Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/7/2011
04:36 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

'Anonymous' Hacks Security Company, Researcher

Breach that exposed sensitive email, personal, other information at HBGary Federal and HBGary raises concern over shift in approach by hacker group

The hacktivist Anonymous group best known for taking down high-profile websites with distributed denial-of-service attacks (DDoS) has now targeted a security researcher and his company, dumping the contents of the firm's email messages and other sensitive information online yesterday, as well as commandeering his Twitter account and posting his Social Security number and address.

Security researchers have been in the bull's eye before, but the loosely affiliated hacking group's skilled attack against HBGary Federal and HBGary has raised concerns of the potentially wider damage the group could wreak. It also has served as a chilling reminder of the risks faced by researchers investigating attack groups. The targeted attack on HBGary Federal appears to be a departure from the group's DDoS modus operandi, framed by its DDoS protests against PayPal, MasterCard, and Visa, among other organizations, in support of WikiLeaks and its founder in what the attackers had dubbed Operation Payback.

Anonymous broke into HBGary Federal's servers, as well as that of CEO Aaron Barr's Twitter account, in apparent retaliation for Barr's investigative research into the group and its leaders. It all started when Barr, who is scheduled to discuss his related social networking research at the BSides conference in San Francisco next week, said in a Financial Times article this weekend that he was able to get the names of some of the leaders of Anonymous, as well as some information on their locations -- in California, the U.K., Germany, The Netherlands, Italy, and Australia, he said.

Although Barr said he had no plans to hand over the names of individuals he had unmasked, that didn't dissuade the Anonymous group from striking out at him: "You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung," Anonymous said in an online posting in the attack.

Greg Hoglund, founder and CEO of HBGary, says the attack against HBGary and HBGary Federal constitutes a serious crime, not merely a hactivist statement. "They got our email, one of our tech support machines, and rootkit.com," which is Hoglund's research site, he says. "You could have said they were hactivists before this. But now they've committed federal crimes, stolen intellectual property, and posted it on the Internet. That's a whole different thing -- it's not altruistic. This is a criminal organization, and it borders on cyberterrorism.

"They had a platform before, DDoS ... but that pales in comparison to a data breach and stealing millions of dollars in damages and leaking IP [intellectual property]."

So far it doesn't appear that any of HBGary's technology was accessed or stolen by the group, he says. "They didn't get any source code. That's stored on a separate network," he says. But Hoglund's email spool that was breached includes a lot of sensitive information about customers, strategy, and marketing plans, which is intellectual property, he says.

The breach at HBGary -- which is a separate company from HBGary Federal -- appears to be collateral damage from the HBGary Federal hack, he says. "One of the individuals at HBGary Federal was an admin on our Google email system -- we use Google to host it all. They were able to get access to the entire account," he says.

And Anonymous socially engineered a systems administrator to provide them access to rootkit.com. "It wasn't an exploit," Hoglund says.

Security researchers know that potentially becoming the target of hackers goes with the territory. Researcher Dan Kaminsky was hit by a nasty hack two years ago on his Website, email, and Twitter accounts by a group of black hat hackers who stole passwords, emails, and instant message chats from Kaminsky. Other security figures, such as Kevin Mitnick, and security firms, including Matasano Security, have been targeted in the past. "Any of us could be targets," says Jack Daniel, one of the founders of BSides.

"It's the nature of people willing to do the research and speak on it: Largely, these people aren't going to be silenced," Daniel says. "So many people have been compromised over the past two years in the security community ... Hopefully people are smart enough to limit how much exposure" they have online, he says.

The HBGary hack exposed at least one common security weakness aside from social engineering risks: Hoglund says the attackers appear to have executed a SQL injection attack against HBGary Federal's website. They didn't hack HBGary's main website, but the company has taken its servers offline for clean-up and is investigating the breach.

Hoglund says he first got wind of the attacks yesterday afternoon at about 3 p.m. Pacific time. "But they had been in the systems longer than that, after they had gotten everything they wanted," he says.

Given Anonymous' global presence, it is difficult to catch or stop the attackers. "They've got people who are very skilled at computer hacking. They are a very serious threat," he says. "I just want law enforcement and citizens to take this threat seriously," Hoglund says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7914
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
CVE-2016-4606
PUBLISHED: 2020-02-21
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
CVE-2020-5243
PUBLISHED: 2020-02-21
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent hea...
CVE-2019-14688
PUBLISHED: 2020-02-20
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produc...
CVE-2019-19694
PUBLISHED: 2020-02-20
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the ...