Pretext of Drama at H-P

Legal or illegal; ethical or unethical. That’s what Bill Lockyer, Dawn Kawamoto, Pui Wing Tam, Mark Hurd and the SEC all want to know. But it’s already too late for Patricia Dunn while Carly Fiorina is already yesterday’s news.

Welcome to Hewlett-Packard.

Where an internal investigation – including alleged pretexting by hired guns – has brought down the Board Chairwoman Dunn and could lead to criminal prosecution by California Attorney General Lockyer. H-P CEO Hurd has assumed the chairman’s position. He had already followed the “hello-goodbye” tenure of Fiorina.

A subcontracted investigative firm, allegedly hired by Dunn to track down supposed board of director leaks to the media, obtained phone records of several fellow board members and nine journalists.

According to media reports late last month, an H-P spokesman stated that the company gave the California Attorney General a list of nine reporters that were investigated. The reporters’ personal telephone records were obtained by an agency hired by H-P. The reporters include Dawn Kawamoto of Cnet and Pui Wing Tam of The Wall Street Journal.

At the center of the boardroom investigation is a practice called “pretexting,” in this case based on impersonation.

PRETENDING

Cnet reported that in late January an individual used the last four digits of Kawamoto’s husband’s Social Security number to create an online AT&T account as a way to obtain the “who phoned whom” records.

Pretexting is illegal in California. Dunn will remain on the H-P board. Media reported Security Outsourcing Solutions Inc. (SOS) of Boston as being involved with the board chairwoman’s investigation. AG Lockyer has issued subpoenas.

According to federal government materials, pretexting is the practice of getting personal information under false pretenses. Pretexters often sell information to people who may use it to get credit in the victim’s name, steal assets or to investigate or sue you. The Federal Trade Commission believes pretexting is against the law.

Pretexters use a variety of tactics to get personal information. For example, a pretexter may call, claim he’s from a survey firm, and ask a person a few questions. When the pretexter has the information he wants, he uses it to call the person’s financial institution or telephone company. He pretends to be that person or someone with authorized access to the account. He might claim that he’s forgotten his checkbook and needs information about his account. In this way, the pretexter may be able to obtain personal information such as a complete SSN, bank and credit card account numbers, information in a credit report, telephone records and the existence and size of savings and investment portfolios.

As ethical investigators know, some personal information may be a matter of public record.

But the Gramm-Leach-Bliley Act prohibits “pretexting,” the use of false pretenses, including fraudulent statements and impersonation, to obtain consumers’ personal financial information, such as bank balances. This law also prohibits the knowing solicitation of others to engage in pretexting. The Commission has been active in bringing cases to halt the operations of companies and individuals that allegedly practice pretexting.

The Federal Trade Commission Act also generally prohibits pretexting for sensitive consumer information.

Pretexting can lead to identity theft. Identity theft occurs when someone hijacks personal identifying information to open new charge accounts, order merchandise or borrow money. Consumers targeted by identity thieves often don’t know they’ve been victimized until the hijackers fail to pay the bills or repay the loans, and collection agencies begin dunning the consumers for payment of accounts they didn’t even know they had.

The Identity Theft and Assumption Deterrence Act makes it a federal crime when someone: “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law.” Under the Identity Theft Act, a name or SSN is considered a “means of identification.” So is a credit card number, cellular telephone electronic serial number or any other piece of information that may be used alone or in conjunction with other information to identify a specific individual.

SIDEBAR
Pretexting and Federal Crimes

According to the Gramm-Leach-Bliley Act -- it’s illegal for anyone to:

use false, fictitious or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
ask another person to get someone else’s customer information using false, fictitious or fraudulent statements or using false, fictitious or fraudulent documents or forged, counterfeit, lost, or stolen documents.

Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.