HP’s
chairwoman, Patricia Dunn, hired a team of security specialists who hired a
team of private investigators who used pretexting to obtain phone records.
These hired professionals actually got in and played the roles of HP board members
and parts of the press. All of this was done to uncover a supposed information
leak within the ranks at HP.
Ms.
Dunn wanted to obtain the phone records of board members and reporters (not the
records from the HP facilities, but the personal home and cell phone records of
these people) to verify where she supposed the leak was. The Newsweek article
states:
On May 18, at HP headquarters in Palo Alto,
California, Dunn sprung her bombshell on the board: She had found the leaker.
According to Tom Perkins, an HP director who was present, Dunn laid out the
surveillance scheme and pointed out the offending director, who acknowledged being
the CNET leaker. That director, whose identity has not yet been publicly
disclosed, apologized. But the director then said to fellow directors, “I would
have told you all about this. Why didn’t you just ask?” That director was then
asked to leave the boardroom, and did so, according to Perkins.
What
is notable about this account is what is next mentioned about the topic of
pretexting:
The HP case specifically also sheds another spotlight
on the questionable tactics used by security consultants to obtain personal information.
HP acknowledged in an internal e-mail sent from its outside counsel to Perkins
that it got the paper trail it needed to link the director leaker to CNET
through a controversial practice called “pretexting”; Newsweek obtained a copy
of that e-mail. That practice, according to the Federal Trade Commission,
involves using “false pretenses” to get another individual’s personal nonpublic
information: telephone records, bank and credit-card account numbers, Social
Security numbers and the like.
Typically—say in the case of a phone company—pretexters
call up and falsely represent themselves as the customer; since companies
rarely require passwords, a pretexter may need no more than a home address, account
number, and heartfelt plea to get the details of an account.
According to the Federal Trade Commission’s Web site,
pretexters sell the information to individuals who can range from otherwise
legitimate private investigators, financial lenders, potential litigants, and
suspicious spouses to those who might attempt to steal assets or fraudulently
obtain credit. Pretexting, the FTC site states, “is against the law.” The FTC
and several state attorneys general have brought enforcement actions against
pretexters for allegedly violating federal and state laws on fraud, misrepresentation,
and unfair competition. One of HP’s directors is Larry Babbio, the president of
Verizon, which has filed various actions against pretexters.
No comments:
Post a Comment