September 7, 2006 12:48 PM PDT

Reporters' records accessed in HP probe

Two CNET News.com reporters' personal telephone records were accessed by a contractor hired by Hewlett-Packard to uncover the source of boardroom leaks to the media, according to the California attorney general's office.

The investigation conducted by a company hired by HP used a controversial technique called "pretexting" to obtain the personal phone records of CNET News.com reporters Dawn Kawamoto and Tom Krazit, state prosecutors said. Pretexting is a sometimes-illegal method of obtaining personal records through misrepresentation of someone's identity.

Kawamoto and Krazit co-wrote a Jan. 23 article outlining a private, long-term strategy session held by HP's board of directors. The article, which quoted an unnamed source at length, prompted HP chairman Patricia Dunn to authorize an investigation into HP's board to determine the identity of the story's source.

Kawamoto and Krazit were apparently not the only reporters targeted by HP's investigators. The personal phone records of nine journalists, including a reporter from The Wall Street Journal, were accessed, HP spokesman Mike Moeller said late Thursday afternoon. He declined to comment on the timeframe over which the incidents took place or any of the organizations other than the Journal and CNET News.com.

The Journal reported on its Web site that reporter Pui-Wing Tam was targeted. Among other HP stories, Tam wrote in January 2005 about the board's unhappiness with ex-CEO Carly Fiorina. A reporter for The New York Times, John Markoff, also was a pretexting target in 2005, the Times said.

The California attorney general's office on Tuesday first alerted reporters at News.com and possibly elsewhere that their private phone records may have been accessed. Wednesday night, attorneys for HP supplied to the attorney general's office a partial list of reporters' names whose phone records may have been compromised, a prosecutor said.

On Thursday, an investigator with the attorney general's office contacted Kawamoto and said AT&T confirmed that her records had, indeed, been accessed. Kawamoto said she never authorized her home phone records to be shared with anyone, and she noted her home phone number is under her husband's name, not her own. Krazit was notified later on Thursday that a similar breach had occurred with his cellular phone account.

The attorney general's office said HP's attorney is asking for permission to contact reporters whose records were apparently accessed.

special coverage
HP's boardroom drama
Investigation into media leaks used controversial data-gathering method, SEC filing confirms.

"HP is dismayed that the phone records of journalists were accessed without their knowledge and we are fully cooperating with the attorney general in his investigation," HP's Moeller said.

In a filing Wednesday with the Securities and Exchange Commission, HP acknowledged that the pretexting technique was used to obtain the personal records of board member Tom Perkins.

The SEC filing also said that in conjunction with the leak investigation, longtime board member George Keyworth will not be nominated to another term on the board. At a board meeting in May, Dunn presented the results of the investigation and revealed that Keyworth was the source of the leaks, which he acknowledged, according to the filing. Keyworth was asked by the board to resign at that meeting but refused, leading to the board's decision.

The filing made no mention of reporters' personal records.

AT&T confirmed to Perkins that someone had used two different Yahoo e-mail addresses to gain entry to his records, according to documents made public Wednesday. The person who gained access to Perkins' records created an online account with Perkins' telephone number and the last four digits of his Social Security number. It's unclear how they obtained his Social Security number.

Whoever gained access to the records looked only at Perkins' bill for January, the month the News.com article that angered Dunn was published. Perkins resigned from the HP board in May to protest the internal investigation and the way it was handled.

"I resigned solely to protest the questionable ethics and the dubious legality of the chairman's methods," Perkins wrote in a letter to the board of directors.

In Kawamoto's case, AT&T said that on Jan. 30, someone used the last four digits of her husband's Social Security number to establish an online account, and provided the e-mail address red@yahoo.com.

"As was the case with the Perkins account," AT&T general attorney Travis Dodd wrote in an e-mail to the attorney general's office, "the IP address associated with the browser of the person who established the account was 68.99.17.80. As was also the case with the Perkins account, this appears to have been the only date of access to the account."

Details regarding Krazit's phone records were not immediately available.

Given the recent increase in the federal government's attempts to discover the identity of confidential sources, it's not all that shocking that corporations would feel "empowered" to try the same kind of techniques, said Christine Tatum, president of the Society of Professional Journalists and a business writer for the Denver Post.

However, "people have to realize that these are not issues that just journalists have to concern themselves with," Tatum said. Pretexting is a very common practice, and it's troubling to think that companies could employ these techniques against disgruntled customers or debtors, she said.

CNET News.com's Tom Krazit contributed to this report.

See more CNET content tagged:
Dawn Kawamoto, reporter, attorney general, pretexting, SEC filing

52 comments

Join the conversation!
Add your comment
Ughhh...
We should all just continue building our own systems and put HP out of business, along with Dell. I'm so sick of the business world these days.
Posted by CaptainMooseInc (69 comments )
Reply Link Flag
Uh?
And where do you get the components to make your own system:-)
Posted by ewk (5 comments )
Link Flag
Has HP spy hit home users too?
After almost four years of struggling with keyloggers onmy machine.
I finally found it, I decided to run the system discs that shipped with my pc (HP) and up sprang the red alerts.
Keylogger found,
ketlogger found,
keylogger found,
all hiding inside the application CD of the system discs.
HP wont begin to help without 38 dollars as it is now out of warranty.
They should have replaced all discs with the keyloggers in place. Even if they dontuse it anymore it makes any HP machine totally vulnerable to anyone who finds this.
I gather they didtn want to admit they had added it to all software.
This is bad stuff.
Posted by Wizentub (8 comments )
Link Flag
Scary stuff... I think a lawsuit could/should be coming
HP and/or one of its associates or contractors clearly engaged in
what appears to be illegal activity. HP should have no access to a
c|net employee's phone records, and if I were said reporter, I would
probably sue.
Posted by emak (9 comments )
Reply Link Flag
Agreed
I agree 100%.

As a matter of fact, I believe that the company who performs these acts should be sued to an extent so as to provide a deterrent to others. At least ten times what the company was paid by HP.

Also, I believe there should be jail time for the person ultimately responsible.

Also, the phone companies that allowed a person to obtain phone records over the internet with no trustworthy form of identification should be fined, and even sued as well. I hate to think my phone company might give out my records to some stranger because he says he's me (honest). How can they not be fined?
Posted by Mergatroid Mania (8395 comments )
Link Flag
HP Chair should be sacked
The chair of HP should be sacked and prosecuted now for obviously approving these tactics! HP and their Private Investigators should have to pay out the nose to those individuals who have had their privacy invaded or been otherwise harmed. I hope the AG's office goes after them to set a precedent!
Posted by jsdoyle (15 comments )
Reply Link Flag
Dunn the NSA of business
jsdoyle, your sentiments seem to ring with so many people. Patricia Dunn does appear to be the NSA equivalent in the business world <a class="jive-link-external" href="http://www.iwantmyess.com/?p=37" target="_newWindow">http://www.iwantmyess.com/?p=37</a>
Posted by marileev (292 comments )
Link Flag
Chairman, Chairperson, Idiot!
"The chair of HP should be sacked and prosecuted now for obviously approving these tactics!"

She did not "approve," she "initiated" the spying, to find the leak, and that's a big difference. In some parts of the world, water flows uphill, well so does crap, and addles the brain.
Posted by Galt (12 comments )
Link Flag
I do indeed wholeheartedly concur
Not only should the chair be sacked, I hope they lose a very expensive legal battle over this. Completely unacceptable.
Posted by drfrost (467 comments )
Link Flag
Ms. Dunn obviously knew what was going on...
How else can you get the phone records of other individuals without their consent?
It's called conspiracy Ms. Dunn and having achieved the chair of one of the largest corporations in the world I don't think you can plead ignorance of the fact.
The end does not justify the means and who in fact was more in breach of ethics here You and the rest of the board that approved of your means or the information leaker?
Ms. Dunn, and the rest of the board should be replaced for obviously approving of such unethical and criminal activity.
If Mark Hurd does not take decisive action against Ms. Dunn and all who remained in the loop in this conspiracy then he is just as guilty as they.
Posted by fred dunn (793 comments )
Reply Link Flag
What happened to ethics
Thank goodness there are still some people like Mr. Perkins who believe in ethics and values in the boardroom. Ms. Dunn should be done, there is no excuse for anyone breaking into other people's personal records. If this behavior is okay, why doesn't she post here phone numbers, bank accounts and credit card numbers so we can all see where her money comes from and how she spends it. Seems like fair play to me.
Posted by khammerberg (4 comments )
Reply Link Flag
What r u talking about? CNET has no ethics.
buhaha
no meesage
Posted by baswwe (299 comments )
Link Flag
What happened..Lip-Flapping!
Ethics?? Careful, you are getting into philosophy, and that's a dirty word...got replaced with Lip-Service, and the more Lip Flapping Service that ensues, the less black and white things get, until it's forgotten in the gray of it.
Posted by Galt (12 comments )
Link Flag
WHY IS EVERYONE SO SURPRISED AND SHOCKED??
Good grief... given the current political climate and sterling examples the Bush administration has set vis-a-vis privacy, actions like this are only to be expected.

Wise up, people.
Posted by Rita McKee (27 comments )
Reply Link Flag
Who's surprised? We're angry....
As you should be too. I think most Americans know what you are referring to but does that make it right? Are you so complacent that it doesn't anger you?
And while I disagree with 'W's means, methods, policies and just about everything else, what Ms. Dunn did had nothing to do with national security.
As far as wising up I think it is you that should wise up. If something is wrong you should do your best to correct it, else live with the consequences. You seem to be fine with it.
Posted by fred dunn (793 comments )
Link Flag
Shame and Scandal in the HP Family
Shame and scandal in the HP Family!

Say this story as it is now unfolding at the seams, is starting to read like a failed conspiracy plot from a Hollywood TV Soap like "Desperate Housewives"!

Oh well, time has come for her to end it all now, fall on her sword and resign in disgrace! ie do the right thing, because it is the right thing to do!

Her choices and actions are diminishing by the day, as this scandal continues to deepen!
Posted by heystoopid (691 comments )
Reply Link Flag
"sometimes illegal" ???
&gt; Pretexting is a sometimes-illegal method of
&gt; obtaining personal records through
&gt; misrepresentation of someone's identity.


Under what conditions is this legally OK to do?
Posted by amigabill (93 comments )
Reply Link Flag
Re: "SOMETIMES ILLEGAL"???
&gt;Under what conditions is this legally OK to do?

Your last name must be Bush.
Posted by Hep Cat (440 comments )
Link Flag
Yet News.com complains about Apple suing bloggers...
What hypocrites. Their favorite company after Dell was breaking the
law to spy on them.

Somebody call the waahmbulance!
Posted by Hep Cat (440 comments )
Reply Link Flag
No connection
News.com, as far as I know, has never expressed a position on Apple suing bloggers. (One of our columnists may, but that's not the same thing.)

Even if we had, though, that's not what's happening here. The bloggers (again, as far as we know) broke no law. HP, on the other hand, may well have done just that.
Posted by declan00 (848 comments )
Link Flag
You aren't intelligent....go away.
&lt;eom&gt;
Posted by anarchyreigns (299 comments )
Link Flag
Obviously, this wasn't hacking
It's just very poor security on AT&#38;T's part. A name, 4 digits of a SSN and
a Yahoo email address gets you any customer's phone records.
Posted by Jackson Cracker (272 comments )
Reply Link Flag
Actually it was
It's called social hacking.
Posted by ewoychowsky (8 comments )
Link Flag
Oh really
Why do you classify this as Not Hacking?
To the mass majority, the common belief is that hackers only use computers, wrong... Have ever heard of Social Engineering? It obviously work really well.

As it stands, AT&#38;T does need to tighten up on their security, but do you realize just how easy it is to call some poor bastard who sits in front of terminal all day long answering phone calls from people they would rather forget even talking too. Not to mention that they are most likely overseas and make little to nothing for salary. How can the fact that they just don't really care about security even come into play. They just give out information to whom ever can guess the correct questions to their low level answers, Pets name, street you live, mothers maiden name.....

The bottom line is, there is no security, just a lot of smoke and mirrors.

So, yes it is hacking if you access someones personal data and they should be punished to full extent of law.
Posted by PorkSoda (1 comment )
Link Flag
What?
Of course News.com complained about Apple suing bloggers (News.com sides with reporters).

Now their complaining about HP sticking their noses into reporters phone records (News.com sides with reporters again).

Where's the hypocrisy here?

Do you "Get It"?
Posted by Mergatroid Mania (8395 comments )
Reply Link Flag
so getting information...
about those who illegally distributed company confidential is getting the major press here.

if your company had confidential information that was being distributed to the press are you ok with that? note that we don't know what *other* information has been compromised, just what was published.

not condoning the HP action, just want to remind us of how we got here...
Posted by lylep (1 comment )
Reply Link Flag
The End does not justify the Means...
We all know where this started but as was stated by Mr. Perkins the first process to pursue was just to ask the directors if they had contact about this "leaked" information. If that didn't work then you would have to start another strategy but not an illegal one. The next logical step would have been to have the directors agree to have their phone records scrutinized.
Instead Ms. Dunn took it on herself to become J. Edgar Hoover (probably the same dress) and gather info behind peoples backs without their consent.
Posted by fred dunn (793 comments )
Link Flag
not by breaking the law they dont
Last we heard, HP was not in the law enforcment business. Unless I missed the one where they merged with teh CIA. So they cannot do things that are illegal to see if something illegal was done to them - maybe nothing illegal was in fact done to them.

Now GW on the otherhand may, being in charge of the country, the CIA and the FBI etc may indeed have a case. That is something that the peopel of teh US can decide on in a few months.
Posted by gggg sssss (2285 comments )
Link Flag
advertising
You notice that HP is one of the major advertisers of C/net news.com. So do you ya think that news.com will do anything about this stupid breach of a reporters records? Will news.com protect their own reporter in this (like supply an attorney, etc)? Does this say something about the veracity of any news reporting coming from any corporate media. NO wonder we can't believe any thing any of them say. If reporters are afraid that they too will be targeted, will they get to the bottom of any investigation. I don't think so!
Posted by nylad (1 comment )
Reply Link Flag
I get it
What side someone takes has nothing to do with statistics. News.com is simply reporting on illegal or unethical behavior. Bashing reporters has become the favorite sport of the Bush administration... that doesn't make it right. And after bashing comes criminal violation. News.com is doing what they're supposed to: being a watchdog. If the "story" comes from watching their own, so be it.
Posted by enovikoff (170 comments )
Reply Link Flag
H-P Innocent
H-P did nothing wrong. The company they hired did it.


They outsourced their dirty work :-)
Posted by GrandpaN1947 (187 comments )
Reply Link Flag
That's called conspiracy to defraud...
And they are just as guilty if not more so for initiating the conspiracy. The "investigator" would not have done this without being paid and Ms. Dunn and her gang including Mark "Capone" Hurd knew damned well that the gathering of phone records by a third party without the consent of the first party was illegal. Remember they are in the Information Industry.
Posted by fred dunn (793 comments )
Link Flag
HP now has RICO problem
"Corporatins now feel empowered" indeed!!

Just because Patricia Dunn and Mark Hurd are miffed does not mean that they get to use the techniques of organized crime to wreak vengance on their "enemies list". I think the US Government should be able to dissolve a now corrupt HP based on these blatant actions.

If they weren't busy trying to eliminate the middle class in America, they wouldn't need to worry about how the public viewed them! A little sunshgine in the boardroom, please.

Tom Perkins is a hero, and should be promoted to chairman of the board as soon as Dunn and Hurd are sacked. George Keyworth should be re-nominated, and if not by the board, then by the shareholders.
Posted by Too Old For IT (351 comments )
Link Flag
Rodent "Investigators" Should be Sued out of Business
These type of unethical "investigators" are probably hardened criminals acting as a legitimate business, no doubt. HP association with them only tarnishes their image. Moreover, just how secret are suppliers these days anyway enough to justify an invasion of privacy on this scale. The scumbag so-called "investigators" should be thrown in jail to teach them a lesson.
Posted by WJeansonne (480 comments )
Reply Link Flag
re: "sometimes illegal"
it seems that the legality of pretexting depends on which state you live in and what kind of records are being accessed.
Posted by zeitgeistwriter (7 comments )
Reply Link Flag
Pretexting is not the only crime here...
In these cases the pretexting was only made possible by the obtaining and using the social security numbers of the victims. Once they have taken the steps to illegally obtain and use the information gathered it is considered by the FTC as Identity Theft and can be prosecuted as same.

No story yet has discussed how the social security numbers were obtained. This is the real story as it will involve the perpetrator having much more information on all of the victims than they realize, Bank Accounts, Credit Cards, Credit histories, real properties owned, academic records, employment records, criminal records, military records, drivers license info and records, just to name a few.

Once this information is had then it is a short stop to obtaining accounts in the victims names.
Posted by fred dunn (793 comments )
Link Flag
Big Telco Evildoers
This story is yet another example of the problems created when Big Telco captures and retains customer data. There will always be Big Telco employees who are willing to sell confidential customer information to suppliment their income. The answer is for consumers to buy prepaid cellphones rather than sign a contract with Big Telco. Big Telco cannot and will not guarantee your privacy.
Posted by CancerMan2 (74 comments )
Reply Link Flag
If HP'S was willing
If HP'S Board and Chairman were willing to do this what other Illegal things have they condoned and allow in their quest for the Almighty dollar who else have they screwed up and over and not gotten caught doing?
And how many more big companies will be allowed to do as they please look back at Sony for one what ever happened after they got caught screwing up our computers because they felt like it and didn't care what people said or did!
Looks like one more company i for one will never ever deal with for any reason and that goes for their Sub's too.
Posted by grayfrier (63 comments )
Reply Link Flag
Conspiracy theory 102
Haven't baught a Compaq or HP in ages, but I assume they all come with spyware-trojan horses masquerading as support/management applications like Open View or their update thingy. Lets assume that HP can just connect to any HP server/desktop through this application and go fishing. Why wouldnt they just browse until they find something good? Who would stop them?

Let's pass this around and see what the response is.
Posted by gggg sssss (2285 comments )
Reply Link Flag
1984 is finally here for HP
Now I know who I'll never buy anything from again....ever.
Posted by jason_doll (6 comments )
Reply Link Flag
HP Pretexting, Ethics,Privacy Law Needed
As a retired lawyer about to go through the process of returning to active practice, I hope this brings some reforms.

Pretexting, for the purpose of invading someone's privcy, and other forms of dishonesty, lying, and stealing, are common. Getting caught is rare, and someone, especially the enterprise beind it, getting what is coming to them is ever more exceptional.

A cursory review of advice about who nay and who may not pretext, etc, and offers to sell data clearly obtained by protexting, on line, found on line, clearly reveals considerable variations in laws and sanctions, and in understanding and misunderstanding thereof. Pretexting by the 'good guys" is a staple on private eye and cop shows on TV.

Federal legislation may be needed, but is not the answer. Federal guidelines generally require either $50,000.00 in "economic" damages, or political influence, before the FBI will get involved or the U. S. Attorney will prosecute any federal crime, which is, for all practical purposes, a license to violate federal criminal laws as long as your victim isn't rich and politically connected. When you get pqst that hurdle, then you have to prove the coroporation's board was in on it, and this is one of very few cases where anyone can ever prove that.

At the risk of being accused of proposing "regulating the Internet," if our Members of Congress, from either parry, cared about mere inddividuals, i.e., voters, we would long ago have had tough federal laws treating accessing individuals' records, including those kept and held to belong to banks, phone companies, ISP's, Google, etc., and using them without their express, voluntary consent would have been a federal crime just like interceptiong telephone convversations, telegrams, nad mail havelong been. That goes for phone records, Emails, anything out of date under the Fair Credit Reporting Act, accessing anything on anyone else's computer, etc.

I worked my way through part of law school as a skip tracer. I have also tried to track down child support deadbeats, etc., in my law practice. If I use my rea; name or a phone trceable ot me with Caller ID, I can't even get public information like the members of the MHMR or Juvenile Board. There will always be pretexting and nobody will ever do much about most of it. Instead of regulating methods, which change little in principle but much in mehtod, we should declare what iw and what isn't protecteed by an explicitly ecognized right of privacy and effective remedies for non-economic as well as economic damages for its violation.

I'm going to watch this play out wiht interst and see if anything really happens.
Posted by Transaction7 (30 comments )
Reply Link Flag
Good Piece made me realise
One of the most obvious thngs that would/could have come out of this access to every comuter they sold would be akin if not insider trading.

It would mean they could access all sorts of data relevant to finacial, political and ethical topics and get a plan going.
Not to mention the money that would/could be made using infor for insider trading.
Cheers
WIZENTUB
Posted by Wizentub (8 comments )
Link Flag
HP Pretexting, Ethics,Privacy Law Needed
As a retired lawyer about to go through the process of returning to active practice, I hope this brings some reforms.

Pretexting, for the purpose of invading someone's privcy, and other forms of dishonesty, lying, and stealing, are common. Getting caught is rare, and someone, especially the enterprise beind it, getting what is coming to them is ever more exceptional.

A cursory review of advice about who nay and who may not pretext, etc, and offers to sell data clearly obtained by protexting, on line, found on line, clearly reveals considerable variations in laws and sanctions, and in understanding and misunderstanding thereof. Pretexting by the 'good guys" is a staple on private eye and cop shows on TV.

Federal legislation may be needed, but is not the answer. Federal guidelines generally require either $50,000.00 in "economic" damages, or political influence, before the FBI will get involved or the U. S. Attorney will prosecute any federal crime, which is, for all practical purposes, a license to violate federal criminal laws as long as your victim isn't rich and politically connected. When you get pqst that hurdle, then you have to prove the coroporation's board was in on it, and this is one of very few cases where anyone can ever prove that.

At the risk of being accused of proposing "regulating the Internet," if our Members of Congress, from either parry, cared about mere inddividuals, i.e., voters, we would long ago have had tough federal laws treating accessing individuals' records, including those kept and held to belong to banks, phone companies, ISP's, Google, etc., and using them without their express, voluntary consent would have been a federal crime just like interceptiong telephone convversations, telegrams, nad mail havelong been. That goes for phone records, Emails, anything out of date under the Fair Credit Reporting Act, accessing anything on anyone else's computer, etc.

I worked my way through part of law school as a skip tracer. I have also tried to track down child support deadbeats, etc., in my law practice. If I use my rea; name or a phone trceable ot me with Caller ID, I can't even get public information like the members of the MHMR or Juvenile Board. There will always be pretexting and nobody will ever do much about most of it. Instead of regulating methods, which change little in principle but much in mehtod, we should declare what iw and what isn't protecteed by an explicitly ecognized right of privacy and effective remedies for non-economic as well as economic damages for its violation.

I'm going to watch this play out wiht interst and see if anything really happens.
Posted by Transaction7 (30 comments )
Reply Link Flag
Action seems to have been prompt
Well I must say that after I contacted the head office of the company I purchased the pc from I was put through to higher managment.
They found it interesting and decidd to check out the software themselves.

I got an email labelled from HP within 48 hrs, no subject line so I ws not prepared to open it.
I did not get the chance anyhow as my pc froze up first email I looked at.

I could do nothng but guessed it, another instal, thant made five that week.

This time my pc installed rather quickly, much faster in fact.
WHen it rebooted gone were much of the adverting files and some other things.
THen the wiondows updates were cut from almost 200 to around 70, a huge difference.
The machine is running faster and the keyloggers are gone.

They are GONE, yeah.
Cheers.
Posted by Wizentub (8 comments )
Reply Link Flag
phone records.
It has been since Sept 2002 that I packed up my home to move. I moved in with my ex and my neices for a few weeks before taking a vacation around Aus.
I settled in Q.L.D and needed to put the phone on.
I contacted the comapny and gave my details, they asked my last address and I gave it them.
They said Ic anthave to concurrent accounts, I have to shut the current one down. What current one I say.
I tellthem all I can including the exact balance I left in my account for the recconection fees.
It is 2007 and I still cant ge tthe phone on cause I dont know the address of whrever it is being used. How did that person get the info in the first place, it was security protected?.
Posted by Wizentub (8 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.