HBGary Federal quits RSA over Anonymous WikiLeaks email

It's RSA and B-sides week here in San Francisco. but HBGary and its sister company HBGary Federal have pulled out from exhibiting and speaking. Company execs cite hacking and threats of violence against them. Anonymous WikiLeaks supporters can't help but see the irony.

Anonymous logo
By Richi Jennings. February 16, 2011.

HBGary Federal has been the subject of counter-attacks by the Anonymous group-that's-not-a-group. The insecure security company allowed its email to leak to the WikiLeaks supporters. And now HBGary has had to pull out of the RSA Conference and the related unconference, Security B-Sides. In IT Blogwatch, bloggers laugh and laugh and laugh.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention What are they putting in the Ukrainian water?..

Josh Halliday reports:

Leaked emails apparently suggest that three private security firms – HBGary Federal, Palantir Technologies and Berico Technologies – pitched a plan to undermine ... WikiLeaks ... to a law firm which has represented the Bank of America ... thought to be the next target of WikiLeaks. ... Anonymous began releasing tens of thousands of emails sent by HBGary Federal late last week, after the ... group attacked the security firm's computer systems.


Bank of America ... have said they had not known about the ...  strategy to undermine WikiLeaks ... and that HB Gary Federal was never hired on their behalf. Berico Technologies and Palantir have also attempted to distance themselves from the leaked emails. ... HBGary, an affiliate firm to HBGary Federal ... said that the actions of Anonymous were "criminal".

  Peter Bright adds:

HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for coordinating the group's actions. ... When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé ... HBGary's servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. ... A second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.


HBGary and HBGary Federal position themselves as experts in computer security. ... One might think that such an esteemed organization would prove an insurmountable challenge for a bunch of disaffected kids to hack. ... Unfortunately for HBGary ... the assumption of competence [is not] accurate, as the story of how HBGary was hacked will make clear.

Ryan Naraine notes the empty space on the RSA Conference show floor:

Security start-up HBGary has withdrawn from the RSA Conference here after the recent hacking attack that included the release of 20,000 e-mails. ... On the RSA Conference show floor, HBGary’s booth was replaced with this sign explaining the circumstances.


HBGary individuals have received numerous threats of violence. ... In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks.

Andy Greenberg says it's not just the show that's missing HBGary:

Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. ... [The] scandal ... seems to grow daily as more of its questionable practices come to light.


The firm is canceling all its executives’ talks at the RSA conference, the largest cybersecurity industry confab of the year. ... Hoglund had planned to give two presentations at the conference. ... Barr last week canceled his talk at the simultaneous B-Sides conference, which would have focused on his expose on Anonymous.

And Andrea Petrou dishes more dirt:

According to ... Crowdleaks.org ... the emails of Greg Hoglund show that HBGary could have been working on a new type of Windows rootkit. If it was released into the wild it could have caused many security issues due to the fact that it was undetectable and almost impossible to remove. ... Other emails show work that was being carried out for defence contractor General Dynamics ... HBGary was said to have developed Trojans, rootkits and other spyware programs. ... These were named under codes such as Project C , Z Task  and Task M.

Meanwhile, DJ Walker-Morgan has more bad news for the "security" company:

The scale of the disaster which has overtaken ... HBGary ... is slowly becoming clear. ... It turns out that Aaron Barr, CEO of subsidiary HBGary Federal, offered the FBI his services in illuminating the obscurity which surrounds Anonymous. ... Barr collected information on the IRC, Facebook and Twitter accounts of alleged activists.


The intruders appear to have used faked emails to persuade an administrator to allow external SSH access. The attackers had previously gained access to the root password. ... However, in view of HBGary's practice of sending even sensitive data in unencrypted plain text emails the fact that passwords found their way into the wrong hands is not particularly surprising.


And Finally...

What are they putting in the Ukrainian water?

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com.

You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon