Friday, February 18, 2011

HBGary and CyberSecurity

Ironically, HBGary, purportedly a "cyberdefense" firm, was compromised by a very basic SQL Injection attack by Anonymous.

This apparently occurred before the exposure of HBGary's lame attempt to attack Wikileaks recently (details in my previous blog post) and was the source of that revelation.

How seriously does HBGary take IT security if they don't protect against the basics?

And what does that tell us about their competence in this field? A lot.

They're certainly not a company I'd trust with the cybersecurity of my system.

It also calls their competence in the entire area of "cyberdefense" into question.

From their site: "Security is not an IT problem, it's an Intelligence problem".

Um. No. Security is both an IT and Intelligence problem.

With their approach to security, no wonder Anonymous had no problem hacking them, accessing  and taking over their entire system, downloading their data and releasing it to the public.

And their "infiltration" attempt of Anonymous appears to have fallen flat on it's face as well when they misidentified several people as "leaders" of Anonymous who basically just ran the AnonOps network. LOL.

Seriously, folks, if HBGary is representative of the quality of cybersecurity skills in the industry, we're all in trouble.

And the threat is not coming from WikiLeaks or Anonymous.

There are real threats out there that are a real danger to us from the likes of those who compromised Canada's government systems recently.

Maybe the US Government and HBGary should upgrade their security and cybersecurity skill sets, start working on those serious threats and leave Wikileaks and Anonymous alone.

There's a major difference between releasing information which exposes corruption and wrongdoing and stealing information for the purposes of compromising the security of a country, it government and it's citizens.

If countries like the US and companies like HBGary can't see that difference, then we have another huge problem on our hands.

One that I don't think I need to spell out for anyone.

Wednesday, February 09, 2011

Bank of America using Private Intel Firms to Attack Wikileaks


In a document titled "The WikiLeaks Threat" three data intelligence companies, Plantir Technologies, HBGary Federal and Berico Technologies, outline a plan to attack Wikileaks. They are acting upon a request from Hunton and Williams, a law firm working for Bank of America. The Department of Justice recommended the law firm to Bank of America according to an article in The Tech Herald.

The proposed attacks on WikiLeaks according to the slides include these actions:
  • Feed the fuel between the feuding groups. Disinformation. Create messages around actions of sabotage or discredit the opposing organizations. Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure. Create exposure stories. If the process is believed not to be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radial and reckless nature of WikiLeaks activities. Sustain pressure. Does nothing for the fanatics, but creates concern and doubt among moderates.
  • Search for leaks. Use social media to profile and identify risky behavior of employees.
The WikiLeaks Threat: An Overview by Palanfir Technologies, HBGary Federal and Berico Technologies

Blogger's comment:

The first point sheds a whole new light on the recent misinformation published by most of Canada's traditional media incorrectly claiming that a Wikileaks document quoted ex-CSIS Director, Judd, as saying that "vigorous harassment" was occurring against Hezbollah in Canada. LOL.

I, and many others had the good sense to vet the quote against the original documents. It doesn't exist.

Round Table # 1 with Julian Assange

We will not be censored.

Round Table # 1 with Julian Assange