HBGary Federal CEO Aaron Barr Quits Due to Anonymous Attack

The embattled CEO of HBGary Federal has resigned his post three weeks after Anonmyous hacked into the company’s network and stole thousands of e-mail messages. The ease Anonymous conducted the attack left the company that provides security services to the federal government red-faced.

CEO Aaron Barr told Threatpost on Feb. 28 that he’s stepping down to help the company regain its reputation and to improve his own.

"[G]iven that I’ve been the focus of much bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm," Barr told Threatpost.

HBGary Federal declined comment.

At least one member of Anonymous saw it as a victory. “Aaron Barr has quit! Join our party on IRC,” Topiary, an Anonymous “supporter” posted on Twitter. “It seems Aaron’s fate currently lies in a trash can, reminiscing of the times he thought he took down Anon,” Topiarty added, referring to a “Where will Aaron Barr be in 6 months time?” online poll. The comments left on AnonNewsSite were far more gleeful. “At least we destroyed him in anonymous style,” wrote one commenter.

Barr had bragged to the Financial Times on Feb. 4 that the company had identified some “leaders” of the hacktivist group behind several denial-of-service attacks on Visa, MasterCard and PayPal. He’d planned to unmask them at B-Sides Security Conference, a parallel event to the RSA Conference in San Francisco.

Anonmyous retaliated Feb. 7 by exploiting weak passwords and unpatched servers to steal 71,000 e-mails from both HBGary Federal and its sister firm HBGary. Using both a SQL injection attack and social engineering, the hackers gained access to the Web and e-mail servers as well as the Rootkit.com domain, a site launched by HBGary founder Greg Hoaglund for discussion and analysis of rootkits and related technology.

The attackers deleted gigabytes of research and support documentation, defaced Barr’s Twitter account and grabbed a decompiled copy of Stuxnet which the researchers had been analyzing. The e-mails have been posted for public viewing, WikiLeaks-style, at anonleaks.ch and a Github repository was created for the “first public Stuxnet decompile.”

HBGary offers a range of computer forensics products, malware analysis tools and security services such as implementing intrusion prevention systems, performing vulnerability assessment and penetration testing. Anonymous highlighted that even security experts can make basic mistakes when securing their environment, according to the attack details outlined by Ars Technica.

The Ars Technica article listed basic mistakes that contradicted best practices, such as unpatched servers and using easily-compromised hashes to store passwords. Even more tellingly, Barr and Ted Vera, the chief operating officer of HBGary Federal, had been re-using a simple password across multiple systems.

Senior executives should be held to the same level of security as regular employees, Andrew Jaquith, CTO of another security firm, Perimeter E-Security, recently told eWEEK. Executives actually "need to be safer than most," he said.

In this case, Anonymous had used a SQL injection attack to compromise the custom content management system powering HBGary Federal’s Web site. The attack URL contained two parameters the CMS handled incorrectly, allowing hackers to retrieve the list of usernames, e-mail addresses and MD5 password hashes from the user database. Attackers were able to crack passwords belonging to Barr and Vera because the passwords were too weak with six lower case letters and two numbers, reported Ars Technica.

Next: Gawker Lessons Not Learned >>