Difference between revisions of "HBGary"

From Wikispooks
Jump to navigation Jump to search
(WP import as is)
 
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{short description|American cybersecurity company}}
+
{{group
{{Cleanup bare URLs|date=September 2022}}
+
|wikipedia=https://en.wikipedia.org/wiki/HBGary
{{Use dmy dates|date=September 2020}}
+
|titular_logo=1
{{Infobox company
+
|logo=HBGary.png
| name = HBGary
+
|constitutes=Cyberwarfare contractor
| logo = [[File:Hbgary logo.jpg|The HBGary logo]]
+
|website=https://web.archive.org/web/20140707150352/http://www.hbgary.com/
| type =
+
|description=Company that developed sophisticated software for the control of [[sock puppets]].
| foundation  = 2003<ref name="webcache.googleusercontent.com1"/>
+
|headquarters=
| founder      = [[Greg Hoglund]]
+
|start=2003
| location    = Offices in [[Sacramento, California]], [[Washington, D.C.]], and [[Bethesda, Maryland]].<ref name="hbgarycom"/>
+
|founders=Greg Hoglund
| area_served  =
+
|num_staff=
| fate = Bought out
+
|interests=Astroturfing, Sock puppets, Malware, Anonymous, WikiLeaks
| key_people  = [[Greg Hoglund]]<br />([[Entrepreneur|Founder]] & [[CEO]])<br />Penny Leavy<br />([[President (corporate title)|President]])<br />Aaron Barr<br />(Former CEO of HBGary Federal)
 
| industry    = [[Computer software]] <br />[[Computer security]]
 
| products    =
 
| revenue      =
 
| operating_income =
 
| net_income      =
 
| assets          =
 
| equity          =
 
| num_employees =
 
| parent        =
 
| homepage      = [http://www.hbgary.com/ HBGary Inc.]
 
 
}}
 
}}
 +
'''HBGary''' is a company that developed sophisticated software for the control of [[sock puppets]] on behalf of the US government. It was founded by [[Greg Hoglund]] in [[2003]] as a company offering IT services.<ref name="webcache.googleusercontent.com1">https://web.archive.org/web/20090328044411/http://www.hbgary.com/company/about/</ref><ref name="dr1">http://www.darkreading.com/database-security/167901020/security/news/225700716/index.html</ref> HBGary published a document on how to undermine [[WikiLeaks]] <ref>https://web.archive.org/web/20221207203728/https://wikileaks.org/IMG/pdf/WikiLeaks_Response_v6.pdf</ref> and wanted to expose leaders of '[[Anonymous]]'.<ref>https://www.infoworld.com/article/2623436/anonymous-strikes-back-at-hbgary-with-stolen-emails.html saved at [https://web.archive.org/web/20230205004939/https://www.infoworld.com/article/2623436/anonymous-strikes-back-at-hbgary-with-stolen-emails.html Archive.org] saved at [https://archive.is/yvZ7t Archive.is]</ref>
  
'''HBGary''' is a subsidiary company of [[ManTech International]], focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: ''HBGary Federal'', which sold its products to the [[Federal government of the United States|US Government]],<ref name=":0">{{Cite web |last=Anderson |first=Nate |date=2011-02-10 |title=How one man tracked down Anonymous—and paid a heavy price |url=https://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars |access-date=2022-07-27 |website=Ars Technica |language=en-us}}</ref> and ''HBGary, Inc.''<ref name="james_wray_and_ulf_stabe"/> Its other clients included [[Information Assurance|information assurance]] companies, [[computer emergency response team]]s, and [[Computer forensics|computer forensic investigators]].<ref name=cf1/> On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm [[ManTech International]].<ref name="SacBJ">{{cite news|last=Anderson|first=Mark|title=Cyber security firm HBGary bought by ManTech International|url=http://www.bizjournals.com/sacramento/news/2012/02/28/hb-gary-sacramento-man-tech-cyber-securi.html|access-date=29 February 2012|newspaper=Sacramento Business Journal|date=29 February 2012}}</ref> At the same time, HBGary Federal was reported to be closed.<ref name="SacBJ"/>
+
==HBGary Federal==
 
+
HBGary Federal had been set up with [[Aaron Barr]] as CEO instead of Hoglund to provide services and tools to the [[US government]], which might require security clearance.<ref name="salom20110216">http://www.salon.com/news/politics/war_room/2011/02/16/hbgary_federal </ref> As HBGary Federal could not meet revenue projections, in early [[2011]] negotiations about the sale of HBGary Federal were in progress <ref name="arstechnica20110225">https://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars/2 </ref> and the company was acquired by [[ManTech International]] in February [[2012]].<ref>http://www.bizjournals.com/sacramento/news/2012/02/28/hb-gary-sacramento-man-tech-cyber-securi.html</ref>
== History ==
 
 
 
The company was founded by [[Greg Hoglund]] in 2003.<ref name="webcache.googleusercontent.com1"/> In 2008, it joined the [[McAfee]] Security Innovation Alliance.<ref name=cf1/> The CEO made presentations at the [[Black Hat Briefings]], the [[RSA Conference]], and other [[computer security conference]]s.<ref name=dr1/><ref name="blackhatcom1"/> HBGary also analyzed the [[GhostNet]] and [[Operation Aurora]] events.<ref name=":0" /><ref name=dr1/>
 
 
 
HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance.<ref name="salom20110216"/> As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies.<ref name="arstechnica20110225"/>
 
 
 
HBGary was acquired by ManTech International in February 2012.<ref name="SacBJ"/>
 
  
 
== WikiLeaks, Bank of America, Hunton & Williams, and Anonymous ==
 
== WikiLeaks, Bank of America, Hunton & Williams, and Anonymous ==
{{see also|Timeline of events involving Anonymous#Attack on HBGary Federal}}
+
In [[2010]], [[Aaron Barr]], CEO of HBGary Federal, alleged that he could exploit [[social media]] to gather information about [[Hacker (computer security)|hacker]]s.<ref name=":0">https://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars</ref>
  
{{quote box|align=right|width=33%|quote = Step 1 : Gather all the data<br />Step 2 : ???<br />Step 3 : Profit|source=HBGary programmer to Barr disparaging his plan with a reference to an [[Gnomes (South Park)|episode]] of ''[[South Park]]''.<ref name="arstechnicacom1" />}}
+
In early [[2011]], Barr claimed to have used his techniques to infiltrate [[Anonymous]],<ref name=":0" /><ref>https://www.independent.co.uk/news/media/online/hacktivists-take-control-of-internet-security-firms-2207440.html</ref><ref>https://www.ft.com/content/87dc140e-3099-11e0-9de3-00144feabdc0</ref><ref>https://www.salon.com/2011/02/16/hbgary_federal/</ref> partly by using IRC, [[Facebook]], [[Twitter]], and by [[social engineering]].<ref name=":0" /><ref name="arstechnicacom2" /> His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,<ref name=":0" /><ref name="parmy_olson">https://blogs.forbes.com/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/</ref> including the FBI.<ref name=":1">https://www.forbes.com/sites/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/</ref> In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.<ref name=":0" /><ref name="techdirt">http://www.techdirt.com/articles/20110211/11013413056/play-play-how-hbgary-federal-tried-to-expose-anonymous-got-hacked-instead.shtml?threaded=false&sp=1</ref> In a [[communiqué]], Anonymous denied association with the individuals that Barr named.<ref name="anonsect14">https://web.archive.org/web/20110207111445/http://img838.imageshack.us/img838/2294/internetsanon.jpg</ref><ref>https://arstechnica.com/tech-policy/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price/</ref>
  
In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit [[social media]] to gather information about [[Hacker (computer security)|hacker]]s.<ref name=":0" />
+
On 5–6 February [[2011]], Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.<ref name="arstechnicacom2">https://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars</ref><ref>https://www.forbes.com/sites/parmyolson/2011/02/06/anonymous-takes-revenge-on-security-firm-for-trying-to-sell-supporters-details-to-fbi/</ref><ref>https://web.archive.org/web/20131208062435/http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html</ref> Anonymous also claimed to have wiped Barr's [[iPad]] remotely.<ref name=":0" /><ref name="parmy_olson" /><ref name="ft2">http://www.ft.com/cms/s/0/0c9ff214-32e3-11e0-9a61-00144feabdc0.html </ref><ref name="arstechnicacom0">https://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.ars</ref> The Anonymous group responsible for these attacks became part of [[LulzSec]].<ref>http://content.usatoday.com/communities/technologylive/post/2011/06/whos-who-among-key-lulzsec-hackitivists/1</ref>
  
In early 2011, Barr claimed to have used his techniques to [[Espionage|infiltrate]] [[Anonymous (group)|Anonymous]],<ref name=":0" /><ref>{{Cite web |date=2011-02-08 |title=Hacktivists take control of internet security firms |url=https://www.independent.co.uk/news/media/online/hacktivists-take-control-of-internet-security-firms-2207440.html |access-date=2022-07-27 |website=The Independent |language=en}}</ref><ref>{{Cite web |last=Menn |first=Joseph |date=2011-02-04 |title=Cyberactivists warned of arrest |url=https://www.ft.com/content/87dc140e-3099-11e0-9de3-00144feabdc0 |access-date=2022-12-19 |website=Financial Times}}</ref> partly by using [[Internet Relay Chat|IRC]], [[Facebook]], [[Twitter]], and by [[social engineering (security)|social engineering]].<ref name=":0" /><ref name="arstechnicacom2" /> His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,<ref name=":0" /><ref name="parmy_olson" /> including the FBI.<ref name=":1">{{Cite web |last=Olson |first=Parmy |title=Victim Of Anonymous Attack Speaks Out |url=https://www.forbes.com/sites/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/ |access-date=2022-07-27 |website=Forbes |language=en}}</ref> In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.<ref name=":0" /><ref name="techdirt" /> In a [[communiqué]], Anonymous denied association with the individuals that Barr named.<ref name="anonsect14"/><ref>{{Cite web|title = How one man tracked down Anonymous—and paid a heavy price|url = https://arstechnica.com/tech-policy/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price/|website = Ars Technica|date = 10 February 2011|access-date = 2016-02-20}}</ref>
+
The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal.
 
 
On 5–6 February 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.<ref name="arstechnicacom2" /><ref>{{Cite web |last=Olson |first=Parmy |title=Anonymous Takes Revenge On Security Firm For Trying To Sell Supporters' Details To FBI |url=https://www.forbes.com/sites/parmyolson/2011/02/06/anonymous-takes-revenge-on-security-firm-for-trying-to-sell-supporters-details-to-fbi/ |access-date=2022-07-27 |website=Forbes |language=en}}</ref><ref>{{Cite web|url=http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html|archive-url = https://web.archive.org/web/20131208062435/http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html|archive-date = 8 December 2013|title = Anonymous makes a laughing stock of HBGary - the H Security: News and Features}}</ref> Anonymous also claimed to have wiped Barr's [[iPad]] remotely.<ref name=":0" /><ref name="parmy_olson" /><ref name="ft2" /><ref name="arstechnicacom0" /> The Anonymous group responsible for these attacks became part of [[LulzSec]].<ref>{{cite news|last=Acohido|first=Byron|title=Who's who among key LulzSec hackitivists|url=http://content.usatoday.com/communities/technologylive/post/2011/06/whos-who-among-key-lulzsec-hackitivists/1|access-date=3 June 2013|newspaper=USA Today|date=20 June 2011}}</ref>
 
  
 
=== Content of the emails ===
 
=== Content of the emails ===
 +
Some of the documents taken by Anonymous show HBGary Federal was working on behalf of [[Bank of America]] to respond to [[WikiLeaks|WikiLeaks]] planned release of the bank's internal documents.<ref name="james_wray_and_ulf_stabe">https://web.archive.org/web/20110211024334/http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1</ref><ref name="register">https://www.theregister.co.uk/2011/02/17/hbgary_hack_redux/</ref> "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."<ref name=":2">https://web.archive.org/web/20110212063613/http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporter</ref>
  
Some of the documents taken by Anonymous show HBGary Federal was working on behalf of [[Bank of America]] to respond to [[WikiLeaks|WikiLeaks']] planned release of the bank's internal documents.<ref name="james_wray_and_ulf_stabe" /><ref name="register" /> "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."<ref name=":2">{{Cite web |date=2011-02-12 |title=Firm targeting WikiLeaks cuts ties with HBGary - apologizes to reporter - Security |url=http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporter |access-date=2022-07-27 |archive-url=https://web.archive.org/web/20110212063613/http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporter |archive-date=12 February 2011 }}</ref>
+
As a means of undermining Wikileaks, [[Aaron Barr]] suggested faking documents to damage Wikileaks' reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist [[Glenn Greenwald]] and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers.<ref>https://arstechnica.com/tech-policy/2011/02/the-ridiculous-plan-to-attack-wikileaks/</ref>
 
 
As a means of undermining Wikileaks, Aaron Barr suggested faking documents to damage Wikileaks' reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist [[Glenn Greenwald]] and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers.<ref>{{cite web |last1=Anderson |first1=Nate |title=Spy games: Inside the convoluted plot to bring down WikiLeaks |url=https://arstechnica.com/tech-policy/2011/02/the-ridiculous-plan-to-attack-wikileaks/ |website=Ars Technica |access-date=17 October 2021 |language=en-us |date=14 February 2011}}</ref>
 
  
 
In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks.<ref>http://wikileaksdecrypted.com/bankofamerica-wikileaks-hbgary-palantir/</ref>
 
In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks.<ref>http://wikileaksdecrypted.com/bankofamerica-wikileaks-hbgary-palantir/</ref>
  
Emails indicate [[Palantir Technologies]], [[Berico Technologies]], and the law firm Hunton & Williams, which was acting for [[Bank of America]] at the recommendation of the [[US Justice Department]],<ref name=":1" /> all cooperated on the project.<ref name=":2" /> Other e-mails appear to show the [[U.S. Chamber of Commerce]] contracted the firms to spy on and discredit unions and liberal groups.<ref name="fdl1" />
+
Emails indicate [[Palantir Technologies]], [[Berico Technologies]], and the law firm Hunton & Williams, which was acting for [[Bank of America]] at the recommendation of the [[US Justice Department]],<ref name=":1" /> all cooperated on the project.<ref name=":2" /> Other e-mails appear to show the [[U.S. Chamber of Commerce]] contracted the firms to spy on and discredit unions and liberal groups.<ref name="fdl1">http://emptywheel.firedoglake.com/2011/02/10/will-the-chamber-continue-wits-hbgary-work-now-that-theyve-been-hacked/</ref>
 
 
=== Fallout ===
 
  
The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal:
+
An archive of the e-mails is kept at the [[OCCRP]].<ref>https://aleph.occrp.org/datasets/1061</ref>
* 7 February 2011: Penny Leavy, President of HBGary Inc., entered an Anonymous IRC channel to negotiate with the group.<ref name=":0" /> She distanced her company from their partially owned subsidiary HBGary Federal, clarified the separation of the two, and asked [[Anonymous (group)|Anonymous]] to refrain from attacks or leaks that would damage HBGary Inc. and its customers.<ref name="pastebinIRC" />
 
* 10 February 2011: The Chamber of Commerce issued a statement denying they hired HBGary,<ref name="commerce1" /> calling the allegation a "baseless smear," and criticizing the [[Center for American Progress]] and its blog, [[ThinkProgress]], for "the illusion of a connection between HBGary, its CEO Aaron Barr and the Chamber."<ref name="commerce2" /> The Chamber denied the truth of accusations<ref name="thinkprogressblog"/> previously leveled by ThinkProgress, stating "No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams."<ref name="commerce2" />
 
* 11 February 2011: Palantir's CEO apologized to [[Glenn Greenwald]] and severed "any and all contacts" with HBGary.<ref name=":2" />
 
* The CEO and [[Chief operating officer|COO]] of Berico similarly stated that they had "discontinued all ties" with HBGary Federal.<ref>{{Cite web |url=http://www.thetechherald.com/articles/Berico-Technologies-severs-ties-with-HBGary-over-WikiLeaks-plot |title=Berico Technologies severs ties with HBGary over WikiLeaks plot |access-date=27 January 2012 |archive-date=2 January 2012 |archive-url=https://web.archive.org/web/20120102111303/http://www.thetechherald.com/articles/Berico-Technologies-severs-ties-with-HBGary-over-WikiLeaks-plot |url-status=dead }}</ref>
 
* 28 February 2011: Aaron Barr announced his resignation from HBGary Federal to "focus on taking care of my family and rebuilding my reputation."<ref>{{cite web|url=http://threatpost.com/en_us/blogs/hbgary-federal-ceo-aaron-barr-steps-down-022811|title=HBGary Federal CEO Aaron Barr Steps Down|author=Paul Roberts|date=28 February 2011|publisher=threatpost.com|url-status=dead|archive-url=https://web.archive.org/web/20110302032344/http://threatpost.com/en_us/blogs/hbgary-federal-ceo-aaron-barr-steps-down-022811|archive-date=2 March 2011}}</ref>
 
* 1 March 2011: 17 members of the [[United States Congress]] called for a congressional investigation for possible violation of federal law by Hunton & Williams and "Team Themis" (the partnership between Palantir Technologies, Berico Technologies, and HBGary Federal).<ref>{{cite web |url=http://www.salon.com/news/politics/war_room/2011/03/01/hunton_williams_investigation|title= Democrats call for probe of top D.C. law firm|author=Justin Elliott|date= 1 March 2011 |work=salon.com}}</ref>
 
* 16 March 2011:  The House Armed Services Subcommittee on Emerging Threats and Capabilities asked the Defense Department and the National Security Agency to provide any contracts with HBGary Federal, Palantir Technologies and Berico Technologies for investigation.<ref>{{cite magazine| url=https://www.wired.com/threatlevel/2011/03/congress-and-hbgary/ | magazine=Wired | first=Kim | last=Zetter | title=Congress Asks to Review DoD and NSA Contracts With HBGary | date=17 March 2011}}</ref>
 
  
 
=== Astroturfing ===
 
=== Astroturfing ===
It has been reported that HBGary Federal was contracted by the US government to develop [[astroturfing]] software which could create an "army" of multiple fake social media profiles.<ref>{{cite web|url=http://blogs.computerworld.com/17852/army_of_fake_social_media_friends_to_promote_propaganda|title=Army of fake social media friends to promote propaganda|author=Darlene Storm|date=22 February 2011|publisher=Computerworld Inc.|access-date=2011-02-24|archive-url=https://web.archive.org/web/20110224055843/http://blogs.computerworld.com/17852/army_of_fake_social_media_friends_to_promote_propaganda|archive-date=24 February 2011|url-status=dead}}</ref><ref>{{cite web|url=http://www.boingboing.net/2011/02/18/hbgarys-high-volume.html|title=HBGary's high-volume astroturfing technology and the Feds who requested it|author=Cory Doctorow|date=18 February 2011|publisher=BoingBoing |access-date=2011-02-25}}</ref>
+
It has been reported that HBGary Federal was contracted by the [[US government]] to develop [[astroturfing]] software which could create an "army" of multiple fake [[social media]] profiles.<ref>https://web.archive.org/web/20110224055843/http://blogs.computerworld.com/17852/army_of_fake_social_media_friends_to_promote_propaganda</ref><ref>http://www.boingboing.net/2011/02/18/hbgarys-high-volume.html</ref>
  
 
=== Malware development ===
 
=== Malware development ===
 +
HBGary had made numerous threats of [[cyber-attacks]] against [[WikiLeaks]]. The hacked emails revealed HBGary Inc. was working on the development of a new type of [[Windows]] [[rootkit]], code-named ''Magenta'',<ref name=":1" /> that would be "undetectable" and "almost impossible to remove."<ref name="clmag1">https://web.archive.org/web/20110217201027/http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/</ref>
  
HBGary had made numerous threats of cyber-attacks against WikiLeaks. The hacked emails revealed HBGary Inc. was working on the development of a new type of [[Windows]] [[rootkit]], code-named ''Magenta'',<ref name=":1" /> that would be "undetectable" and "almost impossible to remove."<ref name="clmag1" />
+
In October [[2010]], Greg Hoglund proposed to Barr creating "a large set of unlicensed [[Windows 7]] themes for video games and movies appropriate for the Middle East & Asia" which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.<ref name="wired">https://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars</ref>
 
 
In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed [[Windows 7]] themes for video games and movies appropriate for the Middle East & Asia" {{sic}} which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.<ref name="wired" />
 
  
== Acquisition by ManTech International ==
+
{{PageCredit
On 29 February 2012, [[ManTech International]] announced its purchase of HBGary, Inc.<ref name="Register Sale">{{cite news |last=Leyden |first=John |title=US gov IT services vendor swallows HBGary |url=https://www.theregister.co.uk/2012/02/29/hbgary_mantech/ |access-date=26 April 2012 |newspaper=The Register |date=29 February 2012}}</ref> Financial terms of the acquisition were not disclosed other than to say it was an "asset purchase", which excludes legal and financial liabilities.<ref name="Register Sale"/>
+
|site=Wikipedia
 
+
|date=10 April 2023
== References ==
+
|url=https://en.wikipedia.org/wiki/HBGary
{{Reflist|30em|refs=
 
<ref name="clmag1">{{cite web |url=http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/ |title=HBGary INC. working on secret rootkit project. Codename: "MAGENTA" |date=2011-02-14 |publisher=Crowdleaks |access-date=2011-02-14 |url-status=dead |archive-url=https://web.archive.org/web/20110217201027/http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/ |archive-date=17 February 2011}}</ref>
 
 
 
<ref name="parmy_olson">{{cite news |url=https://blogs.forbes.com/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/ |title=Victim of Anonymous Attack Speaks Out |last=Olson |first=Parmy |date=2011-02-07 |work=[[Forbes]] |access-date=2011-02-11}}</ref>
 
 
 
<ref name="ft2">{{cite news |title='Hacktivists' retaliate against security expert |first=Joseph |last=Menn |url=http://www.ft.com/cms/s/0/0c9ff214-32e3-11e0-9a61-00144feabdc0.html |newspaper=[[Financial Times]] |date=2011-02-07 |access-date=2011-02-11}}</ref>
 
 
 
<ref name="arstechnicacom0">{{cite news |title=(Virtually) face to face: how Aaron Barr revealed himself to Anonymous |first=Nate |last=Anderson |url=https://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.ars |newspaper=[[Ars Technica]] |date=2011-02-10 |access-date=2011-02-11}}</ref>
 
 
 
<ref name="arstechnicacom1">{{cite news |title=How one man tracked down Anonymous—and paid a heavy price |first=Nate |last=Anderson |url=https://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars |newspaper=[[Ars Technica]] |date=2011-02-09 |access-date=2011-02-09}}</ref>
 
 
 
<ref name="arstechnicacom2">{{cite news |title=Anonymous speaks: the inside story of the HBGary hack |first=Peter |last=Bright |url=https://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars |newspaper=[[Ars Technica]] |date=2011-02-15 |access-date=2011-02-18}}</ref>
 
 
 
<ref name="arstechnica20110225">{{cite news |title=Anonymous vs. HBGary: the aftermath |first=Nate |last=Anderson |url=https://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars/2 |newspaper=[[Ars Technica]] |date=2011-02-24 |access-date=2011-02-25}}</ref>
 
 
 
<ref name="blackhatcom1">[https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_HBG-BasMalResponder.html Basic Malware Analysis Using Responder Professional by HBGary]. Black Hat #174; Technical Security Conference: USA 2010 retr 2011-02-11</ref>
 
 
 
<ref name="hbgarycom">[http://www.hbgary.com/ HBGary :: Detect. Diagnose. Respond.] {{Webarchive|url=https://web.archive.org/web/20140707150352/http://www.hbgary.com/ |date=7 July 2014 }}
 
HBGary official website, via www.hbgary.com on 2011 02 11</ref>
 
 
 
<ref name="james_wray_and_ulf_stabe">{{cite web |url=http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1 |title=Data intelligence firms proposed a systematic attack against WikiLeaks |last=Ragan |first=Steve |date=2011-02-09 |work=The Tech Herald |publisher=[[Monsters and Critics]] |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20110211024334/http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1 |archive-date=11 February 2011}}</ref>
 
 
 
<ref name="webcache.googleusercontent.com1">[https://www.hbgary.com/company/about/ HBGary At A Glance] {{Webarchive|url=https://web.archive.org/web/20090328044411/http://www.hbgary.com/company/about/ |date=28 March 2009 }}, www.hbgary.com,</ref>
 
 
 
<ref name="register">{{cite news |title=Anonymous security firm hack used every trick in book |first=John |last=Leyden |url=https://www.theregister.co.uk/2011/02/17/hbgary_hack_redux/ |newspaper=[[The Register]] |date=2011-02-17 |access-date=2011-02-18}}</ref>
 
 
 
<ref name="techdirt">[http://www.techdirt.com/articles/20110211/11013413056/play-play-how-hbgary-federal-tried-to-expose-anonymous-got-hacked-instead.shtml?threaded=false&sp=1 Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead] Mike Masnick, TechDirt.com 11 Feb. 2011</ref>
 
 
 
<ref name="cf1">[http://www.forensicfocus.com/index.php?name=News&file=article&sid=1103 HBGary Unveils Digital DNA™ Technology] , Press Release, karenb, forensicfocus.com 3 12 2009, retr 2011-02-11</ref>
 
 
 
<ref name="dr1">[http://www.darkreading.com/database-security/167901020/security/news/225700716/index.html Researcher 'Fingerprints' The Bad Guys Behind The Malware], Kelly J. Higgins, Dark Reading, 6 22 2010, retr 2011-02-11</ref>
 
 
 
<ref name="salom20110216">{{cite news |title=Firm in WikiLeaks plot has deep ties to Feds |first=Justin |last=Elliott |url=http://www.salon.com/news/politics/war_room/2011/02/16/hbgary_federal |newspaper=[[Salon.com]] |date=2011-02-16 |access-date=2011-02-16}}</ref>
 
 
 
<ref name="commerce1">{{cite web |url=http://www.chamberpost.com/2011/02/more-baseless-attacks-on-the-chamber/ |title=More Baseless Attacks on the Chamber |last=Collamore |first=Tom |date=2011-02-10 |publisher=US Chamber of Commerce |access-date=2011-02-18 |url-status=dead |archive-url=https://web.archive.org/web/20110216182620/http://www.chamberpost.com/2011/02/more-baseless-attacks-on-the-chamber/ |archive-date=16 February 2011}}</ref>
 
 
 
<ref name="commerce2">{{cite web |url=http://www.chamberpost.com/2011/02/another-smear-from-the-center-for-american-progress/ |title=Another Smear from the Center for American Progress |last=Collamore |first=Tom |date=2011-02-11 |publisher=US Chamber of Commerce |access-date=2011-02-18 |url-status=dead |archive-url=https://web.archive.org/web/20110217180204/http://www.chamberpost.com/2011/02/another-smear-from-the-center-for-american-progress/ |archive-date=17 February 2011}}</ref>
 
 
 
<!-- <ref name="dko2">[http://www.dailykos.com/story/2011/02/13/943139/-HBGary:-Dont-let-this-story-die,-its-big- HBGary: Don't let this story die, it's big.] furiousxxgeorge, DailyKos, 13 Feb. 2011</ref> unused -->
 
 
 
<ref name="fdl1">[http://emptywheel.firedoglake.com/2011/02/10/will-the-chamber-continue-wits-hbgary-work-now-that-theyve-been-hacked/ Hacked Documents Show Chamber Engaged HBGary to Spy on Unions] emptywheel, FireDogLake, 10 Feb. 2011</ref>
 
 
 
<ref name="pastebinIRC">[http://pastebin.com/x69Akp5L Pastebin - log of Anonymous IRC channel audience with Penny Leavy of HBGary Inc] Anonymous, pastebin 7 Feb. 2011</ref>
 
 
 
<ref name="wired">{{cite news |title=Spy games: Inside the convoluted plot to bring down WikiLeaks |first=Nate |last=Anderson |url=https://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars |newspaper=[[Ars Technica]] |date=2011-02-14 |access-date=2011-04-10}}</ref>
 
 
 
<ref name="anonsect14">[http://img838.imageshack.us/img838/2294/internetsanon.jpg Anonymous statement from hacked HBGary Website] Anonymous, Feb. 2011</ref>
 
 
 
<ref name="thinkprogressblog">{{cite web |url=http://thinkprogress.org/2011/02/10/lobbyists-chamberleaks/ |title=EXCLUSIVE: US Chamber's Lobbyists Solicited Hackers To Sabotage Unions, Smear Chamber's Political Opponents |last=Fang |first=Lee |date=2011-02-10 |work=Think Progress |publisher=[[Center for American Progress]] |access-date=2011-02-10}}</ref>
 
 
}}
 
}}
  
== External links ==
+
{{SMWDocs}}
* https://web.archive.org/web/20140707150352/http://www.hbgary.com/ (official website)
 
* http://hbgaryfederal.com/ (official website, offline as of 20 February 2011)
 
* [https://www.youtube.com/watch?v=mDBdUHluD6M video of using HBGary's Flypaper product]
 
* [https://web.archive.org/web/20110223184228/http://www.usaspending.gov/search?query=&searchtype=&formFields=eyJSZWNpcGllbnROYW1lTGNhc2UiOlsiSGJnYXJ5ICBJbmMuIl19 Prime Award Spending Data for HBGary], www.usaspending.gov
 
* [https://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/ Black ops: how HBGary wrote backdoors for the government] (by Nate Anderson, ars technica)
 
* [http://www.bizjournals.com/sacramento/news/2015/07/16/former-hbgary-cybersecurity-operation-new-owner.html CounterTack taking over Sacramento operation of ManTech Cyber Solutions, formerly HBGary]
 
 
 
{{Hacking in the 2010s}}
 
  
[[Category:Companies based in Sacramento, California]]
+
==References==
[[Category:Computer security companies]]
+
{{reflist}}
[[Category:Security consulting firms]]
 

Latest revision as of 18:21, 11 June 2023

Group.png HBGary  
(Cyberwarfare contractorWebsiteRdf-entity.pngRdf-icon.png
HBGary.png
Formation2003
FounderGreg Hoglund
InterestsAstroturfing, Sock puppets, Malware, Anonymous, WikiLeaks
Interest ofBarrett Brown
Company that developed sophisticated software for the control of sock puppets.

HBGary is a company that developed sophisticated software for the control of sock puppets on behalf of the US government. It was founded by Greg Hoglund in 2003 as a company offering IT services.[1][2] HBGary published a document on how to undermine WikiLeaks [3] and wanted to expose leaders of 'Anonymous'.[4]

HBGary Federal

HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance.[5] As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress [6] and the company was acquired by ManTech International in February 2012.[7]

WikiLeaks, Bank of America, Hunton & Williams, and Anonymous

In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers.[8]

In early 2011, Barr claimed to have used his techniques to infiltrate Anonymous,[8][9][10][11] partly by using IRC, Facebook, Twitter, and by social engineering.[8][12] His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,[8][13] including the FBI.[14] In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.[8][15] In a communiqué, Anonymous denied association with the individuals that Barr named.[16][17]

On 5–6 February 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.[12][18][19] Anonymous also claimed to have wiped Barr's iPad remotely.[8][13][20][21] The Anonymous group responsible for these attacks became part of LulzSec.[22]

The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal.

Content of the emails

Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to WikiLeaks planned release of the bank's internal documents.[23][24] "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."[25]

As a means of undermining Wikileaks, Aaron Barr suggested faking documents to damage Wikileaks' reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist Glenn Greenwald and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers.[26]

In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks.[27]

Emails indicate Palantir Technologies, Berico Technologies, and the law firm Hunton & Williams, which was acting for Bank of America at the recommendation of the US Justice Department,[14] all cooperated on the project.[25] Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups.[28]

An archive of the e-mails is kept at the OCCRP.[29]

Astroturfing

It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an "army" of multiple fake social media profiles.[30][31]

Malware development

HBGary had made numerous threats of cyber-attacks against WikiLeaks. The hacked emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code-named Magenta,[14] that would be "undetectable" and "almost impossible to remove."[32]

In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for the Middle East & Asia" which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.[33]

Wikipedia.png This page imported content from Wikipedia on 10 April 2023.
Wikipedia is not affiliated with Wikispooks.   Original page source here


 

Related Documents

TitleTypePublication dateAuthor(s)Description
Document:Anonymous Surpasses Wikileaksarticle17 February 2011John Young
Document:Romas/COINWikispooks Page2011Barrett Brown
Many thanks to our Patrons who cover ~2/3 of our hosting bill. Please join them if you can.



References

  1. https://web.archive.org/web/20090328044411/http://www.hbgary.com/company/about/
  2. http://www.darkreading.com/database-security/167901020/security/news/225700716/index.html
  3. https://web.archive.org/web/20221207203728/https://wikileaks.org/IMG/pdf/WikiLeaks_Response_v6.pdf
  4. https://www.infoworld.com/article/2623436/anonymous-strikes-back-at-hbgary-with-stolen-emails.html saved at Archive.org saved at Archive.is
  5. http://www.salon.com/news/politics/war_room/2011/02/16/hbgary_federal
  6. https://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars/2
  7. http://www.bizjournals.com/sacramento/news/2012/02/28/hb-gary-sacramento-man-tech-cyber-securi.html
  8. a b c d e f https://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars
  9. https://www.independent.co.uk/news/media/online/hacktivists-take-control-of-internet-security-firms-2207440.html
  10. https://www.ft.com/content/87dc140e-3099-11e0-9de3-00144feabdc0
  11. https://www.salon.com/2011/02/16/hbgary_federal/
  12. a b https://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
  13. a b https://blogs.forbes.com/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/
  14. a b c https://www.forbes.com/sites/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/
  15. http://www.techdirt.com/articles/20110211/11013413056/play-play-how-hbgary-federal-tried-to-expose-anonymous-got-hacked-instead.shtml?threaded=false&sp=1
  16. https://web.archive.org/web/20110207111445/http://img838.imageshack.us/img838/2294/internetsanon.jpg
  17. https://arstechnica.com/tech-policy/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price/
  18. https://www.forbes.com/sites/parmyolson/2011/02/06/anonymous-takes-revenge-on-security-firm-for-trying-to-sell-supporters-details-to-fbi/
  19. https://web.archive.org/web/20131208062435/http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html
  20. http://www.ft.com/cms/s/0/0c9ff214-32e3-11e0-9a61-00144feabdc0.html
  21. https://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.ars
  22. http://content.usatoday.com/communities/technologylive/post/2011/06/whos-who-among-key-lulzsec-hackitivists/1
  23. https://web.archive.org/web/20110211024334/http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1
  24. https://www.theregister.co.uk/2011/02/17/hbgary_hack_redux/
  25. a b https://web.archive.org/web/20110212063613/http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporter
  26. https://arstechnica.com/tech-policy/2011/02/the-ridiculous-plan-to-attack-wikileaks/
  27. http://wikileaksdecrypted.com/bankofamerica-wikileaks-hbgary-palantir/
  28. http://emptywheel.firedoglake.com/2011/02/10/will-the-chamber-continue-wits-hbgary-work-now-that-theyve-been-hacked/
  29. https://aleph.occrp.org/datasets/1061
  30. https://web.archive.org/web/20110224055843/http://blogs.computerworld.com/17852/army_of_fake_social_media_friends_to_promote_propaganda
  31. http://www.boingboing.net/2011/02/18/hbgarys-high-volume.html
  32. https://web.archive.org/web/20110217201027/http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/
  33. https://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars
Retrieved from "https://wikispooks.com/w/index.php?title=HBGary&oldid=264810"