While the government investigates why a 29-year-old worker at Booz Allen Hamilton had access to the extremely sensitive information that he leaked to The Washington Post and Britain’s The Guardian newspapers, other questions need answers. How does defense and intelligence contractor Booz Allen Hamilton keep the top secret sources and methods and information it gathers for the government segregated from its work for corporate clients? What prevents it from using counter-terrorism tools and information developed for the government to target enemies or competitors of its private clients?
Edward Snowden, a high-school dropout and computer whiz, managed to get enough security clearance that he was able to leak information to The Guardian about the National Security Agency’s top-secret program of mining data from U.S. phone call records. He leaked intelligence from the agency’s sensitive surveillance of online communications to The Guardian and The Washington Post.
Booz Allen has a history of at least considering ways to spy on private citizens on behalf of its corporate clients.
In February 2011, Booz Allen was implicated in an embarrassing exposure of emails discussing the hiring of three military intelligence contractors to spy on enemies of the Chamber of Commerce and Booz Allen’s client, Bank of America. Chamber critics that were to be targeted included U.S. Chamber Watch, a union-backed group founded to monitor the chamber, and liberal journalist Glenn Greenwald, then at Salon. In scores of emails that hackers posted on the Internet, three partners at Hunton & Williams law firm and representatives of the military intelligence contractors discussed dirty tricks, including creating false personas and fake documents to embarrass the Chamber’s critics. In one example, a false persona would be created through social media. A target would be “friended” on Facebook and then drawn into manipulated conversations that would prove embarrassing.
They also discussed a spy technique known as “spear fishing” or “phishing.” The technique secretly installs an attachment to someone’s email, which sends files from the target’s computer to the spear fisher’s computer. Aaron Barr, then chief executive officer of the now defunct HBGary Federal, working out of offices in Bethesda, Md., and one of the three intelligence contractors, explained phishing in an email. He was writing to Greg Hoglund, then chief executive officer of affiliated HBGary, based in Sacramento, Calif.
“Have … you seen an automated spear fishing capability in the wild?” Barr asked, saying he had picked a random person to target. “Quickly found his [T]witter, [F]acebook, [F]licker, [J]eep aficionado forum membership. Trips he made, friends, group interests, wife, kids, relatives, address, phone number kids schools, sports, etc. This would be too easy to automate and I think scarily effective. Within 10 minutes of manual research I had a significant amount of information about him (and felt a bit like a stalker). We should have capabilities to do this to our adversaries.”
The Chamber, Bank of America and HBGary have said they knew nothing about the discussions.
Along with HBGary Federal, Palantir, based in Palo Alto, Calif., and Berico Technologies, based in Reston, Va., formed the threesome of intelligence companies. They dubbed themselves “Team Themis.” Themis is the Greek goddess of divine law and order.
A controversial anti-secrecy website, WikiLeaks has released hundreds of thousands of classified military and diplomatic records. In late 2010 and early 2011 it was threatening to release a huge cache of data belonging to a major bank. It was widely believed WikiLeaks was talking about Bank of America because a year earlier the group’s leader, Julian Assange, said he obtained the hard-drive of one of Bank of America’s executives.
(Assange, who’s been taking refuge in an Ecuadorian embassy in London since August, has been praising Snowden as a hero and suggesting he go to Latin America. Meanwhile Army Private First Class Bradley Manning, 25, is on trial for leaking 700,000 files to WikiLeaks and could face life in prison.)
Back in January 2011, hours after Woods sent his “urgent” email to Barr about Bank of America, Booz Allen Senior Vice President Bill Wansley sent an email to Barr, apparently following up on a conversation they had.
“Nice talking to you,” Wansley wrote. “We will plan a meeting this Friday at 10:30 to discuss how you may be able to support our project.”
So how much don’t we know about who’s spying on whom?
It was only a bit of serendipity that brought these emails to light.
Barr, whom Chamber Watch describes as a “boundlessly ambitious former Navy cryptologist,” claimed to the Financial Times in February 2011 that he had uncovered the leaders of a group of computer hackers known as “Anonymous.” The group, which says it is loosely associated and has no leaders, denied the claim and retaliated by penetrating HBGary Federal’s computers and posting thousands of its emails on the Internet.
Is Booz Allen Hamilton’s data just as vulnerable as NSAs? James Fisher, a senior spokesman for Booz Allen, declined to comment on questions of corporate spying and referred National Security News Service to a news release stating that Booz Allen had fired Snowden.
“News reports that this individual has claimed to have leaked classified information are shocking, and, if accurate, this action represents a grave violation of the code of conduct and core values of our firm,” the news release says. “We will work with our clients and authorities in their investigation of this matter.”
Chamber Watch said in a memo to Natural Resources News Service for an earlier story that the discussions of spying on individuals were “frightening.”
“A consortium of private intelligence contractors has provided a frightening example of how the U.S. government’s military intelligence programs, vastly expanded in the wake of 9/11, can be turned against American citizens, public interests organizations, labor unions and journalists,” Chamber Watch said.