Anonymous Breached HBGary After CEO Claimed He Identified Members
Anonymous-affiliated attackers breached HBGary Federal after CEO Aaron Barr publicly claimed he had identified key members of the collective and was preparing to share findings with the FBI. The intrusion reportedly combined website exploitation, password reuse, and social engineering, leading to the defacement of HBGary systems, takeover of Barr’s Twitter account, theft of more than 50,000 emails, and exposure of company financial and internal documents. Reporting on the operation described participants from AnonOps and highlighted disputed claims around a hacker using the alias "Kayla", while leaked IRC logs later portrayed Anonymous as more coordinated than its public image suggested, with figures such as Sabu directing activity and discussing the HBGary attack.
The leaked HBGary emails triggered wider fallout by exposing proposals tied to campaigns against WikiLeaks and critics, including plans reportedly prepared for clients connected to Bank of America and a law firm, and renewed scrutiny of the firm’s ties to federal agencies. Subsequent reporting said former Anonymous supporters provided chat logs and alleged identities to investigators, and later arrests brought the hacking saga closer to a conclusion. The episode became a defining early example of hacktivist retaliation escalating into a major corporate breach, reputational crisis, and law-enforcement investigation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Arrests bring the HBGary hack saga toward closure
By March 2012, arrests connected to Anonymous and related hacking activity were reported as bringing the HBGary case close to its end. The law-enforcement action marked the final major development in the publicly documented saga covered by these references.
Leaked Anonymous IRC logs suggest de facto leadership and HBGary role
Published logs from Anonymous's private #HQ IRC channel, reportedly supplied by former supporters to journalists and law enforcement, suggested that figures such as Sabu directed operations despite public claims that the group was leaderless. The logs also included admissions and discussion tying participants to the HBGary intrusion and other attacks.
Media profile alleged 'Kayla' participant in HBGary hack
Articles in March profiled a person using the alias 'Kayla,' presented as a teenage Anonymous supporter who allegedly helped compromise HBGary through impersonation and other tactics. Subsequent coverage treated the identity claims skeptically and noted uncertainty over who was actually behind the persona.
Aaron Barr resigns from HBGary Federal after hack fallout
HBGary Federal CEO Aaron Barr resigned following the Anonymous breach and the ensuing controversy over leaked emails and his claims about identifying Anonymous members. His departure marked a significant corporate response to the scandal.
Salon reports HBGary Federal's ties to federal agencies
Follow-on reporting highlighted HBGary Federal's relationships with US government and law-enforcement entities amid scrutiny of the leaked emails and anti-WikiLeaks proposals. This expanded attention to the firm's broader role beyond the immediate breach.
Leaked HBGary emails expose anti-WikiLeaks proposal
Emails stolen in the HBGary breach revealed proposals by HBGary Federal, Palantir, and Berico to support a law firm's plans for Bank of America, including disinformation and pressure tactics aimed at WikiLeaks and its supporters. The disclosures broadened the story from a hack into a political and corporate scandal.
Reports identify social engineering used in the HBGary intrusion
Detailed reporting described how Aaron Barr's public profile and reused credentials helped Anonymous gain access, including impersonation of Barr in communications with a Nokia security contact. These accounts clarified the mechanics of the breach and the role of operational security failures at HBGary.
Anonymous hacks HBGary Federal and leaks Aaron Barr's emails
On Super Bowl Sunday, Anonymous-affiliated attackers compromised HBGary Federal, defaced its website, took over Barr's Twitter account, stole tens of thousands of emails, and exposed internal company data. The intrusion reportedly used weak passwords, social engineering, and access to related systems, and was framed by the attackers as retaliation for Barr's claims.
Aaron Barr says he identified Anonymous leaders
HBGary Federal CEO Aaron Barr publicly claimed he had identified key members of Anonymous using social-media analysis and was preparing to brief or share findings with federal authorities. The claims triggered backlash from Anonymous and set up the subsequent retaliation.
Sources
14 references tracked. Mallory keeps watching after this page renders.
With arrests, HBGary hack saga finally ends - Ars Technica
arstechnica.com
Open sourceInside Anonymous' Secret War Room
web.archive.org
Open sourceHBGary's nemesis is a '16-year-old schoolgirl'
theregister.co.uk
Open sourceMeet the 16-Year-Old Girl Who Hacked HBGary - The Atlantic
theatlantic.com
Open sourcePlay By Play Of How HBGary Federal Tried To Expose Anonymous… And Got Hacked Instead | Techdirt
techdirt.com
Open source(Virtually) face to face: how Aaron Barr revealed himself to Anonymous - Ars Technica
arstechnica.com
Open sourceAnonymous Takes Revenge On Security Firm For Trying To Sell Supporters' Details To FBI
forbes.com
Open sourceData intelligence firms proposed a systematic attack against WikiLeaks - Security
web.archive.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Anonymous Breach of Stratfor Exposed Customer Data and Millions of Internal Emails
Anonymous-affiliated attackers breached private intelligence firm **Stratfor**, stealing subscriber records, payment data, and a vast archive of internal correspondence. Reporting on the intrusion said the attackers accessed administrative systems, expanded into databases and mail servers, and exfiltrated data affecting about **860,000 user accounts** and more than **60,000 credit cards**; some reports said card numbers were stored in plaintext, while passwords were protected with weak **unsalted MD5** hashes. The attackers defaced Stratfor’s website, deleted server contents, published stolen card data, and used some of the payment information for fraudulent charitable donations, contributing to losses that reports put at at least **$700,000** and broader damages of roughly **$2 million**. The breach escalated when **WikiLeaks** began publishing roughly **5 million Stratfor emails**, exposing the firm’s client relationships, source-handling practices, monitoring of activist groups, and sensitive geopolitical claims contained in internal messages. Subsequent reporting said the FBI had visibility into parts of the operation through informant **Hector Xavier Monsegur ("Sabu")** and later built its case against alleged participant **Jeremy Hammond**, while Stratfor faced delayed customer notification and legal fallout. Years later, researchers also warned that some documents in the leaked Stratfor archive contained live malware, including files exploiting **`CVE-2010-3333`**, creating additional risk for journalists and researchers who downloaded the material.
May 26, 2026
Anonymous Leak of Epik Data Exposed Far-Right Sites and Federal Records
Hacktivists claiming to be **Anonymous** said they breached web host and domain registrar **Epik**, a provider used by sites including **Gab**, **Parler**, **QAlerts**, and other far-right platforms, and released what they described as roughly a decade of internal and customer data. Reports said the dump included domain registration and transfer records, account credentials, emails, payment history, employee mailbox contents, and more than **500,000 private keys**, affecting data tied to more than **15 million people and websites**. Epik CEO **Rob Monster** initially downplayed the incident, then later acknowledged in a public video session that company backup data appeared to have been compromised and said information from the breach was allegedly used in an attempt to target his Coinbase account. Subsequent reporting said the leaked records exposed internal support tickets, subpoenas, and preservation requests for customer information, including requests that appeared linked to investigations after the **Jan. 6 Capitol riot** and at least one FBI request tied to a domain allegedly connected to malware used in the **SolarWinds** intrusion. The data also reportedly helped trace efforts by figures such as **Ali Alexander** to obscure domain ownership and digital infrastructure, while additional releases expanded scrutiny of how hosting and registrar services supported extremist networks online. The breach became one of the most consequential hacktivist leaks involving internet infrastructure providers because it revealed both customer identities and sensitive law-enforcement-related records.
May 25, 2026
Anonymous Expanded Operation Payback From Anti-Piracy Targets to WikiLeaks Backers
Anonymous used **distributed denial-of-service (DDoS)** attacks under the banner of **Operation Payback** to hit anti-piracy groups and related legal entities including the **RIAA, MPAA, BPI, AFACT, BREIN, Websheriff**, and the law firm **Dunlap, Grubb and Weaver**. The campaign escalated after the shutdown of LimeWire, with Anonymous publicly planning another attack on the RIAA and portraying the action as retaliation against copyright enforcement. Earlier attacks also coincided with the takedown of **ACS:Law**, where hundreds of megabytes of internal emails were exposed after the firm was knocked offline. The operation later widened into a pro-WikiLeaks campaign branded **Operation Avenge Assange** after **PayPal, Visa, MasterCard, and Amazon** cut services to WikiLeaks following the publication of US diplomatic cables. Anonymous launched prolonged attacks that disrupted PayPal and targeted other firms seen as censoring WikiLeaks, while police in the UK opened investigations, monitored threats against government sites, and examined the use of the **Low Orbit Ion Cannon** by participants. The campaign showed how Anonymous evolved from anti-piracy retaliation into politically motivated online disruption aimed at organizations viewed as restricting access, speech, or digital distribution.
May 25, 2026