This Is What A Professional Disinformation Campaign Looks Like

~@ Please use source link to see entire SCRIBD File as it does not embed properly…


Today Wikileaks published in searchable format more than 60 thousand emails from private intelligence firm HBGary. As Wikileaks reported on its website, “the publication today marks the early release of US political prisoner Barrett Brown, who was detained in 2012 and sentenced to 63 months in prison in connection with his journalism on Stratfor and HBGary. Coinciding with Mr Brown’s release from prison WikiLeaks is publishing a searchable index of the HBGary emails. WikiLeaks published the Stratfor emails in 2012.”

For those who missed it five years ago, the story behind the leak is fascinating.

The HBGary emails are from four email accounts of key people from HBGary and HBGary Federal. HBGary was founded in 2003 by Greg Hoglund to provide cyber security-related services to corporate clients. A separate entity, HBGary Federal, was managed by Aaron Barr to do similar work for government agencies and so had staff with security clearances and worked with companies such as Booz Allen Hamilton (one of the contractors Edward Snowden worked for).

As was reported several years ago, in February 2011 Aaron Barr stated he had been investigating the internet activist group Anonymous and claimed to have uncovered the real identities of some of what he described as the leaders of the organisation. In retaliation Anonymous penetrated Barr’s organisation and took emails from the accounts of four key people from HBGary and HBGary Federal: Aaron Barr and Greg Hoglund, but also Ted Vera (then Chief Operating Officer at HBGary Federal) and Phil Wallisch, a former Principal Technical Consultant.

These emails and revelations from them started to be published on the internet, predominantly through the work of Barrett Brown and a crowd-sourced investigative journalism project he ran: Project PM. As a result, later that month Barr was forced to step down, HBGary Federal closed and HBGary, Inc. was sold to ManTech International. This would have been little consolation to Mr Brown, who a month later on 6 March 2012 had both his and his mother’s houses raided by the FBI, seeking “Records relating to HBGary, Infragard, Endgame Systems, Anonymous, LulzSec, IRC chats, Twitter,, and” Agents seized his laptops.

Barrett Brown’s work through Project PM was one of the first collaborative investigations into the US corporate surveillance industry. Looking into corporate firms that work hand-in-hand with the government to surveil on citizens, Mr Brown was one of the first to shed light on this unaccountable industry.

The HBGary revelations that came out through the work of Barret Brown and others showed that HBGary and related companies were involved in plans to spread disinformation and to attack watchdog organisations, including WikiLeaks and US Chamber Watch. For example, the emails revealed a plan to form a group called Team Themis with a number of companies from the industry to “ruin” WikiLeaks by submitting false documents in the hope they would be published, as well as discrediting WikiLeaks staff and supporters, including journalist Glenn Greenwald. HBGary was also bidding to fulfil a tender from the US Air Force to assist it in manipulating social media to spread propaganda about the Air Force.

As Wikileaks adds, “Barrett Brown was indicted on felony counts due to his journalistic work on the HBGary emails and other related corporations. He has been in prison ever since, often being put into solitary confinement and having his communications restricted. The HBGary emails largely disappeared from the internet. Today the HBGary emails are safe for all to search in honour of Mr Brown’s work and in celebration of his release.”

* * *

While many of the leaked emails and their contents have been released previously, in light of the recent witch hunt to brand an entire swath of the media as “fake news”, or just as bad “Russian propaganda”, it is worth reminding readers of one of the most memorable discoveries to emerge from the hack.

One particular presentation from December 2010, titled “The Wikileaks Threat” outlined a proposal to Bank of America from Palantir and HBGary to sabotage WikiLeaks on multiple fronts, a response plan to what some believed at the time could be a release of highly damaging Bank of America’s internal documents by WikiLeaks. The powerpoint suggested launching cyberattacks on WikiLeaks servers, spreading misinformation about its insecurity, and even pressuring journalists who support the site, specifically focusing on Glenn Greenwald, the man who presented Edward Snowden to the world.

In a nutshell, the 24-slide document (presented in its entirety below), was a thoroughly developed program meant to discredit and destroy Wikileaks, through an extensive disinformation campaign. What is notable are the details that Palantir presented as part of this campaign, which are a generic framework for creating any such campaign. They are laid out on a slide titled “Potential Proactive Tactics” and are as follows:

  • Feed the fuel between the feuding groups.  Disinformation.  Create messages around actions to sabotage or discredit the opposing organization.  Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure.  Create exposure stories.  If the process is believed to not be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters.  This would kill the project.  Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radical and reckless nature of wikileaks activities.  Sustained pressure.  Does nothing for the fanatics, but creates concern and doubt amongst moderates.
  • Search for leaks.  Use social media to profile and identify risky behavior of employees.

And there you have it: a generic disinformation campaign, in this case one prepared by Palantir and HBGary against Wikileaks, but one that is structurally the same in virtually every other instance. So the next time readers encounter a similar attempt to “destroy” a source of information, look at the slide above and ask if what you are seeing is just a rehash of an old, familiar discrediting campaign.

WikiLeaks Overview
WikiLeaks was launched in 2006 by self-described Chinese dissidents and interested parties from five continents-Within a year of its launch, WikiLeaks claimed to possess over 1.2 milliondocuments from
thirteen countries
 As of January 2010, the WikiLeaks team consisted of five full-time employees and about 800 volunteers-The employees and volunteers are
spread across the world
, with their identities largely unknown
Julian Assange
July 3, 1971 in Queensland, Australia
Marital Status
Daniel Assange, age 20
Editor-in-Chief and Spokesperson for WikiLeaks
Current Location
South-western United Kingdom -contact information allegedly given to the Metropolitan Police Service in London
Nov 18, 2010
Arrest warrant issued by a Stockholm district court on suspicion of rape, sexual molestation, and unlawful coercion
Nov 30, 2010
Placed on INTERPOL Red Notice List
of wanted persons for “sex crimes”
Dec 2, 2010
Arrest warrant issued by Sweden,
following a request by UK’s Serious and Organised
Crime AgencyAttorney-General of Australia Robert McClelland has not ruled out the possibility of Australian authorities canceling Assange’s passport, and warned that he may face charges, should he return to Australia, due
to the “potential number of criminal laws that could
have been breached by the release of the [US Diplomatic Cables
Member countries of INTERPOL
Users of the Red Notice List of Wanted Persons
The WikiLeaks Organization
Objects in red are employees; Blue are volunteers
Glenn Greenwald
Glenn was critical in the Amazon to OVH transition
It is this level of support that needs to be disrupted
These are established professionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause, such is the mentality of most business professionals.
Without the support of people like Glenn wikileakswould fold.
WikiLeaks Overview
•WikiLeaks describes itself as “an
system for untraceable mass document leaking.” –
They have used many hosting services in many different countries, including PRQ (Sweden),  Amazon (US), and OVH (France).
 A few days ago, Amazon pulled the plug on their WikiLeaks server 
WikiLeaks has since turned to Swedish internet host BahnhofAB, which isliterally located in a
Cold War bomb shelter 
Currently the main site is hosted by OVH ISP in Paris,
France (
Document submission and repository is in Sweden
hosted on PRQ Hosting (
Wikileakscountry domains are owned by separate
individuals not employees of the organization. provides master mirror list. Hosted at ImproWareAG Switzerland (