The group known as "Anonymous," which is tied to attacks on U.S. companies denying funds to WikiLeaks, has taken down security vendor HBGary Federal and stolen research and other data associated with HBGary co-founder and malware expert Greg Hoglund.
HBGary Federal was spun-off of HBGary Inc. in late 2009. The new firm, made up of former Northrup Grumman employees and military veterans, provides classified services to the Department of Defense, the intelligence community and other U.S. government agencies.
The firm has reportedly been helping federal investigators identify and infiltrate members of "Anonymous." In a report in the Financial Times on Sunday, HBGary Federal CEO Aaron Barr said the company had identified members of the "Anonymous" group and planned to release details next week at the RSA Conference 2011 in San Francisco.
The "Anonymous" group piqued the interest of federal investigators when it began targeting firms in the United States, including Bank of America and PayPal, for denying funds to WikiLeaks. The group used distributed denial-of-service (DDoS) attacks to cripple company websites by flooding them with useless network traffic. In recent weeks, authorities in the U.S. and U.K. arrested 45 people and seized their computers in connection with the attacks.
HBGary founder Greg Hoglund said the group showed much more prowess in the latest attack against his firm. In an interview late Sunday with former Washington Post cybersecurity reporter, Brian Krebs, Hoglund said a member of "Anonymous" used social engineering tactics to trick a network administrator into giving up access to Rootkit.org, a website maintained by Hoglund. That attack enabled the attacker to gain access to systems containing sensitive email messages and other data, Hoglund said. HBGary used a shared password between systems, he said.
The attacker stole more than 65,000 emails from the company, posting them on The Pirate Bay. In addition, "Anonymous" defaced the HBGary website, posting a message that the attack was in retaliation for attempting to infiltrate the group.
"You think you've gathered full names and home addresses of the "higher-ups" of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False. You believe that you can sell the information you've found to the FBI? False. Now, why is this one false? We've seen your internal documents, all of them and do you know what we did? We laughed. Most of the information you've extracted is publicly available via our IRC networks. The personal details of Anonymous "members" you think you've acquired are, quite simply, nonsense."