Moderators: Elvis, DrVolin, Jeff
by Plutonia » Tue Feb 08, 2011 2:08 am
justdrew wrote:come on. HB Gary? that's absurd. has a single federal contract ever been awarded to this "company" ? Probably Anonymous invented the company and it's spokes critters are assisting in this whole hoax. the joke is on the media
by wintler2 » Wed Feb 09, 2011 12:34 am
by Plutonia » Wed Feb 09, 2011 2:03 am
by Plutonia » Wed Feb 09, 2011 2:19 am
How to get root on rootkit.com?
Well, it's quite easy if you have access to Greg Hoglands email account,
read for yourself.
--------------------------------------------------------------------------------
From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 1:59 PM
To: jussi <jussij@gmail.com>
im in europe and need to ssh into the server. can you drop open up
firewall and allow ssh through port 59022 or something vague?
and is our root password still 88j4bb3rw0cky88 or did we change to
88Scr3am3r88 ?
thanks
From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:06 PM
To: Greg Hoglund <greg@hbgary.com>
hi, do you have public ip? or should i just drop fw?
and it is w0cky - tho no remote root access allowed
From: Greg Hoglund <greg@hbgary.com> ISun, Feb 6, 2011 at 2:08 PM
To: jussi jaakonaho <jussij@gmail.com>
no i dont have the public ip with me at the moment because im ready
for a small meeting and im in a rush.
if anything just reset my password to changeme123 and give me public
ip and ill ssh in and reset my pw.
From: jussi jaakonaho <jussij@gmail.com> ISun, Feb 6, 2011 at 2:10 PM
To: Greg Hoglund <greg@hbgary.com>
ok,
takes couple mins, i will mail you when ready. ssh runs on 47152
...a little later:
bash-3.2# ssh hoglund@65.74.181.141 -p 47152
[unauthorized access prohibited]
hoglund@65.74.181.141's password:
[hoglund@www hoglund]$ unset
hoglund@www hoglund]$ w
11:23:50 up 30 days, 5:45, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
jussi pts/0 cs145060.pp.htv. Wed11pm 59.00s 0.38s 0.35s screen -r
jussi pts/1 - Thu 5am 1:13 0.38s 4.90s SCREEN
jussi pts/2 - Thu 5am 59.00s 0.68s 4.90s SCREEN
hoglund pts/3 132.181.74.65.st 11:23am 0.00s 0.03s 0.00s w
[hoglund@www hoglund]$ unset HIST
[hoglund@www hoglund]$ unset HISTFLE
[hoglund@www hoglund]$ unset HISTFILE
[hoglund@www hoglund]$ uname -a;hostname
Linux http://www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
http://www.rootkit.com
[hoglund@www hoglund]$ su -
Password:
[root@www root]# unset HIST
[root@www root]# unset HISTFILE
[root@www root]# uname -a;hostname;id
Linux http://www.rootkit.com 2.4.21-40.ELsmp #1 SMP Wed Mar 15 14:21:45 EST 2006 i686 i686 i386 GNU/Linux
http://www.rootkit.com
uid=0(root) gid=0(root) groups=0(root),1200(varmistus)
by Plutonia » Wed Feb 09, 2011 3:06 am
by justdrew » Wed Feb 09, 2011 2:47 pm
Firm hacked by ‘Anonymous’ plotted against WikiLeaks on bank’s behalf: report
By Eric W. Dolan
Wednesday, February 9th, 2011 -- 1:33 pm
Three data intelligence firms concocted a plan to attack WikiLeaks on behalf of Bank of America, according to a published report.
The three firms, Palantir Technologies, HBGary Federal and Berico Technologies, planned to "disrupt" Salon.com columnist Glenn Greenwald's support of WikiLeaks, create a disinformation campaign to discredit the secrets outlet, sow discord among WikiLeaks volunteers, and use cyber attacks to target the website's infrastructure.
The proposed assault on WikiLeaks, The Tech Herald reported, was revealed after the "non-group" of hacktivists known as "Anonymous" gained access to more than 44,000 emails from HBGary Federal's COO, Aaron Barr, after he said he had identified "core leaders" of the group. Barr also said he had information that could potentially lead to their arrest. The emails were released to the public in a 4.71 gigabyte Torrent file.
The emails show the proposal was developed at the request of the Hunton and Williams law firm, which had a meeting with Bank of America on December 3 to discuss legal action against WikiLeaks.
"They basically want to sue them to put an injunction on releasing any data," an email between the intelligence firms said. "They want to present to the bank a team capable of doing a comprehensive investigation into the data leak."
On November 30, just hours after Raw Story first unearthed evidence that WikiLeaks held data exposing corruption at Bank of America, bank executives held a late-night conference call to discuss damage control, the New York Times reported.
The bank's chief risk officer Bruce Thompson has since led a team of 15 to 20 senior officials at Bank of America to probe which the executive's hard drive the anti-secrecy outlet might possess. The Times reported that the investigation involved "scouring thousands of documents" and tracing computers that had gone missing or were vulnerable to cyber-attacks.
The leaked emails also revealed that HBGary Federal planned to meet with Booz Allen Hamilton, the firm brought in to help manage the bank's internal review, a month after the proposal for attacking WikiLeaks was created.
The emails do not show what the fate of the proposal was, aside from an message that vaguely expressed hope HBGary was going to "close the BOA deal." Nor is there any information at the time of this story's publication to suggest that Bank of America was directly involved in developing the plot against WikiLeaks.
In addition to releasing internal emails to the public Sunday, "Anonymous" also hijacked the HBGary Federal's website and associated Twitter accounts.
Their website was reduced to a single page that said the company was "working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately" to the cyber attacks against them.
"Do I regret it now? Sure," Barr told Forbes Monday. "I knew some folks would take my research as some kind of personal attack which it absolutely was not. I thought they might take down our Web site with a DDoS attack. I did not prepare for them to do what they did."
Barr added that he had to unplug his home router because "Anonymous" was trying to crack it.
Raw Story attempted to contact Barr and Bank of America, but emails and phone calls to both companies' offices went unreturned at time of this story's publication.
by hanshan » Wed Feb 09, 2011 5:27 pm
justdrew wrote:ok ok, it looks like these HBGary clowns are "for real" - real idiots with too much money in their pockets.Firm hacked by ‘Anonymous’ plotted against WikiLeaks on bank’s behalf: report
By Eric W. Dolan
Wednesday, February 9th, 2011 -- 1:33 pm
Three data intelligence firms concocted a plan to attack WikiLeaks on behalf of Bank of America, according to a published report.
The three firms, Palantir Technologies, HBGary Federal and Berico Technologies, planned to "disrupt" Salon.com columnist Glenn Greenwald's support of WikiLeaks, create a disinformation campaign to discredit the secrets outlet, sow discord among WikiLeaks volunteers, and use cyber attacks to target the website's infrastructure.
The proposed assault on WikiLeaks, The Tech Herald reported, was revealed after the "non-group" of hacktivists known as "Anonymous" gained access to more than 44,000 emails from HBGary Federal's COO, Aaron Barr, after he said he had identified "core leaders" of the group. Barr also said he had information that could potentially lead to their arrest. The emails were released to the public in a 4.71 gigabyte Torrent file.
The emails show the proposal was developed at the request of the Hunton and Williams law firm, which had a meeting with Bank of America on December 3 to discuss legal action against WikiLeaks.
"They basically want to sue them to put an injunction on releasing any data," an email between the intelligence firms said. "They want to present to the bank a team capable of doing a comprehensive investigation into the data leak."
On November 30, just hours after Raw Story first unearthed evidence that WikiLeaks held data exposing corruption at Bank of America, bank executives held a late-night conference call to discuss damage control, the New York Times reported.
The bank's chief risk officer Bruce Thompson has since led a team of 15 to 20 senior officials at Bank of America to probe which the executive's hard drive the anti-secrecy outlet might possess. The Times reported that the investigation involved "scouring thousands of documents" and tracing computers that had gone missing or were vulnerable to cyber-attacks.
The leaked emails also revealed that HBGary Federal planned to meet with Booz Allen Hamilton, the firm brought in to help manage the bank's internal review, a month after the proposal for attacking WikiLeaks was created.
The emails do not show what the fate of the proposal was, aside from an message that vaguely expressed hope HBGary was going to "close the BOA deal." Nor is there any information at the time of this story's publication to suggest that Bank of America was directly involved in developing the plot against WikiLeaks.
In addition to releasing internal emails to the public Sunday, "Anonymous" also hijacked the HBGary Federal's website and associated Twitter accounts.
Their website was reduced to a single page that said the company was "working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately" to the cyber attacks against them.
"Do I regret it now? Sure," Barr told Forbes Monday. "I knew some folks would take my research as some kind of personal attack which it absolutely was not. I thought they might take down our Web site with a DDoS attack. I did not prepare for them to do what they did."
Barr added that he had to unplug his home router because "Anonymous" was trying to crack it.
Raw Story attempted to contact Barr and Bank of America, but emails and phone calls to both companies' offices went unreturned at time of this story's publication.
by justdrew » Wed Feb 09, 2011 5:39 pm
by hanshan » Wed Feb 09, 2011 5:45 pm
justdrew wrote:there are no adults in corporate America, just overgrown babies crying that they should get to push the button, "waaaa!"
by wintler2 » Wed Feb 09, 2011 6:09 pm
Wow, check out that depth!Tech Herald The law firm had a meeting with Bank of America on December 3. To prepare, the firm emailed Palantir and the others asking for “…five to six slides on Wikileaks - who they are, how they operate and how this group may help this bank.”
hanshan wrote:..justdrew wrote:there are no adults in corporate America, just overgrown babies crying that they should get to push the button, "waaaa!"
Apparently. Seems money obviates maturity. Pity.
by Plutonia » Wed Feb 09, 2011 6:17 pm
As TechHerald reports, among those documents was a presentation, “The Wikileaks Threat,” put together by three data intelligence firms for Bank of America in December. As part of it, they put together what they claimed was a list of important contributors to Wikileaks. They suggested that Glenn Greenwald’s support was key to Wikileaks ongoing survival.
The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.
One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.
Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.
“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.
As TechHerald notes, an earlier version of the slide said support from people like Glenn needed to be “attacked.”
Now aside from the predictable but nevertheless rather shocking detail that these security firms believed the best way to take Wikileaks out was to push Glenn to stop supporting them, what they fuck are they thinking by claiming that Glenn weighs “professional preservation” against “cause”? Could they be more wrong, painting Glenn as a squeamish careerist whose loud support for Wikileaks (which dates back far longer than these security firms seem to understand) is secondary to “professional preservation”? Do they know Glenn is a journalist? Do they know he left the stuffy world of law? Have they thought about why he might have done that? Are they familiar at all with who Glenn is? Do they really believe Glenn became a household name–to the extent that he did–just in December?
http://emptywheel.firedoglake.com/2011/ ... greenwald/
emptywheel
@ggreenwald Apparently, you're a careerist hack who puts professional preservation ahead of cause. Wonder how much that genius cost BoA?
4 hours ago
Glenn Greenwald
@emptywheel Yeah - clearly I place professional preservation before cause: that's why I'm a WL defender - & media critic. So good for career
4 hours ago
by hanshan » Wed Feb 09, 2011 6:25 pm
wintler2 wrote:Score: Anonymous 7 : corp-state 0. If HBGray is the best the US gov & banks have to throw at Anonymous, they oughta fold now. But something tells me there are today scores of new startups offering anti-hacker services to govt .. it'd be lovely to get on that gravy train, apparently competence is not required.hanshan wrote:..justdrew wrote:there are no adults in corporate America, just overgrown babies crying that they should get to push the button, "waaaa!"
Apparently. Seems money obviates maturity. Pity.
It does, & more. I think intergenerational power & money almost inevitably dumbs down. eg. british aristocracy. eg. well-off kids who can't cook or labour or even walk a mile without whinging. eg. anglo nation citizens who refuse to understand that offshoring of jobs was inevitable under neoliberalism, not accidental. Power corrupts in many ways when used for selfish ends.
by Plutonia » Wed Feb 09, 2011 10:33 pm
ioerror Jacob Appelbaum
I feel honored to know that I'm in the HBGary email spool. Their pwnage is the Whitehat Valdez.
@kaepora Nadim Kobeissi
by ioerror
Wow, HBGary has absolutely no clue! Their only powers seem to be government connections and hilariously pretentious slideshows.
@kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the US Senate! http://uiu.me/senate.zip
@kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the NSA! http://uiu.me/nsa.zip
kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the CIA! http://uiu.me/cia.zip
kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the US House of Representatives! http://uiu.me/house.zip
kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the US Army! http://uiu.me/army.zip
kaepora Nadim Kobeissi
by ioerror
Hey everyone, here's a copy of all of HBGary's conversations with the FBI! http://uiu.me/fbi.zip
kaepora Nadim Kobeissi
by ioerror
EVERYONE: Reading the files is easy! Just open them in any text editor. Notepad will work just fine!
by Plutonia » Wed Feb 09, 2011 10:43 pm
1. [2011-02-06 23:53:35] -->| CogAnon (~CogAnon@an-33E99D21.dc.dc.cox.net) has joined #ophbgary
2. [2011-02-06 23:53:49] <q> Ohai CogAnon
3. [2011-02-06 23:53:56] <tflow> Hello, Mr. Barr.
4. [2011-02-06 23:54:12] <Topiary> Mr. Barr and his infiltration of Anonymous; "Now they're threatening us directly", amirite?
5. [2011-02-06 23:54:16] <tflow> I apologize for what's about to happen to you and your company.
6. [2011-02-06 23:54:20] <q> Enjoying the Superbowl, I hope?
7. [2011-02-06 23:54:25] <CogAnon> high one sec. please
8. [2011-02-06 23:54:25] <tflow> I really do, Mr. Barr.
9. [2011-02-06 23:54:36] <tflow> You have no idea what's coming next.
10. [2011-02-06 23:54:36] <Topiary> tflow: How are things going with that, anyway?
11. [2011-02-06 23:55:24] <Topiary> CogAnon is clearly super 1337 with his PM psyops skills in the Washington area
12. [2011-02-06 23:55:29] <CogAnon> ok...sure I figured something like this might happen.
13. [2011-02-06 23:55:42] <Topiary> CogAnon: nah, you won't like what's coming next
14. [2011-02-06 23:55:51] <tflow> CogAnon: Can you guess what's coming next?
15. [2011-02-06 23:56:00] <Topiary> Ooh, a fun game - guess!
16. [2011-02-06 23:56:02] <CogAnon> dude...you just don't get it. it was research on social media vulnerabilities...I was never going to release the names...
17. [2011-02-06 23:56:11] <Sabu> LIAR
18. [2011-02-06 23:56:14] <CogAnon> as I told CommanderX last night.
19. [2011-02-06 23:56:16] <BarrettBrown> CogAnon: You went to press
20. [2011-02-06 23:56:22] <Topiary> CogAnon: yeah we read the facebook conversation, and every other conversation
21. [2011-02-06 23:56:23] <BarrettBrown> With info that was largely false
22. [2011-02-06 23:56:24] <q> CogAnon: only that your research like totally failed and all your info was bullshit
23. [2011-02-06 23:56:25] <c0s> CogAnon: that article was a hit peice.
24. [2011-02-06 23:56:27] <CogAnon> ok whatever...whoever has done this has tied my hands now though.
25. [2011-02-06 23:56:37] <BarrettBrown> I suggest you go to Bloomberg and explain
26. [2011-02-06 23:56:38] <Sabu> CogAnon: Don't you have a meeting with the FBI Monday morning?
27. [2011-02-06 23:56:39] <CogAnon> ok
28. [2011-02-06 23:56:42] <Topiary> Sabu: he totally does
29. [2011-02-06 23:56:44] <tflow> CogAnon: I feel sorry for what's about to happen. I really do.
30. [2011-02-06 23:56:45] <Sabu> Tomorrow @ 11am?
31. [2011-02-06 23:56:46] <q> CogAnon: we'll send that to your FBI friends, so they have that before your talk tomorrow
32. [2011-02-06 23:56:49] <CogAnon> yep...they called me.
33. [2011-02-06 23:56:51] <n0pants> Moral of the Story: Don't drum up business by banging on a hornet's nest.
34. [2011-02-06 23:57:01] <CogAnon> I have a lot of people calling me.
35. [2011-02-06 23:57:02] <Sabu> You intended of battling anonymous in the media for media gain and attention
36. [2011-02-06 23:57:04] <Sabu> well let me ask you
37. [2011-2-06 23:57:08] <Sabu> you got the media attention now
38. [2011-02-06 23:57:10] <Sabu> how does it feel
39. [2011-02-06 23:57:11] <Sabu> ?
40. [2011-02-06 23:57:14] <CogAnon> yep
41. [2011-02-06 23:57:16] <Topiary> CogAnon: want me to call you, baby?
42. [2011-02-06 23:57:16] <tflow> Oh, no
43. [2011-02-06 23:57:17] <Sabu> was it worth it?
44. [2011-02-06 23:57:19] <tflow> He hasn't got it yet.
45. [2011-02-06 23:57:22] <Sabu> Topiary: just call him.
46. [2011-02-06 23:57:23] <BarrettBrown> CogAnon: michaelriley@bloomberg/net
47. [2011-02-06 23:57:26] <tflow> This is just the tipping point.
48. [2011-02-06 23:57:28] <BarrettBrown> Tell him your side of the story
49. [2011-02-06 23:57:30] <BarrettBrown> and hurry
50. [2011-02-06 23:57:34] <tflow> Of what's going to happen next
51. [2011-02-06 23:57:34] <Topiary> Oh guys, what's coming next is the delicious cake.
52. [2011-02-06 23:57:40] <BarrettBrown> bloomberg.net, rather
53. [2011-02-06 23:57:41] -->| `k (~mysql2@nic.mil) has joined #ophbgary
54. [2011-02-06 23:57:47] <q> @AnonymousIRC Is it illegal to download it?! By the way the mac privacy package, crashed my macbook last time!
55. [2011-02-06 23:57:48] <`k> lol
56. [2011-02-06 23:57:51] <q> good question
57. [2011-02-06 23:57:54] <c0s> k: <3
58. [2011-02-06 23:57:56] <`k> <3
59. [2011-02-06 23:57:59] <q> is it illegal to download the database?
60. [2011-02-06 23:58:00] <Topiary> hold on lemme tweet about this channel
61. [2011-02-06 23:58:02] <q> hey k!
62. [2011-02-06 23:58:07] <Sabu> OK MATE
63. [2011-02-06 23:58:12] <`k> sh1t g0t fuck3d l0l
64. [2011-02-06 23:58:21] <n0pants> and then the flood
65. [2011-02-06 23:58:22] =-= Mode #ophbgary +o `k by q
66. [2011-02-06 23:58:25] <Sabu> AARON BARNETTE SPEAK TO US
67. [2011-02-06 23:58:30] -->| nigg (h@D708A2F9.7193C430.4840EDD0.IP) has joined #ophbgary
68. [2011-02-06 23:58:31] <Sabu> ERR I MEAN BARR
69. [2011-02-06 23:58:31] <Sabu> LOL
70. [2011-02-06 23:58:33] <--| nigg has left #ophbgary (Leaving)
71. [2011-02-06 23:58:36] -->| nigg (h@D708A2F9.7193C430.4840EDD0.IP) has joined #ophbgary
72. [2011-02-06 23:58:41] <nigg> why hello thar
73. [2011-02-06 23:58:46] <Sabu> hello nigg.
74. [2011-02-06 23:58:50] <Topiary> okay tweeted
75. [2011-02-06 23:58:53] <nigg> so who wants all of
76. [2011-02-06 23:58:55] <nigg> his emails?
77. [2011-02-06 23:59:06] <Sabu> uhm you have his emails????
78. [2011-02-06 23:59:07] -->| blergh (blergh@194.18.73.185) has joined #ophbgary
79. [2011-02-06 23:59:10] <Sabu> DAMN!
80. [2011-02-06 23:59:14] <nigg> 2.3gb's of gold
81. [2011-02-06 23:59:15] <Topiary> sure, I'd enjoy some 68,000 emails
82. [2011-02-06 23:59:19] <Topiary> can we please have 68,000 of their emails?
83. [2011-02-06 23:59:21] <blergh> lol
84. [2011-02-06 23:59:21] <`k> nigg not ehre
85. [2011-02-06 23:59:22] <tflow> I already have them
86. [2011-02-06 23:59:23] <blergh> what is this?
87. [2011-02-06 23:59:24] -->| Cody (oh@hi.i.didnt.c.u.thar) has joined #ophbgary
88. [2011-02-06 23:59:25] <c0s> those emails are going to be pretty
89. [2011-02-06 23:59:25] <Topiary> oh wait we totally already have them
90. [2011-02-06 23:59:26] <`k> here
91. [2011-02-06 23:59:27] <nigg> 68,000?
92. [2011-02-06 23:59:27] <Topiary> trolololol
93. [2011-02-06 23:59:27] <tflow> I'm going to torrent them shortly.
94. [2011-02-06 23:59:35] <nigg> not many
95. [2011-02-06 23:59:38] <nigg> i got more
96. [2011-02-06 23:59:38] <blergh> As an ircop i demand answers
97. [2011-02-06 23:59:39] <`k> nigg is a friend
98. [2011-02-06 23:59:40] <blergh> niggurz
99. [2011-02-06 23:59:44] <`k>
100. [2011-02-06 23:59:45] <Sabu> [Case #00947622] Account have been hacked [ref:00D0VNwG.5006AppGm:ref]
101. [2011-02-06 23:59:45] <Sabu>
102. [2011-02-06 23:59:45] <Sabu> Inbox X
103. [2011-02-06 23:59:45] <Sabu>
104. [2011-02-06 23:59:45] <Sabu> Reply
105. [2011-02-06 23:59:45] <blergh> what is this?
106. [2011-02-06 23:59:46] <Sabu> |
107. [2011-02-06 23:59:48] <Sabu> Google Enterprise Support to me
108. [2011-02-06 23:59:50] <nigg> 68 is tiny
109. [2011-02-06 23:59:50] <tflow> I have Barr's, Ted's and Phil's emails
110. [2011-02-06 23:59:50] <nigg> im talking
111. [2011-02-06 23:59:50] <CogAnon> lol..ok guys well u got me right.
112. [2011-02-06 23:59:51] <Sabu> show details 6:53 PM (5 minutes ago)
113. [2011-02-06 23:59:51] <tflow> All of them.
114. [2011-02-06 23:59:53] <Sabu>
115. [2011-02-06 23:59:53] <BarrettBrown> tips@gawker.com
116. [2011-02-06 23:59:54] <q> tweeted with weblink
117. [2011-02-06 23:59:56] <Sabu> from Google Enterprise Support <esupport@google.com>
118. [2011-02-06 23:59:56] <nigg> 200k
119. [2011-02-06 23:59:58] <Sabu> to "greg@hbgary.com" <greg@hbgary.com>
120. [2011-02-06 23:59:59] <BarrettBrown> great place to send e-mails
121. [2011-02-06 23:59:59] -->| mib_ep5qpb (Mibbit@an-71DA39E0.hsd1.fl.comcast.net) has joined #ophbgary
122. [2011-02-07 00:00:00] <Sabu> date Sun, Feb 6, 2011 at 6:53 PM
123. [2011-02-07 00:00:01] -->| haz (Mibbit@7C61D6D2.425F8753.1D709F83.IP) has joined #ophbgary
http://pastebin.com/p8Pt60Fu
by seemslikeadream » Wed Feb 09, 2011 11:02 pm
The WikiLeaks Threat
Bank of America using three intelligence firms to attack WikiLeaks
You would almost need to be disconnected from the Internet to not know about Aaron Barr, the CEO of HBGary Federal, feeling the wrath of Anonymous after Barr told of his intentions to expose the leaders of Anonymous at an upcoming Security B-Sides conference. But today, WikiLeaks published a document called "The WikiLeaks Threat" [PDF] which revealed two other intelligence firms, besides HBGary, were working to develop a strategic plan of attack against WikiLeaks on the behalf of Bank of America.
How one man tracked down Anonymous—and paid a heavy price
By Nate Anderson | Last updated 29 minutes ago
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations had proved daunting. Barr had a way to crack the code.
In a private e-mail to a colleague at his security firm HBGary Federal, which sells digital tools to the US government, the CEO bragged about his research project.
"They think I have nothing but a heirarchy based on IRC [Internet Relay Chat] aliases!" he wrote. "As 1337 as these guys are suppsed to be they don't get it. I have pwned them!"
But had he?
"We are kind of pissed at him right now"
Aaron Barr
Barr's "pwning" meant finding out the names and addresses of the top Anonymous leadership. While the group claimed to be headless, Barr believed this to be a lie; indeed, he told others that Anonymous was a tiny group.
"At any given time there are probably no more than 20-40 people active, accept during hightened points of activity like Egypt and Tunisia where the numbers swell but mostly by trolls," he wrote in an internal e-mail. (All e-mails in this investigative report are provided verbatim, typos and all.) "Most of the people in the IRC channel are zombies to inflate the numbers."
The show was run by a couple of admins he identified as "Q," "Owen," and "CommanderX"—and Barr had used social media data and subterfuge to map those names to three real people, two in California and one in New York.
Near the end of January, Barr began publicizing his information, though without divulging the names of the Anonymous admins. When the Financial Times picked up the story and ran a piece on it on February 4, it wasn't long before Barr got what he wanted—contacts from the FBI, the Director of National Intelligence, and the US military. The FBI had been after Anonymous for some time, recently kicking in doors while executing 40 search warrants against group members.
Confident in his abilities, Barr told one of the programmers who helped him on the project, "You just need to program as good as I analyze."
But on February 5, one day after the Financial Times article and six days before Barr's sit-down with the FBI, Anonymous did some "pwning" of its own. "Ddos!!! Fckers," Barr sent from his iPhone as a distributed denial of service attack hit his corporate network. He then pledged to "take the gloves off."
When the liberal blog Daily Kos ran a story on Barr's work later that day, some Anonymous users commented on it. Barr sent out an e-mail to colleagues, and he was getting worked up: "They think all I know is their irc names!!!!! I know their real fing names. Karen [HBGary Federal's public relations head] I need u to help moderate me because I am getting angry. I am planning on releasing a few names of folks that were already arrested. This battle between us will help spur publicity anyway."
Indeed, publicity was the plan. Barr hoped his research would "start a verbal braul between us and keep it going because that will bring more media and more attention to a very important topic."
But within a day, Anonymous had managed to infiltrate HBGary Federal's website and take it down, replacing it with a pro-Anonymous message ("now the Anonymous hand is bitch-slapping you in the face.") Anonymous got into HBGary Federal's e-mail server, for which Barr was the admin, and compromised it, extracting over 40,000 e-mails and putting them up on The Pirate Bay, all after watching his communications for 30 hours, undetected. In an after-action IRC chat, Anonymous members bragged about how they had gone even further, deleting 1TB of HBGary backup data.
They even claimed to have wiped Barr's iPad remotely.
The situation got so bad for the security company that HBGary, the company which partially owns HBGary Federal, sent its president Penny Leavy into the Anonymous IRC chat rooms to swim with the sharks—and to beg them to leave her company alone. Instead, Anonymous suggested that, to avoid more problems, Leavy should fire Barr and "take your investment in aaron's company and donate it to BRADLEY MANNINGS DEFENCE FUND." Barr should cough off up a personal contribution, too; say, one month's salary?
As for Barr's "pwning," Leavy couldn't backtrack from it fast enough. "We have not seen the list [of Anonymous admins] and we are kind of pissed at him right now.
Were Barr's vaunted names even correct? Anonymous insisted repeatedly that they were not. As one admin put it in the IRC chat with Leavy, "Did you also know that aaron was peddling fake/wrong/false information leading to the potential arrest of innocent people?" The group then made that information public, claiming that it was all ridiculous.
Thanks to the leaked e-mails, we now have the full story of how Barr infiltrated Anonymous, used social media to compile his lists, and even resorted to attacks on the codebase of the Low Orbit Ion Cannon used in attacks—and how others at his own company warned him about the pitfalls of his own research.
Anonymous, angry at Barr
"I will sell it"
Barr had been interested in social media for quite some time, believing that the links it showed between people had enormous value when it came to mapping networks of hackers—and when hackers wanted to target their victims. He presented a talk to a closed Department of Justice conference earlier this year on "specific techniques that can be used to target, collect, and exploit targets with laser focus and with 100 percent success" through social media.
His curiosity about teasing out the webs of connections between people grew. By scraping sites like Facebook or LinkedIn, Barr believed he could draw strong conclusions, such as determining which town someone lived in even if they didn't provide that information. How? By looking at their friends.
"The next step would be ok we have 24 people that list Auburn, NY as their hometown," he wrote to the programmer implementing his directives. "There are 60 other people that list over 5 of those 24 as friends. That immediately tells me that at a minimum those 60 can be tagged as having a hometown as Auburn, NY. The more the data matures the more things we can do with it."
The same went for hackers, whose family and friends might provide information that even the most carefully guarded Anonymous member could not conceal. "Hackers may not list the data, but hackers are people too so they associate with friends and family," Barr said. "Those friends and family can provide key indicators on the hacker without them releasing it…"
His programmer had doubts, saying that the scraping and linking work he was doing was of limited value and had no commercial prospects. As he wrote in an e-mail:
Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit
But Barr was confident. "I will sell it," he wrote.
To further test his ideas and to drum up interest in them, Barr proposed a talk at the BSides security conference in San Francisco, which takes place February 14 and 15. Barr's talk was titled "Who Needs NSA when we have Social Media?" and his plan to draw publicity involved a fateful decision: he would infiltrate and expose Anonymous, which he believed was strongly linked to WikiLeaks.
"I am going to focus on outing the major players of the anonymous group I think," he wrote. "Afterall - no secrets right?
With that, the game was afoot.
"I enjoy the LULZ"
Barr created multiple aliases and began logging on to Anonymous IRC chat rooms to figure out how the group worked. He worked to link these IRC handles to real people, in part using his social networking expertise, and he created fake Twitter accounts and Facebook profiles. He began communicating with those he believed were leaders.
After weeks of this work, he reported back to his colleagues on how he planned to use his fake personas to drum up interest in his upcoming talk.
I have developed a persona that is well accepted within their groups and want to use this and my real persona against eachother to build up press for the talk. Pre-talk plan.
I am going to tell a few key leaders under my persona, that I have been given information that a so called cyber security expert named Aaron Barr will be briefing the power of social media analysis and as part of the talk with be dissecting the Anonymous group as well as some critical infrastructure and government organizations
I will prepare a press sheet for Karen to give to Darkreading a few days after I tell these folks under persona to legitimize the accusation. This will generate a big discussion in Anonymous chat channels, which are attended by the press. This will then generate press about the talk, hopefully driving more people and more business to us.
Barr then contacted another security company that specializes in botnet research. He suspected that top Anonymous admins like CommanderX had access to serious Internet firepower, and that this probably came through control of bots on compromised computers around the world.
Barr asked if the researchers could "search their database for specific targets (like the one below) during an operational window (date/time span) to see if any botnet(s) are participating in attacks? Below is an attack which is currently ongoing." (The attack in question was part of Anonymous' "Operation Payback" campaign and was targeted at the government of Venezuala.)
The report that came back focused on the Low Orbit Ion Cannon, a tool originally coded by a private security firm in order to test website defenses. The code was open-sourced and then abandoned, but someone later dusted it off and added "hivemind mode" that let LOIC users "opt in" to centralized control of the tool. With hundreds or thousands of machines running the stress-test tool at once, even major sites could be dropped quickly. (The company recorded only 1,200 machines going after MasterCard on December 11, for instance.)
To boost the credibility of his online aliases, Barr then resorted to a ruse. He asked his coder to grab the LOIC source code. "I want to add some code to it," Barr said. "I don't want to distribute that, it will be found and then my persona will be called out. I want to add it, distribute it under a persona to burn and then have my other persona call out the code."
A screenshot of LOIC
The code to be added was an HTTP beacon that linked to a free website Barr had set up on Blogspot. He wanted a copy of the altered source and a compiled executable. His programmer, fearing Anonymous, balked.
On January 20, the coder wrote back, "I'm not compiling that shit on my box!" He even refused to grab a copy of the source code from message boards or other IRC users, because "I ain't touchin' any of that shit as those are already monitored."
"Dude," responded Barr. "Anonymous is a reckless organization. C'mon I know u and I both understand and believe generally in their principles but they are not a focused and considerate group, the[y] attack at will and do not care of their effects. Do u actually like this group?"
The coder said he didn't support all they did, but that Anonymous had its moments. Besides, "I enjoy the LULZ."
"Dude—who's evil?"
At one time, Barr supported WikiLeaks. When the site released its (edited) "Collateral Murder" video of a US gunship killing Reuters photographers in Iraq, Barr was on board. But when WikiLeaks released its huge cache of US diplomatic cables, Barr came to believe "they are a menace," and that when Anonymous sprang to the defense of WikiLeaks, it wasn't merely out of principle. It was about power.
"When they took down MasterCard do u think they thought alright win one for the small guy!" he asked. "The first thought through most of their malcontented minds was a rush of power. That's not ideals."
He continued in this philosophical vein:
But dude whos evil?
US Gov? Wikileaks? Anonymous?
Its all about power. The Wikileaks and Anonymous guys think they are doing the people justice by without much investigation or education exposing information or targeting organizations? BS. Its about trying to take power from others and give it to themeselves.
I follow one law.
Mine.
His coder asked Barr how he slept at night, "you military industrial machine capitalist."
"I sleep great," Barr responded. "Of course I do indoor [enjoy?] the money and some sense of purpose. But I canget purpose a lot of places, few of which pay this salary."
The comments are over the top, of course. Elsewhere, Barr gets more serious. "I really dislike corporations," he says. "They suck the lifeblood out of humanity. But they are also necessary and keep us moving, in what direction I don't know.
"Governments and corporations should have a right to protect secrets, senstive information that could be damage to their operations. I think these groups are also saying this should be free game as well and I disagree. Hence the 250,000 cables. WHich was bullshit… Society needs some people in the know and some people not. These folks, these sheep believe that all information should be accessible. BS. And if they truly believe it then they should have no problem with me gathering information for public distribution."
But Anonymous had a bit of a problem with that.
The hunter and the hunted
As Barr wrapped up his research and wrote his conference presentation, he believed he had unmasked 80-90 percent of the Anonymous leadership—and he had done it all using publicly available information.
"They are relying on IP for anonymity," he wrote in a draft of his presentation. "That is irrelevant with social media users. U use IRC and FB and Twitter and Forums and Blogs regularly… hiding UR IP doesn't matter."
Barr would do things like correlate timestamps; a user in IRC would post something, and then a Twitter post on the same topic might appear a second later. Find a few of these links and you might conclude that the IRC user and the Twitter user were the same person.
Even if the content differed, what if you could correlate the times that someone was on IRC with the times a Facebook user was posting to his wall? "If you friend enough people you might be able to correlate people logging into chat with people logging into Facebook," Barr wrote.
The document contained a list of key IRC chatrooms and Twitter accounts. Facebook groups were included, as were websites. But then Barr started naming names. His notes are full of comments on Anonymous members. "Switch" is a "real asshole but knows what he's talking about," while "unbeliever" might be "alexander [last name redacted]."
In the end, Barr determined that three people were most important. A figure called Q was the "founder and runs the IRC. He is indead in California, as are many of the senior leadership of the group." Another person called Owen is "almost a co-founder, lives in NY with family that are also active in the group, including slenaid and rabbit (nicks)." Finally, CommanderX can "manage some significant firepower." Barr believed he had matched real names to each of these three individuals.
He wasn't doing it to actually expose the names, though. "My intent is not to do this work to put people in jail," Barr wrote to others in the company. "My intent is to clearly demonstrate how this can be effectively used to gather significant intelligence and potentially exploit targets of interest (the other customers will read between the lines)."
He then revealed himself on Twitter to the person he believed was CommanderX. "I am not going to release names," Barr said on February 5, using the alias Julian Goodspeak. "I am merely doing security research to prove the vulnerability of social media." He asked for Anonymous to call off its DDoS attack on HBGary Federal, an attack that had begun earlier that day.
"Danger, Will Robinson!"
Throughout Barr's research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his "analysis" work, but doubts remained. An email exchange between the two on January 19 is instructive:
Barr wants to: check a persons friends list against the people that have liked or joined a particular group.
Coder: No it won't. It will tell you how mindless their friends are at clicking stupid shit that comes up on a friends page. especially when they first join facebook.
Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.
Coder: You keep assuming you're right, and basing that assumption off of guilt by association.
Barr: Noooo….its about probabilty based on frequency...c'mon ur way smarter at math than me.
Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don't want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Barr: [redacted]
Coder: [some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.
Barr: [some information redacted] On the gut feeling thing...dude I don't just go by gut feeling...I spend hours doing analysis and come to conclusions that I know can be automated...so put the taco down and get to work!
Coder: I'm not doubting that you're doing analysis. I'm doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it's right. You're still working off of the idea that the data is accurate. mmmm…..taco!
Later, when Barr talks about some "advanced analytical techniques" he's been pondering for use on the Anonymous data, the coder replies with apparent frustration, "You keep saying things about statistics and analytics but you haven't given me one algorithm or SQL query statement."
Privately, the coder then went to another company official with a warning. "He's on a bad path. He's talking about his analytics and that he can prove things statistically but he hasn't proven anything mathematically nor has he had any of his data vetted for accuracy, yet he keeps briefing people and giving interviews. It's irresponsible to make claims/accusations based off of a guess from his best gut feeling when he has even told me that he believes his gut, but more often than not it's been proven wrong. I feel his arrogance is catching up to him again and that has never ended well...for any of us."
Others made similar dark warnings. "I don't really want to get DDOS'd, so assuming we do get DDOS'd then what? How do we make lemonade from that?" one executive asked Barr. The public relations exec warned Barr not to start dropping real names: "Take the emotion out of it -> focus on the purpose. I don't see benefit to you or company to tell them you have their real names -- published or not."
Another internal warning ended: "Danger Will Robinson. You could end up accusing a wrong person. Or you could further enrage the group. Or you could be wrong, and it blows up in your face, and HBGary's face, publicly."
"Quite simply, nonsense"
But Barr got his Financial Times story, and with it the publicity he sought. He also made clear that he had the real names, and Anonymous knew he would soon meet with the FBI. Though Barr apparently planned to keep his names and addresses private even at this meeting, it was easy to see why Anonymous would have doubts.
When HBGary President Penny Leavy, who was an investor in separate company HBGary Federal, waded into IRC to reason with Anonymous, she pleaded ignorance of Barr's activities and said that they were "for security research only; the article was to get more people to the [BSides] event." To which someone responded, "Penny: if what you are saying is tree [true] then why is Aaron meeting with the FBI tomorrow morning at 11am? PLEASE KEEP IN MIND WE HAVE ALL YOUR EMAILS." (The answer from the e-mails is that Barr was trying to drum up business with the feds, not necessarily take down Anonymous.)
As for the names in Barr's BSides presentation, Anonymous insisted that they were wrong. "Penny please note that the names in that file belong to innocent random people on facebook. none of which are related to us at all," said one admin.
Another user complained to Leavy that "the document that [Barr] had produced actually has my girlfriend in it. She has never done anytihng with anonymous, not once. I had used her computer a couple times to look at a group on facebook or something."
In the note posted on HBGary Federal's website when it was taken over, Anonymous blasted Barr's work. "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False…. We laughed. Most of the information you've 'extracted' is publicly available via our IRC networks. The personal details of Anonymous 'members' you think you've acquired are, quite simply, nonsense."
Oh—and remember the threatening IRC log above, the one "recruiting" Barr to attack a DC security company? Anonymous says that it was all a joke.
"I mean come on, Penny," wrote Topiary in an IRC chat, "I messaged Aaron in PM [private message] and told him about a 'secret' Washington OP, then he emailed the company (including you) being entirely confident that we were directly threatening you, and he thought we didn't know who he was.
"He seriously works at a security company?"
Never forgive, never forget
Barr's hacked Twitter account
Anonymous doesn't like to let up. Barr's Twitter account remains compromised, sprinkled with profane taunts. The HBGary websites remain down. The e-mails of three key players were leaked via BitTorrent, stuffed as they were with nondisclosure agreements, confidential documents, salary numbers, and other sensitive data that had nothing to do with Anonymous.
And they have more information—such as the e-mails of Greg Hoglund, Leavy's husband and the operator of rootkit.org (which was also taken down by the group).
When Leavy showed up to plead her case, asking Anonymous to at least stop distributing the e-mails, the hivemind reveled in its power over Leavy and her company, resorting eventually to tough demands against Barr.
"Simple: fire Aaron, have him admit defeat in a public statement," said Topiary, when asked what the group wanted. "We won't bother you further after this, but what we've done can't be taken back. Realize that, and for the company's sake, dispose of Aaron."
Others demanded an immediate "burn notice" on Barr and donations to Bradley Manning, the young military member now in solitary confinement on suspicion of leaking classified documents to Wikileaks.
The hack unfolded at the worst possible time for HBGary Federal. The company was trying to sell, hopefully for around $2 million, but the two best potential buyers started to drag their heels. "They want to see delivery on pipeline before paying those prices," Leavy wrote to Barr. "So initial payout is going to be lower with both companies I am talking with. That said our pipeline continues to drag out as customers are in no hurry to get things done quickly so if we dont sell soon and our customers dont come through soon we are going to have cash flow issues."
And being blasted off the 'Net by Anonymous is practically the last thing a company in such a situation needs. After the attacks, Leavy told the Financial Times that they cost HBGary millions of dollars.
“I wish it had been handled differently,” she added.
Hacked by a 16-year old girl
And who were Barr and his company up against in all this? According to Anonymous, a five-member team took down HBGary Federal and rootkit.com, in part through the very sort of social engineering Barr had tried to employ against Anonymous.
One of those five was allegedly a 16-year old girl, who "social engineered your admin jussi and got root to rootkit.com," one Anonymous member explained in IRC. Another, pleased with power, taunted Penny Leavy and her husband, who sat beside her during the chat: "How does it feel to get hacked by a 16yr old girl?"
The attackers are quintessentially Anonymous: young, technically sophisticated, brash, and crassly juvenile, all at the same time. And it's getting ever more difficult to dismiss Anonymous' hacker activity as the harmless result of a few mask-wearing buffoons.
Perhaps the entire strange story can be best summed up by a single picture, one that Barr e-mailed to two of his colleagues back on January 28. "Oh fuck," it says beneath a picture of an Anonymous real-world protest. "The Internet is here."
Users browsing this forum: No registered users and 20 guests
