HBGary

From MURAT: Project PM, Project Hastings, Project Swartz
Jump to navigation Jump to search

The company was founded by Greg Hoglund in 2003. In 2008, it joined the McAfee Security Innovation Alliance. The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences. HBGary also analyzed the GhostNet and Operation Aurora events. As of 2010, it has offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.

HBGary Federal had been set up with Aaron Barr as CEO instead of Greg to provide services and tools to the US government, which might require security clearance. As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies. In early February of 2011, HBGary and HBGary Federal were raided by several Anons, who thereafter released over 70,000 e-mails acquired from their shared server. A subsequent review of those materials by journalists and activists revealed that the firm had partnered with Palantir and Berico to provide various offensive information operation services to prospective clients under a partnership known as Team Themis. Later, the capability known as persona management and its use by CENTCOM was also discovered via the e-mails, as was a complex apparent U.S. military surveillance and propaganda apparatus referred to as Romas/COIN. Information on other firms and parties have continued to be found among the data.


Major Players

Aaron Barr, Former CEO, HBGary Federal

Greg Hoglund, Founder and Current CEO, HBGary

Ted Vera, COO, HBGary Federal

Phil Wallisch, Former Principal Technical Consultant

Staff

Links are to emails or attachments that provide the information quoted. The emails themselves are not necessarily of any significance. Staff may no longer be employed. (NOTE: Content is currently hosted in various alternative locations. See MURAT team for access)

General Contact Email Addresses:

Products

HBGary Products
Name Purpose
FastDump, FastDumpPro RAM snapshots (aka memory imager) of Windows computers
Responder Pro, Responder Field Edition Analyze RAM, pagefiles, VMWare images, etc.
sort & display images, network links, etc.
Digital DNA, Active Defense detects malware
Inoculator malware detection through Remote procedure call
FGET collect forensics data remotely
REcon 'sandbox' malware recorder
Fingerprint analyzes common patterns amongst malware, such as algorithms, encodings, compilers used, names used, etc., and possibly attempt to identify the creators of a piece of malware.Fingerprint is advertised as being a way to discover information about the authors of various pieces of malware, by analyzing the aforementioned patterns.
Flypaper capture malware binary code

Some products are integrated into other products (i.e. REcon and Digital DNA into Responder)


Emails

From: Ted Vera
Sent: Thursday, 22 July, 2010 09:22 AM
To: Chisholm, Chris (US SSA)
Cc: Maier, Raymond "Joe" (US SSA) (US ASTSS Huntsville); [email protected]
Subject: HBGary

Chris,
 
It was a pleasure meeting with you yesterday.  Please stay in touch and let me know when you're in town.
When should I expect to see a draft teaming agreement?
 
I've attached some of our product sheets for your review.  Our software can be especially helpful for organizations who conduct
incident response, digital forensics investigations, vulnerability research / proof-of-concept exploit development, and malware
reverse engineering / analysis.  If you have any such organizations within BAE I'd really appreciate an introduction.
 
Also as we discussed, HBGary has offensive cyber capabilities (we don't advertise).  I have several 0-day proof-of-concept exploits
on the shelf ready for weaponization.  If you have any qualified customers who would be interested, I can send you summary
descriptions.
 
Regards,
Ted


from	Ted Vera [email protected]
to	"Estell, SuZett (US SSA)" <[email protected]>
date	Thu, Oct 7, 2010 at 4:50 PM
subject	Re: Ping
	
Hi Suzett,

Attached are three whitepapers which illustrate some of our cyber
capabilities, both defensive (zero-day detection, automated reverse
engineering and analysis), and offensive (zero-day exploit
development).

Regards,
Ted

hbgthreatreport_aurora.pdf
LTIE_AD_Final.pdf
softwareexploitationhbgary.pdf

Links

Black ops: how HBGary wrote backdoors for the government

HBGary's "Magenta" Rootkit project

Spy games: Inside the convoluted plot to bring down WikiLeaks


Ongoing Research to Be Incorporated into Page

http://pastebin.com/zyFmV1KQ - August 25, 2011

HBGary Federal and Facebook scraping