.

The inside story of the HBGary hack

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Feb 17, 2011 7:54 am

The inside story of the HBGary hack

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Thu Feb 17, 2011 12:49 pm

Re: The inside story of the HBGary hack

A brilliant piece of work by Anon and a damming enditment of HBGary!
Net+ Sec+ More to come
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Thu Feb 17, 2011 1:00 pm

Re: The inside story of the HBGary hack

Uau!

Nicer than an action movie :)
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

anoninde

Post Thu Feb 17, 2011 1:33 pm

Re: The inside story of the HBGary hack

I find this situation insanely entertaining, is that wrong? It appears the initial vectors of attack were pretty straight forward, the social engineering aspect of it is almost ridiculous. The biggest portion of this attack that is so alarming is how many private companies, government agencies and foreign interests had some involvement with HBGary, and now they are suddenly exposed.......the kinetic damage from the poor security practices by HBGary.
<<

maxpeck

User avatar

Newbie
Newbie

Posts: 21

Joined: Mon Sep 28, 2009 11:27 am

Post Sun Feb 20, 2011 9:26 pm

Re: The inside story of the HBGary hack

Like a guy that runs a Dojo getting his butt kicked by a group of 10 year olds ;)
Max
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Feb 22, 2011 9:55 am

Re: The inside story of the HBGary hack

There have a number of security companies pwned in the last few years. I'd be shocked if a number of the bigger companies wouldn't also be pwnable, especially when you count the SE attacks. The SE attacks aren't a pass/fail, its a question of what percentage of the people will fall for it.
twitter.com/timmedin | http://blog.securitywhole.com
<<

digitalsecurity4u

Newbie
Newbie

Posts: 1

Joined: Tue Feb 22, 2011 1:05 pm

Post Tue Feb 22, 2011 1:19 pm

Re: The inside story of the HBGary hack

Making yourself the poster child of how not to run a security company, nice. If they ever recovery its going to be a while and no steak is going to remove that black eye. The using of the same password accross domains (company and internet) really kills me.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Mar 01, 2011 10:01 pm

Re: The inside story of the HBGary hack

digitalsecurity4u wrote:Making yourself the poster child of how not to run a security company, nice.


I actually appreciate someone trying to take on Anonymous. Whether you support the cause that Anonymous stands for, what they are doing *is* illegal. And we supporting an "ends justify the means" approach is very dangerous.

If they ever recovery its going to be a while and no steak is going to remove that black eye.


They are dead. My understanding is that they have two employees left.

The using of the same password accross domains (company and internet) really kills me.


Yeah, not a great idea, but I can guarantee they they aren't the only security company doing it.
twitter.com/timmedin | http://blog.securitywhole.com
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Mar 03, 2011 4:05 am

Re: The inside story of the HBGary hack

timmedin wrote:
If they ever recovery its going to be a while and no steak is going to remove that black eye.


They are dead. My understanding is that they have two employees left.


Aaron Barr has finally resigned.  When you say only 2 employees left, is that just HBGary Federal, or HBGary?  Reading the chat logs from when Penny Leavy was pleading with Anonymous in their IRC channel, she made it clear that HBGary had only invested money in HBGary Federal, that they were separate companies.  I haven't heard much about HBGary and was wondering how they were doing compared to HBGary Federal.
Last edited by lorddicranius on Thu Mar 03, 2011 9:58 am, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

red rail

Newbie
Newbie

Posts: 2

Joined: Thu Mar 03, 2011 7:42 am

Post Thu Mar 03, 2011 8:00 am

Re: The inside story of the HBGary hack

It seems as though his compromise for usability vs security met a sad fate.  I assume that he set his websites/accounts up thinking that he had no reason to be excessively secure.  For a security company, this is unacceptable.  Most of us make these common mistakes in the sake of thinking, "Its good enough".... and it usually is... because were not starting trouble for ourselves with a group known to be successful with disrupting services.  I still fail to see what he was trying to accomplish?  Even if he was completely secure (by theory), he would still be susceptible to DDoS attacks, that they are known to use, that would disrupt the day to day operations of his websites.. there really was no 'winning' outcome.  His arrogance caused his downfall.. and he will have that story to tell for the rest of his life.
BA Information Systems Security, Linux+, A+
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Fri Mar 11, 2011 8:55 am

Re: The inside story of the HBGary hack

Not to beat a dead horse, but I got a kick out of this one.  It came across Twitter this morning.

The HBGary saga, depicted as a Spy v. Spy cartoon.

http://www.businessweek.com/magazine/content/11_12/b4220066673859.htm
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Mar 11, 2011 2:28 pm

Re: The inside story of the HBGary hack

Thanks yatz, it is very funny!!! :)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Mar 11, 2011 5:47 pm

Re: The inside story of the HBGary hack

You guys see the email about Hbgary trying to out-nmap nmap?

http://seclists.org/nmap-dev/2011/q1/767

This scanner would not take us very long to write, and it would BLOW
THE BALLS OFF OF NMAP.


::)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Mar 11, 2011 6:10 pm

Re: The inside story of the HBGary hack

That cartoon and especially that email regarding nmap, too funny ;D
GSEC, eCPPT, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Mar 11, 2011 7:39 pm

Re: The inside story of the HBGary hack

Schneier put together a great list of Ars Technica articles that went in-depth and contain some pretty interesting information: http://www.schneier.com/blog/archives/2 ... vs_hb.html
The day you stop learning is the day you start becoming obsolete.
Next

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software