http://www.businessweek.com/magazine/content/07_09/b4023070.htm By Eamon Javers FEBRUARY 26, 2007 INVESTIGATIONS In the spring of 2005, Guy Enright, an accountant at KPMG Financial Advisory Services Ltd. in Bermuda, got a call from a man identifying himself in a crisp British accent as Nick Hamilton. Hamilton said he needed to see Enright about matters of utmost importance. Over the course of two meetings, Hamilton led Enright to believe he was a British intelligence officer, according to a person familiar with the encounters. He told Enright he wanted information about a KPMG project that Hamilton said had national security implications for Britain. Soon, Enright, who was born in Britain, was depositing confidential audit documents in plastic containers at drop-off points designated by Hamilton. But Nick Hamilton was not an agent of Her Majesty's secret service, and the documents never found their way to the British government. Nick Hamilton was in fact Nick Day, now 38, a onetime British agent and co-founder of Diligence Inc., a Washington private intelligence firm that counts William Webster, former director of the CIA and FBI, among its advisory board members. Diligence's client was not Britain's Queen, but Barbour Griffith & Rogers, one of the most formidable lobbying firms in Washington. Barbour Griffith represented a Russian conglomerate whose archrival, IPOC International Growth Fund Ltd., was being audited by KPMG's Bermuda office. A 2006 scandal involving Hewlett-Packard Co. (HPQ ) put the issue of corporate espionage in the headlines. Diligence's methods, revealed in court documents and interviews by BusinessWeek, show how far some in the corporate investigation business will go. "PLAUSIBLE DENIABILITY" Without denying this account of events in Bermuda, Diligence's Day says: "We've always respected the laws of the jurisdictions in which we operate." He adds that corporate intelligence firms like his provide an invaluable service. "We essentially help businesses deal with the risks of operating in challenging markets," Day says. "It's a role which government agencies don't necessarily have the resources or understanding to be able to fulfill." >From the start, Diligence's goal was clear, if far from simple: Infiltrate KPMG to obtain advance information about the audit of IPOC, an investment fund based in Bermuda. Russian conglomerate Alfa Group Consortium hired Barbour Griffith & Rogers through a subsidiary, and the lobbying firm in turn hired Diligence. Alfa is dueling with IPOC for a large stake in the Russian telecom company MegaFon. "We have a good chance of success on this project," Day wrote in an internal Diligence memo, referring to the Bermuda espionage effort. The memo, which BusinessWeek reviewed, added: "We are doing it in a way which gives plausible deniability, and therefore virtually no chance of discovery." Similar Diligence operations, the memo noted, had been successful before. Within Diligence the KPMG campaign was dubbed Project Yucca, and it unfolded in stages, according to people familiar with the operation and documents filed in a court proceeding involving IPOC and Alfa in the British Virgin Islands. First, two Diligence employees contacted KPMG's Bermuda offices pretending to be organizers of a legal conference on the island, according to a person familiar with the operation. The Diligence staff members called KPMG secretaries and asked about how the office worked. Soon, Diligence had the names of a handful of KPMG employees who might have access to the IPOC data. But Diligence wanted to narrow the list. The intelligence firm was originally looking for people who fit one of two profiles for sources likely to leak the audit information, according to a Project Yucca planning memo. One personality type was a "male in his mid-20s who is somewhat bored...has a propensity to party hard, needs cash, enjoys risk, likes sports, likes women, is disrespectful of his managers, fiddles his expenses, but is patriotic." The memo described the second personality type as "a young female who is insecure, overweight, bitchy, not honest. Someone who spends money on her looks, clothes, gadgets. Has no boyfriend, and only superficial friends. Has a strong relationship with her mother." Apparently, no one on Diligence's list quite fit either profile, but the firm settled on Enright, the British-born accountant. Enright soon got a call from Diligence's Nick Day, posing as Nick Hamilton, according to a person familiar with the situation. The two agreed to meet for lunch near the KPMG offices in Hamilton, Bermuda. At lunch, Day, who is dark-haired and has a warm smile, said the assignment he had in mind for Enright was top secret and involved Britain's national security. Day kept the conversation vague, never mentioning IPOC or the audit, according to the person familiar with the situation. Day told the accountant he would have to undergo a British government background check to ensure that he was up to the task. Day produced an official-looking--but fake--questionnaire with a British government seal at the top and asked for information about Enright's parents, his professional background, any criminal history, and political activities, according to a copy of the questionnaire reviewed by BusinessWeek. Enright provided the information. Several weeks later the two men met again, this time in a local bar, says the person familiar with the events. Day, still calling himself Nick Hamilton, told war stories from what he said were his days in the Royal Navy's Special Boat Service, Britain's equivalent of the U.S. Navy SEALS. He then steered the conversation toward his real interest: What did Enright know about the KPMG audit of IPOC? Soon, Enright was handing over confidential audit documents, including transcripts of interviews KPMG had conducted in the IPOC investigation, according to court documents on file in the British Virgin Islands and the source familiar with the events. Day picked out a rock in a field along Enright's 20-minute daily commute from his home in Elbow Beach and placed a plastic container under the rock, creating what spies call a dead drop site. At appointed times, Enright slipped new material into the container, which Day later retrieved. On one occasion, Enright left documents in the storage compartment of his moped, which he parked at his home. Enright had told Diligence employees where he hid the keys to the moped. When Enright left for a trip, Day collected the papers, according to the person familiar with the situation. Day and Diligence took elaborate precautions to make sure Enright wasn't himself a plant or a corporate spy, people familiar with the events say. Diligence employees followed Enright from his office to every meeting with Day. A Diligence employee was at each meeting spot before the men arrived to determine whether Enright was using associates for surveillance. Enright was followed to his destinations when meetings ended. When Day left the meetings with Enright, the source says, the Diligence executive followed a process spies call dry cleaning, which was designed to detect whether Day was being followed. He walked a prescribed route through several narrow "choke points" that made it possible for Diligence employees to identify anyone who might have been tailing him. MYSTERY WHISTLEBLOWER Diligence was paid handsomely for its work. An invoice produced in a federal court proceeding in Washington involving IPOC and Diligence shows that Barbour Griffith was billed by Diligence "For Bermuda report and Germany work--A Telecom." Diligence was paid $25,000 a month, plus $10,000 a month for expenses, according to documents reviewed by BusinessWeek and an interview with a person familiar with the matter. The company was also paid a $60,000 bonus for acquiring the first draft of KPMG's audit of IPOC. Diligence's total take couldn't be determined. The undercover Project Yucca ended after someone--it remains unclear who--dropped a bundle of papers at the Montvale (N.J.) office of KPMG on Oct. 18, 2005. The papers included Diligence business records and e-mails with details of Project Yucca. On Nov. 10, 2005, KPMG Financial Advisory Services sued Diligence for fraud and unjust enrichment in U.S. District Court in Washington. On June 20, 2006, the case settled. Diligence paid KPMG $1.7 million, according to a person familiar with the settlement. On June 15, 2006, IPOC sued both Diligence and Barbour Griffith & Rogers in the same District Court, alleging civil conspiracy, unjust enrichment, and other misdeeds. That case is pending. Gavin Houlgate, a spokesman for KPMG, declined comment, as did attorneys for KPMG at the New York law firm Hughes Hubbard & Reed. Kirill Babaev, a vice-president at Alfa's telecom arm in Moscow, said in a statement when asked about Alfa's involvement in the Diligence operation: "We are...not a party in any litigation with IPOC, and therefore cannot comment on any rumours or speculations in this regard." Barbour Griffith & Rogers' most famous co-founder is Haley Barbour, who is now governor of Mississippi. Barbour left the lobbying firm in 2003, before the Diligence operation began. Another Barbour Griffith co-founder, Ed Rogers, was an early investor in Diligence. The lobbying firm rented space at its Pennsylvania Avenue offices to Diligence. Edward MacMahon, a lawyer for Barbour Griffith, says the firm has done nothing wrong and that no one affiliated with Barbour Griffith currently has an equity stake in Diligence. A person familiar with Diligence says the firm's shareholders are CEO Day, former U.S. Ambassador to Germany Richard Burt, Edward Mathias of Washington-based private equity firm Carlyle Group, and Buenos Aires private equity firm Exxel Group. Burt confirms he is Diligence's chairman but declines to discuss Project Yucca. Mathias confirms he is an investor in Diligence but says he is unaware of the Bermuda events. Exxel Group lists Diligence among its portfolio companies on its corporate Web site but did not respond to an e-mail seeking comment. It's unclear whether Diligence broke any British or American laws. In an interview at his Washington office, Day says he and his firm always stay within the law but have learned much since 2005: "As an organization we've changed a lot as a result of everything we've been through in the last year." He says Diligence has "spent a lot of time training our staff as to what they can and cannot do." In a statement to BusinessWeek, IPOC director Mads Braemer-Jensen said: "The fact that Alfa hired Barbour Griffith & Rogers and Diligence to use illegal and dishonest smear tactics against IPOC just shows that Alfa is trying to change the subject away from the fact that they stole from IPOC. We hope the U.S. and Bermuda law enforcement authorities will make note of this and take appropriate action against Alfa." Guy Enright, who now works for Deloitte & Touche in London, declined repeated requests for comment on his relationship with Nick Day and his work on the IPOC audit. The terms of Enright's departure from KPMG couldn't be determined. But he apparently didn't come away empty-handed from his encounters with Nick Day. As Project Yucca wound down in 2005, Day, still in the guise of Nick Hamilton, gave Enright a Rolex watch worth thousands of dollars, according to two people familiar with the present. Enright was led to believe it was a thank-you gift from the British government, but it, too, came from Diligence. Copyright 2000- 2007 by The McGraw-Hill Companies Inc. All rights reserved. ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Mon Feb 19 2007 - 23:30:19 PST