Anonymous v. Computer Insecurity Expert Aaron Barr – Updated

Anonymous protesting, photo courtesy of Astrojunta

We are Anonymous.

We are legion.

We do not forgive.

We do not forget.

Expect us – always.

Gotta admit. It’s short. Sweet. To the point. You’d think they hired a marketing expert to come up with that slogan.

Anonymous Wars

Everyone has heard of Anonymous. A lot of people think that Anonymous is a bunch of dangerous anarchistic radicals. They are right. Anonymous is a bunch of dangerous anarchistic radicals. They believe in the most perverted concept ever invented. Ethics.

Let’s take the most recent attack. Aaron Barr of HBGary Federal had claimed that he had infiltrated Anonymous. And that he had learned who the leaders were.

Now Anonymous is rumored to have gotten it’s start in /b on 4chan. Like a lot of writers interested in the phenomenon, I’ve spent a fair bit of time in /b, trying to understand the culture. One thing I learned immediately. Anonymous doesn’t have leaders.

To those who’ve grown up used to the sort of Top Down leadership used in most corporations or governments, the idea of a group with no leadership seems an oxymoron. To those used to the Internet, where a suggestion made today, can be a totally engaging interest for millions a day later, this is normal.

So Aaron made his claims.

Anonymous Strikes Back

Aaron gives the impression of not being all that bright. One thing that has been documented again and again, is that if you attack Anonymous, Anonymous strikes back. But is it the same Anonymous?

Anonymous is an anti-organization. There’s no leaders. There’s no plans. There’s no membership. There’s no lines of communications. About the only thing that Anonymous has is a nebulous interest in ethics. Ethics are often, but not always the reason for actions by Anonymous.

Anyone who knew anything at all about Anonymous knew that Aaron Barr was lying like a rug when he claimed that Anonymous had a well defined hierarchy. Anyone who knew anything about Anonymous expected that Anonymous would react. And they did. Whether or not it was the same Anonymous that he claimed he was tracking, or another, we don’t know.

And yes, there is more than one Anonymous. Read the statements released by Anonymous, and you can tell that easily. Different wordings, different interests, different intents. The only thing in common is the name. Some of these groups might even have a hierarchy of sorts!

So yesterday Anonymous hit, and hit hard. Here’s some examples of their work:

HB Gary Website - Hacked

Yep. Typical Anonymous work.

Panic Replacement of the Hacked Site

HB Gary’s panic replacement page. It doesn’t look good if a security company’s security fails, does it?

Aaron Barr's Twitter Account Security Breached

It really gives you a lot of confidence in a security company, when it’s employees are so careless of security that they loose control of their Twitter accounts.

Ted Vera of HB Gary - another HB Gary Security Fail

Oh dear, another HB Gary employee who’s personal LinkedIN account has been taken over by Anonymous.

Security Firm has email uploaded to The Pirate Bay - SECURITY FAIL!

Oh yes, and a security company having their emails uploaded to The Pirate Bay, is a major fail.

Return of Anonymous

The fun part is that HBGary Federal doesn’t seem to get it. They claim to be security experts. But…

Greg Hoglund who co-founded HBGary told Brian Krebs:

“Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent. They didn’t just pick on any company, but we try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on.”

Greg Hoglund doesn’t get it. Anonymous has already proven that HBGary isn’t a competent security company. As Mike Masnick of Techdirt says, Reputation is Everything. HBGary has blown their reputation. Founded in October 2010. Expected to be dead by December 2011.

Oh, and Greg lied about the breach, read the Krebs interview, then look at this screen cap:

How Hoglund Gave Away Access to RootKit.Com

It they can’t even protect themselves, how can HBGary hope to protect the U.S. Government?

Regards

Wayne Borean

Monday February 7, 2011

PS: As most of you will have noticed, the chapter titles were inspired by the original Star Wars Trilogy. Feed kids stories where rebels are the heros, and kids will become rebels. Feed kids stories where truth and justice are the driving force, and kids will believe in truth and justice. And when you prove you were lying about believing in truth and justice, expect them to get angry, and react.

PPS: Interesting article about Scientology. The first time I heard about Anonymous was in conjunction with their protests against Scientology, that this article appeared today is an interesting coincidence.