A lesson for security researchers: check your own security before you mess with hackers.
Over the weekend, Aaron Barr, the CEO of security firm HBGary, told the Financial Times that he had identified some members of the group Anonymous, which is being investigated by the FBI and U.K. authorities for its role in denial of service attacks that took down MasterCard and some other sites last year. (Anonymous members attacked the sites in retaliation for their actions against WikiLeaks.)
Barr said he wasn’t planning on sharing what he’d uncovered with authorities, but his statement was enough to “anger the hive” as Anonymous put it.
So they hacked HBGary’s Web site, posted 60,000 of Barr’s emails to BitTorrent, and posted nasty messages and personal info to his Twitter and LinkedIn accounts. The group also apparently hacked into the LinkedIn account of HBGary’s COO, Ted Vera.
Leaving aside the moral and legal arguments, this is totally embarrassing for HBGary, which makes its living selling security consulting services. As Anonymous quipped in a note posted with the leaked emails: “It would appear that security experts are not expertly secured.”