HBGary Federal Emails Reveal More Unreported Attacks

Wednesday, March 09, 2011



Emails leaked in the HBGary Federal network breach reveal a spate of high level attacks targeting leading companies across multiple industries.

The foreign-based attacks appear to be industrial espionage efforts intended to harvest sensitive trade secrets and intellectual property. The majority of the attacks are said to originate in China and Russia.

Democratic Senator Sheldon Whitehouse of Rhode Island said "we are on the losing end of the biggest transfer of wealth through theft and piracy in the history of the planet."

HBGary Federal is one of a handful of security companies hired by large corporations to investigate network security events.

The company was the target of a hacking operation conducted by the hacktivist movement known as Anonymous which resulted in the release of tens-of-thousands of company emails.

Among the previously unreported breaches was a successful attack on financial firm Morgan Stanley, a victim of the highly sophisticated Operation Aurora cyber attacks which began in mid-2009.

Operation Aurora targeted dozens of large firms, including DuPont, Adobe, Northrop Grumman, Dow Chemical, and most famously Google.

According to the leaked HBGary Federal emails, DuPont was the target of another attack in 2010 which was not reported to investors or regulators.

Other companies revealed in the emails to have suffered network attacks include Johnson & Johnson, Royal Dutch Shell, General Electric, Exxon, Sony, BP and Walt Disney - to name just a few.

“It appears that every industry is being victimized by intrusions,” said FBI Deputy Assistant Director Steven Chabinsky.

Under U.S. securities law, companies are required to report any information considered to be "material" to investors in regular filings with the Security and Exchange Commission.

“The companies don’t want to disclose it. They want to just basically eat the harm that was done to them and pretend that all is well," Senator Whitehouse said.

For more details on the companies and industries revealed to have suffered attacks, see the Bloomberg article here:

Source:  http://www.bloomberg.com/news/2011-03-08/hacking-of-dupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html

Possibly Related Articles:
Email Hacking Intellectual Property Headlines Espionage Anonymous breach HBGary Federal
Post Rating I Like this!
Tom Coats Well I suppose this shows that HBGary did some good work. This Tiger-Team mentality though is their downfall. In this business you better be cleaner than the whitest snow. If they act like teenagers at a rumble they have have to expect some bruises. I am not defending Anonymous, but if HBGary and Anonymous are fighting each other perhaps they will leave the rest of us alone.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked