(Quick, get me Matt Damon. He's not available? Get me someone who looks like Matt Damon. OK, we'll settle for Shia LeBeouf.)
[ Also on InfoWorld.com: Fasten your seatbelts -- Cringely predicts . | For a humorous take on the tech industry's shenanigans, subscribe to . ]
But the saga of HBGary Federal, WikiLeaks, and Anonymous is still unfolding, thanks to yet more private emails released by Anonymous into the wild. InfoWorld blogger of all that has transpired so far.
Here's a quick list of the dirty dealings buried in those emails:
* HBGary Fed (HBGF) was one of five companies that were pitching a proposal to take down WikiLeaks on behalf of Bank of America. and apologized. As far as I know, Booz Allen and law firm Hunton & Williams have yet to issue a statement, while BofA claims it never heard of or saw this proposal. (Color me surprised.)
* HGBF was also targeting top journalists, including and former New York Times reporter Jennifer 8. Lee.
* HGBF had , the to monkey wrench Iran's nuclear facilities, and may have been planning to use it for its own nefarious purposes. (Now, of course, Anonymous has that code. Nervous yet?)
* According to Crowdleaks.org, HBGary may have been developing that is undetectable and impossible to kill.
* Fill in the blank. I'm sure more revelations will arise before I've finished this blog post.
Want to peek inside those emails? Try . (I know what you're wondering: No, I am not in them. Not yet, anyway. Justin Bieber, on the other hand, is mentioned in two of them. Go figure.)
All of this is known only because various members of Anonymous took exception to earlier this month in which HBGF spook-in-chief Aaron Barr bragged about and other publicly available information. He even claimed to know the real identities of the group's "leaders."
Except he was dead wrong.
ITworld's spoke with one of those accused of being not only part of Anonymous, but its alleged kingpin, Commander X. It turns out that Ben de Vries is just an organic gardener in San Francisco who happened to run a Facebook group where alleged Anons liked to gather. Yet that was enough for HBGF's Barr to conclude that de Vries was the mysterious X and to discuss with his boss submitting that info to the FBI.
A handful of commenters weighed in saying that they too had been named by Barr, incorrectly, as members of Anonymous -- so much for Barr's theory that he could penetrate the innards of a supersecret org through the magic of social media and his own innate brilliance.
Ars Technica, which has been all over this story in a way nobody else can touch, has . It used a standard weapon from the hacker arsenal, an SQL Injection, to penetrate HBGF's custom content management system. That in turn allowed access to HBGF's database of user names and passwords, which the Anons quickly cracked. It turns out that the principals at HBGF used simple passwords -- and recycled them for Twitter, Facebook, email, and so on.
That, as they say, was the ballgame. Per :
For a security company to use a CMS that was so flawed is remarkable.... Proper handling of passwords--iterative hashing, using salts and slow algorithms--and protection against SQL injection attacks are basic errors. ...And though not all the passwords were retrieved ... two were, because they were so poorly chosen.
Meanwhile, HBGary Federal -- a division of HBGary -- is all but dead. It . I'll bet within a year that if parent company HBGary survives this debacle, it decides on a name change. There's no getting the stink off now.
As for Barr, he's a victim of his own hubris. I'd be surprised (and, really, appalled) if he's still employed in any capacity within a month. He thought he could fly with the gods; instead he crashed and burned.
You might call it a classic geek tragedy.
What's your take on HBGF, Anonymous, et al? E-mail me: . I'll feature the best and brightest in a future post.