This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=UTF-8
By Damon Darlin and Kurt Eichenwald
The New York Times
September 19, 2006
Hewlett-Packard conducted feasibility studies on planting spies in news
bureaus for two major publications as part of an investigation of news
leaks from the company's board, an individual briefed on the company's
review of the operation said Tuesday.
The studies, referred to in a Feb. 2 draft report for a briefing of
senior management, included the possibility of placing investigators
acting as clerical employees or cleaning crews in the San Francisco
offices of CNET and The Wall Street Journal.
It is not clear whether the plan was ever acted upon.
The report was sent on Feb. 1 by Anthony R. Gentilucci, HP's
Boston-based manager of global investigations, to four others, including
Kevin T. Hunsaker, a senior counsel in HP's legal department and the
company's chief ethics officer.
"Feasibility studies are in progress for undercover operations
(clerical) in CNET and WSJ offices in SF," the memo said, referring to
two publications in which reports of the company's board discussions had
Under a section labeled "Investigation Activity Update," with the
subtitle, "Covert Operations," it also called for examining the use of
cleaning employees at those locations.
The consideration of undercover agents inside news organizations adds a
new element to what is known of the HP investigation, which prominently
included the use of subterfuge to gain the phone records of company
directors, employees, journalists and others.
An e-mail message obtained by The New York Times from someone with
access to the company's investigative material shows that leading
members of the team supervising the investigation knew of the methods at
least as early as January and raised questions about their legality. The
disclosure came yesterday as investigators examined the role of a man
from the Omaha area who may have obtained private phone records on HP's
behalf, according to people briefed on the company's review of the
California and federal prosecutors are exploring whether laws were
broken in the investigation, particularly in the use of pretexting --a
technique in which an investigator masquerades as someone else to obtain
that person's calling records from a phone company. The prosecutors are
also trying to determine who in the company knew of the possibly illegal
Concern over legality was reflected in an e-mail message sent on Jan.
30 by Hunsaker, the chief ethics officer, to Gentilucci, the manager of
global investigations. Referring to a private detective in the Boston
area whom the company had hired, Ronald R. DeLia, he asked: "How does
Ron get cell and home phone records? Is it all above board?"
Gentilucci responded that DeLia, owner of Security Outsourcing
Solutions, had investigators "call operators under some ruse."
He also wrote: "I think it is on the edge, but above board. We use
pretext interviews on a number of investigations to extract information
and/or make covert purchases of stolen property, in a sense, all
Hunsaker's e-mail response, in its entirety, said: "I shouldn't have
It is unclear who, if anyone, in the company was then briefed on what he
had learned. People who have seen other material from HP's investigation
said that Hunsaker, in supervising the operation, communicated
frequently with Patricia Dunn, the company's chairwoman, about its
progress. But they said it was not clear when Dunn, who ordered the
investigation, learned of the methods used.
Hunsaker did not respond to a request for comment. Gentilucci referred
all inquiries to HP's corporate offices, which said it had no comment.
The HP investigations were initiated early in 2005, around the time of
Carly Fiorina's ouster as chairwoman and chief executive, and then
resumed in January. The two phases--each begun after accounts of board
members' discussions appeared in news articles--were code-named Kona I
and Kona II, according to several people who saw the company's
investigative records. The names are intriguing; Dunn's vacation home is
in Kona, Hawaii.
Not all board members were targets in the investigation, according to
people who had seen some of the company's investigatory materials. The
detectives seemed to focus on allies of Thomas Perkins, Dunn's board
In the first phase of the investigation, the targets were Perkins,
George Keyworth and Robert E. Knowling Jr., a director who stepped down
last September. Fiorina was also a target, the documents show.
In the second phase, Keyworth, his wife, Perkins and two other
directors--Lucille S. Salhany, a former television executive, and
Richard A. Hackborn, a former HP executive--were targets. Both phases
used pretexting, according to documents the company has given various
Another target was Shane Robison, an executive vice president and chief
strategy and technology officer. Robison is not on the board, but was a
liaison to its technology committee, on which Keyworth and Perkins
served. A company memo, described to a reporter, instructs detectives to
obtain the records of Dunn and Robison for the sake of completeness.
Perkins resigned in June in protest over the investigation. Keyworth,
identified as having given information to reporters, agreed last week to
resign from the board after Dunn said she would step down as chairman in
In addition to HP directors, nine journalists and two employees, those
whose phone records were obtained included Larry Sonsini, the outside
counsel, a spokeswoman for his law firm, Wilson Sonsini Goodrich &
Rosati, said Tuesday, confirming a report in The Wall Street Journal.
The identification of a man from the Omaha area as a possible
participant in the operation provides a potentially critical link in a
chain that has stretched from HP's sprawling Silicon Valley headquarters
to its security operations in Boston and to detective agencies there and
The man, Brian Wagoner, has spent several years working for the Action
Research Group, a Florida detective agency, according to a relative of
Wagoner. The Florida agency has been identified by people briefed on
HP's review of its operation as a contractor for Security Outsourcing
Solutions, DeLia's firm.
An e-mail message to Hunsaker, the HP ethics officer, indicates that he
was aware of the involvement of the Action Research Group in the
operation. On Feb. 7, DeLia informed Hunsaker that he had sent an e-mail
message to "my source in FL and asked him if there were any state laws
prohibiting pretexting telephone companies for call records."
DeLia gave the response from that firm, presumably Action Research: "We
are comfortable there are no Federal laws prohibiting the practice." He
added that he had been using the firm for eight to 10 years.
DeLia did not respond Tuesday to requests for comment.
Action Research and Wagoner, the Omaha man, had been linked before. His
name appeared in connection with Action Research in April, when
congressional investigators studying pretexting interviewed James Rapp,
a Denver man convicted in 2000 of illegally obtaining phone records. Rob
Douglas, an information security expert who was a consultant to the
congressional investigation, said Rapp had disclosed his employment for
years with the Action Research Group.
Rapp told investigators that after his own conviction, which led to the
shutdown of his business, some of his employees went to work for Action.
Among them was Wagoner, whom Rapp identified as his nephew during the
interview with congressional investigators, Douglas said.
Rapp said in an interview Tuesday that Brian Wagoner split his time
between the Omaha and Denver areas and had worked for Action Research.
"I know for a fact there's been correspondence between he and Action for
many, many years," Rapp said.
Rapp said he had spoken with Wagoner twice Tuesday and described him as
"nervous and hesitant."
"He keeps trying to tell me that Action doesn't do that kind of work any
more," Rapp said. But he said Wagoner had told him that he did believe
he had worked on HP case. "He did do the work," Rapp said. "He does
Matt Richtel contributed reporting.
Entire contents, Copyright =C2=A9 2006 The New York Times. All rights
reserved. Copyright =C2=A91995-2006 CNET Networks, Inc. All rights reserved=2E
Content-Type: text/plain; charset="us-ascii"
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/