HBGary Federal CEO Aaron Barr Steps Down

Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach. 

Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach. 

The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal’s computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr’s resignation.

In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack. 

“I need to focus on taking care of my family and rebuilding my reputation,” Barr said in a phone interview. “It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of the bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

Anonymous conducted a preemptive strike on HBGary after Barr was quoted in a published article saying that he had identified the leadership of the group and planned to disclose their identities at the B-Sides Security Conference in San Francisco. By combining a SQL injection attack on HBGary’s Web site with sophisticated social engineering attacks, the group gained access to the company’s Web- and e-mail servers as well as the Rootkit.com Web site, a site also launched by HBGary founder Greg Hoglund. Ultimately, the group defaced HBGary’s Web site and disgorged the full contents of e-mail accounts belonging to Barr, Hoglund and other company executives. 

Though Barr and HBGary were the victims of the hack, the contents of the e-mail messages divulged plans that cast both in an unflattering light. HBGary counted many U.S. government agencies, including the Department of Defense, CIA and NSA as customers. The disclosure of e-mail messages from the company poses a major security risk to those organizations, as well as individuals who had corresponded with the firm.  The breach also raises troubling questions about the direction that HBGary and other Beltway firms have taken. Email exchanges published online revealed the firm to be at work on a variety of plans to do data mining and information operations on U.S. organizations and journalists on behalf of clients including law firms representing a large U.S. bank and the U.S. Chamber of Commerce. Most recently, the incident spilled into the mainstream, with comedian Stephen Colbert devoting a segment of his Colbert Report program on February 24 to the HBGary hack. 

Suggested articles


  • Anonymous on

    Anonymous. In it for the lulz.

    I would post something about not to stick your penis in a hornet's nest, but can't think of any funny way to put it.

  • Anonymous on


  • Anonymous on


  • Anonymous on

    "social engineering attacks"


    What is my password?

    Oh hai, what is my username too?

  • Anonymous on

    You lost the game, Aaron Barr.

  • Anonymous on

    Good luck with the rest of your life as toilet-lady, Aaron Barr.

    "Aaron Barr's data got mined" lolz

  • Anonymous on

    The only winning move is not to play.

  • Not Anonymous on

    "By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks"

    Uhm. WHAT?

    Sophisticated? I wouldn't call a couple of e-mails from a hijacked account asking to back-door a server "sophisticated".

    What the HBGary hack was:

    Basic SQL Injection
    Weak passwords
    Password Re-use
    SIMPLE social engineering

    Your basic molotov cocktail of fail.

  • Anonymous on

    Ha Ha

  • Anonymous on

    Emailing someone and saying "hey, what's the password again?" is a 'sophisticated' attack now?



  • Anonymous on

    Hey Aaron, doesn't it suck when Karma meets Ego?

  • Anonymous on

    Note to Aaron Bawwww:

    Anonymous delivers!

  • Anonymous on

    Hats off to Anonymous. You dun good!

  • Anonymous on

    This was supposed to be an official company shirt. Edited a bit for lulz. >>Shirt<<

  • me on

    @Not Anonymous :

    more sophisticated than your 100% copied summary of a review of the HB Gary attack. Whow, you really thought you'd get away with that?


    And with sophisticated they mean the whole I guess.

  • blender61 on

    Crappy security measures aside, there is one thing you never want to do, become a security risk.

    Aaron Barr's ego and hubris clouded good judgment. That is really what brought him down.

    He is now toxic within the community and will probably never get clearance again. The burn notice is out. As well it should be.

    The outfall from his blatant stupidity is yet to be felt.

    If you want to commit career suicide, fall on your sword Don't invite everybody else into a room and then pull the pin.



    CAPTCHA session reuse ATTACK detected.?

    really, that's a bit much don't you think.



  • Anonypussy on

    Scratch one, down in flames.

  • Anonymous on


      I knew fifteen year olds in charge of Eggdrop bots for IRC channels with more sense than HB Gary displayed in this matter.


        OH, HAI, I CAN HAZ ROOT? 


       And it worked. Unreal.

  • WhithRabbit on

    It's a trap, The too much perfect undercover. Now, no one can't imagine/discover : he is the real leader of Anonymus, brillant-double-twist

  • testcase on

    One thing is for certain. If you 'cross the line', as Aaron Barr did, in the internet world, you will NEVER be forgotten. Simple self preservation of the organism really. Anonymous are like antibodies, once they spot a threat they eliminate it, if the contagion tries to invade again, it rejects it. Like antibodies, Anonymous will remember that disease for the rest of it's life, and since the internet is pretty much immortal...

    Aaron Barr, you have been shunned from the internet village, so have others in your companies (we know which ones in intimate detail). The data and story have been widely distributed... right down to untouchable CDs and thumb drives. You may resurface, but not only will you find it hard being trusted, you will find that any new unsuspecting employer will find out, quickly and in great detail, everything you did with HBGary.

    You have become the classic example of what happens to ANYONE who is found to use the internet as a vehicle for harm. If justice had been properly served and you had faced criminal charges, the internet wouldn't have been so hard on you. Justice would have been seen to be done. But since it doesn't seem to have even been considered, this is what you get. A lifetime sentence of shame from the internet village, if fact, your reputation will LONG outlive you.

    The lack of 'proper' justice in the HBGary story brings up a much larger question. The system that was planning on 'bringing down' it's own citizens is obviously corrupt to the core... all the way to the top. Thanks to you, Aaron Barr, we, the world, now know for certain exactly who and where the real bad guys are. Knowing that is half the puzzle, it's only a matter of time before we solve the whole thing.


  • Anonymous on


  • Anonymous on

    So much win.


    recestio Forlag.

  • Anonymous on

    Just in the interest of accuracy, the "social engineering" attack did not ask for a password. They already had the cracked password file. Pretty sure the request was for a port to be opened through the firewall (ostensibly because Hoglund was in Europe using an untrusted network and needed access to the server).

    The person who carried out the attack did enough research to include pertinent details regarding Hoglund's recent activities that helped enhance the believablility of their ruse - so I'd give it a "moderately sophisticated" rating.

  • Anonymous on

    when 16 year old chicks use advanced social eng techniquies it turns me on..

  • Anonymous on

    Gotta reiterate that the social engineering attack was done by a 16-year-old girl.  It's like the cherry on top of this sundae of win.

  • Anonymous on

    This is just priceless. I remember reading the IRC chat log, where someone stated that this was the end of Barr's career. Barr, of course, completely dismissed this out of hand.

    As far as rebuilding his reputation, I don' t think that's going to be possible -- for years to come, a search for HBGary or Aaron Barr will bring up the entire affair. You can't walk away from bad publicity like this -- this incident will hang around his neck like an albatross until the day he dies.

    It doesn't matter what else he may have done or accomplished; this will be the defining moment of his career. He may have to find another, totally unrelated, line of work -- frankly, I can't see anyone in the intelligence or security communities ever trusting this guy again. After all, he's almost single-handedly responsible for one of the biggest security clusterfucks in recent memory.

    This is one for the textbooks -- like the Tylenol poisonings in the early 80s. The way Johnson & Johnson handled the Tylenol poisoning incidents is now taught in business schools as the classic example of how to handle a crisis situation.

    On the other hand, HBGary and Aaron Barr will be taught as object lessons -- i.e. what NOT to do.
  • Anonymous on

    I suppose he'll be able to practice his whittling during his long, self-inflicted retirement. What a dirtbag.

  • Anonymous on

    $h1tst@1n$ like Barr get what they deserve

  • Truth in Advertising on

    Practising his whittling? Nah. He'll spend the rest of his days trying to pull the hornet stingers out of his penis.
  • Anonymous on

    Sevyrnsten has left the game.

  • Anonymous on

    Can't find Penny's pics anywhere. She hawt?

    meme: Aaron Barred from the interwebs, truely an hero

    captcha: covered gisfe

  • TerraHertz on

    I have a dream.... of a 'world without forum shills'. Where every man's opinion counts, without having to wade through thousands of lying, deceptive, soulless fascist-government-paid minions.

    The HBGary hack gives me hope that one day this may come to pass.
    To explain, recall the revelations of the USAF tendering for web 'Persona Management Software.'
    Original was here: https://www.fbo.gov/spg/USAF/AMC/6CS/RTB220610/listing.html but is now gone of course.
    Archived copy in pdf here: http://www.seankerrigan.com/docs/PersonaManagementSoftware.pdf

    Now the really interesting thing to me is who's listed under the 'Interested Vendors' List tab on that page. Quite a few groups that should all be in gaol come the revolution, but this one in particular:
    Email: ted@hbgary.com
    Phone: 916-459-4727 ext 118

    Now suppose HBGary ended up providing that Shill-management system. And they were involved with installation and operation. And then Anonymous fanged all the files from HBGary's servers...

    I dream that one day, a database of all the paid shills, all their online nics, the forums they routinely pollute, their real names, home addresses and salary details, will turn up on rapidshare or somewhere. Another real, honest-to-god unfiltered leak disaster for TPTB. Another CRU emails hack.
    Unlike the fake Wikileaks, who wouldn't know how to leak a big pile of incriminating data all at once, intact and unredacted if their lives depended on it.

    Maybe this time it came very close to happening. Maybe... it actually still will, when Anonymous is done searching through the gigabytes of HBGary files they got.

  • Anonymous on

    He dun goofed.

  • Gango Rango on

    Wow, that really doesnt make a whole lot of sense now does it?


  • Tangerine Bolen on

    “I need to focus on taking care of my family and rebuilding my reputation," Barr said in a phone interview. "It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

    Um, no, Mr. Barr, and HB Gary Federal. If you broke the law, you will "weather the storm" in jail. Honest, decent, hardworking Americans will see to it.

    We have had enough of this. We WILL pursue justice for the criminal activities you and others have perpetuated against Americans and against democracy.

    Decent people of the world: Join us at RevolutionTruth.org. We are professional, respectful, hardworking, people from around the world who have had enough of the lies, the corruption, and the pathology that runs rampant behind thick veils of institutional and corporate legitimacy. We have had enough of being manipulated and mislead for the sick, special interests of a few. Of being denied access to accurate information that has a profound effect on each of our lives - such as information used to start unjust wars, or information about what our banking and finance industries are actually up to. 

    We are good people. We like facts and critical analysis. We have great hope for each other and for this planet and for effectuating positive change. We support legitimate democracies. We are peaceful. And we are building a global community and global campaign to put an end to the madness against Wikileaks and the rampant corruption that is now a sickness threaded through our systems. We are better than this. We deserve better than this. And we WILL make our world a better place for all. We will do so in part by ensuring access to accurate information - and to truth. Information, not manipulation. Common people, working together to change our world. That is our goal. Join us.

  • Anonymous on


  • Anon(not verified)ymous on

    What an incredible story. Corporate hubris to the max.


  • Anonymous on

    I do honestly believe that regardless of who a person is if he is guilty that individual must pay. What I know for a fact is that the various organisations that have far-reaching influences around the world that are against free speech and openness can do and have done things to bring into disrepute someone's integrity. I believe deep down that Mr. Assange is not guilty of the trumped-up charges that have been laid against him all of a sudden because Wikileaks has been stepping on a few toes and has proven itself a brave ally of openness. I know - well hope that justice will prevail! And justice being if he did in fact commit those crimes he must be punished however, Wikileaks will live on - viva tha leak!

    I am just not sure how one could miss the glaring conspiracy to try to get down Wikileaks - its just obvious and I know deep down that the charges laid against him are lies!!!

  • Anonymous on

    Aaron Barr, the Leeroy Jenkins of security. Never to be forgotten.

  • Anonymous on

    Directed by m night shyamalan

  • Anonymous on

    Anon delivers...

  • Anonymous on

    What happens to the hornets though after they sting the little boy? They buzz around, and buzz around. Right up until a cleaner comes along with a can of Raid. Then they die. Sure there are other nests out there, but that nest dies.

    Eventually, the swelling goes down, and the little boy can go on with his life. Those hornets are still dead though. The rest of the hornets in other nests, the ones that didn't over-react, well they're still around, and the rest of the mean kids learn a cautionary lesson about hornets nests. The dead hornets are still dead though, that's the choice they made.

    There's a few lessons here beyond "don't kick a hornets nest". One of them is don't do the crime uness you're ready to do the time. Another is be careful of fighting, because you're not always going to win.

  • Anonymous on

    HB Gary, a company so fail a [strike]caveman[/strike] 16 year old could hack, works for NSA?

    This does not fill me with confidence.

    Also Aaron Baww, lol. Repeat after me, want fries with that?

  • Anonymous on

    "sophisticated social engineering attacks"

    i lol'd

  • Rick on

    Poetic justice to say the least. Unfortunately, this is just the tip of the igeberg. HBGary and their ex-leader are examples of the entire system, not exceptions like the other companies make them out to be. This is far from over.

    To Anonymous,

    I can't say that I agree with all of the decisions you've made regarding who should be targeted, but this choice was excellent.
    I can think of several other companies and individuals who deserve at least equal for reasons even more evil than the ones you've uncovered. Google "terminator technology" and you'll have all the reasons you need.

  • Anonymous on

    dont worry he back traced it

  • Anonymous on

    Aaron could always write some VB scriptz to track their IPz

  • Anonymous on

    For any and all of you who think that this wasn't a sophiticated mode of social engineering...well you may be correct.  I think that's more an interpretive issue than anything else but regardless, if you want to see what Greg Hoglund thought was "F**king brilliant" in regard to social engineering, check out the link.


    Note: this is a full HTML markup display of an email written by Hoglund.  A warning popup will ask you if you wish to proceed.  If you want to proceed to the anon' searchable wiki and locate this email in its plain text version, search for an email with the subject line "RE: You can't protect stupid" without the quotes.

  • Anonymous on

    Anonymous delivers

  • Anonymous on

    >>Aaron Barr, the Leeroy Jenkins of security. Never to be forgotten.

    Only thing is, leeroy was drunk and could press the "resseruct" button :-)
    Let's hope Aaron Barr will never be resseructed :-)


  • Anonymous(not THAT Anonymous) on

    Aaron Barr, meet Aaron Burr:  http://en.wikipedia.org/wiki/Aaron_Burr#Conspiracy_and_trial



  • Anonymous on

    You guys are idiots if you think this is finished. Senior Barre' under new creds got picked up by his buddy/benefactor at MANTECH.  Most likely to continue the same type of work.  This is only phase 1... , A guy I know over there called me and said you wouldnt believe who we just hired....  search the emails and see if you can figure out who the mystery buddy is..

  • Anonymous on

    Greenberg was informed of this days ago, Im suprised he didnt mention it in his article..

  • Walking Turtle on

    America's marginalized though trustworthy ones occasionally make their own way in this world by creating and selling clever and high quality craftwork in various materials.  Some do very well indeed at this manner of gainful self-employment, brightening the day at festivals, flea markets, and similar public events.  But someone named "Aaron Barr" apparently cannot be trusted to Not Run With The Scissors.

    Other talented and trustworthy Marginalized Ones are sometimes afforded key positions caring for and maintaining the integrity of large, vacant post-industrial structures and properties.  But someone named "Aaron Barr" cannot be trusted with the keys!

    But wait!  Someone named "Aaron Barr" should hold his head (at least *one* of them) high, Stand Erect and Not Abandon Hope - but he MUST ACT NOW, because:

    The Transportation SSafety(sic) Authority (TSA) is STILL hiring Aggressive Hungry  Humanoids for its fully-funded and longterm ongoing expansion of Aur Foine Naition's "Publick Insult and Molestation Program" (Phederal codename="PIMP")!  He should pick up the phone RIGHT NOW and dial 1-877-TSA-7990 (1-877-872-7990) TODAY!  

    TSA Operators are STANDING BY - and America is just BRIMMING OVER with sweetfaced little baby girls and cute little toddler-boys who can be EASILY convinced that they NEED someone named "Aaron Barr" to put HIS hands down THEIR pants!

    Under a LAWFUL Prior Administration, of course, someone like that filthy criminal creep of a degenerate humanoid named "Aaron Barr" just might have landed himself an HONEST job with the Federal Works Projects Administration. (Codename=WPA.)  But digging new roadside ditches and hand-hauling backfill uphill just might be Too Much Like Work for an Aggressively Clevver Fellow with such a name as "Aaron Barr".

    Away with that one!  And that is all!  0{:-|o<

  • Anonymous on

    I do admire what  anonymous did, I've been bullied before with no heroes around.  A decisive victory in the Great Info War of 2011.

  • Anonymous on

    So what if he resigned? HB Gary Federal were all up to their elbows in the same dark deeds, swilling in the same criminal trough.

  • Anonymous on

    Ha ha, indeed.

  • Anonymous on

    i love that he is "supposed" to be a great anti-hacker, its like a vitual atomic wedgie

  • Anonymous on

    I won't have a Barr of this.

  • Ray on

    We have a saying that roughly translates as 'Arrogance comes before the fall'.

  • Shock and Awe on

    What "reputation" is Barr rebuilding?  His reputation as a digital thug?

  • Anonymous on

    "Embattled CEO Aaron Barr..."

    Not so much embattled, as shamed, humiliated and outed for the pathetic hack that he is.

  • AnonymousE on

    Serves you right you sneaky greedy fucker

  • Anonymous on

    Funny how everyone on here is named Anonymous

  • Anonymous on

    Before you leave Mr Barr, could you pass on a copy of 12 Monkeys or Magenta? Sounds neat-o.

  • Anonymous on

    To think this guy earned, according to his offer letter, 230k$.  What a joke.

  • Anonymous on

    You sleep with a dog, don't be suprised you wake up with ticks...

    As much as Aaron Barr is an idiot, he also got a family. Gloating over someone's failure is reprehenssible and shows total lack of character.

    Karma is a Bitch...

  • Anonymous on

    Triumph of the nerds...the real ones...not Aaron Barr phonies 

  • Aaron Barr on

    I'd have got away with it too it is wasn't for you meddling kids....

    *shaking fist*

  • Anonymous on

    First off this was not a sophisticated attack. HBGary had very poor security practices(vulnerable website, weak password, policy, and identity verification). Barr pushed a very bad position and in turn got bit for it. If they used the practices they sell then this attack would have failed miserably and would chock up a nice defeat for Anon. The social engineering part amuses me the most. 

    A lot of blame has to be put on the administrator for Rookit.com. The fact that he didn't pick up on this child's poor grammar and the suspicious requests she was making is just pathetic.  Most IT people would have picked it up on this and challenged the person. At the very least ask the person to contact them via phone. It doesn't matter how high up in the company you are.


    Just two cents.

  • Anonymous on

    i like the way he stepped down once anonymous did the counter attack. hell, it cant even be called an attack so it wouldn't be a counter attack at all. 

  • Anonymous on

    Aaron Barr is one of those zionist blood suckers who brought down America

    and turned it into a country of beggars and food stamp program participants,

    with terror attacks (9/11) staged by his ilk, immensely expensive and

    useless wars (Iraq, Afghanistan, Pakistan), and a fascist 'homeland security'

    silently destroying the social web among US people with its paranoia.

    Now he is brought down himself ! May he rot in hell, soon !

  • Anonymous on

    Bitch slapped hbgary!

  • vickica4s on

    I don't want to say right now
  • ruthparah on

    I don't want to say right now
  • annangugv on

    I don't want to say right now
  • tarasta5l on

    I don't want to say right now

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.