Unmasked - Ars Technica [32]
Over the last week, this part of the story became well known. What was not visible outside the hallways of HBGary’s Sacramento offices, however, was just how long the attacks continued. Indeed, although the electronic assault stopped soon after it began, the harassment has yet to end.
Butterworth sounded tired as he recounted the days for us—when we spoke, 17 days had passed since the initial attack. Since then, HBGary has been flooded with phone calls and voicemails of the “you should be ashamed of yourself” type and worse; the fax machines have been overwhelmed with Anonymous outpourings; people have been “directly threatening our employees with extortion”; threats have been made. Then came RSA.
Butterworth, with a long career in military signals intelligence and private security firms, is no stranger to the dark world of cyberattacks, but he’s used to adversaries who retreat after an electronic strike.
Instead, he believes that Anonymous has “decided to continue their antics. They’re in it for the laughs… this is a real funny game for them.” Not content with the damage they have inflicted, they “harass a company that’s trying to get back to work.” Each time a new story about the company appears in the press, Butterworth said that these attacks spike again.
“Millions in damages”
The fallout from the whole debacle endures. In the wake of the attack, HBGary’s Penny Leavy and Greg Hoglund (they are married) entered the Anonymous IRC channel #ophbgary to plead in vain for Greg’s e-mails to stay private. (Several less relevant remarks have been removed from the transcript for easier reading.)
<+greg> so you got my email spool too then
<&Sabu> yes greg.
<@`k> greg we got everything
<+Agamemnon> Greg, I’m curious to know if you understand what we are about?
Do you understand why we do what we do?
<+greg> you realize that releasing my email spool will cause
millions in damages to HBGary?
<@`k> yes
<+c0s> greg: another reason its not out yet.
<+Agamemnon> yes we do greg
<@`k> greg is will be end of you :) and your company
Asked if HBGary has in fact seen a financial impact from the Anonymous attack, Butterworth would only say, “Time will tell.” He did admit that the hack had an impact on the company—”the tainting of a brand name, a company that has a very good product”—and that “we’ve received indications that folks are having second thoughts” about working with the firm.
The company also had to devote nearly a week of its time to performing client notification, a job that must’ve been anything but pleasant. And Butterworth has been tasked with overseeing HBGary’s internal forensic investigation into the attack. He hopes to compile enough information to eventually prosecute those responsible.
“A lot of federal crime has been committed,” he said.
Despite the fact that the attackers hid themselves behind Tor software and proxy servers, he believes the company stands a “very good chance” of catching the perpetrators.
But what has the attack meant for Anonymous, HBGary Federal’s Aaron Barr, and the security companies linked with Barr’s ideas?
Anonymous
For Anonymous, the most obvious result of the hack was publicity, glorious publicity. The attack has been covered in every outlet from Ars to the BBC and back again, though the group was unbelievably lucky to stumble on a cache of e-mails involving dirty tricks against WikiLeaks and using intelligence assets against pro-union websites. Without those revelations, the hack and e-mail release might have looked far more self-interested—Anonymous protecting its mask.
Why have the attacks on HBGary Inc. continued? We spoke to people with knowledge of the initial Anonymous hack. All have denied the existence of continuing operations against HBGary and note that the IRC channel used for coordination, #ophbgary, has been shuttered; most expressed disbelief that these attacks are even happening.
We asked HBGary for a copy of some of the faxes received at its offices, but were told that the fax machines had been turned over to the authorities