On Privatizing Intelligence Gathering

Yaacov Apelbaum - F18 Instrument Panel Facebook Twitter and YouTube

Much has been said about the military’s effort to incorporate social media platforms into its arsenal of weapons. Over the past two years, there have been several reports claiming that the armed forces are engaging in large scale social media manipulation initiatives. In his article, “Military’s ‘persona’ software cost millions, used for ‘classified social media activities’”, Stephen Webster provides details about a contract issued by the USAF to develop software that will allow it to create, manage, and operate an army of sock puppets worldwide. In “US Military Caught Manipulating Social Media, Running Mass Propaganda Accounts” the Guardian describes how US online psychological operations are aimed at countering extremist ideology and propaganda.

The fact that the military is using social media (SM) manipulation tools to fight the war is laudable. It’s about time they started using asymmetrical methods to carry the war into the back alley Internet cafes where virtual battlefields of radicalization are raging.

The national defense agencies, which are among the most technical and professional organizations, are self-conscious about the pros and cons of dabbling with social media information influence operations. The USAF social media guide illustrates these concerns. It offers a detailed recommendations for engaging in this type of activity. For example, the social media information guide provides the following diagram:

Yaacov Apelbaum - USAF social media Distribution

In another section, the “guidelines to assist Airmen in engaging online conversations” offers a list of the following dos and don’ts:

No Classified Info
Do not post classified or sensitive information (for example, troop movement, force size, weapons details, etc.). If in doubt, talk to your supervisor or security manager.

Replace Error with fact Not Argument
When you see misrepresentations made about the Air Force in social media, you may certainly use your blog, their’s, or someone else’s to point out the error. Always do so with respect and with the facts. When you speak to someone with an adversarial position, make sure that what you say is factual and is not disparaging. Avoid arguments.

Admit Mistakes
Be the first to respond to your own mistakes. If you make an error, be up front about your mistake and correct it quickly. If you choose to modify an earlier post, make it clear that you have done so (such as by using the strikethrough function).

Use Your Best Judgment
Remember there are always consequences to what you write. If you’re still unsure, and the post is about the Air Force, discuss your proposed post with your supervisor. Ultimately, however, you have sole responsibility for what you choose to post to your blog.

Avoid The Offensive
Do not post any defamatory, libelous, vulgar, obscene, abusive, profane, threatening,
racially and ethnically hateful, or otherwise offensive or illegal information or material.

Avoid Copyright
Do not post any information or other material protected by copyright without the permission of the copyright owner.  Also, consider using a Creative Commons license to protect your own work (see
http://creativecommons.org for details).

Trademarks-  Don’t Breach
Do not use any words, logos or other marks that would infringe upon the trademark, service mark, certification mark, or other intellectual property rights of the owners of such marks without the permission of such owners.

Don’t Violate Privacy
Do not post any information that would infringe upon the proprietary, privacy or personal rights of others.

Avoid Endorsements
Do not use the Air Force name to endorse or promote products, opinions or causes.

No Impersonations
Do not forge or otherwise manipulate identifiers in your post in an attempt to disguise, impersonate or otherwise misrepresent your identity or affiliation with any other person or entity.

Use Disclaimers
Identify to readers of a personal social media site or post that the views you express are yours alone and that they do not necessarily reflect the views of the Air Force. Use a disclaimer such as: “The postings on this site are my own and don’t necessarily represent Air Force positions, strategies or opinions.”

Stay In Your Lane
Discussing issues related to your AFSC or personal experiences is acceptable but do not
discuss areas of expertise for which you have no background or knowledge.

So, what seems to be the problem?
Considering the fact that SM manipulation tools bridge/breech numerous EULA and some  jurisdictional boundaries, it’s likely that these tools will end up violating some privacy laws. But with that having been said, I also have the utmost faith in the military’s ability to regulate and control itself. Between the office of the inspector general, the Uniform Code of Military Justice, and the clear constitutional limitations imposed on the military’s ability to operate on US soil, I think that there are enough checks and balances to prevent wide scale domestic Orwellian style abuse of this technology.

So, what seems to be the problem? Well, the issue is that at this point, large parts of the OSINT collection, monitoring, analysis, and delivery, are no longer being carried out by the military/three letter government agencies. Rather, it’s being conducted by a horde of private intelligence firms such as: Palantir, Stratfor, HBGary Federal, Berico Technologies, Endgame Systems, and Booz Allen Hamilton which recently gained notoriety thanks to Edward Snowden’s mega leaks.

A better insight into the functioning of this rent-an-intelligence world of shadows can be gleaned from the hack by LulzSec. In 2010, the group successfully breached the private intelligence firm HBGary/HBGary Federal. The hack captured over 75,000 e-mails. It revealed the close cooperation between large commercial firms such as Bank of America and various government agencies. For example, it showed that BoA solicited the Department of Justice for help regarding possible disclosure by WikiLeaks. The Department of Justice then referred BoA to the political lobby firm Hunton and Willliams, which in turn connected the bank with a group of information security ‘fixers’ known as Team Themis.

Team Themis—a group made up of HBGary Federal and the intelligence firms Palantir Technologies (named after Saruman’s seeing stone in J. R. Tolkien’s Lord of the Rings), Berico Technologies, and Endgame Systems—was consulted regarding ways to destroy the credibility of WikiLeaks and Glenn Greenwald, a Salon reporter who wrote favorably about WikiLeaks. The strategy, sought to “sabotage or discredit the opposing organization” and even included a plan to submit fake leaked documents and then call out the error.

Interestingly, some of the leaked documents contained Palantir’s and HBGary’s PowerPoint decks and e-mails which detailed various Machiavellian schemes. One notable example was the strategy for destroying the credibility of Glenn Greenwald.

Yaacov Apelbaum - Palantir presentation about Glenn Greenwald 2

Yaacov Apelbaum - Palantir and WikiLeaks

Even more troubling were plans to use malicious software to hack into computers owned by various ‘opponents’ and their families. The e-mails show a proposal to develop and use “custom malware” and “zero day” exploits to gain control of a target’s computer network in order to snoop their files, delete content, monitor keystrokes, and manipulate websites.

Yaacov Apelbaum - HBGary Exploit Development Services

In one e-mail, a 27 year old Matthew Steckman, a Palantir employee who was central to the Themis operations, boasted:

We are the best money can buy! Damn it feels good to be a gangsta.

The gangsta lifestyle
It turns out that Palantir, in addition to living the “gangsta” life style to the fullest was also shooting ‘sideways’ at it’s competitors by allegedly misappropriating IP by fraudulent means and conducting domestic industrial espionage.

The bizarre story revolves around Shyam Sankar, Palantir’s Director of Forward Deployed Engineering who allegedly represented himself as a principal of SRS Enterprises, a straw company registered under the names of his parents in Florida, he and his brother fraudulently obtained i2 competing software solutions and then reversed engineered/used it to design Palantir’s products.

Yaacov Apelbaum i2 Palantir lawsuit
Image 1: i2 Civil Action Against Palantir

 

Yaacov Apelbaum- S R S Enterprises Llc
Image 2: Company registration Details for SRS

Shyam Sankar 
Image 3: Shyam Sankar

Yaacov Apelbaum - Shyam Sankar Palantir

I don’t know if all of these allegations are true because the case was just settled before going to trail, but if even some of details are correct, this is the stuff that cheep spy novels are made out of.

Bring out the clowns
I’m not sure what I find to be more outrages in this case, HBGary Federal’s and Palantir’s complete disregard for the law or their nonchalant gangster attitude. I have no problem rationalizing the military’s proposal to carefully use software like MetalGear to conduct “classified blogging activities on foreign-language Web sites to enable CENTCOM to counter violent extremist and enemy propaganda outside the U.S.”, but Palantir and HBGary were proposing to use this information warfare technologies wholesale on US soil for subversive (and most likely illegal) corporate and financial gain.

Several months after the attack against HBGary Federal, Anonymous hacked into another private intelligence firm Stratfor. They released a stash of about five million e-mails which provided deep insight into how the private security/intelligence companies view themselves vis-a-vis government agencies like the CIA. and FBI.

In one e-mail to his employees, Stratfor chairman arrogantly dismisses the CIA’s capabilities.  He writes:

From: George Friedman [mailto:gfriedman@stratfor.com]
Sent: Wednesday, December 29, 2004 9:13 AM
To: analysts@stratfor.com; exec@stratfor.com
Subject: CIA head of analysis fired

Jamie Miscik, Deputy Director of Intelligence at the CIA was fired today. As
DDI, she ran the analytic shop. According to media reports, she was fired
for squandering resources on day to day reports while ignoring the broad
trends. In other words, she was fired for looking at the trees and being
unable to see the forest. She was also accused of spending too much time
updating policy makers and too little time trying to grasp the broad
trends–giving customers what they wanted instead of what they needed. In
the end, it was her customers that turned on her.
My charge against her was and remains that she took no pride in her craft
and turned intelligence into PR and shoddy process. She and her gang are now
history.

This gives Stratfor an enormous, historic opportunity. The CIA model of
analysis has been invalidated. The ponderous, process driven machine that
could only manage the small things now needs to be replaced by a robust,
visionary, courageous analytic system. Stratfor has the opportunity to show
the way. In fact, we are showing the way. Everyone in Langley knows that we
do things they have never been able to do with a small fraction of their
resources. They have always asked how we did it. We can now show them and
maybe they can learn.

Reading this statement makes you wonder how the CIA has ever managed all of these years without Strafor’s robust, visionary, and courageous guidance.

Stratfor Also illustrated their ability to collect deep intelligence by performing private surveillance activities on US soil of protestors in Occupy Austin movement. To achieve this, one of their ‘agents’ went undercover and joined an Occupy Austin meeting in order to gain insight into how the group operated.

Yet, in another e-mail reveals their ability to gain access to secret government documents. Fred Burton, the Stratfor vice president for Intelligence told one corporate client: “The F.B.I. has a classified investigation [that may be of interest and]…I’ll see what I can uncover.” in similar e-mail, he claims to have access to top secret materials captured during the raid on the OBL [Osama Bin Laden] compound and goes as far as offering a Q&A session regarding it’s content:

From: Fred Burton
To: Secure List
Subject: OBL take — quick response needed
Sent: May 12, 2011 15:25

I can get access to the materials seized from the OBL safe house.
What are the top (not 45) questions we want addressed?

Sean Noonan
Tactical Analyst
Office: +1 512-279-9479
Mobile: +1 512-758-5967
Strategic Forecasting, Inc.
www.stratfor.com

Now, I could understand if Strafor was offering supplementary intel to various government agencies, but the ironic implication here is that they are syphoning classified information from the government and handing it over to their corporate clients.

Indeed, as Morpheus stated, “Fate, it seems, is not without its sense of irony”, Stratfor, the organization that prided itself on teaching the CIA a thing or two about security and intelligence gathering got Pwnd through the most benign means. When you read the details of the Stratfor and HBGary exploits, you can’t help but scratch your head in amazement.

For example:

HBGary website failed through a simple SQL injection. The site didn’t scrub nor sanitize any requests. This allowed the attackers to quickly retrieve the site’s User IDs and Passwords.

With a User ID and Password in their possession, they download the entire user database. Next, they proceeded to crack it. If the password database was properly protected, they would have gotten nowhere, but again, poor security design enabled them to retrieve all the passwords. It turns out that the HBGary Federal database stored passwords in simple MD5 hashes. To overcome this, the attackers used readily available rainbow tables.

After getting the passwords of two of HBGary’s executives, Aaron Barr and Ted Vera, they discovered that the passwords only consisted of eight characters: six lower-case letters and two numbers. With the User ID and Password details of the two executives, the attackers found out that this pair reused their passwords in multiple applications, including: e-mail accounts, LinkedIn (see bellow), Twitter and a customer facing server. So now Anonymous was able to access their e-mails too.

Yaacov Apelbaum - HBGary's Aaron Barr Hacked Linkedin
Image 4: Aaron Barr’s 2013 defaced LinkedIn page

Yaacov Apelbaum - HBGary's Aaron Barr Hacked Linkedin-After
Image 5: Aaron Barr’s 2014 updated LinkedIn pages (note the striped personal details and the recommendation by Pulkit Kapila, from Bozz Allen Hamilton

Aaron Barr LinkedIn Page 2018
Image 6: Aaron Barr’s 2018 LinkedIn page

The accounts on the support server belonged to ordinary users but the system wasn’t patched against a privilege elevation attack. Now, with administrative access and due to the fact that one of the executives was also the administrator of the entire e-mail system, Anonymous gained full control of all HBGary Federal e-mail accounts. Using this vulnerability, they gained access to the account of another executive, Greg Hoglund, where they found an e-mail containing the root password for the entire site.

Anonymous had a root password, but couldn’t access the site server from outside of the firewall. They needed to login as a standard user and then switch to root.

To achieve this, they utilized a simple social engineering exploit. Using Greg Hoglund’s account, they contacted an administrator who had root access to the server. Through an e-mail exchange, they said that they had a problem logging in to the server and convinced the root admin to reset Greg’s password and also reveal his username–the two pieces of information they needed to complete their exploit and gain access to the Stratfor list of customers and their credit card files, which interestingly enough, were kept in a plane text file.

This wasn’t unique to HBGary or Strafor. In all hacking cases involving private security or intelligence companies, the analysis of the attack shows that it was executed via the most rudimentary methods. No mission impossible scenarios took place, the root cause was just your common run of the mill information security negligence and incompetence.

On feeding the bottom feeders
Time and time again, these von Wallenstein style wannabe spies have proven themselves to be a legal and an ethical liability. Regardless of their patriotic pitch and public assertions of lofty ideals such as “solve the most important problems for the world’s most important institutions”, most of these individuals and companies are bottom feeders who are in it just for a fistful of dollars and narcissistic bragging rights. From the various e-mails disclosed, its obvious that they have no qualms conducting for-pay spying, psychological warfare, and character assassination operations against US targets and their families on US soil.

image Aaron Barr the Man with the thousand faces
Image 6: Aaron Barr as a wannabe secret service agent and a few of his other personas

Due to poor government controls and complete lack of moral scruples from guns for hire like Aaron Barr, this form of for hire domestic surveillance and influence operations will only become more prevalent. If you are curious about what ever happened to Barr, the answer is nothing. He just walked away from the scandal smelling like a rose. After HBGary went out of business, he scrubbed his on-line persona, re-wrote his LinkedIn profile, and resurfaced in 2016 as a progressive, environmentally friendly activist who is dedicated to promoting Russian collusion, climate change awareness, and a privacy advocate.

Aaron Barr Promoting Russian Collusion 
image
Image 7: Aaron Barr the champion of transparency and a crusader against Wikileaks

Regardless of how attractive privatizing intelligence operations may seem at the moment, ultimately national intelligence should be managed by military and career civil servants that should report to elected officials who in turn should have specific term limits. True, this may not be the best way; after all, J Edgar Hoover managed to abuse the process throughout the terms of six different presidents. But in the end, the system does self-correct. It has been doing that now for over two hundred years.

*** Update 11/1/2017 harvested new imagery for Aaron Barr and updated some related content ***

© Copyright 2013 Yaacov Apelbaum. All Rights Reserved.

21 thoughts on “On Privatizing Intelligence Gathering

  1. Pingback: Anonymous Comment
  2. I think that you are a bit naive if you think that all of this activity takes place without the government being fully aware of the repercussions. The reason why these companies continue to operate is to allow plausible deniability. In a way, it’s not much different than Ford using the Pinkerton Detective agency to bust his own unions.

  3. Interesting observation about private intelligence gathering.

    I have two points:

    1. This activity has been going on since 2002
    2. Most of these players also work on full time defense contracts

    These organizations are very incestual and well connected, breaking this monopoly would be like breaking Wall Street’s control of banking and trading.

  4. Certainly looks like some of these private contracting firms you’ve mentioned are shadow representations of various three letter government agencies who have assumed the personas of commercial companies in order to duck the scrutiny of controls like the FISA courts.

    • Yes, you can make a lot of impassionate arguments about the police state we live in, big brother watching, and the abuses of executive powers, but ultimately, rather you like it or not, this is boiling down to striking a balance between an ideal Utopian existence and the brutish/nasty world we live in.

      As Hobbes stated:

      “[In a state of war] No arts; no letters; no society; and which is worst of all, continual fear and danger of violent death; and the life of man, solitary, poor, nasty, brutish, and short.”

      The threats against the US are real and increasingly more sophisticated. It’s the NSA’s charter to detect and report such threats. It’s a tough job to on one hand be responsible for detecting these threats (some of which include domestic sources) and on the other hand provide us hundred percent privacy protection in every aspect of our daily life.

      As I’ve said in the posting, the constitution, in its marvel, does allow for self correction. As you can see in the example of US District Judge Richard Leon’s rulling granting an injunction to shut down the NSA’s Bulk Telephony Metadata Program.

      http://cdn.arstechnica.net/wp-content/uploads/2013/12/klayman.opinino.pdf

      It’s true, this ruling may be overturned by the applet court, but I think that the momentum behind this is unstoppable and sooner or later we will see better regulation and enforcement of future privacy infringements.

  5. Pingback: A-non-e-mus
  6. As Forbes described it, “The bottom line: A CIA-funded firm run by an eccentric philosopher has become one of the most valuable private companies in tech, priced at between $5 billion and $8 billion…”
    This is just another example of how the government uses tax payer money to create crony organization where retiring public servants can go and collect $$$ in consulting fees.

  7. Their mission statement seems pretty banal, “Our mission at Palantir is to empower and enable people everywhere to share information through highly functional websites and interactive software.” The only question that I have is who are these “people” that they are referring to?

  8. Pingback: ベビ
  9. Hobbes said that without the state there would be nothing but a person’s own individual strength to stop the violation of his person or property. He claimed that social order will breakdown without some “common power” or law to hold people in “awe.”
    For these reasons he thought governments and states were necessary to provide these things. But why? Why assume that other, non-governmental institutions can’t provide them? After all, if you bought a piece of property, say some land, or a house, or a business, when it came to security you wouldn’t immediately ask yourself if you were paying enough tax, whether the government was a strong and ruthless one.

    You would check to see that you had firm doors, with strong locks, that the windows were out of reach or tough to break, and wonder whether you want bars or a grill for them. You will wonder whether it is worth investing in a burglar alarm, or a security system, or some watch dogs, or security guards; whether to buy a gun or stick.

    Large proportions of disputes in commercial law are handled, not by the government’s courts, but by arbitration firms. With a large number of personal injury cases insurance companies negotiate between themselves, in order to avoid legal costs, to reach settlements out of court, and so provide private alternatives to government’s courts.

    Alternatively they might handle such cases in courts provided by arbitration firms. All these things are not provided by the state, but by the market, through private voluntary agreement. When it comes to arranging the protection of your person and property, the state is the last thing you think of.
    As the state’s provision of these services deteriorates (due to the inevitable inefficiency of nationalised industries) similar private means will be used more and more. These privates means will also include (already do) private intelligence firms.

    You can see the full text of “If Hobbes is Right, Then he is Wrong” here: http://againstpolitics.com/if-hobbes-is-right-then-he-is-wrong

  10. It’s hardly a question of Gov vs. private contractors. Using private contractors in these types of cases is a way to cut down on liability and allow for plausible deniability. Is this so much different than privatizing correctional facilities?

Leave a Reply

Your email address will not be published. Required fields are marked *