Feeds

HP 'routinely' uses email tracking

Web bug uncovered under Congressional spotlight

SANS - Survey on application security programs

Congressional hearings have revealed how HP made controversial use of email tracking technology in an attempt to identify the source of a board-level mole.

The mishandled investigation, during which private investigators acting on behalf of HP obtained the phone records and journalists under false pretences, involved an attempt to trick News.com reporter Dawn Kawamoto into fingering her source at HP using electronic trickery.

Kawamoto was leaked false information (purported HP documents) earlier this year in an email from a fictitious disgruntled executive, called Jacob. The documents were sent through an email proxy service called ReadNotify, which uses a variety of techniques to trace and record the IP addresses of any computer on which the file is opened. HP hoped that Kawamoto would forward the documents to her source, ultimately identified as HP director George Keyworth, for verification, thereby fingering him as the mole. In the event, the ruse failed to work.

HP chief executive Mark Hurd conceded he partly authorised the scheme. Hurd told a congressional hearing that he approved the content of the bogus information that would be leaked, if not the email tracer element of the scheme.

"I definitely knew about the content of the email," Hurd said, Computer Business Review reports. "At the time I agreed of content of email, it was appropriate to find the leak. With benefit of hindsight I wouldn't do it again.

"I agree there's a difference between legal and ethical," he added.

Use of the controversial email tracker approach by HP was far from isolated, it later emerged.

Fred Adler, HP's head of information technology security, testified that HP had used the technique dozens of times in the course of previous investigations into employees and others to tackle "issues such as theft, and assisting law enforcement", Dow Jones Marketwatch reports.

Adler added that use of the technique was still authorised, News.com (which explains how the ReadNotify service work in some depth) adds. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.