A Washington think tank that used fake Twitter and YouTube accounts to amplify its content, and whose cofounder has dubious credentials and a history of shady online activity, is losing key sponsors and has apologized for some of its actions in the wake of a BuzzFeed News investigation.
After being alerted to the fake accounts, Twitter initially left most of them online. It then suspended all remaining accounts Tuesday after BuzzFeed News asked about a Texas lawyer whose photo was stolen and used for a fake profile.
The Institute for Critical Infrastructure Technology said in a statement to BuzzFeed News that its cofounder, James Scott, “voluntarily decided to step away from ICIT,” and that it will hire a law firm to conduct “a review of the claims in the article against” him.
The statement sent by ICIT’s remaining cofounder, Parham Eftekhari, apologized for the use of fake Twitter accounts, and the fact that they used stolen photos from people such as a Texas lawyer, a college student, and the CEO of a cybersecurity company.
“In review, I was never personally involved with the social media activities, but as a cofounder of ICIT, I regret and apologize that this occurred and take responsibility and want to make things right,” he said.
Eftekhari also for the first time acknowledged that prior to starting ICIT he partnered with Scott on a company called SpitFire Alliance that sold a range of dubious social media marketing services such as sending “1,000 LinkedIn messages to targeted industry players from your account." Eftekhari told BuzzFeed News he was not yet involved with the company when it sold those services, but was working with Scott when SpitFire later promised to connect clients with "the most elite of the D.C. region’s international powerbase."
The pair then went on to create ICIT, which bills itself as “America’s cybersecurity think tank” and organizes events that attract leaders from the NSA, FBI, Department of Homeland Security, Federal Election Commission, and NASA. ICIT’s government connections helped it secure lucrative sponsorships from cybersecurity vendors like Centrify, McAfee, Micro Focus, Anomali, and KPMG.
Last week, BuzzFeed News revealed that Scott, ICIT’s top expert and cofounder, is actually a man named James Scott Brown who has a history of selling fake and spammy social media services and fabricating online profiles and praise for himself, and whose primary expertise in cybersecurity is a series of self-published books he only began releasing in 2013.
The investigation also showed that a network of roughly 45 Twitter accounts with stolen profile photos was used by ICIT to amplify its content and promote Scott’s e-book about information warfare. Fake accounts on YouTube also uploaded ICIT content and showered videos of Scott with comments that labeled him “the most important figure in cyberwar thought leadership” and “the most dangerous man on the planet.”
After the story was published, ICIT went into damage control: It removed the webpage that listed its top sponsors; deleted an online endorsement from retired Gen. Keith B. Alexander, the former head of the NSA and US Cyber Command; and removed Scott from the speakers page of its upcoming event. ICIT also disabled comments on its YouTube videos and removed the flattering comments about Scott that were posted by fake accounts.
BuzzFeed News has now learned that several ICIT sponsors — some of which paid to have their executives listed as ICIT “fellows” — have cut ties with the think tank.
“We have withdrawn from the conference and have no plans to work with this organization in the future,” Chris Palm, McAfee’s director of corporate communications, told BuzzFeed News. (As of this writing, ICIT still lists McAfee on its sponsors page.)
Centrify is another security vendor that worked closely with ICIT. In early April, it announced a partnership for a “Cyber Intelligence Briefing” tour of at least five cities — with Scott as the featured speaker. A BuzzFeed News reporter who did not know a story about ICIT was in progress attended the Centrify/ICIT event in San Francisco and sat near the chief security officer of Symantec.
Scott was pitched to attendees in event materials as “a senior cyber warfare and national security advisor to Congress, NATO, the intelligence community, and the Pentagon.” (ICIT organizes briefings with members of Congress and their staffs, but BuzzFeed News was unable to verify claims that Scott was an adviser to NATO, MI6, or the intelligence community.)
Centrify was also listed as a sponsor of the upcoming ICIT Annual Forum, but the company says it’s no longer working with the institute or sponsoring its events.
“Centrify participates in and sponsors hundreds of industry events each year that are produced by various vendors and organizations, including a few events that were organized by ICIT,” the company said in a statement. “Currently, we have no further planned participation at ICIT events, including the June Annual Forum.”
Two other corporate ICIT partners, Anomali and Parsons, told BuzzFeed News they no longer support the organization. A spokesperson for Micro Focus said it’s still working with ICIT, but declined to comment further. KPMG declined to comment to BuzzFeed News. As of this writing, John Kupcinski, a KPMG director of cybersecurity in Washington, is listed as an ICIT fellow and a speaker at the Annual Forum.
In response to questions from BuzzFeed News, ICIT cofounder Eftekhari said the sponsor page and the endorsement from retired Gen. Alexander were removed from its main website “to protect our Fellows, Sponsors, and Community Members from unrequested contact.” He said the ICIT Annual Forum will go ahead as planned, and declined to comment further on communications with sponsors. (Gen. Alexander did not reply to a request for comment from BuzzFeed News.)
Eftekhari, for the first time, also said ICIT is no longer using fake Twitter accounts to promote its work. He said the accounts were “managed by outside overseas social media management contractors who manually led the social media activities for these accounts.”
That appears to contradict a previous ICIT statement that said the accounts were “organized manually by ICIT employees, who manage numerous social media accounts tailored to specific issue areas and audiences in the cybersecurity field.”
Eftekhari said ICIT ended its relationship with these overseas contractors as of May 15, the day BuzzFeed News published its investigation. But the accounts have continued to share links about information security since then. (In a follow-up email, Eftekhari said the accounts continued to tweet without his knowledge.)
Though ICIT says it’s no longer using the accounts, their continued existence caused problems for people like Corinne Smith. One of the fake accounts, @cyberboat5, displays the name Amanda Hayes, but the profile photo is of Smith, a Texas lawyer. She learned that her photo was stolen and used for a fake Twitter account after publication of BuzzFeed News’ investigation.
“I reported the breach to Twitter, which I would recommend anyone do when encountering a fraudulent account,” Smith said in an email. “I also reported it to my firm’s IT system, marketing, and cybersecurity practice unit. My firm may file a copyright infringement notice.”
Another account used by ICIT features a stolen photo of a college student, while one with the handle @data_guy_ features the headshot of the CEO of Circadence, a company involved in cybersecurity. (Neither responded to requests for comment from BuzzFeed News.)
There was also an account, @middleNet_World, that used the photo of Jesse Palmer, a former NFL quarterback and The Bachelor contestant who now hosts a TV show. It was taken offline before BuzzFeed News’ investigation was published.
All the remaining fake accounts were suspended Tuesday after BuzzFeed News contacted Twitter to ask about the use of Smith’s photo. (Twitter did not suspend the accounts when first contacted about them close to two weeks ago.)
When asked about the use of stolen profile photos, Eftekhari said in his statement that “Any use of an unauthorized photo was not appropriate, and ICIT regrets any such use.”
Smith says she hopes ICIT is held accountable.
“Personally, I look at this as an opportunity to educate myself, family, friends, and colleagues about protecting personal information,” she said. “However, organizations that misuse copyrighted information should be held accountable for their actions.”
Added a sentence to note that Parham Eftekhari said he was not yet involved with SpitFire Alliance when it sold social media engagement services.