Anonymous victim HBGary goes to ground
- Published
The computer security company hacked by members of activist group Anonymous has gone to ground as further revelations about its activities leak online.
HBGary has cancelled its appearances at public events, saying that members of staff had been threatened.
It follows the release of internal documents which appear to show the firm offered to smear Wikileaks' supporters.
HBGary officials said the online messages could have been altered prior to publication.
The company's founder, Greg Hoglund had been scheduled to give a talk at the RSA Security conference in San Francisco this week, but pulled out at the last minute.
The company also withdrew from an associated exhibition.
"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," it said in a statement posted on its website, external.
According to e-mails that Anonymous claims to have taken from HBGary's servers, the company had proposed a plan to undermine Wikileaks.
At the time, the whistle-blowing website was planning to release documents relating to Bank of America.
The leaked emails also suggest that HBGary had discovered evidence that US officials were attempting to monitor visitors to websites affiliated to al Qaeda.
These messages have been posted online via the Anonymous-supported site Anonleaks.ru.
Government payload
In a message to colleagues, dated 16 November 2009, Mr Hoglund allegedly wrote that he had obtained a document taken from a jihadist website.
"I think it has a US govvy payload buried inside," the e-mail said.
The note also urges colleagues not to open the programme unless they were in a locked-down environment.
"Don't let it fone home unless you want black suits landing on your front acre," it adds.
In e-mails from early January 2011, it is claimed that Mr Hoglund sent out proposals to develop a spying program, known as a rootkit, that would run on Windows-based computers.
"There isn't anything like this publicly," the proposal stated. It would be "almost impossible to remove" or detect.
Penny Leavy, the president of HBGary said the volume of messages published online made it impossible to verify whether any of the content had been changed.
Highly suspect
"We do have e-mails that were changed and posted," she told BBC News. "Given that Anonymous has had these e-mails for days I would be highly suspect of them."
Members of Anonymous hacked into HBGary's corporate systems after discovering that Aaron Barr, the chief executive of a subsidiary, HBGary Federal, had been threatening to reveal the identify of some of the group.
The hackers were able to access sensitive business systems, including its e-mail, and take over the company website, as well as some personal Twitter accounts.
Thousands of e-mails which the group claimed came from HBGary were then published on peer-to-peer networks.
The fallout from the affair will be difficult to overcome, said Graham Cluley of rival security firm Sophos.
"The damage to HBGary's reputation from this incident is, quite frankly, enormous," he said.
"No company deserves to be on the sharp end of a hacking attack like the one which hit HBGary, but it's particularly damaging when the victim is a specialist in the field of computer security," he added.
"You brought this upon yourself," Anonymous said in a statement detailing its actions.
"Let us teach you a lesson you'll never forget: don't mess with Anonymous."
Anonymous, which has its roots in the notorious 4Chan internet messageboard, has been involved in campaigns against the Church of Scientology and in support of Wikileaks.
- Published9 December 2010
- Published7 February 2011