This Is What A Professional Disinformation Campaign Looks Like

By December 2, 2016Standard

This Is What A Professional Disinformation Campaign Looks Like

By Tyler Durden – Zero Hedge

Today Wikileaks published in searchable format more than 60 thousand emails from private intelligence firm HBGary. As Wikileaks reported on its website, “the publication today marks the early release of US political prisoner Barrett Brown, who was detained in 2012 and sentenced to 63 months in prison in connection with his journalism on Stratfor and HBGary. Coinciding with Mr Brown’s release from prison WikiLeaks is publishing a searchable index of the HBGary emails. WikiLeaks published the Stratfor emails in 2012.”

For those who missed it five years ago, the story behind the leak is fascinating.

The HBGary emails are from four email accounts of key people from HBGary and HBGary Federal. HBGary was founded in 2003 by Greg Hoglund to provide cyber security-related services to corporate clients. A separate entity, HBGary Federal, was managed by Aaron Barr to do similar work for government agencies and so had staff with security clearances and worked with companies such as Booz Allen Hamilton (one of the contractors Edward Snowden worked for).

As was reported several years ago, in February 2011 Aaron Barr stated he had been investigating the internet activist group Anonymous and claimed to have uncovered the real identities of some of what he described as the leaders of the organisation. In retaliation Anonymous penetrated Barr’s organisation and took emails from the accounts of four key people from HBGary and HBGary Federal: Aaron Barr and Greg Hoglund, but also Ted Vera (then Chief Operating Officer at HBGary Federal) and Phil Wallisch, a former Principal Technical Consultant.

These emails and revelations from them started to be published on the internet, predominantly through the work of Barrett Brown and a crowd-sourced investigative journalism project he ran: Project PM. As a result, later that month Barr was forced to step down, HBGary Federal closed and HBGary, Inc. was sold to ManTech International. This would have been little consolation to Mr Brown, who a month later on 6 March 2012 had both his and his mother’s houses raided by the FBI, seeking “Records relating to HBGary, Infragard, Endgame Systems, Anonymous, LulzSec, IRC chats, Twitter,, and” Agents seized his laptops.

Barrett Brown’s work through Project PM was one of the first collaborative investigations into the US corporate surveillance industry. Looking into corporate firms that work hand-in-hand with the government to surveil on citizens, Mr Brown was one of the first to shed light on this unaccountable industry.

The HBGary revelations that came out through the work of Barret Brown and others showed that HBGary and related companies were involved in plans to spread disinformation and to attack watchdog organisations, including WikiLeaks and US Chamber Watch. For example, the emails revealed a plan to form a group called Team Themis with a number of companies from the industry to “ruin” WikiLeaks by submitting false documents in the hope they would be published, as well as discrediting WikiLeaks staff and supporters, including journalist Glenn Greenwald. HBGary was also bidding to fulfil a tender from the US Air Force to assist it in manipulating social media to spread propaganda about the Air Force.

As Wikileaks adds, “Barrett Brown was indicted on felony counts due to his journalistic work on the HBGary emails and other related corporations. He has been in prison ever since, often being put into solitary confinement and having his communications restricted. The HBGary emails largely disappeared from the internet. Today the HBGary emails are safe for all to search in honour of Mr Brown’s work and in celebration of his release.”

While many of the leaked emails and their contents have been released previously, in light of the recent witch hunt to brand an entire swath of the media as “fake news”, or just as bad “Russian propaganda”, it is worth reminding readers of one of the most memorable discoveries to emerge from the hack.

One particular presentation from December 2010, titled “The Wikileaks Threat” outlined a proposal to Bank of America from Palantir and HBGary to sabotage WikiLeaks on multiple fronts, a response plan to what some believed at the time could be a release of highly damaging Bank of America’s internal documents by WikiLeaks. The powerpoint suggested launching cyberattacks on WikiLeaks servers, spreading misinformation about its insecurity, and even pressuring journalists who support the site, specifically focusing on Glenn Greenwald, the man who presented Edward Snowden to the world.

In a nutshell, the 24-slide document (presented in its entirety below), was a thoroughly developed program meant to discredit and destroy Wikileaks, through an extensive disinformation campaign. What is notable are the details that Palantir presented as part of this campaign, which are a generic framework for creating any such campaign. They are laid out on a slide titled “Potential Proactive Tactics” and are as follows:

  • Feed the fuel between the feuding groups.  Disinformation.  Create messages around actions to sabotage or discredit the opposing organization.  Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure.  Create exposure stories.  If the process is believed to not be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters.  This would kill the project.  Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radical and reckless nature of wikileaks activities.  Sustained pressure.  Does nothing for the fanatics, but creates concern and doubt amongst moderates.
  • Search for leaks.  Use social media to profile and identify risky behavior of employees.

And there you have it: a generic disinformation campaign, in this case one prepared by Palantir and HBGary against Wikileaks, but one that is structurally the same in virtually every other instance. So the next time readers encounter a similar attempt to “destroy” a source of information, look at the slide above and ask if what you are seeing is just a rehash of an old, familiar discrediting campaign