[ISN] HP security pro vowed to delete records

From: InfoSec News (alerts@private)
Date: Mon Oct 02 2006 - 23:01:49 PDT


http://www.adn.com/24hour/technology/story/3386963p-12455075c.html

By JORDAN ROBERTSON
AP Business Writer
October 2, 2006

SAN JOSE, Calif. (AP) - A Hewlett-Packard Co. security expert instructed 
an investigator to make "make absolutely sure" he deleted private phone 
records of non-HP employees obtained in the company's ill-fated effort 
to root out the source of boardroom leaks, a series of internal e-mails 
show.

Fred Adler, a former FBI agent working in HP's IT security 
investigations department, vowed in the Feb. 9 e-mail to investigator 
Arthur Molineaux that he would also delete records that were not the 
property of the computer and printer maker, according to congressional 
documents provided Monday to the Associated Press and other news 
outlets.

"As for the non-HP owned records you obtained and sent to me in an 
unsolicited, good faith attempt, please make absolutely sure you delete 
them as you stated you would," wrote Adler, who has previously been 
praised with another member of the security detail for sounding the 
alarms that HP's tactics might land it in legal trouble. "I will do the 
same."

An HP spokesman reached late Monday night declined to comment on the 
e-mail.

The e-mail was included in hundreds of pages of documents provided to 
the media by the congressional panel investigating HP's possibly 
criminal probe that has prompted the departure of three board members 
and three top employees.

To unmask the person who leaked private boardroom discussions to the 
media, HP investigators and third-party detectives combed through 
detailed phone logs of directors, journalists and former and current HP 
employees, and rummaged through trash, trailed targets when they went 
out of town.

Federal and state authorities are investigating whether HP insiders or 
contractors violated the law by obtaining the phone records through a 
shady practice known as "pretexting," in which the investigators 
impersonated their targets to trick the phone companies into coughing up 
private records.

In other revelations from the congressional documents, a private 
investigator hired by HP apparently contracted with a former reporter to 
develop a strategy for duping journalist Dawn Kawamoto of CNET's 
News.com into revealing her secret company source who divulged details 
of private boardroom discussions.

Kawamoto wrote a story based on an anonymous source, later identified as 
then-board member George Keyworth II, that detailed a private board 
retreat at a posh resort and prompted HP to renew a previously 
unsuccessful probe into boardroom leaks.

In an e-mail dated Feb. 6, Ronald DeLia of Security Outsourcing 
Solutions wrote to the HP team spearheading the probe, including 
then-ethics chief Kevin Hunsaker, Adler and others, that a former 
reporter named "Diane" suggested to him several strategies for tricking 
Kawamoto.

One recommended tactic to build trust was to send Kawamoto a tip with a 
piece of unannounced news set to break in the following days.

However, the investigators, who were planning to plant tracking software 
on the e-mail attachment to identify anyone it was forwarded to, were 
instructed to send the document at least 2 days before it is made public 
instead of just one, because "information obtained 2 days prior to its 
release has more of an 'insider feel,'" DeLia wrote.

"The reporter has to feel comfortable or have a sense the source is 
someone who has accurate information and is in a position to know," he 
wrote.

Also, HP investigators apparently coordinated with the company's media 
relations department to bait that e-mail with a juicy bit of unannounced 
real news in an attempt to "gain some major credibility" with Kawamoto, 
according to one e-mail from Hunsaker.

The investigators tried to lure the reporter with a piece of upcoming 
news concerning the appointment of a new leader for HP's handheld 
business unit, a plan that was cleared by then-Chairwoman Patricia Dunn, 
then-General Counsel Ann Baskins and Chief Executive Mark Hurd.

In e-mails between HP security team members on Feb. 8 and 9, the 
investigators detail plans for Bob Sherbin, HP's head of public 
relations, to send the press release to Hunsaker at least two days 
before the public announcement.

The security squad would then install the tracer technology and send the 
message to Kawamoto.

Reached late Monday, Sherbin said he didn't know about the tracer 
technology and believed the press release would be used properly.

"I was acting under instruction from senior management, and I had every 
reason to believe that the material would be used properly," Sherbin 
said.

But the investigators first needed approval from Dunn and Hurd, which 
came in a Feb. 9 e-mail from Dunn to Hunsaker and Baskins: "I spoke with 
Mark and he is on board with the plan to use the info on new handheld 
leader," Dunn wrote.

Hurd later testified that he approved the plan but said he didn't recall 
authorizing the use of the tracer technology, which is not generally 
considered illegal.

The rigged e-mail was launched later that day, and one member of the 
security detail, Anthony Gentilucci had trouble containing his 
excitement.

"This is like waiting for the Apollo 13 spacecraft to emerge from the 
dark side of the moon," said Gentilucci, who has since resigned from HP.

The company said later that the tracer trick was unsuccessful, possibly 
because the software failed or Kawamoto didn't open the attachment.

Four days later, on Feb. 13, HP officially announced the news contained 
in the message that it was making its handheld business a separate unit 
within its Personal Systems Group division, and that former Sun 
Microsystems executive Dave Rothschild would lead the unit. 

Copyright 2006, The Anchorage Daily News


_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html



This archive was generated by hypermail 2.1.3 : Mon Oct 02 2006 - 23:15:59 PDT