Suitably-titled web group Anonymous has taken credit for or been implicated in countless web-based shenanigans which typically lean toward the illegal even when the intentions are just. Aaron Barr is CEO of online security firm HBGary. Recently, the two engaged in what can only be called cyber opera – a back-and-forth war waged with modem and keyboard that saw the latter, using subterfuge, attempting to uncover the real people behind the fictional online handles.
What resulted was HBGary and its sister company HBGary Federal being hacked, along with loads of private emails being leaked to the public. How did this happen? And why?
While we covered the HBGary hacking story a couple days ago, Arstechnica divulged more of the entire twisted story today. Barr sought to root out the real-life identities of those who belonged to Anonymous by infiltrating the group, ironically, with multiples aliases. Using these aliases, reports the site, Barr set about weaving a complex plot involving adding code to the Low Orbit Ion Cannon with one persona while another called that one out.
Some of Barr’s messages paint him as ambitious, if arrogant: in one he claims, “I follow one law. Mine.” Others present him as almost anti-big business: “I really dislike corporations. They suck the lifeblood out of humanity. But they are also necessary and keep us moving, in what direction I don’t know.”
You might have already heard how Barr uncovered three specific individuals he felt were Anonymous bigwigs, and even claimed he knew their real-life identities. However, he told one of those three – allegedly CommanderX – via Twitter that he would not publish that information – that that was never the purpose of his research. From that exchange, the attack on Barr’s company seemed a foregone conclusion.
Ultimately, Barr’s efforts were self-serving. The entire plan was mainly concocted to garner attention for Barr and his company. When you sell digital protection tools and help other companies reduce cyber crime, knowing the ins and outs of a major perpetrator of such attacks certainly doesn’t hurt. It’s safe to say that what happened wasn’t the type of publicity he was hoping for.
The HBGary site is currently still disabled, offering only a brief message alluding to the cyber-attack and the resulting information leak.