Feeds

Anonymous pwns security firm that probed its membership

HBGary gets the ACS:Law treatment

Beginner's guide to SSL certificates

The Anonymous hacking collective took revenge on a security firm that had investigated its membership on Sunday.

HBGary Federal has been seeking to uncloak the identities of senior members of Anonymous involved in attacks against financial services firms, such as PayPal and Mastercard, that had suspended accounts run by WikiLeaks. The security consultancy had infiltrated IRC chat sessions and Facebook groups used by core members of the Anonymous collective. HBGary Federal wanted to present its research at an upcoming security conference.

In response, Anonymous did a number on HBGary by hacking into its email system and uploading 60,000 emails onto file-sharing networks. Anonymous also defaced HBGary's website with an image explaining their motives as well as taking over the Twitter feed of HBGary's chief exec, Aaron Barr, to tweet abuse as well as supposed details of his home address and social security number. LinkedIn accounts of other senior HBGary execs were also targeted for attack.

Anonymous also posted HBGary's research of the hacking collective, claiming that the names and addresses of Anonymous members gleaned by the firm are largely bogus. The techniques and methods employed during the attack remain unclear.

HPGARYisdown2

The assault is far more sophisticated than the usual denial of service attacks deployed by Anonymous volunteers against organisations that earn its displeasure, such as entertainment industry firm-hassling file-sharing sites and the Church of Scientology as well as as those refusing to cash WikiLeaks' cheques.

The assault on HBGary follows the same pattern as a previous assault against ACS:Law, a controversial legal firm that ran a business sending threatening letters to alleged file-sharers.

HBGary's website had been replaced by an "under construction" holding page at the time of writing. Rootkit.com, a research site maintained by HBGary, and also hit by the attack remains unavailable. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.