Was a Teenage Girl Central to the HBGary Hack?

Wednesday, March 16, 2011



Parmy Olson has posted an article on Forbes alleging that a sixteen year old girl who works part-time at a salon may have been the key to the HBGary Federal breach that rocked the information security community.

The HBGary Federal breach was conducted by the rogue movement Anonymous, and the subsequent release of tens-of-thousands of company emails revealed multiple instances of ethically questionable covert operations involving the security company.

Olson writes that she has been in contact with a young hacker known only as "Kayla" who claims to have conducted the social engineering exploit that made the HBGary Federal breach so successful.

Olson writes: "Kayla played a crucial role, posing as Barr to an IT administrator (who happened to be Nokia security specialist Jussi Jaakonaho) to gain access to the company’s servers... [Kayla] and four other hackers broke into his company’s servers... defacing his Web site, purging data and posting more than 50,000 of his emails online for the world to see, all within the space of 24 hours."

The article goes on to describe how the teen, supposedly the daughter of a software engineer, taught herself to hack by reading books and was able to program in C and x86 by the time she was fourteen years old.

Olson admits that she does not have much to go on in the way of proof regarding the validity of Kayla's story - only citing other Anonymous members as support - which makes it surprising that Forbes' editors ran the story at all.

"So paranoid is Kayla of being caught or hacked by others, that despite several requests she would not speak to me on Skype to verify an adolescent-sounding voice. Our only evidence: others in Anonymous vouch for her age, her emails are punctuated with smiley faces and 'lols' and she is relatively well-known on hacking forums," Olson writes.

The thing about social engineers, though, is that they are really gifted manipulators.

While Olson may well have been communicating with the person who helped carry out the operation on HBGary Federal, the back-story may just be obfuscation to throw off investigators, and Olson herself points out that there are indications this might just as well be the case:

"Still, rumors abound that Kayla is a mid-20s male from New Jersey named Corey Barnhill, who also goes by the pseudonym Xyrix," Olson writes.

Any way this story plays out, it presents interesting food for thought:

  • If the article is on track, it is a fascinating portrayal of the makeup of the Anonymous movement.
  • If it turns out to be pure obfuscation, it reveals something about the nature of the Anonymous methodologies.
  • If it is all a hoax, it shows how vulnerable the Anonymous movement and the media are to manipulation.
Regardless of the outcome, Olson's article is an entertaining read, and if it does not pan out in the end at least she has a great outline for a screenplay.

Source: http://blogs.forbes.com/parmyolson/2011/03/16/is-this-the-girl-that-hacked-hbgary/
Possibly Related Articles:
Social Engineering Hacking Headlines Anonymous breach HBGary Federal
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.