Information About Entities of Particular
Interest- Romas-COIN, Endgame
Systems, Cubic Corporation, Trapwire,
In-Q-Tel, Qorvis, Stratfor, Provide
From Project PM
Jump to: navigation, search
Project PM operates this wiki in order to provide a centralized, actionable data set regarding the
intelligence contracting industry, the PR industry's interface with totalitarian regimes, the
mushrooming infosec/"cybersecurity" industry, and other issues constituting threats to human
rights, civic transparency, individual privacy, and the health of democratic institutions.
So what is this?
This is a crowdsourced investigation focused on research and analysis. If you care that the
surveillance state is expanding in capabilities and intent without being effectively opposed by the
population of the West, you can assist in making this an actionable resource for journalists,
activists, and other interested parties. Consider doing a bit of research on the companies and
government agencies listed on this wiki, or even adding new topic for investigation by our
Due to ceaseless vandalism, only registered accounts may edit most of the existing pages on this
If you'd like to contribute information without editing the wiki yourself, you may do so by
sending the info to us at email@example.com (more secure means of communication can be
arranged if you care to send an anonymous e-mail to that account). If you have personal
knowledge about this topic for any reason, please consider letting us know via that e-mail
address. Another great resource on this subject matter is the Telecomix Blue Cabinet wiki.
BuggedPlanet.info also operates a small but related site.
To browse through the complete list of pages on this site, click here. Some important pages are
listed below. For a list of terms used in these articles, you can check the Glossary and Acronyms
Entities of Particular Interest
Team Themis: Palantir, Berico, HBGary
• Endgame Systems
• Cubic Corporation
• Provide Security LLC
Also Possibly of Interest
• Media Reports
From Project PM
Jump to: navigation, search
The following report was released by Project PM in June 2011 and provides an overview of
Romas/COIN along with incidental information on some of the firms that were involved in
pursuing the contract throughout 2010 and early 2011. My initial announcement piece in The
Guardian is here. Additional information may be found in a follow-up piece by Tom Burghardt.
Further commentary on the subject by Lt. Col. Anthony Shaffer is available in this Russia Today
segment. All source material may be found here.
For at least two years, the U.S. has been conducting a secretive and immensely sophisticated
campaign of mass surveillance and data mining against the Arab world, allowing the intelligence
community to monitor the habits, conversations, and activity of millions of individuals at once.
And with an upgrade scheduled for later this year, the top contender to win the federal contract
and thus take over the program is a team of about a dozen companies which were brought
together in large part by Aaron Barr - the same disgraced CEO who resigned from his own firm
earlier this year after he was discovered to have planned a full-scale information war against
political activists at the behest of corporate clients. The new revelation provides for a disturbing
picture, particularly when viewed in a wider context. Unprecedented surveillance capabilities are
being produced by an industry that works in secret on applications that are nonetheless funded by
the American public – and which in some cases are used against that very same public. Their
products are developed on demand for an intelligence community that is not subject to
Congressional oversight and which has been repeatedly shown to have misused its existing
powers in ways that violate U.S. law as well as American ideals. And with expanded intelligence
capabilities by which to monitor Arab populations in ways that would have previously been
impossible, those same intelligence agencies now have improved means by which to provide
information on dissidents to those regional dictators viewed by the U.S. as strategic allies.
The nature and extent of the operation, which was known as Romas/COIN and which is
scheduled for replacement sometime this year by a similar program known as Odyssey, may be
determined in part by a close reading of hundreds of e-mails among the 70,000 that were stolen
in February from the contracting firm HBGary Federal and its parent company HBGary. Other
details may be gleaned by an examination of the various other firms and individuals that are
discussed as being potential partners.
Of course, there are many in the U.S. that would prefer that such details not be revealed at all;
such people tend to cite the amorphous and much-abused concept of “national security” as
sufficient reason for the citizenry to stand idly by as an ever-expanding coalition of government
agencies and semi-private corporations gain greater influence over U.S. foreign policy. That the
last decade of foreign policy as practiced by such individuals has been an absolute disaster even
by the admission of many of those who put it into place will not faze those who nonetheless
believe that the citizenry should be prevented from knowing what is being done in its name and
with its tax dollars.
To the extent that the actions of a government are divorced from the informed consent of those
who pay for such actions, such a government is illegitimate. To the extent that power is
concentrated in the hands of small groups of men who wield such power behind the scenes, there
is no assurance that such power will be used in a manner that is compatible with the actual
interests of that citizenry, or populations elsewhere. The known history of the U.S. intelligence
community is comprised in large part of murder, assassinations, disinformation, the topping of
democratic governments, the abuse of the rights of U.S. citizens, and a great number of other
things that cannot even be defended on “national security” grounds insomuch as that many such
actions have quite correctly turned entire populations against the U.S. government. This is not
only my opinion, but also the opinion of countless individuals who once served in the
intelligence community and have since come to criticize it and even unveil many of its secrets in
an effort to alert the citizenry to what has been unleashed against the world in the name of
Likewise, I will here provide as much information as I can on Romas/COIN and its upcoming
Although the relatively well-known military contractor Northrop Grumman had long held the
contract for Romas/COIN, such contracts are subject to regular recompetes by which other
companies, or several working in tandem, can apply to take over. In early February, HBGary
Federal CEO Aaron Barr wrote the following e-mail to Al Pisani, an executive at the much larger
federal contractor TASC, a company which until recently had been owned by Northrop and
which was now looking to compete with it for lucrative contracts:
"I met with Bob Frisbie the other day to catch up. He is looking to expand a capability in IO
related to the COIN re-compete but more for DoD. He told me he has a few acquisitions in the
works that will increase his capability in this area. So just a thought that it might be worth a
phone call to see if there is any synergy and strength between TASC and ManTech in this area. I
think forming a team and response to compete against SAIC will be tough but doable." IO in this
context stands for “information operations,” while COIN itself, as noted in an NDA attached to
one of the e-mails, stands for “counter intelligence.” SAIC is a larger intelligence contractor that
was expected to pursue the recompete as well. Bob Frisbie is the CEO of Mantech, a firm with
which would later offer Barr a position under a new firm to be created for the purpose.
Pisani agreed to the idea, and in conjunction with Barr and fellow TASC exec John Lovegrove,
the growing party spent much of the next year working to create a partnership of firms capable of
providing the “client” - a U.S. agency that is never specified in the hundreds of e-mails that
follow – with capabilities that would outmatch those being provided by Northrop, SAIC, or other
Several e-mails in particular provide a great deal of material by which to determine the scope and
intent of Romas/COIN. One that Barr wrote to his own e-mail account, likely for the purpose of
adding to other documents later, is entitled “Notes on COIN.” It begins with a list of entries for
various facets of the program, all of which are blank and were presumably filled out later: “ISP,
Operations, Language/Culture, Media Development, Marketing and Advertising, Security,
MOE.” Afterwards, another list consists of the following: “Capabilities, Mobile Development,
Challenges, MOE, Infrastructure, Security.” Finally, a list of the following websites is composed,
many of which represent various small companies that provide niche marketing services pursuant
to mobile phones.
More helpful is a later e-mail from Lovegrove to Barr and some of his colleagues at TASC in
which he announces the following:
Our team consists of: - TASC (PMO, creative services) - HB Gary (Strategy, planning,
PMO) - Akamai (infrastructure) - Archimedes Global (Specialized linguistics,
strategy, planning) - Acclaim Technical Services (specialized linguistics) - Mission
Essential Personnel (linguistic services) - Cipher (strategy, planning operations) -
PointAbout (rapid mobile application development, list of strategic partners) -
Google (strategy, mobile application and platform development - long list of
strategic partners) - Apple (mobile and desktop platform, application assistance
-long list of strategic partners) We are trying to schedule an interview with ATT plus
some other small app developers.
From these and dozens of other clues and references, the following may be determined about the
nature of Romas/COIN:
1. Mobile phone software and applications constitute a major component of the program.
2. There's discussion of bringing in a “gaming developer,” apparently at the behest of Barr, who
mentions that the team could make good use of “a social gaming company maybe like zynga,
gameloft, etc.” Lovegrove elsewhere notes: “I know a couple of small gaming companies at MIT
that might fit the bill.”
3. Apple and Google were active team partners, and AT&T may have been as well. The latter is
known to have provided the NSA free reign over customer communications (and was in turn
protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only
company to have received a “Hostile to Privacy” rating from Privacy International. Apple is
currently being investigated by Congress after the iPhone was revealed to compile user location
data in a way that differs from other mobile phones; the company has claimed this to have been a
4. The program makes use of several providers of “linguistic services.” At one point, the team
discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can
get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These
linguists are not only going to be developing new content but also meeting with folks, so they
have to have native or near native proficiency and have to have the cultural relevance as well.”
5. Alterion and SocialEyez are listed as “businesses to contact.” The former specializes in “social
media monitoring tools.” The latter uses “sophisticated natural language processing
methodology” in order to “process tens of millions of multi-lingual conversations daily” while
also employing “researchers and media analysts on the ground;” its website also notes that
“Millions of people around the globe are now networked as never before - exchanging
information and ideas, forming opinions, and speaking their minds about everything from
politics to products.”
6. At one point, TASC exec Chris Clair asks Aaron and others, “Can we name COIN Saif? Saif
is the sword an Arab executioner uses when they decapitate criminals. I can think of a few cool
brands for this.”
7. A diagram attached to one of Barr's e-mails to the group (http://imageshack.us/photo/my-
images/7/pmo.png/) depicts MAGPII as interacting in some unspecified manner with “Foreign
Mobile” and “Foreign Web.” MAGPII is a project of Barr's own creation which stands for
“Magnify Personal Identifying Information,” involves social networking, and is designed for the
purpose of storing personal information on users. Although details are difficult to determine from
references in Barr's e-mails, he discusses the project almost exclusively with members of
military intelligence to which he was pitching the idea.
8. There are sporadic references such things as “semantic analysis,” “Latent Semantic Indexing,”
“specialized linguistics,” and OPS, a programming language designed for solving problems
using expert systems.
9. Barr asks the team's partner at Apple, Andy Kemp (whose signature lists him as being from
the company's Homeland Defense/National Programs division), to provide him “a contact at
Altogether, then, a successful bid for the relevant contract was seen to require the combined
capabilities of perhaps a dozen firms – capabilities whereby millions of conversations can be
monitored and automatically analyzed, whereby a wide range of personal data can be obtained
and stored in secret, and whereby some unknown degree of information can be released to a
given population through a variety of means and without any hint that the actual source is U.S.
military intelligence. All this is merely in addition to whichever additional capabilities are not
evident from the limited description available, with the program as a whole presumably being
operated in conjunction with other surveillance and propaganda assets controlled by the U.S. and
Whatever the exact nature and scope of COIN, the firms that had been assembled for the purpose
by Barr and TASC never got a chance to bid on the program's recompete. In late September,
Lovegrove noted to Barr and others that he'd spoken to the “CO [contracting officer] for COIN.”
“The current procurement approach is cancelled [sic], she cited changed requirements,” he
reported. “They will be coming out with some documents in a month or two, most likely an
updated RFI [request for information]. There will be a procurement following soon after. We are
on the list to receive all information." On January 18th of next year, Lovegrove provided an
update: “I just spoke to the group chief on the contracts side (Doug K). COIN has been replaced
by a procurement called Odyssey. He says that it is in the formative stages and that something
should be released this year. The contracting officer is Kim R. He believes that Jason is the
COTR [contracting officer's technical representative].” Another clue is provided in the ensuing
discussion when a TASC executive asks, “Does Odyssey combine the Technology and Content
pieces of the work?”
The unexpected change-up didn't seem to faze the corporate partnership, which was still a top
contender to compete for the upcoming Odyssey procurement. Later e-mails indicate a meeting
between key members of the group and the contracting officer for Odyssey at a location noted as
“HQ,” apparently for a briefing on requirements for the new program, on February 3rd of 2011.
But two days after that meeting, the servers of HBGary and HBGary Federal were hacked by a
small team of Anonymous operatives in retaliation for Barr's boasts to Financial Times that he
had identified the movement's “leadership;” 70,000 e-mails were thereafter released onto the
internet. Barr resigned a few weeks later.
Along with clues as to the nature of COIN and its scheduled replacement, a close study of the
HBGary e-mails also provide reasons to be concerned with the fact that such things are being
developed and deployed in the way that they are. In addition to being the driving force behind
the COIN recompete, Barr was also at the center of a series of conspiracies by which his own
company and two others hired out their collective capabilities for use by corporations that sought
to destroy their political enemies by clandestine and dishonest means, some of which appear to
be illegal. None of the companies involved have been investigated; a proposed Congressional
inquiry was denied by the committee chair, noting that it was the Justice Department's decision
as to whether to investigate, even though it was the Justice Department itself that made the initial
introductions. Those in the intelligence contracting industry who believe themselves above the
law are entirely correct.
That such firms will continue to target the public with advanced information warfare capabilities
on behalf of major corporations is by itself an extraordinary danger to mankind as a whole,
particularly insomuch as that such capabilities are becoming more effective while remaining
largely unknown outside of the intelligence industry. But a far greater danger is posed by the
practice of arming small and unaccountable groups of state and military personnel with a set of
tools by which to achieve better and better “situational awareness” on entire populations while
also being able to manipulate the information flow in such a way as to deceive those same
populations. The idea that such power can be wielded without being misused is contradicted by
even a brief review of history.
History also demonstrates that the state will claim such powers as a necessity in fighting some
considerable threat; the U.S. has defended its recent expansion of powers by claiming they will
only be deployed to fight terrorism and will never be used against American civilians. This is
cold comfort for those in the Arab world who are aware of the long history of U.S. material
support for regimes they find convenient, including those of Saddam Hussein, Hosni Mubarak,
and the House of Saud. Nor should Americans be comforted by such promises from a
government that has no way of ensuring that they will be kept; it was just a few months ago that
a U.S. general in Afghanistan ordered a military intelligence unit to use pysops on visiting
senators in an effort to secure increased funding for the war, an illegal act; only a few days prior,
CENTCOM spokesmen were confidently telling the public that such other psychological
capabilities as persona management would never be used on Americans as that would be illegal.
The fact is that such laws have been routinely broken by the military and intelligence
community, who are now been joined in this practice by segments of the federal contracting
It is inevitable, then, that such capabilities as form the backbone of Romas/COIN and its
replacement Odyssey will be deployed against a growing segment of the world's population. The
powerful institutions that wield them will grow all the more powerful as they are provided better
and better methods by which to monitor, deceive, and manipulate. The informed electorate upon
which liberty depends will be increasingly misinformed. No tactical advantage conferred by the
use of these programs can outweigh the damage that will be done to mankind in the process of
Barrett Brown Project PM
From Project PM
Jump to: navigation, search
Endgame Systems (founded 2008) has been of interest to this investigation due to the firm's
close association with corrupt HBGary CEO Aaron Barr, their stated intent to avoid public
attention towards its work with the federal government, its longtime collaboration with Palantir
employee Matthew Steckman (whom Palantir fired in the wake of the Team Themis affair, quite
improbably claiming that Steckman had acted on his own), and its creation of a report on
Wikileaks and Anonymous which was provided to Team Themis for use in its campaign against
both entities. In July of 2011, an investigation by Business Week revealed the probable reasons
for the firm's secrecy:
People who have seen the company pitch its technology—and who asked not
to be named because the presentations were private—say Endgame
executives will bring up maps of airports, parliament buildings, and corporate
offices. The executives then create a list of the computers running inside the
facilities, including what software the computers run, and a menu of attacks
that could work against those particular systems. Endgame weaponry comes
customized by region—the Middle East, Russia, Latin America, and China—
with manuals, testing software, and “demo instructions.” There are even
target packs for democratic countries in Europe and other U.S. allies. Maui
(product names tend toward alluring warm-weather locales) is a package of
25 zero-day exploits that runs clients $2.5 million a year. The Cayman botnet-
analytics package gets you access to a database of Internet addresses,
organization names, and worm types for hundreds of millions of infected
computers, and costs $1.5 million. A government or other entity could launch
sophisticated attacks against just about any adversary anywhere in the world
for a grand total of $6 million...
Endgame’s price list may be the most important document in the collection. If
the company were offering those products only to American military and
intelligence agencies, such a list would be classified and would never have
shown up in the HBGary e-mails, according to security experts. The fact that
a nonclassified list exists at all—as well as an Endgame statement in the
uncovered e-mails that it will not provide vulnerability maps of the U.S.—
suggests that the company is pitching governments or other entities outside
the U.S. Endgame declined to discuss the specifics of any part of the e-mails,
including who its clients might be. Richard A. Clarke, former Assistant
Secretary of State and special adviser to President George W. Bush on
network security, calls the price list “disturbing” and says Endgame would be
“insane” to sell to enemies of the U.S.
Endgame bills itself thusly:
Endgame Systems provides innovative software solutions to meet customers
security needs in cyberspace. Our products include real-time IP reputation data,
protection of customers' critical information, proactive data analysis, and cutting
edge vulnerability research. Endgame's highly skilled workforce provides a full
range of engineering services and solutions that raise awareness of emerging
threats, and help prevent and respond to those threats globally. The company was
founded by a proven leadership team with a record of success in the information
security industry and is headquartered in Atlanta, GA.
Endgame's clients have included a number of U.S. intelligence agencies including the NSA. The
firm has a subsidiary called ipTrust. Beyond a presence at Shmoocon 2012, little has been heard
from the company publicly since they deleted their website in summer 2011 following the
release of this text and presumably after inquiries by Business Week on the subject of their
offensive capabilities and price list.
Compare to Team Cymru.
• 1 Secrecy
• 2 Company Aspects
• 3 Dates
• 4 Management
• 5 Board Members and Advisors
• 6 Investors
• 7 Contact Info
• 8 451 Group Report on Endgame &
o 8.1 Context
o 8.2 Technology
o 8.3 Products
o 8.4 Strategy
o 8.5 Competition
o 8.6 SWOT analysis
• 9 IP Addresses/Network
• 10 News
Endgame is intent on remaining under the radar and otherwise seeks to avoid public attention, as
show by the e-mail excerpts below:
Aaron Barr to Brian Masterson of Xetron: "But they are awfully cagey about their data. They
keep telling me that if their name gets out in the press they are done. Why?"
CEO Chris Rouland to employee John Farrell: "Please let HBgary know we don't ever want to
see our name in a press release."
John Farrell to Aaron Barr: "Chris wanted me to pass this along. We've been very careful NOT
to have public face on our company. Please ensure Palantir and your other partners understand
we're purposefully trying to maintain a very low profile. Chris is very cautious based on
feedback we've received from our government clients. If you want to reconsider working with us
based on this, we fully understand."
Aaron Barr to John Farrell: "I will make sure your [sic] a 'silent' partner and will ensure we are
careful about such sensitivities going forward."
Note: The following was written before Business Week's July article, which provides
additional context and is linked and excerpted above.
Although little info has been obtained regarding the specifics of Endgame's operations, e-mails
taken from the small firm Unveillance indicate similarities in at least one capacity to another
firm called LookingGlass. In one e-mail, the CEO of Unveillance is told, "One thing I could have
said is that your data is the main feeder for LookingGlass and Endgame." Earlier in the same
exchange, more clues appear when the following statement by a "friend/contractor in the
pentagon [sic]" is presented: "They [Unveillance] were discussed yesterday at a meeting about
the CSFI project on Syria. Frankly, I wasn’t all that blown away. Not sure what makes them
better than LookingGlass or Endgame."
Other clues are available in the same e-mail set, there being discussion of a potential purchase by
Endgame of a troubled firm called Defintel, from which the CEO of Unveillance proposes to
"'cherry pick' the talent" in order "to run the sinkhole/data creation component of our firm."
From another e-mail exchange:
14 Apr 2011 16:53:54 -0400
From: Wayne Teeple <firstname.lastname@example.org >
To:"email@example.com " <firstname.lastname@example.org >
Hi again Karim,
I was able to meet with Keith today, not much to say other than business as
usual. He was very reserved, but open enough, but not enough if you know
mean. He did confirm that Chris Davis has sold himself to Endgame along with
datafeed, and that Morrigan Research Inc is dissolved - see attached.
believe he sold his "IP" directly as an individual because Morrigan is
dissolved as oppose to shares acquired by Endgame.
Keith had nothing real to contribute other he is staying out of everything and
just focusing on Defintel biz, he did state that he does not require the
datafeed at all to execute the Nemesis cloud service, and that he has a
"non-compete" with you, Endgame, and Morrigan. Also, he is in touch with
Davis, and I get the impression that Davis may recommend Endgame acquiring
Defintel for Nemesis code - although that could be Davis blowing smoke up
Keith's you know what!! Keith did state that he is light on technical
Finally, we both agreed that Ginley is a lone wolf and a gun for hire by
All and all, I am very concerned about presenting this solution any further to
my clients, nor did I get a complete warm and fuzzy that he was completely on
the up and up.
Keith above refers to Defintel CEO Keith Murphy.
Compare the above statements on Morrigan and DefIntel to this tweet from Chris Davis.
Brian Masterson of Xetron worked with Endgame for quite a while and made a number of
references to the firm to Barr:
"They told me that they did 10M last year. Said they were working for NSA, Navy, and USAF.
Also mentioned another customer who we do work with. While I was at their place getting
briefed by Chris, Gen. Patraeus' exec called three times to set a follow-up meeting."
"EndGame did offer up a cut of their US data."
"Doing the botnet is not that difficult but doing it to the degree that EndGame says that they have
is what is impressive."
Barr himself had long sought to include Endgame in his proposed "consortium" of firms, which
itself would provide intelligence capabilities to clients (and which eventually came about in the
person of Team Themis, made up of HBGary, Palantir and Berico, with Endgame having
provided the team an unusually accurate report on Wikileaks and Anonymous. E-mail excerpts
"I know we are going to talk to some senior folks in Maryland in a few weeks and would very
much like to take a combined Endgame/Palantir/HBGary product."
"I think I had mentioned the idea of a cyber consortium to you when we had lunch. That idea is
coming together. We will start with cyber intelligence then when we have the capabilities fused
build in the hooks for cybersecurity. Need the information before you can act.
here are the companies on board and their area of expertise. Application - HBGary Host - Splunk
Network - Netwitness External - EndGame Systems Social/Link - Palantir"
John Farrell of Endgame Systems to Aaron Barr, 2/8/10:
"for now, let's focus on:
1. OSI RFP response - dan ingevaldson and I will work with you on this
2. EGS/Palantir integration - we talked to Matt Steckman last week and we're looking into next
steps on this
3. customer briefings and new business opportunities like ARSTRAT, etc."
A June 2010 e-mail sent from Ted Vera to fellow HBGary employees after a phone meeting with
Endgame provides additional data:
I tried to keep notes during the call -- my chicken scratch follows: EndGames is
tracking 60-65 botnets at this time. They have a ton of conflicker data, they're
plugged in and pull millions of related IPs daily. Their data is generally described in
their tech docs. They are pulling in data from IDS sensors, rolling in geolocation
information, and anonymous proxies / surfing next Quarter. EndGames does not do
any active scanning -- all passive. They intercept botnet messages and collect / log
to their database. The "SPAM" category is a generic filter that indicates the IP has
been used to pass SPAM. Higher chance for false positives with SPAM filter. They try
to correlate SPAM activities to known botnets, if they cannot correlate, then the
event gets a generic SPAM label. Confidence %: Documented in technical docs.
Primarily time-based. Looking at the overall length of infection for a given IP.
Looking at half-life / decay of infections on specific IPs. The algorithm is currently
very simple and time is the highest weighted factor, although the nature of the
event is also weighted, ie conficker has higher weight than SPAM event. Plan to
start discriminating between end-user nodes with dynamic IPs vs Enterprise / static
IPs. Static IPs would decay slower than dynamic. EndGames gets malware data from
various sources and REs it to pull out C2 and other traits that can be used for
signature / correlation. They have Sinkholes for Conficker A and B which collect IPs
of infected hosts.Cannot provide samples because they do not collect samples from
specific IPs. They are ID'ing based on their observations of IPs, taking advantage of
their hooks into various botnets. That said, they could probably gest us some
samples and or manual tests for Conficker A and B which we could use to verify /
eliminate false positives or negatives.
April 5, 2010 - John Farrell tells Aaron Barr he will no longer be accessible @ Endgame
October 2010 - Raised 29 million USD from Bessemer Ventures, Columbia Capital, Kleiner
Perkins Caufield & Byers (KPCB), and TechOperators, for web-based malware detection
October 28, 2010 - Endgame announces the launch of ipTrust, "the industry’s first cloud-based
botnet and malware detection service ... that collects and distills security data into a reputation
February 2011 - Endgame announces partnerships with HP and IBM to use their IP Reputation
Intelligence service within HP’s TippingPoint Digital Vaccine service and IBM’s managed
June 2011 - Endgame begins trying to purge its presence from the Web, taking its site offline
and deleting Linkedin profiles.
Christopher J. Rouland
Mr. Christopher Rouland, CEO and Co-Founder of Endgame Systems has over 20 years of
experience in the field of information security. Mr. Rouland previously held the position of CTO
and Distinguished Engineer of IBM Internet Security Systems after IBM purchased Internet
Security Systems, Inc. in 2006. Prior to the IBM acquisition of ISS, Chris held the position of
CTO of ISS where he was responsible for the overall technical direction of the ISS product and
services portfolio. Prior to his executive roles at IBM and ISS, Chris was the original Director of
the famed X-Force vulnerability research team which was responsible for the discovery of
hundreds of security vulnerabilities.
Mr. Daniel Ingevaldson, SVP of Product Management and Co-Founder of Endgame Systems
was previously the Director of Technology Strategy with IBM Internet Security Systems. Prior to
the acquisition of ISS by IBM in 2006, Mr. Ingevaldson held various positions within the ISS
Professional Services organization where he lead the X-Force Penetration Testing consulting
practice, and as Director of X-Force R&D where he helped expand the research capacity of the
X-Force zero-day vulnerability identification and disclosure program.
Mr. Raymond Gazaway, Senior Vice President and Co-Founder of Endgame Systems was
previously the Vice President of Worldwide Professional Security Services with IBM Internet
Security Systems. Ray joins Endgame Systems with over 30 years of government and
commercial services experience and executive management positions with IBM, Internet
Security Systems and Dun and Bradstreet.
Mr. David Miles, Vice President of Research & Development and Co-Founder of Endgame
Systems, brings nearly 10 years of experience in information security and was previously the
Director of R&D within ISS Professional Security Services managing strategic security research
engagements, designing and delivering custom cyber security products and solutions, as well as
assisting in emergency response services and forensic investigations. Prior to that, in X-Force, he
designed and implemented processes and procedures for delivery of hundreds of security content
updates for the entire ISS product portfolio.
Mr. Mark Snell, Chief Financial Officer of Endgame Systems, oversees all aspects of Finance
and Administration including financial planning, reporting and analysis, investor relations,
human resources, information technology and office management. Prior to Endgame Systems, he
was Corporate Controller at Suniva, a solar cell manufacturer based in Atlanta, Georgia. At
Suniva, he helped to develop the financial infrastructure and systems to manage a business that
would quickly become recognized as one of the fastest growing private companies in the
Southeast. Earlier in his career, Mark served as Corporate Controller of Servigistics, a software
developer in the service lifecycle space and in various positions of financial management for
IBM and Internet Security Systems. Mark holds an MBA from Georgia State University and a
Bachelor of Arts from the University of Virginia. Mark is a Certified Public Accountant in the
State of Georgia.
Rick Wescott, Senior Vice President of Worldwide Sales and Marketing, brings over 20 years of
technology sales and management experience to Endgame Systems. Before joining Endgame
Systems, Rick served as Vice President & General Manager of Federal Operations for ArcSight
(acquired by HP for $1.5 billion in late 2010), which he joined pre-revenue in 2002 and was
instrumental in identifying and closing key foundational sales. Rick helped to manage and grow
the company's revenues to $170 million and saw the company through its Initial Public Offering
(IPO) in 2008 and $1.5 billion acquisition by HP in 2010. Prior to his tenure with ArcSight, Rick
lead sales efforts at several leading industry firms including VeriSign, Entrust, Sybase and IBM.
David Gerulski, Vice President, Commercial Sales & Marketing at Endgame Systems
Board Members and Advisors
Thomas Noonan- Chairman
Tom Noonan is the former chairman, president and chief executive officer of Internet Security
Systems , Inc. , which was recently acquired by IBM for $1.3B, at which time Noonan became
GM of IBM Internet Security Systems. Noonan is responsible for the strategic direction, growth
and integration of ISS products, services and research into IBM's overall security offering. Tom
Noonan and Chris Klaus launched ISS in 1994 to commercialize and develop a premier network
security management company. Under Noonan's leadership, ISS revenue soared from startup in
1994 to nearly $300 million dollars in its first decade. The company has grown to more than
1,200 employees today, with operations in more than 26 countries
http://cryptome.org/0003/hbg/HBG-EndGames.zip (got the this^^ from the PDF in the zip)
Senior Software Engineer
Matt CulbrethCame from... Yield Idea, President
Pete HrabaCame from...
ArcSight, Account Manager
Zodie SpainCame from...
Helios Partners, Executive Assistant/Office Manager
• Kleiner Perkins Caufield & Byers LLC
• Bessemer Ventures
• Columbia Capital
817 West Peachtree Street
Atlanta, GA 30308
451 Group Report on Endgame & ipTrust
November 3, 2010
You can take a person out of X-Force, but you can't take X-Force out of the person. A group of
former ISS X-Force veterans at Endgame Systems has been very busy doing security research of
consequence for the federal space since 2008. Via a new division called ipTrust, it plans to take
some of its botnet and IP reputation capabilities to drive value into the commercial space. Similar
to Umbra Data, ipTrust is delivering this value with a 'zero touch' modality – requiring no on-
premises or capex appliance. However, rather than licensing an intelligence feed like Umbra
Data, ipTrust has opted to share its research via an API, which may make it more accessible for
new use cases. As we were writing up this report, news broke that parent company Endgame
Systems closed a series A round of $29m. With no appliances or heavy back-end capex
requirements, this stands out as an oddly large round, and has, therefore, piqued our curiosity.
As we recently noted with Umbra Data, there is high concern over botnets, but the demand for
solutions is greater than the appetites for buying a dedicated appliance to augment the blind spots
in traditional AV and other legacy tools. Well beyond script kiddies, attacks like Stuxnet, Zeus,
BredoLab and Vecebot have people concerned – and those are all publically known ones.
Adaptive persistent adversaries employ a number of techniques to avoid detection by mainstream
adopted countermeasures. Several CISOs have told us they want the capabilities of anti-botnet
and command-and-control identification to be delivered via their existing security investments or
in other opex-consumption models. Perhaps both Umbra Data and ipTrust are hearing the same.
By delivering intelligence via an API, ipTrust may find itself called out to by all sorts of Web
applications to inform how trustworthy an endpoint is and adjust the interactions accordingly.
We see this as an interesting delivery model, and are encouraged by the embrace of modern
Web-scale technologies. Given that, the large series A funding is a bit odd. We will have to
watch carefully how that is leveraged – with our first thought being: Which acquisition target
would fit within that budget?
IpTrust is a new division of Atlanta-based Endgame Systems. While the 32-person Endgame
Systems was more focused on federal and cyber security clientele, ipTrust aims to leverage its
experience, research and platforms for commercial consumption. Endgame Systems was founded
in 2008 by several Internet Security Systems (ISS) X-Force Alumni with the research chops to
tackle emerging threats. Cofounders include former ISS CTO Christopher Rouland as CEO,
Daniel Ingevaldson as COO, Raymond Gazaway as SVP, and David Miles as VP of engineering.
Former ISS CEO Tom Noonan serves as chairman. Coinciding with the reveal of ipTrust,
Endgame Systems just closed a series A round for $29m, involving Bessemer Venture Partners,
Columbia Capital, Kleiner Perkins Caufield & Byers, and Noonan's own TechOperators. The
round adds two new board seats for Bessemer Venture's David Cowan and Columbia Capital's
IpTrust is a new commercial division of Endgame Systems; it leverages a lot of the back-end
technology and methods that have fueled Endgame's federal offerings since 2008. The enabling
technology has three basic pieces: a collection method for identifying botnet-compromised end
nodes, a scoring system to generate a confidence rating for the implicated IP address and the
exposition of the results of the analysis to clients via an API.
Since the bulk of botnets use DNS to find their command and control servers, ipTrust's primary
collection method for identifying compromised systems is to preregister or work with registrars
to create sinkholes to redirect network traffic. From the vantage point of its many sinkholes,
ipTrust can find new infected systems 'phoning home' for the first time or other reasons. The
sinkholes tracked by ipTrust are a combination of its own and those from third parties. It is
important to note that not all botnets communicate through DNS command and controls. Some
use peer-to-peer, some use covert channels and some have one or more alternative command-
and-control channels in case some are blocked or detected. We fear that this sinkhole method
may miss existing infected systems that phoned home initially, but are participating on more
dynamically assigned servers. While this is true, ipTrust pointed out that many samples are pretty
chatty and do end up talking back to default phone-home targets in the current samples. Beyond
the sinkhole method of harvesting compromised IPs, ipTrust studies the malware and spam data
for clues, as well as employing honeypots and honeynets. Although attribution is nearly
impossible, ipTrust also captures Geolocation information as well as proxy and satellite link
details when available.
IpTrust claims its collection methods net massive amounts of data – so it needed modern, cloud-
based Web-scale technologies to analyze it all. Some of the vital stats it claimed included scoring
255 million IP addresses for risk. The company claims to have 75TB of stored security events –
adding more than 1TB of malicious events per week. To scale all of this data, it leverages (and
contributes to) Hypertable, an open source clone (GPLv2) implementation of Google's BigTable
leveraging the Hadoop Distributed File System (HDFS). Through high-performance map
reduction in the colocation hosted infrastructure, ipTrust is able to apply its reputation engine's
scoring algorithms in a continuous fashion. A floating-point integer confidence rating is assigned
per IP, along with myriad other data, such as domain, company, country code, and security
events involving known botnets and variants. Given the fleeting and transient nature of the
Internet, this confidence score continually degrades unless preservation is merited by the
analysis. As such, consumers of the IP reputation score can make graduated nonbinary decisions
on how to contextually handle trust associated with that IP.
Finally, the reputation confidence score can be exposed via an XML-RPC/REST-based API.
IpTrust touts a sub 100ms response time and more than 3,000 queries per second. Supported
output formats include XML, JSON and CSV. As an API, developers of applications could make
Web 'look-aside' calls to determine how risky a transaction may be with a specific endpoint and
either terminate or place limits on the interaction. For example, a questionable reputation may
lead a banking application to deny funds – or perhaps to cap the maximum transaction amount
via some predetermined policy.
IpTrust offers three levels of product: ipTrust Web, ipTrust Web Premium and ipTrust
Professional. IpTrust Web Premium is not yet released. IpTrust Web is free service, capped at up
to 1024 IP addresses for 24/7 monitoring. When available, ipTrust Web Premium will allow for
unlimited IPs and will tentatively be priced by IP per month, we're told.
IpTrust Professional allows full access to the reputation engine via the aforementioned API, with
bulk IP submission for current and historical scoring as well as the supported output formats. At
the moment, the API currently shares the compromised IP, but not the details about the
command-and-control channel. IpTrust claims it is planning to add more actionable information
in the future, such as port information and user-agent strings in HTML, which may assist other
security tools in spotting or stopping command and control. Pricing for ipTrust Professional has
plans starting at $1,000 per year – or less than $0.01 per query. IpTrust claims it is already
working with a hosting provider and a financial services firm – with betas getting underway in
healthcare, large enterprise, managed security services providers (MSSPs) and early stage
IpTrust plans to go to market with a mix of direct sales and a series of strategic partners. Primary
targets to consume its ipTrust intelligence include hosting providers, MSSPs, VARs, and specific
technology partnerships. The 451 Group has covered such power alliances, with Fidelis Security
Systems XPS leveraging Cyveillance intelligence feeds.
As an API, ipTrust may also be able to tap into systems integrators and application-development
communities. Within the context of a specific application, contextual risk decisions can be made
in the natural flow of the transaction. This may be of value to SaaS and PaaS players trying to
IpTrust may not be apples-to-apples competition with anyone; it will likely compete for limited
budget within a few pockets. Most users seeking anti-botnet capabilities are currently looking at
Atlanta-based Damballa or FireEye. FireEye uses virtualization to spot new unknown malware
with botnet participation. Umbra Data is fresh out of stealth, offering an XML intelligence feed
alternative to appliance purchases. Service providers, MSSPs, and security OEMs may choose
more than one intelligence feed or API.
Traditional antivirus players continue to leverage their incumbency (and sometimes stall with it),
so people may simply deal with Symantec, McAfee (soon to be a division of Intel) Trend Micro,
Sophos, Kaspersky Lab and others. Commtouch touts being well plugged-in to the internet
backbones to give its Web and mail security offerings visibility into botnets and compromised
systems. Most Web and mail security gateways, like Cisco (both ScanSafe and IronPort), M86
Security, Websense, Blue Coat Systems, Barracuda Networks (and Purewire), Zscaler's hosted
Web proxy, etc., leverage one or more reputation and open source intelligence feeds to operate.
This fact make them both more likely to take limited wallet share, but also more likely to benefit
from ipTrust's APIs. The same could be true for enriching the value of other security appliances
and products. The classic example we shared was with data loss prevention. We see sensitive
content leaving the network – should we block it? Imagine now adding knowledge about whether
the source or destination is a known compromised system.
The former ISS/X-Force heavy hitters are no strangers to advanced threats, and have been
cutting their teeth with federal clients since 2008. It is also aggressively embracing disruptive,
cloud-scale IT innovations – while many others have been resistant.
While there is value in anti-botnet and IP reputation, the spending climate is unfriendly to
noncheckbox-compliance products and services. We're also surprised by the size of the recent
series A round without a stated use for it.
In addition to ipTrust's stated strategy, we believe the API could find ESIM uptake. It would take
effort, but it could gain traction with SIs, and SaaS and PaaS players.
The market may perceive that it is already receiving similar capabilities from incumbents.
Customers may also simply resist adding new vendor relationships to manage.
EndGame Systems currently has a variety of IPs at their disposal. Currently identified networks
are: 188.8.131.52 - 184.108.40.206 and 220.127.116.11 - 18.104.22.168. One set are servers
with COLOCUBE(direct IP allocation to EndGame), and the other is on IPs allocated to "Tulip
Systems". Interestingly, both Tulip Systems and Endgame Systems are located in Atlanta
Georgia. They're actually located 1.8 miles apart from eachother
Whois For 22.214.171.124 - 126.96.36.199:
OrgName: TULIP SYSTEMS, INC.
Address: 55 Marietta Street
Address: Suite 1740
Additional Information From rwhois://rwhois.tshost.com:4321
network:IP-Network-Block:188.8.131.52 - 184.108.40.206
network:Street-Address:75 5th Street NW Suite 208
Whois For 220.127.116.11 - 18.104.22.168:
NetRange: 22.214.171.124 - 126.96.36.199
CustName: Endgame Systems
Address: 817 West Peachtree Street NW
Address: Suite 770
CIA-linked startup touts all-seeing eye for net spooks - 18.2.2010
Endgame Systems Raises $29M, Debuts Web-Based Malware Detection Service - 28.10.2010
Endgame Systems Capabilities Briefing Jan. 2009
From Project PM
Jump to: navigation, search
Founded and headquartered in San Diego, CA since 1951, Cubic is the parent company of three
major business segments. Cubic's businesses are primarily engaged in the design, development,
manufacture, integration, and sustainment of high technology systems, products, and services for
government and commercial customers. With fiscal year 2011 sales of $1.285 billion, Cubic
employs nearly 7,800 people worldwide. Cubic is a global leader in defense, and transportation
systems and services, and is an emerging supplier of smart card and RFID solutions. Operating
Mission Support Services -an industry leader in providing comprehensive support services for
all echelons of national militaries and security forces in the U.S. and allied nations.
Cubic Defense Applications -the leading provider of live air and ground combat training
systems worldwide, a key supplier of virtual and immersive training systems, communications
and electronics products, and an emerging provider of cyber technologies and global tracking
solutions for commercial and national military customers.
Cubic Transportation Systems -the leading provider of revenue collection management
systems and services worldwide. Cubic has provided products, systems and services in nearly 60
nations. Cubic Transportation Systems' employees work from more than 130 locations in
approximately 20 nations.
In December of 2010, Cubic acquired the Abraxas Corporation for $124 million in cash.
The purchase did not include the software products TrapWire or Ntrepid. These products
were spun off in 2007 as part of the Abraxas Applications Corporation under former CEO
and President Richard Helms.
On August 13, 2012 the New York Times outlined how TrapWire was infringing on public
security. WikiLeaks Stirs Global Fears on Antiterrorist Software”
This was followed by a story on a Wired Magazine blog: Trapwire: It’s Not the Surveillance, It’s
On August 14, 2012 the The Sydney Morning Herald and The Age ran the following retraction:
Monday's story ‘‘Surveillance system linked to transport, defence contractor’’, and the online
story ‘‘Revealed: TrapWire spy cams’ ticket to Australia’’, incorrectly said the TrapWire
surveillance system was owned by Cubic Corporation.
Cubic Corporation is a US Military/Defence contractor, with subsidiaries including Cubic
Defense Applications Inc, and Cubic Cyber Solutions, Inc. As revealed in tax filings from 2010,
Cubic also wholly owns cyber security firms Abraxas and Ntrepid. The latter provides Persona
Management services to the U.S. and unspecified "multinational forces" in conjunction with
CENTCOM information operations program Operation Earnest Voice, as provided for in a 2010
• 1 Intro
• 2 Profile
• 3 Ntrepid
o 3.1 Background
o 3.2 Location, Directors, Funding
• 4 Abraxas/Anonymizer
o 4.1 Persona Management Involvement
o 4.2 Executives
• 5 Abraxas/TrapWire
• 6 Cubic Background
• 7 Company Details & Personal Dox
• 8 Safe Harbor Acquisition
• 9 Board of Directors
• 10 Corporate Addresses
o 10.1 REGIONAL OFFICES
• 11 Further Research Needed
• 12 Links
This Tech Herald article discusses the managerial revolving door between Cubic, Abraxas, and
In 2010, Abraxas was purchased by another intelligence contractor, Cubic for the tidy sum of
$124 million in cash. Some of the top talent at Anonymizer, who later went to Abraxas, left the
Cubic umbrella to start another intelligence firm. They are now listed as organizational leaders
for Ntrepid, the ultimate winner of the $2.7 million dollar government contract. Ntrepid,
“provides national security and law enforcement customers with software, hardware, and
managed services for cyber operations, analytics, linguistics, and tagging & tracking,” a
company profile explains. Ntrepid’s corporate registry lists Abraxas’ previous CEO and
founder, Richard Helms, as the director and officer, along with Wesley Husted, the former CFO,
who is an Ntrepid officer as well. The shifting company names and management has led to some
speculation that this is a front company for Abraxas, but there is no proof of those claims.
During the 2010 election cycle Cubic officers donated some $90,000 to Republican candidates,
including $25,000 to the National Republican Congressional Committee and some $30,000 to the
National Republican Senatorial Committee. The RFI for the Air Force disclosed by Anonymous
Ragan reports, "was written for Anonymizer, a company acquired in 2008 by intelligence
contractor Abraxas Corporation. The reasoning is that they had existing persona management
software and abilities."In turn, Abraxas was purchased by Cubic in 2010 for $124 million, an
acquisition which Washington Technology described as one of the "best intelligence-related"
deals of the year.
With some $1 billion in 2009 revenue largely derived from the Defense Department, the
company's "Cyber Solutions" division "provides specialized cyber security products and
solutions for defense, intelligence and homeland security customers."
Amongst the Security Services offered by the firm we learn that "Cubic subsidiaries are working
individually and in concert to develop a wide range of security solutions" that include: "C4ISR
data links for homeland security intelligence, surveillance and reconnaissance missions;" a Cubic
Virtual Analysis Center which promises to deliver "superior situational awareness to decision
makers in government, industry and nonprofit organizations," human behavior pattern analysis,
and other areas lusted after by securocrats.
This picture may give some idea of the relationships between Cubic Corp, other companies, and
Cubic Corporation is the parent company of three major business segments: Defense Systems,
Mission Support Services and Transportation Systems. Cubic Defense Systems is a leading
provider of realistic combat training systems, cyber technologies, asset tracking solutions, and
defense electronics. Mission Support Services is a leading provider of training, operations,
maintenance, technical and other support services. Cubic Transportation Systems is the world’s
leading provider of automated fare collection systems and services for public transit authorities.
Ntrepid is a Los Angeles-incorporated, Virginia-headquartered subsidiary of Cubic
Corporation and supplier to the USAF of Persona Management software which was procured
for CENTCOM, which in turn provided it for use by unspecified parties. Ntrepid was first
incorporated in California on 25th October 2010, four months after the solicitation for Persona
Management software was issued by CENTCOM. It may be assumed that Ntrepid was formed in
order to provide surveillance, persona management, and attribution capabilities to the US
Military; technology originating from Abraxas and Cubic.
Ntrepid had previously acquired personnel from several other firms which were themselves
undergoing rapid consolidation. As noted by Steve Ragan of Tech Herald:
Internal communications from Aaron Barr say that the RFI for the persona software was written
for Anonymizer, a company acquired in 2008 by intelligence contractor Abraxas Corporation.
The reasoning is that they had existing persona management software and abilities. In 2010,
Abraxas was purchased by another intelligence contractor, Cubic Corporation for the tidy sum
of $124 million in cash. Some of the top talent at Anonymizer, who later went to Abraxas, left the
Cubic umbrella to start another intelligence firm. They are now listed as organizational leaders
for Ntrepid, the ultimate winner of the $2.7 million dollar government contract.
The United States Central Command awarded a $2.76 contract to this new company to produce
persona management software in pursuance of CENTCOM's Operation Earnest Voice program.
The contract is for the creation software allowing "fake online personas to influence net
conversations and spread US propaganda." The technology is supposedly for use on non-US
forums and social media outlets, thus circumventing US laws against impersonation.
On June 22, 2010, CENTCOM issued an official solicitation for software companies to bid for a
contract creating a 'persona management service'. According to articles in The Guardian and
elsewhere, one contract winner was Ntrepid:
While data security firm HBGary Federal was among the contract's bidders listed on a
government website, the job was ultimately awarded to a firm that did not appear on the
FedBizOpps.gov page of interested vendors. HBGary, which conspired with Bank of America
and the Chamber of Commerce to attack WikiLeaks, spy on progressive writers and use malware
against progressive organizations, was also revealed to have constructed software eerily similar
to what the Air Force sought. This contract was awarded to a firm called Ntrepid. n addition to
the classified activities this software supports, USCENTCOM, like most military commands,
does use social media to inform the public of our activities. I should emphasize that such uses do
not employ the kind of technology that was the subject of this contract solicitation. Ntrepid
Corporation, registered out of Los Angeles, bills itself as a privacy and identity protection firm
in some job postings, and a national security contractor in others, but its official website was
amazingly just one page deep and free of even a single word of description.
(Full article )
During the merger between Cubic Corporation and Abraxas Corporation certain assets owned by
Abraxas were conveyed by to Ntrepid. Including but not limited to their office at 12801
Worldgate Drive, Suite 800, Herndon, Virginia 20170 and 6733 Curran Street, Suites 300 and
310, McLean, Virginia 22102.
Location, Directors, Funding
12801 Worldgate Drive
Herndon, VA 20170
CT Corporation System
2394 E. Camelback Road
PHOENIX, AZ 85016
CT Corporation System
1200 South Pine Island Road
Plantation, FL 33324
References: Details of Incorporation, Articles of Incorporation (Signed by Margaret A Lee)
Richard H. Helms (director and officer)
Wesley R. Husted (officer)
Margaret A. Lee (officer)
Source, LinkedIn Page
Of particular note is Ntrepid's CTO/Chief Scientist Lance Cottrell, who is simultaneously CTO
of Anonymiser and an adviser at Taia Global, Inc. (20.6.2011) He was previously CTO/Chief
Scientist at Abraxas Corporation after founding the privacy firm Anonymizer, Inc. in 1995. He
runs The Privacy Blog.
Some info on Dan Crum:
VP: Charlie Englehart
Executive Vice President for Product Engineering: Michael Martinka
Vice President, Research & Development: Teddy Lindsey
Sr. Systems Engineer: Dennis Rich
Abraxas is an intelligence contractor that has been revealed to be a significant player in Persona
Management. The firm was founded by Richard Hollis Helms (not to be confused with former
CIA director McGarrah). Abraxas opened its Chinese branch in 2004. Abraxas acquired
Anomymizer in May of 2008, naming Lance Cottrell, founder and CTO of Anonymizer, as
Chief Scientist for the firm. The financial details of the acquisition were not disclosed. Allied
Capital invested $52mil in Anonymizer shortly thereafter. Anonymizer was known for being one
of the first corporate application offerings to promote secure and anonymous web browsing.
Abraxas headquarters is based in Annapolis Junction, MD.
Abraxas Corporation should not be confused with Abraxas Engineering, though the two are
related. Richard Helms also served as CEO of California-based Edge Intelligence, acquired by
Abraxas on October 9, 2008.
Abraxas at NameBase.
Persona Management Involvement
As noted by Steve Ragan of The Tech Herald in reference to a 2010 federal contract seeking bids
on persona management software:
Internal communications from Aaron Barr say that the RFI [request for information by federal
contracting officers] for the persona software was written for Anonymizer, a company acquired
in 2008 by intelligence contractor Abraxas Corporation. The reasoning is that they had existing
persona management software and abilities. In 2010, Abraxas was purchased by another
intelligence contractor, Cubic Corporation for the tidy sum of $124 million in cash. Some of the
top talent at Anonymizer, who later went to Abraxas, left the Cubic umbrella to start another
intelligence firm. They are now listed as organizational leaders for Ntrepid, the ultimate winner
of the $2.7 million dollar government contract.
Upon Anonymizer's purchase by Abraxas, the following press release was made available:
Thursday, May 01, 2008
Herndon, Va., Richard Helms, CEO and Founder of Abraxas Corporation announced today the
acquisition of San Diego-based Anonymizer, Inc.
In making the announcement, Mr. Helms noted that, "We are very pleased and excited about
bringing the very talented Anonymizer team on board. Their products and services in trusted
anonymity are second to none and perfectly complement our existing risk mitigation technology
offerings. Anonymizer has developed a complete portfolio of capabilities focused in protecting
online identities and privacy. They were the first to bring such a service to market, and, after 12
years of perfecting it, have become the undisputed market and technology leader. Since its
inception, Anonymizer has protected millions of global Internet users.
Helms further stated, "I am also pleased to announce that Lance Cottrell, the Founder and Chief
Technology Officer of Anonymizer, will become our Chief Scientist and continue to pursue his
advocacy of privacy for people around the world. Bill Unrue, Anonymizer's CEO, will assume
the position of President of Anonymizer which will operate as a wholly owned subsidiary of
Abraxas Corporation. Bill will continue to pursue Anonymizer's goals to provide proprietary
technologies and complementary capabilities that offer unique, multi-layered identity protection
that enhances the traditional network perimeter defenses of consumers, corporations and
• Rodney Smith - President
• Charles Englehart - VP Abraxas Global Analytics
• Katherine M. Green - VP
• Lance Cottrell - Chief Scientist
• Basil Trikas - VP Technical Services
• David Gokey - EVP Technical Services
• Michael Martinka - EVP Software Services
• David Routenberg - Dir Technology Development
• John Weiland - Dir Abraxas Engineering
• Matthew Broderick - VP Defense/Homeland Security
• Brad Juneau - COO
• John Etgen - Dir Maryland Operations
• Wesley Husted - CFO
• Teddy Lindsey - VP R/D
In August, 2012, in response to Wikileaks release of Strator emails relating to Trapwire, the
Cubic Corporation put out the following media release through PRWeb:
Cubic Corporation Has No Affiliation with Trapwire, Inc.
Erroneous reports link Cubic Corporation to Trapwire, Inc.
Cubic Corporation (NYSE: CUB) acquired Abraxas Corporation on December 20, 2010.
Abraxas Corporation then and now has no affiliation with Abraxas Applications now known as
Erroneous reports have linked the company with Trapwire, Inc. Trapwire, Inc. is a risk
mitigation technology and services company that builds and markets software products to
prevent terrorist threats and criminal attacks.
Cubic Corporation is the parent company of three major business segments: defense systems,
mission support services, and transportation. Cubic Defense Applications, a leading supplier of
combat training systems, communications, cyber technologies, and global tracking solutions.
Cubic Mission Support Services is a leading provider of training, operations, maintenance, and
technical support services. Cubic Transportation Systems is the world’s leading provider of
automated fare collection systems and services for public transit authorities. For more
information about Cubic, see the company’s Web site at http://www.cubic.com.
The following general background is from the wiki over at SourceWatch.org 
• In July of 2004, they were granted a $6.5 million subcontract from General
Dynamics Amphibious Systems to develop and produce a Driver Simulator
and a Turret Simulator for the Marine Corps new Expeditionary Fighting
Vehicle (EFV). This tracked, amphibious, armored vehicle can transport a
loaded squad across the water at up to 25 knots and across land with the
agility of an M1 tank. These simulators are used to train and familiarize the
drivers and gunners with the EFVs. 
• In October of 2004, they were awarded a $6 million contract from
Raytheon/Lockheed Martin Javelin Joint Venture to produce tactical trainers
for RLM's shoulder launched, "fire-and-forget" anti-tank missile. The Javelin
Field Tactical Trainers contract is the latest of four to provide training
equipment for this weapon. 
• They are one of 22 companies working with General Dynamics under a
contract from the US Joint Forces Command's Joint Experimentation Program
(JEXP) that has a potential value of $478.6 million. As of 2004, Cubic has been
in "the Tidewater area of Virginia" for a decade since it helped establish the
Joint War-fighting Center at Fort Monroe, Va. Currently they have 160
employees there. Says Richard Bristow, vice president and GM of Cubic's
Operation Support Division, "War-fighting experiments conducted by JXEP
and the Joint Futures lab are an important part of transformation, a process
that helps our country identify new skills and technologies needed in this new
era of asymmetric warfare." 
• In November of 2004, Cubic was awarded a contract by the US Army's
National Simulation Center at Fort Leavenworth, Kansas, that has a ceiling of
$95 million. 
• In September, 2004, Cubic received a contract from the Defense Threat
Reduction Agency to coordinate training exercises for military and civilian
organizations to respond to chemical, biological, nuclear and high-explosives
attacks. This will enable DTRA to "improve US response capabilities and
evaluate national, federal, state and local policies for responding." The
contract is for five years, with one five-year option, an additional one year
option and a $43 million ceiling.
• The Avionics Advanced Development division of Cubic has redesigned their
AN/ARS-6 Personnel Locater Systems and which have been used in every
global military operation since 1987. The devices are the standard search and
rescue system for US and NATO forces.  They have also entered into a
partnership with Digital Angel Corporation's subsidiary, Signature Industries,
to integrate Signature's beacon with Cubic's PLS. 
• They are building the Surveillance Target Attack Radar System (STARS) which
is an air/ ground data link system for the US military. 
The clientèle of Cubic Corp. is multi-national. In November 2010 Cubuc Defense Applications
has been awarded a follow-on contract worth more than $30 million for support work at two
British Army training areas in Canada and England .
The three-year contract, signed in late September, is for maintenance and operation of Area
Weapons Effects Simulator (AWES) systems at the British Army Training Unit Suffield
(BATUS), in the Canadian province of Alberta, and at the Defence Training Estate Salisbury
Plain (DTE SP), in the county of Wiltshire in southern England. About 30 Cubic employees
work in support roles at each location.
And in February 2011 Cubic Defense Applications has received a $40 million contract for the
expansion and modernization of the instrumentation for the British Army’s Salisbury Plain
ground combat training range. The contract was awarded to Cubic as part of an urgent
operational requirement to enhance troop readiness and predeployment training to support
ongoing operations in Afghanistan .
“The British Army is one of our largest long-term and most important customers,” said Bradley
H. Feldmann, President of Cubic Defense Applications. “We are fully committed to deliver these
new capabilities on an accelerated basis to satisfy this urgent requirement.”
Company Details & Personal Dox
Subsidiary Companies (officially listed)
F CORP-ID CORPORATION NAME STATUS/DATE
1: F117853-4 CUBIC APPLICATIONS, INC. ACTIVE 06/02/94
2: F111138-6 CUBIC AUTOMATIC REVENUE COLLECTION GROUP (FOR USE FICTITIOUS IN
VA: CUBIC AUTOMATIC REVENUE COLLECTION GROUP, I 06/30/92)
3: F111138-6 CUBIC AUTOMATIC REVENUE COLLECTION GROUP, INC. OLD NAME (USED IN
VA. BY: CUBIC AUTOMATIC REVENUE COLLECTION 02/23/98
4: F182922-7 CUBIC CYBER SOLUTIONS, INC. ACTIVE 06/24/10
5: F152313-5 CUBIC DEFENSE APPLICATIONS, INC. ACTIVE 11/17/03
6: F152313-5 CUBIC DEFENSE SYSTEMS, INC. OLD NAME 02/21/07
7: F121258-0 CUBIC FIELD SERVICES, INC. OLD NAME 01/27/97
Entity Name:CUBIC CORPORATION
Entity Address:9333 BALBOA AVE
Entity City, State, Zip:SAN DIEGO CA 92123
Agent for Service of Process:C T CORPORATION SYSTEM
Agent Address:818 W SEVENTH ST
Agent City, State, Zip:LOS ANGELES CA 90017
Subsidiary Details:Cubic Cyber Solutions, Inc
(Source for incorporation details: Virginia SCC Website, California Sec. of State
Safe Harbor Acquisition
In 2010 Cubic acquired Safe Harbor Holdings a cyber security and information assurance
company, and formed a new subsidiary called Cubic Cyber Solutions, which provides
specialized security and networking infrastructure, system certification and accreditation, and
enterprise-level network architecture and engineering services. Source
Safe Harbor’s solutions and customer relationships form the nucleus of Cubic’s cyber delivery
capability. Some companies among their clients are: VSE Inc., In-Q-Tel, Fairfax international,
PSA limited and "A Major Financial Services and Banking Company." Safe Harbor has
approximately 30 cybersecurity engineers and professionals in Northern Virginia serving
specialized intelligence and defense clients.
Current and former Safe Harbor Employees:
• Jeff Cherry, CEO
• Fred Chamblin, President and COO
• Ken Bratchie, Senior Vice President
• Keith Filzen, Directory of Technology
• Janet Platt, Organizational Development and Change Management Specialist
• Curt Kohlheyer, Senior Security Consultant and HIPAA Compliance Specialist
• Chris Hlatky, Information Systems Security Engineer
• Jonathon Murray, Information Systems Security Engineer
• Vincent Wallace, Systems Engineer
OFFICERS/DIRECTORS DISPLAY FOR AR# L T NAME TITLE SIGN
B BRADLEY H FELDMANN PRESIDENT
B WILLIAM L HOESE VP,SEC
O JOHN D THOMAS VICE PRESIDENT
O GREGORY L TANNER TREA
D THOMAS A ECHOLS DIRECTOR
Corporate Headquarters:1950 Old Gallows Road
Vienna, VA 22182
Links: Bios, Acquisition
Personal Details, (Cubic Cyber Solutions Inc)Bradley Feldman, President
Address: 1410 Esplanade Ct, Apt 344
Reston, VA 20194
Gregory L Tanner, Secretary, Treasurer
Address: 704 Ashton St
Location: Ravenswood, WV 26164
Thomas A Echols VP, Controller
Address: 1233 N Courthouse Rd
Phone: (757) 543-3885
Location: Arlington, VA 22201
Keith Filzen, CTO
Phone:  821-1518
Cubic Defense Applications, Inc.
B JOHN D THOMAS VP/DIR
O THOMAS A ECHOLS SR VP/CONT
B WILLIAM L HOESE SECRETARY
O RICHARD P CASTIGLIA GENERAL COUNSEL
D WILLIAM W BOYLE DIRECTOR
Bradley H. Feldmann, President, age:49
Ray Barker Executive, Vice President
Joseph Kellogg Jr., Senior Vice President of Ground Combat Programs, age:62
Grant Palmer, Vice President of Communications Systems
David Eadie, U.K. Regional Director For Defense Systems
Phone: (858) 277-6780
Fax: (858) 505-1523
Personal Details, (Cubic Defense Applications, Inc.)Richard Castiglia General Counsel
Address: 300 Yoakum Pkwy, Apt 614, Alexandria, VA 22304
Phone: (757) 870-8511
Board of Directors
Board of Cubic Corporation:
Walter J. Zable: Chairman
Walter C. Zable: Vice- Chairman
Robert D. Weaver: Director
Robert S. Sullivan: Director
Richard Atkinson: Director
Raymond E. Peet: Director
Robert T. Monagan: Director
Raymond L. DeKozan: Director
Gerald R. Dinkel: Vice-President
Mark A. Harrison: Vice-President
Daniel A. Jacobsen: Vice-President
Kenneth Kopf: Vice-President
Bernard A. Kulchin: Vice-President
John A. Minteer: Vice-President
John D. Thomas: Vice-President
Richard A. Johnson: Corporate Executive
William L. Hoese: Secretary
William W. Boyle: Chief Financial Officer
Training Systems Business UnitAir Combat Training SystemsGround Combat Training
Systems Tactical Engagement Simulation Systems 9333 Balboa Avenue San Diego, CA 92123
858-277-6780 858-505-1518 Fax
Simulation Systems Division2001 W. Oak Ridge Road Orlando, Fla. 32809-3803 Telephone:
407-859-7410 Fax.: 407-855-4840 E-mail: email@example.com
Oscmar International Ltd.(HEADQUARTERS) PO Box 6008 Wellesley Street Mt. Eden,
Auckland, New Zealand 011-649-373-9765 011-649-373-9799 Fax
Oscmar Singapore Office51 Goldhill Plaza #07-05 Singapore 308900 011-656-258-9877 011
Mission Support Business UnitHeadquarters 4550 Third Ave., S.E. Suite B Lacey, WA 98503
360-493-6275 360-493-6195 Fax
Operational Support Division22 Enterprise Parkway, Suite 150 Hampton, VA 23666 757-722-
0717 757-722-2585 Fax
Information Operations4055 Hancock St., Suite 115 San Diego, CA 92110 619-523-0848 619-
Threat Technologies5695 King Center Drive Building H, Third Floor Alexandria, VA 22315
703-924-3050 703-924-3070 Fax
Training & Education Division426 Delaware St., Suite C-3 Leavenworth, KS 66048 913-651-
9782 913-651-5437 Fax
Worldwide Technical Services Division4285 Ponderosa Avenue San Diego, CA 92123 858-
505-2514 858-505-1543/1533 Fax
Analysis & Learning Technologies Division1901 N. Beauregard St., Suite 100 Alexandria, VA
22311 703-578-6885 703-578-0060 Fax
Communications & Electronic Systems Division9333 Balboa Avenue San Diego, CA 92123
858-505-2042 858-505-1593 Fax
WASHINGTON, D.C.Crystal Gateway One, Suite 1102 1235 Jefferson Davis Hwy. Arlington,
VA 22202 703-415-1600 703-415-1608 Fax
ORLANDO, FL12000 Research Parkway Suite 408 Orlando, FL 32826 407-273-5500 407-275-
SHALIMAR, FL60 Second St., Suite 105 Shalimar, FL 32579 850-609-1600 850-609-0100 Fax
LONDONDerwent House Kendal Avenue Park Royal London W3 OXA UK 011-44-208-896-
6402 011-44-208-992-8072 Fax
Further Research Needed
Cubic is a sprawling and secretive organisation. There are many more subsidiaries (e.g Navsat
Corp, Cubic Global Tracking, Cubic Simulations). More details are needed on the directors and
officers, and also the business dealings of the various arms of Cubic, most importantly Cubic
Cyber Solutions, and Cubic Defense Applications. Again for people to investigate, check out
Details of Cubic/Abraxas merger which transferred assets to Ntrepid
From Project PM
Jump to: navigation, search
This is interesting stuff. Apparently Stratfor are a bunch of true latunics, armchair mercenary
nutters. Think Frederick Forsyth on speed.Though I also get the impression that the scandals of
the past have made it impossible for these jokers to get real entry into the Western power
structure like, say, the Rand corporation used to have.Ha; so Daniel Ellsberg gets the ball rolling
on exposing the original intelligence contractors, and by the time Assange rolls around he
essentially has something less than the Pentagon Papers to work with, thanks to Ellsberg's
original efforts (not to mention that of the Iran Contra investigators, I suppose).
From Project PM
Jump to: navigation, search
In-Q-Tel is a CIA-linked venture capital firm that often funds companies viewed as having the
potential to develop capabilities of use to the intelligence community, such as Palantir. Some
employees, such as CISO Daniel Geer Jr., have been vocal in their concerns about the dangers
that may arise from the intelligence contracting industry.
While In-Q-Tel is nominally a private, Virginia-registered corporation and is legally independent
of the CIA and thus exempt from any regulations which may bind such intelligence
organizations, the corporation is legally bound to the service of the CIA by both its Charter
agreement and its annual contract with the CIA. The CIA steers In-Q-Tel by way of the In-Q-Tel
Interface Center (QIC), an office within the CIA.
• 1 History
• 2 Company
o 2.1 Current Portfolio
2.1.1 Physical and Biotech
2.1.2 IT & Communications
o 2.2 Board of Trustees
o 2.3 Staff
2.3.1 Board Members
2.3.2 Board of Trustees Alumni
• 3 Links
In-Q-Tel was formed by the CIA in 1999 with $300 million in federal funds for about 90
companies. Spy-in-the-sky Keyhole, Inc., partially funded by In-Q-Tel, was acquired by Google
in 2004. Today Google shares satellites with other contractors and takes pictures of your house.
Their software is the standard for geospatial intelligence, and they provide search software to
federal agencies. That's just one tiny example. Former NSA and CIA directors, such as Kenneth
Minihan, Bobby Ray Inman, Mike McConnell, James Woolsey, John Deutch, and George Tenet,
have been on the boards of intelligence contractors. Those are just the top guys -- if you reach
down into the bureaucracy, the list gets much longer. The war on terrorism increased federal
spending on national security programs, and made such close collaboration seem urgent and
necessary. - "Spies for Hire"
“In-Q-Tel is focused on new and emerging commercial technologies that have the potential to
give the CIA and broader U.S. Intelligence Community (IC) mission-advantage today and in the
future”, according to the brief description at their website. - Intel Quotient – An Analysis of In-
There are three diverse practice areas that are the focus of what In-Q-Tel describes as:
“Working closely with our customers, we use these evolving macro architectures to guide our
technology program engagements, and to target capabilities that are leading, disruptive, and
fundamental to our customers’ mission needs. “.
• Physical and Biological Technologies
• Software and Infrastructure
Physical and Biotech
Advanced Photonix, Inc.
Contour Energy Systems
Digital Solid State Propulsion (DSSP)
Infinite Power Solutions
InView Technology Corporation
Nextreme Thermal Solutions
Seventh Sense Biosystems
IT & Communications
Signal Innovations Group (SIG)
Silver Tail Systems
Board of Trustees
List of companies/institutions at which trustees held executive-level positions, including that of
• Sun Microsystems
• Time Warner
• Federal Express
• ATT Wireless
• New Enterprise Associates
List of companies that In-Q-Tel has either aquired or invested in; most of them appear to be
related to either aquisition or development of some type of component required to fulfill
• 3VR Security inc
• Copan Systems
• Seahawk Biosystems
• Systems Research & Development
Michael M. Crow
Chairman of the Board of In-Q-Tel; President of Arizona State University
President and CEO of Barksdale Management Corporation
Career info: http://people.forbes.com/profile/james-l-barksdale/32117
Bio from http://www.societyofentrepreneurs.com/bio.asp?ID=1
Managing General Partner, New Enterprise Associates (NEA)
Charles G. Boyd
Former President and CEO of Business Executives for National Security (BENS)
Partner, Greylock Venture Capital
President and CEO of In-Q-Tel
David E. Jeremiah
Chairman of Wackenhut Services Inc. (WSI) Board of Directors
Anita K. Jones
Professor Emeritus of Computer Science at the University of Virginia
A.B. "Buzzy" Krongard
Former Executive Director of the Central Intelligence Agency
Vice Chairman and President of Kissinger Associates
Chair of the Department of Management Science and Engineering at Stanford University
Charles M. Vest
President Emeritus of Massachusetts Institute of Technology
Board of Trustees Alumni
Former Chairman and CEO, Lockheed Martin Corporation
Lee Ault, III
Former Chairman, President and CEO, Telecredit, Inc.
John Seely Brown
Former Director and Chief Scientist, Xerox Palo Alto Research Center
Senior Advisor at Crestview Partners
Chairman and CEO at Technovation, Inc.
Dr. Jeong Kim
President, Bell Labs at Alcatel-Lucent
Chief Executive Officer, President, Director and Member of Compensation Committee, Gemplus
John N. McMahon
Former Deputy Director, Central Intelligence Agency
Dr. William Perry
Former U.S. Deputy Secretary of Defense
In-Q-Tel @ Namebase
In-Q-Tel @Cryptome Archives
From Project PM
Jump to: navigation, search
Qorvis Communications is a public relations/lobbying firm based in Washington, DC which
specializes in representing high-profile overseas clients - including Saudi Arabia, Bahrain, and
Brunei. They are fond of editing Wikipedia to make their clients look better, as documented by
Business Insider and Project PM.
According to a media release on 9 Aug, 2000, Qorvis was:
'Formed through the merger of three well-known and highly regarded
companies: The Poretz Group, an investor relations firm serving technology
companies; The Weber/Merritt Company, a public affairs and grassroots firm;
and JAS Communications, a public relations and marketing communications
company. Main mover in the formation of Qorvis was Michael Petruzzello,
former CEO of Shandwick North America, who will be the new firm's
managing director. The company launches with approximately $14 million in
revenues and 22 employees. In addition, powerhouse law firm Patton Boggs
has established an exclusive strategic alliance with Qorvis and is the
company's lead investor.'
Much of the criticism and speculation directed at Qorvis involves its "Geo-Political Solutions"
division, which is believed to have targeted activists in Bahrain and elsewhere via dishonest use
of social media.
• 1 Bahrain
• 2 Attack on Maryam al-Khawaja
• 3 Yemen
• 4 Involvement With Saudi Government's 9/11
• 5 Equatorial Guinea
• 6 Contact Information
• 7 Major Players
• 8 Media Reports
• 9 Further Research
Qorvis acquired its Bahrain account from Bell Pottinger in July 2010, for whom it served as a
subcontractor until August 2011.  In its November 2011 FARA statement, the firm declared
having rendered the following services to the Kingdom:
• monitoring daily media coverage relevant to Bahrain;
• conducting press activities for government officials
• drafting/distributing fact sheets, op-ed pieces speeches and news articles by
e-mail in order to position Bahrain as a committed player in the war on terror,
an agent of peace in the Middle East and other unspecified issues "pertinent
to the Kingdom."
Service began approximately one month prior to a major crackdown on Shiite opposition figures
and domestic media outlets. The New York Times speculated that the clampdown was part of
the lead-up to the October 2010 parliamentary elections in which the Sunni establishment was
expected to lose power to representatives of the Shiite demographic majority.
Qorvis sparked criticism in March, 2011, after issuing a misleading press release on behalf of the
Bahraini government. After a draconian crackdown in which security forces in the Bahraini
capital violently dispersed unarmed demonstrators, interrupted telecommunications services and
reportedly hindered the treatment of injured civilians, Hilary Clinton issued a strong criticism of
the government's actions.Qorvis responded by issuing a press release that emphasized
Clinton's positive comments by presenting them out of context, while completely skirting her
PARIS, March 19, 2011 /PRNewswire-USNewswire/ -- U.S. Secretary of
State Hillary Rodham Clinton today emphasized the
commitment of the United States toward Bahrain and her hope for the
success of the National Dialogue in the island
kingdom. She also affirmed the "sovereign right" of Bahrain to invite
security forces from allied countries, and
stated that the U.S. shared the goals of the GCC regarding Bahrain.
Since the uprising in Bahrain began, Bahrain's Crown Prince has called
on all parties to engage in a dialogue to
reconcile differences. Secretary Clinton said the goal of the United
States is "a credible political process that can
address the legitimate aspirations of all the people of Bahrain."
Ambassador Houda Nonoo appreciated the Secretary's comments that
dialogue should unfold in a peaceful, positive
atmosphere that ensures that students can go to school, businesses can
operate and people can undertake their normal
daily activities. Said Ambassador Nonoo, "The government of Bahrain has
consistently maintained that differences
should be resolved peacefully around the negotiating table, but
unfortunately, the opposition has not responded to
this offer and instead has chosen to continue along the path of
violence and disruption of normal life in Bahrain. It
is my government's belief that wisdom will prevail among the opposition
and they will come to the negotiating table to
resolve all differences peacefully."
This has been issued by Qorvis Communications on behalf of the Embassy
of the Kingdom of Bahrain to the United States.
SOURCE Embassy of the Kingdom of Bahrain to the United States*
Aside from misleading press releases and an incident described below involving activist Maryam
al-Khawaja, the extent of Qorvis' role in the regime's managing of foreign perceptions may
perhaps best be summed up via two specific incidents:
1. A 2012 event in D.C. in which three pro-regime youth were portrayed as embodying "the
leading voice for change and reform" despite criticizing the more widespread opposition
movement, and despite the event having been overseen by Qorvis and promoted by staffer Adam
2. A 2012 Washington Post profile of Bahrain's ambassador to the U.S., Houda Nonoo, in which
Nonoo consented to the interview only under the condition that a Qorvis representative would be
in the room during its entirety.
• 'How Bahrain works Washington' from Salon (Dec 9, 2011)
• 'Meet Bahrain's Lobbyists' from The Hill (Dec 9, 2011)
 Attack on Maryam al-Khawaja
In May, 2011, Bahrani human rights activist Maryam al-Khawaja was invited to speak as part of
a panel discussion 'Dawn of a New Arab World' at the Oslo Freedom Forum. Writing in the
Huffington Post, Oslo Freedom Forum founder and CEO Thor Halvorssen notes that 'the
Bahraini government has been aided by a coterie of "reputation management" experts, including
professionals from the Washington, D.C., offices of Qorvis Communications and the Potomac
Square Group, in addition to Bell Pottinger out of their offices in London and Bahrain.' He goes
on to describe:
'Within minutes of Maryam's speech (streamed live online) the global
Bahraini PR machine went into dramatic overdrive. A tightly organized ring of
Twitter accounts began to unleash hundreds of tweets accusing Maryam of
being an extremist, a liar, and a servant of Iran. Simultaneously, the Oslo
Freedom Forum's email account was bombarded with messages, all crudely
made from a simple template, arguing that Maryam al-Khawaja is an enemy
of the Bahraini people and a "traitor." Most of the U.S.-based fake tweeting,
fake blogging (flogging), and online manipulation is carried out from inside
Qorvis Communication's "Geo-Political Solutions" division.
The effort is mechanical and centrally organized, and it goes beyond the
online world. In fact, right before Maryam was to give her speech, she noticed
two young women in the crowd who stalk her speeches and heckled her a
few days earlier at an event in the U.S.
More so than intimidation, violence, and disappearances, the most important
tool for dictatorships across the world is the discrediting of critics like
An earlier Huffington Post article on Qorvis, linked to by Halvorssen, states:
'One of the methods used by Qorvis and other firms is online reputation
management -- through its Geo-Political Solutions (GPS) division, the firm
uses '"black arts" by creating fake blogs and websites that link back to
positive content, "to make sure that no one online comes across the bad
stuff," says the former insider. Other techniques include the use of social
media, including Facebook, YouTube and Twitter.'
Attacks made on Maryam al-Khawaja through Twitter were numerous at that time and this, from
@ActivateBahrain, is representative: #OFF2011 Maryam Al Khawaja is presenting a falsified
presentation in #oslo about #Bahrain it is a package of lies and exaggerations.
Another, from @Dand00na86, and posted to the #Bahrain hashtag included two phone numbers
and the message Let Maryam Al-Khawaja know what you think of her lies by calling her direct!
Thor Halvorssen also writes that a second Bahrani blogger, Ali Abdulemam, had also been
invited to speak at the 2011 Forum:
'Ali was imprisoned by his government in September 2010 for "spreading
false information." After being released on February 23, he enthusiastically
accepted his speaking invitation and plans were made for his travel. And then
he disappeared. No one has seen or heard from him since March 18.'
The Geo-Political Solutions division of Qorvis is under the supervision of partner Matt J Lauer.
To date, Qorvis' work in Yemen has come about through their association with UK firm Bell
Pottinger which is reported to have held contracts with Yemen’s National Awareness Authority
and Ministry of Foreign Affairs.
On November 29, 2010, Qorvis' lodged a statement with the US Department of Justice's register
of lobbyists which outlined its role as a subcontractor to Bell Pottinger on a 'one off basis'.
The work required Qorvis 'to place an opinion article by a Yemeni official in a news outlet'.
A second statement was lodged on August 4, 2011. Qorvis was to be 'subcontracted to provide
media outreach for print and television media and strategic communications consulting' and this
would last 'for the duration of Bell Pottinger's engagement by Yemen'. The contract was worth a
'payment of $30,000 monthly'.
 Involvement With Saudi Government's 9/11 Response
Three of Qorvis's founding partners - Judy Smith, Bernie Merritt and Jim Weber - left in
December 2002, probably due to the firm's taking $200,000 a month from the Saudi government
to aid in downplaying the links between Saudi Arabia and Al Qaeda after September 11th, 2001.
 Equatorial Guinea
Since May 2010, Qorvis has provided various public relations services to the regime of
Equatorial Guinea in exchange for a reported $60,000 in addition to expenses. Think Progress
reported in March of 2012 that the firm had produced several dozen upbeat press releases under
its contract with President Teodoro Obiang Nguema Mbasogo, whose government consistently
ranks among the worst of human rights offenders by monitoring organizations.
 Contact Information
• 1201 Connecticut Avenue Northwest #500 Washington D.C., DC 20036-2612
• PO Box 62081 Baltimore, MD 21264 [as of 03/04/2011]
• Phone: (202) 496-1000
• Fax: (202) 496-1300
• Website: http://www.qorvis.com
• Email: firstname.lastname@example.org
 Major Players
Managing Partner & CEO:
• Michael Petruzzello
• Stan Collender
• Sam Dealey - Former editor of the Washington Times
• Ron Faucheux
• Greg Lagana - Former SVP for communications and marketing at DynCorp
International; previous to that, worked for second Bush Administration at the
Coalition Information Center. Lagana has been heavily involved in dealing
with nation-state clients.
• Matt J Lauer - Former executive director of U.S. Advisory Commission on
Public Diplomacy @ Department of State.
• Rich Masters - Talking head. Manages client teams for the House of Saud as
well as big pharma and the sugar industry.
• John Reid - Partner and managing director for the Middle East.
• Esther Thomas Smith
• Karen Vahouny
• Abdenbi Abdelmoumen
• Chuck Conconi
• Nader Ayoub
Official exec bios plus other info compiled here
 Media Reports
• 'Yemen’s butcher, Ali Saleh hires PR firm Bell Pottinger (& Qorvis) amid
murder of journo and protesters'
• 'Lobbyists Jump Ship In Wake Of Mideast Unrest'
• 'PR Mercenaries, Their Dictator Masters, And The Human Rights Stain'
• 'Extreme Makeover: Mideast Autocrat Edition: From Moammar Qaddafi to the
house of Saud, six repressive rulers who hired PR firms to help clean up their
• 'Spinning Bahrain, the Qorvis way'
• 'State of Virginia employing PR firm used by Middle East regimes accused of
human rights abuses'
• 'Who would like to provide PR for a brutal, US-backed dictatorship?'
• 'Qorvis Working with Bahrain’s Ruling Family to Improve Image'
• 'Qorvis Announces Appointment of New Partners'
 Further Research
Equatorial Guinea and Obiang:
• The campaign for Theodorin
Egypt and Ahmed Ezz:
• The two-year contract with Ezz
• Introduction to campaign:
o 'Did Saudis Deceptively Finance Ad Campaign?'
• FBI raid:
o 'FBI Searches Saudi Arabia's PR Firm'
• Astroturfing - Twitter, Blogs & PACs
• Political Contributions
• Petruzzello and John Edwards
• Relationship with Patton Boggs
• Relationship with Gulf Law Group/Brewer Law Group (Both Qorvis and Brewer
occupy the same DC suite)
From Project PM
Jump to: navigation, search
Strategic Forecasting, Inc. (commonly Stratfor) is a private intelligence company founded in
1996 in Austin, Texas by George Friedman: founder, chief intelligence officer, and CEO. Fred
Burton is Stratfor's Vice President for Counterterrorism and Corporate Security.
• 1 Products
• 2 2011 Breach
o 2.1 Revelations From the 2011 Breach
2.1.1 U.S. Sealed Indictment Against Julian Assange
2.1.2 Dow paying for Google searches re: Bhopal
• 3 External links
Stratfor has published a daily intelligence briefing since its inception in 1996, when its rise to
prominence as chronicled by the MSM occurred with the release of its Kosovo Crisis Center
during the 1999 NATO airstrikes on Kosovo.
Before the end of 1999, Stratfor had introduced a subscription service through which it offered
the majority of its analyses. After September 11, 2001 Stratfor began to make its its "breaking
news" paragraphs as well as selected analyses and predictions available freely to the public.
Stratfor has been cited by media such as CNN, Bloomberg, the Associated Press, Reuters, The
New York Times and the BBC as an authority on strategic and tactical intelligence issues. It's
title "The Shadow CIA" was used by Barron's in October of 2001, where Jonathan R. Laing
posits that the firm "benefits from cyber blowback".
Stratfor breach first revealed via #LulzXmas - 24.12.2011
Stratfor's statement on the breach - 11.1.2012
Stratfor: Inside the World of a Private CIA - 27.2.2012
al-Akhbar details Statfor on WikiLeaks & Assange - 28.2.2012
$700K in fradulent charges after Stratfor attack - 12.3.2012
Inside the Stratfor Attack - 12.3.2012
Sacrificing Stratfor: some speculation on the sup_g/sabu/FBI timeline - 25.3.2012
Revelations From the 2011 Breach
Wikileaks on Stratfor on Wikileaks
U.S. Sealed Indictment Against Julian Assange
Relevant emails@ WikiLeaks
A Secret Indictment Against Julian Assange? - 28.2.2012
Leaked Stratfor Email Suggests Secret U.S. Indictment of WikiLeaks Founder Julian Assange -
Charges against Assange drawn up in US, says email - 29.2.2012
Amy Goodman on Assange's Indictment - 1.3.2012
Melissa,This sounds like an eitxcing venture. I'd like to see the Dublin Core Metadata Initiative
in this course. The DCMI has died down quite a bit over the past few years. When it first started,
it had such promise. It was groomed to be the answer for the SemWeb. But alas, it doesn't seem
like it's going to work out. Or will it? The course should explore what it is, what challenges it
had faced in implementation, and why it ultimately didn't work. Since it was a child of librarians,
there are implications to the role (and what we've learned from the DCMI) that librarians will
play in the upcoming stages of the Web. Allan
Dow paying for Google searches re: Bhopal
‘Spying’ on Bhopal NGOs: How Stratfor conned Dow - 28.2.2012 emails
Stratfor was Dow’s Bhopal spy: WikiLeaks - 28.2.2012
Yes Men on Democracy Now re: Dow - 28.2.2012
StratforLeaks: Google Ideas Director Involved in ‘Regime Change’ - 14.2.2012
Former Blackwater Director Involved in Gaddafi Killing, Syria - 19.3.2012
Brazil may be ready to support Argintina's claim of the Falkland Islands against Britain - emails
Osama bin Laden's corpse: was Stratfor aware of something the public was not, or just making
shit up? Which would be more surprising?emails 1 emails 2
Stratcap: Partnership with Goldman Sachs to leverage Stratfor "intel" into insider trades. It's
unclear how far this idea ever got. emails
Stratfor speculates on the murder of journalist Syed Saleem Shahzad.
Benjamin Netanyahu Was A Stratfor Source - 27.3.2012
• WikiLeaks' "Global Intelligence Files"
• Stratfor: Inside the World of a Private CIA
• WikiLeaks Goes Inside Corporate America's Wannabe CIA
• Stratfor Hires Robert D. Kaplan (formerly of The Atlantic) - 16.3.2012
Provide Security LLC
From Project PM
Jump to: navigation, search
Provide Security LLC is a "security" firm best known for its social network trolling as well as
attempting to "out" participants in the Occupy movement. They are believed to be a force behind
much of this wiki's botspam.
According to their website:
Provide Security associates are handpicked from the ranks of highly trained and experienced
former agents of the US Secret Service, members of U.S. Special Forces, Global Intelligence
Agencies and other premier law enforcement organizations. Our experts are Board Certified in
multiple aspects of Security from leading Security Associations, including ASIS International,
the Association of Certified Fraud Examiners and ISC2. Based upon their extensive training and
experience in IT Security, Physical Security, Executive Protection and Investigations our
professionals are uniquely skilled and well versed in the latest concepts of Convergence in the
Security Field. Our approach has been used for tackling many security issues and providing
• 1 Employees/Partners
o 1.1 Kevin P. Schatzle
o 1.2 Thomas Ryan
• 2 Misc
• 3 Media Reports
The Limited Liability Company consists of Thomas Ryan and Kevin Schatzle.
Kevin P. Schatzle
(Not to be confused with Kevin B. Schatzle of En Pointe)
NYTimes Article from 1989 where Kevin Schatzle was sentenced to 6 months in prison for
excessive use of force
Listed on the Faculty of Henley-Putname University In the Strategic Security department.
Talking about IMPLANTABLE EXPLOSIVES OMG 
Suspect Detection Systems Board Member Jan. 2010.
Journal of Physical Security Board Member.
Listed as the Director of Corporate Security for Novartis Corporation.
According to the New Jersey Department of Revenue the LLC is registered to Thomas Ryan at:
256 Green St. Old Bridge, NJ 08857 Phone: 732-360-2654
Former addresses for Provide Security LLC include: 86 Amber St. Staten Island, NY 10306
Phone: 212-555-1212 (I'm not kidding you, that's the phone number on file when this address
Former Partner at SiegeWorks International, which sold to Vigilar. As of March 6, 2006,
SiegeWorks LLC operates as a subsidiary of FishNet Consulting, Inc. . Copies of seclist
archives from Ryan while at Siegeworks Intl in 2005 .
Owner of Thomas Ryan LLC. With adresses on record at:
256 Green St. Old Bridge, NJ 08857
256 Green St. Sayerville, NJ 08871
256 Green St. Woodbridge, NJ 07095
Phone: 732-234-3972 for Thomas Ryan LLC.
Personal Website 
A delightful Op-Ed in which Ryan writes "Private military security companies, employed by the
US government, other nation-states, and corporations play a crucial role in ensuring that 'an
open international economic system' remains open."
LinkedIn gives the HQ address as:
Jersey City, New Jersey 07097
Provide Security has been known to do business with Critical Defence.
Thomas Ryan's "Getting in Bed With Robin Sage" - PDF, Video
US security chiefs tricked in social networking experiment - 24.7.2010
Tom Ryan, owner of Provide Security, leaks Thousands of Occupy Wall Street Emails -
Provide Security Vs Anonymous - 16.10.2011
From Project PM
Jump to: navigation, search
Date news items using a "day.month.year" format and submit PDFs and other
downloadables to Publications.
• 1 Stories
o 1.1 The Spy Files
o 1.2 ChamberLeaks
o 1.3 Technical
o 1.4 Military
o 1.5 FBI & DHS
o 1.6 Persona Management
o 1.7 Surveillance
Top Secret America - Sept. 2010 (ongoing)
The Spy Files
WikiLeaks files expose surveillance-industrial complex 1.12.11
The art and science of communications intelligence 1.12.11
Surveillance: A thriving British industry 1.12.11
Leaked HBGary Documents Show Plan To Spread Wikileaks Propaganda For BofA... And
'Attack' Glenn Greenwald 9.2.11
A comprehensive account of Team Themis and the manner in which Palantir, HBGary, and
Belrico combined their methodologies in pursuit of various conspiracies on behalf of Bank of
America and Chamber of Commerce through their common law firm Hunton & Williams
The leaked campaign to attack WikiLeaks and its supporters 11.2.11
More facts emerge about the leaked smear campaigns 15.2.11
E-Mails Hacked By 'Anonymous' Raise Concerns 16.2.11
Leaksource: Glenn Greenwald Explains Chamberleaks 16.2.11 - With AV links
Democrats Call For Probe of Top D.C. Law Firm 1.3.11
Congress Opens Investigation Into HBGary Federal Scandal 17.3.11
Revealed: US spy operation that manipulates social media 17.3.11 - Guardian article by Nick
Fielding and Ian Cobain
Anonymous: Why does U.S. Central Command want to create phony online identities? 17.3.11
Anonymous: Government contractor has weaponized social media 18.3.11 - Tech Herald article
drawing on our early research and focusing on particular aspects, companies involved in Metal
Audio discussion between Buffalo Beast editor and Congressional candidate Ian Murphy and
Barrett Brown on the nature and threat of Metal Gear 5.5.11
Anonymous: Operation Metal Gear
US Army may have used PSYOP against senators 25.2.1
Pentagon CIO Announcement 25.4.11 - All branches of the military are being migrated to a
single, industry-designed information-sharing sysem
U.S. Air Force Research Labs awards ISS $49.9mil Task Order for cloud-based ISR system
Former Joint Chiefs Chairman wants cybersecurity responsibilities moved from DHS to
DoD/CYBERCOM 11.4.11 - There would be privacy concerns and misgivings about the U.S.
military working in the domestic realm, but "it needs to be done," Pace said.
Head of STRATCOM warns the Senate Armed Services Committee that state-based network
attacks against US infrastructure are growing (PDF) 29.3.11
http://www.republicreport.org/2012/grumman-500k-mckeon/Exclusive: Northrop Grumman
Awards Lobbyist $500K Bonus Weeks Before Becoming Low-Paid Congressional Staffer
Shaping Military Policy
FBI & DHS
FBI's Counterterrorism Operations Scrutinizing Political Activists - 30.5.2011
Ab fab my gooldy man.
The Secret State's Quest for 'Persona Management Software'
Are You Following a Bot?
Global surveillance supermarket offered to dictators 1.12.11
Does RSA SecurID have a US gov't-authorized back door? 23.5.11
2002 New York Times piece describing relatively early work by Pentagon on surveillance and
modelling capabilities being deployed against American citizens
Russia TV on FBI surveillance of activists via GPS units
Appeals Court Revives Lawsuit Challenging NSA Surveillance of Americans 21.3.11
Privacy, Freedom, and the All Seeing Eye: The Panopticon - 2.5.2011
дурное дело нехитроепока у филиппинцев явный заскок, по сравнению с русскими, на
этой почвевсё-таки у великого народа и великих людей в мировой истории достаточно
засветилось, а у филиппинцев всё наперечёт, такое ощущение, что существует какой-то
секретный центр, который каждому филлипинцу в сша сообщает о даже квази
знаменитостях - те все знают, если, в american idol, например, участвует полуфилиппинка,
и что трет резнор ебёт филиппинку и тп
From Project PM
Jump to: navigation, search
• 1 Emails
o 1.1 HBGary
o 1.2 Unveillance
• 2 Research
o 2.1 Corporate
o 2.2 State
o 2.3 Personal
• 3 Sites
o 3.1 Anonymous Publishing
o 3.2 Collaborative Text
o 3.3 Disposable Chat Rooms
o 3.4 File Transfer
• 4 Crypto
• 5 Software
o 5.1 PC
o 5.2 Mobile
• 6 Books
Email viewer portals are still available at hbgary.par-anoia.net, though if you are planning on
doing anything more than cursory research you should download the emails (Torrent #1, Torrent
#2) and import them into a dedicated mail client such as Thunderbird, where you can search
If you have i2p (and you should) and you want a decent hbgary search tool, you can browse to
Web-based Network Recon: Robtex, Domain Tools, net.toolkit, ServerSniff
"Insider" news sources: Washington Technology, Government Computer News, Defense
Systems, Defense News, Defense Industry Daily, Hillicon Valley @ TheHill.com
Search for preliminary company info at sec.gov/Manta/Crunchbase There is a full text
EDGAR search for SEC filings.
U.S. Corporate Information Portal - Links to all fifty Secretaries of State
Virginia State Corporation Commission, Maryland Secretary of State: Corporation Search, D.C.
Corp Online System
SourceWatch is a project of the Center for Media and Democracy, with ample information on
front groups, cutouts, and paid shills in D.C. and elsewhere. Created by Sheldon Rampton in
2003; originally "DisinfoPedia".
Crocodyl - Collaborative Research on Corporations
SIC code and NAICS lookups here or here for U.S. companies; compare to E.U. NACE.
Mandasoft mergers and acquisitions database
Data Mining Conferences Worldwide
Semantic Risk Representation Model Syntax and explanatory PDF
Cryptome - Before WikiLeaks, there was John Young's site, a compendium of the State's
memory holes. Archive browsing temporarily closed due to bot abuse; use a search engine.
The Sunlight Foundation offers a number of very powerful and intuitive tools for government
research, such as Poligraft (bookmarklet for relations among news story subjects) and Muckrock
(a public FOIA repository currently in closed beta)
Government Printing Office Access
The U.S. Intelligence Community: Information Resources from the Lehman Social Sciences
Library @ Columbia University
"Navigating the Military Internet" @ Dudley Knox Naval Postgraduate Library
Cyberspace & Information Operations Study Center @ USAF Air University
Jane's Defense & Security Intelligence & Analysis
Defense Technical Information Center
Spokeo person search This people search tool is quite powerful, and will trawl through a variety
of resources for search results. Can even show IP addresses.
Spies Online - Good first stop for dox
A Wiki of Social Media Monitoring Solutions
IceRocket - social network searches
Fake Name Generator - Get throwaway names and addresses from around the world.
JotOnce - Password-protected textdrop
Dinkypage - HTML with custom URLs
Anything halfway important needs to be kept away from Google Docs, FFS. If you need your
own server, consider Gobby or MoonEdit.
Mozilla Etherpad - Supports password-protected team workspaces!
Piratenpartei Pad - supports in-pad images
PiratePad - no HTTPS
TypeWith.me - no HTTPS
AnonPad Site derping as of Oct. 2011
Disposable Chat Rooms
Babelwith.me - Features translation capabilities
Mirror Creator - Upload to many file-hosting sites at once
Netkups - Free torrent+direct hosting of files up to 1GB.
JetBytes - "an experimental file transfer service which works without storing files during the
transfer and allows to download it immediately"
Head to Cryptoparty's Resources page. ;)
FreeMind and Xmind are both Free (GPL/LGPL/EPL) multiplatform mindmapping programs.
They are both have extensive export options and are so compatible with one another that there
was talk in 2009 of a code merge (didn't happen). Xmind is ~50MB vs FreeMind's ~15MB and
the feature set reflects the difference in size, with Xmind allowing for multi-map workbooks and
other fancy things.
ACH - Powerful open-source toolkit for use with the Analysis of Competing Hypotheses
methodological framework originally developed by the CIA; an introduction to this framework
can be found in the CIA's 1999 publication The Psychology of Intelligence Analysis: A central
focus of this book is to illuminate the role of the observer in determining what is observed and
how it is interpreted. People construct their own version of "reality" on the basis of information
provided by the senses, but this sensory input is mediated by complex mental processes that
determine which information is attended to, how it is organized, and the meaning attributed to it.
FOCA - Fingerprinting Organizations with Collected Archives. Windows only. Presentation,
EnCase v4.2 - Forensic Email Analysis
NodeXL - Network Overview Discovery and Exploration for Excel 2007/201090
Accessdata Forensic Toolkit (FTK) and phone examiner\
The Guardian Project - Tor via Android
crypto.cat - secure mobile chat
Library.nu - RIP
AAAAARG.ORG - Tehran-based theory repository specializing in social science and
Retrieved from "http://wiki.echelon2.org/w//index.php?