Javier Soriano/AFP/Getty Images
Members of the group Anonymous protest during Spain's film Goya Awards ceremony at Teatro Real in Madrid.11.
Members of the group Anonymous protest during Spain's film Goya Awards ceremony at Teatro Real in Madrid.11. Javier Soriano/AFP/Getty Images
The hacktivist group Anonymous is at it again. This time, it has humiliated an Internet security firm that threatened to out the group's hierarchy.
If you remember, Anonymous has been in the news, first, because in support of WikiLeaks, it undertook cyberattacks that brought down the websites of Visa and Mastercard. Second, because it brought down the sites of some government entities in Egypt and helped the anti-government protesters with technical help. Third, because as NPR's Martin Kaste reported, the FBI is hot on the group's heels. (Kaste has more on tonight's All Things Considered.)
Today, the website ArsTechnica ran a piece that details how Anonymous methodically went after HBGary Federal's digital infrastructure. Earlier this month, HBGary Federal's CEO Aaron Barr said the company, which specializes in analyzing vulnerabilities in computer security for companies and even some government agencies, had undertaken an investigation of Anonymous and had used social media to unmask the group's most important people.
The Financial Times reported:
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions," Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.
Barr said an HBGary representative was set to give a presentation at a security conference in San Francisco, but as soon as Anonymous got wind of their plans, it hacked into HBGary's servers, rifled through their e-mails and published them to the web. The group defaced HBGary's website and published the user registration database of another site owned by Greg Hoglund, owner of HBGary.
Amazingly, reports ArsTechnica, Anonymous managed all this by exploiting easy and everyday security flaws. First, it found that the content management system — a program that allows for easy publishing to the web — had a security vulnerability. The group was able to get into the usernames and passwords from the database and, as ArsTechnica puts it, HBGary employees did not follow Internet best practices and used the same passwords over and over on different sites including their e-mail accounts, Twitter and LinkedIn accounts.
If you're interested in the details of the operation, ArsTechnica does a great job at putting it in easy-to-understand words. But perhaps one of the more interesting things the piece manages to cull is a profile of the people behind Anonymous.
The popular characterization has been that it's a bunch of kids. But ArsTechnica, which spoke to Anonymous members, says that:
Anonymous is a diverse bunch: though they tend to be younger rather than older, their age group spans decades. Some may still be in school, but many others are gainfully employed office-workers, software developers, or IT support technicians, among other things. With that diversity in age and experience comes a diversity of expertise and ability.
As for HBGary, the attacks forced it to pull out of the RSA Security conference in San Francisco, the biggest of its kind. The company posted a sign outside its booth with the same note that's on its website:
A group of aggressive hackers known as "Anonymous" illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.
In addition to the data theft, HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.
In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks.
HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.
Thank you to all of our employees, our customers and the security community for your continued support.
Forbes reports that HBGary has become "toxic," its clients and partners cutting ties. It reports that CEO Barr also canceled the talk at the B-Sides conference, which was supposed to be about Anonymous.