Project Vigilant: Quisnam vigilo vigilo
In the fight against terror, the U.S needs all the help it can get, even if that assistance comes from unpaid volunteers. For the past 14 years, a significant volunteer group of U.S. citizens has been operating in near total secrecy to monitor and report illegal or potentially harmful activity on the Web.
Flying “under the radar” and carefully discouraging any press coverage that focused on the group, Project Vigilant has quietly operated in the eddies and whirlpools of Internet research, feeding tips and warnings to federal, state and military agencies. The group claims over 500 current members, although their names and identities are still mostly secret. Their members comprise some of the most knowledgeable experts in the field of information security today and include current employees of the U.S. government, law enforcement and the military. . . .
Last year I ran into an incident that made me wonder about murmurs I had been hearing within the community about “Citizen Hackers” or Patriotic Hackers. It seems that this has come to fruition with this “Vigilant” group that popped up at DC last week. Of course I and everyone else in the infosec community are somewhat incredulous about this group in the first place as we have never heard of them but also if you listen/read about them they become even more “spooky”
- They allege to have tacit “high level” approval of what they are doing and connections
- They claim to have access to ISP data that really should be protected but seem to have some sort of out on that
- Claim they are monitoring 250 million IP’s and can track anyone (#LIGATT anyone?)
- Outed themselves at DEFCON to recruit for their super secret work? Huh?
- Chet Uber’s LinkedIn is reminiscent of Robin Sage’s except it has even less data than hers did
- Is seeming to claim a large involvement in the Wikileaks case
When I first heard about this “press conference” and the content of it, my spidey sense went off right away. Not only does it sound ridiculously bogus, but it also sounds really scary in a Babylon 5 “Night Watch” kind of way. What it really means is that if this group has been around a while, they just got the go code to begin a larger collection mandate. It also means that the worries of many post the Washington Post’s reporting on “Secret America” (blog post here) is coming true before our very eyes.
To whit: “Who’s watching the watchers?”
If their claims have any merit, then these guys are a civilian “group” of volunteers who are accessing data and watching people online without any oversight. They are not duly appointed officers of any agency, and they are in effect, more like a McCarthy-esque cabal no matter the ostensible “good intentions” that they may have. With or without oversight, it would seem that with a tacit approval by the government and the agencies, we now have a civilian spying arm that would have a type of Carte Blanche to watch anyone they feel like watching.
I would also take up the fact that really, no one has heard of these people before in the community as well as their ranks (those named so far) have not been stellar names in security as far as I am concerned. So, just what are the aims here? Is this some new fangled version of the Idaho militias with computers instead of guns?
A cyber-militia so to speak?
Now, back to the start of this little diatribe… I had heard murmurs and allegations that the military types were lamenting not having a force multiplier in the cyber offensive like that of China’s “Citizen Cyber Army” that they have been developing. It would seem that this may in fact be the answer that they were looking for.. Or maybe started huh? But again I ask this question:
Why announce yourselves at DEFCON? If you are so secret and super dooper why not just scout people out and talk to them in private? Go through an interview process as a cutout company perhaps and get volunteers that way? Also, why volunteer? Why not take this baby IPO and make your own company there Mr. Uber? Just the type of thing the Beltway seems to be eating up lately since 9/11.
You could make Billions Muaa muaaaaa muaahahahahahahaha
Nope, it just rings… Well it smells is what it does… Like old cod on a hot day.
If indeed an approved group and mandated this bodes ill for all of our rights. It bodes ill for the country, and it should scare the shit out of people.
On the other hand.. This could all just be another #LIGATT huh….
Time will tell… Read up and decide yourselves… Attrition is looking into them… So am I.
*EDIT* As just pointed out by @theintersect their spelling in the logo is wrong too! It’s VIGILO not VIGLIO! Whats that as in Don Viglio is watching you? BAAHAHAHAHAHAHAHAHA