Has Anonymous attack been the making of HBGary?
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Little-known security company says sales are up 85% since its run in with 'hacktivist' group Anonymous
THEfirst time most people heard the name HBGary was in February 2011, when amorphous ‘hacktivist’ group Anonymous stole internal emails from the security software vendor and published them online.
The cyber attack was in retaliation for a threat made by the CEO of the company’s federal division, Aaron Barr, to name some of the group’s “senior members”.
HBGary’s overall CEO, Greg Hoglund, remembers watching company emails being stolen in real time. Hackers had discovered Aaron Barr’s personal email login details, which also gave them access to his company email and the HBGary Federal server, because he used the same password for all three.
“They compromised Aaron Barr’s server in Colorado, which I had no control over,” he explains. “Then they logged into Google Apps. Everyone’s email was in there, and they downloaded mine, [other executives’] and Aaron’s before we shut it off.”
After the emails were stolen, Hoglund pleaded – unsuccessfully – with the hackers not to publish them online, asking them to think of the damage they would cause his company. One replied: “greg [this] will be end of you :) and your company”.
But according to Hoglund, the opposite has been true. HBGary’s third- quarter revenue this year grew by 85% over the same quarter in 2010, and Hoglund says he has seen a big uptick in the number of commercial clients who are interested in its services.
No government or business wants to be hacked. But rather than seeing HBGary as a security company that could not even protect itself, customers seem to see it as kindred spirit, Hoglund claims. “When it first happened, I was terrified, to be honest,” he says. “But what I realised is that our customers don’t really like Anonymous, and they view themselves as possible targets.”
Indeed, the episode cast HBGary as a character in the central narrative that is currently unfolding in the security industry today – the move from perimeter-based protection against scattershot threats towards more sophisticated defences against targeted attacks.
“Companies have started to realise that their endpoint security solutions are not sufficient to stop attackers,” Hoglund says. “They have lost their confidence in antivirus.”
US-based HBGary is now expanding abroad, and in the UK it counts an unnamed UK government department and a large financial institution among its customers. “Our presence in the UK is new, very new, and although we don’t have staff doing overseas sales yet, it’s something we’re hoping to do.”
As Hoglund watched his company emails leak out into the world, he was on the phone to Google trying to shut down HBGary’s Google Apps account. It took close to an hour for the web giant to confirm his identity, he says, and the experience has led him to call for a kill switch to be built into enterprise cloud services.
Above all, he says that the whole episode taught him that enterprises have to understand password reuse.
“If an employee of a big organisation has an account on a poker site, and they’re using the same password on that site as they are on a single-factor authentication portal in the enterprise, then if some hackers attack [the poker site], dump the user details of the employee and crack his password, they can just log into your systems. At that point, firewalls, intrusion detection, whatever, it doesn’t matter, because security is switched off.”
Hoglund says he’s now a “religious believer” in two-factor authentication, and that HBGary was just about to implement it at the time of the hack. “I was a week away from installing it when this happened,” he recalls. “It was unbelievable.”
