Aaron Barr, the COO of HBGary Federal, told the Financial Times this weekend that he used clues found online to discover the identities of key Anonymous members. Anonymous reacted to the story and Barr’s claims with a massive attack aimed at the security firm, leveraging local root exploits, shared passwords, and social engineering.
In an interview with the Financial Times, Barr said that by using services such as LinkedIn, Classmates.com, Facebook, as well as IRC itself, he was able to connect the dots and identify several high-level Anonymous members, including “Owen” and “Q”, two people mentioned by their IRC names in the actual news report.
The Tech Herald has seen Barr’s research. [PDF] While there is plenty of information, several operation names and dates are out of order, and many of the names associated with membership are incorrect. When it comes to the ten “most senior people”, they are actually network administrators.
They work to keep the IRC servers online. Their proper titles include Services Root Administrator, Network Administrator, and Operator. AnonOps is an IRC network, Anonymous is something entirely different. Those who manage the IRC servers might be part of Anonymous, but they are not co-founders or leaders. They are highly active people, but that is what is needed to maintain an IRC network such as theirs.
After the Financial Times story broke, including Barr’s claims of infiltration, Anonymous responded. The response was brutal, resulting in full control over hbgary.com and hbgaryfederal.com. They were also able to compromise HBGary’s network, including full access to all their financials, software products, PBX systems, Malware data, and email, which they released to the public in a 4.71 GB Torrent file.
In all, they copied data, wiped the backup servers, and released the Torrent with the company email. This email release is the third time Anonymous has exposed internal communications. Previously, they exposed company emails taken from ACSLaw and Acapor.
After a tip from CrowdLeaks.org, The Tech Herald has learned that HBGary Federal, as well as two other data intelligence firms, worked to develop a strategic plan of attack against WikiLeaks. The plan included pressing a journalist in order to disrupt his support of the organization, cyber attacks, disinformation, and other potential proactive tactics.
The tip from CrowdLeaks is directly related to the highly public attack on HBGary, after Anonymous responded to research performed by HBGary Federal COO, Aaron Barr. Part of Anonymous’ response included releasing more than 50,000 internal emails to the public.
What was pointed out by CrowdLeaks is a proposal titled “The WikiLeaks Threat” and an email chain between three data intelligence firms. The proposal was quickly developed by Palantir Technologies, HBGary Federal, and Berico Technologies, after a request from Hunton and Williams, a law firm that currently counts Bank of America as a client.
Later in the day, WikiLeaks posted an updated PDF file of “The WikiLeaks Threat on their website,” which the three data intelligence firms put together to help guide a planned attack on WikiLeaks.
It was already reported that they were going to try to use disinformation, create messages around actions of sabotage, work to discredit opposing organizations, post fake documents and call out the errors, and work to feed a fuel between groups feuding around WikiLeaks operations. What wasn’t initially reported on is all the people these firms wanted to ensnare in their scheme to take down WikiLeaks.
One slide shows that these were the people they aimed to involve: James Ball, Theodore Reppe, Jennifer Robinson, Julian Assange, John Shipton, Kristinn Hrafnsson, Jacob Appelbaum, David House, Daniel Mathews, Glenn Greenwald, Jennifer 8. Lee, Daniel Schmitt, Herbert Snorrason, Birgitta Jonsdottir.
Related Leak: U.S. Intelligence Planned to Destroy WikiLeaks