You would almost need to be disconnected from the Internet to not know about Aaron Barr, the CEO of HBGary Federal, feeling the wrath of Anonymous after Barr told of his intentions to expose the leaders of Anonymous at an upcoming Security B-Sides conference. But today, WikiLeaks published a document called “The WikiLeaks Threat” [PDF] which revealed two other intelligence firms, besides HBGary, were working to develop a strategic plan of attack against WikiLeaks on the behalf of Bank of America.When I saw that, I wanted to relate what I saw in the proposal.
“The WikiLeaks Threat” outlines a plan by three private data intelligence firms, Palantir Technologies, HBGary Federal, and Berico Technologies, which were hired to effectively combat and attack WikiLeaks. The intel firms were “acting upon request from Hunton and Williams, a law firm working for Bank of America.” According to The Tech Herald, “Hunton and Williams were recommended to Bank of America’s general council by the Department of Justice. Hunton and Williams would act as outside counsel on retainer, while Palantir would take care of network and insider threat investigations. For their part, Berico Technologies and HBGary Federal would analyze WikiLeaks.”
The Bank of America drama started when The New York Times wrote that Assange said he planned to “take down” a major American bank and use data off an executive’s hard drive to reveal an “ecosystem of corruption.” At that point, Bank of America began an internal investigation with the help of consulting firm Booz Allen Hamilton, “scouring thousands of documents,” and looking for any systems that had been compromised. The NYTimes reported that the Bank of America “has also sought advice from several top law firms about legal problems that could arise from a disclosure, including the bank’s potential liability if private information was disclosed about clients.”
The “The WikiLeaks Threat” proposal published today on WikiLeaks begins with an overview of WikiLeaks, including history and profile of Julian Assange and an organizational chart with names of staff and volunteers.
Page five is dedicated to Glenn Greenwald, Salon.com columnist, mentioning how “this level of support needs to be disrupted…Without the support of people like Glenn wikileaks would fold.” The Tech Herald points out that earlier drafts of this proposal and an email from Aaron Barr used the word “attacked” instead of “disrupted.”
The proposal goes on to lists the strengths and weakness of WikiLeaks. By page 14, it talks of “potential proactive tactics” such as “submitting fake documents to WikiLeaks and then calling out the error.” The proposal continued, “Create concern over the security of the infrastructure…Cyber attacks against the infrastructure to get data on document submitters.” There is a screenshot of page 14 below.
On page 15, “Speed is crucial!” the proposal stated. The expertise of Palantir Technologies, HBGary Federal, and Berico Technologies was listed and then, “They can be deployed tomorrow against this threat as a unified and cohesive investigative analysis cell.”
The next several pages of the proposal highlight the strengths of these data intelligence firms before a conclusion. “In the new age of mass social media, the insider threat represents an ongoing and persistent threat even if WikiLeaks is shut down. Traditional responses will fail; we must employ the best investigative team, currently employed by the most sensitive of national security agencies.”
Pages 21 – 24 include slides titled, “Rapid Search, Massive Scale,” “Visualize Networks and Relationships,” “Detailed Attack Vector Analysis,” and “Geospatial Analysis.”
On WikiLeaks, it calls attention to these proposed attack actions:
- Feed the fuel between the feuding groups. Disinformation. Create messages around actions of sabotage or discredit the opposing organizations. Submit fake documents and then call out the error.
- Create concern over the security of the infrastructure. Create exposure stories. If the process is believed not to be secure they are done.
- Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
- Media campaign to push the radial and reckless nature of WikiLeaks activities. Sustain pressure. Does nothing for the fanatics, but creates concern and doubt among moderates.
- Search for leaks. Use social media to profile and identify risky behavior of employees.
So, I’m wondering . . . what does Assange have on Bank of America to prompt such a proposal? If this proposal is true, then Bank of America was hiring private intel firms to hack, whack and attack WikiLeaks? Is the FBI going to look into this, I wonder, like it is investigating Anonymous for attacking sites? Allegedly, the Department of Justice recommended Hunton and Williams to Bank of America. The proposal states, “we must employ the best investigative team, currently employed by the most sensitive of national security agencies.”
The whole thing leaves me with nothing but questions.