You are hereForbes: HBGary Execs Run For Cover As Hacking Scandal Escalates

Forbes: HBGary Execs Run For Cover As Hacking Scandal Escalates

February 15, 2011- Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. Over the last week, many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light.

Last week, the hacker group Anonymous released more than 40,000 of HBGary Federal’s emails, followed by another 27,000 from its sister company, HBGary, over the weekend. Those files, stolen in retaliation for an attempt by HBGary Federal CEO Aaron Barr to penetrate Anonymous and identify its members, revealed a long list of borderline illegal tactics. Ars Technica has posted a well-constructed narrative of the firm’s bad behavior. The short version: It proposed services to clients like Bank of America and the U.S. Chamber of Commerce that included cyberattacks and misinformation campaigns, phishing emails and fake social networking profiles, pressuring journalists and intimidating the financial donors to clients’ enemies including WikiLeaks, unions and non-profits that opposed the Chamber.

HBGary responded Monday with a statement on its website that it’s “continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.” In the mean time, the firm is canceling all its executives’ talks at the RSA conference, the largest cybersecurity industry confab of the year, taking place this week in San Francisco. HBGary chief executive Greg Hoglund had planned to give two presentations at the conference. HBGary Federal CEO Barr last week canceled his talk at the simultaneous B-Sides conference, which would have focused on his expose on Anonymous. The company said in its statement that it had been subject to numerous threats of violence, including some received at its RSA marketing booth.
I’ve written earlier about HBGary’s proposal to Bank of America, in partnership with fellow security firms Palantir and Berico Technologies, to weaken WikiLeaks with cyberattacks and false documents as well as tracing and threatening its donors and supporters. But new information surfaced Monday about other shady approaches the firm suggested. As part of the company’s pitch to the U.S. Chamber of Commerce, HBGary Federal’s Barr offered tactics like mining for information about a target individual’s friends, then building fake Facebook pages to gain access to subject’s personal details. He and Hoglund also discussed using spear phishing, a technique that typically plants malicious software on a user’s machine with a carefully spoofed email message.

Bank of America, the Chamber of Commerce, Palantir and Berico have all since released statements that say they’ve ended their relationship with the company.



Backbone Campaign
Liberty Tree
Progressive Democrats of America
Peoples Email Network
Justice Through Music
Locust Fork Journal
Berkeley Fellowship UU\'s Social Justice Committee
The Smirking Chimp
Progressive Democrats Sonoma County
Center for Media and Democracy
Chelsea Neighbors United
Atlanta Progressive News
Yes Men
No Nukes North