Feeds

HP's CEO: 'I'm so sorry' that this got out

Dunny flushed

3 Big data security analytics techniques

Patricia Dunn has not survived the HP spy scandal – a turn of events that everyone except HP saw as inevitable long ago. Dunn today resigned from HP's board, elevating CEO Mark Hurd to the Chairman role.

Hurd announced the executive shifts during a tense press conference at HP's headquarters in Palo Alto. Voice trembling at times and with nervous ticks, Hurd confessed to most of the gritty spy scandal details that have leaked out in various media reports. He also admitted to being involved in portions of HP's investigation and to not doing everything he should have to oversee the affair.

"This is a complicated situation, and the more I look into it, the more complicated it becomes," Hurd said. "I cannot guarantee that we will ever be able to obtain all of the information regarding this investigation."

"I take (investigating this situation) very seriously, and I am committed to getting to the bottom of this."

Hurd and hired gun Mark Holston, from law firm Morgan Lewis, provided a fairly detailed account of HP's boardroom investigation that has been ongoing since "early 2005." Concerned over leaks to the media, HP hired a security firm to probe its own board members, employees, reporters and reporters' family members. But then you knew that already.

Hurd confidently proclaimed that he personally hired Morgan Lewis to investigate the spy operation on Sept. 8, and the law firm now directly reports to Hurd.

Morgan Lewis has turned up evidence of a two-phased leak probe dubbed Kona I and Kona II.

Under Kona I, HP Chairman Patricia Dunn hired outside firm Security Outsourcing Solutions – don't let the SOS irony escape you. SOS with help from Dunn started digging into reporters at BusinessWeek, the Wall Street Journal, and the New York Times. After two months, SOS then teamed with HP Global Security on the investigation, and reported on its findings at a July 22, 2005 meeting.

Hurd, along with other HP employees, attended that meeting.

Kona I finished off in the "late summer of 2005 without uncovering the source of the leaks," Holston said.

Then, in January of 2006, Kona II fired up. HP's senior counsel Kevin Hunsaker led this investigation, which was triggered after a Jan. 23 CNET story. The probe continued for three months with regular updates making their way to Dunn and others.

Hunsaker, SOS and SOS's outside counsel assured HP that all tactics used in Kona II were legal, according to Holston.

Shot of HP CEO Mark Hurd at press conference

The spy mechanisms, however, quite clearly were on the fuzzy side of the law. HP's investigators fraudulently obtained phone records by using peoples' Social Security Numbers, sent a tracking email to a reporter and used surveillance to follow a number of individuals.

All told, these techniques have left HP in a precarious position where employees will need to testify before a Congressional committee next week. In addition, the California Attorney General's office and the SEC are investigating the company.

Instead of confessing all in one go, HP has allowed story after story to appear in various papers over the past two weeks. This has resulted in a leak scandal far worse than the original, innocuous leaks HP was investigating.

At present, most people want to know exactly what Hurd knew and when, since he's actually received a promotion as a result of this affair.

Here's a recap of what Hurd confessed during today's press conference.

"In, I believe, Februarys 2006, I was informed by the investigation team that they intended to send an email containing false information in an effort to identify the source of the leaks. I was asked to and did approve the naming convention that was used in the content of that email. I do not recall seeing nor do I recall approving the use of tracer technology."

"In March 2006, I attended a meeting at which a verbal summary of the second phase of the investigation was provided. Specifically, that the investigative team had indentified the source of the leaks. I understand there was also a written report of the investigation addressed to me and others but I did not read it. I could have, and I should have."

Um, yes.

Beyond these revelations, Hurd offered a couple of concessions.

"I will say that some of the findings Morgan Lewis has uncovered are very disturbing to me.

"On behalf of HP, I extend my sincere apologies to those journalists who were investigated and everyone who was impacted." ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.