HBGary has published an open letter clarifying some issues about the security breach suffered earlier this year and acknowledging that keeping silent did the company more harm than good.HBGary was the favorite subject of security news websites and blogs for much of February, following an attack by the Anonymous collective that resulted in the leak of sensitive tens of thousands of emails.
Anonymous targeted a HBGary subsidiary called HBGary Federal which dealt with government contracts and was headed by Aaron Barr, a researcher who bragged in the media about uncovering the real identities of the hacktivist group's leaders.
Anonymous members managed to compromise a HBGary Federal webserver and the Google-hosted email accounts of several of the company's senior executives, as well as HBGary CEO Greg Hoglund's.
In the
open letter published on HBGary's website, the company claims that its internal network has not been affected by the breach and neither was the source code of its security software, despite some bogus reports to the contrary.
The company adds that its involvement in HBGary Federal was fairly limited. "
First, HBGary, Inc. and HBGary Federal are two distinct companies with completely different management, employees and missions."
As is evident from the released emails, while members of HBGary Inc. served on the Board of Directors for HBGary Federal, the Board was not involved in the day to day activities of the Company but rather only in the overarching financial direction of the business, especially since much of the work of HBGary Federal is classified," it wrote.
HBGary considers itself a "victim of circumstance" in Anonymous' revenge attack against Aaron Barr and HBGary Federal. The company also denies developing malicious software for the government to use in cyber attacks against foreign nations.
"
It's unfortunate that our internal communications were stolen and interpreted without context. [...] We wish the journalistic standards of fact-checking and verification were uniform across the press, but unfortunately, the blog-o-sphere makes that impossible," it adds.
Finally, the company acknowledges that acting based on the advice of its legal counsel and minimizing contact with the press was probably not the best decision and contributed to the level of misreporting.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
