Hacktivists Take Control of Internet Security Firms
In cyberspace they call it "getting pwned". That's what happened to the American tech-security company HBGary Federal when it tried to infiltrate the so-called hacktivist network known as Anonymous.
In an interview over the weekend Aaron Barr, chief executive of the Washington-based company, said his firm had successfully infiltrated the shadowy collective behind a series of recent pro-WikiLeaks cyber protests.
Anonymous's revenge was swift and brutal. Using sophisticated hacking techniques, the group managed to deface HBGary's website, break into its messaging system to dump 60,000 emails on to it and hijack Mr Barr's Twitter account to tweet abuse and publish his supposed home address and social security number.
The term "pwned" - pronounced poned or owned - originated with online gamers and means to be controlled against your will. Over the past four years Anonymous has gained a reputation for being one of the internet's most mercurial and chaotic meeting spaces for online mischief-makers. But in recent months it has achieved global notoriety thanks to a series of cyber assaults on government and commercial websites critical of WikiLeaks.
Its damaging "denial-of-service" attacks on companies such as PayPal, Mastercard and Visa have resulted in intense police scrutiny with recent arrests in Britain, the Netherlands and the US, as well as increased attempts by private security firms to uncover who is behind the organisation.
Mr Barr claimed that his firm had managed to infiltrate Anonymous through its chat rooms and that the organisation was run by a hardcore of 30 members along with 10 who "are the most senior and co-ordinate and manage most of the decisions". Anonymous has always styled itself as ananarchic democratic collective with no leadership.
In a message left on HBGary's website, the shackers taunted their would-be pursuers with the message: "You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False."
The attack, which was a significantly more complex hack than recent denial of service assaults used by Anonymous, successfully penetrated HBGary's website through a compromised support server. It mirrors a similar method used by the group to target ACS:Law, a British legal firm that controversially sent threatening letters to alleged file-sharers.
Greg Hoglund, the founder of HBGary, has promised his own revenge. "They didn't just pick on any company," he told cyber security journalist Brian Krebs. "We try to protect the US Government from hackers. They couldn't have chosen a worse company to pick on."