The Bishop and the Butterfly: Murder, Politics, and the End of the Jazz Age

    HB Gary Federal, Anonymous and Wikileaks.

    By kgb999 on Wed, 02/09/2011 - 9:31pm |

    A conflict between everyone's favorite hacktivists and an obscure security research company has just gotten interesting. HB Gary Federal is a cyber-security company run by Aaron Barr who has been researching individuals he believes are associated with Anonymous. Specifically he has been trying to link the handles of IRC participants to real people. When he decided to publicize his findings in the Financial Times last Saturday, it touched off a very interesting series of events which are still unfolding.

    Some of the best reporting on what came next is provided by The Tech Herald. Using an impressive array of tactics, hackers managed to breach every aspect of the HB Gary Federal infrastructure. All of it. Even the phone system. They also breached the infrastructure of the parent company HB Gary (which holds a minor stake in Federal). The only data released so far has been 50,000+ emails from Barr's account.

    After the Financial Times story broke, including Barr’s claims of infiltration, Anonymous responded. The response was brutal, resulting in full control over hbgary.com and hbgaryfederal.com. They were also able to compromise HBGary’s network, including full access to all their financials, software products, PBX systems, Malware data, and email, which they released to the public in a 4.71 GB Torrent file.

    Apparently what they found when rifling the network just made the hackers more angry. This became rather clear in IRC communications between Anon participants and the principals of HB Gary which included: HBGary President Penny Leavy, founder Greg Hoglund and Aaron Barr who runs HBG Federal (this conversation even happening is worthy of discussion in it's own right).

    Most of the anger was directed at Barr’s list of names and their alleged connections to Anonymous operations. Several Anons commented that the list includes fake names, reporters, and others who are in no way connected to any role in Anonymous. Its existence means that it “…could have and might still get innocent people in trouble for no reason at all.”

    There is some dispute about Barr's intent. He claims that he never intended to actually reveal the names, certainly not to the FBI. Reports at Crowdleaks.org highlight this exchange lifted from Barr's Email that seems to indicate, at the very least, he wouldn't protect the data:

    On Feb 5, 2011, at 10:17 AM, Karen Burke wrote:
    Thanks — I just saw the tweets and thought they were great. Will you say that you’ve been contacted by FBI (or law enforcement) as result of story?

    On Sat, Feb 5, 2011 at 7:15 AM, Aaron Barr wrote:
    ok Karen. I just tweeted a few posts on research and talk. This is the angle I want to stick with. If anyone asks about using this information for law enforcement I think we should say, well of course if law enforcement wants to discuss with me my research I will, its all open source, thats the thing, its all there. But my intent is not to do this work to put people in jail, my intent is to clearly demonstrate how this can be effectively used to gather significant intelligence and potentially exploit targets of interest (the other customers will read between the lines).

    This in itself makes a pretty good story, I had intended to link it earlier in the week. But now the next shoe has dropped. Within the 50,000-odd emails released was a presentation crafted for Bank of America regarding how to effectively deal with Wikileaks. The plan is .... interesting. In many ways it reflects similar thinking to the DoD strategy for disrupting Wikileaks published in 2008. The proposal ranges from cyber-attacks against Wikileaks servers to mounting a campaign against Glenn Greenwald.

    Over at FDL, Marcy Wheeler has been following the story. With proper scorn for the quality of the plan, and special focus on the Glenn Greenwald-centric parts of the strategy. I imagine a bit of digital ink might be spilled on the implications of BoA exploring the tactics in the first place.

    But there is something else important to note here as well. Generally, we view security researchers (consultants, etc.) as providing services to help companies secure their systems from exploit. Hackers try and compromise the system - admins and security professionals exist to keep them out. What we have here is a case where security researchers are actively marketing the service of leveraging security flaws found through their research on behalf of clients interested in *conducting* a cyber attack. It seems pretty difficult to interpret the BoA proposal as anything but an offer to conduct coordinated cyber attacks against Wikileaks.

    I can't remember this type proposal ever being exposed before. IMO, this is the most unsettling part of the whole episode. It probably should not be viewed as a good thing.

    Comments

    Thanks for an interesting read.  I was hooked from the part about an internet security company being hacked and loved the message they wrote to HBGary.  I think it's nice to know that resistance is not futile.  Also just curious about who these "security experts" are, and who they've conned into purchasing their services. 


    by miguelitoh2o on Wed, 02/09/2011 - 11:08pm

    Yeah. It's a pretty good tale. Anymore it seems real life is eclipsing everything our fiction writers can come up with.

    It's fun to slag the security experts, and they really do deserve it when something like this happens. The social engineering thing especially feels like an extra risk taken just to rub their nose in it, which does add a bit of sting. But at this point, I have to feel pretty bad for Hoglund. He's pretty well known ... and not just for his fabulous head shot. In the past he has done a lot of good work with Windows rootkits and such (although these days I'd pretty much say he is to hacking as Dr. Phil is to psychology). At first glance, it doesn't appear he has much to do with HGB Federal although I'm not entirely clear on the relationship between the companies. Both he and Leavy seemed taken aback by some of the stuff going on - Leavy even went so far as telling the Anon IRC chat room they were pretty pissed at Barr. And that was before this whole "cyber-attacks for hire" thing came to light.

    I didn't highlight it, but Barr was kind of emotionally involved in the "research" by the end. He was more or less riding the same high a hacker gets from cracking a system and had made it pretty personal. Apparently, several of his colleagues were questioning his motivations and methods. An anon source is quoted in that Crowdleaks article saying:

    “It would be nice to get it out there that Ted Vera was sending out emails of skepticism towards Aaron’s actions, and that other members of the company were beginning to doubt Aaron’s findings as well. He planned to meet with the FBI tomorrow morning to negotiate prices for the document that we’ve now made public, he wanted to further his own career by trying to jump on the attention Anonymous has been getting recently. Well, he got what he wanted in the end..."

    So, I don't exactly know who was advocating what within the company from the reporting (and I *really* don't feel like looking at 50,000 emails! Hell, I can't even get my own &@#%! spam processed.). Certainly seems Barr had a vision. I suppose if that's a good thing or a bad thing depends on where you sit - Google got a lot of grief for identifying activists to China.

    That said, I did look at Barr's "research" regarding Anon and it's really not very credible. If the plan floated to BoA is any indicator, I'm on the exact same page with you and Marcy - somebody is getting seriously ripped off. I sure hope most of their proposals provide the client more value than that turd. It is consistently looking as if the weight of real talent does not currently reside with the institutional players.

    The more I think about it - that makes Barr's flawed research that much more dangerous. It's not a joke. People are going on watch lists and people not in America are getting flat-out snatched off the streets. Those lists have the ability to impact lives very negatively - it's modern era McCarthyism. If the FBI turns to this guy as "expert"without the capacity to identify bullshit, isn't this essentially just a high-tech version of those warlords in Afghanistan selling us randoms snatched off the street as "insurgents"? (you know, the ones still stuck at Gitmo).


    by kgb999 on Thu, 02/10/2011 - 2:23am

    I vaguely know of Hoglund the same way you do, and my initial feelings were the same - 'shame about Hoglund'. I even read a bit of his interview down at SCmag and felt for him... this is what he said then:

    "They are causing me a great deal of pain right now,” he said. “What they’re doing right now is not hacktivism, it’s terrorism. They’ve really crossed a line here. I’ve worked so many years on HBGary, and I don’t deserve this. I never did anything to those people. They completely overreacted to [the Financial Times article]. Why did they need to do that?”

    but then...


     

    What do we have here? It's Hoglund himself preparing triumphant releases on the thing, and Barr begging him not to do it. And in another mail (url escapes me, some forum), it's once more Hoglund wanting to push ahead, and Barr (!) having reservations again...

    I think these guys (anonymous) are going to get arrested, it would be interesting to leave the soft impression that Aaron is the one that got them, and that without Aaron the Feds would have never been able to get out of their own way. So, position Aaron as a hero to the public. At this point they are going to get arrested anyway. But, Aaron has some concerns on how that might affect commerical business (although I'm not clear on why yet)...

    No one comes out of this looking clean, and if anything Hoglund looks even worse than Barr once you look at the data. I'm kinda embarrassed for him, myself.


    by think Palo Alto (not verified) on Thu, 02/10/2011 - 7:16am

    Very interesting information. Thanks.


    by kgb999 on Thu, 02/10/2011 - 2:11pm

    I just visited HbGary's website and thought I'd note their current homepage which makes the statement that the hackers have "intentionally falsified certain data".  Under the circumstances, that could easily be a PR move on the company's part to minimize damages by obfuscatiion, or perhaps worse.  Either way, it seems to just be getting more interesting: 

     

    "HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately. To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available.

    Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data. HBGary, Inc and HBGary Federal are committed to a comprehensive, accurate, and swift response to this crime."


    by miguelitoh2o on Thu, 02/10/2011 - 1:46pm

    Yeah. I saw that too. Anonymous is pissed about the accusation they falsified data and in retaliation have threatened to release Hoglund's emails after all (hell, they may have already done it). I think you are correct, the web statement is mostly a PR move - if there were specific instances of falsified information, they would be providing a correction of the record. Typical FUD.

    So far HB Gary has not been able to restore their whole web site. Aonon trashed their backups (over a TB) so I think they are having to rebuild their entire infrastructure piece by piece. It must be assumed that every bit of hardware/software that could have a backdoor installed, does. (Not even going there with the fact a security firm apparently doesn't have an offsite backup strategy). This is the epitome of "Hell Week" for those guys.

    Man, I wish I could see the emails that went out *after* all this went down ... Barr's programmer was already about to burst, I'll bet his "I told you so" flame was a classic!

     


    by kgb999 on Thu, 02/10/2011 - 2:11pm

    I like the fact that you pity Greg Hoglund; it speaks well of your humanity.  But the hard and simple fact is that Greg and Penny (who she refers to as the "power twins" in her 11 Sept 2010 email to him: http://anonleaks.ru/email8.html) were about to profit from Aaron Barr's activities. How many other such projects had the Hoglunds been involved in through either of the HB Gary incarnations?  (It seems we may soon know).  Was Barr some kind of rogue digi-terror hobbiest that Greg and Penny naively trusted to run HB Gary Federal; a company that, according to Anonymous, Greg says "was created to do all of our classified work for the U.S. government"?

    The game is over.  As you pointed out "people are going on watch lists and people not in America are getting flat-out snatched off the streets. Those lists have the ability to impact lives very negatively - it's modern era McCarthyism."  People IN AMERICA have also been snatched off of the streets (Maher Arar, for example, http://tinyurl.com/renderUS ).  Not only that, but the USG has an acknowledged assassination program which already targets U.S. citizens ( http://tinyurl.com/murderUS ).  Thousands of people are helping with these nefarious projects...and many many others.

    Are we supposed to wait for other generations to sort this stuff out after the tortured and imprisoned innocents and their tormenters are long dead?  Are we - an admittedly sophisticated populace in spite of much evidence to the contrary - really going to feign being ignorant of what is happening?

    Greg Hoglund and Penny Leavy-Hoglund are two of many venal, crypto-fascist tools providing the "intelligence" and infrastructure for corporatist/politico control of the United States.  I don't give a hoot about rootkit or Greg's headshot or the fact that he and Penny are animal lovers. You know, I hate to bring up the Nazi's...I really really do because it undermines most arguments...but people like Greg and Penny are what Hannah Arendt was referring to when she wrote about "the banality of evil."  But maybe I'm wrong; perhaps we now need a new term.  How about "the inadvertancy of evil" or "the circumstantiality of evil" or "the understandability of evil among the business class"?

    Also, I haven't heard report of the Hoglund's coming out to condemn the plot to destroy Glenn Greenwald and other pundits supporting Wikileaks...or Wikileaks for that matter.

    To my mind, Anonymous and Wikileaks and organizations like it are the only hope for reform in developed, capitalist Western societies.  And to quote an Anonymous Twitter post from yesterday:

    "@ welcome to the Jedis. @ Burn in hell." 

     


    by Pseudonyous Rev... (not verified) on Sat, 02/12/2011 - 5:45pm

    Although, as hacking goes, this 'operation' was nothing new or unique, it will probably go down in history with Stuxnet as one of the great hacks in history. This is Anon's 'cable dump'.

    It lays bare the methods some corporations and, if the links hold up, the U.S. 'Justice' Department are willing to go to achieve an end. A cusury examination of the released emails shows a culture of quasi-criminaal activity among these three firms and their 'handlers'.

    These are bad  people. They deserve whatever is coming to them.

    After seeing (and helping with) Anonymous' good work for Tunisia and Egypt... I know who I'd want at my back in a pinch.


    by Anonymous (not verified) on Thu, 02/10/2011 - 12:02am

    God Bless anonymous and wikileaks

     

    How can I help?


    by Anonymous (not verified) on Thu, 03/10/2011 - 6:20pm

    He claims that he never intended to actually reveal the names, certainly not to the FBI

    Will they be dealing with squealers like this the same way the Mafia does?

    (Intent--who cares: fuggedaboutit, singing is singing.)

    It probably should not be viewed as a good thing.

    Mob wars never are? (BOA security support now included.)

    -----

    Thanks for the work putting this together.


    by artappraiser on Thu, 02/10/2011 - 12:33am

    Rule of law? What rule of law? Darwin rules bay-beeee!

    Although, as mobsters go, I can't shake the feeling Anon fills the role of toughs ruling the arcade down at the boardwalk. Not sure how stepping up against the real mobsters is going to go for 'em. But it's nice they've found a genuinely useful niche in supporting international democracy protesters and internet freedom in general - if one is going to get their nuts cut off, might as well be engaged in a good cause when everyone else turns to look.

     


    by kgb999 on Thu, 02/10/2011 - 2:48am

    Ars Technica has a good article with more on the internal dynamics at HBGary that led up to this.

    My takeaways:

    #1: I love Barr's coder ... talk about long-suffering at the hands of a buffoon!

    #2: I don't see how Barr manages to salvage a career after this.

    #3: Sucks to be Barr's partners this week. I really do feel bad for Hoglund and Leavy - he just cost them a TON of money and they don't even seem to be on board with what he was doing.


    by kgb999 on Thu, 02/10/2011 - 4:41am

    Great piece, kgb.

    I just finished reading Underground about hackers in the 80s, back when it required a dial-up modem. Great read. Julian Assange, incidentally, did the research for the book and was one of its subjects.

    Anyway, the same security-vs-hacker feuds were going on back then, with cocky hackers retaliating against arrogant security guys to humiliate them. Law enforcement agencies were trying to penetrate hackers' "inner circles" and connect their chat IDs to real identies back then as well.

    The more things change...


    by Michael Wolraich on Thu, 02/10/2011 - 9:31am

    Thanks. Yeah, compromising the system of the investigators is pretty much a classic response. Certainly has the familiar feel of that old pwning Stoll tradition. Although, some of the specific actions these guys took after the system compromise seem to ratchet it up a notch (or two).

    I guess the investigative side can be viewed as "same as it ever was" too. The act of trying to connect the dots doesn't bug me. Someone is going to do it, so I don't see how to criticize one professional over another. But man, it can't be emphasized enough how shitty this methodology was. And it also can't be overemphasized that what these guys are marketing has redefined "White Hat" to include disruptive cyber-attacks ... so long as the entity who wants to carry out such attacks has some sort of institutional standing (money/power etc.).

    I read Underground a few weeks ago when Donal (I think) linked it. Man those poor Aussies had it rough. Comparatively, stateside had an embarrassment of riches (and comparatively, D.C. was richer than most places in the US). The book didn't portray the US scene nearly as well as it did the Australian one (it's still an excellent snapshot though).


    by kgb999 on Thu, 02/10/2011 - 12:59pm

    Yeah, it was very Aussie-focused and somewhat defensively so--as if desperate to challenge the Crocodile Dundee stereotypes. But it was still a entertaining and enlightening read.

    The book does talk about how clueless some of the security guys were and how some of them took the hacking personally. But I agree that Barr sounds like an exceptional clown and that the proposal to hack WikiLeaks and pressure Greenwald is disturbing. I hope that the embarrassment it caused will deter other White Hats from going down the same path (to the...uh...dark side).


    by Michael Wolraich on Thu, 02/10/2011 - 4:33pm

    I think the defensiveness is because of the cliquish nature of the scene. They *really* wanted to be taken seriously as a faction in a culture defined by braggadocio and put-downs. I don't know if you've noticed, but we Americans can be some pretty arrogant assholes. I read a lot of "See! We were bad asses too!" directed at the American hacking community into it.

    I hope you are right about the shaming. Somehow I think we've turned a corner though. If the government and corporations are seeking these tools - someone is going to oblige. Maybe the best we can hope for is that the value:cost ratio keeps being this brutal for them.


    by kgb999 on Thu, 02/10/2011 - 8:31pm

    So we can all con BofA out of money by selling them a plan to call Glenn Greenwald a jerk?  Awesome. 

    Dear Mr. Moynihan,

    My name is destor23 and I understand that you have a lot of free money from the Federal Reserve that you can spend on such activities as Glenn Greenwald bashing. I admit that I like Greenwald's politics and writing but he can go on a little long sometimes and also he has never given me money, ever.  Indeed, sometimes Salon exploits me by making me look at Bank of America ads before I can even read his blog.  So, sure.  I'm your man.  I'll get him.

    Sincerely,

    destor23

    Oh, and kgb? Great stuff here.


    by Michael Maiello on Thu, 02/10/2011 - 9:59am

    It would be funny ... were it not for that "free money from the Federal Reserve" bit.

    Our tax dollars - hard at work.


    by kgb999 on Thu, 02/10/2011 - 2:28pm

    Say it ain't so, destor. You really have gone over to the dark side, just like Genghis said. I thought he was trying to be funny.


    by acanuck on Fri, 02/11/2011 - 1:53am

    Good analysis, kgb. Nice details there with the internal mails.

    These people are clearly scum. Anonymous did a good job shining a light on them.

    As Goldfinger almost said: "I myself abhor hacking in all its forms, Mr Barr... but my associates, the Anonymous collective, are, I regret to say, less fastidious."


    by iannis (not verified) on Thu, 02/10/2011 - 10:07am

    It's a fascinating event, and the Ars Technica link makes it even more so, but as with the Egyptian protests, I wonder where it is all leading. What I see in both cases is a more protracted, perhaps endless, struggle between people that want "freedom" and people that want control. To me, freedom is the more difficult goal because someone will always tend to want control. Even if the Egyptian people knock down Mubarak, there will be someone else to represent the oligarchs behind the government. Even if they organize enough to overcome the oligarchs, how do they stop some from their camp from becoming the new oligarchs.

    Likewise, even if WikiLeaks or Anonymous expose conspiracies like this one, the government is still at bat. We're left with an arms race of monitoring, hacking and backdoor chips where privacy becomes an increasingly quaint notion and you're either a player or a pwn.


    by Donal on Thu, 02/10/2011 - 10:47am

    2 million a month.

    (800k for palantir, 600k each for hbgary & berico)


    by Anonymous (not verified) on Thu, 02/10/2011 - 11:13am

    I agree. I don't think an outcome of "final victory" is achievable in any struggle at this level. Those who just want to be left alone are always at a disadvantage to those who spend their lives seeking power over others.

    In many ways, this is why I appreciate the underlying design considerations behind our system of government (as envisioned ... implementation OTOH ...). It doesn't rely on the goodness of humanity and instead recognizes humanity as threads of competing interest balanced in adversarial advocacy. Clearly, it can be corrupted to end up in the same place every historical attempt to accomplish a just society have ... where we are today ... but conceptually, it seems to be a framework that gives the best shot at a sustainable system for balancing the unweighted advantages certain members of society have in imposing their will on others.

    At this stage, though, anyone clinging to the quaint notion of privacy needs to get with the program. There are very few systems which have not been compromised once targeted; and from the other side, there is a very good chance that every phone conversation in and out of America has been stored for the better part of the last decade. If we want privacy back, the first step will be acknowledging that it has pretty much been shattered and at this point requires RESTORATION, not protection.

    As to the current situation, In my mind it is important to realize that the power structure (Oligarchs, Plutocrats, MIC, whatever you want to call it) has created the environment and the playing field. It is never OK for those opposing the will of the powerful to possess the tools to bypass their edicts. For those relegated to the role of society's weak, to employ a tool of autonomous power is always defined as a crime. But as the BoA proposal shows, the same tools employed against those who challenge the power structure are considered completely justified. Wikileaks has been subjected to government-sponsored DDoS attacks with every US-related release they have made; yet Anonymous are the ones everyone talks about even though they didn't get involved until the THIRD series of institutional cyber-attacks against Wikileaks. It seems weird to me that we only discuss the /btards (who are simply behaving as /btards) instead of the government and institutional players (also behaving as /btards) ... although I'm guilty as anyone on this count, I guess.

     


    by kgb999 on Thu, 02/10/2011 - 1:48pm

    The US Chamber of Commerce is being implicated from the doc dump of HBGary's Emails.

    http://emptywheel.firedoglake.com/2011/02/10/from-the-chamberpot-a-carefully-worded-nondenial-denial/

     


    by miguelitoh2o on Fri, 02/11/2011 - 2:42pm

    Kent, this keeps getting worse.

    http://news.firedoglake.com/2011/02/11/brad-friedman-were-fighting-against-how-our-own-tax-dollars-are-being-spent-against-us/


    by Anonymous (not verified) on Fri, 02/11/2011 - 5:41pm

    At least that makes more sense then Greenwald. But yeah. Pretty creepy.

    Whole thing kind of messes up long-held perceptions. The companies involved clearly know it too. They are scrambling with their statements, but the curtain has really been pulled back. I don't see how they're going to squeeze the paste back into that tube. The question now is how deep the rot really goes.

    It is making me seriously rethink how I feel about the teams who refuse to share exploit data.


    by kgb999 on Sat, 02/12/2011 - 12:17am

    Just stumbled into this topic via kgb's research (side point--I always thought the tag was a clever reference to the old soviet agency.  Now I find it's his initials!)  After three or four hours following links I stumble upon the chilling bit of data that Deutsche Bank, my adversary in a burgeoning RICO case, is in this loop of dirty tricksters.

    Stab me and sink me, I need to tighten up security.


    by jollyroger on Fri, 02/11/2011 - 9:58pm

    Did someone say "Tighten Up"?

     


    by LisB on Fri, 02/11/2011 - 10:23pm

    Bound to fall


    by jollyroger on Fri, 02/11/2011 - 10:48pm

    After all my travail w/Kandi, I remembered that whilst my tethered phone delivers haltingly to my desktop, and will not itself play flash, it does play all youtube flawlessly...(what a putz!)


    by jollyroger on Fri, 02/11/2011 - 10:49pm

    Ah....so you finally got to hear "Baby baby baby" all night long? 


    by LisB on Fri, 02/11/2011 - 10:51pm

    Just now


    by jollyroger on Fri, 02/11/2011 - 10:54pm

    the version my search box delivered had a cool cartoon, too.,


    by jollyroger on Fri, 02/11/2011 - 11:01pm

    That's merely what a clever reference to the old soviet agency would *want* you to think ;-).

    Didja see Palantir and Berico are totally trying to hang this all on HBGary? Both cut ties today. Palantir even apologized to Greenwald - disavowing anything to do with it ... even pledged their love for "progressive" causes. Unexplained why it was *their* logo at the top of the power-point slide. (power point: another victim ... when will the carnage end?).

    As usual, Marcy is on-point over at Empty Wheel. I'd add that Palantir's proposed role was internal security controls and data auditing. HBGary was infoops. Berico would quite likely be the ones acting as offensive exploit team. Hear them tell, everyone is nothing more than a simple data analyst nowadays. They sure were singing a different tune in the emails.

    Make physical backups ... how do we KNOW you are American unless they check?


    by kgb999 on Fri, 02/11/2011 - 11:53pm

    Oh yeah. Happy day! HBGary finally got their website back online. (deep thot: considering rootkit.com was compromised by a 16 year old girl ... maybe they should stop explicitly casting their generic "attacker" archtype as "him").


    by kgb999 on Sat, 02/12/2011 - 12:05am

    I used to have a pro heard of a program called "bruteforce" which basically ran through passwords till it came up lucky-- kinda like in "wargames"  I gather that these days it's far more sophiticated.


    by jollyroger on Sat, 02/12/2011 - 12:20am

    That still comes in to it. They start by seeking a hole; first just run through a list of common exploits (usually do a port scan and try to ID the server type and software to make a plan). For a tougher system, as things progress the failures usually reveal more clues about the system being attacked. With a team (which they indicated this was), a couple of individuals will take the risk of actually attacking and then feed information back to the others who come up with the next line of attack, research and wait for additional info (or good news).

    In this case, the initial exploit probably didn't take much work. SQL injection is pretty much one of the first things on the list (if it applies to the server). That gave them access to the encrypted passwords file. It's not trivial to crack it - but optimized brute force like you describe usually does the trick before too long and can be load-split across a few systems to make it even faster). Cracking that got them Barr's account password ... which he used across the network, for twitter, facebook, and his iPad. The social engineering thing was to get access to rootkit.com ... on a different network which Barr had nothing to do with.

    Like someone said upthread, this attack wasn't really unique in any way in terms of tactics employed - but damn, it's caused more ripples than the other huge security company email dump that happened this week. I think maybe they are trying to overwhelm us with too much data to process ... like, "OK fuckers! Welcome to OUR world ... sort through all THIS!"

     


    by kgb999 on Sat, 02/12/2011 - 12:54am

    I always assumed that any well-protected system would flip out after seven or eight failed password attempts and go tap a human bean on the shoulder, like "dude, your shit is shaky...sombody's knockin' and they wanna come in..."


    by jollyroger on Sat, 02/12/2011 - 1:00am

    Yeah, that's how it's supposed to be set up; usually with some kind of lockout too (IP/Mac address blocking or lock login function 'till a human resets). But with Linux there is an encrypted password file. If someon can get rudimentary access,  they *download* the file and then run the attack on it. Quite a bit has been added to the original brute-force over the whiles (optimized, common word dictionaries, pw file interface, etc.) - there's a variation for almost everything.

    But some CMS software will still let you bruteforce directly at the admin login (there *are* usually security modules that can be installed though).


    by kgb999 on Sat, 02/12/2011 - 1:58am

    So it's still that same bruteforce that I used to ha   heard of.?  I notice that you cite linux as being vulnerable which is interesting since on the virus side, it seems like linux is more robust...or maybe just of less interest to virus writers since it is rare.  Is part of the hacking vulnerability a legacy of the unix system architecture?


    by jollyroger on Sat, 02/12/2011 - 2:06am

    My understanding is that the security functionality was an add-on; initially it was just an open thing between university researchers. There is now Security Enhanced Linux that answers some of the problems - I don't use it, so I don't know too much about it; forum chatter says if you configure incorrectly it makes matters worse than not having it. There were also rumors about the NSA planting backdoors in it. Which may not be too far fetched (but there are rumors with Windows too).


    by kgb999 on Sat, 02/12/2011 - 3:01am

    NSA planting backdoors in it

    I thought they just bald faced demanded keys, backdoors, spread your cheeks, whatever...Planting would be a kinder, gentler broomstick--lubed, as it were.  That would imply a charming reticence uncharacteristic of the NSA.

    the backdoor could have made it into the official release of version 2.6 of the kernel, and eventually into every up-to-date Linux machine on the Internet.

    Out of millions (ok, thousands) of lines of code, one call?  shit, how many must have gotten by...

     

     

     


    by jollyroger on Sat, 02/12/2011 - 3:11am

    No, it's millions.


    by kgb999 on Sat, 02/12/2011 - 3:58am

    No, it's millions. avast & ahoy & keelhaul me for a boy.... Should have gone w/my instincts. thirteen million lines? that is positively tiresome...didn't know that my (treasured) android phone runs linux..you learn something everyday

    by jollyroger on Sat, 02/12/2011 - 6:06pm

    Parenthetically, one wonders (well, I do...)if Linus is ever going to be as famous as Bill Gates, considering how little code Bill ever actually authored. And you can practically hear his shit groaning as it tries to wake up and perform...Dr. Kluge, white courtesy phone please...

    by jollyroger on Sat, 02/12/2011 - 6:16pm

    I fixin' to get nostalgic about my codewriting days, which are seriously long ago and far away..I haven't even done the due diligence to learn how to use the delivered package of linux (Knoppix is as close as I've gotten) I have a friend who (forelornly) received a onelaptopperchild netbook as a gift and he is forever begging for linux driver help, etc., and all I ever do is refer him to craigslist for the local linux users group. Everyone says it's a mere day and a half of effort to master the linux basics--undoubtably worth it considering the power that virtually glows when you boot knoppix.

    by jollyroger on Sat, 02/12/2011 - 6:26pm

    One was called "KEY". The other was called "NSAKEY".

    That's  more like it:"We're the N fuckin S fuckin A--suck it up!"


    by jollyroger on Sat, 02/12/2011 - 3:13am

    A bit too subtle for for you?

    I shudder to think what they've got embedded in the cell-phones.


    by kgb999 on Sat, 02/12/2011 - 3:39am

    I shudder to think The funny thing is, they can't actually review more than the tiniest fraction of what they sweep up...talk about the chaff driving out the wheat.

    by jollyroger on Sat, 02/12/2011 - 6:10pm

    BTW, that damned arstechnica link is overwhelming my bookmarks...thanks for nuttin'  I needed another distraction...I have currently opened no fewer than 8 stories, and I bet they are all fascinatin'


    by jollyroger on Sat, 02/12/2011 - 6:34pm

    SQL injection

    Is that hole still open?  I swear it must have been like windows 3.1 days, or something, when the sql problem was first raised...I thought they must have fixed it by now.

    Do linux systems have all the same wide open barn doors as  evil empire products do?


    by jollyroger on Sat, 02/12/2011 - 1:05am

    Yeah, Linux has some problems too (see the above mentioned pw file) - but not usually the same ones as MS, some SQL issues crossover (Apache stuff crosses too). And yeah the SQL problem is older than dirt all the way around. Protecting against it should be routine - certainly for a security company. Which is one of the big reasons why everyone was giving them such a hard time (initially ... now it's for being creepy sleazebags).

    Apparently there was a contractor or something they are blaming. Didn't quite understand the explanation - but someone got fired.

    (ha. Firefox spell-corrects sleazebags! LMAO).


    by kgb999 on Sat, 02/12/2011 - 2:08am

    contractor or something they are blaming

     Oh the wonder of wetware... it will fuck up the most fastidious system everytime.


    by jollyroger on Sat, 02/12/2011 - 2:19am

    I'm still chuckling at the Tolkein reference...where is Grima (wormtongue) when we need him to heave the stone over the tower's edge...


    by jollyroger on Sat, 02/12/2011 - 12:16am

    It could be said Anon just played that role.


    by kgb999 on Sat, 02/12/2011 - 12:25am

    "Anonymous" is planning something in support of the Greens in Iran tomorrow.

    via Al Jazeera (see illustration at right with "V for Vendetta mask")

    Cyberactivist Anonymous posted a Youtube video telling anti-government groups to 'expect' their support


    by artappraiser on Sat, 02/12/2011 - 8:09pm

    One is tempted to say "we are all anonymous", which under present circumstances may have content beyond the context...or the other way round, I'm not sure.


    by jollyroger on Sat, 02/12/2011 - 8:20pm

    As well as the RSA conference, Aaron Baar was scheduled to appear in front of all the
    security brass from DOJ, FBI, State Dept, DHS, etc. etc. in Washington:

    "U.S. Department of Justice Cybersecurity Conference. February 8-9, 2011"
    http://www.fbcinc.com/dojcyber/speakers.aspx

    Social Media: A New Age in Information Exploitation
    Aaron Barr, CEO, HBGary Federal
    http://www.fbcinc.com/dojcyber/agendagrid.aspx


    Great timing..... Any reports on how it went?

    Those "birds of a feather" must have been quite ruffled. :-)


    by Anonymous (not verified) on Mon, 02/21/2011 - 6:02pm