HBGary Federal: Algorithms, Social Networks, and COMINT

Thursday, February 17, 2011

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0
When I had heard that HB Gary had been popped and their spool file was on PB I thought that it was unfortunate for them as a fairly well known company.

Once the stories started coming out though with the emails being published online, I began to re-think it all. It seems that Aaron Barr really screwed up on this whole thing.

He primarily did so due to his own hubris, and for this I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr's digital spine.

It seems that Barr was labouring not only a flawed theory on tracking social networks, but also in that he planned on selling such a theory and application to the government.

One notion was bad, and the other was worse. First off though, lets cover the science shall we? Barr wanted to track users on social networks and show connections that would lead to further data on the users.

The extension that he was trying to make was obtaining actual real names, locations and affiliations from disparate sources (i.e. Facebook, Twitter, Myspace, IRC, etc) While this type of data gathering has been done in the past, it has not usually been culled from multiple sources automatically electronically and then strung together to form a coherent pattern.

In short, Barr was wanting to create software/scripts to just scrape content, and then try to connect the dots based on statistics to tie people to an entity like Anonymous.

The problem, and what Barr seemed to not comprehend, is that the Internet is a stochastic system, and as such it is impossible to do what he wanted with any kind of accuracy. At least in the way he wanted to do it, you see, it takes some investigation skills to make the connections that a scripted process cannot.

This can be seen directly from the article snippet below where the programmer calls Barr on his flawed logic in what he was doing and wanted to do.

   From "How one man tracked down Anonymous and paid a heavy price"

   "Danger, Will Robinson!"

   Throughout Barr's research, though, the coder he worked with worried about the relevance of what was being revealed. Barr talked up the superiority of his "analysis" work, but doubts remained. An email exchange between the two on January 19 is instructive:

   Barr: [I want to] check a persons friends list against the people that have liked or joined a particular group.

   Coder: No it won't. It will tell you how mindless their friends are at clicking stupid frak that comes up on a friends page. especially when they first join facebook.

   Barr: What? Yes it will. I am running throug analysis on the anonymous group right now and it definately would.

   Coder: You keep assuming you're right, and basing that assumption off of guilt by association.

   Barr: Noooo….its about probabilty based on frequency...c'mon ur way smarter at math than me.

   Coder: Right, which is why i know your numbers are too small to draw the conclusion but you don't want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.

   Barr: [redacted]

   Coder:
[some information redacted] Yeah, your gut feelings are awesome! Plus, scientifically proven that gut feelings are wrong by real scientist types.

   Barr: [some information redacted] On the gut feeling thing...dude I don't just go by gut feeling...I spend hours doing analysis and come to conclusions that I know can be automated...so put the taco down and get to work!

   Coder: I'm not doubting that you're doing analysis. I'm doubting that statistically that analysis has any mathematical weight to back it. I put it at less than .1% chance that it's right. You're still working off of the idea that the data is accurate. mmmm…..taco! HB Gary: Hubris, Bad Science, Poor Operational Methodology, and The HIVE MIND


Aaron, I have news for you, the coder was right!

Let the man eat his taco in peace! For God's sake you were hanging your hat completely on scrape data from disparate social networks to tie people together within a deliberately anonymous body of individuals!

Of course one could say that this is not an impossible feat, but, one would also say that it would take much more than just gathering statistical data of logins and postings, it would take some contextual investigation too. This was something Barr was not carrying out.

I actually know something about this type of activity as you all may know. I do perform scraping, but, without real context to understand the data (i.e. understanding the users, their goals, their MO, etc) then you really have no basis to predict what they are going to do or really their true affiliations.

In the case of jihadi's they often are congregating on php boards, so you can easily gather their patterns of friendship or communications just by the postings alone. Now, trying to tie these together with posts on other boards, unless the users use the same nick or email address, is nearly impossible.

Just how Aaron Barr was proposing to do this and get real usable data is beyond comprehension. It was thus that the data he did produce, and then leak to the press enraged Anonymous, who then hacked HB Gary and leaked the data in full claiming that none of the data was correct.

Either way, Aaron got his clock cleaned not only from the hack (which now claims to have been partially a social engineering attack on the company) but also from the perspective of his faulty methodologies to harvest this data being published to the world by Anonymous. OSINT, Counter-Intelligence, and Social Engineering:

The real ways to gather the intelligence on people like Anonymous' core group is to infiltrate them. Aaron tried this at first, but failed to actually be convincing at it.
The Anon's caught on quickly to him and outed him with relish, they in fact used this as an advantage, spurring on their own efforts to engineer the hack on HB Gary.

Without the right kind of mindset or training, one cannot easily insert themselves in a group like this and successfully pull of the role of mole or double agent.

In the case of Anonymous though, it is not impossible to pull this off.It would take time and patience. Patience it seems that Aaron Barr lacked as much as he did on scientific and mathematical method where this whole expedition was concerned.

Where his method could have been successful would have only come from the insertion of an agent provocateur successfully into the core group to gather intel and report back those connections.

Without that, the process which Aaron was trying would have yielded some data, but to sift through it all with interviews by the FBI and other agencies would have become ponderous and useless in the end.

It is my belief that there is a core group of Anon's as I have said before. Simply from a C&C structure, there has to be an operational core in order for there to be cohesion.

This can be seen in any hive structure like bees, there are drones, and there is a queen. A simple infrastructure that works efficiently, and in the case of anon, I believe it is much the same.

So, were one looking to infiltrate this core, they would have a bit of a time doing so, but, it could be done. Take out the core, and you take out the operational ability of the unit as a whole to be completely effective.

To do this though, one should be able to understand and apply the precepts of counter intelligence warfare, something Barr failed to grasp.

In the end.. It bit him pretty hard in the rear end because he was in a hurry to go to press and to sell the ideas to the military industrial complex. Funny though, the real boys and girls of the spook world would have likely told him the same thing I am saying here... No sale.

Oh well... Arron Icarus Barr flew too close to the anonymous sun on wings made from faulty mathematical designs and burned up on re-entry.
Possibly Related Articles:
16643
Breaches
Social Networking Anonymous breach HBGary Federal Algorithms COMINT
Post Rating I Like this!
Af2769c2480db78c589b811b428782b0
Lee Mangold The assertion that anonymous is somehow justified in their actions based on what they (or the author) BELIEVE is a flawed theory is absolutely absurd.

Intel tools are not 100% accurate...they give leads and HELP make connections. In that regard, this kid of tool DOES work, by the way. This work is already being done by other companies and agencies...
1298042141
Af2769c2480db78c589b811b428782b0
Lee Mangold I understand. However, I am of the mindset that the theft of any data or IP is wrong. Phrases such as "I cannot fault Anonymous for their actions (within reason) in breaking HB Gary and Barr's digital spine" show that sympathy is being given for the attack on a company who made (in your estimation) flawed INTERNAL decisions and writing a "release that NEVER went out."

In what world is this justifiable? Is Anonymous fighting a social injustice or for ego?

Perhaps I'm missing a piece of the story...which is possible... How did Anon make the world a better place on this one?
1298061139
Af2769c2480db78c589b811b428782b0
Lee Mangold And from the HB Gary Press Release... It turns out that HB Gary and HB Gary Federal are separate companies...

"With regard to some of the information that came to light as a result of the publishing of stolen information, I want to assure you that your HBGary team did not participate in the development of the proposals that have been the focus of media attention. As most of you know, HBGary, Inc. and HBGary Federal are separate companies and have different management. The media confusion around this point has been unfortunate and we have been working diligently to correct it."

1298061600
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.