http://articles.moneycentral.msn.com/Investing/Extra/InsideWalMartsThreatResearchOperation.aspx
Inside Wal-Mart's 'threat research' operation
The retailer appears to go beyond most companies in its sleuthing.
Its surveillance group hunts computer hackers, trolls colleagues'
e-mails and tries to plug information leaks.
By The Wall Street Journal
A Wal-Mart worker fired last month for intercepting a reporter's
phone calls says he was part of a larger, sophisticated surveillance
operation that included snooping not only on employees but also on
critics, stockholders and the consulting firm McKinsey.
As part of the surveillance, the retailer last year got an employee
to infiltrate an anti-Wal-Mart group to determine whether it planned
protests at the company's annual meeting, according to Bruce Gabbard,
the fired security worker, who worked in Wal-Mart Stores' Threat
Research and Analysis Group.
The company also deployed cutting-edge monitoring systems made by a
supplier to the Defense Department that allowed it to capture and
record the actions of anyone connected to its global computer
network. The systems' high-tech wizardry could detect the degree of
flesh tone on a viewed Internet image and alerted monitors that a
vendor sharing Wal-Mart networks was viewing pornography.
Wal-Mart has since disconnected some systems amid an internal
investigation of the group's activities earlier this year, according
to an executive in the security-information industry.
Talk back: Does Wal-Mart take surveillance too far?
The revelations by Gabbard, many of which were confirmed by other
former Wal-Mart employees and security-industry professionals,
provide a rare window into the retail giant's internal operations and mindset.
The company fired Gabbard, a 19-year employee, last month for
unauthorized recording of calls to and from a New York Times reporter
and for intercepting pager messages. Wal-Mart conducted an internal
investigation of Gabbard and his group's activities, fired his
supervisor and demoted a vice president over the group as well.
Gabbard says he recorded the calls on his own because he felt
pressured to stop embarrassing leaks. But he says most of his spying
activities were sanctioned by superiors. "I used to joke that
Wal-Mart paid me to be paranoid, and they got their money's worth,"
Gabbard says.
Surveillance appears legal
Wal-Mart says it permitted recording employee calls "only in
compelling circumstances and with written permission from the legal
department." But because pager messages were sent over a frequency
that was not secure, Gabbard inadvertently intercepted pages from
non-Wal-Mart employees as well. A U.S. attorney is investigating
whether any laws were violated as a result of the phone and pager intercepts.
Aside from that possible infraction, Wal-Mart's surveillance appears
to be legal. U.S. courts have long held that companies can read
employee e-mails, and Wal-Mart employees are informed they have "no
expectation of privacy" when using company-supplied computers or
phones. The surveillance of people in public places is also legal.
Wal-Mart has always placed tight limits on what its employees can do
while at work. For instance, it bars store employees from using
personal cell phones on the job. Managers receive a list of e-mail
addresses and phone numbers their employees have communicated with,
and a list of Web sites visited, according to current and former
employees. And the company limits Internet access, blocking
social-networking and video sites.
U.S. attorney investigates call taping
Federal authorities last month began looking into the actions of a
computer systems technician at Wal-Mart Stores who intercepted pager
and text messages and secretly taped telephone conversations, CNBC's
Scott Cohn reports.But Wal-Mart appeared to go beyond most companies
in its sleuthing. It didn't just scan e-mails written on the
corporate e-mail system. Technology it was helping develop allowed it
to view e-mails that employees sent to or received from private
accounts such as Hotmail or Gmail whenever the employees were hooked
into the Wal-Mart computer network, according to Gabbard and others
with knowledge of the system.
The security operation and its surveillance technology "seems
Orwellian," says Robert West, the founder and chief executive of
Echelon One, a security research and consulting firm composed largely
of former corporate chief information officers. Other activities,
such as infiltrating critics' groups, went "beyond the scope of the
typical information security organization," he says.
A dimly lit 'Bat Cave'
Wal-Mart declined to give details about its surveillance activities.
A company spokeswoman, Sarah Clark, characterized its security
operations as normal.
"Like most major corporations, it is our corporate responsibility to
have systems in place, including software systems, to monitor threats
to our network and our intellectual property so we can protect our
sensitive business information," Clark said. "It is also standard
practice to provide physical and information security for our
corporate events and for our board of directors and senior executives."
According to several former Wal-Mart employees, the company's roughly
20-person Threat Research and Analysis Group hunts computer hackers
through cyberspace, trolls colleagues' e-mails looking for
misbehavior or proprietary-data theft and tries to plug damaging
information leaks. Members work on the third floor of the Wal-Mart's
Bentonville, Ark., technology offices. They enter a separate
glass-enclosed structure by holding the palm of their hand to a
biometric reader that grants them access to a dimly lit work area.
Colleagues call it "the Bat Cave."
The group "is no longer operating in the same manner that it did
prior to the discovery of the unauthorized recording of telephone
conversations," said Wal-Mart's Clark. ". . . We have strengthened
our practices and protocols."
Get free, real-time stock quotes on MSN Money
According to Gabbard, Wal-Mart began beefing up its electronic call
surveillance after the Sept. 11, 2001, terrorist attacks in response
to government requests to employers in general to help find terrorist
cells. Gabbard says he was directed by two former FBI agents working
for Wal-Mart to set up a system that could track any calls to and
from Syria, Yemen and Iran, among other countries. The search was
unsuccessful, only flagging an apparent call from Iran that turned
out instead to be from an Indian jeweler, according to Gabbard.
Later, he says, he used the same equipment to intercept and record
calls from The New York Times.
A concern about leaks
The electronic surveillance accelerated in October 2005 when
confidential company memos began appearing on the Web site of a
union-backed anti-Wal-Mart group, Wal-Mart Watch, according to
Gabbard. One such memo suggested that because of rising costs and
criticisms of its worker health insurance, the retailer should revise
its policies by hiring healthier workers and requiring all jobs to
perform physical activity, such as retrieving shopping carts.
Concerned about the leaks, Wal-Mart began working with Oakley
Networks, a developer of "insider threat management" gear to track
employees' and suppliers' computer usage over its network, according
to Gabbard and an industry source. One Oakley system is able to
record an employee's computer keystrokes and deliver a TiVo-like
replay of his or her computer activities, according to Tom Bennett,
Oakley's vice president of marketing.
Oakley confirmed the advanced capabilities of the system but says it
doesn't identify customers apart from the Defense Department. The
system goes beyond keystroke capture products and e-mail filtering
packages by "providing a view of content moving over your network,"
Bennett says.
Suspecting that the leaks of confidential memos might have come from
McKinsey employees who had been working on a health-care project at
Wal-Mart's headquarters at the time of the leaked memo, Wal-Mart's
security experts used an Oakley device to monitor the McKinsey
Internet activities, according to Gabbard and others.
Wal-Mart ultimately took no action. "We continue to work closely with
McKinsey, and we have no evidence that anyone there ever
inappropriately shared confidential information," Wal-Mart's Clark
said Monday. McKinsey declined to comment.
Wal-Mart also used an Oakley product to monitor suppliers' use of the
Wal-Mart network. Gabbard says that using the program that can
monitor flesh tones on a computer screen, his team found a vendor
downloading pornography and reported it to Wal-Mart and the vendor's
executives. He doesn't know the outcome. Wal-Mart declined to comment
on the incident.
Critical shareholders targeted
Gabbard says he also used his computer skills to find information on
Wal-Mart critics. In March 2006, he searched a South Carolina
Democratic Party Web site for information on Nu Wexler, the spokesman
for the anti-Wal-Mart group Wal-Mart Watch. Wal-Mart knew that Wexler
planned to be in northwestern Arkansas during an annual company
conference. Gabbard said he found personal photos of Wexler stored on
a publicly available folder on the party's computer, which allowed
Wal-Mart security to identify Wexler.
"Wal-Mart has far bigger concerns than my vacation photos," said
Wexler, after being informed of the surveillance. "Someone would have
had to dig for quite a while to find that link."
In late spring 2006, Wal-Mart learned that several anti-Wal-Mart
groups might protest at the annual shareholders meeting in June.
Company executives were concerned the civil-rights group Acorn (the
Association of Community Organizations for Reform Now) and local Up
Against the Wal members would disrupt its meeting. Wal-Mart sent a
long-haired employee wearing a wireless microphone to Up Against the
Wal's Fayetteville, Ark., gathering, and eavesdropped from nearby,
says Gabbard. "We followed around the perimeter with a surveillance
van," he says.
"It is not the company's policy to infiltrate organizations or
events, and we would not condone any associate engaging in such
activity," said Wal-Mart's Clark. Wal-Mart also directed its
surveillance operations at critical shareholders. According to a
January 2007 memo reviewed by The Wall Street Journal, security units
were asked to "do some preliminary background work on the potential
threat assessment" of those submitting proposals to its June
shareholder meeting, particularly those whose resolutions the company
was trying to block. The list included proposals from a Boerne,
Texas, religious group; the New York City controller's office; and
Sydney Kay, an 85-year-old retired science teacher who submitted a
resolution requiring that board nominees own at least $5 million in
Wal-Mart stock, and his 93-year-old sister Hilda Kaplis.
"It is standard business practice to do an overall assessment for
potential disruptions at a major event like our shareholders' meeting
involving 20,000-plus people," Clark said.
Reached at his Dallas home, Kay scoffed at the notion he posed a
threat to Wal-Mart's annual meeting. "I am a nobody," he said.
This article was reported and written by Ann Zimmerman and Gary
McWilliams for The Wall Street Journal.
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:21 CST