With the annual RSA Conference 2011 in San Francisco coming up, one participant will probably see a significant amount of discussion, that being internet security firm HBGary of Sacramento CA.  The story emerged late last weekend that the website for HBGary was completely hacked by notorious internet cyberactivist group known as “Anonymous” or “Anon”.

The attack was linked to a release late last week that featured HBGary Federal researcher Aaron Barr and his disclosure of investigative efforts into infiltrating the Anonymous group’s operations.  In that disclosure, Barr reported this research was to have led to a presentation at the RSA conference on the topic of social media and network vulnerabilities.

“Anonymous” further actions were reported:

Anon seized control of the internet security firm’s website, defaced its pages, acquired 60,000 company e-mails, deleted backup files, seized Barr’s Twitter account, and took down the founder’s website rootkit.com. – Daily Kos

Additionally the group acquired and released a document that the firm was reportedly preparing to deal with the FBI and included reported identities of various group leaders.

Many of the emails were released on bit-torrent and other file-trading networks.  The company site has been restored since these events, but at one time read:

“We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve ‘extracted’ is publicly available via our IRC networks,” the statement reads. “The personal details of Anonymous ‘members’ you think you’ve acquired are, quite simply, nonsense. So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free.”

The vector for the worst of these infiltrations involved social engineering and compromise of a non-critical tech support system and gaining access onto more critical systems from there.  Reported demands from the group for return of control of Barr’s Twitter account include Barr submitting a picture of himself with a shoe on his head, declaring defeat, and keeping the avatar they had given the account.

Security site Krebonsecurity.com posted an interview with co-founder Greg Hoglund where he states:

“Before this, what these guys were doing was technically illegal, but it was in direct support of a government whistle blower. But now, we have a situation where they’re committing a federal crime, stealing private data and posting it on a torrent,” Hoglund said. “They didn’t just pick on any company, but we try to protect the US government from hackers. They couldn’t have chosen a worse company to pick on.”

The series of attacks illustrated more sophisticated tactics than “Anon’s” typical denial of service attacks.  Recent targets have been sites that were critical of WikiLeaks releases and operations in recent news.

The HBGary.com site appears to have been restored and according to the page, Hoglund is still slated to speak at RSA on the Chinese campaign of cyber espionage.   While visitors may not see Burr or Hoglund with shoe-hats, they most certainly have one of the most interesting stories at the conference.