Secretive group seeks recruits at Defcon, finds skepticism

Project Vigilant has been dismissed by some in the security community

A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference this past week in hopes of recruiting information security experts, but it will first have to overcome some skepticism.

That's because most information security professionals have never heard of the group, called Project Vigilant. The group's director, Chet Uber, came forward Sunday at a press conference run by Defcon organizers to try to recruit volunteers from among the show's attendees.

"We need more people," Uber said. "By increasing the numbers, we increase the likelihood that we will get the work done."

Run by former military, law enforcement and intelligence volunteers, Project Vigilant is able to monitor more than 250,000 IP (Internet protocol) addresses each day and create profiles for bad actors, their online identities and even the IP addresses they use.

The group has access to data provided by 12 regional Internet service providers and also gathers intelligence from its growing network of volunteers, Uber said.

It is sponsored by a Fort Pierce, Florida, company called BBHC Global and receives funding from U.S. government research projects. It can often react more quickly than federal agencies to emerging threats, and feeds the data it collects back to the government, he said. The group was founded in 1996 and is comprised of more than 600 volunteers.

To date, Project Vigilant has recruited members by word of mouth, and Uber has kept off most information security lists.

That raised question marks for some. "If you've been around for 14 years and you say your whole goal is to safeguard the U.S. against cyberthreats ... why hasn't he participated in any security communities?" said Andre DiMino, a co-founder of the Shadowserver Foundation, which tracks online threats such as the Conficker worm.

Jart Armin, the pseudonymous researcher behind the Host Exploit cybercrime research website, was dismissive of the project. "A group that does not provide any public record or reports of its activities, while stressing how it does good, would appear as a PR stunt," he said via instant message.

That kind of skepticism isn't surprising, given that the group has kept such a low profile for so long, said Kevin Manson, a former prosecutor and instructor with the Federal Law Enforcement Training Center who has worked with Project Vigilant.

"Their work has been going on for at least a decade, and some of the people who are working on this, quite frankly, don't want to have their names in the media," Manson said.

"It's probably one of the most interesting projects I've personally been involved with in the past 10 years," he added.

On Sunday, Uber said he was the first person to call the federal government about the sensitive cache of documents allegedly leaked by U.S. Army Intelligence Analyst Bradley Manning, and which was ultimately published on Wikileaks. Manning leaked the documents to Adrian Lamo, who does "adversary characterization" for the group, Uber said.

According to Uber, Project Vigilant also played a role in Iran's Green Uprising last year, operating five Internet proxy servers that helped dissidents circumvent government spying and move information out of Iran and into the hands of dissident groups.

The project obtained election results from many polling stations within Iran and was able to analyze them for fraud, he said. They found, for example, that in some villages where voting was expected to be split 50-50, the votes were going 100 percent for Iran's President, Mahmoud Ahmadinejad.

With Project Vigilant's focus on national security, it's not surprising if the group has had little contact with white-hat hackers and researchers such as DiMino and Armin, said Steve Santorelli, director of global outreach with Team Cymru, a not-for-profit security research firm.

"It doesn't make them irrelevant or bogus or charlatans," he said. "It just means that the world that they inhabit hasn't intersected with the security community."

Santorelli said he too had not heard of the group before Sunday.

Manson had this piece of advice for skeptics: "I would invite them to submit their résumés and see if they can be helpful to us on our mission."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies