One of my friends and someone who I respect completely in the IT Security Field for his vast knowledge in IT Security, got me up to date on the issues HBGary recently had caused by their CEO Aaron Barr disclosing the research he had conducted into identifying Social Media Vulnerabilities.
As stated on this post Anonymous to security firm working with FBI: “You’ve angered the hive” (via arstechnica.com)”
HBGary the firm had been working with the Federal Bureau of Investigation (FBI) to unmask members of Anonymous following the group’s pro-WikiLeaks attacks on financial services companies, and was prepared to release its findings next week.
Aaron Barr, CEO of security company HBGary Federal, spent the month of January trying to uncover the real identities of the hacker collective Anonymous—only to end with his company website knocked offline, his e-mails stolen, 1TB of backups deleted, and his personal iPad wiped when Anonymous found out. ~ via arstechnica.com (Virtually) face to face: how Aaron Barr revealed himself to Anonymous
I found this video also as a reponse by Anonymous on Youtube
After reading a bit about the incident I was not able to find any information on the incident by HBGary.
I honestly think these folks where to worried on Social Media vulnerabilities from the technical aspect but not from the reputational and practical stand point which can hurt them most.
I have seen how they cancelled various events (HBGary Federal quits RSA over Anonymous WikiLeaks email) not sure if that is the right approach.
I also noted no disclosure of the incidents has been made on the HBGary Federal corporate website.
I honestly think that the security game of cat and mouse would have made Aaron’s findings on vulnerabilities obsolete as soon as he disclosed them.
Not sure what Mr. Barr’s intentions with disclosing so much info on his research. In my opinion his actions of disclosing too much came back and slapped him in the face.
This is a large example on how a company representative can risk there reputation and company by disclosing too much.
Do you know of any other situations where companies and individuals have fallen into issues because of disclosing too much via online networks?