HBGary
HBGary got the attention of the group anonymous 1 when he proudly stated that he knew all of the real names of users in the IRC network 2 which resulted in HBGary getting breached 3 4 and publicly humiliated (The data he claimed to hold on users was illegitimate and false to garner press attention to boost his companies name and reputation). The breach resulted in documents and emails being leaked, databases, personal devices, social media accounts, data wiped and their website defaced.
Explanation of the Hack
1. SQL Injection to obtain user database.
Specific query that was used to break into daatabase:
http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27
Usernames, email addresses and password hashes were obtained.
2. Rainbow tables to crack password hashes.
Salting and Iterative Hashing were not used in HBGary database.
It used MD5.
CEO Aaron Barr and COO Ted Vera used very simple passwords: 6 lowercase letters and 2 numbers.
3. Exploit password reuse.
Aaron Bar and Ted Vera used same passwords for email, twitter, etc.
Ted Vera's password was used to ssh into HBGary machine. Ssh did not use keys, but passwords.
Ted was only a regular user. In order to escalate his privilege level to that of a superuser, a known exploit involving libraries was used, for which patch came out in October 2010.
https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf
Anonymous also socially engineered (using access already gained from hacking into HBGary) rootkit.com network admin to reset admin passwords, drop the firewall to SSH in and then dumped the databases which resulted in rootkit.com demise 6. (@19:00) 7
References
- https://en.wikipedia.org/wiki/Anonymous_(hacker_group)
- https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack
- https://www.wired.com/2011/02/anonymous-hacks-hbgary
- https://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous
- https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf
- https://thehackernews.com/2011/02/rootkitcom-database-leaked-by-anonymous.html
- https://youtu.be/pn9EUBwaxY8