Feeds

HP's CEO: 'I'm so sorry' that this got out

Dunny flushed

Intelligent flash storage arrays

Patricia Dunn has not survived the HP spy scandal – a turn of events that everyone except HP saw as inevitable long ago. Dunn today resigned from HP's board, elevating CEO Mark Hurd to the Chairman role.

Hurd announced the executive shifts during a tense press conference at HP's headquarters in Palo Alto. Voice trembling at times and with nervous ticks, Hurd confessed to most of the gritty spy scandal details that have leaked out in various media reports. He also admitted to being involved in portions of HP's investigation and to not doing everything he should have to oversee the affair.

"This is a complicated situation, and the more I look into it, the more complicated it becomes," Hurd said. "I cannot guarantee that we will ever be able to obtain all of the information regarding this investigation."

"I take (investigating this situation) very seriously, and I am committed to getting to the bottom of this."

Hurd and hired gun Mark Holston, from law firm Morgan Lewis, provided a fairly detailed account of HP's boardroom investigation that has been ongoing since "early 2005." Concerned over leaks to the media, HP hired a security firm to probe its own board members, employees, reporters and reporters' family members. But then you knew that already.

Hurd confidently proclaimed that he personally hired Morgan Lewis to investigate the spy operation on Sept. 8, and the law firm now directly reports to Hurd.

Morgan Lewis has turned up evidence of a two-phased leak probe dubbed Kona I and Kona II.

Under Kona I, HP Chairman Patricia Dunn hired outside firm Security Outsourcing Solutions – don't let the SOS irony escape you. SOS with help from Dunn started digging into reporters at BusinessWeek, the Wall Street Journal, and the New York Times. After two months, SOS then teamed with HP Global Security on the investigation, and reported on its findings at a July 22, 2005 meeting.

Hurd, along with other HP employees, attended that meeting.

Kona I finished off in the "late summer of 2005 without uncovering the source of the leaks," Holston said.

Then, in January of 2006, Kona II fired up. HP's senior counsel Kevin Hunsaker led this investigation, which was triggered after a Jan. 23 CNET story. The probe continued for three months with regular updates making their way to Dunn and others.

Hunsaker, SOS and SOS's outside counsel assured HP that all tactics used in Kona II were legal, according to Holston.

Shot of HP CEO Mark Hurd at press conference

The spy mechanisms, however, quite clearly were on the fuzzy side of the law. HP's investigators fraudulently obtained phone records by using peoples' Social Security Numbers, sent a tracking email to a reporter and used surveillance to follow a number of individuals.

All told, these techniques have left HP in a precarious position where employees will need to testify before a Congressional committee next week. In addition, the California Attorney General's office and the SEC are investigating the company.

Instead of confessing all in one go, HP has allowed story after story to appear in various papers over the past two weeks. This has resulted in a leak scandal far worse than the original, innocuous leaks HP was investigating.

At present, most people want to know exactly what Hurd knew and when, since he's actually received a promotion as a result of this affair.

Here's a recap of what Hurd confessed during today's press conference.

"In, I believe, Februarys 2006, I was informed by the investigation team that they intended to send an email containing false information in an effort to identify the source of the leaks. I was asked to and did approve the naming convention that was used in the content of that email. I do not recall seeing nor do I recall approving the use of tracer technology."

"In March 2006, I attended a meeting at which a verbal summary of the second phase of the investigation was provided. Specifically, that the investigative team had indentified the source of the leaks. I understand there was also a written report of the investigation addressed to me and others but I did not read it. I could have, and I should have."

Um, yes.

Beyond these revelations, Hurd offered a couple of concessions.

"I will say that some of the findings Morgan Lewis has uncovered are very disturbing to me.

"On behalf of HP, I extend my sincere apologies to those journalists who were investigated and everyone who was impacted." ®

Internet Security Threat Report 2014

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.