Anonymous strikes again!

[Wolfy]

http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/


So yeah, as the news Article says, Anonymous hacked into HBGary, a security organization that was helping the FBI track down members of their "Group" and basically bent them over a table and gave them what-for for attacking them.

Scary? Or something to cheer for?

What are your thoughts, Elliquiy? Do you support this internet vigilantism, or do you want them all to be caught and tried? :D

[Dizzi]

Anon. is... Odd.  Sometimes I cheer for them1  Yay!  way to get at Gene for being a douche!  Awesome!  you found the puppy throwing girl!

and then They do shit like:
Harass puppy throwing girl until she needs police protection
harass many people until they need protection/are driven to insanity
etc.

I have an entire pitch package ready for a doc about 4Chan and anon but I am afraid to pitch it as it may incite the wrath of Anon...

[Callie Del Noire]

Agree with Dizzi.

They do some good..then keep doing stuff that makes them bad guys. It's like there are parts of the 'group' that really don't understand the words 'restraint' or the phrase 'enough is enough'.

Like the stuff they did to the two women charging Julian Assange with sexual assault. They posted every single detail of their life online. I think some of the the openess of the Anon group actually plays against their goals.

I like the way they spanked the Scientologists but even there they go too far at times.

[Beguile's Mistress]

They remind me of the Spy vs. Spy guys in the Mad comics.  Of course, they're throwing bombs at themselves.

[DudelRok]

Every time I hear something about Anonymous my brain instantly goes to Ghost in the Shell and I can't take them seriously. Quit frankly, they shouldn't be taken seriously... as they originated from 4chan and aren't doing anything with their "power" outside of harass the computer illiterate.

Spoiler: Click to Show/Hide

[Callie Del Noire]

Every time I hear something about Anonymous my brain instantly goes to Ghost in the Shell and I can't take them seriously. Quit frankly, they shouldn't be taken seriously... as they originated from 4chan and aren't doing anything with their "power" outside of harass the computer illiterate.

Spoiler: Click to Show/Hide

I would agree but clearly they are articulate and savvy enough to get a network admin at a computer security firm to give them access to the secure sections of his firm's network.

Social Engineering and Tech Savvy can be used against anyone. Just the different amounts of success.

[DudelRok]

I would agree but clearly they are articulate and savvy enough to get a network admin at a computer security firm to give them access to the secure sections of his firm's network.

Social Engineering and Tech Savvy can be used against anyone. Just the different amounts of success.

If you read the article, the people within anonymous that actually did this were the very few who had any degree of actual skill.

For the most part, anonymous is just kids playing "Answer the security questions." ...and that's not much different as the only thing, at least according to the article linked, that was obtained were emails; and then it was the use of Twitter accounts. Generally, picking on individual people within the company and by doing so using already confirmed (and simple) manners to get into those types of accounts.

I could also argue that manipulating people into giving you information as you want it isn't difficult (Social Engineering) due to natural behaviors.

[Callie Del Noire]

In a phone interview late Sunday evening, Hoglund said that unlike the more traditional Web-site attacking activities of Anonymous, the hackers who infiltrated HBGary’s system showed real skills, even social engineering a network administrator into giving them complete control over rootkit.com, a security research site Hoglund has long maintained.

A network admin, by definition, should be savvy enough to know what he's doing and what to watch out for.  He/She shouldn't be an 'easy' target for folks like Anon?

That quote is from the article at the beginning of the thread.

[Wolfy]

Don't forget that they laughed at the information gathered one their members, and then proceeded to post it themselves onto filesharing websites just to show that they had nothing to fear from it. o3o

That takes some balls. o3o

[Oniya]

Unfortunately, the 'pastie' that bit links to is no longer available, so we don't know if maybe they used one of the hacked email/twitter/whatever accounts to pose as a legitimate employee to gain that access.  That being said, if I were a network admin, I'd want to be aware of who should have access - by name, and by voice and picture.  If someone needed that access, I would verify by telephone callback that I was giving the access to who I thought I was giving it to.

[DudelRok]

A network admin, by definition, should be savvy enough to know what he's doing and what to watch out for.  He/She shouldn't be an 'easy' target for folks like Anon?

That quote is from the article at the beginning of the thread.

The problem is that a "network administrator" doesn't mean what it is supposed to mean. They worry about internal stuff, and most "network administrators" are nothing more than business degree flops who went and got their network certifications during the networking job rush.

The people who actually know what they are doing currently work for Best Buy. XD

Unfortunately, the 'pastie' that bit links to is no longer available, so we don't know if maybe they used one of the hacked email/twitter/whatever accounts to pose as a legitimate employee to gain that access.  That being said, if I were a network admin, I'd want to be aware of who should have access - by name, and by voice and picture.  If someone needed that access, I would verify by telephone callback that I was giving the access to who I thought I was giving it to.

And the boss would call you paranoid, saying you were wasting both time and money. Then again, I doubt you're a computer illiterate.

Don't forget that they laughed at the information gathered one their members, and then proceeded to post it themselves onto filesharing websites just to show that they had nothing to fear from it. o3o

That takes some balls. o3o

Posting already public information doesn't take balls, it just shows the other person that they are stupid and don't know what they are doing.

The short of this entire thing is: "It isn't a big deal, or that shocking, to see this happen."

[Oniya]

And the boss would call you paranoid, saying you were wasting both time and money. Then again, I doubt you're a computer illiterate.

*tips hat*

Actually, it would take a 5 minute call at worst.  "Hey - did you just email me for root access?  No?  You need to change all your passwords, then.  Someone just tried to hack us pretending to be you."

[Callie Del Noire]

Thats kind of a broad assumption DudelRok. Not all Network Admins are failed Masters of Business Atrocities. I would assume that a company that looks into computer security as their main practice would hire a qualified person to do the job. I'm just pointing out that if you do your research and due diligence that anyone is vulnerable to the verbal games that are part and parcel to social engineering.

[Wolfy]

:/ The fact of the matter is, it's a Security firm that's supposed to protect against hackers and gather information...yet they got hacked themselves.

Moral: Irony is a cruel bitch. :D

[Callie Del Noire]

:/ The fact of the matter is, it's a Security firm that's supposed to protect against hackers and gather information...yet they got hacked themselves.

Moral: Irony is a cruel bitch. :D

I prefer to think of it as..

Moral: Anyone is vulnerable if they don't pay attention.

As one commentator on the BBC said while I was growing up, the defender has to be constantly successful while an attacker has to succeed to once.

[DudelRok]

*tips hat*

Actually, it would take a 5 minute call at worst.  "Hey - did you just email me for root access?  No?  You need to change all your passwords, then.  Someone just tried to hack us pretending to be you."

Hehe, point.

Thats kind of a broad assumption DudelRok. Not all Network Admins are failed Masters of Business Atrocities. I would assume that a company that looks into computer security as their main practice would hire a qualified person to do the job. I'm just pointing out that if you do your research and due diligence that anyone is vulnerable to the verbal games that are part and parcel to social engineering.

I didn't say, "All." The current job market for networking administration, though, wants any kind of degree and your network certifications; that's it. And just because someone is qualified, doesn't make them suddenly any less stupid. Otherwise, yes... anyone is vulnerable to predatory behavior.

I'm, more-so, saying that what happened isn't as big an "OMG" as the news outlets want us to believe. For one, all Anonymous did (and ever does) was hack a few email and Twitter accounts, and probably by guessing security questions. They are not much more than a group of organized con-men with computers, and con-men tend to go for easy targets. (Con-men also don't stop until said target is bone dry and left with nothing.)

...and I can't comment about the security business, itself, but I'm curious as to the kind of security they actually do. It's a vague word and while some computer/cyber based security is in networking, a lot of it is more on internal fail-safes and firewalls... next to which is education on computer safety (which someone in the company obviously needs). I couldn't get much on the company with Google-fu but that's because they are currently on lock-down for obvious reasons.

[Callie Del Noire]

Hackers have been and always will be con-men. They are more techsavy than the bunko artists doing card plays in the park, but the ability to elicit trust, sympathy and empathy are as vital a skill as understanding the underlying systems a network works on.

Kevin Mitnick credits most of his work with the ability to talk otherwise smart people into breaking procedures they know were in place for a reason. And if anyone knows how a hacker things/operates he'd be one of them.

[Sabby]

I didn't read all the topic (made my head hurt :P) But honestly, this is a good thing in the same way that challenging the Government is a good thing... The FBI need to deal with this kind of stuff all the time, and if they are constantly tracking down second rate hackers and never actually get challenged, the over all quality of their work will degrade.

Right now, realizing a bunch of kids downloading lolicon torrents managed to hack them should show them they need to pick up their act.

[Callie Del Noire]

Just because their antics might be construed as childish doesn't mean they are less smart or willful than the hackers who do it purely for cash. Never assume they are only as mature as their emotional threshold.

I knew a guy who used to overdrive his computer by taking his CPUs into work and physically rewiring them in the micromin lab. Maturity wasn't his thing though. He could rewrite code on the test benches to the point he worked on. Came up with a 'virus' to rewrite the bugs in the test program text. Utter genius.

My friend's 6 year old kid is more mature.

I know of at least three supervisors who suffered for giving him grief. He'd fit right in with the Anon crowd and he's in the 30+ age group.

[Xenophile]

What people need to understand that "Anon" is a name for a group comprised of individuals. Some individuals are of the rare breed of righteous vigilantes, like the ones that found out the puppy drowning girl. Others are mean spirited assholes, like the ones doing the kind of shit like sending bomb threats to Stadiums. Others just go out and demonstrate against the Church of Scientology with masks and plaques on rallies, but most are slouches.

Branding the "Anon" group as something like this, or something like that are doing it wrong. They need to aim their labelling at the  individuals in question hiding under the name that basically applies to everyone that is active in the 4chan forums.

[Callie Del Noire]

I'd say they are an information sharing network more than an actual group. You have some idea of where to find out what the group is interested in, what they (as indiviguals) will share and you can put your own spin on it from there.

[Serephino]

Just because their antics might be construed as childish doesn't mean they are less smart or willful than the hackers who do it purely for cash. Never assume they are only as mature as their emotional threshold.

I knew a guy who used to overdrive his computer by taking his CPUs into work and physically rewiring them in the micromin lab. Maturity wasn't his thing though. He could rewrite code on the test benches to the point he worked on. Came up with a 'virus' to rewrite the bugs in the test program text. Utter genius.

My friend's 6 year old kid is more mature.

I know of at least three supervisors who suffered for giving him grief. He'd fit right in with the Anon crowd and he's in the 30+ age group.

My boyfriend is a lot like that.  Some days, living with him is like living with a tall toddler.  However, he's very good with computers, and very smart.  He told me about when he was in high school he and his friends wrote a virus that took out the whole school network because of a few remarks made by the computer teacher.  Someone hacked into our network, so he hacked into their computer and formatted it.

[Vekseid]

Unfortunately, the 'pastie' that bit links to is no longer available, so we don't know if maybe they used one of the hacked email/twitter/whatever accounts to pose as a legitimate employee to gain that access.  That being said, if I were a network admin, I'd want to be aware of who should have access - by name, and by voice and picture.  If someone needed that access, I would verify by telephone callback that I was giving the access to who I thought I was giving it to.

This is kindof interesting. Reading their report, it looks like they completely missed what happened to wikileaks dot org (the sticky I have at the top of this forum). They seem to be idiots pretending to be competent.

HBGary presents itself as a computer security company, however-

- hbgary dot com is hosted on a shared webhost. This explains how they got hacked pretty easily.
- rootkit dot com was colocated at Herakles Data Center, however, they don't offer server management solutions at a high level. Very basic stuff only. The network administrator involved probably oversees hundreds of servers, and is more interested in whatever router issue is going on than with some idiot who lost his root password. The idea of their e-mail account being compromised probably didn't occur to him.

My own host doesn't even have Elliquiy's root password, for crying out loud.

[Wolfy]

Related, because Anonymous is part of/started on 4chan:

http://www.escapistmagazine.com/news/view/107688-4Chan-Helped-FBI-Prevent-A-School-Shooting-No-Really

So yeah, as it says, 4chan helped prevent a school shooting. :D

See, they aren't all internet terrorists.

[Vekseid]

...the idea of having a topic is to focus on a single topic of discussion.

Anyway, here is the raw pastebin from when Greg's account got hacked:

HBGary E-mail Viewer

greg@hbgary.com

Go back


Original file:    27606
click here to show this e-mail with HTML markup
From:    jussi jaakonaho <jussij@gmail.com>
To:    Greg Hoglund <greg@hbgary.com>
Date:    Sun, 6 Feb 2011 22:15:54 +0200
Subject:    Re: need to ssh into rootkit
click here to show full headers
Attachments:    This e-mail does not have any attachments.



did you open something running on high port?


On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:

> ok let me know if you need me
>
> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>> tnx.
>> i am also connected to the box, seems some people have download problems -
>> have figured earlier that some chinese used chinese chars on names of files,
>> which then our filtering stripped off when putting db etc. so some db
>> editing
>>
>>
>> _jussi
>>
>> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
>>
>>> ok ill make sure to get you a new license asap.
>>>
>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>> np.
>>>> btw i did not shut down the firewall so it still protects with too many
>>>> connections from same source address.
>>>>
>>>> i have also downloaded latest backups from /home/varmi to my homebox,
>>>> just
>>>> in case.
>>>>
>>>> oh, also seem my license is expiring for responder again. o:-) was
>>>> thinking
>>>> to put it into box with more memory.
>>>>
>>>> _jussi
>>>>
>>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
>>>>
>>>>> yup im logged in thanks ill email you in a few, im backed up
>>>>>
>>>>> thanks
>>>>>
>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>> nope. your account is named as hoglund
>>>>>>
>>>>>>
>>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
>>>>>>
>>>>>>> yes jussi thanks
>>>>>>>
>>>>>>> did you reset the user greg or?
>>>>>>>
>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>> does it work now?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
>>>>>>>>
>>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
>>>>>>>>> for a little bit.
>>>>>>>>>
>>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
>>>>>>>>> 65.74.181.141?
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>>
>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>> ok,
>>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
>>>>>>>>>> testing
>>>>>>>>>> so
>>>>>>>>>> that it works for sure.
>>>>>>>>>> your password is changeme123
>>>>>>>>>>
>>>>>>>>>> i am online so just shoot me if you need something.
>>>>>>>>>>
>>>>>>>>>> in europe, but not in finland? :-)
>>>>>>>>>>
>>>>>>>>>> _jussi
>>>>>>>>>>
>>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
>>>>>>>>>>
>>>>>>>>>>> no i dont have the public ip with me at the moment because im
>>>>>>>>>>> ready
>>>>>>>>>>> for a small meeting and im in a rush.
>>>>>>>>>>>
>>>>>>>>>>> if anything just reset my password to changeme123 and give me
>>>>>>>>>>> public
>>>>>>>>>>> ip and ill ssh in and reset my pw.
>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>>
>>>>>>>>>>> On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote:
>>>>>>>>>>>> hi,
>>>>>>>>>>>>
>>>>>>>>>>>> do you have public ip? or should i just drop fw?
>>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
>>>>>>>>>>>>
>>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> _jussi
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> jussi
>>>>
>>>>
>>
>>