This is only a Preview!

You must Publish this diary to make this visible to the public,
or click 'Edit Diary' to make further changes first.

Posting a Diary Entry

Daily Kos welcomes blog articles from readers, known as diaries. The Intro section to a diary should be about three paragraphs long, and is required. The body section is optional, as is the poll, which can have 1 to 15 choices. Descriptive tags are also required to help others find your diary by subject; please don't use "cute" tags.

When you're ready, scroll down below the tags and click Save & Preview. You can edit your diary after it's published by clicking Edit Diary. Polls cannot be edited once they are published.

If this is your first time creating a Diary since the Ajax upgrade, before you enter any text below, please press Ctrl-F5 and then hold down the Shift Key and press your browser's Reload button to refresh its cache with the new script files.


  1. One diary daily maximum.
  2. Substantive diaries only. If you don't have at least three solid, original paragraphs, you should probably post a comment in an Open Thread.
  3. No repetitive diaries. Take a moment to ensure your topic hasn't been blogged (you can search for Stories and Diaries that already cover this topic), though fresh original analysis is always welcome.
  4. Use the "Body" textbox if your diary entry is longer than three paragraphs.
  5. Any images in your posts must be hosted by an approved image hosting service (one of: imageshack.us, photobucket.com, flickr.com, smugmug.com, allyoucanupload.com, picturetrail.com, mac.com, webshots.com, editgrid.com).
  6. Copying and pasting entire copyrighted works is prohibited. If you do quote something, keep it brief, always provide a link to the original source, and use the <blockquote> tags to clearly identify the quoted material. Violating this rule is grounds for immediate banning.
  7. Be civil. Do not "call out" other users by name in diary titles. Do not use profanity in diary titles. Don't write diaries whose main purpose is to deliberately inflame.
For the complete list of DailyKos diary guidelines, please click here.

Please begin with an informative title:

In the first part of this story, we spent a lot of time on HBGary and HBGary Federal - computer security companies whose website and network were destroyed by internet attacks by some members of the group called Anonymous.  They were fighting back when they found out that HBGary was using them to get publicity.  In the process, the world found out what else HBGary was doing for their high profile client, the Bank of America.


You must enter an Intro for your Diary Entry between 300 and 1150 characters long (that's approximately 50-175 words without any html or formatting markup).

A few years ago, we all found out how the Bank of America caused a crisis in the banking system.  When the truth came out, they didn't really face any long term penalty from either the government or the public.

Still, the Bank of America was worried about being caught making bad loans so they went further to try and fix their any potential damage to their public image.  This is where HBGary finally comes in.  When the group Anonymous read their internal emails, they found out that HBGary was doing more than just computer security.  They were using their computers to invent false identities on the internet... a large number of false identities whose job it was to loudly and publicly defend the Bank of America.  Using their software, one person could write an opinion that would get multiplied and posted around the internet under many different users on a wide variety of websites for public view.  The HBGary product was careful enough to make the identities different and realistic sounding.  Even the comments were composed to not sound like they came from the same template.    They hoped a fake grassroots campaign of support from a large number of seemingly indepenent people would drown out any public outcry against them.

This strategy is based on a phenomenon called "social proof."  In short, if one person criticizes the Bank of America but thirty or forty reply to defend the bank, the average person will ignore the facts and instead try to go along with the majority.

It was really a good strategy.  People generally trust and accept what corporations do. So a large amount of public support is all they needed to ignore the facts and let the bank do what it wanted to do. It was a lot of work and expense for the bank, but obviously worth it.  As we have already seen, there is a large market for spamming on the internet.  Using web links as citations has become useless to prove your claims.

So the outcome of the story is overall positive for the Bank of America.  Even though Anonymous exposed this story, it will probably just end up attracting more customers because of the large number of positive comments supporting the bank on internet discussion forums.  But what about competitors or consumer advocates who might catch on?  HBGary is thinking ahead one step.  They are now building a counter-attack system to fight anyone who might try to expose their spam service.  Their strategy includes infecting their opponent's computers with viruses and targetting their family members.

It is an attractive total package – improve your public opinion without having to worry about the public.  And if anyone doesn't like it, destry their computer to silence real public opinion.  HBGary Federal COO Ted Vera and Maria Lucas had already sold a package to Jesse van Nevel of Bank of the West and Peter Lam and Morian Eberhardt of Union Bank.  They were also signing a contract with Tony Plachy of Zion Bank for a whole set of software including segments called Responder Pro, Active Defense, On Demand and EndGames

But now that their whole plan is exposed, some customers are definitely scared away from HBGary.  The Chamber of Commerce, Bank of America, Palantir Technologies and Berico Technologies  have disassociated themselves from the security company.

Aaron Barr got caught because he started a poorly conceived, highly public project to attract business.  He took this risk because his company badly needed sales and he thought he could offer a very attractive service.  But now, banks and groups like the Chamber of Commerce will probably just go to go to other companies that sell the same service, but kept a lower profile and haven't been caught yet.

For example, HBGary was reselling software from Endgame Systems -- a Virginia computer security firm -- through their subsidiary called IP Trust.  Thomas Zebley of IP Trust was quoting a price of either 20 thousand or 48 thousand dollars a year for one of their services, depending on the volume they needed.  But despite the large potential profit motive, Endgames CTO Chris Rouland was especially interested in keeping their partnership a secret, saying explicitly to keep the name of his company out of any HBGary press releases.  We haven't yet heard why.

We know the HBGary Federal subsidiary was formed to provide these same services to the US government.  We haven't even yet talked about what government clients they had. So, how long has the federal government been astroturfing their own propaganda to the American public? We can probably assume that the seemingly widespread public opposition to WikiLeaks over releasing the Iraq War documents  mostly comes from the US government itself.

But on a more ordinary level, can we trust online surveys and reviews now? Or have they already become platforms for companies to buy popular support?  Even though we have learned a lot from HBGary's leaked emails we don't know how much  social proof is going on right now and how bad things are going to get, now that more banks and companies know about it.

Extended (Optional)

Originally posted to karlharshman on Mon May 09, 2011 at 05:48 AM PDT.

Also republished by Anonymous Dkos.

Your Email has been sent.