2011-02-14 Team Themis - HBGary, Palantir, Berico's ambitious joint team mentions 'bots' and 'custom software'

According to newly released emails. of HBGary through the work of Anonymous, HBGary, Palantir Technology, Berico Technology formed a team and submitted a report to win a contract of the law firm Hunton & Williams,whose client is Bank of America. The final report written in Nov.4, 2010 is here, titled "Corporate Information Reconnaissance Cell". What they assert in there is providing technological/traditional way of spying targeted entities, whatever that may be. To enumerate some of their 'tactics':

Threat intelligence
Social media exploitation
Influence operation
Intelligence, Surveillance, and Reconnaissance(ISR)
Custom software development

Among them, what would the last category, 'Custom software development' include? On page 9 of the document discussing explicit timeline of the planned phases, 'Develop customized bots and helpers' is listed as one of the major tactics. One can only guess about what kind of 'bots' that would explicitly be, but an article on Crowdleaks can give some hints on the kind of 'bots' or, 'custom software'. Following is an excerpt:

In the new emails released by Anonymous we discover that HBGary Inc. may have been working on the development of a new type of Windows rootkit » that was undetectable and almost impossible to remove. ... When Activated, the Magenta rootkit will be capable of searching for and executing imbedded command and control messages by finding them wherever they may exist in physical memory on the compromised host. This is ideal because it’s trivial to remotely seed C&C messages into any networked windows host – even if the host in question has full windows firewalling enabled. The Magenta payload will also contain imbedded capabilities for injecting these C&C payloads directly into user-mode processes. This will allow injectable C&C payloads to be written to perform user-mode tasks on the compromised host.

Verifying the exact relationship between 'Magenta' and 'bots' appeared in the document needs more researches.

For WL Central coverage on Anonymous, HB Gary and the Stuxnet worm, go here.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer