Posts

Richard Clarke: The Chamber Broke the Law

I’m really deep in the weeds on the Jack Goldsmith memo right now (I should have a weedy post up later).

But in case you’re bored w/bmaz’s rant about the assault on Miranda rights, I thought I’d point to this TP post describing Richard Clarke suggesting that the Chamber of Commerce (funded by foreign sources, he notes) may have broken the law in targeting Chamber opponents.

Clarke denounced the scandal in no uncertain terms. Noting accurately that the Chamber “took foreign money in the last election,” a story also uncovered by ThinkProgress, Clarke said the Chamber had conspired to commit a “felony”:

FANG: Hi. You talked a lot about classifying and recognizing cyber security threats, but you mostly focused on foreign threats. I’m curious about a story that broke last month, that the US Chamber of Commerce, the world’s largest trade association, based here in DC, had contracted or attempted to contract military defense firms like HB Gary Federal, Palantir, and Berico, to develop proposals to use the same type of cyber warfare tactics normally reserved for Jihadi websites against left-wing activists, trade — labor unions, and left of center think tanks here in America. What do you think about that type of threat from a lobbyist or a corporation targeting political enemies, or perceived enemies here in the US?

CLARKE: I think it’s a violation of 10USC. I think it’s a felony, and I think they should go to jail. You call them a large trade association, I call them a large political action group that took foreign money in the last election. But be that as it may, if you in the United States, if any American citizen anywhere in the world, because this is an extraterritorial law, so don’t think you can go to Bermuda and do it, if any American citizen anywhere in the world engages in unauthorized penetration, or identity theft, accessing a number through identity theft purposes, that’s a felony and if the Chamber of Commerce wants to try that, that’s fine with me because the FBI will be on their doorstep in a matter of hours.

Now if only we had Feds anymore that would consider busting big business…

“Tactics Developed for Use against Terrorists May Have Been Unleashed against American Citizens”

Hmmm. “Tactics developed for use on terrorists may have been unleashed against citizens.” That sounds like something I would have written about the HB Gary scandal. Twice.

It’s nice to see some members of Congress understand what the entire problem with this scandal is about.

In a letter to be released Tuesday, Rep. Hank Johnson (D-Ga.) and more than a dozen other lawmakers wrote that the e-mails appear “to reveal a conspiracy to use subversive techniques to target Chamber critics,” including “possible illegal actions against citizens engaged in free speech.”

The lawmakers say it is “deeply troubling” that “tactics developed for use against terrorists may have been unleashed against American citizens.”

[snip]

The companies proposed forming a “corporate information reconnaissance cell” and discussed tactics such as creating online personas to infiltrate activist Web sites; planting false information to embarrass U.S. Chamber Watch and other groups; and trolling for personal information using powerful computer software.

You almost wonder whether this is why Aaron Barr resigned? To try to stave off attention to how common it is for corporations to treat citizen speech as terrorism?

HB Gary CEO Aaron Barr Resigns

He’ll probably just get picked up by TASC, which was about to buy out HB Gary Federal anyway. But I do take some pleasure at his recognition that his reputation is for shit.

Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.

[snip]

In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack.

“I need to focus on taking care of my family and rebuilding my reputation,” Barr said in a phone interview. “It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

Good riddance, I say!

Chet Uber Contacted HBGary before He Publicized His Role in Turning in Bradley Manning

A reader found a very interesting email among the HBGary emails: Chet Uber emailed–after having tried to call–HBGary CEO Greg Hoglund on June 23, 2010.

> Sir,

>

>

>

> I would like to speak to Mr. Hoglund. My name is Chet Uber

> and I was given his name by common associates as someone I should speak with.

> The nature of our work is highly sensitive so no offense but I cannot explain

> the details of my call. I was given a URL and a phone number. I was not given

> his direct line and every time I try to get an attendant you phone system

> disconnects me. Would you please forward him this email to him. The links below

> are new and as much information as we have ever made public.

>

>

>

> Sorry for the mystery but in my world we are careful about

> our actions and this is something interpreted as rudeness. I am being polite,

> so any cooperation you can provide is greatly appreciated.

Uber copies himself, Mark Rasch, George Johnson, and Mike Tomasiewicz, and sends links to two stories about Project Vigilant, which had been posted on the two proceeding days.

In response to the email, Hoglund asks Bob Slapnick to check Uber out with someone at DOD’s CyberCrime Center.

Chet Uber, as you’ll recall, is the guy who held a press conference at DefCon on August 1 to boast about his role in helping Adrian Lamo turn Bradley Manning in to authorities. Mark Rasch is the former DOJ cybercrimes prosecutor who claims to be Project Vigilant’s General Counsel and who says he made key connections with the government on Manning.

Mind you, the multiple versions of Uber’s story of his involvement in turning in Manning are inconsistent. At least a couple versions have Lamo calling Uber in June, after Manning had already been arrested.

So there are plenty of reasons to doubt the Lamo and Uber story. And security insiders have suggested the whole Project Vigilant story may be nothing more than a publicity stunt.

Furthermore, this email may be more of the same. Uber may have been doing no more than cold-calling Hoglund just as he was making a big publicity push capitalizing on the Manning arrest.

But consider this.

Lamo’s conversations with Manning have always looked more like the coached questions of someone trying to elicit already-suspected details than the mutual boasting of two hackers. Because of that and because of the inconsistencies and flimsiness of the Project Vigilant story, PV all looked more like a cover story for why Lamo would narc out Bradley Manning than an accurate story. And Uber’s email here and his DefCon press conference may well be publicity stunts. But then, that’s what Aaron Barr’s research on Anonymous was supposed to be: a widely publicized talk designed to bring new business. But a key part of the PV story was the claim that Adrian Lamo had volunteered with the group working on “adversary characterization.”

Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups. He helped define the roles, tools and methods intruders would use to conduct such attacks.

While it is described as more technical, that’s not all that different from what Aaron Barr was doing with social media on Anonymous.

One more thing. Consider what DOJ has been doing since the time Lamo turned in Manning and now: asking social media providers for detailed information about a network of people associated with Wikileaks. That is, DOJ appears to have been doing with additional legal tools precisely what Barr was doing with public sources.

That’s likely all a big coinkydink. But these security hackers all seem to love turning their freelance investigations into big publicity stunts.

The HBGary Scandal: Using Counterterrorism Tactics on Citizen Activism

As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.

ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.

Barr Says He’s Done this with Terrorists

I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.

The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.

He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.

On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.

In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.

His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.

Read more

From the ChamberPot: A Carefully Worded Nondenial Denial

The Chamber of Commerce has responded to ThinkProgress’ reporting of the Chamber’s discussions with Hunton & Williams about an intelligence campaign against USChamberWatch and other anti-Chamber efforts. It purports to deny any connection with Hunton & Williams and HBGary.

More Baseless Attacks on the Chamber

by Tom Collamore

We’re incredulous that anyone would attempt to associate such activities with the Chamber as we’ve seen today from the Center for American Progress. The security firm referenced by ThinkProgress was not hired by the Chamber or by anyone else on the Chamber’s behalf. We have never seen the document in question nor has it ever been discussed with us.

While ThinkProgress and the Center for American Progress continue to orchestrate a baseless smear campaign against the Chamber, we will continue to remain focused on promoting policies that create jobs.

But it does no such thing.

First, note what they are denying:

  1. The “security firm” referenced by TP was not hired by the Chamber or by anyone else on the Chamber’s behalf
  2. “We have never seen “the document in question”

By “security firm,” it presumably means HBGary, the one of the three security firms involved that got hacked.

Note, first of all, that they’re not denying hiring Hunton & Williams, the law firm/lobbyist which they hired last year to sue the Yes Men. They’re not even denying that they retain Hunton & Williams right now.

What they’re denying is that they–or, implicitly, Hunton & Williams, on their behalf–hired HBGary.

But as I suggested in my last post on this, they are not paying HBGary (or Hunton & Williams) for the work they’re doing right now; they’re all working on spec, to get the business (business which I’m guessing they’re not going to get).

Read more