You are hereFierce CIO: What the hacking of HBGary means for you

Fierce CIO: What the hacking of HBGary means for you

February 16, 2011- The group of Internet activists known as Anonymous published tens of thousands of emails from the security research firm HBGary early this week, after the chief executive of an affiliate, HBGary Federal, said he planned to expose the identities of Anonymous' leadership. The activists, reportedly motivated by a plan by HBGary to discredit the anti-secrecy site WikiLeaks, also hacked HBGary's websites and Twitter accounts. If a security company can be so thoroughly compromised, is there hope for anyone else?

It turns out, according to a detailed account by Peter Bright at Ars Technica, that fairly simple flaws in HBGary's custom-built content management system combined with the poor password habits of some of its top executives enabled the hackers to use well-known techniques to breach the systems and gather information to be used to breach more systems.

"Unfortunately for HBGary, this third-party CMS was poorly written. In fact, it had what can only be described as a pretty gaping bug in it," Bright writes. "[I]f HBGary conducted any kind of vulnerability assessment of the software-which is, after all, one of the services the company offers-then its assessment overlooked a substantial flaw."

Worse, Bright continues, the passwords used by HBGary CEO Aaron Barr and COO Ted Vera were simple and easily compromised. "Proper handling of passwords--iterative hashing, using salts and slow algorithms--and protection against SQL injection attacks are basic errors," he writes. "Their system did not fall prey to some subtle, complex issue: It was broken into with basic, well-known techniques."



Backbone Campaign
Liberty Tree
Progressive Democrats of America
Peoples Email Network
Justice Through Music
Locust Fork Journal
Berkeley Fellowship UU\'s Social Justice Committee
The Smirking Chimp
Progressive Democrats Sonoma County
Center for Media and Democracy
Chelsea Neighbors United
Atlanta Progressive News
Yes Men
No Nukes North