Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Rob Enderle
Rob Enderle

HP And The Scary Corporate Fifth Column Concept

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.Some speculate that Oracle could be setting up to buy HP.

During the Second World War, the concept of a 5th Column, a network of spies seeded into a country prior to an attack, was created, and that same concept could be in use by some of the companies aggressively doing acquisitions or growing rapidly in the market.

With social networking and open-source activities providing unprecedented communications channels and opportunities for cross-company relationships, perhaps my speculation about aggressive competitive data mining isn't so far off, and we should consider this risk this week.

During the years I've seen some epic failures in terms of company performance. A few months ago, I suggested that Robbie Bach's colossal failure at Microsoft was so bad it could have been funded by Apple. Initially I was just joking. Now I'm not so sure.

I looked at an old (2001) presentation on how Oracle did competitive intelligence. This presentation more than implied Oracle had people working at each of its competitor's companies, and that it regularly mined incoming employees for information on the firms they left. I do think it might be the Scariest Company in Tech. HP Todd Bradley Example I used to run a field audit organization for IBM and had responsibility for security over the marketing and competitive analysis units while I was a competitive analyst. The intellectual property losses that we discovered were almost always connected to a disgruntled executive who had either been passed over for a promotion and/or was going to work for a competitor. The most pronounced was a senior video president of sales who had evidently been feeding a competitor critical information while crippling our own sales efforts prior to taking his new job with that competitor.

With the recent HP selection of Leo Apotheker to lead HP over the aggressive marketing by SVP Todd Bradley for the same role, Bradley should now be on the short list of those likely to provide competitive information. The recipient of this information would most likely be Oracle's Mark Hurd, the recently fired HP CEO who was also Todd Bradley's mentor. Speculation is increasing that Oracle is trying to aggressively drive down the value of HP so it can position itself for a hostile takeover.

If so, Bradley would be the most likely executive (at least at his level) to be operating to help them, particularly if he was promised the top HP job as a reward for his complicity. (How he executes with the second Palm Pre might indicate just which side he is really on.) Now just because he has both motive and opportunity doesn't mean Bradley is acting against HP's interests. It's only likely, and he's likely not the only one at risk. But to ignore this exposure would be foolish; given the future of HP is at risk, extra care likely should be taken to ensure any information critical to HP's fight with Oracle that Bradley does get can be tracked back to him--and that he knows it.

Mitigating Leaks During a battle--competitive, political, or otherwise--detailed information about the other side's strategy, weaknesses, and tactics can result in huge benefits for the firm that acquires it. In security, it is our job to plug leaks--which are difficult to find--to identify the potential for them. On the short list would be executives or employees who were passed over for critical promotions, complained about abuse, were identified as surplus but still working, or who were known to be disgruntled and aggressively looking for outside work.

Employees like this should be considered a security risk. Care should be taken to control the information they have access to, specifically looking for indications that information coming into their possession isn't being passed outside the company.

Of the firms I watch, Apple is likely the most aggressive at proactively looking for information leaks. And even it has had a problem with containment of late, largely with partners with practices that haven't been as aggressively implemented or enforced. However, much of Apple's success is in fact tied to its ability to contain critical aspects of its products and to identify and eliminate internal leaks.

While it is uncomfortable to think about co-workers who may be leaking critical information about the firm, that is part of the job in security. In hard times, employees sometimes lose sight of their ethical center. Keeping an eye on those who are the most at risk would seem a wise way to avoid your own internal 5th column.

One final thought: With HP's ex-CEO Mark Hurd clearly very close to Larry Ellison, cutting HP to a level consistent with what is often done to prepare a company for sale, olus looking at how quickly (and in an unprecedented fashion) Larry hired Mark after he was fired, is it much of a stretch to wonder if Mark was conspiring with Larry to sell Oracle HP? Security problems don't always start below the CEO, and with HP you might recall its last big leak problem was in its board. With the massive fight for customers, a massive consolidation trend, and security as one of the primary defenses against an unwanted outcome, it could be time to step up and both consider and address this very real risk.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...