Anonymous hacked security firm HBGary Federal in retaliation for the company's efforts to track the people behind a spate of denial-of-service attacks.
"Anonymous" launched an
attack against security firm HBGary Federal, taking down its Website
and stealing corporate e-mail in retaliation for the company's efforts to
track down "hacktivists" tied to cyber-attacks conducted in support of
The attack followed claims
by HBGary Federal that it had gathered information on hackers who are part of
on Yahoo, HBGary Federal CEO Aaron Barr was quoted in the
Financial Times describing information he believed the firm had uncovered about
the group's hierarchy.
The group responded by
hacking into HBGary's networks and swiping corporate e-mail, then defacing the
HBGary Federal Website and posting a message casting doubt on the company's
findings and offering to release them to the public.
"You think you've gathered
full names and home addresses of -higher-ups' in Anonymous? You haven't," read the
the group posted on the Website. "You think Anonymous has a founder
and various co-founders? False...Most of the information you've -extracted' is
publicly available via our IRC networks. The personal details of Anonymous
"members" you think you've acquired are, quite simply, nonsense."
The group also compromised
Barr's Twitter account and posted offensive messages.
In the Financial Times, Barr
stated that a co-founder of the group using the nickname Q lived in California,
and that the hierarchy of the group includes senior members in the U.K.,
Germany, Netherlands, Italy and Australia. While a few hundred people
participate in the operations, only about 30 are continuously active,
including 10 who "are the most senior and coordinate and manage most of
the decisions," Barr told the Financial Times.
HBGary Federal, founded in
2009, is partly owned by HBGary. In
with security blogger Brian Krebs, HBGary CEO Greg Hoglund said
the attackers used social engineering to get a network administrator to give
them total control over rootkit.com, a security-research site operated by
"They broke into one of
HBGary's servers that was used for tech support, and they got e-mails through
compromising an insecure Web server at HBGary Federal," Hoglund was quoted as
saying. "They used that to get the credentials for Aaron, who happened to be an
administrator on our e-mail system, which is how they got into everything else.
So it's a case where the hackers break in on a non-important system, which is
very common in hacking situations, and leveraged lateral movement to get onto
systems of interest over time."
began the recent charge against Anonymous in December, following a spate of
attacks against companies and organizations viewed as opposing WikiLeaks. Last
month, U.K. police arrested
in connection with the attacks, and police in the Netherlands
have made arrests as well.
distributed-denial-of-service attacks Anonymous has become known for, this
incident "involved true hacking skills," blogged
, senior security advisor at Sophos Canada.
"From a legal perspective,
Anonymous had better hope they remain anonymous," Wisniewski wrote. "The
criminal activities outlined by their own bragging could get them some serious
prison time in the U.S., U.K. and other countries with strict cyber-security