Team Themis was a consortium made up of HBGary, Palantir, and Berico ( with Endgame Systems serving as a "silent partner" and providing assistance from the sidelines) that was set up in order to provide offensive intelligence capabilities to private clients. Its existence was brought to public attention after Anonymous compromised the servers of HBGary Federal and its parent company HBGary, revealing that consortium had been approached by the law firm Hunton & Williams on behalf of two clients, Bank of America and U.S. Chamber of Commerce, to assist in clandestine actions against, respectively, Wikileaks and its supporters and various U.S. activist groups who had opposed the Chamber. Effectively, most of the blame ended up resting with HBGary Federal CEO Aaron Barr, who resigned from the firm within a month; Palantir and Berico both distanced themselves from HBGary and released statements to the effect that they disapproved of what had been planned and knew nothing about such activities.
Palantir in particular has claimed that the company's participation was improbably limited to a single employee who acted on his own, despite evidence to the contrary. Palantir fired a "forward-deployed" engineer named Matthew Steckman who was shown to be most actively involved in the operations, although it remains unknown whether another participating employee, Eli Bingham, has been disciplined. Meanwhile, the e-mails show that a document involving financial aspects of the group was signed by the company's general counsel, Matt Long. See the Palantir entry more details and further analysis.
This document (Themis Ontology, PDF, 20p.) seems to support the hypothesis that the targets of Team Themis were to have their personal information gathered illegally, since information such as bank and travel activity is not publicly available, likewise logins and passwords.
Emphasising the anti-activist nature of Themis is that of the seven defined 'events' in the Ontology, in addition to 'Base Type Event', 'Communication', 'Financial', Network' and 'Request' are:
- "Demonstration (com.palantir.object.Demonstration) - Action by a mass group or collection of groups of people in favor of a political or other cause."
- "Strike (com.palantir.object.Strike) - A work stoppage caused by the mass refusal of employees to work
Also take a moment to lol @ the generic "Person" entity icon's black trench coat and fedora.
Notable E-mail Exchange
From - Tue Feb 08 09:06:48 2011 Subject: Re: first cut From: Aaron Barr <[email protected]> Date: Fri, 3 Dec 2010 08:32:12 -0500 Cc: Eli Bingham <[email protected]>, BERICO-Sam.Kremin <[email protected]> To: Matthew Steckman <[email protected]> One other thing. I think we need to highlight people like Glenn Greenwald. Glenn was critical in the Amazon to OVH transition and helped wikileaks provide access to information during the transition. It is this level of support we need to attack. These are established proffessionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause, such is the mentality of most business professionals. Without the support of people like Glenn wikileaks would fold. Aaron
From - Tue Feb 08 09:06:48 2011 From: Aaron Barr <[email protected]> Cc: Eli Bingham <[email protected]>, BERICO-Sam.Kremin <[email protected]> To: Matthew Steckman <[email protected]> A few other thoughts. Obvious when attacking any adversary you attack their week points. In this case their strength is their global following and volunteer staff. This allows them to have a very loose organization, probably little if any direction or coordination is actually passed it is just inferred as part of the cause. Julien pronounces and the minions follow. Larger infrastructure is fairly pointless to attack because they have so many other points so many other organizations that are willing to distribute the information and help them get new hosting services. Weak points. Financial. They are under increasing financial pressure because authorities are blocking their funding sources. Need to help enumerate these. Also need to get people to understand that if they support the organization we will come after them. Transaction records are easily identifiable. Security. As I pointed out. Need to get to the swedish document submission server. Need to create doubt about their security and increase awareness that interaction with Wikilieaks will expose you. Mission. As we have already seen there is a fracture amongst the followers because of a belief that Julien is going astray from the cause and has selected his own mission of attacking the US. Despite they publicity, I do not believe Wikileaks is in a healthy position right now. I think their weakness are causing great stress in the organization and we need to capitalize on those. Aaron
From - Tue Feb 08 09:06:48 2011 From: Matthew Steckman <[email protected]> To: HBGARY-Aaron.Barr <[email protected]> Date: Fri, 3 Dec 2010 05:15:59 -0800 Subject: RE: first cut [From the attached PDF] Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error. • Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done. • Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward. • Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates. • Search for leaks. Use social media to profile and identify risky behavior of employees. "It is this level of support we need to attack. These are established proffessionals that have a liberal bent, but ultimately most of them if pushed will choose professional preservation over cause"
CC: Sean Stenstrom <[email protected]>, Shyam Sankar
<[email protected]>, HBGARY-Aaron.Barr <[email protected]>, BERICO-Sam.Kremin <[email protected]>, Katherine Crotty <[email protected]>, Danielle Berti <[email protected]>
Date: Thu, 18 Nov 2010 14:22:24 -0800 Subject: RE: Revisions to Palantir/Berico TA and proposals [Anon snipped some boring non relevant stuff here] Matthew Steckman Palantir Technologies | Forward Deployed Engineer [email protected]com<mailto:[email protected]> | 202-257-2270 Follow @palantirtech<twitter.com/palantirtech> Watch youtube.com/palantirtech Attend Palantir Night Live<http://www.palantirtech.com/government/pnl> From: Pat Ryan  Sent: Thursday, November 18, 2010 8:45 AM To: Eli Bingham Cc: Sean Stenstrom; Shyam Sankar; Matthew Steckman; HBGARY-Aaron.Barr; BERICO-Sam.Kremin; Katherine Crotty; Danielle Berti Subject: Re: Revisions to Palantir/Berico TA and proposals Thanks Eli. We are awaiting the finalized TA from you and are then prepared to send John a very basic proposal and the completed TAs. Please see attached for the draft version of the proposal and respond with any comments/corrections. We kept it pretty simple and just outlined major deliverables and costing for both Phase I (pilot) and Phase II (enduring-by month). Please let me know if you think we need to add more detail anywhere. Also, you will notice in the costing portion (at the bottom of the doc), that we've modified the breakdown of how much each partner will get per month. This is pending your agreement/approval, but both Aaron and I have discussed this and wanted to lay out our thinking on why we should split the Phase II costs the way we did (800k for Palantir, 600k for HBGary, 600k for Berico - per month): 1) Risk - because this is a services-heavy effort, both Berico and HBGary will be taking some pretty large risk in hiring additional personnel to support. If the project only ends up lasting a few months, we will have made significant personnel moves and be left to deal with any potential fallout. 2) Finder's Fee - although we acknowledge that Palantir established and initially nurtured the relationship with H&W, we believe this "finder's fee" is more than covered between the 50% you are getting during Phase I and the 40% overall you'll continue to get throughout the effort. We feel that Palantir continuing to receive 50% of all total revenue every month for this project is a bit excessive. 3) Level of Effort - as you've mentioned multiple times, Palantir wants this deal to be "purely transactional." While we acknowledge and appreciate the initial support you'll be providing as we get stood up, I think we can all agree that the majority of the work on this will be done by Berico and HBGary. As such, we feel that a more equitable distribution of revenue is fair (in line with what I outlined in the draft proposal). Also, please see notes below (in blue) from Aaron ref this same subject. As he mentions, we are extremely grateful to Palantir for bringing us into this opportunity, but want to ensure we're looking at the revenue breakdown from an objective business perspective. I'm about to board my flight from JFK to Dubai, but please feel free to reach out to Katie Crotty (202-841-9691), Aaron, or Sam with questions or to discuss further.
Pat, Reviewing the cost breakdown on the phase 2 proposal I have a few concerns. 1. The effort is only for six months and it is a substantial effort, which means I will need to hire to staff the positions. I have plenty of folks from my old team that are waiting for the opportunity to come and work for me again, so staffing is not the issue, but it only being a six month contract the risk of their not being follow on work I have to take under serious consideration. 2. This is a firm fixed price contract which again measurably raises risk. Since this is work that is somewhat new territory, at least in the commercial space this makes it somewhat challenging to price. Berico-HBGary are on the hook to deliver on the requirements that are agreed upon for the price that we set. These two risk factors bring me to a single conclusion. I do not believe the revenue breakdown makes sense. $1M for Palantir for virtually no risk for staffing or performance and 1/2 that for Berico and HBGary which are taking on measurable risk does not make sense. I believe we need to more evenly distribute the value. I do not want to seem ungrateful for Palantir bringing us this incredible opportunity, I am very grateful, but from a business perspective it just doesn't match the levels of risk each organization is undertaking. Aaron
* Pending final approval to send this out from Shyam, we should re-insert exclusivity language, but along the lines of: "Palantir will exclusively partner with Berico in conjunction with Hunton & Williams to license this product to law firms for corporate campaign work. Palantir will still reserve the right to license Palantir to law firms for other purposes nothwithstanding this exclusivity agreement." I'm actually not sure how this should be phrased, but we need to basically make them feel comfortable that we're not going to specifically go out and resell their knowledge of corporate campaign work to other customers. Given that there are likely few firms that explicitly do this kind of work, this seems like a reasonable concession for us to make. * We need to break out the phase I deal separately so it's clear that they can get a month pilot up front for $100k of Palantir plus $50k each to Berico and HBGary. Again I'm not sure how this is structured, but John expl
icitly told me that they're going to want to cover the pilot phase explicitly in the agreement. The rest of the deal should have the same structure as before. Sorry about the complexity here... this is a very complicated case. You know, a lotta ins, lotta outs, lotta what-have-yous. _________________________________________________________ Eli Bingham Palantir Technologies | Forward Deployed Engineer [email protected]<mailto:[email protected]> | +1.650.862.8512 _________________________________________________________ -- Patrick Ryan Deputy Director, Analysis Berico Technologies [email protected]<mailto:[email protected]> 719-433-1323 (c) 703-224-8300 (o