Disclosing too much in Social Media Can Hurt You!
One of my friends and someone who I respect completely in the IT Security Field for his vast knowledge in IT Security, got me up to date on the issues HBGary recently had caused by their CEO Aaron Barr disclosing the research he had conducted into identifying Social Media Vulnerabilities.
As stated on this post Anonymous to security firm working with FBI: “You’ve angered the hive” (via arstechnica.com)”
HBGary the firm had been working with the Federal Bureau of Investigation (FBI) to unmask members of Anonymous following the group’s pro-WikiLeaks attacks on financial services companies, and was prepared to release its findings next week.
Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out. ~ via arstechnica.com (Virtually) face to face: how Aaron Barr revealed himself to Anonymous
I found this video also as a reponse by Anonymous on Youtube
After reading a bit about the incident I was not able to find any information on the incident by HBGary.
I honestly think these folks where to worried on Social Media vulnerabilities from the technical aspect but not from the reputational and practical stand point which can hurt them most.
I have seen how they cancelled various events (HBGary Federal quits RSA over Anonymous WikiLeaks email) not sure if that is the right approach.
I also noted no disclosure of the incidents has been made on the HBGary Federal corporate website.
I honestly think that the security game of cat and mouse would have made Aaron’s findings on vulnerabilities obsolete as soon as he disclosed them.
Not sure what Mr. Barr’s intentions with disclosing so much info on his research. In my opinion his actions of disclosing too much came back and slapped him in the face.
This is a large example on how a company representative can risk there reputation and company by disclosing too much.
Do you know of any other situations where companies and individuals have fallen into issues because of disclosing too much via online networks?
photo credit Some rights reserved by skenmy
I love it when people use Gowalla to “check-in” into their houses. There is a lot of common sense involved in the issue but of course not many people have it.
I guess that people commit the mistake of trusting all online networks too much.
One thing that I have learned during the years I’ve spent surfing the net is that you don’t mess with hackers. And when these guys get together in collectives like anonymous and 4chan all hell breaks loose when someone tries to mess with them. It’s like messing with a wasp nest. A few month ago Gawker had it rough with 4chan for posting some comments that the guys didn’t like. The last thing they did was post their users logging info and some compromising internal emails. No sir, those guys are people you don’t want to mess with. TIME magazine also had a close encounter with the guys at 4chan and they where just messing around imagine if the wanted to get serious.
I agree sometimes people try stunts to get attention without realizing the many consequences this can have. In security it is a matter of time of compromising any network or infrastructure. It is easier which is the easier target or which objective is more important. I think HBGary made themselves a priority for anonymous.
The part I enjoyed the most about the video was where they spoke about the hand that feeds them slapping them in the face. If you work in security you need to understand that no matter how knowledgeable you are you have to keep a good relationship with everyone. Common Sense.