The bogus expert and social media chicanery of DC’s top cyber think tank

Latest news

    With “at least 45 fake Twitter accounts being used to amplify ICIT content and Scott’s book, as well as a group of fake YouTube accounts that upload and like ICIT videos.” The think tank eventually verified in writing to BuzzFeed that it does, in fact, operate the twitter accounts in question. Twitter has since suspended 11 of the accounts. When we reached out for comment, Scott replied:

    ICIT had outsourced its social media management to overseas contractors. I’ve apologized and regret not managing them more vigilantly at the time. I voluntarily resigned my duties at ICIT so that ICIT was not impacted.

    While at ICIT, I wrote several books which we gave away for free so that “cost” never stopped people from accessing the data. I never charged for public speaking engagements or public sector advisory to critical infrastructure organizations due to my deep conviction to help secure our Nation from cyber attack

    The thing about cyber and digital decepticons is, all you usually need to do is give them enough rope and they pretty much hang themselves — which, along with some great investigative reporting, is what BuzzFeed did. And “A DC Think Tank Uses Fake Twitter Accounts And A Shady Expert To Reach The NSA, FBI, And White House” is a great story. But it comes with an even more insane backstory.

    It started when BuzzFeed journo Craig Silverman noticed a random Twitter reply from the cofounder of ICIT, which appeared to have a lot of spammy support. Silverman looked closer, unearthing numerous bot accounts pushing Scott’s recent self-published book on cyber information warfare.

    Artificial influencer

    Bizarrely, one of the connecting threads was a unique insult: Scott calling Silverman a “mind midget” (used when the reporter started asking uncomfortable questions). Scott’s distinctive misuse of “mental midget” started Silverman down a rabbit hole of sock puppets using the same insult and phrasing, leading to aliases, unsubstantiated claims of bestselling books, a career as a cybersecurity expert that only began in 2013, and (prior to that) a variety of shady startups — including one that sold automated social media boosting.

    “He also placed incredibly fawning articles about himself on sites that seemed to exist to improve his SEO,” Silverman tweeted. “Fast forward to now and he’s still doing that,” he added. “Along with the bots that retweet brooding memes of him, there are the fake YouTube accounts that upload ICIT videos of Scott and also leave comments that declare him to be a genius.”

    After Scott cut off contact with Silverman, the ICIT cofounder was quick to publish a tweet saying that “journalists on Russian/Chinese payroll who are targeting us for exposing them in my Information Warfare book.”

    That all of this is married to an influential DC cybersecurity think tank struck Silverman as alarming — as it should. “But it seems no one checked on [Scott’s] credentials or looked closely at his background,” he tweeted.

    To which we say, “Welcome to cybersecurity!”

    Look: I know we’re living in the stupid timeline, the one where the normal and the abnormal are all blurred together.

    Especially in Washington DC. It’s where John Bolton (no cyber experience) eliminates terrifyingly necessary cyber positions in the White House. Where Jared Kushner (no cyber experience) is Cyber Commandant, and for a while Rudy Giuliani (no cyber experience) was named Donald Trump’s official presidential cybersecurity adviser. It’s also a fetid warp in space and time where US Deputy Attorney General Rod Rosenstein makes up phrases like “responsible encryption” in order to pretend he has knowledge of a way to backdoor encryption in a totally secure way.

    But con artist reward and success is horribly normal for infosec. It has been for ages — look no further than respected indie site Attrition’s long-running and oft-referenced Charlatans page. On it, there’s nearly a decade of researched and citation-heavy documentation of sketchy technical experts, infosec journalists, companies, and bogus crowdfunding campaigns. All trading on buzzwords in place of knowledge and experience, selling books and events, pushing fear, and ruled by spiteful ego.

    Infosec has a vulnerability

    The cyber snake oil salesman is a permanent fixture of the industry, much to the chagrin of those working in the trenches and seeing through the charades. Because we often cope with abuse through humor, infosec attempts to cling to sanity with parodies like @SecSnakeOil, Threatbutt, and this year’s new addition the F.A.K.E. Security patent-pending line of cybersecurity solutions — literally dressing up and selling products at security conventions packaged as old-timey snake oil potions.

    The problem is that everyone uses security but no one understands it. When an industry is like magic voodoo to the world at large, and the industry’s knowledgeable inhabitants are hereditarily misanthropic, you have the exact scientific formula for all sorts of wankers to come in and be big stinky assholes, ruining everything they touch.

    That’s not to say ICIT has ruined anything — but wow, do we have a lot of questions now about their research, citations, experience, vetting, connections, advising, and, well, everything else. James Scott, ICIT’s senior fellow and cofounder and the whole reason BuzzFeed even looked into this, is its top expert.

    View the original article:

    Under the auspices of ICIT last month, James Scott recently downplayed Russian troll armies to Forbes. Scott, as ICIT, told respected-in-infosec outlet CSO last year that AI could “crush” ransomware and would slay the healthcare ransomware dragon, while telling ZDNet that IoT was somehow going to be ransomware’s next Pearl Harbor. In another WTF example, Scott-as-ICIT chose the months leading up to 2016’s presidential election — when Russian trolls and propaganda had become a five-alarm fire — to tell MSNBC that “Islamic terrorists” were about to attack and “The ‘cyber jihad’ is coming.”

    In the same category are

    Here’s every Alexa device Amazon announced today Echo Dot The revamped Echo Dot has a new look, with rounded edges, and packs more punch, with a 1.6-inch driver delivering 70-percent-louder audio th...
    Amazon’s new Echo lineup targets Google, Apple and Sonos Just like the Dot, the Plus sounds a lot better this year than last. I was impressed by just how booming the bass sounded, and I thought the highs sou...
    Hulu’s website looks different today The Watchlist is now bundled into the "My Stuff" tab, and hovering over the thumbnail for a show or movie offers the option to play it, remove it from...
    Amazon’s 2018 Echo Show finally gets it right I tried it out briefly following the Amazon announcement earlier today, and the first thing I noticed is that it's much more minimalist in design, wit...
    Apple’s bigger, better Watch Series 4 makes a great first impression Bigger in some ways, smaller in others You probably don't need me to tell you that Apple made its Watches bigger this year: we're looking at 40mm and ...
    Samsung’s mid-range Galaxy A7 has a triple camera setup The front camera is no slouch either, featuring 24-megapixel resolution, an adjustable LED flash and the "Selfie Focus" effect that brings bokeh to yo...

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.