X

Week in review: HP's spy games

As more details emerge on the company's probe into media leaks, Dunn resigns and Hurd says he was in the loop.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
8 min read
Bogus e-mail tips, physical surveillance and plans to infiltrate newsrooms with covert investigators--the actions of a Silicon Valley icon are sounding more and more like the stuff of Hollywood movies.

Day by day, more details emerged of Hewlett-Packard's investigation into leaks to the media from its boardroom. The week came to a climax on Friday afternoon, when CEO Mark Hurd gave a press conference to address the issues.

Hurd announced that Chairman Patricia Dunn would resign from the board, effective immediately, and that he would take over the chairman's post. He also confirmed that he knew about several key phases of the investigation and attended meetings where the investigation was discussed. In addition, he said that he was e-mailed a report summarizing the investigation, but that he did not recall reading the report.

"I could have and I should have," Hurd said.

special coverage
HP's boardroom drama
Catch up on the complete coverage, including the latest news on HP's controversial effort to root out media leaks.

Earlier in the week, Hurd had been linked to at least a part of the operation.

The company began tracking the phone records of News.com reporter Dawn Kawamoto on Jan. 17, about a week after a January strategy meeting for HP directors and executives and but six days before News.com published its Jan. 23 story about the meeting. News.com reporter Tom Krazit's personal phone records were accessed on Jan. 20, the same day he called HP spokesman Robert Sherbin for comment about the board meeting.

It has been widely thought that HP reignited and intensified a nearly yearlong leak probe after that story published, but the account given to Krazit and Kawamoto suggests HP had in place the means to quickly track down private phone records before their articles were published.

In addition, investigators tried to draw a connection between a board member and the father of a third News.com reporter.

HP investigators also employed physical surveillance on Kawamoto for three days starting on Feb. 9. One note by the investigators said: "Morning of Feb. 10: surveillance resumed on DK and on other subjects." Included in the notes is at least one surveillance photo of Kawamoto.

A sting operation conducted by HP investigators also sought to determine the source of the leaks; it focused on Kawamoto. Just days after the Jan. 23 story was published, she received an e-mail from someone posing as an HP tipster, government investigators have told Kawamoto.

A later e-mail from the fake tipster included an attachment believed to have contained marketing information about a new HP product. That attachment, government investigators told Kawamoto, is believed to have had the ability to track the e-mail, notify the sender if it was opened, and tell the sender if the e-mail was forwarded and to which IP address it had been forwarded.

HP also conducted feasibility studies on planting spies in news bureaus of two major publications as part of an investigation of news leaks from the company's board, according to a report in The New York Times. The studies, referred to in a Feb. 2 draft report for a briefing of senior management, included the possibility of placing investigators acting as clerical employees or cleaning crews in the San Francisco offices of CNET and the Wall Street Journal.

In addition to federal and state investigations of HP, the company has received an additional inquiry from the Securities and Exchange Commission regarding both the company's leak probe disclosure and its handling of the resignation of board member Tom Perkins.

News.com readers were largely incensed by the revelations of HP's behavior.

"It is amazing how the HP sewage widens every so more as time goes on, but the HP board members who were involved in this unethical, illegal, and immoral acts are still loose in public, even being awarded for the Business Hall of Fame. What a joke!" wrote one News.com reader to the TalkBack forum.

Watching on the Web
Attorney General Alberto Gonzales stepped up his efforts to lobby for federal laws requiring Internet providers to keep track of what their customers do online. Gonzales asked senators to adopt "data retention" legislation that would likely force Internet providers to keep customer logs for at least a year or two. Those logs, often routinely discarded after a few months, are intended to be used by police investigating crimes.

"This is a national problem that requires federal legislation," Gonzales said during a Senate Banking Committee hearing.

It's unclear what the prospects are for mandatory data retention in Congress this year, or whether politicians will delay action until 2007. But with the Bush administration firmly behind the concept, and with state and local law enforcement lending a hand in the lobbying efforts and saying such mandates would help protect children, industry groups and privacy advocates may be hard-pressed to head off new regulations.

Meanwhile, a Democratic member of the U.S. House of Representatives said she plans to introduce legislation next week that would force Internet providers to record customer information for one year. Rep. Diana DeGette of Colorado said she is working with two Republican representatives--Ed Whitfield, chairman of the House Energy and Commerce oversight and investigations subcommittee, and Joe Barton, chairman of the full committee--to finalize language mandating a controversial practice known as data retention.

The data retention requirement is necessary because members of Congress have "learned that Internet service providers and social networking sites have information that law enforcement needs when investigating pedophiles online, and that is the IP address on a particular date and time that will help identify those involved," said Whitfield, a Kentucky Republican.

The U.S. Department of Justice has also stepped up its defense of a proposal to imprison Web site operators who don't label pages containing sexually explicit material. The idea is approaching a vote in Congress. There have been no hearings, but the legislation has been attached to two separate measures--a massive communications bill and a bill to fund large portions of the federal government, including the State Department--that are likely to be considered by the full Senate this fall.

Vista battleground
Jim Allchin, the chief Microsoft engineering manager behind Windows Vista, has issued a call to arms to software developers, urging them to build new applications for the desktop operating system. In an open letter posted on Microsoft's developer portal, Allchin said Vista offered third-party developers opportunities to build applications that are "visually stunning, connected, workflow-enabled, and secure."

Allchin, co-president of Microsoft's Platforms and Services group, reiterated the company's Vista schedule, saying that the software will be done by the end of the year and available to consumers in January, barring any bugs around "data corruption, resiliency or security."

Bob Gleichauf, the chief technology officer in Cisco Systems' security technology group, has raised concerns that integrating Vista into a complex IT infrastructure could present problems.

"Parts of Vista scare me," Gleichauf said at the Gartner Security Summit in London on Monday. "Anything with that level of systems complexity will have new threats, as well as bringing new solutions. It's always a struggle in security, trying to build for what you don't know."

Gleichauf said Cisco views the Microsoft operating system update as a bearer of possible solutions to security problems, but also as a potential trigger of security issues.

"Vista will solve a lot of problems. But for every action, there's a reaction and unforeseen side effects and mutations. Networks can become more brittle unintentionally," Gleichauf said.

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and other companies want Microsoft to change Vista so their products can easily replace the operating system's built-in Windows Security Center on the desktop. But Microsoft is resisting the call.

If the differences aren't worked out, it could spell annoyance for consumers, the rival security companies say. People who choose to use Microsoft's console alone will get a limited view of their Vista PC protection, they suggest. Those who buy competing software will have to run it alongside Microsoft's dashboard, which could report conflicting information.

Wild, wild Web
Miscreants are using an unpatched security bug in Internet Explorer to install malicious software from rigged Web sites. The vulnerability lies in the way IE 6 handles certain graphics. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or an e-mail message, several security companies said.

Shady adult Web sites are among the first to exploit the IE vulnerability, Eric Sites, vice president of research and development at spyware specialist Sunbelt Software, wrote in a corporate blog. In one case, a malicious Web site used the exploit to install "epic loads of adware," according to Sunbelt. Microsoft plans to fix the flaw as part of its monthly patching cycle on Oct. 10, the software giant said in a security advisory. The update might be released sooner, "depending on customer needs," Microsoft said.

A new AOL instant-messaging worm is making the rounds, carrying a malicious payload disguised as a JPEG. The worm provides a path for rootkits and Trojan horses to propagate on the computers of those listed on the user's buddy list, according to FaceTime Security Labs. The Pipeline worm is one of a growing number of instant-messaging threats on the Internet.

Pipeline initially appears as an instant message from a familiar contact, according to FaceTime security. The message asks users to click on a link to upload a picture of themselves; instead, a command file, image18.com, is downloaded and disguised as a JPEG, according to FaceTime.

A trio of security flaws in Apple Computer software that runs wireless-networking hardware could allow Macs to be hijacked over Wi-Fi. Apple released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers.

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.

Also of note
Microsoft launched a beta version of a new service that lets people upload videos of their cats dancing, babies laughing and teenagers playing air guitar...Google filed the federal paperwork necessary to set up a political action committee, or PAC, an organization designed expressly to raise money for political candidates and causes...More than a year after Homeland Security Secretary Michael Chertoff publicly promised to bring in a top cybersecurity specialist, he finally hired one.