 |
| Source: http://arstechnica.com |
These aren't really surprising, to me at least, but I find them very enlightening. HBGary worked along side other companies to put together demos to sell zero-day exploit tools to the government. Two government agencies specifically mentioned in the Ars article are the Air Force and SOCOM. HBGary claims to have many zero-day exploits and even to have sold many of them to others. Here is a list:
VMware ESX and ESXi *
Win2K3 Terminal Services
Win2K3 MSRPC
Solaris 10 RPC
Adobe Flash *
Sun Java *
Win2k Professional & Server
XRK Rootkit and Keylogger *
Rootkit 2009 *
* signifies an exploit that has been sold with a non-exclusive license and can be resold to other companies.
This is a list directly from a HBGary email that was leaked recently when their servers were compromised by the hacker group Anonymous. Employees refer to these exploits as "Juicy Fruit" and apparently they were in high demand. One of the tools they developed to use these exploits is reportedly called "12 Monkeys." This was a purposed rootkit that ran completely invisible to the operating system because it had no process, or object for the operating system to be found. It also hides further by encrypting itself in the memory and randomly copying itself around in memory to escape detection.
I'll continue digging through for more "Juicy Fruit."
Certainly is juicy, this company is going to end up frying.
ReplyDeletewow thats interesting
ReplyDeleteVery informative post. Thank you.
ReplyDeleteHBGary not only deserved what they got, but hopefully will serve as an example to the rest of the IT world that NO ONE is immune to the wrath of a smart enough person!
ReplyDeletenice
ReplyDeleteI think I've heard of 12 monkeys before... can't remember where tho'
ReplyDeleteInteresting, Hackers being hacked!
ReplyDeleteThanks for the info man
ReplyDeletejust trying to imagine the coding behind those programs is pretty intense. that there are still so many loop holes.
ReplyDelete