QinetiQ (Cyveillance)

QinetiQ / Cyveillance
Official Website: http://www.qinetiq.com/what/capabilities/cyber/Pages/default.aspx
Official about page: http://www.qinetiq.com/about/operations/Pages/default.aspx
Country: Please specify country
Location:
Founded:
Business:
Contact
Phone: 703-752-9595
Fax:

Background

QinetiQ

• In September 2004 Qinetiq acquired the U.S. defence companies Westar Corporation[4] and Foster-Miller (maker of the Talon robot).[5] Also in 2004, it acquired HVR Consulting Services Ltd. a leading UK based engineering consultancy.

• In early August 2005, the company announced it would acquire Apogen Technologies, Inc., pending regulatory approval.

The Qinetiq website lists this merger as costing $288.0m (£162.7m).

• In September 2005, it acquired a 90% share of Verhaert Design and Development NV (VDD), the Belgian space systems integrator.

• In October that year, it acquired Broadreach Networks Limited, a supplier of Wi-Fi internet to the European rail industry.

• February 2006, it bought Graphics Research Corporation Ltd, developer of the Paramarine software suite of ship and submarine design tools.

• • Qinetiq has a 25-year agreement with the UK Ministry of Defence (MoD) to provide test and evaluation services and manage military ranges. This agreement is the Long Term Partnering Agreement (LTPA). It is a major stakeholder in the UK Defence Technology Centre which places military research contracts on behalf of the MoD.

• • In January 2007, the Company bought Analex, a U.S. corporation providing high technology professional services and solutions, principally to the United States Government and its agencies.[17] Analex originally incorporated in 1964 under the name Biorad which then evolved into Hadron, Inc.,[18] a U.S. government systems consulting firm chaired by Earl Brian, a controversial, often shady, businessman who eventually became the centre of focus in a Ronald Reagan-era, software piracy case: Inslaw Inc. v. United States Government.

Cyveillance

• • Cyveillance is part of QinetiQ's Mission Solution's Group, headed by Stephen Cambone, a former US Under-Secretary of Defense for Intelligence who served President George W. Bush. Many of QinetiQ's clients are in the defense and other government arenas.

From wikipedia:

• Cyveillance, founded in 1997, is a private Internet-monitoring company based in Arlington, Virginia and provides an intelligence-led approach to security.

• Cyveillance was bought in May 2009 by the UK firm QinetiQ, for an initial cash consideration of $40 million.

• Cyveillance is part of QinetiQ's Mission Solution's Group, headed by Stephen Cambone, a former US Under-Secretary of Defense for Intelligence who served President George W. Bush. Many of QinetiQ's clients are in the defense and other government arenas.

Products

Reports

Tech & Business Partners

People Responsible

Board of Directors

Executives & Management

Stephen Cambone, a former US Under-Secretary of Defense for Intelligence who served President George W. Bush.

--John Chisholm (executive) In 1991, Chisholm was asked by the UK Ministry of Defence to organize a number of their research organisations into a single entity, which eventually became the Defence Evaluation and Research Agency (DERA) - the largest science and technology organisation in the UK. In July 2001, three quarters of DERA was spun off to form a new private company called QinetiQ. -From Linkedin --Manoj Srivastava | LinkedIn Passionate about product innovation (named as inventor or co-inventor on four patents), my inventions include the: • Social Engineering Protection Appliance in 2010, the first device of its kind, which prevents cyber-attacks that exploit social media networks and penetrate target companies. • First Global Threat Intelligence product (five years ahead of its time) that detects cyber threats and feeds data to security devices via the Internet “cloud.” • Shared Registration System, which led to creation and explosive growth of a new industry – domain-name registrars that sell domain names. .. Currently leading technology, strategy, R&D, product development, SaaS infrastructure, offshore operations, marketing support, and strategic partnerships. Contribute expertise during analyst and media briefings; collaborate on product and pricing strategy; and brief Board of Directors on technology, products, performance, and plans. Performed M&A integration and due-diligence during QinetiQ’s acquisition of Cyveillance (2009). .. Launched highly profitable OEM threat intelligence feeds, which update gateway-security devices for protection against zero-day threats. Launched successful products, including: Knowledge Discovery Appliance (KDA), which scans and analyzes content in near real-time; and SEPA, which counters “social engineering” attacks. .. Vice President VeriSign, Inc May 2000 – June 2005 (5 years 2 months) Dulles, Virginia http://webcache.googleusercontent.com/search?q=cache:eMYDqoYgxaYJ:www.linkedin.com/in/manojkumarsrivastava+Manoj+Srivastava+cyveillance&cd=9&hl=en&ct=clnk&gl=us

-From uspto.gov patent office

1 7,299,299 Full-Text Shared registration system for registering domain names 2 6,533,320 Full-Text Automotive seat belt restraint assembly 3 6,523,237 Full-Text Automotive seat assembly having an integral tear seam 4 6,485,096 Full-Text Continuous self-adjusting head restraint system 5 6,250,703 Full-Text Automotive removable power seat 6 6,074,006 Full-Text Automotive seat with pneumatic pelvic stabilization

--Paul Hart Sr Network Engineer - Cyveillance

-From linkedin ! HTTP Status 401 - type Status report message [!] description This request requires HTTP authentication (). http://www.linkedin.com/pub/paul-hart/26/7b2/ba7

Sources

• http://pastebin.com/bRBXNBSC

OTHER

[ xor.cx Access.log ] 38.105.71.34 - - [05/Jan/2012:02:04:32 -0700] "GET / HTTP/1.1" 302 - "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:33 -0700] "GET /drupal7 HTTP/1.1" 301 230 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:33 -0700] "GET /drupal7/ HTTP/1.1" 200 15679 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:34 -0700] "GET /drupal7/?q=node/52 HTTP/1.1" 200 27212 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:35 -0700] "GET /drupal7/?q=tracker HTTP/1.1" 200 27958 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:35 -0700] "GET /drupal7/?q=tracker&page=1 HTTP/1.1" 200 28064 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:36 -0700] "GET /drupal7/?q=user/password HTTP/1.1" 200 10477 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:36 -0700] "GET /drupal7/?q=login HTTP/1.1" 302 - "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:36 -0700] "GET /drupal7/?q=user/login HTTP/1.1" 200 12850 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:37 -0700] "GET /drupal7/?q=user/login HTTP/1.1" 200 12850 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:38 -0700] "GET /drupal7/?q=user/login HTTP/1.1" 200 12850 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:38 -0700] "GET /drupal7/?q=Links HTTP/1.1" 200 21033 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:39 -0700] "GET /drupal7/?q=Links HTTP/1.1" 200 21033 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:39 -0700] "GET /drupal7/ HTTP/1.1" 200 15679 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:40 -0700] "GET /drupal7/?q=node/1 HTTP/1.1" 200 14128 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:40 -0700] "GET /drupal7/?q=node/1 HTTP/1.1" 200 14128 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:41 -0700] "GET /drupal7/?q=Affiliates HTTP/1.1" 200 14035 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:41 -0700] "GET /drupal7/?q=user/register HTTP/1.1" 200 12679 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:42 -0700] "GET /drupal7/?q=user/register HTTP/1.1" 200 12679 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:43 -0700] "GET /drupal7/?q=forum HTTP/1.1" 200 16166 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:43 -0700] "GET /drupal7/?q=forum/3 HTTP/1.1" 200 14049 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:44 -0700] "GET //?q=forum/1 HTTP/1.1" 302 - "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:44 -0700] "GET /drupal7 HTTP/1.1" 301 230 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:44 -0700] "GET /drupal7/ HTTP/1.1" 200 15679 "-" "Java/1.5.0_15" 38.105.71.34 - - [05/Jan/2012:02:04:45 -0700] "GET /drupal7/?q=node/64 HTTP/1.1" 200 20576 "-" "Java/1.5.0_15" (Jan 10th logs are identical)

  Administrative Contact, Technical Contact:
     Hart, PAUL                it_ops@cyveillance.com
     CYVEILLANCE

[!] 2677 Prosperity Ave

     Suite 400

[!] FairFax, VA 22031

     US
     (703) 351-2432 fax: (703) 312-0536

[ 2677 Prosperity Ave ] At this address:

   Analex Corporation‎ -
   Beta Analytics International Inc‎ -

[!] Lockheed Martin Corporation‎ -

   Sunspot Cafe‎ -

http://maps.google.com/maps?q=+2677+Prosperity+Ave+fairfax&hl=en&ll=38.880744,-77.233372&spn=0.011609,0.032809&sll=38.967617,-77.156725&sspn=0.047047,0.132093&vpsrc=0&hnear=2677+Prosperity+Ave,+Fairfax,+Virginia+22031&t=m&z=16

[ cyberveillance.com ] whois: private

[ cyveillance.com ] QinetiQ North America 7918 Jones Branch Drive McLean, VA 22102

whois: Registrant: Cyveillance

  2677 Prosperity Ave
  Suite 400
  Fairfax, VA 22031
  US

  Domain Name: CYVEILLANCE.COM

  ------------------------------------------------------------------------
  Promote your business to millions of viewers for only $1 a month
  Learn how you can get an Enhanced Business Listing here for your domain name.
  Learn more at http://www.NetworkSolutions.com/
  ------------------------------------------------------------------------

  Administrative Contact, Technical Contact:
     Hart, PAUL                it_ops@cyveillance.com
     CYVEILLANCE
     2677 Prosperity Ave
     Suite 400
     FairFax, VA 22031
     US
     (703) 351-2432 fax: (703) 312-0536


  Record expires on 16-Aug-2021.
  Record created on 17-Aug-1998.
  Database last updated on 15-Jan-2012 18:27:28 EST.

  Domain servers in listed order:

  AUTH100.NS.UU.NET            198.6.1.202
  AUTH00.NS.UU.NET             198.6.1.65
  AUTH1.DNS.COGENTCO.COM       66.28.0.14
  AUTH2.DNS.COGENTCO.COM       66.28.0.30

[ 38.105.71.34 ] Whois: network:ID:NET4-2669470019 network:Network-Name:NET4-2669470019 network:IP-Network:38.105.71.0/25 network:Postal-Code:22209 network:Country:US network:State:VA network:City:Arlington network:Street-Address:1555 Wilson Blvd, Suite 406 network:Org-Name:Cyveillance Inc. network:Tech-Contact:ZC108-ARIN network:Updated:2010-07-09 18:51:19 network:Updated-by:Michael Callender

38.105.71.34 Information

Public/natted address? 10.20.1.200 - 38.100.41.112

Honeynet project: This IP addresses has been seen by at least one Honey Pot. However, none of its visits have resulted in any bad events yet. It's possible that this IP is just a harmless web spider or Internet user. If you know something about this IP, please leave a comment. User-Agents seen with 2 user-agent(s) ! 38.105.71.34's User Agent Strings ! HTMLParser/1.6 ! Java/1.5.0_15

[hbgary.com] Matt Anglin Information Security Principal Office of the CSO QinetiQ North America 7918 Jones Branch Drive McLean, VA 22102 703-967-2862 cell

Rich Cummings CTO, HBGary 703-999-5012

Michael G. Spohn | Director – Security Services | HBGary, Inc. Office 916-459-4727 x124 | Mobile 949-370-7769 | Fax 916-481-1460 mike@hbgary.com | www.hbgary.com work ip: 68.5.159.254

--Confidential defense server staff communication ip+emails included! from: http://webcache.googleusercontent.com/search?q=cache:furUG9cJJ_4J:mirror.anapnea.net/hbgary/phil_hbgary_com/3001.html+paul+hart+cyveillance&cd=4&hl=nl&ct=clnk&gl=nl&client=firefox-a Original file: 1296985733.M431662P20123Q1579.cybercom click here to show this e-mail with HTML markup From: "Chris Glenn" <cglenn@Cyveillance.com> To: "Rich Cummings" <rich@hbgary.com>,"Mike Spohn" <mike@hbgary.com>,"Matthew Anglin" <matthew.anglin@qinetiq-na.com>,"Penny Leavy" <penny@hbgary.com>,"Phil Wallisch" <phil@hbgary.com> Date: Fri, 20 Aug 2010 18:34:39 -0400 Subject: RE: Access to HBGary Active Defense server Full headers

---

delivered-to: phil@hbgary.com received: Array return-path: <cglenn@cyveillance.com> received-spf: neutral (google.com: 38.100.21.105 is neither permitted nor denied by domain of cglenn@cyveillance.com) client-ip=38.100.21.105; authentication-results: mx.google.com; spf=neutral (google.com: 38.100.21.105 is neither permitted nor denied by domain of cglenn@cyveillance.com) smtp.mail=cglenn@cyveillance.com message-id: <2638c5c1-8e5c-457a-ba51-04e3c2afdadd@blur> from: "Chris Glenn" <cglenn@Cyveillance.com> to: "Rich Cummings" <rich@hbgary.com>,"Mike Spohn" <mike@hbgary.com>,"Matthew Anglin" <matthew.anglin@qinetiq-na.com>,"Penny Leavy" <penny@hbgary.com>,"Phil Wallisch" <phil@hbgary.com> date: Fri, 20 Aug 2010 18:34:39 -0400 x-mailer: Motorola android mail 1.0 thread-topic: Access to HBGary Active Defense server thread-index: ActAt5EkVWfzKEo6Sm2Uad0jmxANlg== mime-version: 1.0 subject: RE: Access to HBGary Active Defense server x-priority: 3 references: <4C6E9CAE.5020503@hbgary.com> <D01A10FBDBD34B4EAA478FD02A6B2A1601EB6184@cwmail.corp.cyveillance.com> <f22b1dee71a6961e5dd6b737cf63711e@mail.gmail.com> in-reply-to: <f22b1dee71a6961e5dd6b737cf63711e@mail.gmail.com> content-type: multipart/alternative;boundary="Motorola-A-Mail-ZtgL3w1xlrTP6nSz";charset="utf-8" Attachments: This e-mail does not have any attachments. Please send you IP.

Sent via DROID on Verizon Wireless

---

Original message-----

From: Rich Cummings <rich@hbgary.com> To: Chris Glenn <cglenn@cyveillance.com>, Mike Spohn <mike@hbgary.com>, Matthew Anglin <matthew.anglin@qinetiq-na.com>, Penny Leavy <penny@hbgary.com>, Phil Wallisch <phil@hbgary.com> Sent: Fri, Aug 20, 2010 22:08:14 GMT+00:00 Subject: RE: Access to HBGary Active Defense server

Hi Chris,

Sorry to chime in so late but could you please add my IP address to the approved list too. I need to help the team access some of the files on the Active Defense server.

Thank you very much,

Rich Cummings

CTO, HBGary

703-999-5012

• From:* Chris Glenn [1]
• Sent:* Friday, August 20, 2010 11:26 AM
• To:* Michael G. Spohn; Matthew Anglin; Penny Leavy-Hoglund; Phil Wallisch;

Rich Cummings

• Subject:* RE: Access to HBGary Active Defense server

Forwarding up to management for approval.

• From:* Michael G. Spohn [2]
• Sent:* Friday, August 20, 2010 11:18 AM
• To:* Chris Glenn; Matthew Anglin; Penny Leavy-Hoglund; Phil Wallisch; Rich

Cummings

• Subject:* Fwd: Access to HBGary Active Defense server

Chris,

See below - Paul is out of the office. Can you hook us back up to our A/D server via the Internet?

IP Addresses: 68.5.159.254 - Mike Spohn 96.255.48.178 - Phil Wallisch

Thanks,

MGS

---

Original Message --------

• Subject: *

Access to HBGary Active Defense server

• Date: *

Fri, 20 Aug 2010 08:10:06 -0700

• From: *

Michael G. Spohn <mike@hbgary.com> <mike@hbgary.com>

• To: *

Paul Hart <phart@cyveillance.com> <phart@cyveillance.com>, Matthew Anglin <matthew.anglin@qinetiq-na.com> <matthew.anglin@qinetiq-na.com>, Penny Leavy-Hoglund <penny@hbgary.com> <penny@hbgary.com>, Phil Wallisch <phil@hbgary.com> <phil@hbgary.com>, Rich Cummings <rich@hbgary.com><rich@hbgary.com>

Paul,

We have been asked to do more analysis on the Active Defense server by Matt Anglin. Can you please provide access to the following IP addresses?

68.5.159.254 - Mike Spohn 96.255.48.178 - Phil Wallisch

Matt, as soon as we get access, we will start the additional tasks.

MGS

-- Michael G. Spohn | Director – Security Services | HBGary, Inc. Office 916-459-4727 x124 | Mobile 949-370-7769 | Fax 916-481-1460 mike@hbgary.com | www.hbgary.com