In a previous post I explained what a botnet is and how criminals use them to attack certain targets on the Internet. In that article, I equated those botnets to the battle droids used in Star Wars Episode I: The Phantom Menace. In this article, I have an even more outlandish story to tell. The main character of this story is Aaron Barr, CEO of Security firm HBGary . He reminds me of the main character Tony Stark in the Iron Man movies. Sometimes you love him, sometimes you hate him, and sometimes you just feel sorry for him. While Tony Stark’s weakness was the shrapnel coursing through his veins, Aaron Barr’s weakness was his simple use of a single password between multiple online systems.
Aaron Barr thought he could track down the identity of hackers using social media. He thought if he did this, it would generate a lot of publicity for his company. In order to generate as much publicity as possible, he went after a hacker group called “Anonymous”. It is believed that this group orchestrated an attack on credit card companies in retaliation for blocking Wikileaks funding channels. The entire story can be read here, but suffice it to say, Aaron befriended some of the members of the group. He followed through with his plan by giving them reason to trust him, but then turned on them and threatened to expose what he believed to be their true identities. Aaron acted as a renegade in his investigation and even people within his own company were sometimes critical of his motives and actions . For instance, the way in which he was identifying the hackers using social media was unproven and undocumented. Aaron was unwilling to share details of how his system worked with anyone. He either didn’t know who to trust, or didn’t have the data to backup his claims. Continue reading