Project Vigilant: Outsourced Spooks Or A Bunch Of Crackpots? Group pops up at Defcon with some very large claims Those busily debating whether Facebook's CEO personally values your privacy generally don't realize that unless you go to some great lengths, privacy on the Internet really doesn't exist in the first place -- and hasn't for a long time. Your every conversation and Internet action is tracked by a vast ocean of surveillance apparatus, from Echelon to AT&T's direct data dumps to the NSA. For years ISPs have also sold your clickstream data and other information to third parties. With that in mind, Forbes has an interesting article on a government contractor named Project Vigilant. Project Vigilant surfaced at the Defcon security conference Sunday claiming they were recruiting for their work as essentially outsourced domestic surveillance and intelligence. The group either buys or directly monitors data from at least twelve ISPs (it's not clear about which, nor are the ISPs named), using said data to offer intelligence reports to government. According to the group, ISP EULAs make this all a-ok: According to Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. The group appears to be a very bizarre entity, wanting to be a serious security agency but coming off as a bunch of crackpots. On first read you brush them off as some kind of bad fiction, though several outlets are claiming the group is stocked with former Homeland Security officials (Kevin Manson), NSA officials (Ira Winkler), former security bosses at the NYSE (Suzanne Gorman) and an official formerly in charge of DOJ cybercrime (Mark Rasch). Of course just because the group is staffed with some government officials doesn't mean they still aren't simply a bunch of crackpots, and there appears to be some legitimate privacy questions here if what the group is claiming is true. Also see: Wired, the San Francsico Examiner and Salon. Update: Richard Bejtlich has an interesting blog post at Tao Security arguing that Project Vigilant is little more than a PR stunt by a collection of "wanna be" security consultants. Bejtlich still has this to say about the group's ISP data collection efforts: ...and whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn't clear, nor is how it scrubs its data mining for sensitive details. The group doesn't look at PII, yet it develops "portfolios on any name, screen name or IP address"? I think it's time for some grown-ups to check out these guys. I don't think their activities will make those ISP's customers happy.
|
  powerhogStinkin' up the jointPremium
join:2000-12-14
Owasso, OK | EULA- resellers too? I've often wondered whether these EULAs are mistakenly extended to third and fourth parties who contract with major ISPs for bandwidth.
For example, here at DSLR and many other sites, I show up as a COX cable subscriber. But that is not my ISP- my ISP does contract with COX for bandwidth though. So, in cases like this, does the COX EULA extend to people like myself who never agreed to the big-ISP's EULA? | |
|  | | | Re: EULA- resellers too? said by powerhog:I've often wondered whether these EULAs are mistakenly extended to third and fourth parties who contract with major ISPs for bandwidth. For example, here at DSLR and many other sites, I show up as a COX cable subscriber. But that is not my ISP- my ISP does contract with COX for bandwidth though. So, in cases like this, does the COX EULA extend to people like myself who never agreed to the big-ISP's EULA? Read your EULA. I wonder if there is a line somewhere in there stating that by your agreeing to the little EULA that you also agree to Cox's EULA. There is a part of me that wants to bet its in there somewhere.... | |
| | |  funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | Re: EULA- resellers too? said by DMWCincy:I wonder if there is a line somewhere in there stating that by your agreeing to the little EULA that you also agree to Cox's EULA. There is a part of me that wants to bet its in there somewhere.... And even if it isn't...
--
Robb Topolski -= funchords.com =- Cape Cod, MA -- KE1MO
Tweet! Tweet! -- »twitter.com/funchords | |
|
| Reviews:
 ·magicjack.com
| said by powerhog:I've often wondered whether these EULAs are mistakenly extended to third and fourth parties who contract with major ISPs for bandwidth. You can't be a party to a contract you didn't agree to.
The 3rd party reseller would agree to a contract with the 1st party provider. The 3rd party could be required by the 1st party to hold its own customers to certain elements of the contract through the 3rd party's contract with their customers. But, there's no way the 3rd party's customers could be held to a contract they weren't a party to. | |
| | | funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | Re: EULA- resellers too? said by amigo_boy:said by powerhog:I've often wondered whether these EULAs are mistakenly extended to third and fourth parties who contract with major ISPs for bandwidth. You can't be a party to a contract you didn't agree to. The 3rd party reseller would agree to a contract with the 1st party provider. The 3rd party could be required by the 1st party to hold its own customers to certain elements of the contract through the 3rd party's contract with their customers. But, there's no way the 3rd party's customers could be held to a contract they weren't a party to. Tell that to Teksavvy's customers!
--
Robb Topolski -= funchords.com =- Cape Cod, MA -- KE1MO
Tweet! Tweet! -- »twitter.com/funchords | |
|
 Logan 5Enjoying the CataclysmPremium,MVM
join:2001-05-25
Austin, TX
kudos:7
 ·Comcast
1 edit | Is this really surprising? Ever Since AT&T's infamous room '602' debacle in San Francisco, things like this should come as no surprise to the average end user....
I wonder what happened to the program that analyzed EULA's before agreeing to them (EULalyzer IIRC), and what it might find if ran against the major ISP's in the US? | |
| funchordsHelloPremium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:5 | Time to regulate the carriers as carriers This is a reason why the FCC's "3rd-way" won't work. We just don't know what the carriers are doing, and to regulate them as if everything is alright now and forevermore makes no sense.
If this were the telephone network, then this behavior would be clearly illegal. The 'net is our telephone network, now, and the same rules of fair play and privacy ought to apply!
--
Robb Topolski -= funchords.com =- Cape Cod, MA -- KE1MO
Tweet! Tweet! -- »twitter.com/funchords | |
| | Reviews:
·magicjack.com
| Re: Time to regulate the carriers as carriers said by funchords:This is a reason why the FCC's "3rd-way" won't work. We just don't know what the carriers are doing, and to regulate them as if everything is alright now and forevermore makes no sense. I think I agree. This reminds me with American's obsessive opposition to "no National ID." The result is a plethora of national (and state) IDs. We pretend there is no ID. Because no single ID is used like a national currency, nobody can be a document authenticator. And, private groups like Lexus-Nexus purchase private information from businesses like credit card companies. Their largest customer is the US government.
If we brought it out in the open with a national ID and laws concerning how that ID could be used (the information collected, and who could access that info) we could have more visibility and control over our own information *as an institutionalized process*. Instead, we live in a fake-believe land like we're resisting "big government" when all we've done is created a big government (and *big corporations*) without any control.
Then we get mired down in how, if we try to regulate how corporations' use of our personal info, it's just "big government" and regulation is never the answer (like it's some kind of "free market").
The same thing is happening here. Don't give the government power over the internet. So, we end up with a "free market" enterprise that feeds the government what they want, without any legislative oversight. | |
|
 BHNtechXpertBHN StaffPremium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:32
 ·Clearwire Wireless
| Two for two eh Karl... First the Verizon freebie nonsense and now this? Karl did you bother to check out any of this material before you posted on it? The majority of comments (and now including mine) lean towards this whole thing being fake and I did some checking. Musta been an off news day eh Karl? | |
| | Reviews:
·magicjack.com
| Re: Two for two eh Karl... said by BHNtechXpert:The majority of comments (and now including mine) lean towards this whole thing being fake and I did some checking. What "makes this whole thing fake?"
In theory, the entire thing is possible. Nothing would prevent something like this from existing. It would be the same principle as data-mining companies harvesting personal info from companies you do business with (and sell it "for profit"), and then sell it to the government.
If my ISP's privacy policy doesn't explicitly say they will protect my traffic from such practices (and require it to be protected by anyone they traffic the data through), then it's just a matter of time until what the Forbes articles describes becomes reality.
Why do you believe it's not reality today? | |
| |  toddbs98
join:2000-07-08
North Little Rock, AR | Post some links to disprove the article,otherwise your just running off at the mouth again.
--
Patriots always speak of dying for their country never killing for it. Bertrand Russell
| |
|
 TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | I don't think so The NAS letting something like this get out of house, I don't think so. The security risk would be huge. And they would not want any such moneys to fund such a thing escape their hands.
--
I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's.
- Mark Twain in Eruption | |
| | BHNtechXpertBHN StaffPremium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:32 Reviews:
·Clearwire Wireless
| Re: I don't think so said by Transmaster:The NAS letting something like this get out of house, I don't think so. The security risk would be huge. And they would not want any such moneys to fund such a thing escape their hands. I agree! Nothing about any of the reporting of this smells good. Almost all of the reporting sources are questionable and if you take the time to really read each of them you are left scratchin your head "what were these people smokin when they wrote this spew". | |
| | | | | Re: I don't think so +concur.
I spent a couple of hours looking into:
- Chet Uber
- »web.mac.com/chet.uber/iWeb/Site/···0Me.html
- Steven Ruhe (listed as Chet's boss at »bbhc-global.com ) and successful Amway member (google "Steven Ruhe" + Amway; salon lists it as well as some dopey Team Weir 'diamonds' page)
- Whois for ChetUber.com, bbhc-global.com, and ProjectVigilant.us (shared name and/or address and/or fax num)
- and listed mailing addresses, etc
and the whole thing is a house of nutbar cards.
As indicated, they do list some known names as fellow volunteers but I suspect those are only figureheads.
Also posted a bit about this sit in here:
»Re: Project Vigilant
And came to exactly the same conclusion as the OP:
- they're a bunch of wanna-be-important cranks
- the 'news' sources are all sketchy - Examiner.com (looks like a good place for a .mil disinfo dump), etc
- the few available webpages of ProjectVigilant.us have a plethora of spelling mistakes
- including the logo (latin for vigilance is vigILo, not vigLIo)
- the google cache search for:
site:ProjectVigilant.us inurl:node
shows that most material appeared on Jan 23-25 , 2010 ... but is no longer available now.
And if it's such a 'grey' project why does diptard Chet make mention on his own ChetUber.com (check the whois!) of this 'secret' project: quote:
My name is Chet Uber and this is my official home page location, which is coming soon. Look for links to my social media, blogs, VIGILANT, and other projects I volunteer my time to.
I think I said it best in that other post of mine:
"I'd say to Mr. Uber: Chet, you're a loser and a wanna-be. Go back to being both irrelevant and unknown."
Wanna research? These might help:
»chetuber.com/
»chetuber.xanga.com/631222364/som···--brief/
»web.mac.com/chet.uber/iWeb/Site/···0Me.html
»whois.domaintools.com/bbhc-global.com
»whois.domaintools.com/chetuber.com
»whois.domaintools.com/projectvigilant.us
»www.bbhc-global.com/ (featuring a red/blue pill quote from Morpheus, of Matrix fame)
»www.plaxo.com/profile/directory/···6f963359
»www.plaxo.com/profile/show/16321···1ac22b1b
»www.plaxo.com/profile/show/22763···d0b512f5
»www.welcomebusiness.com/members/···p?id=590
»www.bbhc-global.com/securedrupal/node/2
»www.bbhc-global.com/securedrupal/node/3
»www.bbhc-global.com/securedrupal/tracker
»www.facebook.com/chet.uber?v=info&ref=mf
»www.facebook.com/chet.uber?v=wall&ref=mf | |
| | | | BHNtechXpertBHN StaffPremium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:32 Reviews:
·Clearwire Wireless
| Re: I don't think so said by wonderment:+concur. I spent a couple of hours looking into: - Chet Uber - » web.mac.com/chet.uber/iWeb/Site/···0Me.html- Steven Ruhe (listed as Chet's boss at » bbhc-global.com ) and successful Amway member (google "Steven Ruhe" + Amway; salon lists it as well as some dopey Team Weir 'diamonds' page) - Whois for ChetUber.com, bbhc-global.com, and ProjectVigilant.us (shared name and/or address and/or fax num) - and listed mailing addresses, etc and the whole thing is a house of nutbar cards. As indicated, they do list some known names as fellow volunteers but I suspect those are only figureheads. Also posted a bit about this sit in here: » Re: Project VigilantAnd came to exactly the same conclusion as the OP: - they're a bunch of wanna-be-important cranks - the 'news' sources are all sketchy - Examiner.com (looks like a good place for a .mil disinfo dump), etc - the few available webpages of ProjectVigilant.us have a plethora of spelling mistakes - including the logo (latin for vigilance is vigILo, not vigLIo) - the google cache search for: site:ProjectVigilant.us inurl:node shows that most material appeared on Jan 23-25 , 2010 ... but is no longer available now. And if it's such a 'grey' project why does diptard Chet make mention on his own ChetUber.com (check the whois!) of this 'secret' project: quote:
My name is Chet Uber and this is my official home page location, which is coming soon. Look for links to my social media, blogs, VIGILANT, and other projects I volunteer my time to.
I think I said it best in that other post of mine: "I'd say to Mr. Uber: Chet, you're a loser and a wanna-be. Go back to being both irrelevant and unknown." Wanna research? These might help: » chetuber.com/» chetuber.xanga.com/631222364/som···--brief/» web.mac.com/chet.uber/iWeb/Site/···0Me.html» whois.domaintools.com/bbhc-global.com» whois.domaintools.com/chetuber.com» whois.domaintools.com/projectvigilant.us» www.bbhc-global.com/ (featuring a red/blue pill quote from Morpheus, of Matrix fame) » www.plaxo.com/profile/directory/···6f963359» www.plaxo.com/profile/show/16321···1ac22b1b» www.plaxo.com/profile/show/22763···d0b512f5» www.welcomebusiness.com/members/···p?id=590» www.bbhc-global.com/securedrupal/node/2» www.bbhc-global.com/securedrupal/node/3» www.bbhc-global.com/securedrupal/tracker» www.facebook.com/chet.uber?v=info&ref=mf» www.facebook.com/chet.uber?v=wall&ref=mf If you go to many of the so called sites they are simply the same template used over and over again. This whole thing is a bunch of crapola. I can't fathom how all these people allowed themselves to be duped like this....oh wait..wait...considering the sources once again...I'm not surprised at all  | |
| | | | | | the vigilant project website uses Drupal, Phfft-atheic !
When i do a netstat and check out my TCP/IP traffic, I get loots of google addresses (1e100.net) , government (.gov) and even halliburton.com....... anyone else experiencing this? | |
|
ackman
join:2000-10-04
Acworth, GA | No surprise The "greatest free nation in the world" hasn't actually existed for a number of years now, so this clear privacy violation isn't of any consequence in a has-been country. | |
| BHNtechXpertBHN StaffPremium,VIP
join:2006-02-16
Saint Petersburg, FL
kudos:32 | Maybe they should re-invent themselves... I have a more appropriate name for them Project Vigilant = Project FullofCrap | |
| | | | Copy-cat of n3td3v group Looks like an American copy-cat of the n3td3v group which has been around since the late 1990s.
»sites.google.com/site/n3td3v/ | |
| | | A copy-cat of the n3td3v group n3td3v group has over 10,000 volunteers, whereas these guys only have 600.
n3td3v group has proper connections with the authorities, whereas these guys haven't.
n3td3v group has over 10 years experience, whereas these guys haven't. | |
|
| |
|
|
) THEY have been doing this since you were in diapers, now more than ever we need conspiracy theorists such as yourself (no insult intended) to nail those bastages.