Bruised by Anonymous, HBGary Federal pulls out of RSA

E-mails stolen by hactivist group Anonymous indicate that the security company it targeted was proposing to make a “new breed of rootkit” and that it passed along the plan to a technology firm that caters to the federal government.

The latest in security: Hot products from RSA 2011

An attachment to one of the stolen HBGary Federal e-mails calls for creating a rootkit that would find and execute command and control messages as would a compromised machine in a botnet, according to a copy of the e-mail posted by crowdleaks.org.

The document lists the virtues of the proposed Magenta Rootkit: "New breed of rootkit - There isn't anything like this publicly/ Extremely small memory footprint - (4k or less)/Almost impossible to remove from a live running system".

The founder of HBGary (the parent company of HBGary Federal) Greg Hoglund, sent a copy of the Magenta proposal to the president of Farralon Research, Ray Owen, according to the posted e-mails. Farralon posted this brief description of itself on its Web site: "The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government."

As the stolen HBGary e-mails come to light, hints about the way the firm conducts business have come out, including an apparent plan to gather data about union organizers identified as opponents of the U.S. Chamber of Commerce. Methods used to gather the information include scraping Facebook data, which violates Facebook's terms of use.

The chamber and other security firms mentioned in the e-mails about the plan to make public statements deploring the proposal.

Beyond the revelations from the stolen e-mails, HBGary Federal has pulled out of the RSA Conference in San Francisco, saying it's in the best interest of its employees and the conference.

The company had a leased booth on the show floor, but shut it down after it was vandalized Sunday night. HBGary left behind a sign to explain its departure: "HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," the company's message reads.

The company's CEO Aaron Barr was to have revealed the names of people who make up Anonymous at the Security B-Sides conference, also being held in San Francsico this week. Barr dropped out of that conference last week after Anonymous hacked into HBGary Federal's network and stole thousands - estimates are as high as 77,000 - e-mails and posted them on the Web.

Worst moments in network security history

Anonymous said in Web posts that it had done so as a preemptive strike against HBGary Federal's plan to out its members. Anonymous posted information contained in the e-mails about what HBGary Federal had discovered about Anonymous and ridiculed it as being inaccurate and incomplete.

Anonymous became the target of HBGary after the secret group launched attacks against the Web sites of businesses that tried to quash Wikileaks posts of stolen U.S. State Department diplomatic cables. HBGary Federal e-mails indicate the firm proposed selling information about the identities of Anonymous members to the FBI.

HBGary Federal has posted the same message on its Web site that it placed in its RSA booth, and it indicates that it plans to fight back. The message reads in full: "A group of aggressive hackers known as "Anonymous" illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.

"In addition to the data theft, HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.

"Thank you to all of our employees, our customers and the security community for your continued support.

"HBGary, Inc."

Hacked and now vandalized, HBGary pulls out of RSA

Read more about wide area network in Network World's Wide Area Network section.

Tags HBGarysecuritylegalanti-malwarecybercrime

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?