Right now you can download a 4.7 gigabyte file full of about 50,000 emails stolen from a computer security expert named Aaron Barr. That's what happens when you cross the hacking collective Anonymous.
Hackers from Anonymous, best-known for attacks on Scientology and Wikileaks detractors, trashed Barr's online life Sunday evening after learning he planned to meet with the FBI tomorrow and hand over information he'd gathered about them. They defaced the website of HBGary Federal, the D.C.-based computer security firm Barr works for. Then they took over Barr's Twitter account, tweeting his social security number and a file containing 50,000 HBGary company emails. They even claim to have wiped his iPad.
Barr became a target of Anonymous after he appeared in a Financial Times article this weekend claiming he'd "penetrated" the group, identifying members by watching their chats and analyzing social networking profiles. He described a hierarchy of 30 core Anonymous members along with 10 who "are the most senior and co-ordinate and manage most of the decisions." Barr said the information could help authorities make arrests in their ongoing investigation into Anonymous' "Operation Payback" attacks against Mastercard and Visa in December; he cast Anonymous as an organized crime syndicate about to be blown open.
This pissed off Anonymous. They see themselves as an utterly democratic mass of untraceable Internet users who come and go as they please. It didn't help that members' confidence in their anonymity had already been rattled by a series of high-profile FBI raids.
"The article is complete crap. He's one of the millions of security tools who think they know what they're talking about," an Anonymous associate told us. "There's really no hierarchy.... no one can tell anyone else what to do." And from what we and others have seen, he's right.
So Anonymous hackers went to work. Their rage was further stoked when they discovered in Barr's email account a document containing the real names and personal information of suspected Anonymous members, along with indications he was going to sell it to the FBI. According to our source, the hackers decided to confront Barr directly. They identified the handle he'd been using to spy on their group for months: "CogAnon". Then they lured CogAnon into a chat room and revealed that he'd been compromised.
"All your emails were dropped. Meaning we know you were trying to sell your fucking research to the FBI. And the sad thing is the names and info in that document//research is all fucking fake… you could have gotten a lot of random innocent people arrested," wrote one Anonymous member.
"That's an old version of my research…. not trying to sell it... much has changed," Barr wrote.
"I saw your latest data and it's all the same shit," snapped back another Anonymous member.
Though they claim it was riddled with inaccuracies, the hackers promptly posted the document, as if to prove how little they cared about the information.
This is a typical mode of attack for Anonymous when they're up against an individual or lightly-defended target: Dig up confidential information through hacking or social engineering, then dump it on the Internet as a "fuck you." They did it to a bullying copyright lawyer in England, leaking a database of 5,000 porn pirates he intended to sue. And, yes, they did it to Gawker. No wonder they like Wikileaks.
In this case, Anonymous' attack will probably just bring heavier scrutiny. HBGary founder Greg Hoglund told Brian Krebs. "They didn't just pick on any company, but we try to protect the US government from hackers. They couldn't have chosen a worse company to pick on."