Security Firm HBGary Leaves RSA Conference, Citing Threats


HBGary, a Sacramento, Calif.-based security firm that has been trying to unmask the members of the hacker group Anonymous, pulled out of the RSA 2011 security conference Wednesday, claiming that its show floor booth staff had received "numerous threats of violence."

"In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks," HBGary said in a statement posted to its Web site.

HBGary said hackers from Anonymous, which supports Wikileaks, broke into its computer systems and stole proprietary and confidential information. "This breach was in violation of federal and state laws, and stolen information was publicly released without our consent," HBGary said. "HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice."

Anonymous has proven themselves a capable and rather mischievous band of hackers, said Andrew Plato, president of Beaverton, Ore.-based Anitian Enterprise Security.

"This is not a group you want to incite, and I think HBGary kind of got what they deserved," Plato said. They made all these sensationalist claims that they were going to uncover the Anonymous group and then the group struck back. Well, what did they expect?"

In Plato's view, HBGary’s claims about uncovering members of Anonymous were self-serving and flimsy. "They were clearly doing this as a publicity stunt to get more attention. Well, it worked. It just wasn’t the attention they expected," said Plato.

While the specter of violence adds an alarming new wrinkle, the latest attack on HBGary didn’t come as a complete surprise. HBGary Federal, a subsidiary of HBGary, has been working to uncover the identities of the actors behind Anonymous and has made no secret about its intention to unmask those involved. CEO Greg Hoglund was slated to lead a session at RSA entitled, "Follow the Digital Trail," that was expected to center on the investigation.

HBGary had reportedly been preparing to turn this information over to the FBI as part of the agency's probe into attacks on PayPal, Amazon and other companies that have cut ties with Wikileaks.

Earlier this month, Anonymous defaced the homepage of HBGary's Web site and stole 60,000 HBGary corporate e-mails and posted them to the Pirate Bay. Anonymous also hacked the Twitter account and LinkedIn profile of HBGary Federal CEO Aaron Barr.

"Today we taught everyone a lesson. When we actually decide to bite back against those who try to bring us down, we bite back hard," read one of the bogus Twitter posts.

Ironically, the mission statement on HBGary's Web site claims that state and national governments aren’t equipped to deal with the rapid evolution of security threats, and that HBGary has a unique understanding of the issues involved.

"We know that understanding the attacker and his methods is the only way to defeat him," reads the mission statement. "This is the core strength of HBGary and why our technology and services outperform the competition. To us, it's personal."