Uber’s Wikileaks revelation is one of the first public statements from the semi-secret Project Vigilant. He says the 600-person “volunteer” organization functions as a government contractor bridging public and private sector security efforts. Its mission: to use a variety of intelligence-gathering efforts to help the government attribute hacking incidents. “Bad actors do bad things and you have to prove that they did them,” says Uber. “Attribution is the hardest problem in computer security.”
According to Uber, one of Project Vigilant’s manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users’ Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can “develop portfolios on any name, screen name or IP address.”
“We don’t do anything illegal,” says Uber. “If an ISP has a EULA to let us monitor traffic, we can work with them. If they don’t, we can’t.”
And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defin… >>>