Ars Technica is running a very good article on the HBGary fiasco http://arstechnica.com/tech-policy/news/2011/02/how-one-security-firm-tracked-anonymousand-paid-a-heavy-price.ars/, which is definitely worth a read. Especially for the picture at the bottom of the third page. The story is fairly bizarre. Aaron Barr, the CEO of the company, was trying to drum up business for his brilliant method of finding out data about people on social networks, data which THEY DO NOT PROVIDE. It’s not entirely clear how this data would be valuable, but Barr seemed confident that someone would be willing to pay for it, presumably some form of sinister evil villain.
He used Anonymous as a big publicity stunt. He was coming up with all his data through ‘thorough analysis’ using methods he came up with himself, by which nobody else was convinced. Barr said to his unconvinced programmer: Noooo….its about probabilty based on frequency…c’mon ur way smarter at math than me.… which is an important point: statistics is hard. I have a degree in maths and I wouldn’t trust any statistical analysis I did myself. For that you need… a statistician. In fact a lot of sciences rely heavily on statistics but have little formal teaching beyond elementary stats; a lot of biology/medicine, sociology/psychology and climate change research is essentially applied statistics performed by people who aren’t statisticians. Make of that what you will. But never trust statistics from a non-statistician.
In an ironic sort of turnaround, the big leak they had as a result of being hacked by Anonymous exposed a document revealing them to be in on a conspiracy to try to attack Wikileaks using somewhat underhanded methods of dubious legality. It’s ironic how this has panned out: if Anonymous hadn’t pledged their support of Wikileaks and attacked various financial entities in December they wouldn’t have been investigated by HBGary and this would never have come out. And it goes without saying that it’s more than a little astonishing that HBGary would launch themselves head-first into a fray against a hacker group without conducting a very thorough security review if they were holding documents like this.