HBGary Federal, Team Themis, Hunton & Williams and the US Chamber of Commerce:
- Aaron Barr, HBGary Federal CEO, who spearheaded the company's attempts to discover the identity of members of Anonymous and whose emails were exposed by Anonymous in return, resigned on Feb. 28. Barr said he wanted to spend more time with his family and recover his reputation. The article linked also points out poor security practices within the company, including a general disregard of the importance of using distinct and complex passwords -- perhaps something else Barr could work on in his spare time, now.
- Within a day of Barr's resignation, three House Democrats called for an investigation into law firm Hunton & Williams as well as HBGary Federal, Berico Technologies and Palantir Technologies, together known as Team Themis, who worked together to develop the proposal for the Chamber, according to the memos leaked by Anonymous. Leading the group was Rep. Hank Johnson (D-Ga), who wrote that the emails appeared "to reveal a conspiracy to use subversive techniques to target Chamber critics," including "possible illegal actions against citizens engaged in free speech."
From the letter, addressed to the chairs of the House Committees on Oversight and Government Reform, Judiciary, Armed Services and the Select Committee on
We ask that your Committee immediately begin an investigation with hearings into the issues raised by recent reports alleging that three federal defense and intelligence agency datasecurity contractors, and a leading law firm, planned a “dirty-tricks” campaign that included possible illegal actions against citizens engaged in free speech.
A series of email messages recently published on the Internet indicates that defense datasecurity contractors HB Gary Federal, Palantir and Berico (collectively calling themselves “Team Themis”) and the law firm of Hunton & Williams planned a campaign to sabotage and discredit critics of the U.S. Chamber of Commerce, including U.S. Chamber Watch, the union federation Change to Win, the Center for American Progress, the Service Employees International Union and other organizations.
The published correspondence appears to reveal a conspiracy to use subversive techniques to target Chamber critics. The techniques may have been developed at U.S.government expense to target terrorists and other security threats. The emails indicate that these defense contractors planned to mine social network sites for information on Chamber critics; planned to plant “false documents” and “fake insider personas” that would be used to discredit the groups; and discussed the use of malicious and intrusive software (“malware”) to steal private information from the groups and disrupt their internal electronic communications. Given evidence of their proposal to infiltrate computer systems, discredit and disrupt the operations of U.S. advocacy groups, Team Themis and Hunton and Williams may have conspired to carry out or previously carried out actions in violation of federal law, including:
• Forgery under 10 USC §923
• Mail and Wire Fraud under 18 USC §1341 and 18 USC §1343
• Fraud and Related Activity in Connection with Computers 18 USC §1030
The possibility that any one of these crimes was committed warrants investigation. It is deeply troubling to think that tactics developed for use against terrorists may have been unleashed against American citizens.... At a minimum, we submit that the Committee may wish to obtain any correspondence and documents from the parties concerning the planned campaign and any other similar activities, including the government contracts under which the contractors in question have been paid millions of dollars....We must guarantee not just free spoken, print and broadcast media but unfettered Internet and electronic communication as well. Citizens who exercise their rights should not be the victims of illegal and insidious electronic attack any more than peaceful protestors should be the victims of intimidation or physical violence.
By March 6, 20 House Democrats had agreed to push for an investigation, which is unlikely to take place because of Republicans' own ties to the US Chamber of Commerce. During the 2010 election cycle, the US Chamber donated $23,500 to Republicans running for House seats and $65,500 to Republicans running in the Senate, as opposed to only $7,000 for House Democrats and $5,000 for Senate Democrats. The US Chamber also donated $23,000 to mostly Republican PACs; the organization's fundraising, much of which apparently was conducted through local branches here and abroad, raised questions of campaign funding propriety.
- Stop the Chamber and Velvet Revolution, two of the groups the US Chamber had targeted in its anti-criticism campaign, have filed a professional conduct complaint against Hunton & Williams with the D.C. Office of Bar Counsel at the Bar Association. The complaint seeks to have the attorneys disbarred for violations of the rules of professional conduct:
John W. Woods, Richard L. Wyatt Jr., and Robert T. Quackenboss are members of the District of Columbia Bar and employed by the firm, Hunton & Williams (“H&W”) in its Washington, D.C office. These lawyers, on behalf of their client, the United States Chamber of Commerce (“COC”), engaged, as the evidence below demonstrates, in an extended pattern of unethical behavior that included likely criminal conduct. Specifically, they solicited, conspired with and counseled three of its investigative private security firms to engage in domestic spying, fraud, forgery, extortion, cyber stalking, defamation, harassment, destruction of property, spear phishing, destruction of property, identity theft, computer scraping, cyber attacks, interference with business, civil rights violations, harassment, and theft.
In short, this unethical and criminal conduct involves “dishonesty, fraud, deceit, or misrepresentation” which violates the Rules of Professional Conduct, and undermines the rule of law, respect for the law and confidence in the law. Incredibly, as this conduct occurred from November 2010 through February 2011, in dozens of calls, emails, proposals, meetings and conferences, none of the H&W lawyers ever expressed any reservation or doubt about the unethical conduct proposed and committed by their investigators. In fact, they actively solicited and approved everything that was proposed and presented....
- In another matter arising from the leaked memos, an intellectual property attorney named Sean F. Kane apparently approached HBGary for help in "spiking" internet criticism of his client "by any means necessary". (original email at second link) There is no record at WikiLeaks of a reply to this, and Kane has made no comment on the matter. This makes me wonder whether HBGary had a reputation for "by any means necessary" action for other small, non-corporate and non-governmental clients, and what that might have included.
- According to more leaked memos, HBGary Inc. was also working on a new, undetectable and non-removable kind of Windows rootkit, which would allow an outside computer to take over a Windows computer and use its resources without the knowledge of the Windows computer's user. The project was named Magenta, and was forwarded to Ray Owen, president of Farallon Research LLC, a company whose mission is "to connect advanced commercial technologies and the companies that develop them with the requirements of the U.S. government." The company is located in San Francisco and northern Virginia -- and that's all the information available on them at their website, other than a nicely drawn map of the Farallon Islands.
This isn't the first time HBGary has created backdoors for the government. As well as working on backdoors with General Dynamics, the company created its own rootkit package years ago, which it made available for sale to customers. I am not a computer programmer; someone with more computing background might be interested in checking out that link and commenting on what it contains and the implications of this.
The Twitter Case:
On March 11, U.S. Magistrate Judge Theresa Buchanan issued an opinion for the government and against privacy in deciding that the Justice Department should have access to information on people associated with Wikileaks who have Twitter accounts. The judge denied any assertions of privacy claimed by the Electronic Freedom Foundation and the American Civil Liberties Union:
Buchanan rejected each of the arguments in quick succession, saying that there was no First Amendment issue because activists "have already made their Twitter posts and associations publicly available." The account holders have "no Fourth Amendment privacy interest in their IP addresses," she said, and federal privacy law did not apply because prosecutors were not seeking contents of the communications.
So, because the tweets are public, the accounts, private messages and information associated with them aren't private? Or the people with whom one communicates in private messages? Or the locations of those people, or their associations with others? At what point does private information begin? And isn't this just more of an unending fishing expedition to find something for the government to use against Julian Assange, or some way to connect him with PFC Bradley Manning?
The EFF and the ACLU plan to appeal the decision. The DOJ wanted information on the locations and persons involved in private messaging with the following accounts: Birgitta Jónsdóttir, a member of the Icelandic parliament; Seattle-based Wikileaks volunteer Jacob Appelbaum; and Dutch hacker and XS4ALL Internet provider co-founder Rop Gonggrijp. Information was also sought on Assange and Manning, suspected Wikileaks source, but neither of them were plaintiffs in this suit.
- According to Ars Technica, Anonymous says it hasn't been bothering HBGary since the release of the memos; it's busy elsewhere. HBGary has apparently continued to be the subject of harassment by someone claiming to be part of Anonymous, who sends snide memos about the company's security (or lack of it.)
- Forbes blog interviews the 16-year-old girl who hacked HBGary, or someone who says she is.