Yesterday a story hit Yahoo News about a security firm called HBGary, which had allegedly been investigating Anonymous and trying to make them unanonymous. The article is was literally dire in every possible way. It made references to the ‘founders of Anonymous’ and kept referring to ‘senior members’. Either the security company was really, incredibly clueless or they were trolling for publicity. They make their money selling their security services so probably a good deal of the latter. Anonymous is kind of like a mob in that it doesn’t really have senior members or leaders, it has people who are doing something and eventually either it gains traction or it dies out. People who do occupy ‘senior’ positions do so very transiently and they don’t have the power alone to start or stop anything. It is not a structured organisation or a terrorist cell or anything like that. It’s much simpler: it’s a lot of bored teenagers with roughly the same ideas. It’s the same structure employed among teenagers all over the world, Anonymous or not. There is a kind of V For Vendetta subtext in that the idea is more important than the people, but this is probably just a consequence.
Following in the footsteps of other people who have goaded Anonymous, about 48 hours after HBGary got their name everywhere as the security experts investigating Anonymous, they’ve been hacked by Anonymous. Not only was their website hacked and defaced, but their emails (66,000 apparently) have been leaked and Aaron Barr’s (HBGary’s CEO and the guy who gave the interview in the Yahoo article) Twitter account has been hijacked. Anonymous even used his Twitter feed to announce the leak! This is a considerably more involved attack than anything they’ve done before, according to Brian Krebs (security researcher/journalist), they socially engineered their way into the server with a technique that’s so blatant as to be astonishing (query: “is the password X or did we change it to Y?”, response: “no it’s Z”). It would all just be juvenile vandalism were it not for the fact they did it against a security company, which makes it news, and the astounding level of self/situationally unaware confidence/arrogance Anonymous displays which makes it, err, I don’t know, theatre? The firm said: “We try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on”. I think many of us would be fascinated to know how they manage to protect the US government from international hackers when they apparently can’t protect themselves from teenagers. The Inquirer sums it up pretty well with the headline ‘Anonymous takes insecurity firm HBGary to the cleaners‘.
Despite claims in the Yahoo article that HBGary’s research was probably worthless, there are claims that the leaked emails show that they were going to try to sell it to the FBI anyway. Is this how law enforcement works in the US? The authorities buy evidence? Sounds like a stupid concept, but this is the same country where prison inmates power the economy. Anyway, Anonymous has saved them the effort by leaking all of it! They are quoted as saying “All your emails were dropped. Meaning we know you were trying to sell your fucking research to the FBI. And the sad thing is the names and info in that document//research is all fucking fake… you could have gotten a lot of random innocent people arrested”. One does have to wonder how any one member of Anonymous could know that, however, but from the information available, I don’t think we should be putting a lot of faith in HBGary’s abilities (what a stupid name, by the way).