Until recently, very little was known about the cyber security firm HBGary Federal. In general, the California-based contractor helped corporations learn about and discredit their detractors. But the extent to which the firm carried out that task was never fully understood until a group of hackers exposed tens of thousands of its internal company e-mails earlier this month. The emails have come to reveal the lengths large organizations are willing to go to to ward off and undermine critics, embarrassing in the process clients including Bank of America, the Chamber of Commerce and the Air Force. Here's what HBGary has been proposing to do (not all of the supposed clients have admitted their involvement):
Help Bank of America With Wikileaks In November, executives at Bank of America were on edge as rumors circulated that WikiLeaks was preparing to release thousands of damning documents about the financial institution. Observing an opportunity, HBGary CEO Aaron Barr pitched a plan to BofA's law firm, Hunton & Williams. According to the released documents, Barr wanted to team up with security firms Palantir and Berico Technologies and disgrace WikiLeaks by hacking into it and feeding the whistle-blower site fabricated documents. The company also suggested going after WikiLeaks supporters such as Salon's Glenn Greenwald. A presentation to the law firm noted that “Without the support of people like Glenn, WikiLeaks would fold.”
Help the Chamber of Commerce With Chamber Watch As we pointed out yesterday, the e-mails also reveal that HBGary tried to discredit the watchdog group US Chamber Watch, a dogged critic of the US Chamber of Commerce. Politico reports that the Chamber's law firm (again, Hunton & Williams), actively worked with HBGary. "To degrade [Chamber Watch’s] messaging capabilities and credibility would represent a huge win for the CoC and should be a focus," one e-mail read. The plan was to create a "fake insider persona" within Chamber Watch to make them publicize fabricated materials in an effor to "prove that U.S. Chamber Watch cannot be trusted with information and/or tell the truth."
Help the U.S. Air Force Win Hearts and Minds? Another revelation from the document dump was that the U.S. Air Force was seeking ways to manipulate social media to spread pro-government propaganda. After the request for proposal was issued, it caught the attention of HBGary. Information Week has the details:
The fake-personal social media contract would allow the government to "friend" real people on Facebook as a way to show support for pro-government messages, according to information revealed during the hack.
The software could cross-reference all available social media such as Facebook, Twitter, MySpace, and other services to collect data on real individuals, and then use this to gain access to users' social circles, according to the emails...
By using information -- such as their high schools, colleges, and home towns -- that users freely share on social networking sites, the Air Force could gain access to individual's social circles, creating a Classmates.com account at the same school and within the same graduating class, and then creating a Facebook account in the name of a real person who does not have a Facebook account, the email exchanges said. By friending someone with 300 to 500 friends, a fake persona easily can develop mutual friends before sending a friend request to the targeted individual, the emails said.
"When choosing to participate in social media, an individual is only as protected as his/her weakest friend," according to the documents.