Technology used by Hewlett-Packard in the boardroom leak investigation that has become a major spying scandal is widely available, it has emerged.
Publicity around the methods used to investigate the source of boardroom leaks to the media has centred on “pretexting”, where investigators have obtained phone company records on individuals by posing as legitimate customers.
But it has emerged that HP also used a “tracer” device or web bug. HP ethics chief Kevin Hunsaker confirmed in a memo to senior company executives that a "covert intelligence gathering operation" used a Microsoft Hotmail e-mail account to send a "legally permissible software-based tracing device” in an e-mail attachment” sent to a journalist, the San Jose Mercury News reported.
Web bug technology is widely used in websites and e-mails and has legitimate applications, such as downloading logos. It is often used to monitor website visits.
Lawyer Mike Holston, brought in to investigate the nature of the leak inquiry, has also acknowledged that HP used a "tracer" in a bid to uncover a journalist's sources, while HP chief executive Mark Hurd has confirmed that he approved sending an e-mail with misinformation to a journalist, while denying that he authorised a tracer.
Experts from the Electronic Frontier Foundation have argued that the “tracer” is likely to be a "web bug" planted on the journalist’s computer.
A web bug is a small graphic image that can be embedded into an e-mail and is usually invisible to users. But if the e-mail is opened through a graphical browser or e-mail reader, the image is downloaded, resulting in a request to the server storing the image file from the user’s computer – a move that effectively confirms that the e-mail has been read.
It is understood that the web bug was sent to a journalist in the hope that she would forward it to her source, so the tracer technology would pick up a request from the source’s machine, and allowing identification by their internet Protocol address.