Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Rob Enderle
Rob Enderle

HP And The Scary Corporate Fifth Column Concept

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.

HP is currently in an epic and unprecedented battle with Oracle, and Oracle rarely leaves any company still standing that it focuses this much attention on.Some speculate that Oracle could be setting up to buy HP.

During the Second World War, the concept of a 5th Column, a network of spies seeded into a country prior to an attack, was created, and that same concept could be in use by some of the companies aggressively doing acquisitions or growing rapidly in the market.

With social networking and open-source activities providing unprecedented communications channels and opportunities for cross-company relationships, perhaps my speculation about aggressive competitive data mining isn't so far off, and we should consider this risk this week.

During the years I've seen some epic failures in terms of company performance. A few months ago, I suggested that Robbie Bach's colossal failure at Microsoft was so bad it could have been funded by Apple. Initially I was just joking. Now I'm not so sure.

I looked at an old (2001) presentation on how Oracle did competitive intelligence. This presentation more than implied Oracle had people working at each of its competitor's companies, and that it regularly mined incoming employees for information on the firms they left. I do think it might be the Scariest Company in Tech. HP Todd Bradley Example I used to run a field audit organization for IBM and had responsibility for security over the marketing and competitive analysis units while I was a competitive analyst. The intellectual property losses that we discovered were almost always connected to a disgruntled executive who had either been passed over for a promotion and/or was going to work for a competitor. The most pronounced was a senior video president of sales who had evidently been feeding a competitor critical information while crippling our own sales efforts prior to taking his new job with that competitor.

With the recent HP selection of Leo Apotheker to lead HP over the aggressive marketing by SVP Todd Bradley for the same role, Bradley should now be on the short list of those likely to provide competitive information. The recipient of this information would most likely be Oracle's Mark Hurd, the recently fired HP CEO who was also Todd Bradley's mentor. Speculation is increasing that Oracle is trying to aggressively drive down the value of HP so it can position itself for a hostile takeover.

If so, Bradley would be the most likely executive (at least at his level) to be operating to help them, particularly if he was promised the top HP job as a reward for his complicity. (How he executes with the second Palm Pre might indicate just which side he is really on.) Now just because he has both motive and opportunity doesn't mean Bradley is acting against HP's interests. It's only likely, and he's likely not the only one at risk. But to ignore this exposure would be foolish; given the future of HP is at risk, extra care likely should be taken to ensure any information critical to HP's fight with Oracle that Bradley does get can be tracked back to him--and that he knows it.

Mitigating Leaks During a battle--competitive, political, or otherwise--detailed information about the other side's strategy, weaknesses, and tactics can result in huge benefits for the firm that acquires it. In security, it is our job to plug leaks--which are difficult to find--to identify the potential for them. On the short list would be executives or employees who were passed over for critical promotions, complained about abuse, were identified as surplus but still working, or who were known to be disgruntled and aggressively looking for outside work.

Employees like this should be considered a security risk. Care should be taken to control the information they have access to, specifically looking for indications that information coming into their possession isn't being passed outside the company.

Of the firms I watch, Apple is likely the most aggressive at proactively looking for information leaks. And even it has had a problem with containment of late, largely with partners with practices that haven't been as aggressively implemented or enforced. However, much of Apple's success is in fact tied to its ability to contain critical aspects of its products and to identify and eliminate internal leaks.

While it is uncomfortable to think about co-workers who may be leaking critical information about the firm, that is part of the job in security. In hard times, employees sometimes lose sight of their ethical center. Keeping an eye on those who are the most at risk would seem a wise way to avoid your own internal 5th column.

One final thought: With HP's ex-CEO Mark Hurd clearly very close to Larry Ellison, cutting HP to a level consistent with what is often done to prepare a company for sale, olus looking at how quickly (and in an unprecedented fashion) Larry hired Mark after he was fired, is it much of a stretch to wonder if Mark was conspiring with Larry to sell Oracle HP? Security problems don't always start below the CEO, and with HP you might recall its last big leak problem was in its board. With the massive fight for customers, a massive consolidation trend, and security as one of the primary defenses against an unwanted outcome, it could be time to step up and both consider and address this very real risk.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...