BOOZ ALLEN ETC Continued
Again, the point of the reminders below is not that the more things change, the more they stay the same. The point is that previous lessons need to be re-learned. Next-to-the-top echelons in the defense and security contracting world, effectively ensconced in government, do not tend to head for the door when an administration changes. The recent news that 29-year-old Edward Snowden, employed by a major government contractor, wielded global cyber intrusions and then revealed them is another reminder that we are still dealing with the problems.
The NSA contractor, of course, is Booz Allen Hamilton, the giant ex-spooks and black-hats company with government ties at federal, state and local levels. With Snowden, the company deviated from its strengths, hiring not an ex-spook but a future spook who seems to have decided he had gotten onto the wrong career path. Again ironically, in light of recent events, Booz Allen’s services include monitoring other surveillance programs. The recent predictable problems are now part of a well established track record.
Take the 2006 flap over Booz Allen’s monitoring the SWIFT project. This, to recap briefly, was the George W. Bush administration’s examination of records of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), headquartered in Belgium. The government eyeballing gave the Bush administration access to millions of financial messages per day involving payments, securities transactions, etc., between thousands of banks and other financial entities around the world. SWIFT touted its safety and security as a financial messaging system. (For what it’s worth, Booz Allen itself uses SWIFT.) Such financial surveillance being too much for Wall Street to stomach even from a super-friendly administration, uproar ensued. Thus Booz Allen was said to be monitoring it. This was less than reassuring, to Wall Street as well as to the ACLU (linked above), given the contractor’s numerous and profitable ties to the feds it was supposed to oversee.
The ties were pointed out again in 2011 by, among others, Anonymous. The notorious cyber vigilantes gleefully hacked–wait for it–Booz Allen, apparently with ease, getting access to among other things thousands of military emails. Here for fun is Anonymous‘ own take on the exploit:
Today we want to turn our attention to Booz Allen Hamilton, whose core business is contractual work completed on behalf of the US federal government, foremost on defense and homeland security matters, and limited engagements of foreign governments specific to U.S. military assistance programs.
So in this line of work you’d expect them to sail the seven proxseas with a state- of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!).
We also added the complete sqldump, compressed ~50mb, for a good measure. We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.”
No clarification yet on whether SWIFT or, for that matter, Booz Allen will be involved if complicated extradition proceedings get underway for Edward Snowden. But then exactly what material Snowden had access to in general has not been clarified–and presumably will not be. How much Snowden got from SWIFT specifically has also not been clarified. The footprint of the financial messaging service is large on the internet, given the nexus of the NSA, private contracting, and foreign policy. SWIFT was among the levers used against Iran.
Before SWIFT, there was TIP, or the Total Information Awareness program, run by Admiral John Poindexter, back in 2002. To recap very briefly, Booz Allen was also in this one up to the eyeballs (along with SAIC among others). The TIP or TIA program was short-lived because of the uproar–although one of its leading lights, Mike McConnell, stayed in the administration as George W. Bush’s second Director of National Intelligence, before returning to Booz Allen to serve as Senior Vice Chairman.
Summing up, ties between administrations and Booz Allen have been numerous and have been written about by a number of authors. The ties between Booz Allen, its brothers in arms in the contracting world, and the now-cyber-ghost-town PNAC, or Project for the New American Century, alone have been more than friendly. When PNAC-er Dov Zakheim left the Pentagon, in April 2004, he became a partner at Booz Allen. Former CIA director R. James Woolsey, another PNAC signatory, was a vice president at Booz Allen.
Thus signatories fervently bent, by their own hand, on war with Iraq rotated through the intelligence-security industry revolving door, to become part of a company frequently paid for monitoring intelligence and security work–including some of their own previous work.
The way a good corporate candidate for major contracts is chosen continues to baffle. One fundamental problem is the lack of protection against potential conflicts of interest. It is anomalous that a major military contractor and a major security contractor for the federal government could be given oversight or a supervisory role in surveillance conducted by the federal government. The potential conflict of interest is too large. Suppose, hypothetically, that the sifting through discloses some previous lapse by the contractor itself?
To be continued