The Tech Herald exposÃ© then proceeds to describe how the Justice Department recommended the law firm of Hunton & Williams to undertake an internal investigation at BOA, and Hunton & Williams brought three security consultancies and US defense contractors, Palantir Technologies, Berico Technologies and HBGary, on board to do a report on WikiLeaks in order to pitch BOA on hiring all of these organizations to undertake a concerted effort to stop WikiLeaks and protect Bank of America.
The document prepared by the three security firms, titled Wikileaks Threat, contains some interesting information on the organization of WikiLeaks and identifies a number of major players.
WikiLeaks was launched in 2006 by self-described Chinese dissidents and interested parties from five continents.
Within a year of its launch, WikiLeaks claimed to possess over 1.2 million documents from thirteen countries.
As of January 2010, the WikiLeaks team consisted of five full-time employees and about 800 volunteers.
The employees and volunteers are spread across the world, with their identities largely unknown. …
Part of the strategy involves incorporating and registering WikiLeaks in different countries under different auspices that provide maximum protection under the laws of these countries: a library in Australia, a foundation in France, and a newspaper in Sweden, and two no-Âname tax exempt 501c3 non-Âprofits in the United States are some examples. Many of the releases of documents for a while were based in Iceland where laws are extremely protective of speech.
The Threat report (now hosted on WikiLeaks) identifies in particular:
Founder: Julian Assange
Registered Owner: John Shipton of Nairobi
“Uncertain” organizational status:
IT Specialist: Jacob Applebaum
“Volunteers” (Allied Left-wing Bloggers):
Journalist: James Ball
Proposed counter-measures included:
Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.
Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done.
Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates.
Search for leaks. Use social media to profile and identify risky behavior of employees.
They were planning to bring in Booz Allen to conduct the internal review at Bank of America, and were conducting initial social media investigations, when Aaron Barr, head of security services firm HBGary Federal, boasted to the Financial Times that he had used social media sites to gain enough information to threaten hackers with arrest.
An international investigation into cyberactivists who attacked businesses hostile to WikiLeaks is likely to yield arrests of senior members of the group after they left clues to their real identities on Facebook and in other electronic communications, it is claimed.
Supporters of the internet group – known as Anonymous, which gained wide attention after it co-ordinated attacks that crashed the websites of some businesses that had broken ties with WikiLeaks – have continued to ambush high-profile targets, recently forcing government sites in Egypt and Tunisia to close. …
[A] senior US member of Anonymous, using the online nickname Owen and evidently living in New York, appears to be one of those targeted in recent legal investigations, according to online communications uncovered by a private security researcher.
A co-founder of Anonymous, who uses the nickname Q after the character in James Bond, has been seeking replacements for Owen and others who have had to curtail activities, said researcher Aaron Barr, head of security services firm HBGary Federal.
Mr Barr said Q and other key figures lived in California and that the hierarchy was fairly clear, with other senior members in the UK, Germany, Netherlands, Italy and Australia.
Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who “are the most senior and co-ordinate and manage most of the decisions”, Mr Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.
Retaliation was quick.
The response was brutal, resulting in full control over hbgary.com and hbgaryfederal.com. They were also able to compromise HBGaryâ€™s network, including full access to all their financials, software products, PBX systems, Malware data, and email, which they released to the public in a 4.71 GB Torrent file.
In a statement emailed to The Tech Herald, Anonymous called Barrâ€™s actions media-whoring, and noted that his claims had amused them.
â€œLet us teach you a lesson you’ll never forget: you don’t mess with Anonymous. You especially don’t mess with Anonymous simply because you want to jump on a trend for public attention,â€ the statement directed to HBGary and Barr said.
â€œYou have blindly charged into the Anonymous hive, a hive from which you’ve tried to steal honey. Did you think the bees would not defend it? Well here we are. You’ve angered the hive, and now you are being stung. It would appear that security experts are not expertly secured.â€
Anonymous also released more than 50,000 HBGary internal emails to the public.
HBGary admits that the attacks were successful:
HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately. To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available.
Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.
Hat tip to Slashdot.