THE FALLOUT from HBGary Federal's public shaming continues as emails sent by an employee claim that investment bank Morgan Stanley was hit by Operation Aurora.
Operation Aurora was the name conjured up by the insecurity firm McAfee for attacks by allegedly Chinese based hackers that targeted Google back in 2009. According to emails sent by Phil Wallisch, a senior security engineer at HBGary, "They were hit hard by the real Aurora attacks (not the crap in the news)."
There was no information in Wallisch's emails on what, if anything, was stolen from Morgan Stanley's computers as part of the attack, however Wallisch claimed that Morgan Stanley give him access to its internal report on the matter.
Wallisch wrote to HBGary president Penny Leavy-Hoglund saying, "they have given me access to a very sensitive report on their Aurora experience," adding, "I will honour their wishes about not sharing the info with anyone, but the good news is that I have some great ideas for our final reports."
It is thought that over 200 companies were targeted as part of Operation Aurora with many not publicly acknowledging that their networks succumbed to unauthorised access. Morgan Stanley still does not admit it was targeted in Operation Aurora, though it did hire HBGary in 2010 to investigate other network breaches.
Former HBGary Federal CEO Aaron Barr, the public face of HBGary Federal and the focus for attacks by Anonymous, announced that he has left the firm in the hope that would allow HBGary to move on. HBGary Federal, a subsidiary created to work with the US government, is in the process of being sold off.
The latest email leaks are a major source of embarrassment to HBGary and might motivate clients to consider hiring one its rivals, one that can protect its correspondence better than HBGary. µ