Log in

View Full Version : BofAmerica had data intelligence firms draft plans to attack Greenwald and Wikileaks



~Spectre
10th February 2011, 06:12
Exactly as it sounds. First a timeline of events, since there's a lot of stuff going on.

Time line: November 29th, Assange comments about Wikileaks having material capable of bringing down a major American bank. This is widely assumed to be Bank of America.

November 30th: Bank of America officers hold a late night conference call to figure out how to stop the damage.

The United States Department of Justice recommended Hudson and Williams to the general council of BOA.

December 3rd: Bank of America met with (and then hired) the law firm of Hunton and Williams to help mitigate wikileaks.

Hunton and Williams contacted 3 data intelligence firms, Palantir Technologies (http://www.palantir.com/), HBGary Federal (http://hbgary.com/), and Berico Technologies (http://www.bericotechnologies.com/), and commissioned a project to "deal with the Wikileaks threat". It's a 3 pronged strategy. The law firm will gather evidence for a legal attack. One data firm will do an internal review of Bank of America security. The other two will focus on analyzing and attacking Wikileaks and its followers.

One technique the firm HBGary planned on using was the exploitation of social media. Meaning that they'd go through facebooks, twitter, etc of all employees and workers and people related to Bank of America and Twitter.

FAST FORWARD TO LAST WEEKEND:

"Aaron Barr, the COO of HBGary Federal, told the Financial Times this weekend that he used clues found online to discover the identities of key Anonymous members. "

He was bragging about the success of his social media exploitation techniques against Anonymous, and was planning on presenting it to the FBI.

Anonymous responded with a devastating hack on HBGary (I'll get into that next post). That hack resulted in over 50,000 internal emails from HBGary being made public.

Media groups found those emails, and inside found the data that these firms were coordinating to attack Greenwald and Wikileaks.

Here's the slideshow they found, the full 26 pages with background info on wiki, now being hosted by Wikileaks:
http://wikileaks.ch/IMG/pdf/WikiLeaks_Response_v6.pdf


Glenn Greenwald, is a progressive blogger from Salon.com. Former lawyer and expert on constitutional law, particularly on first amendment issue. He's been one of the biggest advocates for wikileaks.

What the report says about him:

http://www.thetechherald.com/media/images/201106/HBGary_Greenwald.jpg

"[Earlier drafts of the proposal and an email from Aaron Barr used the word "attacked" over "disrupted" when discussing the level of support.]"


Here they list their plans against Wikileaks:

http://www.thetechherald.com/media/images/201106/HBGary_proposal1.jpg


After the tactics are discussed, the proposal outlines the highlights for each of the three data intelligence firms. From there, it concludes that in the new age of mass social media, the insider threat represents an ongoing and persistent threat “even if WikiLeaks is shut down.”
“Traditional responses will fail; we must employ the best investigative team, currently employed by the most sensitive of national security agencies.”
The emails released by Anonymous make no mention of the proposal’s success or failure. Aside from a single meeting confirmation with Booz Allen Hamilton, and an email that expressed hope that HBGary was going to “close the BOA deal”, there is no other data available.

sources:
http://www.rawstory.com/rs/2011/02/data-intelligence-firms-proposed-attack-wikileaks/
http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks?page=2

I wonder how far Bank of America can get when it starts targeting wealthy lawyers. I wonder if Americans will care about fellow Americans being targeted. In the slide show, they list several American wikileaks volunteers.


More of how this came about in the next post.

~Spectre
10th February 2011, 06:24
This whole scheme was discovered by Anonymous. All thanks to the hubris of the COO of HBGary.


In an interview with the Financial Times (http://uk.finance.yahoo.com/news/Cyberactivists-warned-arrest-ftimes-3487898538.html?x=0), Barr said that by using services such as LinkedIn, Classmates.com,Facebook, as well as IRC itself, he was able to connect the dots and identify several high-level Anonymous members, including “Owen” and “Q”, two people mentioned by their IRC names in the actual news report.Apparently the data he collected wasn't very good, and what followed was a devastating hack by the Anon.


After the Financial Times story broke, including Barr’s claims of infiltration, Anonymous responded. The response was brutal (http://img838.imageshack.us/img838/2294/internetsanon.jpg), resulting in full control over hbgary.com and hbgaryfederal.com. They were also able to compromise HBGary’s network, including full access to all their financials, software products, PBX systems, Malware data, and email which they released to the public in a 4.71 GB Torrent file.
In a statement emailed to The Tech Herald, Anonymous called Barr’s actions media-whoring, and noted that his claims had amused them.
“Let us teach you a lesson you'll never forget: you don't mess with Anonymous. You especially don't mess with Anonymous simply because you want to jump on a trend for public attention,” the statement directed to HBGary and Barr said.
“You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung. It would appear that security experts are not expertly secured.”
The attack against HBGary is a classic example of leverage. It started with an SQL Injection attack on hbgary.com. From there, Anonymous discovered and cracked the passwords used on the site. As it turns out, many of these passwords were used on GMail. Access to GMail, along with the use of shared passwords, led to the compromise Barr’s Twitter (https://twitter.com/aaronbarr) and LinkedIn (http://www.linkedin.com/in/tedvera) accounts.
HBGary fired the company responsible for the flawed code that led to the SQL Injection attack.
While this was happening, Anonymous gained access to the email used by Greg Hoglund, the co-founder of HBGary, and part owner of the Federal subsidiary run by Barr. With his account under their control, they sent an email to the admin of rootkit.com (http://pastie.org/1535735) asking for the firewall to be opened and Hoglund’s password reset to “changeme123”.
The reason for access, the fake request stated, was due to Hoglund being in Europe and unable to SSH into the rootkit.com server. The move was a classic case of Social Engineering. After some exchanges, SSH access was granted. Once on the server using Hoglund’s password, Anonymous leveraged the $ORIGIN expansion vulnerability (http://www.exploit-db.com/exploits/15274/)to gain root control.
After this, they copied data, wiped the backup servers, and released the Torrent with the company email. This email release is the third time Anonymous has exposed internal communications. Previously, they exposed company emails taken from ACSLaw and Acapor.
In these emails was that data on the plans to attack Wikileaks and Greenwald.

When you went to the HBGary website. All you could see was this:

http://img838.imageshack.us/img838/2294/internetsanon.jpg
:laugh::laugh::laugh::laugh:
:thumbup1::thumbup1:

Political_Chucky
10th February 2011, 06:30
:ohmy::ohmy::ohmy::ohmy::ohmy::ohmy::ohmy:

WHOOP WHOOP, that's the sound of the police, WHOOP WHOOP THAT'S THE SOUND OF THE BEAST!

Seriously man, don't people see how hard these security organizations are trying to discredit wikileaks and the whole fuckin movement for transparency? If this doesn't fuckin show you, nothing will.

Btw....Fuckin Beautiful.

StalinFanboy
10th February 2011, 09:40
Anon is crucial to the rev holy shit

chegitz guevara
10th February 2011, 16:52
I, for one, welcome our new Anonymous overlords.

Blackscare
10th February 2011, 16:59
This domain has been seized under section #14 of the rules of the internet.


I love you, anonymous. It is hilarious that they think anonymous has founders or leaders. :laugh: Shows the fundamentally misunderstand what it is that anonymous is.

Obs
10th February 2011, 19:19
It's pretty funny that some people think Anonymous is an organisation in any sense of the word.

StalinFanboy
10th February 2011, 20:31
Anon is what RAAN wishes it could be.