Teaser headlines can get annoying, so I’ll provide an incentive to stop reading: No.
Think of the biggest PR disasters of the last decade — a book publisher decides to publish OJ Simpson’s If I Did It book; Don Imus; the Department of Defense allowing planes in New York airspace; basically everything Goldman Sachs did leading up to the recession, plus one of its traders describing how he screwed the world in racy e-mails to his girlfriend. (For more, see the 15 PR disasters of the decade.)
As far as I’m concerned, those were all big deals. But if HBGary — a formerly top-tier computer security firm — was worth more money, it would take the cake for a top PR disaster of the last decade.
In a nutshell: HBGary is a firm that specializes in Internet security. Its CEO, Aaron Barr, saw a PR opportunity to boost his firm’s visibility by embarrassing the most intimidating hacker collective* on the planet by telling the media he knew the hacker group’s leaders. In fact ,he had no viable information on the hacker group — known as “Anonymous” — he just thought that he had traced them through Facebook, online forums and other social media activity.
Anonymous was not amused at being called out in the mainstream media by someone who didn’t appear to have any information on them. They took their own logical response to his actions, which involved attacking his company and:
- Stealing about 50,000 e-mails and publicly posting them, many of which contained damning information
- Hacking Barr’s Twitter account and posting angry, homophobic rants
- Allegedly wiping his iPad of all information for good measure
- Taking down the company Web site and replacing it with an angry letter
- Collecting the financial information, Social Security numbers and personal data of HBGary employees
- Posting the company’s software and intellectual property
All of this happened to a security company. One with the tagline: “Detect. Diagnose. Respond.”
The 50,000 e-mails allegedly contained information hinting at activity that was at best unethical and at worst criminal — see a Forbes blog on the subject. Allegedly, some of the e-mails suggested HBGary was looking into ways to take down and/or discredit Wikileaks on behalf of Bank of America, which is thought to be at risk for an upcoming data dump that is worse than the recently-released U.S. diplomatic cables.
Unless all the information is wrong, HBGary’s best bet looks like an exit strategy resulting in the dissolution of the company. Can an Internet security firm be the victim of one of the worst corporate hacks of all time and still survive? Can a CEO — who started a chain reaction that all but destroyed his company because he thought he could find hackers on Facebook — keep his job? Can a company that specializes in preventing leaks instead have its own information leaked that points to possible criminal activity? In my opinion, no. HBGary is finished.
A lesson for everyone else? Take hackers seriously — Internet terrorism is for real. While there isn’t much you can do, you can change your Facebook security settings right now so the next time you log in at a coffee shop, your profile is less likely to get hacked.