Project Vigilance, Adrian Lamo, Wikileaks and private intelligence agencies

[Cain]

http://blogs.forbes.com/firewall/2010/08/01/stealthy-government-contractor-monitors-u-s-internet-providers-says-it-employed-wikileaks-informant

A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its "volunteers", researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April.

Chet Uber, the director of Fort Pierce, Fl.-based Project Vigilant, says that he personally asked Lamo to meet with federal authorities to out the source of a video published by Wikileaks showing a U.S. Apache helicopter killing several civilians and two journalists in a suburb of Baghdad, a clip that Wikileaks labelled "Collateral Murder." Lamo, who Uber said worked as an "Adversary Characterization" analyst for Project Vigilant, had struck up an online friendship with Bradley Manning, a former U.S. Army intelligence analyst who currently faces charges of releasing the classified video.

In June, Uber said he learned from Lamo's father that the young researcher had identified Manning as the video's source, and pressured him to meet with federal agencies to name Manning as Wikileaks' source. He then arranged a meeting with employees of "three letter" agencies and Lamo, who Uber said had mixed feelings about informing on Manning.

"I'm the one who called the U.S. government," Uber said. "All the people who say that Adrian is a narc, he did a patriotic thing. He sees all kinds of hacks, and he was seriously worried about people dying."

Uber says that Lamo later called him from the meeting, regretting his decision to inform on Manning. "I'm in a meeting with five guys and I don't want to do this," Uber says Lamo told him at the time. Uber says he responded, "You don't have any choice, you've got to do this."

"I said, 'They're not going to throw you in jail,'" Uber said. "'Give them everything you have.'"

...

According to Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers. (ISPs) Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally able to gather data from the Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can "develop portfolios on any name, screen name or IP address."

"We don't do anything illegal," says Uber. "If an ISP has a EULA to let us monitor traffic, we can work with them. If they don't, we can't."

And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn't clear, nor is how it scrubs its data mining for sensitive details.

ISP monitoring is just one form of intelligence that Vigilant employs, says Uber. It also gathers variety of open source intelligence and numerous agents around the world. In Iran, for instance, Uber says Vigilant created an anonymous Internet proxy service that allowed it to receive information from local dissidents prior to last year's election, including early information indicating that the re-election of Mahmoud Ahmadinejad was skewed by fraud.

Uber, who formerly founded a private sector group called Infragard that worked closely with the FBI, compares the organization's techniques with Ghostnet, the Chinese cyber espionage campaign revealed last year that planted spyware on computers of many governments and NGOs. "We've developed a network for obfuscation that allows us to view bad actors," he says.

Uber says he's speaking publicly about Vigilant because he wants to recruit the conference's breed of young, skilled hackers. By July 2011, the organization hopes to have more than 1,300 new employees.

The organization already has a few big names. According to a San Francisco Examiner article last month, it employs former NSA official Ira Winkler and Suzanne Gorman, former security chief for the New York Stock Exchange.

And some more http://www.google.com/hostednews/afp/article/ALeqM5hKoXQdL-L1HFYObz0_UUHMactSWg

An elite US cyber team that has stealthily tracked Internet villains for more than a decade pulled back its cloak of secrecy to recruit hackers at a DefCon gathering.

Vigilant was described by its chief Chet Uber as a sort of cyber "A-Team" taking on terrorists, drug cartels, mobsters and other enemies on the Internet.

"We do things the government can't," Uber said on Sunday. "This was never supposed to have been a public thing."

Vigilant is an alliance of slightly more than 600 volunteers and its secret ranks reportedly include chiefs of technology at top firms and former high-ranking US cyber spies.

The group scours Internet traffic for clues about online attacks, terrorists, cartels and other targets rated as priorities by members of the democratically run private organization.

Vigilant also claimed to have "collection officers" in 22 countries that gather intelligence or coordinate networks in person.

"We go into bars, look for lists of bad actors, get tips from people..." Uber said.

"But, a significant amount of our intelligence comes from our monitoring the Internet. We are looking at everything on websites, and websites are public."

He was adamant that Vigilant stays within US law while being more technologically nimble than government agencies weighed down by bureaucracy and internal rivalries.

"Intelligence is a by-product of what our research is," Uber said. "Our research is into attacks, why they happen and how we can prevent them."

Vigilant shares seemingly significant findings with US spy agencies, and is so respected by leading members of the hacker community that Uber was invited to DefCon to recruit new talent.

Uber said that Vigilant came up from underground after 14 years of operation in a drive to be at "full capacity" by adding 1,750 "vetted volunteers" by the year 2012.

"We are good people not out to hurt anybody," Uber said. "Our one oath is to defend the US Constitution against all enemies foreign and domestic."

Anything that can be looked at legally on the Internet is fair game for Vigilant, with email and encrypted transactions such as online shopping off limits.

The holy grail for Vigilant is finding out who is behind cyber attacks. Inability to figure out who launches online assaults routinely leaves companies or governments without targets to fire back at.

"This is a completely unsolved problem," Uber said. "We've probably been working on it as long as the government has."

Vigilant has developed its own "obfuscation" network to view "bad actors" on the Internet without being noticed.

He told of uncovering evidence of fraud in the latest presidential election in Iran while testing a way for people to slip information out of countries with oppressive regimes.

The information obtained was given to US officials.

"They expected fraud but they didn't expect the wholesale fraud that we passed along," Uber said.

Vigilant's network claimed a role relaying Twitter messages sent by Iranian protestors in the aftermath of the election.

The group is bent on gathering intelligence by any legal means and then putting the pieces together to see bigger pictures.

"The wholesale tapping of the Internet around the world can't be done," Uber said. "We are looking at what people write, how people attack, how attacks happen...we don't care who that person is."

Uber is working on a mathematical model to spot when terrorist organizations are recruiting teenagers online. The group has 100 projects in the works.

"Our end goal is to provide software as a service to government agencies so we can get out of the business of intelligence," Uber said.

Along with technology savants, Vigilant is recruiting sociologists, psychologists, and people with other specialties.

The wall between "feds" and hackers has been crumbling at DefCon, which has become a forum for alliances between government crime fighters and civilians considered digital-age "ninjas."

Well, this just got a whole lot more interesting...

[Bebek Sincap Ratatosk]

Two of my teammates just got back from DefCon... they were like this: 

[LMNO]

When do you think they'll go after Anonymous?

[Adios]

Damn. Now I'm going to be always looking in my rear view mirror to see if there are black SUV's following me around the internet.

[Pæs]

In comments of the first link.

Andy,

You did a pretty decent job given the wide ranging topics and the time frame.

1. BBHC Global LLC is an NGO classified as a "Not Just for Profit" entity.
2. BBHC runs several sub-divisions that are "for-profit" but they are all contracts staffed by 1099 subcontractors. BBHC has no employees including its current managing member Steven Ruhe.
3. Project VIGILANT is a science-based project on Attack Attribution and all of our members are volunteers. So in both this and the above where you say "work" I have no issue – but "employee" is neither accurate or true.
4. The ISP's we work with were solicited by us to provide to them a tool that looks for packages coming into, or from its own clients that is indicative of NMap and other well defined non-user tools. We know we don't see client data because what we are looking for is the use of scanning tools. So to characterize us as monitoring ISP's is not accurate. No one gave me the time to explain myself and I had a dozen people throwing questions to me at the same time, many of them leading questions.
5. We have one (1) subcontract to a primary contractor to the government. We do happen to continue to bid on Federal Contracts that cover the topic of attribution or the related areas of that. We are a CCR registered defense contractor, but we are pretty pour to date of landing any contracts. So your headline is really really misleading.
6. In your last paragraph you again say we employee people. I will trade you – please use "volunteers" and I will tell you that more than one ex-NSA person donates time to this cause.
7. If you would like to, I would love to provide you additional information as long as you are willing to make sure that you verify your sources. You did not do what I had to do as a reporter – call the person and say – is this what you said?

Be Well,

Chet