Monthly Archives: February 2011

How to manage an FBI visit

I setup a wiki to post help documents. For the first document I wrote some instructions for managing FBI visits.

http://anonymous.stickypatch.org/index.php?title=What_to_do_when_the_FBI_visit

Advertisements

Are you anonymous?

Are you anonymous? If you are, you should stay away from me, because I am not anonymous. Albert Meyer is my “real” name, and I show my face. I support Anonymous, but Anonymous is an idea. There is no group called Anonymous. If you say that you are anonymous, then you are. If you hide your identity online, then you are anonymous online. If you are anonymous, you have one kind of freedom to fight back against those who rule us, to take back a little bit of your stolen power as long as you can remain anonymous. Not being anonymous gives me a different way to get some power back. I can advocate for Anonymous without being anonymous. If you are anonymous, stay away from me, and know that I love you, and that there are lots of people like me… more every day. I see Anonymous growing as more people start to see that we don’t need government to rule us and that we can fight back against injustice no matter who is behind it. You can’t kill an idea.

Anonymous is a modern-day IRA using information and ideas instead of guns and bombs, and the cell structure is even more diffuse – many anonymous know no other anonymous and act on their own for loosely defined common goals. Anonymous supporters are like Sinn Fein, like a million independent Garry Adams’ blogging, making signs, writing letters, talking to people, while the anons are out on the front lines risking their lives and freedom for all of us. Anonymous is more dangerous than the IRA was because ideas are more powerful than bombs. You can’t kill an idea.

Interview with Palantir coders

I work close to Palantir’s Palo Alto headquarters, so I went over there today and asked to speak with someone about the Wikileaks conspiracy, and threatened to picket their building. Two engineers came out and said that Palantir doesn’t really have any salespeople or anyone who knows corporate-type stuff… they are just techies, and this whole thing was a terrible mistake on their part, and they were going to hire some business-type people to help them out. I didn’t get their names… I am a terrible investigator. They asked if I was a journalist and I said No!… I am not even a blogger yet so journalist is a ways up the road. I took no notes nor recorded; this is from memory so please don’t believe any of it, I probably remembered it completely wrong.

They talked to me for about 30 minutes and said that the only thing that went to the top levels of the company was the Chamber of Commerce presentation, and that it was actually a presentation on how NOT to approach the problem. They repeated this a few times during the conversation.

We mostly focused on the Wikileaks conspiracy. I explained that the new emails from HB Gary proved their initial statement to be a lie. They insisted it was not. I asked about the other people who received the email about the presentation; they said that there was in fact internal discussion within the company (before it blew up in their faces) where people were pushing back and saying “Palantir doesn’t do this type of thing,” but they doubted whether the company would be willing to release any of those emails because of privacy and privilege (and contracts, and stuff like that… they wouldn’t want to get sued).

The most interesting part was their explanation of why they let it continue. They said that HB Gary had done some very good work with them in the past, including tracking the Chinese virus that allowed data to be stolen from Google and other companies. They had always been very impressed with HB Gary’s professionalism until these last two instances, the Chamber proposal and the Wikileaks conspiracy. They say that they rejected the Chamber proposal, and only included part of it in their final presentation as an example of what NOT to do, and that the reason we don’t see any emails saying so in the HB Gary archive is because they have a company policy (I think they said it was unofficial) against openly questioning clients or being rude in any way. Also, they implied that they had had a policy that deadlines must never be missed no matter what. They explicitly said that they had made a mistake by allowing a proposal to go out after only one person saw it, and that they were taking steps to make sure that never happened again.

I asked why specific emails questioning the proposal couldn’t be released without violating privacy or privilege, and they said that they would be accused of forgery if they only released a few emails. I complained that email headers would be difficult to forge and backing them up with fake logs would be time-consuming, and that they could deflect suspicion by releasing the emails before they had time to forge everything, but they were unconvinced.

I’m sure I am forgetting a lot… I may post more later if I can’t sleep.

Repost of censored information

HB Gary used DMCA to censor this post by diocyde at conanthedestroyer.net/


href=”http://conanthedestroyer.net/2011/02/14/the-true-origins-of-malware-dna/” rel=”bookmark” title=”Permanent Link to The True Origins of Malware DNA”>The True Origins of Malware DNA

February 14, 2011

22 Votes

Quantcast

I would like to call the worlds attention to the fact that HBGary, as I
thought originally completely absconded with my concept of Malware DNA
as I succinctly described it to them in great detail after I initiated
discussions with them about working for them in a reverse engineering
capacity back in September of 2008. 

Here are my prior posting on the concept of Malware DNA

Post 1   Post 2   Post 3   Post 4   Post 5  Post 6  Post 7

For background, I was working on a grand concept idea of Malware DNA
and had constructed designed documents and concepts in a good amount of
detail back in Sept of 2008. 

The .PPT Briefing I put together to capture my ideas and work are
Metadata dated on 9/10/2008 at 10:54 AM after multiple revisions that
week. I also have time stamped email as well considering I emailed
myself my work regularly.

During that time I was looking to join a company that was more
focused on Malware and HBGary came across my radar as I had known them
from their Rootkit.com work.

I conducted a 3 and a half hour phone interview with them where we
discussed at length my idea of Malware DNA, what it was, how it worked,
why it would be a game changer, what the components were, how it would
be implemented in a cyberwar operational construct ectera.

I then went on to work for another company doing IR / Malware
analysis and continued to develop the concept privately.  Lo and fucking
behold, in April of 2009 HBGary blaze out the gates with DIGITAL DNA. 
Their grand concept.  I fucking flipped my lid.  After my company’s
leadership and myself raised this issue, Penny and her company SWORE UP
AND DOWN that this was THEIR idea, and that they had been granted
special DHS or some other government SBIR R&D money to develop the
concept.  They had been developing the concept years before through
prior work.  They even went so far as to legally threaten my company and
force me to modify my original postings because I was pissed and posted
an off the cuff comment about “does anyone know a good patent lawyer?”

HBGary  your email calls you out.   

It is pretty convenient for you and your companys business plans to
use my innovative ideas for your own personal benefit.  Not ONE time did
you ever inititate discussions with me, nor message me, nor inquire
about my concepts, No, you just called them your own.

If your memory is shoddy, here is your email.  The world now has it.
    Unlike most good technologists you didnt even cite or credit
your work to me.  If you had prior work in this area you could have
cleared up the issue at any time by showing it.

Considering how on OCT 26, 2008 your write that you coded a prototype
based on my idea, take credit for it, and only have 35 traits in your
database.  Nice work after a full month of digesting what I told your
team.

6) This is 100% patentable and is NOT based on ANY prior work. This is 100%
unique intellectual property created by myself and shawn.

You would think that after your
promoting the idea to others who actually have the business sense to ask
where the idea came from you would man up but no.  Here is a guy
basically asking if there is any prior work on this topic….   That you came up with all by your self.

It looks like you didnt waste ANY time filing a patent application  

So understand, This gives credence to the fact that you were
untruthful in your claims.  In another email you state that you have
been “Pioneering” this work with McAfee since 2006.  I highly doubt
that.   If you have the proof to back it up, post it or McAfee can
verify. 

I am a man who is willing to say when he is wrong, you show me the
proof.  I will gladly acknowledge it and publically state that I was
wrong, and never utter another word of it.  But any reader can clearly
see this looks like someone copying someone elses ideas and taking
credit for it.

Be the first to like this post.

10 Responses to “The True Origins of Malware DNA

  1. Anton Onszers said

    We have learned by now that HBGary was not much more than a few guys
    in mid-life crisis that notoriously overestimated their own abilities,
    strengths – and worst of all: their intelligence. Well, HBGary is no
    more – and that’s for the better of all of us.

    It just leaves me wondering: how many “HBGarys” are still out there,
    and how much damage can they do before somebody manages to stop them?

  2. Anonymous said

    I really want to believe you here, but do you have any evidence to
    back your claims? Records of your meeting with HBGary, perhaps? There
    are plenty of Anons out there who would love to see them taken down yet
    another peg.

    • diocyde said

      Well I am not a Law enforcement type who can just supeona telephone
      records but calls from my company for the durations of 3 hours during
      the afternoon in Mid Sept to HBgarys numbers would prove the voice
      transaction. They never initiated any additionally communication with
      me until I found out about it in April of 2009 when they released the
      product live and I discovered it.

  3. anon said

    Quantcast

    Good luck on suing the shit out of these assholes.

  4. lRem said

      

    Quantcast

    Whoah, man. One lucky coincidence for you. Let’s keep finger crossed
    for all original researchers getting proper credit, eventually…

  5. sprechblase said

     
    I love how the story about the super security idiots(ehrmmm… I mean experts..)at HBGary turns out.

    Robbing and stealing… and afterwhat claiming it’s orignal.

    I hope you get what you deserve for your intellectual property.

    This story is sooo good, but probalbly only the tip of the iceberg <img src=” class=”wp-smiley”>

  6. Jessica said

     

    Rate This

    Quantcast

    Post this to any website you can think of (Consumerist, Gawker, stuff
    like that) because this is incredible. This Greg Hoglund needs to at
    least be exposed for this. Don’t let him just fly under the radar.

  7. Anonymous said

    This is the same Anon who asked you for evidence earlier. Now I want
    to know how you explain your editing of “Post 1″ that you linked to in
    this post. An older version of “Post 1″ is copy/pasted in this HBGary
    email: http://hbgary.anonleaks.ru/greg_hbgary_com/4289.html. In it, you say:

    “Its [sic] entirely possible that [HBGary] came up with it on their own…”

    and

    “I will be finding the oldest copy of my research and digitally hashing it and posting it here.”

    Both those comments have since been edited out. What’s the deal with
    the edits? Know that my findings and comments have been passed onto
    anonnews.org, an Anonymous affiliate. They’ll be expecting one hell of
    an explanation from you; I hope for your sake that you’ve got one.

    • diocyde said

      Rate This

      Quantcast

      Absolutely,

      So here is the background. When I did Post 1 it was an unvarnished,
      pissed off what the hell? They stole my idea kind of thing. I found
      out through my employers who I had recently moved over to, that there
      was this “issue” with me and HBGary and it was causing a lot of
      consternation about “something in the works”. Presumably some type of
      acquisition deal.. I was told, shut the fuck up about Digital DNA and
      HBGary. Penny then in communications with my management threatened to
      sue the company and me in order to shut me up, suppossedly she has some
      type of get on the Internet Law degree or something. Apparently she was
      all hot because I was claiming against her Intellectual Property. Im
      sure Mr Innovative did not truly tell her where he gots his ideas or
      research. As she thinks hes the smartest thing since sliced bread.
      Anyways they told my company that it was “their” research which had
      been funded by an unnamed goverment party with SBIR dollars (which I
      believe is Independent Research and Development) Since of course I had
      no idea if this was true or not and it was possible that secret parallel
      research on the hot topic of Malware is very much researched, I
      conceded that It was “Possible” that this may have been one of those
      Parallel research kind of things. Well of course now we know its NOT.
      Look at way back machine or some other Internet Archive and do a search
      for the Terms Malware DNA. Before Sept of 2008 there was absolutely no
      branding, no research and no references that I could discover via Google
      over a period of like 4 hours searching. So with legal threats and my
      management telling me to be quiet, I chalked it up and modified my
      orginal postings to dramatically SOFTEN the accusations. I had
      orginally make an angry joke about if “anyone knew a good patent
      attorney” because I was seriously in progress of submitted a patent
      application, howver after the threats and forced censorship, I just
      chalked it up to parallel research and without proof I just let it be.
      Well obviously now it shows that they were completely lying, obvious
      since they were betting their whole product on my concept. I DO have
      my original PowerPoint document as stated in my posting. The Office
      document metadata reflects the data it was created and its revision
      history. I can send it your way if you contact me. iocyde@gmail.com”>Diocyde@gmail.com

      Please let me know if you need any other clarifications as I am happy to answer any questions.

  8. neeeko said

    Rate This

    Quantcast

    Well you can clearly see the real evil-money-maker-face of this sack
    of CRAP now. He got what he deserved. His IRC negotiations failed.
    What’s his credibility on the Security (rape-)market now ?

Test/Giveaway

This is a test of my new blog, and I am giving away free subscriptions to Trojan Remover. If you found my blog by googling for a solution to last night’s drunken candlelight mishap, you probably want to hit the back button now. Trojan Remover is a malware detection and removal tool, and it is a very good one. I have been using it for years, and I bought a lifetime license for some miserable pittance… I think it was $19 or so. A few times over the past 15 years I’ve encountered false negatives, where TR did not recognize something that was infecting my computer, and I’ve seen one false positive, where it alerted on Lojack. On every one of those occasions, I emailed Nigel (the TR author) and he emailed me back with some instructions (right-click here, do this, do that, email the zip file), and the next day I updated TR and it was fixed.

A few months ago I installed TR on another computer, and I noticed that the license terms had changed. Lifetime licenses are no longer available, and the yearly fee is not cheap ($24). I was very happy to find that Nigel is still honoring the terms of my ancient lifetime license, and I wanted to reward him for providing such an awesome tool for such a great price, and for doing the right thing and continuing to honor lifetime licenses after changing his licensing terms, so I bought 4 one-year licenses. I don’t need them, because my license allows me to install on a reasonable number of computers, so I am giving them away. If you think you might need a good malware detection and removal tool, download TR from simplysup.com and try it out. If you want a license, ask me and I’ll give you one.