HBGary
 |
|
| Industry | Computer software Computer security |
|---|---|
| Fate | Bought out |
| Founded | 2003[1] |
| Founder | Greg Hoglund |
| Headquarters | Offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.[2] |
|
Key people
|
Greg Hoglund (Founder & CEO) Penny Leavy (President) Aaron Barr (Former CEO of HBGary Federal) |
| Website | HBGary Inc. |
HBGary purchased by CounterTack in July 2015. HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Federal Government,[3] and HBGary, Inc.[4] Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators.[5] On February 29, 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International.[6] At the same time, HBGary Federal was reported to be closed.[6]
Contents
History
The company was founded by Greg Hoglund in 2003.[1] In 2008, it joined the McAfee Security Innovation Alliance.[5] The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences.[7][8] HBGary also analyzed the GhostNet and Operation Aurora events.[3][7] As of 2010, it had offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.[2]
HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance.[9] As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies.[10]
HBGary was acquired by ManTech International in February 2012.[6]
WikiLeaks, Bank of America, Hunton & Williams, and Anonymous
-
- See also: Anonymous: attack on HBGary Federal
| “ | Step 1 : Gather all the data Step 2 : ??? Step 3 : Profit |
” |
| — HBGary programmer to Barr disparaging his plan with a reference to an episode of South Park.[3] | ||
In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers.[3]
In early 2011, Barr claimed to have used his techniques to infiltrate Anonymous,[3][11][12] partly by using IRC, Facebook, Twitter, and by social engineering.[3][13] His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients,[3][14] including the FBI.[15] In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology.[3][16] In a communiqué, Anonymous denied association with the individuals that Barr named.[17][18]
On February 5–6, 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge.[13][19][20] Anonymous also claimed to have wiped Barr's iPad remotely, though this act remains unconfirmed.[3][14][21][22] The Anonymous group responsible for these attacks would go on to become LulzSec.[23]
Fallout
Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to WikiLeaks' planned release of the bank's internal documents.[4][24] "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error."[25]
Emails indicate Palantir Technologies, Berico Technologies, and the law firm Hunton & Williams (recommended to Bank of America by the US Justice Department)[15] all cooperated on the project.[25] Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups.[26][27]
The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal:
- February 7, 2011: Penny Leavy, President of HBGary Inc., entered an Anonymous IRC channel to negotiate with the group.[3] She distanced her company from their partially owned subsidiary HBGary Federal, clarified the separation of the two, and asked Anonymous to refrain from attacks or leaks that would damage HBGary Inc. and its customers.[28]
- February 10, 2011: The Chamber of Commerce issued a statement denying they hired HBGary,[29] calling the allegation a "baseless smear," and criticizing the Center for American Progress and its blog, ThinkProgress, for "the illusion of a connection between HBGary, its CEO Aaron Barr and the Chamber."[30] The Chamber denied the truth of accusations[31] previously leveled by ThinkProgress, stating "No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams."[30]
- February 11, 2011: Palantir's CEO apologized to Glenn Greenwald and severed "any and all contacts" with HBGary.[25][32]
- The CEO and COO of Berico similarly stated that they had "discontinued all ties" with HBGary Federal.[33]
- February 28, 2011: Aaron Barr announced his resignation from HBGary Federal to "focus on taking care of my family and rebuilding my reputation."[34]
- March 1, 2011: 17 members of the United States Congress called for a congressional investigation for possible violation of federal law by Hunton & Williams and "Team Themis" (the partnership between Palantir Technologies, Berico Technologies, and HBGary Federal).[35]
- March 16, 2011: The House Armed Services Subcommittee on Emerging Threats and Capabilities asked the Defense Department and the National Security Agency to provide any contracts with HBGary Federal, Palantir Technologies and Berico Technologies for investigation.[36]
Astroturfing
It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an "army" of multiple fake social media profiles.[37][38]
Later it was reported that while data security firm HBGary Federal was among the "Persona Management Software" contract’s bidders listed on a government website, the job was ultimately awarded to a firm that did not appear on the FedBizOpps.gov page of interested vendors. "This contract was awarded to a firm called Ntrepid," Speaks wrote to Raw Story.[39]
Malware development
HBGary had made numerous threats of cyber-attacks against WikiLeaks. The dossier of recently exposed emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code named Magenta,[15] that would be "undetectable" and "almost impossible to remove."[40]
In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for middle east & asia" (sic) which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.[41]
Products
| Name | Purpose |
|---|---|
| FastDump, FastDumpPro | RAM snapshots (aka memory images) of Windows computers[42][43] |
| Responder Pro, Responder Field Edition | Analyze RAM, pagefiles, VMWare images, etc. sort & display images, network links, etc ...[43][44][45] |
| Digital DNA, Active Defense | detects malware[5][43][46] |
| Inoculator | malware detection through Remote procedure call[47] |
| FGET | collect forensics data remotely[48] |
| REcon | 'sandbox' malware recorder[45] |
| Fingerprint | analyzes common patterns amongst malware, such as algorithms, encodings, compilers used, names used, etc., and possibly attempt to identify the creators of a piece of malware.[7][49] |
| Flypaper | capture malware binary code[8] |
Some products are integrated into other products (i.e. REcon and Digital DNA into Responder).[45]
Acquisition by ManTech International
On 29 February 2012 ManTech International announced its purchase of HBGary, Inc.[50] Financial terms of the acquisition were not disclosed other than to say it was an "asset purchase", which excludes legal and financial liabilities.[50]
References
- ↑ 1.0 1.1 HBGary At A Glance, www.hbgary.com,
- ↑ 2.0 2.1 HBGary :: Detect. Diagnose. Respond. HBGary official website, via www.hbgary.com on 2011 02 11
- ↑ 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 4.0 4.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 5.0 5.1 5.2 HBGary Unveils Digital DNA™ Technology , Press Release, karenb, forensicfocus.com 3 12 2009, retr 2011-02-11
- ↑ 6.0 6.1 6.2 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 7.0 7.1 7.2 Researcher 'Fingerprints' The Bad Guys Behind The Malware, Kelly J. Higgins, Dark Reading, 6 22 2010, retr 2011-02-11
- ↑ 8.0 8.1 Basic Malware Analysis Using Responder Professional by HBGary. Black Hat #174; Technical Security Conference: USA 2010 retr 2011-02-11
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 13.0 13.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 14.0 14.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 15.0 15.1 15.2 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Play By Play Of How HBGary Federal Tried To Expose Anonymous... And Got Hacked Instead Mike Masnick, TechDirt.com Feb. 11th 2011
- ↑ Anonymous statement from hacked HBGary Website Anonymous, Feb. 2011
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ http://web.archive.org/web/20131208062435/http://www.h-online.com/security/features/Anonymous-makes-a-laughing-stock-of-HBGary-1198176.html
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 25.0 25.1 25.2 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ HBGary: Don't let this story die, it's big. furiousxxgeorge, DailyKos, Feb. 13 2011
- ↑ Hacked Documents Show Chamber Engaged HBGary to Spy on Unions emptywheel, FireDogLake, Feb. 10 2011
- ↑ Pastebin - log of Anonymous IRC channel audience with Penny Leavy of HBGary Inc Anonymous, pastebin Feb. 7, 2011
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 30.0 30.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Berico Technologies severs ties with HBGary over WikiLeaks plot
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ http://www.rawstory.com/rs/2011/02/22/exclusive-militarys-persona-software-cost-millions-used-for-classified-social-media-activities/
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Evidence Technology Magazine - Product News, retr 2011-02-11
- ↑ 43.0 43.1 43.2 Cyber Forensics Tools for Live Memory Acquisition and Analysis, Bob Slapnik, HBGary, 2010 02 11, retr 2011-02-11
- ↑ HBGary Responder Field Edition - SC Magazine US Peter Stephenson 5/1/2009 SC Magazine, retr 2011-02-11
- ↑ 45.0 45.1 45.2 Product Watch: New Tool Automatically Examines Suspicious Code In Memory By Kelly J. Higgins, InformationWeek, 2010-02-08, retr 2011-02-11
- ↑ Spotting Malware By Its Signature, By WILLIAM MATTHEWS, Published: 17 May 2010, Defense News, retr 2011-02-11
- ↑ Make your own anti-virus signatures with DIY tool from HBGary, Ellen Messmer, Networkworld, 2010 11 3, retr 2011-02-11
- ↑ Forensics Out Of Reach For Most Small To Midsize Organizations, Kelly J. Higgins, Dark Reading, 9 8 2010, retr 2011-02-11
- ↑ Fingerprint is advertised as being a way to discover information about the authors of various pieces of malware, by analyzing the aforementioned patterns.
- ↑ 50.0 50.1 Lua error in package.lua at line 80: module 'strict' not found.
External links
- http://www.hbgary.com/ (official website)
- http://hbgaryfederal.com/ (official website, offline as of February 20, 2011)
- video of using HBGary's Flypaper product
- Prime Award Spending Data for HBGary, www.usaspending.gov
- Black ops: how HBGary wrote backdoors for the government (by Nate Anderson, ars technica)
- http://www.bizjournals.com/sacramento/news/2015/07/16/former-hbgary-cybersecurity-operation-new-owner.html
