HBGary

HBGary
Industry Computer software
Computer security
Founded 2003[1]
Founder(s) Greg Hoglund
Headquarters Offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.[2]
Key people Greg Hoglund
(Founder & CEO)
Penny Leavy
(President)
Aaron Barr
(Former CEO of HBGary Federal)
Website HBGary Inc.
HBGary Federal

HBGary is a technology security company. Two distinct but affiliated firms carry the name: HBGary Federal, which sells its products to the US Federal Government,[3] and HB Gary, Inc.[4] Its other clients include information assurance companies, computer emergency response teams, and computer forensic investigators.[5]

Contents

History

The company was founded by Greg Hoglund in 2003.[1] In 2008, it joined the McAfee Security Innovation Alliance.[5] The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences.[6][7] HBGary also analyzed the GhostNet and Operation Aurora events.[3][6] As of 2010, it has offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.[2]

HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance.[8] As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies.[9]

Wikileaks, Bank of America, Hunton & Williams, and Anonymous

See also: Anonymous: attack on HBGary Federal
Step 1 : Gather all the data
Step 2 : ???
Step 3 : Profit

—HBGary programmer to Barr disparaging his plan with a reference to an episode of South Park.[3]

In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers.[3]

In early 2011, Barr claimed to have used his techniques to infiltrate Anonymous,[3][10][11] partly by using IRC, Facebook, Twitter, and social engineering.[3][12] His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,[3][13] including the FBI.[14] In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.[3][15] In a communiqué, Anonymous denied association with the individuals that Barr named.[16]

On February 5-6, 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.[12][17][18] Anonymous also claimed to have wiped Barr's iPad remotely, though this act remains unconfirmed.[3][13][19][20] The Anonymous group responsible for these attacks would go on to become Lulzsec.

Fallout

Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to Wikileaks' planned release of the bank's internal documents.[4] The plan included "disrupting" reporter Glenn Greenwald in his support of Wikileaks.[14] Emails detail a supposed business proposal by HBGary to assist Bank of America's law firm, Hunton & Williams, in a "dirty tricks campaign" that included proposals to fabricate "false documents".[21] "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."[22]

Emails indicate Palantir Technologies, Berico Technologies, and the law firm Hunton & Williams (recommended to Bank of America by the US Justice Department)[14] all cooperated on the project.[22] Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups.[23][24]

The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal:

Astroturfing

It was also revealed that HBGary Federal was contracted by the U.S. government to develop astroturfing software which could create an "army" of multiple fake social media profiles.[34][35]

Malware development

HBGary had made numerous threats of cyber-attacks against Wikileaks. The dossier of recently exposed emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code named Magenta,[14] that would be "undetectable" and "almost impossible to remove."[36]

In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for middle east & asia" (sic) which "would contain back doors" as part of an ongoing campaign to attack support for Wikileaks.[37]

Products

HBGary Products
Name Purpose
FastDump, FastDumpPro RAM snapshots (aka memory imager) of Windows computers[38][39]
Responder Pro, Responder Field Edition Analyze RAM, pagefiles, VMWare images, etc.
sort & display images, network links, etc. etc.[39][40][41]
Digital DNA, Active Defense detects malware[5][39][42]
Inoculator malware detection through Remote procedure call[43]
FGET collect forensics data remotely[44]
REcon 'sandbox' malware recorder[41]
Fingerprint analyzes common patterns amongst malware, such as algorithms, encodings, compilers used, names used, etc., and possibly attempt to identify the creators of a piece of malware.[6][45]
Flypaper capture malware binary code[7]

Some products are integrated into other products (i.e. REcon and Digital DNA into Responder)[41]

References

  1. ^ a b HBGary At A Glance, www.hbgary.com,
  2. ^ a b HBGary :: Detect. Diagnose. Respond. HBGary official website, via www.hbgary.com on 2011 02 11
  3. ^ a b c d e f g h i j Anderson, Nate (2011-02-09). "How one man tracked down Anonymous—and paid a heavy price". Ars Technica. http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars. Retrieved 2011-02-09. 
  4. ^ a b Ragan, Steve (2011-02-09). "Data intelligence firms proposed a systematic attack against WikiLeaks". The Tech Herald. Monsters and Critics. http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1. Retrieved 2011-02-11. 
  5. ^ a b c HBGary Unveils Digital DNA™ Technology , Press Release, karenb, forensicfocus.com 3 12 2009, retr 2011-02-11
  6. ^ a b c Researcher 'Fingerprints' The Bad Guys Behind The Malware, Kelly J. Higgins, Dark Reading, 6 22 2010, retr 2011-02-11
  7. ^ a b Basic Malware Analysis Using Responder Professional by HBGary. Black Hat #174; Technical Security Conference: USA 2010 retr 2011-02-11
  8. ^ Elliott, Justin (2011-02-16). "Firm in WikiLeaks plot has deep ties to Feds". Salon.com. http://www.salon.com/news/politics/war_room/2011/02/16/hbgary_federal. Retrieved 2011-02-16. 
  9. ^ Anderson, Nate (2011-02-24). "Anonymous vs. HBGary: the aftermath". Ars Technica. http://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars/2. Retrieved 2011-02-25. 
  10. ^ Taylor, Jerome (2011-02-08). "Hacktivists take control of internet security firms". The Independent. http://www.independent.co.uk/news/media/online/hacktivists-take-control-of-internet-security-firms-2207440.html. Retrieved 2011-02-11. 
  11. ^ Menn, Joseph (2011-02-04). "Cyberactivists warned of arrest". Financial Times. http://www.ft.com/cms/s/0/87dc140e-3099-11e0-9de3-00144feabdc0.html. Retrieved 2011-02-11. 
  12. ^ a b Bright, Peter (2011-02-15). "Anonymous speaks: the inside story of the HBGary hack". Ars Technica. http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars. Retrieved 2011-02-18. 
  13. ^ a b Olson, Parmy (2011-02-07). "Victim Of Anonymous Attack Speaks Out". Forbes. http://blogs.forbes.com/parmyolson/2011/02/07/victim-of-anonymous-attack-speaks-out/. Retrieved 2011-02-11. 
  14. ^ a b c d Leigh, Lundin (2011-02-20). "Wikilicks". Criminal Brief. http://criminalbrief.com/?p=15747. Retrieved 2011-02-20. "CEO Aaron Barr thought he’d uncovered the hackers’ identities and like rats, they’d scurry for cover. If he could nail them, he could cover up the crimes H&W, HBGary, and BoA planned, bring down WikiLeaks, decapitate Anonymous, and place his opponents in prison while collecting a cool fee. He thought he was 88% right; he was 88% wrong." 
  15. ^ Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead Mike Masnick, TechDirt.com Feb. 11th 2011
  16. ^ Anonymous statement from hacked HBGary Website Anonymous, Feb. 2011
  17. ^ Olson, Parmy (2011-02-06). "Anonymous Takes Revenge On Security Firm For Trying To Sell Supporters’ Details To FBI". Forbes. http://blogs.forbes.com/parmyolson/2011/02/06/anonymous-takes-revenge-on-security-firm-for-trying-to-sell-supporters-details-to-fbi/. Retrieved 2011-02-11. 
  18. ^ http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html
  19. ^ Menn, Joseph (2011-02-07). "‘Hacktivists’ retaliate against security expert". Financial Times. http://www.ft.com/cms/s/0/0c9ff214-32e3-11e0-9a61-00144feabdc0.html. Retrieved 2011-02-11. 
  20. ^ Anderson, Nate (2011-02-10). "(Virtually) face to face: how Aaron Barr revealed himself to Anonymous". Ars Technica. http://arstechnica.com/tech-policy/news/2011/02/virtually-face-to-face-when-aaron-barr-met-anonymous.ars. Retrieved 2011-02-11. 
  21. ^ Leyden, John (2011-02-17). "Anonymous security firm hack used every trick in book". The Register. http://www.theregister.co.uk/2011/02/17/hbgary_hack_redux/. Retrieved 2011-02-18. 
  22. ^ a b c Ragan, Steve (2011-02-11). "Firm targeting WikiLeaks cuts ties with HBGary - apologizes to reporter". The Tech Herald. Monsters and Critics. http://www.thetechherald.com/article.php/201106/6804/Firm-targeting-WikiLeaks-cuts-ties-with-HBGary-apologizes-to-reporter. Retrieved 2011-02-11. 
  23. ^ HBGary: Don't let this story die, it's big. furiousxxgeorge, DailyKos, Feb. 13 2011
  24. ^ Hacked Documents Show Chamber Engaged HBGary to Spy on Unions emptywheel, FireDogLake, Feb. 10 2011
  25. ^ Pastebin - log of Anonymous IRC channel audience with Penny Leavy of HBGary Inc Anonymous, pastebin Feb. 7, 2011
  26. ^ Collamore, Tom (2011-02-10). "More Baseless Attacks on the Chamber". US Chamber of Commerce. http://www.chamberpost.com/2011/02/more-baseless-attacks-on-the-chamber/. Retrieved 2011-02-18. 
  27. ^ a b Collamore, Tom (2011-02-11). "Another Smear from the Center for American Progress". US Chamber of Commerce. http://www.chamberpost.com/2011/02/another-smear-from-the-center-for-american-progress/. Retrieved 2011-02-18. 
  28. ^ Fang, Lee (2011-02-10). "EXCLUSIVE: US Chamber’s Lobbyists Solicited Hackers To Sabotage Unions, Smear Chamber’s Political Opponents". Think Progress. Center for American Progress. http://thinkprogress.org/2011/02/10/lobbyists-chamberleaks/. Retrieved 2011-02-10. 
  29. ^ Karp, Alex (2011-02-10). "Statement from Dr. Alex Karp". Palantir Technologies. http://www.palantir.com/statement-from-dr-alex-karp. Retrieved 2011-02-10. 
  30. ^ Lauerman, Kerry (2011-02-11). "A disturbing threat against one of our own". Salon.com. http://www.salon.com/about/inside_salon/2011/02/11/threats_against_glenn_greenwald_wikileaks/index.html. Retrieved 2011-02-12. 
  31. ^ Paul Roberts (February 28, 2011). "HBGary Federal CEO Aaron Barr Steps Down". threatpost.com. http://threatpost.com/en_us/blogs/hbgary-federal-ceo-aaron-barr-steps-down-022811. 
  32. ^ Justin Elliott (March 1, 2011). "Democrats call for probe of top D.C. law firm". salon.com. http://www.salon.com/news/politics/war_room/2011/03/01/hunton_williams_investigation. 
  33. ^ http://www.wired.com/threatlevel/2011/03/congress-and-hbgary/
  34. ^ Darlene Storm (February 22, 2011). "Army of fake social media friends to promote propaganda". Computerworld Inc.. http://blogs.computerworld.com/17852/army_of_fake_social_media_friends_to_promote_propaganda. Retrieved 2011-02-24. 
  35. ^ Cory Doctorow (February 18, 2011). "HBGary's high-volume astroturfing technology and the Feds who requested it". BoingBoing. http://www.boingboing.net/2011/02/18/hbgarys-high-volume.html. Retrieved 2011-02-25. 
  36. ^ "HBGary INC. working on secret rootkit project. Codename: “MAGENTA”". Crowdleaks. 2011-02-14. http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/. Retrieved 2011-02-14. 
  37. ^ Anderson, Nate (2011-02-14). "Spy games: Inside the convoluted plot to bring down WikiLeaks". Ars Technica. http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars. Retrieved 2011-04-10. 
  38. ^ Evidence Technology Magazine - Product News, retr 2011-02-11
  39. ^ a b c Cyber Forensics Tools for Live Memory Acquisition and Analysis, Bob Slapnik, HBGary, 2010 02 11, retr 2011-02-11
  40. ^ HBGary Responder Field Edition - SC Magazine US Peter Stephenson 5/1/2009 SC Magazine, retr 2011-02-11
  41. ^ a b c Product Watch: New Tool Automatically Examines Suspicious Code In Memory By Kelly J. Higgins, InformationWeek, 2010-02-08, retr 2011-02-11
  42. ^ Spotting Malware By Its Signature, By WILLIAM MATTHEWS, Published: 17 May 2010, Defense News, retr 2011-02-11
  43. ^ Make your own anti-virus signatures with DIY tool from HBGary, Ellen Messmer, Networkworld, 2010 11 3, retr 2011-02-11
  44. ^ Forensics Out Of Reach For Most Small To Midsize Organizations, Kelly J. Higgins, Dark Reading, 9 8 2010, retr 2011-02-11
  45. ^ Fingerprint is advertised as being a way to discover information about the authors of various pieces of malware, by analyzing the aforementioned patterns.

External links