Project Viglio: There Will Be CyberDouchery!
ecyenixsoyokdbnjwinbgy
Once Upon A Time….
Once upon a time, not too long ago, at Defcon, a guy no one really heard of stepped up and claimed he was starting a new “group“ and needed volunteers and money. This was Chet Uber, and after some time, and some posts, we all thought this little group with the misspelled logo (viglio is not vigilant wink wink nudge nudge) but it seems that they just fell off the radar instead of imploding. I had previously written about the whole debacle in the making a bit ago and gave it no more thought, that is until today when someone passed me the article linked above. It seems that they have been slinking around doing.. “something” and gaining alleged members like Vint Cerf? Really Vint? You’re gonna hang your hat with Uber?
*blink blink*
*Que Swordfish Soundtrack*
Wow, stellar… Ok, so, back to the show here. This article out today seems like a bit of a play for money to me. After all, there’s the “We’re secret and we do secret attribution things but, we are running in the red” *pulls pockets out and shows the lint* So, why allow an article to be written by a second rate blog cum news source online? Allowing super secret access to all their super secret bits to do a tell nothing piece?
*sniff sniff* Smell that? It’s “CyberDouchery”
Oh, There WILL be Douchery
So, who do we have listed in the super secret organization according to what “could be told” by Chet and his crack team?
The group’s membership involves people from a wide range of disciplines and backgrounds. The current leaders who are willing to be publicly identified (other than Uber) include Mark Rasch, (General Counsel, Director of Cybersecurity for CSC), A.J. Fardella, (Director of Intelligence and Analysis, Director of Black Diamond Data and a planning commissioner for the city of Pittsburg, California), and Michael Tomasiewicz (Deputy Director and second in command to Uber, Network Specialist with ConAgra Foods). Others include Adrian Lamo who is the Assistant Director for Adversary Characterization, Doug Jacobsen (Director of Science & Technology, Professor of Electronics at Iowa State University), and Jeff Bardin (Assistant Director, Intelligence and Analysis – Middle East Desk, Chief Intelligence Officer for Treadstone 71).
Hmmm some names are familiar, and some have the patina of being legit.. Perhaps they are just idealists. All in all though, the same problems around this “organization” still apply. What are they really doing? Who are they reporting to if anyone? What support are they to LEO’s and why, if they have such luminaries in the biz like “Treadstone” *snort* are they not in fact funded by the government in some way? Also, if they are all doing this kind of work, what is the clearance level like here? Is the government in fact sharing data with these folks to bird dog things?
I somehow find this unlikely.
Also, the bulk of the people listed are not really overly technical so where are all the real technicians here? There are just a plethora of questions that come to mind with this feeble article on examiner.com and frankly, they open a real can of worms I think for anyone really paying attention to what’s going on with regard to attribution and general buggery that’s been going on since Stuxnet appeared. PSYOPS, Jester, Anon bullshit, it’s just been a festival of stupid out there and this just adds a fouler odor to the whole thing. The worst part about it though is that the government may in fact be paying attention to these people and taking data from them as gospel.
*baleful stare*
Really USGOV?
So yeah, the government is not saying much here but we have Uber saying that they are doing all this work and passing all this data.. I really don’t see the government responding here or talking about “Project Vigilant” do you?
*Cough.. Anyone?*
So, once again, I ask you, if Viglio is not getting INTEL from the government and the military, then who might their targets be? Ya know, who’d be out in the open and available to the spooky eyeball in their cheesy logo?
*squints*
Hmmm say Anonymous? Or maybe anyone on the internet who might not share their opinion? See, this would be the optimum target for a group like this. A group of non condoned individuals not cleared for national security cases but wanting to help… Or am I just a paranoid old man?
Oh shut up! I know I am!
Anyway, I certainly hope the US Government takes all this with a grain of salt, that is, if they are taking this at all. Since Viglio is not telling exactly what they do, it is highly likely that they are just trawling the IRC channels looking for unsuspecting n00bs to capture with their wiles and then write nifty reports on them and pass them to their local field office… Which in fact might just throw them in the circular file… If they were smart. Unfortunately though, I suspect that there are customers for their data and in that, the fear of what they could be up to wells inside me, as it should all of you.
Given The Known Known’s… Shit, Should We Even Worry?
Ok, now that we know they are out there and we pretty much can surmise that they are not working super secret cases for the NSA, just what are they up to? As I alluded to above, I personally think they are just trolling the internet looking for hacker n00bs to turn in as would be APT.
But, that’s just me huh?
What? Others think so too?
Yep, they do.. On background I have talked to a couple of people in the know and they have the same opinions generally. Basically everyone feels that this is some sort of charlatan-esque effort on the part of a few who may in fact think they are doing the right thing. Others may be more motivated by ego and perhaps money (if there is any to be had) but generally, the feeling is that this is a pile of bad mojo. One source that I talked to said this (paraphrasing here)
“Ok, so we have a small community here and no one we know has been tapped for this duty or been asked about it? No one we know actually works with them? The odds of that within the INFOEC community are pretty that we would know several somebody’s who were actively working on it. The fact that we don’t bespeaks a problem with this organization”
There seem to be a lot more questions about this group than there are answers and no matter how many names with brand recognition you throw out there (mind you many of them thrown out there now are once again, non technical people or charlatans) you are kinda left with a sense of feeling dirty for having thought about them.
I Hope Our National Security Doesn’t Depend On These Quacks…
*hangs head*
Once again I come to you with a rant and a peek under the incestuous blanket of INFOSEC and CYBERDOUCHERY. I am sorry for those of you with delicate dispositions, but the tales must be told for all our own good. A group such as this, extra legal as they seem to be and rather deliberately evasive using the rubric of “secrecy” as their cloak should set all of your spidey senses off. At best they are a group of people seeking to do good but in fact may be doing ill by carrying out poor OSINT. At worst, they are a group of people trying to boost their ego’s by thinking that they are secret squirrels and in the know.
Either way, I would hazard a bet that nothing good is coming of their machinations and anyone out there on IRC may find their names in files that they can FOIA request that came from tips by “Project Viglio”
This shit is just out of hand…
I suggest people look into their background and decide for themselves…
K.
Krypt3ia 
Thanks..
**snort snort**
For the very informative..
**Grimaces as he pushes hard**
Article about cyberdouches..
**Groans and pushes mightily**
We learned a lot.
**Hears a huge PLOP**
And are better for it.
**Sighs with relief**
SnugglyBuns
2012/08/21 at 19:22
Glad to be the ex-lax for the day.
Krypt3ia
2012/08/21 at 19:47
“Adrian Lamo.” LOL! Are technical powerhouses like Emick on their crew too?
Just an Observer
2012/08/21 at 21:32
[…] Project Viglio: There Will Be CyberDouchery! Posted by Scot Terban on August 21, 2012. Filed under Features,Sound Off. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed. […]
Project Viglio: There Will Be CyberDouchery! | Liquidmatrix Security Digest
2012/08/22 at 02:53
Oh, come on Krypt3ia! We’ve all indulged in a James Bond fantasy on the rare occasion. These wannabe ‘operators’ are just a little more public about it.
You should find all your questions answered when Adrian Lame-o spills the beans. He will, you know. He’s kind of got a reputation for that.
Here are my questions:
* How exactly are they going about this attribution thingy? Are they reverse-engineering malware? Have they got an unimaginably detailed knowledge base of threat agents to work from?
* How the f*ck can this little group be in the red? Unless they plan on doing proper LEO-grade forensics work, the hardware can be obtained on a shoestring budget, and practically all the software they’ll need is freely available.
Michael
2012/08/22 at 08:44
Project Vigilant is just fantasy football for people who read too much Tom Clancy. It doesn’t surprise me that they are in the red because, really, what kind of revenue could they have at this point? Offering unsolicited advice to government agencies in exchange for kudos is not a solid business model.
That they are partly run on “loans” from volunteers really tells a different story than the image that they are trying to portray. After this amount of time, it indicates that they are not sustainable, not consistently obtaining government/private contracts, and overall not that scary of an org.
Griffin
2012/08/22 at 18:41
Agreed, they are not really scary, more douchey but, still, they could be bought into and their data, as erroneous as it may be, used in some case somewhere.. And that is scary.
Krypt3ia
2012/08/22 at 19:21
“Project Vigilant is just fantasy football for people who read too much Tom Clancy. It doesn’t surprise me that they are in the red because, really, what kind of revenue could they have at this point? Offering unsolicited advice to government agencies in exchange for kudos is not a solid business model.”
Why should there be a business model ? Does everyone only think about $$$ ?
Nobody
2012/08/27 at 19:37
Well….it could be a way to get in small to medium business too, gain access to financials, insurance claims, files,ect., …maybe go overseas as an offering to secure international small biz…you need lots of convincing players to do those sorts of things too. Someone’s watching though, that’s for sure. No escaping that. If someone is keeping tabs on the new and ambitious, maybe they will find some actual talent somewhere. Can’t imagine they will net a lot of real threats with Lamo on their team though. No, these names say ‘let’s open doors to the trusting’ – to me- more than let’s cast a net for the should-be already paranoid…I mean, uh…aware.
skullaria
2012/09/16 at 08:45