A new report discusses some of the techniques. They can be devious.
November 26, 2013  |

In 2010, a group of hackers known as LulzSec gave us a peek into the shadowy world of corporate espionage. The group released 175,000 emails it obtained from a private security firm called HBGary Federal.

The hack revealed, among other things, that Bank of America (BofA) had grown concerned about a promise that Wikileaks founder Julian Assange made in 2009 to release a trove of sensitive documents that Assange claimed could “take down” the bank. BofA went into crisis-control mode, setting up a “war room” to handle the fallout from the expected release (which, as it turned out, never came).

It also approached the Justice Department, which referred the mega-bank to a K-Street lobbying firm, which introduced BofA executives to a group of private security firms called Team Themis.

Peter Ludlow, a professor at Northwestern University, wrote in The New York Times that the group offered, among other services, a “common aspect of intelligence work: deception. That is, it is involved not just with the concealment of reality, but with the manufacture of it.”

Team Themis (a group that included HBGary and the private intelligence and security firms Palantir Technologies, Berico Technologies and Endgame Systems) was effectively brought in to find a way to undermine the credibility of WikiLeaks and the journalist Glenn Greenwald… because of Greenwald’s support for WikiLeaks.

Team Themis considered falsifying documents and feeding them to Greenwald in order to discredit his reporting. They also pitched the Chamber of Commerce with a plan to infiltrate Chamber Watch, a progressive group that opposes the CoC’s anti-regulatory agenda. They suggested creating “two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second.”

When the story broke, Bank of America and the Chamber of Commerce rushed to distance themselves from the plans and HBGary claimed that they had never gotten past the planning stage. But the leaked emails briefly shined a light on the murky, largely unregulated world of corporate spying – an industry that watchdogs say has grown exponentially since the 9/11 attacks.


Last week, the nonpartisan, nonprofit Corporate Policy Center issued a report titled, “Spooky Business: Corporate Espionage Against Nonprofit Organizations,” which detailed a number of revelations of corporate espionage operations against non-profit activist groups. Moyers & Companyspoke to the report’s author, Corporate Policy Center Director Gary Ruskin, last week.

Joshua Holland: Over the past few years, a few cases of corporate espionage against various activist groups have come to light, but your report is the first to attempt to document this phenomenon in detail. Do we know how widespread this practice is?

Gary Ruskin: We really do not. Our report, “Spooky Business,” is really an effort to say something that we really know very little about. It’s kind of like documenting the tip of the iceberg, but we don’t know how deep the iceberg goes. So it’s going to require a lot more journalistic work, as well as some investigations by the Department of Justice and other law enforcement officials.

Holland: Let’s look at an example of the kinds of stories that have come to light and then we can discuss the ramifications. What is S2i, the company formerly known BBI?

Ruskin: Those two companies are basically private investigation firms and they were very active in surveilling and conducting espionage against a wide variety of nonprofit organizations.

Holland: What kind of specific activities did you find these private ‘spooks,’ if you will, doing to disrupt activist groups — or is disrupt even the right word?

Ruskin: I think “disrupt,” “surveil” and “conduct espionage” are all quite correct. They conducted a wide variety of espionage activities. One thing that they did to Greenpeace was they conducted more than 120 efforts at “dumpster diving,” where they would go onto Greenpeace’s property and essentially trespass and obtain the group’s thrown-out memos and the like.

BBI also had on its retainer an active duty police officer in Washington, D.C., who could help them get onto Greenpeace’s property. They did a wide variety of physical surveillance and intrusion and infiltration activities. And it appears that they did wiretapping, as well as hiring an NSA contractor who specialized in computer intrusion and electronic surveillance and that was all used against Greenpeace. Theft of a wide variety of Greenpeace memos — it’s a very long and complicated list of espionage activities.

Holland: And have you found instances where they actually infiltrated these groups, where they posed as activists themselves to get on the inside?

Ruskin: We found that that was the most common form of espionage, where a company would hire an intelligence person, who would then either pose as a volunteer or as a journalist and then vacuum up a lot of information.

Holland: And you mention in the report that a lot of these companies had employed former NSA, CIA and other types of former intelligence officers.

After 9/11, we saw a huge expansion of our intelligence budgets and I think most people may not realize that a large share of that expansion wasn’t done through government agencies directly, but through outside security contractors.

According to journalist Tim Shorrock, around 70 percent of our national security spending now goes to private firms. So I guess the question is: to what degree did building all of this private intelligence capacity help create the situation that you describe in the report?

Ruskin: Well, I think you hit it right on the head there. We essentially have this private national security state and they have a tremendous amount of private national security capability. And this is for-profit and they want more contracts, so they’ll take contracts from companies that want to conduct espionage against nonprofits and this is a problem.

And another part of the problem is that there haven’t been much in the way of investigations — and certainly not prosecutions in the United States over this sort of thing – so the people who conduct this kind of espionage think that they can do it with impunity. And, so far, they’re right.

Holland: Michael Hayden, the former director of both the NSA and the CIA, oversaw that privatization effort in the early 2000s and late ’90s. He told Shorrock — and I’ll quote, because I think it’s so interesting. He said, “The largest concentration of cyber power on the planet is the intersection of the Baltimore Parkway and Maryland Route 32.” That’s where the NSA and its top contractors are located. Hayden coined the term ‘Digital Blackwater’ to describe this stuff.

Gary, I may be asking you to speculate here: after 9/11, we saw the line between activism and terrorism starting to blur. We started hearing terms like “ecoterrorism,” for example. I wonder to what degree you think that mindset has bled into the private sector, with intelligence agencies seeing activism as somehow criminal or illegitimate and something to be targeted?

Ruskin: Well, I think it’s pretty clear that we’re seeing that sort of thing more and more. It’s clear that that was part of the treatment of Occupy Wall Street across the country, where there were these interesting FBI-corporate “partnerships.” We wrote about one in the report called “InfraGard.”

And it’s not just happening in the United States. There was a really interesting piece in a Vancouver newspaper last week showing government espionage of environmental activists and groups in Canada on behalf of oil companies.

Holland: There’s a revolving door here, with personnel moving between private intelligence companies and the government, right? And revolving doors make regulation really challenging. Is there any sort of regulation of this kind of corporate spying?

Ruskin: When we’re talking about private corporate spying on nonprofits, there’s been very little. And that’s part of the problem: in general, there’s been very little attention paid to moonlighting CIA operatives, or retired operatives. We don’t know what they actually do and whether it’s ethical and whether it should continue. And so that’s something that Congress really could and should do — hold hearings to shine some light on what is really happening so that we can figure out how it’s got to change.

Holland: You mention the Pinkertons in the report. That was a private police force used by corporations to, among other things, brutalize, and sometimes even murder labor organizers a hundred years ago.

So I wonder if this is a new thing or an old thing that now has new technologies and uses more sophisticated tactics than beating people over the head with baseball bats?

Ruskin: In some ways it’s definitely a very old thing. But what’s different now is the technology is far more intrusive. And we have this giant national security state that is, in effect, for hire by companies to do their espionage. And the third thing is that there’s been no pushback from law enforcement. In the UK and in France, there has been pushback on this sort of thing, but not here in the United States. So that’s got to change.

Holland: And have you seen a chilling effect from this, or is that a potential danger here, Are activists being scared off?

Ruskin: You know, democracy really depends on an active citizenry and on active citizen groups and to the extent that that is impaired because of espionage, well, then our entire democracy is the poorer for it. And that’s why we really think that the Justice Department and Congress need to do their job.

Holland: Let me play Devil’s advocate for a moment. How would you respond to the other side of the argument, which is that companies have a right — and let’s face it, in some instances a need — to anticipate and try to head off illegal actions against them, as opposed to legal First Amendment-protected activism?

Ruskin: Well, there’s no question that they’re perfectly within their rights to collect information by legal means, but when they break the law that’s very different. We uncovered in our report some conduct that certainly appears to be illegal and we supposedly live under the rule of law in our society. So let’s make sure that that continues.

You can download “Spooky Business: Corporate Espionage Against Nonprofit Organizations” here.

 

Joshua Holland is Senior Digital Producer at BillMoyers.com, and host of Politics and Reality Radio. He’s the author of The 15 Biggest Lies About the Economy. Drop him an email or follow him on Twitter.