Data Intelligence Firms Proposed a Systematic Attack Against WikiLeaks

Published on
by
The Tech Herald

Data Intelligence Firms Proposed a Systematic Attack Against WikiLeaks

by
Steve Ragan

Data intelligence firms proposed a systematic attack against WikiLeaks. (IMG: WikiLeaks)

After a tip from Crowdleaks.org, The Tech Herald has learned that HBGary Federal, as well as two other data intelligence firms, worked to develop a strategic plan of attack against WikiLeaks. The plan included pressing a journalist in order to disrupt his support of the organization, cyber attacks, disinformation, and other potential proactive tactics.

The tip from Crowdleaks.org is directly related to the highly public attack on HBGary, after Anonymous responded to research performed by HBGary Federal COO, Aaron Barr. Part of Anonymous’ response included releasing more than 50,000 internal emails to the public. For more information, the initial coverage is here.

What was pointed out by Crowdleaks is a proposal titled “The WikiLeaks Threat” and an email chain between three data intelligence firms. The proposal was quickly developed by Palantir Technologies, HBGary Federal, and Berico Technologies, after a request from Hunton and Williams, a law firm that currently counts Bank of America as a client.

The law firm had a meeting with Bank of America on December 3. To prepare, the firm emailed Palantir and the others asking for “…five to six slides on Wikileaks - who they are, how they operate and how this group may help this bank.”

Hunton and Williams were recommended to Bank of America’s general council by the Department of Justice, according to the email chain viewed by The Tech Herald. The law firm was using the meeting to pitch Bank of America on retaining them for an internal investigation surrounding WikiLeaks.

“They basically want to sue them to put an injunction on releasing any data,” an email between the three data intelligence firms said. “They want to present to the bank a team capable of doing a comprehensive investigation into the data leak.”

Hunton and Williams would act as outside council on retainer, while Palantir would take care of network and insider threat investigations. For their part, Berico Technologies and HBGary Federal would analyze WikiLeaks.

“Apparently if they can show that WikiLeaks is hosting data in certain countries it will make prosecution easier,” the email added.

In less than 24-hours, the three analytical companies created a presentation filled with publically available information and ideas on how the firms could be “deployed” against WikiLeaks “as a unified and cohesive investigative analysis cell.”

On January 2, The New York Times wrote about a late night conference call held by Bank of America executives on November 30. The reason for the call was to deal with a statement given by WikiLeaks’ Julian Assange on November 29, where he said that he intended to “take down” a major American bank. The country’s third largest financial institution needed to get the jump on WikiLeaks, so they started scouring thousands of documents, and auditing physical assets.

Shortly after the late night conference call, the email from Hunton and Williams was sent. Booz Allen Hamilton, according to the Times, was the firm brought in to help manage the bank’s internal review.

A month after the proposal for the initial December meeting on WikiLeaks was created, email messages from HBGary Federal show plans for a meeting with Booz Allen Hamilton. The meeting was set after Barr emailed Hunton and Williams about information he was gathering on WikiLeaks and Anonymous. Later, this information would be the direct cause of Anonymous’ attack on HBGary.

On page two you will find an overview of the proposal developed by the three data intelligence firms.

Note: There were several drafts of the proposal created before the sixth and final version was delivered. The emails released by Anonymous contain each of them. Most of the changes are formatting related and minor corrections.

The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.

One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.

Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.

“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.

 

[Earlier drafts of the proposal and an email from Aaron Barr used the word "attacked" over "disrupted" when discussing the level of support.]

The proposal continues by listing the strengths and weaknesses of WikiLeaks. For the strong points, there is the global WikiLeaks following and volunteers. Outlining the weaknesses, the proposal lists financial pressure - due to the companies refusing to process WikiLeaks’ donations at the time - and discord among some of the WikiLeaks members.

“Despite the publicity, WikiLeaks is NOT in a healthy position right now,” an early draft of the proposal noted. “Their weakness [sic] are causing great stress in the organization which can be capitalized on.”

Some of the things mentioned as potential proactive tactics include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error.

“Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.”

 

 

After the tactics are discussed, the proposal outlines the highlights for each of the three data intelligence firms. From there, it concludes that in the new age of mass social media, the insider threat represents an ongoing and persistent threat “even if WikiLeaks is shut down.”

“Traditional responses will fail; we must employ the best investigative team, currently employed by the most sensitive of national security agencies.”

The emails released by Anonymous make no mention of the proposal’s success or failure. Aside from a single meeting confirmation with Booz Allen Hamilton, and an email that expressed hope that HBGary was going to “close the BOA deal”, there is no other data available.
 

Since the attack on their company, HBGary has issued a single statement via their website, and declined to comment when questioned by several news organizations.

“HBGary, Inc and HBGary Federal, a separate but related company, have been the victims of an intentional criminal cyberattack. We are taking this crime seriously and are working with federal, state, and local law enforcement authorities and redirecting internal resources to investigate and respond appropriately,” the statement reads.

“To the extent that any client information may have been affected by this event, we will provide the affected clients with complete and accurate information as soon as it becomes available. Meanwhile, please be aware that any information currently in the public domain is not reliable because the perpetrators of this offense, or people working closely with them, have intentionally falsified certain data.”

While some of the information in the public domain may be false, the emails and documents seen by The Tech Herald certainly look legitimate. It is unlikely that Anonymous would bother to forge 50,000 emails, in addition to the screen shots of internal software, PDF files, Word Documents, or PowerPoint slides released to the public.

However, on Tuesday evening, HBGary’s accusal that Anonymous was falsifying information started another round of rage on IRC, where some who associate under the banner of Anonymous gather.

As a result, there are rumors that more emails will be released in the coming days, including those belonging to Greg Hoglund, the co-founder of HBGary.

Share This Article

More in: