Unmasked - Ars Technica [10]
But there has been no more to come. Twitter has now locked the account, according to Anonymous.
The persecution was brutal. People began defacing images of Barr, hosting them all in a central repository for easy viewing—they even dredged up a personal picture of the man dressed as The Hulk for a round of trick-or-treating with his kid. HBGary, a part owner of HBGary Federal, sent its own President Penny Leavy into the Anonymous chat rooms to ask them to stop—or at least to keep the e-mails private. Anonymous did not, demanding instead Barr’s resignation.
Members of the group have spent today apparently prepping to release a new e-mail archive from Leavy’s husband, the respected security pro Greg Hoglund, whose own site rootkit.com was compromised by (allegedly) a 16-year-old through a bit of social engineering. The persecution continues.
When Aaron Barr was finalizing a recent computer security presentation for the US Transportation Security Administration, a colleague had a bit of good-natured advice for him: “Scare the sh*t out of them!”
In retrospect, this may not have been the advice Barr needed. As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients—and quickly—as the startup business hemorrhaged cash. To do so, he had no problem with trying to “scare the sh*t out of them.” When working with a major DC law firm in late 2010 on a potential deal involving social media, for instance, Barr decided that scraping Facebook to stalk a key partner and his family might be a good idea. When he sent his law firm contact a note filled with personal information about the partner, his wife, her family, and her photography business, the result was immediate.
“Thanks. I am not sure I will share what you sent last night—he might freak out.”
This rather creepy behavior became common; Barr used it as a sign of his social media prowess. Another target of his investigations went to “a Jewish Church in DC, the Temple Micah.” Someone else “married @ the Inn at Perry Cabin in St. Michaels, MD (non-denominational ceremony).” Barr was even willing to helpfully guesstimate the ages of children in photographs (“they have 2 kids, son and daughter look to be 7 and 4”).
With one potential client, Barr sifted the man’s social media data and then noted that “I am tempted to create a person from his highschool and send him a request, but that might be overstepping it.”
As the money ran out on HBGary Federal, Barr increasingly had no problem “overstepping it.” In November, when a major US bank wanted a strategy for taking down WikiLeaks, Barr immediately drafted a presentation in which he suggested “cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France, putting a team together to get access is more straightforward.”
Faking documents seemed like a good idea, too, documents which could later be “called out” so as to make WikiLeaks look unreliable.
And Barr wanted to go further, pushing on people like civil liberties Salon.com columnist Glenn Greenwald—apparently hoping to threaten their livelihoods. “These are established professionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause, such is the mentality of most business professionals,” he wrote. “Without the support of people like Glenn WikiLeaks would fold.”
When the US Chamber of Commerce wanted to look into some of its opponents, Barr teamed with two other security companies and went nuts, proposing that the Chamber create an absurdly expensive “fusion cell” of the kind “developed and utilized by Joint Special Operations Command (JSOC)”—and costing $2 million a month. And if the fusion cell couldn’t turn up enough opposition research, the security firms would be happy to create honeypot websites to lure the Chamber’s union-loving opponents in order to grab more data from them.
The security companies even began grabbing tweets from liberal activists and mapping the connections