HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Government,[3] and HBGary, Inc.[4] Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators.[5] On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International.[6] At the same time, HBGary Federal was reported to be closed.[6]

HBGary
IndustryComputer software
Computer security
Founded2003[1]
FounderGreg Hoglund
FateBought out
HeadquartersOffices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.[2]
Key people
Greg Hoglund
(Founder & CEO)
Penny Leavy
(President)
Aaron Barr
(Former CEO of HBGary Federal)
WebsiteHBGary Inc.

History

edit

The company was founded by Greg Hoglund in 2003.[1] In 2008, it joined the McAfee Security Innovation Alliance.[5] The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences.[7][8] HBGary also analyzed the GhostNet and Operation Aurora events.[3][7]

HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance.[9] As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies.[10]

HBGary was acquired by ManTech International in February 2012.[6]

WikiLeaks, Bank of America, Hunton & Williams, and Anonymous

edit

Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit

HBGary programmer to Barr disparaging his plan with a reference to an episode of South Park.[11]

In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers.[3]

In early 2011, Barr claimed to have used his techniques to infiltrate Anonymous,[3][12][13] partly by using IRC, Facebook, Twitter, and by social engineering.[3][14] His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,[3][15] including the FBI.[16] In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.[3][17] In a communiqué, Anonymous denied association with the individuals that Barr named.[18][19]

On 5–6 February 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.[14][20][21] Anonymous also claimed to have wiped Barr's iPad remotely.[3][15][22][23] The Anonymous group responsible for these attacks became part of LulzSec.[24]

Content of the emails

edit

Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to WikiLeaks' planned release of the bank's internal documents.[4][25] "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."[26]

As a means of undermining Wikileaks, Aaron Barr suggested faking documents to damage Wikileaks' reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist Glenn Greenwald and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers.[27]

In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks.[28]

Emails indicate Palantir Technologies, Berico Technologies, and the law firm Hunton & Williams, which was acting for Bank of America at the recommendation of the US Justice Department,[16] all cooperated on the project.[26] Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups.[29]

Fallout

edit

The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal:

  • 7 February 2011: Penny Leavy, President of HBGary Inc., entered an Anonymous IRC channel to negotiate with the group.[3] She distanced her company from their partially owned subsidiary HBGary Federal, clarified the separation of the two, and asked Anonymous to refrain from attacks or leaks that would damage HBGary Inc. and its customers.[30]
  • 10 February 2011: The Chamber of Commerce issued a statement denying they hired HBGary,[31] calling the allegation a "baseless smear," and criticizing the Center for American Progress and its blog, ThinkProgress, for "the illusion of a connection between HBGary, its CEO Aaron Barr and the Chamber."[32] The Chamber denied the truth of accusations[33] previously leveled by ThinkProgress, stating "No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams."[32]
  • 11 February 2011: Palantir's CEO apologized to Glenn Greenwald and severed "any and all contacts" with HBGary.[26]
  • The CEO and COO of Berico similarly stated that they had "discontinued all ties" with HBGary Federal.[34]
  • 28 February 2011: Aaron Barr announced his resignation from HBGary Federal to "focus on taking care of my family and rebuilding my reputation."[35]
  • 1 March 2011: 17 members of the United States Congress called for a congressional investigation for possible violation of federal law by Hunton & Williams and "Team Themis" (the partnership between Palantir Technologies, Berico Technologies, and HBGary Federal).[36]
  • 16 March 2011: The House Armed Services Subcommittee on Emerging Threats and Capabilities asked the Defense Department and the National Security Agency to provide any contracts with HBGary Federal, Palantir Technologies and Berico Technologies for investigation.[37]

Astroturfing

edit

It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an "army" of multiple fake social media profiles.[38][39]

Malware development

edit

HBGary had made numerous threats of cyber-attacks against WikiLeaks. The hacked emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code-named Magenta,[16] that would be "undetectable" and "almost impossible to remove."[40]

In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for the Middle East & Asia" [sic] which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.[41]

Acquisition by ManTech International

edit

On 29 February 2012, ManTech International announced its purchase of HBGary, Inc.[42] Financial terms of the acquisition were not disclosed other than to say it was an "asset purchase", which excludes legal and financial liabilities.[42]

References

edit
  1. ^ a b HBGary At A Glance Archived 28 March 2009 at the Wayback Machine, www.hbgary.com,
  2. ^ HBGary :: Detect. Diagnose. Respond. Archived 7 July 2014 at the Wayback Machine HBGary official website, via www.hbgary.com on 2011 02 11
  3. ^ a b c d e f g h i Anderson, Nate (10 February 2011). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. Archived from the original on 9 May 2012. Retrieved 27 July 2022.
  4. ^ a b Ragan, Steve (9 February 2011). "Data intelligence firms proposed a systematic attack against WikiLeaks". The Tech Herald. Monsters and Critics. Archived from the original on 11 February 2011. Retrieved 11 February 2011.
  5. ^ a b HBGary Unveils Digital DNA™ Technology Archived 11 July 2011 at the Wayback Machine , Press Release, karenb, forensicfocus.com 3 12 2009, retr 2011-02-11
  6. ^ a b c Anderson, Mark (29 February 2012). "Cyber security firm HBGary bought by ManTech International". Sacramento Business Journal. Archived from the original on 26 October 2012. Retrieved 29 February 2012.
  7. ^ a b Researcher 'Fingerprints' The Bad Guys Behind The Malware Archived 8 July 2011 at the Wayback Machine, Kelly J. Higgins, Dark Reading, 6 22 2010, retr 2011-02-11
  8. ^ Basic Malware Analysis Using Responder Professional by HBGary. Black Hat #174; Technical Security Conference: USA 2010 retr 2011-02-11
  9. ^ Elliott, Justin (16 February 2011). "Firm in WikiLeaks plot has deep ties to Feds". Salon.com. Archived from the original on 27 February 2011. Retrieved 16 February 2011.
  10. ^ Anderson, Nate (24 February 2011). "Anonymous vs. HBGary: the aftermath". Ars Technica. Archived from the original on 9 April 2012. Retrieved 25 February 2011.
  11. ^ Anderson, Nate (9 February 2011). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. Archived from the original on 9 May 2012. Retrieved 9 February 2011.
  12. ^ "Hacktivists take control of internet security firms". The Independent. 8 February 2011. Archived from the original on 12 February 2011. Retrieved 27 July 2022.
  13. ^ Menn, Joseph (4 February 2011). "Cyberactivists warned of arrest". Financial Times. Archived from the original on 27 July 2022. Retrieved 19 December 2022.
  14. ^ a b Bright, Peter (15 February 2011). "Anonymous speaks: the inside story of the HBGary hack". Ars Technica. Archived from the original on 8 May 2012. Retrieved 18 February 2011.
  15. ^ a b Olson, Parmy (7 February 2011). "Victim of Anonymous Attack Speaks Out". Forbes. Archived from the original on 16 July 2011. Retrieved 11 February 2011.
  16. ^ a b c Olson, Parmy. "Victim Of Anonymous Attack Speaks Out". Forbes. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  17. ^ Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead Archived 20 March 2011 at the Wayback Machine Mike Masnick, TechDirt.com 11 Feb. 2011
  18. ^ Anonymous statement from hacked HBGary Website Anonymous, Feb. 2011
  19. ^ "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. 10 February 2011. Archived from the original on 7 July 2017. Retrieved 20 February 2016.
  20. ^ Olson, Parmy. "Anonymous Takes Revenge On Security Firm For Trying To Sell Supporters' Details To FBI". Forbes. Archived from the original on 27 July 2022. Retrieved 27 July 2022.
  21. ^ "Anonymous makes a laughing stock of HBGary - the H Security: News and Features". Archived from the original on 8 December 2013.
  22. ^ Menn, Joseph (7 February 2011). "'Hacktivists' retaliate against security expert". Financial Times. Archived from the original on 11 February 2011. Retrieved 11 February 2011.
  23. ^ Anderson, Nate (10 February 2011). "(Virtually) face to face: how Aaron Barr revealed himself to Anonymous". Ars Technica. Archived from the original on 9 May 2012. Retrieved 11 February 2011.
  24. ^ Acohido, Byron (20 June 2011). "Who's who among key LulzSec hackitivists". USA Today. Archived from the original on 23 June 2011. Retrieved 3 June 2013.
  25. ^ Leyden, John (17 February 2011). "Anonymous security firm hack used every trick in book". The Register. Archived from the original on 7 July 2017. Retrieved 18 February 2011.
  26. ^ a b c "Firm targeting WikiLeaks cuts ties with HBGary - apologizes to reporter - Security". 12 February 2011. Archived from the original on 12 February 2011. Retrieved 27 July 2022.
  27. ^ Anderson, Nate (14 February 2011). "Spy games: Inside the convoluted plot to bring down WikiLeaks". Ars Technica. Archived from the original on 17 October 2021. Retrieved 17 October 2021.
  28. ^ "辽宁住宿票 餐饮票-辽宁开酒店票-晋中出租车票-的士票". Archived from the original on 1 December 2016. Retrieved 30 November 2016.
  29. ^ Hacked Documents Show Chamber Engaged HBGary to Spy on Unions Archived 13 February 2011 at the Wayback Machine emptywheel, FireDogLake, 10 Feb. 2011
  30. ^ Pastebin - log of Anonymous IRC channel audience with Penny Leavy of HBGary Inc Archived 17 February 2011 at the Wayback Machine Anonymous, pastebin 7 Feb. 2011
  31. ^ Collamore, Tom (10 February 2011). "More Baseless Attacks on the Chamber". US Chamber of Commerce. Archived from the original on 16 February 2011. Retrieved 18 February 2011.
  32. ^ a b Collamore, Tom (11 February 2011). "Another Smear from the Center for American Progress". US Chamber of Commerce. Archived from the original on 17 February 2011. Retrieved 18 February 2011.
  33. ^ Fang, Lee (10 February 2011). "EXCLUSIVE: US Chamber's Lobbyists Solicited Hackers To Sabotage Unions, Smear Chamber's Political Opponents". Think Progress. Center for American Progress. Archived from the original on 1 March 2011. Retrieved 10 February 2011.
  34. ^ "Berico Technologies severs ties with HBGary over WikiLeaks plot". Archived from the original on 2 January 2012. Retrieved 27 January 2012.
  35. ^ Paul Roberts (28 February 2011). "HBGary Federal CEO Aaron Barr Steps Down". threatpost.com. Archived from the original on 2 March 2011.
  36. ^ Justin Elliott (1 March 2011). "Democrats call for probe of top D.C. law firm". salon.com. Archived from the original on 5 March 2011. Retrieved 1 March 2011.
  37. ^ Zetter, Kim (17 March 2011). "Congress Asks to Review DoD and NSA Contracts With HBGary". Wired. Archived from the original on 8 August 2013. Retrieved 7 March 2017.
  38. ^ Darlene Storm (22 February 2011). "Army of fake social media friends to promote propaganda". Computerworld Inc. Archived from the original on 24 February 2011. Retrieved 24 February 2011.
  39. ^ Cory Doctorow (18 February 2011). "HBGary's high-volume astroturfing technology and the Feds who requested it". BoingBoing. Archived from the original on 21 February 2011. Retrieved 25 February 2011.
  40. ^ "HBGary INC. working on secret rootkit project. Codename: "MAGENTA"". Crowdleaks. 14 February 2011. Archived from the original on 17 February 2011. Retrieved 14 February 2011.
  41. ^ Anderson, Nate (14 February 2011). "Spy games: Inside the convoluted plot to bring down WikiLeaks". Ars Technica. Archived from the original on 9 May 2012. Retrieved 10 April 2011.
  42. ^ a b Leyden, John (29 February 2012). "US gov IT services vendor swallows HBGary". The Register. Archived from the original on 13 April 2012. Retrieved 26 April 2012.
edit