Project Vigilant Spying on Internet Providers
August 2, 2010
Updated with IDG’s confirmation from Adrian Lamo, changes in wording to address Vigilant staff’s volunteer status.
Forbes
A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its “volunteers,” researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April. 
Chet Uber, the director of Fort Pierce, Fl.-based Project Vigilant, says that he personally asked Lamo to meet with federal authorities to out the source of a video published by Wikileaks showing a U.S. Apache helicopter killing several civilians and two journalists in a suburb of Baghdad, a clip that Wikileaks labeled “Collateral Murder.” Lamo, who Uber said worked as an “adversary characterization” analyst for Project Vigilant, had struck up an online friendship with Bradley Manning, a former U.S. Army intelligence analyst who currently faces criminal charges for releasing the classified video.
In June, Uber said he learned from Lamo’s father that the young researcher had identified Manning as the video’s source, and pressured him to meet with federal agencies to name Manning as Wikileaks’ whistleblower. He then arranged a meeting with employees of “three letter” agencies and Lamo, who Uber said had mixed feelings about informing on Manning.
“I’m the one who called the U.S. government,” Uber said. “All the people who say that Adrian is a narc, he did a patriotic thing. He sees all kinds of hacks, and he was seriously worried about people dying.”
Uber says that Lamo later called him from the meeting, regretting his decision to inform on Manning. “I’m in a meeting with five guys and I don’t want to do this,” Uber says Lamo told him at the time. Uber says he responded, “You don’t have any choice, you’ve got to do this.”
“I said, ‘They’re not going to throw you in jail,’” Uber said. “‘Give them everything you have.’”
Wikileaks didn’t immediately respond to a request for comment. IDG reporter Robert McMillan confirmed Uber’s relationship with Lamo, who told McMillan that “Mr. Uber was, among a few others, an instrumental voice in helping me come to my ultimate decision.”
Uber’s Wikileaks revelation is one of the first public statements from the semi-secret Project Vigilant. He says the 600-person “volunteer” organization functions as a government contractor bridging public and private sector security efforts. Its mission: to use a variety of intelligence-gathering efforts to help the government attribute hacking incidents. “Bad actors do bad things and you have to prove that they did them,” says Uber. “Attribution is the hardest problem in computer security.”
According to Uber, one of Project Vigilant’s manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users’ Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can “develop portfolios on any name, screen name or IP address.”
“We don’t do anything illegal,” says Uber. “If an ISP has a EULA to let us monitor traffic, we can work with them. If they don’t, we can’t.”
And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn’t clear, nor is how it scrubs its data mining for sensitive details.
ISP monitoring is just one form of intelligence that Vigilant employs, says Uber. It also gathers a variety of open source intelligence and employs numerous agents around the world. In Iran, for instance, Uber says Vigilant created an anonymous Internet proxy service that allowed it to receive information from local dissidents prior to last year’s election, including early information indicating that the re-election of Mahmoud Ahmadinejad was skewed by fraud.
Uber, who formerly founded a private sector group called Infragard that worked closely with the FBI, compares the organization’s techniques with Ghostnet, the Chinese cyber espionage campaign revealed last year that planted spyware on computers of many governments and NGOs. “We’ve developed a network for obfuscation that allows us to view bad actors,” he says.
Uber says he’s speaking publicly about Vigilant at Defcon because he wants to recruit the conference’s breed of young, skilled hackers. By July 2011, the organization hopes to have more than 1,300 new employees.
The organization already has a few big names on its roster. According to a San Francisco Examiner article last month, its volunteer staff includes former NSA official Ira Winkler and Suzanne Gorman, former security chief for the New York Stock Exchange.
About Editor
