Anonymous speaks: the inside story of the HBGary hack

Anonymous speaks: the inside story of the HBGary hack
By Peter Bright |



It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I've talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary's defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.

....................

Alas, two HBGary Federal employees—CEO Aaron Barr and COO Ted Vera—used passwords that were very simple; each was just six lower case letters and two numbers. Such simple combinations are likely to be found in any respectable rainbow table, and so it was that their passwords were trivially compromised.

lots, lots, (incl new batch of damning e-mails) more (3 pages) you tell me what YOU think?
kpete:
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/

love those hacked emails - they're better than chocolate!

now, when do we get the promised BofA dump? You know, anonymous could just do a major dump and make bofa long for the days when wikileaks verified and redacted info and selectively released docs.

:)

hilarious :rofl:

Where she pretty much begs them to "Leave her company alone!!".

They make (increasing) demands on her - including donating Aaron Barr's salary to Bradley Manning's defense fund. (Points for them, imho)

It gets funnier when they tell her "Penny: Hmm, fire him and make him admit defeat in a public statement. Maybe post a picture of a shoe on his head."

http://pastebin.com/x69Akp5L

Some of the folks in the discussion are quite funny with their responses. Viva Anonymous!

a security company. I'm not very technical but from reading the article it looks like they were so careless with their own security, they made it easy for Anonymous to gain access to their site.

So many things they did wrong. But the one that stands out most to me is the exchange of emails between the HBGary guy, Fuzzi I think his handle was, with the fake Gary where he gave him all the info he needed without once suspecting that something might be wrong. Rather than make a phone call to check, especially being that they are in the security business.

I hope the country's security system is better than theirs was. What a total embarrassment for them. But when you decide to attack a news organization for money, to lie about them, to join in a smear campaign, I can't find much sympathy for them.

Go Anonymous! I'm sure others will hesitate before stirring that hornet's nest again.

the fact that HBGary was so easily cracked is a laughable offense. And to think that the are federal contractors.