Anonymous goes head to head with an HBGary exec. (HBGE). The HBGE comes in around line 505 as "Penny" http://pastebin.com/x69Akp5L
was an interesting and funny read. i admit to not having a single clue as to what the hell is going on, though.
The chat takes some getting used to. But, for those who haven't read it, these teenagers have a business exec's "grapes" right in their hand - and they go ahead and stomp on them. We need more sunlight on the criminals associated with HBGary.
One more thing: the HBGary exec enters around line 500 as "Penny". And then tries to connive a roomful of lulz-heads into returning the leaked emails. He pathetically tries to calmly spin every issue on a matter that you know must be killing him - and he can't even understand that the emails have *already* been disseminated and can't be recalled. A rare double play. A historical document for both technologists and comedians.
Here's a quick summary for the uninitiated of what Anonymous did to this company after Aaron Barr, CEO of HBGary Federal, threatened to sell a list of names to the FBI and was going to expose his research at a talk to the BSIDES conference (didn't happen obv). Anonymous also released his draft report for free on the Internet claiming it was nonsense. âAnonymous has: entire control of all emails for the company of hbgary.com. we have full admin control of âhbgaryfederal.com. we have wordpress control of hbgary.com all emails will be put up in a torrent. full access to all their finincials their ssns [social security numbers] their w2s [US tax reporting statement] their 1099s [US tax identification certificate] their software products their malware data (although Anonymous rmâd [deleted] their entire terabyte of data sorry) their backup server was wiped. access to their pbx system via 8Ã8.com control of their support server and their clients logins root access to rootkit.com, personal website of greg hoglund aaron barrâs ipad is now wipedâ Anonymous replaced the homepage with this declaration: img838.imageshack.us/img838/2294/internetsanon.jpg which includes the taunt, âYou have little to no security knowledge. Your business thrives off charging ridiculous prices for simple things like NMAPs, and you donât deserve praise or even recognition as security experts.â <img src=http://i.imgur.com/TvWog.jpg>
The anatomy of a hack.. long and technical read but very good if you are interested in security.. http://arstechnica.com/tech-policy/...peaks-the-inside-story-of-the-hbgary-hack.ars
I've been saying for awhile that the "blacklisting" security industry is full of shit and this story confirms my thinking... Blacklisting is the normal approach of starting with the entire internet available and blocking unwanted parties... I had all the recommended stuff running on a windoz machine once and found that in spite of all that hassle, I was connected to two notorious hacker sites!! I didn't, and don't now, have much worth hacking but should I, I'll use a whitelisting firewall. Whitelisting is applicable to a situation wherein a computer only needs to access a few url's, as in trading where you access a broker and a data supplier. When whitelisting you start with the entire internet blocked off and you tell your firewall to open to only specific url's.. hopefully your firewall is good enough so that those url's can't be spoofed of course and then you are good to go... I bet those hackers had a big party to celebrate what they did, I would have!! They did the rest of us a favor by exposing those morons in the security field.. If they failed they could have put software on thumb drives and sprinkled them around where employees take smoke breaks, eventually somebody who doesn't really give a rat's ass about company security [probably half the employees in a given situation] will take one in and plug it in... I was able to get one into a tax accounting firms computer once, I wasn't hacking them, just inputting stuff in an office of old ladies that worked part time in tax season.. it was tempting though...
I don't know why these CEOs bother. Do a Mea Culpa. The public has a sound byte attention span. Mea Culpa, wait the one or two days it takes for the public to forget once it is out of the news, and resume normal corporate life.
Watergate was made of lesser stuff than this. But, corporate media was more concerned with Lyndsey Lohan's white dress during these events! The U.S. government (Department of Justice) recommended a law firm that would attack journalists for Bank of America (a recipient of taxpayers money in TARP!) That's kind of astonishing. Then, this law firm, Hunton & Williams, hired technology experts HBGary to help with the dirty tricks campaign. The group "Anonymous" then hacked HBGary's emails and discovered dirty tricks campaigns against journalists (Salon Magazine, for example) and Unions (on behalf of the U.S. Chamber of Commerce!), all funded by your taxes and partially initiated by the U.S Department of Justice!