Bruised by Anonymous, HBGary Federal pulls out of RSA

E-mails stolen by hactivist group Anonymous indicate that the security company it targeted was proposing to make a “new breed of rootkit” and that it passed along the plan to a technology firm that caters to the federal government.

The latest in security: Hot products from RSA 2011

An attachment to one of the stolen HBGary Federal e-mails calls for creating a rootkit that would find and execute command and control messages as would a compromised machine in a botnet, according to a copy of the e-mail posted by

The document lists the virtues of the proposed Magenta Rootkit: "New breed of rootkit - There isn't anything like this publicly/ Extremely small memory footprint - (4k or less)/Almost impossible to remove from a live running system".

The founder of HBGary (the parent company of HBGary Federal) Greg Hoglund, sent a copy of the Magenta proposal to the president of Farralon Research, Ray Owen, according to the posted e-mails. Farralon posted this brief description of itself on its Web site: "The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government."

As the stolen HBGary e-mails come to light, hints about the way the firm conducts business have come out, including an apparent plan to gather data about union organizers identified as opponents of the U.S. Chamber of Commerce. Methods used to gather the information include scraping Facebook data, which violates Facebook's terms of use.

The chamber and other security firms mentioned in the e-mails about the plan to make public statements deploring the proposal.

Beyond the revelations from the stolen e-mails, HBGary Federal has pulled out of the RSA Conference in San Francisco, saying it's in the best interest of its employees and the conference.

The company had a leased booth on the show floor, but shut it down after it was vandalized Sunday night. HBGary left behind a sign to explain its departure: "HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," the company's message reads.

The company's CEO Aaron Barr was to have revealed the names of people who make up Anonymous at the Security B-Sides conference, also being held in San Francsico this week. Barr dropped out of that conference last week after Anonymous hacked into HBGary Federal's network and stole thousands - estimates are as high as 77,000 - e-mails and posted them on the Web.

Worst moments in network security history

Anonymous said in Web posts that it had done so as a preemptive strike against HBGary Federal's plan to out its members. Anonymous posted information contained in the e-mails about what HBGary Federal had discovered about Anonymous and ridiculed it as being inaccurate and incomplete.

Anonymous became the target of HBGary after the secret group launched attacks against the Web sites of businesses that tried to quash Wikileaks posts of stolen U.S. State Department diplomatic cables. HBGary Federal e-mails indicate the firm proposed selling information about the identities of Anonymous members to the FBI.

HBGary Federal has posted the same message on its Web site that it placed in its RSA booth, and it indicates that it plans to fight back. The message reads in full: "A group of aggressive hackers known as "Anonymous" illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.

"In addition to the data theft, HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.

"Thank you to all of our employees, our customers and the security community for your continued support.

"HBGary, Inc."

Hacked and now vandalized, HBGary pulls out of RSA

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags HBGarysecuritylegalanti-malwarecybercrime

More about FacebookFBILANRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place