The Return of Aaron Barr: Victim of Embarrassing Hacking Now Cybersecurity Chief at Large Federal Contractor

If you have been following the twists and turns of the Wikileaks saga, you might remember the incident earlier this year involving an IT executive named Aaron Barr and the activist hacker group known as Anonymous. It's a comically bizarre story, but it has larger implications that deserve to be taken very seriously.

In February, Barr, CEO of cybersecurity consulting firm HBGary Federal, unwittingly picked a fight with the pro-Wikileaks band of hackers when he boasted in an online article that his company had successfully infiltrated Anonymous by trolling online social media and had gathered personal data on its members. In retaliation, Anonymous hacked into the email accounts of HBGary (the parent company of HBGary Federal) and posted thousands of their emails online. They also hacked Barr’s iPad, iPhone, and his online accounts. Discovered among the cache of emails was a proposed project on which HBGary Federal was to team up with two other cybersecurity contracting firms, Berico Technologies, and Palantir Technologies, to conduct a campaign to “sabotage or discredit” Wikileaks, Wikileaks supporters (including prominent blogger Glenn Greenwald), and other perceived “threats” to two potential clients, Bank of America and the U.S. Chamber of Commerce.

After the story broke, Barr resigned from HBGary Federal. Senior executives at HBGary, Berico, Palantir, Bank of America, and the Chamber quickly distanced themselves from Barr and HBGary Federal and denied knowing about the proposed project. High-powered law firm Hunton & Williams, alleged to have been involved in the project, remained silent during the controversy, but three of its partners were named in an ethics complaint filed with the D.C. bar. Congressional Democrats, led by Rep. Hank Johnson (D–GA), called for an investigation of “possible illegal actions” by Hunton & Williams and Team Themis, the name of the proposed partnership between HBGary Federal, Palantir, and Berico. (Themis, by the way, is the Greek goddess of natural law, order, and justice.) A House subcommittee also asked several agencies, including the Department of Defense and the National Security Agency, to provide information about their dealings with HBGary Federal, Palantir, and Berico. To top it off, the incident was even the subject of a crude joke on “The Colbert Report.”

The ethics complaint is still pending. Congressman Johnson’s office told POGO that the House committees to which Rep. Johnson directed his request declined to look into the matter and that at least two agencies provided unclassified contractual information pertaining to the Team Themis companies.

The story eventually fell off the radar—until last week. A reporter for IDG News Service caught up with Aaron Barr at a cybersecurity conference in London. Barr is now the director of cybersecurity at Sayres and Associates, an engineering and technical services company with millions of dollars in federal contracts, mostly with the U.S. Navy, the Department of Homeland Security, and the Department of Veterans Affairs. Barr’s area of specialty is the security implications of online social media. Here’s a PowerPoint presentation he created on the subject for a conference in September.

However, Barr can’t completely escape his past. Even though Barr says he’s being more cautious now, IDG News Service reported that HBGary Federal, which bound Barr to a lifelong non-disclosure agreement, forbade his appearance on a panel at a conference in August for fear it would “stir the hornet’s nest” and trigger another attack by Anonymous. If Anonymous decides to teach Barr another lesson, it could result in the disclosure of sensitive national security and personal privacy information courtesy of the Navy, DHS, the VA, and other agencies that have conducted business with Sayres.

Barr did not respond to POGO's email requesting comment.

POGO will keep following the Team Themis story because of the larger implications for federal contracting in particular (especially in intelligence and national security matters), and governmental transparency and accountability in general. The leaked project proposal claims that Team Themis is “broadly deployed throughout the National intelligence and defense communities” and can “leverage the same all-source intelligence platform used throughout the U.S. national security and law enforcement communities” to attack a particular target. These might just be idle boasts to impress prospective clients. If not, the blurring of the line between the public and private sectors could be much worse than we realize.