Hacked and now vandalized, HBGary pulls out of RSA

The company's booth was vandalized and HBGary says it has received threats of violence.

The California security company that is at the center of a controversy over a plan to discredit WikiLeaks and its supporters abruptly pulled itself out of the RSA security conference in San Francisco this week, citing security concerns.

The company's subsidiary, HBGary Federal, also cancelled a talk it had planned to give on the Internet activist group, Anonymous. It was news of this talk that riled Anonymous and precipitated the controversy last week.

HBGary has been under fire for several days now after its Web sites, corporate email system and Twitter accounts were hacked, and details of a company business proposal to discredit WikiLeaks were posted to the Internet. The attack was apparently launched by Anonymous in response to HBGary Federal's CEO Aaron Barr's talk, which had been slated for Monday morning. Barr said he had discovered the identities of many of Anonymous's leaders, and had planned to discuss his investigation in a talk at the BSides San Francisco conference, which runs in tandem with RSA.

"I was receiving death threats," Barr said in an interview Tuesday. "There was lots of talk that was being made of in the Anonymous IRC channels of harassing us at our booth and sending people to heckle [HBGary speakers at the conference]."

The company decided to strike its booth from the RSA conference floor, however, after it was vandalized on Sunday, said Jim Butterworth, HBGary's vice president of services. "We... came back the next morning and it was very apparent that the group responsible for the activities in the news had decided to make another statement," he said.

The IDG News Service obtained a photo of HBGary's vandalized booth. Someone had placed a large paper poster on the HBGary booth that read, "Anon... in it 4 the lulz.." Lulz is Internet slang meaning 'laughs.'

Instead of a show booth, HBGary's spot on the RSA exhibition floor is now empty, except for a small sign explaining the company's decision to withdraw from the show.

HBGary founder Greg Hoglund had been scheduled to speak at RSA, but those talks have now been cancelled too, Barr said. He declined to comment further on the controversy surrounding his work, or the cyber-attacks on his company.

But according to the published company emails, Barr knew last month that his talk would make HBGary a target.

Clearly, though, he had no idea how bad things would get. HBGary -- a minor but once-well-respected security company -- has now suffered what may be a fatal hit to its reputation.

For a security company to suffer such a major breach is embarrassing, but buried in the 67,000 company emails published by Anonymous were even more damaging material such as a proposal to help Bank of America's law firm, Hunton & Williams, discredit WikiLeaks ahead of the expected release of secret bank documents. In the proposal, Barr suggested that HBGary Federal could work with two other security companies -- Palantir and Berico Technologies -- to launch cyberattacks, seed WikiLeaks with fake documents and dig up dirt on its supporters.

BofA publicly distanced itself from HBGary following the incident, while Palantir and Berico Technologies have severed ties with the firm.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies