The game is over for Aaron Barr. HBGary Federal’s CEO, who was targeted by Anonymous, announced his resignation on Monday during an interview with Kaspersky's news portal, Threatpost. Barr said he would step down to focus on his family and rebuild his reputation.
Aaron Barr has rarely given interviews to the media since the events that led to Anonymous using him, his company HBGary Federal, and its parent firm HBGary, as an object lesson over a story he gave to the Financial Times. So his interview with Threatpost was both expected, given his announcement, and random, considering his silence.
“I need to focus on taking care of my family and rebuilding my reputation," Barr said during his conversation with Threatpost.
"It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”
The storm started when Barr told the Financial Times on February 5, that he had used clues found online to discover the identities of key Anonymous associates.
He said was able to make these connections by using services such as LinkedIn, Classmates.com, and Facebook, as well as IRC itself. The data he collected was to be used for a presentation during B-Sides San Francisco.
The reaction from Anonymous to the story Barr told was swift and brutal. They compromised HBGary and HBGary Federal, leveraging Web vulnerabilities, as well as privilege elevation exploits, to hijack everything from Twitter and LinkedIn accounts to the company email. The hijacked email is what caused Barr the majority of his problems.
While reading the company communications, Anonymous discovered that Barr was shopping his research to various federal agencies, as well as bragging to co-workers that he had infiltrated the loosely associative group.
Given Barr’s claims, Anonymous released the hijacked emails, holding only Greg Hoglund’s emails in reserve. Some time later, Anonymous released those emails as well. To coincide with the final HBGary leak, they developed a website that contains more than 70,000 HBGary emails in a searchable listing, dubbed AnonLeaks.
The leaked communications provided an interesting look into a security company that deals with both the private and the government sectors at the same time. It was from these emails, as well as a tip from Crowdleaks.org, that The Tech Herald was able to break the story of Barr’s role in a plot with two other data intelligence firms to target WikiLeaks and journalist Glenn Greenwald.
According to them, Barr and the same data intelligence firms also developed plans for the U.S. Chamber of Commerce, which would allow them to “undermine their political opponents, including ThinkProgress, with a surreptitious sabotage campaign.” To make matters worse, the plans included families and children.
Crowdleaks also broke the news of HBGary’s MAGENTA project, which had the company developing a type of Windows rootkit that was said to be undetectable and nearly impossible to remove.
In addition to the rootkit development, Crowdleaks reported on the discovery of Stuxnet binaries in Barr’s email, and decompiled much of the source code for public release.
Additional news sourced from the leaked communications includes the report that established government contractor, ManTech International Corporation, suffered a botnet infection on their network last December. There were thirteen incidents, on eleven IP address, including the likes of Mariposa, Conficker, and Zeus.
Moreover, the report published this week by Bloomberg, that financial giant Morgan Stanley experienced a “very sensitive” break-in - by the same group who attacked Google and dozens of others during the Aurora attacks - was also discovered by reading HBGary and HBGary Federal’s emails.
The aftermath from the Anonymous attacks on HBGary and HBGary Federal are still being felt. The two data intelligence firms who worked with Aaron Barr and his company, the ones linked to the events involving Bank of America and the U.S. Chamber of Commerce, severed ties with him completely.
We’ve reached out to HBGary for comments, but have not heard back. At this stage, it’s not clear how Barr will work on his reputation, nor is it known just how damaging this whole ordeal has been to HBGary.
News of his resignation was met with little excitement from some of the Anons that we’ve spoken to. Barr is an amusing subject for them, but he is starting to grow stale.
When asked for reaction to his comments about reputation, one Anon commented, “Translation… the [government] won’t touch a project I’m on, so I’m getting out of the spotlight.”
Another remarked that, “If Michael Vick can make a comeback, so can Aaron Barr.”