“Do not meddle in the affairs of hackers, for they are subtle and quick to anger.”
Following last week’s hacking of shamed LIGATT CEO Gregory D Evans, this week it was the turn of security firm HBGary to get exposed. HBGary have been aiding the FBI with their investigations into members of Anonymous. Although Anonymous isn’t a centralised ‘group’, their recent DDoS attacks and hacks of oppressive governments and anti-wikileaks organisations (including PayPal, MasterCard and VISA), have made them a target of the US Federal Government.
HBGary were allegedly preparing to hand over information about certain members of Anonymous to the FBI, who have already made several arrests in the US and UK, and obtained over 40 search warrants in an attempt to shut down Anonymous (probably not possible imo). Angered by CEO Aaron Barr and HBGary’s involvement in FBI investigations, members of Anonymous compromised a number of HBGary servers, defacing their website, gaining access to CEO Aaron Barr’s Twitter account, and obtaining a large number of emails. In what seems to be the popular punishment at the moment, over 50,000 corporate emails were released in a torrent. Anonymous also stated, on one of their many Twitter accounts, that the source code of HBGary’s security products was also obtained – although these don’t appear to have been released (yet?).
“You’ve angered the hive, and now you are being stung.”
Anonymous posted a message to HBGary on their defaced website, where they mock the firm for their lack of security and the unsubstantial ‘public’ information that was going to be handed sold to the FBI.
Hit the jump for Anonymous’ full message.
[Update] Aaron Barr steps down as CEO of HBGary Federal
It appears that the website (rm’d), email and Twitter account of the much disliked LIGATT CEO Gregory D Evans have been hacked, and 84,668 of his emails have been leaked in a 4.15GB torrent. Evans, self-declared “World’s Number 1 Hacker” and also a convicted felon, is frequently outed by many in the security industry for his use of plagiarism, fraud and unethical practices. This leak is probably due to his consistent harassment of security professionals who have been vocal about exposing his activities. A full and descriptive profile of Evans is available at SecurityErrata.org.
Messages were posted on Evans’ hacked Twitter account (above), pointing to a Pastebin (since removed). Here is an excerpt:
Do not meddle in the affairs of hackers, for they are subtle and quick to anger.
When one thinks of frauds in the infosec community, most people are quick to point to Gregory D Evans of LIGATT Security[…]
He’s gone after people at their home to intimidate them and their family. He’s gone after them at their work to discredit them with their employer. And as everyone knows, he recklessly sues anyone who speaks negatively of him on the internet[…]
Enough is enough. He must be stopped by any means necessary. To that end, at the end of this message is a torrent of the inbox of firstname.lastname@example.org.
The end of the message contained a link to another pastebin (also removed), which was a Base64-encoded torrent file. The password for the archive in the torrent, as posted on his Twitter feed, is “DoomedCharlatan”. Ligattleaks (now offline), a site dedicated to leaking information about Gregory Evans’ activity (although they say they were not involved in this particular leak), have announced that they will be trawling the emails for evidence of fraud and unethical behaviour.
[Updated] Ligattleaks is back online offline
online offline, for good it seems. Another security firm (HBGary) hacked and exposed for investigating Anonymous.
[Update 15/2/2011] CBS Atlanta had a news segment about LIGATT and Gregory Evans entitled “Hacker or Hoax”. LIGATT responds to CBS Atlanta (link removed as his site was found to be distributing malware). This post debunks LIGATT’s response.
Gawker Media, who run many other sites including Lifehacker, Gizmodo and io9, have had their servers and databases hacked by a group called Gnosis. This results in over 1.3 million user accounts being compromised, across their various websites. Part of the issue is the fact that Gawker were using the outdated DES algorithm to secure passwords in the database, making it trivial for the hackers to crack the hashes. To make matters worse, many Gawker admins have also been using extremely weak passwords for their accounts. A full account from the hackers’ perspective can be found here, and there is clearly some beef between them and Nick Denton (owner of Gawker) who appears to have been baiting 4chan (baad idea).
The 1.3 million user accounts, together with Gawker Media’s source code, have been made available in a torrent posted on The Pirate Bay. You can quickly check whether your account is one of those by checking out this spreadsheet (Google). It’s safe to say that if you have any accounts on websites run by Gawker Media, you’re going to want to change your password. If you happen to reuse passwords a lot, then you’ll want to change your password everywhere… isn’t password reuse a joy?
The cables, which date from 1966 up until the end of February this year, contain confidential communications between 274 embassies in countries throughout the world and the State Department in Washington DC. 15,652 of the cables are classified Secret.
The embassy cables will be released in stages over the next few months. The subject matter of these cables is of such importance, and the geographical spread so broad, that to do otherwise would not do this material justice.
The cables show the extent of US spying on its allies and the UN; turning a blind eye to corruption and human rights abuse in “client states”; backroom deals with supposedly neutral countries; lobbying for US corporations; and the measures US diplomats take to advance those who have access to them.
One cable reveals that China’s Politbureau was responsible for the attacks against Google China back in January 2010.