More ramifications of the poor security at HBGary

FoxNews.com – Anonymous Hackers Release Stuxnet Worm Online
[Via Fox News]

The group of anonymous “hacktivists” that made headlines for online cyberattacks in December just released a bombshell online: a decrypted version of the same cyberworm that crippled Iran’s nuclear power program.

[More]

Amongst the files found when Anonymous infiltrated the HBGary servers, using pretty simple techniques, was this one.

Makes one really wonder about sophisticated cyber-espionage when a security company who has had ties with the NSA and others can so easily be broken into. It is like hearing that the plans for the stealth bomber were stolen from the file cabinet by drilling the lock. The breakin was pretty simple stuff.

And they were mainly able to do it because the CEO and COO appeared to disregard standard security protocols with passwords. Kind of bad for business when the guys at the top are the idiots who fail.

What were they doing with stuxnet to begin with? They received it in July 2010, shortly after its discovery. Interestingly, by September, it was ready to deny that it knew anything about the worm.

I wonder if anyone at the NSA is sweating about what else Anonymous may have found lying around the HNGary servers? Just think about what might have happened if Anonymous had gotten stuxnet before it brought down the Iranian nuclear effort?

Now think about what might happen with stuxnet or other information now in the hands of hackers like Anonymous.

One should not piss off hackers when one’s own house is so poorly protected.