Anonymous 2, HBGary Federal 0. Aaron Barr has stepped down from his CEO post at HBGary Federal after an extremely embarrassing data breach by the hacktivist group Anonymous.
The embattled CEO of HBGary Federal has resigned his post three weeks after Anonmyous hacked into the company's
network and stole thousands of e-mail messages. The ease Anonymous conducted
the attack left the company that provides security services to the federal
CEO Aaron Barr told Threatpost
on Feb. 28 that he's stepping down to help the company regain its reputation
and to improve his own.
"[G]iven that I've been the focus of much bad press, I
hope that, by leaving, HBGary and HBGary Federal can get away from some of
that. I'm confident they'll be able to weather this storm," Barr told
HBGary Federal declined comment.
At least one member of Anonymous saw it as a victory. "Aaron
Barr has quit! Join our party on IRC," Topiary
, an Anonymous
"supporter" posted on Twitter. "It seems Aaron's fate currently lies in a trash
can, reminiscing of the times he thought he took down Anon," Topiarty added,
referring to a "Where will Aaron Barr be in 6 months time?" online poll
. The comments left
were far more gleeful. "At least we destroyed him in anonymous style," wrote
Barr had bragged to the Financial Times on Feb. 4 that the
company had identified some "leaders" of the hacktivist group behind several
denial-of-service attacks on Visa, MasterCard and PayPal. He'd planned to unmask
them at B-Sides Security Conference, a parallel event to the RSA
in San Francisco.
Feb. 7 by exploiting weak passwords and unpatched servers to
steal 71,000 e-mails from both HBGary Federal and its sister firm HBGary. Using
both a SQL injection attack and social engineering, the hackers gained access
to the Web and e-mail servers as well as the Rootkit.com domain, a site
launched by HBGary founder Greg Hoaglund for discussion and analysis of rootkits
and related technology.
The attackers deleted gigabytes of research and support
documentation, defaced Barr's Twitter account and grabbed a decompiled copy of
Stuxnet which the researchers had been analyzing. The e-mails have been posted
for public viewing, WikiLeaks-style, at anonleaks.ch and a Github repository was
created for the "first public Stuxnet decompile."
HBGary offers a range of computer forensics products, malware
analysis tools and security services such as implementing intrusion prevention
systems, performing vulnerability assessment and penetration testing. Anonymous
highlighted that even security experts can make basic mistakes when securing
their environment, according to the attack details outlined by Ars
The Ars Technica article listed basic mistakes that contradicted
best practices, such as unpatched servers and using easily-compromised hashes
to store passwords. Even more tellingly, Barr and Ted Vera, the chief operating
officer of HBGary Federal, had been re-using a simple password across
Senior executives should be held to the same level of
security as regular employees, Andrew Jaquith, CTO of another security firm,
Perimeter E-Security, recently told eWEEK. Executives actually "need to be
safer than most," he said.
In this case, Anonymous had used a SQL injection attack to
compromise the custom content management system powering HBGary Federal's Web
site. The attack URL contained two parameters the CMS handled incorrectly,
allowing hackers to retrieve the list of usernames, e-mail addresses and MD5 password
hashes from the user database. Attackers were able to crack passwords belonging
to Barr and Vera because the passwords were too weak with six lower case
letters and two numbers, reported Ars Technica.