HBGary Execs Run For Cover As Hacking Scandal Escalates

Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. Over the last week, many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light.

Last week, the hacker group Anonymous released more than 40,000 of HBGary Federal’s emails, followed by another 27,000 from its sister company, HBGary, over the weekend. Those files, stolen in retaliation for an attempt by HBGary Federal CEO Aaron Barr to penetrate Anonymous and identify its members, revealed a long list of borderline illegal tactics. Ars Technica has posted a well-constructed narrative of the firm’s bad behavior. The short version: It proposed services to clients like Bank of America and the U.S. Chamber of Commerce that included cyberattacks and misinformation campaigns, phishing emails and fake social networking profiles, pressuring journalists and intimidating the financial donors to clients’ enemies including WikiLeaks, unions and non-profits that opposed the Chamber.

HBGary responded Monday with a statement on its website that it’s “continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.” In the mean time, the firm is canceling all its executives’ talks at the RSA conference, the largest cybersecurity industry confab of the year, taking place this week in San Francisco. HBGary chief executive Greg Hoglund had planned to give two presentations at the conference. HBGary Federal CEO Barr last week canceled his talk at the simultaneous B-Sides conference, which would have focused on his expose on Anonymous. The company said in its statement that it had been subject to numerous threats of violence, including some received at its RSA marketing booth.

I’ve written earlier about HBGary’s proposal to Bank of America, in partnership with fellow security firms Palantir and Berico Technologies, to weaken WikiLeaks with cyberattacks and false documents as well as tracing and threatening its donors and supporters. But new information surfaced Monday about other shady approaches the firm suggested. As part of the company’s pitch to the U.S. Chamber of Commerce, HBGary Federal’s Barr offered tactics like mining Classmates.com for information about a target individual’s friends, then building fake Facebook pages to gain access to subject’s personal details. He and Hoglund also discussed using spear phishing, a technique that typically plants malicious software on a user’s machine with a carefully spoofed email message.

Bank of America, the Chamber of Commerce, Palantir and Berico have all since released statements that say they’ve ended their relationship with the company.

http://blogs.forbes.com/andygreenberg/2011/02/15/hbgary-execs-run-for-cover-as-hacking-scandal-escalates/

if Anonymous hadn't spilled the beans. I think that is a reasonable assumption. Let's keep in mind, there are others out there who are willing to do the same things for Bank of America, the Chamber of Commerce, Palantir and Berico.

These other companies involved are desperately hoping to avoid being tainted by this scandal. You can bet that the CEO's of the other two companies are not going to poke Anonymous in the eye like the dumbass from HBGary did. Everyone involved should be investigated by the DOJ. That is if we had a DOJ that wasn't working corporate America first and everyone else second.

I don't do business with Bank of America, for example; but if I did I would put it to an end on account of this revelation.

with any slime bags....they are probably just trying to "appear" as if they have. The same people will re-emerge in a company by another name to help Bof A and the CofC to do exactly what they had planned all along. Or they will pass the contract on to someone who will and will be able to remain more annonymous.

The problem is knowing when you're dealing with people that are this corrupt and greedy and desperate to maintain control and power: they will not stop. They are as big as they are because they are more ruthless and evil than most of us can begin to imagine. That is how they got this big.

Corporations are SOCIOPATHS. It is their JOB to be a sociopath...to have no feelings, but only to make money in any way necessary. THAT is why corporations need to be heavily HEAVILY regulated in a capitalist system.

This HBGary episode reminds me of the Total Information Awareness program.


Prohibited by Congress, the TIA program just continued elsewhere, pretending to be something else. TIA was the brainchild of John Poindexter, convicted of Iran/Contra criminal. I have no doubt that the program is being used on Americans this very day.

What makes you think they aren't still clients.

Typical disinformation - say one thing and do another. If that company or another with the same staff is still around in a year then we'll know it was all BS.

Please see my upthread reply

would have been a sting. Keep quiet that they've been busted, continue selling illegal services to businesses, then round up everybody who bought.

But I forgot. That would take a rational, moral government - nevermind.

Similar tactics have gained widespread use in political campaigns, looking much like brand management and micro marketing having met social media from viral chain emails to planted "news" stories with disinformation. We have discussed how difficult it is to expose or counteract these measures.

Maybe Anonymous, Wikileaks, et al can help bring some attention to this area, too.