HBGary Federal CEO Aaron Barr Steps Down 212
Gunkerty Jeb writes "Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after members of the online mischief making group Anonymous hacked into HBGary Federal's computer network and published tens of thousands of company e-mail messages on the Internet. In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack."
owned (Score:4, Funny)
This will go down in history as an awesome example of the firepower of the fully armed and operational battlestation.
Disturbance in the Dark Side? (Score:2)
Emperor Palpatine: "I felt a great disturbance in the dark side, my apprentice, as if millions of voices suddenly cried out in joy and were suddenly heard by those in power. I fear something terrible has happened."
Re:owned (Score:5, Insightful)
Fully armed and operational, except for the bit that actually aims the weapons. Anonymous might demolish a genuine bad guy, or they might destroy the life of some innocent teenager. Being what it is, Anonymous has only a small chance of evolving into real hacktivism and away from it's "for the lulz" roots. That makes it even more dangerous than most vengeful vigilante groups. I mean, "That teenage girl is a camwhore!" is as much of a motivating battle-cry to Anonymous as "That guy is subverting the law to attack wikileaks." Needless to say, I'm happy this creep got his comeuppance. But I would much rather his downfall were accomplished through the rule of law and not vigilante justice. Still, when real justice is hopelessly corrupt, what else is there?
Re: (Score:2)
This has very little to do with vigilante justice. Anonymous demonstrated how embarrassingly incompetent HBGary is at what it claims to be its area of expertise. The management of any company that is exposed to be so incompetent deserves to be shamed and fired. Not to mention that Aaron Burr was misusing his position to pursue a personal obsession that had nothing to do with the company's goals. That "vigilante justice" has anything to do with it is completely circumstantial and only marginally related to A
Re:owned (Score:5, Interesting)
How is this not vigilante justice? Anonymous went outside the law to punish someone they see as an evildoer. That is pretty much the definition of vigilante justice.
Re: (Score:2)
He wasn't punished, he was shamed, (there's a difference), and he quit of his own volition. That's not vigilante justice.
Re: (Score:2)
Quit of his own volition?
Call me cynical, but yeah... right, sure he did.
Re: (Score:2)
Or forced out by unhappy corporate masters after his corruption and incompetence was exposed to the world. But Anon didn't force him out, and no one is decrying vigilante justice on the part of the corporate masters. AFAIK no one has even suggested he was illegally forced to quit, which is a bare minimum for calling the act vigilante justice. In fact, the standard line when a company owner fires their CEO is that, far from it being illegal punishment, they own the place and it's their God-given right.
To def
Re: (Score:2)
Re:owned (Score:5, Interesting)
Re: (Score:2)
A couple nights ago Colbert had a rather amusing segment summarizing the chain of events. I believe a phrase similar to "Hey, look at that hornet's nest; I'm gonna stick my dick in it!" was used. Look it up, you'll laugh. :)
Re: (Score:3)
A couple nights ago Colbert had a rather amusing segment summarizing the chain of events. I believe a phrase similar to "Hey, look at that hornet's nest; I'm gonna stick my dick in it!" was used. Look it up, you'll laugh. :)
I decided to look this up because I missed that episode. It is pretty hilarious. Here is the link. [colbertnation.com]
Re:owned (Score:5, Informative)
Just put this in perspective here... Let's take track records,
This is what rule of law has accomplished. [huffingtonpost.com]
This is what rule of law asked these scumbags do [arstechnica.com]
And this is in the plans, not to mention DoJ recommended firms to BoA to do this. [arstechnica.com]
At this point I am wondering where is Thomas Jefferson when we need him now, and you honestly are thinking about the wellbeing of some teenager's personal on-line life? They don't even come close in term of scope! If I have to be a sacrifice for Anon in order to stump out the rampant corruption then so be it! I am Spartacus!
Re:owned (Score:4, Interesting)
Does anyone wonder why Jefferson was one of the staunch supporters of the Second Amendment to the US Constitution? This is the answer. And no, I'm not speaking of guns in this case, I'm speaking of self defense against evil governance. We have laws against domestic surveillance without a court approved cause. The kind of information gathering that HBG perpetrated against Glenn Greenwald is exactly the reason why such laws exist.
This is actually a very nice example of defensive action by people against a very nasty abuse of power by government.
Re: (Score:2)
Spot. On.
What I find hilarious about this whole thing is this Media assumption that "Anonymous" is some sort of organized group. What, there aren't a lot of pissed off, unemployed (yet intelligent) people about who have nothing to do but play crusader in front of their computers? (I envy them to the time and resources to do so, I'm busy just working to survive).
IMO it's the same sort of institutional paranoia that gave the human race wonderful parts of history such as the "cold war" (of wh
Re: (Score:3)
Anonymous might demolish a genuine bad guy, or they might destroy the life of some innocent teenager.
FFS! People need to stop treating Anon as some organized group.
If a flash mob helped a lady across the street in LA and another lynched a man in New York, would you consider them the same group of people?
Serioiusly, its just like old time lynchings they used to have in the old days when a bunch of people got together and doled out random justice... Often picking the wrong person to extract it on (like the time a bunch of laid of car workers in Detroit killed a Korean man because they were pissed off at Japa
Re:owned (Score:4, Insightful)
Oh do they now? Classy. Hope you're the next one in the gunsights, dude. You need the perspective.
Re: (Score:2)
So, to his sweeping comments that they deserve it, you thought "I know, I'll take the high road" and then proceeded to use similar sweeping comments against him.
It was wrong for him to suggest that its okay for the others to get hurt, and you show him hes wrong by hoping that he gets hurt.
Hello Mr. Argument, meet Mr. Self Defeating Proposition, or to put it another way, two wrongs, where the second wrong, is actually just the first wrong repeated, don't make a right.
You just got spun!
Also, in response to th
Re: (Score:2)
Re: (Score:2)
Yeah, I got what he meant, but found it was more hypocritical than anything.
Re: (Score:2)
Last I checked, Batman doesn't beat up fat kids and camwhores.
Re: (Score:3)
I thought it was the awesome firepower of the LOIC.
yeah and more time with his family (Score:5, Funny)
Need to focus (Score:2)
Hey, it's never too late to start.
Obligatory (Score:4, Informative)
And nothing of value was lost...
Majorus Cokhup (Score:2)
Anon wins. (Score:4, Funny)
FLAWLESS VICTORY
Re: (Score:2)
Not really.
Let me be the first to say... (Score:2, Interesting)
Re: (Score:2)
When your business is security and you get owned by hackers, I don't care if it was illegal, it's justified.
If someone broke into a brinks truck and stole everything inside after the Brinks CEO said something ridiculously stupid, I would not shed a single tear.
(Unless it was my shit that was just stolen. If it was valuable enough to be transported by Brinks though, it's probably insured anyway.)
Re: (Score:2)
That's exactly my point though.
I don't hear of stories where corporate officers of brinks or Loomis Fargo intentionally pissing off and looking for trouble either.
The moral of the story (Score:3)
Re:The moral of the story (Score:5, Insightful)
I learned this years ago: Don't get into an online pissing contest. Just don't. Both sides inevitably lose.
Hard to see how the Anon side lost here. Their prestige is up, their deadly rep is more solid than ever, and still nobody knows who they are IRL. So maybe the lesson should be, "don't get into an online pissing contest, unless you really are the most badass hacker gang in history."
Re:The moral of the story (Score:5, Interesting)
Anon provided more ammo for those who want to implement multiple forms of 'internet controls' or harsher punishment for 'cyber' crime. They just fortified the positions of those they're trying to scare off.
Re:The moral of the story (Score:5, Insightful)
Re:The moral of the story (Score:4, Insightful)
All that will happen is that HBGary's competitors will update their marketing material. "Don't pull an HBGary. Use XYZ Security instead."
Re: (Score:2)
That's not how corporations work.
Tech CEO's are going to look at this and say "holy shit! That could happen to me!" And then they're going to call the politicians who have gotten so much money from them and their companies, and say "You gotta make it harder for people to do what Anonymous just did!"
And then the politicians will pass a law that significantly ups the penalties for "hacking," but because the politicians don't so much as know the difference between a Macintosh and a Nintendo, they'll screw up t
Re: (Score:2)
"Trying to apply logic to the workings of corporations is somewhat like trying to teach calculus to a cat. A totally hopeless endeavor."
Is that why the finance industry's derivatives didn't work out?
Re: (Score:2)
Those who feel that HBGary et al. deserved what they got may feel that there was a moral lesson to be learned. The rest will simply feel that HBGary was attacked by a vigilante group, that HBGary's defenses were lacking, and that better security and larger guns (laws) will be needed to counter similar threats in the future.
As is so often the case, the truth lies somewhere in between, getting banged by the ones who make the rules.
Ah, nice logic (Score:5, Insightful)
So basically, I shouldn't use any freedoms because that might give fuel to someone wishing to limit them?
So gay people, don't be gay or people might forbid it.
A spine, you need one. Or afraid if you get one, people will forbid it?
Re: (Score:2)
Re: (Score:3)
And if the antics of Anonymous were 100% legal, you'd have a point. As many of their antics are clearly illegal (like hacking into a security firm), you really have no damned point and just look like an idiot. You are not free to break the law.
Laws are nothing more and nothing less than devices for controlling people.
Re: (Score:2)
Re: (Score:2)
Re:Ah, nice logic (Score:5, Informative)
You are not free to break the law.
Yes, yes you are. There may be consequences.
Re: (Score:2)
Re: (Score:2)
Anon provided more ammo for those who want to implement multiple forms of 'internet controls' or harsher punishment for 'cyber' crime. They just fortified the positions of those they're trying to scare off.
Not really. Everybody even casually familiar with the situation, even people who know nothing about hacking or security, comes away from this story feeling like Aaron Barr is a colossal douche who had it coming to him. I think that fortifies our position, that further controls are unnecessary, by demonstrating that further 'internet controls' would only protect people who stick their penises into hornets' nests.
Re: (Score:3)
I learned this years ago: Don't get into an online pissing contest. Just don't. Both sides inevitably lose.
Hard to see how the Anon side lost here. Their prestige is up, their deadly rep is more solid than ever, and still nobody knows who they are IRL. So maybe the lesson should be, "don't get into an online pissing contest, unless you really are the most badass hacker gang in history."
And a gov't connected security agency has logs and logs of data that were collected during the attack. This may not have been an intentional honey pot, but that doesn't mean it can't still be used that way unless the attackers were really good.
Irrelevant (Score:3)
They could find and prosecute every single person even tertiarily involved and the hive would simply get stronger.
We are all Anonymous.
Re: (Score:3)
We are all Anonymous.
No, you have to tick that box up there ^
Re: (Score:2)
I learned this years ago: Don't get into an online pissing contest. Just don't. Both sides inevitably lose.
Hard to see how the Anon side lost here. Their prestige is up, their deadly rep is more solid than ever, and still nobody knows who they are IRL. So maybe the lesson should be, "don't get into an online pissing contest, unless you really are the most badass hacker gang in history."
And a gov't connected security agency has logs and logs of data that were collected during the attack. This may not have been an intentional honey pot, but that doesn't mean it can't still be used that way unless the attackers were really good.
How is this any different from any of the previous Anon attacks? There are always logs, and nobody ever gets caught, except maybe a few sheeple who downloaded and ran LOIC without even realizing it would expose them. I'll believe the core of Anonymous getting de-anonymized when I see it.
Re: (Score:2)
"...the most badass hacker gang in history."
What? I'm pretty sure the Russian mob (one of the most notorious black-hat hacking gangs in the world) would have half of Anon sobbing into their mothers' skirts within about 10 minutes if they ever got challenged by those hacker wannabes.
Re: (Score:2)
"...the most badass hacker gang in history."
What? I'm pretty sure the Russian mob (one of the most notorious black-hat hacking gangs in the world) would have half of Anon sobbing into their mothers' skirts within about 10 minutes if they ever got challenged by those hacker wannabes.
You wanna test them? I'd very much like to see this Russian mob--Anonymous showdown. If you have any mob connections, make it happen.
Re: (Score:2)
Re: (Score:2)
Those wastes of flesh at WBC were the first to pull that particular trigger already.
Re: (Score:2)
I thought this was kinda the point. Or A point in any event.
Re: (Score:3, Funny)
I think the moral of the story was "Don't stick your penis into the hornet's nest."
Re:The moral of the story (Score:4, Informative)
I think the moral of the story was "Don't stick your penis into the hornet's nest."
I'm all for citing Colbert, but you should at least give him the credit for the quote and provide a link, especially when the segment is so hilarious [colbertnation.com].
Re: (Score:2)
Colbert's conclusion is epic :)
Re: (Score:2)
Um, wait (Score:2)
Re: (Score:2)
Re: (Score:2)
On the other hand: He lost his high paying job from the company he founded. He was publicly humiliated. His company is embarrassed. His clients are embarrassed. His company may not recover, they've certainly lost a lot of futur
Re: (Score:2)
He probably is a majority share holder, while the board can force him to step down they cannot take his shares. It's in his own economic best interest, at this point, to step down and allow others to lead the company and for him to be completely out of the picture for the next two years.
That allows the government to continue working with HBGary and provides a return on investment for investors and himself. Anonymous has not struck a great blow against the system, merely forced a douche bag out of the spot
Re: (Score:2)
A member of Anonymous with a girlfriend? Clearly a red herring.
Revisionist history anyone? (Score:5, Insightful)
From the argh-tickle.
"By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks"
Uhm. WHAT?
Sophisticated? I wouldn't call a couple of e-mails from a hijacked account asking to back-door a server "sophisticated".
What the HBGary hack was:
Basic SQL Injection
Weak passwords
Password Re-use
SIMPLE social engineering
Your basic molotov cocktail of fail.
Re: (Score:3)
It is sophisticated because the emails could have come from the person sending them. Proper grammar,similar writing styles, with enough background information to sound like it was legitimate.
basically unless you were a close personal friend you couldn't easily tell the difference, unlike the $38.6 million that some guy who just emailed me has stashed in Libyan and is having a hard time getting it out safely.
Re: (Score:3)
Of course they're going to say it was some sophisticated uber attack that only ninja net gods could have done. Their stock and their reputation has taken enough of a beating. The truth would be FAR worse. "No, we were pwnt by really simple stuff like crappy passwords and ignoring basic safeguards. In the light of that though, may we work out a service contract with you to make you business secure?"
Nope, not happening. The truth wouldn't do anything but tank them harder. Lies would be pretty much you
Re:Revisionist history anyone? (Score:4)
Re: (Score:2)
You, sir, are greatly underestimating the average computer user. Mind you, this is the same mistake Barr made when he went after anon. He thought his company was only going to get DDoS-ed. Well, he thought wrong. It actually takes quite a bit technical know-how and general savvy to survive /b/ and not being trolled into oblivion. My point is, don't make assumptions on the average user, especially those who are not being forced to use computers.
Re: (Score:2)
A single round of unsalted MD5. Bad idea.
The first three major steps are in increasing order of stupidity.
SQL injection on a CMS, especially a homebrew one, is a common enough problem. You should probably assume your CMS has an SQL injection vulnerability in it and plan accordingly.
Having unsalted, single-MD5 passwords is just bad. It's far too easy to instead use MD5 with a large salt, which really make the problem much better. Unless you have a high volume of logins, though, you might as well go overboard
I miss greatly (Score:2)
-
same bullshit goes on in my company: big manager boasting security - justifying any expenses - but are not able to remember more than one password at a time and reuse it everywhere!
Re: (Score:2, Informative)
god damnit, it's not an "Anonymous" mask it's a Guy Fawkes [wikipedia.org] mask. the historical connection is important as it's apt as all hell.
There should be no reason etc, see you next bonfire.
Re: (Score:2)
Informative AC is informative.
Tired meme is getting annoying.
and... (Score:3)
I'll bet... (Score:2)
I'll bet he is going back to school. Learn some basics.
Re: (Score:2)
(...and needs more schooling)
From TFA (Score:5, Insightful)
>Leavy said that the company's partners had been supportive following the hack. The proposals for Bank of America and the U.S. Chamber of Commerce were simply responses to requests for services that HBGary had received. "HBGary Federal is a services company and they were asked to develop proposals," she told Threatpost.
I see. That fact that the "services" are illegal, immoral, and unethical really doesn't enter in, because they're a service company and this is a service. Sort of like a hit man is just an HR professional specializing in staff reduction services.
Re: (Score:2)
> Sort of like a hit man is just an HR professional specializing in staff reduction services.
I smell a sequel to "Up in the Air"
A sign of the times? (Score:5, Interesting)
You know in many ways I'm starting to wonder if the rise of Anonymous could be considered a legitimate political/social phenomena linked to the recession and how people feel increasingly left out of the political process/system because of big money buying our congress' collective ears? Widespread piracy is widely considered by many to be an economic indicator that the market has become too one-sided, maybe this is the political equivalent?
I saw a post suggesting they may be targeting the Koch Brothers for their involvement in the current Wisconsin/multi-state effort to completely bust Unions. Is this finally the people striking back? Not to say I'm not thankful someone's taking the time to respond, but oh what a sad thing it says about humanity that we have to resort to these types of solutions to keep from getting completely steamrolled by the almighty dollar?
anonymous chooses targets that target it. (Score:2)
the only reason it went against scientology is because scientology was attacking random people all over the internet with lawsuits. that is why anonymous fought back.
anonymous is never going to go after drug lords or human traffickers or etc. they go after people who @#$$ with them. The HBGary guy was going after them directly, trying to 'out' them by scraping facebook etc. that is why they went at him.
Re: (Score:2)
"the Anonymous vs Koch ... Is it for real?"
You already know the answer to that.
Even if you don't realize that you know it.
But in case you really need it spelled out to you --- yes, indeed someone anonymously ranted something about Koch on teh internet.
That makes him part of Anonymous just as much as Ben Franklin lobbying European governments under pseudonyms like Benevolous to support the colonies. And as much as Thomas Paine when he Anonymously published his pamphlet Common Sense. Just as you were Ano
May I recommend: (Score:2)
May I recommend also shuttering the company and all the companies like it, and the US government? How is it okay to use intimidation to try to prevent the release of incriminating documents? Moving on from that should mean reversing course. Does anybody care that the US government operates with fewer scruples than the mafia? This is insane.
Re: (Score:3)
The real reason he is leaving: (Score:3)
He shot Alexander Humilton.
No. (Score:2)
Please have an orderly shut down of your company. The internets haz spoken. Disobey at your peril.
Still doesn't get it (Score:2)
Barr still doesn't grasp the obvious fact that he did Bad Things, meaning things that aren't ethical and damage rather than serve the Common Good. Good riddance, psychopath. Yet another corporate criminal who got off easy when he should have got the guillotine.
You do realize that Aaron Barr is the real winner (Score:2)
Book and movies deals. Made for tv movies about his now public divorce. Paid interviews. Perversely a paid consultant about what NOT to do.... The dude is going to be a millionaire.
I posted this as anon coward a few times, nobody seemed to notice.
This whole shabby experience will set up this sleaze bag for life.
Re:He wasn't fired? (Score:5, Insightful)
Re:He wasn't fired? (Score:4, Insightful)
"Stepping down" is basically the corporate-speak equivalent of seppuku. They get rid of his disgraced ass and in return, he gets to pretend he still has some dignity.
Re: (Score:2)
Re: (Score:3)
You have that backwards. Most likely, he gets all the benefits from "quitting", and would get none for being "fired" (though these days CxOs are so brazen in their greed that their employment contracts probably give them benefits even if they were fired for raping children in the company boardroom).
Re: (Score:3)
though these days CxOs are so brazen in their greed that their employment contracts probably give them benefits even if they were fired for raping children in the company boardroom
When did that become a firing-worthy offense for these guys?
Re: (Score:3)
And the money. They always shower them in big piles of money.
Re:He wasn't fired? (Score:4, Informative)
He partially owned the company. you can't fire someone like that. you have to buy them out.
Which means he got a nice golden parachute too. Hopefully it was real gold and they kick him out of a large building with it.
Re:He wasn't fired? (Score:5, Informative)
He partially owned the company. you can't fire someone like that. you have to buy them out.
That depends on how much a portion he owned. If, say, he owned 15% of the shares and the other 85% of the shareholders say GTFO then that's just what he has to do. He'll still own shares but he won't be CEO or what have you.
Re: (Score:3)
How was this man allowed to keep his job after his shenanigans were made public?
They couldn't fire him without getting the whole board together and that was cumbersome. Didn't you read the chat logs?
Re: (Score:2)
I would think that his antics would be more suited for one of the **AA's, which of course is more in line with the DEM's. But whatever.
Re: (Score:2)
A definite shoe-in for the Cyber Security Czar position.
Good riddance. (Score:5, Funny)