Ars Technica has documented the background of the break-in at the US security firm that tried to expose Anonymous but ended up being taken apart itself. The report explains that the attackers' point of entry was a proprietary CMS which was custom-designed for HBGary.
The CMS reportedly failed to sufficiently check certain input parameters and this enabled the attackers to send SQL commands to the database via specially crafted URLs. This apparently allowed them to retrieve the CMS users' password hashes, which turned out to be simple, unsalted MD5 hashes that presented an easy target for a rainbow table attack.

The attackers subsequently found that at least HBGary Federal's CEO Aaron Barr and COO Ted Vera used their CMS passwords for various other services, including their email access and Twitter. Vera also had an account at the support.hbgary.com site, where Anonymous managed to log in via SSH using the same password. The site ran a Linux system that was still vulnerable to a security hole in the GNU C loader, disclosed last October. Ars Technica said that the vulnerability presented the uninvited guests with the opportunity to obtain root privileges on the system, which gave them access to several gigabytes of backup and research data they reportedly deleted.

The link for this article located at H Security is no longer available.