Anonymous Hacks Security Firm Investigating It; Releases E-mailby Kim Zetter, wired.com
February 7th 2011
A U.S. security firm that claimed to have uncovered the real identity of Anonymous members responsible for a recent spate of web site attacks became a victim of Anonymous itself, when members of the online vigilante group breached the company’s network and stole more than 60,000 internal e-mails.
The group posted the e-mail spool Sunday on the Pirate Bay torrent site for anyone to download and sift through.
HBGary Federal, which does classified work for the U.S. federal government among other security work, claimed it had been working with the FBI to unmask hackers behind recent denial-of-service attacks against PayPal, Visa, MasterCard and Amazon. Members of Anonymous — a loosely structured group of internet troublemakers — had organized the mass attacks after the companies suspended accounts used by WikiLeaks to receive donations and host documents. More recently, members of the group directed denial-of-service attacks against government web sites in Tunisia and Egypt.
Last month, the FBI announced it had executed more than 40 search warrants against people suspected of participating in the WikiLeaks-related attacks. British police also arrested five men in relation to the attacks.
The hack against HBGary Federal occurred after the Financial Times published a story on Saturday quoting Aaron Barr, CEO of the company. Barr said his company’s researchers had uncovered clues to the real identities of top members of Anonymous by monitoring chat rooms and Facebook groups they frequented. Barr identified a co-founder of the group, who goes by the name Q, and said he planned to give some of the information to the FBI. He also planned to present his findings at a security conference in San Francisco next week.
On Sunday, Anonymous ridiculed the company’s research skills and the accuracy of its data in a press release posted at Daily Kos, mocking the company’s “infiltration of our entirely secret IRC server anonops.ru and in particular our ultra-classified channels #opegypt, #optunisia, and, of course, #reporters, which itself is the most secret of all.”
In addition to the sudden disappearance of Anonymous leader Q, Anonymous co-founder Justin Bieber also disappeared just before his top-secret mission to Eritrea to offer physical succour to the rebels, suggesting that Mubarak is in our base, eating our Cheetos, likely with military support authorized by Hill Dawg.
The group then hacked into the HBGary Federal web site and e-mail servers, and replaced the web site content with a lengthy message taunting the security firm for failing to protect its own network and for trying to gain attention by marketing its research on Anonymous.
“Your recent claims of ‘infiltrating’ Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How’s this for attention?,” the message reads. “You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face.”
The hackers then posted a file purporting to contain the research that Barr had collected on Anonymous members as well as more than 50,000 e-mails in Barr’s account. The group claimed to have financial details for the company and threatened to erase content on the company servers.
The group also hijacked Barr’s Twitter account, sending out tweets as Barr, including a home address and Social Security number purporting to belong to him.
In addition to the HBGary site, the hackers gained root access to Rootkit.com, an online forum dedicated to analyzing and developing stealthy “rootkit” malware technology. The forum was founded by Greg Hoglund, CEO of HBGary, a separate security firm that owns about 15 percent of HBGary Federal. They seized Hoglund’s e-mail account and then posed as him in order to manipulate a Rootkit.com administrator named Jussi Jaakonaho into giving them root access to Rootkit.
Hoglund, Barr and Hoglund’s wife Penny, president of HBGary, tried to negotiate with the hackers via phone and chats to get the company’s data taken down, stating that Hoglund’s e-mails shouldn’t be exposed because he has little to do with HBGary Federal and that disclosure of some of the data would cost his company millions of dollars. The group ultimately agreed to remove links to the published e-mails for this reason, according to an online post from an Anonymous member.
Hoglund declined to comment on the hack.
Original Page: http://wired.contextly.com/redirect/?id=2d7M51NAV
Shared from Read It Later
Possession is 9/10ths of the law, and I don't have the PC with the rootkit, but I know who does. YOUR Jurisdiction.