Forgot your password?
typodupeerror
Security IT

Aaron Barr Talks About DEFCON, Anonymous Attacks 77

Posted by CmdrTaco
from the between-the-barrs dept.
Trailrunner7 writes "Finding Aaron Barr at this year's DEFCON hacker conference in Las Vegas was like a giant game of 'Where's Waldo.' Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a 'teaching moment' for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his own counsel. But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits."
This discussion has been archived. No new comments can be posted.

Aaron Barr Talks About DEFCON, Anonymous Attacks

Comments Filter:
  • It reads like they emailed him the questions and he replied in writing. Fuck him. I hope you're proud of what you put your family through just so you could try to thump your chest a little bit. Pride goeth before destruction, and a haughty spirit before a fall. Reap what you sow you lying asshat.
    • Re:Fuck Aaron Barr (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Tuesday August 16, 2011 @09:25AM (#37106242) Journal
      It's worse than that, honestly. If he were just a chest-thumping internet blowhard, that would just put him among the untold millions of gratingly defective personalities infesting the internet. No big deal.

      However, for all his pleasant protests to the contrary "Oh, look at me, I'm against Wal-mart and the Iraq war!", he is basically the smiley face standing in front of a bunch of unsavory characters(HB Gary's work on rootkits, for instance, was not exactly "defensive" in nature...)

      Choice little bits like "Good threat intelligence requires comprehensive real-time collection and analysis on all threats, and in a constantly connected, social media-dominated world, this appears to some as an encroachment by governments or companies on privacy in the name of security. In my opinion, well-intentioned efforts run afoul of some civil libertarians and privacy advocates because of the perception of encroachment. But with mediums like social networking Web sites, which enable easy manipulation of identity, it is getting difficult to separate the actual threats from the bystanders." certainly do sound all nice and 'nuanced'; but are basically a polite re-statement of the justification for the too-creepy-even-for-congress Total Information Awareness stuff.

      In a slightly different vein, his "The need for anonymity for in the latter case is critical to protect whistleblowers or dissidents. In the case of the former - online protests - I believe anonymity and the lack of personal accountability is absolutely corrupting what I think are some of the key tenets of lawful protest. These include personal sacrifice and a willingness for individuals to stand up and be associated with a cause or idea with boots on the ground, as it were." sure does sound nice, except for its implied premise that there are "whistleblowers or dissidents", the good guys, who can be clearly separated from mere "protesters" who had better be ready to wear nametags and stand neatly in the free speech zone. Fantastic... Earth to Aaron Barr... Entities being attacked always classify their attackers, whatever their means, as the most dangerous/evil category available. Nobody says "Well, gosh, I guess that the guy who just leaked our secret plans is just a good, honest, whistleblower. Good on him!".

      For all his 'shades of grey' droning, assertions of 'liberalism', and whatnot, this guy is a dirty little cog doing his bit for surveillance society(but not to fear, he says he is a "white hat"). At best, he maintains the oh-so-not-at-all-daring position that other people's dissidents are good guys who are worthy of protection; but the(apparently not "dissident") actions of 'attacking' "Law Enforcement" and "Sony" are just evil criminal stuff. Apparently they are in the way of "Western Information Dominance"...
      • (HB Gary's work on rootkits, for instance, was not exactly "defensive" in nature...)

        And the astroturfing software, too, that gave me the warm and fuzzies:

        It was also revealed that HBGary Federal was contracted by the U.S. government to develop astroturfing software which could create an "army" of multiple fake social media profiles to manipulate and sway public opinion on controversial issues. This software could also scan for people with points of view the powers-that-be didn't like and then have the "fake" profiles attempt to discredit those "real" people.

        source [wikipedia.org]

        Yeah, he's one of the "good guys" alright. Give me a fucking break.

        • The "Team Themis" work for Bank of America also appears to have been heartwarmingly benign. I can't tell if this guy has a serious case of cognitive dissonance, or whether he is just lying.
          • by Anonymous Coward

            Maybe he's convinced himself to truly believe it. Only way to sleep at night.

      • "But with mediums like social networking Web sites, which enable easy manipulation of identity, it is getting difficult to separate the actual threats from the bystanders." This is one of the better observations I have heard regarding the current state of the Internet. "protesters" who had better be ready to wear name tags and stand neatly in the free speech zone" This is just your interpretation of what he actually said or do you really know what he is thinking and consider yourself a fucking psychic tru
    • Re:Fuck Aaron Barr (Score:4, Insightful)

      by AngryDeuce (2205124) on Tuesday August 16, 2011 @09:41AM (#37106384)
      From TFA

      Board rooms now regularly discuss corporate vulnerabilities and mitigation strategies. In turn, they are spending more on security as a result of these threats. That is a good thing right? Maybe.

      Maybe?? Did this guy not work for a fucking security firm? Now it's "maybe" a good thing they are spending more on security?

      Is he trolling himself now?

      Funny how the conversation always comes around to it being all because of those damn dirty hackers. You don't see anyone in the mainstream media saying "Hey, Sony, maybe you shouldn't have been storing customer info in plaintext on your poorly secured servers?" Anonymous gets a hold of that, and they embarrass people. Eastern European or Chinese hacker groups get a hold of it, we're in a far worse position.

      We can sit here and pray for a day when there won't be hackers, it'll never happen, but whatever. But what we can't do is just ignore the woefully inadequate security measures being used in these companies that, frankly, can afford a lot better. They refuse to let us use these services without every piece of information about us they can get short of a DNA sample, throw said info on an open server with no protection, and then blame everyone else when they get hacked and lose customer data.

      This is why customer data should be regulated the same as medical data. If our medical records were stored like our credit card numbers are on so many sites, people would have a shit fit. It's time to start holding these companies liable for gross negligence when they can't maintain the security of our data within reason.

      • by _Sprocket_ (42527)
        In my view, that "maybe" is important. Spending more money on "security" may or may not actually improve security posture. Money spent in fear without understanding isn't guaranteed to go towards sane, educated decisions.
  • by fuzzyfuzzyfungus (1223518) on Tuesday August 16, 2011 @08:59AM (#37106004) Journal
    Is he implying, by the notion of "more constructive" that crushing him and shedding some light on his creepy private-sector-spook buddies was not, in fact, a valuable use of time?

    If it were possible to do so more widely and efficiently that would certainly be "more constructive"; but I'm suspecting that he has something else entirely in mind...
    • by Moryath (553296)

      I have to agree. Aaron Barr's dishonesty seems to know very few bounds. I'd be happier if a lot of people like him suddenly found themselves jobless.

    • by Hatta (162192)

      Hm, can we rig up some sort of VOIP system so we can hear the lamentations of their women?

      • Does the time when that HB Gary exec came in to the anon IRC channel and begged for mercy count?

        It wasn't strictly audible; but it was both hilarious and the lamentations of one of their women...
  • by Anonymous Coward

    If I recall correctly he was attempting to attack anonymous, and once they found this out they ripped him apart.
    I'm not condoning the actions of either party, but you don't walk into a pit of wolves without being fully aware of the risks you are taking. Ars has a detailed series on this saga that gives the full detail:
    http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars

  • ...Anonymous are just a bunch of thugs now. Had they stuck to their original purpose they could have been a force for good. Now they're farce - no different from every ego-centric hacker group that came before them.
    • by Nursie (632944)

      Anonymous original purpose? Which one were you thinking of -

      Do it for the lulz?
      Because none of us is as bad as all of us?
      Internet hate machine?

      Anonymous has always been about pissing people off and messing with their lives for fun.

      • If that's is true, then why does Anonymous release a super melodramatic, self-important manifesto every time they deface a website? If it's for the Lulz then laugh. It's not for the lulz though, it's for the attention.
        • by idontgno (624372)
          Nota bene: "lulz" is not an alternate spelling of "lol" and isn't necessarily about any commonsense notion of laughing. Most of lulz is, in fact, about attention. Sometimes, a manifesto is sincerely meant, and sometimes it's just more trolling. And sometimes it's just not there (which happens too). And since lulz are about attention and power and self-satisfaction, and since website defacing is pretty much always about "look at what I did" (cracking culture has always been this way), it'd be silly to expect
    • by nedlohs (1335013)

      Doing shit because you find it funny is a force for good? What "good" came of creating lots of black men in suits avatars and blocking off areas in a stupid social networking/virtual hotel thing and forming swastikas and declaring the pool closed due to AIDS? Aside from being funny of course.

    • by BitZtream (692029) on Tuesday August 16, 2011 @09:35AM (#37106342)

      Now? As if at some point in the past they were different? Are you really that stupid?

      There is a reason why mob justice isn't legal, because its never about the fucking justice and always about one group making another group or individual suffer for various reasons of personal gain.

      The Internet is not DIFFERENT than anything else, people there are EXACTLY THE SAME as everywhere else.

      Just because at one point in the past they were picking on people that you didn't like, doesn't mean they were trying to do something good. You just happen to share a common foe for the moment, nothing more. Stop trying to make some random group of losers on the Internet a romantic fairy tale.

      • The Internet is not DIFFERENT than anything else, people there are EXACTLY THE SAME as everywhere else.

        People are the same, but what they are allowed to do is different. At one time public stonings were universally accepted; now they are frowned upon in most countries. However, on the Internet, they are still a common occurence.

    • by poetmatt (793785)

      troll more creatively please.

      Aaron Barr got his ass handed to him, almost specifically for being unethical. This shouldn't exactly be a surprise.

  • Barr's world view is IMO too simplistic, the answer to "'Building a better Anonymous.’ Is that possible?" shows his black/white thinking.

    the first sentences of the second paragraph read slightly rephrased like: "Anonymous is only a serious activist organization when the targets are political opportune, e.g. Egypt and Tunesia. Attacking Law Enforcement (but not the Egypt and Tunesian ones) or Sony is straight criminal"

    • It isn't just black-and-white, it's either blindingly idiotic or sheer jingoism...

      Can he seriously doubt that his hypothetical counterparts in Egypt and Tunisia were doing anything other than denouncing the merely criminal activities of those who, unlike legitimate activists, simply attacked Law Enforcement?

      If he can, and somehow imagines that 'evil' regimes consist entirely of bad guys twirling their mustaches and congratulating themselves on how evil they are, then he is being idiotic. If he can't,
  • ... and I'm sharing my impression... with the hope it will save others some time so they can waste it on more intelligent news: for example, try this: Man Just Walked Into Best Buy For No Reason Whatsoever [theonion.com]
  • Anonymous's theoretical view is that anyone can join.

    That means they will attract both "good" and "bad" (and perhaps some "ugly"). Therefore "more constructive pursuits, " whatever that may be- will be followed, as will more dumbarse pursuits, more juvenile pursuits, and more lulzish pursuits.

    You have to think what type of people will be attracted to the un"organization" to see what direction it will take.

    Outright criminals are unlikely- no profit.
    Professionals are unlikely
    Bored, younger, tech-sav
  • To me "constructive" is outing worthless government contractors who are worthless.

    Shedding light on how our government throws money away on these inept (and most likely friends') contractors is what we need.

  • by dirtyhippie (259852) on Tuesday August 16, 2011 @09:47AM (#37106440) Homepage

    FTA: "I would have loved the opportunity to convey a few misunderstandings about me." Nothing to see here, move along.

  • For a minute there, I thought they were talking about Aaron Burr [wikipedia.org].
    • For a minute there, I thought they were talking about Aaron Burr [wikipedia.org].

      For a minute there, I thought they meant Aaawooon Baaauuuh.

  • by Anonymous Coward
    so, this guy gets hacked and proven to be a failure in the security world, and scum, and it BOOSTS his career? i'm i lost? is this earth? i can't believe anyone would listen to him about anything at this point. much less large conferences, and the /. crowd...
  • But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits.

    For Aaron Barr, the definition of "constructive" begins and ends with making money... by whatever means available.

  • "and whether it's possible for the group to turn its attentions to more constructive pursuits."

    Take a look at the list of charges against Aaron Barr in the comments above. How is taking him out of circulation not constructive?

    Phillip.

  • What can be more constructive than pursuing hired whores that are out to spy on the citizens for the profit of a few private parties or a repressive regime.
  • You wouldn't believe the Tour of the Internet I just took to see if the HBGary Aaron Barr was (somehow) the same guy who was a housemate of mine back in the 70s.

    No, thank God, he's not. My guy is the one who wrote The Handbook of Artificial Intelligence back in the early 80s.

  • what about the rights of people like Glenn Greenwald and others? what about the invasions of privacy committed by Team Themis and others like them? What about the leaked emails that would allegedly place Barr in the position of hacker, as he experimented with his companies own 'offensive' (as opposed to defensive) tools and practices?

  • Anonymous is in fact giving voice and force to the dispossessed. Aaron Barr doesn't see it that way because he built his career working for the bad guys.

    The existence of child pornography is not a serious issue we face. As reprehensible as sexual abuse of children is, mere possession of images of it should not be a crime. Child pornography is mostly used as a pretext for border guards to go on fishing expeditions.

Whoever dies with the most toys wins.

Working...