Some time back I suggested the online “group” Anonymous was worth keeping an eye on. This suggestion was subsequently vindicated by the remarkable HB Gary saga involving cyber security consultant Aaron Barr who, to use Stephen Colbert’s now-famous description, stuck his penis into a hornet’s nest when he declared he was going to “out” senior members of Anonymous.
The subsequent crack of his company’s entire network was facilitated by some remarkably elementary mistakes by Barr in his own cyber security — so elementary that some speculate the entire exercise was an elaborate honey trap, particularly given Barr’s company had done work both on defending against honey traps and using them. If it was an elaborate plot, however, it’s exacted one helluva toll on the perpetrators — Barr, in an utterly unexpected development, has since parted ways with HB Gary Federal. But though Barr is gone, his emails live on after him, and continue to embroil a growing circle of companies.
For example, it was courtesy of Barr’s emails — many gigabytes of which are now strewn across the internet in conveniently searchable form — that we learnt that Morgan Stanley had been one of 200 companies targeted in the 2009 “Aurora” attacks mounted by Chinese crackers. The bank itself hadn’t seen fit to share that with customers or investors.
The emails most famously detail the attack campaigns prepared for the Bank of America and the US Chamber of Commerce against WikiLeaks and its supporters, and against Chamber of Commerce critics and unions, respectively. HB Gary Federal worked with two larger IT security firms, Palantir Technologies and Berico Technologies. Both companies rushed to distance themselves from HB Gary in the immediate aftermath of the revelation of the campaign. However, the strategy of pretending the campaigns were a lone frolic by Barr is breaking down. US writer and activist Barrett Brown has detailed how Palantir and Berico were deeply involved in the preparation of highly aggressive, and possibly illegal, attempts to target and silence supporters of WikiLeaks and critics of the Chamber of Commerce.
Congressional Democrats are now pressing for an investigation of all three firms plus the Washington law firm Hunton and Williams, which was closely involved in the planning of the operations as well.
The emails show HB Gary was also working on techniques to simultaneously establish large numbers of online personae, a virtual army designed to assist in data mining, swamping online discussions and attacking bloggers. Such techniques would be quite handy in the manufacturing of online consent for governments, corporations and NGOs. The emails show the US government was interested in the sock-puppet software.
If you’re wondering quite what the point of establishing a hoard of sock puppets is, remember that purported Liberal grassroots uprising over Malcolm Turnbull’s support for the CPRS, which involved the spamming of Liberal MPs’ offices with emails and phone calls.
There are also plenty of copies of malware now available courtesy of the emails, including the Stuxnet virus used againsth the Iranian nuclear weapons programs, although some of the OMG Anonymous has Stuxnet! reactions overlooked that copies of the code were already available via other means.
Even Barr’s spam emails have proven illuminating, introducing us to shadowy cyber security firms such as Shield Security (enjoy their compelling use of Flash here), which promised systems to intercept Skype calls and satellite interception of data, for governments only (and, apparently, HB Gary).
Along with the likes of Palantir and Berico, these are the arms dealers and military contractors of the internet war, hoping to reap huge profits as cyber security, espionage and the deployment of online attacks by government and non-governments actors alike moves to the centre of national and corporate security strategy. This is a whole new military-industrial complex in development, out of sight, online, beyond normal accountability.
The problem is, of course, the tools of cyber security are just as useful in pursuing domestic policy goals as national security goals, as the plan for critics of the US Chamber of Commerce illustrated, and the involvement of the US Department of Justice in referring Hunton and Williams to Bank of America to develop an anti-WikiLeaks strategy.
The HB Gary crack complemented the anti-corporate tone another Anonymous operation, #OpWisconsin, which joined a variety of operations aimed at Middle Eastern regimes, some energetic, others flagging. The Wisconsin operation seems to have been intended less to support public sector unions protesting against the Republican assault on basic workers’ rights in that state than the involvement of the far-right billionaire Koch brothers. And it was Anonymous, displaying yet another string to its bow, that revealed that Republican Governor Scott Walker had included in his budget bill a clause that would enable the sale without tender public utility assets in Wisconsin, at any price. That operation also targeted the website of a Koch-funded advocacy group and several Koch Industry sites.
The political nature of the operation brought into public gaze a divide between Anons interested in more overtly political activity (and other “whiteknight sh-t”) and those interested only in core free-speech issues (particularly around the activities of the copyright mafia) or, inevitably, just the lulz. The divide has been cast as “newfags” versus “oldfags”, a reversioning of a long-running meme from source community 4chan (warning, as always — 4chan is so Not Safe For Work it’s not funny). But the latest operation, though, is one likely to heal any rift, since it is a return to a long-running Anonymous target, the copyright mafia and its extensive censorship, little of which is reported in the mainstream media.
The reason all this bears watching is that this is only one manifestation of the growing hostility to large corporations evident in the US and the UK. This isn’t to be found only within what’s left of the American union movement occupying the Capitol in Madison. There is an anti-corporate strain within the grassroots of the Tea Party movement, one that places it at odds with the party hierarchy funded by the Koch brothers and the mainstream Republican. Its biggest target is the financial sector and the GFC bank bailouts, an issue that unites left and right in deep hostility to the seeming indulgence of corporate greed.
It’s very similar in the UK. The deep anger many Britons feel toward their financial sector also remains unabated, and still plagues the Cameron government, forcing David Cameron and George Osborne to pretend to play bad cop on bankers’ bonuses.
This is a mood only likely to be worsened by the UK’s lacklustre growth — its economy contracted over the new year and the Conservative’s massive budget cuts haven’t even bit hard yet — and the possibility of an oil shock driven by the current uprisings across the Middle East — inducing, as Richard Farmer pointed out yesterday, the bizarre sight of oil markets being soothed by the promises of Hugo Chavez to intervene in the Libyan crisis (his proposal to do so, presumably aimed at propping up his good friend Colonel Gaddafi, has been rejected by Libya’s freedom fighters). Worsening economic conditions and the example of the Middle East might mean there’ll be less sullen resentment and more protesting, as we’ve already seen in Madison and from British students.
The HB Gary emails, however, reveal a corporate America with an extensive arsenal of cyber weapons at its disposal, and a willingness to deploy them against those wanting to bring greater accountability to the corporate sector and the influence it wields.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.