The HBGary breach and the publication of internal company documents – including the potentially damning proposal developed by HBGary, Palantir Technologies and Berico Technologies – resonated strongly in the media and the security world.
Setting aside for a moment Anonymous’ “revenge” on HBGary and the fact that they can be expected to turn their sights on the other two companies, the proposal – if legitimate – paints a pretty grim picture of what actions corporations might sanction in order to get results and reflects very poorly on the companies involved.
So, both Palantir and Berico set upon a damage control path and issued statements about having severed all ties with HBGary.
“Palantir Technologies provides a software analytic platform for the analysis of data. We do not provide – nor do we have any plans to develop – offensive cyber capabilities,” said Dr. Alex Karp, co-founder and CEO of the company.
“Palantir Technologies does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called ‘cyber attacks’ or take other offensive measures. I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities,” he said, and followed with an apology to “progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”
Berico’s statement offers practically the same assurances.
“Our leadership does not condone or support any effort that proactively targets American firms, organizations or individuals,” claim the company’s co-founders Guy Filippelli and Nick Hallam. “We find such actions reprehensible and are deeply committed to partnering with the best companies in our industry that share our core values. Therefore, we have discontinued all ties with HBGary Federal.”
The also added a perfunctory explanation regarding the proposal in question: “Late last year, we were asked to develop a proposal to support a law firm. Our corporate understanding was that Berico would support the firm’s efforts on behalf of American companies to help them analyze potential internal information security and public relations challenges. Consistent with industry standards for this type of work, we proposed analyzing publicly available information and identifying patterns and data flows relevant to our client’s information needs. Any subsequent discussions or proposals that attempted to extend the initial scope of work run counter to our organization’s values.”
It remains to be seen whether these actions will be enough to deflect Anonymous’ rage and potential loss of image for the firms in question, but I’m betting they have made analyzing and securing their systems and networks a top priority at this moment.
In the meantime, for HBGary the hits keep on coming. According to ThreatPost, collections of previously unreleased e-mail exchanges of various executives at HBGary and HBGary Federal – including those of Greg Hoglund – have been released by Anonymous.