Anonymous speaks: the inside story of the HBGary hack.

Posted: February 16, 2011. At: 7:47 AM. This was 7 years ago. Post ID: 987

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/2

This article is a fascinating description of the HB Gary hack that enabled Anonymous to crack into a server machine and eventually deface a website.


HBGary and HBGary Federal position themselves as experts in computer security. The companies offer both software and services to both the public and private sectors. On the software side, HBGary has a range of computer forensics and malware analysis tools to enable the detection, isolation, and analysis of worms, viruses, and trojans. On the services side, it offers expertise in implementing intrusion detection systems and secure networking, and performs vulnerability assessment and penetration testing of systems and software. A variety of three letter agencies, including the NSA, appeared to be in regular contact with the HBGary companies, as did Interpol, and HBGary also worked with well-known security firm McAfee. At one time, even Apple expressed an interest in the company’s products or services.

Greg Hoglund’s rootkit.com is a respected resource for discussion and analysis of rootkits (software that tampers with operating systems at a low level to evade detection) and related technology; over the years, his site has been targeted by disgruntled hackers aggrieved that their wares have been discussed, dissected, and often disparaged as badly written bits of code.

It is amazing how many errors the technician s running the server machines made, with passwords re-used and a poorly coded CMS system and many many other errors of judgement that resulted in the website being defaced and valuable information stolen. This is a valuable lesson to all website owners to keep up with security and use a proper CMS system with security updates installed regularly, do not leave it to someone else to find exploits for you. MD5 encryption of passwords is still sometimes used by MYSQL and is weaker than Blowfish, which is also supported with a PHP MYSQL system, and provides greater password encryption security and has been supported on Linux for a while.

A password encrypted with Blowfish encryption looks like this, it is the one-way password salt, then when you enter your password and press enter to login, the password you supply is converted to a hash like this one and compared against the stored hash and if they match then you are allowed to log in. This is how it has worked on Linux for a long while, I remember when Linux used MD5 encryption for user passwords, now you should only use Blowfish. Debian 3.0 had MD5 as the only option but that was a long time ago now. And make sure you have complex hard to guess passwords and not the name of your pet or something.

<br /> makron:$2a$10$Uu.hCSJFcN4JVypc/jxtTO3BHSLLKcXSZ1qhQ/NTolShhHxJcyHzS<br />

No comments have been made. Use this form to start the conversation :)

Leave a Reply