HP Pretexters Now Being Sued By Wireless Carriers
BusinessWeek reports that Cingular Wireless LLC, the nation's largest cell phone provider, on Friday September 29th 2006 sued one of private investigators caught up in the scandal over the Hewlett-Packard Co. leak investigation. Cingular Wireless is seeking to make Charles Kelly, his firm CAS Agency Inc. and any of its agents to return all Cingular customer data and information they may have, give up any compensation they received for procuring the data and pay unspecified damages for allegedly obtaining customer call records under false pretenses.
The Cingular complaint follows a similar suit filed late Thursday by Verizon Wireless. As reported by ITWorld.com, "in a case filed Thursday in U.S. District Court in New Jersey, Verizon asked a judge to award it damage payments and to block the defendants from gaining any more records. Verizon said it did not know the investigators' identities, but defined them as "John and Jane Does" who were retained by HP in 2005 and 2006 to investigate confidential information leaks from HP's board of directors, according to the lawsuit. Those people obtained private information about Verizon Wireless customers by using pretexting calls to gain access to the company's protected computers and data storage facilities. They then sold that information. Both actions violate the national Computer Fraud and Abuse Act, Verizon said." The Verizon complaint describes
how a woman called Verizon customer service on May 17, 2005, asking to see phone records for an HP director. She called back three days later, arranging to block text messages to that phone and logging on to the person's online account. Then, on Feb. 1, 2006, someone called Verizon customer service again, asking for the number of a second phone on that account. Later that day, the person logged into the account again and changed the password, this time from a computer with a different IP (Internet Protocol) address.
The next day, someone called Verizon and asked to see call records of the director's spouse. Verizon workers grew suspicious and placed a warning on the account. Someone called again on March 1, offered the spouse's Social Security number and asked for the mobile phone number. Already wary, Verizon workers called the mobile phone and found that the customer's voicemail did not match the caller's voice. When someone tried again to access the records on March 14, Verizon workers refused.
Verizon hopes the lawsuit will help restore its customers' confidence in the security of their records, saying that its reputation has been harmed by the spying. "Verizon goes to great lengths to protect confidential customer information," including training its customer service representatives to identify the schemes used by illegal data brokers, the suit said. Despite those precautions, the HP investigators used "fraud, trickery and deceit" by making pretexting calls to Verizon representatives to gain unauthorized online account access, the suit alleges. Verizon said it will update the suit once it learns their identities.
Toomre Capital Markets expects that other telecommunication providers will also be filing pretexting suits as a result of the HP corporate spying scandal. The interesting item will be which individuals and firms will be sued. With information from Hewlett Packard now in the public as result of documents delivered to the House of Representatives' Energy and Commerce oversight subcommittee, TCM expects that Darren Brost, Valerie Preston, Cassandra Selvage, and Bryan C. Wagner (the other four pretext sub-contractors subpoenaed who invoked their fifth amendment rights) will also appear in updated versions of these suits or others still to be filed. Action Research Group and perhaps Security Outsourcing Solutions will be added to the suits as corporate entities. Will Hewlett-Packard also be a defendant since it was the prime beneficiary of the pretexting operations?