• United States



Senior Editor, Network World

Anonymous Attack on HBGary Federal Didn’t Ruin Us, Says CEO

Dec 09, 20114 mins
CybercrimeData and Information SecurityHacking

When HBGary Federal, had its website hacked and sensitive e-mail exposed by hacktivist group Anonymous last February, it became a question of how Sacramento, Calif.-based security firm HBGary could survive the damage to its reputation.

But in spite of the bruising, HBGary not only didn’t lose business customers in the course of the past year, but “we ended up getting additional business,” says Greg Hoglund, founder and CEO of HBGary. Calling it an unexpected and even “weird side effect,” Hoglund said the widely-publicized attack by Anonymous on HBGary Federal, a separate company set up by HBGary in 2009 to market to the federal government, appears to have elicited a sense of identification from many other companies. “They saw us go through things they were experiencing,” he says.

More on security:

From Anonymous to Hackerazzi: The year in security mischief-making

2011’s biggest security snafus

Last February, members of Anonymous, apparently furious that then-CEO of HBGary Federal, Aaron Barr, had publicly alluded to his effort to infiltrate the hacktivist group to expose its leaders, lashed out by breaking into the HBGary Federal website. Anonymous then seized tens of thousands of the firm’s e-mail to post them online. The dark episode even had HBGary President Penny Leavy, Hoglund’s wife, going onto an Anonymous IRC channel to basically beg for the attack to end.

Some of that e-mail included e-mail from Barr to a Bank of America law firm proposing a way to marginalize WikiLeaks, the group that in the past has published confidential corporate and government documents it secretly obtains, by hacking into it and feeding it fake documents.

However, the bigger scandal in the hacked e-mail bundle was associated with comments made about possibly “disrupting” Glenn Greenwald, a Salon columnist who has been sympathetic to WikiLeaks, as well as a proposal to undermine US Chamber Watch, a critic of the U.S. Chamber of Commerce. The scandal forced Barr to resign from HBGary Federal and when Barr wanted to discuss his experiences chasing after Anonymous in a session scheduled at the Defcon Conference in July this year, HBGary Federal said it would seek an injunction against him if he did.

HBGary was reluctant to say much about HBGary Federal. Ted Vera, COO of HBGary Federal, did not respond to a Network World inquiry to discuss its current situation either. A very long trail of inter-office e-mail correspondence between executives of HBGary and HBGary Federal even now litters the Internet, laying bare their thoughts up until that moment in February when the attack began. But today, Hoglund barely seems to want to acknowledge HBGary Federal anymore, even after having licensed his company name to it.

Hoglund waves off references to HBGary Federal and the e-mail as not consequential to HBGary itself in terms of being attacked. “We shared an e-mail service, Google, with HBGary Federal,” Hoglund says. “Anonymous never came within 2 to 3 network layers of us.”

The problems that HBGary Federal experienced, Hoglund says, were that its server was vulnerable to SQL injection attack and its e-mail password was cracked because hackers had stolen 50,000 IDs out of a poker-game server in an online game Barr had used. In his business life at HBGary Federal, Barr had “re-used the exact name and password. They had the credentials they needed to log in. Now they had the e-mail,” Hoglund says.

The devastating attack on HBGary Federal, Hoglund says, has convinced him that “you must use multi-factor authentication in every portal in your enterprise.”

Directly after the Anonymous attack on HBGary Federal, vandals tore up HBGary’s booth at the RSA Conference 2011 last February, and Barr also cancelled a presentation he was scheduled to give at another conference at that time running adjacent to RSA, saying he was getting death threats.

The investigation by law enforcement into the HBGary Federal incident is said to be ongoing. But Hoglund says he’ll be at the RSA Conference 2012 in February, speaking on the topic “Modern Cyberthreats: The Changing Face Behind the Keyboard.” He says his talk will be about advanced persistent threats, which are stealthy attacks to seize important data, and “all the things I learned about APT threats this year.”

Read more about wide area network in Network World’s Wide Area Network section.