HBGary: Online Smear Campaigns

1. HBGary E-mail Viewer
2.  
3. [email protected]
4.  
5. Go back
6.  
7.  
8. Original file: 27606
9. click here to show this e-mail with HTML markup
10. From: jussi jaakonaho <[email protected]>
11. To: Greg Hoglund <[email protected]>
12. Date: Sun, 6 Feb 2011 22:15:54 +0200
13. Subject: Re: need to ssh into rootkit
14. click here to show full headers
15. Attachments: This e-mail does not have any attachments.
16.  
17.  
18.  
19. did you open something running on high port?
20.  
21.  
22. On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote:
23.  
24. > ok let me know if you need me
25. >
26. > On 2/6/11, jussi jaakonaho <[email protected]> wrote:
27. >> tnx.
28. >> i am also connected to the box, seems some people have download problems -
29. >> have figured earlier that some chinese used chinese chars on names of files,
30. >> which then our filtering stripped off when putting db etc. so some db
31. >> editing
32. >>
33. >>
34. >> _jussi
35. >>
36. >> On Feb 6, 2011, at 9:36 PM, Greg Hoglund wrote:
37. >>
38. >>> ok ill make sure to get you a new license asap.
39. >>>
40. >>> On 2/6/11, jussi jaakonaho <[email protected]> wrote:
41. >>>> np.
42. >>>> btw i did not shut down the firewall so it still protects with too many
43. >>>> connections from same source address.
44. >>>>
45. >>>> i have also downloaded latest backups from /home/varmi to my homebox,
46. >>>> just
47. >>>> in case.
48. >>>>
49. >>>> oh, also seem my license is expiring for responder again. o:-) was
50. >>>> thinking
51. >>>> to put it into box with more memory.
52. >>>>
53. >>>> _jussi
54. >>>>
55. >>>> On Feb 6, 2011, at 9:26 PM, Greg Hoglund wrote:
56. >>>>
57. >>>>> yup im logged in thanks ill email you in a few, im backed up
58. >>>>>
59. >>>>> thanks
60. >>>>>
61. >>>>> On 2/6/11, jussi jaakonaho <[email protected]> wrote:
62. >>>>>> nope. your account is named as hoglund
63. >>>>>>
64. >>>>>>
65. >>>>>> On Feb 6, 2011, at 9:23 PM, Greg Hoglund wrote:
66. >>>>>>
67. >>>>>>> yes jussi thanks
68. >>>>>>>
69. >>>>>>> did you reset the user greg or?
70. >>>>>>>
71. >>>>>>> On 2/6/11, jussi jaakonaho <[email protected]> wrote:
72. >>>>>>>> does it work now?
73. >>>>>>>>
74. >>>>>>>>
75. >>>>>>>> On Feb 6, 2011, at 9:17 PM, Greg Hoglund wrote:
76. >>>>>>>>
77. >>>>>>>>> if i can squeeze out time maybe we can catch up.. ill be in germany
78. >>>>>>>>> for a little bit.
79. >>>>>>>>>
80. >>>>>>>>> anyway I can't ssh into rootkit. you sure the ips still
81. >>>>>>>>> 65.74.181.141?
82. >>>>>>>>>
83. >>>>>>>>> thanks
84. >>>>>>>>>
85. >>>>>>>>> On 2/6/11, jussi jaakonaho <[email protected]> wrote:
86. >>>>>>>>>> ok,
87. >>>>>>>>>> it should now accept from anywhere to 47152 as ssh. i am doing
88. >>>>>>>>>> testing
89. >>>>>>>>>> so
90. >>>>>>>>>> that it works for sure.
91. >>>>>>>>>> your password is changeme123
92. >>>>>>>>>>
93. >>>>>>>>>> i am online so just shoot me if you need something.
94. >>>>>>>>>>
95. >>>>>>>>>> in europe, but not in finland? :-)
96. >>>>>>>>>>
97. >>>>>>>>>> _jussi
98. >>>>>>>>>>
99. >>>>>>>>>> On Feb 6, 2011, at 9:08 PM, Greg Hoglund wrote:
100. >>>>>>>>>>
101. >>>>>>>>>>> no i dont have the public ip with me at the moment because im
102. >>>>>>>>>>> ready
103. >>>>>>>>>>> for a small meeting and im in a rush.
104. >>>>>>>>>>>
105. >>>>>>>>>>> if anything just reset my password to changeme123 and give me
106. >>>>>>>>>>> public
107. >>>>>>>>>>> ip and ill ssh in and reset my pw.
108. >>>>>>>>>>>
109. >>>>>>>>>>> thanks
110. >>>>>>>>>>>
111. >>>>>>>>>>> On 2/6/11, jussi jaakonaho <[email protected]> wrote:
112. >>>>>>>>>>>> hi,
113. >>>>>>>>>>>>
114. >>>>>>>>>>>> do you have public ip? or should i just drop fw?
115. >>>>>>>>>>>> and it is w0cky - tho no remote root access allowed
116. >>>>>>>>>>>>
117. >>>>>>>>>>>> On Feb 6, 2011, at 8:59 PM, Greg Hoglund wrote:
118. >>>>>>>>>>>>
119. >>>>>>>>>>>> _jussi
120. >>>>>>>>>>>>
121. >>>>>>>>>>>>
122. >>>>>>>>>>>>> jussi
123. >>>>
124. >>>>
125. >>
126. >>