Glass
16th February 2011, 07:53 PM
I liked this story for quite a few reasons
The hacktivist group Anonymous is at it again. This time, it has humiliated an Internet security firm that threatened to out the group's hierarchy.
If you remember, Anonymous has been in the news, first, because in support of WikiLeaks, it undertook cyberattacks that brought down the websites of Visa and Mastercard. Second, because it brought down the sites of some government entities in Egypt and helped the anti-government protesters with technical help. Third, because as NPR's Martin Kaste reported, the FBI is hot on the group's heels. (Kaste has more on tonight's All Things Considered.)
Today, the website ArsTechnica ran a piece that details how Anonymous methodically went after HBGary Federal's digital infrastructure. Earlier this month, HBGary Federal's CEO Aaron Barr said the company, which specializes in analyzing vulnerabilities in computer security for companies and even some government agencies, had undertaken an investigation of Anonymous and had used social media to unmask the group's most important people.
The Financial Times reported:
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions," Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data
Barr said an HBGary representative was set to give a presentation at a security conference in San Francisco, but as soon as Anonymous got wind of their plans, it hacked into HBGary's servers, rifled through their e-mails and published them to the web. The group defaced HBGary's website and published the user registration database of another site owned by Greg Hoglund, owner of HBGary.
Amazingly, reports ArsTechnica, Anonymous managed all this by exploiting easy and everyday security flaws. First, it found that the content management system — a program that allows for easy publishing to the web — had a security vulnerability. The group was able to get into the usernames and passwords from the database and, as ArsTechnica puts it, HBGary employees did not follow Internet best practices and used the same passwords over and over on different sites including their e-mail accounts, Twitter and LinkedIn accounts.
If you're interested in the details of the operation, ArsTechnica does a great job at putting it in easy-to-understand words. But perhaps one of the more interesting things the piece manages to cull is a profile of the people behind Anonymous.
Full article (http://www.npr.org/blogs/thetwo-way/2011/02/16/133814783/how-anonymous-exacted-revenge-on-firm-that-threatened-to-out-them?sc=tw&cc=share)
The hacktivist group Anonymous is at it again. This time, it has humiliated an Internet security firm that threatened to out the group's hierarchy.
If you remember, Anonymous has been in the news, first, because in support of WikiLeaks, it undertook cyberattacks that brought down the websites of Visa and Mastercard. Second, because it brought down the sites of some government entities in Egypt and helped the anti-government protesters with technical help. Third, because as NPR's Martin Kaste reported, the FBI is hot on the group's heels. (Kaste has more on tonight's All Things Considered.)
Today, the website ArsTechnica ran a piece that details how Anonymous methodically went after HBGary Federal's digital infrastructure. Earlier this month, HBGary Federal's CEO Aaron Barr said the company, which specializes in analyzing vulnerabilities in computer security for companies and even some government agencies, had undertaken an investigation of Anonymous and had used social media to unmask the group's most important people.
The Financial Times reported:
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions," Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data
Barr said an HBGary representative was set to give a presentation at a security conference in San Francisco, but as soon as Anonymous got wind of their plans, it hacked into HBGary's servers, rifled through their e-mails and published them to the web. The group defaced HBGary's website and published the user registration database of another site owned by Greg Hoglund, owner of HBGary.
Amazingly, reports ArsTechnica, Anonymous managed all this by exploiting easy and everyday security flaws. First, it found that the content management system — a program that allows for easy publishing to the web — had a security vulnerability. The group was able to get into the usernames and passwords from the database and, as ArsTechnica puts it, HBGary employees did not follow Internet best practices and used the same passwords over and over on different sites including their e-mail accounts, Twitter and LinkedIn accounts.
If you're interested in the details of the operation, ArsTechnica does a great job at putting it in easy-to-understand words. But perhaps one of the more interesting things the piece manages to cull is a profile of the people behind Anonymous.
Full article (http://www.npr.org/blogs/thetwo-way/2011/02/16/133814783/how-anonymous-exacted-revenge-on-firm-that-threatened-to-out-them?sc=tw&cc=share)