Wednesday, January 6, 2016

The Return of Project Vigilant: Former NSA manager Blaine Burnham and DoD Cyber Crime Center director Jim Christy allegedly help form Attribution Academy

The shadowy cyber group of spooks behind Project Vigilant, which led future Pulitzer-winning journalist Glenn Greenwald to "conclude" its claims may not be "real and credible" - after it boasted that it "tracks more than 250 million IP addresses a day and can ‘develop portfolios on any name, screen name or IP address,'" and "hands much of that information to federal agencies” - has apparently launched a new venture called Attribution Academy, and former director of the Department of Defense Cyber Crime Center Jim Christy will allegedly be involved with it.

However, Chet Uber has announced some things in the past that never materialized, and the Project Vigilant website already vanished from the Internet after going live on New Year's Day.

(1/11/16 Update: In an additional post added to the website - which two Project Vigilant associates told me was experiencing technical problems - on Sunday (Google cache link), the group, announced, "The inclusion of Jim Christy as the Deputy Directory at the Attribution Academy adds so much that we couldn’t be happier." A lengthy biography of Christy followed the terse statement, which began, "Jim Christy is a retired Special Agent that has specialized in cyber crime investigations and digital forensics for over 29 years with the Air Force Office of Special Investigation, the Department of Defense Cyber Crime Center (DC3) and now the private sector. Jim left the government in July 2013 after 42 years of public service and has started his own consulting firm, The Christy Group, LLC. He has also co-founded The Digital Forensics Consortium, a 501 3(c) non-profit organization to promote STEM and specifically cyber investigations and digital forensics to students. The Digital Forensics Consortium has received a grant from the US Department of Homeland Security to resurrect both the Digital Forensics Challenge and the Digital Crime Scene Challenge he created for DC3. Jim just joined Cymmetria in November of 2015 as the Vice President for Investigations and Digital Forensics."

"Jim retired in Nov 2006 as a Special Agent and immediately returned to the federal government and DC3 first as an IPA and later as an HQE (Highly Qualified Expert), a senior appointed by the Secretary of the AF as the Director of Futures Exploration (FX) for the DC3. FX, the DC3 innovation incubator was responsible for Communication outreach/marketing, cyber workforce development and strategic relationships with other government organizations, private sector, and academia.")


Three years ago, after an alleged Project Vigilant mailing list that included Jim Christy's name was published at an Anonymous website - which may have been leaked by a strange group of trolls that called themselves "ZAPEM" - along with a taped phone call with security firm agent Tom Ryan who once hoodwinked government and military officials on social networks with a female "Mata Hari" sock (See my 2013 article, "Meet the 'real' Robin Sage and Provide Security's 'Senior Research Analyst'" for more information on Tom Ryan), Chet Uber tweeted, "Tomorrow at 1000 UTC-6 ProjectVIGILANT will release a very detailed Press Release covering the alleged 'leak' and the 'tapes.' Stay Frosty." But he never released that statement, and later explained on Twitter that he didn't "press charges" for the alleged intrusions - in another tweet that Uber later scrubbed: "I did not see a benefit to our project to press any of these charges for many reasons." Uber also told me in a Direct Message that the press release was never issued because it might bring bad publicity to Project Vigilant.

As I once reported on Twitter, Jim Christy appeared on a "Meet the Feds and Ex-Feds" panel at DEFCON 17 in 2009 with Project Vigilant's Kevin Manson. A video of the panel can be found at this YouTube link. According to a biography published online, Kevin Manson "[c]o-founded Cybercop Portal, a Department of Homeland Security endorsed, secure online information sharing community with a DARPA pedigree serving over 14,000 law enforcement and industry users, including some 4,000 INFRAGARD members. As a senior instructor at the Federal Law Enforcement Training Center's Financial Fraud Institute and Legal Division (FLETC), he created the Cybercop BBS, (Wildcat), the first online community enabling federal law enforcement agents and agencies to collaborate with state and local law enforcement. Designed, developed and deployed four new training initiatives at the FLETC: 'Digital Officer Safety'(OPSEC), Data Mining and two Internet Investigations programs for federal agents at the FLETC (URL: www.fletc.gov)."

"Chet is a natural asset when it comes to serve and protect on the Internet," Kevin Manson told the Palm Beach Post in August of 2010. "We need people like him." The article titled "Cybercop earns fame but fuels skepticism" added that Manson was "a onetime general counsel for former Sen. Bob Dole, R-Kan., who describes himself as liaison-at-large for Project Vigilant."

In an August 5th, 2010 "important correction and clarification about Project Vigilant" to his August 2nd Salon article, Glenn Greenwald - who later won a Pulitzer Prize for reporting on leaked documents by former Central Intelligence Agency employee, Edward Snowden - wrote that he had been "convinced that Uber’s claims about his group are wildly exaggerated, rendering [his] concerns about it largely misguided and unwarranted." Greenwald added, "Anyone with even minimal credibility knows not to believe uncorroborated, fantastical claims simply because they are publicly touted...In retrospect, I should have been more skeptical of these claims."

(1/9/16 Update: Threat analyst and former hacker Adrian Lamo - whose LinkedIn profile states that he's the Assistant Director for Threat Intelligence & Acting PAO at Project Vigilant, which he joined as a volunteer in April of 2008 - contacted me by DM and said, "I can tell you on behalf of PV that the site outage is unrelated to our announcement, unless it's brought on by traffic. I don't work on site issues, so I don't know specific details, but I may be looking at more robust hosting fairly soon."

"I've spoken /w Chet about the journal, and want to help in any way I can I already have a number of writing commitments, so I don't know how frequently I'll participate," Lamo added.
)

(1/7/16 Update: Minutes after I published and tweeted this story to his twitter account @ChetUber - which is mostly filled with references and retweets to me over the past few years since I began reporting on Project Vigilant - Chet Uber sent me a few Direct Messages. It's not the first time Uber - who has been trolling people on the Internet and lying to journalists for many, many years - played dumb about seeing a tweet that he is obviously responding to: "First of all we don't share this account, but I thought you might be interested in the combination between our Academic efforts, the Journal of Attribution, and our Research area. Major reorganization for PV."

After I asked when the website would go live again, Uber said, "It is sort of back up again I am adding in edited stories and working on the X theme for Word Press so I can turn it over to a pro." But it's still down, as I write this update.

Proving he had already read my tweet asking if the convicted felon known as the "homeless hacker" Adrian Lamo - @6 on Twitter, infamous for working with the FBI and Army CID to, as many hacktivists see it, entrap the US soldier Chelsea "Bradley" Manning, who was convicted by a military court that included testimony from the Project Vigilant duo, for leaking documents to WikiLeaks - would be involved with Attribution Academy, Uber responded: "asking Adrian can answer better than I but he has been offered a position to teach if he wants to but I have no response he is very busy grooming me as the Voice of PV."

"Adrian will have to account for his behavior but I know that he is not doing things to impress people, he is doing things to build on the company brand and to use his skills to improve our public communication," Uber added. "Voice of PV means he writes our responses to the press and speeches and outside the legal general counsel or myself no one has the official right to make comments that are credited as coming from ourselves. He is well written and well spoken.")


As I reported October 9, 2012, back on June 21, 2010, San Francisco technology columnist Mark Albertson wrote an article for Examiner.com called Secret group aids fight against terror: the first story about "unpaid volunteers" who had allegedly been "patrolling the Internet for many years."

"For the past 14 years, a significant volunteer group of U.S. citizens has been operating in near total secrecy to monitor and report illegal or potentially harmful activity on the Web," Albertson wrote.

Since that article was published, a number of journalists and bloggers have suspected that the hard-to-believe group was a hoax, a fraud or a front, due to its underdeveloped website, strange director, and conflicting stories spun by the "unpaid volunteers" to the media.

But in August of 2010 at a DefCon event, when the director claimed that he played a background role in the arrest of US soldier Bradley Manning, many journalists and bloggers changed their dismissive tune. Manning was arrested in late April that same year, days after revealing to Adrian Lamo - who either joined Project Vigilant before or after - that he had been leaking classified material to the international non-profit media group, WikiLeaks. A video Manning named "Collateral Murder" which showed footage of a 2007 US Apache helicopter strike in New Baghdad, Iraq that killed at least eighteen people helped put WikiLeaks "on the map", Ellen Nakashima wrote for The Washington Post in April, 2011.

Declan McCullagh reported in a August 10, 2010 article for CNet.com that Lamo "became Project Vigilant's associate director for adversary characterization about half a year ago," but both have ducked questions about the claim. In an interview with Elinor Mills published on June 24, 2009 at CNet.com, Lamo said he was "looking at an option as a staff scientist in what's called 'adversary characterization,' figuring out who is going to break into your s*** before they do it and how they're going to do it before they even formulate the plan," but told her "it would be inappropriate to specifically state who I would be a staff scientist for."

Lamo told Mills that he was working as "a threat analyst for a privately held company," which he revealed was Reality Planning LLC, but he didn't tell her it was his own firm, and that he may have been its only employee, at the time (In January of 2012, Reality Planning LLC lists a workforce size of 5-10). In a February 1, 2010 article, also written by Elinor Mills, Lamo was referred to as a "threat analyst."

"Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups," Kim Zetter and Kevin Poulsen reported for Wired on August 1, 2010. "He helped define the roles, tools and methods intruders would use to conduct such attacks."

Also worth noting is that six months before Manning's arrest, Albertson - who would later "out" Project Vigilant in an exclusive - wrote a November 2, 2009 article called "Adrian Lamo knows your number", that referred to him as "a working journalist who is frequently called upon to give speeches at security conventions and various 'cybecrime' gatherings", and predicted he "may soon become an ever bigger celebrity if a movie – Hackers Wanted – is ever released."

Even though Project Vigilant's director has claimed that the group has as many as 600 "unpaid volunteers" working for it, only about a dozen names have been linked, so far. "Vigilant also claimed to have 'collection officers' in 22 countries that gather intelligence or coordinate networks in person," Glenn Chapman reported for AFP on August 1, 2010. Director Chet Uber claimed Project Vigilant was "in a drive to be at 'full capacity' by adding 1,750 'vetted volunteers' by the year 2012," Chapman noted
.
However, on August 21, 2012, Albertson reported, "Uber says that Project Vigilant has expanded its volunteer force from 500 in 2010 to a current level of 750, with the biggest increase coming in Project Vigilant's core volunteers (defined as people who work 5 or more hours per week) who today number 125." In his "exclusive" June of 2010 columns, Albertson spoke on-the record to Uber and - according to his own accounts - a shadowy Democratic operative named Neal Rauhauser who somehow managed to hook up with liberal bloggers, Anonymous hacktivists, and members of the Occupy Wall Street movement, even though he belonged to a group which essentially spied for the government. Since early 2010, Rauhauser has spent much of his time harassing conservatives, critics, journalists (including me) and bloggers, but somehow argues that it's the other way around.
"Finding information about Project Vigilant is not easy. They have a public webpage that reveals little information about the group. Names of the volunteers are stored in such a way that they are not accessible from any network. Access to the work of the group by its own members is highly controlled and monitored.

The group’s collaboration with the U.S. Government is handled through another highly secure web portal which supports protected email, chat and other features.
"
In a follow-up column published on June 22, 2010, Albertson revealed "Big names help run Project Vigilant." He wrote, "It’s tempting to look at a secret group of cybercrime “monitors” and dismiss them as a group of lightweights trying to play cops and robbers in the Internet world. Nothing could be farther from the truth."

Aside from Project Vigilant General Counsel Mark Rasch, who "led the Department of Justice computer crime unit" for nine years, and Director Chet Uber, who claimed to be "a founding member of InfraGard (a partnership between the FBI and the private sector) and a longtime participant in AFCEA (Armed Forces Communications and Electronics Association)," the other "big names" outed were Cybercop co-founder "Kevin Manson, who serves as Project Vigilant’s liaison with state and federal law enforcement groups", second in command George Johnson, who "was handpicked by DARPA (the Defense Advanced Research Projects Agency – part of the U.S. Department of Defense) to develop secure tools for the exchange of sensitive information between federal agencies," Ira Winkler, "president of the Internet Security Advisors Group and...former employee of NSA (National Security Agency)," and "Suzanne Gorman, one of Project Vigilant’s top leaders,...a former security chief for the New York Stock Exchange [who] is widely viewed as one of the foremost experts on Web threats in the financial services world."

In August of 2011, blogger Bailey Carlson took a "Closer look at Project Vigilant," adding some other names to the list.
"Blaine Burnham formerly NSA Information Security expert between 1987-1998. Before the NSA, Blaine worked at the Los Alamos National Laboratory developing tools and techniques to achieve higher levels of Information Security to secure the US national nuclear weapons arsenal. He is now the executive director of Nebraska University Consortium on Information at University of Nebraska.

Blaine['s] position with Vigilant is listed as Independent Validation & Verification.

Wayne Wilson has US Top Secret security clearance. He has worked with military contractor Northrop Grumman and Department of Defence contractor The Yellowstone Group where his primary focus was on 'Cybersecurity and Linguistics for the NSA and other Agencies'.
"
Carlson also named AJ Fardella, "Contracted for Secret Service, DOJ, DEA" Richard Brandt, "former Journalist for BusinessWeek" Mike Tomasiewicz, "ConAgra Foods Sys Admin, certified as InfoSec professional" Doug Jacobson, "Professor of Electrical/Computer Engineering at Iowa State University, founder of Cybersecurity business Palisade Systems" and Christophe Veltsos, "Faculty of Computer Information Science at Minnesota State University."

In August, Albertson added "Jeff Bardin (Assistant Director, Intelligence and Analysis – Middle East Desk, Chief Intelligence Officer for Treadstone 71)" to the list of members, and "some major leaders in the computer and Internet world who are not members of the group, but were willing to talk for this story about their support for Project Vigilant’s work."
"These include Vint Cerf, Vice President for Google and widely recognized as the 'father of the Internet,' Bill Cheswick, a highly-regarded Internet security expert, and Winn Schwartau, one of the world’s top experts on cyberterrorism. 'I know an awful lot of people who are involved with Project Vigilant,' says Schwartau."
(Editor's Note: Read more of my lengthy article on Project Vigilant at this link, and check back here soon for more information on the group according to Direct Messages I exchanged with Chet Uber that were off the record until he played games with me about Adrian Lamo allegedly contacting me to interview him.)

On or about October 12, 2015, the Project Vigilant website (archive link) returned to the Internet after a long hiatus with the group's logo announcing itself as the "Home of the Attribution Academy" and "Journal of Attribution." Three months later, on January 1st, 2016, the first brief post went live announcing that the cyber and reality-based school would be "offer[ing] nine classes during semester" under an un-attributed quote: "In the physical world entropy increases with time. In digital physics entropy decreases with time."



The next day, the website announced, "ProjectVIGILANT launches the Journal of Cyber Attribution", and claimed that "Jim Christy has for years been a close adviser to Director Chet Uber with regards to almost every aspect of ProjectVIGILANT’s operations and has recently stepped foreword to work as the Editor of the Journal of Cyber Attribution; as well as an Director of Students. These are on top of his other duties."

According to his public edited Wikipedia entry, "Jim Christy (born 1951) is the Director of Futures Exploration (FX) for the Department of Defense Cyber Crime Center (DC3). FX is in charge of establishing strategic relationships between the US Government and private agencies and academia. Christy was the Director of the Defense Cyber Crime Institute from 2003–2006, and Director of Operations of the Defense Computer Forensics Laboratory from 2001-2003. Christy was chief of the Air Force Office of Special Investigations computer crime investigations unit from 1989-1996. As the founder of the world's largest digital forensics shop, he is notable for his involvement in high priority government computer security.

It adds, "Christy joined the Air Force when he was 19. He later became a computer operator at the Pentagon, and got a job as a computer crime investigator at the Air Force Office of Special Investigations (OSI) in 1986. In 1986 Christy investigated the notorious Hanover Hackers, a band of West German digital delinquents who stole information from United States Defense Department computers and sold it to the KGB. It was his first hacker case as an OSI agent. In 1991, Christy founded the Pentagon's first digital forensics lab for the Air Force. In 1998 the Air Force Lab became the Department of Defense Computer Forensics Laboratory, supporting all of the investigative agencies of the Department of Defense."

On January 3rd, the PV website claimed that former National Security Agency manager Blaine Burnham would be assuming the "lead post in the Attribution Academy", and provided the following biography:
"Dr. Blaine Burnham is a Professor at the University of Southern California Viterbi School of Engineering, where he is responsible for the development and administration of the USC Viterbi School of Engineering’s Master of Cyber Security degree. Dr. Burnham additionally assists with academic development of professional education and outreach opportunities through business, industry and government. In this arena, he has led the development of curriculum for such organizations as the FBI, InfraGard, AeroSpace and a host of other law enforcement agencies. Dr. Burnham’s primary research interests have been focused on the challenges of implementing very high assurance security designed to address the problems of adversarial attacks that include software subversion.

Prior to joining USC, Dr. Burnham worked for eleven years at the National Security Agency, where he held various management positions surrounding information assurance and cyber security research. Dr. Burnham directed and managed the Infosec Criteria and Guidelines Organization and was responsible for the publishing of half of the guideline documents, commonly referred to as the Rainbow Series. Perhaps most notably, he was responsible for crafting the Federal Criteria successor to the Trusted Computer Security Evaluations Criteria, also known as The Orange Book.

While at NSA, Dr. Burnham served as Chief of the Commercial COMSEC Endorsement Program and Trusted Products Division, as well as creating and developing the Product Security Profile. In 1994, Dr. Burnham took over direction of the Infosec Research Organization, which established the information security research agenda for the NSA. During his tenure, he established the University Research Program, which led to cyber security as an academic offering at universities and provided start-up funding for several of what now are the nation’s top Information Assurance programs. The research agenda Dr. Burnham initiated gave support for the development of the intrusion detection system industry and the creation of IPSEC.

Dr. Burnham’s final assignment with NSA was establishing, promoting and sustaining the Information Security Research Council for the Department of Defense and the Intelligence Community as a whole. This was the first attempt in our nation’s history to galvanize all government organizations under one banner for cyber security research, and as such has led to numerous collateral efforts and spin-offs that have contributed billions of dollars to developing literally hundreds of innovations in computer security.

After retiring from the NSA, Dr. Burnham accepted a position at the Georgia Institute of Technology as Director of the Georgia Tech Information Security Center. Consistently ranked as one of the best cyber security programs in the world, Dr. Burnham was responsible for leading the GTISC in its infancy, laying the foundation for success by developing the research direction for the Center, forming the laboratories, creating a Masters Degree program and initiating industry and government partnerships for access and funding.

Dr. Burnham left Georgia Tech to begin a new cyber security program at the University of Nebraska, the Nebraska University Center on Information Assurance (NUCIA), serving as the founding Executive Director. During his time directing NUCIA, Dr. Burnham built undergraduate, Master’s and Doctoral level degree programs, and led one of the largest information assurance outreach programs in the country, with over 250 industry and government participants.

Dr. Burnham has been employed at Idaho, Sandia and Los Alamos National Laboratories. He is a member of the Cyber Crimes Task Force, IEEE and the InfraGard Executive Committee, and served as the technical advisor for the US delegation to the NATO Office of Security, Technical Working Group. He also served on the Advisory Board (SAG) to US STRATEGIC COMMAND under five of its last Commanders.
"
Also, on January 3rd, the website stated in a FAQ, "ProjectVIGILANT is a membership group that began in the summer of 1996 and functioned as DIY club and began experiments on turning FreeBSD machines into Sun Microsystems by rewriting port headers and some other tricks. We were (our clients) being attacked from a large storm from Asia and we needed something to collect the information. For there we have grown to a diverse Limited Liability Firm. We are still built on a base of American’s who have the same goals towards the safety and security of the nation."

Two other brief postings claimed, "Glyn Gowing is the Deputy Director of Science, Technology, Engineering , and Mathematics (STEM)" and "Board of Advisor member Jim Christy will be stepping in to aide Blaine Burnham, Ph.D in the formation of that Attribution Academy."

"ProjectVIGILANT formed an educational division called the Attribution Academy (AA) effective immediately," the website claimed on January 4th. "This joint venture among a number of organizations was created to fill the void for education in event, attack, and cyber attribution and is led by Blaine Burnham, PhD (Mathematics); and is joined by Jim Christy (SA Retired) as Blaine’s second. Heading the Science, Technology, Engineering and Mathematics (STEM) is Doug Jacobson, Ph.D and Glyn Gowing, Ph.D is his Deputy. The format allows for both in person classes, research, and semester Internships; and virtual classes for remote students."

Another post on January 4th claimed that Homeland Security Defense Coalition instructor Kelli Waxman would be joining the faculty and provided the following biography:
"Kelli Waxman, BA, MBA, is an Instructor with the Homeland Security Defense Coalition. She is a Private Investigator is the Founder/President of National Security Consulting & Investigations PLLC, Founder/CEO of Waxman Associates LLC and Founder/CEO of AviWax Enterprises LLC. She has a B.A. in Sociology, an MBA in Human Resources/Business Finance, and post-graduate certifications and course work in Homeland Security, Infrastructure Protection, Psychology, Psychiatry, Medicine, Bioterrorism, Counter-terrorism, Hazardous Materials, Radiological Terrorism, Cybersecurity, Digital Forensics, Adolescent Psychopathology and Criminology.

Ms. Waxman’s investigation specialties include internet national security, criminal behavioral profiling, global internet linguistic research in 82 languages, threat prevention, intelligence analysis and development of proprietary investigative systems, target specific, technology aided. Ms. Waxman is the developer of a number of proprietary technological systems currently being patented to aid law enforcement in the fields of cyber-security, counter-terrorism, cyber-bullying, national security threat prevention, penetration testing and homeland security education.

Ms. Waxman is a seasoned veteran educator in the public, private and government industry developing and teaching adult educational courses, community and university courses, public awareness courses/seminars, curriculum development, program development and workforce/labor job development. Her private business industry experience has included a variety of consulting projects including human resources training and course development, border issues, military and war curriculum development, terrorism and cult-related law enforcement consulting, development of programs for the extraction of gang members from cults/gangs, development of horse therapy programs, development of re-entry programs for long-term foster children with PTSD, and program development and intervention for reactive attachment disordered youth.

Ms. Waxman has worked in the university, public and private sectors in behavioral health, program administration, juvenile justice, workforce development and behavioral programming. Ms. Waxman has completed a number of FEMA courses from the Emergency Management Institute, TEEX, Texas A&M, Rush University Medical School Counter-terrorism series, University of Nebraska Medical School courses on sociopathology and severe personality disorders and hundreds of courses from various MEDSCAPE providers. Ms. Waxman is a 3rd degree brown belt in Kenpo Karate and a former 100-mile high altitude endurance horse rider/racer. Ms. Waxman is a former extreme hiker having hiked rim-to-rim-to-rim in Grand Canyon 5 times to date, within 2.5 days, and an advanced classical pianist.

Ms. Waxman’s awards have included various musician awards, Stanley Kaplan scholarship, Honoree, International Association of Business Leaders (2011), Global Directory of Who’s Who (2010), Stanford Who’s Who (2010), International Who’s Who of Professional and Business Women (1998), University of Arizona Honors Society (1984-1989), Who’s Who Among Students in American Universities & Colleges (1986), Cambridge Who’s Who (2010), and Golden Key National Honor Society (1986). Ms. Waxman is a current member of the National Investigative Security Professionals (NISP), United States Association of Private Investigators (USAPI), National Association of Investigative Specialists (NAIS), Society of Human Resources Management (SHRM), High Technology Crime Investigation Associations Inc(HTCIA) (pending), and is a Federal Subject Matter Expert with Infragard (FBI program).
"
According to the last post at its website, "ProjectVIGILANT is making a series of press releases and will consider requests for interviews via email or phone. The releases are said to be in support of the Attribution Academy and the concomitant release of the Journal of Cyber Attribution; as well as an arm length list of other major and minor announcements. The releases are also said to be available within the week."

But between January 4th and today, the server for the Project Vigilante website can no longer be found on the Internet.



The world will - no doubt, anxiously - have to wait and see if this was another hoax or if the group jumped the gun with its website and press releases will actually be released this time.

No comments: