Facing WikiLeaks Threat, Bank of America Plays Defense
By the time the conference call ended, it was nearly midnight at Bank of America’s headquarters in Charlotte, N.C., but the bank’s counterespionage work was only just beginning.
A day earlier, on Nov. 29, the director of WikiLeaks, Julian Assange, said in an interview that he intended to “take down” a major American bank and reveal an “ecosystem of corruption” with a cache of data from an executive’s hard drive. With Bank of America’s share price falling on the widely held suspicion that the hard drive was theirs, the executives on the call concluded it was time to take action.
Since then, a team of 15 to 20 top Bank of America officials, led by the chief risk officer, Bruce R. Thompson, has been overseeing a broad internal investigation — scouring thousands of documents in the event that they become public, reviewing every case where a computer has gone missing and hunting for any sign that its systems might have been compromised.
In addition to the internal team drawn from departments like finance, technology, legal and communications, the bank has brought in Booz Allen Hamilton, the consulting firm, to help manage the review. It has also sought advice from several top law firms about legal problems that could arise from a disclosure, including the bank’s potential liability if private information was disclosed about clients.
The company’s chief executive, Brian T. Moynihan, receives regular updates on the team’s progress, according to one Bank of America executive familiar with the team’s work, who, like other bank officials, was granted anonymity to discuss the confidential inquiry.
Whether Mr. Assange is bluffing, or indeed has Bank of America in its sights at all, the bank’s defense strategy represents the latest twist in the controversy over WikiLeaks and Mr. Assange.
The United States government has been examining whether Mr. Assange, an Australian, could be charged criminally for the release by WikiLeaks of hundreds of thousands of classified Pentagon and State Department diplomatic cables that became the subject of articles in The New York Times and other publications last month.
The Swedish government is also seeking to question Mr. Assange about rape accusations against him. As he fights extradition from Britain in that case, he remains under house arrest in an English mansion. Mr. Assange has said the timing of the rape accusations was not coincidental, and that he was the victim of a smear campaign led by the United States government.
Despite his legal troubles, Mr. Assange’s threats have grown more credible with every release of secret documents, including those concerning the dumping of toxic waste in Africa, the treatment of prisoners held by the United States at Guantánamo Bay, the wars in Iraq and Afghanistan and, most recently, the trove of diplomatic cables.
That Mr. Assange might shift his attention to a private company — especially one as politically unpopular as Bank of America or any of its rivals, which have been stained by taxpayer-financed bailouts and the revelation of improper foreclosure practices — raises a new kind of corporate threat, combining elements of law, technology, public policy, politics and public relations.
“This is a significant moment, and Bank of America has to get out in front of it,” said Richard S. Levick, a veteran crisis communications expert. “Corporate America needs to look at what happens here, and how Bank of America handles it.”
Last month, the bank bought up Web addresses that could prove embarrassing to the company or its top executives in the event of a large-scale public assault, but a spokesman for the bank said the move was unrelated to any possible leak.
Then, on Dec. 18, Bank of America may have antagonized Mr. Assange further when it said it would join other companies like MasterCard and PayPal in halting the processing of payments intended for WikiLeaks, citing the possibility the organization’s activities might be illegal.
Mr. Assange has never said explicitly that the data he possesses comes from Bank of America, which is the nation’s largest bank, though he did say that the disclosure would take place sometime early this year.
The bank has emerged as the most likely target because a year before the latest threat, Mr. Assange said in an interview that his group had the hard drive of a Bank of America executive containing five gigabytes of data — enough to hold more than 200,000 pages of text — and was evaluating how to present it. It was this connection that set the wheels in motion on Nov. 30.
The financial markets took the threat seriously. Bank of America shares fell 3 percent in trading the day after Mr. Assange made his threat against a nameless bank, and while the stock has since recovered, the prospect of a Bank of America data dump from WikiLeaks remains a concern, said Moshe Orenbuch, an analyst with Credit Suisse.
“The fears have calmed down somewhat, but if there is something out there that is revealed, the market reaction will be negative,” he said.
Bank of America’s internal review has turned up no evidence that would substantiate Mr. Assange’s claim that he has a hard drive, according to interviews with executives there. The company declined to otherwise comment on the case. A WikiLeaks representative also declined to comment.
With the data trail cold, one working theory both inside and outside the bank is that internal documents in Mr. Assange’s possession, if any, probably came from the mountains of material turned over to the Securities and Exchange Commission, Congressional investigators and the New York attorney general’s office during separate investigations in 2009 and 2010 into the bank’s acquisition of Merrill Lynch.
As it happens, Mr. Assange’s first mention of the Bank of America hard drive, in October 2009, coincided with hearings by the House Committee on Oversight and Government Reform into the Merrill merger, and with wide-ranging requests for information by the committee.
The bank’s investigative team is trying to reconstruct the handover of materials to public agencies for a variety of inquiries, in pursuit of previously undisclosed documents that could embarrass the company, bank officials said.
In addition to the Merrill documents, the team is reviewing material on Bank of America’s disastrous acquisition in 2008 of Countrywide Financial, the subprime mortgage specialist, the officials said. The criticism of Bank of America’s foreclosure procedures centers mostly on loans it acquired in the Countrywide deal, and one possibility is that the documents could show unscrupulous or fraudulent lending practices by Countrywide.
If that is the case, it would not only reignite political pressure on Bank of America and other top mortgage servicers, but it could also strengthen the case of investors pressuring the big banks to buy back tens of billions in soured mortgages.
“If something happens, we want to be ready,” one bank official said. “You want to know what your options are before it comes out, rather than have to decide on the spot.” Bank of America’s efforts are complicated by the fact that it has made several huge acquisitions in recent years, and those once-independent companies had different computer systems and security procedures.
WikiLeaks has taken on private companies in the past, including leaking documents from Barclays of Britain and Bank Julius Baer of Switzerland, but neither disclosure drew nearly as much attention.
Officials at the S.E.C., the House oversight committee and the New York attorney general’s office insist the information they received had been turned over in the form of papers and discs, never a hard drive, and deny they are the source of the WikiLeaks cache.
At the same time, Mr. Assange’s own statements would seem to undermine the government-as-source theory, hinting instead that resignations might follow as evidence emerges of corruption among top executives, something the public investigations never found.
“It will give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume,” he said in the November 2010 interview with Forbes. “For this, there’s only one similar example. It’s like the Enron e-mails.”
Eric Dash and Louise Story contributed reporting.