Feeds

HP's CEO: 'I'm so sorry' that this got out

Dunny flushed

High performance access to file storage

Patricia Dunn has not survived the HP spy scandal – a turn of events that everyone except HP saw as inevitable long ago. Dunn today resigned from HP's board, elevating CEO Mark Hurd to the Chairman role.

Hurd announced the executive shifts during a tense press conference at HP's headquarters in Palo Alto. Voice trembling at times and with nervous ticks, Hurd confessed to most of the gritty spy scandal details that have leaked out in various media reports. He also admitted to being involved in portions of HP's investigation and to not doing everything he should have to oversee the affair.

"This is a complicated situation, and the more I look into it, the more complicated it becomes," Hurd said. "I cannot guarantee that we will ever be able to obtain all of the information regarding this investigation."

"I take (investigating this situation) very seriously, and I am committed to getting to the bottom of this."

Hurd and hired gun Mark Holston, from law firm Morgan Lewis, provided a fairly detailed account of HP's boardroom investigation that has been ongoing since "early 2005." Concerned over leaks to the media, HP hired a security firm to probe its own board members, employees, reporters and reporters' family members. But then you knew that already.

Hurd confidently proclaimed that he personally hired Morgan Lewis to investigate the spy operation on Sept. 8, and the law firm now directly reports to Hurd.

Morgan Lewis has turned up evidence of a two-phased leak probe dubbed Kona I and Kona II.

Under Kona I, HP Chairman Patricia Dunn hired outside firm Security Outsourcing Solutions – don't let the SOS irony escape you. SOS with help from Dunn started digging into reporters at BusinessWeek, the Wall Street Journal, and the New York Times. After two months, SOS then teamed with HP Global Security on the investigation, and reported on its findings at a July 22, 2005 meeting.

Hurd, along with other HP employees, attended that meeting.

Kona I finished off in the "late summer of 2005 without uncovering the source of the leaks," Holston said.

Then, in January of 2006, Kona II fired up. HP's senior counsel Kevin Hunsaker led this investigation, which was triggered after a Jan. 23 CNET story. The probe continued for three months with regular updates making their way to Dunn and others.

Hunsaker, SOS and SOS's outside counsel assured HP that all tactics used in Kona II were legal, according to Holston.

Shot of HP CEO Mark Hurd at press conference

The spy mechanisms, however, quite clearly were on the fuzzy side of the law. HP's investigators fraudulently obtained phone records by using peoples' Social Security Numbers, sent a tracking email to a reporter and used surveillance to follow a number of individuals.

All told, these techniques have left HP in a precarious position where employees will need to testify before a Congressional committee next week. In addition, the California Attorney General's office and the SEC are investigating the company.

Instead of confessing all in one go, HP has allowed story after story to appear in various papers over the past two weeks. This has resulted in a leak scandal far worse than the original, innocuous leaks HP was investigating.

At present, most people want to know exactly what Hurd knew and when, since he's actually received a promotion as a result of this affair.

Here's a recap of what Hurd confessed during today's press conference.

"In, I believe, Februarys 2006, I was informed by the investigation team that they intended to send an email containing false information in an effort to identify the source of the leaks. I was asked to and did approve the naming convention that was used in the content of that email. I do not recall seeing nor do I recall approving the use of tracer technology."

"In March 2006, I attended a meeting at which a verbal summary of the second phase of the investigation was provided. Specifically, that the investigative team had indentified the source of the leaks. I understand there was also a written report of the investigation addressed to me and others but I did not read it. I could have, and I should have."

Um, yes.

Beyond these revelations, Hurd offered a couple of concessions.

"I will say that some of the findings Morgan Lewis has uncovered are very disturbing to me.

"On behalf of HP, I extend my sincere apologies to those journalists who were investigated and everyone who was impacted." ®

High performance access to file storage

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.