Posts

Themis Applies JSOC Techniques to Citizens “Extorting” from Corporate Clients

/in , /by

I have a feeling I’ll be doing a lot of these posts, showing how Hunton & Williams asked “Themis” (the three firm team of HBGary, Palantir, and Berico Technologies) to apply counterterrorism approaches to combat First Amendment activities.

This particular installment comes from an early presentation and accompanying proposal Themis prepared for Hunton & Williams. These documents were attached to an email dated November 2, 2010 sent out by Berico Technologies’ Deputy Director. He explains that the presentation and proposal would be briefed to H&W the following day.

The Powerpoint includes a slide describing the purpose of Themis’ pitch to H&W.

Purpose: Develop a corporate information reconnaissance service to aid legal investigations through the open source collection of information on target groups and individuals that appear organized to extort specific concessions through online slander campaigns.

Now, this is in the period when H&W was only beginning to discuss the Chamber of Commerce project with Themis, long before the BoA pitch. That is, this is the period when they were discussing generalized opposition to Chamber of Commerce.

And of that they got “extortion”? “slander”?

Apparently the team members of Themis–several of whom, as veterans, would have sworn an oath to our Constitution–accepted the premise that union members and poorly financed liberals opposing the wholesale sellout of our politics to private corporations constituted “extortion” and “slander.”

These firms, two of which deny any ill will, were willing to describe political speech–the opposition of working people to the Chamber’s hijacking of our politics–as “extortion” and “slander.”

More shocking to me, though, is where the proposal uses a Special Operations model to describe what Themis planned to do for H&W. On a proposal bearing Berico Technologies’ document header, Themis places their proposed “Corporate Information Reconnaissance Cell” next to a Joint Special Operations Command F3EA “targeting cycle” with this explanation:

Team Themis will draw on our extensive operational and intelligence experience to rapidly make sense of the volumes of data we’ve collected through the application of proven analytical/targeting methodologies.  Drawing on the principles and processes developed and refined by JSOC in the “Find, Fix, Finish, Exploit, Analyze” (F3EA) targeting cycle, we will develop and execute a tailored CIRC intelligence cycle suited to enable rapid identification/understanding, refined collection/detection, focused application of effects, exploitation, and analysis/assessment.

Mind you, this is just a fancy graphic for “analysis”–the kind of stuff civilians do all the time. But Themis–led by Berico Technologies in this case–decided to brand it as a JSOC (Joint Special Operations Command) product, applying an American unconventional warfare model  to targeting political opponents engaging in free speech.

This is a bunch of veterans proposing to go to war against citizen activism on behalf the Chamber of Commerce and other corporations.

The proposal also highlights the JSOC experience of one Palantir team member.

He commanded multiple Joint Special Operations Command outstations in support of the global war on terror. Doug ran the foreign fighter campaign on the Syrian border in 2005 to stop the flow of suicide bombers into Baghdad and helped to ensure a successful Iraqi election. As a commander, Doug ran the entire intelligence cycle: identified high-level terrorists, planned missions to kill or capture them, led the missions personally, then exploited the intelligence and evidence gathered on target to defeat broader enemy networks.

Berico’s statement (from their CEO, Guy Filippelli, whose experience as Special Assistant to the Director of National Intelligence was also highlighted in the proposal) denied they would proactively target any Americans and spun the project itself as “consistent with industry standards for this type of work.”

Berico Technologies is a technical and analytic services firm that helps organizations better understand information critical to their core operating objectives. Our leadership does not condone or support any effort that proactively targets American firms, organizations or individuals.

[snip]

Late last year, we were asked to develop a proposal to support a law firm. Our corporate understanding was that Berico would support the firm’s efforts on behalf of American companies to help them analyze potential internal information security and public relations challenges. Consistent with industry standards for this type of work, we proposed analyzing publicly available information and identifying patterns and data flows relevant to our client’s information needs.

Yet it was Berico Technologies’ Deputy Director who sent out these documents adopting a military targeting approach for responding to citizens engaging in free speech.

Chet Uber Contacted HBGary before He Publicized His Role in Turning in Bradley Manning

/in , /by

A reader found a very interesting email among the HBGary emails: Chet Uber emailed–after having tried to call–HBGary CEO Greg Hoglund on June 23, 2010.

> Sir,

>

>

>

> I would like to speak to Mr. Hoglund. My name is Chet Uber

> and I was given his name by common associates as someone I should speak with.

> The nature of our work is highly sensitive so no offense but I cannot explain

> the details of my call. I was given a URL and a phone number. I was not given

> his direct line and every time I try to get an attendant you phone system

> disconnects me. Would you please forward him this email to him. The links below

> are new and as much information as we have ever made public.

>

>

>

> Sorry for the mystery but in my world we are careful about

> our actions and this is something interpreted as rudeness. I am being polite,

> so any cooperation you can provide is greatly appreciated.

Uber copies himself, Mark Rasch, George Johnson, and Mike Tomasiewicz, and sends links to two stories about Project Vigilant, which had been posted on the two proceeding days.

In response to the email, Hoglund asks Bob Slapnick to check Uber out with someone at DOD’s CyberCrime Center.

Chet Uber, as you’ll recall, is the guy who held a press conference at DefCon on August 1 to boast about his role in helping Adrian Lamo turn Bradley Manning in to authorities. Mark Rasch is the former DOJ cybercrimes prosecutor who claims to be Project Vigilant’s General Counsel and who says he made key connections with the government on Manning.

Mind you, the multiple versions of Uber’s story of his involvement in turning in Manning are inconsistent. At least a couple versions have Lamo calling Uber in June, after Manning had already been arrested.

So there are plenty of reasons to doubt the Lamo and Uber story. And security insiders have suggested the whole Project Vigilant story may be nothing more than a publicity stunt.

Furthermore, this email may be more of the same. Uber may have been doing no more than cold-calling Hoglund just as he was making a big publicity push capitalizing on the Manning arrest.

But consider this.

Lamo’s conversations with Manning have always looked more like the coached questions of someone trying to elicit already-suspected details than the mutual boasting of two hackers. Because of that and because of the inconsistencies and flimsiness of the Project Vigilant story, PV all looked more like a cover story for why Lamo would narc out Bradley Manning than an accurate story. And Uber’s email here and his DefCon press conference may well be publicity stunts. But then, that’s what Aaron Barr’s research on Anonymous was supposed to be: a widely publicized talk designed to bring new business. But a key part of the PV story was the claim that Adrian Lamo had volunteered with the group working on “adversary characterization.”

Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups. He helped define the roles, tools and methods intruders would use to conduct such attacks.

While it is described as more technical, that’s not all that different from what Aaron Barr was doing with social media on Anonymous.

One more thing. Consider what DOJ has been doing since the time Lamo turned in Manning and now: asking social media providers for detailed information about a network of people associated with Wikileaks. That is, DOJ appears to have been doing with additional legal tools precisely what Barr was doing with public sources.

That’s likely all a big coinkydink. But these security hackers all seem to love turning their freelance investigations into big publicity stunts.

The HBGary Scandal: Using Counterterrorism Tactics on Citizen Activism

/in /by

As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.

ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.

Barr Says He’s Done this with Terrorists

I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.

The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.

He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.

On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.

In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.

His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.

Read more

HBGary Fees: “Dam It Feels Good to Be a Gangsta”

/in , /by

One of the more interesting documents on HBGary et al’s partnership with the Chamber of Commerce details the prices they wanted to charge. Now, other emails make it clear that the Chamber balked at what the team originally proposed would be $2 million of work–the Chamber didn’t pay these rates (indeed, they probably haven’t paid for any of this).

But I was particularly interested in what HBGary’s Aaron Barr proposed charging for the work of what they called a “Social Media SME.”

Social media sme ($250 per hour) – experienced in social media link analysis. Personna development. Content management. Social media exploitation techniques.

This is a social media consultant, someone we know from the team’s plans they intended to deploy on Facebook and Twitter in false personas ultimately aiming to destroy the credibility of anti-Chamber activists.

These are just reasonably skilled trolls.

And for that, they wanted to charge $2,000 a day.

To put it in even more stark perspective, consider one ultimate target of the campaign: the men and women SEIU organizes pushing back against the anti-worker policies of the Chamber. Many of these workers–the kind of people who keep your building clean or care for you when you’re sickmake as little $12/hour or less (though the wages for nurses and other skilled medical care providers are higher).

These corporate spook assholes–in addition to targeting Americans for political activism–also think they’re worth 20 times as much as the people who care for the sick.

As the Palantir employee working with Barr on these numbers put it, “Most of all that we are the best money can buy! Dam it feels good to be a gangsta…..”

Palantir Tries to Preserve Their Government Contracts

/in , /by

In a post I’ll write some day, I will show how the WikiLeaks cables show that every time a partner government threatens to use the high tech intelligence toys we share with it–notably our telecommunication wiretapping–to spy on domestic opponents, the Obama Administration makes a very concerted effort to disavow such efforts (if not end the partnership).

Which is why I find it so interesting that the CEO of Palantir Technologies just apologized to Glenn Greenwald for (I guess) allowing HBGary to target him for an oppo research and attack on his credibility.

“As the Co-Founder and CEO of Palantir Technologies, I have directed the company to sever any and all contacts with HB Gary,” the statement starts.

Dr. Karp explains that Palantir Technologies provides a software analytic platform for the analysis of data. They do not provide – “nor do we have any plans to develop” – offensive cyber capabilities.

In addition, the statement says that Palantir does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called cyber attacks, or take other offensive measures.

“I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities. Moreover, we as a company, and I as an individual, always have been deeply involved in supporting progressive values and causes. We plan to continue these efforts in the future,” Dr. Karp added.

“The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties. Furthermore, personally and on behalf of the entire company, I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”

Somehow,Dr. Karp forgot to apologize to Brad Friedman, another journalist WBGary–in projects bid in partnership with Palantir–has targeted.

As a reminder, Palantir Technologies is one of the two other security firms that HBGary partnered with to try to get spying business with Bank of America and the Chamber of Commerce.

But perhaps more relevant is Palantir’s primary focus: working with the national security apparatus. They’ve done at least $6,378,332 in business with entities like SOCOM and FBI in the last several years. And while they say they have no plans to adopt “offensive cyber capabilities,” that’s not to say they’re not helping the government analyze data on our presumed enemies.

I would imagine Palantir has pretty good reason to know that the government will not do business with a contractor using the same technologies to target Glenn Greenwald (and maybe Brad Friedman).

At least not publicly. Remember–DOJ recommended Hunton & Williams (which put Palantir and HBGary together for the bid) to Bank of America.

From the ChamberPot: A Carefully Worded Nondenial Denial

/in , /by

The Chamber of Commerce has responded to ThinkProgress’ reporting of the Chamber’s discussions with Hunton & Williams about an intelligence campaign against USChamberWatch and other anti-Chamber efforts. It purports to deny any connection with Hunton & Williams and HBGary.

More Baseless Attacks on the Chamber

by Tom Collamore

We’re incredulous that anyone would attempt to associate such activities with the Chamber as we’ve seen today from the Center for American Progress. The security firm referenced by ThinkProgress was not hired by the Chamber or by anyone else on the Chamber’s behalf. We have never seen the document in question nor has it ever been discussed with us.

While ThinkProgress and the Center for American Progress continue to orchestrate a baseless smear campaign against the Chamber, we will continue to remain focused on promoting policies that create jobs.

But it does no such thing.

First, note what they are denying:

  1. The “security firm” referenced by TP was not hired by the Chamber or by anyone else on the Chamber’s behalf
  2. “We have never seen “the document in question”

By “security firm,” it presumably means HBGary, the one of the three security firms involved that got hacked.

Note, first of all, that they’re not denying hiring Hunton & Williams, the law firm/lobbyist which they hired last year to sue the Yes Men. They’re not even denying that they retain Hunton & Williams right now.

What they’re denying is that they–or, implicitly, Hunton & Williams, on their behalf–hired HBGary.

But as I suggested in my last post on this, they are not paying HBGary (or Hunton & Williams) for the work they’re doing right now; they’re all working on spec, to get the business (business which I’m guessing they’re not going to get).

Read more

Hacked Documents Show Chamber Engaged HBGary to Spy on Unions

/in /by

(photo: Timothy Valentine; Edited: Lance Page / t r u t h o u t)

[Ed: Read the documents about the US Chamber’s plan to spy on unions.]

I noted yesterday how mind-numbingly ignorant analysis of Glenn Greenwald’s motivation as a careerist hack that was provided by HBGary. And if the allegations in the excerpts of former WikiLeaks volunteer Daniel Domscheit-Berg’s book are accurate, HBGary’s analysis about WikiLeaks itself is even more ignorant.

Add in the fact that this “security” company got hacked in rather embarrassing fashion.

Which, I’m guessing, is going to cause the Chamber of Commerce to rethink the spying work with HBGary it apparently has been considering.

Let me start with this caveat: what follows is based on emails available by Torrent. The parties in this affair are making claims and counterclaims about the accuracy of what is in there.

But it appears that back in November the same parties involved in the pitch to Bank of America–Palantir, HBGary Federal, and Berico Technologies working through Hunton and Williams–started preparing a pitch to the Chamber of Commerce. At that point, HBGary started researching anti-Chamber groups StoptheChamber.com and USChamberWatch. At one point, HBGary maps the connections between SEIU, Change to Win, and USChamberWatch as if he’s found gold.

By the end of November, Barr starts working on a presentation outlining the difference between StoptheChamber and USChamberWatch, as well as “a link chart of key people in the distribution of information, background information on each individual and ways to counteract their effect on group.”

On January 13, HBGary believed they had signed a contract.

This afternoon an H&W courier is bringing over a CD with the data from H&W from phase 1. We are assuming that this means that phase 1 is a go (We’ll let you know once we confirm this) and I’m wondering how we will integrate that data. Should we bring the CD over to Tyson’s Corner?

On February 3, law firm H&W came back to the three security firms and told them they’d be doing their Phase I work on spec, until the Chamber had bought into the full project. At that point, the firms put together a plan including a proposed February 14 briefing.

In response, Aaron Barr boasted (as is his wont) that his upcoming presentation at BSides security conference on Anonymous should be proof enough.

Let them read about my talk in two weeks on my analysis of the anonymous group.

Should be proof enough. But willing to discuss.

Which gets us just about to the point where Barr blabs his mouth, this security firm is badly hacked, and the Chamber of Commerce’s efforts to use intelligence firms to investigate activists exposing the Chambers own work is revealed.

I’m guessing HBGary just lost that contract, how about you?

Update: TP has a related take on this, describing more about what the proposal is:

According to one document prepared by Team Themis, the campaign included an entrapment project. The proposal called for first creating a “false document, perhaps highlighting periodical financial information,” to give to a progressive group opposing the Chamber, and then to subsequently expose the document as a fake to undermine the credibility of the Chamber’s opponents. In addition, the group proposed creating a “fake insider persona” to “generate communications” with Change to Win.