You are hereNetwork World: Stolen HBGary e-mails indicate it was planning a "new breed of rootkit"

Network World: Stolen HBGary e-mails indicate it was planning a "new breed of rootkit"


February 16, 2011- E-mails stolen by hactivist group Anonymous indicate that the security company it targeted was proposing to make a “new breed of rootkit” and that it passed along the plan to a technology firm that caters to the federal government.

An attachment to one of the stolen HBGary Federal e-mails calls for creating a rootkit that would find and execute command and control messages as would a compromised machine in a botnet, according to a copy of the e-mail posted by crowdleaks.org.

The document lists the virtues of the proposed Magenta Rootkit: "New breed of rootkit - There isn't anything like this publicly/ Extremely small memory footprint - (4k or less)/Almost impossible to remove from a live running system".

The founder of HBGary (the parent company of HBGary Federal) Greg Hoglund, sent a copy of the Magenta proposal to the president of Farralon Research, Ray Owen, according to the posted e-mails. Farralon posted this brief description of itself on its Web site: "The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government."

As the stolen HBGary e-mails come to light, hints about the way the firm conducts business have come out, including an apparent plan to gather data about union organizers identified as opponents of the U.S. Chamber of Commerce. Methods used to gather the information include scraping Facebook data, which violates Facebook's terms of use.

The chamber and other security firms mentioned in the e-mails about the plan to make public statements deploring the proposal.

Beyond the revelations from the stolen e-mails, HBGary Federal has pulled out of the RSA Conference in San Francisco, saying it's in the best interest of its employees and the conference.

The company had a leased booth on the show floor, but shut it down after it was vandalized Sunday night. HBGary left behind a sign to explain its departure: "HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," the company's message reads.

The company's CEO Aaron Barr was to have revealed the names of people who make up Anonymous at the Security B-Sides conference, also being held in San Francsico this week. Barr dropped out of that conference last week after Anonymous hacked into HBGary Federal's network and stole thousands - estimates are as high as 77,000 - e-mails and posted them on the Web.

FULL STORY HERE:

Partners

Backbone Campaign
ReclaimDemocracy.org
ProsperityAgenda.us
Liberty Tree
Democrats.com
Progressive Democrats of America
AfterDowningStreet
Peoples Email Network
Justice Through Music
ePluribusMedia
Locust Fork Journal
Berkeley Fellowship UU\'s Social Justice Committee
BuzzFlash
The Smirking Chimp
Progressive Democrats Sonoma County
BanksterUSA
Center for Media and Democracy
Chelsea Neighbors United
Atlanta Progressive News
Yes Men
No Nukes North
ProsecuteThemNow.com