I setup a wiki to post help documents. For the first document I wrote some instructions for managing FBI visits.
Are you anonymous? If you are, you should stay away from me, because I am not anonymous. Albert Meyer is my “real” name, and I show my face. I support Anonymous, but Anonymous is an idea. There is no group called Anonymous. If you say that you are anonymous, then you are. If you hide your identity online, then you are anonymous online. If you are anonymous, you have one kind of freedom to fight back against those who rule us, to take back a little bit of your stolen power as long as you can remain anonymous. Not being anonymous gives me a different way to get some power back. I can advocate for Anonymous without being anonymous. If you are anonymous, stay away from me, and know that I love you, and that there are lots of people like me… more every day. I see Anonymous growing as more people start to see that we don’t need government to rule us and that we can fight back against injustice no matter who is behind it. You can’t kill an idea.
Anonymous is a modern-day IRA using information and ideas instead of guns and bombs, and the cell structure is even more diffuse – many anonymous know no other anonymous and act on their own for loosely defined common goals. Anonymous supporters are like Sinn Fein, like a million independent Garry Adams’ blogging, making signs, writing letters, talking to people, while the anons are out on the front lines risking their lives and freedom for all of us. Anonymous is more dangerous than the IRA was because ideas are more powerful than bombs. You can’t kill an idea.
<a href="/files/3/5/1/4/7/282874-274153/Aurora_HBGARY_DRAFT.pdf”>HB Gary presentation on Google malware attack
I work close to Palantir’s Palo Alto headquarters, so I went over there today and asked to speak with someone about the Wikileaks conspiracy, and threatened to picket their building. Two engineers came out and said that Palantir doesn’t really have any salespeople or anyone who knows corporate-type stuff… they are just techies, and this whole thing was a terrible mistake on their part, and they were going to hire some business-type people to help them out. I didn’t get their names… I am a terrible investigator. They asked if I was a journalist and I said No!… I am not even a blogger yet so journalist is a ways up the road. I took no notes nor recorded; this is from memory so please don’t believe any of it, I probably remembered it completely wrong.
They talked to me for about 30 minutes and said that the only thing that went to the top levels of the company was the Chamber of Commerce presentation, and that it was actually a presentation on how NOT to approach the problem. They repeated this a few times during the conversation.
We mostly focused on the Wikileaks conspiracy. I explained that the new emails from HB Gary proved their initial statement to be a lie. They insisted it was not. I asked about the other people who received the email about the presentation; they said that there was in fact internal discussion within the company (before it blew up in their faces) where people were pushing back and saying “Palantir doesn’t do this type of thing,” but they doubted whether the company would be willing to release any of those emails because of privacy and privilege (and contracts, and stuff like that… they wouldn’t want to get sued).
The most interesting part was their explanation of why they let it continue. They said that HB Gary had done some very good work with them in the past, including tracking the Chinese virus that allowed data to be stolen from Google and other companies. They had always been very impressed with HB Gary’s professionalism until these last two instances, the Chamber proposal and the Wikileaks conspiracy. They say that they rejected the Chamber proposal, and only included part of it in their final presentation as an example of what NOT to do, and that the reason we don’t see any emails saying so in the HB Gary archive is because they have a company policy (I think they said it was unofficial) against openly questioning clients or being rude in any way. Also, they implied that they had had a policy that deadlines must never be missed no matter what. They explicitly said that they had made a mistake by allowing a proposal to go out after only one person saw it, and that they were taking steps to make sure that never happened again.
I asked why specific emails questioning the proposal couldn’t be released without violating privacy or privilege, and they said that they would be accused of forgery if they only released a few emails. I complained that email headers would be difficult to forge and backing them up with fake logs would be time-consuming, and that they could deflect suspicion by releasing the emails before they had time to forge everything, but they were unconvinced.
I’m sure I am forgetting a lot… I may post more later if I can’t sleep.
HB Gary used DMCA to censor this post by diocyde at conanthedestroyer.net/
href=”http://conanthedestroyer.net/2011/02/14/the-true-origins-of-malware-dna/” rel=”bookmark” title=”Permanent Link to The True Origins of Malware DNA”>The True Origins of Malware DNA
February 14, 2011
I would like to call the worlds attention to the fact that HBGary, as I
thought originally completely absconded with my concept of Malware DNA
as I succinctly described it to them in great detail after I initiated
discussions with them about working for them in a reverse engineering
capacity back in September of 2008.
Here are my prior posting on the concept of Malware DNA
For background, I was working on a grand concept idea of Malware DNA
and had constructed designed documents and concepts in a good amount of
detail back in Sept of 2008.
The .PPT Briefing I put together to capture my ideas and work are
Metadata dated on 9/10/2008 at 10:54 AM after multiple revisions that
week. I also have time stamped email as well considering I emailed
myself my work regularly.
During that time I was looking to join a company that was more
focused on Malware and HBGary came across my radar as I had known them
from their Rootkit.com work.
I conducted a 3 and a half hour phone interview with them where we
discussed at length my idea of Malware DNA, what it was, how it worked,
why it would be a game changer, what the components were, how it would
be implemented in a cyberwar operational construct ectera.
I then went on to work for another company doing IR / Malware
analysis and continued to develop the concept privately. Lo and fucking
behold, in April of 2009 HBGary blaze out the gates with DIGITAL DNA.
Their grand concept. I fucking flipped my lid. After my company’s
leadership and myself raised this issue, Penny and her company SWORE UP
AND DOWN that this was THEIR idea, and that they had been granted
special DHS or some other government SBIR R&D money to develop the
concept. They had been developing the concept years before through
prior work. They even went so far as to legally threaten my company and
force me to modify my original postings because I was pissed and posted
an off the cuff comment about “does anyone know a good patent lawyer?”
It is pretty convenient for you and your companys business plans to
use my innovative ideas for your own personal benefit. Not ONE time did
you ever inititate discussions with me, nor message me, nor inquire
about my concepts, No, you just called them your own.
If your memory is shoddy, here is your email. The world now has it.
Unlike most good technologists you didnt even cite or credit
your work to me. If you had prior work in this area you could have
cleared up the issue at any time by showing it.
Considering how on OCT 26, 2008 your write that you coded a prototype
based on my idea, take credit for it, and only have 35 traits in your
database. Nice work after a full month of digesting what I told your
6) This is 100% patentable and is NOT based on ANY prior work. This is 100%
unique intellectual property created by myself and shawn.
You would think that after your
promoting the idea to others who actually have the business sense to ask
where the idea came from you would man up but no. Here is a guy
basically asking if there is any prior work on this topic…. That you came up with all by your self.
It looks like you didnt waste ANY time filing a patent application
So understand, This gives credence to the fact that you were
untruthful in your claims. In another email you state that you have
been “Pioneering” this work with McAfee since 2006. I highly doubt
that. If you have the proof to back it up, post it or McAfee can
I am a man who is willing to say when he is wrong, you show me the
proof. I will gladly acknowledge it and publically state that I was
wrong, and never utter another word of it. But any reader can clearly
see this looks like someone copying someone elses ideas and taking
credit for it.
10 Responses to “The True Origins of Malware DNA”
This is a test of my new blog, and I am giving away free subscriptions to Trojan Remover. If you found my blog by googling for a solution to last night’s drunken candlelight mishap, you probably want to hit the back button now. Trojan Remover is a malware detection and removal tool, and it is a very good one. I have been using it for years, and I bought a lifetime license for some miserable pittance… I think it was $19 or so. A few times over the past 15 years I’ve encountered false negatives, where TR did not recognize something that was infecting my computer, and I’ve seen one false positive, where it alerted on Lojack. On every one of those occasions, I emailed Nigel (the TR author) and he emailed me back with some instructions (right-click here, do this, do that, email the zip file), and the next day I updated TR and it was fixed.
A few months ago I installed TR on another computer, and I noticed that the license terms had changed. Lifetime licenses are no longer available, and the yearly fee is not cheap ($24). I was very happy to find that Nigel is still honoring the terms of my ancient lifetime license, and I wanted to reward him for providing such an awesome tool for such a great price, and for doing the right thing and continuing to honor lifetime licenses after changing his licensing terms, so I bought 4 one-year licenses. I don’t need them, because my license allows me to install on a reasonable number of computers, so I am giving them away. If you think you might need a good malware detection and removal tool, download TR from simplysup.com and try it out. If you want a license, ask me and I’ll give you one.