The first time Greenpeace USA realised they had a security problem was in April 2008 when Mark Floegel, senior investigator with the environmental organisation, took a call from a colleague.
"He told me Jim Ridgeway, a reporter with Mother Jones, was writing a piece and would call me for comment. I didn't know what he was talking about," Floegel said.
Ridgeway revealed Greenpeace had been "targeted" by a private security company and that a trove of sensitive documents was stashed in a Maryland storage locker.
Greenpeace, no stranger to black ops - covert, sometimes illicit and deniable operations - was about to get a window into an alleged nexus between corporate titans and private security companies.
The documents were stored by John Dodd, the millionaire heir to a local beer distributorship and the prime investor in a now-defunct private security company, Beckett Brown International.
The company was set up in 1995 after a chance meeting in a Maryland bar connected Dodd to several ex-Secret Service officers who wanted to get into private security. Dodd provided $700,000 on the proviso he owned BBI until it was repaid. Before long, business was booming.
By 2001, relations between Dodd and BBI had soured.
When he learned staff were "sterilising the office", shredding records before closing shop, Dodd drove a truck to the firm's Maryland address and retrieved piles of documents.
Dodd began reading documents and, says Floegel, began to suspect "criminal activity" and contacted "victims".
Greenpeace recovered 20 boxes of documents. They included confidential employee details such as email passwords, Social Security numbers, donor payments, privileged attorney-client conversations and strategic plans to fight climate change, ocean pollution, genetic engineering and other campaigns.
The boxes also had BBI work logs, plus documents sent to defendants and clients such as Wal-Mart, Halliburton, the National Rifle Association, the Carlyle Group and Monsanto. The documents, many posted on the Greenpeace USA site, make intriguing reading.
The "BBI Targets" include Friends of the Earth, the Centre for Food Safety and the National Environmental Trust/GE Food Alert, and various scientists and individuals, as well as Greenpeace, with various handwritten notes listing addresses and phone numbers.
It is this cache that Greenpeace has mined for evidence in a lawsuit levelled against a handful of ex-BBI employees. The defendants also include two public relations firms, Dezenhall Resources and Ketchum and two multinationals, chemical giants Dow Chemical and Sasol America. Greenpeace has filed a detailed complaint and the case is proceeding in a Washington DC courtroom.
"It took several months to sift through the records," says Floegel. He says they reveal a narrative of BBI activity, including client reports advising, "Greenpeace will do this, Greenpeace will do that".
It is a window into a murky world where BBI, whose staff included ex-CIA and Secret Service officers, allegedly reported to Dezenhall and Ketchum who, in turn, channelled confidential material, allegedly filched from Greenpeace, to Dow and Sasol.
The complaint accuses defendants of "clandestine and unlawful activities", claiming they stole confidential documents, conducted illicit surveillance - sometimes using off-duty policemen - and "in all likelihood" broke into Greenpeace offices and other locations between 1998-2000. It cites at least 200 illegal actions in this period.
One email, found in "Ketchum Dow emails and docs", and addressed to Timothy Ward, then BBI's "director of investigative services", reveals a global dimension to BBI activities, as the BBI man discusses a "sensitive all-source intelligence collection effort" on foreign greens.
The defendants" aim, says Greenpeace, was to disrupt campaigns against "the companies' activities that were damaging to the environment", including the impact of toxins leaked from a Sasol plant in Louisiana and Dow's production of dioxins and genetically modified organisms.
Floegel says the PR firms were the "go-between" between BBI and the corporate clients. "From what we've been able to prove, these PR companies would go to chemical companies and say, 'Greenpeace is coming after you. If you hire us we will be able to spin stories and we might be able to do other things that maybe you don't want to know about'."
It is the "other things" that will worry defendants. The complaint serves as a kind of black ops primer.
Steal documents from the trash. Infiltrate groups and activist campaigns by posing as someone else, gaining people's trust. Hack into emails.
One of BBI's operatives, Mary Lou Sapone, led a double life.
In one she was a committed gun control and eco-activist, styling herself Mary McFate. In the other she worked as a National Rifle Association mole and helped infiltrate CLEAN, a citizens' group working with Greenpeace in Louisiana, sending back confidential material to BBI.
There's big money in the rapidly growing private security. Wikipedia projected the global industry would be worth US$200 billion in 2010. Corporations deal with threats to their security by tightening it up. This is less easy for protest groups who tend to be more porous, relying on volunteers and, in Greenpeace's case, routinely employing interns. The complaint alleges Sapone's daughter-in-law sent a "bill to BBI for work on behalf of Ketchum" after she had visited "target's office" [Greenpeace] to find an intern job.
"We're an open group," says Floegel. "Yes, if we plan to hang a banner from a smoke stack somewhere we don't tell people the day before." But, he adds, while Greenpeace takes precautions, if the group became "too focused on security then we are not getting our work done". What opponents want to know, he says, is where Greenpeace plans to spend its money so they can devise counter strategies.
The private security business has also been used to spy on environmental protesters in New Zealand.
Responding to the Save Happy Valley Campaign, to prevent coal mining near Waimangaroa on the South Island West Coast, Solid Energy employed the services of Thompson and Clark Investigations.
In 2007, journalist Nicky Hager revealed Thompson and Clark's recruitment of two young informants within the Save Happy Valley campaign. Solid Energy insisted it acted "legally, ethically and morally". The security firm also approached Rob Gilchrist, later exposed as an informant for the Special Investigation Group, a police anti-terror unit, when his then girlfriend, animal rights activist Rochelle Rees, found incriminating links to the SIG on his computer.
Official surveillance of activists is not new. Besides the UK police operations revealed by the Guardian, the FBI was censured last year for putting left-wing US advocacy groups on terrorist watch lists after the September 11, 2001 attacks.
But the situation really becomes murky when it is hard to tell the real cops from their counterparts - often ex-policemen - in the private realm.
In a 2001 case, an undercover operative for Hakluyt, a security firm with close links to UK intelligence services, was found to have sabotaged Greenpeace campaigns against BP and Shell, raising the possibility Hakluyt was a front for MI6.
In the National Public Order Intelligence Unit case, a senior policeman told the Guardian the use of "unrestrained players in the private sector" was a massive area of concern. Perhaps. But reports that the unit's Mark Kennedy apparently worked for the police and for corporate clients suggest the line between being answerable to the public and beholden to a more shadowy corporate master is increasingly blurred.
This is worrisome for democracy. "Economic inequality across the globe is becoming greater," says Floegel. "Corporations have more money, more power, which they feed into politics to make things even more unequal. It's really not surprising they're going to have their own police forces, their own spy agencies."
He hopes the lawsuit will be a deterrent. "This is about democracy. When a corporation subverts this process, everyone loses."
Spying on protest spies
Covert operations against environmental and anti-globalisation protest are under increasing scrutiny.
Germany has learned that five of its undercover cops took orders at the 2005 G8 protests from Britain's National Public Order Intelligence Unit.
It was the latest twist in a clandestine operation that unravelled when Mark Kennedy, a NPOIU man, was exposed as an agent provocateur who had infiltrated protest groups.
The surveillance also involved Vericola, a security firm described by CEO Rebecca Todd as a "business risk management company."
Energy companies Scottish Resources Group, Scottish Power and E.ON were clients. E.ON said it used Vericola and another firm, Global Open, to get advance word on demonstrations and trouble.
Todd posed as an activist on mailing lists, snooped at protest meetings and inserted spies into campaigns.
Her cover was blown when she mistakenly emailed client names to Climate Camp protesters.
Elsewhere, Anonymous, the hackers' collective, broke into servers for HB Gary Federal, claiming the California security company had pitched a proposal - to sabotage Wikileaks and discredit sympathetic journalists - to US law firm Hunton and Williams, which acts for the Bank of America, rumoured to be in Wikileaks' crosshairs.
Hunton and Williams, which represents the US Chamber of Commerce, is named in another episode where Centre for American Progress blog ThinkProgress alleges the law firm worked on "a surreptitious sabotage campaign" with private firms , including HB Gary Federal, to "develop tactics for damaging progressive groups and labour unions."
And in France two officials with the French state energy giant Electricite de France, and an investigator from Kargus Consultant, a private security company, were charged in 2009 with hacking into Greenpeace's computer system.