In an article run last Saturday in the Financial Times, Aaron Barr, CEO of security services firm HBGary Federal, claimed to have uncovered the identities of several leaders of the rogue online freedom-fighting group known as Anonymous. Group members, however, were unimpressed by Barr’s claims and have retaliated by posting over 50,000 of his firm’s emails in online torrent files, in addition to hijacking associated websites and social media accounts.
In the Financial Times story, Barr claims that a senior US member of Anonymous, using the online nickname Owen and living in New York, appears to be one of the group members targeted in recent FBI investigations. Additionally, he suggests that an Anonymous co-founder, who uses the nickname Q after the James Bond character, has been seeking replacements for Owen and other members who have dropped out of missions. Barr also claimed to have collected information, including the real names of the core group of Anonymous leaders, and that they would face serious legal consequences if the information was revealed to authorities.
The response, in true Anonymous fashion, was to hack into HBGary’s website on Sunday and post a notice refuting Barr’s claims. The notice is highly entertaining and well worth a read. They also indicated that that their confidence level was so high that they would release the information themselves.
“We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks,” the statement reads. “The personal details of Anonymous ‘members’ you think you’ve acquired are, quite simply, nonsense. So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free.”
Anonymous members had hacked into and copied the email archive of HBGary security researcher and co-founder Greg Hoglund. They allegedly demanded that Barr be fired and his salary donated to the Bradley Manning defense fund.
Later on Sunday evening, HBGary President Penny Leavy was spotted in Anonymous IRC chat rooms trying to make a deal with the group so they wouldn’t release the sensitive data to the public. “Guys, I can’t fire someone that owns a portion of the company,” Leavy reportedly told them. “What i can promise is we will have a meeting to discuss next steps”.
That was apparently not the answer the group wanted to hear, and the emails were subsequently posted to torrent sites.
“They broke into one of HBGary’s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal,” Hoglund told Krebon Security in a phone interview. “They used that to get the credentials for Aaron, who happened to be an administrator on our email system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.”
“Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent,” Hoglund stated. “They didn’t just pick on any company, but we try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on.”
Anonymous, clearly still undaunted, published another press release about the situation Monday:
“Unlike you, Aaron, we did our research, we know who you are, and now, so will everyone else. Although you have managed to ruin your credibility in an attempt to further it, you did provide us with entertainment, albeit very briefly.
“Anonymous does not have leaders. We are not a group, we are not an organization. We are just an idea. What we have done today will appear harsh. It is harsh. We will respond to those who seek to threaten us. We understand that our participants have been concerned about recent FBI raids and companies such as HBGary Federal lurking and logging our chats, so we’ve given all of Anonymous a message: we will fight back.”
Obviously, the Anons have this time chosen to hack a group that should know a bit more about security than the average company, but that has fared the target no better than the rest. We’ll likely be seeing the fallout from this incident for several days, or even weeks, to come.