What Anon did was not ethical, but IMHO Anon did a great service to society & the security community by letting everyone know where is the weakest link, and saving the tax payer some money while they are at it.
HBGary's front page is pure damage control now.
Dude, their east coast contact is "Bob". What kinda podunk outfit are they running?
Anonymous is trying to make people afraid of them. You don't do that by trading threats. You pick a tough guy with a big mouth and publicly castrate him, which is pretty much what they did.
I dont think they care whether or not people are afraid. The dude basically called Anon out and Anon, being a Hive Mind, responded 10x the amount that would be typical. What people don't realize, refused to acknowledge, or just plain forget is that while Anon is full of a shit ton of script kiddies and LOIC users, someone in that bunch has working knowledge of almost every OS in existence. And they are familiar with the security holes and protocol used by the industry. What is making ANON more dangerous to screw with is the fact that alot of 14 year olds that started using 4chan for the lolz are entering college/work force with a much greater knowledge then they had. And the more publicity they get the more hoards of people they get to do the grunt work such as the DDoS attacks.
The pen is mightier than the swords.
While human errors lent credence to this fallout, Bit-9 is no joke of a tool.
I thought the biggest rule of the internet was:
1. Don't piss off Anonymous
haha, this part is pretty funny. (From HBGary front page)Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data. HBGary, Inc and HBGary Federal are committed to a comprehensive, accurate, and swift response to this crime.
They way they got that root pw is insane. That admin needs fired on the spot.
Even a small company should never reset a pw based simply on an email.
Anonymous is trying to make people afraid of them. You don't do that by trading threats. You pick a tough guy with a big mouth and publicly castrate him, which is pretty much what they did.
seriously. there should be password reset protocols regardless of who the user claims to be. i remember i once worked for a large network and had to do a password reset for a rear admiral, but he couldn't remember his reset phrase, had to use a proxy who also didn't know his reset phrase and had to email from his account requesting a password reset. once i got the email i was able to "identify" the proxy, who in turn "identified" the rear admiral. needless to say, the RA was pissed beyond belief.
i don't miss those days on the helpdesk at all.
What type of person sides with the feds in a case like this? Yikes.
The people should always win. In my eyes, Anon represents the people.
:thumbsup:
1. You do know that HBGary Federal is not the "Feds." They are a private company and not the government (kind of like "Federal Express"), right?
2. In my opinion, Anonymous represents only itself (or a select few members of Anonymous) in this case. They're not representing the people, they're not supporting whistleblowing at a company involved in criminally negligent or deliberate actions, they're not supporting Wikileaks. I find their response very disproportional to the empty threat.
I don't see Loke around here anymore. Why is that?
1. You do know that HBGary Federal is not the "Feds." They are a private company and not the government (kind of like "Federal Express"), right?
2. In my opinion, Anonymous represents only itself (or a select few members of Anonymous) in this case. They're not representing the people, they're not supporting whistleblowing at a company involved in criminally negligent or deliberate actions, they're not supporting Wikileaks. I find their response very disproportional to the empty threat.
I don't see Loke around here anymore. Why is that?
Actually, you're wrong. The reason they did what they did was because this Aaron Barr guy was going to reveal identities at a conference he was giving and also to the FBI. Based on the articles and also the IRC chatlog, it seems Aaron got these identities via people who clicked the 'like' button for the Anonymous page on facebook and they're claiming a lot of those are innocent people who have nothing to do with hacking. Based on the pdf document, it wouldn't surprise me, it looked like really sloppy work.