After a tip from Crowdleaks.org, The Tech Herald has learned that HBGary Federal, as well as two other data intelligence firms, worked to develop a strategic plan of attack against WikiLeaks. The plan included pressing a journalist in order to disrupt his support of the organization, cyber attacks, disinformation, and other potential proactive tactics.
The Tech Herald was able to get in touch with Glenn Greenwald for his reaction to being singled out in the WikiLeaks proposal. He called the report creepy and disturbing. Moreover, he commented that the suggestions for dealing with WikiLeaks, along with the assumption that the organization could be undermined, were “hard to take seriously.”
The listed mitigations, such as disinformation or submitting false documents, have been discussed before. In 2008, the Pentagon had similar ideas, so that aspect of the document was nothing new.
Greenwald, as a journalist, is a prolific writer on media topics. He is a harsh critic of political figures and the mainstream media. The suggestion made by the proposal that he would pick career over cause is “completely against” what he is about, he told us.
“The only reason I do what I do is because im free to put cause before career,” he said.
Pointedly, he reminded us that his work includes taking aim at political figures, which could be a source of professional leverage with scoops or favors, as well as news organizations who could offer him gainful employment. None of these actions paints a picture of a man who would pick career over his passion.
WikiLeaks is hosting an official mirror of the sixth and final draft of the report. You can see a copy here.
Palantir Technologies has severed all ties with HBGary Federal and issued an apology to reporter Glenn Greenwald. More details here.
Berico Technologies has cut ties as well. More information is here.
The tip from Crowdleaks.org is directly related to the highly public attack on HBGary, after Anonymous responded to research performed by HBGary Federal CEO, Aaron Barr. Part of Anonymous’ response included releasing more than 50,000 internal emails to the public. For more information, the initial coverage is here.
What was pointed out by Crowdleaks is a proposal titled “The WikiLeaks Threat” and an email chain between three data intelligence firms. The proposal was quickly developed by Palantir Technologies, HBGary Federal, and Berico Technologies, after a request from Hunton and Williams, a law firm that currently counts Bank of America as a client.
The law firm had a meeting with Bank of America on December 3. To prepare, the firm emailed Palantir and the others asking for “…five to six slides on Wikileaks - who they are, how they operate and how this group may help this bank.”
Hunton and Williams were recommended to Bank of America’s general counsel by the Department of Justice, according to the email chain viewed by The Tech Herald. The law firm was using the meeting to pitch Bank of America on retaining them for an internal investigation surrounding WikiLeaks.
“They basically want to sue them to put an injunction on releasing any data,” an email between the three data intelligence firms said. “They want to present to the bank a team capable of doing a comprehensive investigation into the data leak.”
Hunton and Williams would act as outside counsel on retainer, while Palantir would take care of network and insider threat investigations. For their part, Berico Technologies and HBGary Federal would analyze WikiLeaks.
“Apparently if they can show that WikiLeaks is hosting data in certain countries it will make prosecution easier,” the email added.
In less than 24-hours, the three analytical companies created a presentation filled with publically available information and ideas on how the firms could be “deployed” against WikiLeaks “as a unified and cohesive investigative analysis cell.”
On January 2, The New York Times wrote about a late night conference call held by Bank of America executives on November 30. The reason for the call was to deal with a statement given by WikiLeaks’ Julian Assange on November 29, where he said that he intended to “take down” a major American bank. The country’s third largest financial institution needed to get the jump on WikiLeaks, so they started scouring thousands of documents, and auditing physical assets.
Shortly after the late night conference call, the email from Hunton and Williams was sent. Booz Allen Hamilton, according to the Times, was the firm brought in to help manage the bank’s internal review.
A month after the proposal for the initial December meeting on WikiLeaks was created, email messages from HBGary Federal show plans for a meeting with Booz Allen Hamilton. The meeting was set after Barr emailed Hunton and Williams about information he was gathering on WikiLeaks and Anonymous. Later, this information would be the direct cause of Anonymous’ attack on HBGary.
On page two you will find an overview of the proposal developed by the three data intelligence firms.
Note: There were several drafts of the proposal created before the sixth and final version was delivered. The emails released by Anonymous contain each of them. Most of the changes are formatting related and minor corrections.
The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.
One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.
Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.
“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.
[Earlier drafts of the proposal and an email from Aaron Barr used the word 'attacked' over 'disrupted' when discussing the level of support.]
The proposal continues by listing the strengths and weaknesses of WikiLeaks. For the strong points, there is the global WikiLeaks following and volunteers. Outlining the weaknesses, the proposal lists financial pressure - due to the companies refusing to process WikiLeaks’ donations at the time - and discord among some of the WikiLeaks members.
“Despite the publicity, WikiLeaks is NOT in a healthy position right now,” an early draft of the proposal noted. “Their weakness [sic] are causing great stress in the organization which can be capitalized on.”
Some of the things mentioned as potential proactive tactics include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error.
“Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.”
After the tactics are discussed, the proposal outlines the highlights for each of the three data intelligence firms. From there, it concludes that in the new age of mass social media, the insider threat represents an ongoing and persistent threat “even if WikiLeaks is shut down.”
“Traditional responses will fail; we must employ the best investigative team, currently employed by the most sensitive of national security agencies.”
The emails released by Anonymous make no mention of the proposal’s success or failure. Aside from a single meeting confirmation with Booz Allen Hamilton, and an email that expressed hope that HBGary was going to “close the BOA deal”, there is no other data available.
Since the attack on their company, HBGary has issued a single statement via their website, and declined to comment when questioned by several news organizations.
“HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately,” the statement reads.
“To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available. Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.”
While some of the information in the public domain may be false, the emails and documents seen by The Tech Herald certainly look legitimate. It is unlikely that Anonymous would bother to forge 50,000 emails, in addition to the screen shots of internal software, PDF files, Word Documents, or PowerPoint slides released to the public.
However, on Tuesday evening, HBGary’s accusal that Anonymous was falsifying information started another round of rage on IRC, where some who associate under the banner of Anonymous gather.
As a result, there are rumors that more emails will be released in the coming days, including those belonging to Greg Hoglund, the co-founder of HBGary.