The huge WikiLeaks scandal that forced the resignation of cyber-security company HBGary's CEO, Aaron Barr should also take down the company's proposal to the Department of Defense for the latest in
leaker prevention.
Last August, as Danger Room reported, blue-sky research firm Darpa asked software engineers to design a system to sift through Defense Department e-mail, web and network usage for “anomalous missions” indicating that a user might intend to siphon sensitive information to unauthorized entities. The program is called CINDER, short for the Cyber Insider Threat Program. It’s managed by legendary hacker Peiter “Mudge” Zatko.
Months before HBGary became synonymous with an attack against WikiLeaks and its posse, Barr offered Darpa a way to make CINDER a reality, potentially taking down the next big U.S. government secret-leaker.
Barr’s September 17 proposal to Darpa envisioned CINDER as an online lie detector, searching for peaks and troughs in virtual “adrenaline” during a user’s network activity.” (The story was reported by our sister site Ars Technica in February.) [W]e will have a rootkit on the host that monitors keystrokes, mouse movements, and visual cues through the system camera,” Barr pitched.
“We believe that during particularly risky activities we will see more erratic mouse movements and keystrokes,” wrote Barr, “as well as physical observations such as surveying surroundings, shifting more frequently, etc.”
He called his proposed creation a “Paranoia Meter” — a “human factor and activity correlation engine.”
That requires collecting a lot of data, HBGary’s proposal acknowledges: The only way to judge anomalous user behavior is to create a model for normal behavior; that in turn requires mapping normal behavior for the median user — which in the Defense Department’s case is millions of people....
Once collected, data would be assigned numeric value varying with a specific user, in order to gauge who’s suspicious and who isn’t. For example: “Do they encrypt files (+10), do they regularly explore the data stores (+5). Are they part of a corporate effort to bring horizontal visibility across their business verticals (-5). Is the person a prolific author and not just a consumer of data on a particular topic or program (-10).”
Nor did HBGary expect to keep its “Paranoia Meter” limited to Defense Department use. “HBGary plans to transition technology into commercial products,” it specified on its proposal.
Darpa hasn’t issued a contract for CINDER yet. So far, it’s collected just over 50 interested vendors, ranging from mega-intel contractors like California’s SAIC to Virginia’s Blackbird Technologies, an internet security firm that recently branched out into warzone personnel-recovery tech. HBGary isn’t on the newest vendor list.
The proposal's at least aptly named. Hopefully HBGary will stay off of the DoD vendor list. It should. The WikiLeaks scandal was even too much for the Republicans on a House Armed Services subcommittee, whose chairman, Rep. Mac Thornberry (R-Texas), has called for an investigation. The subcommittee has demanded the DoD and National Security Agency provide all information they have on existing contracts with HBGary, along with its partners Palantir Technologies and Berico Technologies.