| Subject: Your assistance, please |
| From: Truth in Advertising <tia@dizum.nl> |
| Date: 3/3/11, 21:13 |
| To: tia@dizum.nl,barriticus@gmail.com |
Dear Mr. Browning:
I have the following article I'd like to publish on Crowdleaks, but I would
appreciate it greatly if you could give me some feedback on it, as it were,
prior to my publishing it.
Am I going too far out on a limb?
Am I making unwarranted assumptions?
I believe that my reasoning is sound, but I would really appreciate another
opinion.
Thanks.
My PGP key can be found at the end of this email. Do you have a PGP key?
Thanks.
Truth in Advertising <tia@dizum.nl>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?search=0xBB1F2688&op=vindex&fingerprint=on
PGP Key Fingerprint: 88D8 4D56 CE2F 9764 8226 E1F6 6DDC D7D9 BB1F 2688
P.S.: If you'd like to publish this story, please feel free to do so. I
don't even particularly care about attribution. If you don't wish to publish
it (or even comment on it) that's fine -- I'll respect that.
If I DO end up publishing on Crowdleaks, I will be discreet -- for all
intents and purposes I will treat it as if you had never seen the story, if
that is what you'd like.
TIA
===========================================================================
Aaron Barr: Pervert or Vigilante?
While trawling though the almost 72,000 HBGary emails recently acquired by
Anonymous, I came across two that are more than a little bit disturbing.
The first of these two emails, with a Subject: line of "You can't protect
stupid" was sent by Aaron Barr to his colleagues at HBGary, and contains a
copy of a posting Mr. Barr made to a hacking forum -- www.hackforums.net.
The second email -- the only reply Mr. Barr received to the above email --
was from HBGary CEO Greg Hoglund, wherein Mr. Hoglund replied:
"Thats fucking brilliant."
It would appear that Mr. Barr, who was using the handle "Night Hacker", was
a regular contributor to www.hackforums.net, having made some 121 posts
between the date he joined the site in June 2010 and the date of this
particular email, July 12th, 2010.
This email to his HBGary associates, like many others Mr. Barr sent from his
hbgary.com account, bears a valid digital signature, made with an S/MIME
Class 1 Individual Signing Certificate purchased by Mr. Barr from VeriSign
in April 2010. The existence of this valid digital signature authenticates
this email beyond a reasonable doubt. It is therfore neither a forgery, nor
has it been tampered with.
In this email, Aaron Barr describes how he hangs around chatrooms frequented
by teenagers, e.g. 321.com. The full text of his email, as well as the
response from HBGary CEO Greg Hoglund can be seen below.
Barr's first email: http://hbgary.anonleaks.ch/aaron_hbgary_com/16436.html
Hoglund's response: http://hbgary.anonleaks.ch/aaron_hbgary_com/7853.html
Once logged-in to 321.com, Barr claims he would adopt the persona of an
underage female, using a "good photo... from MySpace of a nice looking
chick...."
Barr further relates that he would choose a name like "Naughty Vicky" and
describe himself as: "16 straight and naughty got some nice pictures..."
Barr describes purportedly sending 'pictures' to people and advising them to
turn off their anti-virus programs -- it would appear from his wording that
he intended to infect his victims with a keylogger, virus or a RAT (remote
access trojan), witness his description:
"...Free Public Crypter and it only leaves your server FUD for a
small amount of time."
For those unfamiliar with this terminology, a Crypter has been described
as:
... free software used to hide... viruses, RATs or any
keylogger from anti-viruses so that they are not detected
and deleted by anti-viruses. Crypters may be coded in
different launguages but [their] functionality remain[s]
almost the same i.e to crypt your detectable servers so
they become FUD.... FUD means Fully Undetectable....
http://www.technodevils.com/forum/showthread.php?tid=277
Now, it needs to be emphasized that Mr. Barr said in his hackforums.net
post, and repeated again in email that: "This is something that I use" and
"... I go straight to a chat room such as 321.com so sign up with a good
name...."
In other words, Mr. Barr is stating that these are methods that he actually
made use of as opposed to methods or examples that he is merely describing,
or proposing that other people carry out.
All the above activities raise a number of issues:
* By Mr. Barr's own admission he was ripping-off images of young girls from
their MySpace pages, and using them as bait.
I regard the idea of a grown man (who is NOT a law-enforcement officer)
hanging about in teenage chatrooms impersonating underage girls to be creepy,
to put it mildly, This goes double, especially since (by his own admission)
he's using stolen images of /real/ underage-appearing females as part of it.
One has to wonder, is he using other stolen identity information as well?
* He describes himself as "Naughty Vicky" and states that he has some
"... pictures please don’t spread them though ok as don’t want the whole
world seeing them..."
I believe his intent here is to make his 'victims' (as he calls them)
believe:
1) That he is a "naughty" underage female; and
2) That he has some photos, which he is willing to share, which are
implied to be of a sexually-explicit nature.
Now, according to the so-called 'pandering' provisions of the currently-in-
force American child pornography statute: (18 USC 2252(A)(3)(B), it is an
offence to:
... knowingly ... advertise ... any material or purported material
in a manner ... that is intended to cause another to believe, that
the material or purported material is, or contains--
(i) an obscene visual depiction of a minor engaging in sexually
explicit conduct; or
(ii) a visual depiction of an actual minor engaging in sexually
explicit conduct;
It appears to me that Mr. Barr intends his victims to believe that the
images he is purporting to send them contain sexually-explicit images of a
minor, thus rendering him potentially liable to prosecution and conviction
under 18 USC 2252(a)(3)(B).
Whether in fact the images are sexually-explicit images of a minor or not,
is totally irrelevant, for the purposes of this statute. It doesn't matter
whether any such images even exist or not -- all that matters is that the
/recipient/ /believe/ that these purported images being offered are:
1) of a minor; and
2) are sexually-explicit in nature.
The fact that Mr. Barr apparently intended to infect his victims' machines
with a keylogger, virus or remote-access trojan (RAT) only underscores his
belief that his 'victims' who took up his offer are/were pedophiles
interested in underage girls.
Finally, regardless of his motivations, it is a clear violation of any
number of computer-crime statutes to attempt to install keyloggers/viruses/
trojans, whether or not carried out across state lines.
In particular, the laws of the state of Virginia (Mr. Barr resides in
McLean, Virginia) prohibit:
§ 18.2-152.4. Computer trespass; penalty.
A. It shall be unlawful for any person, with malicious intent, to:
[...]
6. Use a computer or computer network to make or cause to be made
an unauthorized copy, in any form, including, but not limited
to, any printed or electronic form of computer data, computer
programs or computer software residing in, communicated by, or
produced by a computer or computer network;
7. [Repealed.]
8. Install or cause to be installed, or collect information through,
computer software that records all or a majority of the keystrokes
made on the computer of another without the computer owner's
authorization; or
9. Install or cause to be installed on the computer of another,
computer software for the purpose of (i) taking control of that
computer so that it can cause damage to another computer ...
B. ... If a person installs or causes to be installed computer
software in violation of this section on more than five
computers of another, the offense shall be a Class 6 felony.
If a person violates subdivision A 8, the offense shall be a
Class 6 felony.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Here is the full text of the relevant section of U.S. child pornography
statute:
Source: http://www.law.cornell.edu/uscode/18/usc_sec_18_00002252---A000-.html
TITLE 18 > PART I > CHAPTER 110 > § 2252A
§ 2252A. Certain activities relating to material constituting or
containing child pornography
(a) Any person who--
(3) knowingly --
(B) advertises, promotes, presents, distributes, or solicits through
the mails, or using any means or facility of interstate or foreign
commerce or in or affecting interstate or foreign commerce by any
means, including by computer, any material or purported material
in a manner that reflects the belief, or that is intended to cause
another to believe, that the material or purported material is, or
contains--
(i) an obscene visual depiction of a minor engaging in sexually
explicit conduct; or
(ii) a visual depiction of an actual minor engaging in sexually
explicit conduct;
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Text of Aaron Barr's email:
From: Aaron Barr <aaron@hbgary.com>
Content-Type: multipart/signed; boundary=Apple-Mail-482-7348960; protocol="application/pkcs7-signature"; micalg=sha1
Subject: You can't protect stupid
Date: Mon, 12 Jul 2010 15:17:39 -0400
Message-Id: <AE92F13C-0CDB-4BAD-9C78-583E96CCA46F@hbgary.com>
Cc: Ted Vera <ted@hbgary.com>,
Rich Cummings <rich@hbgary.com>
To: Greg Hoglund <greg@hbgary.com>
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
[snip]
Night Hacker Online
Learning Python 2.6
******
HF l33t Posts: 121
Joined: Jun 2010
Reputation: 1
Hi all I have decided to create a quick basic straight to the point TUT
on a bit of Social Engineering, this is something that I use and it’s
handy if you are using a free Public Crypter and it only leaves your
server FUD for a small amount of time.
Ok so first things first I go straight to a chat room such as 321.com
so sign up with a good name e.g. Naughty Vicky get a good photo to use
from MySpace of a nice looking chick save it to your computer, also
remember to leave your msn your using in the profile you create so the
victims can simply add you from there. So now go to the Teen chat you
will get about 20-30 boxes pop up with questions such as ASL please
now just copy and paste this ...
They say ASL now just copy and paste it in each box you will have
about 20 Victims asking you.
Hey there 16 straight and naughty ive got some nice pictures add me
it’s (put your email)
Copy this above ^ into the 321 in each Victims chat box then wait
tell they add you on your msn
Copy and paste this into your victims msn chat from your fake msn
when you have added them.
Hey heres the pictures please don’t spread them though ok as don’t
want the whole world seeing them ;) also you might need to take your
crappy Antivirus off as msn picks up everything enjoy Tongue
Remember as well don’t bother chatting to them for ages it’s
pointless it only puts them off in the long run, my trick is to
simply go from one to the next if they moan block them and move
one. "Try to sound as legit as possible” by adding smiley faces
Tongue etc. If you do this you seem more like a chick and that is
what you want "
Well that is pretty much what I use for sniping my victims this
is just a simply basic TUT for any new members that might be
finding it hard to spread servers etc... Thumbsup
Aaron Barr
CEO
HBGary Federal Inc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Delivered-To: aaron@hbgary.com
Received: by 10.224.36.193 with HTTP; Mon, 12 Jul 2010 16:10:50 -0700 (PDT)
In-Reply-To: <AE92F13C-0CDB-4BAD-9C78-583E96CCA46F@hbgary.com>
References: <AE92F13C-0CDB-4BAD-9C78-583E96CCA46F@hbgary.com>
Date: Mon, 12 Jul 2010 16:10:50 -0700
Message-ID: <AANLkTikaK526nwGAFU2QLeuZ9R_RvJAr0vuB0EU_Lgc6@mail.gmail.com>
Subject: Re: You can't protect stupid
From: Greg Hoglund <greg@hbgary.com>
To: Aaron Barr <aaron@hbgary.com>
Cc: Ted Vera <ted@hbgary.com>, Rich Cummings <rich@hbgary.com>
--001517503cc81020d8048b38ddc8
Content-Type: multipart/alternative; boundary=001517503cc81020d4048b38ddc7
--001517503cc81020d4048b38ddc7
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Thats fucking brilliant.
-G
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
===========================================================================
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE1X/F8BEADNeToKS3ffTfBFtwroqqtCHNSj+LQy/ZQa/EyGxzfHjKLep6Gs
PigUKUXFnhTG4Gil3q8LqWyYyTYGSULiUqbGNv8j6YrA7TW9tioa27XyEfuU0wYl
sS7j9NuISt3Vm9GVXaei8Vz06f5gSJ6/ZxzsG7afZdvK+oCtT1H0u34UMxKMk0za
nvBXAIJblNj24CJkhoMzmolDKoSJhc4o/WXUX7+522C9LvL13t4js/kj2B7t3wlC
7vP/8IGTfSNidqMCezKUD22MBhGmQ+I6bAT0mplbOqdGkrVPN8xQxdvecTRF6oQq
QxpN2o/TVGgECjyJoUYoH+S0ytrSiq1Ix129DmtlVcWJ2irqgMO7SN4KJRtdsb91
iYQ7MK9FoSEC+334FckSJ9fALTbyW7hwtgp/IsvUP2SjlrOE9MrzeTUIRDKYSbEs
iDmKs8XzcFQ3sGMLng/fG94fxMp+IkFk1o2b4ARzZkqYGs8gf8ThMm1kLk+IZhf5
CuTQmCaUyJSXu/btVT8PrtM2rNWFo+FUVkD92fqX0MFaJKPt5UnlTCRS23qxrdVa
pKs0izLlJFKGjEHEbAU+RB6bVFpWjyb/SS/rUQEfAG4elfGbtXcTQyvgsuto3ecS
hnksOAGlLUV2n8oCePiveiPShjVk7T91Rtnde8zhXY3BNF/vyyYHbaYAJwARAQAB
tC1UcnV0aCBpbiBBZHZlcnRpc2luZyAoU2lnbmluZykgPHRpYUBkaXp1bS5ubD6J
AjgEEwECACIFAk1X/F8CGwMHCwkIBwMCAQYVCAIJCgsDFgIBAh4BAheAAAoJEG3c
19m7HyaIaswQAI+I1Zbm4oiKdJ1CTbY8k6AUdVFLYVPJVyYKANVTqFagoTYIKrOz
YVuo1tNxDE9BE8uo42zB06Y5arWqrZjpU0UDcWXnyB5MTHbQj5/3u4rB31fXCXsE
nDn5kFwdf7TDUwQOJN97p4mpUBlbqVB6oEGQiSf5VfwW8Dtrx6q5wYCMdlPlmBym
8joO/o65ap5DzOWfd6YyQHT2e21ITLnEv7wG1gsh6TFkHd9JelrH3xtqYZeBOlGh
di67rmcSly3kUrOCcy94L20N430ccUj2XS7R2rLOKa3AQSgS0cmsnRzvcf1XC5RU
v/HCt44v7Y9lHgcuBwdYL5dmqixoa5ykKgIJ0P707qpFU5g3eE0fyhvxq8KAYh6c
SqqsCxBNEMuDQnRXscMd4H+eUhUuO6ccVe2SnbhepqyHODVmK83UJO3gUV6XJL4w
lnLO3p414PQKC5PTco0/Yh3j7iyzpU9x2pcjNrkvK1NdfW51Y4PZt9LkPXQVt24I
rKnhIUON/wMpF9GuwtwxrDAVeMmTAOdbfbgLT6+vcqyGzYDuEeAmewpr2FHvAeon
iNgOawb+HZREjiX1/eT/nsrkxyDf+/+YAivUrPaoff+7zLW09N+yZnx3EY19mts8
TSGTOKxmh11Ma4s1K5t9zG8/wSTa+ig7ikiMv+MOXJgmKjLZRMSLXWzOiQEiBBAB
AgAMBQJNbXKXBQMAEnUAAAoJEJcQuJvKV618WjQIALUfydZ3iPLXTLomkKSC+z0G
h0+1YNT62u9rnXAznxd0b4Xnx2o4F6f7WTnVaVCcYuDCBo2wR733Ds+ho2Qfe8bM
Wwcs2FgDriqNqe2/gG6TOLFqGxeLQaA3yQ/hgk9OM5NHdzdExCglcZK5lrnOSCHT
A+Y883KxIKBWRDP69jdaLqutn7K4MSyaQLTGtoklYqEfMAuxINuhhEIbei0qG+/0
87yG14qAb8zeakgXGW4CVcegCAfY4/JyBtbJnzld8nL0s1uoWl/HDENnx8H78vxu
0kJnkngUQ3/q9B4yZkWkyYk9+H+jWEj/WZdvqdZg/rATBoOoIOLwtU7gCLTUJ56I
RgQQEQIABgUCTW3pTgAKCRB6AvnnJ0y2KWS0AJ0SsCgFEFG+4rOhbEtPpCOlX+eI
wgCgiPLtzBvO/DU8Y2Ggi6UfZIEC52i5Ag0ETVf8XwEQAL7WVUmJ3vpAMWAHeiFW
3oIhL7ZQnd+3faVKSm6r48S/jdIe/CQ5DYftFQ8D3MUKJe69O3KIUFgnwVxkwDmx
QARKKQ8sVPQJuI7+RMxm5e/LqhWfnbEy6IMUIEVJLS9SO0l68viUDBuAZNBqwSmn
MDQ7WfhpCByVmHphcIh8xjWhinYTwF4FOVwd+b6p/yjj9cZSh2O7Z+6d9oEQ9Cm2
TZ1ElE3+uTwUk4FdQAGSBW7dSl91mMmRsn0rPFag/y+WKmrpydwVQG9mhQrXXUma
/f196UgZSuzCUPf4FGrx4ycLCjuAMIcM/cooQTVGY6C9XEQaZEn2HCqwxtSJ9tXl
eEm3w55XcYjm/mmzmrs+T/oPXVLmkCN64ufwK7FEfLxljwkIIq+CYlAZp308qCSR
60zeR/G6ZO3PRZQbabuFehEZmMgT6V7MaWZX1hlpD94U6+mZiCoVeTnXkmtZbF5k
Zq0eiD2tr8yJDkELjqqTehMScUyc9yVcW26VxDsCBLJg0UMyO5m8JtmBjnnzRPxE
PRQPh4nK1tQ3WFvTYrzqZzNjDf8+z0zCeKpetrzi++esDGA09fh9wg6madviXGMq
NcWolW7h8fjmX8rl4jNu9RoRJWlHpKKNM4O5XX9Eu4Npuayhe7zets+FDNBLjk1v
WTHjGBA2Njla0MSA/vGEvRxrABEBAAGJAh8EGAECAAkFAk1X/F8CGwwACgkQbdzX
2bsfJogBfA/+JszS0Oc80PRCJeLE2oWkKFg/lFlpnKBaPCY5H7vCOKijpO+3N5Kj
Uggc82DkEuBvwIf3AMmHqLbTS5iauqFY5Xd7ASC/HS1Yfi4P/21FzoBQlfzahk4Q
HeR+oRzHcmswtQzISOYZ0A5dK/rSC4h75SHY4m2xV/YiRWr01jcR7Lg0bJ5YcBSz
v/wyyWpJGU3o8FzZy4MGUhVrW3DlJ8XWnMikm+Aoio9Rgt39PK0Nx5YowFH8gnNb
7axP4NFPCwrBmsx7dLbn246QyRP5oGmH0Kdl9qdtl28UJ0YEjw75fC/hsnuxpSK7
C+Z3er0+OlfBKjBKDHNMLcSbKVQY5fWrAqai7qQaMDyY9L6p+Z4LdoXHWzkobCUD
gXv5VfX/MiQcdqwlQo6yqZkwE7+xqIj75J219sHaz/VI5UaK+Pxw2cLbrR8lio6Z
mUxSV3/CI6nJ/GMvSxPPFbT/nUjPCeANOmwq8CwONInbhZCHw2hbA6a4DfW56jHD
fTumNq2UZIniEGe1++nk9Ja6qaqhVo1Zv+cDyYLoxtoUyGhljo48Bhfz1euCqU9q
SF9bn69I3YaB1dLQVbOp8vsd8P/uCj2mCgIIyshAcOBrcVFDKJxfbb74g/r9YZFv
ygrxWAYRF+kTUzboxt9wi0pfA8FpL/8j9pTR5Uu6UsvfGNcYwPV5DUY=
=3x+x
-----END PGP PUBLIC KEY BLOCK-----