June 22, 2010 § 12 Comments
The word on the street is that a community of undercover counter-cybercrime professionals has stepped into light after a decade of covert operations. This group has secretly met in back alley chat rooms and exchanged information on specially secured forums. They have supplied our law enforcement and federal agencies with intelligence, technical support, and expertise that is only gained from years in the industry. Project Vigilant, as they’re called, has been secretly working behind the scenes of the FBI, CIA, NSA and others in the ever-growing war on cybercrime.
The funny thing, however, is that this group is not a covert wing of the new Air Force Cyber Command, nor is it a coalition of FBI Analysts or even Chinese teenagers with some spare time after school. It is an amalgamation of private industry experts whose experiences range from work with the Department of Justice Computer Crime Unit to webmaster for the Department of Defense’s DARPA Program (Defense Advanced Research Projects Agency).
But who are these people exactly? Who are these vigilant citizens that take cyber-justice into their own hands? Certifications and resume’s aside, I’m not sure that Project Vigilant is much more than a security tech. firm looking to play vigilante. Toting a tagline of “Red Tape Will Not Defeat Terrorism,” their website looks like something from the 1998 hacking scene. I say 1998 not so much because of the look, but because in 1998 I was 12 and had slightly better grammar and HTML skills than what they present. I suppose a covert group doesn’t necessarily need a fancy website, but even the Gestapo had to present themselves in a professional manner. The project is currently directed by a gentleman named Chet Uber who affiliates himself with Interpol, among other things. A quick search on Chet reveals this and this, which don’t lend to his favor or credibility. The article which illuminates Project Vigilant also advertises Chet as “one of the country’s leading experts in “attack attribution,” though I can’t find a claim even remotely similar by anyone else about him. The group operates under Chet primarily on the CyberCop Portal, a secured collaborative site provided by NC4 as a free service to the law enforcement community.
I’m not sure how acceptable this really is. Vigilantism is frowned upon in every other area it is encountered, besides fiction. A citizen combating crime in their neighborhood without swearing an oath or wearing a badge would not go over well. They would quickly become the victim of lawsuits and liability complaints, as well technically be considered a criminal themselves. Equally, no one is encouraged to just pick up arms and rush across the world to join the wars in Iraq and Afghanistan without proper training and affiliation. Private security firms, like Blackwater, who come close to this often become involved in complicated legal disputes regarding poor conduct and even murder. Even disaster relief efforts where many, with the vigilante spirit in them, hastily travel to areas to provide assistance find they cannot volunteer without registering, training, and signing legal documents.
The need for secrecy in this project is advertised as a precautionary measure to insure their ranks are not infiltrated by their targets. Their networks, casework, and full rosters are removed from prying eyes, and their methodologies and ethics are neither explained nor publically accounted for. By no red tape, they seem to mean no real oversight. Who is responsible for the ethics and privacy issues that this group may be breaking under our noses? I’m sure the agencies who solicit casework from them aren’t double checking for ethical standards or privacy policies, as long as the work gets done.
The group does have some highlights though. Members Kevin Manson, a former FLETC Instructor, and George Johnson(the DARPA guy) are two big names in information security and have excellent track records in accountability. Project Vigilante also boasts the world-famous infosec guru Ira Winkler, though lately I’ve heard that he prefers selling books to securing nations.
I am not here to bash Project Vigilante by any means. As an avid follower of internet and cybercrime trends, I can say that I’ve heard most of their names, read their books, and even quoted one or two members of the group. My problem lies in the need for such a group in the first place. As with any vigilante effort, it is a double-edged sword. Every step they take increases their credibility, but undermines the state and federal agencies our tax dollars pay to do this work. As a citizen, I expect one of the plethora of federal law enforcement agencies with an assigned computer crimes directorate (NSA, FBI, SS, DOD, etc) to handle cyber incidents. Contracting out federal work is one thing, I work for a government contractor myself. But I don’t feel comfortable with the general public forming some sort of secret society that can directly influence federal cases and prosecution. It’s all a little too Salem/S.S./Orwell/Illuminati -ish for my taste.