How One Security Expert Kicked The Hornet’s Nest that is Anonymous

As promised. The second article I alluded to in my last post is really a series of articles ars technica ran last month. It’s an absolutely riveting tale of how the CEO of a well-known Internet security firm stirred the wrath of a loose collective of hackers known as “Anonymous” and paid a heavy price.

Anonymous has been around for a while, but if you’re unfamiliar with them (it?), they’re not easy to define. The Wikipedia article on Anonymous refers to them as:

“…representing the concept of many on-line community users simultaneously existing as an anarchic, digitized global brain. It is also generally considered to be a blanket term for members of certain Internet subcultures”

This does not exactly roll off the tongue, but the article goes on to explain that this “representation of a concept” evolved into “a decentralized on-line community acting anonymously in a coordinated manner, usually toward a loosely self-agreed goal.” Initially, their goal seemed to be entertainment, or the lulz, but more recently the’ve channeled their efforts into various causes. They made a few headlines for example when they launched a DDoS attack against the websites of MasterCard, PayPal and others after those companies terminated their relationships with Wikileaks.

This is when Aaron Barr, CEO of a well-regarded Internet security firm called HBGary, enters the story. A self-described fan of Wikileaks, he nonetheless sensed a business opportunity in the attacks by Anonymous on MasterCard et al. He hypothesized that he could identify the culprits using data from social networks like Twitter and Facebook, and he knew this would raise his – and his company’s – profile in the Internet security business.

To test his hypothesis, he went undercover in IRC chat rooms and other places where the denizens of Anonymous are known to travel. Eventually, he thought he identified several of the “top leaders” of Anonymous, and he revealed himself to them in an ill-advised moment of hubris.

This turns out to have been a bad idea. Hours later, his company’s website was wiped out and replaced by this (click to enlarge):

But that’s not all, to put it mildly. Members of Anonymous hacked Barr’s Twitter and Gmail accounts, pilfered the company’s email, purged terabytes of backed-up data and more.

I’m not doing the story justice though. It’s a great read, and a kind of primer of basic hackery. Enjoy…

How One Security Firm Tracked Anonymous and Paid a Heavy Price

Anonymous Speaks: The Inside Story of the HBGary Hack

Virtually Face to Face: When Aaron Barr met Anonymous

Anonymous vs. HBGary: The Aftermath