HBGary's Hoglund: Anonymous 'not at all what people think they are'

HBGary's chief technology officer describes his research on Anonymous and why the group is making the insider threat problem more dire.

By Robert Lemos

Page 2

They are singling out individuals within the defense establishment. We are talking about stuff where they are targeting people who are part of the Department of Defense or the intelligence community. Literally, they are putting all their personal information into planning documents -- they are targeting these people. They are going after people's family and children. They actually have all the family members listed. And they call them up on the phone. They harass them. There have been cases where death threats have been left. It's just ridiculous, and it's completely unacceptable. I had no idea about any of this before I was attacked.

For companies, you see the danger of Anonymous not in hactivism but in corporate espionage? As an insider threat?
The biggest threat to your intellectual property is your front door. Anonymous is one platform for leaking information. Anonymous is one group. There is Anonleaks. There is Wikileaks. There is CrowdLeaks.

There is a trend to recruit insider threats. And that is something that CISOs need to be aware of. There is a platform by which someone can be an insider threat, and supply information supposedly in an anonymous fashion. Even though insider threats are always there as a potential problem, they are actually exacerbating the problem. There may be more insider threats now because of this.

While Wikileaks isn't journalism, it does do a function of journalism well -- keeping sources anonymous. Is that not valuable?
There is a difference between someone willing giving information to Wikileaks, and a cyber thuggery group criminally hacking into computers and stealing that data. That's two totally separate things.

Let's be clear here, Anonymous is not protecting Wikileaks. Anonymous is a group that hacks criminally into systems, and we are talking about probably over five corporations that I know of right now in the United States that are being actively targeted by them. When they get access, they are going to steal the data off those system, e-mail, files off the file system, they are going to do everything they can, and then they are going to leak it and manipulate it and create stories about it. Basically, that is their platform.

That is something every single CISO should be scared of. They should definitely be aware of it and mitigating it.

Read more about network security in CSOonline's Network Security section.

RESOURCE CENTER