Play By Play Of How HBGary Federal Tried To Expose Anonymous… And Got Hacked Instead
from the tick-tock dept
Nate Anderson has put together an excellent play-by-play of the whole HBGary Federal fiasco, mainly by going through the emails that Anonymous leaked. It’s well worth reading the whole thing, so I won’t repeat the key points here, but what’s really fascinating is the back-and-forth between HBGary Federal CEO Aaron Barr and others at HBGary Federal, including his main technical guy, who clearly thinks Barr’s methodology is worthless. It becomes clear that the technical guy sympathizes with Anonymous and Wikileaks and Barr even calls him on this point (admitting that he too sort of feels that way, but he recognizes this as a PR opportunity). The coder at one point mocks the whole plan as:
Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit
Yup. That’s a coder alright. Then there’s this fascinating argument where the coder points out that the statistical basis for Barr’s claims (basically analyzing who people’s friends on Facebook are is about as accurate as your daily horoscope:
Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.
Coder: No it won’t. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.
Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.
Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.
Barr: [some information redacted] On the gut feeling thing…dude I don’t just go by gut feeling…I spend hours doing analysis and come to conclusions that I know can be automated…so put the taco down and get to work!
Coder: I’m not doubting that you’re doing analysis. I’m doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it’s right. You’re still working off of the idea that the data is accurate. mmmm?..taco!
That same coder later warned another company exec saying that “I feel his arrogance is catching up to him again and that has never ended well…for any of us.” Fascinating read all around.
Filed Under: anonymous, hacking
Companies: hbgary federal
Comments on “Play By Play Of How HBGary Federal Tried To Expose Anonymous… And Got Hacked Instead”
This is an amazing story…
The chat logs (linked in the article) of the parent company’s CEO visiting an IRC channel to negotiate with Anonymous are insane (and pretty fascinating) – they are really long but search for the name “Penny” to find when she arrives.
Re: Re:
Never beg Anonymous to stop because Anonymous is irrational when it comes to things like emotion and empathy. If you are being targeted by Anonymous, do not engage, I repeat, do not engage. Just run and hide and hope to hell it all blows over.
But don’t expect to reason with them.
Re: Re: Re:
Actually, Barret Brown, a non-anonymous member of Anonymous, who is actually named in Aaron Barr’s investigation document, had a link to the Pirate Bay torrent on his Daily Kos blog. After Penny Leavy, the president of HBGary and husband of Greg Hoglund, talked with him he agreed to take down that link. Of course, he could not remove the emails from being publicly available on the internet.
HBGary seems to be trying very hard to separate itself from Aaron Barr’s actions despite having an investment in HBGary Federal. As more email messages are pointed out it looks like the leadership of HBGary was well aware, and supportive, of what Aaron and HBGary Federal were doing.
Re: Re: Re:
> But don’t expect to reason with them.
Don’t violate the “laws of the Internet” and you’ll never come in their crosshair.
> Never beg Anonymous to stop because Anonymous is irrational
I think they are quite rational. You don’t need to beg, you just need to cease and desist with whatever immoral activity you are engaged in. Bet you any attack would stop immediately.
Re: Re: Re: Re:
> I think they are quite rational. You don’t need to beg, you just need to cease and desist with whatever immoral activity you are engaged in. Bet you any attack would stop immediately.
You probably didn’t read the IRC chat or are equally clueless about how the internet actually works. If you ignore all the lolz and fcks you will see that the “children” were much more rational and realistic. They had to repeat several times that there is not way to stop the leak that is already on torrents. It’s just how it works. No amount of C&D can stop what is already in torrents.
There was still a time to stop leaking Greg’s emails and the “children” put forth 2 conditions for this — (1) fire Aaron Barr or if it is not possible, pull out investment from HBGary Federal and (2) donate it to some charity. Penny refused to accept any of these conditions and defended Mr. Barr by saying that they have found this rare talent for this job and it is just a one time mistake.
The rest is now the history. All emails got released and now the whole world is shocked about utter disregard towards civil liberties by so-called security firms. Regardless what the law says, they are morally more guilty than the hackers who stole the info.
It’s amusing watching an exec try to negotiate with spoiled children on a power trip.
Re: Re:
OHh some ones butt hurt? You work for Bofa or some thing?
Re: Re:
It’s even more amusing when spoiled children prove themselves to be smarter than an exec on a power trip.
Re: Re: Re:
It’s the banality of corporate evil.
Re: Re: Re:
Not smarter. The children are playing in many ways the same way terrorists do, in a different venue with different goals. No rules, nothing is off limits. The business people have to play nice, while the kids can do whatever and nobody holds them up to the light.
Hacks? No problem, you are part of anonops!
It’s pathetic to see people supporting their crap. The ends do not justify the means on either side of this situation.
Re: Re: Re: Re:
“The business people have to play nice, while the kids can do whatever and nobody holds them up to the light.” This whole story is about NOT nice the business people play. Do you have reading comprehension problems?
Re: Re: Re:2 Re:
Yes, and the not nice way the business people play was discovered by what method? Hacking, illegally accessing a someone else’s computer.
Pot and kettle. The ends don’t justify the means on either side.
Re: Re: Re:3 Re:
Uh, Barr started it? What should they do, turn the other cheek?
How wrong Anonymous was for hacking does not change how wrong Barr was; he may almost have gotten innocent people added to some terrorist watch list.
What should they do when someone is attacking them with unethical means? They chose to fight fire and fire, and it worked.
Re: Re: Re:3 Re:
Of course the ends DO justify the means. You’re naive if you think otherwise.
Re: Re: Re:3 Re:
Let’s see… Barr threatens innocent people, Anonymous takes down the operation targeting innocents.
Ends, meet justification. I’m sure you two can get along.
Re: Re: Re:3 Re:
Are you sure it was hacking? I’m thinking Barr’s coder may have heard a knock at the backdoor and gone to answer it: “Oh, hi, Guy Fawkes. Come right in!”
Re: Re: Re: Re:
Yah, yah, yah, transparency is a bitch we all know that.
Re: Re: Re: Re:
Also I just remembered that the U.S. government would disagree with you.
– Pornoscans and groping.
– Rendition.
– Prisoner camps outside U.S. jurisdiction, with no law to supervise what goes on.
– Spying authorized by the government with pardons after they get caught doing something wrong for everybody.
– Enactment of laws that erode civil liberties.
Yep, that is pathetic I know.
Re: Re: Re: Re:
Look at what the government teaches people.
http://en.wikipedia.org/wiki/List_of_federal_political_scandals_in_the_United_States
Now that is pathetic.
Re: Re: Re:2 Re:
I heard that it’s not considered illegal to torture people. And if you do, in some cases, you get promoted.
Re: Re: Re:3 Re:
You must be thinking about the CIA agent who had an innocent German citizen named Khalid el-Masri kidnapped and rendered to Afghanistan from Macedonia. Yeah…she was promoted.
Re: Re: Re:4 Re:
USA! USA! USA!
Re: Re: Re:5 Re:
It’s fucktards like you Coward who got Bush elected and destroyed this country (That and corporate whores like diebold http://en.wikipedia.org/wiki/Diebold ). Furthermore if it wasn’t for the sanctuary of countries anon wouldn’t be able to purchase domain names, utlize dark nets, etc. They would already go big brother on your ass. Your are such an idiot I should be ashamed for wasting my time to reply to an idiot such as yourself.
Re: Re: Re: Re:
You are an idiot and have no clue what you are talking about Anon Coward. To your first post above, if they were not being anonymous the Gov’t would have them in jail cells. Which leads me to my second point, the Gov’t is trying to control and monitor the internet effectively censoring and controlling ?we the people?. There is a digital war that is just starting to be waged. If everyone was as clueless as you none of it would be realized until it is too late. 1984? Oh right, you don’t read u fuktard.
Re: Re: Re: Re:
Sorry, but many corporations are behaving without limits.
See http://www.techdirt.com/articles/20110211/15280613062/public-citizen-eff-file-sanctions-against-anti-p2p-lawyer-evan-stone.shtml or http://www.techdirt.com/articles/20110211/11342913057/wikileaks-wasnt-only-operation-hbgary-federal-palantir-berico-planned-to-defraud.shtml or http://www.techdirt.com/articles/20110211/01091113054/us-chamber-commerce-wants-more-censorship-more-ip-protectionism.shtml
And that’s just from halfway down the techdirt front page.
Combine that with warrantless wiretaps, extraordinary rendition, patriot act, gitmo torture, etc… and not even the gov’t is “playing by the rules”.
Anonymous may be online thugs, but to claim they’re the only ones breaking the rules is dellusional.
Re: Re: Re:2 Re:
Trails you are absolutely right. The way things are going I would consider Anonymous the good guy especially compared to MNC’s and the U.S. Gov’t.
Re: Re: Re: Re:
wake up, AAron Barr was going to submit profiles of innocent people to the FBI for interrogation so he could sell his “methods”
Re: Re:
Photo of the day:
Oh f. the internet is here!
Re: Re: Re:
Ha, that’s good. Bookmarked. Thanks.
Jailtime.
FTA: [Barr] worked to link these IRC handles to real people, in part using his social networking expertise, and he created fake Twitter accounts and Facebook profiles.
Isn’t making fake Facebook accounts a felony?
Re: Jailtime.
It’s a violation of Facebook’s TOS. The only thing that will happen is Facebook will delete your account. Hmmm… maybe that’s how to get your account deleted convince them you are fake. A federal prosecutor tried to make a violation of the Myspace TOS a felony in the Lori Drew (cyber-bullying) case but an appeals judge overturned the conviction because it would have made the law, making it illegal to access a computer without authority or exceed authority, too vague and allow every web-site with a TOS to effectively write it’s own law.
Re: Re: Jailtime.
It was a tongue-in-cheek rhetorical question hinting at the Lori Drew case and how absurd it was. But if I were genuinely confused, you would have been very helpful!
Re: Re: Re: Jailtime.
It’s hard to tell on the internet when someone is being tongue-in-cheek. I ran across someone recently who wrote that people should look up the word “treason” in the dictionary because that is what Julian Assange should be convicted of in the US. That person was serious!
Re: Re: Re:2 Jailtime.
Assange is not a us citizen and therefore couldnt be convicted of treason. However, Manning is another case.
Re: Re: Re: Jailtime.
It’s become illegal to use fake online identities for malicious or deception purposes in California now. You can thank the “cyber-bullying” crap for that:
http://www.huffingtonpost.com/2010/09/29/identity-online_n_744091.html
Re: Re: Re:2 Jailtime.
Actually, you can thank Joe Simitian for that. The state Senator introduced that law because he, himself, had been victimized by someone who spoofed his email address and sent messages to government and business associates filled with profanities. The law is restricted to impersonating an actual person not just any fake identity. The Huffpo aggregation is of an Ars Technica story that is not very accurate. A much better analysis is here:
http://www.zdnet.com/blog/perlow/analysis-californias-online-impersonation-law-effective-january-1/15322
by the noted sex columnist Violet Blue. (yeah, I was surprised too, but it is a good analysis).
Re: Re: Re: Jailtime.
Well in that case, 9/10. You lost a point for insufficient foaming. “But, but, but… Lori Drew MURDERED Megan whatsername!!1!” Always include proper nouns and capitalization in your whargarble.
Coder: You keep assuming you’re right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don’t want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
This is why various elements of the corpocracy keep making bad decisions. They’re all run by pointy-haired bosses straight out of Dilbert. From record label CEOs, to the State Department, to any number of others, the fact of the matter is most of the world’s problems are ultimately caused by an elite core of bumbling idiots that have somehow convinced themselves that they know exactly what they’re doing, when in reality they have no idea.
Re: Re:
The Dilbert reference just made making it through this long day worthwhile. Down with the pointy hair’d ones!
“elite core of bumbling idiots”
The next wave of international warfare could be brought on by the preemptive use of these fools on countries we want to fail. Hold on a sec… Egypt makes a lot more sense now.
Re: Re:
Yes it is true, any one in charge is a bumbling idiot. Who runs techdirt again?
Re: Re: Re:
Not you idiot 🙂
Re: Re: Re:
IT’s actually been scientifically proven that power makes you more set in your ways and less emotionally intelligent, as it were. I’ll try and hunt out the link for you.
Re: Re:
Actually, imo one of the most salient quotes from the article come from the para just after where that:
Later, when Barr talks about some ?advanced analytical techniques? he?s been pondering for use on the Anonymous data, the coder replies with apparent frustration, ?You keep saying things about statistics and analytics but you haven?t given me one algorithm or SQL query statement.?
Barr was claiming analysis without any analytics. That is fail, and going around spouting you’ve identified Anonymous members based on that is irresponsible and stupid. The guy walked into Anon’s reaction, epic duh.
Why Penny is going to an IRC chatroom?
Does she wants to get hacked even more?
Oh noes Penny!
Re: Re:
Maybe she thought her uncle would help her….
interesting…. history repeating itself with modern tech and a few variations.
whats the difference between todays anon type groups who activly break laws in order to make a political statement and sayyyyyy the symbionese liberation army who actively broke laws to make political statements
or the black panther party who actively broke laws to make political statements.
or students for a democratic society who broke laws to make a political statement
or those civil rights folks who routinely broke laws in the south order to make political statements.
if your anser to that is “they are all lawbreakers and need to all be rounded up and jailed” you fail miserably at historical interpretation
Re: Re:
“Those who fail to learnt he lessons of History are doomed to repeat it.”
Re: Re:
I think there is a big difference between refusing to sit at the back of the bus and hacking websites.
Re: Re: Re:
Elaborate?
Re: Re: Re:
both are law breakers that are committing an essentially victimless crime. (a defiled website is not akin to a murder case)
Re: Re: Re:
The Luddites broke everything trying to stop progress did they succeed? nope they were going against the grain and they failed.
The founding fathers where traitors.
The American Unions where based on breaking the law and to this day they are know for their dirty tactics, yet they enacted a lot of changes.
About the back of the bus thing, it was not viewed like that at the time, I don’t see how that is different from the current situation.
Thank you
for the LULZ!
This whole thing honestly reads like some sort of satire.
Re: Re:
I wouldn’t be surprised to find a David Brent working for HBGary Federal in a managerial position.
Fraud "security expert"
Aaron Barr is a fraud trying to sell his “security expert” scams to the U. S. government. That fucking crook needs to be jailed for committing fraud against the American tax payers.
Glad to see Anonymous out there exposing these right wing Christian traitors and crooks and defending Democracy. Anonymous is win. Barr is fraud.
Re: Fraud "security expert"
Does it ever even occur to you that there are Christians who don’t agree with what he and others like him do? Or is your hatred of them so deep that you lump them all into one group to better demonize them? I’d like an answer, please.
The only way to deal with Anon is with cats. The few times I have seen a human reaction from those people is probably the time they ruined the life of a guy posting videos of himself torturing a cat.
Barr should open a cat orphanage or something.
Here’s what amazes me about the doofus Aaron Barr —
In order for his “theory” on social networking analysis to “work” he is assuming that everybody with FB and twitter accounts, and those who show up in chat rooms, or post to discussion groups or blogs TELL THE TRUTH about themselves.
It’s a testament to Aaron’s total lack of self-awareness (and thus the inability to draw fundamental conclusions from that) that he LIES online and doesn’t recognize that others can do the same. How does he know that the twitter/FB profiles of his “targets” aren’t as phony as his stuff was?
The stupidity is breathtaking. I’d say that Anonymous, in the long run, probably SAVED the company a lot of money over the long haul by outing the doofus NOW before he got the company in hot water with actual clients buying into his hare-brained scheme.
Accept / Except
Aaron Barr: “At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by troll”
So what grade did this halfwit drop out of? It’s “except”, not “accept”, dink.
I’m sure gov is paying no attention to all this.
Not.
I’m sure this will all end up being nothing.
Not.
I’m sure no one will end up in jail.
Not.
Sleep well.