You are hereBlogs / FZ's blog / Threat Post: RSA 2011: Winning the War But Losing Our Soul

Threat Post: RSA 2011: Winning the War But Losing Our Soul

By FZ - Posted on 27 February 2011

-By Paul Roberts

February 22, 2011- There was lots of noise and distraction on the crowded Expo floor of the RSA Security Conference this year. After a grueling couple of years, vendors were back in force with big booths, big news and plenty of entertainment designed to attract visitor traffic. Wandering the floor, I saw - variously - magic tricks, a man walking on stilts, a whack-a-mole game, a man dressed in a full suit of armor and a 15 foot long racetrack that I would have killed for when I was 10.

The most telling display, however, may have been the one in Booth 556, where malware forensics firm HBGary displayed a simple sign saying that it had decided to remove its booth and cancel scheduled talks by its executives. This, after the online mischief making group Anonymous broke into the computer systems of the HBGary Federal subsidiary and stole proprietary and confidential information. The HBGary sign stayed up for a couple days, got defaced by someone at the show and was later removed. When I swung by HBGary's booth on Thursday, it was a forlorn and empty patch of brown carpet where a couple marketing types where holding an impromptu bull session.

It would be easy to say that the lesson of HBGary is that "anyone can get hacked." After all, the company's founder, Greg Hoglund is one of the smartest security folks around - hands down. He's a recognized expert on malware and, literally, wrote the book on rootkit programs. HBGary Federal's customers included the U.S. Department of Defense as well as spy agencies like the CIA and NSA.

Or maybe the lesson of HBGary is simply not to "kick the hornet's nest," so to speak: needlessly provoking groups like Anonymous who have shown themselves to be hungry for publicity and have little to lose in a confrontation. Maybe, the lesson is simply that, if you're going to kick the hornet's nest, as HBGary Federal CEO Aaron Barr was determined to, then at least to spend some time securing your Web- and e-mail infrastructure and following password security best practices before you commence said kicking.

But I think the real lesson of the hack - and of the revelations that followed it - is that the IT security industry, having finally gotten the attention of law makers, Pentagon generals and public policy establishment wonks in the Beltway, is now in mortal danger of losing its soul. We've convinced the world that the threat is real - omnipresent and omnipotent. But in our desire to combat it, we are becoming indistinguishable from the folks with the black hats.

Of course, none of this is intended to excuse the actions of Anonymous, who HBGary President Penny Leavy, in a conversation with Threatpost, rightly labeled "criminals" rather than politically motivated "hacktivists." The attack on HBGary was an unsubtle, if effective, act of intimidation designed to send a message to Barr and other would be cyber sleuths: 'stay away.'

We can see their actions for what they are, and sympathize deeply with Aaron Barr, Greg Hoglund and his wife (and HBGary President) Penny Leavy for the harm and embarrassment caused by the hackers from Anonymous, who published some 70,000 confidential company e-mails online for the world to see. Those included confidential company information, as well as personal exchanges between HBGary staff that were never intended for a public airing. Its easy to point the finger and chortle upon reading them, but how many of us (or the Anonymous members, themselves) could stand such scrutiny? 

Its harder to explain away the substance of many other e-mail messages which have emerged in reporting by Ars Technica as well as others. They show a company executives like HBGary Federal CEO Aaron Barr mining social networks for data to "scare the s***" out of potential customers, in theory to win their business. While "scare 'em and snare 'em" may be business as usual in the IT security industry, other HBGary Federal skunk works projects clearly crossed a line: a proposal for a major U.S. bank, allegedly Bank of America, to launch offensive cyber attacks on the servers that host the whistle blower site Wikileaks. HBGary was part of a triumvirate of firms that also included Palantir Inc and Berico Technologies, that was working with the law firm of the U.S. Chamber of Commerce to develop plans to target progressive groups, labor unions and other left-leaning non profits who the Chamber opposed with a campaign of false information and entrapment. Other leaked e-mail messages reveal work with General Dynamics and a host of other firms to develop custom, stealth malware and collaborations with other firms selling offensive cyber capabilities including knowledge of previously undiscovered ("zero day") vulnerabilities.


And for further reading check out the comments when portions of this story were posted on


Backbone Campaign
Liberty Tree
Progressive Democrats of America
Peoples Email Network
Justice Through Music
Locust Fork Journal
Berkeley Fellowship UU\'s Social Justice Committee
The Smirking Chimp
Progressive Democrats Sonoma County
Center for Media and Democracy
Chelsea Neighbors United
Atlanta Progressive News
Yes Men
No Nukes North