A big hacking misfire

The exploits of Anonymous may have made headlines across the globe but most of its victims are actually back on their feet and doing better than ever.

Of all the tactics used by hacker collective Anonymous in any of its “operations”, the release of their victims' emails has been one that potentially could cause the most damage.

Previous releases have claimed the job of Aaron Barr – former CEO of security firm HBGary – and unveiled the covert operations of intelligence analysis firm Strategic Forecasting Inc. (STRATFOR).

Most recently, media sites have claimed the hacking and release of emails of military law firm Puckett & Faraj by Anonymous would effectively destroy the company.

By comparison, other hacktivist tactics (such as the release of usernames, passwords or credit card information) are annoying and inconvenient, but essentially transient in their impact. Passwords can be changed, credit cards can be replaced and money refunded.

Intuitively, you would expect the release of internal communications of a company to be potentially devastating. There is the likelihood of revealing unknown secrets to the public and interested parties. At the very least, the truth of what lies behind the corporate image portrayed to the public is laid bare.

WikiLeaks lessons

In recent times, the world has witnessed the impact of the release of about 250,000 US diplomatic cables on WikiLeaks.

But despite the potential and the perception, does the release of this sort of communication really do that much damage? Commentators have long been dismissing the actual impact of the release of the cables on WikiLeaks.

As Anatol Lieven, professor in the War Studies Department of King’s College London commented at the time: “it was hardly news that US officials privately despise Hamid Karzai and believe that his family are deeply involved in the heroin trade”.

Others have also questioned the impact, if any, of the cables' release. Some have even argued that the cables' release actually helped the US by debunking conspiracy theories about its foreign policy.

Would-be leakers face several challenges when trying to capitalise on the information they have obtained. The biggest is actually sifting through millions of emails or internal documents for significant and interesting content.

It is a massive task and one that takes time, resources and money. The other problem is to get anyone to actually act on the information. This is made all the harder if you are attacking organisations that have close links to the agencies that would normally prosecute any perceived wrongdoing.

In the case of the high-profile hacks by Anonymous, were the outcomes as damaging as the victims and the media claimed?

Aaron Barr: death of a CEO

Anonymous’initial success with the release of corporate emails was in February 2011 with the hack and making-public of emails from security firm HBGary Federal and HBGary Inc.

The hack was prompted by a report in the Financial Times in which Aaron Barr, CEO of HBGary Federal, claimed he was about to identify leaders of Anonymous.

After the publication of the emails and the highlighting of its varied revelations, Barr resigned.

The full revelations of the HBGary emails brought to light a “dirty tricks campaign” aimed at WikiLeaks involving not only HBGary Federal but other firms, potentially at the behest of the Bank of America.

HBGary Inc appears to have come out of the episode largely unscathed. The company quickly distanced itself from HBGary Federal and claimed the actions were entirely the doings of Aaron Barr.

Rather than losing customers, HBGary claimed to have “ended up getting additional business”.

In fact, Anonymous may have also ended up doing HBGary an additional favour in helping the company divest itself of Aaron Barr, who was increasingly being described as “embattled”.

No christmas for STRATFOR

Christmas definitely did not arrive for STRATFOR. The company’s site was hacked by Anonymous on Christmas Eve, its website defaced, more than 2GB of emails removed, and the STRATFOR private subscriber list and details of 90,000 credit cards from subscribers taken. The stolen credit card details were allegedly used to make donations to various charities.

There have been claims the STRATFOR emails would reveal the company was carrying out more specific and possibly covert intelligence-gathering than it had publicly admitted.

This was denied by George Friedman, STRATFOR’s founder and CEO who said: “as they search our emails for signs of a vast conspiracy, they will be disappointed”.

STRATFOR is now facing a class-action lawsuit demanding US$50m in damages for failing to secure its computer systems and encrypt credit card information.

As for the impact on the company, there has been the cost of offering all of its subscribers identity theft protection.

Apart from that, interestingly, the firm has earned some respect for the way in which it dealt with the hack and sympathy from the public for its victim status.

Puckett & Faraj

Puckett & Faraj is the law firm that defended Frank Wuterich for his role in the Haditha massacre in which 24 unarmed Iraqi men, women and children were killed by US Marines.

Wuterich, accused of negligent homicide in the deaths of two women and five children, escaped with a demotion to private and was only charged with dereliction of duty.

Anonymous became incensed by the iniquity of a justice system that failed to prosecute a US marine who admitted his role in killing civilians while Bradley Manning, the soldier at the heart of the WikiLeaks prosecution, faced life imprisonment. Anonymous hacked the website of Puckett & Faraj and released 2.6GB of emails and documents.

Some of the emails have shown the extent to which the firm, run by former marines, lobbied influential military personnel and congressmen to assist in “making this whole case go  away”.

Although there were initial suggestions the hack and release of emails could destroy the firm, the website at least is back up, albeit showing content that is out-of-date.

As with the view that WikiLeaks may have actually helped the US with the release of diplomatic cables, the exposure by Anonymous of underhand dealings of a law firm may have also perversely served to promote the company.

In the system of US military justice that appears to have already foregone an ethical basis and is already comfortable with backroom deals, the revelations will come as no surprise and certainly would not put off potential customers seeking to escape prosecution. In fact, it would likely do quite the reverse.

Did it make a difference?

In all three of the Anonymous hacks, the companies not only survived but actually seemed to benefit from the potentially catastrophic events. That’s not to say they all came out of the process with their integrity intact.

HBGary Federal was uncovered for attempting to run a dirty tricks campaign against WikiLeaks. STRATFOR was shown up for its cavalier handling of customers’ credit cards. The hack of Puckett & Faraj highlighted the case of Haditha and the US Marines’ involvement in the deaths of 24 unarmed Iraqi civilians.

Another highlighted aspect is that, in a world where the personal is increasingly public, the impact of revealing another’s private life is rapidly diminishing.

In the same way we remember little of what WikiLeaks released, the targets of Anonymous will continue to thrive, possibly having implemented more secure systems and, of course, thinking twice about what they put in writing.

David Glance is a Director at the Centre for Software Practice at The University of Western Australia.This article first appeared in The Conversation on February 15. Republished with permission.

Related Articles