
How one man tracked down Anonymous—and paid a heavy price  - steveklabnik
http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars
======
iuguy
I've resisted discussing this but I think it's late enough after the event to
chime in.

First off, disclaimer: We sell HBGary's products in the UK, I know Greg and
Penny personally, as well as Jussi (who runs rootkit.com but as far as I'm
aware does not work for HBGary). I'm not claiming to speak for anyone or
company, just for myself on a purely personal level.

After looking into this, what happened is that HBGary invested in 15% of
HBGary Federal, a company set up to do work HBGary didn't want to do. Now
presumably (from TFA) they were looking at selling this off.

I don't know Aaron, but it sounds to me like he's a bit of a character at
least (I'll leave it to others to resort to namecalling) and completely
misunderstood what Anonymous are and how they work - FWIW we investigated
Anonymous' years ago for some clients who'd been DDOSed and concluded that the
simple solution is (to paraphrase Greg's irc comment) not to poke the wasps
nest.

Penny, Greg and HBGary in general are in a bit of a tough situation now
because of Aaron's actions and appear to have no ability to impose anything on
HBGary Federal. This should serve as a warning to others that if you're going
to use the name elsewhere, you better have a way of enforcing unforseen issues
that may arise.

The sad thing about all of this is that Penny and Greg are really great guys,
and HBGary is a good company with some insanely great technology. I'm sure
they'll pull through, but I imagine there will be collateral damage for them
resulting from this for some time to come.

~~~
moe
_HBGary is a good company with some insanely great technology_

Insane would be to trust security-related products or advice from a company
that can't even secure its own mailserver.

~~~
iuguy
We don't know if the security of the mailserver was at stake here. A web app
was compromised through SQL injection, then lateral movement was used to get
to the mailserver (which may or may not have been on the same box).

The rootkit.com mail server has nothing to do with HBGary AFAIK.

To put it in perspective, HBGary's (not HBGary Federal) technology is a thing
called Digital DNA that cuts down the amount of time it takes to analyse
memory fragments. That's their focus.

I could understand your reference if they were a company that wrote mail
server software and were compromised through their mail server, but your point
is a bit of an apple to oranges comparison.

The thing is, people get owned all the time. Even security companies. Heck, we
get targeted attacks on us fairly routinely, and when something comes in we
have (I think, and unlike most we have actually been able to test it's
effectiveness) reasonably good methods for detecting bad stuff coming in and
going out, but I'd never say that one day our emails won't end up spread
across the Internet, and I wouldn't be so bold as to suggest that someone that
has had systems compromised didn't do a proper job just because they were
compromised.

The attacker only needs one way in. The defender has to protect against
everything. That's not a level playing field.

~~~
stcredzero
_A web app was compromised through SQL injection, then lateral movement was
used to get to the mailserver (which may or may not have been on the same
box)._

If their aim was the highest level of security, then such lateral movement
should not have been possible.

~~~
iuguy
> If their aim was the highest level of security

Which nobody has stated was there aim. There's a big misconception that
somehow security firms should strive to have absolutely perfect security,
which is completely wrong.

Security firms should aim for the most appropriate level of security to
protect their information assets based on a reasonable approach. As should
everyone else.

If their source code was stolen, then yes you could say that the level of
protection was inappropriate because if the source code is the highest value
asset they have, it probably shouldn't be accessible from the Internet.

That an Internet-facing web app was broken into and an email server for
receiving and sending email to and from _the Internet_ means that they have to
be connected to the Internet to work. If these systems contained information
assets that were sufficiently sensitive to the point of considering post-
compromise lateral movement then they probably shouldn't be connected to the
Internet.

~~~
moe
I'm not sure what all this beating around the bush is about.

They're calling themselves a "security firm" (at least that's how everyone
refers to them) and they engage in cyber-warfare against anonymous.

Having your mailserver compromised on that premise, during what was probably
the first serious attack, disqualifies you from that game.

And by the way, how do you know their source code was not stolen or
backdoored?

 _There's a big misconception that somehow security firms should strive to
have absolutely perfect security, which is completely wrong._

Excuse me? "Absolutely perfect security"?

This was not some minor breach into some peripheral webserver. 4.71GB of their
E-Mail is on BitTorrent[1].

[1] <http://thepiratebay.org/torrent/6156166/HBGary_leaked_emails>

~~~
iuguy
> They're calling themselves a "security firm" (at least that's how everyone
> refers to them) and they engage in cyber-warfare against anonymous.

Random acts of stupidity by individual actors that should know better do not
qualify as cyber-warfare.

> Having your mailserver compromised on that premise, during what was probably
> the first serious attack, disqualifies you from that game.

I sincerely doubt that was the first attack on their infrastructure and
applications. We're routinely attacked by targeted threats and we're even
smaller than HBGary.

> And by the way, how do you know their source code was not stolen or
> backdoored?

I don't, but I will be asking about it when I speak to them, as will everyone
else they speak to. Hopefully they will segregate the code from the Internet.

> Excuse me? "Absolutely perfect security"? > This was not some minor breach
> into some peripheral webserver. 4.71GB of their E-Mail is on BitTorrent

And what's the value of the information assets stored in that e-mail? Is it
4.71Gb of subscription reminders for icanhazcheezburger? What proportion of
that mail is actually sensitive and unencrypted, or decryptable within a
timeframe where the sensitivity is still relevant?

This is the thing, it's easy to scream about volume, but the fact is that
there's a lot of data to go through. We've already seen stuff leak out from it
that realistically was not best placed to be sent around unencrypted, but the
same would apply in any company that had their mail servers broken into, the
mail stolen and then distributed across the Internet.

~~~
stcredzero
_> They're calling themselves a "security firm" (at least that's how everyone
refers to them) and they engage in cyber-warfare against anonymous.

Random acts of stupidity by individual actors that should know better do not
qualify as cyber-warfare._

A firm that can have their entire email database compromised by one
individual's "Random acts of stupidity" doesn't have enough safeguards.

 _And what's the value of the information assets stored in that e-mail? Is it
4.71Gb of subscription reminders for icanhazcheezburger?_

We know it's not that. Ask any random company what they think of having their
email db out there as a torrent. No one is going to like that idea. It may not
be the end of the world, but no one credible is going to say it's not a big
deal. No one is going to say it's worth the money saved by not isolating your
mail server.

 _This is the thing, it's easy to scream about volume_

No one is screaming about volume. That wasn't even central to the point being
made. You seem to be trying to pretend it is, though.

 _but the fact is that there's a lot of data to go through._

But then you turn around and invoke "security through too-much-stuff."

~~~
podperson
How do we know it's their "entire" email database? 4.71GB would hardly cover
my person email database.

------
SwellJoe
I can't believe this guy has a job in a security company doing work for the
federal government. I'm getting a strong vibe that he's schizophrenic. I've
known an unmedicated schizophrenic, and this is the way they talked and acted.
Self-aggrandizing, convinced they have comprehended great secrets based on
little to no data (schizophrenics often believe that have "other ways of
knowing" or extremely heightened intuition), and a belief that once they tell
the whole story of the truths that have been revealed to them the world will
take notice and be amazed.

The coder in this story is an hero (OK, just a reasonably nice guy, not afraid
to tell the moronic "analyst" to go to hell), and obviously prevented a lot of
damage by actively working against Barr's insane plans.

I feel the tiniest bit sorry for Leavy and the rootkit guy, as they clearly
weren't encouraging this stuff, but really, they knew this guy was a whack-a-
mole and they kept him on anyway, I guess because his crazy ego managed to
close sales. It's really hard to take pity on someone that knows there's a
crazy guy using company resources to go on a personal jihad against random
kids on the Internet, and doesn't do anything to stop it.

The level of invasion of privacy this guy was taking part in, against
children, is pretty much inexcusable. He's not law-enforcement, and should not
be allowed to act as though he has a warrant for rifling through the personal
lives of dozens or hundreds of children. All 50 states have laws that cover
cyberstalking, cyberharassment, and cyberbullying; in a just world, this
nutjob would end up in prison. Whether these kids have done anything wrong or
not is irrelevant. Barr is a private citizen, and adult, and he ought to leave
law enforcement activities to the police or FBI.

Edit: I should point out that I don't think anyone should be arrested for
browsing facebook or twitter or whatever. I was a bit rambling in this
comment, and the entirety of my thought processes are not exactly made clear
by the text. The stuff that I think is probably illegal is the stuff he was
doing outside of his actual research: Dropping hints and threats in mainstream
media and in IRC about the data he was gathering, using his fake persona to
stir up a shitstorm by leaking that a security company was gathering data on
the people he was talking to, etc. I had to google cyberstalking to even know
if there were laws about this stuff (and there are, and in all fifty states).
While I don't know if those laws are reasonable or not, I'm pretty sure he
crossed the line into breaking some of them, particularly in the case of his
underage targets.

~~~
notahacker
I'm not sure that schizophrenia is any better an explanation than
straightforward arrogance. Assuming that the leaks of his work are reasonably
accurate I'd be concerned if the government actually started using his
research to arrest people though.

I'm not sure that Barrs interest in finding patterns in publicly available
information in order to sell his intelligence is any different to advertising
analysts doing the same thing. The attempt to socially engineer Anonymous via
IRC is a bit more extreme, but I haven't seen any evidence that he intended
_harrassing_ them; the problem would have occurred if and when law enforcement
bodies started harassing innocent people based on his dodgy intelligence. If
you start making any investigative work or social network analysis carried out
by private citizens online illegal on the basis of stalking laws then you risk
censuring a lot of people actually doing good work.

~~~
cookiecaper
True, and Barr's idea is not actually far off; Facebook and other social
networking sites are intelligence goldmines, linking people to aliases,
groups, networks, and a lot of other things. Think of how hard it may be for a
fugitive to retreat to a trusted safehouse when he's published a list of
everyone he's ever met on Facebook via the Friends list, and/or named the
handful of people he hasn't friended in a status or note.

The CIA has shown interest in Facebook's database for a long time, because,
besides the normal detective work a normal detective can do if he reads
through a Facebook page, if you get a handful of _real_ mathematicians working
with that dataset, they can certainly rig something up that would at least
return really interesting results.

------
DrStalker
Isn't anonymous less an organized group with leaders and more a bunch of
people who hang out and occasionally someone says "hey, it would be cool if we
all did <thing>" and whoever is listening joins in?

~~~
cookiecaper
Yes, but traditional media has a hard time grasping the concept. It's just a
_lot_ of directionless guys that latch onto whatever cause seems palatable at
the time and requires no more effort than running LOIC/other simple DDOS
programs. Basically the definition of script kiddies, there's just a large
concentration of them on one message board system.

~~~
Helianthus16
This is true, but doesn't mean there aren't coordinators, actually skilled
hackers who embrace the directionlessness even as they give it direction. It
isn't _just_ foot-soldiers.

~~~
cookiecaper
There are no real leaders; they may break off into factions, like those that
frequent a certain IRC room, but the group "Anonymous" is a non-entity by any
meaningful definition. It's whoever happens to be on 4chan or other, mostly
similar message boards, and out of those, whoever is enticed to join a chat
room or download LOIC, and out of those, people that actually click the button
to send a lot of requests to DDOS (or people that show up to taunt
Scientologists, as the case may be).

There are lots of people that go there to marshal the forces and most fail,
cf. "/b/ is not your personal army". If someone happens to generate a buzz
that rings for most of the board's demographic, they can start a chain
reaction where a lot of people hit MasterCard at once, and get a bunch of
disciples attracted to an IRC room for who knows how long -- it may last a day
or a month, there's no way to say definitively. The marshaller then becomes
the leader of that group of disciples, but "Anonymous" isn't a group by
itself.

The most accurate definition for Anonymous is "a subset of users of Xchan".
That's not a very good definition, especially if you want to go around and pin
DDOS and whatever else on individual people.

~~~
Natsu
> The most accurate definition for Anonymous is "a subset of users of Xchan".
> That's not a very good definition, especially if you want to go around and
> pin DDOS and whatever else on individual people.

I mentally replace "Anonymous" with "protesters" whenever they're protesting
anything. It makes it a lot more clear and it's more accurate. We already have
amorphous groups of people who protest various things, and this is, as near as
I can tell, the online equivalent.

~~~
stcredzero
I would guess that such groups are being manipulated by exceptionally smart
people for specific ends, some significant fraction of the time.

~~~
GHFigs
You don't have to be exceptionally smart, only persistent and willing to
eschew the trappings of leadership in favor of playing the "Anonymous has no
leaders" game. Anonymous craves leadership but resents authority, so it's
crucial to appear indistinct from the super- or trans-human whole while
prodding the herd in your desired direction lest you pop the illusory bubble
that gives it strength. This is not unlike what Jaron Lanier calls the "oracle
illusion", by which something like Wikipedia gets much of it's percieved
authoritativeness by scrubbing out any trace of individual authorship.
Anonymous tells Anonymous what to do and Anonymous generally does it.

For instance, the most interesting thing about a thread like this[1] is the
timestamps, because they give you a rough idea of how many Anons are actually
participating. Two and three minute gaps between posts is an eternity on /b/,
the kind of thing you see when a thread hasn't gotten much attention and is
likely to die. What I am saying is that many (perhaps most) of the posts (even
apparently dissenting ones) in the above thread are likely to have been the
same person, persistently bumping an overlooked thread, waiting for it to gain
traction.

Of course there is no way to prove this, and one can more easily perceive this
is a vibrant conversation between a much larger group of people (which also
can't be proved). Whether this was intentional or not, it is an easy way for a
vocal minority to recruit from the largely apathetic majority. The perception
of being part of a group has an enormous impact on getting people to
participate[1].

Not only does anonymity amplify the power of "leaders" in this way it also
reflects the yearning of the "followers" to be relieved of the burden of an
individual identity or responsibility. As Eric Hoffer describes in _The True
Believer_ :"Those who see their lives as spoiled and wasted crave equality and
fraternity more than they do freedom. If they clamor for freedom, it is but
freedom to establish equality and uniformity. The passion for equality is
partly a passion for anonymity: to be one thread of the many which make up a
tunic; one thread not distinguishable from the others. No one can then point
us out, measure us against others and expose our inferiority."

That isn't to say that Anonymous consists uniformly of maladjusted poltroons--
it doesn't, by a long shot, nor are they generally fanatics in any but the
most temporary sense--but it's not controversial to say that it harbors a
large population of disaffected youth and misfits of every stripe. Some eager
to "do something", others just bored, but all by definition willing to
disappear into a crowd.

[1]:[http://images.encyclopediadramatica.com/images/a/a4/Chanolog...](http://images.encyclopediadramatica.com/images/a/a4/Chanologybegins1.jpg)

[2]:I think this is a pretty uncontroversial point, too, but Bill Wasik's
"flash mob" work is particularly relevant
<http://www.harpers.org/archive/2006/03/0080963> " _Q. Why would I want to
join an inexplicable mob? A. Tons of other people are doing it._ "

~~~
stcredzero
My read:

1) Your post is _pure gold_.

2) You are probably such a transitory leader on /b/ or reddit.

A cryptic tl;dr would be: Lots of people want to be a superhero. Given the
choice, most would opt for the power of invisibility.

~~~
astrange
> You are probably such a transitory leader on /b/ or reedit.

Writing a long post is easier than getting people to do work for you.

Anyway, I don't see anything suspicious about those post times, not for 2008.

------
citricsquid
Based on my own minimal experience, the majority of these IRC channels are
just a small group of "Anonymous" doing whatever they want, different channels
will get publicised at different times through different means, "Anonymous"
doesn't _exist_ in any way beyond being a label people use, I guess it could
be compared to "emo" or "jock" in high school; they have no "leadership" but
people join these _groups_ and label themselves as such.

> _The show was run by a couple of admins he identified as "Q," "Owen," and
> "CommanderX"—and Barr had used social media data and subterfuge to map those
> names to three real people, two in California and one in New York._

isn't Q the bot that runs on quakenet as a proxy admin?

~~~
shin_lao
Q is probably a reference to Star Trek character's Q:

<http://memory-alpha.org/wiki/Q>

~~~
khafra
I don't know what the chances are that Barr's actually that stupid/crazy, but
Citricsquid is saying there's a reasonable chance the IRC admin Barr "tracked
down the real identity of" was actually a bot.

------
colanderman
I'm astounded at both the CEO's (Aaron's) lack of basic grammar skills, and
predeliction for "script kiddie" talk. How do you get to be CEO of anything
when you communicate (even informally) at the level of an 8th grader?

(edit: I meant Aaron; Penny was decently well spoken)

~~~
leon_
1\. drink brain away 2\. become "social media" expert 3\. lie to get funding
4\. ??? 5\. ceo

~~~
1337p337
I think you've just described at least two startups I've worked for.

------
Helianthus16
He thought that Anonymous was affiliated ("strongly linked") with Wikileaks,
as if there was some secret backdoor agreement between them. Nutcase. There
doesn't _need_ to be any agreement or promise between Anonymous and other
parties.

------
wipt
Why is it so hard for some people to grasp that Anonymous are just what they
claim to be - everyone and yet no one person? There is no roster, no voting,
but they are still organized.

Maybe one could call it a mob mentality?

~~~
bdclimber14
It's hard because corporate leaders have an incredibly difficult time
organizing their own companies to achieve comparable feats to what Anonymous
can do overnight.

~~~
fleitz
You can actually use military techniques to analyze why this is. Anonymous
operates inside the enemy ODA (Observe Decide Act) loop.

The ODA loop for a typical corporation is at least 5 people. Eg. from when
someone observes something (anon is ddosing us) to when that information
reaches someone who can act on it (the CEO) anonymous has already completed
it's complete loop which is (post on IRC, have people read it and suggest
action) the ODA loop for anonymous is on the order of 5 minutes, the ODA loop
for a corporate CEO is probably more like 5 hours to 5 days.

Therefore anonymous will always be about 25 steps ahead of a corporate target.
The primary advantage that comes from this is that anonymous appears to act
'randomly' which causes further stress on the enemy ODA loop and forces them
to continually react which leaves the proactive party in control of the
competitive landscape (battlefield)

If you study military genius you'll find that the most effective commanders
were the ones that pushed command furthest down to the org chart.

We know that decentralized control is much more efficient than centralized
control. Communism didn't lose because its a failed ideology or because its
godless, it failed because it's command and control systems allocate resources
poorly. They allocate resources poorly because of information asymmetry and
the length of the ODA loop.

The important thing to take from this for software development is that your
time from when you decide to implement a feature to when you deploy to
production or get a product to market (AppStore,BestBuy,etc) is your ODA loop.

Also, for software watch what happens to your favorite webserver under intense
load when you replace it's queue (FIFO) with a stack (LIFO). The LIFO
drastically shortens the median response time.

~~~
gaius
I think you mean OODA <http://en.wikipedia.org/wiki/OODA_loop>

~~~
fleitz
Yes, grr... my bad :)

~~~
cracki
obvious symmetry to the Read-Eval-Print Loop.

~~~
dpritchett
The unifying concept is the half-life (exponential decay) of plans and
information. The older your intel, the less valuable the plans you have built
off of that information.

Top-down and waterfall approaches institutionalize this in order to provide an
illusion of control to the executives and shareholders. Agile development and
maneuver warfare each seek to tighten their feedback loops.

~~~
fleitz
So you're basically saying that information follows inverse square law
according to time? Very interesting idea.

------
JonnieCache
This guy is clearly a dangerous moron. This kinda makes me feel better for
being so cold about this whole affair in the other thread.

The terrifying thing is that there are still people in government who believe
sentences like _"specific techniques that can be used to target, collect, and
exploit targets with laser focus and with 100 percent success" through social
media._

I mean, who claims one hundred percent success at anything?

EDIT: Also, that coder hopefully shouldn't be buying any drinks for a while.

~~~
rst
The same people who believe that DRM can effectively prevent copying, if the
people selling it say that it can. Which is to say, the ones who think of
technology as wizardry, and evaluate wizards by looking for social proof.
(They can't really evaluate what the guy's selling, but they sure can tell if
he's the kind of person that would get respect at a cocktail party.)

------
jdp23
The log where the CEO of the parent company joins the IRC chat room is great
reading. <http://pastebin.com/x69Akp5L> \-- search for "HI it's me"

~~~
pessimizer
[04:15] <@blergh> Penny: What i am saying is that someone residing on your
network attacked one of my boxes

[...]

[04:16] <+Penny> OK how do I know who is on my comcast network?

[04:16] <+heyguise> lol

[04:16] <+heyguise> omg that is precious

~~~
dekz
_Interesting replies_

[04:37] <+Penny> Hey I"m not sure how this whole Torrent thing works, I'm sure
I"ll find out but I can tell you that if you want freedom of press and

[04:37] <+Penny> documents, there is a better way than doing it this way. What
you did was illegal and it will hurt you guys as wel

...

[04:41] <+Penny> Can you take PHil out?

...

[04:42] <+Penny> Perhaps I'll invest in you guys, but invest in me, please do
not leak any of the emails from HBGary

...

<in reference to Greg her husbands emails>

[04:48] <+Penny> OK, so if we fire Aaron, you won't release?

...

<in reference to Bradley Manning>

[04:54] <+Penny> This isn't about Greg's email this is about Bradley. When you
work for the military and you take an oath, shouldn't that count?

[04:55] <+Penny> It's not negotiation, I'm asking a question I want answered.
You want me to donate to bradley's fund

[04:56] <+Penny> OK BUT what if it puts people in harms' way? What if it cause
bad ramifications for US citizens?

...

<Penny's husband Greg now comes on>

[05:51] <+greg> do you guys realize that attacking a U.S. company and stealing
private data is something you have never done before?

~~~
pyre

      > You want me to donate to bradley's fund
      > OK BUT what if it puts people in harms' way? What
      > if it cause bad ramifications for US citizens?
    

She's acting like there isn't going to be a trial of any sort. Sounds like she
equates contributing to a defense fund with breaking someone out of prison.

------
prpon
A great read. It's amazing how Aaron Barr completely believed his hunches even
when his programmer said that the data doesn't backup his analysis. He is a
business man trying to get paid big bucks from FBI for his hunches.

~~~
r00fus
Sadly, were he rewarded with a continuing money stream, he would likely
justify the innocent names as "collateral damage" as the money would have been
a mark of success.

Aaron Barr fancies himself a modern-day witch-hunter, and it's good he was
hoisted on his own petard.

~~~
khafra
Gives one pause to think about the attractiveness of the career "witch-hunter"
when the witches actually do have magic powers.

------
stcredzero
My read: The piece is based on Anonymous propaganda. Anonymous itself is
actually an amorphous propaganda outfit. The primary purpose of their actions
is to produce media. Anonymous achieves these ends in part by taking on
opponents with good story value, but no consequential power. They also engage
in actions against significant players, like credit card companies, but these
actions are most effective in creating media while only resulting in momentary
financial damage. Anon is a media entity, not a financial one.

~~~
1337p337
Some of them are. The Guy Fawkes masks are sort of a good way of describing
them: a bunch of completely unrelated people assuming the same identity for a
time. Likewise, the "Anonymous" you hear of is usually the "Anonymous" that
pulls this sort of stunt and then publicizes it. There are a number of people
hanging out on /b/ doing nothing but humorous (depending on your sense of
humor) image manipulation, also calling themselves Anonymous, and people
trolling LiveJournal doing the same. They've all got a different character,
but if they all use the same name, it makes them difficult to attach
attributes to.

They get to be anonymous by all assuming the same name, "Anonymous"; it's
tricky to talk about them as a unified group because it's a group of groups,
all with the same name. "This Anonymous" versus "that Anonymous" is hard to
talk about. (It's a disclosed exploit in language.)

~~~
stcredzero
_They get to be anonymous by all assuming the same name, "Anonymous"_

People have been doing something like that for thousands of years. That's
never meant that everything done under that name was wholly aimless and
spontaneous.

~~~
1337p337
I didn't say that; I said that it's hard to attach attributes to them since
they're not a coherent organization, but a number of people claiming the same
name.

------
corin_
Where's Sorkin when you need him to write a screenplay?

~~~
stcredzero
Reclining somewhere warm while drinking his FU money?

------
mcantor
FTA, from one of Barr's e-mails: "... accept during hightened points of
activity..."

Did this drive anyone else _bonkers_? I think "accept" or "hightened" alone
wouldn't have bugged me. But for some reason the juxtaposition of the two in
this sentence made me nerdrage.

~~~
marshray
"except" -> "accept" could be explained by autocorrect or speech recognition
but "hightened" suggests the use of neither.

------
scotty79
You just need to program as good as I talk bullshit. I think I've heard
something along those lines in my professional expeirience.

------
dalore
Reading the story, time and time again his programmer warned him about
anonymous, and said he shouldn't be messing with them.

Then what do you know, he gets attacked by anonymous. Do you think maybe his
programmer is in anonymous? :)

~~~
tezmc
You don't have to have anything to do with Anonymous to have some idea of what
they're capable of when they're poked with a stick.

------
johnmack
Someone, please, bring eggs and throw them at Aaron Barr during BSides
security Feb 14-15! Literally: bring eggs. Please, I'll by you a beer

------
hardik988
Wow, this was almost like a cyber crime thriller! Anyone for writing a book on
Anonymous ?

~~~
mahmud
Anon should write it together, using Etherpad.

~~~
Perceval
That will turn out poorly:
<http://static.funnyjunk.com/pictures/therobot02.jpg>

------
nhangen
I've yet to see anyone address the behavior of anonymous, and it appears as
though it's been justified by most because this dude was an asshole - but why
not point a finger at them both?

~~~
cookiecaper
Well, there's no story to really address there. Barr was dangerously ignorant
and naive. He had a complete misconception of how these things were organized
and how they worked while claiming to know all of the identities of "the
leaders" by correlating Twitter posts with what someone in IRC was talking
about.

If you get on the news and say, "Hello Criminal Group. We have a bunch of
information on your leaders that will get them arrested, we are meeting with
the FBI next week", it is only reasonable to expect some attempted
retaliation. I think that no one is surprised that the targeted group
compromised HBGary's servers -- there are, after all, much worse things that
could happen -- except maybe the HBGary people themselves, who, as we see
here, were already in way over their heads.

No one addresses the behavior of Anonymous because it is completely and
totally the _expected_ reaction. The shocking thing about the story is Barr's
personality and behavior, not the idea that someone will retaliate if you
threaten to decapitate their organization.

~~~
nhangen
So that makes attacking a company's website OK?

If I did something illegal every time someone pissed me off, I'd be a lifer.

~~~
cookiecaper
It doesn't make it OK. You said that you were surprised no one was talking
about or condemning Anonymous's behavior. No one is doing that because there's
nothing interesting to talk about there. We all already know that stealing and
publishing private corporate data to embarrass its authors and defacing
private networks is not good. We also already know that if you threaten a
group capable of retaliation, with a long history of retaliation, they'll
probably retaliate.

The silence is not an endorsement, it's just that it's so much more
interesting to talk about Barr/HBGary's behavior than it is to waste time
reiterating trite condemnations of script kiddies.

------
rapicastillo
On a related note, what he was trying to do reminded me of a Kaggle.com winner
on social networks, deanonymizing social networks:
<http://www.cs.utexas.edu/~shmat/shmat_oak09.pdf> . The latter, of course, is
better than gut feel.

Also, his coder is fun. :D Taco!!!

------
michaelty
"The coder said he didn't support all they did, but that Anonymous had its
moments. Besides, "I enjoy the LULZ.""

Who among us hasn't?

------
eam
A message from HBGary Federal: <http://www.hbgary.com/>

~~~
X-Istence
<https://twitter.com/#!/anonymousirc/status/35578771021111296>

Apparently the S/MIME signatures match just fine ... it is possible they got
ahold of their private keys as well to sign messages, but that would be more
difficult than hacking the central servers as private keys are stored locally
on the clients machine.

~~~
cookiecaper
Not necessarily. You can copy private keys to different machines just as
easily as you can copy anything else. Since it's important not to lose private
keys, it's plausible that lazy and/or ignorant persons would copy them to
central servers for easy retrieval. It's much more hassle to burn to a CD and
put them in a safe deposit box at the bank, after all.

------
justinj
Guess he got what he wanted - _there's no such thing as bad publicity_.

------
bdclimber14
I think someone needs to read "The Starfish and the Spider"

------
micah63
I never really felt safe on the Internet, but wow

------
buckwild
good story.

------
peterpaul
I <3 anon

------
leon_
> so I can give all those freespeech nutjobs something

That says everything about Mr. Barr that needs to be said.

~~~
maweaver
Well you could complete the quote for fairness: "I just called people
advocating freespeech, nutjobs - I threw up in my mouth a little."

~~~
chc
Barr could have edited it out if he didn't really believe it. A fleeting
moment of awareness that you support fascism isn't really all that important
in the grand scheme of things.

------
shareme
1 First lesson: All data on Internet until verified is suspect.

------
shareme
Anyone see the wikileaks connection?

Some DOD contractors were attempting to hire them to put out miss-information
to discredit wikileaks..

Which might explain the original Anonymous insvestigation

~~~
lwat
Actually it was Bank of America that hired Palantir and HBGary Federal to help
them defend against the upcoming BoA Wikileaks release.

------
mcs
Type cookie you idiot!

~~~
Devilboy
Aaron Barr is not big on typing from the looks of it.

------
freedrull
Is this article supposed to make sense?

