Read on Twitter
New exclusive investigation - Meet Mitre Corporation, the nonprofit that gets up to $2 billion every year from US agencies to do all manner of national security, surveillance and healthcare work, much of it done in secret. Get ready for some scoops... https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Scoop no. 1 - In 2017, the DHS paid Mitre $500,000 to create a tool to hack IoT devices, specifically mentioning smartwatches. The aim was to detect them as they entered a "boundary" and exploit them automatically. Cops and border agents potential users. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
One source says CBP was the only user of that Mitre IoT hacking tool. Another says Mitre routinely helps CBP out with border searches. And a FOIA-obtained document shows Mitre helping CBP with the rollout and testing of controversial Rapid DNA technology. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/#4d3113b22052
Scoop no. 2 - FOIA-obtained document shows Mitre was paid $500,000 by the FBI for a "social media image fingerprinting" tool. According to former FBI sci & tech chief, it was quite literally to take fingerprints from photos on FB/Instagram/Twitter/etc. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Mitre started working on that social media fingerprinting tool back in 2015, so it's likely been of use to various US gov agencies, not just the FBI, for five years. It was supported by a previously-unreported high-tech research funding body called TRIAD. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/#4d3113b22052
Scoop no. 3 - A few days after President Trump called a national emergency over Covid-19, Mitre got a call from the DHS Countering Weapons of Mass Destruction office (?!) to draw up plans for exiting a pandemic using its big data expertise. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Mitre has been a major player in helping the US fight Covid-19, including a $16.3 million CDC contract to help build “an enduring national capability to contain Covid-19.” It's also built a widely-used tracing tool, amongst other projects. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Fun mini scoop - In 2009, Mitre was asked to determine whether you smell different when you lie. It turns out, yes, you do! So the US government can sniff out your fibs! https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Many of the infosec Twitter crowd will know Mitre as the org that manages the CVE database of known vulnerabilities, or the provider of the ATT&CK framework. At the same time as protecting internet devices and infrastructure, it's hacking them in private. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Behind the scenes Mitre has been involved in some of the biggest dark web investigations, including the takedown of the Silk Road and the major anti-child exploitation investigation known as Op Torpedo. I spoke with Matt Edman who worked on both: https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
So, here's the FOIA doc that includes Mitre's work on Rapid DNA tech and the IoT hacking tool: https://www.documentcloud.org/documents/6807246-Mitre-DNA-and-IOT-Exploitation-Contract.html
Full Forbes report on Mitre's mad, mad world here: https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Full Forbes report on Mitre's mad, mad world here: https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
And here's the doc and emails that mention the FBI's "social media image fingerprinting" project with Mitre: https://www.documentcloud.org/documents/6807241-Mitre-Social-Fingerprinting-Software-for-FBI.html
Much of it is redacted so you'll want to read the full report here for more info: https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Much of it is redacted so you'll want to read the full report here for more info: https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Nearly forgot to add: Mitre's been a huge help in building the US government's facial recognition and biometric databases. One contract details work on “creating local watchlists by flagging subjects of interest.” https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
Mitre has also been helping build the Next Generation Identification database, what the FBI calls “the world's largest and most efficient electronic repository of biometric and criminal history information.” It's cost the FBI over $500 million to date. https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/
