Two weeks ago I wrote about a spying scandal involving the HP board. There’s more:
A secret investigation of news leaks at Hewlett-Packard was more elaborate than previously reported, and almost from the start involved the illicit gathering of private phone records and direct surveillance of board members and journalists, according to people briefed on the company’s review of the operation.
Given this, I predict a real investigation into the incident:
Those briefed on the company’s review of the operation say detectives tried to plant software on at least one journalist’s computer that would enable messages to be traced, and also followed directors and possibly a journalist in an attempt to identify a leaker on the board.
I’m amazed there isn’t more outcry. Pretexting, planting Trojans…this is the sort of thing that would get a “hacker” immediately arrested. But if the chairman of the HP board does it, suddenly it’s a gray area.
EDITED TO ADD (9/20): More info.
Posted on September 18, 2006 at 2:48 PM •
Basically, the chairman of Hewlett-Packard, annoyed at leaks, hired investigators to track down the phone records (including home and cell) of the other HP board members. One board member resigned because of this. The leaker has refused to resign, although he has been outed.
Note that the article says that the investigators used “pretexting,” which is illegal.
The entire episode–beyond its impact on the boardroom of a $100 billion company, Dunn’s ability to continue as chairwoman and the possibility of civil lawsuits claiming privacy invasions and fraudulent misrepresentations—raises questions about corporate surveillance in a digital age. Audio and visual surveillance capabilities keep advancing, both in their ability to collect and analyze data. The Web helps distribute that data efficiently and effortlessly. But what happens when these advances outstrip the
ability of companies (and, for that matter, governments) to reach consensus on ethical limits? How far will companies go to obtain information they seek for competitive gain or better management?
The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; NEWSWEEK obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security number and the like.
EDITED TO ADD (9/8): Good commentary.
EDITED TO ADD (9/12): HP Chairman Patricia Dunn was fired.
Posted on September 7, 2006 at 1:47 PM •
Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It’s only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems — so that the next time this happens, there won’t be anyone on the network to download such documents.
Even if their begging works, it solves the wrong problem. Sad.
EDITED TO ADD (3/22): Another article.
Posted on March 20, 2006 at 2:01 PM •
The website Cryptome has a list of 276 MI6 agents:
This combines three lists of MI6 officers published here on 13 May 1999 (116 names), 21 August 2005 (74 names), and 27 August 2005 (121 names).
While none of the 311 names appeared on all three lists…35 names appeared on two lists, leaving 276 unique names.
According to Silicon.com:
It is not the first time this kind of information has been published on the internet and Foreign Office policy is to neither confirm nor deny the accuracy of such lists. But a spokesman slammed its publication for potentially putting lives in danger.
On the other hand:
The website is run by John Young, who “welcomes” secret documents for publication and recently said there was a “need to name as many intelligence officers and agents as possible”.
He said: “It is disinformation that naming them places their life in jeopardy. Not identifying them places far more lives in jeopardy from their vile secret operations and plots.”
Posted on August 31, 2005 at 2:28 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.