Hunton & Williams Left Fingerprints at SEIU

/in , /by

Hunton & Williams, the law firm that solicited HBGary and two other security firms to spy on Chamber of Commerce opponents, has remained silent so far about its efforts.

But it hasn’t covered its tracks. The SEIU reports that people from Hunton & Williams spent 20 hours last November–at the time when Themis was pitching H&W to use a JSOC approach to go after Chamber opponents–on the SEIU sites.

Server logs and leaked emails reveal that employees at Hunton & Williams, the principal law firm of the U.S. Chamber of Commerce, spent 20 hours on SEIU websites last November while partners from the firm were working with private security firms on an illegal “dirty tricks” campaign aimed at undermining the credibility of the Chamber’s political opponents, including the Service Employees International Union (SEIU).

And of course SEIU is able to see precisely what H&W was looking at in that period: top H&W page views in 2010 include SEIU’s page on the Chamber and on big banks. People from H&W searched on individuals at SEIU as well as on SEIU’s organizing of protests outside of BoA’s General Counsel. They even searched on “hourly pay for SEIU organizers.” (Whatever that is, it’s less than Themis was going to charge for its paid trolls.)

No wonder H&W has been so quiet about their role in this campaign.

Update: This post has been edited for accuracy.

Themis Applies JSOC Techniques to Citizens “Extorting” from Corporate Clients

/in , /by

I have a feeling I’ll be doing a lot of these posts, showing how Hunton & Williams asked “Themis” (the three firm team of HBGary, Palantir, and Berico Technologies) to apply counterterrorism approaches to combat First Amendment activities.

This particular installment comes from an early presentation and accompanying proposal Themis prepared for Hunton & Williams. These documents were attached to an email dated November 2, 2010 sent out by Berico Technologies’ Deputy Director. He explains that the presentation and proposal would be briefed to H&W the following day.

The Powerpoint includes a slide describing the purpose of Themis’ pitch to H&W.

Purpose: Develop a corporate information reconnaissance service to aid legal investigations through the open source collection of information on target groups and individuals that appear organized to extort specific concessions through online slander campaigns.

Now, this is in the period when H&W was only beginning to discuss the Chamber of Commerce project with Themis, long before the BoA pitch. That is, this is the period when they were discussing generalized opposition to Chamber of Commerce.

And of that they got “extortion”? “slander”?

Apparently the team members of Themis–several of whom, as veterans, would have sworn an oath to our Constitution–accepted the premise that union members and poorly financed liberals opposing the wholesale sellout of our politics to private corporations constituted “extortion” and “slander.”

These firms, two of which deny any ill will, were willing to describe political speech–the opposition of working people to the Chamber’s hijacking of our politics–as “extortion” and “slander.”

More shocking to me, though, is where the proposal uses a Special Operations model to describe what Themis planned to do for H&W. On a proposal bearing Berico Technologies’ document header, Themis places their proposed “Corporate Information Reconnaissance Cell” next to a Joint Special Operations Command F3EA “targeting cycle” with this explanation:

Team Themis will draw on our extensive operational and intelligence experience to rapidly make sense of the volumes of data we’ve collected through the application of proven analytical/targeting methodologies.  Drawing on the principles and processes developed and refined by JSOC in the “Find, Fix, Finish, Exploit, Analyze” (F3EA) targeting cycle, we will develop and execute a tailored CIRC intelligence cycle suited to enable rapid identification/understanding, refined collection/detection, focused application of effects, exploitation, and analysis/assessment.

Mind you, this is just a fancy graphic for “analysis”–the kind of stuff civilians do all the time. But Themis–led by Berico Technologies in this case–decided to brand it as a JSOC (Joint Special Operations Command) product, applying an American unconventional warfare model  to targeting political opponents engaging in free speech.

This is a bunch of veterans proposing to go to war against citizen activism on behalf the Chamber of Commerce and other corporations.

The proposal also highlights the JSOC experience of one Palantir team member.

He commanded multiple Joint Special Operations Command outstations in support of the global war on terror. Doug ran the foreign fighter campaign on the Syrian border in 2005 to stop the flow of suicide bombers into Baghdad and helped to ensure a successful Iraqi election. As a commander, Doug ran the entire intelligence cycle: identified high-level terrorists, planned missions to kill or capture them, led the missions personally, then exploited the intelligence and evidence gathered on target to defeat broader enemy networks.

Berico’s statement (from their CEO, Guy Filippelli, whose experience as Special Assistant to the Director of National Intelligence was also highlighted in the proposal) denied they would proactively target any Americans and spun the project itself as “consistent with industry standards for this type of work.”

Berico Technologies is a technical and analytic services firm that helps organizations better understand information critical to their core operating objectives. Our leadership does not condone or support any effort that proactively targets American firms, organizations or individuals.

[snip]

Late last year, we were asked to develop a proposal to support a law firm. Our corporate understanding was that Berico would support the firm’s efforts on behalf of American companies to help them analyze potential internal information security and public relations challenges. Consistent with industry standards for this type of work, we proposed analyzing publicly available information and identifying patterns and data flows relevant to our client’s information needs.

Yet it was Berico Technologies’ Deputy Director who sent out these documents adopting a military targeting approach for responding to citizens engaging in free speech.

Chet Uber Contacted HBGary before He Publicized His Role in Turning in Bradley Manning

/in , /by

A reader found a very interesting email among the HBGary emails: Chet Uber emailed–after having tried to call–HBGary CEO Greg Hoglund on June 23, 2010.

> Sir,

>

>

>

> I would like to speak to Mr. Hoglund. My name is Chet Uber

> and I was given his name by common associates as someone I should speak with.

> The nature of our work is highly sensitive so no offense but I cannot explain

> the details of my call. I was given a URL and a phone number. I was not given

> his direct line and every time I try to get an attendant you phone system

> disconnects me. Would you please forward him this email to him. The links below

> are new and as much information as we have ever made public.

>

>

>

> Sorry for the mystery but in my world we are careful about

> our actions and this is something interpreted as rudeness. I am being polite,

> so any cooperation you can provide is greatly appreciated.

Uber copies himself, Mark Rasch, George Johnson, and Mike Tomasiewicz, and sends links to two stories about Project Vigilant, which had been posted on the two proceeding days.

In response to the email, Hoglund asks Bob Slapnick to check Uber out with someone at DOD’s CyberCrime Center.

Chet Uber, as you’ll recall, is the guy who held a press conference at DefCon on August 1 to boast about his role in helping Adrian Lamo turn Bradley Manning in to authorities. Mark Rasch is the former DOJ cybercrimes prosecutor who claims to be Project Vigilant’s General Counsel and who says he made key connections with the government on Manning.

Mind you, the multiple versions of Uber’s story of his involvement in turning in Manning are inconsistent. At least a couple versions have Lamo calling Uber in June, after Manning had already been arrested.

So there are plenty of reasons to doubt the Lamo and Uber story. And security insiders have suggested the whole Project Vigilant story may be nothing more than a publicity stunt.

Furthermore, this email may be more of the same. Uber may have been doing no more than cold-calling Hoglund just as he was making a big publicity push capitalizing on the Manning arrest.

But consider this.

Lamo’s conversations with Manning have always looked more like the coached questions of someone trying to elicit already-suspected details than the mutual boasting of two hackers. Because of that and because of the inconsistencies and flimsiness of the Project Vigilant story, PV all looked more like a cover story for why Lamo would narc out Bradley Manning than an accurate story. And Uber’s email here and his DefCon press conference may well be publicity stunts. But then, that’s what Aaron Barr’s research on Anonymous was supposed to be: a widely publicized talk designed to bring new business. But a key part of the PV story was the claim that Adrian Lamo had volunteered with the group working on “adversary characterization.”

Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups. He helped define the roles, tools and methods intruders would use to conduct such attacks.

While it is described as more technical, that’s not all that different from what Aaron Barr was doing with social media on Anonymous.

One more thing. Consider what DOJ has been doing since the time Lamo turned in Manning and now: asking social media providers for detailed information about a network of people associated with Wikileaks. That is, DOJ appears to have been doing with additional legal tools precisely what Barr was doing with public sources.

That’s likely all a big coinkydink. But these security hackers all seem to love turning their freelance investigations into big publicity stunts.

From the ChamberPot: Number Two

/in , /by

The Chamber of Commerce has tried to craft another non-denial denial that they engaged a bunch of private spooks to spy on people like Brad Friedman.

But it’s still a non-denial denial.

Once again, they emphasize that they didn’t pay HBGary.

The U.S. Chamber never hired or solicited proposals from HBGary, Palantir or Berico, the security firms being talked about on the web.

[snip]

No money, for any purpose, was paid to any of those three private security firms by the Chamber, or by anyone on behalf of the Chamber, including Hunton and Williams.

But as I already pointed out, that’s because they got HBGary and its partners to work for free for a month or more. Free work on the Chamber’s behalf is still work on the Chamber’s behalf.

But their more interesting tack in this re-nondenial-denial is in how they characterize HBGary (and Palantir and Berico’s) plot to spy on Chamber’s enemies. As with their last nondenial denial, they emphasize the proposal written on October 29 for Hunton & Williams rather than discussing the plot itself.

HBGary’s proposal, which has been written about by ThinkProgress, was not requested by the Chamber, it was not delivered to the Chamber, and it was never discussed with anyone at the Chamber.

Emails show the discussions with the Chamber itself happened weeks after this proposal.

Finally, like Palantir and Berico did in their apologies, the Chamber blamed it all on HBGary.

The leaked e-mails appear to show that HBGary was willing to propose questionable actions in an attempt to drum up business, but the Chamber was not aware of these proposals until HBGary’s e-mails leaked.

Note how vague this is? Note how it portrays the spying HBGary (and others) planned as “willing to propose,” rather than, as the emails show, “did propose?”

We shall see what the status of the proposals were when the Chamber bought off on its free pilot with these security companies.

But once again, the Chamber does not deny that it was working with HBGary to spy on anti-Chamber activists.

Palantir Tries to Preserve Their Government Contracts

/in , /by

In a post I’ll write some day, I will show how the WikiLeaks cables show that every time a partner government threatens to use the high tech intelligence toys we share with it–notably our telecommunication wiretapping–to spy on domestic opponents, the Obama Administration makes a very concerted effort to disavow such efforts (if not end the partnership).

Which is why I find it so interesting that the CEO of Palantir Technologies just apologized to Glenn Greenwald for (I guess) allowing HBGary to target him for an oppo research and attack on his credibility.

“As the Co-Founder and CEO of Palantir Technologies, I have directed the company to sever any and all contacts with HB Gary,” the statement starts.

Dr. Karp explains that Palantir Technologies provides a software analytic platform for the analysis of data. They do not provide – “nor do we have any plans to develop” – offensive cyber capabilities.

In addition, the statement says that Palantir does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called cyber attacks, or take other offensive measures.

“I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities. Moreover, we as a company, and I as an individual, always have been deeply involved in supporting progressive values and causes. We plan to continue these efforts in the future,” Dr. Karp added.

“The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties. Furthermore, personally and on behalf of the entire company, I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”

Somehow,Dr. Karp forgot to apologize to Brad Friedman, another journalist WBGary–in projects bid in partnership with Palantir–has targeted.

As a reminder, Palantir Technologies is one of the two other security firms that HBGary partnered with to try to get spying business with Bank of America and the Chamber of Commerce.

But perhaps more relevant is Palantir’s primary focus: working with the national security apparatus. They’ve done at least $6,378,332 in business with entities like SOCOM and FBI in the last several years. And while they say they have no plans to adopt “offensive cyber capabilities,” that’s not to say they’re not helping the government analyze data on our presumed enemies.

I would imagine Palantir has pretty good reason to know that the government will not do business with a contractor using the same technologies to target Glenn Greenwald (and maybe Brad Friedman).

At least not publicly. Remember–DOJ recommended Hunton & Williams (which put Palantir and HBGary together for the bid) to Bank of America.

From the ChamberPot: A Carefully Worded Nondenial Denial

/in , /by

The Chamber of Commerce has responded to ThinkProgress’ reporting of the Chamber’s discussions with Hunton & Williams about an intelligence campaign against USChamberWatch and other anti-Chamber efforts. It purports to deny any connection with Hunton & Williams and HBGary.

More Baseless Attacks on the Chamber

by Tom Collamore

We’re incredulous that anyone would attempt to associate such activities with the Chamber as we’ve seen today from the Center for American Progress. The security firm referenced by ThinkProgress was not hired by the Chamber or by anyone else on the Chamber’s behalf. We have never seen the document in question nor has it ever been discussed with us.

While ThinkProgress and the Center for American Progress continue to orchestrate a baseless smear campaign against the Chamber, we will continue to remain focused on promoting policies that create jobs.

But it does no such thing.

First, note what they are denying:

  1. The “security firm” referenced by TP was not hired by the Chamber or by anyone else on the Chamber’s behalf
  2. “We have never seen “the document in question”

By “security firm,” it presumably means HBGary, the one of the three security firms involved that got hacked.

Note, first of all, that they’re not denying hiring Hunton & Williams, the law firm/lobbyist which they hired last year to sue the Yes Men. They’re not even denying that they retain Hunton & Williams right now.

What they’re denying is that they–or, implicitly, Hunton & Williams, on their behalf–hired HBGary.

But as I suggested in my last post on this, they are not paying HBGary (or Hunton & Williams) for the work they’re doing right now; they’re all working on spec, to get the business (business which I’m guessing they’re not going to get).

Read more

Hacked Documents Show Chamber Engaged HBGary to Spy on Unions

/in /by

(photo: Timothy Valentine; Edited: Lance Page / t r u t h o u t)

[Ed: Read the documents about the US Chamber’s plan to spy on unions.]

I noted yesterday how mind-numbingly ignorant analysis of Glenn Greenwald’s motivation as a careerist hack that was provided by HBGary. And if the allegations in the excerpts of former WikiLeaks volunteer Daniel Domscheit-Berg’s book are accurate, HBGary’s analysis about WikiLeaks itself is even more ignorant.

Add in the fact that this “security” company got hacked in rather embarrassing fashion.

Which, I’m guessing, is going to cause the Chamber of Commerce to rethink the spying work with HBGary it apparently has been considering.

Let me start with this caveat: what follows is based on emails available by Torrent. The parties in this affair are making claims and counterclaims about the accuracy of what is in there.

But it appears that back in November the same parties involved in the pitch to Bank of America–Palantir, HBGary Federal, and Berico Technologies working through Hunton and Williams–started preparing a pitch to the Chamber of Commerce. At that point, HBGary started researching anti-Chamber groups StoptheChamber.com and USChamberWatch. At one point, HBGary maps the connections between SEIU, Change to Win, and USChamberWatch as if he’s found gold.

By the end of November, Barr starts working on a presentation outlining the difference between StoptheChamber and USChamberWatch, as well as “a link chart of key people in the distribution of information, background information on each individual and ways to counteract their effect on group.”

On January 13, HBGary believed they had signed a contract.

This afternoon an H&W courier is bringing over a CD with the data from H&W from phase 1. We are assuming that this means that phase 1 is a go (We’ll let you know once we confirm this) and I’m wondering how we will integrate that data. Should we bring the CD over to Tyson’s Corner?

On February 3, law firm H&W came back to the three security firms and told them they’d be doing their Phase I work on spec, until the Chamber had bought into the full project. At that point, the firms put together a plan including a proposed February 14 briefing.

In response, Aaron Barr boasted (as is his wont) that his upcoming presentation at BSides security conference on Anonymous should be proof enough.

Let them read about my talk in two weeks on my analysis of the anonymous group.

Should be proof enough. But willing to discuss.

Which gets us just about to the point where Barr blabs his mouth, this security firm is badly hacked, and the Chamber of Commerce’s efforts to use intelligence firms to investigate activists exposing the Chambers own work is revealed.

I’m guessing HBGary just lost that contract, how about you?

Update: TP has a related take on this, describing more about what the proposal is:

According to one document prepared by Team Themis, the campaign included an entrapment project. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,” to give to a progressive group opposing the Chamber, and then to subsequently expose the document as a fake to undermine the credibility of the Chamber’s opponents. In addition, the group proposed creating a “fake insider persona” to “generate communications” with Change to Win.

The Government’s Amended Twitter Order

/in /by

After successfully petitioning the court to unseal them, EFF has posted the motion to vacate, motion to unseal court records, and motion to unseal motions it filed in the government’s effort to get Twitter information on several people in its investigation of WikiLeaks. The first motion to unseal has a detail I didn’t know before: Twitter appears to have objected to the government’s first request as being too burdensome to provide, so it trimmed its request.

As reflected in the published order, the government originally requested a bunch of Twitter data relating to Wikileaks, Julian Assange, Bradley Manning, Jacob Appelbaum, Birgitta Jónsdóttir, Rop Gonggrijp, and Jacob Appelbaum, covering the period from November 1, 2009 though the request.

But then–presumably after December 14–the government agreed to narrow the request (the four “people” in this passage are Wikileaks, Appelbaum, Jónsdóttir, and Gonggrijp):

As a result of negotiations between Twitter and the government, to reduce the burden on Twitter and to recognize that Twitter does not have certain of the requested information, Movants understand that the government is presently restricting the time period of its request to November 15, 2009-June 1, 2010, and that the scope of the information sought has been limited to contact information for the four account holders, the addresses used each time Movants logged into their accounts, and information regarding DMs between the four Twitter accounts named in the Order.

The time limitation is not all that surprising: the government alleges that Manning’s illegal activities began on November 19. And they arrested him on May 29.

It’s the other limitations I find interesting: the government is content to get information on the whereabouts (IP Address) of each of the four each time they used Twitter during the period when Manning is alleged to have been leaking to Wikileaks. And, the government is asking to know the timing of each DM the four sent amongst themselves in that period.

Now, presumably the other social media companies the government requested similar information from have since turned it over. In other words, the government may well be happy to limit their request based on what it has already learned from companies less willing to protect their customers’ privacy than Twitter.

Nevertheless, at least from Twitter, they seem to be tracking just this small groups activities in intense form.

The Disinformation Campaign Bank of America Considered

/in /by

Wikileaks has posted the presentation three security companies–Palantir, HBGary Federal, and Berico Technologies–made to Bank of America, proposing to help it respond to Wikileaks.

In addition to the degree to which the proposal emphasizes the national security ties and military background of the employees of the company (particularly Berico), the presentation fleshes out what the companies proposed. Under potential proactive tactics, it lists:

  • Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates.
  • Search for leaks. Use social media to profile and identify risky behavior of employees.

Of particularly interest, they describe HBGary Federal’s abilities to conduct INFOOPS, including “influence operations” and “social media exploitation.”

In other words, in addition to proposing to conduct cyber attacks on Wikileaks’ European-based infrastructure (complete with a picture of WL’s bomb shelter-housed servers), the proposal appears to recommend that these companies be paid to troll social media, like Twitter, to not only “identify risky behavior of employees” but also, presumably, “push the radical and reckless nature of wikileaks activities.” You know–the kind of trolling we often see targeted at Glenn (and in recent days targeted against David House, who was also listed in this presentation).

In addition, the presentation proposes to create a concern over the security of the infrastructure. Interestingly, when additional newspapers in Europe got copies of the State cables (including Aftenposten), some people speculated that the files had come from a hack of Wikileaks servers. (Note how the slide above notes the disgruntled WL volunteers.)

That doesn’t mean we’re seeing this campaign in process. After all, Glenn has a ton of enemies on Twitter. And if the intent behind leaking additional copies of the cables was to suggest WL’s infrastructure had been hacked, that perception has largely dissipated as more and more newspapers get copies.

One final note: according to Tech Herald, the law firm pitching these firms, Hunton and Williams, was itself recommended to BoA by DOJ. As the presentation makes clear, these are significant government contractors. (Remember, we’re getting these documents because Anonymous hacked HBGary Federal, which was offering what it had collected to DOJ.) To what extent is what we’re seeing just an extension of what our own government is trying to combat Wikileaks?

Security Firms Pitching Bank of America on WikiLeaks Response Proposed Targeting Glenn Greenwald

/in , , /by

On Saturday, private security firm HBGary Federal bragged to the FT that it had discovered who key members of the hacking group Anonymous are. In response, Anonymous hacked HB Gary Federal and got 44,000 of their emails and made them publicly available.

You believe that you can sell the information you’ve found to the FBI? False. Now, why is this one false? We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve “extracted” is publicly available via our IRC networks. The personal details of Anonymous “members” you think you’ve acquired are, quite simply, nonsense.

So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you’re probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:

You have blindly charged into the Anonymous hive, a hive from which you’ve tried to steal honey. Did you think the bees would not defend it? Well here we are. You’ve angered the hive, and now you are being stung.

As TechHerald reports, among those documents was a presentation, “The Wikileaks Threat,” put together by three data intelligence firms for Bank of America in December. As part of it, they put together what they claimed was a list of important contributors to WikiLeaks. They suggested that Glenn Greenwald’s support was key to WikiLeaks’ ongoing survival.

The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.

One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.

Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.

“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.

As TechHerald notes, an earlier version of the slide said support from people like Glenn needed to be “attacked.”

Now aside from the predictable, but nevertheless rather shocking detail, that these security firms believed the best way to take WikiLeaks out was to push Glenn to stop supporting them, what the fuck are they thinking by claiming that Glenn weighs “professional preservation” against “cause”? Could they be more wrong, painting Glenn as a squeamish careerist whose loud support for WikiLeaks (which dates back far longer than these security firms seem to understand) is secondary to “professional preservation”? Do they know Glenn is a journalist? Do they know he left the stuffy world of law? Have they thought about why he might have done that? Are they familiar at all with who Glenn is? Do they really believe Glenn became a household name–to the extent that he did–just in December?

I hope Bank of America did buy the work of these firms. Aside from the knowledge that the money would be–to the extent that we keep bailing out Bank of America–taxpayer money, I’d be thrilled to think of BoA pissing away its money like that. The plan these firms are pushing is absolutely ignorant rubbish. They apparently know almost nothing about what they’re pitching, and have no ability to do very basic research.

Which is precisely the approach I’d love to see BoA use to combat whatever WikiLeaks has coming its way.

image_print