Over the weekend the increasingly lurid saga of HB Gary rolled on, giving a particularly illuminating insight into what might be called the banality of corporate evil.
For those who came in late, HB Gary Federal is the US computer security firm that last weekend, in what must be one of the most ill-judged moments in PR history, decided to draw attention to itself by boasting, via its executive Aaron Barr, that it had infiltrated Anonymous. In response, Anonymous promptly cracked HB Gary Federal’s system and helped itself to the company’s emails – several gigabytes worth – and helpfully made them available online. Even The New York Times has helped itself to a copy.
The emails are where the story stopped being about another episode in Anonymous’s storied history of bringing epic lulz, and started being about corporate America’s approach to its perceived enemies. As previously related in Crikey and elsewhere, the emails revealed a plan put together by three companies, including HB Gary Federal, to attack WikiLeaks and its supporters like Salon journalist Glenn Greenwald, using techniques including breaking into Wikileaks’ secure system.
The plan was initiated by a law firm working for the Bank of America, Hunton and Williams, which “pitched” the operation to the bank in December.
Get Crikey FREE to your inbox every weekday morning with the Crikey Worm.
Over the weekend, the other two companies, Palantir Technologies and Berico Technologies, both issued statements severing ties with HB Gary Federal. Palantir’s CEO Alex Karp apologized to Greenwald and “progressive organizations in general.” Bank of America also issued a statement denying it had hired HB Gary Federal to undertake any such work – although there was never any suggestion the company had been hired directly by BoA.
The Palantir and Berico statements put paid to the suggestion from the smoking ruins of HB Gary Federal that Anonymous had tampered with the emails.
But why did Karp apologise to “progressive organization in general”?
The WikiLeaks project wasn’t the only one Palantir was participating in with Berico, HB Gary and Hunton and Williams. As more outlets looked through the HB Gary emails, it was revealed there was also a project being developed for the US Chamber of Commerce to attack the Chamber’s opponents in the labor movement and other progressive organizations.
Part of this involved HB Gary scouring social media for information on individuals to be targeted. When Barr made his disastrous decision to boast about having “penetrated” Anonymous, the project had yet to commence, because Hunton and Williams had, according to Barr’s emails, baulked at the $2m price tag for the three companies, uncertain they could sell it to the Chamber of Commerce.
The emails suggest the Chamber of Commerce and Bank of America projects have been wrecked just at the moment when Barr seemed to be having some success. HB Gary’s market is where the National Security State, the “critical infrastructure” racket and corporate aggression intersect. Huge contracts with law enforcement and intelligence agencies beckon for the right companies offering cyber security and analytical tools.
Large companies eager to protect their electronic assets are willing to pay generously for the right expertise and work closely with governments. But the emails, stretching back to the middle of 2010, show a start-up company operating hand-to-mouth, sweating on whether it can make each week’s payroll as government contracts and sales prove elusive.
At one stage in June, Greg Hoglund, head of parent company HB Gary, dresses Barr down in an email, complaining he isn’t selling enough. “You are new to this owning-your-company thing – you need to be scraping and begging for business… I think I made a mistake in not being more involved in your day-2-day…” A former colleague at Northrop Grumman also chides Barr for adopting an approach that won’t maximize sales.
Thereafter, Barr seems to have decided that scouring social media for information is going to be his point of differentiation, the selling point he will use to drum up business in the competitive world of cyber security. He claims to develop techniques that can pack together social media information to enable even anonymous individuals to be identified and targeted.
Lower-level staff are highly skeptical and point out that his techniques don’t work, and, when he decides to target Anonymous, that he’s playing with fire. But Barr is undeterred, convinced he’s got an approach that will make the company more marketable in a tough environment.
As it turned out, Barr’s employee is correct – his techniques are rubbish. His “Anonymous” document is laughable, even claiming “Guy Fawkes” as a key member. (I spoke last week with Perth musician Alex Bunyip, who like me was identified on Barr’s list as a member of Anonymous. Alex has an even more tenuous connection with Anonymous than mine — some Anons like his band Die Zeitgeist).
But Barr manages to arrange a Financial Times article on how he infiltrated Anonymous, and the company prepares a triumphal blog post boasting of its victory over Anonymous. He gets phone calls from the FBI and other security agencies – at last they’re calling him, rather than him chasing them – and he intends to presents his material at a conference.
That was before Anonymous intervened.
Glenn Greenwald, in his lengthy and excellent response to the campaign against WikiLeaks and him, draws a larger lesson from it:
What is set forth in these proposals for Bank of America quite possibly constitutes serious crimes…. Yet these firms had no compunction about proposing such measures to Bank of America and Hunton & Williams, and even writing them down. What accounts for that brazen disregard of risk? In this world, law does not exist as a constraint. It’s impossible to imagine the DOJ ever, ever prosecuting a huge entity like Bank of America for doing something like waging war against WikiLeaks and its supporters. These massive corporations and the firms that serve them have no fear of law or government because they control each.
Greenwald states it baldly, but the only likely repercussions of these revelations will be the demise of HB Gary Federal for having demonstrated how unsecure its systems are, and having been publicly exposed.
In the decade since 9/11, the National Security State has created a vast, taxpayer-funded demand for security and surveillance services across the developed world. This has proved a boon not just for intelligence and law enforcement agencies, which have found their budgets endlessly expanding, but for security and surveillance companies and consultants, lured by large government contracts.
These companies routinely operate in a moral environment in which the abrogation of citizens’ rights is not merely incidental but wholly necessary to undertaking effective operations. That’s why some of the world’s biggest ICT companies are in business with the world’s most loathsome regimes, apparently free of any moral qualms about being so. After all, they only make the tools; it’s not up to them how they’re used or abused.
The skill set demanded by the National Security State is essentially the same as that required for corporate cyber security, another industry that has ramped up over the last decade. And from working with governments to abrogate citizens’ rights in the name of national security to working with large companies to attack critics in the name of free enterprise and job-creation is a relatively small step, especially when those companies regularly exchange personnel from the top tiers of politics and the bureaucracy and shared enemies like WikiLeaks are in view.
The sort of black ops intended for WikiLeaks and opponents of the US Chamber of Commerce unlikely to be atypical of an industry that depends heavily on governments and large corporations. The only thing unusual was that they were exposed.