Security researchers have been in the bull's eye before, but the loosely affiliated hacking group's skilled attack against HBGary Federal and HBGary has raised concerns of the potentially wider damage the group could wreak. It also has served as a chilling reminder of the risks faced by researchers investigating attack groups. The targeted attack on HBGary Federal appears to be a departure from the group's DDoS modus operandi, framed by its DDoS protests against PayPal, MasterCard, and Visa, among other organizations, in support of WikiLeaks and its founder in what the attackers had dubbed Operation Payback.
Anonymous broke into HBGary Federal's servers, as well as that of CEO Aaron Barr's Twitter account, in apparent retaliation for Barr's investigative research into the group and its leaders. It all started when Barr, who is scheduled to discuss his related social networking research at the BSides conference in San Francisco next week, said in a Financial Times article this weekend that he was able to get the names of some of the leaders of Anonymous, as well as some information on their locations -- in California, the U.K., Germany, The Netherlands, Italy, and Australia, he said.
Although Barr said he had no plans to hand over the names of individuals he had unmasked, that didn't dissuade the Anonymous group from striking out at him: "You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung," Anonymous said in an online posting in the attack.
Greg Hoglund, founder and CEO of HBGary, says the attack against HBGary and HBGary Federal constitutes a serious crime, not merely a hactivist statement. "They got our email, one of our tech support machines, and rootkit.com," which is Hoglund's research site, he says. "You could have said they were hactivists before this. But now they've committed federal crimes, stolen intellectual property, and posted it on the Internet. That's a whole different thing -- it's not altruistic. This is a criminal organization, and it borders on cyberterrorism.
"They had a platform before, DDoS ... but that pales in comparison to a data breach and stealing millions of dollars in damages and leaking IP [intellectual property]."
So far it doesn't appear that any of HBGary's technology was accessed or stolen by the group, he says. "They didn't get any source code. That's stored on a separate network," he says. But Hoglund's email spool that was breached includes a lot of sensitive information about customers, strategy, and marketing plans, which is intellectual property, he says.
The breach at HBGary -- which is a separate company from HBGary Federal -- appears to be collateral damage from the HBGary Federal hack, he says. "One of the individuals at HBGary Federal was an admin on our Google email system -- we use Google to host it all. They were able to get access to the entire account," he says.
And Anonymous socially engineered a systems administrator to provide them access to rootkit.com. "It wasn't an exploit," Hoglund says.
Security researchers know that potentially becoming the target of hackers goes with the territory. Researcher Dan Kaminsky was hit by a nasty hack two years ago on his Website, email, and Twitter accounts by a group of black hat hackers who stole passwords, emails, and instant message chats from Kaminsky. Other security figures, such as Kevin Mitnick, and security firms, including Matasano Security, have been targeted in the past. "Any of us could be targets," says Jack Daniel, one of the founders of BSides.
"It's the nature of people willing to do the research and speak on it: Largely, these people aren't going to be silenced," Daniel says. "So many people have been compromised over the past two years in the security community ... Hopefully people are smart enough to limit how much exposure" they have online, he says.
The HBGary hack exposed at least one common security weakness aside from social engineering risks: Hoglund says the attackers appear to have executed a SQL injection attack against HBGary Federal's website. They didn't hack HBGary's main website, but the company has taken its servers offline for clean-up and is investigating the breach.
Hoglund says he first got wind of the attacks yesterday afternoon at about 3 p.m. Pacific time. "But they had been in the systems longer than that, after they had gotten everything they wanted," he says.
Given Anonymous' global presence, it is difficult to catch or stop the attackers. "They've got people who are very skilled at computer hacking. They are a very serious threat," he says. "I just want law enforcement and citizens to take this threat seriously," Hoglund says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.