AnonLeaks: The Canadian Connection

As everyone may have heard, this security firm HBGary claimed to have infiltrated Anonymous, and was targeting people in Anonymous who sucked at remaining Anonymous. They had conversations and partnerships with other security firms, and work on projects, such as building counter-intelligence capacity to destroy WikiLeaks by targeting Glenn Greenwald.

What’s interesting is that HBGary eventually ended up in talks with SecDev, which is a IT Security Firm that has this product that they sell called Cloakroom Connect that they want to integrate</a>. Now, Cloakroom Connect is Anonymity Software</a>, except that instead of being distributed and depending on volunteers like the Tor Project, it’s integrated to an ISP’s infrastructure in some way, and their partner, Bell Canada, helped them setup the technology. This sounds rather ominous that an ISP would allow private companies to be anonymous on the Internet.

I plan on doing some strategic ATIPs about this shortly, although ATIP is often like throwing money down the drain. What’s interesting is how the truth behind certain things that the police do is being more exposed as we read these HBGary e-mails. The RCMP have contacted HBGary about extracting RAM contents from Public Internet Kiosks in Cybercafes</a>, and has purchased the services of HB Gary, namely the software HBGary Responder Pro and Responder Field Edition.

If you look at what HBGary Responder does</a>, it takes a snapshot of what’s in memory and the pagefile. It’s clear that the RCMP has purchased this on more than one occasion</a>, as well as York Regional Police in Ontario </a>but I have no clue whether E Division purchased this software, or if there’s an Integrated Technological Crime Unit</a> active in E Divison (although I wouldn’t know why there wouldn’t be). Furthermore, the software can identify malware to see if Malware was the cause of the state of the hard drive. However, here’s the real kicker which should drive a point home.

HBGary Responder is a Windows program.</strong>

That means that if the RCMP is heavily reliant on HBGary’s tools, it’s entirely possible to cover your tracks by just not running Windows. For some reason, I doubt that the RCMP are that simplistic, and suspect that they have other tools at their disposal for the purposes of gathering the contents of memory. However, their question about how to do it if they don’t have admin makes perfect sense if they’re seizing a Cybercafe’s system, however I don’t have any statistics as to whether this has happened or not.

It’d be really great if there was an anonymous drop box where people could leak these documents and protect their identities. Too bad there isn’t such a thing right now to handle submissions that won’t get press outside of Canada.