Monday, June 04, 2012

HBGary: Now run by a "former" CIA guy

The HBGary/Anonymous scandal -- a bizarre tale of cyberspying and counterspying -- became public early last year. Remember? HBGary, a tony computer security company run by a guy named Aaron Barr, used underhanded means to gather info on left-wing critics of the Chamber of Commerce. In response, hackers from Anonymous broke into the firm's systems, filched a whole bunch of emails and unleashed unholy hell. The company has since been sold -- to a very interesting firm, as we shall see.

Although that brouhaha broke out two Februarys ago, the past (as they say) is never truly past. In recent days, a number of stories have refocused attention on the great HBGary cyber-intrusion -- which, though not the world's most important hack, was certainly the wittiest. One could only smile at the spectacle of a high-priced computer security firm being invaded, undermined and kicked into the corner by a gaggle of goofball anarchists.

You simply must read this excerpt from Parmy Olsen's new book on Anonymous. Even if you're a technophobe, you'll be hooked.

Lately, the Breitbarters have been writing about the affair, always defending the honor and integrity of HBGary's Aaron Barr. In the conservative blogosphere, these defenses tend to intertwine with diatribes against Evil Brett Kimberlin, the right-wing bogeyman du jour. Why have the two topics have become conflated in the right-wing mind? I dunno. Read this and this; maybe you can explain it to me.

This much is certain: Olsen's version of events establishes that "security guru" Barr was hacked and hacked easily. Yet HBGary charges a very hefty fee for their services.

If you go to the HBGary website now, you'll see their malware-fighting products but not their prices. When I first visited the place in 2011, prices were posted -- and they were steep. (Five figures, if I recall correctly.) At the time, I asked myself: "What's the difference between HBGary's expensive security suite and the free stuff you get from a vendor like AVG or Avira? How good can anti-malware really be?"

And now here comes the punchline....
HBGary uses AVG !

Yes it's true I've been ploughing through some of the released emails and that's what they use. Make what you will of that, but i'm more than surprised, to say the least

Theoretically speaking -- just theoretically, mind you -- is it possible for a company to repackage already-extant computer security software and sell it to corporate/government clients for oodles of cash? There are well-heeled people out there who simply don't feel comfortable purchasing anything unless they've paid top dollar.

And while you ponder that, ponder this...

Personas non grata. The right claims that HBGary was viciously maltreated by Anonymous, the famous/infamous hacker collective. Yet HBGary itself was (is?) in the business of malware and hacking -- and they targeted the left. In February of 2011, I posted an article on the company's dirty dealings which offered some juicy quotes (from here):
Indeed, malware hacking appears to be a key service sold by HBGary Federal. Describing a “spear phishing” strategy (an illegal form of hacking), Barr advised his colleague Greg Hoglund that “We should have a capability to do this to our adversaries.” In another e-mail chain, HBGary Federal executives discuss using a fake “patriotic video of our soldiers overseas” to induce military officials to open malicious data extraction viruses. In September, HBGary Federal executives again contemplate their success of a dummy “evite” e-mail used to maliciously hack target computers.
Nothing Anonymous has ever done (that we know of) rises to that level of malevolence.

HBGary wanted two million bucks a month to spy on the enemies of the Chamber of Commerce. One of the targets was Brad Friedman, who responded thus:
In addition to Barr's email offering personal information on me and my family, the H&W scheme by Team Themis, created for the U.S. Chamber, also included a Power Point presentation in which I am personally highlighted, with photograph, along with my wife "Martha" and "2 boys, James and John Friedman" at our "home at 1055 Raywood Ln, Silver Springs, MD".

Of course, I'm not married and have no children and don't live in MD...
As noted in a previous post, no-one named Brad Friedman lives at that address -- in fact, the address doesn't exist. As I said last year: "Looks like HBGary just made shit up. Then they said: 'Two million dollars, please.' Nice work if you can get it!"

More ominously, they also mounted a dirty tricks campaign against Glenn Greenwald.

Even more ominous is this tidbit from Wikipedia:
HBGary had made numerous threats of cyber-attacks against Wikileaks. The dossier of recently exposed emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code named Magenta, that would be "undetectable" and "almost impossible to remove."

In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for middle east & asia" (sic) which "would contain back doors" as part of an ongoing campaign to attack support for Wikileaks.
For more on Magenta, go here and here. Let's not minimize the dangers: The Stuxnet scandal -- about which we may soon have much to say -- tells us that malware attacks have a bad habit of getting out of hand.

(Side note: A theme can contain malware? News to me! I was under the impression that a theme is little more than a jpg image for your desktop and a few icons.)

Perhaps the most important revelation to come out of the HBGary scandal concerned the creation of "personas" to flood blogs with manufactured opinion. One manipulator in one location can create the appearance of a mass movement.
Revealed: Air Force ordered software to manage army of fake virtual people
Though many questions remain about how the military would apply such technology, the reasonable fear should be perfectly clear. "Persona management software" can be used to manipulate public opinion on key information, such as news reports. An unlimited number of virtual "people" could be marshaled by only a few real individuals, empowering them to create the illusion of consensus.
I remain convinced that Obama got into office via a similar tactic.

A year ago, HBGary unconvincingly tried to deny the importance of these revelations. Today, the right-wing bloggers still pooh-pooh the significance of the Air Force contract, since it was never fulfilled. Rest easy, folks: The AF didn't actually do it -- they simply tried to do it. I'm reminded of that episode of The Simpsons in which Sideshow Bob decries the unfairness of being jailed for attempted murder: "Do they give Nobel Prizes for attempted chemistry?"

Some of you may be wondering why the Air Force would want to manipulate public opinion in this way. There's a long tradition, going back to the '50s, of the Air Force functioning as a cut-out for the CIA -- which is barred by statute from operating domestically. On the other hand, see here.

ManTech and the spook connection. Barr is out, and HBGary has been purchased by a firm called ManTech. We have mentioned this company in connection with the Cunningham bribery scandal, and in connection with a now-forgotten scandal involving an Arizona congressman named Rick Renzi. Basically, ManTech provides technical services to the government, to law enforcement, and to the intelligence community.

How does the disgraced former congressman Duke Cunningham figure into this? He wrote a remarkable letter from prison in which he admitted that he particularly regretted taking money from a spooky guy named Mitchell Wade. (Remember him?) Wade had a very close relationship with a defense contractor named Gray Hawk Systems, which pretty much is ManTech.

Congressman Renzi got into trouble when he pushed legislation favorable to Man Tech, the employer of the congressman's father.

At about the same time ManTech purchased HBGary, the company made an interesting hire...
ManTech International Corp. has hired Dean May, Ph.D., as vice president of intelligence solutions for its Mission, Cyber and Intelligence Solutions (MCIS) group.
He spent most of his career in CIA’s Directorate of Science and Technology, leading research and development efforts across directorates in an effort to enhance our nation’s intelligence capabilities.
In other words, May is sorta like "Q" in the James Bond movies. There are those who say that one never really leaves the Agency...

Lo and behold, we find that HBGary is now under the aegis of MCIS. Now pay attention, 007: This means that CIA guy Dean May runs HBGary. Yes, "Q" now controls the very same HBGary which masterminded attacks on left-wing writers, and which is now staunchly defended by the Breitbart crew.

And so we are left with two conundrums...

Conundrum 1: With ManTech running HBGary, do you think that they're no longer spying on progs or using "personas" to manipulate opinion? Do you think that Magenta is non-operational?

Conundrum 2: Just what is the link between last year's HBGary scandal and this year's ginned-up Kimberlin affair? Why do the Breitbarters conflate the two? What the hell is going on there? 

(Bonus conundrum: Why would a high-priced security firm like HBGary rely on AVG, a free antivirus system?)


Bob Harrison said...

As an AVG user, I appear to have some fine, albeit spooky, company.

Alessandro Machi said...

While it is intriguing to think that autobots responded in favor of Obama in 2008, Obama also had Move on dot org in his corner and it probably was possible to find a few hundred imbeciles to actually post online.

prowlerzee said...

Thanks for this ongoing saga and the links. Love me some Anonymous something fierce! Wish I could be a hactivist...

prowlerzee said...

btw, an old email account of mine that I only use here was hacked yesterday or the day before. Could the bad guy be targeting your readers?? My son thinks it was just a bot who then sent spam to everyone I communicated with on that account.

prowlerzee said...

Joseph....did you see the below news item?

Starting Tuesday, look out for an unusual warning atop your Gmail inbox, Google home page or Chrome browser. It will not mince words: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” Google said it planned to issue the warning anytime it picks up malicious–possibly state-sponsored–activity on a user’s account or computer. How does Google know whether an attack is state-sponsored? It won’t say. “We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis — as well as victim reports — strongly suggest the involvement of states or groups that are state-sponsored,” Eric Grosse,
Google’s vice president of security engineering, wrote in a blog post. The announcement is timed just one week after security researchers discovered Flame, a massive, data-mining virus, had been spying on computers in the Middle East– predominantly in Iran– for at least the last four years. Researchers say they believe the Flame virus is sponsored by the same entity that commissioned Stuxnet, a virus co-sponsored by the United States and Israel, that destroyed thousands of Iranian centrifuges in 2010. (New York Times)