[BackChannel] Few Consequences When Cybersecurity Contractors Go Bad
BY Josh Glasstetter | Thursday, June 27 2013
techPresident's Backchannel series is an ongoing conversation between practitioners and close observers at the intersection of technology and politics. Josh Glasstetter is a blogger and researcher in Washington, D.C.
Whether you consider National Security Agency whistleblower Edward Snowden a hero or villain, there’s good reason to be concerned about the contractors that carry out much of our government’s surveillance and cybersecurity work. Roughly 70% of the N.S.A.’s estimated budget is reportedly spent on outside contractors. Former agency director Michael Hayden coined an unintentionally apt term for these contractors -- Digital Blackwater.
The N.S.A. turns to an array of contractors to help it make sense of the vast amounts of information it harvests each day. A good example is Palantir Technologies, a Silicon Valley data-mining company that works with the military, government and intelligence community. I first learned of Palantir in a rather different context. In February 2011, emails were leaked by Anonymous that revealed a series of proposals by Palantir and its partners to virtually surveil and undermine labor unions, progressive advocacy groups, Wikileaks, and journalist Glenn Greenwald.
I was working for the Service Employees International Union at the time, which was one of the chief targets. Reading the emails back and forth between Palantir and two other contractors, Berico Technologies and HBGary Federal, I pieced the plot together. Initially, Palantir engineer Matthew Steckman reached out to the others about “offering a complete intelligence solution to a law firm that approached us.” That firm was Hunton & Williams, a well-connected corporate law firm that recently brought the F.B.I.’s cybersecurity counsel on board.
As Patrick Ryan of Berico explained, a Hunton client was being “targeted by another entity, specifically a labor union, that is trying to extract some kind of concession or favorable outcome.” All signs point to my then-employer, S.E.I.U., which was seeking an organizing agreement with a multinational services conglomerate.
The cybersecurity firms got to work on a plan for using military-grade technology to undermine the union. At Palantir, which was launched with backing from the CIA’s venture fund, Steckman and his colleague Eli Bingham got sign-off from company leaders to “exclusively partner with Berico in conjunction with Hunton to license this product to law firms for corporate campaign work.” By November 2010, the three contractors had a plan, dubbed the “Corporate Information Reconnaissance Cell,” and a name -- Team Themis.
Themis boasted in its proposal that it was “ideally suited” for the job based on its “extensive experience in providing game-changing results across the Intelligence Community and defense/government sector.” Themis would provide Hunton with a “full spectrum capability set to collect, analyze, and affect adversarial entities and networks of interest” and “utilize the powerful Palantir platform as the centerpiece.” Berico would manage the project, and HBGary Federal would, in Steckman’s words, focus on “digital intelligence collection” and “social media exploitation.”
Working with partners at Hunton, Themis tailored its proposed services to meet the needs of the U.S. Chamber of Commerce. Themis recommended planting fake documents and using fake personas to infiltrate and undermine U.S. Chamber Watch, a watchdog group. Photos of two of my friends, taken without their knowledge at a rally, appeared in their sample work product.
Hunton pitched Themis to other clients as well. Booz Allen Hamilton -- Snowden’s former employer -- expressed interest in hiring Themis to attack Wikileaks on behalf of a major U.S. bank. HBGary Federal’s Aaron Barr recommended targeting journalist Glenn Greenwald because "without the support of people like Glenn Wikileaks would fold.” Steckman added it to the proposal, which also recommended "cyber attacks” against Wikileaks “to get data on document submitters."
All signals were ‘go’, and Hunton organized a meeting with Themis and the Chamber to close the deal. But days before the meeting, HBGary Federal’s emails were hacked and released, and Themis was exposed. The story exploded in the press, twenty members of Congress demanded an investigation and HBGary Federal folded. The Chamber even denounced Themis as “abhorrent.”
But what happened next was shocking -- nothing. Hunton kept its head down, and its clients denied any knowledge of Themis. Palantir and Berico made a scapegoat out of the shuttered HBGary Federal and denied high-level knowledge of Themis. They claimed, despite the evidence to the contrary, that they would never condone such tactics or the targeting of law-abiding Americans. Both firms hired lobbyists and sent them off to Capitol Hill. Steckman was placed on leave but then quietly rehired.
Two years later, there have been no consequences for the contractors. Berico recently won a contract with Special Operations Command, HBGary Federal’s parent company was purchased by a larger contractor, Mantech, and Palantir is rumored to be worth $8 billion -- your tax dollars at work.
There is currently nothing to prevent Themis-like schemes from happening in the future, if they aren't already. Digital Blackwater is free to turn its virtual guns on Americans in order to boost its bottom line. More than ever, Congress needs to evaluate the role of cybersecurity contractors and ensure that proper controls are in place.
Josh Glasstetter is a blogger and researcher in Washington, DC