After claiming to have infiltrated Anonymous, HBGary Barr and its CEO Aaron Barr got hit with one of the collective’s strongest attacks. Anonymous first took over the hompage of the security company and replaced it with the letter seen as an image below, which read in part:
“You brought this upon yourself. You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face.“
Anonymous went on to shut down the company’s phone system and hack into the company’s e-mail system, making public over 68,000 private e-mails which included presentations, information on competing firms, and info on HBGary Barr’s plans on taking down WikiLeaks, and much much more.
Recently, the head of internet security firm HBGary Federal, Aaron Barr, sought to elevate his investigation of the Anonymous movement by providing the Financial Times with what he claimed to be accurate and useful information about those who allegedly drive our activities.
In yesterday’s release we inferred that the information presented was easy to undermine by any of the millions of people around the world with a cursory understanding of internet culture. Not only was the information provided by HBGary Federal woefully inaccurate, it provided no incriminating evidence against any of the persons named. Today, Anonymous learned that HBGary Federal intended to sell to the FBI a large document that allegedly detailed the identities of dozens of our participants. Within hours of learning this, Anonymous infiltrated HBGary Federal’s network and websites. Anonymous acquired the document with supposed personal details of anons, along with 50,000 company e-mails (~4.71GB) – all of which have now been distributed on the internet.
Additionally, his associated websites and social media accounts were hijacked and manipulated to stress how poorly this ‘security expert’ handles matters of his own security. Woe to his clients and others who invested in his confidence. The lack of quality in Aaron Barr’s undertaken research is worth noting. Aaron Barr missed a great deal of information that has been available online, and in fact failed to identify some of those whose identities were never intended to be hidden.
People such as DailyKos’ diarist blogger Barrett Brown, and the administrator of anonnews.org, joepie91, whose identities could have been found in under a minute with a simple Google search. It is also worth noting that Aaron Barr was also providing this documentation as an example of investigation protocol. This would introduce a systematic flaw to the FBI’s investigative woodwork. The risk of institutionalizing a flawed procedure exponentiation a problem, and it does so at the taxpayers expense in every sense. Had the FBI indeed bought this information from HBGary Federal, it would have been paid for by taxpayers money, and many innocent people would have been marked as leaders in actions they may not even have been associated with.
Unlike you, Aaron, we did our research, we know who you are, and now, so will everyone else. Although you have managed to ruin your credibility in an attempt to further it, you did provide us with entertainment, albeit very briefly. Anonymous does not have leaders. We are not a group, we are not an organization.
We are just an idea.
What we have done today will appear harsh. It is harsh. We will respond to those who seek to threaten us. We understand that our participants have been concerned about recent FBI raids and companies such as HBGary Federal lurking and logging our chats, so we’ve given all of Anonymous a message: we will fight back.
We are Anonymous. We are legion. We do not forgive. We do not forget.
Expect us – always.
The Second Response:
Dear HBGary (a recently disgraced “security” company),
Warm regards from Anonymous once again. It was our belief that you’d been taught a valuable lesson since our last message to you, but it appears that this is not the case.
After we humiliated you thoroughly by making your private documents public, defacing your website, taking over various online accounts of your executives, socially engineering your “trusted” server admins, unveiling embarrassing personal mishaps of Aaron Barr and essentially ruining any future plans your company might have, we had assumed that you’d at least, for once, use your combined brain cells to realize what you should and shouldn’t do.
So what did you do? You threatened us. Greg Hoglund, COO of HBGary, thought it wise to push forth that legal action is being taken to bring down Anonymous. Let’s not forget that the first time you tried to do something like this, we did not overlook it, and we are not overlooking it now. We were willing to stop attacking you, we were even willing to leave you be entirely – but now you have provoked us, and there will be no mercy.
You even have the nerve to suggest we’re falsifying information, which you arrogantly posted in a statement on your company website. The same company website that Anonymous ravaged.
HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately. To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available.
Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data. HBGary, Inc and HBGary Federal are committed to a comprehensive, accurate, and swift response to this crime.
Anonymous has falsified nothing; we leaked your inboxes in full with no edits. In fact, most of your emails contain S/MIME digital signatures, proving that they’re real. This information is now free to the public, and you honestly think you can wriggle your way out of it by accusing Anonymous of tampering with your data?
We feel it’s time we took the game to the next level. We have now released all 71,802 HBGary emails so they are fully available to every citizen who is interested. This includes the previously unreleased 27,606 mails from Greg Hoglund’s spool. We also included a fulltext search for your convenience.
But do not get us wrong, this is not all about revenge. Your leaked communications reveal that your companies were entangled in highly dubious and most likely illegal activities, including a smear campaign against WikiLeaks, its supportive journalists, and adversaries of the U.S. Chamber of Commerce and Bank of America. Evidence even suggests that this was done with full knowledge of the U.S. Department of Justice.
While the whole truth has yet to be uncovered, Anonymous feels that it is its duty to let the world know what you, related companies, and government agencies are up to behind closed doors. We will not stand idly by while firms like HBGary work in secrecy to undermine rights of citizens or institutions like WikiLeaks.
Admittedly, HBGary, while we do what we feel is necessary and just, we do not deny that we enjoyed breaking your neck in the process. You tried to play our game. You lost.
We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us – always.
|Go to parent directory|
|HBGary leaked emails.torrent||19-Oct-2016 19:14||24.1K|
|HBGary leaked emails_torrent.txt||19-Oct-2016 20:04||204.0B|
|HBGary more leaked emails.torrent||19-Oct-2016 19:14||11.8K|
|HBGary more leaked emails_torrent.txt||19-Oct-2016 20:33||102.0B|
|firstname.lastname@example.org (View Contents)||19-Oct-2016 20:04||1.9G|
|email@example.com (View Contents)||19-Oct-2016 20:33||2.3G|
|firstname.lastname@example.org (View Contents)||19-Oct-2016 20:04||1.3G|
|email@example.com (View Contents)||19-Oct-2016 20:04||1.5G|
July 2017: the Op Continues
Greetings HBGary (a computer “security” company),
Your recent claims of “infiltrating” Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How’s this for attention?
You brought this upon yourself. You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. You expected a counter-attack in the form of a verbal braul (as you so eloquently put it in one of your private emails), but now you’ve received the full fury of Anonymous. We award you no points.
What you seem to have failed to realize is that, just because you have the title and general appearence of a “security” company, you’re nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiclous prices for simple things like NMAPs, and you don’t deserve praise or even recognition as security experts. And now you turn to Anonymous for fame and attention? You’re a pathetic gathering of media-whoring money-grabbing sycophants who want to reel in business for your equally pathetic company.
Let us teach you a lesson you’ll never forget: you don’t mess with Anonymous. You especially don’t mess with Anonymous simply because you want to jump on a trend for public attention, which Aaron Barr admitted to in the following email:
“But its not about them…its about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic so to speak because they are on Al Jazeeera, ABC, CNN, etc. I am going to keep up the debate because I think it is good business but I will be smart about my public responses.”
You’ve clearly overlooked something very obvious here: we are everyone and we are no one. If you swing a sword of malice into Anonymous’ innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried…
You think you’ve gathered full names and home addresses of the “higher-ups” of Anonymous? You haven’t. You think Anonymous has a founder and various co-founders? False. You believe that you can sell the information you’ve found to the FBI? False. Now, why is this one false? We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve “extracted” is publicly available via our IRC networks. The personal details of Anonymous “members” you think you’ve acquired are, quite simply, nonsense.
So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you’re probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:
You have blindly charged into the Anonymous hive, a hive from which you’ve tried to steal honey. Did you think the bees would not defend it? Well here we are. You’ve angered the hive, and now you are being stung.
It would appear that security experts are not expertly secured.
We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us – always.