I'm not sure which direction to take this thread. It started with this thread: Chamber of Commerce Linked To Smear Firms. (http://forums.randi.org/showthread.php?t=200612) From the Think Progress link in the OP, (http://thinkprogress.org/2011/02/10/lobbyists-chamberleaks/) I went to another site: Data intelligence firms proposed a systematic attack against WikiLeaks (http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks), and from there to Anonymous retaliates against HBGary espionage. (http://crowdleaks.org/anonymous-retaliates-against-hbgary-espionage/)In an article published on February 4th by Financial Times, Aaron Barr, CEO of the security services firm HBGary Federal, claims to have been spying on those frequenting the Anonymous Operations chat network.

In response, hackers under the banner of Anonymous have attacked the HBGary Federal computer system, defacing their website. They also took control of Aaron Barr’s personal twitter account where they posted his home address, telephone number, social security number, and an archive containing 50,000 messages from his HBGary email account.

Aaron Barr expressed to Financial Times that his aim was to expose the identities of Anonymous members, their individual locations, and the caliber of any influence they may have within the community. The information, Barr said, was for his upcoming talk at B-Sides security conference in San Francisco on Feb. 14 regarding information security in social media.The whistle blower leak sites are bound to become more common than just the couple out there now and their mirror sites. I would think at first, governments will take the leaks in stride. But corporations are another story. They're used to image marketing campaigns and hiring security firms like HB Federal.

These security firms are big business. And big corporations have a long history of deceptive marketing campaigns to protect their interests. It's a war between the leakers & hackers, and the big corporate security & marketing firms. So I'm envisioning Bank of America preempting the Wikileaks release of whistle blower information with a campaign to discredit the information or the leakers or the leak web site. And the leakers/hackers fighting back.

The public will need to decide if the leaked whistle blower information is valid, or if the publicity propaganda blitz to counter the leaks are valid.

Well a sound strategy is to leak false information to be deseminated through the leak sites and then easily discredited. So who knows what will happen.

This is the most amazing story thats getting absolutely no international media coverage.

Where BOA utilise 3 internet security companies, via their Law Firm Hunton & Williams

HBgary CEO Aaron Barr states publicly in interview with the Financial Times that he has infiltrated the group Anonymous.

Anonymous Then hacks HBGary servers and twitter account
http://twitter.com/#!/AaronBarr (note: not family or work safe) note timelines in twitter feed.

Anonymous downloads entire Mysql DB of emails from Hbgary and exposes the 50k emails publicly from their own website and their own twitter account, plus many other websites.

Emails reveal illegal attempts to bring down wikileaks that are supported by BOA, their Law firms, and the FBI

Going further in their report, they state that specifically named media journalists need to be targeted, specifically Glenn Greenwald, who wrote a brilliant piece on this here
http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11/campaigns

In brief, there are articles stating corruption on the highest levels targeting Wikileaks between BOA, their law firms, the security firms and the US administration.

How can this not be making global media right now?

Download the recomendations to BOA from Hbgary here

Great article covering this all by TechDirt.com
http://www.techdirt.com/articles/20110209/22340513034/leaked-hbgary-documents-show-plan-to-spread-wikileaks-propaganda-bofa-attack-glenn-greenwald.shtml
Including the docs prepared by Hbgary for BOA.

search twitter under #hbgary to see the list of websites distributing the 50k emails via searchable databases etc.

The whistle blower leak sites are bound to become more common than just the couple out there now and their mirror sites. I would think at first, governments will take the leaks in stride. But corporations are another story.

What these emails are revealing, is there is very little distinction between the Government and the Corporations at all. As revealed by the emails from gary@hbgary.com to the FBI etc.

http://hbgary.anonleaks.ru/greg_hbgary_com/18599.html
plus tons of others

from
http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11/campaigns
But the real issue highlighted by this episode is just how lawless and unrestrained is the unified axis of government and corporate power. I've written many times about this issue -- the full-scale merger between public and private spheres -- because it's easily one of the most critical yet under-discussed political topics. Especially (though by no means only) in the worlds of the Surveillance and National Security State, the powers of the state have become largely privatized. There is very little separation between government power and corporate power. Those who wield the latter intrinsically wield the former. The revolving door between the highest levels of government and corporate offices rotates so fast and continuously that it has basically flown off its track and no longer provides even the minimal barrier it once did. It's not merely that corporate power is unrestrained; it's worse than that: corporations actively exploit the power of the state to further entrench and enhance their power.

cheers

Pete

Well a sound strategy is to leak false information to be deseminated through the leak sites and then easily discredited. So who knows what will happen.
Just the plot Leftysergeant is arguing in the thread that spawned this one (http://forums.randi.org/showthread.php?t=200612) that was possibly done to Dan Rather when he reported on the Bush National Guard letter.

I think it's probable it will be tried, but if the site that releases the leaks is careful, it'll be hard to fool them.

This is the most amazing story thats getting absolutely no international media coverage.
....I really hate to start sounding like a CTer but it's hard not to notice who owns that mainstream media.

I go back and forth between, "the news is a commodity, no CT is required for the same lack of coverage of important stories", and, "someone is actively censoring more stories than we think."

Thanks for all those interesting links, BTW. I can't wait to see what's in that pending Bank of America reveal (http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1) which seems to have BoA's panties in a bunch.

I think it's probable it will be tried, but if the site that releases the leaks is careful, it'll be hard to fool them.

Most of them aren't though, especially if the bait is what they want. Look how the birthers went for the fake Obama Kenya Birth Certificate without looking hard at it. Most people don't look hard at things that support their world view regardless of how sus it is.

I really hate to start sounding like a CTer but it's hard not to notice who owns that mainstream media.

I go back and forth between, "the news is a commodity, no CT is required for the same lack of coverage of important stories", and, "someone is actively censoring more stories than we think."

Thanks for all those interesting links, BTW. I can't wait to see what's in that pending Bank of America reveal (http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=1) which seems to have BoA's panties in a bunch.

"It's okay to break the law against people we don't like."
:eyeroll:

Most of them aren't though, especially if the bait is what they want. Look how the birthers went for the fake Obama Kenya Birth Certificate without looking hard at it. Most people don't look hard at things that support their world view regardless of how sus it is.

I think you are correct, when the media is starved for topical information. Though this is not the case any longer, these leaks sites are saturated with enough information to last a lifetime. Though I do get your point and agree with you generally speaking.

Its hard to keep up with all that is happening in relation to the web and information in general, very interesting times we are witnessing right now.

cheers

Pete

I really hate to start sounding like a CTer but it's hard not to notice who owns that mainstream media.


Agree'd.

I noticed HBgary trending in twitter last week, though didn't know what It mean't, then yesterday, I researched it and couldn't believe my eyes. I couldn't believe it because this is the first time Ive heard anything about it.

So I came back to this forum and searched for it and found only 2 small threads, this one and the previous you referred to......

I'm not a fan of CT though love this board, Ive never been to a board that so many freaking smart people post in. Fully expecting lively debate about hbgary etc.

To me, this is a massive story, the largest bank in USA and the some of the largest law firms using big fedral funded security firms all in contact with the FBI and a myriad of other things aswell, all targeting a group who, to a larger or lessor degree have influenced the change of governments in two countries.

And nobody is talking about it?

Then we have a head of one of these (alleged) "security" firms get out of control with his ego and state publicly that he's infiltrated the group of people who do not know each other who go under the banner of "Anonymous"

This said group, then the day after his public statements completely and utterly destroys this company and releases on their own website and twitter accounts full access to years and years of emails between this company and its employees and now revealed 10 FBI agents and other companies.

This story line makes the Matrix look infantile :)

and still nobody is talking about it?

Strange times we are experiencing right now.

The corporations who up to a week ago were very concerned about their security of their data will now be running around ripping cables out of computers with any sensitive information on them as a last resort LOL..

One thing that I personally am getting out of this, is that when they targeted the Journalists supporting wikileaks, this is where they made this big mistake.
The guys can write and write very well. Their use of language in response to being targeted is breathtaking IMO. These are the words that do the most damage to these companies and it appears governments in time. Glenn Greenwall in particular. I put the link to his response in the post above.


@SG glad I'm not the only one confused by all this.

Cheers

Pete

I think you are correct, when the media is starved for topical information. Though this is not the case any longer, these leaks sites are saturated with enough information to last a lifetime. Though I do get your point and agree with you generally speaking.

Its hard to keep up with all that is happening in relation to the web and information in general, very interesting times we are witnessing right now.

cheers

Pete

It's an issue with saturation too. news media and others simply don't have time to check the validity of 50,000+ emails, and in a world where if you don't print first someone else will scoop you, the time to check stories is highly limited. By creating trails that appear at first blush to be credible, it is more then possible to trap these sort of sites and even the media into spreading fictious information only to have the other boot fall and squash it flat.

You don't even have to worry about true e-mails being in there because once the original decption has been shown up as fake, you can label everything else as fake too.

Certainly interesting times ahead.

I used the search term

XXXX (I removed it)

and scanned the email database..

and found a ton of orders from XXXX (removed) for their software, including all their personal data, name address CC info, though luckily the exp dates were 2 years old.. but these people who have placed orders to buy software from this company. Their identities are now vulnerable to being hijacked... :(

Virtually anyone in the world who has had email correspondence with this company over the last few years has had their privacy invaded.

And apparently many of those people are FBI, NSA, CIA and other government agents. These people (and the private sector peeps too) are vulnerable to more than just identity theft. People can use the information in the emails to gain access, manipulate, social engineer, etc...

HBGary Federal is done, they weren't even profitable to begin with and after this...

...

HBGary Federal is done, they weren't even profitable to begin with and after this...If they are anything like Blackwater (http://en.wikipedia.org/wiki/Blackwater_Worldwide), they'll just re-emerge as a renamed company.

it gets better :(

The contents of the harvested e-mails present a potentially damaging breach: yielding personally identifiable information as well as details of social connections and relationships between members of the U.S.'s top defense, spy, intelligence and law enforcement agencies, as well as staff and members of the House of Representatives and Senate, says Chris Hadnagy of social-engineer.org, a non-profit group.

from

http://threatpost.com/en_us/blogs/hbgary-emails-sweet-valentine-social-engineers-021411

interesting read..

in all of this illegality...who's side am I meant to be on??

in all of this illegality...who's side am I meant to be on??
Ever hear a concept that the world is not black and white?

it gets better :(



from

http://threatpost.com/en_us/blogs/hbgary-emails-sweet-valentine-social-engineers-021411

interesting read..


It would be very interesting indeed if someone uncovers malicious malware coming from HBGary aimed at boosting sales by boosting the threat. Maybe I'm overly cynical (http://threatpost.com/en_us/blogs/still-smarting-anonymous-releases-20000-more-hbgary-emails-021311), but there is an awful lot of new malware out there and if you follow the money, it leads to people who sell security. More e-mail messages believed to belong to HBGary Federal Chief Operating Officer Greg Hoglund were posted online Sunday, fulfilling a promise by online mischief making group Anonymous to further embarrass the Washington D.C. security firm, whose CEO aroused the ire of the hacktivists last week.

A 2 gigabyte file titled "HBGary More Leaked Emails" was posted on the file swapping Website The Pirate Bay on Sunday and purports to be a collection of some 27,000 email messages from Hoglund, a noted malware researcher who is an expert on rootkits, among other topics.

Ever hear a concept that the world is not black and white?

ever heard of a non-sequitur?

now, with all of these people committing illegal acts, who's side am I meant to be on?

Anonymous and it's band of acne-ridden teens who get a hold of a public available DDOS tool to "hack" people from their mom's basement?

Wikileaks and it's rapist albino leader?

HBGary and it's megalomaniacal CEO?

who??

Maybe I'm not being overly cynical after all depending on how true this reply post on the above link is:Submitted by tinker (not verified) on Mon, 02/14/2011 - 8:39am.
Folks:

The first thing I did after a quick glance at the first Hbgary emails was to forward the web link (not the data) to a law enforcement agency in my country whom I trust. The first response I received was 'Are there companies like this in our country?'. They were not happy. This latest dump is beyond the pale. Theft, extortion, fraud, development of maulware for a government contractor... and I've only had access to the data less then a day. That goes for my friends mentioned above too. None of us has gotten much any sleep since.

From my personal experience, I don't think Anonymous has anything to worry about from law enforcement in other countries beside the USA. They will be far more interested in the foreign affairs aspect of this one. Anonymous could do a lot for their 'reputation' by pairing with law enforcement in their respective countries to make sure companies like Hbgary don't get a foothold internationally.

In fact, Anonymous should also get in touch with the equivalent of the 'Foreign Office' in their government. I'm sure they would find it in their 'national interest'.

If I can't see these folks in jail then at least I can keep them off my turf.

Everyone.

... mostly anon..

ever heard of a non-sequitur?

now, with all of these people committing illegal acts, who's side am I meant to be on?

Anonymous and it's band of acne-ridden teens who get a hold of a public available DDOS tool to "hack" people from their mom's basement?

Wikileaks and it's rapist albino leader?

HBGary and it's megalomaniacal CEO?

who??Sorry deep, but I have to put you on ignore for a while. I don't think you are contributing enough to the conversation for the time consumed answering your posts.

Sorry deep, but I have to put you on ignore for a while. I don't think you are contributing enough to the conversation for the time consumed answering your posts.

good idea...it's best to ignore those who disagree with you and just yell, "The debate is over!"

Al Gore approves of it!

Everyone.

... mostly anon..It depends on what it turns out HBGary was up to. I agree Anon should have redacted the emails. But we'll all be better off if HBG and whoever else that was committing crimes are exposed. If innocent bystanders are caught up in it, then Anon has some blame of their own.

I have a personal issue. Malware infected my computer a few months back. It's wrong, just wrong if it turns out the source was some company selling security for their own attacks. I'm not saying this company was wasting time on individual computer users. These guys sound like they were only operating with big contracts. But if they are committing the same kind of crime as the people who infected my computer, they deserve financial ruin.

And if they are committing the same crime Anon pulled on them, well, I'm not too sympathetic.

Just the plot Leftysergeant is arguing in the thread that spawned this one (http://forums.randi.org/showthread.php?t=200612) that was possibly done to Dan Rather when he reported on the Bush National Guard letter.

I think it's probable it will be tried, but if the site that releases the leaks is careful, it'll be hard to fool them.

The Dan Rather incident is the equivalent of the folks who published a fake birth certificate of Obama. If the folks doing a simple cursory check of the provided documents, it will be easy to differentiate between the legitimate and the fake.
Did you listen to This American Life this weekend? They had a very interesting story about JFK documents and Marilyn Monroe that turned out to be a hoax and ruined a guys life that were dismissed my a seasoned expert but the media figured it out right away. I think any hoax would be easily uncovered with a little leg work but the question is whether the hoax would be discovered pre or post the publication of the leak. It actually sounds like a good albeit very dirty way to discredit the organization that publishes the leaks.

Anon is really sticking it The Man!

They and Wikileaks will take down the System!

lol

Assange is in Europe accused of rape...and the names of some of Anonymous's members are gonna be made public soon.

Well done.

If they are anything like Blackwater (http://en.wikipedia.org/wiki/Blackwater_Worldwide), they'll just re-emerge as a renamed company.

I do not think they are like Blackwater, too new, too small, haven't even had time to develop IP or their services. From what I can tell, it is a small company run by just few people...and now the reputation of those few people have been trashed.

This is a pretty good summary that goes into a little bit of the background behind Aaron Barr:

http://www.wired.com/threatlevel/2011/02/spy/

It depends on what it turns out HBGary was up to. I agree Anon should have redacted the emails. But we'll all be better off if HBG and whoever else that was committing crimes are exposed. If innocent bystanders are caught up in it, then Anon has some blame of their own.

I have a personal issue. Malware infected my computer a few months back. It's wrong, just wrong if it turns out the source was some company selling security for their own attacks. I'm not saying this company was wasting time on individual computer users. These guys sound like they were only operating with big contracts. But if they are committing the same kind of crime as the people who infected my computer, they deserve financial ruin.

And if they are committing the same crime Anon pulled on them, well, I'm not too sympathetic.

Didn't see much evidence of them releasing malware, but then again, I think anon bit too much.

I do not think they are like Blackwater, too new, too small, haven't even had time to develop IP or their services. From what I can tell, it is a small company run by just few people...and now the reputation of those few people have been trashed.

This is a pretty good summary that goes into a little bit of the background behind Aaron Barr:

http://www.wired.com/threatlevel/2011/02/spy/Oh wow, that is mind boggling.when Barr went public with his findings, Anonymous took down his website, stole his e-mails, deleted the company’s backup data, trashed Barr’s Twitter account and remotely wiped his iPad.You have to admit, Anon didn't attack until Barr started it, and bragged about it to boot. And what a sleaze bag if all the accusations in that blog are true. He got more than a taste of his own medicine.

Manufacturing and submitting fake documents with the intent they be published likely constitutes forgery and fraud. Threatening the careers of journalists and activists in order to force them to be silent is possibly extortion and, depending on the specific means to be used, constitutes other crimes as well. Attacking WikiLeaks’ computer infrastructure in an attempt to compromise their sources undoubtedly violates numerous cyber laws.”

How did Barr, a man with long experience in security and intelligence, come to spend his days as a CEO e-stalking clients and their wives on Facebook? Why did he start performing “reconnaissance” on the largest nuclear power company in the United States? Why did he suggest pressuring corporate critics to shut up, even as he privately insisted that corporations “suck the lifeblood out of humanity”? And why did he launch his ill-fated investigation into Anonymous, one which may well have destroyed his company and damaged his career?

Thanks to his leaked e-mails, the downward spiral is easy enough to retrace.It reads like a cheap novel. He did it because he got in over his head and needed the money. And just when he thought he was a clever man, the real experts swooped in and showed him what an amateur he was.

It's more than enough to make everyone delete their Facebook accounts.


On to page 2 and my blood begins to boilAnother slide made clear that the company had expertise in “computer network attack,” “custom malware development,” and “persistent software implants.”...

...“I suggest we create a large set of unlicensed windows-7 themes for video games and movies appropriate for middle east & asia. These theme packs would contain back doors.”

Barr’s ideas about WikiLeaks went beyond attacks on their infrastructure. He wrote in a separate document that WikiLeaks was having trouble getting money because its payment sources were being blocked. “Also need to get people to understand that if they support the organization we will come after them,” he wrote. “Transaction records are easily identifiable.”..

...Media campaign [to make Wikileaks look reckless]

— find some way to make WikiLeaks supporters like Glenn Greenwald feel like their jobs might be at stake for supporting the organization.

...Barr was now suggesting that a major U.S. corporation find ways to lean on a civil liberties lawyer who held a particular view of WikiLeaks, pressuring him into silence on the topic. Barr, the former Navy SIGINT officer who had traveled around the world to defend the First Amendment right to freedom of speech, had no apparent qualms about his idea.(emphasis mine)


Of course one might still have issues with Anon's using the same tactics:Anonymous defended WikiLeaks on several occasions in 2010, even attacking the websites of Visa and MasterCard when the companies refused to process WikiLeaks donations.But when you think about it, at least Anon is leveling the playing field. I'm not sure how else that could be accomplished. Look what the average citizen is up against.



This reminds me of Enron's mission statement about how important ethics was to the company:After the Anonymous attacks and the release of Barr’s e-mails, his partners furiously distanced themselves from Barr’s work. Palantir CEO Dr. Alex Karp wrote, “We do not provide — nor do we have any plans to develop — offensive cyber capabilities… The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties. Furthermore, personally and on behalf of the entire company, I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”...

...But both of the Team Themis leads at these companies knew exactly what was being proposed (such knowledge may not have run to the top). They saw Barr’s e-mails, and they used his work. His ideas on attacking WikiLeaks made it almost verbatim into a Palantir slide about “proactive tactics.”


Of course, this comment from Salon's Greenwald (http://www.salon.com/news/opinion/glenn_greenwald/2011/02/11/campaigns/index.html) is no surprise:But after learning a lot more over the last couple of days, I now take this more seriously -- not in terms of my involvement but the broader implications this story highlights. For one thing, it turns out that the firms involved here are large, legitimate and serious, and do substantial amounts of work for both the U.S. Government and the nation's largest private corporations (as but one example, see this email from a Stanford computer science student about Palantir). Moreover, these kinds of smear campaigns are far from unusual; in other leaked HB Gary emails, ThinkProgress discovered that similar proposals were prepared for the Chamber of Commerce to attack progressive groups and other activists (including ThinkProgress). And perhaps most disturbing of all, Hunton & Williams was recommended to Bank of America's General Counsel by the Justice Department -- meaning the U.S. Government is aiding Bank of America in its defense against/attacks on WikiLeaks.

And then there is this:that it's being so freely and casually proposed to groups as powerful as the Bank of America, the Chamber of Commerce, and the DOJ-recommended Hunton & Williams demonstrates how common this is. These highly experienced firms included such proposals because they assumed those deep-pocket organizations would approve and it would make their hiring more likely.

But the real issue highlighted by this episode is just how lawless and unrestrained is the unified axis of government and corporate power.If there wasn't very clear evidence of all this, a person talking about it might sound like Glenn Beck and his New World Order CT. The rest of Greenwald's blog certainly makes the government corruption accusations. He's added a link to a NYTs story on the events with a shorter summary but bit of additional info.

Hackers Reveal Offers to Spy on Corporate Rivals (http://www.nytimes.com/2011/02/12/us/politics/12hackers.html?_r=2&hp)Mr. Turner, former chairman of the Association of Certified Fraud Examiners.

He estimated that the “competitive intelligence” industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.The malware that ate my computer could easily be from one of these 9,700 companies.

Please stop drawing dots where few may exist. (I will make a longer post at home, but bear in mind wikileaks may be breaking laws if they reveal BofA data.)

Please stop drawing dots where few may exist. (I will make a longer post at home, but bear in mind wikileaks may be breaking laws if they reveal BofA data.)What dots? I don't think HBGary was specifically responsible for the malware that infected my computer. But I''m pretty sure it was someone making a buck off selling malware protection, since the hijack screen specifically said, you've been infected, buy this protection.

I'm not sure what your issue is. Care to elaborate why you would side with Barr here? Did you not read what a scum bag he is? Think that is all fake info? It could be. ;)

Another great article here

http://arstechnica.com/tech-policy/news/2011/02/the-ridiculous-plan-to-attack-wikileaks.ars?comments=1#comments-bar
Very comprehensive.

It appears more information is coming about this event on the internet, but still yet to make it to main stream media....

I imagine the media will pick up on it more, once Assange speaks about it at some time, I don't see how he cannot.

ever heard of a non-sequitur?

now, with all of these people committing illegal acts, who's side am I meant to be on?

Anonymous and it's band of acne-ridden teens who get a hold of a public available DDOS tool to "hack" people from their mom's basement?

Wikileaks and it's rapist albino leader?

HBGary and it's megalomaniacal CEO?

who??


I think you raise some seriously valid points.

And the answer to them doesn't come easily to anyone, especially those who only read the headlines in 24/7 news etc. (regarding public in general)

This whole event is so convoluted, its going to be very difficult to get the significance of this event across in the minimal attention span of those who view the news.

Last night I read some interviews of Anonymous, and my previous thoughts, similar to what you posted above have changed significantly.

Unfortunately I do not have these links at hand...

actually i do.
http://www.p2pnet.net/story/45762

Very interesting and revealing look into Anonymous..

IMO its Anonymous who is currently holding the 3 security firms , Law firms, BOA and the 8 to 10 Gov agencies to account..

who'd have thunk it huh...

Pete

That's a standard method of getting you to download malware

(Also, nice strawman: I don't support HBGary.)

What dots? I don't think HBGary was specifically responsible for the malware that infected my computer. But I''m pretty sure it was someone making a buck off selling malware protection, since the hijack screen specifically said, you've been infected, buy this protection.

I'm not sure what your issue is. Care to elaborate why you would side with Barr here? Did you not read what a scum bag he is? Think that is all fake info? It could be. ;)

The protection isn't real, it's non-functional or more malware. It's a scam that's been around for a while.

good idea...it's best to ignore those who disagree with you and just yell, "The debate is over!"

Al Gore approves of it!

Don't worry, you're only on "pretend" ignore.

The protection isn't real, it's non-functional or more malware. It's a scam that's been around for a while.I'm well aware the malware was not a direct link to someone selling security. Obviously that makes no sense. And I'm certainly aware how common the crap is. Anyone who didn't join the Internet yesterday is familiar with multiple computer hijack schemes and how common they are.

It still makes sense that the industry that is profiting off of protection is also creating the threats. This is also not new. The leaked emails in this case draw attention to what we already know. But they also suggest it is the industry's standard operating procedure.

...
(Also, nice strawman: I don't support HBGary.)You are welcome to clarify your position if I've drawn the wrong conclusion about it from these comments:Please stop drawing dots where few may exist. ... wikileaks may be breaking laws if they reveal BofA data....I think anon bit too much.

[QUOTE=Skeptic Ginger;6879373]You are welcome to clarify your position if I've drawn the wrong conclusion about it from these comments:[/QUOTE

It is exactly as stated.

Didn't see much evidence of them releasing malware, but then again, I think anon bit too much.

There's certainly evidence from the emails that the parent company HBGary was actively developing malware. There is evidence from job postings by HBGary Federal that they wanted programmers with experience in hacks (which doesn't necessarily mean that want to develop hacks, but it's likely), they also promoted the fact that they had zero day exploits for many different platforms in some of their presentations.

These 'security' companies are not making you or me more secure.

Regardless of the rest of it, the thing I find the funniest is that they had such poor security that it allowed a bunch of hackers to do this in the first place. Before going up against people like that, it's best to make sure that your own system is bullet proof, or very near bullet proof, something that can be done reasonably easily if you know what you are doing. There are a number of very nice OS's specifically designed for use off of a non writable CD just for that purpose.

Regardless of the rest of it, the thing I find the funniest is that they had such poor security that it allowed a bunch of hackers to do this in the first place. Before going up against people like that, it's best to make sure that your own system is bullet proof, or very near bullet proof, something that can be done reasonably easily if you know what you are doing. There are a number of very nice OS's specifically designed for use off of a non writable CD just for that purpose.

Ditto :)

This article explains the many security holes that allowed Anonymous to do what it did:

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/2

Outdated software, poor password selection, and more...

This article explains the many security holes that allowed Anonymous to do what it did:

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/2

Outdated software, poor password selection, and more...

That stagers belief, it almost makes me wonder if they wanted them to hack in.

This article explains the many security holes that allowed Anonymous to do what it did:

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/2

Outdated software, poor password selection, and more...

Awesome information in that link.

thanks
Pete

You are welcome to clarify your position if I've drawn the wrong conclusion about it from these comments:

It is exactly as stated.

Then I don't see any straw men.

Has anyone got an explanation why this event has not hit main Television Media?

Or am I delusional in some way, thinking that this is a bigger story that it really is?

cheers

Pete

I dont watch TV news so I wouldnt know, but the story has gotten a decent amount of online coverage...so it is out there.

It's an interesting story, but I do not think it is front page material because all that was discovered were proposals. Nothing I have seen shows that BoA or the Chamber actually paid up. This is an Aaron Barr and Anonymous story, interesting definitely, but I am not seeing the impact.

Has anyone got an explanation why this event has not hit main Television Media?

Or am I delusional in some way, thinking that this is a bigger story that it really is?

cheers

Pete

It got a brief mention on ours the other day, but I suspect that outside a niche market, computer geeks, it's not considered all that important.

So far it's only gotten "headlines" coverage on Democracy Now (http://www.democracynow.org/). No interviews yet.

Firms Planned Attacks on WikiLeaks, Supporters (http://www.democracynow.org/2011/2/10/headlines#6)Leaked emails show three private intelligence firms developed a plan to attack WikiLeaks and its supporters following reports WikiLeaks had obtained embarrassing internal documents on Bank of America. According to the Tech Herald, the companies Palantir Technologies, HBGary Federal and Berico Technologies hatched a plan to target Salon.com columnist Glenn Greenwald, a vocal supporter of WikiLeaks. The plan also called for a public smear campaign against WikiLeaks, cyberattacks on its websites, and efforts to spark divisions among its volunteers. There is no direct evidence Bank of America knew of the proposal, but it was developed at the request of a law firm that met with Bank of America in December.

Plot Exposed to Target Opponents of U.S. Chamber of Commerce (http://www.democracynow.org/2011/2/11/headlines#9)The website ThinkProgress.org has revealed details of a plot to undermine political opponents of the U.S. Chamber of Commerce. According to leaked emails, three private security firms were asked to propose a strategy for weakening progressive and labor groups that have challenged the Chamber’s lobbying for some of the nation’s biggest corporations. The groups include the labor coalition Change to Win, the Service Employees International Union, U.S. Chamber Watch, StopTheChamber.com, and Think Progress itself. One proposal called for entrapping a Chamber target by providing them with a document containing false information about the Chamber and then exposing the document as a fake once the group publicized its contents. The firms also proposed creating a "fake insider persona" to communicate with Change to Win. The three security companies—Palantir Technologies, HBGary Federal and Berico Technologies—were also implicated this week in a plot to target the online whistleblower WikiLeaks and some of its prominent supporters.

It's obvious that they want to discredit Wikileaks, attack it's supporters, as to destroy the site.

comprehensive article

how hbgary works with government agencies with rookit software

http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/

Why are they always such long articles? ;)

I bet the parent group sacrificed one or two guys, like a crab which loses an arm to get away but it will grow back. Sophisticated work for government contracts doesn't sound like the flaky company HBG appears to be.

Something else that hasn't been in the US news was the major hack of the Canadian government computers. I watch Canadian news when I can and I'm shocked something this big hasn't been mentioned to my knowledge on the US news. This was not a minor, only in the front door thing.

Foreign hackers attack Canadian government (http://www.cbc.ca/politics/story/2011/02/16/pol-weston-hacking.html)An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned.

The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board — the federal government's two main economic nerve centres — off the internet.

Defence Research and Development Canada works to assist in the scientific and technological needs of the Canadian Forces. It is a civilian agency of the Department of National Defence.

The cyberattack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.

Cyberattack defences in place, ... Harper acknowledges 'growing' threats after 3 departments hacked (http://www.cbc.ca/canada/story/2011/02/17/cyber-attacks-harper142.html?ref=rss)

Excellent article Ginger,

very similar patterns to the Hgbary hack, not suggesting it was the same people, just same techniques used, showing how a small hack can grow using social engineering using false ID's.

What is relatively new I'm guessing, is now we have an established social media entity companies like HBGary creating armies of fake social accounts, all managed by software to espouse the theme that the software driver chooses. And that these created fake account armies are for sale, and it appears for sale to governments.

something as simple as utilising skype can help disarm social engineering when communicating between people of upper security levels in system administration.
In terms of personal ID verification. (not as a means to transmit sensitive data of course)

So, I'm still a bit confused...am I meant to be on the side of Anonymous and it's acne-ridden teenage horde of "hackers" who commit illegal acts...or not??

Should I be scared of them "hacking" me if I call them acne-ridden teenage hordes!?

Just as an interesting coincidence, I got an email a couple days ago asking if I would befriend someone I never heard of on my Facebook page. It's the first one I've gotten. I can't remember if my neighbor's Facebook friend request was just on Facebook or if I got an email alert. I don't use my Facebook account. I don't know if that kind of spamming is common and it was pure coincidence, or if this was just the latest version of a malware trojan.

So, I'm still a bit confused...am I meant to be on the side of Anonymous and it's acne-ridden teenage horde of "hackers" who commit illegal acts...or not??

Should I be scared of them "hacking" me if I call them acne-ridden teenage hordes!?

I lean toward power to the people, myself. You'll have to make up your own mind.

Excellent article Ginger,

very similar patterns to the Hgbary hack, not suggesting it was the same people, just same techniques used, showing how a small hack can grow using social engineering using false ID's.

What is relatively new I'm guessing, is now we have an established social media entity companies like HBGary creating armies of fake social accounts, all managed by software to espouse the theme that the software driver chooses. And that these created fake account armies are for sale, and it appears for sale to governments.
But once the programs get written, little spammers learn to copy them.

But once the programs get written, little spammers learn to copy them.

that information is out there, and most likely being considered as use for many other means aswell. (e.g new scary movie comes out, and 10k fake social accounts shout to the world how scary this movie is)



Are you suggesting that, now we know companies and gov are using armies of fake social accounts to push an agenda, that then these armies of fake accounts, then get combatted by other armies of fake social accounts, created by the opposing views? so we end up having fake social wars based on agenda's of the time? :)



interesting times ahead..

@deepatrax
the only answer to your question that will satisfy you, is doing your own research, there's tons of material out there to enable you to make a reasonably informed decision.

cheers

Pete

that information is out there, and most likely being considered as use for many other means aswell. (e.g new scary movie comes out, and 10k fake social accounts shout to the world how scary this movie is)



Are you suggesting that, now we know companies and gov are using armies of fake social accounts to push an agenda, that then these armies of fake accounts, then get combatted by other armies of fake social accounts, created by the opposing views? so we end up having fake social wars based on agenda's of the time? :) I was thinking more about the resources being invested in R&D. The more research, the more invasive the programs get.

None of the stuff about hiring corporate spies and hit teams surprised me much. That was a given. It's nice when it comes out in the light, however. That can't be a bad thing.

ever heard of a non-sequitur?

now, with all of these people committing illegal acts, who's side am I meant to be on?

Anonymous and it's band of acne-ridden teens who get a hold of a public available DDOS tool to "hack" people from their mom's basement?

Wikileaks and it's rapist albino leader?

HBGary and it's megalomaniacal CEO?

who??

Well, if you need people on a forum to provide you with that answer, there's a problem.

Let's face it - the haxors will get you if the NWO doesn't - that's if it's alright with the corporations and they havent' bought the rights to your retribution.

So, choose your flavour of paranoia, wrap yourself in your Snuggie, and rail at the world via the intranet. Oh wait... you're way ahead of me... :p

At Last
http://www.colbertnation.com/full-episodes/thu-february-24-2011-mike-huckabee
great job by Colbert and Greenwald..

Well a sound strategy is to leak false information to be deseminated through the leak sites and then easily discredited. So who knows what will happen.

It could backfire badly. Leaked fake information that is then revealed to be faked might mildly discredit places like Wikileaks. However, it most certainly suggests someone or organization that wants to discredit Wikileaks about exactly that type of issue, easily pointing fingers as to the source of the faux leaks.

edit: nevermind

These 'security' companies are not making you or me more secure.

It's like the little mom & pop store having to pay for 'protection' in the neighborhood. Who were they paying? Same people they needed the protection from of course.

'Anonymous' Hackers Take Down Koch Brothers-Backed Americans For Prosperity Website (http://www.huffingtonpost.com/2011/02/28/anonymous-koch-americans-for-prosperity_n_829056.html)

'Anonymous' attack (http://firstread.msnbc.msn.com/_news/2011/02/28/6154621-anonymous-attack)


Message from Anonymous (http://anonnews.org/?p=press&a=item&i=585)
Message from Americans for Prosperity (http://www.americansforprosperity.org/022811-americans-prosperity-calls-left-wing-group%E2%80%99s-attempt-silence-budget-debate-%E2%80%9Cillegal-attack-fr)


SourceWatch on Americans for Prosperity (http://www.sourcewatch.org/index.php?title=Americans_for_Prosperity)Americans for Prosperity (AFP) is a group fronting special interests started by oil billionaire David Koch and Richard Fink (a member of the board of directors of Koch Industries). AFP has been accused of funding astroturf operations but also has been fueling the "Tea Party" efforts. AFP's message is in sync with that of other groups funded by the Koch family’s other special interest groups working against progressive or Democratic initiatives and protections for workers and the environment. Accordingly, AFP has opposed health care reform, stimulus spending, and cap-and-trade legislation, which is aimed at making industries pay for the air pollution that they create. AFP was also involved in the attacks on Obama’s "green jobs" czar, Van Jones, and has crusaded against international climate talks. According to an article in the August 30, 2010 issue of The New Yorker, the Kochs are known for "creating slippery organizations with generic-sounding names," that "make it difficult to ascertain the extent of their influence in Washington." [1]


Considering the financial advantage of the Koch Brothers, I'm glad there is at least one volunteer organization with some clout working on the side of the common folks. I agree with free speech. But all this attack did was get some publicity on the mainstream media exposing Americans for Prosperity's real sponsors. It did not damage their free speech rights.

Anonymous has a sense of humor.

Do not taunt Anonymous (http://scienceblogs.com/pharyngula/2011/03/do_not_taunt_anonymous.php?utm_source=ScienceBlogs +Weekly+Recap&utm_campaign=2f342585b3-Sb_Weekly_Recap_3_4_2011&utm_medium=email)

Oh yeah, and Barr finally stepped down. I thought he did that earlier but I guess not.

HBGary Federal CEO Aaron Barr Quits Due to Anonymous Attack (http://www.eweek.com/c/a/Security/HBGary-Federal-CEO-Aaron-Barr-Quits-Due-to-Anonymous-Attack-325042/)

Anonymous has a sense of humor.

Do not taunt Anonymous (http://scienceblogs.com/pharyngula/2011/03/do_not_taunt_anonymous.php?utm_source=ScienceBlogs +Weekly+Recap&utm_campaign=2f342585b3-Sb_Weekly_Recap_3_4_2011&utm_medium=email)

Thanks for sharing that.. pure gold there :)

Has anyone got an explanation why this event has not hit main Television Media?

Or am I delusional in some way, thinking that this is a bigger story that it really is?

cheers

Pete

It doesn't look like a very big story to me.

At its core, it's all about one guy, Aaron Barr, who's kind of a douche. He proposes a lot of douchebag ideas, none of which ever get enacted.

Barr talks big, but trolling social media sites for information isn't that big a deal. All the real criminal activity was done to him, not by him.

@MyCroft, you obviously have no idea what the actual full story is about.. Colbert in the link above gives a very good brief overview

@MyCroft, you obviously have no idea what the actual full story is about.. Colbert in the link above gives a very good brief overview

I didn't see anything in that clip that gave any new information. At its core, Aaron Barr talked about doing some things that might have been illegal, but there is no evidence he got around to doing them. His demonstrated expertise is in gathering personal information from facebook, twitter, etc., which may be kinda sleazy, but not illegal. It's also probably a lot less, in terms of gathering personal information, than what Anonymous does when they go after someone.

At the same time, what Anon did to Barr is clearly illegal.

Barr strikes me at being less competent than what he claims to be, but like many people in security he talks himself up a lot.

The outlaw group in this story is Anonymous. You have a lot of people trying to whip up concern about the big bad corporations here, but there isn't anything they talked about doing that wasn't actually done by the vigilante group.

I didn't see anything in that clip that gave any new information. At its core, Aaron Barr talked about doing some things that might have been illegal, but there is no evidence he got around to doing them. His demonstrated expertise is in gathering personal information from facebook, twitter, etc., which may be kinda sleazy, but not illegal. It's also probably a lot less, in terms of gathering personal information, than what Anonymous does when they go after someone.

At the same time, what Anon did to Barr is clearly illegal.

Barr strikes me at being less competent than what he claims to be, but like many people in security he talks himself up a lot.

The outlaw group in this story is Anonymous. You have a lot of people trying to whip up concern about the big bad corporations here, but there isn't anything they talked about doing that wasn't actually done by the vigilante group.Which "clip" are you referring to? And have you read any of the stuff I linked to in the OP about the use of smear campaigns by the Chamber of Commerce and the Bank of America?

ever heard of a non-sequitur?

now, with all of these people committing illegal acts, who's side am I meant to be on?

Anonymous and it's band of acne-ridden teens who get a hold of a public available DDOS tool to "hack" people from their mom's basement?

Wikileaks and it's rapist albino leader?

HBGary and it's megalomaniacal CEO?

who??

Not sure why any of those are significant to the discussion.

BTW though recently someone from anonymous trashed Phelps website while being on a radio interview along with Shirley Roper Phelps. She taunted him a bit much and he said.. "look at your website'

I'm not sure what is the siginificance of legal when the government itself ignores its own rules. What moral force binds me to those rules?

...
BTW though recently someone from anonymous trashed Phelps website while being on a radio interview along with Shirley Roper Phelps. She taunted him a bit much and he said.. "look at your website'...Ahhemm (http://forums.randi.org/showthread.php?postid=6943112#post6943112)

Which "clip" are you referring to? And have you read any of the stuff I linked to in the OP about the use of smear campaigns by the Chamber of Commerce and the Bank of America?

The clip was the one from the Colbert Report, and yes, I did read your links.

Are you just curious? Or do you think I missed some information?

The clip was the one from the Colbert Report, and yes, I did read your links.

Are you just curious? Or do you think I missed some information?This comment suggests you missed a lot of information:The outlaw group in this story is Anonymous. You have a lot of people trying to whip up concern about the big bad corporations here, but there isn't anything they talked about doing that wasn't actually done by the vigilante group.

This comment suggests you missed a lot of information:

Then point some out and we can discuss it. If not, you're just being tiresome.

Then point some out and we can discuss it. If not, you're just being tiresome.You claim you read the OP and the links in the OP. Try reviewing it.

Hint: Concentrate on the "Fabricators" side of the discussion.

You claim you read the OP and the links in the OP. Try reviewing it.

Hint: Concentrate on the "Fabricators" side of the discussion.

Already read it.

Yes, they talked about fabricating documents. They did not actually fabricate any documents, they only talked about it.

Anything else?

Already read it.

Yes, they talked about fabricating documents. They did not actually fabricate any documents, they only talked about it.

Anything else?

Maybe this will help.


US congressmen Hank Johnson, called for an investigation into a “campaign to sabotage and discredit critics of the U.S. Chamber of Commerce”,




Behind it were HBGary Federal, Palantir Technologies and Berico Technologies (collectively calling themselves ‘Team Themis’) and law firm Hunton & Williams, says a Government Security News post.

The targets were Chamber Watch, Change to Win, the Center for American Progress, the Service Employees International Union and “other organizations”, it says.

In a letter to four house committee chairs, “We are deeply concerned by evidence that intelligence contractors may have engaged in a criminal conspiracy to target American citizens on behalf of powerful corporate interests,” says one of the signatories, Hank Johnson.

“We believe a full Congressional investigation is warranted to determine whether laws were broken and whether existing laws are sufficient to protect Americans from high-tech dirty tricks.”

An “apparent conspiracy was being hatched by the federal contractors and the law firm to exploit techniques developed on Uncle Sam’s dime to fight terrorists and other security threats”, said the story, continuing:

“It noted that the leaked e-mails ‘indicate that these defense contractors planned to mine social network sites for information on Chamber critics; planned to plant ‘false documents’ and ‘fake insider personas’ that would be used to discredit the groups; and discussed the use of malicious and intrusive software to steal private information from the groups and disrupt their internal electronic communications’.”



full story
http://www.p2pnet.net/story/50267

Did they seriously name their company after an artifact used by evil wizards to conquer the free peoples of the world?

Already read it.

Yes, they talked about fabricating documents. They did not actually fabricate any documents, they only talked about it.

Anything else?Convenient of you to ignore the millions invested and only mention the "talked about" as if they were overheard at the coffee shop. Where do you get off dismissing how seriously one is about carrying something out that one invested millons to develop?

The only reason this million dollar plan was not carried out was they were caught.

Did they seriously name their company after an artifact used by evil wizards to conquer the free peoples of the world?

As a sidetrack, the Palantiri weren't really "artifact(s) used by evil wizards to conquer the free peoples of the world", they where originally communication devices created by the Elves of Valinor, seven of which were gifted to the Dúnedain of Númenor to keep in contact with each other and view the realms of Arnor and Gondor during the Second Age.

They were held in towers at Elostirion, Amon Sûl, Annúminas, Osgiliath, Minas Ithil, Orthanc, and Minas Anor.

When the kingdoms of Númenor fell, most of the Palantiri were lost, though the Gondorian ones in Minas Ithil, Orthanc, and Minas Anor remained safe.

Minas Anor was eventually renamed Minas Tirith and the one held there was that which Denethor came to possess, having been past down through the line of kings and then on to the stewards. The one in Minas Ithil fell into Sauron's hands when he conquered the city and took it over, renaming it Minas Morgul, home to the Nazgûl. Orthanc's Seeing Stone ended up in Saruman's hands when he took command of the tower.

Sauron used his captured Palantir to corrupt Saruman's mind by twisting what he saw when he used his own, making him believe that fighting against Sauron would be useless, and that the only way to survive was to join with him. He tried the same thing with Denethor, but instead drove him mad (it could be claimed that he drove Saruman mad too, but in a different way), so the Palantiri were useful to Sauron's plan, but they weren't a tool for conquering the world, merely for trying to extend his control beyond what he could have normally, and only to those two people.

I'd also note that the Palantir that Aragorn used (the one from Orthanc taken after the defeat of Saruman) become a tool of the armies of the West in that it convinced Sauron that Aragorn had the ring and was going to use it try and against him, thus keeping his concentration on Aragorn and his forces and allowing Frodo to slip past Mordor's defences unseen. So as a tool, and as any tool can be, they were used for both good and ill.

Convenient of you to ignore the millions invested and only mention the "talked about" as if they were overheard at the coffee shop. Where do you get off dismissing how seriously one is about carrying something out that one invested millons to develop?

The only reason this million dollar plan was not carried out was they were caught.

maybe we are dealing with a severely entrenched sockpuppet :crowded:

maybe we are dealing with a severely entrenched sockpuppet :crowded:

No, that's a typical Mycroft position.

Convenient of you to ignore the millions invested and only mention the "talked about" as if they were overheard at the coffee shop. Where do you get off dismissing how seriously one is about carrying something out that one invested millons to develop?

The only reason this million dollar plan was not carried out was they were caught.



I'm not ignoring anything. I read the articles. I noticed that these guys talked up a big game, but never got around to doing anything. Which would be typical of people starting up a service oriented company (security is a service industry) trying to sell that service to some big name companies. They don't get the green-light to go ahead if they can't come up with an effective plan to implement once they do get hired.

And no, they weren't overheard in a coffee shop. Their e-mails were illegally stolen and disseminated. For right or wrong, the people who took illegal action in this story were the guys from "Anonymous", hacking into a private server and stealing information that didn't belong to them. If the folks from this security company had done that much, they'd be in jail right now, having broken real laws.

I don't see that the "millions of dollars" spent is much evidence of anything. It doesn't take a lot of hours of consulting, training and brainstorming to equal a million dollar invoice. Janitorial service for a mid-sized building can be that much, or more.

It may well be true that the only reason these plans were never enacted is that they were exposed. Or it may not be true. That's speculation. My gut says this guy was a big talker trying to sell himself, but the client wasn't buying. I base this on years of experience with sales guys, and my personal business dealings with Bank of America, which tells me their corporate culture is very conservative and by-the-book business practices. But that's just my opinion, your mileage may vary.

Now I get it that sometimes it's easy to make a romantic hero out of a criminal. I won't deny that I think it's pretty funny what Anonymous did to this guy who seems a bit like a jerk who had it coming. But the real objective truth here is he didn't do anything illegal, but what was done to him was illegal.

Maybe this will help.


If you want to prove that HBGary & co broke some laws, then what would help would be to cite the specific activity and the law it broke. For example, in your own source...


"...Anonymous ramped things up, hacking HBGary and posting thousands of confidential company emails online."


That's illegal. You're not allowed to hack someones server, steal their emails and post them online.

Now if you want to take the position that you don't care that it's illegal and you want to cheer Anonymous on because you basically agree with their actions and their politics, that's understandable. Romanticizing criminals is something we sometimes do in our culture.

You've chosen a narrow criteria for what makes people the bad guys then declared it applies to Anonymous and no one in the corporate management. My criteria are broader and they concern ethics and collateral consequences, not just some law written by Capital Hill lobbyists to make sure none of their kind will pay any consequences for their white collar crimes.

Rootkits, the Growing Threat (http://download.nai.com/products/mcafee-avert/WhitePapers/AKapoor_Rootkits1.pdf)...the practice is aiding and abettng the spread of malware...Cutting and pasting is blocked so I can't copy the key points. You'll have to read it yourself. It's mostly about the vulnerabilities of open source code. My interest is what the report says about how anyone developing malware eventually contributes to it's use to attack our computers.


ethical conflict in the anti-malware domain (http://anti-virus-rants.blogspot.com/2011/02/ethical-conflict-in-anti-malware-domain.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Anti-virusRants+(anti-virus+rants))apparently, on top of the legitimate work that one can find out about by visiting the hbgary website (which of course i won't link to), it appears that hbgary also writes and sells malware for fairly large sums of money. the customers for their malware include the government/military but might not stop there. even if that set of customers does stop there, hbgary appears to be in the high-end commercial malware business.

so where does that leave mcafee? it leaves them in bed with commercial malware writers. while AV companies have been proclaiming for decades that they don't and won't hire malware writers, apparently they don't have to. they can simply partner with the boutique security shops that do. clearly they are not picking their business associates as carefully as they are their actual employees.


HBGary… why malware ethics matters (http://www.securitycurve.com/wordpress/archives/3658)So there’s a really great read over at Anti-Virus Rants (Kurt Wismer’s blog) this morning about the HBGary incident and the ethical ramifications thereof and hypocrisy from vendors who are funding malware research and creation (albeit indirectly). Anyway, I highly recommend checking it out.
Now you’re probably aware that Kurt and I have disagreed in the past about the ethics of malware creation and whether there are ever any circumstances under which it can be considered ethical. What I find interesting about the HBGary incident is that it emphasizes starkly the value of having that discussion at all. In other words, it’s not an academic discussion by any means.
Why? Because it could be that the HBGary compromise helps the bad guys….


And yes, I'm still pissed that malware damaged my PC and will cost me money to fix.


And this is not even getting into the ethics of Bank of America paying for the development of malware while trying to thwart a potentially embarrassing leak from WikiLeaks. What are they afraid of? It doesn't seem like proprietary information has anything to do with it. B of A CEOs are clearly acting guilty about something. Considering the bank bailouts made the rich richer and there is no bailout for the masses that lost all their home equity and jobs because of the shenanigans by CountryWide and the banks that used all those toxic assets to gamble with tax payer's money as it ended up being in the end.

You've chosen a narrow criteria for what makes people the bad guys then declared it applies to Anonymous and no one in the corporate management.

No.

Once again your political biases cloud your perception. I haven’t said anything about good or bad, only legal or illegal. You want to excuse illegal behavior because you agree with the politics behind it and because it went against corporate interests that you distrust, that’s pretty simple.


My criteria are broader and they concern ethics and collateral consequences, not just some law written by Capital Hill lobbyists to make sure none of their kind will pay any consequences for their white collar crimes.

Okay, your biases are clear with this, but I don’t think laws against hacking are only to protect white collar criminals. The rest of us, you and I included, have an interest in maintaining our computer privacy too.



And yes, I'm still pissed that malware damaged my PC and will cost me money to fix.

My point exactly.


And this is not even getting into the ethics of Bank of America paying for the development of malware while trying to thwart a potentially embarrassing leak from WikiLeaks. What are they afraid of? It doesn't seem like proprietary information has anything to do with it. B of A CEOs are clearly acting guilty about something. Considering the bank bailouts made the rich richer and there is no bailout for the masses that lost all their home equity and jobs because of the shenanigans by CountryWide and the banks that used all those toxic assets to gamble with tax payer's money as it ended up being in the end.


I personally was against the bailouts. I think the banks should have been allowed to collapse for making bad decisions, but that’s not the way government went.

No.

Once again your political biases cloud your perception. I haven’t said anything about good or bad, only legal or illegal. You want to excuse illegal behavior because you agree with the politics behind it and because it went against corporate interests that you distrust, that’s pretty simple. There are times when one has to take a stand against some laws. It may be rare. I'm not advocating just following the laws you agree with. But what about times like Daniel Ellsberg who saw that the government was lying to the American citizens. Do you obey the law like an unthinking robot, or do you say, wait a minute, this is a secret of a corrupt government. It needs to be exposed.



Okay, your biases are clear with this, but I don’t think laws against hacking are only to protect white collar criminals. The rest of us, you and I included, have an interest in maintaining our computer privacy too. The law against hacking is not the issue. That is a reasonable law, just as it is reasonable for a country to legally keep certain secrets that are in the national interest. But the interest of politicians that necessitates lying to the public is not a national security interest.


It is not reasonable for Bank of America to hire a company to develop malware to use against BoA's political enemies. Right there, if the law is against the person who exposes the behavior, and not a law against development of the malware, then something is wrong with the law.

If the public had a government that was responsive to the public and not just to the big financial interests, then groups like Anonymous would not be necessary. But the current government is not responsive to the public, it is responsive to big financial interests.



My point exactly. I disclosed my bias. I'm telling you I am aware of that bias and have considered its affect on my opinion. That doesn't make my ethical judgement wrong.


I personally was against the bailouts. I think the banks should have been allowed to collapse for making bad decisions, but that’s not the way government went.The economy would have collapsed along with the banks. I wasn't against the bailouts. I am against the fact that business is now going on as usual. The problem that caused the need for the bailouts is still there and the worst thing is, no one has gone to jail for their part in the economic collapse.


Anonymous has not hurt anyone who did not deserve it, from what I can see. In addition, they are filling a need our own government is not dealing with when they should be.

There are times when one has to take a stand against some laws. It may be rare. I'm not advocating just following the laws you agree with. But what about…blah, blah, blah…

I need to remind you that in this conversation I’m the one who distinguished between “legal” and “moral” and have already corrected you for assuming I meant one when I said the other. It’s so puzzling now that you turn it around and instruct me on the differences when you’re the one who failed to get it.


The law against hacking is not the issue. That is a reasonable law, just as it is reasonable for a country to legally keep certain secrets that are in the national interest. But the interest of politicians that necessitates lying to the public is not a national security interest.

Except it kinda is the issue. Individuals, groups and corporations have every right to protect their own privacy. This includes hiring experts to instruct them on safety protocols and to identify potential threats.


It is not reasonable for Bank of America to hire a company to develop malware to use against BoA's political enemies. Right there, if the law is against the person who exposes the behavior, and not a law against development of the malware, then something is wrong with the law.

I don’t see where BOA did this. From the articles we’ve read, BOA’s law firm hired some consultants who spent a lot of time and effort pitching potential services which for their small companies that were struggling financially, would have represented a big payoff and financial solvency for years to come. But the deal was never closed. There is no evidence to suggest the deal would ever have been closed. The plans didn't go forward.


If the public had a government that was responsive to the public and not just to the big financial interests, then groups like Anonymous would not be necessary. But the current government is not responsive to the public, it is responsive to big financial interests.

Our current government is very responsive to the public, just not always in the ways you like. Honestly, being responsive to the public isn’t always a good thing, observe how the Tea Party candidates are making a hash of things. It’s important to remember a good portion of the public is loony.

And to be honest, loony as in “Obama is a secret socialist and the Federal Reserve must be abolished” isn’t that different from loony as in “Democracy Now with Amy Goodwin is a true and accurate portrayal of the world political landscape and everything else has been subverted by corporate interests.” They’re different loony, but they’re both loony.


I disclosed my bias. I'm telling you I am aware of that bias and have considered its affect on my opinion. That doesn't make my ethical judgement wrong.

Your bias caused you to transform “Bank of America’s law firm talked to some internet security experts who proposed some shady practices” to “Bank of America is planning some shady practices.” The difference is an important one.


The economy would have collapsed along with the banks. I wasn't against the bailouts. I am against the fact that business is now going on as usual. The problem that caused the need for the bailouts is still there and the worst thing is, no one has gone to jail for their part in the economic collapse.

I disagree here, but it’s really a different discussion. When banks collapse their assets and people don’t just vanish into a void. If you look at what happened to IndyMac and its assets you can extrapolate what might have happened had our government not bailed out the financial sector. The bottom line is the financial institutions that didn’t engage in risky speculation would have been rewarded in a huge way by being able to buy up the assets of the collapsing banks for pennies on the dollar, and they would be our new financial giants today. Imagine that, rewarding the good guys.


Anonymous has not hurt anyone who did not deserve it, from what I can see. In addition, they are filling a need our own government is not dealing with when they should be.

Anonymous often picks unpopular targets for their shenanigans, but I think it’s a mistake to assume high-minded ideals are their motivations. Their attack on HBGarry was an ego thing, Aaron Barr publically called them out, and they reacted as any elite internet gamer would. That they happened to expose a little bit of juicy material is just a coincidence. It’s easy to cheer them when they target a pedophile or the Church of Scientology, but they’re also responsible for antics like “youtube porn day” where porn videos were labeled as family friendly children’s videos, or the raid on the epilepsy foundation forums with flashing graphics designed to induce seizures in epileptic people.

I think it’s important not to forget that in talking about Anonymous we’re talking about an entity which has ethics formed by mob decisions from the denizens of 4chan. I mean, think about that. Really.