February 28, 2011, 12:54PM
HBGary Federal CEO Aaron Barr Steps Down
85 CommentsEmbattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.
The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal's computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr's resignation.
In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack.
Editor's Pick
“I need to focus on taking care of my family and rebuilding my reputation," Barr said in a phone interview. "It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of the bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”
Anonymous conducted a preemptive strike on HBGary after Barr was quoted in a published article saying that he had identified the leadership of the group and planned to disclose their identities at the B-Sides Security Conference in San Francisco. By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks, the group gained access to the company's Web- and e-mail servers as well as the Rootkit.com Web site, a site also launched by HBGary founder Greg Hoglund. Ultimately, the group defaced HBGary's Web site and disgorged the full contents of e-mail accounts belonging to Barr, Hoglund and other company executives.
Though Barr and HBGary were the victims of the hack, the contents of the e-mail messages divulged plans that cast both in an unflattering light. HBGary counted many U.S. government agencies, including the Department of Defense, CIA and NSA as customers. The disclosure of e-mail messages from the company poses a major security risk to those organizations, as well as individuals who had corresponded with the firm. The breach also raises troubling questions about the direction that HBGary and other Beltway firms have taken. Email exchanges published online revealed the firm to be at work on a variety of plans to do data mining and information operations on U.S. organizations and journalists on behalf of clients including law firms representing a large U.S. bank and the U.S. Chamber of Commerce. Most recently, the incident spilled into the mainstream, with comedian Stephen Colbert devoting a segment of his Colbert Report program on February 24 to the HBGary hack.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Dear Jailbreaker, Apple Wants to Have a Word with You
- ZTE Score M Android Phone Found to Have Backdoor Installed
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
37%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 59
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Anonymous. In it for the lulz.
I would post something about not to stick your penis in a hornet's nest, but can't think of any funny way to put it.
Victory!
FLAWLESS VICTORY
"social engineering attacks"
What is my password?
Oh hai, what is my username too?
You lost the game, Aaron Barr.
Good luck with the rest of your life as toilet-lady, Aaron Barr.
"Aaron Barr's data got mined" lolz
The only winning move is not to play.
"By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks"
Uhm. WHAT?
Sophisticated? I wouldn't call a couple of e-mails from a hijacked account asking to back-door a server "sophisticated".
What the HBGary hack was:
Basic SQL Injection
Weak passwords
Password Re-use
SIMPLE social engineering
Your basic molotov cocktail of fail.
Ha Ha
Emailing someone and saying "hey, what's the password again?" is a 'sophisticated' attack now?
Hey Aaron, doesn't it suck when Karma meets Ego?
+1
Note to Aaron Bawwww:
Anonymous delivers!
Hats off to Anonymous. You dun good!
This was supposed to be an official company shirt. Edited a bit for lulz. >>Shirt<<
@Not Anonymous :
more sophisticated than your 100% copied summary of a review of the HB Gary attack. Whow, you really thought you'd get away with that?
And with sophisticated they mean the whole I guess.
Crappy security measures aside, there is one thing you never want to do, become a security risk.
Aaron Barr's ego and hubris clouded good judgment. That is really what brought him down.
He is now toxic within the community and will probably never get clearance again. The burn notice is out. As well it should be.
The outfall from his blatant stupidity is yet to be felt.
If you want to commit career suicide, fall on your sword Don't invite everybody else into a room and then pull the pin.
WTF?
CAPTCHA session reuse ATTACK detected.?
really, that's a bit much don't you think.
Scratch one, down in flames.
it's because you aren't anonymous :-)
I knew fifteen year olds in charge of Eggdrop bots for IRC channels with more sense than HB Gary displayed in this matter.
OH, HAI, I CAN HAZ ROOT?
And it worked. Unreal.
It's a trap, The too much perfect undercover. Now, no one can't imagine/discover : he is the real leader of Anonymus, brillant-double-twist
One thing is for certain. If you 'cross the line', as Aaron Barr did, in the internet world, you will NEVER be forgotten. Simple self preservation of the organism really. Anonymous are like antibodies, once they spot a threat they eliminate it, if the contagion tries to invade again, it rejects it. Like antibodies, Anonymous will remember that disease for the rest of it's life, and since the internet is pretty much immortal...
Aaron Barr, you have been shunned from the internet village, so have others in your companies (we know which ones in intimate detail). The data and story have been widely distributed... right down to untouchable CDs and thumb drives. You may resurface, but not only will you find it hard being trusted, you will find that any new unsuspecting employer will find out, quickly and in great detail, everything you did with HBGary.
You have become the classic example of what happens to ANYONE who is found to use the internet as a vehicle for harm. If justice had been properly served and you had faced criminal charges, the internet wouldn't have been so hard on you. Justice would have been seen to be done. But since it doesn't seem to have even been considered, this is what you get. A lifetime sentence of shame from the internet village, if fact, your reputation will LONG outlive you.
The lack of 'proper' justice in the HBGary story brings up a much larger question. The system that was planning on 'bringing down' it's own citizens is obviously corrupt to the core... all the way to the top. Thanks to you, Aaron Barr, we, the world, now know for certain exactly who and where the real bad guys are. Knowing that is half the puzzle, it's only a matter of time before we solve the whole thing.
HAAHAA
So much win.
recestio Forlag.
Just in the interest of accuracy, the "social engineering" attack did not ask for a password. They already had the cracked password file. Pretty sure the request was for a port to be opened through the firewall (ostensibly because Hoglund was in Europe using an untrusted network and needed access to the server).
The person who carried out the attack did enough research to include pertinent details regarding Hoglund's recent activities that helped enhance the believablility of their ruse - so I'd give it a "moderately sophisticated" rating.
when 16 year old chicks use advanced social eng techniquies it turns me on..
Gotta reiterate that the social engineering attack was done by a 16-year-old girl. It's like the cherry on top of this sundae of win.
Wow that was sophisticated.
As far as rebuilding his reputation, I don' t think that's going to be possible -- for years to come, a search for HBGary or Aaron Barr will bring up the entire affair. You can't walk away from bad publicity like this -- this incident will hang around his neck like an albatross until the day he dies.
It doesn't matter what else he may have done or accomplished; this will be the defining moment of his career. He may have to find another, totally unrelated, line of work -- frankly, I can't see anyone in the intelligence or security communities ever trusting this guy again. After all, he's almost single-handedly responsible for one of the biggest security clusterfucks in recent memory.
This is one for the textbooks -- like the Tylenol poisonings in the early 80s. The way Johnson & Johnson handled the Tylenol poisoning incidents is now taught in business schools as the classic example of how to handle a crisis situation.
On the other hand, HBGary and Aaron Barr will be taught as object lessons -- i.e. what NOT to do.
I suppose he'll be able to practice his whittling during his long, self-inflicted retirement. What a dirtbag.