HBGary is a subsidiary company of

ManTech International ManTech International Corporation is an American defense contracting firm that was co-founded in 1968 by Franc Wertheimer and George J. Pedersen. The company uses technology to help government and industry clients. The company name "ManTech" is ...

, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: ''HBGary Federal'', which sold its products to the US Government, and ''HBGary, Inc.'' Its other clients included information assurance companies,

computer emergency response team A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT). A more modern ...

s, and computer forensic investigators. On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm

. At the same time, HBGary Federal was reported to be closed.

History

The company was founded by

Greg Hoglund Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the ...

in 2003. In 2008, it joined the McAfee Security Innovation Alliance. The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences. HBGary also analyzed the

GhostNet GhostNet () is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies ...

and

Operation Aurora Operation Aurora was a series of cyber attacks conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China, with ties to the People's Liberation Army. First publicly disclosed by Google on January 12, 2010, in a ...

events. HBGary Federal had been set up with Aaron Barr as CEO instead of Hoglund to provide services and tools to the US government, which might require security clearance. As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies. HBGary was acquired by ManTech International in February 2012.

WikiLeaks, Bank of America, Hunton & Williams, and Anonymous

In 2010, Aaron Barr, CEO of HBGary Federal, alleged that he could exploit social media to gather information about hackers. In early 2011, Barr claimed to have used his techniques to infiltrate

Anonymous Anonymous may refer to: * Anonymity, the state of an individual's identity, or personally identifiable information, being publicly unknown ** Anonymous work, a work of art or literature that has an unnamed or unknown creator or author * Anonym ...

, partly by using IRC, Facebook, Twitter, and by

social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...

. His e-mails depict his intention to release information on the identities of Anonymous members at the B-Sides conference and to sell it to possible clients, including the FBI. In the e-mails, Barr explained that he identified his list of suspected Anonymous "members" by tracing connections through social media, while his main programmer criticized this methodology. In a

communiqué A press release is an official statement delivered to members of the news media for the purpose of providing information, creating an official statement, or making an announcement directed for public release. Press releases are also considere ...

, Anonymous denied association with the individuals that Barr named. On 5–6 February 2011, Anonymous compromised the HBGary website, copied tens of thousands of documents from both HBGary Federal and HBGary, Inc., posted tens of thousands of both companies' emails online, and usurped Barr's Twitter account in apparent revenge. Anonymous also claimed to have wiped Barr's iPad remotely. The Anonymous group responsible for these attacks became part of LulzSec.

Content of the emails

Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to WikiLeaks' planned release of the bank's internal documents. "Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error." As a means of undermining Wikileaks, Aaron Barr suggested faking documents to damage Wikileaks reputation and conducting "cyber attacks against the infrastructure to get data on document submitters. This would kill the project". He also suggested pressuring journalist Glenn Greenwald and other supporters of Wikileaks, who, Barr suggested, would choose to abandon support for Wikileaks in order to preserve their careers. In the emails, two employees of HBGary referenced a blog post that endorsed manipulating translation software in order to 'mitigate' damaging content within information leaks. Emails indicate Palantir Technologies,

Berico Technologies Berico Technologies is a small defense contractor based in Reston, Virginia, United States. History Berico was founded in 2006 by military veterans. In 2011, Berico Technologies spun off two companies: 42Six Solutions (later acquired by Comp ...

, and the law firm Hunton & Williams, which was acting for Bank of America at the recommendation of the US Justice Department, all cooperated on the project. Other e-mails appear to show the U.S. Chamber of Commerce contracted the firms to spy on and discredit unions and liberal groups.

Fallout

The conflict with Anonymous caused substantial public relations damage. As a result, the involved organizations took steps to distance themselves from HBGary and HBGary Federal: * 7 February 2011: Penny Leavy, President of HBGary Inc., entered an Anonymous IRC channel to negotiate with the group. She distanced her company from their partially owned subsidiary HBGary Federal, clarified the separation of the two, and asked

to refrain from attacks or leaks that would damage HBGary Inc. and its customers. * 10 February 2011: The Chamber of Commerce issued a statement denying they hired HBGary, calling the allegation a "baseless smear," and criticizing the Center for American Progress and its blog, ThinkProgress, for "the illusion of a connection between HBGary, its CEO Aaron Barr and the Chamber." The Chamber denied the truth of accusations previously leveled by ThinkProgress, stating "No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams." * 11 February 2011: Palantir's CEO apologized to Glenn Greenwald and severed "any and all contacts" with HBGary. * The CEO and

COO COO or coo may refer to: Business * Certificate of origin, used in international trade * Chief operating officer or chief operations officer, high-ranking corporate official * Concept of operations, used in Systems Engineering Management Process ...

of Berico similarly stated that they had "discontinued all ties" with HBGary Federal. * 28 February 2011: Aaron Barr announced his resignation from HBGary Federal to "focus on taking care of my family and rebuilding my reputation." * 1 March 2011: 17 members of the United States Congress called for a congressional investigation for possible violation of federal law by Hunton & Williams and "Team Themis" (the partnership between Palantir Technologies, Berico Technologies, and HBGary Federal). * 16 March 2011: The House Armed Services Subcommittee on Emerging Threats and Capabilities asked the Defense Department and the National Security Agency to provide any contracts with HBGary Federal, Palantir Technologies and Berico Technologies for investigation.

Astroturfing

It has been reported that HBGary Federal was contracted by the US government to develop

astroturfing Astroturfing is the practice of masking the sponsors of a message or organization (e.g., political, advertising, religious or public relations) to make it appear as though it originates from and is supported by grassroots participants. It is a p ...

software which could create an "army" of multiple fake social media profiles.

Malware development

HBGary had made numerous threats of cyber-attacks against WikiLeaks. The hacked emails revealed HBGary Inc. was working on the development of a new type of Windows rootkit, code named ''Magenta'', that would be "undetectable" and "almost impossible to remove." In October 2010, Greg Hoglund proposed to Barr creating "a large set of unlicensed Windows 7 themes for video games and movies appropriate for middle east & asia" which "would contain back doors" as part of an ongoing campaign to attack support for WikiLeaks.

Acquisition by ManTech International

On 29 February 2012

announced its purchase of HBGary, Inc. Financial terms of the acquisition were not disclosed other than to say it was an "asset purchase", which excludes legal and financial liabilities.

References

External links

* https://web.archive.org/web/20140707150352/http://www.hbgary.com/ (official website) * http://hbgaryfederal.com/ (official website, offline as of 20 February 2011)
video of using HBGary's Flypaper product

Prime Award Spending Data for HBGary
www.usaspending.gov
Black ops: how HBGary wrote backdoors for the government
(by Nate Anderson, ars technica)

{{Hacking in the 2010s Companies based in Sacramento, California Computer security companies Security consulting firms