I think "Project Vigilant" is largely a publicity stunt, meaning it was just invented and it's so-called "history" is an extension of someone's imagination. As we say on my team, "This ain't my first rodeo." In other words, I've been around for a while. While I recognize some of the "principals" in this "group," I've never heard of them organized into a "project" -- certainly not with over 500 stealthy members!
I'm going to link to a few articles and offer my opinions on the content.
First we have the 21 June article Secret group aids fight against terror by Mark Albertson:
For the past 14 years, a significant volunteer group of U.S. citizens has been operating in near total secrecy to monitor and report illegal or potentially harmful activity on the Web.
14 years? Please. If they have been active for 14 years, why does no one I've asked know who these guys are?
The group claims over 500 current members, although their names and identities are still mostly secret. Their members comprise some of the most knowledgeable experts in the field of information security today and include current employees of the U.S. government, law enforcement and the military.
Over 500 members? And they've been able to keep such good OPSEC that no one knows who they are?
And if you want to work for them, don’t bother to ask. If they’re interested in you, they’ll find a way to get in touch.
Convenient!
Finding information about Project Vigilant is not easy. They have a public webpage that reveals little information about the group.
$ whois projectvigilant.us
Domain Name: PROJECTVIGILANT.US
Domain ID: D22426525-US
Sponsoring Registrar: WILD WEST DOMAINS, INC.
Registrar URL (registration services): www.wildwestdomains.com
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: CR18275784
Registrant Name: Steven Ruhe
Registrant Organization: BBHC Global LLC
Registrant Address1: 4828 North Kings Highway
Registrant Address2: #126
Registrant City: Fort Pierce
Registrant State/Province: Florida
Registrant Postal Code: 34951
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.7723326988
Registrant Facsimile Number: +1.8667288650
Registrant Email: steven.ruhe@bbhc-global.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: CR18275787
Administrative Contact Name: Steven Ruhe
Administrative Contact Organization: BBHC Global LLC
Administrative Contact Address1: 4828 North Kings Highway
Administrative Contact Address2: #126
Administrative Contact City: Fort Pierce
Administrative Contact State/Province: Florida
Administrative Contact Postal Code: 34951
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.7723326988
Administrative Contact Facsimile Number: +1.8667288650
Administrative Contact Email: steven.ruhe@bbhc-global.com
Administrative Application Purpose: P1
Administrative Nexus Category: C11
Billing Contact ID: CR18275789
Billing Contact Name: Steven Ruhe
Billing Contact Organization: BBHC Global LLC
Billing Contact Address1: 4828 North Kings Highway
Billing Contact Address2: #126
Billing Contact City: Fort Pierce
Billing Contact State/Province: Florida
Billing Contact Postal Code: 34951
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.7723326988
Billing Contact Facsimile Number: +1.8667288650
Billing Contact Email: steven.ruhe@bbhc-global.com
Billing Application Purpose: P1
Billing Nexus Category: C11
Technical Contact ID: CR18275785
Technical Contact Name: Steven Ruhe
Technical Contact Organization: BBHC Global LLC
Technical Contact Address1: 4828 North Kings Highway
Technical Contact Address2: #126
Technical Contact City: Fort Pierce
Technical Contact State/Province: Florida
Technical Contact Postal Code: 34951
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.7723326988
Technical Contact Facsimile Number: +1.8667288650
Technical Contact Email: steven.ruhe@bbhc-global.com
Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: NS57.DOMAINCONTROL.COM
Name Server: NS58.DOMAINCONTROL.COM
Created by Registrar: WILD WEST DOMAINS, INC.
Last Updated by Registrar: WILD WEST DOMAINS, INC.
Domain Registration Date: Mon Sep 21 23:36:10 GMT 2009
Domain Expiration Date: Tue Sep 20 23:59:59 GMT 2011
Domain Last Updated Date: Sat Jul 10 10:11:21 GMT 2010
Looks like they registered their Web site last September.
The group’s collaboration with the U.S. Government is handled through another highly secure web portal which supports protected email, chat and other features.
The article links to https://cybercop.esportals.com/ which is a link from the main Infragard site (once you log in). The main Infragard site is hosted elsewhere -- I have a login to that since I am an Infragard member.
Project Vigilant is funded by BBHC Global, an information security firm based in the Midwest, and private donations. Uber’s boss is Steven Ruhe, the Managing Member of BBHC Global. “I’ve always been a small town guy with big dreams, “ said Ruhe who was born and raised in Nebraska and sells Amway products on the side.
$ whois bbhc-global.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: BBHC-GLOBAL.COM
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS25.DOMAINCONTROL.COM
Name Server: NS26.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 28-mar-2010
Creation Date: 02-apr-2009
Expiration Date: 02-apr-2011
...edited...
Registrant:
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BBHC-GLOBAL.COM
Created on: 02-Apr-09
Expires on: 02-Apr-11
Last Updated on: 28-Mar-10
Administrative Contact:
Ruhe, Steven chet.uber@mac.com
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States
+1.7729401858 Fax -- +1.8667288650
Technical Contact:
Ruhe, Steven chet.uber@mac.com
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States
+1.7729401858 Fax -- +1.8667288650
Domain servers in listed order:
NS25.DOMAINCONTROL.COM
NS26.DOMAINCONTROL.COM
"BBHC Global" was just registered last April. Netcraft doesn't report seeing www.bbhc-global.com until June 2009.
Let's check out "Steve Ruhe." His LinkedIn profile says:
Steven Ruhe
Owner, T.G.B.S Construction, Managing Member - BBHC Global
Lincoln, Nebraska Area
Owner
Steven
Construction industry
January 2004 – Present (6 years 8 months)
I've wanted to be a business owner for as long as I can remember...
I work for me I build my dreams, work for someone else build there dreams.
This guy is "funding" this "project"?
So why is this group coming "out of the shadows?"
The group is looking to grow from its current level of 500 volunteers to upwards of 1600. Uber said that he will be recruiting experts in calculus and linguistics in the months ahead.
Each potential member of the group must go through a rigorous vetting process that culminates in an oath to defend the Constitution of the United States. “We tell our candidates that we have secrets and you have to keep them,” said Uber.
For every 12 potential new members under consideration to join the group, only 3 will ultimately be selected.
Good luck with that. I can't wait to see who applies.
The next major article is Big names help run Project Vigilant, on 22 June, again by Mark Albertson:
It’s tempting to look at a secret group of cybercrime “monitors” and dismiss them as a group of lightweights trying to play cops and robbers in the Internet world. Nothing could be farther from the truth...
Take Mark Rasch, Project Vigilant’s General Counsel... Chet Uber, the group’s current director, is a founding member of InfraGard (a partnership between the FBI and the private sector) and a longtime participant in AFCEA (Armed Forces Communications and Electronics Association)... One of Uber’s top lieutenants is Kevin Manson... George Johnson is the second in command for Project Vigilant... Another recent addition to the group is Ira Winkler... Suzanne Gorman, one of Project Vigilant’s top leaders, is a former security chief for the New York Stock Exchange...
So how many of those names do you recgonize? I know Rasch and Winkler, and I've asked others who know Manson. Chet Uber? AFCEA membership? Wow. Anyone can join AFCEA.
The last major article on this "group" is Stealthy Government Contractor Monitors U.S. Internet Providers, Worked With Wikileaks Informant by Andy Greenberg:
A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its "volunteers," researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April.
This is where I expect some real trouble. How do you feel about an ISP handing data to some group, who then sends it to "federal agencies"?
According to [Chet] Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can "develop portfolios on any name, screen name or IP address."
"We don't do anything illegal," says Uber. "If an ISP has a EULA to let us monitor traffic, we can work with them. If they don't, we can't."
And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn't clear, nor is how it scrubs its data mining for sensitive details.
The group doesn't look at PII, yet it develops "portfolios on any name, screen name or IP address"? I think it's time for some grown-ups to check out these guys. I don't think their activities will make those ISP's customers happy.
My guess is that Chet and friends are trying to jump-start a security company, so they make a big splash at Def Con and then try to hire a few people. What does anyone else think?
0 komentar:
Posting Komentar