Unmasked - Ars Technica [1]
HBGary cofounder and security researcher Greg Hoglund confirmed on Sunday evening that the latest attacks were sophisticated compared to the group’s past shenanigans. “They broke into one of HBGary’s servers that was used for tech support, and they got e-mails through compromising an insecure Web server at HBGary Federal,” Hoglund told KrebsonSecurity. “They used that to get the credentials for Aaron, who happened to be an administrator on our e-mail system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.”
As for the 60,000 e-mails that are now available to anyone with a torrent client, Hoglund argued that their publication was irresponsible and would cost HBGary millions of dollars in losses due to the exposure of proprietary information. “Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent,” Hoglund said.
It’s unlikely that Anonymous cares about what Hoglund thinks, though. Several of the company’s e-mails indicated that Barr was looking for ways to spin its info about Anonymous as a pro-HBGary PR move, which Anonymous took special issue with. The group warned HBGary that it had “charged into the Anonymous hive” and now the company is “being stung.”
“It would appear that security experts are not expertly secured,” Anonymous wrote.
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code.
In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project.
“They think I have nothing but a heirarchy based on IRC [Internet Relay Chat] aliases!” he wrote. “As 1337 as these guys are suppsed to be they don’t get it. I have pwned them! :)”
But had he?
“We are kind of pissed at him right now”
Barr’s “pwning” meant finding out the names and addresses of the top Anonymous leadership. While the group claimed to be headless, Barr believed this to be a lie; indeed, he told others that Anonymous was a tiny group.
“At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls,” he wrote in an internal e-mail. (All e-mails in this investigative report are provided verbatim, typos and all.) “Most of the people in the IRC channel are zombies to inflate the numbers.”
The show was run by a couple of admins he identified as “Q,” “Owen,” and “CommanderX”—and Barr had used social media data and subterfuge to map those names to three real people, two in California and one in New York.
Near the end of January, Barr began publicizing his information, though without divulging the names of the Anonymous admins. When the Financial Times picked up the story and ran a piece on it on February 4, it wasn’t long before Barr got what he wanted—contacts from the FBI, the Director of National Intelligence, and the US military. The FBI had been after Anonymous for some time, recently kicking in doors while executing 40 search warrants against group members.
Confident in his abilities, Barr told one of the programmers who helped him on the project, “You just need to program as good as I analyze.”
But on February 5, one day after the Financial Times article and six days before Barr’s sit-down with the FBI, Anonymous did some “pwning” of its own. “Ddos!!! Fckers,” Barr sent from his iPhone as a distributed denial of service attack hit his corporate