The attackers subsequently found that at least HBGary Federal's CEO Aaron Barr and COO Ted Vera used their CMS passwords for various other services, including their email access and Twitter. Vera also had an account at the support.hbgary.com site, where Anonymous managed to log in via SSH using the same password. The site ran a Linux system that was still vulnerable to a security hole in the GNU C loader, disclosed last October. Ars Technica said that the vulnerability presented the uninvited guests with the opportunity to obtain root privileges on the system, which gave them access to several gigabytes of backup and research data they reportedly deleted.
The link for this article located at H Security is no longer available.