Congress Asks to Review DoD and NSA Contracts With HBGary

Anonymous’ recent exposure of a federal contractor’s plan to take down WikiLeaks has led to a congressional probe seeking data on contracts the company and its partners hold with the U.S. military and intelligence agencies.

Update: This story was updated with comment from the House Armed Services Committee and Johnson’s office March 17, 2011 at 2 p.m. PDT.

Anonymous’ recent exposure of a federal contractor’s plan to take down WikiLeaks has led to a congressional probe seeking data on contracts the company and its partners hold with the U.S. military and intelligence agencies.

The House Armed Services Subcommittee on Emerging Threats and Capabilities on Wednesday asked the Defense Department and its intelligence arm — the National Security Agency — to hand over copies of any contracts they may have signed with HBGary Federal, Palantir Technologies and Berico Technologies.

Rep. Hank Johnson (D-Georgia) grilled Gen. Keith Alexander, director of the NSA and commander of the U.S. Cyber Command, and Dr. James Miller, Jr., deputy under secretary of defense for policy, on the services the firms provided their agencies.

Miller replied that he would have to check with the Defense Department’s general counsel to “make sure that the provision of that type of information is allowed contractually.”

When Johnson asked whether this meant the contracts might have provisions barring them from being shared with Congress, Miller backtracked and said no, that it would take time to determine all the agencies in the department that have contracts with the companies and decide in what form to provide the information.

Subcommittee Chairman Mac Thornberry (R-Texas) interjected that the information should be provided to the entire committee.

“This scandal cries out for an investigation,” said Johnson in a statement to Threat Level. “I’ll do it by myself if I have to.”

All three companies were recently in the crosshairs after e-mails stolen from HBGary Federal revealed that the company had been working on a proposal for the law firm Hunton and Williams to investigate and discredit WikiLeaks. The proposal included such maneuvers as:

  • Launching cyberattacks against WikiLeaks’ servers to obtain data on the sources who submit documents to the organization.

  • Submitting fake documents to the secret-spilling site and then later calling public attention to the fake documents to raise questions about WikiLeaks’ reliability.

  • Using intimidation tactics against a Salon reporter who avidly supports the group.

The plan was exposed after members of the online vigilante group Anonymous breached the company’s network and stole more than 60,000 internal e-mails.

HBGary Federal claimed in a news story that it had been working with the FBI to unmask hackers behind recent denial-of-service attacks against PayPal, Visa, MasterCard and Amazon. Members of Anonymous — a loosely structured group of vigilantes — had organized the mass attacks after the companies suspended accounts used by WikiLeaks to receive donations and host documents. In an attempt to uncover HBGary Federal’s investigation of its members, Anonymous hacked the company.

After HBGary’s WikiLeaks plan was exposed, Palantir denied knowledge of details of the proposal. Both it and Berico distanced themselves from HBGary Federal, and HBGary Federal CEO Aaron Barr subsequently resigned.

Last month, Rep. Johnson and more than a dozen other lawmakers sent a letter to four committees urging Republican leaders to investigate the three firms after it was revealed that in addition to the anti-WikiLeaks plan, HBGary Federal may also have been involved in a similar plan to target critics of the U.S. Chamber of Commerce.

Johnson’s office told Threat Level that the Judiciary Committee, one of the committees that received Johnson’s letter has responded that it will not investigate the companies.

A representative for the House Armed Services Committee, another committee that received the letter, said that a decision on investigating the companies will depend on what response the subcommittee gets from the Defense Department about the contracts.

“This is the first official ask from the subcommittee [in this matter], said committee spokesman Josh Holly.

HBGary Federal does classified work for the U.S. federal government among other security work; Palantir is believed to have government contracts, as well.

Gen. Alexander told the congressional subcommittee that he wasn’t sure how many contracts the government had with the companies or the nature of them but noted that Palantir offers tools to visualize traffic on the internet and computer networks.

“My recollection with working with Palantir was, here is an idea that we could use for how to look at networks and how to secure,” he said.

See also