Cyber security alarm after e-mail leak

The cyber activist group Anonymous has posted tens of thousands of private e-mails from a respected security researcher, prompting many responsible for protecting the digital secrets of others to re-examine their own practices.

Anonymous released the e-mails from Greg Hoglund, the founder of HBGary, on Sunday, the eve of one of the tech security industry’s largest annual conferences. Mr Hoglund had been scheduled to speak twice at the week-long San Francisco event but cancelled after the publication of his e-mails led to personal threats, according to Penny Leavy, president of HBGary.

Anonymous said it acted in response to infiltration of its ranks by an affiliated company, HBGary Federal. That company’s chief executive told the Financial Times 10 days ago that he had used information from Anonymous’ internet chat sessions, affiliated Facebook groups and other means to establish the real identities of the leadership of the group.

“Anonymous should be regarded as the criminal group it is”, Ms Leavy said. “They have shown that they will go after security companies and anyone who works with the government”.

The hacking of HBGary Federal and Mr Hoglund dominated the conversation as the annual RSA Conference began, replacing the usual chatter about securing cloud computing and smartphones and winning big contracts.

Some security professionals were appalled at the lax practices that allowed Anonymous to win access to unencrypted e-mail between HBGary Federal and federal agencies including the FBI.

Many also faulted an HBGary Federal proposal to a law firm that represents Bank of America, the expected target of a forthcoming document release from the anti-secrecy site WikiLeaks. That proposal, unearthed by the hackers, sought permission to discredit WikiLeaks by submitting false information in hopes it would be published by the site.

At the same time, some professionals worried that they could be hit next. Anonymous members said they planned to act against Palantir Technologies, another firm that worked on the failed proposal to the law firm, even though Palantir disavowed the plan and severed ties with HBGary.

“Nobody can say that they are totally safe”, said Eva Chen, chief executive of major security firm Trend Micro.

Even as they complained privately about Anonymous, security experts found themselves compelled to pore through the e-mail hoard.

“I’ve been watching it all unfold, blow by blow, with morbid curiosity, unable to look away,” said a longtime researcher at a competing Washington-area firm. “I can’t help but feel that my world will never quite be the same”.

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from and redistribute by email or post to the web.