Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymous vs. HBGary Jared DeMott Principle Security Researcher Crucial Security, Inc.

Published byJustin Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Anonymous vs. HBGary Jared DeMott Principle Security Researcher Crucial Security, Inc."— Presentation transcript:

1

2 Anonymous vs. HBGary Jared DeMott Principle Security Researcher Crucial Security, Inc.

3 Sample Topology of Computer Crime

4 A Message to HBGary after Anonymous Hack

5 Even at the expense of some country laws and possible safety of others?

6 Anarchy is best?

7 Mostly DDoS in the Past Scientology Censorship Egypt gov Big Biz etc

8 HBGary Inc. – Greg Hoglund, Founder and CEO – Penny Leavy-Hoglund, President – Products Responder – Analyze RAM, pagefiles, VMWare images, sort & display images, network links, etc Digital DNA, Active Defense – Detects malware via in-memory analysis HBGary Federal – Aaron Barr was the CEO – Site now says, “hbgaryfederal.com is currently offline. Please try again later”

9 The Buildup

10 How did Barr get into this mess? 1.1, 2.1, pwned 12 ? $$ issues!

11

12

13 Technical Details Time for an Injection – http://www.hbgaryfederal.com/pages.php?pageNav= 2&page=27 http://www.hbgaryfederal.com/pages.php?pageNav= 2&page=27 Got user database Rainbow tables – Non-iterative, unsalted MD5 == fairly easy to crack Alas, two HBGary Federal employees—CEO Aaron Barr and COO Ted Vera—used passwords that were very simple; each was just six lower case letters and two numbers – Allowed for hbgaryfederal website defacement

14 Technical Details Password Reuse – Ted’s was good on a HBGary Linux box, support.hbgary.com – Privilege Escalation Months old bug, with public exploit available Stealing of data, and “sharing” with the world – Makes me wonder what they found, but didn’t share....

15 Technical Details Using Google Apps for email – Aaron’s reused password lead to access to his company email, but he was also an admin, FTW – Reset Greg’s password to get his email too Found info about rootkit.com Social Engineering to pwn rootkit.com – Knew a couple things (actually just one, lolz) The root password to the machine running Greg's rootkit.com site was either "88j4bb3rw0cky88" or "88Scr3am3r88“ (so they thought) Jussi Jaakonaho, Chief Security Specialist at Nokia, had root access

16 Social Engineering “Greg” Subject: need to ssh into rootkit im in europe and need to ssh into the server. can you drop open up firewall and allow ssh through port 59022 or something vague? and is our root password still 88j4bb3rw0cky88 or did we change to 88Scr3am3r88 ? thanks Jussi hi, do you have public ip? or should i just drop fw? and it is w0cky - tho no remote root access allowed

17 Social Engineering “Greg” no i dont have the public ip with me at the moment because im ready for a small meeting and im in a rush. if anything just reset my password to changeme123 and give me public ip and ill ssh in and reset my pw. Jussi k, it should now accept from anywhere to 47152 as ssh. i am doing testing so that it works for sure. your password is changeme123 i am online so just shoot me if you need something. in europe, but not in finland? :-) _jussi

18 Social Engineering “Greg” if i can squeeze out time maybe we can catch up.. ill be in germany for a little bit. anyway I can't ssh into rootkit. you sure the ips still 65.74.181.141? Jussi does it work now?

19 Social Engineering “Greg” did you reset the user greg or? yup im logged in thanks ill email you in a few, im backed up thanks Jussi nope. your account is named as hoglund (later on…) did you open something running on high port?

20 Actual Emails http://hbgary.anonleaks.ch/

21 Actual Documents http://publicintelligence.net/tag/hbgary/

22 Fallout March 1, 2011: 17 members of the United States Congress called for a congressional investigation for possible violation of federal law by Hunton & Williams and "Team Themis" Will Anonymous be help responsible for what they did?

23 On Oct. 3, 2010, HBGary CEO Greg Hoglund told Aaron that “we should have a pow-wow about the future of HBGary Federal. [HBGary President] Penny and I both agree that it hasn’t really been a success… You guys are basically out of money and none of the work you had planned has come in.” April 1 st, 2011 Defcon CTF Organizers: “HBGary is awarded contract to clean CTF sheep stalls!”

24 Damage to others? HBGary Hunton&Williams? – Kevin Zeese, a lawyer with the NGOs VelvetRevolution.us and StopTheChamber.com, filed a complaint with the Washington, D.C. Bar Association earlier this week against John Woods, Richard Wyatt Jr., and Robert Quackenboss Palantir? – "I have directed the company to sever any and all contacts with HB Gary," said the CEO of Palantir Berico Technologies? – "We find such actions reprehensible and are deeply committed to partnering with the best companies in our industry that share our core values. Therefore, we have discontinued all ties with HBGary Federal." Maybe a bit to other DoD contractors? – Endgames, SRA, ManTech, GD, BAH, Symantec, QinetiQ, GD …

25 Comedy http://www.colbertnation.com/the-colbert- report-videos/375428/february-24- 2011/corporate-hacker-tries-to-take-down- wikileaks

26 Technical Lessons Learned Don’t have SQL injections in your websites Use strong passwords – 14chars with mix of upper, lower, numbers » “MyTruckisC00l!!” – Or sentence style passwords for long passwords » “my super duper extra secretive password” Public key crypto on ssh 2 factor authentication – A good option to help with weak or lost passwords Social Engineering Training Patch systems very regularly Email Encryption – Shorter term storage of email as well

27 Moral Questions I think work should more then $$ – I doubt Mr. Barr started with this in mind… People need the right to free press – But where is that line when dealing with stolen documents? Should HBGary competitors study the stolen proposals and other documents? What about studying the emails … they’re public now? Does two wrongs make a right?

Download ppt "Anonymous vs. HBGary Jared DeMott Principle Security Researcher Crucial Security, Inc."

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Homework Assignment. Assignment One Ready for the next challenge. Great! Time to pick an affiliate product to promote. Go to ClickBank.com and go to the.

Homework Assignment. Assignment One Ready for the next challenge. Great! Time to pick an affiliate product to promote. Go to ClickBank.com and go to the.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Beyond “I Fought The Law” Educating Law Enforcement about Privacy Services Adam Shostack.

Beyond “I Fought The Law” Educating Law Enforcement about Privacy Services Adam Shostack.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
Vs The Illusion of Security. Aaron Barr : “Security Expert” CEO of security company HBGary Federal Provide Security Training Create Malicious Software.

Vs The Illusion of Security. Aaron Barr : “Security Expert” CEO of security company HBGary Federal Provide Security Training Create Malicious Software.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.
Email By Laura Trawin.

By Laura Trawin.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Email evidence. Safety To stay safe on the internet there are many points you need to follow. The first point is to change your password regularly, you.

evidence. Safety To stay safe on the internet there are many points you need to follow. The first point is to change your password regularly, you.
This PowerPoint presentation will show you how to use your email productively and successfully.

This PowerPoint presentation will show you how to use your productively and successfully.
For technical assistance, call 1-(800)-285-2568 www.corner-enviro.com Welcome to Cornerstone’s Updated VISION Software System Your MSDS & Chemical Inventory.

For technical assistance, call 1-(800) Welcome to Cornerstone’s Updated VISION Software System Your MSDS & Chemical Inventory.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Similar presentations

Ads by Google