Anonymous retaliates against HBGary espionage
In an article published on February 4th by Financial Times, Aaron Barr, CEO of the security services firm HBGary Federal, claims to have been spying on those frequenting the Anonymous Operations chat network.
In response, hackers under the banner of Anonymous have attacked the HBGary Federal computer system, defacing their website. They also took control of Aaron Barr’s personal twitter account where they posted his home address, telephone number, social security number, and an archive containing 50,000 messages from his HBGary email account.
Aaron Barr expressed to Financial Times that his aim was to expose the identities of Anonymous members, their individual locations, and the caliber of any influence they may have within the community. The information, Barr said, was for his upcoming talk at B-Sides security conference in San Francisco on Feb. 14 regarding information security in social media. He stated that he wanted to drum up some publicity ahead of time to help spur the debate but denied that he planned to release any of the information to Law Enforcement.
He further denied this in a February 7th interview with Forbes blogger Parmy Olson after the Anonymous attack had taken place.
“I did have a meeting with them this morning,” Barr says “They called me.”
A claim which Anonymous sources insist is an outright lie, citing an email conversation between Karen Burke (Director of Marketing & Communications for HBGary Inc,) and Aaron Barr.
On Feb 5, 2011, at 10:17 AM, Karen Burke wrote:
Thanks — I just saw the tweets and thought they were great. Will you say that you’ve been contacted by FBI (or law enforcement) as result of story?
On Sat, Feb 5, 2011 at 7:15 AM, Aaron Barr wrote:
ok Karen. I just tweeted a few posts on research and talk. This is the angle I want to stick with. If anyone asks about using this information for law enforcement I think we should say, well of course if law enforcement wants to discuss with me my research I will, its all open source, thats the thing, its all there. But my intent is not to do this work to put people
in jail, my intent is to clearly demonstrate how this can be effectively used to gather significant intelligence and potentially exploit targets of interest (the other customers will read between the lines).
In further email correspondance, Karen Burke appears to believe that Barr is becoming too emotionally involved in his Anonymous research project. On closer inspection of the emails you can clearly see Barrs childish mindset and volatile intentions.
“They still don’t get it. They think all I know is their irc names!!!!! I know their real fing names.” he brags to a colleague. “My plan is to post on the HBGary Fed and HBGary website, Daily Kos, tweet, and post on the anonymous FB page.” He goes on to reiterate “No they are not freaked out. They don’t get it…Greg will tell you. They think I have nothing but a heirarchy based on IRC aliases!”
“Hi Aaron, I don’t see the link — please resend. You are a researcher — I recommend that you write, post and tweet a blogpost about the purpose of your research and why you decided to include Anonymous as part of this research. Take the emotion out of it -> focus on the purpose. I don’t see benefit to you or company to tell them you have their real names — published or not. I think it will only antagonize them. I think we should continue to look for radio interview opportunities for you so you can share your story.”
Reading further, it becomes clear that Barr views his invasion of privacy as a game.
“as 1337 as these guys are suppsed to be they don’t get it. I have pwned them! ”
Penny Leavy, President of HBGary INC (a seperate company which invests a small percentage into HBGary Federal) stated in an interview with Crowdleaks that she was unaware of Aarons plan to sell the information to the FBI and that to her knowledge this was only supposed to be used in theoretical research. She also stated that her company would take a serious look at their current ties with HBGary Federal. She pointed out that she is a firm believer in freedom of speech and supports transparency in the government. However she feels there would have been a better way to resolve this and wished that the individuals responsible had approached her first. When asked if she supported the ideals of their cause she had this to say:
“Yes, I think any American would. It’s important to support citizens ability to criticize their government, to support their government, to provide feedback in a variety of ways. We would not be the country we are today without it. Look at all the positive things that have happened in the US because of freedom of the press. But any type of violence or in this case, a reputation issue without all the facts isn’t good, it degrades the cause.”
A member of the Anonymous Operations community spoke to Crowdleaks on the record regarding motivations behind the attacks.
“We’ve essentially decided to exact revenge on HBGary, a “security” company who thinks they’ve, in their own words, gathered personal information on 80% of the Anonymous “higher-ups.” “We’ve acquired an email sent to the company from Aaron Barr (the CEO of HBGary Federal) essentially explaining how he simply wants to keep a verbal brawl with Anonymous going to gain publicity for himself; he’s jumping on the Anonymous trend to gain attention. Not only is this propagating a falsehood, but the fact that the FBI was gullible enough to believe it (not to mention burn tax money on it) just pushed this to all different levels of ridiculous. Couldn’t just let that go.”
They continued, saying:
“It would be nice to get it out there that Ted Vera was sending out emails of skepticism towards Aaron’s actions, and that other members of the company were beginning to doubt Aaron’s findings as well. He planned to meet with the FBI tomorrow morning to negotiate prices for the document that we’ve now made public, he wanted to further his own career by trying to jump on the attention Anonymous has been getting recently. Well, he got what he wanted in the end. Yes, admittedly it was a bit harsh posting his address and social security number on Twitter, but his initial plan was to find information like that on Anonymous.”