HBGary.* part II

Print Friendly

More information, or at least a more coherent complete set of information, is available as of this morning from Ars Technica. They have done a really good job of putting the pieces into a clear picture. What I heard in passing seems to be correct, the initial compromise was a SQL injection and the rest of the time line goes from there. The hackers in question apparently compromised the mail server for a number of hours before moving further and monitored email communications for over 30 hours undetected.

The HB Gary, Inc. CEO tried to reason with anonymous to avoid the email disclosures (IRC Log while it remains up). This part was a little painful to read because it is easy to empathize with someone whose company’s value is essentially being destroyed because someone else stirred the hornet nest – but once data like that has made it into multiple hands, distributed technology is distributed technology, there really is no going back.

Aaron Barr – the individual from HB Gary Federal whose ‘research’ started this mess – was looking to do primitive data mining and correlation with social networking data to identify individuals from anonymous as well as geographic regions they were located in. According to the quotes and excepts on Ars, his hypothesis was (a) individuals friended by his targets would be less likely to secure or censor identifying information, (b) that someone’s location could be extrapolated by looking at the general geographic locations of their friends (I assume his idea was most friends would be local friends), and (c) by correlating activity times of posts to social networking sites with presence in IRC channels a connection could be drawn from IRC handle to real life identity. He appears to have had something similar to success as the chat logs indicate he had identified people connected to Anonymous members, but some of those individuals were innocent (e.g. false positives) – one of the individuals in the chat logs’ girlfriend was identified, for example.

Anonymous does make one very good point regarding Barr’s activity. If such a methodology of investigation was presented to the FBI as a powerful, effective, and accurate tool and used by them under that assumption, the resulting miscarriages of justice would have been unconscionable. I hope and assume the FBI would have given this the same reception Anonymous did, and even Barr’s own programmer did – skepticism and rejection based on empirical evidence of statistical irrelevancy. The approach may have potential as an idea, but it is clear it is just that at the point we find ourselves at – an idea.

As if HB Gary Federal didn’t have enough problems, Slashdot reported Palantir Technologies, Berico Technologies and HB Gary Federal were pitching some FUD campaigns to discredit Wikileaks. The Slashdot link and comments are well, res ipsa loquitur. Most of it seems like business ‘puffing’ (I got that word from my contracts II class earlier this week and have been looking for a reason to use it as a replacement for the other relevant term which involves the Taurus astrological sign) and is essentially pretty graphics and FUD. The one quote from the whole thing which concerns me is slide 14:

Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.

This was listed as a “proactive” measure. To me this seems to suggest conducting some illegal attacks against foreign servers across international borders, and/or potentially sending a team in person to conduct some shady activity which seems less than legal. Granted, I am not a lawyer (yet) but I’d have to think corporate counsel would get nauseous at the potential liability in doing something like this. Social media monitoring appears on this slide as well, which given the Barr’s ‘research’ seems like that may be part of his shtick.

(p.s. to Palantir –

That is all I have for now, just a follow up on the HB Gary / HB Gary Federal saga.

Posted in Digital Forensics, Hacks, Cracks, and Attacks, Law, News & Commentary, Security