For those who haven’t followed this, HBGary Federal, a cyber security firm with US government contracts, privately pitched a deal with Bank of America intermediaries to smear Wikileaks supporters, namely journalists like Glenn Greenwald. Publicly, the head of HBGary boasted the firm had infiltrated the group Anonymous that organized massive DDoS attacks on PayPal, MasterCard, VISA and Bank of America in retribution for denying service to Wikileaks. Anonymous also worked to help the pro-democracy protesters in Egypt, establishing alternate communication routes as well as disabling government websites.
Aaron Barr told Financial Times that his firm had infiltrated Anonymous.
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who “are the most senior and co-ordinate and manage most of the decisions,” Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.
In December, MGx interviewed members of Anonymous and from what I learned there is no leadership and identities are masked even from each other. Consequently, the claims seemed pretty ludicrous and Anonymous took action. Wildly diverse in age and occupation most of its members would not be considered qualified ‘hackers’. Nevertheless, real hackers are part of Anonymous and they responded to Barr’s demonstrating their skills and busting the cyber security firms site and emails.
HBGary had been collecting information about Anonymous members after the group’s DDoS attacks on companies perceived to be anti-WikiLeaks. The firm had targeted a number of senior Anonymous members, including a US-based member going by the name of Owen, as well as another member known as Q. In addition to working with the FBI (for a fee, of course), HBGary’s CEO Aaron Barr was preparing to release the findings this month at a security conference in San Francisco.
Anonymous, however, felt that HBGary’s findings were “nonsense” and immediately retaliated—but this time with something other than a DDoS attack. Instead, Anonymous compromised the company’s website, gained access to the documents that HBGary had collected on its members, and published more than 60,000 of HBGary’s e-mails to BitTorrent. They also vandalized Barr’s Twitter and LinkedIn accounts with harsh messages and personal data about Barr, such as his social security number and home address.
“We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks,” Anonymous wrote in a statement posted to HBGary’s site on Sunday. “So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free.”
HBGary cofounder and security researcher Greg Hoglund confirmed on Sunday evening that the latest attacks were sophisticated compared to the group’s past shenanigans.
Anonymous published the emails revealing a strategy to smear journalists covering and seen to support the work of Wikileaks on behalf of Bank of America and the Chamber of Commerce. Glenn Greenwald, one of the journalists targeted, talks with Dylan Ratigan.
GLENN: Well, what basically happened is there is an internet security firm called HB Gary that does a lot of work for the government and for large corporations. They do internet investigations and internet security. And about three months ago or so, there was a group of hackers around the world that called itself Anonymous. And what Anonymous did was they announced that any companies that targeted WikiLeaks for retribution would be targeted by these hackers, by Anonymous for retaliation. And so there were a variety of big companies like PayPal and MasterCard and Visa and Amazon that, in response to the U.S. government’s pressure, terminated their services to WikiLeaks. They said, “We won’t process credit card payments for WikiLeaks. We won’t allow — we won’t post their website. We won’t process payments to them.”
And so Anonymous, this group of hackers, targeted those companies and unleashed cyber attacks on them that slowed down their websites, on a couple of cases, removed them from being online. So the head of this internet security firm, HB Gary, decided that he was going to investigate Anonymous, try and find out who they were, who was responsible for these cyber attacks, and he began publicly boasting that he had successfully infiltrated this group, that he had uncovered the identities of several of the key hackers. And unsurprisingly, after he ran around publicly boasting about his success in infiltrating this group of hackers, the group of hackers, Anonymous, targeted him and his company and they hacked into the e-mail system of HB Gary and downloaded roughly 50,000 e-mails from the company that they then published online about a week ago. Among the e-mails that were published, they just randomly published 50,000 of this company’s e-mails. Among the e-mails that were published were a variety of proposals that HB Gary and other leading internet security firms had been pitching to the Bank of America and to the Chamber of Commerce.
In the case of Bank of America, they were proposing that various supporters of WikiLeaks, including myself, be targeted with smear campaigns, that our reputations be harmed and discredited and that we be threatened in some way that our careers would be over if we continue to advocate for WikiLeaks. And in the case of the Chamber of Commerce, they advocated that adversaries of the Chamber of Commerce like progressive groups and unions and activists who speak against the Chamber of Commerce also be similarly targeted and that their families should be monitored and that they discussed where the synagogues were, where the families went, really odious pernicious stuff probably in some cases illegal. And what made it such an important story is that the firms that were involved are serious legitimate players. I mean these are not fly-by-night operations. These are big companies that do a lot of high level work for the government and for big corporations.
They were pitching it to two of the biggest and most important commercial entities in the country, Bank of America and the Chamber of Commerce. And the key, the coordinating party, the one soliciting these proposals and encouraging them was the law firm of Hunton & Williams which represents the Chamber of Commerce and Bank of America and is one of the most well-connected lobbyist and legal firms in Washington. And it turns out that the U.S. Government, the Justice Department had actually recommended that firm to Bank of America. They told Bank of America, “You should hire this firm in your war against WikiLeaks.” So there are a lot of big players and important serious players involved in what are really disturbing and likely criminal proposals on behalf of really significant and well-funded corporations. That’s why it caused so much news.
HBGary has been embarrassed by the hack and are reported to be losing contracts and backed out of a large tradeshow. Greenwald writes a series of excellent pieces explaining how this firm and others worked together to try and threaten these journalists from doing their jobs.
Anonymous, has probably, by demonstrating that HBGary cannot even protect its own information, doomed the company. You have to love how Anonymous smacked these firms.