HBGary Federal has been working on unmasking the identities of the “Anonymous” group of WikiLeaks hacktivists in cooperation with an FBI investigation regarding their involvement in the attacks against companies who were impairing WikiLeaks’ access and funding. HBGary had made claims to have penetrated the group and identified several “key members”. Anonymous chose to react during the Super Bowl.
Unlike the DDoS attacks that brought the group recent headlines, this incident seems to have involved actual hacking skills. It appears HBGary was victimized by a combination of social engineering and a shared password between systems. Anonymous managed to compromise the HBGary website and replace it with an image explaining their motivation. In addition to the defacement, they downloaded over 60,000 emails from the company and posted those to The Pirate Bay for broad distribution.
The Twitter account of HBGary’s CEO was compromised and used to send out several offensive messages, his home address, social security number and cell phone number. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised “in minutes.”
The resulting tweets put up a set of claims that “Anonymous has:
- “entire control of all emails for the company of hbgary.com”
- “we have wordpress control of hbgary.com”
- “all emails will be put up in a torrent”
- “full access to all their finincials”
- “their ssns [social security numbers]”
- “their w2s [US tax reporting statement]”
- “their 1099s [US tax identification certificate]”
- “their software products”
- “their malware data”
- “their backup server was wiped”
- “access to their pbx system via 8×8.com”
- “control of their support server and their clients logins”
- “root access to rootkit.com, personal website of greg hoglund”
- “aaron barr’s ipad is now wiped”