Skip to main content

HBGary CEO: China is the number one cyber-threat

In an exclusive interview, Greg Hoglund, CEO of US security contractor HBGary, the company that hit the headlines when 'hacktivist' collective Anonymous outed confidential emails earlier this year, speaks to thinq_ about terror threats to infrastructure, the insecurity of the cloud, and the country he views as the world's biggest cyber-threat: China.

IT security is generally a cloak-and-dagger business, its exponents generally content to stay below the radar. But for Hoglund, who founded HBGary in 2003 and this week jetted in to London for the RSA security conference, a place in the limelight has become something of a fixture.

Propelled unwillingly into the public eye after members of WikiLeaks-loving hacker group Anonymous published 60,000 emails from the company's Google-hosted email, Hoglund is bullish about his company's fight back from the incident - and stark in his warning about the weaknesses that lead to such security breaches.

The weakest link
"Computer security is a human problem," Hoglund states, indicating that the security flaw that let HBGary down was human error.

The error, in HBGary's case, was password re-use. Aaron Barr, former CEO of sister company HBGary Federal, had used the same passwords for different accounts and server logins. Once Anonymous had one, it allowed them access to other systems too.

The potential for password theft, says Hoglund, is almost built into the fabric of the internet. With most websites still failing to protect themselves against them, so-called SQL injection attacks - in which data can be stolen using no more than a browser and some lines of malicious code - mean hackers can lay their hands on user IDs, email addresses and passwords with ease.

He's at pains to point out that the breach at HBGary was not the result of a hacking attack, though. "There was no hacking involved," he says. "They had all the access they needed." But he adds: "They were a million miles from the goodies, though."

According to Hoglund, much of what was leaked was embarrassing but not game-changing: personal emails and, as he says, "love letters to my wife". Quick to inform all clients whose details were leaked in the breach, he insists the incident had no effect on HBGary's fortunes.

"We've still got all our customers," he said, "and the second quarter this year was our best yet."

All the same, he admits to a certain amount of complacency - something which he says, until the incident, was rife in the industry.

"Behind the scenes, a lot of other security vendors have come to us with messages of support, saying, 'It could have happened to any of us'," he says. The ripples caused by the incident have led to a tightening up of practices across the sector.

"We didn't view ourselves as a threat," Hoglund states. "But then we realised... 'Hey, we help catch the bad guys. It makes sense that the bad guys will target us.'"

And when he talks about the 'bad guys', Hoglund draws no distinction betweem professional cyber-criminals and 'hacktivist' groups - 'rogues', as he calls them - many of whom have attempted to portray themselves as Robin Hood figures, tilting at government and big business in the name of openness and democracy.

Common threats
In Hoglund's view, cyber threats come from three sources: 'rogues', organised crime and state-sponsored espionage attacks. The three, he says, are inseparable.

Hastily scribbling a diagram for thinq_, he explains the inter-relationship between government-sponsored cyber-warfare, organised crime and rogue hackers. State-sponsored attacks, he says, are happy to exploit the talents of criminals, buying botnets from gangs as far-flung as Russia and Brazil.

Rogues, he says, finance their operations via criminal activities too - and criminals take advantage of data exposed by so-called 'hacktivist' groups to perpetrate identity theft and financial fraud. "When you identify a threat," he says, "most of the time you have no idea which of the three buckets it comes from."

The China syndrome
When it comes to state-sponsored hacking, though, Hoglund is quick to point the finger.

"China," he says when thinq_ asks where the biggest threat lies. "There's a kind of cyber Cold War going on right now. I see it every day."

The trouble, he says, is that few are willing to admit it.

"Most security companies won't come out and say it. The [US] government won't seem to out them for what they're doing either."

Enterprises fear losing business in one of the world's largest economies, he says, while governments fear sparking a diplomatic incident that might highlight their own online misdeeds, he says - citing allegations of US involvement in the Stuxnet worm that put Iran's first nuclear reactor out of commission.

But the scale of state-sponsored activity, he insists, is epic. "They're everywhere. Malware that looks like kids have written it is being used to steal weapons plans."

Diplomacy, he says, won't work: "The only way it to find them and root them out."

And the threats are growing. The increasing move to the cloud makes it more difficult for companies to monitor their own network traffic. Hoglund says there needs to be a greater awareness of the new risks, having recommended to a congressional committee that two-factor identification and an instant 'kill switch' to shut down traffic to cloud-based resources should become a regulatory requirement. Legislation isn't a quick fix, though, he warns: "Enterprises shouldn't expect governments to save them. They need to protect themselves."

But while areas of business such as the financial sector have move fast to protect themselves, others have been much slower. The biggest threat, Hoglund says, is to infrastructure resources such as power grids, which are increasingly connected to online resources.

He leaves thinq_ with a warning that could not be more stark:

"I predict there will be at least one major attack on an infrastructure target by a terrorist group between 2010 and 2020," he says. "And it's really scary."