Feeds

HP's 'ethics' chief emerges as spy scandal star

We did it my way

High performance access to file storage

On September 6 - Carly Fiorina's birthday - investigators involved in the HP spy scandal could hear the butcher's footsteps. Quite a few people would be sacrificed because of the public relations mess, and those closest to the probe would likely be cut across the neck first.

"We are being hung out to dry, the politics, smokes, mirror are high," wrote Tony Gentilucci, HP's manager of global investigations, in an email. "I have lost a lot of respect for a lot of people, amazing really. If I am still here next week, we can discuss over a beer in a week or two."

Gentilucci returned to the beverage theme in an email the next day to Kevin Huska, a member of HP Global Security.

"This thing is taking on a life of its own, articles are in the tabloid stage, not sure I will survive after the steam roller runs me over, but totally out of my control now, can't say much more, but if I am around, maybe we can discuss over a cup of coffee or something stronger!!"

These disclosures, however, prove rather innocuous when compared to the emails penned mid-scandal by then HP counsel and ethics director, Kevin Hunsaker.

In fairness, an old friend of Hunsaker's tells us he's a nice guy who would never do anything suspect. Unfortunately, Hunsaker seemed to let the cloak and dagger excitement of HP's spy probe embiggen his spirit to the point of inanity. It's Hunsaker's emails that stand out above all else in the hundreds of pages of HP documents that were released to reporters this week.

Hunsaker, who took the fifth last week before Congress, was charged yesterday by the California Attorney General's office on numerous felony counts tied to HP's spy effort. As you'll see below in our collection of Kevin Hunsaker's Greatest Hits, the HP executive did indeed play a central role in the second part of HP's dubious spy probe.

Our journey begins on February 2, 2006. Hunsaker fired off an email titled "Great Job!" to internal and external HP investigators, thanking them for a job well done in investigating a CNET story. He notes that both Chairman Patricia Dunn and top lawyer Ann Baskins - both of whom have since resigned - were briefed on the work and thought HP's spooks were doing an "excellent job."

Then we get:

E-mail from Hunsaker thanking team for good work

The operative sentence there is "It is truly all of your hard work that has made us look so good," but we're sure you got that already.

Some more emails followed the next day, including one from HP internal investigator Fred Adler with him warning that "Any action we take should be viewed from a risk vs. reward perspective, as there is inherent risk in action." At this point, HP had started to debate sending a fake email with spyware to a reporter in the hopes that the reporter would send the email to her source for confirmation. Adler cautioned that someone might be able to trace this action back to HP, if the company wasn't careful.

Hunsaker, however, had more personal concerns.

Hunsaker worries about tracer email

To Hunsaker's credit, he had identified the leaker by February 5, 2006. In the email below, he notes that either Keyworth or HP outside counsel Larry Sonsini was the likely mole. Despite such confidence, Hunsaker and HP would continue to dig a deeper hole for themselves.

Hunsaker knows the leaker is Keyworth

But before they moved on with the laughable spyware operation, HP's investigators were handed another warning. Adler's partner in ethics Vince Nye, also an internal HP investigator, urged HP to think about what it was doing in a February 7 email.

"I have serious reservations about what we are doing," Nye wrote. "As I understand Ron's methodology in obtaining this phone record information it leaves me with the opinion that it is very unethical at the least and probably illegal. If (it) is not totally illegal, then it is leaving HP in a position of (sic) that could damage our reputation or worse. I am requesting that we cease this phone number gathering method immediately and discount any of its information.

"I think we need to re-focus our strategy and proceed on the high ground course."

As you all know, HP completely ignored this advice. There are no public records of anyone at HP addressing Nye's email in a substantive manner. In fact, the only e-mail that really deals with possible illegality surrounding HP's investigation methods appears on March 24. Gentilucci received an email from an unnamed source stating that a "clerk" found one legal case defending the practice.

It took us 5 seconds on Google to find this.

But we've teased you long enough. Now it's time to "Strap on your helmets, fellas. We're goin' in!!!" as HP's investigative team would say.

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.