Schneier on Security

Jim • February 28, 2011 4:14 PM

-This is really hilarious. We have a guy with a huge ego doing illegal work to stomp down on dissidents, subverting people’s machines for profit.

Let’s clarify the real issues before many people get lost in the noise of what really went on. I have sifted through at least 300 pages of the 781 pages of emails so far. What I come across with is a company that is being built by hard working people, most notably Penny Leavy, Greg Hoglund and Bob Slapnik. There are more to be sure, but I sifted through the emails from that group the most.

Penny was busy making sure the sales teams stayed focused on selling their products to various entities. Greg was busy traveling to various conferences, and at one point wanting to cancel everything just to focus on the core of the company. Aaron was busy as well, but had many side items going on, such as invading the sex channels in various chat rooms acting as if he was a 16 year old girl wanting sex just so he could grab some servers and get some sexbots going. Sure, he did more, but he focused on ops while everyone else was focusing on products and development and sales.

I am not saying that Aaron was not working on training sessions or the company business, but from what I could see he was the only real loose cannon in the group. But because he had TS/SCI Poly he was a go to guy to get government contracts going while everyone else was busy with the retail sector.

Then there were the actual techs who kept everything inline managing signature files or getting malware delivered to them by Virustotal or other vendors in the field. Of course many of us already knew long ago that VirusTotal had sold out to the security industry, and was selling their databases for a huge amount (75k a month as one of the emails stated)

So the company was operating as any other company does, trying to get sales, work on product development, and basically get money coming in the door. No easy task as we all know.

When the DOJ was contacted by the COC (Chamber of Commerce) they were referred to H&W (Hunton & Williams) because H&W had contacts in the field of security. Their core business was lobbying, but they had a number of security people in their realm they could reach out to. And as the email traffic showed, they reached out to HBGary to see what they could offer for scanning services or intelligence services on those that were working against the COC’s business interests.

It was at this very point when money was tight in the company, and everyone was scrambling around trying to raise money to hire better talent, which they had been doing each month it seemed, that they ran into the pressure cooker, and that pressure cooker was selling not their own products, but an entirely new product that Aaron had been toying with for some time.

It was at that point that Aaron sort of took over the show while everyone else was busy doing their jobs. Since none of us know what emails exist at H&W in this affair, we cannot surmise what they were thinking when they received the initial proposal for the work they asked for, which was basic monitoring and or letting them know what they could dig up on these people against the COC. Since we have no knowledge of the emails inter office we can only speculate what happened.

They are a law firm, and quite a large one. One can only think that when they saw the initial proposals they were shocked by what they probably saw as illegal activity reminiscent of Donald Segretti and the ratf*cking that went on during Watergate. I know I could see it, and if anyone wanted to look at the Segretti work, one could easily Google him to see that what Aaron was proposing was in fact no different that what went on during the COINTELPRO days and Watergate and The Plumbers.

I would think that at the very least the reason for the stalling was so they could think about what they were being asked to get into. And what repercussions might come if there were any failures. Again though this is speculation. But ask yourself how many large firms will risk their firm in such a way? I think not many, if any at all, would do what Aaron and HBGary was proposing.

Looking at Aaron and his private little wars on the net, one can easily see a guy who is obsessed with information gathering and finding out who is who and what is what. There are many people in the security business that are just like him. Industry wide this is not something that is one bad apple in a large basket. This is many bad apples in a very tainted basket. But I digress.

The point I am trying to make here is that sometimes one bad actor in a company can make everyone else stink as the one bad apple analogy. And after reading half of the email traffic so far from the 781 page leak, I can tell you that so far I have not seen anyone else looking that bad. There were some instances of price increases on products that were not really worth it, there were a number of better get your act together emails or your fired on the sales teams part. There were countless issues with making sure that their defense products were up to speed and could handle all the Malware one could throw at it. But, there really wasn’t any shady deals going on there. If you look at it, compliance was an issue for them, and they always wanted or needed to stay within that realm. Even when getting their office TSA certified, they were talking about having to lease another building just to be Top Secret document certified.

The Malware issue was because they needed all kinds of Malware to make sure their defense products would catch it, not so they could use it against other companies or individuals. They did not use the Malware on targets, at least not as far as I have read yet. The issue with doing so came primarily from Aaron, and he was the main instigator while everyone else sort of went along with it. After all, it was a new product they were going to try and sell. Thus they really didn’t have anyone capable on staff to guide them where to go legally with it. They felt, as all government security feels, that they have the backing of government because they supply government with products, and its you scratch my back I will scratch your back deals. Thus, Aaron took over, and with his constant side ops he ran on his own such as pretending to be a 16 year old girl online to get sexbots and servers, he went head first into something he truly loved, and that was trojaning people, and attacking them or digging into them. That was his love, and that was how HBGary ended up in the toilet over it. At least that is how I read it so far.

Truly though, on the surface, and behind the scenes, none of these people working for them were bad people. They all had a job, and each one performed their job with skill and or precision. The real stupid issue came when H&W came calling and Aaron took the reigns and sort of lead everyone down the path to destruction.

Now while they still have contracts going forward in 2011 that they must fill and or deal with, one does wonder if they will be able to make a comeback after those are over. I for one think they will if they jettison the flotsam. The rest of the group were all professionals at their jobs, and so far I have seen none of them act in any fashion other than what they were hired to do. The one guy Mark Traynor I believe is one guy who will suffer for quite some time over this fiasco, as his personal information was leaked in the emails, and as such I am sure he is feeling doomed when it comes to protecting his identity. That is tragic for sure. The rest of the people hurt were the newly hired who had just started with them and or had just left their old jobs behind to come on board. Those people have got to be having it rough, as no money is coming in, and only work is going out. They will probably go through everything they have just to stay afloat for the next few months, and if they don’t fold, it will be very hard to make a comeback. But, these people don’t look like weak-kneed people.

So before we hang them why don’t we look at what could have been had they not floated towards the dark side because of one guy? There was a lot of energy there, a lot of hard workers, and no matter how we cut the pie on them now, they were an up and coming business that had decent people working for them doing jobs they loved. Penny worked very hard in building that company and keeping it growing. I am sure she is sick from all of this. To have it all thrown out in one or two days has to be very hard indeed. So, I guess this is a lesson for others who think about planning a trip to the dark side. Think before you act. And, if it sounds too good to be true, it probably is 🙂

Sorry for the length, I just wanted to make a point that maybe others are paying a heavy price, and that maybe they shouldn’t be paying it so hard… As always YMMV, and let those without sin cast the first stone lol.

Jim • February 28, 2011 6:14 PM

-Now you show up with a rather distinct viewpoint.

Sorry BC, I have been in this horse race for a bit of time so my view is a bit different than yours might be. What you see here is the sloppy seconds lol.

I been here on this before as well.

-Only black-hats need “testing” with 0-day exploits.

As I said from what the emails have said, they were buying them primarily to make sure that their products they sold or contracted to various entities worked. What they did to them after I have not gotten to yet. As I said, I have only read 300 pages of emails so far. I gave up after an entire day of reading yesterday because I had today to get ready for. As for the viewpoints, I know what is going on politically. The Wikileaks stuff and BOA stuff I am not a part of. The political end I have been working on for a good time, and this stuff has been ongoing elsewhere on the net before it spilled out here on the security side. It luckily spilled out over on this side, which eventually answered many unanswered questions to the other side of the net where this has been brewing for quite some time.

@Nobody, sorry, I don’t believe in any media on this story or any other for that matter. The media has been used by both sides of this battle. Both the right and the left have their media partners, and both left and right parties have been using that media to get their own messaging out on this story. Its a love hate deal lol. And the last thing I would believe is some media puppet who’s string is held by either side in this ongoing battle for the hearts and minds. As usual YMMV.

Jim • February 28, 2011 6:33 PM

And yes Dirk, I read all about the patent trolling issues the other day when Clive plugged me into it. Matter of fact I read today that congress is going to finally take up the patent legislation again. So maybe there will be some good things that come out of it. As for them being on the hook for such activity, yes, bad for sure, and I will follow up with how many corporations have been doing this already?

As I said in another thread here, its always about the money, which to me stinks up this business badly, matter of fact, it stinks up every business out there that sells their souls for money. The bad decisions made just because the dollars sound right is something to behold.

Jim • February 28, 2011 7:34 PM

-You may never even get close to what they have, but you’re also less likely to get yourself shot or end up in prison. We each make our choices.

This is the best analogy so far. Matter of fact on another project concerning border security today, this very topic came up, in which this very statement was discussed. I agree with you. We all make our choices.

As we can all say that Anonymous is some great org now, we all know where vigilantism gets us in the end. It starts out with good intentions, then later it replaces one evil with another evil. At first they go after what one side hates. Then soon enough they go after the other side. And sooner or later they come after you. The ideology is fine, but its cloaked in populism which always fails at the end of the day. I can’t say what they do is great, when I know exactly how it will turn out later on. We cheer them now, but that cheering is soon replaced with anarchy. Once we lose control we will find it very hard to gain it back again.

Jim • March 1, 2011 10:01 AM

Oh what a wicked web we weave when we when we first practice to deceive.

-The way you deal with ethical choices is by examining harm before benifit without bias from current objectives.

@ Clive, I agree here. Very interesting way to put it.

-while selling software that offers governments an army of online personas that can distort public reaction to events unfolding in the news in real time.

@way it is

Wasn’t that software being sold by some Air force guy? How did you equate that with HBGary?

-And then think you can pull of a great PR stunt by selling some half baked information on a bunch of volunteers that generally set out to do good things armed only with the power of the interwebs.

LOL. Yeah, good way to promote vigilantism on the intertubes. Yeah sure, they do good things to cover for the bad like anyone else does, even HBGary lol. Not all Anon members believe in what the rest are doing. Plus, the side getting attacked now may end up changing, and one day they are then attacking your side, then later, you. What can you do? Nothing. They are anonymous. And as long as they are, you have no protection against them when they decide on their own to ratchet up their campaigns to do exactly what you claim is wrong with HBGary in your post above.

You don’t think Anonymous is logging people, trojaning companies, hacking systems, defacing websites they don’t like? And isn’t that what you accuse HBGary of doing wrong? But somehow defacing websites, breaking down closed doors on the net, stealing info, and other small crimes are somehow doing good on the internet. That is your version of security service? I laugh at that. Its a double meaning deal. You claim what is wrong with companies like HBGary is bad, then claim what organizations like Anon do is somehow right when they are no different than companies like HBGary.

-Then get caught out, taught a lesson in security, then lie to the world about it, then get caught lying, then accuse those nasty hackers for being the very thing that is the sole ‘advertised’ reason for their companies existence, while the world and his best friends wife is reading about how they were going to spy on dissenting members of the public and their families, falsify information and pressure journalists.

You don’t know much about field level security operations now do you lol?

-If you feel sorry for anyone at HBGary you’re a mug.

But your not a mug if you break into systems, deface websites because you don’t like them, steal corporate intelligence, and basically just act like the security industry lol. What I am saying here is that it goes both ways. Thus on either side of the argument your a mug either way. At least I hope you can see that.

-If you think Anonymous are the villains in this story you’re an idiot.

Yeah, stealing is cool, defacing sites is even more mature and cool, and corporate espionage is the coolest of them all. But I digress.

-And if the info sec market is something you feel passionate about and something which you would seek to preserve you should not be closing ranks around, supporting or sympathising with the bunch of crooks at HBGary.

No, by your analogy we should be closing ranks with thieves, defacers and script kiddies and DDOS mafias. Yeah, much better to be around them doing what they do right?

-You should be making an example of them and throwing the book, kitchen sink and anything else you have at your disposal or be tarred with the same brush.

I think that has happened already. Maybe you missed it. Its in the news.

-How does that old song go: “What have all the ethics gone, long time passing?”.

@Ishmael

Yes, it is a cruel world. I guess we all just have to grow up and admit the harsh realities to this world and the business world as well. Sucks being in it at times. But what else are we going to do?

-There are many rumours foating around that there are entities who pay people to troll blogs. Different from astroturf campaigns because they actively derail discussions. A kind of astroturf trolling.

@Winter

Can I address this in a double post lol?

I will in the next post if you don’t mind.

Jim • March 1, 2011 10:24 AM

@ S, sorry I don’t bite 🙂 No link either, and if I have to explain to you what I wrote then I must be doing something wrong lol. To clarify, neither side is right. But, the OP claimed that we should be behind Anon because they are more right. I don’t see that. Neither side is right. That was the point.

Jim • March 1, 2011 10:54 AM

There is a paper that came out in 2008 that was written by Cass Sunstein entitled Conspiracy Theories. You can download it for free

http://ssrn.com/abstract=1084585

I will go over some of the highlights that are very relevant here:

In it he proposed a Cognitive Infiltration program for government. Here are the highlights.

—

Second, we suggest a distinctive tactic for breaking up the hard core of extremists who supply conspiracy theories: cognitive infiltration of extremist groups, whereby government agents or their allies (acting either virtually or in real space, and either openly or anonymously) will undermine the crippled epistemology of those who subscribe to such theories. They do so by planting doubts about the theories and stylized facts that circulate within such groups, thereby introducing beneficial cognitive diversity.

If you look at that statement alone, one can easily see that forums, chat rooms, blogs etc are all capable of having agents such as these work inside them. Anyone, even me can be accused of having an “Agenda” that is following the corporate/government line of thinking.

Continuing on:

—
In Egypt, newspapers effectively controlled by the governing regime regularly spread conspiracy theories about Jews.50 Some believe that the Bush administration deliberately spread a kind of false and unwarranted conspiracy theory – that Saddam Hussein conspired with Al Qaeda to support the 9/11 attacks.

According to an anonymous State Department official in charge of anti-disinformation, “a great deal of harm can result ‘when people believe these lies and then act on the basis of their mistaken beliefs.’” For example, “Al-Qaeda members ‘were encouraged to join the jihad at least in part because of disinformation.

Cognitive infiltration

Rather than taking the continued existence of the hard core as a constraint, and addressing itself solely to the third-party mass audience, government might undertake (legal) tactics for breaking up the tight cognitive clusters of extremist theories, arguments and rhetoric that are produced by the hard core and reinforce it in turn. One promising tactic is cognitive infiltration of extremist groups. By this we do not mean 1960s-style
infiltration with a view to surveillance and collecting information, possibly for use in future prosecutions. Rather, we mean that government efforts might succeed in weakening or even breaking up the ideological and epistemological complexes that constitute these networks and groups.

We suggest a role for government efforts, and agents, in introducing such diversity. Government agents (and their allies) might enter chat rooms, online social networks, or even real-space groups and attempt to
undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action.

In another variant, government officials would participate anonymously or even with false identities.

Once corrective information is introduced, large numbers of people can be shifted to different views. If government is able to have credibility, or to act through credible agents, it might well be successful in dislodging beliefs that are held only because no one contradicts them. Likewise, polarization tends to decrease when divergent views are voiced within the group. Introducing a measure of cognitive diversity can break up the epistemological networks and clusters that supply conspiracy theories.

Sunstein is now part of the Obama administrations Office of Information and Regulatory Affairs..

http://www.salon.com/news/opinion/glenn_greenwald/2010/01/15/sunstein

Jim • March 1, 2011 11:00 AM

@ S

-I can understand what you wrote; it’s just your logic contains so many errors

and attempt to undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action.

Sorry S, just can’t get behind the whole vigilante thing. It has implications that go too far for all involved. You are of course entitled to your own opinions 🙂 Until of course some group claims you are not, and then hacks you or your opinions to pieces over them. Then we shall see where you stand on logic lol.

Jim • March 1, 2011 11:34 AM

@Shane, thank you for your sanity. I agree wholeheartedly, vigilantes have been welcomed at first, but always have ended up being booted out later when their power becomes overwhelming to the citizenry. I do not know a time when vigilantism has been a good thing. It always sells itself that way at first, but later we find that it is a different kind of evil.

@the way it is.

-Are you a HBGary ‘persona’? I suspect not, you have an air of real quality astroturf about you.

Of course the same could be said of you, or anyone for that matter. This is a common straw man tactic to attack someone of being astroturf when opinions, logic, crowds etc are against them. I understand it and agree with you. I could be, therefore ignore me, because I just very well may be astroturf.

But, what then does that say about the blogsphere? That it is or could be riddled with agents and opinion shapers and community destroyers? It could be that the entire system is rigged. And it wouldn’t surprise me at all if it was. The rest of your post I really don’t get into.

Jim • March 1, 2011 11:39 AM

@ Brandioch

It is all in how you frame the discussion or post. This proves that posts, ideas, thoughts, and even actions, can be slanted to fit any view one wishes to place it.

It is interesting for sure. And pretty much shows how the system could be set up to shape opinions, minds, thought processes and so forth through blogs, media and comments. Matter of fact not too long ago there was a story that came to light showing CNN (I think it was CNN) making a story out of a comment on a blog lol.

Its a strange world we live in.

Jim • March 1, 2011 12:02 PM

Sorry Brandioch, I can’t folow into the Diocyde arguments or styles. You can take that spin elsewhere, I won’t debate your spin. I made my comments and that is as far as I can take it. You can continue at will if you want, it is obvious you have that grind them into the dirt style, so good luck with it lol.

@B Ya, I read those, and I read the one about the 16 year old girl that Aaron was pretending to be which was hilarious lol. Anyway, good or bad, rich or poor, we all end up in the same place at the end of the day.

Jim • March 1, 2011 1:48 PM

-Yep. That’s just my “spin”.

Get out in the field on occasion Brandiock. You spend too much time in the office lol.

-Anonymous never used guns. They copied and deleted data on a remote computer of a criminal organization.

Yeah sure kid..

-Its just amazing that here’s a story of governement agencies gone bad, spending millions of dollars of tax payers money to complete idiots, a lot of it going on projects that are against the public interest too.

So your a child of the 80’s lol.

Listen, this stuff was going on way back in the early days of politics. Tell ya what, when you get old enough to go through college and get a degree, then maybe study some history and see that politics is dirty. It always has been and always will be lol. Same with the security industry as a whole.

-Jim, I get the feeling that you are actually…’a different kind of evil.’

Yeah, I’m the Hitler kind lol. I just threw that out there in case your next step was to follow the party line of aligning me with Hitler or Pol Pot lol.

-Don’t bother, it appears he’s getting paid for this rubbish.

As opposed to you eh lol?

-Meanwhile, I note Jim is vigorously defending Barr and company based on 300 emails out of the 50,000 dumped.

Sorry Hack, I won’t bite lol. My clients are not who you think. Matter of fact you would be surprised at who worked on that complaint lol. Anyway, good to see all these comments, they helped the devils advocate arguments I had. In a way one needs to see things for what they are, but it always helps to see it from a different side before one comes to the final conclusions in any argument.

Know what bothers me the most? That people not involved with this lost their jobs. People who had just left some other job to go there, and instead now wound up without work at all. How are they going to support their families, kids, and so forth? How are they going to put food on the table? Some might say they will get work, but I think anyone who has them on their resume now might find it harder to obtain work, since this industry will usually eat their own.

At any rate, its too bad for them. I do feel for them, and since I have been there and done that many times, I do feel for those who lose in the end even though I claim them as enemy, competition, etc.. It is just in my nature to have feelings for people who lose work or jobs and or are thrown out on the street. I don’t much care for Anon tactics, as I know where it leads. I don’t too much care for how this operation came out, even though it helped the people who employ me. But, overall, the security business is like that, it has no mercy for anyone.

Jim • March 1, 2011 1:59 PM

-When presented with evidence that refutes your points, you cop-out with some platitude. I guess your paycheck doesn’t allow you to adapt your own outlook to match reality.

No EH, it is that the conclusions are already drawn for me. The devils advocate arguments I had have been vetted, and I really see no more need to delve into it. Our side won lol, and or at least has the appearance of winning at this stage. We have been slogging it out bit by bit for the last 7 months or so elsewhere, and it has been a lose lose lose deal for us every day. There was a point where we thought we would never win. Then, an arrow, or an angel in the form of Anonymous came out of the sky and delivered us from evil lol. Funny how that happens of course. I don’t support the methods, but, in this case it helped my clients.

Anyway, the issue is that we ended up finding out for sure that this activity was ongoing. However the issue for us is that these were not the initial guys that came after my clients in the first place. There was someone else working this angle, and being paid by someone else. So far we have not been able to ascertain who that is, but the courts are handling it right now, and as such we may find out further when that pans out down the road.

As for the HBGary people, they were not in “MY OPINION” involved in any action towards my clients. As a matter of fact, they came in accidentally way after, and so for me its not really a win even though they were after my clients to begin with. And while my clients are out celebrating that they caught these people with their hands in the cookie jar, I don’t really think its something to celebrate. I think the people who were initially in charge of this project just got off Scott free just as we were closing in on them. They now get to watch as blame falls on other parties such as HBGary, H&W and so on lol. I guess bad for HBG on that one.

At any rate, I am still pursuing the original people involved with these actions and hope to find them out one day. Until then, I hunt lol.

Jim • March 1, 2011 2:23 PM

-Just weird.

Yes, the net is filled with weirdo’s lol. Look, argue it however you want, its over and on the way to the courts. It really doesn’t matter what I think or even what you think, we are just bit players in the scheme of things.

@Hack

Sit and Spin Mr Bunny lol. I am way older than you kid. No, you are older than me. No my Dad can kick your Dad’s ass. No, my Dad is superman.. Get real Hack, I don’t fall for your shtick’ anymore than I would fall for Brandiocks shtick. Its all my dick is bigger than your dick stuff. Its useless and pointless to go on. HBgary is in the toilet, and you rejoice. I know how it is, I am supposed to rejoice too, but in a way I can’t, because it just doesnt feel right. That’s me, not you. OK, I am done, I will move on to other better posts here. Enjoy it and enjoy the last words on it.