By: strandedwind Sunday January 2, 2011 7:10 am

Fourteen years ago we sat around a table at an Omaha cybercafe and the debate was on. “Who attacked our system?” “How do we find them?” “If we do find them, will anyone actually do anything about it?”

Project Vigilant has been misreported and reviled in the media since my old friend, Chet Uber, spoke up at DefCon last year, revealing, among other things, that he and Adrian Lamo were involved in the capture of Bradley Manning.

I wasn’t there the day it all started, but I arrived before the first year was up, and until my recent resignation I was the oldest surviving member of the original group still involved.

As the only wordsmith who remembers the pre-professional beginnings and who stuck around long enough to see the organization trusted with matters of national security, it is my sad duty to serve as the Speaker For The Dead.

This is, like everything else associated with it, not confirmed, but I believe Project Vigilant operations ceased at midnight, 12/31/2010.

Ten thousand eyeballs are going to land here looking just for Wikileaks. Here is precisely what I know.

I received advanced notice of a military intel leak in the form of a call from Chet several days before there was any public mention. I didn’t hear anything terribly specific, just that something had happened in Iraq and that it was “massive”.

Some time later I received copies of the affidavits on the case and a lengthy email that may be simply summarized: “Do not talk to the press.” I did read the affidavits and they were nothing remarkable – time lines written by Lamo describing his interactions with Manning. The famous chat logs were referenced but were not included.

Much later I was interviewed by Mark Albertson for the pair of articles he wrote but my name never appeared so I remained quiet.

My increasingly partisan work the last two years caused friction in a couple of different ways. I resigned from Vigilant on December 6th, 2010, calling tech support to disable my logins and then cleansing my mailbox and computers of any trace of the project’s property. If I didn’t say it here, don’t bother asking any more about it – more than one lawyer read this before it was released and it’s my definitive statement.

I don’t think anyone has ever talked in public about the beginnings. We all congregated in an IRC channel on Undernet – #hack. I try not to let more than five or six hundred days pass between return visits, but the word now is that it’s a.) idle and b.) lame. This wasn’t the case in the late 1990s, when security people from First Data (then the nation’s largest credit card processor), Amgen, Earthlink, and ISS X-Force mingled with a truly global mixture of shady characters.

Chet, I, and a few of the others were in Omaha, along with First Data, so there were some unusually strong ties for a city of such size. It was nice to see the occasional ‘0 day exploit’ and get ahead of the game.

When not framing harmless, gender puzzled young soldiers as part of our nefarious support for the New World Order we occasionally engaged in socially redeeming activities. The first thing that ever happened beyond the connected digital realm were child endangerment cases. Law enforcement does a good job on children “of tender years” – those twelve and under. Once children enter their teen years it’s pretty difficult to get attention unless the circumstances surrounding their disappearance is extraordinary. Panicked parents would call, unable to figure out what networks their missing child had been using, let alone how to find them, then the hunt was on.

We got kids back … some times. It’s absolutely wrenching work and I’m glad that law enforcement’s coverage of this issue has dramatically improved since those years.

After Wikileaks the next most visible (and annoying) piece of media coverage is the game played with reporting from DefCon.

Project Vigilant monitors 250 million IP addresses continuously and it builds dossiers on every user, which it then gives to the government.

Uhh, not really. That’s two separate ideas, stuck together by someone who didn’t understand the implications, then overstated to sell copy.

Most every router out there produces netflow, s-flow, or some other detailed traffic accounting output. ISPs collect this data, establishing norms so they can engage in capacity planning and spot abnormal traffic. Right now I can make a few mouse clicks and see what thousands of people are ‘doing’ on the internet in a couple of different states – each of the four service providers that together make up my day job are running such tools.

Take that idea a step further. A 2,000 customer rural ISP can pretty much guess which customer is misbehaving when troubles arise in a certain area, but they stop being people and start being just IP addresses around the 10,000 subscriber mark. There are tools that start with netflow accounting and build from there, automatically homing in on systems that are problematic. Zombie windows boxes with various viruses and music/movie traders are the ones who end up in the hot seat, and rightly so, as each can spoil the usage of the network for many others.

So … it’s not too hard to envision some smart guys building tools to do a little bit better job of what every ISP must do to keep a lid on the chaos when customers have Microsoft Windows on their computers, and then going out and selling that to a dozen of the biggest service providers. And that’s the end of that conspiracy theory …

Building dossiers? Most of what Project Vigilant did was really unsexy science type stuff. You guys see me fooling around with social media metrics? There is a lot of that sort of thing that goes on, and Project Vigilant has a computational linguistics fetish that I never personally assimilated. Basically there are tools out there like LingPipe and a bunch of people apply this to both Islamist and American right wing rhetoric, trying to spot the next Timothy McVeigh, Mohamed Atta, or Byron Williams … before they act.

And when they find something that they think is about to blow they get on the phone. I did this myself last November and the FBI’s hate crimes squad knocked on several doors in the American southeast. A week or two later I got a call from a somewhat flustered member of the VileTweets crew. Seems the Secret Service took an interest in the hate speech they’re monitoring and dropped by just to make sure he didn’t share the views that are captured and reported on their site.

Our federal law enforcement services are obviously all over both international threats and domestic extremism, but sharp eyed citizens are very often what sets investigations in motion. There is, of course, much deeper thinking behind this idea, and I may come back and expand on it, if anyone cares to hear the details.

This story wouldn’t be complete if I didn’t point out media whore figure Austin Heap, who is currently facing fraud charges for making off with a $50,000 donation meant to support the ‘development’ of his much hyped and utterly dysfunctional Haystack proxy software.

I spotted Austin during the initial disturbances after the 2009 elections, attempting to organize free proxy services for the Iranian people. I don’t think he realized he was putting himself in danger by doing this, and he ended up in protective custody about a day after we first spoke.

Showing no more sense there than he did with his Haystack fraud, he got his nerve back after a few days of laying low, and not satisfied with just returning home, he apparently reported that he’d been kidnapped. I never even got interviewed over that, but it apparently wasted some time and caused a great deal of embarrassment for Project Vigilant with some of its law enforcement contacts.

People in Iran trusted Austin Heap. Some of them are dead now, and they were tortured before they were executed. Don’t let the man’s boyish good looks fools you – he’s lower than the proverbial snake’s belly for the suffering and death visited upon Iranian protesters through his incompetence and vanity.

Let’s not end on a grim note like that.

Are you tired of the weekly scam messages from the compromised accounts of friends on Facebook? The ones that begin “I’m in London, and I was robbed at gunpoint” ?

We were, too, so when one of these characters fell into our clutches last summer we did what everyone longs to do.

Someone’s aunt had been taken in, sending $3,500 electronically. The niece who was supposedly stranded happened to work on Capitol Hill, she had some law enforcement friends, and this led to Chet’s phone ringing. Forty five minutes later half a dozen of us were on a conference call bridge. Two hours later we had the name of a cybercafe somewhere in London’s East End.

“Who has a Scotland Yard contact?” The sounds of people adjusting themselves was clearly audible – pulling out cell phones or reaching for keyboards.

“I do, hold on” was heard, then a long number was dialed, then a sleepy British accent was heard. Arrangements were made and a few hours later a west African immigrant was cuffed and stuffed by London police. It happened so quickly they even managed to get the money back, too – an astonishingly rare occurrence in such cases.

Problems like this need to be solved with education and procedures for international money transfer more than with law enforcement, but they do like to pick this sort of person up – they’ve always got their fingers into other mischief as well.

Chet and I have been reminiscing these last few weeks, a process made easier by his inhabiting our spare bedroom while he recovered from another heart surgery. He’s been dealt a string of negative health events the last five years, any one of which would have killed me, but he just keeps soldiering on.

Like the other curious characters of the Wikileaks saga, Chet is something of an enigma, even to his closest associates. He has a truly astonishing Rolodex; his iPhone is like Galadriel’s mirror, showing things that were, things that are, and things that have not yet come to pass. Even so, his health and temperament have kept him adrift the last three years, organizing things and trying to find the right combination to get himself off disability and back into the work force. That’s a tough row to hoe when you aren’t certain you’ll be able to get up in the morning and go to work that day.

Some ignorant journalists have panned the idea that a homeless person could organize a complex venture like Project Vigilant, or contribute anything meaningful to society. I’m glad that I’m just a blogger who didn’t know any better, because my adventures while homeless in 2008 included publishing research and presenting at a national conference in my chosen field, a tidy disproof of that idea. I also know, based on my experiences in 2009 and 2010 that a small group of committed people can build something innovative and useful using nothing more than a relentless focus on getting the job done.

Chet slipped away December 28th, going on a pilgrimage of sorts. It’s been years since we could actually pass through the doorway of doors, but some vestiges of this place still remain, for those who know where to seek them. I hope he finds what he is seeking on the other side.

If this should generate any interest I’ll come back later this week and explain what all of this stuff really means.