[Infowarrior] - Congress asks to review DoD and NSA contracts with HBGary

[Richard Forno]

Congress asks to review DoD and NSA contracts with HBGary

By Kim Zetter, wired.com | Last updated about an hour ago

http://arstechnica.com/tech-policy/news/2011/03/congress-asks-to-review-dod-and-nsa-contracts-with-hbgary.ars
       
Anonymous’s recent exposure of a federal contractor’s plan to take down WikiLeaks has led to a congressional probe seeking data on contracts the company and its partners hold with the US military and intelligence agencies.

The House Armed Services Subcommittee on Emerging Threats and Capabilities on Wednesday asked the Defense Department and its intelligence arm—the National Security Agency—to hand over copies of any contracts they may have signed with HBGary Federal, Palantir Technologies and Berico Technologies.

Rep. Hank Johnson (D-GA) grilled Gen. Keith Alexander, director of the NSA and commander of the US Cyber Command, and Dr. James Miller, Jr., deputy under secretary of defense for policy, on the services the firms provided their agencies.

Miller replied that he would have to check with the Defense Department’s general counsel to “make sure that the provision of that type of information is allowed contractually.”

When Johnson asked whether this meant the contracts might have provisions barring them from being shared with Congress, Miller backtracked and said no, that it would take time to determine all the agencies in the department that have contracts with the companies and decide in what form to provide the information.

Subcommittee Chairman Mac Thornberry (R- Texas) interjected that the information should be provided to the entire committee.

Johnson didn’t immediately respond to a call for comment.

All three companies were recently in the crosshairs after e-mails stolen from HBGary Federal revealed that the company had been working on a proposal for the law firm Hunton and Williams to investigate and discredit WikiLeaks. The proposal included such maneuvers as launching cyber attacks against WikiLeaks’ servers in order to obtain data on the sources who submit documents to the organization; submitting fake documents to the secret-spilling site and then later calling public attention to the fake documents to raise questions about WikiLeaks’ reliability; and using intimidation tactics against a Salon reporter who avidly supports the group.

The plan was exposed after members of the online vigilante group Anonymous breached the company’s network and stole more than 60,000 internal e-mails.

HBGary Federal claimed in a news story that it had been working with the FBI to unmask hackers behind recent denial-of-service attacks against PayPal, Visa, MasterCard and Amazon. Members of Anonymous—a loosely structured group of vigilantes—had organized the mass attacks after the companies suspended accounts used by WikiLeaks to receive donations and host documents. In an attempt to uncover HBGary Federal’s investigation of its members, Anonymous hacked the company.

After HBGary’s WikiLeaks plan was exposed, Palantir denied knowledge of details of the proposal. Both it and Berico distanced themselves from HBGary Federal, and HBGary Federal CEO Aaron Barr subsequently resigned.

Last month, Rep. Johnson and more than a dozen other lawmakers urged Republican leaders to investigate the three firms after it was revealed that in addition to the anti-WikiLeaks plan, HBGary Federal may also have been involved in a similar plan to target critics of the US Chamber of Commerce.

HBGary Federal does classified work for the US federal government among other security work; Palantir is believed to have government contracts as well.

Gen. Alexander told the congressional subcommittee that he wasn’t sure how many contracts the government had with the companies or the nature of them but noted that Palantir offers tools to visualize traffic on the internet and computer networks.

“My recollection with working with Palantir was, here is an idea that we could use for how to look at networks and how to secure,” he said.