Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out.
Our lengthy investigation of that story generated such interest that we wanted to flesh out one compelling facet of the story in even more detail. In a sea of technical jargon, social media analysis, and digital detective work, it stands out as a truly human moment, when Barr revealed himself to Anonymous and dialogued directly with senior leaders and "members" of the group.
The encounter began on February 5. Barr had managed to get his work written up in a Financial Times story the day before, and now strange traffic was pouring in to HBGary Federal. With his research done and his story in print, Barr needed only to work up some conference slides and prepare for a meeting with the FBI, which had been tracking Anonymous for some time. So Barr ditched the covert identities he had been using to watch the group, and on February 5 he approached a person on Facebook whom he believed was the powerful CommanderX.
Barr's apparent motives were multiple: to mitigate any revenge upon his company, but also to meet as equals with his hacker subjects. No harm, no foul, right? Anonymous didn't agree. (Quotes in this article are provided verbatim, typos and all.)
Barr: CommanderX. This is my research… I am not going to release names I am merely doing security research to prove the vulnerability of social media so please tell [redacted] and [redacted] or whoever else is hitting our site to stop.
CommanderX: Uhhh…. not my doing! Just as a thought… wouldn't that be valuable data to your research?
Barr: I am done with my research…doing my slides…I am not out to gut u guys. My focus is on social media vulnerabilities only. So please tell the folks there that I am not out to get you guys… I knew you guys were a risky target but nothing risked nothing gained. People can show their bravado thats fine I can deal with that. Just want the 'leadership' to know what my intent is…that will filter as it needs to I am sure.
CommanderX: 'Leadership' lmao [laughing my ass off] it has grown beyond my control, just as I intended.
Barr: … I will talk about aliases. I won't talk about names. But please don't play me a chump any more than you have to to protect anons cred. I know more than IRC aliases…. u have a lot of firepower and know how in some dark corners…hell some of them may even know Greg Hoglund the CEO of our other company. So if it is some of your guys just want to make sure they don't get too aggressive.
CommanderX: Which website?
Barr: hbgaryfederal.com
CommanderX … I warn you that your vulnerabilities are far more material. One look at your website locates all of your facilities. You might want to do something about that. Just being friendly. I hope you are being paid well.
"Come at us, bro"
Barr then entered an Anonymous IRC chat room, where his "CogAnon" profile had already been exposed. When he showed up, this is what greeted him. (Anonymous handles have been altered in this non-public section of chat.)
[23:47] <CogAnon> guys I'll tell you...it was only research...it has now become a criminal matter...
[23:48] <CogAnon> our website was hacked...twitter account... email.... ok...guys if thats the way u want to play it.
[23:48] <ANON2> CogAnon: come at us bro
[23:48] <CogAnon> I won't...
[23:48] <ANON1> CogAnon: Hello.
[23:48] <ANON2> CogAnon: nice screencap earlier by the way, did Ted and [HBGary CEO] Penny enjoy it, faggot?
[23:49] <CogAnon> not sure why u had to make it personal...I had 2 other usecases...
[23:49] <CogAnon> but ok... I figured this might happen...I am not upset... it just takes a differnt path...
[23:51] <CogAnon> ok see you guys later...not even close to end of career... :) need to finish my talk.
[23:52] <ANON2> maybe CogAnon will enjoy what's uploading right now
[00:18] * CogAnon is now known as AaronBarr
The material "uploading right now" was apparently Barr's private e-mails; Anonymous had infiltrated his company e-mail server, where Barr was the admin, and had taken more than 40,000 messages from three top execs. They were then uploaded to The Pirate Bay.
"What's coming next is the delicious cake"
The next day, February 6, the attacks turned serious, and Barr realized the extent of what Anonymous had done to him and to his company, which was currently in negotiations to sell itself to a pair of interested buyers. This was no longer a game; it looked more like war. The sheer freewheeling raucousness of what follows illustrates as well as anything the nature of Anonymous, and it's worth quoting at length. (A few unimportant bits have been stripped for clarity, denoted by an ellipsis.)
Note that several members of the channel have already seen Barr's e-mails. (Read the full public log.)
[23:53:49] <q> Ohai CogAnon
[23:53:56] <tflow> Hello, Mr. Barr.
[23:54:12] <Topiary> Mr. Barr and his infiltration of Anonymous; "Now they're threatening us directly", amirite?
[23:54:16] <tflow> I apologize for what's about to happen to you and your company.
[23:54:20] <q> Enjoying the Superbowl, I hope?
[23:54:25] <CogAnon> high one sec. please
[23:54:25] <tflow> I really do, Mr. Barr.
[23:54:36] <tflow> You have no idea what's coming next.
[23:54:36] <Topiary> tflow: How are things going with that, anyway?
[23:55:24] <Topiary> CogAnon is clearly super 1337 with his PM psyops skills in the Washington area
[23:55:29] <CogAnon> ok...sure I figured something like this might happen.
[23:55:42] <Topiary> CogAnon: nah, you won't like what's coming next
[23:55:51] <tflow> CogAnon: Can you guess what's coming next?
[23:56:00] <Topiary> Ooh, a fun game - guess!
[23:56:02] <CogAnon> dude...you just don't get it. it was research on social media vulnerabilities...I was never going to release the names...
[23:56:11] <Sabu> LIAR
[23:56:14] <CogAnon> as I told CommanderX last night.
[23:56:16] <BarrettBrown> CogAnon: You went to press
[23:56:22] <Topiary> CogAnon: yeah we read the facebook conversation, and every other conversation
[23:56:23] <BarrettBrown> With info that was largely false
[23:56:24] <q> CogAnon: only that your research like totally failed and all your info was bullshit
[23:56:25] c0s> CogAnon: that article was a hit peice.
[23:56:27] <CogAnon> ok whatever...whoever has done this has tied my hands now though.
[23:56:37] <BarrettBrown> I suggest you go to Bloomberg and explain
[23:56:38] <Sabu> CogAnon: Don't you have a meeting with the FBI Monday morning?
[23:56:39] <CogAnon> ok
[23:56:42] <Topiary> Sabu: he totally does
[23:56:44] <tflow> CogAnon: I feel sorry for what's about to happen. I really do.
[23:56:45] <Sabu> Tomorrow @ 11am?
[23:56:46] <q> CogAnon: we'll send that to your FBI friends, so they have that before your talk tomorrow
[23:56:49] <CogAnon> yep...they called me.
[23:56:51] <n0pants> Moral of the Story: Don't drum up business by banging on a hornet's nest.
[23:57:01] <CogAnon> I have a lot of people calling me.
[23:57:02] <Sabu> You intended of battling anonymous in the media for media gain and attention
[23:57:04] <Sabu> well let me ask you
[23:57:08] <Sabu> you got the media attention now
[23:57:10] <Sabu> how does it feel
[23:57:11] <Sabu> ?
[23:57:14] <CogAnon> yep
…
[23:57:34] <Topiary> Oh guys, what's coming next is the delicious cake.
…
[23:58:53] <nigg> so who wants all of
[23:58:55] <nigg> his emails?
[23:59:06] <Sabu> uhm you have his emails????
[23:59:10] <Sabu> DAMN!
[23:59:14] <nigg> 2.3gb's of gold
[23:59:15] <Topiary> sure, I'd enjoy some 68,000 emails
[23:59:19] <Topiary> can we please have 68,000 of their emails?
[23:59:21] <blergh> lol
[23:59:21] <`k> nigg not ehre
[23:59:22] <tflow> I already have them
[23:59:23] <blergh> what is this?
[23:59:25] <c0s> those emails are going to be pretty
[23:59:25] <Topiary> oh wait we totally already have them
[23:59:26] <`k> here
[23:59:27] <nigg> 68,000?
[23:59:27] <Topiary> trolololol
…
[23:59:50] <tflow> I have Barr's, Ted's and Phil's emails
[23:59:50] <nigg> im talking
[23:59:50] <CogAnon> lol..ok guys well u got me right. :)
On February 7, Barr's compromised Twitter account contained the following posts, which appear to be from Barr himself—though it's hard to say. (Those from his Anonymous persecutors have a very different tone, and contain more links and profanity.)
Ok. Well this has been fun. Anon has certainly done a number on me for the last, wow has it only been 24hrs? Seems longer...
site defaced, twitter hacked, email taken...priceless.
Does this mean I have become an internet celebrity...not quite how I imagined it?
ok. So Anon has done a number on me. Probably going to take a bit to piece things together, probably more to come.
But there has been no more to come. Twitter has now locked the account, according to Anonymous.
The persecution was brutal. People began defacing images of Barr, hosting them all in a central repository for easy viewing—they even dredged up a personal picture of the man dressed as The Hulk for a round of trick-or-treating with his kid. HBGary, a part owner of HBGary Federal, sent its own President Penny Leavy into the Anonymous chat rooms to ask them to stop—or at least to keep the e-mails private. Anonymous did not, demanding instead Barr's resignation.
Members of the group have spent today apparently prepping to release a new e-mail archive from Leavy's husband, the respected security pro Greg Hoglund, whose own site rootkit.com was compromised by (allegedly) a 16-year-old through a bit of social engineering. The persecution continues.
reader comments
366