HP Investigation into Boardroom Leaks Employed Impersonation and “Pretexting”

Over the past several days reports have come to light that indicate that Hewlett Packard‘s investigation into boardroom leaks may have gone too far, including impersonation of HP board member Tom Perkins of well known venture firm Kleiner Perkins Caufield and Byers and now break ins to voice mail boxes of reporters covering the story.

The investigations were initiated after confidential information known only to HP’s board appeared in a CNET News article on January 23rd. According to WIRED News, Perkins and other board members were apparently not informed of the extent of HP’s investigation or the methods being used until May 18, when in a board meeting on that date, Patricia Dunn, chairman of the board of directors, announced that investigators had discovered the identity of the source for the CNET story. The investigation by HP has apparently determined that board member George Keyworth was the source of the leak of confidential information. Keyworth has refused to step down from his board seat, but apparently will be voted out at the next HP board meeting.

Perkins resigned in protest and apparently later requested information on how Dunn identified Keyworth as the leak. Perkins is apparently cruising the Mediterranean in his new $100 yacht the Maltese Falcon and isn’t talking to the press about the incident.

What is really interesting about this case is that investigators hired by HP appear to have broken the law in order to conduct their investigation by using a technique well known to criminals and private investigators called “pretexting”. Pretexting is the practice of getting personal information under false pretenses. According to WIRED News, “Dawn Kawamoto and Tom Krazit of CNET, and Pui-Wing Tam of The Wall Street Journal were contacted this week by the California attorney general’s office regarding allegations that investigators working for HP had impersonated them to obtain their private phone records”. WIRED also reports that as many as seven other reporters’ records may have been improperly accessed including those of a Business Week reporter.

Pretexting isn’t a recent development, but this is the first case of a corporation using pretexting to investigate board members or employees that I’ve heard about. Generally pretexting targets individual consumers and is used as part of identity theft scams. Pretexting works by using easily obtained personal information from which private information is subsequently obtained. For example, a pretexter might call a prospective victim pretending to be from a survey firm to obtain personal information about the victim. Using this information the pretexter then uses it to obtain private information from a financial institution, communications or utility provider, etc. The pretexter pretends to be the victim or someone else with authorized access to the victim’s account. Pretexters are often able to obtain personal information such as Social Security numbers, checking and credit card account numbers, and credit reports. In some cases pretexters can determine the existence and size of savings accounts or investment holdings. It is also possible to directly attack a victim through pretexting, for example by cancelling insurance, terminating utility services, or running up large bills for extra services not required by the true account holder.

According to Information Week, HP claimed in a recent SEC filing that pretexting is “generally not unlawful” but that’s false. The Gramm-Leach-Bliley Act specifically addresses pretexting and makes it an illegal act punishable under federal statutes. Plausible denial? Investigators hired by Dunn apparently subcontracted another firm to actually do the dirty work, so it’s not clear yet who if anyone will be charged in this case.


One Response to “HP Investigation into Boardroom Leaks Employed Impersonation and “Pretexting””

  1. john celis Says:

    To all concerned,
    This story is not new, just a change in the cast of characters. During the late 80’s and early 90’s while working as program security officer (PSO) on classified programs for Delco Systems Operations (GM) in Santa Barbara, a colleague and I uncovered an internal spy network that involved the NCIC computer access and illegal wiretapping. This story is fully documented as Defense Criminal Investigators, FBI, NIS and OSI officials had been briefed. This case was settled out of court for some participants (excluding myself, can be explained in a long story). Full court depositions, newpaper articles, FOIA requests are available to support and validate this story if interested. Thank you..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: