The HBGary Scandal: Using Counterterrorism Tactics on Citizen Activism

As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.

ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.

Barr Says He’s Done this with Terrorists

I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.

The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.

He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.

On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.

In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.

His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.

Now it’s not at all clear that it is valid (I’ll have more to say on this in the future, too). Barr’s coder argued that what he’s measuring is only guilt by association, not real association (see where this begins to sound familiar?). TechHerald, in a useful analysis of the paper he was going to give on Anonymous, judges,

His research has plenty of interesting aspects, but seems to have several flaws as well. He is right when he says social media can be used to target and exploit people and organizations, but wrong when he assumes the spider web links between people are proof positive of anything criminal or malicious.

In other words, what Barr has done has mapped out associations with no guarantee the associations mean anything, much less any involvement in a particular group.

Our Intelligence Agencies Talk to HBGary

The fact that Barr’s project is so dubious is all the more troubling, given that DOJ and our intelligence community seemed prepared to take his work seriously. Barr’s emails make it clear that he was in talks on February 4 with several branches of our intelligence community about sharing his analysis of Anonymous.

>> Interesting Day.


>> So I have been contacted by OSD (Rosemary [Wenschel, head of Cyberops at DOD]), FBI, USG, and now DNI…all today.


>> I have a meeting with FBI/OSD Monday @ 11am.


>> Met with some folks at my old customer today (I should fill u in on that).


>> And looks like a meeting to be set up with Dawn [Meyerriecks, head of DNI’s Acquisition and Technology]…


>> Let me know if you would like to get together.


>> Aaron

The reference to USG or “my old customer” may mean the CIA, as someone signing an email MFM that was sent from CIA’s public domain name contacted Barr about “timely capabilities” on the 4th as well. (“My old customer” may also mean TASC and/or NSC, since Barr was in talks about being bought out to work in TASC’s Ft. Meade office.)

Barr’s contemplated work (and in some cases, ongoing discussions) with entities like DOD’s Cyberops, NSA, and CIA is all the more troubling given an exchange he had with his former colleague from Northrup Grumman. Barr described the meeting with his former client, emphasizing that that client was not capable of “doing the right activities” “because of authority and policy restrictions.”

The conversation was very interesting today. The admit they had no idea this was happening until it hit the streets. They have no idea how to manage things like this in the future. And the agree they are not capable of doing the right activities (like I did) to be better prepared in the future because of authority and policy restrictions.

That is, whoever the client was, they agreed that they couldn’t do the kind of spying domestically Barr could because of policy restrictions.

Barr’s former colleague asked “Do you suppose there might be a market for an offshore intel gathering organization that would sell results?” To which Barr responded, “absolutely needed. Government is not going to get out of their way anytime soon to be able to do this work.”

As I will show in the future, Barr had already done this kind of analysis within the intelligence community. He had pushed to apply it to citizen activism (as well as Anonymous, though some of the people he targeted may also have engaged solely in First Amendment protected activites), and the intelligence community was anxious to hear about his Anonymous work (though there’s no indication they knew how dubious it was).

  1. Arbusto says:

    And the[y] agree they are not capable of doing the right activities (like I did) to be better prepared in the future because of authority and policy restrictions.

    Authority? Does that mean it’s outside departmental scope or illegal or both? Either way it says a lot about Barr and his customers ethics and the rule of law to subcontract and accept contractual illegal activities. To bad some Congressional committee doesn’t subpoena his contracts.

    • emptywheel says:

      It says two things to me. 1) The CIA or NSA (whichever it is) doesn’t feel comfortable doing this kind of CT stuff against US citizens, and 2) They know they’re not supposed to collect in the US, which is why they want to do this offshore.

  2. fabucat says:

    Has anyone thought of doing some sort of non-violent citizen action against Hunton & Williams? If all of us in the Washington DC, NYC (and wherever else these pigs have their offices) kept on calling their offices and jamming their phone lines, so that they could not conduct their business, perhaps they might think twice before getting involved in this sort of thing. In addition, perhaps these lead attorneys need to have people being camped on their doorsteps. If it’s OK for the pro-life crazies to do it, then perhaps it’s all right for US to do it. Furthermore, find out where these lawyers are licensed and make ethics complaints to every state bar that they are members of.

    • bayofarizona says:

      jamming their phone lines would probably be illegal, so you shouldn’t do it – at least not from a traceable phone.

  3. fabucat says:

    I’m still thinking of a special hell for H.B.Gary. No doubt Anonymous has better ideas about how to make lives of Gary principals absolutely miserable.

  4. WilliamOckham says:

    Are links to working right now for others? Wondering if there is a general problem or just some specific to my current location.

  5. klynn says:

    I guess since he’s done “this” with terrorists then we may need to conclude that it is possible some terrorists are more part of disinformation than actual threat? Thus, making the data on terrorists totally unreliable?

  6. masaccio says:

    The analysis Barr was doing sounds a lot like the FBI investigations using link analysis. When you do it with actual meetings and known business relationships it can be useful. With social media, the actual connections are unknown. For example, I am friends with opera people I haven’t seen in forever, because I haven’t gone back to clean up my page in years.

  7. waynec says:

    Directly from the HB Gary web site:

    “Cyber threats are human
    The attackers who target intellectual property, infrastructure, identity, and personal safety are human beings – criminals, terrorists, or state agents. Security is not an IT problem, it’s an intelligence problem.”

    They get busted for doing the same shit!

    You can’t make this stuff up! Who mare the criminals here!

  8. KrisAinCA says:

    For anyone that missed it earlier, chat log with Penny Leavy, her husband Greg Hoglund, Aaron Barr, and members of anonymous.

    I don’t know if this is legitimately the parties in question, but if it is, it’s incredibly interesting. Also of note, the members of Anonymous attempted to negotiate a deal in which they released no further information in exchange for the termination of Barr and the donation of his month’s salary to the Bradley Manning Defense Fund. Penny appears to agree with this at one point.

    On Edit, forgot to include the link –

  9. virtualnaut says:

    Feeling as if these posts on HBGary finally explain to me the constant, nearly unrelenting cyber-harassment experienced by myself and my family for 5+ years.

    Has anyone else experienced this kind of thing? I’ve tried to find help from network experts, my ISP, the atty genls office in my state, local and federal law enforcement and a private eye.

    Meanwhile, I’ve lost my job, had interference with unemployment, had my scholarship stopped in its tracks, etc. etc. What to do? Who to ask?

  10. pajarito says:

    Blame this on the out-of-control growth of the US “intelligence community” (which isn’t).

    Beyond control and with no oversight. Little wonder that several agencies flocked to this HBGary hack, with unsupported and unsupportable representation of his abilities, with big sacks of your and my tax dollars to buy his useless services.

    Anyone really want to hire a “security” contractor who can’t protect his own corporate IT system from a rather unsophisticated ploy that results in complete exposure of the system? Yeah, I want these guys protecting me from the next tera-ist plot (orange, red, chartreuse…what-ever color).

    Show of hands–who feels safer?

    We don’t even know how much this giant sucking $$$-sink-hole contributes to the faux deficit.

    Congress: where is the damned oversight? Are you stupid too?

  11. pdaly says:

    Here’s Bill Moyers describing a similar process of corporations hiring former govt intelligence workers to protect private industry against truth tellers (against Bill himself) at Truthout

    Sherry Jones and I spent more than a year working on another PBS documentary called “Trade Secrets,” a two-hour investigative special based on revelations – found in the industry’s own archives – that big chemical companies had deliberately withheld from workers and consumers damaging information about toxic chemicals in their products. These internal industry documents are a fact. They exist. They are not a matter of opinion or point of view. They state what the companies knew, when they knew it and what they did with what they knew (namely to deep-six it) at peril to those who worked with and consumed the potentially lethal products.

    The revelations portrayed deep and pervasive corruption in a major American industry and raised critical policy implications about the safety of living under a regulatory system manipulated by the industry itself.

    The industry hired as an ally a public relations firm in Washington noted for using private detectives and former CIA, FBI and drug enforcement officers to conduct investigations for corporations under critical scrutiny. One of the company’s founders acknowledged that corporations may need to resort to “deceit” and other unconventional resources to counter public scrutiny. Given the scurrilous campaign that was conducted to smear our journalism, his comments were an understatement. To complicate matters, the Congressman, who for years had been the single biggest recipient of campaign contributions from the chemical industry, was the very member of Congress whose committee had jurisdiction over public broadcasting’s appropriations. As an independent production firm, we had not used public funds to produce the documentary. But even our independence didn’t stop the corporate mercenaries from bringing relentless pressure on PBS not to air the broadcast. The then president of PBS, Pat Mitchell, stood tall in resisting the pressure and was vindicated: one year later, The National Academy of Television Arts and Sciences awarded “Trade Secrets” an Emmy for outstanding investigative journalism.

  12. MicheleMooreHappy1 says:

    This has been going on for a long time and what you see here is just the tip of the corrupt intelligence contractor iceberg.

    Ever wonder why we don’t hear more from bank whistle blowers given all the fraud in the banking and mortgage industries? Companies like HBGary are silencing them while law enforcement looks the other way.

    Whistle blowers’ email and telephones are hacked and disrupted. They are isolated, harassed, intimidated and subjected to stalk and smear campaigns. Their employment and business opportunities are sabotaged, their personal possessions and business property vandalized or stolen.

    See and

    Thanks for your coverage. We need to expose and end these activities while we still can, before they completely destroy our democracy.