The Inside Story of the HBGary Hack
February 16, 2011 9:24 AM   Subscribe


 
Looks like they can hack better than Aaron Barr can analyze.
posted by Xoebe at 9:44 AM on February 16, 2011 [4 favorites]


Also, this previous ars link was posted in previous threads and is definitely worth a read.
posted by nasreddin at 9:45 AM on February 16, 2011


That Greenwald article is pretty damn scary.
posted by phaedon at 9:48 AM on February 16, 2011 [4 favorites]


Aaron Barr is obviously a dangerously crazy man with no respect for the privacy or safety of other people.
posted by fuq at 9:52 AM on February 16, 2011 [1 favorite]


His spelling, punctuation, and attention to type are upsetting too.
posted by goneill at 9:56 AM on February 16, 2011 [9 favorites]


HBGary Federal CEO Aaron Barr has bragged that the firm provides "specialized threat intelligence, incident response, and information operations capabilities to the IC [Intelligence Community], DoD, and Federal agencies." The exact nature of the services provided by HBGary Federal -- and what intelligence agencies might be involved -- is not clear.
posted by Joe Beese at 10:03 AM on February 16, 2011




As it was said (likely more elegantly) in another thread, messages like this from CEOs come down all the time. Blaming some tech answering emails, and saying 'they should've known' is a bit disingenuous. My own opinion, is separating computer experts into two categories: those who know what they're doing, and those who haven't been found out yet.

We hope we're in the first, and secretly know we're in the second.
posted by LD Feral at 10:13 AM on February 16, 2011 [1 favorite]


There's something heartening about all these white-shoe, establishment firms who make more in end of year bonuses than the average Anonymous member does in a single year, get so royally fucked by a bunch of state school office dwellers.

I just painted a huge bunch of stereotypes, but let me have my moment. It is not often that the establishment looks so blind sided about what they can't control, and look so inept doing it. And once again, the curmudgeon Nassim Taleb is right again on wanting Fat Tony's vs the Dr Johns of the world.
posted by geoff. at 10:13 AM on February 16, 2011 [18 favorites]


How ironic. Greenwald, who's taken money from the Cato Institute, a 'libertarian' think tank frequently implicated in the Koch Brother's anti-regulatory propaganda campaigns, now finds himself at the mercy of the massive right wing pro-business propaganda machine.

I'll hand it to Greenwald, though. He gets carried away in advocating for his views and uses his lawyerly persuasion to spin things a little too far quite a bit, IMO, but overall, my opinion of him has improved considerably since all this WikiLeaks-related nonsense came to light.
posted by saulgoodman at 10:17 AM on February 16, 2011 [3 favorites]


From the Glenn Greenwald link:

The exemption from the rule of law has been fully transferred from the highest level political elites to their counterparts in the private sector. "Law" is something used to restrain ordinary Americans and especially those who oppose this consortium of government and corporate power, but it manifestly does not apply to restrain these elites.
posted by Obscure Reference at 10:18 AM on February 16, 2011 [22 favorites]


(Well, not at the mercy I guess, but tangling with them. In reality, I guess he's getting the upperhand.)
posted by saulgoodman at 10:18 AM on February 16, 2011


I never cease to be surprised by self-described "professionals" referring to Anonymous as a refined organization with structure and hierarchy and strategy, as opposed to just a headless mass of somewhat shit-disturbing computer users with a taste for lulz, fapping and trolling.
posted by Theta States at 10:18 AM on February 16, 2011 [3 favorites]


For some reason, I don't think many people are going to want HBGary's services to help audit security and their organizations for the immediate future. Getting broken into aside, these guys seem to have ethics worse than most black hat hackers. Well, at least the ones who aren't committing outright theft or working for the mob.
posted by mikeh at 10:19 AM on February 16, 2011 [1 favorite]


just a headless mass of somewhat shit-disturbing computer users with a taste for lulz, fapping and trolling

Their exposure, however inadvertent, of what I would describe as a criminal conspiracy involving the nation's largest bank - and possibly the Department of Justice as well - has made them a force for Good in this particular case.

Would you disagree?
posted by Joe Beese at 10:21 AM on February 16, 2011 [7 favorites]




Their exposure, however inadvertent, of what I would describe as a criminal conspiracy involving the nation's largest bank - and possibly the Department of Justice as well

If you read the emails, it seems pretty obvious that this guy was a creepy, self-aggrandizing con-artist angling for a contract from these companies that never arrived, and its not at all clear that they even saw these proposals or asked for anything remotely like it.
posted by empath at 10:25 AM on February 16, 2011 [1 favorite]


> I never cease to be surprised by self-described "professionals" referring to Anonymous as a refined organization with structure and hierarchy and strategy, as opposed to just a headless mass of somewhat shit-disturbing computer users with a taste for lulz, fapping and trolling.

If that were true then they wouldn't be 1/100th as effective as they are. Sure, there are many within the hordes that comprise Anonymous that are as you describe, but it's pretty clear that the ones that set the agenda and have the know-how to pull it off are not. Certainly they're doing more than sniping on forums.
posted by Burhanistan at 10:25 AM on February 16, 2011


Is there any evidence from any of the documents that the Chamber or BoA or the DoJ had a clue who these guys were, let alone asked them to do any of this shit?
posted by empath at 10:26 AM on February 16, 2011


Their exposure, however inadvertent, of what I would describe as a criminal conspiracy involving the nation's largest bank - and possibly the Department of Justice as well - has made them a force for Good in this particular case.

Would you disagree?


Some of my best friends are shit-disturbing computer users with a taste for lulz, fapping and trolling!
I think it is amazing what they have accomplished.
posted by Theta States at 10:26 AM on February 16, 2011 [1 favorite]


Is there any evidence from any of the documents that the Chamber or BoA or the DoJ had a clue who these guys were, let alone asked them to do any of this shit?

Not really, but that law firm Hunton & Williams was definitely heavily involved. Greenwalds point is that the way H+W and the three security firms went about organising that powerpoint without any qualms speaks volumes about the corporate culture and the feeling of them being above the law.
posted by memebake at 10:29 AM on February 16, 2011 [3 favorites]


but it's pretty clear that the ones that set the agenda and have the know-how to pull it off are not. Certainly they're doing more than sniping on forums.

Sure, but it's so (seemingly) random and decentralized, that I think it mostly defies structure. Perhaps individual actions have structures that materialize, but the basis of operation seems to be a crowd-generated animosity towards a person or group, and everyone works against that common goal in their own way.

But I guess in this HBGary case, there were probably more specific players at work.
posted by Theta States at 10:29 AM on February 16, 2011 [1 favorite]


For the lulz.
posted by furiousxgeorge at 10:29 AM on February 16, 2011 [18 favorites]



Is there any evidence from any of the documents that the Chamber or BoA or the DoJ had a clue who these guys were, let alone asked them to do any of this shit?


The illegal stuff they probably didn't know, but they most definitely knew they were asking their law firm to find someone for a corporate intelligence campaign. Someone hack H&W and see what they were e-mailing their clients.
posted by furiousxgeorge at 10:31 AM on February 16, 2011 [1 favorite]


That this company claims to have a cache of unknown zero-day exploits for software that runs a lot of our infrastructure is a little mind boggling.

These exploits, for the less nerdy amongst us, are essentially like master keys for everyone's car, that you didn't know existed. If the company made a physical-world-equivalent claim it would be something like "we have the keys and codes to easily break into any bank, building, or for that matter, factory, power plant, dam, you name it. And they don't know that we can do this," I would hope anyone publicly making these kinds of claims would have the FBI all over them.

And yet these sorts of claims, if we are to believe what's come out of this whole thing, are standard practice, I think that's the real news here. These companies are claiming capabilities that I think many would call "cyber-terrorism."

Its almost enough to make me never use another non-open source piece of software again. Almost (I'm lazy).
posted by tempythethird at 10:32 AM on February 16, 2011 [13 favorites]


Is there any evidence from any of the documents that the Chamber or BoA or the DoJ had a clue who these guys were, let alone asked them to do any of this shit?

From CJR:
Both the Chamber and Bank of America deny having anything to do with this HBGary Federal stuff. And that may be true.

But it’s worth noting that the Tech Herald reported that HBGary Federal did secure a meeting with Booz Allen Hamilton, which had also been retained by BofA for its WikiLeaks “review”—a few weeks after pitching its scuzzy plan.

...

A look through Factiva shows only one media hit for HBGary Federal in the last two years before the flurry of the past week. And it’s a very interesting one. This from SC Magazine, which covers IT security (emphasis mine):
HBGary Federal, provider of classified security services to the U.S. Department of Defense and the intelligence community, has partnered with Palantir Technologies, maker of analytics platforms. HBGary’s team of researchers will leverage Palantir’s analysis tool suite to provide enhanced threat intelligence.
posted by enn at 10:33 AM on February 16, 2011 [1 favorite]


Yeah, I'd really like to see what was going on on the H&W side of things. I give it 50/50 odds of 'who the fuck hired these nutcases?'

Did H&W ever give them any money?
posted by empath at 10:34 AM on February 16, 2011


After more reading:

Also need to get people to understand that if they support the organization [Wikileaks] we will come after them. Transaction records are easily identifiable.

...so, this cocksucker is literally targeting me. That leaked memo is threatening me, personally. That man directed his business to target me. I financially support wikileaks, and now he is targeting my personal and professional development! He and his business are going after me! Presumably they know who I am (because they indicated it) and they have a plan to "get" me. This is why this is bad bad bad bad, because I'm a nobody, but I am a nobody with political views in opposition to elite parties (government, corporation) and they hired a digital hit-man to stalk me with the explicit objective of ruining my life and career. This is personal.

I hope Aaron Burr is never safe anywhere he goes, because his agenda is to ruin my life for my political expression. I hope Anonymous rides him like death rides a white horse. Seriously, fuck this guy, fuck his business, and especially fuck all these people for going after me for my political beliefs.

Anonymous: memail if there's some way I can support y'all. Now, I know who's on my side, and who's out to get me.
posted by fuq at 10:38 AM on February 16, 2011 [99 favorites]


this wired article is also a must read.
I never cease to be surprised by self-described "professionals" referring to Anonymous as a refined organization with structure and hierarchy and strategy, as opposed to just a headless mass of somewhat shit-disturbing computer users with a taste for lulz, fapping and trolling.
You're confusing "4Chan" anon with the apparent "IRC anon" Obviously they're connected, but these guys do have some kind of hierarchy. Of course, anyone can "speak for Anon" whenever they want too. Someone in a discussion of Anon mentioned these names that would crop up in resistance movements that were "open source" names anyone could speak with.
posted by delmoi at 10:40 AM on February 16, 2011 [2 favorites]


fuq: Google AnonOps

Anon is not difficult to infiltrate, since everything is public.
posted by empath at 10:40 AM on February 16, 2011 [3 favorites]


When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating.

well, yeah.
posted by clavdivs at 10:41 AM on February 16, 2011 [2 favorites]


Umm no, I'm pretty sure they're mostly just sniping on forums, but ya know everyone loves a good meet up. I'm sure the vast majority of anonymous couldn't even pull off the social engineering here, much less the sql injection, privilege escalation, or md5 crack, but that doesn't mean these guys run anything.
posted by jeffburdges at 10:44 AM on February 16, 2011 [1 favorite]


The mindboggling bit is these guys assembled a powerpoint detailing crimes they were going to commit, and nobody's been taken into custody. That's a conspiracy charge at least--if you're not working on behalf of a bank, I suppose.
posted by Nahum Tate at 10:44 AM on February 16, 2011 [16 favorites]


Did H&W ever give them any money?

Definitely read the Wired article, which goes over the whole history of HB Gary, where Arron Barr came from
That’s when Barr started the CEO job at HBGary Federal. Its parent company, the security firm HBGary, wanted a separate firm to handle government work and the clearances that went with it, and Barr was brought in from Northrup Grumman to launch the operation.
It's all based on a reading of the emails. And it sounds like they never actually got paid. Barr's whole jihad against Anon started because he was trying to drum up business for HB Gary Federal, as they were hemorrhaging cash.
posted by delmoi at 10:46 AM on February 16, 2011


Greenwald indulges in far too much hyperbole. He's dishonest. It's why I don't read his column anymore and haven't for years. Everytime I read one of his columns I feel like I need to double check everything he says and it's just more trouble than its worth.
posted by empath at 10:48 AM on February 16, 2011 [2 favorites]


The mindboggling bit is these guys assembled a powerpoint detailing crimes they were going to commit

What are the actual crimes committed here? (or what were they planning to commit?) I see some shady stuff but I'm not aware of what actual criminal statutes they were going to violate. Maybe some torts (i.e. stuff you can get sued over). That would make them not criminals but tortfeasors
posted by delmoi at 10:49 AM on February 16, 2011


Greenwald indulges in far too much hyperbole. He's dishonest.

Example?
posted by delmoi at 10:49 AM on February 16, 2011 [3 favorites]


3 posts in 9 days. Couldn't this all go in the original (to which you conveniently linked)?

Admittedly fascinating story, but I would have found it anyway...

Aaron Barr is obviously a dangerously crazy man with no respect for the privacy or safety of other people.

We all might be surprised to learn how many people like that have actual power in our governments.

Also, mo money, mo problems, and no money, mo problems.
posted by mrgrimm at 10:52 AM on February 16, 2011


What are the actual crimes committed here? (or what were they planning to commit?)

Fraud seems like the most obvious one.
posted by mrgrimm at 10:52 AM on February 16, 2011


My own opinion, is separating computer experts into two categories: those who know what they're doing, and those who haven't been found out yet.

We hope we're in the first, and secretly know we're in the second.


Or as Vonnegut put it:
Almost nobody's competent, Paul. It's enough to make you cry to see how bad most people are at their jobs. If you can do a half-assed job of anything, you're a one-eyed man in the kingdom of the blind.'
posted by Chuckles at 10:57 AM on February 16, 2011 [14 favorites]


Fraud seems like the most obvious one.

What fraud though? Unless you're talking about infiltrating social networks, I don't think producing fake documents and giving them to a news org would be fraudulent unless you were being remunerated.
posted by delmoi at 10:57 AM on February 16, 2011


Greenwald indulges in far too much hyperbole. He's dishonest.

Example?


This very column where he says this whole thing is a gigantic conspiracy by Bank of America and the Chamber of Commerce (and even the DOJ!), when in reality they had very little to do with one desperate company run by a wack job who never got a dime for anything, never had any contact with DoJ, BoA or the CoC and seems to have never actually done anything.
posted by empath at 10:58 AM on February 16, 2011


this wired article is also a must read.

the wired article is from ars technica.
posted by mrgrimm at 10:59 AM on February 16, 2011


What are the actual crimes committed here? (or what were they planning to commit?)

From the Greenwald link:

Manufacturing and submitting fake documents with the intent they be published likely constitutes forgery and fraud. Threatening the careers of journalists and activists in order to force them to be silent is possibly extortion and, depending on the specific means to be used, constitutes other crimes as well. Attacking WikiLeaks' computer infrastructure in an attempt to compromise their sources undoubtedly violates numerous cyber laws.
posted by Joe Beese at 10:59 AM on February 16, 2011 [1 favorite]


What are the actual crimes committed here? (or what were they planning to commit?)

To quote from the PowerPoint: "cyber attacks against the infrastructure", for one. "Cyber attacks" is a big umbrella, but I imagine that involves either denial-of-service or cracking into the WikiLeaks network, since they specifically mention where the servers are located.
posted by Nahum Tate at 11:00 AM on February 16, 2011 [3 favorites]


Greenwald indulges in far too much hyperbole. He's dishonest.

Least-substantiated statement I've read this week.
posted by davel at 11:00 AM on February 16, 2011 [11 favorites]


This very column where he says this whole thing is a gigantic conspiracy by Bank of America and the Chamber of Commerce (and even the DOJ!), when in reality they had very little to do with one desperate company run by a wack job who never got a dime for anything, never had any contact with DoJ, BoA or the CoC and seems to have never actually done anything.

What on Earth are you talking about? Did you read his whole article?

"My primary interest is in knowing whether Bank of America retained these firms to execute this proposal and if any steps were taken to do so; if Karp's apology is genuine, that information ought to be forthcoming (as I was finishing writing this, Karp called me, seemed sincere enough in his apology, vowed that any Palantir employees involved in this would be dealt with the way they dealt with HB Gary, and commendably committed to telling me by the end of the week whether Bank of America or Hunton & Williams actually retained these firms to carry out this proposal)"
posted by mrgrimm at 11:01 AM on February 16, 2011 [5 favorites]


What are the actual crimes committed here?

I've heard fraud, forgery, multiple computer crimes, extortion. God knows it goes across a state line somewhere, so typically there are interstate commerce laws involved.

Remember, there are over 10,000 laws in the US Code alone, and everyone is probably breaking several at once.
posted by Mister Fabulous at 11:01 AM on February 16, 2011 [1 favorite]


Huh, turns out you can't salt hashes with hubris.
posted by milquetoast at 11:02 AM on February 16, 2011 [16 favorites]


This very column where he says this whole thing is a gigantic conspiracy by Bank of America and the Chamber of Commerce (and even the DOJ!), when in reality they had very little to do with one desperate company run by a wack job who never got a dime for anything, never had any contact with DoJ, BoA or the CoC and seems to have never actually done anything.

It's important to note that those connections don't come from a Glenn Beck Chalkboard Of Insanity diagram. They come from leaked internal written by employees of the organizations in question.
posted by verb at 11:03 AM on February 16, 2011 [12 favorites]


Well, no, because they have no communications from any of those organizations, only from the people who were trying to sell those organizations a bunch of bullshit.
posted by empath at 11:05 AM on February 16, 2011


fuq: I hope Aaron Burr is never safe anywhere he goes
I hate to disappoint you, but the guy is a badass who can take care of himself.
posted by hincandenza at 11:11 AM on February 16, 2011 [21 favorites]


This very column where he says this whole thing is a gigantic conspiracy by Bank of America and the Chamber of Commerce (and even the DOJ!), when in reality they had very little to do with one desperate company run by a wack job who never got a dime for anything, never had any contact with DoJ, BoA or the CoC and seems to have never actually done anything.
Okay first of all HB Gary Federal had something like $10 million in contracts. Second of all, these companies came to HB Gary Fed on the recommendation of the DoJ. This guy was working with these companies to develop proposals, they weren't coming out of the blue here.
Well, no, because they have no communications from any of those organizations, only from the people who were trying to sell those organizations a bunch of bullshit.
There's communications from H&W, the law firm that was working with BoA. And the Chamber of Commerce deal was close to closing, supposedly.

Anyway, Greenwald's article isn't very different from the other articles that have been written based on the emails. So it seems like more of an issue of you downplaying what's going on here then Greenwald up selling it.
posted by delmoi at 11:13 AM on February 16, 2011 [8 favorites]



Well, no, because they have no communications from any of those organizations, only from the people who were trying to sell those organizations a bunch of bullshit.


The lawyers representing the bank and the chamber were negotiating to take these actions, and were clearly in the loop on the proposals. Did they just not tell their client what they were up to? Possible I guess.

This feels a bit like, "I didn't cheat on my taxes, my accountant did!" though.
posted by furiousxgeorge at 11:13 AM on February 16, 2011 [3 favorites]


I haven't seen any link yet to info on Codename MAGENTA, (or Task M) a rootkit supposedly under development by HBGary. (It's probably in one of the earlier posts! ;p)
posted by mrgrimm at 11:15 AM on February 16, 2011


Huh, turns out you can't salt hashes with hubris.

You can lead a jackass to hashing, but you can't make him bcrypt.
posted by ryoshu at 11:17 AM on February 16, 2011 [12 favorites]


Well, no, because they have no communications from any of those organizations, only from the people who were trying to sell those organizations a bunch of bullshit.

Right. Companies that have worked with the US government and other large corporations on other projects were pitching Bank of America and Chamber of Commerce on a targeted cyberwar campaign against US journalists, Unions, and independent foreign groups like WikiLeaks.

There is not yet evidence that the organizations in question launched the projects that were being proposed, but it's not like Palantir Technologies and the other firms involved were just traveling salesmen, knocking fruitlessly on Bank of America's closed door. The statements made by Greenwald and others seem to be pretty straightforward: They want to discover just how far these "pitch meetings" went, whether they became actual plans, and so on.

We've already seen categorical denials by two of the companies involved that were proven false within hours by people reviewing the email records. People were sacked, those responsible for the sacking have been sacked, etc. I'm not sure how this is all crazy conspiracist hand-waving, when the trail is pretty obvious and the conclusions being reached boil down to, "This would be illegal if it were carried out, and it deserves investigation."
posted by verb at 11:19 AM on February 16, 2011 [6 favorites]


hate to disappoint you, but the guy is a badass who can take care of himself.

He shoulda done that 20 years earlier and saved everyone a lot of grief...
posted by mikelieman at 11:21 AM on February 16, 2011


Metafilter: shit-disturbing computer users with a taste for lulz, fapping and trolling
posted by wcfields at 11:22 AM on February 16, 2011 [1 favorite]


.Second of all, these companies came to HB Gary Fed on the recommendation of the DoJ

They went to H&W on the recommendation of the DOJ. My impression is that these guys were one group of many that H&W reached out to, and they spun out this fantasy bid that had 0 chance of being accepted.
posted by empath at 11:24 AM on February 16, 2011



They went to H&W on the recommendation of the DOJ. My impression is that these guys were one group of many that H&W reached out to, and they spun out this fantasy bid that had 0 chance of being accepted.


Yeah, H&W was so unimpressed with the Chamber plans that when the Bank of America thing came up they didn't bother pointing it out to HBGary. Oh wait, I mean the other thing, where they specifically brought them in on the project on their own.
posted by furiousxgeorge at 11:26 AM on February 16, 2011 [3 favorites]


Christ. Who knew that the emotional trainwreck with all sorts of personal problems over in AskMe would have the wherewithal to execute a sophisticated hacking attack against a major government contractor....
posted by schmod at 11:26 AM on February 16, 2011 [24 favorites]


.We've already seen categorical denials by two of the companies involved that were proven false within hours by people reviewing the email records.

I definitely think all 3 of these security companies were low-life scum bags who proposed criminal activity if it had actually been carried out, but I think these guys were just brought on to the deal to pad out the contract with people who had the right words on their resume.
posted by empath at 11:28 AM on February 16, 2011


I'm not sure how this is all crazy conspiracist hand-waving, when the trail is pretty obvious and the conclusions being reached boil down to, "This would be illegal if it were carried out, and it deserves investigation."

Because Glenn Green hyperbolizes, takes money from the Cato Institute, leaves his toenails on the floor after clipping them, etc.
posted by Joe Beese at 11:29 AM on February 16, 2011


empath: what are you basing the "0 chance of being accepted" on? It sounds like the problem with the Chamber deal was the price, that was being lowered. This was something that had been worked out with multiple meetings, etc.

You accused Glenn of making false statements, yet you seem to be just making things up yourself: "0 chance of being accepted" and
one desperate company run by a wack job who never got a dime for anything, never had any contact with DoJ, BoA or the CoC and seems to have never actually done anything.
When in fact it was a collaboration of 3 companies, including Palantir, which is a bigger company that does a lot of contracting, and HB Gary federal had $10 million in contracts already!

Conflicting with the stuff you randomly make up in a thread does not make Greenwald wrong.
posted by delmoi at 11:29 AM on February 16, 2011 [5 favorites]


I'm amazed at how sophisticated the anonleaks email searcher for hbgary is. It's amazing!
posted by a womble is an active kind of sloth at 11:30 AM on February 16, 2011 [1 favorite]


but I think these guys were just brought on to the deal to pad out the contract with people who had the right words on their resume.

Empath, I really think you need to do more reading on this subject because you are just spouting stuff that really isn't correct, it looks like you are fishing for facts to support your theory. Berico and Palantir were essential to this program, without Palantir software all HBGary Federal has is Aaron Facebook stalking people.
posted by furiousxgeorge at 11:31 AM on February 16, 2011 [6 favorites]


Anyone know if HBGary violated California law governing private investigators? Apparently as private investigators license usually just grants one the right to loiter, but CA might take it further.
posted by jeffburdges at 11:33 AM on February 16, 2011


empath: what are you basing the "0 chance of being accepted" on? It sounds like the problem with the Chamber deal was the price, that was being lowered. This was something that had been worked out with multiple meetings, etc.

They got no response. They didn't get a response asking for a lower price. They got none.
posted by empath at 11:33 AM on February 16, 2011


Empath, I really think you need to do more reading on this subject because you are just spouting stuff that really isn't correct, it looks like you are fishing for facts to support your theory. Berico and Palantir were essential to this program, without Palantir software all HBGary Federal has is Aaron Facebook stalking people

And with them, all you have is Aaron Facebook stalking people with better software. Come on, these guys were total amateur hour, and Aaron looked like he was about a week away from getting fired before any of this stuff came up.
posted by empath at 11:34 AM on February 16, 2011


I definitely think all 3 of these security companies were low-life scum bags who proposed criminal activity if it had actually been carried out, but I think these guys were just brought on to the deal to pad out the contract with people who had the right words on their resume.

Just a few bad apples, folks! Nothing to see here.

And whatever certain unreliable bloggers might suggest, the government would never dream of participating in a criminal conspiracy with large corporations.
posted by Joe Beese at 11:35 AM on February 16, 2011 [3 favorites]


If someone can show me actual money changing hands, I'll believe that this stuff was serious, until then, it was pure fantasy.
posted by empath at 11:35 AM on February 16, 2011


empath: Anon is not difficult to infiltrate, since everything is public.

There's a difference between being "part" of anonymous, knowing the names behind some of anonymous, and directing anonymous. This "infiltration" is the 2nd type, supposedly knowing the real people behind the handles.
posted by filthy light thief at 11:35 AM on February 16, 2011


Hey, I love a good criminal conspiracy and would love to see BoA, etc, indicted for massive mortgage fraud, etc -- ie like real stuff that actually happened that actually harmed lots of people. This shit is small potatoes.
posted by empath at 11:37 AM on February 16, 2011


I definitely think all 3 of these security companies were low-life scum bags who proposed criminal activity if it had actually been carried out, but I think these guys were just brought on to the deal to pad out the contract with people who had the right words on their resume.

Even accepting your premise, it raises the troubling question of why the Department of Justice recommended low-life scumbags. Also, why SOCOM, the FBI, and a number of other federal agencies are sending millions of dollars in contracts their way as we speak. Palantir Tech alone is a 200-person development shop, not two guys in a basement.
posted by verb at 11:39 AM on February 16, 2011 [2 favorites]



They got no response. They didn't get a response asking for a lower price. They got none.


Empath, they had a meeting with the chamber scheduled for Monday this week, money has not changed hands because they don't have a deal yet. We know this. That does not mean the proposal was not serious. It was clearly taken very seriously by H&W to the point where they recommended HBGary to another major client.

And guess what, conspiracy to commit a crime is a crime too, even if you don't get around to actually doing it!
posted by furiousxgeorge at 11:39 AM on February 16, 2011 [6 favorites]


I'm a full-throated supporter of wikileaks and (usually) anonymous -- and I think this is a great story of someone getting hoist by his own petard, but I think this is just getting blown out of proportion by people who are trying to sell a narrative and are getting well ahead of the facts.
posted by empath at 11:40 AM on February 16, 2011


Because Glenn Green hyperbolizes, takes money from the Cato Institute, leaves his toenails on the floor after clipping them, etc.

No one should use this as an excuse to dismiss these allegations. God knows, probably nobody around here gives Greenwald more flak on these specific criticisms than I do, but even I can't deny for a second that the facts that are known to be established in this case demand a more thorough accounting.

If "respectable" private companies anywhere in the US are pitching services like these--effectively offering to act as private sector equivalents of the SS or the Stazi for hire--then the American people deserve to know, and both criminal investigations and broader congressional investigations into the scope and extent of these kinds of commercial activities absolutely must be undertaken.
posted by saulgoodman at 11:41 AM on February 16, 2011 [17 favorites]


And with them, all you have is Aaron Facebook stalking people with better software. Come on, these guys were total amateur hour

Amateur hour is not in dispute, we are talking about the 0% chance of getting the contract thing. H&W lawyers said that the Chamber was convinced on HBGary by a demo of Palantir software being used to track Iranian shipping.

and I think this is a great story of someone getting hoist by his own petard, but I think this is just getting blown out of proportion by people who are trying to sell a narrative and are getting well ahead of the facts.

Yes, but you are the one with a fact deficit here.
posted by furiousxgeorge at 11:43 AM on February 16, 2011 [1 favorite]


And guess what, conspiracy to commit a crime is a crime too, even if you don't get around to actually doing it!

Only if they do something in furtherance of the conspiracy. It's possible to propose and plan out a crime, but until you do something to indicate that you actually plan to go forward with the crime, the planning is not a crime in itself.
posted by empath at 11:43 AM on February 16, 2011


I'm a full-throated supporter of wikileaks and (usually) anonymous -- and I think this is a great story of someone getting hoist by his own petard, but I think this is just getting blown out of proportion by people who are trying to sell a narrative and are getting well ahead of the facts.

It is impossible to predict what would have happened if this information had been discovered later. As furiousxgeorge noted, the reason the communication stops in the leaked emails is because they are only a week or two old. According to those emails, meetings were scheduled for this week.

It's probably safe to assume those meetings won't happen, that the CoC and BoA will announce that they of course would NEVER have done ANYTHING like that, and that they're SHOCKED that some underling might have continued talking to companies after such terrible things were proposed...

But again, it's not conspiracy theories. It's discussion about the leak of a proposed illegal cyberwar campaign against journalists, unions, and wikileaks. This is known. It is fact.
posted by verb at 11:44 AM on February 16, 2011 [4 favorites]



Only if they do something in furtherance of the conspiracy. It's possible to propose and plan out a crime, but until you do something to indicate that you actually plan to go forward with the crime, the planning is not a crime in itself.


...and Aaron had already started his tracking of Chamber opponents on Facebook.
posted by furiousxgeorge at 11:45 AM on February 16, 2011


Which is not illegal.
posted by empath at 11:45 AM on February 16, 2011


I'm a full-throated supporter of wikileaks and (usually) anonymous -- and I think this is a great story of someone getting hoist by his own petard, but I think this is just getting blown out of proportion by people who are trying to sell a narrative and are getting well ahead of the facts.
Well, obviously it's a subjective evaluation. But it doesn't make everyone who disagrees with you a liar, which is what you accused greenwald of being. To me it does look like they were in negotiations to do this but hadn't completed those negotiations. The evidence suggests that the Chamber and BoA were very interested, but hadn't closed when Anon attacked.

There is no evidence to support your "0 chance" statement.
posted by delmoi at 11:46 AM on February 16, 2011



Which is not illegal.


It is an essential step in the process of the proposed crime.
posted by furiousxgeorge at 11:48 AM on February 16, 2011 [2 favorites]


Someone in a discussion of Anon mentioned these names that would crop up in resistance movements that were "open source" names anyone could speak with.

Multiple use names.
posted by zamboni at 11:48 AM on February 16, 2011 [1 favorite]


Barr's whole jihad against Anon started because he was trying to drum up business for HB Gary Federal, as they were hemorrhaging cash.

So? Law firms take pro bono cases for publicity all the time. Why would it be different with oter types of professional companies?

If Aaron Barr were a bumbling clod or a technical genius, it wouldn't matter. The 1337 H@ck0rZ would still treat him like the biggest idiot on Earth.
posted by Yakuman at 11:51 AM on February 16, 2011


I'm going to go ahead and contact my senators and reps and ask for a congressional investigation. The Dems still control the senate, and even if nothing comes out of this, it's an opportunity to make a shitload of political hay over the Chamber of Commerce and Bank of America when the Democrats could use a little more capital. At least have the CoC have to spend a couple news cycles defending themselves from this, the astroturfing motherfuckers.
posted by klangklangston at 11:52 AM on February 16, 2011 [9 favorites]


Anyone else think Aaron Barr is a cokehead? He seems like the kind of guy who is a cokehead.
posted by delmoi at 11:52 AM on February 16, 2011 [6 favorites]



Anyone else think Aaron Barr is a cokehead? He seems like the kind of guy who is a cokehead.


I think he might be.



/empath this is what wild speculation without evidence looks like.
posted by furiousxgeorge at 11:53 AM on February 16, 2011 [5 favorites]


[[ And guess what, conspiracy to commit a crime is a crime too, even if you don't get around to actually doing it! ]]

Only if they do something in furtherance of the conspiracy. It's possible to propose and plan out a crime, but until you do something to indicate that you actually plan to go forward with the crime, the planning is not a crime in itself.


It depends.

In the criminal law, a conspiracy is an agreement between two or more persons to break the law at some time in the future, and, in some cases, with at least one overt act in furtherance of that agreement. There is no limit on the number participating in the conspiracy and, in most countries, no requirement that any steps have been taken to put the plan into effect (compare attempts which require proximity to the full offence).
posted by Joe Beese at 11:56 AM on February 16, 2011 [3 favorites]


Without knowing all the details seems pretty unsophisticated. I assume HBGary was running an off the shelf CMS with known exploits and every 12 year old knows about rainbow tables. There is even one available on the web
posted by Ad hominem at 12:00 PM on February 16, 2011


Ok custom CMS, but anyone serious would try SQL injection on any user input.
posted by Ad hominem at 12:03 PM on February 16, 2011


If Aaron Barr were a bumbling clod or a technical genius, it wouldn't matter. The 1337 H@ck0rZ would still treat him like the biggest idiot on Earth.

It's worth noting that the Anon hack was not restricted to some idiot researcher who got in over his head. The rootkit site in particular was a well-known location for analysis of existing rootkits, and the security researchers who worked for the companies in question are relatively well respected.

The Ars Technica article is a good one in that respect -- it treats the situation as a study in a respected security company being tripped up by common social engineering and web vulnerabilities, not just a single guy poking the tiger and getting bitten.

And the leaked emails are not restricted to the p0wnd company whose site got hacked: those emails are what revealed the connections to other, much larger and much better known security firms working with government agencies and large corporate clients.

The long term effects of the leaks will not, IMO, be felt in criminal investigations. It will be felt in activist dialogue and public arguments. Remember RatherGate, or MemoGate, or whatever it was? It shaped several years of public discourse by allowing one side to say, plausibly, "Sure, that document is probably fake, too." This provides a number of progressive groups with an easy-to-point-to example of an uncovered plot to frame, discredit, and attack them. The US Chamber of Commerce whines about something? Yeah, yeah, remember the time when we all found out they were planning to frame their opponents for stuff, and attack journalists?

I'm not suggesting that those characterizations will result in correct conclusions, but the rhetorical landscape is definitely altered by these easy-to-narrate events. "Bank of America and the Chamber of Commerce were negotiating the details of a plan to do nefarious things" is a punchy summary, and getting tangled up in the nuance ("But we hadn't paid anyone yet!") is something that has proven ineffective in the past.
posted by verb at 12:04 PM on February 16, 2011 [6 favorites]


... it's an opportunity to make a shitload of political hay over the Chamber of Commerce and Bank of America when the Democrats could use a little more capital.

Greenwald again:

Hunton & Williams was recommended to Bank of America's General Counsel by the Justice Department -- meaning the U.S. Government is aiding Bank of America in its defense against/attacks on WikiLeaks

Having a Democratic DoJ introduce two parties who entered into a criminal conspiracy acting on behalf of the nation's largest bank might not be ideal from a hay-making standpoint.
posted by Joe Beese at 12:04 PM on February 16, 2011 [4 favorites]


Who cares about what the letter of the law might have to say about this?

From where I sit, it's neither credible nor acceptable to argue that the spirit of the law allows this kind of business practice.

Offering private investigative services or something that might probe into someone's personal affairs is one thing; offering, for a fee, to wage disinformation campaigns meant to professionally ruin and marginalize private US citizens for their political views/speech is another.

What are we just supposed to be cool with these modern-day Pinkerton type outfits running around, tarring people's good names for a fee with impunity? BS.
posted by saulgoodman at 12:06 PM on February 16, 2011 [5 favorites]


Without knowing all the details seems pretty unsophisticated. I assume HBGary was running an off the shelf CMS with known exploits and every 12 year old knows about rainbow tables.

The Ars Technica article is an excellent overview of how really serious exploits happen. Any one of the security holes that HBGary had would have been bad, and I'd argue that almost every company has them floating around in unrealized corners. It's ridiculously hard to completely avoid all security holes, and for most companies it's just not worth it. You put walls between critical systems and you ensure that your relatively unimportant systems don't have easy entrances into the more important ones.

The real problem was the multi-factor cascade of failures, some technical others human. The SQL injection revealed weak password hashing, which revealed a weak password, which was foolishly re-used by a user, whose account was used to convince a sysadmin to do something he shouldn't have, which was used to open up another security hole, which the sysadmin noticed but didn't crack down on as quickly as he should have, which...

The problem is that computer security, like physical security, is about obsessively following best practices and tightening down every bolt and screw, even if it makes your daily work really frustrating and cumbersome.

Solid security is hard. Not because it is rocket science, but because it is about constant annoying vigilance against small violations of protocol, few of which ever really matter.

Except when they do.

And then you're fucked.
posted by verb at 12:10 PM on February 16, 2011 [30 favorites]


The key screw up was using the same pass on the HBGary CMS and google apps for domains. That let them social engineer root.
posted by Ad hominem at 12:14 PM on February 16, 2011


I'm not suggesting that those characterizations will result in correct conclusions, but the rhetorical landscape is definitely altered by these easy-to-narrate events.

That was exactly my point about people trying to sell a narrative instead of figure out what actually happened.
posted by empath at 12:22 PM on February 16, 2011


I wonder how the people that were planning this little caper -- and the people that would have paid for it -- would feel if there was a website that published dossiers on them, using the same types of tools they were planning on using against Greenwald, unions, Anon, etc.?

Sousveillance is a bitch.
posted by ryoshu at 12:23 PM on February 16, 2011 [1 favorite]


The Irony is that Anon used the same 'spearfishing' technique to go after HBGary that HBGary proposed using to go after wikileaks. (I guess that is one crime that I did know about, but I forgot about it)

I kinda wish Anon had kept their trove of emails secret, let news of the initial hack blow over and then go after some of the other links in the chain. Ah well.
posted by delmoi at 12:28 PM on February 16, 2011


That was exactly my point about people trying to sell a narrative instead of figure out what actually happened.

Except that the examples you pointed to were not attempts to sell the narrative. They were relatively straightforward summaries of the emails that were sent back and forth, with minimal fill-in-the-gaps conclusions about where the negotiations were at.

I understand that your complaint seems to be with people who are claiming verifiable proof of specific actions taken by BoA and the CoC. I haven't seen those people here in the thread, however, and those claims don't appear in Glenn Greenwald's column. You said that he was dishonest, but couldn't point to anything he said that was not in fact contained in the emails, or reasonably safe to assume from the content of the emails.

You're arguing against the possibility of rhetorical overreach by making demonstrably false claims in this thread. (For example, that three high-profile security/IT firms with millions in government contracts and hundreds of employees were just fly-by-night loners who "had no chance of getting contracts," and "were just there to pad out bids".) I would really encourage you to back up for a moment and at least consider that you might be grasping at straws in an attempt to disprove people you feel are grasping at straws.
posted by verb at 12:29 PM on February 16, 2011 [4 favorites]


From the Greenwald article:

But the real issue highlighted by this episode is just how lawless and unrestrained is the unified axis of government and corporate power.

Is this hyperbole? Have we not seen enough examples yet to believe that sentence carries at least as much credence as anything we get from the government or the corporate world? Accusing Greenwald of hyperbole is not the same as disproving his thesis.

That this behavior goes on is undeniable, IMO. This kind of behavior is also the bedrock characteristic of fascism, BTW.
posted by Benny Andajetz at 12:30 PM on February 16, 2011 [4 favorites]


Is this hyperbole? Have we not seen enough examples yet to believe that sentence carries at least as much credence as anything we get from the government or the corporate world? Accusing Greenwald of hyperbole is not the same as disproving his thesis.
The problem is that it's subjective. You can't accuse someone of being dishonest for having different subjective evaluations then you.
posted by delmoi at 12:43 PM on February 16, 2011


"Having a Democratic DoJ introduce two parties who entered into a criminal conspiracy acting on behalf of the nation's largest bank might not be ideal from a hay-making standpoint."

First off, that's easy enough for the DoJ to disavow: "Of course we never suspected they'd do something like this."

Second off, since it's the Dems in Congress, not Obama, who are particularly unpopular and who just took a drubbing in the polls, it would still be helpful to them to call for investigations, even if those investigations never happened. All they need to do is look good in comparison to the Chamber of Commerce, who really is their biggest enemy in this, and it would give them an excellent opportunity to stump on behalf of the public.
posted by klangklangston at 12:57 PM on February 16, 2011


I think you're being way over optimistic klang. The Obama administration is trying to court business interests right now.
posted by delmoi at 1:00 PM on February 16, 2011


I kinda wish Anon had kept their trove of emails secret, let news of the initial hack blow over and then go after some of the other links in the chain. Ah well.

This seems to be the biggest indicator that Anonymous really isn't all that organized. Otherwise, once you had access to the e-mails, arguably the course of action with the best strategic payoff would be to monitor them silently for months, coordinate with trusted investigative journalists to research specific relationships, and build an enormous case against not only the one company, but the dozens of related entities. Doing this would have required oversight and decision-making that Anonymous just isn't set up to achieve, which may be a good thing in the long run.
posted by odinsdream at 1:33 PM on February 16, 2011 [3 favorites]


Who in the hell says in effect "Hey, were going to a story about you"

I mean HELLO? That's like telling Bill Mason your on to his second-story antics.
posted by clavdivs at 1:34 PM on February 16, 2011


Who in the hell says in effect "Hey, were going to a story about you"

I mean HELLO? That's like telling Bill Mason your on to his second-story antics.


I'm going to have to ask you to start over.
posted by odinsdream at 1:39 PM on February 16, 2011 [2 favorites]


This seems to be the biggest indicator that Anonymous really isn't all that organized. Otherwise, once you had access to the e-mails, arguably the course of action with the best strategic payoff would be to monitor them silently for months, coordinate with trusted investigative journalists to research specific relationships, and build an enormous case against not only the one company, but the dozens of related entities. Doing this would have required oversight and decision-making that Anonymous just isn't set up to achieve, which may be a good thing in the long run.

I don't think they really gave a shit about anything but discrediting Barr, the rest was just a bonus. Mission Accomplished.
posted by furiousxgeorge at 1:41 PM on February 16, 2011


One small good thing I found in that HBGary e-mail database is an easy way for IT professionals to identify Chinese infiltration-by-mail attempts:
"We would get spear-phish email campaigns where the email sender and source IP would be different but all the emails were encoded in GB2312 (Chinese Simplified), and the time offset was UTC +8 (China time zone). That made for good surveillance, rather than blocking one could redirect/monitor the emails that matched that criteria."
Also, I thought it was nice to see that Aaron's creepiness and competitiveness apparently extends to Second Life.

But the most creepy thing I found was this e-mail, which I don't think has been discussed on the news sites yet. It looks like an attempt by HBGary to invent a social game, like Farmville or Mafia Wars, specifically to lure its players into actually attending real-world locations, giving up location-based data, and providing incentives to invite their social networks in (thereby mining data on them):
"What follow are some examples of how real location data can be used:

1. Loitering

a. Where does the player like to spend time in the real world?

b. Example: Starbucks owns a virtual property in the 'San Francisco' region of the fantasy city. This property contains a special VIP lounge with some form of direct benefit to the player. Based on real-world location data, if the player spends more than 8 hours a month loitering in real Starbucks cafe's in San Francisco, it unlocks access to the special VIP area in the fantasy Starbucks - granting some benefit. This would encourage players to spend their real-world loitering time in Starbucks locations, possibly even using Starbucks wireless to access the game world. This translates to more retail sales for Starbucks.

2. Home Town

a. Players who are all located in the same town are offered special in-game benefits if they meet at a real world local park. This would be some form of quest. The benefit in-game would be meaningful, and it would encourage people to meet in real life...

The player's existing social networks can be integrated so that the player is likely to invite friends, family, and colleagues to play the game. Within the game, social groups can be created based on real-world social networks. In addition, virtual meeting places can be created based on common real-world interests. For example, players of like minded interests can construct a virtual 'meeting hall' or can create guilds devoted to a particular interest. They could meet and discuss their topic in the game world, and could casually game together. The game could offer an "invite a peer" program that utilizes the players *LinkedIn* social network to invite other players to a guild devoted to a particular industry. The player's *FaceBook* or *MySpace* network could be used for an 'invite a friend' program that gives the player a reward benefit. By extension, a player could give an in-game gift to a non-player in his social network, indirectly inviting that player to join the game. A buddy system in-game would give benefits to players who are already socially connected and join up as a team in-game. This incentive could be tied to a petition that requires a certain number of player signatures, inciting a player to invite friends from his social network."
The full e-mail is quite long and quite well-thought out. (And it's even correctly capitalized, since Aaron did not write it.) And all of that would be just fine and dandy coming from a game development company, or an advertising company trying to build brand-sticky "online experiences" for clients like Starbucks. But HBGary doesn't make games or ads, it's a security company with US government ties. Note that the theme of the game is never mentioned in the e-mail, only what kinds of information could be gleaned from it. Why would they want to create a surreptitious way to find out the real-world locations of people, their hometowns, their IP addresses, the names of people in their social networks, etc.?

Yeah, that's what I was thinking too. It's evil genius territory, actually -- why steal or subpoena data when you can incentivize people into outright giving it to you instead?
posted by Asparagirl at 1:42 PM on February 16, 2011 [27 favorites]


Spying aside that sounds like a fun game, forcing people to leave their basements would be good for MMO addicts.
posted by furiousxgeorge at 1:46 PM on February 16, 2011


I don't think they really gave a shit about anything but discrediting Barr, the rest was just a bonus. Mission Accomplished.

Right, and my interpretation of that is that there was no single guy who said "Hey guys, let's take a minute to read through a few of these e-mails and plan our next step." and even if there was, that person had no reason to expect others to actually listen and act on it.
posted by odinsdream at 1:50 PM on February 16, 2011


Right, and my interpretation of that is that there was no single guy who said "Hey guys, let's take a minute to read through a few of these e-mails and plan our next step." and even if there was, that person had no reason to expect others to actually listen and act on it.

Ironically, making Anonymous even more reliable as an unbiased disseminator of data than WikiLeaks. Anonymous leaks things because they want to embarrass people. They don't even bother to read the leaked data first -- they just write up an account of how they got it, do a little dance, and wander off to find a web board to pummel until the next interesting challenge appears.
posted by verb at 1:54 PM on February 16, 2011 [4 favorites]


Right, and my interpretation of that is that there was no single guy who said "Hey guys, let's take a minute to read through a few of these e-mails and plan our next step." and even if there was, that person had no reason to expect others to actually listen and act on it.

It is my interpretation that they had to discredit Barr before the eminent release of the names he gathered, so they didn't have a choice but to blow their cover early if that was their primary goal.
posted by furiousxgeorge at 2:00 PM on February 16, 2011


"I think you're being way over optimistic klang. The Obama administration is trying to court business interests right now."

Which would actually make a congressional investigation more effective, by allowing Obama to seem reasonable and more in line with the CoC.
posted by klangklangston at 2:12 PM on February 16, 2011


Imminent, curse you lack of edit window.
posted by furiousxgeorge at 2:16 PM on February 16, 2011


I'm going to have to ask you to start over.
posted by odinsdream

If you do not know who Bill Mason is and cannot draw an analogy, you need to just plain start, son.
posted by clavdivs at 2:22 PM on February 16, 2011


Step 1 : Gather all the data

Step 2 : ???

Step 3 : Profit


If web security doesn't work out for him, this Barr kid's got a bright career ahead of him as a MeFi commenter.
posted by jng at 2:27 PM on February 16, 2011


It is my interpretation that they had to discredit Barr before the eminent release of the names he gathered, so they didn't have a choice but to blow their cover early if that was their primary goal.

except that Barr comes off as such a complete tool that i feel confident that the names he got by comparing posting times on IRC, twitter, and facebook (undoubtably while going through kilos of cocaine) are well... the random ravings of a cocaine-addled military industrial marketing droid. i.e. they did it for the lulz cuz barr is such a total douchebag.

also,
According to the leaked e-mails, Aaron Barr believed that HBGary's website was itself subject to a denial-of-service attack shortly after he exposed himself to someone he believed to be a top Anonymous leader
exposed himself.. lol.
posted by ennui.bz at 2:42 PM on February 16, 2011


If web security doesn't work out for him, this Barr kid's got a bright career ahead of him as a MeFi commenter.

It wasn't Barr but the programmer he hired who said that.
posted by kenko at 3:05 PM on February 16, 2011 [1 favorite]


This seems to be the biggest indicator that Anonymous really isn't all that organized.

I think it's also an indication of Anonymous operating under the principle “lulz deferred is lulz denied”.
posted by hattifattener at 3:32 PM on February 16, 2011 [8 favorites]


It wasn't Barr but the programmer he hired who said that.

Did anyone catch that the only sane person in the emails, who consistently challenged Barr over his idiocy and eventually tried to warn his superiors of potential harm to the company, was some guy named CODER?
posted by psyche7 at 3:55 PM on February 16, 2011 [2 favorites]


Who really should be the CEO; this is why the system is broken.

Oh, and really, the most important aspect of this, is not that this is an "isolated incident" (aren't they all?) but how routine and commonplace this appears to be. No one in the whole chain, had any second thoughts or misgivings about attacking ("they will come into line when they realize where their self-interest lies") and discrediting media and organizations for reporting/speaking out against the actions of the US Government and their corporate sponsors (BoA, Chamber of Commerce). Welcome to our post-Constitutional Era.
posted by psyche7 at 4:09 PM on February 16, 2011


I want this story to never end. Every night I want to curl up in bed with my iPad and read more about HBGary's ineptitude. It makes me happy every single time.
posted by frenetic at 4:54 PM on February 16, 2011 [15 favorites]


my favorite quote ever about Anonymous, and i'm pretty sure i saw it on metafilter first : "Anonymous is like the T-rex at the end of Jurassic Park: it's not heroic, and I wouldn't want it to ever notice me, but I cheered when it took down those fucking velociraptors."
posted by radiosilents at 6:30 PM on February 16, 2011 [9 favorites]


Burr figured out what was going on and tried to make a call to lock down all of his systems, but unfortunately he had just taken a big bite of a peanut butter sandwich, there was no milk around, and he could not make himself understood.
posted by Kwine at 6:31 PM on February 16, 2011 [5 favorites]


Kinda funny how damn ordinary these hacks are.
posted by organic at 7:50 PM on February 16, 2011


Aaron Barr suggests making malware delivery more effective, in an email to the NSA:

I think that someone could automate much of the social reconnaissance process and could create a mechanism for getting people to open malware that is much more effective than what exists today. This capability could be highly targeted based on profession, company, friends, etc.

Aaron Barr
CEO
HBGary Federal Inc.

posted by Rumple at 8:00 PM on February 16, 2011


my favorite quote ever about Anonymous, and i'm pretty sure i saw it on metafilter first : "Anonymous is like the T-rex at the end of Jurassic Park: it's not heroic, and I wouldn't want it to ever notice me, but I cheered when it took down those fucking velociraptors."

That would be twirltip -- the original comment now weighs in at 250+ favorites. I think it's official, now.
posted by verb at 8:36 PM on February 16, 2011 [2 favorites]


Seriously, fuck this guy, fuck his business, and especially fuck all these people for going after me for my political beliefs.

Yes. It's COINTELPRO II -- contracted out this time because anything the government can do, the private sector can do better, amirite?

GO, ANONYMOUS, GO!
posted by Marla Singer at 9:00 PM on February 16, 2011


You know what scares me the most about all this? Barr was planning on giving names to the FBI. The FBI is going to raid people as being anti-American hackers. A total fabrication could end up in criminal proceedings.

Even with complete nonsense as evidence (facebook login timestamps correlated with irc logins?!), I bet that Barr's reputation could make this evidence real.

Imagine that an expert with a renowned security firm that works with the FBI, DOJ, and intelligence communities, testifies that you are an anti-American cyberterrorist. He says he has proof.

That's what's scary.

It might not even matter TO THEM if their security is theater. Does Barr care if he catches real online criminals? If the point is a media campaign against wikileaks, it doesn't matter, so long as the end result is that wikileaks is associated with hackers who are attacking America.
posted by cotterpin at 4:12 AM on February 17, 2011 [7 favorites]


You know what, I'll do you one better. I'm just a tiny bit too old to really be a part of the Anon thing, the first crop of them were freshman when I was graduating (to ball park it) but if I was a few years younger, I would have been there when they were getting their shit together, and I definitely wouldn't have left.

Are they heroes? No, they are not heroes. Some of them are quite despicable people, and lots of them do pool-shitty BS like disseminate malware and viruses just to expand their own ability to be dicks later on. But even if we were to call them terrorists (which would be fucking ridiculous) their cause, deep down at the root, is inherantly democratic. Not in a big-d Democratic Party kind of way, and not in a rah-rah-USA kind of way, but in a pro-transparency anti-obscurity, pro-people anti-manipulation, pro-honesty even about things that suck anti-white lies and propaganda kind of way. I don't really enjoy spending time on /b/, and some things that are done by the legion I will not ever defend, but on the whole I am damned glad they're out there, and as shadowy groups seeking to control the world I live in, I trust Anon a lot more than Google, B of A or whoever the fuck else.
posted by paisley henosis at 6:04 AM on February 17, 2011 [5 favorites]


Imagine that an expert with a renowned security firm that works with the FBI, DOJ, and intelligence communities, testifies that you are an anti-American cyberterrorist. He says he has proof.

This is a great point. It's kinda like how "expert testimony" about DNA matches isn't really very strong, if you understand the statistics and the hashing that's going on, but since it's an "expert" they're automatically given great weight.

The same thing could happen (probably does) with IT stuff, and it's so much worse because people typically have no clue at all about programming, hacking, technical details, etc. Hell, there have been cases examining whether someone has the right to link to certain resources on the web. Insane.
posted by odinsdream at 7:51 AM on February 17, 2011 [3 favorites]




From jeffburdges' last link:
Some WikiLeaks associates are planning a new website called OpenLeaks, "dedicated to the same dangerous conduct," King added. "These organizations are a clear and present danger to the national security of the United States. Julian Assange and his compatriots are enemies of the U.S and should be prosecuted ..."
Fuck you, Peter King.
posted by Marla Singer at 1:04 PM on February 17, 2011 [1 favorite]




An analysis of some of the tools Barr was talking about building, from Infosec Island. Attached comments are interesting too. From the author, responding to a point about Anonymous's ideological motives:
...I did not say they were completely justified. Nor have I said that the tools would not work. In the implementation and scale that Aaron wanted to do it, the programmer was right. I too perform this type of intelligence gathering so I know this.
...
Meanwhile, I hate to admit it, but, Jester did a better job at poking Anon in the eye AND he still hasn't been popped. Not for lack of trying though...
posted by XMLicious at 10:19 AM on February 19, 2011






« Older That's a titanic amount of isk!!!!oneeleven!!!   |   Anthrax evidence not conclusive says NAS Newer »


This thread has been archived and is closed to new comments