Tuesday, October 9, 2012

More members from secretive, oddball Project Vigilant group revealed

1/6/16 Update: See new article, "The Return of Project Vigilant: Former NSA manager Blaine Burnham and DoD Cyber Crime Center director Jim Christy allegedly help form Attribution Academy"

10/14/12 Update: Adrian Lamo's 2009 stalker troll is Project Vigilant volunteer; Scrubs Facebook page after I outed him on Twitter; Pulls clown act to pretend he's not in Hack The Hackers...

10/10/12 Update: Project Vigilant Chet Uber told Wired reporters Kim Zetter and Kevin Poulsen in August of 2010 that Adrian Lamo had been volunteering for "about a year"; In June of 2010 interview Lamo told CNET that he "and the FBI wanted to continue feeding [Bradley Manning] disinformation...

Interviews, messages on Facebook from Project Vigilant director suggest Adrian Lamo - the hacker who turned in Bradley Manning - had been "volunteering" for "secret group" since 2009; "Whiz kid" Intelligence Directorate accused of plagiarism

DEVELOPING... More members to be revealed over the next week or so... Read "Bradley Manning Facebook friend was a security and risk management expert" for some more background details...

On June 21, 2010, San Francisco technology columnist Mark Albertson wrote an article for Examiner.com called Secret group aids fight against terror: the first story about "unpaid volunteers" who had allegedly been "patrolling the Internet for many years."

"For the past 14 years, a significant volunteer group of U.S. citizens has been operating in near total secrecy to monitor and report illegal or potentially harmful activity on the Web," Albertson wrote.

Since that article was published, a number of journalists and bloggers have suspected that the hard-to-believe group was a hoax, a fraud or a front, due to its underdeveloped website, strange director, and conflicting stories spun by the "unpaid volunteers" to the media.

But in August of 2010 at a DefCon event, when the director claimed that he played a background role in the arrest of US soldier Bradley Manning, many journalists and bloggers changed their dismissive tune. Manning was arrested in late April that same year, days after revealing to Adrian Lamo - who either joined Project Vigilant before or after - that he had been leaking classified material to the international non-profit media group, WikiLeaks. A video Manning named "Collateral Murder" which showed footage of a 2007 US Apache helicopter strike in New Baghdad, Iraq that killed at least eighteen people helped put WikiLeaks "on the map", Ellen Nakashima wrote for The Washington Post in April, 2011.

Declan McCullagh reported in a August 10, 2010 article for CNet.com that Lamo "became Project Vigilant's associate director for adversary characterization about half a year ago," but both have ducked questions about the claim. In an interview with Elinor Mills published on June 24, 2009 at CNet.com, Lamo said he was "looking at an option as a staff scientist in what's called 'adversary characterization,' figuring out who is going to break into your s*** before they do it and how they're going to do it before they even formulate the plan," but told her "it would be inappropriate to specifically state who I would be a staff scientist for."

Lamo told Mills that he was working as "a threat analyst for a privately held company," which he revealed was Reality Planning LLC, but he didn't tell her it was his own firm, and that he may have been its only employee, at the time (In January of 2012, Reality Planning LLC lists a workforce size of 5-10). In a February 1, 2010 article, also written by Elinor Mills, Lamo was referred to as a "threat analyst."

"Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups," Kim Zetter and Kevin Poulsen reported for Wired on August 1, 2010. "He helped define the roles, tools and methods intruders would use to conduct such attacks."

Also worth noting is that six months before Manning's arrest, Albertson - who would later "out" Project Vigilant in an exclusive - wrote a November 2, 2009 article called "Adrian Lamo knows your number", that referred to him as "a working journalist who is frequently called upon to give speeches at security conventions and various 'cybecrime' gatherings", and predicted he "may soon become an ever bigger celebrity if a movie – Hackers Wanted – is ever released."

On May 6, 2009, Project Vigilant Director Chet Uber left a comment on Adrian's Facebook page - which he named "Felon" - after the "Hackers Wanted" trailer was leaked and Lamo joked, "It's about time someone did this, even if I do want to strangle the writer just a bit. Also - Russia? That's a bit far from Los Angeles." Uber "Liked" the link and wrote, "Thanks for sharing." After Lamo wrote that he needed a new iPhone on December 28, 2009, Uber wrote, "oh pooo baby have to get a new top of the line toy, I am sooooooo sad."

On April 21, 2009, Uber apparently knew Lamo well enough to refer to his wife: "OK this has gone way past a writing obsession. Lauren, I am pretty sure this developed into a sexual fetish with stalker overtones. LOCK UP YOUR MAN!"

In September of 2003, after the FBI issued a warrant charging Adrian Lamo with computer hacking crimes and couldn't find him at his parents' house, the then 22-year-old hid out for a few days and called Kevin Poulsen - a longtime friend and former hacker who later published the Manning-Lamo chat logs as an exclusive for Wired. Poulsen reported for Security Focus that Lamo "did not plan to turn himself in until after conferring with [his] attorney," and "quipped about the proper etiquette of being arrested by the FBI, and suggested jokingly that SecurityFocus should purchase the publication rights to a favorite photo."

The "homeless hacker" pleaded guilty in January of 2004 and was sentenced to "six months of home confinement," and "two years of probation and ordered to pay more than $64,900 in restitution, after he hacked into the New York Times internal computer network, accessed and modified confidential databases and used the paper's LexisNexis account to conduct research, according to a spokesman for the U.S. Attorney's Office for the Southern District of New York," Paul Roberts reported for Computer World July 16, 2004.

"I think this is unsporting of the New York Times," as a fugitive from justice, Lamo told his friend, because after hacking the paper he had warned "the Times of their vulnerability through a SecurityFocus reporter," in February of 2002, Poulsen reported. Poulsen was the reporter who got the exclusive on the hacking and presumably contacted the Times in Lamo's behalf. Times spokesperson Christin Mohan released a statement in 2002 that the paper was "actively investigating a potential security breach" and "[b]ased on the results of this investigation we will take appropriate steps to ensure the security of our network." Poulsen also noted, "In September, the hacker used a vulnerable Web-based production tool to tamper with a wire service story on Yahoo! News, deliberately choosing an old story to minimize the impact."

"I still owe the federal government roughly $60,000 in restitution to Microsoft, LexisNexis and The New York Times," Lamo told PBS Frontline in February of 2011, but ducked questions from me on Twitter, on whether he paid it off, since his firm Reality Planning LLC "had $135,000 in 2011 revenue," which may have included a defense contract from the US government.

According to a online profile, Lamo's Reality Planning LLC "engages in information assurance services (security analysis, 'red team' testing, etc) & creative resolution to issues relating to the occlusion / unavailability of 3rd-party information resources occasioned by technical or diplomatic limitations."

Three days after he was discharged from his forced institutionalization and eleven days before speaking to Manning, Lamo tweeted seven times about Reality Planning from May 10 to May 17 of 2010, mostly complaints about allergies and yawning.

Lamo also is listed as the registrant for SETEC ASTRONOMY, which is an anagram for "too many secrets," that was used in the 1992 Robert Redford movie spy movie "Sneakers." A plotline from the movie involved how "the NSA ha[d] intercepted some transmissions from the Russians to a certain mathematician named Dr. Gunter Janek, who's working on some sort of 'black box' dealing with cryptography under a project called Setec Astronomy."

As a blog noted in March of 2011, www.setecastronomy.org was registered on August 21, 2009, and the now-scrubbed site claimed, "This is a Tor Exit Node It is distinctly likely that you are reading this because you had some issue with the traffic coming from this IP address. This machine is part of the Tor Anonymity Network, which is dedicated to providing privacy to people who need it most:- ordinary computer users - i.e. people like you......Email address: adrian@setecastronomy.org."

"I'm at SETEC ASTRONOMY (3 Embarcadero Center, San Francisco). http://4sq.com/9ea2bD ," Lamo tweeted on April 12, 2010. Two days later, he tweeted, "Adrian Lamo checked in at SETEC ASTRONOMY. 'Brrrrcld.'"

The whois for SETEC listed a Wilmington, Deleware for Reality Planning LLC, and bizapedia.com claims Lamo's firm was registered on 3/19/07. Another whois listing links that address to a website called FaithManages.org that was registered on September 15, 2011. Lamo's Wikipedia entry notes, "When approached for comment during his criminal case, Lamo frustrated reporters with non sequiturs such as 'Faith manages', (probably a reference to science fiction television show Babylon 5) and 'It's a beautiful day.'"

On September 16, 2012, Lamo tweeted, "Hey, does anyone remember the web site that listed unusual .mil patches? Someone mentioned a SETEC ASTRONOMY one, wanna see if it's there."

Searching for information on Lamo leads journalists into rabbit hole after rabbit hole, which might be the point. Lamo's press releases sometimes include silly lines such as, "Although Lamo is an officer in Reality Planning LLC, a business intelligence interest, Adrian Lamo is Adrian Lamo's premiere information security concern."

"My plan initially was not to see him arrested. I and the FBI wanted to continue feeding him disinformation," Adrian Lamo told Elinor Mills in a story published on June 7, 2010 at CNET.com. She added, "However, the criminal investigation unit of the Army had other plans, he said."
"'If it was just the video, I would have left the issue alone, and frankly, he would have had my kudos--and he still does,' Lamo said. 'But it wasn't just the video. It was a lot of information that was unrelated to our activities in Iraq and Afghanistan or the war on terror at all, including information about some of our major trading partners.

Asked to elaborate, Lamo said he couldn't say more, except that the sensitive information had to do with code words and that it was 'top-secret sensitive, compartmentalized information.''
Constitutional lawyer and blogger Glenn Greenwald wrote an article for Salon on December 27, 2010 called, "The worsening journalistic disgrace at Wired," which was a sequel-of-sorts to a column he wrote that June on the "long, strange and multi-layered relationship between Poulsen and Lamo."
"But now there are new facts making all of this stranger still, and it all centers around a man named Mark Rasch. Who is Rasch? He’s several things. He’s the former chief of the DOJ’s Computer Crimes Unit in the 1990s. He's a 'regular contributor' to Wired. He's also the General Counsel of 'Project Vigilant,' the creepy and secretive vigilante group that claims to gather Internet communications and hand them over to the U.S. government. Rasch is also the person who investigated and criminally pursued Kevin Poulsen back in the late 1980s and early-1990s, thus helping to put him in prison for more than three years (added: see the post here, near the bottom, regarding Poulsen's objections to this sentence and the evidence that supports it). As detailed below, Rasch also has a long and varied history with both Poulsen and, to a lesser extent, Lamo. And — most significantly of all — Rasch is the person who put Lamo in touch with federal law authorities in order to inform on Manning."
At Wired, Poulsen countered, "Nearly half of [Greenwald's] article is devoted to a characteristically murky conspiracy theory involving a well-known cybercrime attorney and former Justice Department lawyer named Mark Rasch. Rasch is one of three people that Lamo sought for advice while looking to turn in Bradley Manning. The blockbuster, stop-the-presses, 'incontrovertibly true' disclosure with which Greenwald caps his piece? That Rasch once prosecuted me for hacking the phone company."

The 'regularly contributes to his magazine' part is apparently a reference to two 2004 opinion pieces in Wired magazine," Poulsen added.

Greenwald argued back, "Rasch then proceeded to have numerous interactions over the years with Poulsen — and then end up as the person who helped direct Lamo to government authorities to inform on Manning — is absolutely relevant and is something that should be disclosed when Poulsen writes about this case.
"My claim that he was a 'regular contributor' to Wired was based on numerous sources, apparently including Rasch himself. From Rasch's biography on the SCIIP Board of Advisers: 'He writes a monthly column in Symantec's Security Focus online magazine . . . and is a regular contributor to Wired magazine.' His biography as a guest on The Charlie Rose Show states that he 'is a regular contributor to Wired magazine.' His own prepared biography makes the same claim ('a regular contributor to Wired Magazine'). If Rasch has nothing to do with Wired other than the single article, then there is obviously no disclosure issue, but it also means that someone has been making false claims about Rasch's relationship to that magazine."
Greenwald also noted that Rasch "close to 40 times [had] been cited as a source in Wired articles, including — as I documented in my piece on Sunday — multiple times by Poulsen and [Kim] Zetter [who co-wrote the June 6, 2010 exclusive about Manning's arrest]."

As I reported on Twitter two weeks ago, "Since 2007, @KimZetter used @mdrasch as source on 11 @Wired stories but oddly stopped after 12/27/10 @ggreenwald story [link]." Rasch has only been quoted sparingly at Wired by other writers, as well.

On September 26, 2012 I tweeted, "After @ggreenwald nailed @kimzetter @kpoulson for leaving out @mdrasch role in Manning case, @Wired fired back weakly" and "@mdrasch wrote columns for Symantec's "Security Focus" which hired ex-con @kpoulsen who wrote puff piece on @6 in 2001." Lamo argued back, "@ronbryn Mark Rasch had no substantive role in the key events. No one was 'nailed' by Glenn. Rasch was simply counsel to someone involved." While Poulsen just ignored everything I tweeted, and chose instead to mock me: "@ronbryn Don't you see! It's all connected! Wake up sheeple!"

A day after Lamo turned himself in to the federal courthouse, Rasch was quoted in a September 10, 2003 Security Focus article by Kevin Poulsen, in which he accurately complained that the Times appeared to be inflating the LexisNexis charges.
"'Three hundred thousand dollars seems very high, and it seems very unlikely it's what LexisNexis would charge,' says Mark Rasch, an attorney and former Justice Department cybercrime prosecutor. The question is more than academic. The $300,000 figure raises Lamo's maximum sentence under federal guidelines from six months in detention, to more than three years in prison, assuming no criminal history and a guilty plea, according to an analysis by Rasch. 'It's the difference between going home at the end of the day, and spending more than three years in jail,' says the lawyer."
A few weeks later on September 29, 2003, Rasch also wrote a column for Security Focus, claiming that he was not an "apologist for hackers like Adrian Lamo, who, in the guise of protection, access others' computer systems without authorization, and then publicize these vulnerabilities."
"When Lamo did this to the New York Times, he violated two of my cardinal rules: Don't make enemies with people appointed for life by the President of the United States; and don't make enemies of people who buy their ink by the gallon.

Now, in the scope of prosecuting Lamo, the FBI is doing the hacker one better by violating both of these precepts in one fell swoop.

The Bureau recently sent letters to a handful of reporters who have written stories about the Lamo case -- whether or not they have actually interviewed Lamo. The letters warn them to expect subpoenas for all documents relating to the hacker, including, apparently, their own notes, e-mails, impressions, interviews with third parties, independent investigations, privileged conversations and communications, off the record statements, and expense and travel reports related to stories about Lamo.


And yet the FBI publicly announced to the world, through a Wired.com reporter, their intention to subpoena every journalist who ever talked to Adrian Lamo. Apparently, the FBI can talk about their intention to subpoena reporters, and mention specific reporters' names in the Lamo affidavit, but if journalists have the temerity to mention it to their own lawyers, this could devastate the prosecution.

I've never spoken to Adrian Lamo, but I am sure that by writing this article, I am making myself a target for subpoenas, search warrants (government, take note that the law prohibits search warrants for reporter's notes) and demands to preserve evidence. All I have to say is, quoting President George W. Bush, 'Bring it on.'
'Big names' of Project Vigilant revealed, so far

Even though Project Vigilant's director has claimed that the group has as many as 600 "unpaid volunteers" working for it, only about a dozen names have been linked, so far. "Vigilant also claimed to have 'collection officers' in 22 countries that gather intelligence or coordinate networks in person," Glenn Chapman reported for AFP on August 1, 2010. Director Chet Uber claimed Project Vigilant was "in a drive to be at 'full capacity' by adding 1,750 'vetted volunteers' by the year 2012," Chapman noted
However, on August 21, 2012, Albertson reported, "Uber says that Project Vigilant has expanded its volunteer force from 500 in 2010 to a current level of 750, with the biggest increase coming in Project Vigilant's core volunteers (defined as people who work 5 or more hours per week) who today number 125." In his "exclusive" June of 2010 columns, Albertson spoke on-the record to Uber and - according to his own accounts - a shadowy Democratic operative named Neal Rauhauser who somehow managed to hook up with liberal bloggers, Anonymous hacktivists, and members of the Occupy Wall Street movement, even though he belonged to a group which essentially spied for the government. Since early 2010, Rauhauser has spent much of his time harassing conservatives, critics, journalists (including me) and bloggers, but somehow argues that it's the other way around.
"Finding information about Project Vigilant is not easy. They have a public webpage that reveals little information about the group. Names of the volunteers are stored in such a way that they are not accessible from any network. Access to the work of the group by its own members is highly controlled and monitored.

The group’s collaboration with the U.S. Government is handled through another highly secure web portal which supports protected email, chat and other features.
In a follow-up column published on June 22, 2010, Albertson revealed "Big names help run Project Vigilant." He wrote, "It’s tempting to look at a secret group of cybercrime “monitors” and dismiss them as a group of lightweights trying to play cops and robbers in the Internet world. Nothing could be farther from the truth."

Aside from Project Vigilant General Counsel Mark Rasch, who "led the Department of Justice computer crime unit" for nine years, and Director Chet Uber, who claimed to be "a founding member of InfraGard (a partnership between the FBI and the private sector) and a longtime participant in AFCEA (Armed Forces Communications and Electronics Association)," the other "big names" outed were Cybercop co-founder "Kevin Manson, who serves as Project Vigilant’s liaison with state and federal law enforcement groups", second in command George Johnson, who "was handpicked by DARPA (the Defense Advanced Research Projects Agency – part of the U.S. Department of Defense) to develop secure tools for the exchange of sensitive information between federal agencies," Ira Winkler, "president of the Internet Security Advisors Group and...former employee of NSA (National Security Agency)," and "Suzanne Gorman, one of Project Vigilant’s top leaders,...a former security chief for the New York Stock Exchange [who] is widely viewed as one of the foremost experts on Web threats in the financial services world."

In August of 2011, blogger Bailey Carlson took a "Closer look at Project Vigilant," adding some other names to the list.
"Blaine Burnham formerly NSA Information Security expert between 1987-1998. Before the NSA, Blaine worked at the Los Alamos National Laboratory developing tools and techniques to achieve higher levels of Information Security to secure the US national nuclear weapons arsenal. He is now the executive director of Nebraska University Consortium on Information at University of Nebraska.

Blaine['s] position with Vigilant is listed as Independent Validation & Verification.

Wayne Wilson has US Top Secret security clearance. He has worked with military contractor Northrop Grumman and Department of Defence contractor The Yellowstone Group where his primary focus was on 'Cybersecurity and Linguistics for the NSA and other Agencies'.
Carlson also named AJ Fardella, "Contracted for Secret Service, DOJ, DEA" Richard Brandt, "former Journalist for BusinessWeek" Mike Tomasiewicz, "ConAgra Foods Sys Admin, certified as InfoSec professional" Doug Jacobson, "Professor of Electrical/Computer Engineering at Iowa State University, founder of Cybersecurity business Palisade Systems" and Christophe Veltsos, "Faculty of Computer Information Science at Minnesota State University."

In August, Albertson added "Jeff Bardin (Assistant Director, Intelligence and Analysis – Middle East Desk, Chief Intelligence Officer for Treadstone 71)" to the list of members, and "some major leaders in the computer and Internet world who are not members of the group, but were willing to talk for this story about their support for Project Vigilant’s work."
"These include Vint Cerf, Vice President for Google and widely recognized as the 'father of the Internet,' Bill Cheswick, a highly-regarded Internet security expert, and Winn Schwartau, one of the world’s top experts on cyberterrorism. 'I know an awful lot of people who are involved with Project Vigilant,' says Schwartau."
However, Cheswick appears to have had more involvement with the group, since a follow-up article by Albertson published on August 22, 2012 noted, "The group has also acquired the data generated by Bill Cheswick, a legendary security expert, whose Internet Mapping Project has emerged as the most complete picture to-date of the enormously complicated vines that link web servers around the globe. 'I may be the only person who ever pinged a U.S. nuclear submarine,' Cheswick recounts proudly." While employed as a computer scientist for AT&T Bell Laboratories in 1991, Bill Cheswick "set up a hacker honeypot to snag and study break-ins over the modems at the Labs." Cheswick wrote a paper about how "we led this cracker on a merry chase in order to trace his locations and learn his techniques."

And [Editor's Note: This paragraph won't be added until I finish this article, since I don't want to compromise a source for some of my research, at this time. Uber, Lamo and Rauhauser have done a lot of scrubbing since I began reporting on this story over a year ago, and then mock me for "hallucinating" what was once available for all to see on the world wide web.].

Intelligence Directorate James Smith monitors #AntiSec in IRC chat rooms

From December 5th-to-6th of 2011, EC-Council's CISO Executive Summit included speeches by Ira Winkler, Jeff Bardin and James Smith who was billed as the Intelligence Directorate at Project Vigilant. According to a biography pasted at the CISO website, "James Smith is a Certified Ethical Hacker. He founded SmithwaySecurity, an independent cyber-security research firm, in 2009. He is an International Member of the Intelligence Directorate for Project Vigilant LLC and currently serves as an Intelligence Analyst. He holds a string of industry qualifications including MCSE, Network+ and IT Security, namely Security+ and CEH. His experience ranges from networking and web application penetration testing, adversary characterization, attack attribution and intelligence gathering. Aside from Security, James works in Network Administration for IBM and Bell Aliant."

Smith's LinkedIn resume adds that he lives in New Brunswick, Canada, and is also a Technical Analyst for Innovatia, and that he used to work for IBM Global Services and Griffith Colson Intelligence Service.

Smith is also scheduled to speak at the Global CISO Forum, which will be held on October 29 and 30 in Miami, Florida. According to a message Smith wrote on his Facebook page, he'll be "[s]peaking about SAP Security with a few others :)."

On his Facebook page, Smith's "Likes" include Palantir Technologies, HBGary, BlackBag Technologies, Hack The Hackers and Anti-WikiLeaks.

On November 9, 2011, Project Vigilant director Chet Uber wrote the following recommendation for Smith on LinkedIn, "James is well versed in INFOSEC and has a strong interest in the fields of Attack Attribution and Intelligence. He has been an ENCLAVE Member of ProjectVIGILANT LLC since we took over BBHC and prior. He was easy to vet, is polite, hard working and shows strong potential to move upwards to the next grade of Intelligence Analyst. We put a lot of faith in James."

In January of 2012, using his smithwaysecurity com email address in a discussion called "Rate Stratfor's Incident Response" posted at seclists.org, James Smith told Laurelai Bailey and others, "This mailing list is a big part of the IT Security community." In December of 2011, Stratfor was hacked and founder/CEO George Friedman confirmed a month later, that "customer credit card and other information had been stolen."
"From the beginning, it was not clear who the attackers were. The term 'Anonymous' is the same as the term 'unknown.' The popular vision of Anonymous is that its members are young and committed to an ideology. I have no idea if this is true. As in most affairs like this, those who know don't talk; those who talk don't know. I have my theories, which are just that and aren't worth sharing. "
On February 27, 2012, "WikiLeaks began publishing The Global Intelligence Files more than five million emails from the Texas-headquartered 'global intelligence' company Stratfor."
"The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods..."
Anonymous took credit for the hacking, Stratfor claimed that many of the emails released by WikiLeaks were altered or forged.

On June 28 of 2011, Gawker's Adrian Chen claimed, the FBI raided Bailey's "home because of her connections" to the hacking group Lulz Security.
"At about 11 am last Thursday, 29-year-old Laurelai Bailey heard a knock at her Davenport, Iowa home. She found around eight FBI agents swarming at her doorstep, search warrant in hand. But the agents politely 'told me they weren't there to arrest me,' Bailey tells us in an interview.

Instead, they had some questions about hackers Bailey had been hanging out with online. They told Bailey they were investigating a February attack against the security firm HBGary by an elite group of hackers associated with the hacktivist collective Anonymous. Those hackers would later break away from Anonymous to form Lulz Security, who attacked the FBI, PBS, and the CIA in a well-publicized spree before calling it quits this weekend amid increasing pressure and the arrest of a purported member in England.

Bailey's conversation with the feds lasted about five hours, during which she told them everything she knew. But Bailey says she knew nothing that anyone couldn't find out themselves, using leaked chat logs and Google. The feds also asked if she could infiltrate the group.

Chen added, "But Bailey insists she was never a member of LulzSec, nor has she ever engaged in illegal hacking. In the chat logs she leaked, she is seen chatting freely with the hackers as the HBGary hack unfolded,, offering advice, kibitzing—even giving suggestions for a logo. But she says she became close to the hackers through her involvement with Crowdleaks, a Wikileaks-focused news website. She claims she was in the room during the HBGary hack simply acting as a reporter for Crowdleaks." FBI Raids Iowa Woman's Home in Lulz Security Hacker Investigation 'They wanted to know if I could get close to them,' Bailey says. 'I told them these people hate me... it wouldn't do any good." Bailey says Lulz Security hackers hold a grudge against her for leaking logs from the secret chat room in which they planned the HBGary hack—which she says she did in retaliation for them harassing some of her friends. (We later published an article based on the logs.) When the interview was over, the agents carted off a couple of her hard drives, her camera and other computer equipment.
Smith also told Laurelai Bailey and others, "Well I have been in their irc chat rooms. A few of them are very Intelligent in Information Security. Well if you are only defining say #AntiSec- I would say about less then a third. As for the other 97% they just know how to attack and exploit vulnerabilities."

After another hacking claimed by Anonymous in January, Smith left many messages in a discussion seclists.org called "Megaupload.com seized," including, "I can only imagine the bloodbath this will cause.!!"

Adding to the mystery of Project Vigilant - and perhaps fuel to the belief that it's a hoax or front - Smith's SmithwaySecurity.com isn't currently accessible online. But an archive link from 2009, claimed, "SmithwaySecurity is a professional information security consulting company specializing in IT security assessments as well as security training services and policy development. Our innovative services will keep your organization protected from the latest security threats and assist you in acheieving the highest security levels. SmithwaySecurity has the experience and expertise to guide your organization through the ever changing information security challenges of today's business environment." The archived link also contains a welcome message posted June 12 2004.

Another archived link from some time in 2008 claimed, "Smithway Security is a website security company that provides security services to all clients. Our company runs 24/7 to keep our clients happy at all time. We specialize in website security and are up to date on all exploits that may harm your website or server."

The site claimed, "Our goal is to help clients and governments secure their servers and websites while maintaing a quality infrastructure," "[s]ome of the services we offer to our clients and government agency's around the world are Foot printing, Scanning, Patching, Denial of Service protection, Server maintains,Forensics, Tracing, VPN setup, Proxy blocking, SQL Injection protection, Pen tests, Arp, DNS poisoning, Firewall's, IDS systems, Encryption Network Surveillance, Snifing Protection, Stats Report and more,"Our security company is hard working and up to date on all the newest security practices. We are located in Canada. With years under our belt we are the security force of the future," and "We are an online based security company that offers our services world wide to many countries. We are located in the city of Saint john, New Brunswick You may email us at: j_fbi@hotmail.com and james@smithwaysecurity.com."

The j_fbi@hotmail.com email address was included in the "final" LulzSec hacking announcement.
"On June 26, 2011, LulzSec bids adieu by releasing their final data dump containing over 750,000 accounts some with emails and passwords in cleartext. These accounts were obtained from random sources including hackforums.net, nato-bookshop.org, and several gaming forums.

LulzSec announced the release in a Twitter post at https://twitter.com/#!/LulzSec/status/84758628325801984. The table below is the list of these accounts. The release contains also over 500,000 accounts with username and password combination from Battlefield Heroes Beta, a game published by EA. These accounts are tagged with bh in the list below. All passwords have been completely masked to protect the users from further attacks.
The following video, "Bluetooth snarfing," was embedded on Smith's website, and the description from YouTube notes, "Think your phone can get hacked. These guy's break the world record and hack a phone from over a mile away! As seen on TECHTV." One of the kids in the video is called James, and resembles James Smith's online photographs.

According to whois, Smith registered the website on March 6, 2008.

A profile at LinkedIn for SmithwaySecurity claims, "SmithwaySecurity, is an cyber defense firm, was born out of the need to help protect our businesses, government, financial and educational institutions and various organizations from vicious hackers. Our objective is to provide enterprise level information technology consulting to small and medium sized corporations and governments. The solutions that SmithwaySecurity delivers are not meant as a quick fix to your IT security challenges. Our solutions are well thought out."

Smith's profile on his Twitter account @JamesS755 claims SmithwaySecurity is "[d]elivering innovative and relevant solutions for today's global security challenges from providing IT security and intelligence."

SmithwaySecurity's Facebook account boasted on September 12, "We now have a few big clients from Europe, Thanks to Nemanja Gjorgjevic."

On July 30, 2011, a user claiming to be Andrew Wallace complained at wirelessforums.org, "A Canadian called James Smith going by the SmithwaySecurity has set up a Facebook page in which he has plagiarized and modified many posts I used to have on my blogspot blog."
"He has been contacted many times by me to remove the text from the 'notes' section of his Facebook page and also from his personal profile.

He appears to be doing it to get my attention.

He has failed to respond to my messages calling for the posts to be removed and I have threatened him with legal action.
An old version of Wallace's Twitter profile @awallaceuk claimed, he is "the founder of 'n3td3v - Security Solutions', an organisation which investigates hackers if they attack UK interests."

Homosexpionage? Lesbian lover of transexual Mata Hari calls Project Vigilant "whiz kid" a "genius at his job"

In March of 2011, an odd article at igossip.com written by J.J. Martin claimed, "Rumor has it that celebrity cyber-whiz kid James Smith, ceo of Smithway Security, will be awarded 'Cyber Security Hero of the Year Award', by GCIS Director Alysyn Bourque," which was allegedly based on an email sent by "Kayla Cohen, cyber security chief at GCIS and the girlfriend of intelcom chief Alysyn Bourque," who called him "a genius at his job."
"Smithway Security is credited with predicting several cyber threats in advance and is a rising star in the cyber security Industry.

"I think this guys has so much to offer. He wants the best for cyber security across the board and if we listen to what he has to say, we'll all be better for it", said Avivah Beiser, a GCIS staffer.

Smith is currently planning a hacking contest to test cyber security measures.
If Project Vigilant seems strange, then Griffith Colson Intelligence Service (GCIS) has to be off-the-charts, and reporting on the following rabbit hole is almost embarrassing.

According to an article called "HoneyTraps. Sex & Spy Babes written by Nava Adler for Security Industry News Today and published at OutMilitary.com on February 23rd, 2011 by Kayla Cohen, Alysyn Bourque "wrestled control of the agency from her former lover and agency co-founder Will Griffith and turned GCIS into a female dominated firm, complete with an equally exotic team of impressive babes, [and] knows the power her female agents have."
"Bourque ended her romantic relationship with Griffith in 2009 after she learned he had once worked as a transvestite prostitute. While Griffith has been credited with being an expert in ‘homosexpionage’, it didn’t sit well with Bourque and failed the test in what she demanded of a relationship. Griffith’s less than masculine performance left Bourque underwhelmed and unsatisfied. She remains friends with Griffith, who has since admitted that he’s gay.


...Openly lesbian, Bourque has proven an effective intelligence chief. She has built her agency into one of the most effective private intelcom agencies anywhere and continues to expand. Her operatives, often said to use their exotic, seductive qualities to gather field intelligence for clients, are at the top of their game.

Another GCIS operative Kayla Cohen (left), is Deputy Director of Cyber Security. Also a lesbian, she is the picture perfect honeypot. As the top cyber spy for GCIS, Cohen is sexy, smart and, well, sexy. Cohen has said that Bourque's leadership of the agency empowered others like herself to 'come out'. When an Israeli rabbi blessed the use of female spies in 'honeytrap' or 'honeypot' stings in October of 2010 against terrorists,' Bourque (who is part Jewish) and her Jewish team of female ops had to smile from ear to ear. At the time, Cohen said sex was part of her daily diet and welcomed the ruling of the rabbi. Bourque encourages her agents to be feminine, sexy and willing to use those qualities in their work. The agency is quiet on whether or not sexual activity is actually employed as a method of operation.
In March of 2012, the [editor's note: highly reputable and trustworthy, I'm sure] igossip.com website claimed that the transexual Mata Hari Alysyn Bourque became a model, and is now the author of a lesbian book of poetry called "The BlackLight Chronicles" and "openly queer ex-lover and former transvestite hooker Will Griffith" is "known as EPICENIA in the art circle."

Available for sale at Amazon.com, the book description states, "Blacklight Chronicles is a contemporary work of the kind of literature often born into something classical, exotic and soulful, walking the line between passion and pain, and how the poet views her beloved and the embrace of the soul with the fire of their lust. It captivates the soul with love, sadness, vulnerability. It is both full of light and despair."

On June 27, 2012, SecurityTekNewswire claimed, "A new reality show is scheduled to premier later this year on NAIStv, the official broadcasting network of the National Association of Investigative Specialists. 'GCIS Los Angeles' will be a weekly half hour reality show that gives the viewer an inside peek into the world and work of Griffith Colson Intelligence Service (GCIS), a private intelligence communications agency."
"Focus on the daily work at GCIS will include the firm’s Cyber Security Task Force, led by the sexy Kayla Cohen, GCIS cyber security chief. Viewers will get a glimpse of Cohen as she monitors online terror recruitment sites and extremist social networks. One episode will be dedicated to the GCIS Digital and Cyber Narcotics Division.The show will also take a look into the GCIS Communications Command Center and we’ll follow the footsteps and a day in the life of GCIS Director W. Edward Griffith, head of the agency. Griffith is also Director-General of Machaseh Security Service, the GCIS Israel unit. Machaseh will also be highlighted in a series of planned episodes."
The website for GCIS claims, "Our mission to is to protect the security of the United States and her allies while attempting to secure the goal of peace. We respect the sanctity of all life, regardless of religion, politics, social affiliation, race, creed, gender, or sexual orientation."

Griffith Colson Intel Center has a bizarre tumblr account, which has everything from FBI alerts to strange stories on GCIS and a 2010 "holiday message from the GCIS family".
"As we approach Christmas, all of us at GCIS are thankful for the degree of your support and for enabling us to serve you better each day.

This has been a year that has brought with it attacks from those who do not sympathize with the vision we all share and we have become stronger because of it.

We have grown together because of your support, prayers and friendship. To wake up each day and continue the work we have charted is not just a job for us. Serving you is an honor and blessing.

I also want to express the honor the GCIS team shares in serving under a director who has the integrity, sense of mission and purpose to lead. Alysyn Bourque is not just the head of our agency. She is the head of our family. To serve under her is an honor and we thank her for her sacrifice and service. She has the ability to put aside personal issues to focus on the issues we all care about. With two young children, she certainly has her hands full. She never misses a beat and we look forward to her leadership as we enter 2011.
Adrian Lamo's 2009 stalker troll Baljeet Singh now becomes Project Vigilant volunteer

In the aforementioned April 21, 2009 Facebook post, in which Adrian Lamo and Chet Uber trade tweets with Lamo's wife and friends, references are made to a troll using the name Baljeet Singh.

At one point, Lamo wrote that Singh had left 21 messages in the thread, however, all of Baljeet's Facebook messages in the thread were later scrubbed.

Reporting on Chet Uber, Neal Rauhauser, Adrian Lamo often turns into a game, since the hackers like to scrub evidence to make journalists look paranoid. Rauhauser wrote a post at his blog last week called "Ron Brynaert hallucinates history", mocking me after he deleted all of his Tweets from his @StrandedWind account, including a tweets he sent to Lamo, which @6 replied to on May 21, 2010, the day Adrian first spoke to Manning on IM chat.

"@StrandedWind Indeed. They do quick work :)," Lamo said to Rauhauser, who was using his @StrandedWind twitter account, which he abandoned for public use later that year [I emailed Rauhauser to ask what the tweet meant; my guess is that it was reference to medication Lamo was taking that made him sleepy. I also asked about two tweets he sent to Lamo in 2011, which implied he might have sent Adrian a "snitch" hat when he was a paid informant for the Army CID, and if he knew about it].

"Lamo I have seen a couple of times in text chats hosted by PV," Rauhauser admitted in an email he sent me on January 12, 2012. "Never met him, never talked on the phone, we occasionally exchange sly insults via Twitter." Both Lamo and Rauhauser seem to go out of their way to argue they have no connections: Lamo contradicted himself when I asked about Rauhauser - as I reported in July. Yet Rauhauser claimed last week, "What Adrian does and what I do are radically different – we never crossed paths within PV. Go ahead and ask Adrian, if he responds at all he’ll confirm what I have just said about our non-relationship."

After I mentioned that Baljeet Singh worked with Chet Uber and Adrian Lamo as a volunteer at Project Vigilant on Twitter a few days ago on Twitter, he scrubbed his profile.

"Don't worry about it, Chet," Lamo tweeted. "Nothing here is an object of concern at this point." I responded, "Adrian, Why were you and @ChetUber talking about a 'future' Project Vigilant 'volunteer' based in Uttar Pradesh in 2009?"

Lamo trolled back, "Happily for all carbon-based life in that vicinity, the world need never know. ;)," then I tweeted, "I think the world does need to know why @6 and @ChetUber discussed 3rd Project Vigilant member year before #BradleyManning arrest." Then Lamo lamely mocked me with the title of a James Bond movie: "The world is not enough!"

But there are many other links between Singh and Lamo going back to 2009, and he forgot to delete his friending of Chet Uber on December 5, 2010 at his "I.AM.INTO.YOUR.SYSTEM Facebook page.

He changed his profile to claim he is the "Founder and President at Hack The Hackers", and left a nutty note on the group's page that reads like Pidgin English.
"Hell all members of HTH, Do me a favour plz, as u r the member of 'HACK THE HACKERS' plz record a video 'speak abt hack the hackers and whtevr u want to speak abt technology and hacking' of your minimum 2mins and email me. We use the video for the promotion."
His Hack the Hackers colleagues then pretend they've never heard of Singh, even though - as I show below - he's been with the Adrian Lamo group for almost a year, at least.

Although Singh's Facebook profile claims he lives in Mathura, Uttar Pradesh, - perhaps coincidentally since it's not an uncommon name - there happens to be a Baljeet Singh who lives in Carmichael, California, where Adrian Lamo's Reality Planning LLC is based, and he may be one of his employees. Regardless, the real Baljeet Singh and his alter ego has many, many ties to Lamo, going back to 2009, yet his Project Vigilant colleagues like to pretend they don't know him.

On May 16, 2012, at the Project Vigilant Facebook page, Singh left a note saying "Hello from India," yet Chet Uber acted like he never heard of him before, even though they'd known each other for at least three years. James Smith also left a message on that same thread, which was the first one on the group's account.

For some reason, there is a second Project Vigilant Facebook page, and more comments by Singh can be found there [unless or until they are scrubbed], in which he and Uber play dumb, acting like they never heard of each other before. A cryptic message from Uber posted on May 11, 2012 states, "This will be dealt with. This is not the official page, but I know why Adrian did this."

Uber continues, "I wish people would understand that there is nothing wrong with ProjectVIGILANT, but if anyone was to ask what you do there. The answer should be no comment. Anything else risks your status with the project."

Perhaps realizing that this Facebook page predated the other one, five days later, a befuddled Uber linked to the 2nd account and wrote, "Update Here is the official page actually, if I did build this I don't remember but the logo is old, and for the record this is our page with the new logo and not much more. While our market is Defense, we are formally an NGO acting as a Scientific Research Agency doing Attribution. I do not know of any clients in the end who would want our work. Whether we get to the point that we are a vendor I will change it back. Does that please you more @Baljeet?"

In an online 2600 meeting hosted a week ago by Adrian Lamo on October 5, 2012, Baljeet Singh was listed as one of the 86 attendees. And Lamo and Singh are also members of a group at profileengine.com.

Singh also calls himself Jeet Rock and he has two other Facebook accounts connected to that name: J33tr0ck and HACKERS.ARE.NOT.CRIMINALS. The latter one claims that he is the Founder and owner of the Facebook group IOCW "International Organization for Children Welfare" while the former one shared a link on January 6, 2012, via Niels Groeneveld [who is also linked to Project Vigilant, as I will report on soon], called ""US Government Accuses Bradley Manning of Aiding Al Qaeda." Both Baljeet Singh and his alter ego Jeet Rock can be found on Project Vigilant Intelligence Directorate James Smith's list of Facebook friends, as well.

At a November 30, 2011 post featured on the Hack the Hackers Facebook page, Adrian Lamo and Niels Groeneveld are listed as Admins for the "team" and Jeet Rock is the "Manager and Owner".

On May 21, 2009, using his alter ego Jeet Rock, Singh created an Orkut community group called Adrian Lamo "The Homeless Hack". 58 members, mostly from India, belong to the group, but not Lamo himself, who might be adhering to the Groucho Marx line famously quoted by Woody Allen in "Annie Hall": "I don't care to belong to any club that will have me as a member." There isn't much on the group's page, and it looks like it was abandoned in December of 2011, but a poll asks "Who is your fav. hacker?" Lamo came in first place, while Kevin Mitnick placed, but Kevin Poulsen received zero votes.

The notorious trio of US convicted criminal hackers Lamo, Mitnick and Poulsen once took a picture together, that has been featured on many blogs which have criticized the Wired reporter's relationship with the "homeless hacker".

To be continued...

No comments: