Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Hacktivists take control of internet security firms

Jerome Taylor
Monday 07 February 2011 20:00 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

In cyberspace they call it "getting pwned". That's what happened to the American tech-security company HBGary Federal when it tried to infiltrate the so-called hacktivist network known as Anonymous.

In an interview over the weekend Aaron Barr, chief executive of the Washington-based company, said his firm had successfully infiltrated the shadowy collective behind a series of recent pro-WikiLeaks cyber protests.

Anonymous's revenge was swift and brutal. Using sophisticated hacking techniques, the group managed to deface HBGary's website, break into its messaging system to dump 60,000 emails on to it and hijack Mr Barr's Twitter account to tweet abuse and publish his supposed home address and social security number.

The term "pwned" – pronounced poned or owned – originated with online gamers and means to be controlled against your will. Over the past four years Anonymous has gained a reputation for being one of the internet's most mercurial and chaotic meeting spaces for online mischief-makers. But in recent months it has achieved global notoriety thanks to a series of cyber assaults on government and commercial websites critical of WikiLeaks.

Its damaging "denial-of-service" attacks on companies such as PayPal, Mastercard and Visa have resulted in intense police scrutiny with recent arrests in Britain, the Netherlands and the US, as well as increased attempts by private security firms to uncover who is behind the organisation.

Mr Barr claimed that his firm had managed to infiltrate Anonymous through its chat rooms and that the organisation was run by a hardcore of 30 members along with 10 who "are the most senior and co-ordinate and manage most of the decisions". Anonymous has always styled itself as ananarchic democratic collective with no leadership.

In a message left on HBGary's website, the shackers taunted their would-be pursuers with the message: "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False."

The attack, which was a significantly more complex hack than recent denial of service assaults used by Anonymous, successfully penetrated HBGary's website through a compromised support server. It mirrors a similar method used by the group to target ACS:Law, a British legal firm that controversially sent threatening letters to alleged file-sharers.

Greg Hoglund, the founder of HBGary, has promised his own revenge. "They didn't just pick on any company," he told cyber security journalist Brian Krebs. "We try to protect the US Government from hackers. They couldn't have chosen a worse company to pick on."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in