A reader found a very interesting email among the HBGary emails: Chet Uber emailed–after having tried to call–HBGary CEO Greg Hoglund on June 23, 2010.
> I would like to speak to Mr. Hoglund. My name is Chet Uber
> and I was given his name by common associates as someone I should speak with.
> The nature of our work is highly sensitive so no offense but I cannot explain
> the details of my call. I was given a URL and a phone number. I was not given
> his direct line and every time I try to get an attendant you phone system
> disconnects me. Would you please forward him this email to him. The links below
> are new and as much information as we have ever made public.
> Sorry for the mystery but in my world we are careful about
> our actions and this is something interpreted as rudeness. I am being polite,
> so any cooperation you can provide is greatly appreciated.
In response to the email, Hoglund asks Bob Slapnick to check Uber out with someone at DOD’s CyberCrime Center.
Chet Uber, as you’ll recall, is the guy who held a press conference at DefCon on August 1 to boast about his role in helping Adrian Lamo turn Bradley Manning in to authorities. Mark Rasch is the former DOJ cybercrimes prosecutor who claims to be Project Vigilant’s General Counsel and who says he made key connections with the government on Manning.
Mind you, the multiple versions of Uber’s story of his involvement in turning in Manning are inconsistent. At least a couple versions have Lamo calling Uber in June, after Manning had already been arrested.
So there are plenty of reasons to doubt the Lamo and Uber story. And security insiders have suggested the whole Project Vigilant story may be nothing more than a publicity stunt.
Furthermore, this email may be more of the same. Uber may have been doing no more than cold-calling Hoglund just as he was making a big publicity push capitalizing on the Manning arrest.
But consider this.
Lamo’s conversations with Manning have always looked more like the coached questions of someone trying to elicit already-suspected details than the mutual boasting of two hackers. Because of that and because of the inconsistencies and flimsiness of the Project Vigilant story, PV all looked more like a cover story for why Lamo would narc out Bradley Manning than an accurate story. And Uber’s email here and his DefCon press conference may well be publicity stunts. But then, that’s what Aaron Barr’s research on Anonymous was supposed to be: a widely publicized talk designed to bring new business. But a key part of the PV story was the claim that Adrian Lamo had volunteered with the group working on “adversary characterization.”
Uber says Lamo worked as a volunteer research associate for Project Vigilant for about a year on something called adversary characterization, which involved gathering information for a project on devising ways to attribute computer intrusions to individuals or groups. He helped define the roles, tools and methods intruders would use to conduct such attacks.
While it is described as more technical, that’s not all that different from what Aaron Barr was doing with social media on Anonymous.
One more thing. Consider what DOJ has been doing since the time Lamo turned in Manning and now: asking social media providers for detailed information about a network of people associated with Wikileaks. That is, DOJ appears to have been doing with additional legal tools precisely what Barr was doing with public sources.
That’s likely all a big coinkydink. But these security hackers all seem to love turning their freelance investigations into big publicity stunts.