HBGary is a technology security company. Two distinct but affiliated firms carry the name: HBGary Federal, which sells its products to the US Federal Government, and HB Gary, Inc.
In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers. In early 2011, Barr claimed to have used his techniques to infiltrate the Wikileaks supporter Anonymous, partly by using IRC, Facebook, Twitter, and social engineering. His e-mails depict his intention to release information on the identities of Anonymous members and to sell it to possible clients.
In early February of 2011, the activist group Anonymous hacked the firm's website, copied tens of thousands of documents from HBGary, posted tens of thousands of company emails online, and usurped Barr's Twitter account.
Wikileaks, Bank of America, Hunton & Williams, and Anonymous
Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to Wikileaks' planned release of the bank's internal documents. The plan included "disrupting" reporter Glenn Greenwald in his support of Wikileaks. Emails detail a supposed business proposal by HBGary to assist Bank of America's law firm, Hunton & Williams, in a "dirty tricks campaign" that included proposals to fabricate "false documents": "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."
Chamber of Commerce
According to other e-mails, the Chamber of Commerce hired the lobbying firm Hunton & Williams, and attorneys for the law firm then solicited a set of private security firms — HB Gary Federal, Palantir, and Berico Technologies (collectively called Team Themis) — to develop a sabotage campaign against progressive groups and labor unions, including the climate change watch group ThinkProgress, the labor coalition Change to Win, the labor union SEIU, US Chamber Watch, and StopTheChamber.com. Later emails revealed that the private spy company investigated the families and children of the Chamber’s political opponents. The apparent spearhead of this project was Aaron Barr, who circulated numerous emails and documents detailing information about political opponents’ children, spouses, and personal lives.
On February 10, 2011, the Chamber of Commerce issued a statement denying they hired HBGary, calling the allegation a "baseless smear", and blaming the Center for American Progress and its blog, ThinkProgress for "the illusion of a connection between HBGary, its CEO Aaron Barr and the Chamber."
Creating false personas online
In another Word document, one of the members of Team Themis spells out how automation can work so one person can be many personas on websites, twitter feeds, and comments sections: "Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. In this case there are specific social media strategy website RSS feeds we can subscribe to and then repost content on twitter with the appropriate hashtags. In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas."
Hacked e-mails and documents also suggest that the firms of Team Themis had planned to steal information from the Chamber’s opponents through "malware." On November 2, 2010, HBGary Federal executive Aaron Barr sent John Woods, a lawyer at Hunton & Williams representing the Chamber of Commerce, two documents discussing tactics for assisting the Chamber in targeting its critics. One presentation boasted of HBGary Federal’s capabilities in “Information Operations,” a military contractor term for data extraction techniques typically reserved for use against terrorist groups. The slide includes sections on “Vulnerability Research/Exploit Development” and “Malware Analysis and Reverse Engineering.”
In other presentations, Barr discusses his expertise in “Information Operations” forms of hacking like a “computer network attack,” “custom malware development,” and “persistent software implants.” The presentation shows Barr discussing using “zero day” attacks to exploit vulnerabilities in Flash, Java, Windows 2000 and other programs to steal data from a target’s computer. Describing a “spear phishing” strategy (an illegal form of hacking), Barr advised his colleague Greg Hoglund that “We should have a capability to do this to our adversaries.” In an e-mail on November 9, 2010, Barr sent Chamber attorney John Woods an e-mail about his data extraction capabilities. Barr had compiled a dossier on a top Chamber attorney, Richard Wyatt, to use it as an example of what they could do to the Chamber’s adversaries. However, in the e-mail, Barr claimed that he realized that Wyatt’s wife’s computer had core vulnerabilities that could be exploited to gain access to Richard’s personal data: “If I can exploit her account through one of her social connections I can exploit the home network/system." According to ThinkProgress: "This explains why Team Themis devoted so much time to researching the families and children of progressive activists, to find vulnerabilities in their computer systems."
Resources and articles
- How one man tracked down Anonymous - and paid a heavy price By Nate Anderson, updated 2-10-2011, Ars Technica, retr 2011-02-11
- Data intelligence firms proposed a systematic attack against WikiLeaks James Wray & Ulf Stabe, Tech Herald, 2011, retr 2011-02-11
- Bright, Peter (2011-02-15). "Anonymous speaks: the inside story of the HBGary hack". Law & Disorder: Tech Law and Policy in the Digital Age. San Francisco: Ars Technica. Retrieved 18 February 2011.
- Leyden, John (2011-02-17). "Anonymous security firm hack used every trick in book". Enterprise Security. London: The Register. Retrieved 18 February 2011.
- Firm targeting WikiLeaks cuts ties with HBGary - apologizes to reporter Steve Ragan, Tech Herald, 2 11 2011, retr 2011 02 11
- Joseph Romm, "Bombshell: Chamber of Commerce lobbyists solicited firm to investigate opponents’ families, children" ThinkProgress, Feb. 13, 2011.
- Collamore, Tom (2011-02-10). "More Baseless Attacks on the Chamber". Chamber Post. Washington: US Chamber of Commerce. Retrieved 18 February 2011.
- Collamore, Tom (2011-02-11). "Another Smear from the Center for American Progress". Chamber Post. Washington: US Chamber of Commerce. Retrieved 18 February 2011.
- Joseph Romm, "Denier-bots live! Why are online comments’ sections over-run by the anti-science, pro-pollution crowd?" Climate Progress, Feb. 20, 2011.
- Lee Fang, "Plan solicited by Chamber of Commerce lawyers included malware hacking of activist computers" Climate Progress, Feb. 23, 2011.