February 8, 2011

‘Anonymous’ Breaches Security Firm Website

A group of tech-savvy hackers operating under the name "Anonymous" took credit for breaching the website of HBGary Federal, a computer security company working with the U.S. government to expose the identities of those in the group.

"Anonymous" had previously conducted distributed denial of service (DDoS) attacks against Amazon, Visa and MasterCard in apparent retaliation for their withdrawal of services to the whistleblower Web site WikiLeaks, which had published thousands of classified U.S. diplomatic cables and military documents.

However, the HBGary breach was more sophisticated, stealing of tens of thousands of email messages while temporarily re-directing all traffic to a website that read: "You've tried to bite the Anonymous hand.  You angered the hive and now you are being stung."

The hacked email accounts include those of HBGary's CEO Aaron Barr.  The AFP news agency reported that Barr's Twitter account had also been compromised by someone who "tweeted" personal information about the chief executive along with offensive messages.

The stolen email messages were then posted to a popular peer-to-peer file sharing website, the AFP reported.

"Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills," wrote Chester Wisniewski of Sophos computer security firm in a blog posting about the incident.

In a typical DDoS attack, a large number of computers are commanded to simultaneously access a particular website, which often overwhelms servers, degrading service or taking the site entirely offline.

HBGary had been working with federal agents to expose the identities of those behind the DDoS attacks, and was prepared to sell identifying information about members of Anonymous to the FBI, Wisniewski said.

A number of nations have been working to crack down on Wikileaks and its supporters, which include "Anonymous."

British police arrested five people last month as part of an investigation into the "Anonymous" cyberattacks, while the FBI launched numerous raids across the U.S.


On the Net: