How Anonymous Cracked the HBGary Security Firm

When the security researcher Aaron Barr and his firm HBGary Federal crowed about having discovered the real identities of (some of) the people behind the loose online group Anonymous, he was probably asking for it. Anonymous is notorious for reprisal attacks on sites they view as hostile to them. But perhaps Barr thought, being a computer security specialist and all, he was safe from what many view as their childish attacks.

Man, was he wrong.

Peter Bright at Ars Technica has a remarkably thorough account of how someone(s) at Anonymous broke into HBGary's files and wreaked havoc. It was simpler than you might think, actually. Anonymous exploited well-known problems in conventional systems to get the information they needed and paired it with good, old social engineering. This is not exactly Hacking 101, but it is like the pick-and-roll of hacking. Everyone knows this is how shenanigans happen, and yet sometimes when it's done well, it's hard to stop.

The key first step was cracking the content management system used at HBGaryFederal.com, a spinoff of HBGary. Bright details the well-known attacks they used and steps you through the process of moving from one piece of information to the next. The piece itself is great as a fairly accessible basic hacking primer.

One takeaway: try not to use the same password for your most important accounts because you never know which of the zillion sites you've given your standard password to (ahem, Gawker) will eventually be compromised.