The Atlantic Wire published an article titled "The Embarrassing Revelations of Cyber Security Firm HBGary Federal" which outlines several of the covert operations the California-based security firm was involved in.
HBGary Federal was recently the target of a devastating hacking operation conducted by the rogue movement Anonymous which resulted in the unauthorized access of private information regarding the company's clientele, followed by the release of tens-of-thousands of company emails.
The attack was precipitated by statements from HBGary Federal's Aaron Barr, who claimed to have infiltrated the Anonymous network in an effort to uncover the identities of those in leadership rolls.
The article details some strategies put forth by the company that many might find to be surprising coming from a private security vendor, as they are seemingly more befitting of an intelligence agency psyops unit.
From The Atlantic Wire:
Help Bank of America With Wikileaks: In November, executives at Bank of America were on edge as rumors circulated that WikiLeaks was preparing to release thousands of damning documents about the financial institution. Observing an opportunity, HBGary CEO Aaron Barr pitched a plan to BofA's law firm, Hunton & Williams. According to the released documents, Barr wanted to team up with security firms Palantir and Berico Technologies and disgrace WikiLeaks by hacking into it and feeding the whistle-blower site fabricated documents. The company also suggested going after WikiLeaks supporters such as Salon's Glenn Greenwald. A presentation to the law firm noted that “Without the support of people like Glenn, WikiLeaks would fold"...
Help the Chamber of Commerce With Chamber Watch: As we pointed out yesterday, the e-mails also reveal that HBGary tried to discredit the watchdog group US Chamber Watch, a dogged critic of the US Chamber of Commerce. Politico reports that the Chamber's law firm (again, Hunton & Williams), actively worked with HBGary. "To degrade [Chamber Watch’s] messaging capabilities and credibility would represent a huge win for the CoC and should be a focus," one e-mail read. The plan was to create a "fake insider persona" within Chamber Watch to make them publicize fabricated materials in an effort to "prove that U.S. Chamber Watch cannot be trusted with information and/or tell the truth"...
Help the U.S. Air Force Win Hearts and Minds? Another revelation from the document dump was that the U.S. Air Force was seeking ways to manipulate social media to spread pro-government propaganda. After the request for proposal was issued, it caught the attention of HBGary...
The initial news of the breach and subsequent disclosure of proprietary information was generally received with some sympathy from the infosec industry.
But further revelations about the proposed tactics and operations set forth by HBGary Federal and the other security companies involved should be cause for concern amongst the information security community, as they largely portray security professionals as being techno mercenaries and hired guns.