[ISN] Spies, Lies & KPMG

From: InfoSec News (alerts@private)
Date: Mon Feb 19 2007 - 23:15:56 PST


By Eamon Javers
FEBRUARY 26, 2007

In the spring of 2005, Guy Enright, an accountant at KPMG Financial 
Advisory Services Ltd. in Bermuda, got a call from a man identifying 
himself in a crisp British accent as Nick Hamilton. Hamilton said he 
needed to see Enright about matters of utmost importance.

Over the course of two meetings, Hamilton led Enright to believe he was 
a British intelligence officer, according to a person familiar with the 
encounters. He told Enright he wanted information about a KPMG project 
that Hamilton said had national security implications for Britain. Soon, 
Enright, who was born in Britain, was depositing confidential audit 
documents in plastic containers at drop-off points designated by 

But Nick Hamilton was not an agent of Her Majesty's secret service, and 
the documents never found their way to the British government.

Nick Hamilton was in fact Nick Day, now 38, a onetime British agent and 
co-founder of Diligence Inc., a Washington private intelligence firm 
that counts William Webster, former director of the CIA and FBI, among 
its advisory board members. Diligence's client was not Britain's Queen, 
but Barbour Griffith & Rogers, one of the most formidable lobbying firms 
in Washington. Barbour Griffith represented a Russian conglomerate whose 
archrival, IPOC International Growth Fund Ltd., was being audited by 
KPMG's Bermuda office.

A 2006 scandal involving Hewlett-Packard Co. (HPQ ) put the issue of 
corporate espionage in the headlines. Diligence's methods, revealed in 
court documents and interviews by BusinessWeek, show how far some in the 
corporate investigation business will go.


Without denying this account of events in Bermuda, Diligence's Day says: 
"We've always respected the laws of the jurisdictions in which we 
operate." He adds that corporate intelligence firms like his provide an 
invaluable service. "We essentially help businesses deal with the risks 
of operating in challenging markets," Day says. "It's a role which 
government agencies don't necessarily have the resources or 
understanding to be able to fulfill."

>From the start, Diligence's goal was clear, if far from simple: 
Infiltrate KPMG to obtain advance information about the audit of IPOC, 
an investment fund based in Bermuda. Russian conglomerate Alfa Group 
Consortium hired Barbour Griffith & Rogers through a subsidiary, and the 
lobbying firm in turn hired Diligence. Alfa is dueling with IPOC for a 
large stake in the Russian telecom company MegaFon. "We have a good 
chance of success on this project," Day wrote in an internal Diligence 
memo, referring to the Bermuda espionage effort. The memo, which 
BusinessWeek reviewed, added: "We are doing it in a way which gives 
plausible deniability, and therefore virtually no chance of discovery." 
Similar Diligence operations, the memo noted, had been successful 

Within Diligence the KPMG campaign was dubbed Project Yucca, and it 
unfolded in stages, according to people familiar with the operation and 
documents filed in a court proceeding involving IPOC and Alfa in the 
British Virgin Islands. First, two Diligence employees contacted KPMG's 
Bermuda offices pretending to be organizers of a legal conference on the 
island, according to a person familiar with the operation. The Diligence 
staff members called KPMG secretaries and asked about how the office 
worked. Soon, Diligence had the names of a handful of KPMG employees who 
might have access to the IPOC data. But Diligence wanted to narrow the 

The intelligence firm was originally looking for people who fit one of 
two profiles for sources likely to leak the audit information, according 
to a Project Yucca planning memo. One personality type was a "male in 
his mid-20s who is somewhat bored...has a propensity to party hard, 
needs cash, enjoys risk, likes sports, likes women, is disrespectful of 
his managers, fiddles his expenses, but is patriotic." The memo 
described the second personality type as "a young female who is 
insecure, overweight, bitchy, not honest. Someone who spends money on 
her looks, clothes, gadgets. Has no boyfriend, and only superficial 
friends. Has a strong relationship with her mother." Apparently, no one 
on Diligence's list quite fit either profile, but the firm settled on 
Enright, the British-born accountant.

Enright soon got a call from Diligence's Nick Day, posing as Nick 
Hamilton, according to a person familiar with the situation. The two 
agreed to meet for lunch near the KPMG offices in Hamilton, Bermuda. At 
lunch, Day, who is dark-haired and has a warm smile, said the assignment 
he had in mind for Enright was top secret and involved Britain's 
national security. Day kept the conversation vague, never mentioning 
IPOC or the audit, according to the person familiar with the situation. 
Day told the accountant he would have to undergo a British government 
background check to ensure that he was up to the task. Day produced an 
official-looking--but fake--questionnaire with a British government seal 
at the top and asked for information about Enright's parents, his 
professional background, any criminal history, and political activities, 
according to a copy of the questionnaire reviewed by BusinessWeek. 
Enright provided the information.

Several weeks later the two men met again, this time in a local bar, 
says the person familiar with the events. Day, still calling himself 
Nick Hamilton, told war stories from what he said were his days in the 
Royal Navy's Special Boat Service, Britain's equivalent of the U.S. Navy 
SEALS. He then steered the conversation toward his real interest: What 
did Enright know about the KPMG audit of IPOC?

Soon, Enright was handing over confidential audit documents, including 
transcripts of interviews KPMG had conducted in the IPOC investigation, 
according to court documents on file in the British Virgin Islands and 
the source familiar with the events. Day picked out a rock in a field 
along Enright's 20-minute daily commute from his home in Elbow Beach and 
placed a plastic container under the rock, creating what spies call a 
dead drop site. At appointed times, Enright slipped new material into 
the container, which Day later retrieved. On one occasion, Enright left 
documents in the storage compartment of his moped, which he parked at 
his home. Enright had told Diligence employees where he hid the keys to 
the moped. When Enright left for a trip, Day collected the papers, 
according to the person familiar with the situation.

Day and Diligence took elaborate precautions to make sure Enright wasn't 
himself a plant or a corporate spy, people familiar with the events say. 
Diligence employees followed Enright from his office to every meeting 
with Day. A Diligence employee was at each meeting spot before the men 
arrived to determine whether Enright was using associates for 
surveillance. Enright was followed to his destinations when meetings 
ended. When Day left the meetings with Enright, the source says, the 
Diligence executive followed a process spies call dry cleaning, which 
was designed to detect whether Day was being followed. He walked a 
prescribed route through several narrow "choke points" that made it 
possible for Diligence employees to identify anyone who might have been 
tailing him.


Diligence was paid handsomely for its work. An invoice produced in a 
federal court proceeding in Washington involving IPOC and Diligence 
shows that Barbour Griffith was billed by Diligence "For Bermuda report 
and Germany work--A Telecom." Diligence was paid $25,000 a month, plus 
$10,000 a month for expenses, according to documents reviewed by 
BusinessWeek and an interview with a person familiar with the matter. 
The company was also paid a $60,000 bonus for acquiring the first draft 
of KPMG's audit of IPOC. Diligence's total take couldn't be determined.

The undercover Project Yucca ended after someone--it remains unclear 
who--dropped a bundle of papers at the Montvale (N.J.) office of KPMG on 
Oct. 18, 2005. The papers included Diligence business records and 
e-mails with details of Project Yucca.

On Nov. 10, 2005, KPMG Financial Advisory Services sued Diligence for 
fraud and unjust enrichment in U.S. District Court in Washington. On 
June 20, 2006, the case settled. Diligence paid KPMG $1.7 million, 
according to a person familiar with the settlement.

On June 15, 2006, IPOC sued both Diligence and Barbour Griffith & Rogers 
in the same District Court, alleging civil conspiracy, unjust 
enrichment, and other misdeeds. That case is pending. Gavin Houlgate, a 
spokesman for KPMG, declined comment, as did attorneys for KPMG at the 
New York law firm Hughes Hubbard & Reed. Kirill Babaev, a vice-president 
at Alfa's telecom arm in Moscow, said in a statement when asked about 
Alfa's involvement in the Diligence operation: "We are...not a party in 
any litigation with IPOC, and therefore cannot comment on any rumours or 
speculations in this regard."

Barbour Griffith & Rogers' most famous co-founder is Haley Barbour, who 
is now governor of Mississippi. Barbour left the lobbying firm in 2003, 
before the Diligence operation began. Another Barbour Griffith 
co-founder, Ed Rogers, was an early investor in Diligence. The lobbying 
firm rented space at its Pennsylvania Avenue offices to Diligence. 
Edward MacMahon, a lawyer for Barbour Griffith, says the firm has done 
nothing wrong and that no one affiliated with Barbour Griffith currently 
has an equity stake in Diligence. A person familiar with Diligence says 
the firm's shareholders are CEO Day, former U.S. Ambassador to Germany 
Richard Burt, Edward Mathias of Washington-based private equity firm 
Carlyle Group, and Buenos Aires private equity firm Exxel Group. Burt 
confirms he is Diligence's chairman but declines to discuss Project 
Yucca. Mathias confirms he is an investor in Diligence but says he is 
unaware of the Bermuda events. Exxel Group lists Diligence among its 
portfolio companies on its corporate Web site but did not respond to an 
e-mail seeking comment.

It's unclear whether Diligence broke any British or American laws. In an 
interview at his Washington office, Day says he and his firm always stay 
within the law but have learned much since 2005: "As an organization 
we've changed a lot as a result of everything we've been through in the 
last year." He says Diligence has "spent a lot of time training our 
staff as to what they can and cannot do."

In a statement to BusinessWeek, IPOC director Mads Braemer-Jensen said: 
"The fact that Alfa hired Barbour Griffith & Rogers and Diligence to use 
illegal and dishonest smear tactics against IPOC just shows that Alfa is 
trying to change the subject away from the fact that they stole from 
IPOC. We hope the U.S. and Bermuda law enforcement authorities will make 
note of this and take appropriate action against Alfa."

Guy Enright, who now works for Deloitte & Touche in London, declined 
repeated requests for comment on his relationship with Nick Day and his 
work on the IPOC audit. The terms of Enright's departure from KPMG 
couldn't be determined. But he apparently didn't come away empty-handed 
from his encounters with Nick Day.

As Project Yucca wound down in 2005, Day, still in the guise of Nick 
Hamilton, gave Enright a Rolex watch worth thousands of dollars, 
according to two people familiar with the present. Enright was led to 
believe it was a thank-you gift from the British government, but it, 
too, came from Diligence.

Copyright 2000- 2007 by The McGraw-Hill Companies Inc.
All rights reserved. 

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Mon Feb 19 2007 - 23:30:19 PST