Former HBGary Federal CEO Aaron Barr says he will withdraw from a planned appearance at the DEFCON conference in the face of threatened legal action over his plans to take part in a panel discussion there.
Barr notified DEFCON organizers on Wednesday that he was withdrawing from the Aug. 6 panel discussion after attorneys representing HBGary Federal threatened to file an injunction against him if he did not withdraw from the panel immediately. The incident is just the latest in a series of conflicts between Barr and HBGary Federal following attacks by the anarchic hacking group Anonymous on February 5.
The annual Black Hat and DEFCON conferences are no strangers to legal controversy and the brouhaha over Barr’s appearance suggests that this year will be no exception. Barr had been scheduled to participate in a Panel titled ”Whoever Fights Monsters…’ Aaron Barr, Anonymous and Ourselves.” [Disclosure: Threatpost editor Paul Roberts will moderate the panel.]
Barr and his former employer were both targets of Anonymous, which hacked the company’s e-mail server and Barr’s private accounts and spilled tens of thousands of documents and confidential company correspondence online. The group was angered after reading an interview Barr gave with the Financial Times regarding his plans to give a presentation at the Security B-Sides conference in San Francisco earlier this year that promised to divulge the identities of Anonymous’s leadership.
HBGary Federal has since insisted that none of its proprietary source code or customer data was touched in the breach. However, the content of the e-mail messages leaked by Anonymous generated a whole new controversy, revealing proposed business dealings between HBGary Federal, data analytics firm Palantir and a law firm representing the U.S. Chamber of Commerce. The company and its executives subsequently withdrew from planned appearances at the RSA Conference. Barr resigned from his post as CEO weeks after the hack.
The planned DEFCON panel promised what was described as a “gritty and frank” discussion of issues raised by the recent attacks by groups such as Anonymous and LulzSec, as well as by the U.S. military’s increasing focus on cyber as a theater of operation. Barr and fellow panel members Joshua Corman and Jericho of Attrition.org were to discuss the significance and actions of groups such as Anonymous and LulzSec, as well as privacy and civil liberties issues arising from the increasing private sector use of tools such as data mining and data analytics and persona management.
On Wednesday, however, Barr received a legal written notice of intent to file an injunction to prevent him from appearing at DEFCON, citing his separation agreement with his former employer. Barr, who has done extensive research on Anonymous and its activities, was planning to talk about the significance of the group and about methods for combating Anonymous and other “chaotic actors.”
Tanya Forsheit, an attorney representing HBGary Federal for The Information Law Group declined to comment on the threatened injunction. Forsheit would not confirm or deny that HBGary Federal was trying to prevent Barr from speaking at the conference. E-mail messages and phone calls to HBGary President Penny Leavy and CEO Greg Hoglund seeking comment were not returned.
The annual Black Hat and DEFCON conferences regularly spark legal controversies if not all-out court battles. Famously, Internet Security Systems (ISS) researcher Michael Lynn prompted a controversy dubbed “Ciscogate” at the 2005 Black Hat after resigning his position in order to be able to take the stage at Black Hat to discuss a major security vulnerability affecting Cisco’s IOS operating system.
Lynn was subsequently sued by both Cisco and ISS for giving the presentation. In 2007, HID successfuly stifled a planned talk at Black Hat Federal by security researcher Chris Paget on vulnerabilities in HID-brand contactless door card readers. In 2008, the Massachusetts Bay Transportation Authority (MBTA) obtained a temporary restraining order to prevent a talk at DEFCON by three MIT students who had uncovered physical and logical security holes in MBTA infrastructure.
Conference organizers did not immediately respond to requests for comment.