BreachExchange mailing list archives
Security site gets 'pwned'
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 10 Feb 2011 00:25:48 -0500
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10705210 In cyberspace they call it "getting pwned". It happened to the American tech-security company HBGary Federal when it tried to infiltrate a hacktivist network called Anonymous. Aaron Barr, chief executive of the Washington-based company, said his firm infiltrated the collective behind recent pro-WikiLeaks cyber protests. Anonymous's revenge was swift. They defaced HBGary's website, broke into its messaging system, dumped 60,000 emails and hijacked Barr's Twitter account to tweet abuse and personal information. The term "pwned" - pronounced poned - originated from a typo in online gaming and means to be dominated. Over the past four years Anonymous has gained a reputation for being one of the most mercurial and chaotic meeting spaces for online mischief-makers. Recently it has gained notoriety for assaults on government and commercial sites criticising WikiLeaks. Its damaging "denial-of-service" attacks on companies such as PayPal, Mastercard and Visa have resulted in recent arrests in Europe and the United States. Private security firms are determined to uncover the site's management. Barr said his firm had managed to infiltrate Anonymous through its chat rooms and that the organisation was run by a hardcore of 30 members with 10 who "are the most senior and co-ordinate and manage most of the decisions". Anonymous has always styled itself as an anarchic democratic collective with no leadership. In a message left on HBGary's website, the hackers taunted their pursuers with the message: "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False." The attack successfully penetrated HBGary's website through a compromised support server. HBGary founder Greg Hoglund has promised revenge. "We try to protect the US Government from hackers. They couldn't have chosen a worse company to pick on," he said. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Security site gets 'pwned' Jake Kouns (Feb 10)