Did anonymous make that security firm (HBGary) look stupid?

That is an awesome article. Thanks! And, I love the professionalism of those emails between the HBGary staff. They just seem like a bunch of unserious, ill-prepared bozos.

Yeah, when I stumbled across that article (before seeing this thread), I thought for sure it was some kind of joke, like it was too good to be true. I’d love to know what’s the deal with Barr and his personal coder. I can’t imagine saying some of the stuff the coder said to even my lowest level manager, let alone to the CEO of the company. Geez.

I loved that too. I wish I trusted my employees to be that honest with me.

Heh. In reading above comments about fighting it, I thought of thisone.

…and then there’s Little Bobby Tables.

After reading that article, I am reminded of a quote from that famous American Philosopher Harry Callahan

For anyone who’s still interested, this article goes into much more detail on how the attack was carried out, step by step. The writer makes the same point that a couple of us in this thread made – namely, that HBGary made stupid mistakes and should have known better.

The long and the short of it is that they didn’t use some kind of super-duper whizz-kid code hacks. They pretty much just exploited the laziness and/or stupidity of HBGary employees who didn’t bother to follow proper security protocols.

That “Wired” article is really an Ars Technica article (they’re both Conde Nast, so the distinction is a bit muddled, but they’ve been on the story with more depth). Here’s yet another piece(older) that gets into the chat log details.

For some reason I keep imagining this guy as Fisher Stevens.

The more I read about this Aaron Barr (the above Wired/ars technica article, also this one from Wired), the happier I am that he got pwned. After reading the linked Wired article, it seems his big idea was to charge companies $2 million per month to stalk their potential enemies on Facebook. He clearly thought of himself as some kind of super cyber-sleuth, when in reality he was basically using the same tactics used by 16-year-olds to get info on/pictures of their current crush. A favorite tactic of his was to FB-stalk CEOs of potential clients, then shock them with the info he was able to gather. One example in the linked article includes the person’s name, where they went to school, that they ran in a particular 5K race, and has a picture of his kids. But it didn’t take some $2 million per month super sleuthing outfit working around the clock to get that data; about 20 seconds with Google would probably be plenty.

As others have explained more lengthily, HBGary used a web platform that was easily hackable, and Anonymous was able to hack other stuff involving the same people because they didn’t bother using different passwords for other accounts.

I don’t think Anonymous is as guerilla and faceless as others suggest though. HBGary claims to have figured out the identities of some of the major players. And personally, I don’t doubt that as much. Anonymous is largely based in 4chan, and it’s not unreasonable to think that while the mass of A is more or less random, the initiative for projects are on the whole started by a limited subset of that mass.

On top of the fact that, if HBGary hadn’t struck a real nerve, why would Anonymous bother with such a retaliation?

For the lulz.

If HBGary actually had identified the major players behind Anonymous, do you really think they’d fuck with them and take the risk of being exposed?

Wow, you want to talk about a dumbass move. Granted the news was already out, via the Financial Times, that Barr was investigating them. But for him to go on to their chat sites, to try to reason with and basically plead for them not to “get too aggressive” was only going to inflame them further and I’m stunned he didn’t realize that. I’m not saying the guy deserved to have his privacy invaded, but I can’t say feel too sorry for him.

Also, I just love the picture of Aaron Barr that keeps showing up in news stories about this. The man just screams douchebag.

The details may be different, but the basic tactics and techniques Anonymous used are no different than what was going on 15 years ago. Buffer overruns, re-used passwords, social engineering, DDoS, hash table cracking; there’s absolutely nothing new, complicated, or fancy here.

I wouldn’t think any less of Bob’s Pizza Company or Sue’s eBay Store for being taken down by this kind of attack, but an IT security company? That’s just flat-out pathetic.

Nerd rage.

Underestimate it at your peril.

QFT just for example, if the dopers took on a combined effort to really screw with a company using the kinds of brainpower, time, access, and resources available to us as a group I would be willing to bet we could give decent sized company a bloody nose in some way shape or form.

The way Anonymous is set up, if one person knows it, then Anonymous knows it. All it takes to be in Anonymous is to hack something that fits into Anonymous’s creed, and then say you are in Anonymous. It’s that loosely organized.

Yes, that one guy actually did find an IRC that the founder uses, so there is some sort of communication. But the founder is no more the leader than anyone else. He said in that article (or another one I read) that he specifically wanted Anonymous to get out of his control.

That said, I understand what you are getting at. I was over-sensationalizing it. It’s a bad habit I picked up a while back. But, still, the good hackers at least know how to execute everything remotely so they won’t get caught. It’s the noobs that are usually found.

Just saw an interesting article in business week on this whole affair. Worth a read.

Estonia, where the Russian minority is mighty unpopular. If I remember correctly it was over the Estonians tearing down an old Soviet statue commemorating Russian fallen during the Great Patriotic War.

I doubt that the Russian state was behind the attack though, several DDOSNets have their origins in the Russian Federation.

I love how it was the DOJ who recommended that Bank of America should hire the law firm that tapped HBGary to engage in cyber shenanigans against Wikileaks and critics of the Chamber of Commerce.

Nuclear death for Washington, D.C.