‘Top’ Digital Security Firm Hacked … Is it PR-salvageable?

Teaser headlines can get annoying, so I’ll provide an incentive to stop reading: No.

Think of the biggest PR disasters of the last decade — a book publisher decides to publish OJ Simpson’s If I Did It book; Don Imus; the Department of Defense allowing planes in New York airspace; basically everything Goldman Sachs did leading up to the recession, plus one of its traders describing how he screwed the world in racy e-mails to his girlfriend. (For more, see the 15 PR disasters of the decade.)

As far as I’m concerned, those were all big deals. But if HBGary — a formerly top-tier computer security firm — was worth more money, it would take the cake for a top PR disaster of the last decade.

In a nutshell: HBGary is a firm that specializes in Internet security. Its CEO, Aaron Barr, saw a PR opportunity to boost his firm’s visibility by embarrassing the most intimidating hacker collective* on the planet by telling the media he knew the hacker group’s leaders. In fact ,he had no viable information on the hacker group — known as “Anonymous” — he just thought that he had traced them through Facebook, online forums and other social media activity.

Anonymous was not amused at being called out in the mainstream media by someone who didn’t appear to have any information on them. They took their own logical response to his actions, which involved attacking his company and:

  • Stealing about 50,000 e-mails and publicly posting them, many of which contained damning information
  • Hacking Barr’s Twitter account and posting angry, homophobic rants
  • Allegedly wiping his iPad of all information for good measure
  • Taking down the company Web site and replacing it with an angry letter
  • Collecting the financial information, Social Security numbers and personal data of HBGary employees
  • Posting the company’s software and intellectual property

All of this happened to a security company. One with the tagline: “Detect. Diagnose. Respond.”

The 50,000 e-mails allegedly contained information hinting at activity that was at best unethical and at worst criminal — see a Forbes blog on the subject. Allegedly, some of the e-mails suggested HBGary was looking into ways to take down and/or discredit Wikileaks on behalf of Bank of America, which is thought to be at risk for an upcoming data dump that is worse than the recently-released U.S. diplomatic cables.

Unless all the information is wrong, HBGary’s best bet looks like an exit strategy resulting in the dissolution of the company. Can an Internet security firm be the victim of one of the worst corporate hacks of all time and still survive? Can a CEO  — who started a chain reaction that all but destroyed his company because he thought he could find hackers on Facebook — keep his job? Can a company that specializes in preventing leaks instead have its own information leaked that points to possible criminal activity? In my opinion, no. HBGary is finished.

A lesson for everyone else? Take hackers seriously — Internet terrorism is for real. While there isn’t much you can do, you can change your Facebook security settings right now so the next time you log in at a coffee shop, your profile is less likely to get hacked.

*Hacker collective is a loose term in this case. A better definition might be “decentralized, collaborative international group of hacktivists.” For more on Anonymous, check out the Wikipedia page.

This entry was posted in Limelight PR. Bookmark the permalink.

3 Responses to ‘Top’ Digital Security Firm Hacked … Is it PR-salvageable?

  1. afleisha says:

    What started out as a poor publicity stunt ended up costing Barr his reputation and company. Is its PR salvageable? Doubtful. But, it does remind wifi users everywhere to continually be on their guard when it comes to privacy and security. Peter Shankman wrote a few blog posts about his security issues with public wifi. It’s amazingly simple to hack into someone’s account, as he points out in this post: http://shankman.com/why-its-time-to-say-goodbye-to-free-wi-fi-part-two/

    Wifi is a great tool, but always be aware of the liabilities it poses, too.

  2. tgierba says:

    No one can salvage a company that has been hit this hard. Having all the emails and public information of its employees posted online shows that this security company isn’t as secure as they thought. They were more concerned with boosting their reputation than doing their jobs. Even someone who doesn’t work for a security company should know not to start fires with people who could endanger you. Poor business practice.

  3. hewhite says:

    There are some traumas that people (and companies) never recover from. This is one of them. How can HBGary boast to be the best, but itself experience the worst Internet terrorist attack? Possibility of recovery? Not likely.

    Well planned, thoughtful, strategic PR is always better in the long run compared to PR stunts. Whether the statement that sparked the crisis was accidental or deliberate, I hope the CEO has learned the importance of PR.

Comments are closed.