By ERIC LIPTON and CHARLIE SAVAGE
Published: February 11, 2011
Multimedia
State’s Secrets
This week, hackers said they had penetrated the computers of HBGary Federal, a security company that sells investigative services to corporations, and posted tens of thousands of what appear to be its internal company e-mails on the Internet.
The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and the U.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them.
The bank and the chamber do not appear to have directly solicited the spylike services of HBGary Federal. Rather, HBGary Federal offered to do the work for Hunton & Williams, a corporate law firm that has represented them.
A Hunton & Williams spokesman did not comment. But spokesmen for Bank of America and the chamber said Friday that they had not known about the presentations and that HBGary Federal was never hired on their behalf. A chamber spokesman characterized the proposal as “abhorrent.”
Since the hacked e-mails appeared on a file-sharing network several days ago, a broad range of bloggers and journalists have been scouring them and discussing highlights on the Internet. The New York Times also obtained a copy of the archive.
One document that has received particular attention is a PowerPoint presentation that said a trio of data-related companies — HBGary Federal, Palantir Technologies and Berico Technologies — could help attack WikiLeaks, which is rumored to be preparing to release internal e-mails from Bank of America.
One idea was to submit fake documents covertly to WikiLeaks, and then expose them as forgeries to discredit the group. It also suggested pressuring WikiLeaks’ supporters — notably Glenn Greenwald of Salon.com — by threatening their careers.
“Without the support of people like Glenn, WikiLeaks would fold,” the presentation said.
Another set of documents proposed similar ways to embarrass adversaries of the Chamber of Commerce for an initial fee of $200,000 and $2 million later.
The e-mails include what appears to be an exchange on Nov. 9, 2010, between Aaron Barr, HBGary Federal’s chief executive, and John W. Woods, a Hunton & Williams partner who focuses on corporate investigations. Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber’s opposition to Obama administration initiatives like health care legislation.
“They go to a Jewish church in DC,” Mr. Barr apparently wrote. “They have 2 kids, son and daughter.”
A week later, Mr. Barr submitted a detailed plan to Hunton & Williams for an extensive investigation into U.S. Chamber Watch and other critics of the chamber, including the possible creation of “in-depth target dossiers” and the identification of vulnerabilities in their computer networks that might be exploited.
Another PowerPoint presentation prepared for Hunton & Williams said the research that HBGary Federal and its partners could do for the law firm on behalf of the Chamber of Commerce would “mitigate effect of adversarial groups” like U.S. Chamber Watch. The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to “discredit, confuse, shame, combat, infiltrate, fracture” the antichamber organizations.
HBGary acknowledged Tuesday in a statement that it had been the victim of a “criminal cyberattack,” but suggested that documents placed in the public domain might be “falsified.”
The other two businesses referred to in the apparent proposals as planned partners in the corporate investigations put out statements that distanced themselves from HBGary Federal but did not say the documents were fake.
The co-founders of Berico, Guy Filippelli and Nick Hallam, confirmed that Berico had been “asked to develop a proposal to support a law firm” that was helping companies “analyze internal information security and public relations challenges,” but said their proposal had been limited to “analyzing publicly available information.” They called efforts to target people “reprehensible” and said they were breaking all ties to HBGary Federal, a move that Palantir executives also said they were making.
The episode traces back to a dispute in December, when corporations including MasterCard, Visa and PayPal severed ties to WikiLeaks, temporarily cutting off its ability to accept donations. WikiLeaks had just begun releasing leaked State Department cables in conjunction with a consortium of news organizations, including The New York Times.
Calling the companies’ severing of such ties an affront to Internet freedom, a loose-knit group of computer users named Anonymous coordinated attacks on the Web sites of such companies. Mr. Barr apparently began trying to uncover the identities of those involved with Anonymous. But after he boasted of his efforts in a newspaper article, hackers attacked his company’s Web site and made public the e-mails.
Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. “Information is power,” said Mr. Turner, former chairman of the Association of Certified Fraud Examiners.
He estimated that the “competitive intelligence” industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.
Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. “We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,” said Lawrence DiRita, a Bank of America spokesman.
Tom Collamore, a chamber spokesman, said, “The leaked e-mails appear to show that HBGary Federal was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary’s e-mails leaked.”
Correction: February 12, 2011
HB Gary Federal and HB Gary are two related companies that share some of the same owners and have shared the same offices as their California headquarters. But they are distinct entities. An earlier version of the story was not clear on this distinction
This week, hackers said they had penetrated the computers of HBGary Federal, a security company that sells investigative services to corporations, and posted tens of thousands of what appear to be its internal company e-mails on the Internet.
The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and the U.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them.
The bank and the chamber do not appear to have directly solicited the spylike services of HBGary Federal. Rather, HBGary Federal offered to do the work for Hunton & Williams, a corporate law firm that has represented them.
A Hunton & Williams spokesman did not comment. But spokesmen for Bank of America and the chamber said Friday that they had not known about the presentations and that HBGary Federal was never hired on their behalf. A chamber spokesman characterized the proposal as “abhorrent.”
Since the hacked e-mails appeared on a file-sharing network several days ago, a broad range of bloggers and journalists have been scouring them and discussing highlights on the Internet. The New York Times also obtained a copy of the archive.
One document that has received particular attention is a PowerPoint presentation that said a trio of data-related companies — HBGary Federal, Palantir Technologies and Berico Technologies — could help attack WikiLeaks, which is rumored to be preparing to release internal e-mails from Bank of America.
One idea was to submit fake documents covertly to WikiLeaks, and then expose them as forgeries to discredit the group. It also suggested pressuring WikiLeaks’ supporters — notably Glenn Greenwald of Salon.com — by threatening their careers.
“Without the support of people like Glenn, WikiLeaks would fold,” the presentation said.
Another set of documents proposed similar ways to embarrass adversaries of the Chamber of Commerce for an initial fee of $200,000 and $2 million later.
The e-mails include what appears to be an exchange on Nov. 9, 2010, between Aaron Barr, HBGary Federal’s chief executive, and John W. Woods, a Hunton & Williams partner who focuses on corporate investigations. Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber’s opposition to Obama administration initiatives like health care legislation.
“They go to a Jewish church in DC,” Mr. Barr apparently wrote. “They have 2 kids, son and daughter.”
A week later, Mr. Barr submitted a detailed plan to Hunton & Williams for an extensive investigation into U.S. Chamber Watch and other critics of the chamber, including the possible creation of “in-depth target dossiers” and the identification of vulnerabilities in their computer networks that might be exploited.
Another PowerPoint presentation prepared for Hunton & Williams said the research that HBGary Federal and its partners could do for the law firm on behalf of the Chamber of Commerce would “mitigate effect of adversarial groups” like U.S. Chamber Watch. The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to “discredit, confuse, shame, combat, infiltrate, fracture” the antichamber organizations.
HBGary acknowledged Tuesday in a statement that it had been the victim of a “criminal cyberattack,” but suggested that documents placed in the public domain might be “falsified.”
The other two businesses referred to in the apparent proposals as planned partners in the corporate investigations put out statements that distanced themselves from HBGary Federal but did not say the documents were fake.
The co-founders of Berico, Guy Filippelli and Nick Hallam, confirmed that Berico had been “asked to develop a proposal to support a law firm” that was helping companies “analyze internal information security and public relations challenges,” but said their proposal had been limited to “analyzing publicly available information.” They called efforts to target people “reprehensible” and said they were breaking all ties to HBGary Federal, a move that Palantir executives also said they were making.
The episode traces back to a dispute in December, when corporations including MasterCard, Visa and PayPal severed ties to WikiLeaks, temporarily cutting off its ability to accept donations. WikiLeaks had just begun releasing leaked State Department cables in conjunction with a consortium of news organizations, including The New York Times.
Calling the companies’ severing of such ties an affront to Internet freedom, a loose-knit group of computer users named Anonymous coordinated attacks on the Web sites of such companies. Mr. Barr apparently began trying to uncover the identities of those involved with Anonymous. But after he boasted of his efforts in a newspaper article, hackers attacked his company’s Web site and made public the e-mails.
Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. “Information is power,” said Mr. Turner, former chairman of the Association of Certified Fraud Examiners.
He estimated that the “competitive intelligence” industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.
Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. “We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,” said Lawrence DiRita, a Bank of America spokesman.
Tom Collamore, a chamber spokesman, said, “The leaked e-mails appear to show that HBGary Federal was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary’s e-mails leaked.”
The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and the U.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them.
The bank and the chamber do not appear to have directly solicited the spylike services of HBGary Federal. Rather, HBGary Federal offered to do the work for Hunton & Williams, a corporate law firm that has represented them.
A Hunton & Williams spokesman did not comment. But spokesmen for Bank of America and the chamber said Friday that they had not known about the presentations and that HBGary Federal was never hired on their behalf. A chamber spokesman characterized the proposal as “abhorrent.”
Since the hacked e-mails appeared on a file-sharing network several days ago, a broad range of bloggers and journalists have been scouring them and discussing highlights on the Internet. The New York Times also obtained a copy of the archive.
One document that has received particular attention is a PowerPoint presentation that said a trio of data-related companies — HBGary Federal, Palantir Technologies and Berico Technologies — could help attack WikiLeaks, which is rumored to be preparing to release internal e-mails from Bank of America.
One idea was to submit fake documents covertly to WikiLeaks, and then expose them as forgeries to discredit the group. It also suggested pressuring WikiLeaks’ supporters — notably Glenn Greenwald of Salon.com — by threatening their careers.
“Without the support of people like Glenn, WikiLeaks would fold,” the presentation said.
Another set of documents proposed similar ways to embarrass adversaries of the Chamber of Commerce for an initial fee of $200,000 and $2 million later.
The e-mails include what appears to be an exchange on Nov. 9, 2010, between Aaron Barr, HBGary Federal’s chief executive, and John W. Woods, a Hunton & Williams partner who focuses on corporate investigations. Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber’s opposition to Obama administration initiatives like health care legislation.
“They go to a Jewish church in DC,” Mr. Barr apparently wrote. “They have 2 kids, son and daughter.”
A week later, Mr. Barr submitted a detailed plan to Hunton & Williams for an extensive investigation into U.S. Chamber Watch and other critics of the chamber, including the possible creation of “in-depth target dossiers” and the identification of vulnerabilities in their computer networks that might be exploited.
Another PowerPoint presentation prepared for Hunton & Williams said the research that HBGary Federal and its partners could do for the law firm on behalf of the Chamber of Commerce would “mitigate effect of adversarial groups” like U.S. Chamber Watch. The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to “discredit, confuse, shame, combat, infiltrate, fracture” the antichamber organizations.
HBGary acknowledged Tuesday in a statement that it had been the victim of a “criminal cyberattack,” but suggested that documents placed in the public domain might be “falsified.”
The other two businesses referred to in the apparent proposals as planned partners in the corporate investigations put out statements that distanced themselves from HBGary Federal but did not say the documents were fake.
The co-founders of Berico, Guy Filippelli and Nick Hallam, confirmed that Berico had been “asked to develop a proposal to support a law firm” that was helping companies “analyze internal information security and public relations challenges,” but said their proposal had been limited to “analyzing publicly available information.” They called efforts to target people “reprehensible” and said they were breaking all ties to HBGary Federal, a move that Palantir executives also said they were making.
The episode traces back to a dispute in December, when corporations including MasterCard, Visa and PayPal severed ties to WikiLeaks, temporarily cutting off its ability to accept donations. WikiLeaks had just begun releasing leaked State Department cables in conjunction with a consortium of news organizations, including The New York Times.
Calling the companies’ severing of such ties an affront to Internet freedom, a loose-knit group of computer users named Anonymous coordinated attacks on the Web sites of such companies. Mr. Barr apparently began trying to uncover the identities of those involved with Anonymous. But after he boasted of his efforts in a newspaper article, hackers attacked his company’s Web site and made public the e-mails.
Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. “Information is power,” said Mr. Turner, former chairman of the Association of Certified Fraud Examiners.
He estimated that the “competitive intelligence” industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used.
Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. “We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,” said Lawrence DiRita, a Bank of America spokesman.
Tom Collamore, a chamber spokesman, said, “The leaked e-mails appear to show that HBGary Federal was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary’s e-mails leaked.”
Correction: February 12, 2011
HB Gary Federal and HB Gary are two related companies that share some of the same owners and have shared the same offices as their California headquarters. But they are distinct entities. An earlier version of the story was not clear on this distinction
HB Gary Federal and HB Gary are two related companies that share some of the same owners and have shared the same offices as their California headquarters. But they are distinct entities. An earlier version of the story was not clear on this distinction
No comments:
Post a Comment