HBGary: Difference between revisions
mNo edit summary |
m (HBGary Hack) |
||
| Line 1: | Line 1: | ||
https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/ | HBGary got the attention of the group anonymous [https://en.wikipedia.org/wiki/Anonymous_(hacker_group) 1] when he proudly stated that he knew all of the real names of users in the anonymous IRC channel [https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack 2] which resulted in HBGary getting breached [https://www.wired.com/2011/02/anonymous-hacks-hbgary 3] [https://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous 4] and publicly humiliated (The data he claimed to hold on users was illegitimate and false to garner press attention to boost his companies name and reputation). The breach resulted in documents and emails being [https://search.wikileaks.org/?query=hbgary+federal leaked], databases, personal devices, social media accounts, data wiped and their website defaced. | ||
== Explanation of the Hack == | == Explanation of the Hack == | ||
<blockquote> | |||
1. SQL Injection to obtain user database. | |||
<br> | |||
Specific query that was used to break into daatabase: | |||
<br> | |||
http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27 | |||
<br> | |||
Usernames, email addresses and password hashes were obtained. | |||
<br> | |||
<br> | |||
2. Rainbow tables to crack password hashes. | |||
<br> | |||
Salting and Iterative Hashing were not used in HBGary database. | |||
<br> | |||
It used MD5. | |||
<br> | |||
CEO Aaron Barr and COO Ted Vera used very simple passwords: 6 lowercase letters and 2 numbers. | |||
<br> | |||
<br> | |||
3. Exploit password reuse. | |||
<br> | |||
Aaron Bar and Ted Vera used same passwords for email, twitter, etc. | |||
<br> | |||
Ted Vera's password was used to ssh into HBGary machine. Ssh did not use keys, but passwords. | |||
<br> | |||
Ted was only a regular user. In order to escalate his privilege level to that of a superuser, a known exploit involving libraries was used, for which patch came out in October 2010. | |||
<br> | |||
<br> | |||
https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf | |||
</blockquote> | |||
https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf | What's left out of the source cited is that they also socially engineered [https://web.archive.org/web/20110205151357/http://www.rootkit.com rootkit.com] network admin to reset admin passwords, drop the firewall to SSH in and then dumped the databases which resulted in rootkit.com demise [https://thehackernews.com/2011/02/rootkitcom-database-leaked-by-anonymous.html 6]. [https://youtu.be/pn9EUBwaxY8 (@19:00) 7] | ||
== References == | |||
# https://en.wikipedia.org/wiki/Anonymous_(hacker_group) | |||
# https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack | |||
# https://www.wired.com/2011/02/anonymous-hacks-hbgary | |||
# https://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous | |||
# https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf | |||
# https://thehackernews.com/2011/02/rootkitcom-database-leaked-by-anonymous.html | |||
# https://youtu.be/pn9EUBwaxY8 | |||
[[Category:Stub pages]] | [[Category:Stub pages]] | ||
[[Category:Hacks]] | [[Category:Hacks]] | ||
Revision as of 18:00, 3 August 2023
HBGary got the attention of the group anonymous 1 when he proudly stated that he knew all of the real names of users in the anonymous IRC channel 2 which resulted in HBGary getting breached 3 4 and publicly humiliated (The data he claimed to hold on users was illegitimate and false to garner press attention to boost his companies name and reputation). The breach resulted in documents and emails being leaked, databases, personal devices, social media accounts, data wiped and their website defaced.
Explanation of the Hack
1. SQL Injection to obtain user database.
Specific query that was used to break into daatabase:
http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27
Usernames, email addresses and password hashes were obtained.
2. Rainbow tables to crack password hashes.
Salting and Iterative Hashing were not used in HBGary database.
It used MD5.
CEO Aaron Barr and COO Ted Vera used very simple passwords: 6 lowercase letters and 2 numbers.
3. Exploit password reuse.
Aaron Bar and Ted Vera used same passwords for email, twitter, etc.
Ted Vera's password was used to ssh into HBGary machine. Ssh did not use keys, but passwords.
Ted was only a regular user. In order to escalate his privilege level to that of a superuser, a known exploit involving libraries was used, for which patch came out in October 2010.
https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf
What's left out of the source cited is that they also socially engineered rootkit.com network admin to reset admin passwords, drop the firewall to SSH in and then dumped the databases which resulted in rootkit.com demise 6. (@19:00) 7
References
- https://en.wikipedia.org/wiki/Anonymous_(hacker_group)
- https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack
- https://www.wired.com/2011/02/anonymous-hacks-hbgary
- https://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous
- https://web.archive.org/web/20230803165419/https://www.cs.bu.edu/~goldbe/teaching/HW55812/jarib.pdf
- https://thehackernews.com/2011/02/rootkitcom-database-leaked-by-anonymous.html
- https://youtu.be/pn9EUBwaxY8