February 4th, 2011, HBGary Federal CEO Aaron Barr gave an arrogant interview to the Financial Times, (which can be found here) where he claims that he knows the identities of the “leadership” of anonymous, has proof to support this allegation and is planning on using this to generate buzz about an upcoming speech he was to give at a cybersecurity conference in San Francisco later in February. Aaron Barr confessed to knowing the risks with such an undertaking, but he claimed to be prepared for them.
What happened next was stunning in its speed and brutality. Anonymous– which does not like being threatened, even with fabricated information– hacked rootkit.com, which is the personal website of Aaron’s corporate chief, Greg Hoglund. From there, anonymous was able to gain access to Greg’s email where they claimed to be Greg and sent HBGary’s technical director an email asking to open up port 59022, drop the firewall and to confirm the password. The technical director dutifully opened the port, dropped the firewall and provided the correct password.
Anonymous then had access to HBGary’s website and HBGary Federal’s website. They then downloaded the email files (“Spools”) for Aaron, Greg, and Aaron’s co-workers Phil and Ted. From there, they lured the still-incognito Aaron into a private IRC channel to confirm his identity. They did this by implying that Anonymous’ next target was HBGary Federal and– by virtue of having access to Aaron’s email– saw Aaron send an email attempting to warn his corporate masters of anon’s impending attack. With Aaron’s identity confirmed, they announced to him that they knew who he was and that they had possession of all of HBGary and HBGary Federal’s email.
Anons flooded into this chatroom and began mocking Aaron, who feebly attempted to defend himself by lying and claiming that he never intended to sell his information to the FBI, whereupon Anonymous produced his anonymous-v2.pdf file and the email that displayed his intention to attempt to sell both this file and HBGary Federal’s services to the FBI. Aaron proceeded to lie throughout this altercation, quitting in a rage several times before claiming that Anonymous had committed severe crimes and that they had “messed with the wrong opponent.” Aaron Barr finally exercised his divine right of stomping off the internet like a bratty child by offering the weak-assed excuse that anonymous was attempting to hack his home router, so in a fit of internet wizardry that completely justifies his six-figure salary, he turned his router off.
Penny of HBGary was brought into the chat, where she was advised to be honest as anonymous had possession of all of her emails and could verify if she was telling the truth or lying outright. Penny, being a corporatist, chose the lying path and claimed that she nor hbgary knew anything about Aaron’s activities. Anonymous quickly proved this false. While all of this was going on, Anonymous posted the 4.70 gigabyte archive to the pirate bay for the public to view.
Thanks to anonymous’ activities with chanology, a multitude of news outlets were notified and supplied with copies of the archive, where they proceeded to pick through them and pick out notable scandals, including HBGary’s involvement in a scheme cooked up by lawyers for Bank of America to intimidate, harass and blackmail journalists favorable to Wikileaks; and another scheme devised at the behest of the US Chamber of Commerce to infiltrate, subvert and hack major unions.
The fallout is still ongoing. Major IT companies are cutting all ties with HBGary, federal agencies are dumping HBGary and HBGary Federal and all companies that have installed HBGary products have been advised to discontinue their use and seek replacements due to the massive security hole this leak has produced. The juciest and most damning tidbit of all is the fact that HBGary was in possession of the infamous Stuxnet trojan– the same trojan that was used to infect and disable Iranian uranium centrifuges. Since it’s been leaked, the source code for Stuxnet is now available online for all to view.
Anonymous has since created a searchable, web-based database of all 60,000 leaked emails, which you can peruse for yourself at the following sites and mirrors:
Several lessons are readily apparent from this saga: silencing free speech and freedom of expression by underhanded means always backfires; many IT Security companies have incredibly lax security and the fact that they are employed by the federal government and paid with taxpayer dollars is laughable and insulting; attacking anonymous for personal and monetary gain is fatally idiotic.
Aaron Barr has joined Hal Turner and a long list of butthurt losers who thought they could silence the internet and failed.
He who lols last, lols best.