High tech is an incredibly competitive, dog-eat-dot industry where fortunes can turn on the success or failure of your most recent product launch. Even the successful companies can’t sit on their laurels for too long, the technology moves too fast to get complacent.
Secrets are closely guarded, because the level of espionage is high, and disgruntled employees make things worse by regularly leaking information to the media that can have a huge impact on public perception and stock prices. That’s why companies take huge steps, from banning iPods and memory sticks from the work environment to monitoring employee e-mail and Internet use, to make sure nothing gets out before it’s time.
Which kind of explains why computer giant Hewlett-Packard did what it did.
When critical details of HP’s long-term strategy showed up in a Cnet article ( www.cnet.com ), the board knew the leaker had to be high up — a senior manager or a member of the board itself. To find out who that person was, the chairperson and a few board members retained the services of a private detective and a data mining company.
Patricia Dunn, HP’s chairwoman, reportedly authorized the use of a technique called pretexting to find the leak, with investigators essentially posing as HP employees and Cnet journalists to approach phone companies and obtain copies of their records. The ruse was successful, exposing board member George Keyworth as the source of the leak. But it didn’t end there.
Given the number of laws broken to obtain that information, the data mining companies, investigator and Dunn are facing charges of fraudulent wire communications, wrongful use of computer data, identity theft and conspiracy to commit those crimes. Dunn has since had to step down from her position on the board, and may even go to jail.
While pundits have argued both sides of this issue, whether HP was justified or not in pursuing the person doing the leaking, some good came out of this scandal — a greater awareness of the threat of pretexting.
For a long time hackers have used pretexting to get things like computer passwords from people, calling them up at work or at home and pretending to be systems administrators from their company or representatives from their Internet Service Provider. The reason for this approach is simple — it’s a lot easier to get someone to reveal their codes than it is to guess or steal them.
To protect your personal information, never give anybody a code by e-mail or over the phone unless you are 100 per cent sure they’re legitimate.