Anonymous pwns security firm that probed its membership
HBGary gets the ACS:Law treatment
The Anonymous hacking collective took revenge on a security firm that had investigated its membership on Sunday.
HBGary Federal has been seeking to uncloak the identities of senior members of Anonymous involved in attacks against financial services firms, such as PayPal and Mastercard, that had suspended accounts run by WikiLeaks. The security consultancy had infiltrated IRC chat sessions and Facebook groups used by core members of the Anonymous collective. HBGary Federal wanted to present its research at an upcoming security conference.
In response, Anonymous did a number on HBGary by hacking into its email system and uploading 60,000 emails onto file-sharing networks. Anonymous also defaced HBGary's website with an image explaining their motives as well as taking over the Twitter feed of HBGary's chief exec, Aaron Barr, to tweet abuse as well as supposed details of his home address and social security number. LinkedIn accounts of other senior HBGary execs were also targeted for attack.
Anonymous also posted HBGary's research of the hacking collective, claiming that the names and addresses of Anonymous members gleaned by the firm are largely bogus. The techniques and methods employed during the attack remain unclear.
The assault is far more sophisticated than the usual denial of service attacks deployed by Anonymous volunteers against organisations that earn its displeasure, such as entertainment industry firm-hassling file-sharing sites and the Church of Scientology as well as as those refusing to cash WikiLeaks' cheques.
The assault on HBGary follows the same pattern as a previous assault against ACS:Law, a controversial legal firm that ran a business sending threatening letters to alleged file-sharers.
HBGary's website had been replaced by an "under construction" holding page at the time of writing. Rootkit.com, a research site maintained by HBGary, and also hit by the attack remains unavailable. ®
Sponsored: Data Loss Prevention & Data Theft Prevention