Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/1/2010
08:00 AM
Rob Enderle
Rob Enderle
Commentary
50%
50%

HP And The Scary Corporate Fifth Column Concept

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.Some speculate that Oracle could be setting up to buy HP.

During the Second World War, the concept of a 5th Column, a network of spies seeded into a country prior to an attack, was created, and that same concept could be in use by some of the companies aggressively doing acquisitions or growing rapidly in the market.

With social networking and open-source activities providing unprecedented communications channels and opportunities for cross-company relationships, perhaps my speculation about aggressive competitive data mining isn't so far off, and we should consider this risk this week.

During the years I've seen some epic failures in terms of company performance. A few months ago, I suggested that Robbie Bach's colossal failure at Microsoft was so bad it could have been funded by Apple. Initially I was just joking. Now I'm not so sure.

I looked at an old (2001) presentation on how Oracle did competitive intelligence. This presentation more than implied Oracle had people working at each of its competitor's companies, and that it regularly mined incoming employees for information on the firms they left. I do think it might be the Scariest Company in Tech. HP Todd Bradley Example I used to run a field audit organization for IBM and had responsibility for security over the marketing and competitive analysis units while I was a competitive analyst. The intellectual property losses that we discovered were almost always connected to a disgruntled executive who had either been passed over for a promotion and/or was going to work for a competitor. The most pronounced was a senior video president of sales who had evidently been feeding a competitor critical information while crippling our own sales efforts prior to taking his new job with that competitor.

With the recent HP selection of Leo Apotheker to lead HP over the aggressive marketing by SVP Todd Bradley for the same role, Bradley should now be on the short list of those likely to provide competitive information. The recipient of this information would most likely be Oracle's Mark Hurd, the recently fired HP CEO who was also Todd Bradley's mentor. Speculation is increasing that Oracle is trying to aggressively drive down the value of HP so it can position itself for a hostile takeover.

If so, Bradley would be the most likely executive (at least at his level) to be operating to help them, particularly if he was promised the top HP job as a reward for his complicity. (How he executes with the second Palm Pre might indicate just which side he is really on.) Now just because he has both motive and opportunity doesn't mean Bradley is acting against HP's interests. It's only likely, and he's likely not the only one at risk. But to ignore this exposure would be foolish; given the future of HP is at risk, extra care likely should be taken to ensure any information critical to HP's fight with Oracle that Bradley does get can be tracked back to him--and that he knows it.

Mitigating Leaks During a battle--competitive, political, or otherwise--detailed information about the other side's strategy, weaknesses, and tactics can result in huge benefits for the firm that acquires it. In security, it is our job to plug leaks--which are difficult to find--to identify the potential for them. On the short list would be executives or employees who were passed over for critical promotions, complained about abuse, were identified as surplus but still working, or who were known to be disgruntled and aggressively looking for outside work.

Employees like this should be considered a security risk. Care should be taken to control the information they have access to, specifically looking for indications that information coming into their possession isn't being passed outside the company.

Of the firms I watch, Apple is likely the most aggressive at proactively looking for information leaks. And even it has had a problem with containment of late, largely with partners with practices that haven't been as aggressively implemented or enforced. However, much of Apple's success is in fact tied to its ability to contain critical aspects of its products and to identify and eliminate internal leaks.

While it is uncomfortable to think about co-workers who may be leaking critical information about the firm, that is part of the job in security. In hard times, employees sometimes lose sight of their ethical center. Keeping an eye on those who are the most at risk would seem a wise way to avoid your own internal 5th column.

One final thought: With HP's ex-CEO Mark Hurd clearly very close to Larry Ellison, cutting HP to a level consistent with what is often done to prepare a company for sale, olus looking at how quickly (and in an unprecedented fashion) Larry hired Mark after he was fired, is it much of a stretch to wonder if Mark was conspiring with Larry to sell Oracle HP? Security problems don't always start below the CEO, and with HP you might recall its last big leak problem was in its board. With the massive fight for customers, a massive consolidation trend, and security as one of the primary defenses against an unwanted outcome, it could be time to step up and both consider and address this very real risk.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10694
PUBLISHED: 2019-12-12
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1....
CVE-2019-10695
PUBLISHED: 2019-12-12
When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user�s username and password were exposed in the job�s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the ...
CVE-2019-5085
PUBLISHED: 2019-12-12
An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
CVE-2019-5090
PUBLISHED: 2019-12-12
An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulner...
CVE-2019-5091
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.