the audit

The HBGary Federal Scandal

Many questions need answering as hackers shine a light on the private-security underworld
February 14, 2011

I asked the press on Friday to quickly get on the disturbing story of HBGary Federal et al on Friday. So let me tip my cap to The New York Times, which wrote a news story about it in Saturday’s paper.

Let’s hope that the Times and others are looking deeper into this story and not treating it just as news fodder.

The story as reported so far is that law firm Hunton & Williams solicited proposals from three companies, HBGary Federal, Palantir Technologies, and Berico Technologies, to help its client Bank of America fight the coming WikiLeaks document dump.

The Tech Herald last week reported that the three firms sent a proposal to Hunton & Williams on how to ratfuck (sorry, but there’s really no better word for it) WikiLeaks. The pitch also mentioned attacking journalists such as Salon’s Glenn Greenwald, saying “these are established professionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause.”

The day after the Tech Herald scoop, ThinkProgress reported that the same group of firms had also pitched Hunton & Williams on attacking unions and other opponents of the U.S. Chamber of Commerce with similar dirty tricks. These included what might be called a, ahem, Dan Rather/Mary Mapes-inspired screw job:

“false document, perhaps highlighting periodical financial information… Afterward, present explicit evidence proving that such transactions never occurred. Also, create a fake insider persona and generate communications with (Change to Win labor coalition). Afterward, release the actual documents at a specified time and explain the activity as a CtW contrived operation. Both instances will prove that US Chamber Watch cannot be trusted with information and or tell the truth.

Sign up for CJR's daily email

Also, writes the Times:

Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber’s opposition to Obama administration initiatives like health care legislation.

“They go to a Jewish church in DC,” Mr. Barr apparently wrote. “They have 2 kids, son and daughter”…

The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to “discredit, confuse, shame, combat, infiltrate, fracture” the antichamber organizations.

Forbes‘s Andy Greenberg reports that Barr “suggested going after the thousands of individuals who have donated to the group”:

A quick search of the company’s WikiLeaks-related conversations shows that Aaron Barr, the HBGary chief executive who first caught the attention of Anonymous by boasting that he’d penetrated the group and identified its leaders, also suggested other tactics against WikiLeaks that weren’t included in that PowerPoint: namely, tracking and intimidating anyone who had given money to WikiLeaks. The security firms “need to get people to understand that if they support the organization we will come after them,” he wrote in an email. “Transaction records are easily identifiable.”

Greenberg is also excellent to point out that though the two partner firms in the presentation, Palantir and Berico, have said they had nothing to do with the plot and have cut ties with HBGary Federal, that Palantir was on board with targeting Salon’s Greenwald:

The emails also show that it was Barr who suggested pressuring journalist Glenn Greenwald, though Palantir, another firm working with HBGary Federal, quickly accepted that suggestion and added it to the PowerPoint presentation that the group was assembling.

All this information came to light only because HBGary Federal CEO Aaron Barr bragged about taking down members of the hacker group Anonymous to the Financial Times on February 4. Anonymous promptly hacked the firm’s emails and released some 70,000 of them.

Both the Chamber and Bank of America deny having anything to do with this HBGary Federal stuff. And that may be true.

But it’s worth noting that the Tech Herald reported that HBGary Federal did secure a meeting with Booz Allen Hamilton, which had also been retained by BofA for its WikiLeaks “review”—a few weeks after pitching its scuzzy plan.

The Times has the spokespeople’s responses:

Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. “We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,” said Lawrence DiRita, a Bank of America spokesman.

Tom Collamore, a chamber spokesman, said, “The leaked e-mails appear to show that HBGary Federal was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary’s e-mails leaked.”

There are threads aplenty to pull on here: Who is HBGary Federal? Who are its clients? What have they done for them in the past? What’s the connection with Hunton & Williams? Why did the Justice Department recommend Hunton & Williams to Bank of America?

A look through Factiva shows only one media hit for HBGary Federal in the last two years before the flurry of the past week. And it’s a very interesting one. This from SC Magazine, which covers IT security (emphasis mine):

HBGary Federal, provider of classified security services to the U.S. Department of Defense and the intelligence community, has partnered with Palantir Technologies, maker of analytics platforms. HBGary’s team of researchers will leverage Palantir’s analysis tool suite to provide enhanced threat intelligence.

Interested in this story yet?

Ryan Chittum is a former Wall Street Journal reporter, and deputy editor of The Audit, CJR’s business section. If you see notable business journalism, give him a heads-up at Follow him on Twitter at @ryanchittum.