Anonymous vs HBGary

One of the effects of writing a book is that I don't have the time to devote to other writing. So while I've been wanting to write about Anonymous vs HBGary, I don't think I will have time. Here's an excellent series of posts on the topic from ArsTechnica.

In cyberspace, the balance of power is on the side of the attacker. Attacking a network is much easier than defending a network. That may change eventually -- there might someday be the cyberspace equivalent of trench warfare, where the defender has the natural advantage -- but not anytime soon.

EDITED TO ADD (3/14): Stephen Colbert on HGary. Another article.

Posted on February 28, 2011 at 5:58 AM • 109 Comments

Comments

someblokeFebruary 28, 2011 6:25 AM

@Bruce,

"That may change eventfully..."

Perhaps 'eventually'? Though I suppose you could argue that Anonymous vs HBGary was pretty eventful!

CraigFebruary 28, 2011 6:30 AM

Stephen Colbert nailed the essence of Anonymous vs. HBGary: "To put this in hacker speak, Anonymous is a hornet's nest, and Barr said, 'I'm going to put my penis in that thing.'"

Paul RenaultFebruary 28, 2011 6:34 AM

I think that the ArsTechnica articles should be printed_out/saved_as_PDF so that they can be sent to journalists who insist on quoting anonymous sources, or when reporting astroturf movements as valid expressions of the democratic process.

jFebruary 28, 2011 7:18 AM

Wait, if Anonymous has the Stuxnet source code, and they stole it from HBGary, where the hell did HBGary get it from??

ChrisFebruary 28, 2011 7:32 AM

@Craig: Bingo. Also, check the superimposed V mask during a frame or two of the video.

@j: If Anon had the source for Stuxnet, it would be posted all over the Internets (all of them) by now. Binaries and anything they reverse engineered from that, I'd buy. But they don't have sauce.

Of course, if someone wants to prove me wrong, the old meme will apply and you may "disregard that" while I "chuck rocks."

Also, spammer needs banning above.

ChrisFebruary 28, 2011 7:53 AM

FYI there are two different Chrises above, and the spammer is the rather obvious "HP computer" copypasta crap.

RHFebruary 28, 2011 9:25 AM

Anyone else think it would be interesting to see a comparison between online groups like Anonymous and Somali pirate groups? I feel like their actions are strangely similar in style.

thinking out ouadFebruary 28, 2011 9:50 AM

I can't help but wonder if HBGary wasn't acting (knowingly or not) as a Fed honeypot. I mean a big, fast hack like that had to leave some more trails than using LOIC for DDoSing. I can imagine we should all put aside a little pocket change for the Anonymous defense fund.

EHFebruary 28, 2011 10:14 AM

thinking: If that's the case I think it would be ruined by making arrests in a way that would create a defense fund. Likely it'd be more for educat- ...er, "research" by gov't reps, sources and methods, yadda yadda. That is, honeypots are used to learn how attackers work, not just trap them.

altjiraFebruary 28, 2011 10:17 AM

>used hp computer spammer

Wow, is this an evolution of relevant comment spam? It looks like a snippet that was selected based on the post content. This could easily get better. Once again, Randall is, what, forcasting? Better than me at spotting trends? Or Clarke-like, inspiring?

http://xkcd.com/810/

Trichinosis USAFebruary 28, 2011 10:45 AM

@thinking: Actually, I think it's Anonymous who are at least in part comprised of federal/government employees and law enforcement types.

I mean come on. HBGary was selling snake oil security to the feds; and Anonymous hacks them and gets away with it - despite the fact that there's currently a ton of infrastructure in place to do tracking and forensics. There have been very few arrests, and most of those overseas.

Anonymous isn't getting away with this due to competence so much as that they have permission from feds/LEAs who are, at best, carefully looking the other way. They're getting a lot of positive press, and the same people who tell us constantly to be afraid of other apparently uncontrollable groups don't seem to want to do much fearmongering about this group - the focus in the mainstream media is not on their tactics but on their targets.

I certainly have no issues with the targets Anonymous has been unleashed at for the moment, but I do remain very cynical about just how much risk their members are actually taking on.

Dirk PraetFebruary 28, 2011 11:09 AM

@ RH

"comparison between online groups like Anonymous and Somali pirate groups"

Somali pirates in it for the lulz ? I think not. It's one thing to DDoS a couple of corporations over questionable behaviour or pwn a security firm with delusions of grandeur and striking gold in the process. Hijacking ships at gunpoint and machinegunning unarmed civilians in my world is an entirely different ballgame. Then again, guess who's more likely to receive a Bradley Manning treatment by authorities.

For those interested in checking out LOIC (Low Orbit Ion Cannon) on non-Windows platforms, grab version v1.1.1.24 from https://github.com/NewEraCracker/LOIC/downloads . Works fine under Mono 2.8.2 when executed from the debug subdirectory.

BF SkinnerFebruary 28, 2011 11:18 AM

@Trichinosis USA " and gets away with it "

Remains to be seen. Investigations are rarely visible from the outside. The penetration was sucessful. But HBGary has (had?) TLA contracts. They can't be happy with events. If Anon becomes a priority to _them_; then the Colbert quote may apply more broadly.

Anon may be talking to this in the polite notice they posted on the defaced WBC website.

Clive RobinsonFebruary 28, 2011 1:28 PM

In the UK atleast we know who one or people who have claimed to represent Anonymous are.

Also LOIC should carry a serious "health warning"

It is a TEST tool not a CRACKING tool.

More specifically it makes no attempt what so ever to hide where it is coming from.

This has caused a number of people in Europe to "feel the heat" of "official inquiry" as I have noted before on this blog.

Use it as a pen-tester or other tester fine, use it on resources you do not have permission to and you might find the "boys in blue" or worse knocking on your door.

Nick PFebruary 28, 2011 2:00 PM

This is really hilarious. We have a guy with a huge ego doing illegal work to stomp down on dissidents, subverting people's machines for profit. Then, he pisses off Anonymous and a decentralized group of volunteers practically destroy him and his company in days, then publish their secrets online. He had it coming. I hope the prick is and stays unemployed for a while.

Nick PFebruary 28, 2011 2:02 PM

@ moo

"Since when are decrypted binaries the same thing as source code, anyway.."

Normally not. But reverse engineers and malware authors with a disassembler might consider binaries source code. It's all the same to them. ;)

Dirk PraetFebruary 28, 2011 2:46 PM

@ Clive

What I would suggest to LOIC-users up to no good or playing in hive mind mode is to hijack the wireless connection of the local gay S&M club before proceeding. When the boys in blue then raid the place, chances are they will be enthusiastically welcomed to the sound of the immortal "El Bimbo"-tango of the Blue Oyster Bar. I guess that's pretty much how Aaron Barr must be feeling right now.

ChrisFebruary 28, 2011 3:00 PM

@Clive

LOIC in hidden+hivemind mode could easily be dropped on to a botnet of pre-compromised systems and launched from there. They may very well have caught someone who thinks that 100 New Emoticons for Free is the deal of a lifetime, and didn't realize it came with a free bonus of a trojan.

Richard Steven HackFebruary 28, 2011 3:23 PM

Chris: Thanks for the H link. I found this part interesting:

"The company particularly enjoys doing business with defence contractor General Dynamics, which resells to US military and secret service agencies."

You know who are some of the major stockholders in GD, right? See here for who they are - and who they support:

General Dynamics, Crown Dynasty & Obama
:http://warisacrime.org/node/31965

And for a nice recap on exactly how much control of the US government intelligence community General Dynamics has:

Dynamic generals
:http://warincontext.org/2010/07/20/dynamic-generals/

This is one reason why Anonymous needs to be real careful from here on out. They've tweaked the SERIOUS people: the people who really run this country. Unless those people decide that HBGary and HBGary Federal are too low on the totem pole to care about, of course. But if I were Anonymous, I wouldn't count on that. Things like Anonymous could get out of hand, and there's no way anyone in the government wants that. Who knows who Anonymous might penetrate next, as I suggested in an earlier post the other day?

Can General Dynamics assume ALL their networks are impenetrable? I think not. So General Dynamics is going to make sure DHS, the FBI, the Secret Service and everyone else with any connection to computer crime come down on Anonymous like a ton of bricks.

Richard Steven HackFebruary 28, 2011 3:28 PM

Anonymous appears to have moved on to attack another set of billionaires:

Koch Brothers Face Wrath of Anonymous Hackers in Operation Wisconsin
:http://packetstormsecurity.org/news/view/18718/Koch-Brothers-Face-Wrath-Of-Anonymous-Hackers-In-Operation-Wisconsin.html

Clive RobinsonFebruary 28, 2011 3:30 PM

@ Nick P,

"We have a guy with a huge ego doing illegal work to stomp down on dissidents, subverting people's machines for profit Then, he pisses off Anonymous and a decentralized group of volunteers practically destroy him..."

You left out that he/they are US pattent (No.  7185232) trolls...

See,

http://www.networkworld.com/community/node/71620

So they know how to realy P155 0FF both the Black Hats and the White Hats.

And for their next trick they will probably P155 0FF the feds or other LEA's judging by the junk they indicated that "they owned Anonymous".

By the way all the HBGary Seniors appear to have the same ego trip belief in them selves.

There was the claim that the released emails were "not ours" till somebody pointed out the trail on the certificate, then that little poster at RSA trying to make out that they were victims...

Well once you P155 0FF people sufficient to get them digging they might as well carry on and I suspect there will be a few more choice bits comming out before this one goes away (if it ever realy does for them).

I wonder what the state of thei accounts and tax returns are ;)

AlanFebruary 28, 2011 4:06 PM

It's not HBGary, Inc.--it's HBGary *Federal* and its now former CEO and hubrist extraordinaire Aaron Barr.

HBG-Federal's systems were a security joke. In contrast, HBG had tightened security in anticipation of issues regarding Anonymous.

The real story here is about the damage to the otherwise innocent HBGary organization.

The real lessons here are about brand identity, affiliation, and sharing of resources. For example HBG-Federal's Barr was an email administrator for domains that include HBG's CEO Hoglund.

Richard Steven HackFebruary 28, 2011 4:10 PM

Alan: "the otherwise innocent HBGary organization."

You need to read the whole story over at Ars Technica. The parent organization was far from innocent.

And they got penetrated, too, "tightened security" or not.

JimFebruary 28, 2011 4:14 PM

-This is really hilarious. We have a guy with a huge ego doing illegal work to stomp down on dissidents, subverting people's machines for profit.

Let's clarify the real issues before many people get lost in the noise of what really went on. I have sifted through at least 300 pages of the 781 pages of emails so far. What I come across with is a company that is being built by hard working people, most notably Penny Leavy, Greg Hoglund and Bob Slapnik. There are more to be sure, but I sifted through the emails from that group the most.

Penny was busy making sure the sales teams stayed focused on selling their products to various entities. Greg was busy traveling to various conferences, and at one point wanting to cancel everything just to focus on the core of the company. Aaron was busy as well, but had many side items going on, such as invading the sex channels in various chat rooms acting as if he was a 16 year old girl wanting sex just so he could grab some servers and get some sexbots going. Sure, he did more, but he focused on ops while everyone else was focusing on products and development and sales.

I am not saying that Aaron was not working on training sessions or the company business, but from what I could see he was the only real loose cannon in the group. But because he had TS/SCI Poly he was a go to guy to get government contracts going while everyone else was busy with the retail sector.

Then there were the actual techs who kept everything inline managing signature files or getting malware delivered to them by Virustotal or other vendors in the field. Of course many of us already knew long ago that VirusTotal had sold out to the security industry, and was selling their databases for a huge amount (75k a month as one of the emails stated)

So the company was operating as any other company does, trying to get sales, work on product development, and basically get money coming in the door. No easy task as we all know.

When the DOJ was contacted by the COC (Chamber of Commerce) they were referred to H&W (Hunton & Williams) because H&W had contacts in the field of security. Their core business was lobbying, but they had a number of security people in their realm they could reach out to. And as the email traffic showed, they reached out to HBGary to see what they could offer for scanning services or intelligence services on those that were working against the COC's business interests.

It was at this very point when money was tight in the company, and everyone was scrambling around trying to raise money to hire better talent, which they had been doing each month it seemed, that they ran into the pressure cooker, and that pressure cooker was selling not their own products, but an entirely new product that Aaron had been toying with for some time.

It was at that point that Aaron sort of took over the show while everyone else was busy doing their jobs. Since none of us know what emails exist at H&W in this affair, we cannot surmise what they were thinking when they received the initial proposal for the work they asked for, which was basic monitoring and or letting them know what they could dig up on these people against the COC. Since we have no knowledge of the emails inter office we can only speculate what happened.

They are a law firm, and quite a large one. One can only think that when they saw the initial proposals they were shocked by what they probably saw as illegal activity reminiscent of Donald Segretti and the ratf*cking that went on during Watergate. I know I could see it, and if anyone wanted to look at the Segretti work, one could easily Google him to see that what Aaron was proposing was in fact no different that what went on during the COINTELPRO days and Watergate and The Plumbers.

I would think that at the very least the reason for the stalling was so they could think about what they were being asked to get into. And what repercussions might come if there were any failures. Again though this is speculation. But ask yourself how many large firms will risk their firm in such a way? I think not many, if any at all, would do what Aaron and HBGary was proposing.

Looking at Aaron and his private little wars on the net, one can easily see a guy who is obsessed with information gathering and finding out who is who and what is what. There are many people in the security business that are just like him. Industry wide this is not something that is one bad apple in a large basket. This is many bad apples in a very tainted basket. But I digress.

The point I am trying to make here is that sometimes one bad actor in a company can make everyone else stink as the one bad apple analogy. And after reading half of the email traffic so far from the 781 page leak, I can tell you that so far I have not seen anyone else looking that bad. There were some instances of price increases on products that were not really worth it, there were a number of better get your act together emails or your fired on the sales teams part. There were countless issues with making sure that their defense products were up to speed and could handle all the Malware one could throw at it. But, there really wasn't any shady deals going on there. If you look at it, compliance was an issue for them, and they always wanted or needed to stay within that realm. Even when getting their office TSA certified, they were talking about having to lease another building just to be Top Secret document certified.

The Malware issue was because they needed all kinds of Malware to make sure their defense products would catch it, not so they could use it against other companies or individuals. They did not use the Malware on targets, at least not as far as I have read yet. The issue with doing so came primarily from Aaron, and he was the main instigator while everyone else sort of went along with it. After all, it was a new product they were going to try and sell. Thus they really didn't have anyone capable on staff to guide them where to go legally with it. They felt, as all government security feels, that they have the backing of government because they supply government with products, and its you scratch my back I will scratch your back deals. Thus, Aaron took over, and with his constant side ops he ran on his own such as pretending to be a 16 year old girl online to get sexbots and servers, he went head first into something he truly loved, and that was trojaning people, and attacking them or digging into them. That was his love, and that was how HBGary ended up in the toilet over it. At least that is how I read it so far.

Truly though, on the surface, and behind the scenes, none of these people working for them were bad people. They all had a job, and each one performed their job with skill and or precision. The real stupid issue came when H&W came calling and Aaron took the reigns and sort of lead everyone down the path to destruction.

Now while they still have contracts going forward in 2011 that they must fill and or deal with, one does wonder if they will be able to make a comeback after those are over. I for one think they will if they jettison the flotsam. The rest of the group were all professionals at their jobs, and so far I have seen none of them act in any fashion other than what they were hired to do. The one guy Mark Traynor I believe is one guy who will suffer for quite some time over this fiasco, as his personal information was leaked in the emails, and as such I am sure he is feeling doomed when it comes to protecting his identity. That is tragic for sure. The rest of the people hurt were the newly hired who had just started with them and or had just left their old jobs behind to come on board. Those people have got to be having it rough, as no money is coming in, and only work is going out. They will probably go through everything they have just to stay afloat for the next few months, and if they don't fold, it will be very hard to make a comeback. But, these people don't look like weak-kneed people.

So before we hang them why don't we look at what could have been had they not floated towards the dark side because of one guy? There was a lot of energy there, a lot of hard workers, and no matter how we cut the pie on them now, they were an up and coming business that had decent people working for them doing jobs they loved. Penny worked very hard in building that company and keeping it growing. I am sure she is sick from all of this. To have it all thrown out in one or two days has to be very hard indeed. So, I guess this is a lesson for others who think about planning a trip to the dark side. Think before you act. And, if it sounds too good to be true, it probably is :)


Sorry for the length, I just wanted to make a point that maybe others are paying a heavy price, and that maybe they shouldn't be paying it so hard... As always YMMV, and let those without sin cast the first stone lol.

Brandioch ConnerFebruary 28, 2011 4:30 PM

@Jim
"Penny was busy making sure the sales teams stayed focused on selling their products to various entities."

She also misrepresented the relationship between the two companies when she went on IRC to ask anonymous to not release the emails.

"The Malware issue was because they needed all kinds of Malware to make sure their defense products would catch it, not so they could use it against other companies or individuals."

Didn't they claim to have various 0-day exploits that they hadn't released?

Sound more black-hat than white-hat.

"The rest of the group were all professionals at their jobs, and so far I have seen none of them act in any fashion other than what they were hired to do."

I guess that would depend upon what they were "hired to do".

From what's been posted, they don't look as innocent as you seem to be claiming that they are.

"The point I am trying to make here is that sometimes one bad actor in a company can make everyone else stink as the one bad apple analogy."

The problem is that such a scenario has been floated too many times for it to be as easily believable as it was at one time.

Now, every time a company is found to have done something less than ethical, it is always blamed on one "loose cannon" and everyone else is innocent.

Look how their partners are spinning the fact that Barr's material ended up in their slides.

Bob TFebruary 28, 2011 5:36 PM

Take a simple case - my impression is that HBGary was openly in the business of gathering zero day exploits and selling them. Isn't that in itself considered unethical? Isn't a security company obligated to inform the software manufacturers? Or is this an accepted business practice?

JimFebruary 28, 2011 5:49 PM

-She also misrepresented the relationship between the two companies when she went on IRC to ask anonymous to not release the emails.

Let me say this, they had classified operations ongoing with the government. I highly doubt that they owed anyone, especially Anon members, the reality behind their company. When you have a gun pointed at your head, often people will make you beg for your life to just end up shooting you anyway for laughs. Best to stand up and say shoot, as they probably will anyway. No sense in begging, just get it over with.

-Didn't they claim to have various 0-day exploits that they hadn't released?

From what I have read, and from reading about their various ownerships in products through the patent process they have from Clive. I think those were used for their defensive products. Having an 0 day is not really that big of a deal. And from what I have read in the emails, many companies were selling them their 0 days. I can go back and get you the names if you need, or you can just slog through 300 pages of emails like I did to see that.

-I guess that would depend upon what they were "hired to do".

You obviously haven't read any of the emails, for if you did, you would see what they offered position wise to various people, they even used Craigslist on occasion just to see what would pop up. But most every contract they offered to people was located in those emails and most of it was "at will" meaning no guarantees. None that I have read so far every had any illegal activity in them. As almost all of the people they hired had TS /SCI Current Poly on them. You are not going to find illegal activity with those type of people, as they don't want to risk their clearances for some bonus ride on a slow train to hell. I suggest you try and read before posting that slanted view. Sure, many companies in the field are happy they are down, Mandiant is one, and I believe Diocyde works for Mandiant. If you remember, Diocyde was busy trying to say that the DDNA software or product line was his, and that he gave it to HBGary, which he didn't. They had several emails where they discussed Diocyde. They called him a nutcase. And if you read his diatribes on the net, and his Gungho hang em high posts everywhere else, you could see he is just another Aaron Barr in the wings. At any rate, many competitors they had are now jumping for joy at their demise.

-From what's been posted, they don't look as innocent as you seem to be claiming that they are.

I am not claiming innocence by any party. But I know media, and I know how right/left this story really is. I know the left is capitalizing on this as another thorn in the side of the right. And the right is still trying to capitalize on the fact that the left is lying about the whole affair. If you knew the small wars ongoing in this op that have been ongoing since September of last year, then you would already be in the know that this is a left versus right issue on the political side, and has virtually nothing to do with HBGary. They were but the small pawns caught up in a much larger scandal that has been brewing since last year against the left wing establishment - bought and paid for I might add by various right wing establishments. HBGary just fell into it. Had it not been for the opportunity to get out of the financial hole by having H&W come to them, I think they would still be in business today, and nothing would ever have come to light, unless Aaron had been caught with a 16 year old girl lol.

-The problem is that such a scenario has been floated too many times for it to be as easily believable as it was at one time.

Well, again, you are not seeing the larger picture. In fact, as I said, this has been going on since last September, and was started in a different area of the net. HBGary was not a part of these operations during that period, someone else had already been working on VR and StoptheChamber. HBGary got into it late, and as such ended up holding the bag for other ongoing operations because of Aarons's insistence of running a private little war against Anon members. And of course, wanting to expand his private wars onto other fronts. When H&W came along, it offered HBGary a huge payment structure for 2011, which would have took them to a better place financially. And as pressure was mounting over their extensive debts, they needed that H&W money bad. It was however Aaron that went far left field, and left the reservation so to speak, which caused everyone else to lose out. In the end, not only were they not going to get that money from H&W, they even had to attempt to lower their price which H&W probably saw as a scam, since prior proffers had the price much higher. And just because the phone didn't ring it went down by 1000 percent shortly after. It was in essence a very clever negotiating tactic to stall them. In the end though, HBGary lost.

-Look how their partners are spinning the fact that Barr's material ended up in their slides.

People get caught up in the moment. I have seen much worse in this business, much worse than what HBGary has been accused of. This stuff makes them look like kiddie sandbox players. It was really just a low rent operation to obtain more money. They needed that money bad, and when they were hanging over a cliff, well, they took whatever someone else had said and ran with it without checking the legal ramifications to their acts. It happens to the best and the worst.

I am not defending them. I am only writing about what I have read and or have seen so far. And I have come to the conclusion that had H&W went elsewhere nothing bad would have happened to them until Barr took it to Anon, which he was already into doing. As I said, he ran ops in the sex channels so he could get sex bots and servers, so that tells you a lot about his way of doing business. So their demise was not far off. However, had no one been able to see those slides, well, then no one would have seen anything really that bad with HBGary. It was business as usual, the emails so far have proven that out. As for telling Anon members what their business is, I hardly think anyone with classified military contracts would have just gave up the beans to a bunch of anonymous people. That alone would have caused them to lose their TS /SCI clearances.


Dirk PraetFebruary 28, 2011 5:52 PM

@ Jim

Assuming you're just a compassionate soul and not in any way related to HBGary Inc. or Federal, I'd suggest you also have look at the patent trolling they were involved in (7185232 , http://www.networkworld.com/community/node/71620 ) . I personally find it highly implausible that Mrs. Leavy or Mr. Hoglund had no clue whatsoever as to what Aaron Barr was up to.

In the other case, you have just proven Clive's scapegoat prediction he made on this forum a couple of days ago. The lesson to be learned here for corporations and their management is that there still is such a thing as public accountability that goes beyond the protection that can be afforded by lobbyists, expensive lawyers and connections in high places. Nobody these days is buying the loose cannon defense any longer because it has become a worn-out classic used at every such occasion. One of the most blatant examples in recent history is that of Jerome Kerviel, the "rogue" trader that lost 4,9 billion euro for Société Générale alledgedly without anyone in management knowing what he was up to.

If a company indulges in unethical, risky or criminal behaviour, either as a whole or by one person whose actions are known or secretly condoned by the CxO level, the toll to be paid will be borne by the entire company. That's hard indeed for the honest and hardworking folks that had nothing to do with it, but the only people they have to blame for that are those who were responsible for what went on. Making sure a company operates within ethical and legal boundaries is one of the most important tasks of a company board and its stakeholders. IMHO, HBGary Inc. and Federal management failed miserably at this task and for which both companies and their employees are now paying the full price.

JimFebruary 28, 2011 5:53 PM

-Take a simple case - my impression is that HBGary was openly in the business of gathering zero day exploits and selling them.

Actually Bob, other security companies were emailing them every few weeks with updates on their 0 days. HBGary would buy a few here and there that they needed for their own product testing. There are plenty of emails with different company headers on them, and in those emails it shows many companies selling 0 days to them. Even VirusTotal sells access to their databases for a huge sum of money per month. So, it is a common practice to trade or barter or even sell various tools of the trade.

Brandioch ConnerFebruary 28, 2011 6:03 PM

@Jim
First off, you have a non-unique 'nym that does not appear to have frequented this forum in the past.

Now you show up with a rather distinct viewpoint.

"So, it is a common practice to trade or barter or even sell various tools of the trade."

It is not a "common practice" for white-hat companies to trade or barter 0-day exploits WITHOUT releasing that information to the vendors. That is black-hat behavior.

"HBGary would buy a few here and there that they needed for their own product testing."

Only black-hats need "testing" with 0-day exploits.

White-hats inform the vendor so that a patch can be released.

JimFebruary 28, 2011 6:14 PM

-Now you show up with a rather distinct viewpoint.

Sorry BC, I have been in this horse race for a bit of time so my view is a bit different than yours might be. What you see here is the sloppy seconds lol.

I been here on this before as well.

-Only black-hats need "testing" with 0-day exploits.

As I said from what the emails have said, they were buying them primarily to make sure that their products they sold or contracted to various entities worked. What they did to them after I have not gotten to yet. As I said, I have only read 300 pages of emails so far. I gave up after an entire day of reading yesterday because I had today to get ready for. As for the viewpoints, I know what is going on politically. The Wikileaks stuff and BOA stuff I am not a part of. The political end I have been working on for a good time, and this stuff has been ongoing elsewhere on the net before it spilled out here on the security side. It luckily spilled out over on this side, which eventually answered many unanswered questions to the other side of the net where this has been brewing for quite some time.

@Nobody, sorry, I don't believe in any media on this story or any other for that matter. The media has been used by both sides of this battle. Both the right and the left have their media partners, and both left and right parties have been using that media to get their own messaging out on this story. Its a love hate deal lol. And the last thing I would believe is some media puppet who's string is held by either side in this ongoing battle for the hearts and minds. As usual YMMV.

JimFebruary 28, 2011 6:28 PM

Many apologies to the double and triple posting here.

-Assuming you're just a compassionate soul and not in any way related to HBGary Inc. or Federal, I'd suggest you also have look at the patent trolling they were involved

@Dirk, I did not see your post when I made my last entry. To answer you, yes, after 300 emails I almost got caught up into the company, almost as if I worked there lol. I don't, never have. I think if you have ever run a net or seen one or been privy to monitoring one, you can easily get caught up in the lives of the people you are watching. It is amazing just how caught up you get into it. Reading emails like I have in this case gave me some insight into it from their perspective as well as answered many questions I have had about this operation since the beginning.

Knowing what I know about the seedy side of this business, I ended up almost sympathizing with them. I could easily see that Aaron was taking them over a cliff when I saw he was running his sex bots lol. And when he told everyone else how to do it, there was hardly any comment on it.

I guess in a way when you have such ability, it is hard not to play god is it not? Imagine sitting in a room day after day watching a few hundred people talking, chatting away oblivious to your viewing them. It does feel almost Godlike. And I think Aaron is a person I can understand because I think all of us at one time or another have thought about those paths. Those who say no are only lying to themselves.

Anyway, yes, I at times sympathized with them. I saw them as a struggling company. They worked hard, they sold hard. They were always in need of money to pay people, and their prime reason it seemed to me was that they cared about their people and making sure they were paid. How many of us have been down the road where the company promised big and delivered little or nothing? How many of us have gone without a check for weeks on end and started to wonder just what was going on after all the excuses ran out?

So yes, in a way after reading the life they were living day to day I kind of fell into it, and saw them as not an evil company, but a company like most others, struggling to make it, to get to the top of their game, and above all else, letting pride take over where they felt they were the "best" in the business. That pride I can tell you is in many a company. Thus, you can tell that making sure they were going to be the best was paramount in their style.

JimFebruary 28, 2011 6:33 PM

And yes Dirk, I read all about the patent trolling issues the other day when Clive plugged me into it. Matter of fact I read today that congress is going to finally take up the patent legislation again. So maybe there will be some good things that come out of it. As for them being on the hook for such activity, yes, bad for sure, and I will follow up with how many corporations have been doing this already?

As I said in another thread here, its always about the money, which to me stinks up this business badly, matter of fact, it stinks up every business out there that sells their souls for money. The bad decisions made just because the dollars sound right is something to behold.

Dirk PraetFebruary 28, 2011 6:55 PM

@ Jim

That's a familiar variation on Stockholm syndrome. Happened to me too a couple of times when I had been spending way too much time at a customer and almost forgot on whose payroll I actually was.

It has been argued by other folks that there's plenty of players out there doing exactly the same thing. It's understandable. There's always gonna be plenty of reasons to stray from the path. But that doesn't make it right. The only difference between HBGary and others is that they actually got caught in a way they never even saw coming. Lots of analogies we can make. Imagine growing up in a poor neighbourhood where the guys selling dope are driving fancy cars, live in nice places, hang out at the coolest clubs and run off with all the hot chicks. And you're the idiot doing three burgerjobs to try and get yourself through college. You may never even get close to what they have, but you're also less likely to get yourself shot or end up in prison. We each make our choices.

Bob TFebruary 28, 2011 6:55 PM

Hi Jim & Brandioch -
It was the power point slides on this article page which impressed me:

http://arstechnica.com/tech-policy/news/2011/02/...

The implication is that they showed these slides (regarding unpublished zero-day exploits) to potential clients. The 2nd slide boasts of their expertise in "custom malware development".

Wouldn't any potential client who saw slide 1 have an obligation to inform the software vendors? (they wouldn't know the details, of course). Would a software vendor have civil recourse against this type of behavior? Their (seeming) openness about their use of these exploits is what surprised me.

JimFebruary 28, 2011 7:34 PM

-You may never even get close to what they have, but you're also less likely to get yourself shot or end up in prison. We each make our choices.

This is the best analogy so far. Matter of fact on another project concerning border security today, this very topic came up, in which this very statement was discussed. I agree with you. We all make our choices.

As we can all say that Anonymous is some great org now, we all know where vigilantism gets us in the end. It starts out with good intentions, then later it replaces one evil with another evil. At first they go after what one side hates. Then soon enough they go after the other side. And sooner or later they come after you. The ideology is fine, but its cloaked in populism which always fails at the end of the day. I can't say what they do is great, when I know exactly how it will turn out later on. We cheer them now, but that cheering is soon replaced with anarchy. Once we lose control we will find it very hard to gain it back again.

Brandioch ConnerFebruary 28, 2011 7:57 PM

@Jim
"As I said from what the emails have said, they were buying them primarily to make sure that their products they sold or contracted to various entities worked. What they did to them after I have not gotten to yet."

Okay, maybe you didn't get to the point where they talked about informing the vendors. Maybe it just didn't come up that often.

"As I said, I have only read 300 pages of emails so far."

Okay, so you're willing to give them the benefit of a doubt about the black-hat stuff ... but you seem to form an awfully positive opinion of them and their motivations from only 300 pages of email.

Particularly when those 300 pages do NOT cover any of the stuff that a white-hat would do.

And didn't they have slides detailing their custom malware production capabilities? (see Bob T's post)

"They worked hard, they sold hard. They were always in need of money to pay people, and their prime reason it seemed to me was that they cared about their people and making sure they were paid."

Again, it is amazing what insights you can extract from 300 pages of email ... and yet never see a mention of any white-hat activities.

@Bob T
"Wouldn't any potential client who saw slide 1 have an obligation to inform the software vendors?"

Legal or ethical or both? Legal would vary based upon the location. But trumping both of those is the fact that an organization going to them for custom malware is not likely to report them for providing such a service.

Dirk PraetFebruary 28, 2011 8:07 PM

@ Jim

The most likely scenario is that they are being infiltrated as we speak and that the identities of some key figures will be traced eventually. Those will be offered a deal to rat out others - for as far as they know them - or face Bradley Manning treatment. The folks with real skills and passing psychological profiling will be recruited for TLA's. Those deemed incorrigible or without interesting skills will serve a stiff time in jail after which they will find themselves unemployable. The survivers will pursue a regular job in the IT or security industry, or move on.

That is unless they already have been infiltrated by government agents, because like Richard I don't believe for a moment that either the US or other government monitoring their activities is going to let them get away with what they're doing. There's too much at stake, not only for state players, but also for big corporations and special interest groups that may find themselves in a similar position as HBGary if ever they strike gold again.

Nick PFebruary 28, 2011 8:40 PM

@ Jim

WTH are u talkin about? The company had slides and emails dedicated to selling defense contractors zero days and worked with their partners to develop rootkits for resell. Slides had several companies names on them. Read the last 2 papers bruce linked to.

As it stand, im of the impression u r working for them, a troll, or seriously misinformed. Read up on the rootkits then come back to tell us how innocent and normal their behavior is. Cuz most IT firms are building rootkits for defensive purposes these days.... Right? WRONG!

AC2February 28, 2011 11:05 PM

@Jim, if you think anyone here really believes that you are just an independent security professional with no axe to grind, then you obviously have a low opinion of the intelligence of the people visiting this blog...

I guess everything in the Ars "Black ops: how HBGary wrote backdoors for the government" is old hat for some people here, but I find it very disturbing...

The US goverment's approach of taking on contractors to do their dirty work for them, Blackwater/ Xe in the physical world and people like HBGary in the virtual world is astounding.

Its almost as if they believe that they really will have deniability for anything that goes wrong. A bit like my son giving me a wide-eyed 'I didn't do it...' except that in this case it's a government with presumably mature people who understand the impact of collateral damage to many innocents caused by their contractors...

Brandioch ConnerFebruary 28, 2011 11:51 PM

I think it might make more sense if you thought about what messages they'd focus on for damage control. And how they'd polish that message and get it into the media.

1. They didn't do anything wrong.

2. One guy did something wrong. But no one else did.
2a. And no one knew what he was doing. Or
2b. And he lied about what he was doing. Or
2c. And he coerced others to let him do it.

3. One dept did something wrong. But no one else did.
3a - 3c. See above

4. They did things that were a little wrong ... but everyone does it so it really wasn't wrong.

5. They did things that were a little wrong ... but they did them for the best reasons.

6. Anonymous did worse things!

7. There are worse people out there without the morals / ethics that they have. Are you scared yet?

8. I know more than you do and I say that you should not blame them because if you knew what I know then you'd really be scared and you'd think exactly what I'm telling you to think.

Expect to see the above in various forms until the media loses sight of this story.

Richard Steven HackMarch 1, 2011 12:17 AM

I have to agree that I see very little defense for what Barr did at HBGary Federal, and I see little reason to believe Hoglund and company did not know what he was pushing and how. One could conceivably believe Palantir and the other outfit didn't - except as Ars points out, they saw the PowerPoints and no one said boo - until the evacuation hit the wind tunnel.

While there is little evidence the law firm saw this stuff, there still is the fact that they were looking into hiring these guys to do SOMETHING LIKE THIS. Otherwise, why hire an IT security company - just to find out who Anonymous was, so they could sue a bunch of hackers? I don't think so. This was a black hat job commissioned by a law firm that expected a black hat job.

Not to mention some of the other stuff they were interested in - such as the "persona generator" to infiltrate social media and use the fake personas in various ways. We know a number of organizations and countries use "astroturfers" already - this was going to be "automated astroturfers".

I agree that what we're hearing now is Bart Simpson going, "I'm innocent, you can't prove it, nobody saw me!"

Given the number of emails dumped out, I think we may not have heard the last of this, either. It takes time to go through and collate 50,000 emails.

SeanMarch 1, 2011 1:12 AM

HBGary Corporate Workplace Surveillance and Governmental/Corporate Astroturfing through multiple fake accounts. Yep, a company I want handling my security. Any wonder the guys bluff got called and he got hit below the belt?

SeanMarch 1, 2011 1:17 AM

Plus I kind of worry about a guy who posts "I need u to help moderate me". That has so many connotations...

Nick PMarch 1, 2011 1:58 AM

@ Sean

"Plus I kind of worry about a guy who posts "I need u to help moderate me". That has so many connotations... "

Seriously, how does a guy saying this become a CEO? Most CEO's I've met are experts at presenting themselves in public and controlling what they say to maintain professional image. This guy talks like he's in high school and someone insulted him in front of his girlfriend. Barr is so lame. Still don't see how he got the job... Social engineering perhaps?

RonKMarch 1, 2011 2:26 AM

@ Brandioch Conner

"8. I know more than you do and I say that you should not blame them because if you knew what I know then you'd really be scared and you'd think exactly what I'm telling you to think."

That one is a real jewel, BC... thanks.

RobertTMarch 1, 2011 2:46 AM

I'm not sue if I should be more appalled by HBGary's antics or by the denial implicit in so many of these posts.
Personally I cannot bring myself to be outraged by HBGary's conduct because it is still within the realm of expected behavior, for companies of this ilk. I guess I've lived too long in the "gray hats" area to expect any real distinction between "White hats" and Black hats"

Oh well! Talking about morally questionable behavior, what was it I was suppose to reverse-engineer this week....

wMarch 1, 2011 2:55 AM

if this is a sidepath don't bother repling :)

Would would happen if wikileaks became 1000X stronger and private contracts didn't. Or the opposite. What whould be the effects to everone else not in those groups

Clive RobinsonMarch 1, 2011 7:08 AM

@ Bruce,

As you are writting your book make sure you have a big fat section humans and ethics because in the break neck world we whirle around in today people are not getting to learn the wys and wherefors of ethics and are thus setting the line wrong.

@ ALL,

I have seen what HBGary are going through, I've been in it when a very ethical and well esstablished company I worked for got taken over by another company with a compleatly stupid business policy and the subsiquent lack of ethics that followed from this (no doubt some of the other Ex-employees are reading this and are nodding as well and some nodoubt wished they had got out before the inevitable). I was pushed out of the company because it was obvious to those who took over not only where my morals and ethics not for sale, I could spot all their lies and cheats fiddeling the figures to the shareholders in fractions of a second and say so especially in internal "town hall" meetings, usually with just a single simple and over ridingly obvious question.

So let me tell you my take one ethics and I'll leave it up to others to draw their own lines in the sand.

Morals and ethics are "feel goods" for humans, they are overridingly how we treat each other and to a lesser extent other living organisms and the environments they exist in (ie it's the "you won't shit on your own door step but you could shit on somebody elses why don't you" question).

All business models, all zero days and everything else we play with are just methods by which we get things done. That is they are just tools.

All tools are agnostic they have no brains and thus no morals or ethics. The ethics and morals are in the heads of the operator of the tool and those who manage them and also those who manage those people all the way to the very top, plain and simple. It does not matter if you don't want to know or are too busy to know you have a responsability to know.

If I where to ask you 'is an ice axe good or bad?' how would you answer?

I'ts simple you cann't unless you have terms of refrence or a context.

One term of refrence is it has a very sharp point that is quite capable of cleaving ice or skin and bone with little effort. If you only consider Ice then you are likley to say good, if however you only see skin and bone you are likley to say bad (unless you are designing/chosing a weapon).

If instead I was to ask you within a context such as "is sticking an ice axe in a persons eye good or bad?"

I suspect some of you would think I have no morals as there is no way it could be good...

Well actually it can be good...

A full frontal labotomy was done by sticking an ice pick in the patients eye socket to get quick and easy access to the brain. I won't debate labotomies in the current historical context but at the time they were believed to have worked.

So yes something that would ordinarily be very very bad and almost compleatly unconscionable was good.

It is why people do good things for bad reasons and bad things for good reasons.

The problem is that if the result is held to be good then the action must have been good, likwise if the outcome is bad then the action must have been bad...

That is the old problem with cause and effect, you should not go from effect back to cause and make judgment, although most of us do as we have no choice after an event.

What you should do when sitting in judgment study the motives and this is a very very difficult problem. Because sometimes people have to act irespective of what the outcome may be.

That is if somebody is on the ground with blood running out of their leg in large quantites you know if you do nothing except stare you will see them die infront of your eyes.

The thorny question is what do you do...

However not all choices are made at the point of a gun as it were. For instance do you get up early on a sunday to go for a jog?

Thus what you do is dependant on what you know and the likley outcome you think it has.

And this is the problem that is for every upside there is a downside you MUST examine both independently of each other.

Going ONLY From what has been said here, HBGary had a "cash flow" issue, somebody put up a proposal and sold the benifits to the others. As the others saw effectivly only the cash flow issue they made a bad choice under the gun.

I suspect for one or two of the HBGary people they would not even have listened to the proposal had they not had cash flow issues (and who dosen't these days). Some would have listened irrespective of what state the finances where in. And some would for their own reasons have absolutly no qualms doing it at any time. And it appears atleast one was already doing it for their own pleasure which is never a good place to make rational choices.

The way you deal with ethical choices is by examining harm before benifit without bias from current objectives.

This is very hard and a recognised problem it is why we have rules and procedures for using tools and also why we have independant ethics commitiees to act as oversight when the choice gets close to a "NO" rule or procedure.

the way it isMarch 1, 2011 8:41 AM

At the end of the day HBGary was a security company that attempted to punt the offensive attributes it came across to the highest bidder and in the end... they’d crossed that road more or less completely and were more of a cyber warfare/espionage company hiding behind a security facade.

That is what HBGary Federal was for, to move the slightly vomit inducing dodgey stuff out the back, but really, they were all one and the same at board level and they clearly knew what was going on re anonymous and other issues.

They'd long taken their eye off securing anything as was demonstrated by them having their own backside handed to them on a silver platter in such a comic manner.

But... being an enterprise security specialist, while selling software that offers governments an army of online personas that can distort public reaction to events unfolding in the news in real time. And then think you can pull of a great PR stunt by selling some half baked information on a bunch of volunteers that generally set out to do good things armed only with the power of the interwebs.

Then get caught out, taught a lesson in security, then lie to the world about it, then get caught lying, then accuse those nasty hackers for being the very thing that is the sole ‘advertised’ reason for their companies existence, while the world and his best friends wife is reading about how they were going to spy on dissenting members of the public and their families, falsify information and pressure journalists... good lord you could not make it up!

Feel free to slate me for this but in my own humble opinion:

If you feel sorry for anyone at HBGary you’re a mug.

If you think Anonymous are the villains in this story you’re an idiot.

And if the info sec market is something you feel passionate about and something which you would seek to preserve you should not be closing ranks around, supporting or sympathising with the bunch of crooks at HBGary.

You should be making an example of them and throwing the book, kitchen sink and anything else you have at your disposal or be tarred with the same brush.

IshmaelMarch 1, 2011 8:45 AM

How does that old song go: "What have all the ethics gone, long time passing?". Am I the only one who would have expected better behavior from Greg Hoglund's company?

Yeah, I'm familiar with the whole shades-of-gray thing in hats but when we start distinguishing the "good" from the "evil" by the "good" having a business license, our profession has lost its way.

-- Ishmael

WinterMarch 1, 2011 8:46 AM

The persona's software is another proof (if needed) of the astroturfing of social media.

There are many rumours foating around that there are entities who pay people to troll blogs. Different from astroturf campaigns because they actively derail discussions. A kind of astroturf trolling.

Examples would be fanboys who seem to spend all their waking hours watching blogs they hate from the bottom of their hearts, just to post the first response saying, again, how much they hate the blog.

Is there any real evidence of such trolling to be paid or organized?

JimMarch 1, 2011 10:01 AM

Oh what a wicked web we weave when we when we first practice to deceive.

-The way you deal with ethical choices is by examining harm before benifit without bias from current objectives.

@ Clive, I agree here. Very interesting way to put it.

-while selling software that offers governments an army of online personas that can distort public reaction to events unfolding in the news in real time.

@way it is

Wasn't that software being sold by some Air force guy? How did you equate that with HBGary?

-And then think you can pull of a great PR stunt by selling some half baked information on a bunch of volunteers that generally set out to do good things armed only with the power of the interwebs.

LOL. Yeah, good way to promote vigilantism on the intertubes. Yeah sure, they do good things to cover for the bad like anyone else does, even HBGary lol. Not all Anon members believe in what the rest are doing. Plus, the side getting attacked now may end up changing, and one day they are then attacking your side, then later, you. What can you do? Nothing. They are anonymous. And as long as they are, you have no protection against them when they decide on their own to ratchet up their campaigns to do exactly what you claim is wrong with HBGary in your post above.

You don't think Anonymous is logging people, trojaning companies, hacking systems, defacing websites they don't like? And isn't that what you accuse HBGary of doing wrong? But somehow defacing websites, breaking down closed doors on the net, stealing info, and other small crimes are somehow doing good on the internet. That is your version of security service? I laugh at that. Its a double meaning deal. You claim what is wrong with companies like HBGary is bad, then claim what organizations like Anon do is somehow right when they are no different than companies like HBGary.

-Then get caught out, taught a lesson in security, then lie to the world about it, then get caught lying, then accuse those nasty hackers for being the very thing that is the sole ‘advertised’ reason for their companies existence, while the world and his best friends wife is reading about how they were going to spy on dissenting members of the public and their families, falsify information and pressure journalists.


You don't know much about field level security operations now do you lol?

-If you feel sorry for anyone at HBGary you’re a mug.

But your not a mug if you break into systems, deface websites because you don't like them, steal corporate intelligence, and basically just act like the security industry lol. What I am saying here is that it goes both ways. Thus on either side of the argument your a mug either way. At least I hope you can see that.

-If you think Anonymous are the villains in this story you’re an idiot.

Yeah, stealing is cool, defacing sites is even more mature and cool, and corporate espionage is the coolest of them all. But I digress.

-And if the info sec market is something you feel passionate about and something which you would seek to preserve you should not be closing ranks around, supporting or sympathising with the bunch of crooks at HBGary.

No, by your analogy we should be closing ranks with thieves, defacers and script kiddies and DDOS mafias. Yeah, much better to be around them doing what they do right?

-You should be making an example of them and throwing the book, kitchen sink and anything else you have at your disposal or be tarred with the same brush.

I think that has happened already. Maybe you missed it. Its in the news.

-How does that old song go: "What have all the ethics gone, long time passing?".

@Ishmael

Yes, it is a cruel world. I guess we all just have to grow up and admit the harsh realities to this world and the business world as well. Sucks being in it at times. But what else are we going to do?

-There are many rumours foating around that there are entities who pay people to troll blogs. Different from astroturf campaigns because they actively derail discussions. A kind of astroturf trolling.

@Winter

Can I address this in a double post lol?

I will in the next post if you don't mind.

SMarch 1, 2011 10:14 AM

@ Jim

The mental/moral gymnastics required to wrap my head round your world view of (to paraphrase) 'Anonymous hacking into peoples' systems is bad, but HBGary doing it is absolutely fine, because they had federal contracts' is too much for me, I'm afraid. I join the chorus who assume you must have some undeclared link.

@ Clive *applauds*

As if the fact you have twenty brains worth of technical knowledge isn't enough, now you draw for the ethical philosopher musings? Way to make us feel inferior...

JimMarch 1, 2011 10:24 AM

@ S, sorry I don't bite :) No link either, and if I have to explain to you what I wrote then I must be doing something wrong lol. To clarify, neither side is right. But, the OP claimed that we should be behind Anon because they are more right. I don't see that. Neither side is right. That was the point.

SMarch 1, 2011 10:28 AM

I can _understand_ what you wrote; it's just your logic contains so many errors that assuming you have some sort of vested interest is the most charitable interpretation.

As far as I'm concerned Anonymous hold the moral high ground on this matter, given their actions were reactive - they didn't go after HBGary until they were provoked.

Of more import is the wider debate this opens up regarding exactly what black hat services are being paid for by TLAs & large corporates. My interest in these matters, unlike many on these blogs, is merely curiosity rather than professionally-based, and this has certainly opened my eyes.

JimMarch 1, 2011 10:54 AM

There is a paper that came out in 2008 that was written by Cass Sunstein entitled Conspiracy Theories. You can download it for free

http://ssrn.com/abstract=1084585

I will go over some of the highlights that are very relevant here:

In it he proposed a Cognitive Infiltration program for government. Here are the highlights.

--

Second, we suggest a distinctive tactic for breaking up the hard core of extremists who supply conspiracy theories: cognitive infiltration of extremist groups, whereby government agents or their allies (acting either virtually or in real space, and either openly or anonymously) will undermine the crippled epistemology of those who subscribe to such theories. They do so by planting doubts about the theories and stylized facts that circulate within such groups, thereby introducing beneficial cognitive diversity.

---

If you look at that statement alone, one can easily see that forums, chat rooms, blogs etc are all capable of having agents such as these work inside them. Anyone, even me can be accused of having an "Agenda" that is following the corporate/government line of thinking.

Continuing on:

--
In Egypt, newspapers effectively controlled by the governing regime regularly spread conspiracy theories about Jews.50 Some believe that the Bush administration deliberately spread a kind of false and unwarranted conspiracy theory – that Saddam Hussein conspired with Al Qaeda to support the 9/11 attacks.

According to an anonymous State Department official in charge of anti-disinformation, “a great deal of harm can result ‘when people believe these lies and then act on the basis of their mistaken beliefs.’” For example, “Al-Qaeda members ‘were encouraged to join the jihad at least in part because of disinformation.

Cognitive infiltration

Rather than taking the continued existence of the hard core as a constraint, and addressing itself solely to the third-party mass audience, government might undertake (legal) tactics for breaking up the tight cognitive clusters of extremist theories, arguments and rhetoric that are produced by the hard core and reinforce it in turn. One promising tactic is cognitive infiltration of extremist groups. By this we do not mean 1960s-style
infiltration with a view to surveillance and collecting information, possibly for use in future prosecutions. Rather, we mean that government efforts might succeed in weakening or even breaking up the ideological and epistemological complexes that constitute these networks and groups.

We suggest a role for government efforts, and agents, in introducing such diversity. Government agents (and their allies) might enter chat rooms, online social networks, or even real-space groups and attempt to
undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action.

In another variant, government officials would participate anonymously or even with false identities.

Once corrective information is introduced, large numbers of people can be shifted to different views. If government is able to have credibility, or to act through credible agents, it might well be successful in dislodging beliefs that are held only because no one contradicts them. Likewise, polarization tends to decrease when divergent views are voiced within the group. Introducing a measure of cognitive diversity can break up the epistemological networks and clusters that supply conspiracy theories.
----

Sunstein is now part of the Obama administrations Office of Information and Regulatory Affairs..

http://www.salon.com/news/opinion/...


ShaneMarch 1, 2011 10:59 AM

I have yet to find an example of a person whose integrity wasn't dismantled in a directly proportionate manner to the power/money/prestige they've acquired. That goes for Barr, HB, and Anon alike. Vigilantes, corporate cronies, and government spooks - in the end, they all add up to the same shitty value.

There's a reason firefighters use H20 and C02 to fight fires. The only reason to fight fire with fire is to ensure that everything burns all to hell.

Anon may have done some things many of us wish someone would have done, but no organization with pure motives and solid integrity needs that much of a spectacle as an accompaniment. Anon really seems to enjoy the spotlight, which makes them just as bad as the folks they're bullying, and not worth trusting in the least.

JimMarch 1, 2011 11:00 AM

@ S

-I can _understand_ what you wrote; it's just your logic contains so many errors

and attempt to undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action.

Sorry S, just can't get behind the whole vigilante thing. It has implications that go too far for all involved. You are of course entitled to your own opinions :) Until of course some group claims you are not, and then hacks you or your opinions to pieces over them. Then we shall see where you stand on logic lol.

the way it isMarch 1, 2011 11:17 AM

@Jim

Are you a HBGary 'persona'? I suspect not, you have an air of real quality astroturf about you.

Your right though, I sure hope that nice Gaddafi fella tracks down those damn terrorist kids who took down his websites.

And as for the three government websites in Egypt they took offline belonging to the previous regime... well, those brats were just downright un-american, I hope interpol dun back traced them and they end up serving 19 consecutive life sentences.

ShaneMarch 1, 2011 11:24 AM

I'm sorry, so when does being a vigilante become the moral 'high-ground'? Seems to me (and likely Webster's) that vigilantism and terrorism are some awfully close bedfellows.

Oh right, I must've forgotten... they aren't 'terrorists' unless you disagree with their beliefs.

I'm a bit shocked that folks on this blog consider attacks, dumps, ddos, malware, et al a viable alternative to being ignored as a lobbyist/activist.

Sorry folks, you'll never get my vote. As much as it annoys me that folks think picket signs are going to change the world, it sickens me exponentially when folks think their guns and threats are any better.

Brandioch ConnerMarch 1, 2011 11:34 AM

@Jim
"Plus, the side getting attacked now may end up changing, and one day they are then attacking your side, then later, you. What can you do? Nothing."

See - 6. Anonymous did worse things!

"And as long as they are, you have no protection against them when they decide on their own to ratchet up their campaigns to do exactly what you claim is wrong with HBGary in your post above."

See - 7. There are worse people out there without the morals / ethics that they have. Are you scared yet?

"You don't think Anonymous is logging people, trojaning companies, hacking systems, defacing websites they don't like?"

See - 6. Anonymous did worse things!

"You don't know much about field level security operations now do you lol?"

See - 8. I know more than you do and I say that you should not blame them because if you knew what I know then you'd really be scared and you'd think exactly what I'm telling you to think.

"But your not a mug if you break into systems, deface websites because you don't like them, steal corporate intelligence, and basically just act like the security industry lol."

See - 4. They did things that were a little wrong ... but everyone does it so it really wasn't wrong.

Again, you seem to have an awfully positive view of HBGary and crew (except for, you know, that one bad apple) for someone who isn't connected with them in any way.

Yet you cannot identify any specific white-hat actions from them.

Despite going through 300 pages of emails detailing their black-hat activities.

This isn't about Anonymous. This is about HBGary selling black-hat services to governments and then trying to lie about it when they are outed.

JimMarch 1, 2011 11:34 AM

@Shane, thank you for your sanity. I agree wholeheartedly, vigilantes have been welcomed at first, but always have ended up being booted out later when their power becomes overwhelming to the citizenry. I do not know a time when vigilantism has been a good thing. It always sells itself that way at first, but later we find that it is a different kind of evil.

@the way it is.

-Are you a HBGary 'persona'? I suspect not, you have an air of real quality astroturf about you.

Of course the same could be said of you, or anyone for that matter. This is a common straw man tactic to attack someone of being astroturf when opinions, logic, crowds etc are against them. I understand it and agree with you. I could be, therefore ignore me, because I just very well may be astroturf.

But, what then does that say about the blogsphere? That it is or could be riddled with agents and opinion shapers and community destroyers? It could be that the entire system is rigged. And it wouldn't surprise me at all if it was. The rest of your post I really don't get into.

the way it isMarch 1, 2011 11:36 AM


@Shane

Terrorists, guns, threats...

It seems there are many people in the info sec industry looking at the public reaction to the HBGary story and then at their back catalog of contracts and screaming in a state of blind panicp..."Please save us from these gun toting terrorists...won't somebody think of the children!"

JimMarch 1, 2011 11:39 AM

@ Brandioch

It is all in how you frame the discussion or post. This proves that posts, ideas, thoughts, and even actions, can be slanted to fit any view one wishes to place it.

It is interesting for sure. And pretty much shows how the system could be set up to shape opinions, minds, thought processes and so forth through blogs, media and comments. Matter of fact not too long ago there was a story that came to light showing CNN (I think it was CNN) making a story out of a comment on a blog lol.

Its a strange world we live in.

bMarch 1, 2011 11:40 AM

@ Jim, "I have sifted through at least 300 pages of the 781 pages of emails so far. What I come across with is a company that is being built by hard working people, most notably Penny Leavy, Greg Hoglund and Bob Slapnik."

Did you read Hoglund's emails pulling Barr's strings to turn actual people into the FBI based on nothing but "guilt by association" (Mark Traynor's words) fb scrapes? These emails show that Hoglund lacks judgment and is untrustworthy.

Here are Hoglund's S/MIME emails telling Barr to turn people in to the FBI using "analysis" that  Barr knew, or should have known, is bullshit snakeoil:
http://hbgary.anonleaks.ch/greg_hbgary_com/...

From: Greg Hoglund
To: Aaron Barr
Date: Sat, 5 Feb 2011 23:48:08 -0800
Subject: Re: Final - for me.

you should tell the FBI about B. DeVries.

On 2/5/11, Aaron Barr wrote:
> yeah I am getting close. See the last line in my last email. If they think
> I have nothing then publically ok me to release it all publicly.
>
>
> On Feb 6, 2011, at 2:43 AM, Greg Hoglund wrote:
>
>> Jesus man, these people are not your friends, they are three steps
>> away from being terrorists - just blow the balls off of it@

http://hbgary.anonleaks.ch/greg_hbgary_com/...

From: Greg Hoglund
To: Aaron Barr
Date: Fri, 4 Feb 2011 22:19:31 -0800
Subject: Re: slightly revised copy

and here is a blog post that I want to post

HBGary Federal Pwns Anonymous
---
This is a proud day. HBGary Federal, lead by Aaron Barr, has made public their long term penetration of the Anonymous group, the DDOS group associated with Wikileaks. They were able to penetrate the group to the highest level, gaining the trust of the inner circle. The HBGary Federal team was able to learn the real identities of all the key players approximately 10 people. Now these individuals are being arrested by the FBI. Aaron and his team were also able to learn the identities of approx. 30 additional high level lieutenants. The Feds are finally taking down Anonymous, but it should be noted that HBGary Federal performed this entire operation without law enforcement or government involvement.


On 2/4/11, Aaron Barr wrote:
> Hold off don't post this yet please.
> I'll talk to you about it tomorrow...need sleep. :)
>
> On Feb 5, 2011, at 1:07 AM, Greg Hoglund wrote:
>
>> HBGary Federal Flexes Private Intelligence Muscle.
>> ---
>> HBGary Federal, the specialized and classified services arm of HBGary,
>> flexes its muscle today by revealing the identities of all the top
>> management within the group Anonymous, the group behind the DDOS
>> attacks associated with Wikileaks. HBGary Federal constructed and
>> maintained multiple digital identities and penetrated the upper
>> management of Anonymous, and was subsequently able to learn actual
>> identities of the primary management team BUILDING A COMPLETE ORG
>> CHART. This information was critical for law enforcement, yet all the
>> intelligence work was done without law enforcement or government
>> involvement. Only after achieving the mission did Aaron Barr, the CEO
>> of HBGary Federal, reveal this information to the Feds. This
>> underscores the need for new blood in the intelligence community and
>> the abilities of small agile teams that are unhindered by the
>> bureaucratic machine.
>>
>> what do you think? too negative on intel community?
>>
>> -G

http://hbgary.anonleaks.ch/aaron_hbgary_com/...

From: Mark Trynor
To: Aaron Barr
Date: Wed, 19 Jan 2011 10:45:13 -0700
Subject: Re: Another Thing

I'm not doubting that you're doing analysis. I'm doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it's right. You're still working off of the idea that the data is accurate. mmmm.....taco!

On Wed, Jan 19, 2011 at 10:42 AM, Aaron Barr wrote:

> Wait just a minute.
>
> I considered Dan but then both Ted and I decided u would be better.
>
> Not all things that are worthwhile are easy... :) Ur still good right?
>
> :)
>
> On the gut feeling thing...dude I don't just go by gut feeling...I spend
> hours doing analysis and come to conclusions that I know can be
> automated...so put the taco down and get to work!
>
> On Jan 19, 2011, at 12:31 PM, Mark Trynor wrote:
>
> Yeah, how did that work out the first time. You wanted Dan to be your
> engineer not me. Want me to check that facebook page "I listened to Aaron
> Barr and now I'm under investigation". Yeah, your gut feelings are
> awesome! Plus, scientifically proven that gut feelings are wrong by real
> scientist types.
>
> On Wed, Jan 19, 2011 at 10:22 AM, Aaron Barr wrote:
>
>> pretty soon we will be running a company in Mantech or TASC called...
>>
>> Magpii
>>
>> Tell me my gut feelings are wrong again...
>>
>>
>> On Jan 19, 2011, at 12:20 PM, Mark Trynor wrote:
>>
>> Your probability based on frequency right now is a gut feeling. Gut
>> feelings are usually wrong.
>>
>> On Wed, Jan 19, 2011 at 10:19 AM, Mark Trynor wrote:
>>
>>> right, which is why i know your numbers are too small to draw the
>>> conclusion but you don't want to accept it.
>>>
>>>
>>> On Wed, Jan 19, 2011 at 10:17 AM, Aaron Barr wrote:
>>>
>>>> noooo....its about probabilty based on frequency...c'mon ur way smarter
>>>> at math than me.
>>>>
>>>> On Jan 19, 2011, at 12:15 PM, Mark Trynor wrote:
>>>>
>>>> and basing that assumption off of guilt by association
>>>>
>>>> On Wed, Jan 19, 2011 at 10:14 AM, Mark Trynor wrote:
>>>>
>>>>> You keep assuming you're right.
>>>>>
>>>>>
>>>>> On Wed, Jan 19, 2011 at 10:11 AM, Aaron Barr wrote:
>>>>>
>>>>>> What? Yes it will.
>>>>>>
>>>>>> I am running throug analysis on the anonymous group right now and it
>>>>>> definately would.
>>>>>>
>>>>>>
>>>>>> On Jan 19, 2011, at 12:08 PM, Mark Trynor wrote:
>>>>>>
>>>>>> No it won't. It will tell you how mindless their friends are at
>>>>>> clicking stupid shit that comes up on a friends page. especially when they
>>>>>> first join facebook.
>>>>>>
>>>>>> On Wed, Jan 19, 2011 at 9:31 AM, Aaron Barr wrote:
>>>>>>
>>>>>>> I would like to be able to do.
>>>>>>>
>>>>>>> Is check a persons friends list against the people that have liked or
>>>>>>> joined a particular group.
>>>>>>>
>>>>>>> That will give me information on how tightly connected that person is
>>>>>>> to that group or page...
>>>>>>>
>>>>>>> :)

Brandioch ConnerMarch 1, 2011 11:53 AM

@Jim
"And pretty much shows how the system could be set up to shape opinions, minds, thought processes and so forth through blogs, media and comments."

I should have included:
9. Attempt to side-track the discussion into non-issues.

Again, this is about HBGary selling black-hat services to governments and corporations and then trying to lie about it when they are outed.

It is NOT about Anonymous.

It is NOT about "blogs, media and comments".

You seem to have a rather positive view of their behavior despite a lack of any white-hat activities on their part and a lot of documentation of their black-hat activities.

JimMarch 1, 2011 12:02 PM

Sorry Brandioch, I can't folow into the Diocyde arguments or styles. You can take that spin elsewhere, I won't debate your spin. I made my comments and that is as far as I can take it. You can continue at will if you want, it is obvious you have that grind them into the dirt style, so good luck with it lol.

@B Ya, I read those, and I read the one about the 16 year old girl that Aaron was pretending to be which was hilarious lol. Anyway, good or bad, rich or poor, we all end up in the same place at the end of the day.


Brandioch ConnerMarch 1, 2011 12:16 PM

@Jim
"You can take that spin elsewhere, I won't debate your spin."

Interesting take on how their statements in their emails, slides and such are now considered "spin".

Bruce linked to the articles containing the emails and slides. It should be fairly easy to read them. I would have considered such factual evidence as ... well ... factual evidence.

Here's a link to one of their slides in case you missed it.

http://static.arstechnica.com/02-14-2011/...

"Custom malware development"

Yep. That's just my "spin".

WinterMarch 1, 2011 12:19 PM

@those who used the word terrorists

Anonymous never used guns. They copied and deleted data on a remote computer of a criminal organization.

That is not even breaking and entering.

the way it isMarch 1, 2011 12:51 PM

Its just amazing that here's a story of governement agencies gone bad, spending millions of dollars of tax payers money to complete idiots, a lot of it going on projects that are against the public interest too. With stories about people being hired to charge public reaction and alter opinion filling website with propaganda and such.

And here, the the website of someone named in the reporting as info sec industries 'Obi-Wan Kenobi'...we see comments from people using words like terrorists, guns and threats and insisting that to think anything else is to believe the 'spin'...

Jim, I get the feeling that you are actually...'a different kind of evil.'

@Brandioch Conner

Don't bother, it appears he's getting paid for this rubbish.


Richard Steven HackMarch 1, 2011 1:16 PM

And now the Dems want an investigation of HBGary:

Dems push for Congressional investigation of HBGary Federal
:http://arstechnica.com/tech-policy/news/2011/03/democrats-push-for-congressional-investigation-of-hbgary-federal.ars

Interesting quote about what the Washington law firm knew or didn't know:

Quote

Hunton & Williams, the middleman law firm in all this (and the middleman between a major US bank and Team Themis' similar plan to take down WikiLeaks), has steadfastly refused to comment on the whole story. But it too may find itself in trouble after a professional conduct complaint (PDF) was lodged against it last week in Washington, DC.

The complaint was filed by Stop the Chamber and Velvet Revolution, two of the groups targeted for the potential Chamber of Commerce campaign. It accuses the three Hunton & Williams lawyers named in the HBGary Federal e-mails of "an extended pattern of unethical behavior that included likely criminal conduct."

Specifically, they solicited, conspired with and counseled three of its investigative private security firms to engage in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.

Most of this alleged bad behavior was done, of course, by Team Themis and not by Hunton & Williams. Still, they reviewed (and appear to have had no problems with) the material. As the complaint puts it, "none of the H&W lawyers ever expressed any reservation or doubt about the unethical conduct proposed and committed by their investigators. In fact, they actively solicited and approved everything that was proposed and presented."

The complaint asks the DC Board of Professional Responsibility to strip all three Hunton & Williams lawyers of their licenses.

End Quote

Meanwhile, I note Jim is vigorously defending Barr and company based on 300 emails out of the 50,000 dumped.

For the record, I'm sure both HBGary and HBGary Federal did engage in legitimate "white hat" activities, especially the former. However, it's clear that both were up for what clearly could be referred to as "less than ethical" behavior if it brought in the Federal dollars. And I'm quite sure quite a few other IT security companies would do the same - it's the corporate mentality.

But when mercenaries are hired to do bad things, it's not the mercenaries one should complain about - it's the people who hired them.

As for Anonymous, of course they're engaged in illegal activities against various companies and individuals based on their perception of those target's own "anti-social" behavior. This is what a "resistance" does, and Anonymous qualifies.

As someone said recently, the United States is currently in that awkward phase where it's too late to work inside the system and too soon to start shooting the bastards. Anonymous is what you get in that phase.

For those who don't like Anonymous, just be glad they aren't "shooting the bastards".

EHMarch 1, 2011 1:38 PM

"Anyway, good or bad, rich or poor, we all end up in the same place at the end of the day."

When presented with evidence that refutes your points, you cop-out with some platitude. I guess your paycheck doesn't allow you to adapt your own outlook to match reality.

JimMarch 1, 2011 1:48 PM

-Yep. That's just my "spin".

Get out in the field on occasion Brandiock. You spend too much time in the office lol.

-Anonymous never used guns. They copied and deleted data on a remote computer of a criminal organization.

Yeah sure kid..

-Its just amazing that here's a story of governement agencies gone bad, spending millions of dollars of tax payers money to complete idiots, a lot of it going on projects that are against the public interest too.

So your a child of the 80's lol.

Listen, this stuff was going on way back in the early days of politics. Tell ya what, when you get old enough to go through college and get a degree, then maybe study some history and see that politics is dirty. It always has been and always will be lol. Same with the security industry as a whole.

-Jim, I get the feeling that you are actually...'a different kind of evil.'

Yeah, I'm the Hitler kind lol. I just threw that out there in case your next step was to follow the party line of aligning me with Hitler or Pol Pot lol.

-Don't bother, it appears he's getting paid for this rubbish.

As opposed to you eh lol?

-Meanwhile, I note Jim is vigorously defending Barr and company based on 300 emails out of the 50,000 dumped.

Sorry Hack, I won't bite lol. My clients are not who you think. Matter of fact you would be surprised at who worked on that complaint lol. Anyway, good to see all these comments, they helped the devils advocate arguments I had. In a way one needs to see things for what they are, but it always helps to see it from a different side before one comes to the final conclusions in any argument.

Know what bothers me the most? That people not involved with this lost their jobs. People who had just left some other job to go there, and instead now wound up without work at all. How are they going to support their families, kids, and so forth? How are they going to put food on the table? Some might say they will get work, but I think anyone who has them on their resume now might find it harder to obtain work, since this industry will usually eat their own.

At any rate, its too bad for them. I do feel for them, and since I have been there and done that many times, I do feel for those who lose in the end even though I claim them as enemy, competition, etc.. It is just in my nature to have feelings for people who lose work or jobs and or are thrown out on the street. I don't much care for Anon tactics, as I know where it leads. I don't too much care for how this operation came out, even though it helped the people who employ me. But, overall, the security business is like that, it has no mercy for anyone.

Nick PMarch 1, 2011 1:53 PM

@ Richard

Thanks for that link. It's a good enough reason to dissolve this business, especially considering how much heat people get for a mere DMCA violation.

@ all on Jim

You guys are wasting entirely too much energy on this guy. He's either working for them or a Sophist troll that likes to argue for the sake of arguing and enraging people. They usually stop posting when they are ignored and their posts removed by moderators. So long as these don't happen, we will get post after post of utter rubbish. I've seen it on other blogs... (well, i guess now on this one too lol)

JimMarch 1, 2011 1:59 PM

-When presented with evidence that refutes your points, you cop-out with some platitude. I guess your paycheck doesn't allow you to adapt your own outlook to match reality.

No EH, it is that the conclusions are already drawn for me. The devils advocate arguments I had have been vetted, and I really see no more need to delve into it. Our side won lol, and or at least has the appearance of winning at this stage. We have been slogging it out bit by bit for the last 7 months or so elsewhere, and it has been a lose lose lose deal for us every day. There was a point where we thought we would never win. Then, an arrow, or an angel in the form of Anonymous came out of the sky and delivered us from evil lol. Funny how that happens of course. I don't support the methods, but, in this case it helped my clients.

Anyway, the issue is that we ended up finding out for sure that this activity was ongoing. However the issue for us is that these were not the initial guys that came after my clients in the first place. There was someone else working this angle, and being paid by someone else. So far we have not been able to ascertain who that is, but the courts are handling it right now, and as such we may find out further when that pans out down the road.

As for the HBGary people, they were not in "MY OPINION" involved in any action towards my clients. As a matter of fact, they came in accidentally way after, and so for me its not really a win even though they were after my clients to begin with. And while my clients are out celebrating that they caught these people with their hands in the cookie jar, I don't really think its something to celebrate. I think the people who were initially in charge of this project just got off Scott free just as we were closing in on them. They now get to watch as blame falls on other parties such as HBGary, H&W and so on lol. I guess bad for HBG on that one.

At any rate, I am still pursuing the original people involved with these actions and hope to find them out one day. Until then, I hunt lol.

the way it isMarch 1, 2011 2:00 PM


You caught me Jim...Anon are paying me 20 internets an hour to sit hear replying to your jibberish.

-Anonymous, are out there in the field...armed to the teeth...'Yeah, sure kid!'

Are you aware you sound like your about to have a nervous breakdown?

As previously stated, there are numerous people here who aren't fooled by your drivel. You talk of spin by the only side in the game that doesn't have its own fully paid up PR department... and as has also been pointed out, when people provide you with the hard facts, you cop out meekly in a laughable fashion.

Carry on...please.

Brandioch ConnerMarch 1, 2011 2:02 PM

@Jim
"Get out in the field on occasion Brandiock. You spend too much time in the office lol."

I'll add:
11. Reply with a non sequitur.

You still have not addressed what you claim to be "spin" which is, in fact, emails and slides from HBGary and crew.

"My clients are not who you think. Matter of fact you would be surprised at who worked on that complaint lol."

See - 8. I know more than you do and I say that you should not blame them because if you knew what I know then you'd really be scared and you'd think exactly what I'm telling you to think.

Really, trying to imply that you have some insider knowledge ... but are unable to provide substantiation for such ... do you really think anyone will fall for that?

"I don't too much care for how this operation came out, even though it helped the people who employ me."

Interesting. And yet, previously, you had attempted to portray yourself as someone completely unattached to HBGary and crew in any way.

Richard Steven HackMarch 1, 2011 2:08 PM

That last Jim post definitely sounds like a professional troll. When did "his clients" become an issue? And why bring it up at all?

Just weird.

Best not call me "kid", I'm probably way older than he is.

ShaneMarch 1, 2011 2:18 PM

@the way it is

Precisely my point - assuming you were trying to argue with me. People using terrorist-like tactics (or vigilante-like if you prefer) to combat the masses' fear of terrorism (oh and possibly maybe the infinitesimal risk of actual terrorism) is certainly idiotic/mindless and wholly reactionary in my book, that goes for HB, Anon, and the Government alike.

JimMarch 1, 2011 2:23 PM

-Just weird.

Yes, the net is filled with weirdo's lol. Look, argue it however you want, its over and on the way to the courts. It really doesn't matter what I think or even what you think, we are just bit players in the scheme of things.

@Hack

Sit and Spin Mr Bunny lol. I am way older than you kid. No, you are older than me. No my Dad can kick your Dad's ass. No, my Dad is superman.. Get real Hack, I don't fall for your shtick' anymore than I would fall for Brandiocks shtick. Its all my dick is bigger than your dick stuff. Its useless and pointless to go on. HBgary is in the toilet, and you rejoice. I know how it is, I am supposed to rejoice too, but in a way I can't, because it just doesnt feel right. That's me, not you. OK, I am done, I will move on to other better posts here. Enjoy it and enjoy the last words on it.

Brandioch ConnerMarch 1, 2011 2:29 PM

@Jim
"No my Dad can kick your Dad's ass. No, my Dad is superman.. Get real Hack, I don't fall for your shtick' anymore than I would fall for Brandiocks shtick. Its all my dick is bigger than your dick stuff."

Are you still trying to imply that you work for a company involved in this? And that you have inside information?

Or are you claiming that you have no involvement and have just spent time reading 300 pages of email to form your opinions?

Richard Steven HackMarch 1, 2011 2:43 PM

Definitely he's a troll. No content whatever in his posts, a sure sign.

Meanwhile, this news proves what I said - the HBGary email dump is good for more:

HBGary emails out Morgan Stanley as Aurora victim
:http://www.scmagazineus.com/hbgary-emails-out-morgan-stanley-as-aurora-victim/article/197335/

Richard Steven HackMarch 1, 2011 3:14 PM

After an offline conversation with Jim, I retract my "troll" comment. This thread just seems to have gotten out of hand for everyone. Let's let it lay as it stands.

Brandioch ConnerMarch 1, 2011 3:26 PM

@Richard Steven Hack
"Definitely he's a troll. No content whatever in his posts, a sure sign."

I'm not so sure. His original posts were far more rational than his ending posts.

But he seemed intent on pushing the angle that they're just good, hard working folk like you or me who were done wrong by one bad apple and now they might lose their jobs.

When presented with facts that contradicted that story ... that's when it gets weird.

Whether he was trolling or not, he attempts to present two different versions of his motivations for posting here. Neither of them make sense to me.

Winter March 1, 2011 4:06 PM

I get the eerie feeling that this thread is ending up as a showcase for the personas software.

BF SkinnerMarch 2, 2011 6:20 AM

The Register is reporting that Barr has resigned from HBGary.

"I need to focus on taking care of my family and rebuilding my reputation,"

keithMarch 2, 2011 7:06 AM

@ winter
>I get the eerie feeling that this thread is ending up as a showcase for the personas software.

If the software was any good (well spec'ed), each persona would have a written ID style that is simular to that of the users in the forum it was to be deployed.
I don't see may users here Lol'ing in every post......

(sounds like trying to hard)

WinterMarch 2, 2011 7:29 AM

@keith
"If the software was any good (well spec'ed), each persona would have a written ID style that is simular to that of the users in the forum it was to be deployed. "

We might doubt the "any good" part.

What I expect from astroturf "personas" is that they play a (scripted) part and people work in shifts. That is, style errors, inconsistencies in the contributions (and style), time sequences (working hours, shifts different from "normal" contributers). These are give aways, LOLs here, mutually incompatible positions, incongruent personal history, etc.

But what to me is the ultimate sign of a troll is a lack of contributions. People who are not volunteering useful information or insights tend to be not really interested in the subject. If your opinions far outrun your contributions the question becomes why you feel so strongly about the subject?

So whenever I see a person who is deep in the controversy but never contributing anything new, I look for other signs of trolling.

This can give a very strange feeling when you are conversing with a well known "expert" who is trolling.

I once "communicated" over an extended time with a person who was defending some Microsoft policy. The person was a world renowned expert in the field. But was by many seen as trolling.

What gave this person away to me was that never ever were information or insights in the matter volunteered while there really was a lot to offer. You never read something from this person that you did not already knew. All that was offered was "trolling" for MS' actions.

AnonimouseMarch 2, 2011 7:52 AM

Its a horrible thing in general, the idea of persona management software, and very divisive.

How you you combat it. Do you increase the level of personal infomation you need to part with to authenticate the account needed it get such posting privileges? What would it be checked against, a government database?

Or a whole scale move to persistant identity on the web?


Maybe it would be best to outlaw the practice asap... although, given the types of organisations using this stuff, that may prove difficult.

Nick PMarch 2, 2011 1:05 PM

@ Richard Steven Hack 03/01/11 3:14PM

I have my suspicions that some troll trying a last ditch effort to improve his reputation here typed a regular's name and url into the blanks, exploiting the face that this blog's authentication is abyssmal. Or that might actually have been Richard.

Regardless, the weight of Jim's postings indicate he contributes nothing of substance, commits fallacies regularly, ignores all findings that contradict his beliefs, and supports HBGary and co at all costs. In other words, whether it's Richard's point or not, the guy is still a troll or a moron. Even if he sounds eloquent on the phone....

Richard Steven HackMarch 2, 2011 2:56 PM

Uh, did someone just question whether my 3:14 post was from me?

It was.

And I did have an offline conversation with Jim, which in my mind established that he was not actually "trolling" with malicious intent, he really believes what he was saying. Of course, I could be wrong.

I think he was just concentrated on the harm done TO the lower level employees of HBGary whereas everyone else including me was concentrating on the harm done BY the higher ups.

So I think the conversation diverged into something unproductive and I think he realizes that.

Nick PMarch 2, 2011 4:39 PM

@ Richard Steven Hack

"uh did someone just question whether my 3:14 post was from me?"

Uh yeah... rightly so I'd say considering troll tactics on blogs w/out authentication. I'll take you're word for it this time as the explanation makes some sense. So, from my perspective, he wasn't a troll but conversed like one. I guess that's OK if it doesn't happen much in the future.

bMarch 2, 2011 8:17 PM

An email describing a social engineering attack for malware/rootkit infection shared between Barr and Hoglund. The attack involves using a 'nym like "Naughty Vicky" with faked photos of a "nice looking chick". Hoglund calls this method "fucking brilliant".


http://hbgary.anonleaks.ch/aaron_hbgary_com/...

From: Greg Hoglund
To: Aaron Barr
Date: Mon, 12 Jul 2010 16:10:50 -0700
Subject: Re: You can't protect stupid

Thats fucking brilliant.
-G

On Mon, Jul 12, 2010 at 12:17 PM, Aaron Barr wrote:
> Night Hacker
> Learning Python 2.6
> Posts: 121
> Joined: Jun 2010
> Reputation: 1
>
> Hi all I have decided to create a quick basic straight to the point
> TUT on a bit of Social Engineering, this is something that I use and
> it's handy if you are using a free Public Crypter and it only leaves
> your server FUD for a small amount of time.
>
> Ok so first things first I go straight to a chat room such as 321.com
> so sign up with a good name e.g. Naughty Vicky get a good photo to use
> from MySpace of a nice looking chick save it to your computer, also
> remember to leave your msn your using in the profile you create so the
> victims can simply add you from there. So now go to the Teen chat you
> will get about 20-30 boxes pop up with questions such as ASL please
> now just copy and paste this ...
>
> They say ASL now just copy and paste it in each box you will have
> about 20 Victims asking you.
>
> Hey there 16 straight and naughty ive got some nice pictures add me
> it's (put your email)
>
> Copy this above ^ into the 321 in each Victims chat box then wait tell
> they add you on your msn
>
> Copy and paste this into your victims msn chat from your fake msn when
> you have added them.
>
> Hey heres the pictures please don't spread them though ok as don't
> want the whole world seeing them ;) also you might need to take your
> crappy Antivirus off as msn picks up everything enjoy
>
> Remember as well don't bother chatting to them for ages it's pointless
> it only puts them off in the long run, my trick is to simply go from
> one to the next if they moan block them and move one. "Try to sound as
> legit as possible" by adding smiley faces etc. If you do this you seem
> more like a chick and that is what you want "
>
> Well that is pretty much what I use for sniping my victims this is
> just a simply basic TUT for any new members that might be finding it
> hard to spread servers etc...

Aaron Barr
CEO
HBGary Federal Inc.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..