Friday, February 18, 2011

HBGary and CyberSecurity

Ironically, HBGary, purportedly a "cyberdefense" firm, was compromised by a very basic SQL Injection attack by Anonymous.

This apparently occurred before the exposure of HBGary's lame attempt to attack Wikileaks recently (details in my previous blog post) and was the source of that revelation.

How seriously does HBGary take IT security if they don't protect against the basics?

And what does that tell us about their competence in this field? A lot.

They're certainly not a company I'd trust with the cybersecurity of my system.

It also calls their competence in the entire area of "cyberdefense" into question.

From their site: "Security is not an IT problem, it's an Intelligence problem".

Um. No. Security is both an IT and Intelligence problem.

With their approach to security, no wonder Anonymous had no problem hacking them, accessing  and taking over their entire system, downloading their data and releasing it to the public.

And their "infiltration" attempt of Anonymous appears to have fallen flat on it's face as well when they misidentified several people as "leaders" of Anonymous who basically just ran the AnonOps network. LOL.

Seriously, folks, if HBGary is representative of the quality of cybersecurity skills in the industry, we're all in trouble.

And the threat is not coming from WikiLeaks or Anonymous.

There are real threats out there that are a real danger to us from the likes of those who compromised Canada's government systems recently.

Maybe the US Government and HBGary should upgrade their security and cybersecurity skill sets, start working on those serious threats and leave Wikileaks and Anonymous alone.

There's a major difference between releasing information which exposes corruption and wrongdoing and stealing information for the purposes of compromising the security of a country, it government and it's citizens.

If countries like the US and companies like HBGary can't see that difference, then we have another huge problem on our hands.

One that I don't think I need to spell out for anyone.



Post a Comment