2011-02-08 Anonymous Hacks Security Company Hired to Investigate It

Under the title Anonymous Hacks Security Company HBGary, Dumps 50,000 Emails Online readwriteweb.com broke this story yesterday:

A security company that's been working with the government to track down the cyber-activists involved with Anonymous has now become the target of that very group.

HBGary's website has been defaced and its CEO Aaron Barr has had his social media accounts hijacked and his personal information leaked online - all in retribution for his claims that he had infiltrated Anonymous, the loosely-affiliated collective of hacktivists.

I also have heard from Anonymous sources that they got copies of all the source code for the company's security products. Maybe they need to hire some computer security experts themselves. The article goes on:

The actions by Anonymous follow a recent story in The Financial Times in which Barr claimed that he had "penetrated Anonymous as part of a project to demonstrate the security risks to organisations from social media and networking." In the article, Barr identified people he said were key members of the Anonymous "hierarchy," including a co-founder in the U.S. and leaders in Britain, Germany, the Netherlands, Italy and Australia. Barr claimed he had discovered these individuals' identities via Facebook and Internet Relay Chat (IRC).

Anonymous dispute Barr's findings, claiming the group has no such hierarchy or leadership. Anonymous also contends that Barr was poised to sell some of this data to the FBI. Law enforcement in the U.S. and Europe have been tracking Anonymous, with several arrests made late last month.

In a very tongue-in-cheek press release on the AnonNews site, Anonymous writes that "Mr Barr has successfully broken through our over 9000 proxy field and into our entirely non-public and secret insurgent IRC lair, where he then smashed through our fire labyrinth with vigor, collected all the gold rings on the way, opened a 50 silver key chest to find Anon's legendary hackers on steroids password."

Less tongue-in-cheek, the hacking of Barr's social media accounts and the hijacking of HBGary's website. Tweets from Barr's hacked account include links to torrents of over 50,000 HBGary emails. The tweets also claim that hackers have full administrative access to the company's website, all its financials, and its software products.

HBGary founder Greg Hoglund has told Krebs on Security that Anonymous "didn't just pick on any company, but we try to protect the US government from hackers. They couldn't have chosen a worse company to pick on." For its part, Anonymous contends that HBGary couldn't have picked a worse group to pick on.