Feeds

HP admits to spy op, lawyers dig in

SEC and California want answers

3 Big data security analytics techniques

HP today divulged some of the grimy details behind its boardroom mole hunting operation.

In a filing with the US Securities and Exchange Commission (SEC), HP confirmed that it used a form of surveillance known as "pretexting" to snoop on its board members. The company hired a team of investigators that tricked phone companies into revealing the call logs of directors' home and cell phone accounts. HP hoped this process would reveal which director had leaked information to CNET about a planning session. And, in fact, the questionable technique worked.

HP will not put up longtime director George Keyworth for reelection to its board after outing him as the mole, according to the SEC filing.

In addition, HP for the first time disclosed that veteran board member Tom Perkins resigned in May over a disagreement as to how the company handled the witch hunt. Companies are required to issue a specific filing with the SEC when directors quit their post due to objections over corporate practices. HP did not make such a filing back in May even though Perkins had expressed his displeasure with the pretexting operation okayed in secret by Chairman Patricia Dunn.

HP today explained its failure to make the nature of Perkins' resignation clear in its SEC filing.

"At the time of his resignation, Mr. Perkins did not provide any written communication to HP concerning the reasons for his resignation," HP said. "Following his resignation, and after HP on May 22 had disclosed the fact of Mr. Perkins’ resignation on Form 8-K in accordance with the applicable federal securities laws, Mr. Perkins notified HP that he had concerns with the HP Board’s handling of investigations that had been conducted into leaks of confidential HP information from meetings of the HP Board of Directors.

"HP is filing this Form 8-K to report the following additional information about the circumstances relating to Mr. Perkins’ resignation, to report the findings of its leak investigations, and to report other related events that have occurred subsequent to the completion of those investigations and Mr. Perkins’ resignation."

Perkins, a renowned venture capitalist and former HP executive, disagrees with HP's portrayal of the nature and timing of his objections to the pretexting operation.

In a letter sent to HP's directors, Perkins wrote, "I am hereby providing the company notice that I consider the company's Form 8-K filed on May 22, 2006, relating to my resignation to be defective because it did not describe my objection to and disagreement with the company's operations, policies and practices as they relate to the chair's improper and likely unlawful investigation. I therefore disagree with the company statements concerning my resignation . . . "

"As the company failed to make a full and accurate report (as required by federal law) and having given the company several opportunities to correct the record, I am now legally obliged to disclose publicly the reasons for my resignation. This is a very sad duty.

"My history with the Hewlett-Packard Company is long and I have been privileged to count both founders as close friends. I consider HP to be an icon of Silicon Valley, and one of the great companies of the world. It now needs, urgently, to correct its course."

The letter also details how Perkins discovered that investigators had misrepresented their identities to secure his phone logs from AT&T. According to the telephone company, a person obtained Perkins' January 2006 phone bill by providing his telephone number and the last four digits of his Social Security number. The AT&T report also says the person used the e-mail account mike@yahoo.com to register an account and accessed the bill information from the IP address 68.99.17.80, which traces back to Cox Communications in Atlanta.

California's attorney general has vowed to investigate how HP obtained the information about its directors. In its SEC filing, HP said it will cooperate with the state's investigation and will also provide any relevant information to the SEC as the commission examines how HP handled Perkins' resignation.

"(HP's Nominating and Governance Committee) was then advised by the Committee’s outside counsel that the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions), but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied in all respects with applicable law," HP said in its filing.

The US Federal Trade Commission says that the Gramm-Leach-Billey Act forbids anyone from using false or fictitious statements or documents to secure customer information from a financial institution. The law is less clear on how pretexting can be used to get consumer information from non-financial institutions such as telcos, as it only "generally prohibits" the practice.

Perkins stature in Silicon Valley and his deep ties to HP make this a particularly embarrassing episode for the company.

HP maintains that it had to do everything necessary to protect the information passed between board members. The company had endured a series of leaks leading up to CEO Carly Fiorina's termination and after, as the company transitioned to new CEO Mark Hurd. Revelations of HP's long-term strategy in the press - although vague and not terribly gripping - were too much for Dunn.

But going behind the directors' backs to conduct an investigation with a dubious social engineering technique undermines HP's reputation built up over the decades by the company's founders and employees. The scandal now also proves a massive distraction at a time when HP has been enjoying consistent financial performance and a rising share price. ®

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.