HBGary

Last updated

HBGary
Industry Computer software
Computer security
Founded2003 [1]
Founder Greg Hoglund
FateBought out
HeadquartersOffices in Sacramento, California, Washington, D.C., and Bethesda, Maryland. [2]
Key people
Greg Hoglund
(Founder & CEO)
Penny Leavy
(President)
Aaron Barr
(Former CEO of HBGary Federal)
Website HBGary Inc.

HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Government, [3] and HBGary, Inc. [4] Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators. [5] On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International. [6] At the same time, HBGary Federal was reported to be closed. [6]

Contents

History

The company was founded by Greg Hoglund in 2003. [1] In 2008, it joined the McAfee Security Innovation Alliance. [5] The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences. [7] [8] HBGary also analyzed the GhostNet and Operation Aurora events. [3] [7]

HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance. [9] As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies. [10]

HBGary was acquired by ManTech International in February 2012. [6]

WikiLeaks, Bank of America, Hunton & Williams, and Anonymous

Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit

HBGary programmer to Barr disparaging his plan with a reference to an episode of South Park . [11]

In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers. [3]

In early 2011, Barr claimed to have used his techniques to infiltrate Anonymous, [3] [12] [13] partly by using IRC, Facebook, Twitter, and by social engineering. [3] [14] His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients, [3] [15] including the FBI. [16] In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology. [3] [17] In a communiqué, Anonymous denied association with the individuals that Barr named. [18] [19]

On 5–6 February 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge. [14] [20] [21] Anonymous also claimed to have wiped Barr's iPad remotely. [3] [15] [22] [23] The Anonymous group responsible for these attacks became part of LulzSec. [24]

Content of the emails

Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to WikiLeaks' planned release of the bank's internal documents. [4] [25] "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error." [26]

As a means of undermining Wikileaks, Aaron Barr suggested faking documents to damage Wikileaks' reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist Glenn Greenwald and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers. [27]

In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks. [28]

Emails indicate Palantir Technologies, Berico Technologies, and the law firm Hunton & Williams, which was acting for Bank of America at the recommendation of the US Justice Department, [16] all cooperated on the project. [26] Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups. [29]

Fallout

The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal:

Astroturfing

It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an "army" of multiple fake social media profiles. [38] [39]

Malware development

HBGary had made numerous threats of cyber-attacks against WikiLeaks. The hacked emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code-named Magenta, [16] that would be "undetectable" and "almost impossible to remove." [40]

In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for the Middle East & Asia" [ sic ] which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks. [41]

Acquisition by ManTech International

On 29 February 2012, ManTech International announced its purchase of HBGary, Inc. [42] Financial terms of the acquisition were not disclosed other than to say it was an "asset purchase", which excludes legal and financial liabilities. [42]

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Stratfor</span> American geopolitical advising firm

Strategic Forecasting Inc., commonly known as Stratfor, is an American strategic intelligence publishing company founded in 1996. Stratfor's business model is to provide individual and enterprise subscriptions to Stratfor Worldview, its online publication, and to perform intelligence gathering for corporate clients. The focus of Stratfor's content is security issues and analyzing geopolitical risk.

<span class="mw-page-title-main">WikiLeaks</span> News leak publishing organisation

WikiLeaks is a media organisation and publisher of leaked documents. It is a non-profit and is funded by donations and media partnerships. It has published classified documents and other media provided by anonymous sources. It was founded in 2006 by Julian Assange, an Australian editor, publisher, and activist, who is currently challenging extradition to the United States over his work with WikiLeaks. Since September 2018, Kristinn Hrafnsson has served as its editor-in-chief. Its website states that it has released more than ten million documents and associated analyses. WikiLeaks' most recent publication of original documents was in 2019 and its most recent publication was in 2021. From November 2022, numerous documents on the organisation's website became inaccessible. In 2023, Assange said that WikiLeaks is no longer able to publish due to his imprisonment and the effect that US government surveillance and WikiLeaks' funding restrictions were having on potential whistleblowers.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT. For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak. HBGary was later acquired by a large defense contractor.

Palantir Technologies Inc. is a public American company that specializes in software platforms for big data analytics. Headquartered in Denver, Colorado, it was founded by Peter Thiel, Nathan Gettings, Joe Lonsdale, Stephen Cohen, and Alex Karp in 2003. The company's name is derived from The Lord of the Rings where the magical palantíri were "seeing-stones," described as indestructible balls of crystal used for communication and to see events in other parts of the world.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

WikiLeaks, a whistleblowing website founded by Julian Assange, has received praise as well as criticism from the public, hacktivists, journalist organisations and government officials. The organisation has revealed human rights abuses and was the target of an alleged "cyber war". Allegations have been made that Wikileaks worked with or was exploited by the Russian government and acted in a partisan manner during the 2016 U.S. presidential election.

Jake Leslie Davis, best known by his online pseudonym Topiary, is a British hacktivist. He has worked with Anonymous, LulzSec, and other similar groups. He was an associate of the Internet group Anonymous, which has publicly claimed various online attacks, including hacking HBGary, Westboro Baptist Church, and Gawker. They have also claimed responsibility for the defacing of government websites in countries such as Zimbabwe, Syria, Tunisia, Ireland, and Egypt.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Barrett Brown</span> American journalist, essayist and activist

Barrett Lancaster Brown is an American journalist, essayist, activist and former associate of Anonymous. In 2010, he founded Project PM, a group that used a wiki to analyze leaks concerning the military-industrial complex. It was classified a "criminal organization" by the Department of Justice. In late 2020, Brown restarted Project PM.

WikiLeaks began publishing emails leaked from strategic intelligence company Stratfor on 27 February 2012 under the title Global Intelligence Files. By July 2014, WikiLeaks had published 5,543,061 Stratfor emails. Wikileaks partnered with more than 25 world media organisations, including Rolling Stone, L’Espresso and The Hindu to analyse the documents.

On 5 July 2012, WikiLeaks began publishing what it called the Syria Files, a collection of more than two million emails from Syrian political figures and ministries and from companies including Finmeccanica and Brown Lloyd James dating from August 2006 to March 2012. The emails were hacked by Anonymous before being given to WikiLeaks for release.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

<span class="mw-page-title-main">Mustafa Al-Bassam</span> British computer hacker and co-founder of LulzSec

Mustafa Al-Bassam is a British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

Ryan Ackroyd, a.k.a.Kayla and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS, and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the C.I.A.

Xetron Corporation is a Northrop Grumman Corporation subsidiary and government contractor developing software and communications systems.

References

  1. 1 2 HBGary At A Glance Archived 28 March 2009 at the Wayback Machine , www.hbgary.com,
  2. HBGary :: Detect. Diagnose. Respond. Archived 7 July 2014 at the Wayback Machine HBGary official website, via www.hbgary.com on 2011 02 11
  3. 1 2 3 4 5 6 7 8 9 Anderson, Nate (10 February 2011). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. Retrieved 27 July 2022.
  4. 1 2 Ragan, Steve (9 February 2011). "Data intelligence firms proposed a systematic attack against WikiLeaks". The Tech Herald. Monsters and Critics. Archived from the original on 11 February 2011. Retrieved 11 February 2011.
  5. 1 2 HBGary Unveils Digital DNA™ Technology , Press Release, karenb, forensicfocus.com 3 12 2009, retr 2011-02-11
  6. 1 2 3 Anderson, Mark (29 February 2012). "Cyber security firm HBGary bought by ManTech International". Sacramento Business Journal. Retrieved 29 February 2012.
  7. 1 2 Researcher 'Fingerprints' The Bad Guys Behind The Malware, Kelly J. Higgins, Dark Reading, 6 22 2010, retr 2011-02-11
  8. Basic Malware Analysis Using Responder Professional by HBGary. Black Hat #174; Technical Security Conference: USA 2010 retr 2011-02-11
  9. Elliott, Justin (16 February 2011). "Firm in WikiLeaks plot has deep ties to Feds". Salon.com . Retrieved 16 February 2011.
  10. Anderson, Nate (24 February 2011). "Anonymous vs. HBGary: the aftermath". Ars Technica . Retrieved 25 February 2011.
  11. Anderson, Nate (9 February 2011). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica . Retrieved 9 February 2011.
  12. "Hacktivists take control of internet security firms". The Independent. 8 February 2011. Retrieved 27 July 2022.
  13. Menn, Joseph (4 February 2011). "Cyberactivists warned of arrest". Financial Times. Retrieved 19 December 2022.
  14. 1 2 Bright, Peter (15 February 2011). "Anonymous speaks: the inside story of the HBGary hack". Ars Technica . Retrieved 18 February 2011.
  15. 1 2 Olson, Parmy (7 February 2011). "Victim of Anonymous Attack Speaks Out". Forbes . Retrieved 11 February 2011.
  16. 1 2 3 Olson, Parmy. "Victim Of Anonymous Attack Speaks Out". Forbes. Retrieved 27 July 2022.
  17. Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead Mike Masnick, TechDirt.com 11 Feb. 2011
  18. Anonymous statement from hacked HBGary Website Anonymous, Feb. 2011
  19. "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. 10 February 2011. Retrieved 20 February 2016.
  20. Olson, Parmy. "Anonymous Takes Revenge On Security Firm For Trying To Sell Supporters' Details To FBI". Forbes. Retrieved 27 July 2022.
  21. "Anonymous makes a laughing stock of HBGary - the H Security: News and Features". Archived from the original on 8 December 2013.
  22. Menn, Joseph (7 February 2011). "'Hacktivists' retaliate against security expert". Financial Times . Retrieved 11 February 2011.
  23. Anderson, Nate (10 February 2011). "(Virtually) face to face: how Aaron Barr revealed himself to Anonymous". Ars Technica . Retrieved 11 February 2011.
  24. Acohido, Byron (20 June 2011). "Who's who among key LulzSec hackitivists". USA Today. Retrieved 3 June 2013.
  25. Leyden, John (17 February 2011). "Anonymous security firm hack used every trick in book". The Register . Retrieved 18 February 2011.
  26. 1 2 3 "Firm targeting WikiLeaks cuts ties with HBGary - apologizes to reporter - Security". 12 February 2011. Archived from the original on 12 February 2011. Retrieved 27 July 2022.
  27. Anderson, Nate (14 February 2011). "Spy games: Inside the convoluted plot to bring down WikiLeaks". Ars Technica. Retrieved 17 October 2021.
  28. "辽宁住宿票 餐饮票-辽宁开酒店票-晋中出租车票-的士票".
  29. Hacked Documents Show Chamber Engaged HBGary to Spy on Unions emptywheel, FireDogLake, 10 Feb. 2011
  30. Pastebin - log of Anonymous IRC channel audience with Penny Leavy of HBGary Inc Anonymous, pastebin 7 Feb. 2011
  31. Collamore, Tom (10 February 2011). "More Baseless Attacks on the Chamber". US Chamber of Commerce. Archived from the original on 16 February 2011. Retrieved 18 February 2011.
  32. 1 2 Collamore, Tom (11 February 2011). "Another Smear from the Center for American Progress". US Chamber of Commerce. Archived from the original on 17 February 2011. Retrieved 18 February 2011.
  33. Fang, Lee (10 February 2011). "EXCLUSIVE: US Chamber's Lobbyists Solicited Hackers To Sabotage Unions, Smear Chamber's Political Opponents". Think Progress. Center for American Progress . Retrieved 10 February 2011.
  34. "Berico Technologies severs ties with HBGary over WikiLeaks plot". Archived from the original on 2 January 2012. Retrieved 27 January 2012.
  35. Paul Roberts (28 February 2011). "HBGary Federal CEO Aaron Barr Steps Down". threatpost.com. Archived from the original on 2 March 2011.
  36. Justin Elliott (1 March 2011). "Democrats call for probe of top D.C. law firm". salon.com.
  37. Zetter, Kim (17 March 2011). "Congress Asks to Review DoD and NSA Contracts With HBGary". Wired.
  38. Darlene Storm (22 February 2011). "Army of fake social media friends to promote propaganda". Computerworld Inc. Archived from the original on 24 February 2011. Retrieved 24 February 2011.
  39. Cory Doctorow (18 February 2011). "HBGary's high-volume astroturfing technology and the Feds who requested it". BoingBoing. Retrieved 25 February 2011.
  40. "HBGary INC. working on secret rootkit project. Codename: "MAGENTA"". Crowdleaks. 14 February 2011. Archived from the original on 17 February 2011. Retrieved 14 February 2011.
  41. Anderson, Nate (14 February 2011). "Spy games: Inside the convoluted plot to bring down WikiLeaks". Ars Technica . Retrieved 10 April 2011.
  42. 1 2 Leyden, John (29 February 2012). "US gov IT services vendor swallows HBGary". The Register. Retrieved 26 April 2012.