Hacked e-mails show Web's usefulness in dirty-tricks campaigns

By Dan Eggen
Washington Post Staff Writer
Monday, March 7, 2011; A03

Although much of K Street spends its time plying the halls of Congress on behalf of well-heeled clients, there is a growing dark side to Washington's lobbying and public relations industry: figuring out new ways to undermine and sabotage opponents.

This little-discussed aspect of the influence business came into view in recent weeks with the release of thousands of hacked corporate e-mails, which detail a pair of high-tech dirty-tricks campaigns aimed at supporters of WikiLeaks and foes of the U.S. Chamber of Commerce.

The plans were pitched by three federal contractors to lawyers at Hunton & Williams, a top-flight D.C. law and lobbying firm that works for the Chamber. Proposed tactics included creating fake personas online to fool Chamber critics, planting false electronic documents to undermine the credibility of activists, and using powerful computer tools to "scrape" Facebook and other social-media sites for personal information about Chamber foes, according to the e-mails.

Opposition research and assorted dirty tricks have long been a staple of politics in this country, from a smear campaign - backed by Thomas Jefferson - against John Adams in the 1800 presidential race to Richard Nixon's notorious efforts to steal Democratic Party secrets in the 1970s.

But many experts say the shadowy political intelligence business has become larger and more sophisticated as corporations, trade groups and political parties increasingly turn to computer sleuths to monitor and, in some cases, harass their detractors. The work almost always goes undetected and has been made easier with the rise of computer networks and social-media sites with relatively lax safeguards.

"It's classic opposition research in the digital age," said Cindy Cohn, legal director at the Electronic Frontier Foundation, a privacy advocacy group. "Whether they understand the ramifications or not, people are revealing a lot more about themselves on the Internet. It makes compiling information much less difficult."

Kenneth S. Springer, a former FBI agent and founder of Corporate Resolutions, said "technology has rewritten the book" on how to conduct background research, though he stressed that his company and other reputable investigative firms are careful to operate within the law.

"Investigations used to end with computers," Springer said. "Now that's where they begin."

The Chamber has said it had no knowledge of the spying proposals, calling them "abhorrent." Officials at the HBGary Federal security firm, whose e-mails were hacked, and with Hunton & Williams have declined to comment. Two other technology businesses, Berico Technologies and Palantir Technologies, have condemned the plans and severed ties with HBGary Federal.

The legal terrain surrounding cyber-spying tactics is unclear: Although federal privacy law appears to broadly prohibit unauthorized access to computer services, many recent court cases have set a high bar for proving wrongdoing.

Actions that might break the rules of Facebook or other services do not necessarily violate federal law, legal experts said. Google, for example, technically bars anyone under 18 from using its search tool - a rule clearly defied by millions of teenagers each day.

Alleged shady tactics

Several cases involving allegations of corporate-style espionage and other shady tactics have come to light in Washington in recent months. The Bonner and Associates lobbying firm sent more than a dozen forged letters to Capitol Hill on behalf of a pro-coal group last summer; it said at the time that the letters were sent by a temporary employee who acted without authorization and was fired.

In a federal lawsuit filed last fall, Greenpeace alleges that Dow Chemical, Sasol North America and their contractors waged a two-year campaign of illegal corporate espionage against the environmental group and its allies. The alleged tactics included break-ins, surveillance, infiltration of community groups and rifling through garbage, according to the lawsuit. The defendants have not commented on the case.

The tangled tale of the HBGary e-mails began amid the heated debate over WikiLeaks, the stateless organization that has released tens of thousands of U.S. military and diplomatic documents. The organization has found support among a rebellious group of unidentified hackers called Anonymous, which has periodically attacked the Web sites of WikiLeaks critics. Hackers claiming to be operating under the group's banner also launched assaults late last month against Web sites connected to David and Charles Koch, the billionaire brothers who help fund many conservative causes.

Enter Aaron Barr, then chief executive of Sacramento-based HBGary Federal, who boasted publicly in January that he had unmasked the identities of Anonymous leaders by exploiting data from Facebook, Twitter and other social media. The hacker collective responded by systematically attacking HBGary Federal's computer system and Web site in early February, obtaining tens of thousands of e-mails from Barr and other senior executives and then releasing them on file-sharing sites for the world to see.

Nearly a month later, the company's Web site is still offline.

Getting laid low by hackers was only the first problem for Barr, who announced his resignation Monday. The next problem was the contents of the stolen e-mails, which revealed details of sensitive talks with Hunton & Williams lawyers about potential disinformation projects. The ideas were being pitched by HBGary Federal, Berico and Palantir, who together called themselves "Team Themis."

The hacked e-mails come only from the accounts of HBGary Federal and its parent company, leaving unclear how involved each party was in shaping the particulars of the proposed strategies.

The e-mails show Barr enthusiastically demonstrating his company's ability to investigate, using as an example a sample dossier assembled on Richard Wyatt, head of Hunton & Williams's litigation practice. Barr amassed details about Wyatt's wedding, political donations and family - including a photo culled from the Internet apparently showing his two young children enjoying a snow cone.

"I am not sure I will share what you sent last night," one of Wyatt's colleagues responded in a November e-mail. "He might freak out."

Two proposals in particular stood out from the hacked data. One outlined strategies for sabotaging, on behalf of Bank of America, the WikiLeaks site, including launching cyberattacks, spreading misinformation and pressuring journalists such as Salon's Glenn Greenwald. (Bank of America, a Hunton & Williams client, said it had no knowledge of the plans.)

The second was a similar sales pitch aimed at the Chamber, which employs Hunton & Williams as outside counsel. Urged by a lawyer at Hunton & Williams to "impress" Wyatt by gathering data on Chamber foes, the companies compiled profiles and other details about a host of liberal anti-Chamber activists, including family details and photos, the e-mails show.

As they developed their proposal for a "corporate information reconnaissance cell," the firms laid out ever more aggressive ideas, including monitoring the communications of Chamber opponents and planting false information to embarrass them, the e-mails show.

An executive with one of the firms, who spoke on the condition of anonymity to talk about the case, said another suggestion to create false personas to infiltrate social media sites "was a red flag," adding: "That, to me, is where it crossed the line and shouldn't have happened."

© 2011 The Washington Post Company