Tuesday, August 03, 2010

Project Vigilant Is a Publicity Stunt

I think "Project Vigilant" is largely a publicity stunt, meaning it was just invented and it's so-called "history" is an extension of someone's imagination. As we say on my team, "This ain't my first rodeo." In other words, I've been around for a while. While I recognize some of the "principals" in this "group," I've never heard of them organized into a "project" -- certainly not with over 500 stealthy members!

I'm going to link to a few articles and offer my opinions on the content.

First we have the 21 June article Secret group aids fight against terror by Mark Albertson:

For the past 14 years, a significant volunteer group of U.S. citizens has been operating in near total secrecy to monitor and report illegal or potentially harmful activity on the Web.

14 years? Please. If they have been active for 14 years, why does no one I've asked know who these guys are?

The group claims over 500 current members, although their names and identities are still mostly secret. Their members comprise some of the most knowledgeable experts in the field of information security today and include current employees of the U.S. government, law enforcement and the military.

Over 500 members? And they've been able to keep such good OPSEC that no one knows who they are?

And if you want to work for them, don’t bother to ask. If they’re interested in you, they’ll find a way to get in touch.

Convenient!

Finding information about Project Vigilant is not easy. They have a public webpage that reveals little information about the group.


$ whois projectvigilant.us
Domain Name: PROJECTVIGILANT.US
Domain ID: D22426525-US
Sponsoring Registrar: WILD WEST DOMAINS, INC.
Registrar URL (registration services): www.wildwestdomains.com
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: CR18275784
Registrant Name: Steven Ruhe
Registrant Organization: BBHC Global LLC
Registrant Address1: 4828 North Kings Highway
Registrant Address2: #126
Registrant City: Fort Pierce
Registrant State/Province: Florida
Registrant Postal Code: 34951
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.7723326988
Registrant Facsimile Number: +1.8667288650
Registrant Email: steven.ruhe@bbhc-global.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: CR18275787
Administrative Contact Name: Steven Ruhe
Administrative Contact Organization: BBHC Global LLC
Administrative Contact Address1: 4828 North Kings Highway
Administrative Contact Address2: #126
Administrative Contact City: Fort Pierce
Administrative Contact State/Province: Florida
Administrative Contact Postal Code: 34951
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.7723326988
Administrative Contact Facsimile Number: +1.8667288650
Administrative Contact Email: steven.ruhe@bbhc-global.com
Administrative Application Purpose: P1
Administrative Nexus Category: C11
Billing Contact ID: CR18275789
Billing Contact Name: Steven Ruhe
Billing Contact Organization: BBHC Global LLC
Billing Contact Address1: 4828 North Kings Highway
Billing Contact Address2: #126
Billing Contact City: Fort Pierce
Billing Contact State/Province: Florida
Billing Contact Postal Code: 34951
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.7723326988
Billing Contact Facsimile Number: +1.8667288650
Billing Contact Email: steven.ruhe@bbhc-global.com
Billing Application Purpose: P1
Billing Nexus Category: C11
Technical Contact ID: CR18275785
Technical Contact Name: Steven Ruhe
Technical Contact Organization: BBHC Global LLC
Technical Contact Address1: 4828 North Kings Highway
Technical Contact Address2: #126
Technical Contact City: Fort Pierce
Technical Contact State/Province: Florida
Technical Contact Postal Code: 34951
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.7723326988
Technical Contact Facsimile Number: +1.8667288650
Technical Contact Email: steven.ruhe@bbhc-global.com
Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: NS57.DOMAINCONTROL.COM
Name Server: NS58.DOMAINCONTROL.COM
Created by Registrar: WILD WEST DOMAINS, INC.
Last Updated by Registrar: WILD WEST DOMAINS, INC.
Domain Registration Date: Mon Sep 21 23:36:10 GMT 2009
Domain Expiration Date: Tue Sep 20 23:59:59 GMT 2011
Domain Last Updated Date: Sat Jul 10 10:11:21 GMT 2010

Looks like they registered their Web site last September.

The group’s collaboration with the U.S. Government is handled through another highly secure web portal which supports protected email, chat and other features.

The article links to https://cybercop.esportals.com/ which is a link from the main Infragard site (once you log in). The main Infragard site is hosted elsewhere -- I have a login to that since I am an Infragard member.

Project Vigilant is funded by BBHC Global, an information security firm based in the Midwest, and private donations. Uber’s boss is Steven Ruhe, the Managing Member of BBHC Global. “I’ve always been a small town guy with big dreams, “ said Ruhe who was born and raised in Nebraska and sells Amway products on the side.


$ whois bbhc-global.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: BBHC-GLOBAL.COM
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS25.DOMAINCONTROL.COM
Name Server: NS26.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 28-mar-2010
Creation Date: 02-apr-2009
Expiration Date: 02-apr-2011
...edited...
Registrant:
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BBHC-GLOBAL.COM
Created on: 02-Apr-09
Expires on: 02-Apr-11
Last Updated on: 28-Mar-10

Administrative Contact:
Ruhe, Steven chet.uber@mac.com
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States
+1.7729401858 Fax -- +1.8667288650

Technical Contact:
Ruhe, Steven chet.uber@mac.com
BBHC Global LLC
5817 Sunberry Circle
Fort Pierce, Florida 34951
United States
+1.7729401858 Fax -- +1.8667288650

Domain servers in listed order:
NS25.DOMAINCONTROL.COM
NS26.DOMAINCONTROL.COM

"BBHC Global" was just registered last April. Netcraft doesn't report seeing www.bbhc-global.com until June 2009.

Let's check out "Steve Ruhe." His LinkedIn profile says:

Steven Ruhe
Owner, T.G.B.S Construction, Managing Member - BBHC Global
Lincoln, Nebraska Area

Owner
Steven
Construction industry
January 2004 – Present (6 years 8 months)
I've wanted to be a business owner for as long as I can remember...
I work for me I build my dreams, work for someone else build there dreams.

This guy is "funding" this "project"?

So why is this group coming "out of the shadows?"

The group is looking to grow from its current level of 500 volunteers to upwards of 1600. Uber said that he will be recruiting experts in calculus and linguistics in the months ahead.

Each potential member of the group must go through a rigorous vetting process that culminates in an oath to defend the Constitution of the United States. “We tell our candidates that we have secrets and you have to keep them,” said Uber.

For every 12 potential new members under consideration to join the group, only 3 will ultimately be selected.


Good luck with that. I can't wait to see who applies.

The next major article is Big names help run Project Vigilant, on 22 June, again by Mark Albertson:

It’s tempting to look at a secret group of cybercrime “monitors” and dismiss them as a group of lightweights trying to play cops and robbers in the Internet world. Nothing could be farther from the truth...

Take Mark Rasch, Project Vigilant’s General Counsel... Chet Uber, the group’s current director, is a founding member of InfraGard (a partnership between the FBI and the private sector) and a longtime participant in AFCEA (Armed Forces Communications and Electronics Association)... One of Uber’s top lieutenants is Kevin Manson... George Johnson is the second in command for Project Vigilant... Another recent addition to the group is Ira Winkler... Suzanne Gorman, one of Project Vigilant’s top leaders, is a former security chief for the New York Stock Exchange...


So how many of those names do you recgonize? I know Rasch and Winkler, and I've asked others who know Manson. Chet Uber? AFCEA membership? Wow. Anyone can join AFCEA.

The last major article on this "group" is Stealthy Government Contractor Monitors U.S. Internet Providers, Worked With Wikileaks Informant by Andy Greenberg:

A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its "volunteers," researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April.

This is where I expect some real trouble. How do you feel about an ISP handing data to some group, who then sends it to "federal agencies"?

According to [Chet] Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can "develop portfolios on any name, screen name or IP address."

"We don't do anything illegal," says Uber. "If an ISP has a EULA to let us monitor traffic, we can work with them. If they don't, we can't."

And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn't clear, nor is how it scrubs its data mining for sensitive details.


The group doesn't look at PII, yet it develops "portfolios on any name, screen name or IP address"? I think it's time for some grown-ups to check out these guys. I don't think their activities will make those ISP's customers happy.

My guess is that Chet and friends are trying to jump-start a security company, so they make a big splash at Def Con and then try to hire a few people. What does anyone else think?

45 comments:

Anonymous said...

If Mark Rasch is involved, then "publicity stunt" sounds very likely.

Anonymous said...

These guys are almost as talented as LIGATT.

Anonymous said...

I looked at more of the names then you did but have come to the same conclusion, publicity stunt either intended to be humor or credibility by fiat.

Anonymous said...

What is the second rule of 'project vigilant'? get publicity with false claims.

Anonymous said...

This article just made my day. Excellent writing about a not so intelligent group of people.

Anonymous said...

I thought that name sounded familiar. Looks like this isn't their first marketeering rodeo. I eagerly await the Project Vigilar spam campaign!

http://attrition.org/errata/sec-co/cohen-uber01.html

Anonymous said...

I was at DEFCON and didn't hear a peep about any of these guys... Maybe it was so "uber" secret that no one who is anyone in the security industry got approached for the plain fact that many lulz would probably be had later at the bar

Anonymous said...

I'm glad someone's calling them out because I've never heard of them either-- and the infosec world is small.

mendeddrumbrewing said...

My favorite part is selling Amway on the side!

Anonymous said...

They are probably all GLS-20's, and they don't grow on trees....

Anonymous said...

Also funny that Ruhe uses uber's email address in the bhbc-global.com whois.

Matt said...

A friend called me two weeks ago asking about them so I got a chance to look at their public web site before they went stealth. I honestly thought it was a joke as it had directorates and hierarchies that resembled a cross between an MI5 fantasy and Harry Potter.

A few on the list of participants are friends, but don't have info on anything the group is doing, has done, or anyone legit they are working with. Seemed like something they said might be interesting over one too many beers that translated to a commitment on a web site and nothing more.

Some principals being named hold real board positions on real security companies, so I hope they are being careful in affiliating themselves with movements like this.

With the attention being paid to cybersecurity these days, I'm afraid outfits like this will arise more frequently.

Other names that were on the site that I don't see listed above were Fred Cohen and Jim Christy, each of which was in charge of some holy order of the master directorate of something or other.

Anonymous said...

Uber secret group leadership:

http://web.mac.com/chet.uber/iWeb/Site/About%20Me.html

G said...

Great post Richard, thanks for publicizing stuff like this.

Anonymous said...

At least the guy is acting on his beliefs (from the mac.com profile posted above)

"Quote: Never underestimate the power of human stupidity."

Anonymous said...

I think they just trying to play elitism but in fact nobody cares who are they.

C.S.Lee said...

hi Rich,

Another interesting read

http://cryptome.org/0002/vigilant-fraud.htm

Anonymous said...

By all appearances, yet another example of someone trying to capitalize on the growth of infosec, along of the lines of Ligatt Security and others, what a ruse!

Amway -> Project Vigilant, I see the connection; Uber and others refined their in depth knowledge of TCP/IP by target pricing shampoo and potato chips, I bet the guy was a Dungeon Master during his D&D days, pure fantasy...completely self serving and egomaniacal!

Richard Bejtlich said...

Secretive group seeks recruits at Defcon, finds skepticism by Robert McMillan is a good story from Monday.

Anonymous said...

I fail to see how a group that allows Adian Lamo to speak for them is valid or legit. I truly find it disturbing that someone allowed him to have access to ISP data to look through.

CJK said...

From Chet's page on mac.com, 50 things about me, these were my favorites:

(14) I began playing Dungeon’s and Dragons at 14 and became a basket case and developed all my bad habits,
(35) formed a C-Corporation with the father of the computer virus,
(37) found a mentor that approved all funding for computer security in the U.S. for a dozen years,
(38) got to work on a top 10 world banks network rolling out in 2017,
(39) analyzed the full-spectrum security of an entire state including over 30 agencies,
(40) worked on analysis of Fortune firms doing assessments,
(41) worked on an ARDA grant on Attack Attribution,
(42) work on identifying network observable events to locate attackers,
(43) teach a lunch and learn once a week on a variety of security topics,

Number (38) is cool, he can travel in time.

Anonymous said...

Enthusiastic but unsophistiscated and probably underqualified leaderhsip. I'd stay away from this one. The quotes are very naive - you can tell just from them that guidance from their own legal counsel was never even sought. Not a good sign. Also, long term vision not happening here - Marketing 101 - "Project Vigilant"? The word vigilant is a "hot word", too close to vigilante - cute and gets attention at first but the bulk of attention over time is going to be negative and the name sets itself up for perinnel insults in headlines. Naive choice.

Anonymous said...

Just to add to the BS flags flying about this shadowy group...if they do indeed have "members of the government and military" among it's group, if these individuals are active in performing these monitoring duties as a side job, they are violating federal law.

Anonymous said...

"work for someone else build there dreams"

This guy is supposed to be a skilled infosec professional, and he can't even use the correct grammar in his CV on LinkedIn?

Wow, I'm underwhelmed.

Anonymous said...

Uber used to run a "security" company in Omaha, NE called "Security Posture." He had backing from a well-known security person (I won't say who because I still respect him). That backing was run through with nothing more than nice office furniture.
Uber has been trying to be a security A-Lister for years. This is most likely another attempt.

Anonymous said...

Considering the language used by these people, this "company" sounds MORE like a start-up Multi-Level Marketing scheme, and sounds nothing like some internet security company.

Some examples that indicate this is probably an MLM of some form:

"The group claims over 500 current members"
"And if you want to work for them, don’t bother to ask. If they’re interested in you, they’ll find a way to get in touch."
"Amway"
"BBHC Global" (i.e. like "Amway Global")
"he will be recruiting"
"I've wanted to be a business owner for as long as I can remember... I work for me I build my dreams, work for someone else build there dreams." (Blatant MLM talk)

Cross reference those names listed with MLM scammers, you'll probably find out a lot more.

Anonymous said...

Their members must be good friends of Robin Sage

Anonymous said...

Another great quote:
"The patterns that we are looking for are those that reveal the 5% of the world that has no conscious."

Have no conscious what? Only 5% of the world has no conscience? Did they get their Chief Scientist to measure that with his conscience-meter?

Jeffrey said...

One of the things that I really hate is when someone who never spent a day in military service claims to be a veteran. I checked the Central Contractor Registry and Chet Uber has his business registered as a Veteran-Owned Business. His LinkedIn profile goes as far back as high school and doesn't mention military service at all. Speaking as a veteran, I don't know anyone who has served their country and excludes it from their resume, let alone the head of some "uber"-secret cyber vigilante organization.

Richard Bejtlich said...

Check this out: IAmA Volunteer for "Project Vigilant."

The whole thing sort of felt like someone's fantasy world, like how in "A Beautiful Mind" how John Nash is doing this secret work for the government. I have no doubt there are people in this group who think just like that. But from what I saw, there was no real work done. A lot of time was spent coming up with official sounding documents and policies.

There were definitely red flags in my mind that made me start to believe the whole thing is a 'fraud', or if not a fraud some well intentioned project that is mainly made up in one or 2 peoples heads.

Jason said...

I call bullshit... Prior to my consulting/contracting job, I worked in the security dep of various ISPs, starting with Erols (now RCN), UUNET (now part of Verizon) and AOL Time Warner (The time warner side of their cable internet division).

Never once had I seen, or even heard the slightest rumours of information being shared with any third party. Hell, law enforcement (atleast at the time before the Patriot Act and other similar laws) was required to provide a subpoena, or we would not even talk to them.

Granted, I have been contracting/consulting since 2003, so there is a decent amount of time that has passed since I was privy to such things...... but I am pretty damn sure, that had such a group existed, I would have known about it through my interactions with various other programs involving DHS and federal law enforcement....

Jim Lippard said...

Chet Uber has an interesting record of IETF mailing list posts. Also he made a previous media appearance with some FUD in 2002:

http://www.newscientist.com/article/dn2780-terror-warning-over-electronic-equipment.html

Jim Lippard said...

Jeffrey: His "about me" page lists his level of military service:

"(8) while going to MSU, I became an Army ROTC Cadet and enlisted as 19D serving briefly as an E-5 in the Montana Army National Guard"

Anonymous said...

Curious stuff going on:

http://www.skyphire.nl/phun/intel/bbhc-global.txt

Anonymous said...

Anyone else have heart burn that Adrian Lamo is one of their so called "volunteers"? And the BS that ISP's would allow him to collect information (not that he isn't already)!! - this all reads as a way for someone to try and legitimize their bad behavior.

Gabriel said...

Let's be honest, Chet Uber has shown examples of rather twisted morality, and loyalty, in the past. It strikes me as interesting that he has claimed to be responsible for convincing Lamo to turn Bradley Manning in, though. Almost as if he would be willing to sacrifice a 22 year old's life for a publicity stunt.

Anonymous said...

Logo - "Jugiter Viglio"

Viglio?

Anonymous said...

The really rich people will never let you know who they are...

The really bad SpecOps folks will never let you know who they are...

The guys who really do this type of monitoring for a living...will never let you know who they are.


Plausible Deni ability....

Alex Muentz said...

This is what makes it annoying to read 'normal' news on infosec and the hacker community.

Many 'normal' reporters (and their readers) will believe anything if said by someone who claims to be a part of the underground or the national security apparatus. No verification is required, because, well, it's a secret.

The Ligatt comparison is apt.

I make my students read Glass' 'Hack Heaven' to make them skeptical. Maybe I have a new assignment for them

dfw said...

Take a look at page #85 of the 2002 National Strategy for Homeland Security:
http://www.dhs.gov/xlibrary/assets/nat_strat_homelandsecurity_2007.pdf

"..launched Project Vigilance—a program that encom-
passes a task force on food security, “twenty-four,
seven” databases, and other food industry actions to
help assure the security of food and consumer
products.

Richard Bejtlich said...

More great analysis by Jeff Carr BBHC Global And Project Vigilant: Where's The Money?

Anonymous said...

That is freaking hilarious that Jeff Carr would call these guys out. Someone ought to do the same sort of analysis on Grey Logic.

Anonymous said...

The tipoff that this is completely bogus is looking for experts in calculus. These hucksters clearly have only a high school education.

Anonymous said...

Google cache for that IAmA post linked to earlier... Seems that the fellow didn't want to keep his reddit account around for very long. :/

http://webcache.googleusercontent.com/search?q=cache:PtByYJoHMdoJ:www.reddit.com/r/IAmA/comments/cx2t8/iama_volunteer_for_project_vigilant_amaa/+&cd=1&hl=en&ct=clnk&gl=us

Mark Berringer said...

I think you should read this. It links to phone conversations leaked between Chet Uber and another Infragard member and is broken down into parts due to the hours of long listening.

The self-aggrandizing on Uber's part is stunning as is the free-flowing revelations of Uber's long-time association with a card-carrying, mentally-ill sociopath, Neal Rauhauser, who was part of this agency. It appears these two don't coordinate with law enforcement agencies at all; they attack them. Read the article on Neal Rauhauser at this forum and there's ample proof given together with several active warrants for his arrest in multiple jurisdictions with ignored complaints made by long lists of people to the FBI, including criminal stalking, SWAT events and endangering the life of a child.

Others bear witness to receiving death threats and the harassment complaints are too numerous to list here. There appears to be much FBI criticism for their inaction with regard to this situation but it's what isn't being revealed just yet is what I'd like some adults to look into. These appear to be young people who were preyed upon and decided to vault their findings in a venue not located in the United States. It also appears they are doing so for the benefit of other victims while informing law enforcement agencies about what's really going on.

Allegedly, there is a deeper, hidden level to this repository. I can only imagine what's inside of that if this was laid out in the open together with other unbelievable content.

http://zandali.forumotion.com/t501-chet-uber-talks-to-tom-ryan-about-neal-rauhauser-infragard-and-project-vigilant

Some adults definitely should be looking into this operation further and the people involved. I'd like to know why this Neal Rauhauser is still on the loose, too. A good question that perhaps the Attorney General should get to the bottom of and quickly. These individuals have just recently ramped back up their operations and these young folks appear to have a lot of information about criminal activity. I'd like to know what's being done about it, or, more to the point, why isn't something being done about it? I'm reading emails sent directly to the FBI with complaints of non-responsiveness.

The allegations are straight forward regarding Project Vigilant. It's a non-charitable organization that is selling intel to insiders within the United States government and using Infragard as a reputable backdrop.

Upholding the Constitution, Mr. Uber? All I'm reading at this forum is evidence of targets being nothing but United States citizens and law enforcement personnel who didn't cow-tow to these jokers.

I think this article needs an updated facelift and soon. I'm appalled at what I've been reading on this forum.