Entry Title: WHID 2011-38: HBGary Federal Hacked by Anonymous WHID ID: 2011-38 Date Occurred: February 7, 2011 Attack Method: SQL Injection Application Weakness: Improper Input Handling Outcome: Leakage of Information Attacked Entity Field: IT Services Attacked Entity Geography: USA Incident Description: In a phone interview late Sunday evening, Hoglund said that unlike the more traditional Web-site attacking activities of Anonymous, the hackers who infiltrated HBGary¹s system showed real skills, even social engineering a network administrator into giving them complete control over rootkit.com, a security research site Hoglund has long maintained. ³They broke into one of HBGary¹s servers that was used for tech support, and they got emails through compromising an insecure Web server at HBGary Federal,² Hoglund said. ³They used that to get the credentials for Aaron, who happened to be an administrator on our email system, which is how they got into everything else. So it¹s a case where the hackers break in on a non-important system, which is very common in hacking situations, and leveraged lateral movement to get onto systems of interest over time.² Mass Attack: No Reference: http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/ Attack Source Geography: