We take threats against our own very seriously.
A bizarre plan for an attack on the whistle-blowing site WikiLeaks and journalists construed as sympathetic to it -- first reported by the Tech Herald -- clearly targets Salon's Glenn Greenwald, saying that his "level of support" for WikiLeaks "needs to be disrupted." The report (you can download the purported final draft here) is listed as an "overview by Palantir Technologies, HBGary Federal and Berico Technologies," and according to a string of e-mails also leaked, was developed following a request from Hunton and Williams, a law firm that represents, among others, Bank of America.
Bank of America is the presumed next target of WikiLeaks, and has reportedly been bracing for what's to come.
The leaked report singles out other journalists, as well, and suggests that "these are established professionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause ..." And goes on: "Without the support of people like Glenn wikileaks would fold."
For a complete breakdown of what it all means, Glenn has a thorough, illuminating report. But what the authors of the report meant when they plotted how Glenn and the others could be "disrupted" or "pushed" is as unclear as it is ominous -- and has us deeply concerned. The report was exposed by Anonymous, the pro-WikiLeaks hackers who went after the companies that dropped services to the whistle-blowing organization last year. Anonymous was apparently acting in retaliation to HBGary, whose head of security services, Aaron Barr, had earlier claimed to have infiltrated the Anonymous network. HBGary has since responded, claiming that "information currently in the public domain" from the leak "is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data."
But the security firm Palantir wasted little time severing all relations with HBGary, with Palantir CEO Alex Karp issuing a statement saying that "I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters." Karp also reached out and apologized directly to Glenn.
We have no reason not to take the report seriously. As a result, I've asked both Hunton and Williams and Bank of America to explain any role they played and address whether HB Gary (or any of the firms) were being paid, or promised payment, for its development. I'll update this post when we hear their responses.
As bumbling as this whole saga sounds -- Internet security firm can't keep its shadowy dirty tricks campaign from being hacked -- what's outlined in these sets of proposals, as Glenn points out, "quite possibly constitutes serious crimes." And as it relates to Glenn and the others, it constitutes an unconscionable attempt to silence journalists doing their jobs. We'll continue to stay on this story until we get some real answers.
Update I (4:05 p.m. ET): Berico CEO Guy Filippelli and COO Nick Hallam have now formally severed ties with HBGary, saying in a statement:
Our leadership does not condone or support any effort that proactively targets American firms, organizations or individuals. We find such actions reprehensible and are deeply committed to partnering with the best companies in our industry that share our core values. Therefore, we have discontinued all ties with HBGary Federal. We are conducting a thorough internal investigation to better understand the details of how this situation unfolded and we will take the appropriate actions within our company.
Late last year, we were asked to develop a proposal to support a law firm. Our corporate understanding was that Berico would support the firm’s efforts on behalf of American companies to help them analyze potential internal information security and public relations challenges. Consistent with industry standards for this type of work, we proposed analyzing publicly available information and identifying patterns and data flows relevant to our client’s information needs. Any subsequent discussions or proposals that attempted to extend the initial scope of work run counter to our organization’s values.
Update 2 (5:11 p.m. ET): A reader sent me this post on USA Today's technology blog, which went up as I was first preparing this post. In it, BofA spokesman Scott Silvestri says, "We've never seen the presentation, never evaluated it, and have no interest in it." When asked specifically about the PowerPoint display, Silvestri is quoted: "Neither Bank of America, nor any of its vendors, have engaged HBGary Federal in this matter. We have not engaged in, nor do we have any plans to, the practices discussed in recent press reports involving HBGary Federal."
I have a call and an email in to Silvestri and still hope to hear back from him. We have, naturally, more questions. Did BofA or Hunton and Williams solicit the report from HBGary? Were they, or any of the security firms, paid for their efforts?
We hope to have more answers soon.
Update 3 (6:45 p.m. ET): Silvestri emailed back, providing the same quotes as he had given USA Today, above. We replied with the same followups as outlined above. We hope to hear back soon.