[August 22, 2011] Hacked cybersecurity firm HBGary storms back after ridicule fades Tweet Aug 21, 2011 (The Sacramento Bee - McClatchy-Tribune Information Services via COMTEX) -- For years, few people knew about HBGary Inc., a Sacramento tech firm working on the esoteric frontiers of cybersecurity. Then a bizarre episode turned the 30-employee firm into a combination global laughingstock and villain. A maker of software designed to thwart hackers, HBGary was itself victimized by hackers in February. The group called Anonymous stole thousands of HBGary's emails and gleefully posted them on the Internet. As if that weren't bad enough, the emails revealed a dirty-tricks scheme, cooked up by HBGary's sister company, to undermine foes of the U.S. Chamber of Commerce. The plot brought a cascade of threats to HBGary's headquarters in a Fair Oaks Boulevard office complex. Customers postponed purchases. "We were terrified," said Chief Executive Greg Hoglund. "I saw all the fruits of my labor, my livelihood, being jeopardized." But HBGary didn't implode. Customers returned and new ones followed. In a sit-down interview recently, the owners insisted the whole episode wound up enhancing their credentials as defenders of Internet security. "The amount of brand recognition that we got out of that -- you couldn't have bought that for a million dollars," Hoglund said. Revenue will grow 60 percent this year, and HBGary is hiring, said Penny Leavy-Hoglund, president and Greg Hoglund's wife. She wouldn't disclose revenue figures. "In a weird sort of way, it has helped our business," she said. Not that it was easy. The delayed purchases ran into the millions. HBGary spent a fortune hiring lawyers and combing through its systems to make sure they were intact. The company's image needed fixing, too. The Hoglunds quickly insisted they knew nothing of the chamber scheme. They also had to persuade customers that HBGary wasn't actually hacked. "There was a misconception about us being insecure," Greg Hoglund said. He said the problem originated in the website of the Washington, D.C.-based sister company, HBGary Federal. Anonymous' hackers exploited a flaw in the website. Once inside, they found passwords for both companies' emails, Hoglund said, adding that no Sacramento employees were involved in designing or maintaining the HBGary Federal website. Asked if Anonymous deserved any grudging respect for its attack, Hoglund was dismissive: "What they did was not so technical. The only reason they got in was because there was a gaping hole." The Sacramento company rallied once customers realized HBGary's systems were secure, said Andrew Hay, an analyst with research firm the 451 Group. It helped that HBGary's highly specialized software is considered indispensible in some circles, he said. "They seem to have come back well," said Chris Christiansen of the research firm IDC. "Most of their customers don't have an alternative." High-tech cat-and-mouse Last month, more than a dozen people tied to Anonymous and a related group, LulzSec, were arrested in the United States and United Kingdom. Most were charged in an attack on PayPal, the online payment service, but two of those arrested by Scotland Yard have been linked in media reports to the HBGary attack. The pair, both teenagers, were identified only by their online handles, Topiary and Tflow. The Hoglunds say they've been interviewed by the FBI and that the investigation remains open. They have no pity for the hackers; Greg relishes the idea of them doing "very serious jail time." Despite the damage done by Anonymous, the cat-and-mouse culture of cybersecurity still thrills the Hoglunds. "It's like a real-world version of Tom Clancy," Hoglund said. "When we're chasing a bad guy around on a network and we're watching him countermeasure our move ... you couldn't ask for a more real-time hacker video game." It's also serious business. An HBGary product called Razor, a software system bundled in a bright-blue computer case, sells for $23,000. The Hoglunds have been battling cybercrime for years. Penny, 48, is a veteran of several firms. Greg, 38, never went to college but wrote two books on network security. They co-founded one anti-hacker company a decade ago in Silicon Valley but decided to move to Sacramento for the less-expensive lifestyle. HBGary -- the name is an amalgam of Hoglund and two other business partners -- was formed in 2003. HBGary's clients have included Walt Disney and Morgan Stanley, the stolen emails show. The firm won't confirm any clients' identities. In late 2009, the company created HBGary Federal to work on classified projects for the U.S. government. It hired Navy veteran Aaron Barr, a former Northrop Grumman official, to run it. But the new company, based in Washington, D.C., struggled badly. The emails show the Hoglunds were losing patience with Barr. In February, seeking to make a splash, Barr told Britain's Financial Times he was going to reveal the identities of Anonymous. The hacker group had gained notoriety for attacking companies that refused to do business with WikiLeaks. The Hoglunds thought little of Barr's boast -- or of Anonymous. "I thought they were just a bunch of kids," Greg said. Black Sunday Two days later was the Super Bowl -- "Black Sunday," as Greg now calls it. He tried logging into his corporate email, but someone had changed his password. It took him hours to get everything clamped down. By then the damage was done. Hackers had grabbed HBGary and HBGary Federal emails, stored on Google's servers. Some of the Sacramento company's innermost secrets spilled out -- a love note from Penny to Greg, a network-security handbook belonging to Morgan Stanley. The humiliation was sealed when Stephen Colbert poked fun of the company on his Comedy Central show, "The Colbert Report." Then it got truly ugly. The emails showed that Barr was teaming with two other security firms to create an online disinformation campaign against organized labor groups. They planned to pitch their scheme to lawyers for the U.S. Chamber of Commerce. The Hoglunds say they knew nothing of the chamber plan, even though Penny owns 48 percent of HBGary Federal and the Sacramento company owns 15 percent. "We were up to our eyeballs at HBGary dealing with our own business," Penny said. The Hoglunds' claim was met with considerable skepticism, they acknowledge. In the public's eye, HBGary and HBGary Federal were one and the same. The Sacramento company was forced to pull out of a San Francisco trade show in mid-February after its booth was vandalized. Barr quickly resigned, but it took weeks for the controversy to die down. Even now, the fallout continues. Earlier this month, HBGary Federal had to threaten legal action to keep Barr from speaking at a Las Vegas hacker conference. And hardly a day goes by without a reminder of the attack. In late July, someone claiming to speak for LulzSec, the Anonymous spinoff group, posted on Twitter: "Out of everything we've ever torn to shreds, HBGary was the most fun." Asked about that, Greg Hoglund practically snorted. "They didn't tear us to shreds," he said. "We're quite healthy and growing like crazy." ------ Call The Bee's Dale Kasler, (916) 321-1066. -- Read more articles by Dale Kasler ___ (c)2011 The Sacramento Bee (Sacramento, Calif.) Visit The Sacramento Bee (Sacramento, Calif.) at www.sacbee.com Distributed by MCT Information Services [ Back To TMCnet.com's Homepage ]