Many of you may not be privy to this, but some short time ago the IT security firm HBGary was hacked by Anonymous
. The reason was pretty simple; the FBI had asked for HBGary's help in uncovering the identities of Anonymous hackers who had participated in attacks against companies cutting of Wikileaks access and financing, and Anonymous had not taken well to this. The how of the hack is pretty engaging for those with an interest in IT security.
In short, they hacked the uber-IT security firm and released their private emails and memos publicly. Woops.That said, I'm breaking from the narrative to be clear: What Anonymous did was criminal. Period.
So why is this of interest to a political forum?
The content of the released private information from HBGary is rather ominous in tone. It reveals a lot of how the corporation operates; mainly, data mining internet social groups for fears that will scare people into buying their services. This actually works rather well; anyone who works in IT Security for profit can go on for days about how scaring the shit out of the client with what could happen if they don't buy in is a no-brainer. But that's not the issue...no, it's the other
stuff that HBGary was doing for folks that makes uneasy reading:
- A proposal for a major bank, suppoedly Bank of America, to launch offensive cyber attacks on the servers that host Wikileaks.
- Being part of a cabal of IT security corps including Palantir and Berico Technologies, that was working with the law firm of the US Chamber of Commerce to develop plans to target progressive groups, labor unions and other left-leaning non profits who the Chamber opposed. Targeting was to include insertion of false data into the target's databases, entrapment attempts, and insertion of malware and virii.
- Working with General Dynamics and other corporations to develop custom, stealth malware and collaborations with other firms selling offensive cyber capabilities including knowledge of previously undiscovered ("zero day") vulnerabilities.
Why is all of this a bad thing? Well, these are the methods, programs, and tactics that the USCYBERCOM
would use if they, say, wanted to disrupt and crash Iranian nuclear power computer systems.
Or take out Chinese or Russian cyberspace in the event of war. And HBGary is selling this stuff to corporations to use against each other. Against the SEIU, perhaps. Or the Republican Party. Or whoever's buying. Or to quote from one of the articles:What's more disturbing is the way that the folks at HBGary - mostly Aaron Barr, but others as well - came to view the infowar tactics they were pitching to the military and its contractors as applicable in the civilian context, as well. How effortlessly and seamlessly the focus on "advanced persistent threats" shifted from government backed hackers in China and Russia to encompass political foes like ThinkProgress or the columnist Glenn Greenwald. Anonymous may have committed crimes that demand punishment - but its up to the FBI to handle that, not "a large U.S. bank" or its attorneys.
Should a corporation be allowed sell and invent such items to private interests? Or should we perhaps hold them to the same standards that we do arms dealers and military manufacturers? Personally, I find this frightening. Various conservatives may rejoice that ThinkProgress was a target...but how soon till a wealthy and disgruntled liberal purchases their own malware to fire at WND or the Wisconsin Governor's Office? Perhaps we need to take a step back and examine with grave seriousness exactly what Pandora's Box Anonymous has inadvertantly revealed to us. Links:RSA 2011: Winning the War But Losing Our SoulBlack ops: how HBGary wrote backdoors for the governmentHow one man tracked down Anonymous—and paid a heavy priceSpy games: Inside the convoluted plot to bring down WikiLeaksAnonymous to security firm working with FBI: "You've angered the hive"(Virtually) face to face: how Aaron Barr revealed himself to Anonymous