Greg Hoglund

Last updated
Greg Hoglund
NationalityAmerican
SpousePenny C. Leavy [1]

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. [2] [3] It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT (Advanced persistent threat). For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak (see below, Controversy and email leak). HBGary was later acquired by a large defense contractor. [4]

Contents

Entrepreneurship

Hoglund has founded several security startup companies which were still in operation today:

Patents

Research and authorship

As an author, Hoglund wrote Exploiting Software: How to Break Code, Rootkits: Subverting the Windows Kernel and Exploiting Online Games: Cheating Massively Distributed Systems, and was a contributing author on Hack Proofing Your Network: Internet Tradecraft. He was a reviewer for the Handbook of SCADA/Control Systems Security. He has presented regularly at security conferences such as Black Hat Briefings, DEF CON, DFRWS, FS-ISAC, and RSA Conference, among others. Hoglund drew the attention of the media when he exposed the functionality of Blizzard Entertainment's Warden software, used to prevent hacking in the popular game World of Warcraft .

Books

Articles

Controversy and email leak

HBGary found controversy in 2011 after corporate emails were leaked from the now defunct sister company HBGary Federal. Of particular note, the founder of HBGary Federal, Aaron Barr, had authored a draft Powerpoint presentation on information warfare (IW) that was the subject of much interpretation by online reporters and bloggers. It outlined controversial information warfare strategies and techniques, including background checks to discredit online reporters/bloggers, OSINT monitoring of detractors, and disinformation to discredit Wikileaks. This presentation was never shown to be used, and the supposed customers of this work were never actually customers of HBGary Federal, and further stated they were not aware of the presentation. [15]

After the incident in 2011, several hackers branded the attack on HBGary as the work of Anonymous. [16] Later, this branding was abandoned and replaced with the hacking group LulzSec. At this time, the identities of the hackers behind LulzSec were not known. In an interview after the attack, Hoglund characterized the group as criminal hackers and revealed that he had recently refocused HBGary's attribution team, previously used to hunt down Chinese APT (Advanced persistent threat), to instead discover the identities of the Lulzsec hackers. [17] Less than six months later, the leader of LulzSec, Hector Xavier Monsegur (aka Sabu), had been secretly arrested by the FBI and turned into an informant against the rest of Anonymous. HBGary admitted to working closely with law enforcement, and was later given credit for their assistance to the FBI in the investigation that lead to the arrest of the LulzSec leader Hector Xavier Monsegur (aka Sabu). [18]

rootkit.com

Hoglund also founded and operated rootkit.com, [19] a popular site devoted to the subject of rootkits. Several well known rootkits and anti-rootkits were hosted from rootkit.com, including Jamie Butler's FU rootkit, Hacker Defender by HF, Bluepill by Joanna Rutkowska and Alexander Tereshkin, ShadowWalker by Sherri Sparks, FUTo by Peter Silberman, BootKit by Derek Soeder (eEye), and AFX Rootkit by Aphex. A complete list can be found on the wayback engine for rootkit.com Last snapshot of rootkit.com on Wayback. [20] Rootkit.com's original site administrators were Greg Hoglund, Charles Weidner (Handle Redacted), Fuzen_Op (Jamie Butler), Barns (Barnaby Jack), Caezar of GhettoHackers (Riley Eller), Talis (JD Glaser of NTObjectives), and Vacuum of Technotronic. At its peak, rootkit.com had 81,000 users.

Rootkit.com was compromised in 2011 via Social engineering (security) as part of the LulzSec attack by Hector Xavier Monsegur (aka Sabu) and the user database was leaked. [21] The leaked user database was then used for research against the Chinese Government-sponsored hacking group commonly known as 'APT1'. [22] The rootkit.com site since remains offline.

Physical memory forensics

Hoglund was an early pioneer in the research and development of physical memory forensics, now considered standard practice in computer forensics in law enforcement. He saw the physical memory as a complex snapshot of interrelated structures and data arrays, instead of just a flatfile full of strings. The original application was not forensics, but rootkit detection and process hiding – showing how physical memory forensics grew partly from rootkit development. [23] With the release of HBGary's product Responder in 2008, Hoglund was one of the first to deliver OS reconstruction to the market, pivotal in the use of physical memory to reconstruct software and user behavior. Responder PRO continues to be a staple tool for law enforcement and incident response today.

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Use of computers and computer networks as a means of protest to promote political ends

In Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Rootkit</span> Software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

<span class="mw-page-title-main">Stratfor</span> American geopolitical advising firm

Strategic Forecasting Inc., commonly known as Stratfor, is an American geopolitics publisher and consultancy founded in 1996. Stratfor's business model is to provide individual and enterprise subscriptions to Stratfor Worldview, its online publication, and to perform intelligence gathering for corporate clients. The focus of Stratfor's content is security issues and analyzing geopolitical risk.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Hammond is an American activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Antisec Movement</span> Hacking (computer security)

The Anti Security Movement is a movement opposed to the computer security industry. Antisec is against full disclosure of information relating to

The Jester is an unidentified computer vigilante who describes himself as a grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks, 4chan, Iranian President Mahmoud Ahmadinejad, and Islamist websites. He claims to be acting out of American patriotism. The Jester uses a denial-of-service (DoS) tool known as "XerXeS", that he claims to have developed.

HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Government, and HBGary, Inc. Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators. On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International. At the same time, HBGary Federal was reported to be closed.

Jake Leslie Davis, best known by his online pseudonym Topiary, is a British hacktivist. He has worked with Anonymous, LulzSec, and other similar groups. He was an associate of the Internet group Anonymous, which has publicly claimed various online attacks, including hacking HBGary, Westboro Baptist Church, and Gawker. They have also claimed responsibility for the defacing of government websites in countries such as Zimbabwe, Syria, Tunisia, Ireland, and Egypt.

<span class="mw-page-title-main">LulzSec</span> Hacker group

Lulz Security, commonly abbreviated as LulzSec, was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

TeaMp0isoN was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Hector Xavier Monsegur, known also by the online pseudonym Sabu, is an American computer hacker and co-founder of the hacking group LulzSec. Facing a sentence of 124 years in prison, Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups. LulzSec intervened in the affairs of organizations such as News Corporation, Stratfor, UK and American law enforcement bodies and Irish political party Fine Gael.

<span class="mw-page-title-main">Barrett Brown</span> American journalist, essayist and activist

Barrett Lancaster Brown is an American journalist, essayist, activist and former associate of Anonymous. In 2010, he founded Project PM, a group that used a wiki to analyze leaks concerning the military-industrial complex, which was labeled a "criminal organization" by the Department of Justice. In late 2020, Brown restarted Project PM.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

<span class="mw-page-title-main">Mustafa Al-Bassam</span>

Mustafa Al-Bassam is a British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. He is currently the CEO of Celestia Labs, a company responsible for building the Celestia blockchain. in 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

<span class="mw-page-title-main">Ryan Ackroyd</span>

Ryan Ackroyd, a.k.a.Kayla and lolspoon, is a former black hat hacker who was one of the six core members of the hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. At the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

References

  1. Nate Anderson (February 10, 2011). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica.
  2. Nate Anderson (19 February 2011). "Black ops: how HBGary wrote backdoors for the government". Ars Technica.
  3. Tim Greene (19 February 2011). "Stolen HBGary e-mails indicate it was planning a "new breed of rootkit"". Network World. Archived from the original on 15 October 2012.
  4. staff (2 April 2012). "HBGary acquisition by ManTech complete". Sacramento Business Journal.
  5. "About Us : Reverse Engineering Rootkits by Greg Hoglund, HBGary & Rich Cummings, HBGary". Black Hat. Retrieved 2011-06-20.
  6. "Web Application Security". Cenzic.com. Archived from the original on 2014-08-30. Retrieved 2011-06-20.
  7. Krill, Paul (2004-09-14). "LogicLibrary buys BugScan | Developer World". InfoWorld. Archived from the original on 2008-05-15. Retrieved 2011-06-20.
  8. MandaSoft (2 April 2012). "ManTech International Corporation will acquire HBGary Inc". BusinessWire.
  9. USgrant 8484152,Michael Gregory Hoglund,"Fuzzy Hash Algorithm",published 2009-6-26
  10. USgrant 7620851,Michael Gregory Hoglund,"Fault injection methods and apparatus",published 2007-1-31
  11. USapplied 20120110673,Michael Gregory Hoglund,"Inoculator and antibody for computer security",published 2011-9-23
  12. USapplied 20110067108,Michael Gregory Hoglund,"Digital DNA sequence",published 2011-9-23
  13. USapplied 20010013052,Greg Hoglund,"Universal method and apparatus for disparate systems to communicate",published 2001-8-09
  14. "Phrack Magazine". Phrack.org. Retrieved 2011-06-20.
  15. Eric Lipton (11 February 2011). "Hackers Reveal Offers to Spy on Corporate Rivals". New York Times.
  16. Brian Krebs (7 February 2011). "HBGary Federal Hacked by Anonymous". Krebs on Security.
  17. Rob Lemos (22 March 2011). "HBGary's Hoglund sheds light on Anonymous". Computerworld.
  18. U.S. Attorney's Office (6 March 2012). "Hacker of Sacramento Company HBGary Pleads Guilty". Federal Bureau of Investigation.
  19. "Rootkit.com". Archived from the original on 2007-04-06. Retrieved 2013-10-19.
  20. "rootkit - dot com". rootkit.com. Archived from the original on 5 February 2011.
  21. Lucian Constantin (14 February 2011). "Rootkit.com Compromise Poses Risks to Other Sites". softpedia.
  22. Gerry Smith (19 February 2013). "Anonymous Helps Researchers Link Hackers To Chinese Army". Huffington Post.
  23. Greg Hoglund (25 May 2011). "A Brief History of Physical Memory Forensics". Fast Horizon.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.