Cross posted at Anonymous Dkos
Andy Greenberg over at Forbes has an excellent piece up right now about HBGary's potentially criminal exploits in their efforts to take down Wikileaks and their supporters, notably Anonymous.
A taste:
HBGary Execs Run For Cover As Hacking Scandal Escalates Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. Over the last week, many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light.
Updated from the article:
.....new information surfaced Monday about other shady approaches the firm suggested. As part of the company’s pitch to the U.S. Chamber of Commerce, HBGary Federal’s Barr offered tactics like mining Classmates.com for information about a target individual’s friends, then building fake Facebook pages to gain access to subject’s personal details. He and Hoglund also discussed using *spear phishing, a technique that typically plants malicious software on a user’s machine with a carefully spoofed email message.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~
From Whatis :
*Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.
According to an article in the New York Times, spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by "sophisticated groups out for financial gain, trade secrets or military information."
Here's one version of a spear phishing attack: The perpetrator finds a Web site for a targeted organization that supplies contact information for employees and other relevant data about the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail appearing to come from an individual who might reasonably request confidential information, such as a network administrator. Typically, a spear phisher requests user names and passwords or asks recipients to click on a link that will result in the user downloading spyware or other malicious programming. The message employs social engineering (fraudulent, non-technical) tactics to convince the recipient. If a single employee falls for the spear phisher's ploy, the attacker can masquerade as that individual and gain access to sensitive data.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~
So, in essence, HBGary got spear phished (pwnd) by 16 year old "Kayla" the teen hacker into revealing everything anonymous needed to get into and take control of their systems.
How it went down: ( from this comment by Anak )
Suggest scrolling down and read from the bottom up so it's in chronological order
did you open something running on high port? On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
> ok let me know if you need me
>
> On 2/6/11, jussi jaakonaho wrote:
>> tnx.
>> i am also connected to the box, seems some people have download problems -
>> have figured earlier that some chinese used chinese chars on names of files,
>> which then our filtering stripped off when putting db etc. so some db
>> editing
>>
>>
>> _jussi
>>
>> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
>>
>>> ok ill make sure to get you a new license asap.
>>>
>>> On 2/6/11, jussi jaakonaho wrote:
>>>> np.
>>>> btw i did not shut down the firewall so it still protects with too many
>>>> connections from same source address.
>>>>
>>>> i have also downloaded latest backups from /home/varmi to my homebox,
>>>> just
>>>> in case.
>>>>
>>>> oh, also seem my license is expiring for responder again. o:-) was
>>>> thinking
>>>> to put it into box with more memory.
>>>>
>>>> _jussi
>>>>
>>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
>>>>
>>>>> yup im logged in thanks ill email you in a few, im backed up
>>>>>
>>>>> thanks
>>>>>
>>>>> On 2/6/11, jussi jaakonaho wrote:
>>>>>> nope. your account is named as hoglund
>>>>>>
>>>>>>
>>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
>>>>>>
>>>>>>> yes jussi thanks
>>>>>>>
>>>>>>> did you reset the user greg or?
>>>>>>>
>>>>>>> On 2/6/11, jussi jaakonaho wrote:
>>>>>>>> does it work now?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
>>>>>>>>
>>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
>>>>>>>>> for a little bit.
>>>>>>>>>
>>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
>>>>>>>>> 65.74.181.141?
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>>
>>>>>>>>> On 2/6/11, jussi jaakonaho wrote:
>>>>>>>>>> ok,
>>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
>>>>>>>>>> testing
>>>>>>>>>> so
>>>>>>>>>> that it works for sure.
>>>>>>>>>> your password is changeme123
>>>>>>>>>>
>>>>>>>>>> i am online so just shoot me if you need something.
>>>>>>>>>>
>>>>>>>>>> in europe, but not in finland? :-)
>>>>>>>>>>
>>>>>>>>>> _jussi
>>>>>>>>>>
>>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
>>>>>>>>>>
>>>>>>>>>>> no i dont have the public ip with me at the moment because im
>>>>>>>>>>> ready
>>>>>>>>>>> for a small meeting and im in a rush.
>>>>>>>>>>>
>>>>>>>>>>> if anything just reset my password to changeme123 and give me
>>>>>>>>>>> public
>>>>>>>>>>> ip and ill ssh in and reset my pw.
>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>>
>>>>>>>>>>> On 2/6/11, jussi jaakonaho wrote:
>>>>>>>>>>>> hi,
>>>>>>>>>>>>
>>>>>>>>>>>> do you have public ip? or should i just drop fw?
>>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
>>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> _jussi
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> jussi
Oh, the irony, it burns.
Updated by Lisa Lockwood at Tue Feb 15, 2011, 05:06:54 PM
UPDATE from Salon:
When this story broke last week, Palantir was quick to deny any involvement in the anti-WikiLeaks plan and to sever ties with one of the partner firms, HBGary, that had masterminded the plan. One of several provocative items in the plan said that Greenwald's public support for WikiLeaks needed "to be disrupted."
Here's where a new wrinkle in the story comes into play. Anonymous has now published a new batch of thousands emails hacked from executives at HBGary. And the emails appear to contradict Palantir's claim that it had nothing to do with developing the anti-WikiLeaks plan.
Updated by Lisa Lockwood at Sun Feb 20, 2011, 03:25:13 PM
~Caveat~
The posts that concern "anonymous" activities that are occurring all over the world are placed here for informational purposes. I do not advocate nor encourage anyone within the US to participate in activities that are against the laws of our country. I do not speak for anonymous, and do not wish to convey that impression. I have gathered information that is readily and freely found on the internet as a journalist would do, for informational purposes only. No one has given me any "secret" information, nor have I shared anything here that is "secret", to my knowledge. Everything posted here can be found by searching teh google, is widely available to anyone, and should be taken with a grain of salt...or a whole box of same.
Please act responsibly and let your conscience and good sense be your guide. Please be aware that participating in actions that are illegal can have serious consequences. Be aware that not everything you read on the internet is true. Be aware that everyone you speak with or share information with is not your friend.
World events are moving quickly, and there is a tendency to want to be the first to know things, but knowing things and acting upon them are two entirely different things. We live in interesting times, and information and communication occur at the speed of thought. Because of this, sometimes information is presented that is not necessarily true or factual. While I try to present stories with several sources, not all sources are reliable. So I cannot vouch for anything posted here as being 100% accurate. All I can vouch for is my own intentions, and those, should they need clarification, are to pass on information about a movement that is making news, and perhaps making history, but on one thing I wish to be crystal clear. I have no intention of breaking the law, and do not advocate that anyone else do so.
Just sayin'.