HBGary CEO quits after demonstrating how not to do security

Taunt hactivists, weak security, weaselly contracts for surveillance...

By  

The security consultancy CEO who bragged he had identified leaders of the Anonymous hactivist group and would sell their names to Bank of America, has resigned from HBGary Federal following the revelation that he's both a weasel and an idiot.

CEO Aaron Barr is quitting to give the company he led into infamy – HBGary Federal – a chance to regain a good reputation it may not have deserved, and help him rebuild his own.

 

Barr is an idiot for making himself a target and showing his cards in a potentially risky security situation by telling the Financial Times (not BofA) that he had the goods on Anonymous, apparently just to make himself look good.

In response, Anonymous hacked HBGary, extracted more than 50,000 of its private emails and posted them.

It also outlined the weak passwords and unpatched servers that allowed it to walk so easily into a "security" firm's private network and from there into the Gmail accounts of employees.

OK, the weak to nonexistent security inside his own company is a second reason Barr is an idiot; or at least a poseur.

He's a weasel because -- according to a ThinkProgress report generated from private emails swiped by Anonymous and provided to WikiLeaks – HBGary Federal was one of three private security companies considered by the U.S. Chamber of Commerce for an underhanded campaign to investigate and smear its political enemies.

(Irony bit of the day: the three were code-named Team Themis – for the Roman goddess of law and order. The Team's purpose was neither.)

I don't need to point out that it's Anonymous that is in the wrong here. Cracking and stealing data are against the law and are ethically indefensible unless the crime the victim has committed is so great that it vastly outweighs the wrong being done against it.

We're talking genocide, here, human-rights abuses, dictatorship, excessively slimy corporate or government corruption. HBGary didn't quite rise to that level, although you can argue that it tried.

But come on. Taunting hactivists who are all fired up about taking down Visa and MasterCard?

Feed the bear a sandwich from your mouth, why don't you?

Spit into the wind. Tug on Superman's cape.

Don't mess around with Slim.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question