'Anonymous' Attacks HBGary Federal, Steals Corporate E-mail

“Anonymous” launched an attack against security firm HBGary Federal, taking down its Website and stealing corporate e-mail in retaliation for the company's efforts to track down “hacktivists” tied to cyber-attacks conducted in support of WikiLeaks.

The attack followed claims by HBGary Federal that it had gathered information on hackers who are part of Anonymous. In an article on Yahoo, HBGary Federal CEO Aaron Barr was quoted in the Financial Times describing information he believed the firm had uncovered about the group’s hierarchy.

The group responded by hacking into HBGary’s networks and swiping corporate e-mail, then defacing the HBGary Federal Website and posting a message casting doubt on the company’s findings and offering to release them to the public.

“You think you’ve gathered full names and home addresses of ‘higher-ups’ in Anonymous? You haven’t,” read the message the group posted on the Website. “You think Anonymous has a founder and various co-founders? False...Most of the information you’ve ‘extracted’ is publicly available via our IRC networks. The personal details of Anonymous “members” you think you’ve acquired are, quite simply, nonsense.”

The group also compromised Barr’s Twitter account and posted offensive messages.

In the Financial Times, Barr stated that a co-founder of the group using the nickname Q lived in California, and that the hierarchy of the group includes senior members in the U.K., Germany, Netherlands, Italy and Australia. While a few hundred people participate in the operations, only about 30 are continuously active, including 10 who "are the most senior and coordinate and manage most of the decisions," Barr told the Financial Times.

HBGary Federal, founded in 2009, is partly owned by HBGary. In an interview with security blogger Brian Krebs, HBGary CEO Greg Hoglund said the attackers used social engineering to get a network administrator to give them total control over rootkit.com, a security-research site operated by Hoglund.

“They broke into one of HBGary’s servers that was used for tech support, and they got e-mails through compromising an insecure Web server at HBGary Federal,” Hoglund was quoted as saying. “They used that to get the credentials for Aaron, who happened to be an administrator on our e-mail system, which is how they got into everything else. So it’s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.”

Law-enforcement authorities began the recent charge against Anonymous in December, following a spate of attacks against companies and organizations viewed as opposing WikiLeaks. Last month, U.K. police arrested five people in connection with the attacks, and police in the Netherlands have made arrests as well.

Unlike the distributed-denial-of-service attacks Anonymous has become known for, this incident “involved true hacking skills,” blogged Chester Wisniewski, senior security advisor at Sophos Canada.

“From a legal perspective, Anonymous had better hope they remain anonymous,” Wisniewski wrote. “The criminal activities outlined by their own bragging could get them some serious prison time in the U.S., U.K. and other countries with strict cyber-security laws.”