2011-02-09 Security Contractor HBGary Tries to Protect US from Anonymous, WikiLeaks [UPDATE:1]

(update below)

HBGary Federal, provider of classified cybersecurity services to the Department of Defense, Intelligence Community and other US government agencies, has opted over the past months to go to war with the group of WikiLeaks supporters known as Anonymous. The Tech Herald reported today on HBGary Federal and two other data intelligence firms “strategic plan” for an attack against WikiLeaks.

The company is considered to be “a leading provider of best-in-class threat intelligence solutions for government agencies and Fortune 500 organizations.” It provides "enhanced threat intelligence" so "the federal government can better protect our national cyber infrastructure."

Almost a year ago, the company received an extension to their contract with the US Department of Homeland Security to “conduct a series of hands-on memory forensics and malware analysis training events with local, state, and federal law enforcement officials around the country.” A company contracted by the government to help out with cybersecurity initiatives for the United States is spending company time and resources and possibly even taxpayer money going after individuals who support WikiLeaks and spend lots of time in a chat room talking about what they can do to defend freedom of expression. The CEO of this cybersecurity service company is targeting a group that poses no threat to the government infrastructures it is supposed to be protecting from real cyber criminals.

Along with Palantir Technologies and Berico Technologies, which both have worked to help the government in some capacity, HBGary developed a proposal called “The WikiLeaks Threat.” They requested that the law firm Hunton and Williams meet with Bank of America. The law firm held a meeting on December 3, and they began to plan against WikiLeaks. According to Tech Herald, Hunton and Williams would “act as outside council on retainer,” Palantir would “take care of network and insider threat investigations” and Berico Technologies and HBGary would “analyze WikiLeaks” to find if “WikiLeaks was hosting data in certain countries and make prosecution easier.” CEO Aaron Barr also led an infiltration into Anonymous, hoping to unearth identification information that could unveil who these people are that are operating in support of WikiLeaks.

HBGary and Palantir are partners. Palantir Technologies has been sought by the CIA, DHS and FBI to help government analysts “integrate unstructured open source information with data from various agency databases to analyze them for outstanding correlations and connections in an attempt to mitigate the burden of rummaging around through the immense amount of information available to them.” Either Palantir Technologies found the time to stop serving government and work with Hunton and Williams to help Bank of America stop WikiLeaks from releasing documents that might impact Bank of America operations, or, possibly the US government had given tacit approval to Palantir to participate in this operation.

Berico Technologies worked with the National Security Agency (NSA) to invent technology that “made finding roadside-bomb makers easier and helped stanch the number of casualties from improvised explosive.” They also decided to participate in this initiative or, again, possibly someone in the US government suggested private corporations begin to go after WikiLeaks.

The three security service companies proposed the following tactics for going after WikiLeaks: “Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.” Part of their plan involves turning Salon's Glenn Greenwald against WikiLeaks.

HBGary counts as an advisor Andy Purdy, who was a member of the White House staff team that helped to draft the U.S. National Strategy to Secure Cyberspace in 2003. He joined the Department of Homeland Security and served on “the tiger team that helped to form the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).” He worked for three and a half years and spent the last two heading the NCSD and US-CERT as a “Cyber Czar.” With HBGary he is involved in an Anonymous style hacktivist attack.

For fiscal year 2011, the federal budget for homeland security will provide “$364 million to the Department of Homeland Security to support the operations of the National Cyber Security Division which protects Federal systems as well as continuing efforts under the Comprehensive National Cybersecurity Initiative to protect our information networks from the threat of attacks or disruptions.” Should companies engaged in this kind of conduct be allowed to take government money to fund their company’s operations, which are supposed to protect government cyber infrastructure?

HBGary's infiltration led to the company "getting pwned." Anonymous figured out what was going on and seized HBGary's domain, temporarily posting this image—a letter with an opening line that reads "claims of 'infiltrating' Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself."

Even though Anonymous is known to have hacked into companies like PayPal and Visa, does HBGary or any other cybersecurity service have any business mounting operations to infiltrate or target anyone linked to Anonymous? Unless HBGary is working for the FBI, it does not seem as though they should be allowed to engage in such activity.

The president of HBGary, Penny Leavy, says, “Today’s sophisticated cybercriminals require a sophisticated approach to network security.” That may be true. But, one might ask Leavy, "Do today’s sophisticated cyber activists require amateur cyber snoops?"

Update

Later in the day, WikiLeaks posted a .PDF file titled "The WikiLeaks Threat," which the three data intelligence firms put together to help guide a planned attack on WikiLeaks.

It was already reported that they were going to try to use disinformation, create messages around actions of sabotage, work to discredit opposing organizations, post fake documents and call out the errors, and work to feed a fuel between groups feuding around WikiLeaks operations. What wasn't initially reported on is all the people these firms wanted to ensnare in their scheme to take down WikiLeaks.

One slide shows that these were the people they aimed to involve: James Ball, Theodore Reppe, Jennifer Robinson, Julian Assange, John Shipton, Kristinn Hrafnsson, Jacob Appelbaum, David House, Daniel Mathews, Glenn Greenwald, Jennifer 8. Lee, Daniel Schmitt, Herbert Snorrason, Birgitta Jonsdottir.

Schmitt, Snorrason and Jonsdottir are marked as "disgruntled."

Why Lee is on there is a mystery. She has not done anything at all with WikiLeaks since the "Collateral Murder" video. Also, why didn't Greg Mitchell, who has been regularly blogging WikiLeaks for The Nation make the cut?

It's clear that those working with the firms to go after WikiLeaks were not only pining for adventure or attention but also have no idea how to even begin to do research.