Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Democrats Security IT

Contents of Leaked HBGary Emails Reveal Wrongdoing 369

chargersfan420 writes "Ars Technica has sifted through the contents of the HBGary emails leaked last week in the attack by Anonymous and posted an interesting story about some of the things they were up to (which include rootkit development, selling rootkits to the private sector, and an entire list of 0-day exploits in a variety of OSes and other software, among a variety of other devious plans). Today they are reporting a democratic push for a congressional investigation of HBGary Federal."
This discussion has been archived. No new comments can be posted.

Contents of Leaked HBGary Emails Reveal Wrongdoing

Comments Filter:
  • a democratic push for a congressional investigation of HBGary Federal

    You're going to dig for info on their union-busting, but you're going to be very embarrassed if you find out that the Obama administration was in bed with these scumbags on some other sleazy project(s) that come up too. They were working for the banks, but some of these firms were (or at least had been) working for the government too. Might want to check with the White House before you start digging too deep.

    • Re: (Score:2, Interesting)

      How better to hide incriminating evidence if you're the one in charge of the investigation in the first place?

      • by spun ( 1352 )

        Some democratic members of Congress claim to want an investigation. Easy enough to claim to want that as a democratic congressman in a republican congress. Nota bene, the White House hasn't called for an investigation. You think these kinds of investigations are totally partisan? You think there won't be members of the investigative committee who are gunning for Obama? Okay, you might think that, but I doubt Obama does.

        Anyone want to take bets on this, what are the odds that there will be an investigation o

        • by bertoelcon ( 1557907 ) * on Tuesday March 01, 2011 @03:44PM (#35350932)

          Anyone want to take bets on this, what are the odds that there will be an investigation of HBGary? Anyone want to put up some money on the "Sure, there will be an investigation" side?

          Can I be on the "There will be an investigation, but not a good one." side?

        • After an exhaustive investigation, they will determine that is was a single gunman who fired all of the rounds, acting alone. See, all congressional investigations aren't a waste of time and money!
      • They won't be in charge of a Congressional investigation, the Republicans would be.

      • by icebike ( 68054 )

        How better to hide incriminating evidence if you're the one in charge of the investigation in the first place?

        Why would they have to hide this? Its no longer admissible, thanks to Anonymous.

        Allegedly stolen property by a criminal organization during a criminal break-in with no chain of custody essentially sanitizes the evidence
        and probably any other evidence obtained via this evidence.

        They should write a check to Anonymous thanking them for the service.

        • by tyme ( 6621 )

          congressional investigations don't have to adhere to the same rules of evidence that apply in a court of law, so "inadmissibility" isn't a concern here.

        • by Jaysyn ( 203771 ) on Tuesday March 01, 2011 @04:46PM (#35351604) Homepage Journal

          I think you may be mistaken. It may fall under bulletpoint #3, but I doubt that covers a corporation.

          Exceptions to the Exclusionary Rules

          Courts will sometimes allow illegally-obtained evidence to be used in a criminal trial. This usually occurs when the court realizes that the information is vital to incriminating a person who may be guilty of a serious offense.

          Evidence obtained illegally may be excluded from the exclusionary rule when it:

                  * Comes from a private person who was not acting for the government
                  * Comes from the state government, which turns the evidence over to the federal government
                  * Violated a person’s rights, but the person is not the one who is on trial
                  * Would have been found eventually through legal means
                  * Cannot be used to the defendant’s advantage because of other evidence

          In short, when the federal government has jurisdiction over a case, any evidence that a third-party obtained can be used in the case as long as the federal government did not ask that third party to commit the act.

          http://www.lassiterlawoffice.com/articles/the-exclusionary-rule/ [lassiterlawoffice.com]

    • by Anonymous Coward on Tuesday March 01, 2011 @03:37PM (#35350864)
      As an "Obama supporter" (if that even makes sense) I would like this investigation, so that this comes to light if it is true. Since my support of people is not axiomatic, I would like evidence supporting their trustworthiness. I understand this position may appear alien.
      • by Nursie ( 632944 ) on Tuesday March 01, 2011 @10:12PM (#35353942)

        I would have modded you up, but you're already at 5.

        Evidence based support of politicians. Evidence based policy. Evidence based... stuff in general.

        If it turns out that the folks I voted for are scumbags, I'd like to know so they can be kicked out, taken to court, discredited, whatever. It's not "my team" and "their team", this is not about tribes or who's dad can beat up who else's dad, this is about the governance of of the USA.

        If more people thought like this we wouldn't have the ridiculous spectacle of politicians throughout the western world getting away with all sorts of dodgy behaviour because "if you don't vote for me the other tribe will win!" and we might actually get a government we want.

    • by sjames ( 1099 ) on Tuesday March 01, 2011 @03:39PM (#35350886) Homepage Journal

      That's why we need 2 congressional investigations in parallel. One run by Republicans digging up any dirt they can find on Democrats, and one by Democrats digging dirt on Republicans.

      What we really need is a Highlander style competition amongst politicians. That way there's just one we need to feed to a tree chipper to restore democracy in the U.S.

      • That's why we need 2 congressional investigations in parallel. One run by Republicans digging up any dirt they can find on Democrats, and one by Democrats digging dirt on Republicans.

        but it is not election time yet. They are good at doing that during that time

      • That's what we have now, but the problem is they carefully ignore the pies they both have their hands in. This will get investigated if one or the other can be smeared with it. Not both.
    • by twoallbeefpatties ( 615632 ) on Tuesday March 01, 2011 @03:40PM (#35350908)
      I've been occasionally hearing this argument lately. "Yeah, we know these guys are doing bad things, but what if you find out that your guys are doing bad things, too? That would prove that you're even more evil, now wouldn't it!" It sounds like an attempt to conflate a hypothetical situation with what's actually going on. You know, things that there are no evidence for yet do not deserve equal weight with things that are actually evident.

      This is in no way to say that I think the Obama administration is completely blameless and angelic in all things. If we were to discover that this firm was working on some of the same hacking and propaganda techniques on behalf of the government, then I'd damned well like to know about that as well. If the Obama administration was using these tactics on American citizens, I hope the investigation uncovers it somehow. And if you, parent poster, murdered a bunch of people ten years ago, I would hope that you are sent to jail for it. You know, if you did that. But in the meantime, we've got documents pointing to fraud being done by this firm on behalf of the Chamber of Commerce, so why don't we start with that?
    • I would not mind if that happened. I voted for Obama, but if he is or his administration is doing dirty tactics, I would rather know than just assume he is doing more good than bad.
    • by dachshund ( 300733 ) on Tuesday March 01, 2011 @03:54PM (#35351016)

      You're going to dig for info on their union-busting, but you're going to be very embarrassed if you find out that the Obama administration was in bed with these scumbags on some other sleazy project(s) that come up too. They were working for the banks, but some of these firms were (or at least had been) working for the government too. Might want to check with the White House before you start digging too deep.

      Have you ever considered that we might like to know about government malfeasance even if it's done by people we voted for? (hell, especially in that case).

      If this radical idea had occurred to the Republican voter base back in 2001, maybe they wouldn't have to deal with a Democratic President in the first place.

    • Capitalization is important. Consider the sentence:

      i helped my uncle jack off a horse

    • by mcmonkey ( 96054 )

      It doesn't matter what you wish for. This will never happen.

      The obvious question (for me) was, why would congress get involved? If people at this company were cracking security and spreading exploits, wouldn't that be a case for the cyber unit of the local police? Or if there's some interstate/international level of operations, perhaps the FBI?

      Well, I RTFA. It seems this company and some partners were hired by Uncle Sam to work on cracks to be used against terrorists.

      And there you go, end of story. Hid

    • by Hatta ( 162192 ) on Tuesday March 01, 2011 @04:20PM (#35351336) Journal

      You're going to dig for info on their union-busting, but you're going to be very embarrassed if you find out that the Obama administration was in bed with these scumbags on some other sleazy project(s) that come up too.

      If Obama has unclean hands he deserves whatever he gets.

      In reality, this is nothing but empty sabre rattling.

    • In one post, you've managed to encapsulate a lot of what's wrong with modern political followership.

      Question nothing. Follow the tribe. Abdicate your responsibility as a citizen. Hide inconvenient truths. Look the other way. Be a sheep.

      Does that sound about right? Because that's what it sounds like you're saying.
  • by unity100 ( 970058 ) on Tuesday March 01, 2011 @03:20PM (#35350684) Homepage Journal
    eventually anonymous would become a V for vendetta mask behind which vigilantes would do things that needed to be done, like this. Where are the people who were foaming at the mouth against Anonymous just a few weeks ago huh ? Here is anonymous justice, packed up and ready to go. The justice which was in no way delivered by the normal means you were speaking about that people should follow.

    of course good guys, indifferent guys, and bad guys will do things by hiding behind such a mask. but, that doesnt make the presence of that mask, something bad.
    • It is really sad when we have vigilantes who are better and more capable than our own law enforcement at just about every aspect of what law enforcement is supposed to do.

      • its not that they are better and more capable. its just that law enforcement is at the hands of governments which are lackeys of corporations. they just are not prosecuting the filthy.
        • No, law enforcement is hampered by the law and Constitution.

          Anonymous aren't shackled by laws.

          • No, I get that point, but that's not what's going on here. Law enforcement is not only hampered by issues like this. They're totally incompetent in general. It's quite sad.

            I want warrants and due process. Yes, Anonymous has the advantage of not having to bother with these things. And it is a large advantage. And even if law enforcement had the same advantage, I still think they'd fall all over themselves and be completely incompetent.

            I mean, basically law enforcement already has that advantage. There are en

          • Law enforcement is empowered by the law. Discard the law because it 'hampers' them, and they're just another group of thugs with no legitimacy.

      • Huh? Are you seriously advocating that law enforcement break into computer systems of suspicious companies?

        I'm no lawyer, but I'm pretty sure that would get the police/FBI into heaps of trouble.

      • It is really sad when we have vigilantes who are better and more capable than our own law enforcement at just about every aspect of what law enforcement is supposed to do.

        So what you're saying is you expect a branch of law enforcement who is good at harassment and illegal computer access?

        • by jedidiah ( 1196 )

          One that is competent at computer security would be nice.

          Being able to break into something isn't just about breaking into stuff. It's also about making sure your stuff doesn't get broken into.

          With "chain of custody" sorts of things, that's rather important.

      • by NoZart ( 961808 )

        Case of "Life imitates Art". Every superhero comic is about that.
        What i fail to grasp is why is it cool in fiction but sad in reality? (honest question)

    • by Anonymous Coward on Tuesday March 01, 2011 @03:44PM (#35350928)

      Don't forget ACS:Law as well.
      Us Britons had to suffer their bullshit and lies for many years.
      No more people suffering their crap anymore. And they will get the punishment they deserve.
      Now if only someone would go after Global Debt Recovery AKA Tower Investigations AKA a bunch of other terrible companies who buy off loans legally out of date and scare people in to paying up or face "harsh punishments"...

      The Anonymous Movement isn't one group, it is many, there are no members, just people with the same ideals.
      This gives them power.
      Of course, no doubt many countries are in the process of getting rid of any anonymity online.
      It won't work, but they will try. Even many ISPs are against some of the crap governments try to pull.
      The moment a "No-Anonymity" law is mentioned, all rights groups it applies to will instantly shoot it down. (you can bet your ass EFF will be on it in a heart beat)

  • by gatkinso ( 15975 ) on Tuesday March 01, 2011 @03:21PM (#35350698)

    1) Don't use Windows
    2) Don't use Facebook

    • 3) don't write things that could later be used against you
      • 4. Don't be evil and you won't have anything that could be used against you
        • by Leafheart ( 1120885 ) on Tuesday March 01, 2011 @03:34PM (#35350834)

          4. Don't be evil and you won't have anything that could be used against you

          Oh man. That was funny. You had me a moment there.

          • by gknoy ( 899301 )

            It's true. If you set out to behave ethically in all your endeavours, and are honest and forthright with people, the only attacks people can make against you will be lies. Sure, you'll face attacks, but you don't have anything that you would need to be actively hiding to stay "safe".

            • by Red Flayer ( 890720 ) on Tuesday March 01, 2011 @04:13PM (#35351266) Journal

              If you set out to behave ethically in all your endeavours, and are honest and forthright with people, the only attacks people can make against you will be lies. Sure, you'll face attacks, but you don't have anything that you would need to be actively hiding to stay "safe".

              That only holds true if

              1. "ethically" is the same as "legally".
              2. You're version of "ethically" is the same as everyone else's version of "ethically".

              • 3. You are omniscient and avoid running afoul due to ignorance.

                No matter how ethically you behave, if someone wants to nail you to the wall because they don't like you, they can probably dig up something you've failed to do -- some tax law you fail to meet, some paper you failed to sign before you did something, some place you happened to be that you didn't know you shouldn't be, etc.

                Also, in some countries, you can get in trouble for failing to pay bribes. I consider bribes unethical. See the problem?
                Of course, neither of these run afoul of the "actively hiding" clause -- they depend on the "ignorantly hiding" clause. But once you realize that the only reason you're not in trouble is because you failed to disclose something, do you disclose it (acting ethically) and pay the penalty (no longer being safe), or do you hide it (no longer acting ethically) and fly under the radar?

                Ethics are social. This world has many societies, and they aren't all compatible.

                Hey, for a historical example, Jesus was killed because he was condemning the unethical acts of the Jewish elite. They accused him of things he readily admitted to (as well as a bunch of lies) that were punishable by their law by death by stoning. Of course, if they'd followed that law (ethical to them) then they would have been guilty of murder under Roman law -- Romans considering stoning both unethical and illegal.

                Those who are truly willing to live by their ethical code have to be willing to die by it. They are by no means "safe".

            • And what about the day when you log in to your account and discover you have posted pictures of yourself doing illegal things, and that you have ongoing conversations with criminals and terrorists. You can yell your innocence all you want, but can you "prove" those weren't your posts? The fact that I don't have a facebook account offers me no real protection if HBG or someone else decides to make one for me, all transacted off of my apparent IP address.

        • 5. Don't hire admins that will let "you" reset your SSH password through an insecure medium without verification that it's actually you.
    • by Carewolf ( 581105 ) on Tuesday March 01, 2011 @03:28PM (#35350776) Homepage

      3) Don't use Flash
      4) Don't use Java

      Interesting what they have unpublished 0-day exploits for.

  • Wow. (Score:4, Insightful)

    by Tolkien ( 664315 ) on Tuesday March 01, 2011 @03:23PM (#35350722) Journal
    So they were clearly and intentionally on the more shady end of ethical boundaries. They aren't a security firm, they're crackers for hire.
    • by bberens ( 965711 )
      I don't see how any of this should be surprising. My understanding is that these guys were contract spooks hired out by the CIA, FBI, NSA, etc. to do work they either wouldn't or couldn't do. It shouldn't surprise anyone that the NSA and their private counterparts have databases of 0-day vulnerabilities and rootkits lying around to use for whatever "legitimate" spooking purposes arise.
      • by JBMcB ( 73720 )

        It shouldn't surprise anyone that the NSA and their private counterparts have databases of 0-day vulnerabilities and rootkits lying around to use for whatever "legitimate" spooking purposes arise.

        Quite the opposite. I'm sure every major and minor computer security firm has a large database of virii, hacks, exploits, trojans, and other various malware. How are you supposed to defend your customers against malware if you don't have any examples?

    • Don't call me Eugene. I am the Plague
    • So they were clearly and intentionally on the more shady end of ethical boundaries.

      Yes, exactly! They were CLEARLY, and INTENTIONALLY, on the... uhh.. well, the "more shady" end of what we like to call "ethical boundaries". Clearly!

  • by mbone ( 558574 ) on Tuesday March 01, 2011 @03:25PM (#35350742)

    I suspect that what was meant was that there is a Democratic push (by big D Democrats) to investigate HBGary. I haven't heard of any sit-ins over the issue, at least as yet.

  • And i TOLD you. (Score:5, Interesting)

    by unity100 ( 970058 ) on Tuesday March 01, 2011 @03:25PM (#35350744) Homepage Journal
    i told you that, going after anonymous would cause more hardcore circles, which are in constant rebellion to anything that is establishment, to take up the cause of the anonymous.

    Anyone spending a few years in the early stages of internet, in which those underground circles were not so underground like today, would be able to know and tell the same. Its the rebel net culture. That underground is multitudes over the level of what the private lackey corps or govts. can afford to hire or educate. They are of a sort that grows/breeds on its own.

    Despite their roads have diverged with most of us the early netizens like me, i indeed learned to develop a deep respect for their kind. For, even if they do a lot of shady stuff, they do have a very strong attachment to some principles. and that's something to be respected.

    Anyway. see, what they have done. good luck to govt and their lackeys in finding who did it. they may even be inside hbgary itself. you'll never know. once a rebel, always a rebel.
    • ...they do have a very strong attachment to some principles. and that's something to be respected...

      One should always be wary of principled men.

    • by Bob9113 ( 14996 )

      > For, even if they do a lot of shady stuff, they do have a very strong attachment to some principles. and that's something to be respected.

      That is, to me, the ultimate conundrum in a nutshell. What is better? A democratic government comprised of people selected by a process which severely inhibits principles, or a renegade cabal of vigilantes whose unity derives from a set of moderately respectable (if often conflicting and sometimes harmful) principles.

      Sure, the "right" answer is a principled democrati

  • Talk about rats leaving a sinking ship...

    • by hjf ( 703092 )

      I never get the point about rats leaving a sinking ship. Where the fuck are the rats going anyway???

      • I never get the point about rats leaving a sinking ship. Where the fuck are the rats going anyway???

        Actually, Brown Rats are excellent swimmers.

      • by gknoy ( 899301 )

        Better to swim with the debris than get carried under by a large (flooded) container that used to float.

    • by lowtekk ( 518270 )

      I thought he ran after he shot Alexander Hamilton in a duel.

  • by unity100 ( 970058 ) on Tuesday March 01, 2011 @03:30PM (#35350802) Homepage Journal
    http://nakedsecurity.sophos.com/2011/02/16/lessons-to-learn-from-the-hbgary-federal-hack/ [sophos.com]

    down below.

    http://sophosnews.files.wordpress.com/2011/02/hbgary-rsa-sign.jpg?w=640 [wordpress.com]

    "A group of AGGRESSIVE hackers known as 'Anonymous' illegally broke into blah blah ..... blah blah and stole proprietary and 'confidential' information which was STOLEN by us by using ROOTKITS and VIRUSES and 0 DAY EXPLOITS from private citizens' computers ....."

    corporate lack of shame. you produce rootkits, viruses, 0 day exploits, malware to spy on people, steal their confidential, legally private information to SELL them, and then you dub that information 'proprietary' information belonging to you ....

    i wonder what will they say in their defense in front of senate committee. what's more, i wonder what will the senate committee say to them, in regard to their dealings with this filthy outfit.

    whats the slogan of hbgary anyway ? "hey - we produce viruses, rootkits, 0 day exploits and malware to steal your private information to sell to corporations and government !!!" ?
    • That's the worst slogan I've ever heard.

      It's not even catchy.

    • by Bob9113 ( 14996 ) on Tuesday March 01, 2011 @05:24PM (#35352008) Homepage

      > i wonder what will the senate committee say to them, in regard to their dealings with this filthy outfit.

      Here's my guess: "When Blackwater got caught doing evil shit, they had to split up into a bunch of shell companies with different names so we could keep paying them enormous sums of taxpayer money to keep doing business as usual. Now you are going to have to do the same. One of the contractors from one of the new Blackwater shells who works for the CIA just got caught shooting non-combatants in the back, and we are having a motherfucker of a time keeping people from making the connection. Like that guy, we'll give you diplomatic immunity or state secrets protection, or whatever we need to do to prevent justice from being served, but it is a pain in the ass. Don't get caught again."

      Of course, that's not going to be the public part.

  • Quis custodiet ipsos custodes?

    Where money and power is concerned there is no freedom and nothing is sacred; except money and power.
  • The problem I have with this is that I think its just noobs selling shit to boobs.The more this story develops I become more and more uncertain that HBGary had te technical know how to make working root kits, and 0-days for multiple OS's. I betcha these guys would just sit waiting for bugtraq to update and hurriedly package it, that i do believe they are capable of. Some of the things that were apparently willing to sell or selling require superior technical understanding, and if the twats at HBG had that,

  • by Anonymous Coward

    http://en.wikipedia.org/wiki/The_Yes_Men

    The Yes Men often deploy a satirical approach: they pose as a powerful entity (typically a corporate or government representative or executive) and make ridiculous and shocking comments that caricature the ideological position of the organisation or person. Furthermore, they acknowledge the idea that many corporate or government entities manipulate their ideology using spin; in response, the Yes Men use this power of spin to their own advantage, and use media outlets

  • by elashish14 ( 1302231 ) <`profcalc4' `at' `gmail.com'> on Tuesday March 01, 2011 @03:57PM (#35351056)

    Are they gonna be investigated too?

  • "He who lives in glass house should not throw stones"

    ok it's not attributed to him, but is attributed (in various slightly differing forms) to a wide variety of people, including Ben Franklin. Nothing quite as entertaining to see someone tasked with bending laws get bent over BY the laws, from their own pen.

  • by advocate_one ( 662832 ) on Tuesday March 01, 2011 @05:36PM (#35352168)
    the existence of personna management software makes you wonder about the useage of facebook and other social media in the revolutions in Tunisia, Egypt and Libya doesn't it...

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...