Skip Links

Stolen HBGary e-mails indicate it was planning a "new breed of rootkit"

The company distributed the idea to a consultancy that caters to the U.S. government

By , Network World
February 16, 2011 11:01 AM ET

Network World - E-mails stolen by hactivist group Anonymous indicate that the security company it targeted was proposing to make a “new breed of rootkit” and that it passed along the plan to a technology firm that caters to the federal government.

The latest in security: Hot products from RSA 2011

An attachment to one of the stolen HBGary Federal e-mails calls for creating a rootkit that would find and execute command and control messages as would a compromised machine in a botnet, according to a copy of the e-mail posted by crowdleaks.org.

The document lists the virtues of the proposed Magenta Rootkit: "New breed of rootkit - There isn't anything like this publicly/ Extremely small memory footprint - (4k or less)/Almost impossible to remove from a live running system".

The founder of HBGary (the parent company of HBGary Federal) Greg Hoglund, sent a copy of the Magenta proposal to the president of Farralon Research, Ray Owen, according to the posted e-mails. Farralon posted this brief description of itself on its Web site: "The mission of Farallon Research LLC is to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government."

As the stolen HBGary e-mails come to light, hints about the way the firm conducts business have come out, including an apparent plan to gather data about union organizers identified as opponents of the U.S. Chamber of Commerce. Methods used to gather the information include scraping Facebook data, which violates Facebook's terms of use.

The chamber and other security firms mentioned in the e-mails about the plan to make public statements deploring the proposal.

Beyond the revelations from the stolen e-mails, HBGary Federal has pulled out of the RSA Conference in San Francisco, saying it's in the best interest of its employees and the conference.

The company had a leased booth on the show floor, but shut it down after it was vandalized Sunday night. HBGary left behind a sign to explain its departure: "HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," the company's message reads.

The company's CEO Aaron Barr was to have revealed the names of people who make up Anonymous at the Security B-Sides conference, also being held in San Francsico this week. Barr dropped out of that conference last week after Anonymous hacked into HBGary Federal's network and stole thousands - estimates are as high as 77,000 - e-mails and posted them on the Web.

Worst moments in network security history

Anonymous said in Web posts that it had done so as a preemptive strike against HBGary Federal's plan to out its members. Anonymous posted information contained in the e-mails about what HBGary Federal had discovered about Anonymous and ridiculed it as being inaccurate and incomplete.

Anonymous became the target of HBGary after the secret group launched attacks against the Web sites of businesses that tried to quash Wikileaks posts of stolen U.S. State Department diplomatic cables. HBGary Federal e-mails indicate the firm proposed selling information about the identities of Anonymous members to the FBI.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News