"What happened to Barr? Anonymous loudly and angrily demanded that Penny Leavy fire him, since his list of Anonymous names could allegedly have gotten "innocent people" into serious trouble. Leavy made clear that HBGary Federal was a separate company from HBGary, one in which she owned only a 15 percent stake, and that she couldn't simply "fire" the CEO."<p>I found the comments on this article interesting: <a href="http://threatpost.com/en_us/blogs/rsa-2011-winning-war-losing-our-soul-022211" rel="nofollow">http://threatpost.com/en_us/blogs/rsa-2011-winning-war-losin...</a><p>"They claimed that the company was under separate management, and that HBGary, Inc. only had a 15% stake in the company. However, the Operating Agreement for HBGary Federal, LLC, reveals that Greg Hoglund and Penny Leavy were two of the original six Founding Directors of HBGary Federal. Futher, Penny Leavy herself signed the incorporation application with the California Secretary of State. This Operating Agreement confims the 15% stake held by HBGary, Inc. in HBGary Federal, but it also reveals that Penny Leavy herself holds a 48% share in the company. Her 48% share, plus that of HBGary, Inc. (15%) puts their combined ownership stake at 63%. In terms of dollars invested, their investment in HBGary Federal amounts to some 87.5% of the total monies invested.<p>"This operating agreement can be downloaded from:
<a href="http://cryptome.org/0003/hbg/HBG-Fed-OA.pdf" rel="nofollow">http://cryptome.org/0003/hbg/HBG-Fed-OA.pdf</a> "<p>Exhibit B in the Cryptome PDF (page 31) does indeed show Penelope Christine Leavy with 48%, in addition to HB Gary Inc's 15%.
From what I've read elsewhere, in terms of online crimes, the FBI is treating Anonymous second only to child porn (<a href="http://www.dailycampus.com/mobile/news/fbi-raids-house-on-n-eagleville-1.1961646" rel="nofollow">http://www.dailycampus.com/mobile/news/fbi-raids-house-on-n-...</a>). Probably a function of the power and money behind the people they've attacked (the Visa/Mastercard DDoSes in particular).
The characterization of Anonymous as some single or unique entity is misleading. The sign at the booth and the fax HBGary received were (likely) not perpetrated by the hackers who did the damage. Anyone in the right mood might have gone through with it, fueled by the success of the original attack. And the point made at the end of the article that Barr's list of supposed identities contained many innocent people was very true.
<i>..."they struck gold with an SQL injection attack on HBGary Federal's content management system. [...]
They quickly grabbed and decrypted user passwords from the website</i>"<p>A security firm cracked by scriptkiddie tricks? Storing passwords in the database, instead of hashes? Hmmm...
Not much substance in the article, but: HBG come across as whiny little losers ("oh noes! we are being threatened!!"), and Anon seems to have gotten bored and moved on.
The biggest worry here is that HBGary is not being held accountable for their criminal activities. They have been using tools and psy-ops practices developed for the military against U.S. political targets. That is against the law.
From the article:<p><pre><code> "Instead, he believes that Anonymous has "decided to continue their antics. They're in it for the laughs… this is a real funny game for them." Not content with the damage they have inflicted, they "harass a company that's trying to get back to work." Each time a new story about the company appears in the press, Butterworth said that these attacks spike again."
</code></pre>
If the press is bad for HBGary why do they participate in it? A no comment would have been sufficient. I think HB Gary is participating in the press to incite attacks so they can present themselves as victims, collect evidence, have someone charged, and declare victory. Seriously, a sheet of paper written in sharpie. They're expecting me to believe that the RSA holds a security conference with out badges, with out video monitoring and that some anon in a Guy Fawkes mask walks up to the table and places a threatening did it for the LULZ paper on their booth with no one noticing. Maybe, V for Vendetta is a real movie and such a person really exists who can easily pass through intelligence services and evade video monitoring. If I was HB Gary I'd have extensive surveillance on the booth to catch just such a thing. I'll use the Aaron Barr method of finding anons and assume the anon who placed the paper is employed by HB Gary. This from a company whose services are retained for their ability to plant false documents. The sign should read 'We got laughed out of the security conference for using weak passwords, storing them weakly, and reusing passwords in addition to being vulnerable to basic SQL injection.'<p>In my opinion, officers of HBGary Federal were engaged in stalking people online and selling private information about individuals for commercial purposes, as well as engaged in defaming these individuals with false information to the FBI. Given the demographic of anonymous it's quite likely that some of these individuals were children. I'm not sure if this is illegal in the US, but if they collected and prepared to sell personal information without consent about Canadian citizens they'd likely be in violation of Federal Law. (PIPEDA)<p>Also, regarding the millions of dollars in damages, these claims would be impossible to verify with a private company. Public companies on the other hand are required to file damages to the company both tangible and intangible. In a lot of hacking cases you'll see millions of dollars claimed, but if you look at the 10-Qs (SEC Required docs) you'll see no such filing. If you want a case to look at in particular for this, look at what happened to Kevin Mitnick. Why is it ok for HBGary to take money to compromise computers, but when Anonymous engaged in expression of speech they are targetted by federal investigators?<p>This is a company that used intelligence assets against pro-union websites. My personal feelings regarding unions aside, this is attempting to violate the rights of individuals to peaceably assemble. Even if it isn't illegal per se, it's highly unethical.<p>If HB Gary only engaged in ethical business practices there would be little damage from the disclosure of the emails. The damage results from the conspiracy to commit activities that are likely criminal.<p>A better question to ask is given the emails why Federal charges have not been laid against HBGary?<p><a href="http://en.wikipedia.org/wiki/National_Labor_Relations_Act" rel="nofollow">http://en.wikipedia.org/wiki/National_Labor_Relations_Act</a>
the more i read about this HBGary the more i feel that justice is being served. These fat and lazy morons thought that because they've been doing dirty things for government they are above the law and basic ethical rules ... Of course, they are above the law that enforced by their government friends, yet there is the Karma law and "we the People".