Manage updates with the Download App
September 7, 2006 12:48 PM PDT
Reporters' records accessed in HP probe
- Related Stories
-
SEC filing acknowledges 'pretexting' in HP board probe
September 6, 2006 -
Media leaks prompt HP board shake-up
September 5, 2006 -
HP outlines long-term strategy
January 23, 2006
The investigation conducted by a company hired by HP used a controversial technique called "pretexting" to obtain the personal phone records of CNET News.com reporters Dawn Kawamoto and Tom Krazit, state prosecutors said. Pretexting is a sometimes-illegal method of obtaining personal records through misrepresentation of someone's identity.
Kawamoto and Krazit co-wrote a Jan. 23 article outlining a private, long-term strategy session held by HP's board of directors. The article, which quoted an unnamed source at length, prompted HP chairman Patricia Dunn to authorize an investigation into HP's board to determine the identity of the story's source.
Kawamoto and Krazit were apparently not the only reporters targeted by HP's investigators. The personal phone records of nine journalists, including a reporter from The Wall Street Journal, were accessed, HP spokesman Mike Moeller said late Thursday afternoon. He declined to comment on the timeframe over which the incidents took place or any of the organizations other than the Journal and CNET News.com.
The Journal reported on its Web site that reporter Pui-Wing Tam was targeted. Among other HP stories, Tam wrote in January 2005 about the board's unhappiness with ex-CEO Carly Fiorina. A reporter for The New York Times, John Markoff, also was a pretexting target in 2005, the Times said.
The California attorney general's office on Tuesday first alerted reporters at News.com and possibly elsewhere that their private phone records may have been accessed. Wednesday night, attorneys for HP supplied to the attorney general's office a partial list of reporters' names whose phone records may have been compromised, a prosecutor said.
On Thursday, an investigator with the attorney general's office contacted Kawamoto and said AT&T confirmed that her records had, indeed, been accessed. Kawamoto said she never authorized her home phone records to be shared with anyone, and she noted her home phone number is under her husband's name, not her own. Krazit was notified later on Thursday that a similar breach had occurred with his cellular phone account.
The attorney general's office said HP's attorney is asking for permission to contact reporters whose records were apparently accessed.
HP's boardroom drama
"HP is dismayed that the phone records of journalists were accessed without their knowledge and we are fully cooperating with the attorney general in his investigation," HP's Moeller said.
In a filing Wednesday with the Securities and Exchange Commission, HP acknowledged that the pretexting technique was used to obtain the personal records of board member Tom Perkins.
The SEC filing also said that in conjunction with the leak investigation, longtime board member George Keyworth will not be nominated to another term on the board. At a board meeting in May, Dunn presented the results of the investigation and revealed that Keyworth was the source of the leaks, which he acknowledged, according to the filing. Keyworth was asked by the board to resign at that meeting but refused, leading to the board's decision.
The filing made no mention of reporters' personal records.
AT&T confirmed to Perkins that someone had used two different Yahoo e-mail addresses to gain entry to his records, according to documents made public Wednesday. The person who gained access to Perkins' records created an online account with Perkins' telephone number and the last four digits of his Social Security number. It's unclear how they obtained his Social Security number.
Whoever gained access to the records looked only at Perkins' bill for January, the month the News.com article that angered Dunn was published. Perkins resigned from the HP board in May to protest the internal investigation and the way it was handled.
"I resigned solely to protest the questionable ethics and the dubious legality of the chairman's methods," Perkins wrote in a letter to the board of directors.
In Kawamoto's case, AT&T said that on Jan. 30, someone used the last four digits of her husband's Social Security number to establish an online account, and provided the e-mail address red@yahoo.com.
"As was the case with the Perkins account," AT&T general attorney Travis Dodd wrote in an e-mail to the attorney general's office, "the IP address associated with the browser of the person who established the account was 68.99.17.80. As was also the case with the Perkins account, this appears to have been the only date of access to the account."
Details regarding Krazit's phone records were not immediately available.
Given the recent increase in the federal government's attempts to discover the identity of confidential sources, it's not all that shocking that corporations would feel "empowered" to try the same kind of techniques, said Christine Tatum, president of the Society of Professional Journalists and a business writer for the Denver Post.
However, "people have to realize that these are not issues that just journalists have to concern themselves with," Tatum said. Pretexting is a very common practice, and it's troubling to think that companies could employ these techniques against disgruntled customers or debtors, she said.
CNET News.com's Tom Krazit contributed to this report.
See more CNET content tagged:
Dawn Kawamoto, reporter, attorney general, pretexting, SEC filing
52 comments
Join the conversation! Add your comment
I finally found it, I decided to run the system discs that shipped with my pc (HP) and up sprang the red alerts.
Keylogger found,
ketlogger found,
keylogger found,
all hiding inside the application CD of the system discs.
HP wont begin to help without 38 dollars as it is now out of warranty.
They should have replaced all discs with the keyloggers in place. Even if they dontuse it anymore it makes any HP machine totally vulnerable to anyone who finds this.
I gather they didtn want to admit they had added it to all software.
This is bad stuff.
what appears to be illegal activity. HP should have no access to a
c|net employee's phone records, and if I were said reporter, I would
probably sue.
As a matter of fact, I believe that the company who performs these acts should be sued to an extent so as to provide a deterrent to others. At least ten times what the company was paid by HP.
Also, I believe there should be jail time for the person ultimately responsible.
Also, the phone companies that allowed a person to obtain phone records over the internet with no trustworthy form of identification should be fined, and even sued as well. I hate to think my phone company might give out my records to some stranger because he says he's me (honest). How can they not be fined?
She did not "approve," she "initiated" the spying, to find the leak, and that's a big difference. In some parts of the world, water flows uphill, well so does crap, and addles the brain.
It's called conspiracy Ms. Dunn and having achieved the chair of one of the largest corporations in the world I don't think you can plead ignorance of the fact.
The end does not justify the means and who in fact was more in breach of ethics here You and the rest of the board that approved of your means or the information leaker?
Ms. Dunn, and the rest of the board should be replaced for obviously approving of such unethical and criminal activity.
If Mark Hurd does not take decisive action against Ms. Dunn and all who remained in the loop in this conspiracy then he is just as guilty as they.
no meesage
Wise up, people.
And while I disagree with 'W's means, methods, policies and just about everything else, what Ms. Dunn did had nothing to do with national security.
As far as wising up I think it is you that should wise up. If something is wrong you should do your best to correct it, else live with the consequences. You seem to be fine with it.
Say this story as it is now unfolding at the seams, is starting to read like a failed conspiracy plot from a Hollywood TV Soap like "Desperate Housewives"!
Oh well, time has come for her to end it all now, fall on her sword and resign in disgrace! ie do the right thing, because it is the right thing to do!
Her choices and actions are diminishing by the day, as this scandal continues to deepen!
> obtaining personal records through
> misrepresentation of someone's identity.
Under what conditions is this legally OK to do?
Your last name must be Bush.
law to spy on them.
Somebody call the waahmbulance!
Even if we had, though, that's not what's happening here. The bloggers (again, as far as we know) broke no law. HP, on the other hand, may well have done just that.
a Yahoo email address gets you any customer's phone records.
To the mass majority, the common belief is that hackers only use computers, wrong... Have ever heard of Social Engineering? It obviously work really well.
As it stands, AT&T does need to tighten up on their security, but do you realize just how easy it is to call some poor bastard who sits in front of terminal all day long answering phone calls from people they would rather forget even talking too. Not to mention that they are most likely overseas and make little to nothing for salary. How can the fact that they just don't really care about security even come into play. They just give out information to whom ever can guess the correct questions to their low level answers, Pets name, street you live, mothers maiden name.....
The bottom line is, there is no security, just a lot of smoke and mirrors.
So, yes it is hacking if you access someones personal data and they should be punished to full extent of law.
Now their complaining about HP sticking their noses into reporters phone records (News.com sides with reporters again).
Where's the hypocrisy here?
Do you "Get It"?
if your company had confidential information that was being distributed to the press are you ok with that? note that we don't know what *other* information has been compromised, just what was published.
not condoning the HP action, just want to remind us of how we got here...
Instead Ms. Dunn took it on herself to become J. Edgar Hoover (probably the same dress) and gather info behind peoples backs without their consent.
Now GW on the otherhand may, being in charge of the country, the CIA and the FBI etc may indeed have a case. That is something that the peopel of teh US can decide on in a few months.
They outsourced their dirty work :-)
Just because Patricia Dunn and Mark Hurd are miffed does not mean that they get to use the techniques of organized crime to wreak vengance on their "enemies list". I think the US Government should be able to dissolve a now corrupt HP based on these blatant actions.
If they weren't busy trying to eliminate the middle class in America, they wouldn't need to worry about how the public viewed them! A little sunshgine in the boardroom, please.
Tom Perkins is a hero, and should be promoted to chairman of the board as soon as Dunn and Hurd are sacked. George Keyworth should be re-nominated, and if not by the board, then by the shareholders.
No story yet has discussed how the social security numbers were obtained. This is the real story as it will involve the perpetrator having much more information on all of the victims than they realize, Bank Accounts, Credit Cards, Credit histories, real properties owned, academic records, employment records, criminal records, military records, drivers license info and records, just to name a few.
Once this information is had then it is a short stop to obtaining accounts in the victims names.
And how many more big companies will be allowed to do as they please look back at Sony for one what ever happened after they got caught screwing up our computers because they felt like it and didn't care what people said or did!
Looks like one more company i for one will never ever deal with for any reason and that goes for their Sub's too.
Let's pass this around and see what the response is.
Pretexting, for the purpose of invading someone's privcy, and other forms of dishonesty, lying, and stealing, are common. Getting caught is rare, and someone, especially the enterprise beind it, getting what is coming to them is ever more exceptional.
A cursory review of advice about who nay and who may not pretext, etc, and offers to sell data clearly obtained by protexting, on line, found on line, clearly reveals considerable variations in laws and sanctions, and in understanding and misunderstanding thereof. Pretexting by the 'good guys" is a staple on private eye and cop shows on TV.
Federal legislation may be needed, but is not the answer. Federal guidelines generally require either $50,000.00 in "economic" damages, or political influence, before the FBI will get involved or the U. S. Attorney will prosecute any federal crime, which is, for all practical purposes, a license to violate federal criminal laws as long as your victim isn't rich and politically connected. When you get pqst that hurdle, then you have to prove the coroporation's board was in on it, and this is one of very few cases where anyone can ever prove that.
At the risk of being accused of proposing "regulating the Internet," if our Members of Congress, from either parry, cared about mere inddividuals, i.e., voters, we would long ago have had tough federal laws treating accessing individuals' records, including those kept and held to belong to banks, phone companies, ISP's, Google, etc., and using them without their express, voluntary consent would have been a federal crime just like interceptiong telephone convversations, telegrams, nad mail havelong been. That goes for phone records, Emails, anything out of date under the Fair Credit Reporting Act, accessing anything on anyone else's computer, etc.
I worked my way through part of law school as a skip tracer. I have also tried to track down child support deadbeats, etc., in my law practice. If I use my rea; name or a phone trceable ot me with Caller ID, I can't even get public information like the members of the MHMR or Juvenile Board. There will always be pretexting and nobody will ever do much about most of it. Instead of regulating methods, which change little in principle but much in mehtod, we should declare what iw and what isn't protecteed by an explicitly ecognized right of privacy and effective remedies for non-economic as well as economic damages for its violation.
I'm going to watch this play out wiht interst and see if anything really happens.
It would mean they could access all sorts of data relevant to finacial, political and ethical topics and get a plan going.
Not to mention the money that would/could be made using infor for insider trading.
Cheers
WIZENTUB
Pretexting, for the purpose of invading someone's privcy, and other forms of dishonesty, lying, and stealing, are common. Getting caught is rare, and someone, especially the enterprise beind it, getting what is coming to them is ever more exceptional.
A cursory review of advice about who nay and who may not pretext, etc, and offers to sell data clearly obtained by protexting, on line, found on line, clearly reveals considerable variations in laws and sanctions, and in understanding and misunderstanding thereof. Pretexting by the 'good guys" is a staple on private eye and cop shows on TV.
Federal legislation may be needed, but is not the answer. Federal guidelines generally require either $50,000.00 in "economic" damages, or political influence, before the FBI will get involved or the U. S. Attorney will prosecute any federal crime, which is, for all practical purposes, a license to violate federal criminal laws as long as your victim isn't rich and politically connected. When you get pqst that hurdle, then you have to prove the coroporation's board was in on it, and this is one of very few cases where anyone can ever prove that.
At the risk of being accused of proposing "regulating the Internet," if our Members of Congress, from either parry, cared about mere inddividuals, i.e., voters, we would long ago have had tough federal laws treating accessing individuals' records, including those kept and held to belong to banks, phone companies, ISP's, Google, etc., and using them without their express, voluntary consent would have been a federal crime just like interceptiong telephone convversations, telegrams, nad mail havelong been. That goes for phone records, Emails, anything out of date under the Fair Credit Reporting Act, accessing anything on anyone else's computer, etc.
I worked my way through part of law school as a skip tracer. I have also tried to track down child support deadbeats, etc., in my law practice. If I use my rea; name or a phone trceable ot me with Caller ID, I can't even get public information like the members of the MHMR or Juvenile Board. There will always be pretexting and nobody will ever do much about most of it. Instead of regulating methods, which change little in principle but much in mehtod, we should declare what iw and what isn't protecteed by an explicitly ecognized right of privacy and effective remedies for non-economic as well as economic damages for its violation.
I'm going to watch this play out wiht interst and see if anything really happens.
They found it interesting and decidd to check out the software themselves.
I got an email labelled from HP within 48 hrs, no subject line so I ws not prepared to open it.
I did not get the chance anyhow as my pc froze up first email I looked at.
I could do nothng but guessed it, another instal, thant made five that week.
This time my pc installed rather quickly, much faster in fact.
WHen it rebooted gone were much of the adverting files and some other things.
THen the wiondows updates were cut from almost 200 to around 70, a huge difference.
The machine is running faster and the keyloggers are gone.
They are GONE, yeah.
Cheers.
I settled in Q.L.D and needed to put the phone on.
I contacted the comapny and gave my details, they asked my last address and I gave it them.
They said Ic anthave to concurrent accounts, I have to shut the current one down. What current one I say.
I tellthem all I can including the exact balance I left in my account for the recconection fees.
It is 2007 and I still cant ge tthe phone on cause I dont know the address of whrever it is being used. How did that person get the info in the first place, it was security protected?.