topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday October 13, 2024, 9:54 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Black ops: how HBGary wrote backdoors for the government  (Read 14338 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Black ops: how HBGary wrote backdoors for the government
« on: February 19, 2011, 05:10 PM »
Fascinating article on the recent unmasking and collapse of the security firm HBGary..

On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.



from http://yro.slashdot....ke-Online-Identities


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #2 on: February 20, 2011, 03:24 PM »
I can't help but smile over the entire thing. They go after Anonymous, and Anonymous basically hammers the b'jeez out of them.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #3 on: February 20, 2011, 05:05 PM »
It's one of several interesting articles at Ars Technica regarding HBGary. Next, I'd like to have an opinion piece about this. And then interviews with renown security experts, their take on this :)

What I have learned is that we must be very wary of astro turfing, if THEY are automating it already.

rxantos

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 116
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #4 on: February 22, 2011, 09:13 AM »
Every windows since Windows 95 have an NSA back-door put in. That is why the only secure way to use windows is on a virtual machine.

Then again 99% of the people in the USA have nothing to worry about the NSA, at least for now.



Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #5 on: February 22, 2011, 09:18 AM »
Then again 99% of the people in the USA have nothing to worry about the NSA, at least for now.

The ring of truth in that last part is disturbing.

As for Windows back doors, dunno. I'd like to see some evidence for that.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #6 on: February 22, 2011, 09:53 AM »
Every windows since Windows 95 have an NSA back-door put in. That is why the only secure way to use windows is on a virtual machine.
Proof, please? No? Didn't think so.

I highly doubt there's any obvious "back doors" anywhere in Windows. First, large portions of NT4 and somewhat smaller portions of Win2k have been leaked to the public. Universities and others have had access to much larger subsets under NDAs. People have been scrutinizing the binaries in search of 0-day exploits, to subvert kernel protection, the license codes, windows genuine advantage, et cetera. If there were deliberate backdoors, they would have been found.

That's not to say there might not be some buffer overflows or whatnot that have been put there for the purpose of creating a backdoor, though. But I kinda doubt it, it would be a lot safer to be able to truthfully & fully disclaim such allegations, and utilize one of the numerous accidental 0-day exploits.
- carpe noctem

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 873
    • View Profile
    • linkerror
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #7 on: February 23, 2011, 05:36 AM »
http://lcamtuf.blogs...world-of-hbgary.html

Linked in the above post is a link to the details of the attack, how hbgary got compromised: http://arstechnica.c...-the-hbgary-hack.ars
« Last Edit: February 23, 2011, 05:41 AM by Gothi[c] »

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 873
    • View Profile
    • linkerror
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #8 on: February 23, 2011, 06:23 AM »
HBGary Execs Run For Cover As Hacking Scandal Escalates
http://blogs.forbes....g-scandal-escalates/

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #9 on: February 23, 2011, 07:01 AM »
http://lcamtuf.blogs...world-of-hbgary.html

Linked in the above post is a link to the details of the attack, how hbgary got compromised: http://arstechnica.c...-the-hbgary-hack.ars

Wow - That's completely mind blowing - I will never feel guilty for harping about the 80/20 rule ever again.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #10 on: February 23, 2011, 08:22 AM »
http://lcamtuf.blogs...world-of-hbgary.html

Linked in the above post is a link to the details of the attack, how hbgary got compromised: http://arstechnica.c...-the-hbgary-hack.ars

Wow - That's completely mind blowing - I will never feel guilty for harping about the 80/20 rule ever again.

Not finished reading yet, but wow... Enlightening. I had no idea that people are still using such poor security. SQL injection? Wow. That's unreal that they got hit by that.

Reminds me of this:

http://xkcd.com/327/



Security companies that get hacked by SQL injection deserve it.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #11 on: February 23, 2011, 08:35 AM »
Security companies that get hacked by SQL injection deserve it.

Damn Straight! ...Love the cartoon, I'll be laughing about that (Little Bobby Tables) for the rest of the day.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #12 on: February 23, 2011, 09:10 AM »
Security companies that get hacked by SQL injection deserve it.

Damn Straight! ...Love the cartoon, I'll be laughing about that (Little Bobby Tables) for the rest of the day.

It's one of my favorites. I still roar laughing when I read it... "DROP TABLE Students;" 6 tonnes of pure awesomeness~! :D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #13 on: February 23, 2011, 09:18 AM »
Ah, reading through the various ArsTechnica articles on the whole deal has been a lot of fun - I've been laughing out loud quite a few times. The HBGary people are (hopefully!) going to end up in a lot of trouble, might even have their lives destroyed. But considering how big slimy pieces of scum they are, which is apparent if you dig even superficially into this whole deal, they really deserve it.

[23:57:02] <Sabu> You intended of battling anonymous in the media for media gain and attention
[23:57:04] <Sabu> well let me ask you
[23:57:08] <Sabu> you got the media attention now
[23:57:10] <Sabu> how does it feel
[23:57:11] <Sabu> ?
-anon
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #14 on: February 23, 2011, 10:23 AM »
Be nice if some of them could do a little jail time.

That would give them an opportunity to further expand on their understanding of what being "backdoored" means.

And feels like...

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #15 on: February 23, 2011, 10:42 AM »
40hz :-*

The emails are probably going to show people from Big Corp and Big Gov't engaging in downright illegal crap as well - as much as I despise the HBGary people, I'd rather see their clients in jail than just the small fishies.
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Black ops: how HBGary wrote backdoors for the government
« Reply #16 on: February 23, 2011, 11:16 AM »
So, the moral of this story is: Never use a production db server for a honeypot...  :D