The whole Post article is worth reading – you couldn’t make this up. But try this as a taster:
Though nine journalists were apparently targeted in HP’s leak investigation, one in particular drew the scrutiny of Dunn and Hurd, according to a series of internal e-mails. Dawn Kawamoto, a reporter for Cnet.com, wrote a fairly straightforward article on Jan. 23 outlining the firm’s long-term strategy after a board retreat.
Determined to ferret out the source’s identity, HP senior counsel Kevin Hunsaker, who led the HP investigation ordered by Dunn, and an HP colleague in Boston created a fictitious persona, "Jacob," who would pose as a disgruntled HP "senior level executive" and cultivate Kawamoto by saying he was "an avid reader of your columns."
The idea, evidently, was to induce Kawamoto to open an e-mail attachment with a "tracer" in it that would allow them to see who she forwarded it to. They hoped it would pinpoint board member Keyworth as her source, according to the documents."
In other words, HP adopted the tactics of a common or garden hacker-phisher (would be interesting to know what security software Kawamoto had on her PC).
And how does that square with this from HP’s own website:
HP’s mission is to deliver policy driven security management across the
enterprise IT infrastructure to prevent, detect, warn, log and heal the
effects of attacks, security policy violations and other threats.
Perhaps they also planted some malware to stop Dawn Kawamoto downloading this.