It's well known at this point that HBGary Federal was one of several technology firms recently exposed for scheming to attack WikiLeaks, Salon's Glenn Greenwald, and critics of the Chamber of Commerce. What has gotten less attention is just how much business HBGary Federal and its partner company, HBGary, do with the United States government.
Internal HBGary Federal emails reviewed by Salon show that the firm was on its way to getting security clearance at the Department of Defense late last month. HBGary Federal CEO Aaron Barr has bragged that the firm provides "specialized threat intelligence, incident response, and information operations capabilities to the IC [Intelligence Community], DoD, and Federal agencies." The exact nature of the services provided by HBGary Federal -- and what intelligence agencies might be involved -- is not clear.
(The plotting against WikiLeaks and Chamber of Commerce critics, by the way, was performed by HBGary Federal at the behest of Hunton and Williams, a law firm that has worked for the Chamber and Bank of America, which is reportedly a future target of WikiLeaks. This work was apparently separate from the HBGary Federal's government work.)
HBGary proper, which is based in California, is known as a provider of malware detection services. HBGary Federal, which shares offices with HBGary and 15 percent of which is owned by HBGary executives, was touted as offering "best-in-class malware analysis and incident response products and expert classified services to the Department of Defense, Intelligence Community and other U.S. government agencies," according to one November 2009 email. Another internal email describes HBGary Federal as a wholly owned subsidiary of HBGary.
HBGary itself has won $3.3 million in federal government work since 2004, contracting records show. That includes contracts for services like "protection vulnerability assessment" with the Army, the Navy, the Air Force, the FBI, and the Department of Interior.
Having proper clearance is key to winning federal security contracts. So it's not surprising that the bio of HBGary Federal's chief operating officer, Ted Vera, notes that he holds "security clearances with the DoD and Intelligence Community." Barr, for his part, came to HBGary Federal after stints as a Navy cryptologist and a cybersecurity official at Northrop Grummans, the defense contracting giant. A former CEO of HBGary Federal, Jamie Butler, who left the firm in 2006, held a security clearance at the "top secret" level.
On Jan. 27 -- when the plotting against WikiLeaks had already been underway for a few months -- HBGary Federal was granted what's known as "facility clearance" at the Defense Department. That's a precursor to getting specific classified access once a contract has been granted. (See the approval document, approved by the Defense Security Service, here.) DSS spokeswoman Cindy McGovern told Salon today that HBGary Federal is still in the process of getting its clearance. She had no comment on the fact that HBGary is implicated in the WikiLeaks scandal.
Emails also show the HBGary Federal executives corresponding with federal employees from a range of agencies including Los Alamos National Labs, the Army, and the National Security Agency. There's also talk of work with the FBI and the Department of Homeland Security.
Given all these ties to the federal government, it's striking how amateurish HBGary Federal's research methods were when it came to WikiLeaks and Chamber of Commerce critics. Barr, the HBGary Federal CEO, primarily used Facebook and other social media websites to put together dossiers on, for example, labor activists. It will be interesting to see if the bad publicity surrounding the scandal affects HBGary's contracts with the government.
Shares