Skip to content

Posts tagged ‘FBI’


HBGary: Security Firm Investigating ‘Anonymous’ Hacked and Exposed

“Do not meddle in the affairs of hackers, for they are subtle and quick to anger.”

Following last week’s hacking of shamed LIGATT CEO Gregory D Evans, this week it was the turn of security firm HBGary to get exposed. HBGary have been aiding the FBI with their investigations into members of Anonymous. Although Anonymous isn’t a centralised ‘group’, their recent DDoS attacks and hacks of oppressive governments and anti-wikileaks organisations (including PayPal, MasterCard and VISA), have made them a target of the US Federal Government.

HBGary were allegedly preparing to hand over information about certain members of Anonymous to the FBI, who have already made several arrests in the US and UK, and obtained over 40 search warrants in an attempt to shut down Anonymous (probably not possible imo). Angered by CEO Aaron Barr and HBGary’s involvement in FBI investigations, members of Anonymous compromised a number of HBGary servers, defacing their website, gaining access to CEO Aaron Barr’s Twitter account, and obtaining a large number of emails. In what seems to be the popular punishment at the moment, over 50,000 corporate emails were released in a torrent. Anonymous also stated, on one of their many Twitter accounts, that the source code of HBGary’s security products was also obtained – although these don’t appear to have been released (yet?).

“You’ve angered the hive, and now you are being stung.”

Anonymous posted a message to HBGary on their defaced website, where they mock the firm for their lack of security and the unsubstantial ‘public’ information that was going to be handed sold to the FBI.

Hit the jump for Anonymous’ full message.

Ars Technica has a good review of how this all went down, and a step-by-step account of how the hack was possible.

[Update] Aaron Barr steps down as CEO of HBGary Federal

Read moreRead more


OpenBSD IPSec Possibly Probably Not Backdoored by FBI

In a post to the OpenBSD mailing list, developer Theo de Raadt reveals an email from an ex-contributor (Gregory Perry) alleging that money was accepted from the FBI around 2000-2001, in return for implementing a backdoor into the IPSec stack. Such a backdoor would give the FBI the ability to eavesdrop on any IPSec connection made using OpenBSD, or any other projects that have since made use of its IPSec code.

Clearly this would be a big deal if true, and although we know that open source projects are regularly backdoored by rogue developers or ‘hackers’ (such as the recent ProFTPd backdoor), it is not often that we hear of governments inserting some themselves. Should we be surprised? After all it is known that the NSA was involved with the development of DES by altering the algorithm’s S-Boxes and suggesting a shorter key length. There are also rumors of a covert backdoor in several versions of the Windows OS. That said, many people are smelling a troll in this case.

Following this information (can we call it a leak rumor?), OpenBSD’s IPSec code will undoubtedly come under quite a bit of scrutiny, and I’m sure we will hear a lot more about it should anything untoward be uncovered.

Read the full mailing list post here, archived below for posterity.

[Update] Scott Lowe denies being affiliated with the FBI, and Jason Wright denies having inserted a backdoor. This is sounding more and more like a trolling. To what end, I couldn’t speculate. It’s also worth noting that this kind of activity would probably not fall under a normal NDA, but under a government-level Top Secret classification which lasts at least 25 years…

An interesting observation about OpenBSD IPSec and Stuxnet. Read moreRead more


Warrantless and Unwarranted FBI Tracking of Egyptian Student

Twenty year-old US-born half-Egyptian marketing student from California, Yasir Afifi, recently found an FBI tracking device attached to the underside of his car. Apparently he wasn’t even the primary focus of the surveillance, but happens to be the friend of someone who’s of interest to the FBI. It’s believed the friend (Khaled) is of interest due to a post he made on his blog/reddit.

Here’s one of his posts:

bombing a mall seems so easy to do. i mean all you really need is a bomb, a regular outfit so you arent the crazy guy in a trench coat trying to blow up a mall and a shopping bag. i mean if terrorism were actually a legitimate threat, think about how many fucking malls would have blown up already.. you can put a bag in a million different places, there would be no way to foresee the next target, and really no way to prevent it unless CTU gets some intel at the last minute in which case every city but LA is fucked…so…yea…now i’m surely bugged : /

To be honest, sounds like a post I could’ve written. I definitely agree with the guy. I guess the only reason I’m not being watched is because I’m not dark skinned, or from an Eastern country, or whatever other profile they rely on these days. Or maybe I am being watched and just haven’t found the tracking device yet.

About 9 days ago, they found the device (pictured below), and originally thought it was either a tracking device – or a bomb. From his description of the events, however, it sounds like they may also have been stoned at the time. A recent ruling by the Ninth Circuit in California (and 8 other states) states there is no requirement for a warrant to be obtained in order to perform this kind of tracking. They are allowed to come onto your property and plant a tracking device on your car, as you have no reasonable expectation of privacy on your driveway. Good morning Orwell.

The American Civil Liberties Union in Washington are considering using these events to challenge the Ninth Circuit’s ruling.

Now why they chose to use what looks like a Soviet-era tracker is beyond me. Maybe they ran out of the smaller non-battery-powered models that they make in this century. According to a commenter on reddit, the device is a Guardian ST820, manufactured by Cobham. Apparently these things are meant to be hard to find (despite the size), when installed properly. Surveillance Fail? The FBI have since asked for their tracker back.

Check out this Wired article for more details.

If you want to build your own affordable GPS tracker, check out this project!

[Update 8/3/2011] Yasir Afifi files lawsuit over FBI’s GPS tracking