Cyveillance

Cyveillance was founded in 1997, and is based in Reston, Virginia, United States.

The company’s subscription-based product, the Cyveillance Intelligence Center, is a hosted solution. Companies hire Cyveillance to monitor for Internet risks such as information leaks; phishing and malware attacks and other online fraud schemes; sale of stolen credit and debit card numbers; threats to executives and events; counterfeiting; and trademark and brand abuse.

The United States Secret Service contracts Cyveillance to search available information related to the Secret Service and its missions. Information obtained through Cyveillance is incorporated into the Protective Research Information Management System PRISM (surveillance program), an existing Secret Service system.[2]

Cyveillance was bought in May 2009 by the UK firm QinetiQ for an initial cash consideration of $40 million.[3] Current management was also entitled to an additional $40 million at the anniversary of the closing dependent on hitting certain performance numbers.

In 2020, Cyveillance was acquired by ZeroFOX, a Baltimore-based Digital Risk Protection company.

Cyveillance's clients include firms from the financial services, energy, technology, retail, and pharmaceutical industries. Cyveillance provides open source internet intelligence to over 400 clients, including half of the Fortune 100.

Cyveillance was founded in 1997 by Brandy Thomas, Christopher Young, Mark Bildner, and Jason Thomas. It was originally called Online Monitoring Services but was renamed in 1998 to Cyveillance. From 1997 to 2009, Cyveillance was privately held until QinetiQ North America, a provider of information technology and engineering solutions to the U.S. government, acquired Cyveillance in May 2009.[4] In 2013 QinetiQ North America expanded the Cyveillance management team with appointment of technical and marketing executives.[5] In October of 2020, ZeroFOX acquired Cyveillance, pioneering intelligence-driven Digital Risk Protection.[6]

QinetiQ Senior Management:

• Leo Quinn, Chief Executive Officer.[7]

Cyveillance Management Team:

• Scott Kaine, President.[8]
• James Carnall, Vice President, Cyber Intelligence Division.[8]
• Doug Dangremond, Vice President, Sales.[8]
• Michael Mullen, Vice President, Security Services[8]
• Chris O'Ferrell, Chief Technical Officer.[8]
• Eric Olson, Vice President of Product Strategy.[8]
• Joan Schwartz, Vice President, Human Resources[8]
• Tempy Wright, Vice President of Marketing and Communications.[8]

Numerous websites have complained about Cyveillance's traffic for the following reasons:

1. Their robots access many pages, and thus use a comparatively large amount of bandwidth.
2. Their robots send many fake HTTP attacks which are a cover channel for deadly (accept, read, write) timeout attacks which easily disrupt Apache and IIS servers.
3. They ignore the robots.txt exclusion standard, which specifies pages that should not be accessed by robots.
4. They use a falsified user-agent string, usually pretending to be some version of Microsoft Internet Explorer on some version of Windows, which is deceptive and can throw off log analysis. (This is one way to identify the crawler, as it often lists 'Windows XP' in the user-agent. A real Windows XP system actually identifies itself as 'Windows NT 5.1'. This method should not be depended on for positive identification, however, as Cyveillance has been known to change its user-agent strings from time to time. It actually has changed it to "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)", and "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" has also been seen.) Below is a sample of an actual Apache HTTP Server log file sample showing IP address that belongs to Cyveillance, and faked User-Agent browser identification string:

38.100.21.65 - - [05/Jan/2013:17:31:19 -0500] "GET / HTTP/1.1" 200 6163 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)"
38.100.21.65 - - [05/Jan/2013:17:31:19 -0500] "GET /styles.css HTTP/1.1" 200 5092 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)"

1. The company does not always respond to cease and desist letters.
2. Because they falsify their string agent and otherwise obscure their identity, (they may also appear in weblogs as PSINet), Individuals may not be aware of the existence of Cyveillance and the data its collects and reports to the Secret Service.[2]

On 2 July 2014 Cyveillance sent a DMCA takedown notice to GitHub on behalf of Qualcomm which caused 116 files (and the repositories they were in) to be blocked on GitHub.[9] Some of the blocked repositories were owned by CyanogenMod, Sony Mobile and even one of Qualcomms own repositories leading to speculation that the notices have been automatically generated and poorly checked.[10] On 5 July 2014 Qualcomm retracted all of the takedown notices, apologized and will be reviewing all the files.[11]

• Cyveillance
• ACLU article: "Secret Service farms out its internet monitoring to a private British firm"
• Department of Homeland Security's Privacy Impact Statement on the United States Secret Service Cyber Awareness Program (Cyveillance)
• CNET article on Microsoft-Cyveillance partnership
• EWeek article on Intersections-Cyveillance partnership
• BusinessWeek corporate overview
• BusinessWeek article
• Chris Gulker - What to think about Cyveillance?
• Who Is Cyveillance And Why Should You Care?
• Cyveillance activity on Judicial corruption site
• Corporate web abuse: The worst offenders from Cyveillance to PicScout includes Cyveillance' netblocks