Images & Videos
Timeline Analysis
Bookmarking
View Data while Processing Acquisition
Physical Image Email Analysis
Document Analysis
>Lantern version 2.0 Brochure<
LANTERN Features
Supports all generations of iPhone, iPad, and iPOD Touch, OS 2.2 to 4.2
Pass code bypass with certificate file from syncing computer
Bypass Encryption on 3.0 devices
Locked artifact files, preventing changes to the evidence
Call Logs
Contacts
Messages, SMS and MMS
Notes
Calendar
Media synced and created by the iPhone Camera
Voice recordings
Images both synced and from the iPhone Camera, with EXIF and GPS info
Maps with GPS history
Acquisitions of multiple iPhones within a single case
Granular acquisitions
Reporting in various formats; html, pdf, xml, word. etc
Analysis of third party applications, Import file directory structure Encase, FTK
Lantern Requirements v2.0
INTEL MAC WITH A MINIMUM OF 2GB OF RAM RECOMMENDED 4GB
GO TO PAGE & SEE SCREEN SHOTS OF LANTERN 2.0:
http://katanaforensics.com/lantern/lantern-v2-0/NEW TECHNOLOGY...
LANTERN 2.0
One application
Katana Forensics designs tools... more
-
-
Dr. Alex Karp, the Co-Founder and CEO of Palantir Technologies, one of three data intelligence firms who worked to develop a systematic plan of attack against WikiLeaks and their supporters, has severed all ties with HBGary Federal and issued an apology to reporter Glenn Greenwald.
The move comes just twenty-four hours after The Tech Herald reported on the plans, thanks to a tip from Crowdleaks.org
After the tip from Crowdleaks.org, The Tech Herald learned that Palantir Technologies, HBGary Federal, and Berico Technologies, worked together with law firm Hunton and Williams to develop a proposal for Bank of America in order to deal with the “WikiLeaks Threat.”
Hunton and Williams were recommended to Bank of America’s general counsel by the Department of Justice, according to the email chain viewed by The Tech Herald. The law firm was using the meeting to pitch Bank of America on retaining them for an internal investigation surrounding WikiLeaks.
“They basically want to sue them to put an injunction on releasing any data,” an email between the three data intelligence firms said. “They want to present to the bank a team capable of doing a comprehensive investigation into the data leak.”
Hunton and Williams would act as outside counsel on retainer, while Palantir would take care of network and insider threat investigations. For their part, Berico Technologies and HBGary Federal would analyze WikiLeaks.
Some of the things mentioned as potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error.
“Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward,” the proposal said.
Moreover, reporter Glenn Greenwald, who writes for Salon.com, was singled out in the proposal as a person offering a level of support to WikiLeaks that needed to be disrupted. This disruption would include making Greenwald, and others in similar situations, choose between professional preservation and cause.
Our original coverage on this topic can be viewed here.
On Thursday evening, Dr. Alex Karp sent The Tech Herald a statement on the events and information presented in the story.
“As the Co-Founder and CEO of Palantir Technologies, I have directed the company to sever any and all contacts with HB Gary,” the statement starts.
Dr. Karp explains that Palantir Technologies provides a software analytic platform for the analysis of data. They do not provide – “nor do we have any plans to develop” – offensive cyber capabilities.
In addition, the statement says that Palantir does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called cyber attacks, or take other offensive measures.
“I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities. Moreover, we as a company, and I as an individual, always have been deeply involved in supporting progressive values and causes. We plan to continue these efforts in the future,” Dr. Karp added.
“The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties. Furthermore, personally and on behalf of the entire company, I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”
Palantir Technologies’ statement comes at a time when HBGary has refused to talk about the WikiLeaks proposal, or any other topic for that matter, related to the security incident caused by Anonymous after HBGary Federal’s Aaron Barr went to the press claiming he had infiltrated the loosely associative group.
The only statement from the company on the incident appeared on their website before it was fully restored.
“HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately,” the statement said at the time.
“To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available. Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.”
It is unlikely that Anonymous would forge thousands and thousands of emails or attachments. Yet, the complete severance of ties by Palantir Technologies, and the public apology to Greenwald, leaves little room for doubt that the information seen by The Tech Herald, Crowdleaks.org, and many others is legitimate.
Update:
Berico Technologies has cut ties as well. More information is here.
Update 2:
Palantir sent us some additional information. The blow points were emailed to us on Sunday.
Palantir never has and never will condone the sort of activities that HBGary recommended.
Specifically:
Palantir does not condone the recommendations in HBGary's presentations, proposals and emails. Moreover, the tactics proposed by HBGary were never accepted and never acted upon.
Palantir did not participate in the development of the recommendations that Palantir and others find offensive.
Palantir was NOT retained by any party to develop such recommendations and indeed it would be contrary to Palantir ethics, culture and policies to do so.
As we have previously stated, Palantir has severed all ties with HBGary going forward.
As you have probably already discovered in your research, there are two items we want to make very clear:
Palantir did not participate in any activities involving HBGary's proposed tactics.
The slide entitled "Potential Proactive Tactics" was authored solely by HBGary.
The Palantir logo on the slide is the result of a collated deck and does not represent Palantir's position.
Content can be found verbatim in HBGary's email / powerpoint.
GO TO STORY:
http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporterDr. Alex Karp, the Co-Founder and CEO of Palantir Technologies, one of three data... more
-
-
By Byron Acohido, USA TODAY
Comment
15Recommend
CAPTIONBy Ian Murphy Photography
The U.S. Chamber of Commerce -- like the Bank of America -- is scrambling to distance itself from a cache of stolen e-mails that continue to disgorge stunning details of how high-stakes, corporate-backed disinformation campaigns get birthed.
The chamber and BofA are embroiled in mirror-image controversies stemming directly from the spontaneous hack last Sunday of HBGary Federal, a digital intelligence firm. The hack was pulled off by the elite global hacking group known as Anonymous.
That's not all. More e-mails swiped during that hack are very likely to be released publicly in the next few days, says Gregg Housh, a well-known activist and close observer of Anonymous.
For more on what stirred Anonymous to hack into HBGary Federal, and specifically target its CEO Aaron Barr, see our post from earlier today.
Housh emphasized that he does not participate in Anonymous' attacks, nor is he a spokesman for the hacking group, which may be best known for seeking revenge on corporations that attempted to cripple WikiLeaks.
But Housh regularly hangs around public Internet Relay Chat rooms where Anonymous members are known to congregate. He was in such a chat room with about 100 others last weekend when the HBGary hack was hatched. So he had a ring side seat.
Housh says a 16- year-old girl who part of a team of five elite hackers that conducted the hack played a pivotal role. She tricked a systems administrator into giving her access deep inside the company's network by persuading the admin into letting her use a temporary password: changeme123.
The team then swooped in to quickly deface the company's website and destroy data and applications, including wiping out back-up programs. They broke into the company's Google Enterprise cloud-based e-mail service and spent several hours downloading e-mail from Barr and five other senior employees. The entire hack took about eight or nine hours, with most of that time spent downloading emails, estimates Housh.
About 50,000 of Barr's e-mails very quickly got released on the Internet. But roughly 27,000 e-mails from the account of HBGary co-founder Greg Hoglund were held in reserve.
Anonymous group members who did not participate in the hack, along with a handful of reporters, began poring through Barr's email. On Wednesday, Feb. 9, Steve Ragan, Security Editor for The Tech Herald, published this story tying Bank of America to a campaign to muzzle WikiLeaks founder Julian Assange.
And on Thursday, Feb. 10, Lee Fang, a reporter for ThinkProgress.org, published this story tying the U.S. Chamber to preparations for a $2 million dirty-tricks campaign to undermine non-profit and labor groups who oppose the chamber's lobbying missions on behalf of large corporations.
Barr's e-mails contained details of plans to create faked personas to try to infiltrate such groups. One tactic discussed was how to entice opponent groups to go public with the bogus documents smearing the chamber, then exposing the documents as erroneous.
Even more worrisome were plans to harvest and circulate sensitive and unflattering information about spouses and children of progressive group leaders, says ThinkProgress reporter Scott Keyes.
In a Feb. 3 e-mail received by Barr, the sender grouses about not being able to collect an anticipated fee for preparing a preliminary plan. However the sender optimistically points to a Feb. 14 meeting at which he expects a deal to be nailed down under which the Chamber would pay $250,000 to $300,000 per month for "services and license fees."
"It's important to note that the smears and disinformation plans only saw the light of day because these e-mails were leaked," says Keyes. "Otherwise all this stuff very likely would have ended up in the mainstream dialogue, without people realizing that this was a smear plot deliberately hatched by the U.S. Chamber of Commerce."
The e-mail revelations may not be over. Housh says Anonymous members late Friday were pushing ahead with plans to begin releasing Hoglund's e-mails -- on a user-friendly web page.
"So now they're working on a searchable, web-based interface that allows anyone to go through and categorize 27,000 more pieces of e-mail," says Housh. "They're saying very clearly that some of this next stuff to come out is worse. We'll see."
GO TO STORY:
http://content.usatoday.com/communities/technologylive/post/2011/02/us-chamber-joins-bofa-in-denying-ties-to-disinformation-campaigns/1By Byron Acohido, USA TODAY
Comment
15Recommend
CAPTIONBy Ian Murphy Photography... more
-
