Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HBGary Hack In Depth

timothy posted more than 3 years ago | from the injectification-nation dept.

Government 65

Udo Schmitz writes "Heise's UK site has the English translation of an article from the latest issue of their magazine c't about Anonymous's HBGary hack. It shows that there was much more involved than just social engineering to get passwords, and how anonymous evolved following OpTunisia and OpEgypt."

cancel ×

65 comments

Sorry! There are no comments related to the filter you selected.

Coons (-1)

Anonymous Coward | more than 3 years ago | (#35400976)

Many people would have you believe that there is nothing whatsoever the Black people can do about racism, that it is something the White people are
going to do no matter what, that it is not something the Black people have any control over. They would tell the Black man that he is powerless in
this case, a helpless victim who can do nothing to help his plight. It is especially disturbing when this message comes from those who are otherwise
a friend of the Black man. Like Liberalism, it is a childish conception of the world that, while well-meaning, renders its believers powerless over
their own life experience due to its own short-sightedness.

So what can Black people do to effectively end racism? First, they can stop assuming that White people are inherently racist. To assume that a
person is full of hatred or judgment towards others merely because of his or her light skin color is to engage in the very racism they claim to be
against. Racism of that sort won't end racism, no more than gasoline will put out a fire. So we can abandon this failed idea and look to the things
White people see that make them think less of the Black man. These are some steps that Black people can unite and take together if they really want
to end racism:

  • Stop committing a disproportionate number of violent crimes. When White people go to other countries that also have diverse populations, and
    notice that the violent crimes committed by Black people is higher than any other single racial/ethnic group when adjusted for their percentage of
    the population, what are they supposed to think? If you don't want to be regarded as a savage people who were brought out of the tribal jungle too
    soon and haven't yet learned to cope with the whole civilized society thing, please stop acting the part.
  • Stop having a disproportionate number of bastard children. This one can't be emphasized enough as it is surely related to all the other points.
    Black men, if you don't even care about your own children enough to let them know who you are, if you think so little of them, how is the White man
    going to argue with you? Parenting is easily the most important responsibility any adult is likely to ever have, and you abandon it willingly. What
    are White people supposed to think when you do this far more than any other single racial/ethnic group? Do you think it makes you respectable? When
    even their own fathers shunned them, oes it surprise anyone that such bastard children are far more likely to be incarcerated, far less likely to go
    to college?
  • Stop glorifying the "thug" image. When you act like your highest and most noble goal in life is to be a career criminal, and talk happily about
    abusing women, abusing drugs, stealing, murdering, etc., it doesn't make White people think you're a good human being. It doesn't make White people
    respect you. It makes them think you're a menace, and when the media helps you spread this message and it influences impressionable White youth, it
    makes them think you're a contagious menace, like any other disease or infestation. Anyone who wants to hate you for your skin color will feel
    justified by all of this.
  • Stop blaming all of your problems on racism. Many groups, from the Native Americans to the Irish Catholics to the Chinese to the Japanese to the
    Jews and many, many others have unfortunately suffered some kind of racial or ethnic discrimination. Yet they don't top the charts on violent crime
    statistics. They don't have tons of bastard children. They don't glorify being a thug. The Asians in particular have had a great deal of success
    because they highly value education. The Jews have amassed financial empires that are the envy of many Capitalists. They all have something in
    common. When they fail, they blame their own bad decision-making. When they succeed, they attribute it to their hard work. They take personal
    responsibility for their situation, and if it sucks, they work to improve it.

    Some White people may hate your guts. They may think you're less than a human being. But no thought in a White person's head forces you to commit
    violent crimes. No thought in a White person's head forces you to abandon your own children and leave them fatherless. If you won't recognize and
    deal with your own shortcomings in order to become a stronger people, who is going to do that for you? You may have a scapegoat but it's costing you
    dearly.

  • Establish one stable, successful, peaceful, prosperous Black nation. Just one will do. This is a quote from Hesketh Prichard. It's pretty bad,
    but it illustrates what White people are thinking when they see failed Black nation after failed Black nation. If you want to shut them up, prove
    them wrong:

    "The present condition of Haiti gives the best possible answer to the question, and, considering the experiment has lasted for a century, perhaps
    also a conclusive one. For a century the answer has been working itself out there in flesh and blood. The Negro has had his chance, a fair field, and
    no favor. He has had the most beautiful and fertile of the Caribees for his own; he has had the advantage of excellent French laws; he inherited a
    made country, with Cap Haitien [A once beautiful town on the north coast of Haiti] for its Paris. . . . Here was a wide land sown with prosperity, a
    land of wood, water, towns and plantations, and in the midst of it the Black man was turned loose to work out his own salvation. What has he made of
    the chances that were given to him? . . .

    At the end of a hundred years of trial how does the Black man govern himself? What progress has he made? Absolutely none."

If you address all of those things and still continue to experience racism, you will then have a valid case against White people. As things are now,
White people are merely being objective when they see these things and wonder what's wrong with you. The only difference is that some will have
compassion for you, while others will think negatively of you. Don't like that? Work on yourselves.

Re:Coons (-1)

Anonymous Coward | more than 3 years ago | (#35401334)

Do tell more...

Re:Coons (3, Funny)

Anonymous Coward | more than 3 years ago | (#35401814)

"Why do you feel that Python is so bad? What do you find wrong with it?"

Re:Coons (0)

FatdogHaiku (978357) | more than 3 years ago | (#35402216)

"Why do you feel that Python is so bad? What do you find wrong with it?"

If you had not AC'ed that I would have modded it funny.

Re:Coons (-1)

Anonymous Coward | more than 3 years ago | (#35402300)

+1 meta-funny!

Re:Coons (-1)

Anonymous Coward | more than 3 years ago | (#35402622)

lulz

Lots of Security Holes (4, Funny)

WrongSizeGlass (838941) | more than 3 years ago | (#35400994)

HBGary's systems were just riddled with security holes. From URL parameters that weren't scrubbed to straight MD5 password hashing to using the same password for several (and possibly many) accounts on different systems (servers, email, Twitter, LinkedIn, etc). I'm sure glad something as important as our government didn't use their security services. Oh, wait ... D'oh!

Re:Lots of Security Holes (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35401308)

Interestingly, HBGary Federal never won any actual government contracts.

Re:Lots of Security Holes (0)

Anonymous Coward | more than 3 years ago | (#35401918)

Out of curiosity, who says? I really doubt that if there where any contracts, they would be left unclassified.

Re:Lots of Security Holes (3, Insightful)

cpscotti (1032676) | more than 3 years ago | (#35401972)

<quote><p>Out of curiosity, who says? I really doubt that if there where any contracts, they would be left unclassified.</p></quote>

Duhh..... Well, I think all the data Anonymous "de-"classified would contain any hint to that if that was the case!
We're not talking about all the things they "left unclassified" here; someone force-declassified everything!

/. regime in debt? (-1)

Anonymous Coward | more than 3 years ago | (#35400996)

must be some reason for all this censorship/nonsensical use of robbIEs patentdead PostBlock devise/goon style vandalism? no?

Well that was a load of crap (5, Insightful)

AmonTheMetalhead (1277044) | more than 3 years ago | (#35401030)

Check out Ars Technica's coverage, much much better

Re:Well that was a load of crap (2)

RafaelAngel (249818) | more than 3 years ago | (#35401092)

link?

Re:Well that was a load of crap (0)

Anonymous Coward | more than 3 years ago | (#35401110)

Clearly you're too lazy to look it up, just like he was too lazy to post the link.

Re:Well that was a load of crap (4, Informative)

RenHoek (101570) | more than 3 years ago | (#35401114)

It's here, in the Slashdot story that was already posted about 3 weeks ago:
http://it.slashdot.org/story/11/02/17/0041208/Anatomy-of-the-HBGary-Hack [slashdot.org]

Re:Well that was a load of crap (3, Informative)

Udo Schmitz (738216) | more than 3 years ago | (#35401148)

It's here, in the Slashdot story that was already posted about 3 weeks ago:
http://it.slashdot.org/story/11/02/17/0041208/Anatomy-of-the-HBGary-Hack [slashdot.org]

I missed that. Well ... what would /. be without dupes ...

Another one:

http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars [arstechnica.com]

Re:Well that was a load of crap (1)

Nogami_Saeko (466595) | more than 3 years ago | (#35403592)

The ArsTechnica article was far superior IMHO. Much more technical detail about how they went about it.

The interesting thing is that a single solid security measure could've blocked (or at least limited) the scope of the hack, but they managed to chain enough exploits and hacks together to be able to spoof an identity, which resulted in the final hack that allowed them access to the email data.

Re:Well that was a load of crap (1)

plover (150551) | more than 3 years ago | (#35404292)

That they were able to chain so many together says loads about their security practices and policies. One SQL injection attack is a mistake. But on a home-grown internet-facing execs-only CMS server? Who architected their setup? Who did security reviews? Who set up their password policies? Hell, there's no evidence at all of a security policy. At a security company.

It's good for them that Barr stepped down, but they have a lot to fix before the rest of their clients jump ship.

Re:Well that was a load of crap (3, Insightful)

Carewolf (581105) | more than 3 years ago | (#35401156)

Isn't this essential the Ars Technica's article translated to german, and then translated back to english?

Re:Well that was a load of crap (2)

AmonTheMetalhead (1277044) | more than 3 years ago | (#35401270)

That would explain the odd writing i guess

Re:Well that was a load of crap (1)

hitmark (640295) | more than 3 years ago | (#35401806)

I got that same sensation, tho it could be because of the same source material. The brief mention of a conversation with two "members" i do not recall showing up in any of the Arstechnica stuff.

Re:Well that was a load of crap (1)

Haedrian (1676506) | more than 3 years ago | (#35401678)

http://developers.slashdot.org/story/11/03/06/2142233/Disarm-Internet-Trolls-Gently [slashdot.org]

Why did you think that this article was a load of crap? Perhaps there's some good in both stories.

Meh, this system sucks.

Re:Well that was a load of crap (1)

Samantha Wright (1324923) | more than 3 years ago | (#35402958)

No, no, you're doing it wrong. As the first reply to the first comment on this article said,

Why do you feel that Python is so bad? What do you find wrong with it?

Emergent behavior at its best (1)

snikulin (889460) | more than 3 years ago | (#35401080)

I just wonder if Skynet can be powered by human brain cells.
Also a lot of other sci-fi stuff comes to mind, including Azimov's Foundation.

Re:Emergent behavior at its best (1)

MareLooke (1003332) | more than 3 years ago | (#35404772)

We have an internet provider called Skynet [skynet.be] over here (Belgium), and it definitely is not powered by any kind of brain related things, greed on the other hand...

Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35401108)

They're the sexiest Hydra alive today. .gov can't stand it.

Re:Anonymous (5, Insightful)

Anonymous Coward | more than 3 years ago | (#35401226)

They're not a Hydra, which is a monolithic monster with no single termination point and self-repair to incremental attacks.

They're a stand-alone complex, which is not even a single entity to begin with.

Which makes them even harder to kill, and, to established powers they oppose, even more fearsome. (OTOH, to the extent they can be developed and manipulated to suit one's ends, they're a most powerful weapon. You can bet the shadowier sides of governments have any number of would-be Kazundo Gouda types analyzing the phenomenon.)

Re:Anonymous (1)

Samantha Wright (1324923) | more than 3 years ago | (#35402960)

I was skimming the second half of your post, and "Kazundo Gouda" turned into "Kudzu". Let's go with "kudzu" instead of "hydra". It just fits so well. I mean, they're a pretty invasive species, and in the world of government intelligence operations, a fleet of teenagers in it for the lulz is pretty alien.

corepirate nazis transmit fake video to aliens? (0, Funny)

Anonymous Coward | more than 3 years ago | (#35401120)

ALL happy/pink/chubby/well armed/ordained etc... we are in the clip? no surprise there? are we sleek or what?

New villain (3, Funny)

proverbialcow (177020) | more than 3 years ago | (#35401142)

Why do I get the feeling HBGary is just filling the void left by SCO as Slashdot's "villain to post about in the absence of real news"?

Re:New villain (1)

AmonTheMetalhead (1277044) | more than 3 years ago | (#35401282)

Hey, we got Apple for that!

Re:New villain (0)

Anonymous Coward | more than 3 years ago | (#35401400)

Apple gets more praise than not on Slashdot. The fanbois have a persecution complex though: even when they do outnumber everybody, they feel as if they're in the extreme minority.

Re:New villain (0)

Anonymous Coward | more than 3 years ago | (#35402164)

Well, that's because Steve Jobs does them one at a time, in a dark dungeon. Anybody is bound to feel insecure when he does not know just how many of his likes are out there in the line.

Re:New villain (1)

hilather (1079603) | more than 3 years ago | (#35401868)

Why do I get the feeling HBGary is just filling the void left by SCO as Slashdot's "villain to post about in the absence of real news"?

I was really hoping Oracle with their attack on Android would fill that void... HBGary is just the comic relief.

We Can All Be Anonymous (3, Interesting)

Anonymous Coward | more than 3 years ago | (#35401216)

We can all be anonymous. It helps to really know what you're doing, it helps to have no "skeletons" in the closet, it helps to have some passion about what's happening in the world and to want to do something about it. Who's in control? Does that matter? We all can be anonymous.

---Jack O

Re:We Can All Be Anonymous (5, Funny)

Anonymous Coward | more than 3 years ago | (#35401652)

The first step of being anonymous would be to not sign your name at the end of a post...

Re:We Can All Be Anonymous (1)

Anonymous Coward | more than 3 years ago | (#35401884)

Ha! you got pwned. My name is really Jim O.

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35402778)

And I am Justin Beiber

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35403110)

And I am Spartacus.

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35403244)

I am Spartacus!

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35403370)

And, I've been porking your mom!

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35403954)

I'm Brian...and so's my wife!

Re:We Can All Be Anonymous (1)

scubamage (727538) | more than 3 years ago | (#35404930)

I am the walrus. Koo-koo-ka-choo.

Re:We Can All Be Anonymous (1)

Anonymous Coward | more than 3 years ago | (#35404984)

And my axe.

Re:We Can All Be Anonymous (0)

Anonymous Coward | more than 3 years ago | (#35405972)

So THAT'S what happened to Cowboy O!(Formerly, Cowboy X)

Nice to see ya on slashdot! Feel free to stop by the gift shop, while you're at it!

Might say "hi" to Cowboy Neal, since you're here.

What a waste of time (5, Interesting)

Anonymous Coward | more than 3 years ago | (#35401238)

Don't bother reading this article, it's horribly written and not particularly correct. They make it sound like HBGary Federal was some giant security company when in reality is was a small-time 4 person company. Oh my god you broke into a 4 person company's email and the idiot manager's twitter account!

So tired of seeing this "hack" replayed on Slashdot.

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35401718)

Oh, hi Penny!

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35402106)

It wasn't well written, although there are a few tidbits here that I haven't read elsewhere. The hack sounds really bush league. SQL injection has been around for a very long time. There are gobs of security countermeasures. One password easily sniffed with Ribbon tables? Weak password! (and from a security company?). Repeating a password? Bush league! Not keeping a system up to date (and don't tell me Linux is hard to keep up to date, the updates come automatically with update manager, it pops up on its own, and all you have to do is press a button labelled 'update' and enter your (non-root) password. It does all the rest!). Linux updates are also secure: every package is cryptographically signed, and verified immediately after download. If it fails, the file is resent. If that fails, it tries another server. If that fails, it doesn't update that package and sends an error message. Arron Barr clearly doesn't know anything about computers, security, or statistics. How he got the job (apart from being a suit with a winning smile, firm handshake, and a power tie) is a mystery. From the emails and his attempts at data mining, he has neither skill in numeracy nor literacy.

Re:What a waste of time (5, Informative)

Runaway1956 (1322357) | more than 3 years ago | (#35402224)

Actually, you overplay your attempt to downplay HBGary Federal. While they never actually won any government contracts, they did have credibility with the US government, they did have access to a lot of "insider" stuff, and they were in negotiations with other contractors to provide some rather big-time stuff. They enjoyed the backing of their parent company, a major figure in the corporate world.

Note that I do NOT claim that thier credibility was justified, nor do I claim that their wares were anything more than vaporware - but they were much, much more than some upstart company operating on less than a shoestring in someone's garage with only 4 employees.

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35402640)

They enjoyed the backing of their parent company, a major figure in the corporate world.

Hahahahahaha, "major figure" in the corporate world. So major that nobody on Slashdot had heard of them before this. So major that they have 2 total products? So major that they are headquartered out of... Sacramento? Hahahaha.

Re:What a waste of time (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35403546)

Greg Hoglund is quite a major figure, after his work on rootkit.com and lectures at Blackhat Briefings.

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35402240)

A 4 person company? I see atleast a dozen people with @hbgary.com email addresses.

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35402762)

HBGary != HBGary Federal. Different companies.

Re:What a waste of time (0)

Anonymous Coward | more than 3 years ago | (#35402888)

Nah, they are the fake profiles that Aaron Barr set up to game Anonymous and others to gain legitimacy.

Old news (1)

Anonymous Coward | more than 3 years ago | (#35401258)

hbgary was foolish. hbgary got punked.

we all laughed.

NEXT!

Authentic Chanel Bags,Cheap Chanel Bags,2011 Chane (-1)

Anonymous Coward | more than 3 years ago | (#35401478)

Cheap Chanel Handbags Wholesale,Buy 2011 Cheap Chanel Bags with low price top qualit.Discount UP to 50% OFF! Cheap Chanel Bags [bagsshine.com]

We Need OpObama! (-1)

Anonymous Coward | more than 3 years ago | (#35401996)

Barak Hussain Obama, President of the United States of America, is evil.

We need OpObama to show:

1) verbatum transcripts of the telephone communicaitons of Obama and leaders in Egypt, Tsunisa, Libya, Yemin, Saudi Arabia and Brihan.

2) US Treasury transactions to accounts owned by leadears in Egypt, Tsunisa, Libya, Yemin, Saudi Arabia and Brihan. For the War Crimes Trial an important element is the timing of the monetary transcations.

With these we could very well send Barak Hussain Obama to hang on a Gallows.

-308

PS. 3 million people world wide are praying for the death of Barak Hussain Obama. In 20 days, how many people will be added?

Barak Obama Classified as an 'It' (-1)

Anonymous Coward | more than 3 years ago | (#35402714)

This just in:
The Centers for Disease Control (CDC) in Atlanta, through extensive testing of Barak Hussain Obama's sperm have determinted that President Obama is an "It". This means that President Barak Hussain Obama is not a human, homo sapians or any other living creature.

This means that local laws, state laws, federal laws and international laws do not in fact pertain to President Barak Hussain Obama. The CDC suggests that President Obama can therefore be killed or as should be stated, exterminated, without regard to legal statutes.

From the CDC, "The 'IT' formerly known as President Barak Hussain Obama, is not human and can be exterminated at the earliest convient time.

3 Cheers for the brave humans of the CDC.

-308

Old news (1, Offtopic)

aztektum (170569) | more than 3 years ago | (#35402758)

Seriously, Taco, just turn the site into an RSS portal with a comments section. The horrid summaries, old news and dupes are not helping.

Slashdot was ahead of the game 12 years ago, but now it's a dying horse. Time to try something new.

Re:Old news (0)

Anonymous Coward | more than 3 years ago | (#35403838)

And yet you come here, day after day.

Re:Old news (1)

scubamage (727538) | more than 3 years ago | (#35404962)

Slashdot, like /b/, was always dying, and will always be dying. Kinda like a hypocondriac with access to a medical encyclopedia and too much spare time.

Re:Old news (1)

michaelok (1892648) | more than 3 years ago | (#35406848)

You forget that it's the YOU that make or break the site. So if Slashdot still has the interest of some sharp folks out there, with excellent insight and comments, then it's still a viable site. Note the crazy topsy-turvy world of Digg (talk about dupes and poor summaries), now there's Reddit, and others, and I guess Facebook, but as long as Slashdot attracts good readers, they'll do fine.

little error in TFA (0)

Anonymous Coward | more than 3 years ago | (#35404264)

Wrong:
Hoglund's inbox contained the root password for his rootkit.com security web site

Correct:
Hoglund's inbox contained an old root password for his rootkit.com security web site

So Anonymous also social-engineered the new root password. FTW!

1337 (1)

SchmeeSquee (1757142) | more than 3 years ago | (#35430916)

Doesnt this spark anything in the minds of the local hackers and crackers out there? security in buisnessess are low. why? The fear of being hacked is unfeasible because people who dont know what they are doing trust people who say they know what they are doing but accually are being payed to watch the "ping" and "pong" of packets between two servers in the company. Time to start hacking again...make the government quake at the mention of hackers like what used to happen. My suggestion....packet flood a net of IP addresses in your local area so the "geek squad" is focused on that then...your sort of free.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?