March 22, 2011, 2:35 PM — On Super Bowl weekend, HBGary CTO Greg Hoglund found himself locked out of his own email account. The fallout of the leaked messages from his account and that of HBGary Federal's CEO Aaron Barr has been widely reported. Yet, not from the point of view of the victims. In Part 1 of this interview with CSO correspondent Robert Lemos, Hoglund talked about how the hack happened and the lessons for chief security officers. In Part 2, he describes his research on Anonymous and why the group is making the insider threat problem more dire.
You said initially that Anonymous was not even on your radar. Why is that?
Hoglund: We at HBGary were focused almost entirely on some APTs (advanced persistent threats), mostly focused on China. And that has been the bulk of our research for quite a while because most of our customers have suffered attacks from, what appears to be, state sponsored Chinese intelligence. It's espionage stuff, so we were heads down on that.
We were blindsided by the Anonymous attack. I did not expect to be attacked by what I thought was a bunch of kids who DDOS websites offline. Granted, DDOS is illegal. I believe that here in the United States its a 10-year prison sentence, so its no small crime, either. Most people don't think of it as a crime, they think of it as a virtual sit in. So people don't take it seriously, me included.
So after the attack, you started focusing on Anonymous and researching their organization?
I took all our resources and just turned them directly onto Anonymous, and we found all this information about the group. And what I learned is that they are not at all what people think they are. There aren't very many, first of all. There are not thousands, they are not a legion. That is all just stuff they say to make people fearful or intimidate. They have a whole propaganda wing. So lets get this straight: A lot of the people in Anonymous are pseudo-journalists, they write the news. They completely use the media as a tool.
So what did your research find? What is Anonymous doing?
There are a dozen people at the center of Anonymous. Most of those people are criminal hackers. And they are not just attacking HBGary, they are attacking numerous defense contractors who are in the defense industrial base and system integrators for the government. They are attacking numerous companies in the pharmaceutical space and the chemical space. They are attacking U.S. corporations.