Anonymous lashes out at security firm HBGary Federal over WikiLeaks probe

The security firm, in collaboration with the FBI, has been working to identify members of the group responsible for distributed denial of service (DDoS) attacks on companies that suspended services to WikiLeaks.

Unlike the DDoS attacks, the latest activities by Anonymous members involved true hacking skills, according to Chester Wisniewski, a senior security adviser at Sophos.

This time, Anonymous compromised the HBGary website and replaced it with an image explaining the group's motivation, as well as downloading more than 60,000 emails from the company and posting them on The Pirate Bay, said Wisniewski.

The Twitter account of HBGary's chief executive, Aaron Barr, was compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone number.

According to Forbes, the LinkedIn accounts of other HBGary executives were compromised within minutes.

The attack comes after Barr was recently quoted in the Financial Times as saying he had identified two key members of Anonymous, along with senior members in the UK, Germany, the Netherlands, Italy and Australia.

The report followed news that police had arrested five suspected members of the group in the UK and carried out 40 court-authorized searches in the US.

Barr was planning to sell his research to the FBI and hold a meeting with the authorities on Monday, said Forbes, citing sources within Anonymous.

According to, HBGary was attacked using a combination of social engineering and a shared password between systems.

"Training employees on the proper verification of identity before exposing secure systems is an essential part of a corporate security program," said Wisniewski.

Staff who feel they need to take action when someone important, such as a company executive, is apparently asking for help can have disastrous results, he wrote in a blog post.

"The CEO and founders must be subjected to the same rules as everyone else," said Wisniewski. "Employees challenging their superiors should be praised rather than chastised when they follow the policy."

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?