CyberNinja FAIL

February 8, 2011

So apprently Mr Barr tried to get all on the amorphous chaotic and admirably highly effective Anonymous Group.  This of course was resulting in him and his entire company getting a by the “” or at least thats what I think they are being branded as. 

For people who cant seem to read between the lines, is a wonderful smokescreen effectively running amok and tying up Federal cyber investigative resources that could be better used investigating the zillions of terabytes of critical information getting stolen on a regular by our “Friends” according to official US Foreign policy, the PRC PLA.

Interestingly enough this FAIL example was driven by self interest and not the common good.  Its also kind of disgusting to see how leak information is being misused.  For example, Wikileaks just dribbles out information and cherry picks it to correspond to the latest new cycle, such as the Egyptian revolution thingy. As that effort goes on, out pops Wiki cables of guess what, Isreal and Egypt scheming on Mubaraks successor.  How timely.  If you had any balls you would just release the whole 266k of cables and not just the crappy 2000 or so for your own personal media benefits.  Im sure the Internet through crowd source affects can analyze it on their own thank you very much.

Now the parallel to this latest fiasco.  HBGary decided to “Investigate” Anonymous group by using them as an example of how social media “shiver” is all bad and scary.  Sorry, your to late to the game, Myspace worms, twitter hijacks and Robin Sage cleared that all up okie, oh ya and Koobface.  Then they intended to glory whore the information at only the Largest security conference on the planet. RSA.  As well as peddle the information to the FBI.  Did they release their investigative targets to the open public? No. 

You see the power of the Internet is that when you release it, it never can be taken back.  Their second mistake was that they blabbed about their “targeting” to Financial Times and crowed about it.  This to the enemy is called “indications and warnings” in military speak.  If they thought Anonymous was just going to not take up that challenge, it speaks worlds about how clueless they are to hackivist causes and capabilities.  And if your gonna burn a group with your incredible research, release it ANONYMOUSLY for the world to enjoy.  Dont be a twat and try and use it for personal benefit by exploiting it to drive security business to your company. 

On a side note I personally like their products and they have a decent Memory analysis product which I think has gone a long way towards popularizing memory analysis.  They also have some good reversers who are pretty straight up.  However I have heard from many that their leadership unfortunately is pretty  XXXXXX just like many other security Luminaries that claw and step on the backs of others in order to hack their personalities in the eyes of the security practioner public.

Unfortunately there are a zillion hacktivists out there with hive like mentalities and short attention spans.  The real problem though is that it would be nice to focus their talents, and energies on real hard targets such as the cyber units of the PLA in each of their military regions.  If given cause, direction, and targeting, this could effectively be a long term, low level chaotic effect in the enemys rear echelons, maybe enough to drain their resources so they are burdened somewhat.  Not bloody likely tho.

Some of the interesting things of note was the fact that they erased their backups, OUCH, and hacked (no fair) which is a great website.  Also they published Mr. Barrs personal details and his SSN/address/and telephone number which is just like mean.  Apparently he is getting death threats and phone calls at home.   

The most damaging of course is the theft of their email which could be a killer for their company.  Or better yet drive it into a cheap takeover or buyout by an enterprising company that wants a good cyber aquisition.  Frankly Im surprised that havent been purchased yet. 

Another approach would be to publish all his research now, be a man and stand behind it and say Yea MFers, I got yer info, I am publishing it, and the feds will be at your door shortly.  If his research is good, then it will stand the scrutinity of the public.  If its crappy research, well then, I guess his methods just suck.  

Either way, I think Mr. Barr, Hogland and HBGary and company will be getting most likely a LOT of pizza delivered to their doorsteps in the next year.  ___I recommend on M Street.  Im thinking the staff at ole Gary might enjoy quite a bit of the Belgium Beer they have on tap. 

So this is attribution research done RONG (Tune of Mr. Kim Il Jong)

Here’s a recap of what went wrong and what to do next time.

  • Do good research that can stand up to scrutiny
  • Publish it to the public for good, dont whore it to RSA for glory or for money to the FBI
  • When you publish, be dam well sure it does’nt get back that you did it. 
  • Enjoy your victory in private, and only tell trusted associates.
  • Watch while the Internet becomes a better place

There is a huge potential for the proper disclosure of attribution data to change the character of the Internet.  DONT buy the BS that things cannot be tracked or discovered.

Only an attribution market that disclosed the worst actions across the realm of cyberspace could deter malicious actions.  Frankly the hijinks of Anonymous doesnt pass real threat muster in my book.  Unfortunately it will waste thousands of investigative hours, because the FBI LOVEES Anonymous just like they strutted up and down on their investigative prowess busting the Palin hacker, who got a year and a day in jail. 

This I believe takes our eyes of the real threats and doesnt really do our country any good.

Dont wind up like this guy…

Be the first to like this post.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>