Sunday, February 20, 2011

Follow-up New Cyber Warfare

I wrote recently linking to an article on Ars Technica about HBGary selling exploits to the government. It is a long article and I have been slowly working through it to give a summary of what it brings to light. I have a few every interesting things that have been going on.

These aren't really surprising, to me at least, but I find them very enlightening. HBGary worked along side other companies to put together demos to sell zero-day exploit tools to the government. Two government agencies specifically mentioned in the Ars article are the Air Force and SOCOM. HBGary claims to have many zero-day exploits and even to have sold many of them to others. Here is a list:

VMware ESX and ESXi *
Win2K3 Terminal Services
Solaris 10 RPC
Adobe Flash *
Sun Java *
Win2k Professional & Server
XRK Rootkit and Keylogger *
Rootkit 2009 *

* signifies an exploit that has been sold with a non-exclusive license and can be resold to other companies.

This is a list directly from a HBGary email that was leaked recently when their servers were compromised by the hacker group Anonymous. Employees refer to these exploits as "Juicy Fruit" and apparently they were in high demand. One of the tools they developed to use these exploits is reportedly called "12 Monkeys." This was a purposed rootkit that ran completely invisible to the operating system because it had no process, or object for the operating system to be found. It also hides further by encrypting itself in the memory and randomly copying itself around in memory to escape detection.

I'll continue digging through for more "Juicy Fruit."


  1. Certainly is juicy, this company is going to end up frying.

  2. Very informative post. Thank you.

  3. HBGary not only deserved what they got, but hopefully will serve as an example to the rest of the IT world that NO ONE is immune to the wrath of a smart enough person!

  4. I think I've heard of 12 monkeys before... can't remember where tho'

  5. Interesting, Hackers being hacked!

  6. just trying to imagine the coding behind those programs is pretty intense. that there are still so many loop holes.


Praise me or Flame me, I appreciate the feedback.