Aaron Barr was camouflaged in the audience at Defcon 19 in Las Vegas Saturday, rather than on the podium as the scheduled star panelist on the "Whoever Fights Monsters" session, while self-professed members of Anonymous later chimed in during a heated question-and-answer session.
The panel generated a provocative debate over whether the Anonymous hacktivist collective would be more effective if it retooled and focused its efforts--as well as whether its very public hacks have actually prompted organizations to better secure their systems.
Barr, the former CEO of HBGary Federal who was targeted by Anonymous' LulzSec branch after promising to unmask some of its main members, at the eleventh hour had to pass on his slot on the panel due to the threat of a lawsuit from his former employer. But Barr's firsthand experience with being hacked, "doxed," and personally attacked by the hacktivist group served as a backdrop to the lively panel discussion, as well as the question-and-answer session at the Defcon 19 hacker convention.
The panel, moderated by Paul Roberts, editor of Threat Post, included Joshua Corman, director of security intelligence for Akamai; "Jericho" of Attrition.org; and "Krypt3ia," a security expert and blogger who began the session with his face masked ninja-style in a black scarf, identifying himself with the tongue-in-cheek pseudonym "Baron Von Aaarrrr." He later removed the mask after an audience member questioned the credibility of someone who would not show his face. "I'm overt, not covert," he said.
Akamai's Corman said Anonymous is more about chaos than white hats or black hats. "Anonymous isn't good or evil--they're chaotic," Corman said. And the group and its brand of hacktivism and doxing isn't going away, he said.
But Anonymous' hacking, doxing, and exposing holes in organizations' security have not resulted in better security, he said. "My personal disappointment is if you think it makes security better by showing failure," that's not the case, he said.
Corman suggested that LulzSec would do better to channel its efforts on bad actors, such as child exploitation sites, for example, and cause "directed chaos."
Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)