Unmasked - Ars Technica [12]
While he worked on government contracts, Barr drummed up a little business doing social media training for corporations using, in one of his slides, a bit of research into one Steven Paul Jobs.
The training sessions, following the old “scare the sh*t out of them” approach, showed people just how simple it was to dredge up personal information by correlating data from Facebook, LinkedIn, Twitter, and more. At $1,000 per person, the training could pull in tens of thousands of dollars a day, but it was sporadic. More was needed; contracts were needed, preferably multi-year ones.
The parent company also had issues. A few weeks after the discussions about closing up HBGary Federal, HBGary President Penny Leavy-Hoglund (Greg’s wife), sent an e-mail to her sales team, telling them “to work a quota and to bring in revenue in a timely manner. It’s not ‘optional’ as to when it needs to close, if you haven’t met your number, the closing needs to happen now, not later. You need to live, eat, breath and ensure you meet your number, not kind of hit it, MEET IT... Guys, no one is making their quota.”
She concluded darkly, “I have some serious doubts about some people’s ability to do their job. There will be changes coming shortly and those decisions will be new people’s to make.”
And then, unexpectedly, came the hope of salvation.
“Bond, Q, and Monneypenny”
By October 2010, Barr was under considerable stress. His CEO job was under threat, and the e-mails show that the specter of divorce loomed over his personal life.
On October 19, a note arrived. HBGary Federal might be able to provide part of “a complete intelligence solution to a law firm that approached us.” That law firm was DC-based powerhouse Hunton & Williams, which boasted 1,000 attorneys and terrific contacts. They had a client who wanted to do a little corporate investigative work, and three small security firms thought they might band together to win the deal.
Palantir would provide its expensive link analysis software running on a hosted server, while Berico would “prime the contract supplying the project management, development resources, and process/methodology development.” HBGary Federal would come alongside to provide “digital intelligence collection” and “social media exploitation”—Barr’s strengths.
The three companies needed a name for their joint operation. One early suggestion: a “Corporate Threat Analysis Cell.” Eventually, a sexier name was chosen: Team Themis.
Barr went to work immediately, tracking down all the information he could find on the team’s H&W contact. This was the result of few hours’ work:
A bit of what I have on [redacted]. He was hard to find on Facebook as he has taken some precautions to be found. He isn’t even linked with his wife but I found him. I also have a list of his friends and have defined an angle if I was to target him. He has attachment to UVA, a member of multiple associations dealing with IP, e-discovery, and nearly all of this facebook friends are of people from high school. So I would hit him from one of these three angles. I am tempted to create a person from his highschool and send him a request, but that might be overstepping it. I don’t want to embarrass him, so I think I will just talk about it and he can decide for himself if I would have been successful or not.
Team Themis didn’t quite understand what H&W wanted them to do, so Barr’s example was simply a way to show “expertise.” But it soon became clear what this was about: the US Chamber of Commerce wanted to know if certain groups attacking them were “astroturf” groups funded by the large unions.
“They further suspect that most of the actions and coordination take place through online means—forums, blogs, message boards, social networking, and other parts of the ‘deep web,’” a team member explained later. “But they want to marry those online, ‘cyber’ sources with traditional open source data—tax records, fundraising records, donation records, letters of incorporation, etc. I believe they want to trace