HB Gary: Setting the record straight

Opinion by Dan Raywood

A year in the headlines has left HB Gary in the same position as the likes of Sony, RSA and Lockheed Martin.

A year in the headlines has left HB Gary in the same position as the likes of Sony, RSA and Lockheed Martin.

CEO and co-founder Greg Hoglund recently admitted that after a slow first quarter, 2011 was shaping up to be "a great year for HB Gary".

Earlier this year, HB Gary Federal (a separate entity) was hacked following a call by its CEO, Aaron Barr, to release information on the Anonymous group. A password was discovered that allowed multiple data sources to be discovered and held to ransom by Anonymous.

Hoglund told me that Anonymous was not a group but a brand that anyone could use. “My experience was around hackers who later became LulzSec and at that time they were Anonymous, they have now all been arrested,” he said.

“I was very impressed with the UK law enforcement as there has been lots of high-profile arrests. There has been a string of cyber disasters but this did not end up hurting us. Anonymous wanted it to hurt us, to get some satisfaction.”

He was keen to point out to me that HB Gary was not hacked. HB Gary Federal had a web server with an SQL Injection vulnerability; the attacker stole the password to log in to a private Gmail account.

“HB Gary Federal had three employees and they used our Google Apps account as it is expensive to set up, and Barr was the administrator; so when they got the password they got into the account. It is simply unacceptable and they deserve to be caught and go to prison,” he said.

As this was my first meeting with HB Gary, I asked Hoglund what the company actually does. He said firstly that it is not a defence contractor, as has been falsely claimed, but a software producer with no government contracts. He said the company manufactures enterprise endpoint software that can detect malicious software and botnet infections on the physical memory of a computer.

Hoglund said the advanced persistent threat has always been a focus for the company, but it was nothing to do with what occurred in February.

He said: “We are finding that it is often Chinese state-sponsored attacks and threats; customers are working with us to figure out if they have a problem. It is an epidemic but it is not a problem forever. Any large enterprise has a compromise, we come across it but often enterprises need to see a smoking gun.

“In the US, the government has completely got it and they are trying to start to work with industry; they are making some efforts, but you cannot depend on government as they are not going to solve the problem – you need to detect in your environment. You need to contain or detect where they have been.

“You will never keep people out of your network and there is no silver bullet as security is not a technology problem, but an intelligence problem. If you can detect an intrusion and make a list of attack methods, then the attacker has to think of something new each time.

“Attackers are leaving their fingerprints all over the computer and it is not hard to detect an attack as malware often looks like it has been written by a kid, but it is looking for weapons programs and defence technology. It does not have to be sophisticated, as security products and staff focus on the perimeter.”

Hoglund concluded by claiming that the APT will continue and "we are in a cyber cold war now".

Hoglund and HB Gary will head into 2012 as major names in security, and I dare say that this is not the last we will hear of them.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events