The HBGary/Anonymous scandal -- a bizarre tale of cyberspying and counterspying -- became public early last year. Remember? HBGary, a tony computer security company run by a guy named Aaron Barr, used underhanded means to gather info on left-wing critics of the Chamber of Commerce. In response, hackers from Anonymous broke into the firm's systems, filched a whole bunch of emails and unleashed unholy hell. The company has since been sold -- to a very
interesting firm, as we shall see.
Although that brouhaha broke out two Februarys ago, the past (as they say) is never truly past. In recent days, a number of stories have refocused attention on the great HBGary cyber-intrusion -- which, though not the world's most important hack, was certainly the wittiest. One could only smile at the spectacle of a high-priced computer security firm
being invaded, undermined and kicked into the corner by a gaggle of goofball anarchists.
You simply must read this excerpt
from Parmy Olsen's new book on Anonymous. Even if you're a technophobe, you'll be hooked.
Lately, the Breitbarters have been writing about the affair, always defending the honor and integrity of HBGary's Aaron Barr. In the conservative blogosphere, these defenses tend to intertwine with diatribes against Evil Brett Kimberlin, the right-wing bogeyman du jour
. Why have the two topics have become conflated in the right-wing mind? I dunno. Read this
; maybe you
can explain it to me
This much is certain: Olsen's version of events establishes that "security guru" Barr was hacked and hacked easily
. Yet HBGary charges a very hefty fee for their services.
If you go to the HBGary website now, you'll see their malware-fighting products but not their prices. When I first visited the place in 2011, prices were posted -- and they were steep
. (Five figures, if I recall correctly.) At the time, I asked myself: "What's the difference between HBGary's expensive security suite and the free stuff you get from a vendor like AVG or Avira? How good can anti-malware really be
And now here comes the punchline
HBGary uses AVG !
Yes it's true I've been ploughing through some of the released emails and that's what they use. Make what you will of that, but i'm more than surprised, to say the least
Theoretically speaking -- just theoretically, mind you -- is it possible for a company to repackage already-extant computer security software and sell it to corporate/government clients for oodles of cash? There are well-heeled people out there who simply don't feel comfortable purchasing anything unless they've paid top dollar.
And while you ponder that, ponder this...
Personas non grata.
The right claims that HBGary was viciously maltreated by Anonymous, the famous/infamous hacker collective. Yet HBGary itself was (is?) in the business of malware and hacking -- and they targeted the left. In February of 2011, I posted an article on the company's dirty dealings which offered some juicy quotes (from here
Indeed, malware hacking appears to be a key service sold by HBGary Federal. Describing a “spear phishing” strategy (an illegal form of hacking), Barr advised his colleague Greg Hoglund that “We should have a capability to do this to our adversaries.” In another e-mail chain, HBGary Federal executives discuss using a fake “patriotic video of our soldiers overseas” to induce military officials to open malicious data extraction viruses. In September, HBGary Federal executives again contemplate their success of a dummy “evite” e-mail used to maliciously hack target computers.
Nothing Anonymous has ever done (that we know of) rises to that
level of malevolence.
HBGary wanted two million bucks a month
to spy on the enemies of the Chamber of Commerce. One of the targets was Brad Friedman, who responded thus:
In addition to Barr's email offering personal information on me and my
family, the H&W scheme by Team Themis, created for the U.S. Chamber,
also included a Power Point presentation in which I am personally
highlighted, with photograph, along with my wife "Martha" and "2 boys,
James and John Friedman" at our "home at 1055 Raywood Ln, Silver
Of course, I'm not married and have no children and don't live in MD...
As noted in a previous post
, no-one named Brad Friedman lives at that address -- in fact, the address doesn't exist. As I said last year: "Looks like HBGary just made shit up. Then they said: 'Two million dollars, please.' Nice work if you can get it!"
More ominously, they also mounted a dirty tricks campaign against Glenn Greenwald.
ominous is this tidbit from Wikipedia:
HBGary had made numerous threats of cyber-attacks against Wikileaks. The dossier of recently exposed emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code named Magenta, that would be "undetectable" and "almost impossible to remove."
In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for middle east & asia" (sic) which "would contain back doors" as part of an ongoing campaign to attack support for Wikileaks.
For more on Magenta, go here
. Let's not minimize the dangers: The Stuxnet scandal
-- about which we may soon have much to say -- tells us that malware attacks have a bad habit of getting out of hand.
(Side note: A theme
can contain malware? News to me! I was under the impression that a theme is little more than a jpg image for your desktop and a few icons.)
Perhaps the most important revelation to come out of the HBGary scandal concerned the creation of "personas" to flood blogs with manufactured opinion. One manipulator in one location can create the appearance of a mass movement
Revealed: Air Force ordered software to manage army of fake virtual people
Though many questions remain about how the military would apply such technology, the reasonable fear should be perfectly clear. "Persona management software" can be used to manipulate public opinion on key information, such as news reports. An unlimited number of virtual "people" could be marshaled by only a few real individuals, empowering them to create the illusion of consensus.
I remain convinced that Obama got into office via a similar tactic.
A year ago, HBGary unconvincingly tried to deny the importance
of these revelations. Today, the right-wing bloggers still pooh-pooh the significance of the Air Force contract, since it was never fulfilled. Rest easy, folks: The AF didn't actually do it -- they simply tried
to do it. I'm reminded of that episode of The Simpsons
in which Sideshow Bob decries the unfairness of being jailed for attempted murder: "Do they give Nobel Prizes for attempted
Some of you may be wondering why the Air Force
would want to manipulate public opinion in this way. There's a long tradition, going back to the '50s, of the Air Force functioning as a cut-out for the CIA -- which is barred by statute from operating domestically. On the other hand, see here
ManTech and the spook connection.
Barr is out, and HBGary has been purchased by a firm called ManTech. We have mentioned this company in connection with the Cunningham bribery scandal
, and in connection with a now-forgotten scandal involving an Arizona congressman named Rick Renzi. Basically, ManTech provides technical services to the government, to law enforcement, and to the intelligence community.
How does the disgraced former congressman Duke Cunningham figure into this? He wrote a remarkable letter from prison in which he admitted that he particularly regretted taking money from a spooky guy named Mitchell Wade. (Remember him?)
Wade had a very close relationship with a defense contractor named Gray Hawk Systems, which pretty much is
Congressman Renzi got into trouble when he pushed legislation favorable to Man Tech, the employer of the congressman's father.
At about the same time ManTech purchased HBGary, the company made an interesting hire...
ManTech International Corp. has hired Dean May, Ph.D., as vice president of intelligence solutions for its Mission, Cyber and Intelligence Solutions (MCIS) group.
He spent most of his career in CIA’s Directorate of Science and Technology, leading research and development efforts across directorates in an effort to enhance our nation’s intelligence capabilities.
In other words, May is sorta like "Q" in the James Bond movies. There are those who say that one never really leaves the Agency...
Lo and behold, we find that HBGary is now under the aegis of MCIS
. Now pay attention, 007
: This means that CIA guy Dean May runs HBGary.
Yes, "Q" now controls the very same HBGary which masterminded attacks on left-wing writers, and which is now staunchly defended by the Breitbart crew.
And so we are left with two conundrums...
With ManTech running HBGary, do you think that they're no longer spying on progs or using "personas" to manipulate opinion? Do you think that Magenta is non-operational?
Just what is the link between last year's HBGary scandal and this year's ginned-up Kimberlin affair? Why do the Breitbarters conflate the two? What the hell is going on
Why would a high-priced security firm like HBGary rely on AVG, a free antivirus system?)