HBGary

From Project PM
Jump to: navigation, search

The company was founded by Greg Hoglund in 2003. In 2008, it joined the McAfee Security Innovation Alliance. The CEO made presentations at the Black Hat Briefings, the RSA Conference, and other computer security conferences. HBGary also analyzed the GhostNet and Operation Aurora events. As of 2010, it has offices in Sacramento, California, Washington, D.C., and Bethesda, Maryland.

HBGary Federal had been set up with Aaron Barr as CEO instead of Greg to provide services and tools to the US government, which might require security clearance. As HBGary Federal could not meet revenue projections, in early 2011 negotiations about the sale of HBGary Federal were in progress with two interested companies. In early February of 2011, HBGary and HBGary Federal were raided by several Anons, who thereafter released over 70,000 e-mails acquired from their shared server. A subsequent review of those materials by journalists and activists revealed that the firm had partnered with Palantir and Berico to provide various offensive information operation services to prospective clients under a partnership known as Team Themis. Later, the capability known as persona management and its use by CENTCOM was also discovered via the e-mails, as was a complex apparent U.S. military surveillance and propaganda apparatus referred to as Romas/COIN. Information on other firms and parties have continued to be found among the data.


Major Players

Aaron Barr, Former CEO, HBGary Federal

Greg Hoglund, Founder and Current CEO, HBGary

Ted Vera, COO, HBGary Federal

Phil Wallisch, Former Principal Technical Consultant

Staff

Links are to emails or attachments that provide the information quoted. The emails themselves are not necessarily of any significance. Staff may no longer be employed.

  • Barr, Aaron - [email protected] '(Ext) 117 CEO HBGary Fed Virginia 301-351-4905'[.doc][1]
  • Beedle, Carmen - [email protected] 'Sales San Francisco 415-517-0663'[.doc][2]
  • Bracken, Shawn - shawn@hbgary 'Principal Research Scientist (916) 459-4727 x 106'[3] '(Ext)106 Eng. Sacramento 702-324-7065'[.doc][4]
  • Burke, Karen - [email protected][5] 'Director of Marketing and Communications Office: 916-459-4727 ext. 124 Mobile: 650-814-3764 Twitter: @HBGaryPR HBGary Blog: https://www.hbgary.com/community/devblog/'[6]
  • Butterworth, Jim - [email protected][7] 'VP of Services (916)817-9981'[8]
  • Buonaccorsi, DeeAnn - [email protected] '(Ext)101 Office Manager Sacramento 408-646-1926'[.doc][9]
  • Copeland, Charles - [email protected][10] '(Ext)103 Tech Support/QA Sacramento 831-419-2207'[.doc][11]
  • Cosick, Keith - [email protected][12]
  • Cummings, Richard - [email protected][13] '(Ext) 112 CTO Virginia 703-999-5012'[.doc][14]
  • Day, John - [email protected] '(Ext) 113 QA Sacramento 530-677-1127'[.doc][15]
  • Fasciani, Rocco - [email protected] '(Ext) 120 Sales New Jersey 201-715-8539'[.doc][16]
  • Flessing, Jeremy - [email protected] '(Ext) 133 Assoc. Consultant Sacremento 530-613-3864'[.xls][17]
  • Glaser, JD - [email protected][18]
  • Harrison, Christopher - chris@hbgary[19]
  • Hoglund, Greg - [email protected][20]'(Ext)102 CEO Sacrement0 408-529-4370'[.doc][21]
  • Hoglund, Penny C. - [email protected][22]
  • Jupin, Matthew - [email protected] '(Ext) 135 QA Sacremento 408-8132-4009'[.xls][23]
  • Kinda, Sergey - [email protected] '(Ext) 123 QA Sacramento 916-532-1525'[.doc][24]
  • Leavy-Hogland, Penny - [email protected][25]
  • Leavy, Penny - [email protected][26] '(Ext)105 Pres. Sacramento 408-316-8002'[.doc][27]
  • Lucas, Maria - [email protected] 'CISSP | Regional Sales Director Cell Phone 805-890-0401 Office Phone 301-652-8885 x108 Fax: 240-396-5971'[28] '(Ext)108 Sales So. Cal. 805-890-0401'[.doc][29]
  • Maccherola, Sam - [email protected][30]
  • Moore, Keeper - kmoore@hbgary 'Technical Support'[31]
  • Pease, Scott - [email protected][32] '(Ext)109 Dir. of Tech. Op. Sacramento 916-847-4048'[.doc][33]
  • Pillion, Martin - [email protected] '(Ext) 107 Eng. Sacramento 443-956-8665'[.doc][34]
  • Pizzo, Joe - [email protected][35] '(Ext) 122 Sales Eng New Jersey 917-952-6385'[.doc][36]
  • Richards, Jim - [email protected] 'Learning Programs Manager Cell Phone: 916-276-2757 Office Phone: 916-459-4727 x119 Fax:916-481-1460[37]
  • Slapnik, Bob - [email protected] '(Ext) 104 VP Sales Maryland 240-481-1419'[.doc][38]
  • Schiff, Andrea - [email protected] 'Sales Admin Sacramento 916-628-9912'[.doc][39]
  • Snyder, Michael - [email protected] '(Ext) 110 Eng. Sacramento 916-627-6115'[.doc][40]
  • Spohn, Michael - [email protected] '(Ext) 124 Dir. Of Sec. Santa Clemente 949-370-7769'[.doc][41]
  • Standart, Matt - [email protected][42]
  • Torres, Alex - [email protected] '(Ext) 114 Eng. Sacramento 707-685-2630'[.doc][43]
  • Trynor, Mark - [email protected] '(Ext) 125 Eng. HBGF Colorado 714-214-9187'[.doc][44]
  • Vera, Ted - [email protected] ' President HBGary Federal Office 916-459-4727x118 Mobile 719-237-8623'[45] '(Ext) 118 Pres. & Coo HBGF Colorado 719-237-8623'[.doc][46]
  • Wallisch, Phil - [email protected][47] 'Principal Consultant Cell Phone: 703-655-1208 Office Phone: 916-459-4727 x 115 Fax:916-481-1460 Blog:https://www.hbgary.com/community/phils-blog/'[48] '(Ext) 115 Eng. Herndon 703-860-8179'[.doc][49]

General Contact Email Addresses:

  • 'Inc. HBGARY' - [email protected][50]
  • 'HBGary INC' - [email protected][51]
  • 'HBGary Sales Team' - [email protected][52]

Products

HBGary Products
Name Purpose
FastDump, FastDumpPro RAM snapshots (aka memory imager) of Windows computers
Responder Pro, Responder Field Edition Analyze RAM, pagefiles, VMWare images, etc.
sort & display images, network links, etc.
Digital DNA, Active Defense detects malware
Inoculator malware detection through Remote procedure call
FGET collect forensics data remotely
REcon 'sandbox' malware recorder
Fingerprint analyzes common patterns amongst malware, such as algorithms, encodings, compilers used, names used, etc., and possibly attempt to identify the creators of a piece of malware.Fingerprint is advertised as being a way to discover information about the authors of various pieces of malware, by analyzing the aforementioned patterns.
Flypaper capture malware binary code

Some products are integrated into other products (i.e. REcon and Digital DNA into Responder)


Emails

From: Ted Vera
Sent: Thursday, 22 July, 2010 09:22 AM
To: Chisholm, Chris (US SSA)
Cc: Maier, Raymond "Joe" (US SSA) (US ASTSS Huntsville); [email protected]
Subject: HBGary

Chris,
 
It was a pleasure meeting with you yesterday.  Please stay in touch and let me know when you're in town.
When should I expect to see a draft teaming agreement?
 
I've attached some of our product sheets for your review.  Our software can be especially helpful for organizations who conduct
incident response, digital forensics investigations, vulnerability research / proof-of-concept exploit development, and malware
reverse engineering / analysis.  If you have any such organizations within BAE I'd really appreciate an introduction.
 
Also as we discussed, HBGary has offensive cyber capabilities (we don't advertise).  I have several 0-day proof-of-concept exploits
on the shelf ready for weaponization.  If you have any qualified customers who would be interested, I can send you summary
descriptions.
 
Regards,
Ted


from	Ted Vera [email protected]
to	"Estell, SuZett (US SSA)" <[email protected]>
date	Thu, Oct 7, 2010 at 4:50 PM
subject	Re: Ping
	
Hi Suzett,

Attached are three whitepapers which illustrate some of our cyber
capabilities, both defensive (zero-day detection, automated reverse
engineering and analysis), and offensive (zero-day exploit
development).

Regards,
Ted

hbgthreatreport_aurora.pdf
LTIE_AD_Final.pdf
softwareexploitationhbgary.pdf

Links

Black ops: how HBGary wrote backdoors for the government

HBGary's "Magenta" Rootkit project

Spy games: Inside the convoluted plot to bring down WikiLeaks


Ongoing Research to Be Incorporated into Page

http://pastebin.com/zyFmV1KQ - August 25, 2011

HBGary Federal and Facebook scraping