A DC Think Tank Used Fake Social Media Accounts, A Bogus Expert, And Fancy Events To Reach The NSA, FBI, And White House
ICIT bills itself as "America's Cybersecurity Think Tank." But BuzzFeed News found it's running fake Twitter accounts and its top expert has questionable credentials.
Earlier this year, leaders from the Marine Corps, the Department of Homeland Security, NASA, the NSA, the White House, and the FBI gathered at a Ritz-Carlton in Virginia to discuss the latest in cybersecurity and information warfare.
The event was organized by the Institute for Critical Infrastructure Technology, a nonprofit think tank founded just a few years ago that quickly established itself as a convener of well-attended cybersecurity events, a facilitator of Capitol Hill briefings, and the beneficiary of hundreds of thousands of dollars in sponsorships from top private sector security vendors.
The day’s closing session featured James Scott, ICIT’s senior fellow and cofounder, discussing Russian cyberinfluence operations and his new book about information warfare. What audience members from intelligence and law enforcement agencies didn’t know is that Scott and ICIT have been running their own deceptive information operation.
BuzzFeed News identified a network of at least 45 fake Twitter accounts being used to amplify ICIT content and Scott’s book, as well as a group of fake YouTube accounts that upload and like ICIT videos and frequently post adoring comments about Scott on content featuring him.
Reporting by BuzzFeed News has also established that Scott, ICIT’s top expert, previously sold spammy and fake social media engagement services, has a history of manufacturing flattering articles about himself and his ventures using dubious SEO techniques, and ran companies that are magnets for online complaints about dishonest business practices. His background in information security also primarily consists of self-published books on the topic that he only began publishing in 2013.
“He’s a master of manipulating online reputation.”
James Scott is also not his real name. He is James Scott Brown, according to public records, court documents, and a person who worked with him before he reinvented himself as an information security expert.
“He’s a master of manipulating online reputation,” a person who worked with Scott years ago when he was selling himself as a high-powered corporate executive and consultant told BuzzFeed News. “He will not only create a fake identity for himself but he will also create fake credentials, articles, blog posts and reviews about himself to create a buzz and convince people that he is legit.” (The source asked not to be named out of fear of repercussions from Scott, and because they did not want their name associated with him.)
ICIT declined to comment to BuzzFeed News about whether its use of fake social media accounts and engagement is in conflict with its work to help defend the US against security breaches and information operations. It and Scott also declined to answer detailed questions about his professional background and previous ventures.
However, during a brief phone interview prior to cutting off contact, Scott falsely claimed ICIT had no connection to the Twitter accounts, and said external parties were using them to discredit ICIT and his book about information warfare.
“We’ve been set up … and they’re not Russian; we’re not sure who they are,” he told BuzzFeed News, later adding, “The important thing here is it’s being weaponized against us.”
As the conversation wore on, Scott changed his story and said the Twitter accounts were perhaps created by people trying to help ICIT.
“I think it’s some people on the alt-right that think they’re helping us. I think it’s some people on the progressive left that think they’re helping us. And I think there’s some jokers in between that are just toxic,” he said. “I don’t know, man.”
After being provided a list of the accounts, as well as detailed questions, ICIT issued a written statement to BuzzFeed News and admitted it does in fact operate the Twitter accounts in question.
“ICIT actively identifies, curates and shares cybersecurity content via social media accounts that are managed and maintained by its marketing and public affairs employees,” the statement said. “These digital educating and marketing campaigns are organized manually by ICIT employees, who manage numerous social media accounts tailored to specific issue areas and audiences in the cybersecurity field.”
The Twitter accounts use profile images taken from stock image or headshot websites and retweet, like, and post content from ICIT and Scott at the kind of high frequency associated with bots. The accounts reviewed by BuzzFeed News did not engage in replies or other types of interaction that could indicate they are run by humans. (ICIT said in its statement that the accounts are not bots, but did not offer information to substantiate this.)
During the course of reporting this story, Twitter suspended 11 of the accounts, but the company declined to comment on the reason.
Along with amplifying ICIT content and links about cybersecurity, the accounts have for months been sharing memes that combine brooding photos of Scott and quotes from him or his book about the role of memes in information warfare.
Scott often retweeted memes of himself from the fake accounts. During the phone interview, he claimed these were authentic people supporting his work.
“If I see people that have gone through the exercise of making a sincere meme that’s promoting the book — yeah I’ll hit it up,” he said.
Meanwhile, a group of fake accounts on YouTube have also been busy promoting Scott and ICIT.
“James Scott is the most important figure in cyberwar thought leadership right now. I'm completely floored by how brilliant he is. ... This man is without a doubt the most dangerous man on the planet,” reads one comment on the video of his conference session about Russian influence operations.
“It breaks my heart to see the anguish and pain in James' face. The pressure he is under, I can only imagine; Advising to the White House for the past three polar opposite administrations, CIA, MI6, NSA...the things he must know, the secrets he keeps,” wrote a commenter that included in their message a link to an Instagram account that consists entirely of James Scott memes and photos. Those memes are the same ones being shared by fake accounts on Twitter.
When Scott took the stage in front of NSA, FBI, and DHS executives at the January event, ICIT cofounder Parham Eftekhari echoed those credentials.
He said Scott has written “over 50 books” on topics related to critical infrastructure and information security, and that Scott advises the Senate Armed Services Committee, NATO, MI6, and “dozens” of Senate and congressional committees.
Scott is indeed a prolific author, but not all of his self-published books are about information security. As for the claim that he advises the Senate Armed Services Committee, an aid to the committee told BuzzFeed News they could not confirm that Scott has had any interactions with it. ICIT does, however, organize roundtables and meetings on Capitol Hill with members of Congress and their staff, according to information it provided to BuzzFeed News. (NATO and MI6 did not reply to requests for comment on Scott.)
“He doesn’t like it when I go on about him,” Eftekhari said during his intro. “But I think it’s really important for people to understand the perspective that he brings because he’s literally one of the guys that’s in there at the highest levels of the government advising on these issues.”
If that’s true, it raises serious questions about the due diligence performed by those at the highest levels of the US government in terms of who they seek advice from on the critical issues of cybersecurity and information warfare. If it’s not, it’s the latest in a long line of fabrications and exaggerations related to the life of James Scott Brown.
In October 2011, a marketing agency working with Scott produced a briefing document about him and his companies that was then sent to at least one New York PR firm. The goal was to secure a publicity firm to “assist Mr. Scott with his executive bio, PR communication strategy and image management.”
“James Scott, Founder and CEO of Belvedere Global Strategies, brings a new level of knowledge to the industry with a 12-year extensive background on global economics and corporate strategies consulting. He has experience that spans the globe and a track record for success,” reads the document.
Scott’s company, Belvedere Global Strategies, was described as a globalization and corporate strategy practice. At that point Scott had authored a self-published e-book, “Taking a Company Public.”
The brief also described him as a political strategy consultant for another company, Princeton Corporate Solutions. “Clients may not be disclosed at this time,” it said. In fact, Scott was also the CEO of that company. BuzzFeed News was unable to find evidence that anyone other than Scott was an employee of these companies.
Scott’s bio from that time, and later, also boasted that he was a “member” of prestigious think tanks such as Hudson Institute, American Enterprise Institute, Aspen Institute, Chatham House, Economic Research Council, American Institute for Economic Research, and Manhattan Institute.
Some of these organizations told BuzzFeed News they do not offer memberships and had no record of Scott.
“That’s like saying I’m a sharp shooter because I paid my NRA dues, or I’m a psychoanalyst because I read Psychology Today.”
“Thanks for bringing this to our attention. We do not have ‘members,’ and according to our records, Hudson Institute has never had an affiliation with Mr. Brown or his companies,” said Carolyn Stewart of Hudson Institute.
Of those that do offer memberships, they said any member of the public can join for a small fee, and Scott’s claim about the significance of his affiliation was exaggerated.
“That’s like saying I’m a sharp shooter because I paid my NRA dues, or I’m a psychoanalyst because I read Psychology Today,” Jonathan Sylbert, chief operating officer of the American Institute for Economic Research, told BuzzFeed News by email.
Princeton Corporate Solutions is today survived by several websites and online articles that Scott placed around the web as a way of building up content and link networks to improve the search results for his name and for the company. There was also a 2010 “interview” with Scott that appeared on a website run by a search optimization company in India.
The interviewer (“Steve”) described Scott as a man whose “every word was pronounced perfectly, his vocabulary was authoritative, his eyes didn’t blink, his posture was perfect and I have to admit, I couldn’t find a single chink in his armor.”
It concluded, “James Scott is the silent leader that enables crumbling economies to rise again and hopeless corporate organizations to thrive. Keep an eye out for him; chances are he’s turning around a company or an economy near you.”
The same article was published on another blog that also appears to exist as a way to help generate links for websites in order to improve SEO.
Unfortunately for Scott, this reputation-enhancing content was later joined by irate posts on the Ripoff Report website where people claiming to be former clients accused him of stealing their money. (Anyone can post on that website, and claims are not verified before going live.)
Along with Belvedere Global Strategies and Princeton Corporate Solutions, 2011 found Scott running a company called Shaka Inc. It traded on the loosely regulated over-the-counter pink sheets exchange. (Seen The Wolf of Wall Street? The shady boiler room operations depicted early in the film are based on selling stock in pink sheet companies.)
Shaka described itself as a “leading globalization and corporate strategies firm,” but soon it would be rebranded as RenuEn and began pitching a solar power product for homeowners. The company is no longer active and, as with other Scott ventures, its legacy consists in part of a slew of angry posts on the Ripoff Report website. (Executives who worked with Scott at RenuEn did not reply to requests for comment from BuzzFeed News.)
Along with RenuEn and Princeton Corporate Solutions, another company run by Scott that’s survived largely by complaints on Ripoff Report is a TV production outfit called Zaga Studios. Back in 2004, it pitched itself as a low-cost way to create TV ads. When he ran Zaga, Scott went by the name Jamie Brown. (The address listed in the Ripoff Report complaints for Zaga Studios is the same found in a public records report for him, as well as in domain name registrations linked to Scott/Brown.)
The client overview of Scott prepared for PR companies in 2011 made no mention of Zaga Studios or the Metro Giant, a related company he also ran. It did, however, say Scott was seeking PR representation in part because he was concerned by negative online comments about him. The brief also said there were negative stories that could be found by searching for “James Scott New World Order” and “James Scott Conspiracy Theories.”
As with the initial explanation Scott gave BuzzFeed News for the Twitter accounts promoting him and ICIT, he told his marketing agency the negative online stories were part of a coordinated campaign to discredit him.
“There is a strong belief that many of the bloggers were hired by a competing Global Economic strategist who wanted to discredit Mr. Scott’s theory,” the brief said.
BuzzFeed News obtained the client overview and related documents because they were submitted as evidence in a civil suit filed against Scott and his companies in 2012 by MASQ Marketing. The New York agency accused him of breach of contract and unjust enrichment. The suit alleged, among other things, that Scott failed to reimburse the agency for the purchase of tens of thousands of dollars worth of clothing, alcohol, cigars, and even tattoos. These were allegedly bought as part of efforts to “assist him in maintaining his corporate image.” MASQ and Scott eventually settled for a payment of just under $20,000.
Among the exhibits filed in the suit is an email sent by Scott to the owner of MASQ in the summer of 2011. In it Scott linked to a Celtic tattoo design on a website and wrote, “would love this one on my arm, to show when i wear short sleeve shirts= i am the unexpected ceo and showing the tattoo would be a surprise.” Scott added that this tattoo would align “with my new image.” (MASQ declined to comment to BuzzFeed News; Scott did not reply to a question about the lawsuit.)
In 2013, Scott self-published his first book about information security, and began writing about the topic on his now-defunct blog, writerjamesscott.com.
By then, Scott had also gone into the online marketing business with a company called SpitFire Alliance. It offered services to clients that included spamming “1,000 LinkedIn messages to targeted industry players from your account,” and doing the same via direct messages on Twitter to “industry bloggers, podcasts, journalists, and other specialists.” It also offered to send “2-5 Tweets per day to 500,000+ active followers.”
On Twitter, Scott took on the persona of @bill_nizzle. He used it to promote SpitFire services and clients. In a 2014 tweet, he suggested a tech entrepreneur contact SpitFire so it could “put you in one of their blogs” and added that the company “rep[s] #JamesScott a business writer.” That message inexplicably received more than 1,000 retweets. He also once secured himself a free pizza by manufacturing retweets for a restaurant.
@bill_nizzle told the restaurant someone named James would pick it up, adding that "If he likes it and you treat him right I'll retweet so you trend like crazy." That message received 950 retweets.
Scott also began promoting ICIT without disclosing his role at the nonprofit. In one example, Scott used the @bill_nizzle account to share and praise something he wrote for ICIT, and Eftekhari, ICIT’s cofounder, replied to echo the compliment. (Eftekhari did not reply to detailed questions from BuzzFeed News.)
At some point in 2017, Scott transitioned the @bill_nizzle handle to his current one, @artofthehak. BuzzFeed News was able to connect the two accounts because old replies to his former account name still show up on Scott’s timeline. (Twitter users are able to move to a new handle while keeping their followers and previous tweets.)
The year before Scott’s Twitter rebrand, he was paid a salary of $73,500 by ICIT as one of its two key employees, according to the organization’s 2016 tax filing, the most recent year available. That year it brought in roughly $830,000 in revenue. The majority came thanks to a fellows program it operates, which currently includes security technology and service vendors such as Centrify, McAfee, and KPMG.
As part of the sponsorship package, executives from the top donors are designated as fellows of ICIT and in some cases collaborate with Scott on the publication of research. ICIT’s fake Twitter accounts often amplify content from these partners with likes and retweets.
ICIT's website also carries an endorsement from retired Gen. Keith B. Alexander, a former head of the NSA.
To ensure independence, ICIT’s statement of values says that these private sector fellows are “not allowed to engage with policymakers without the involvement of an ICIT Sr. Fellow, all of whom are full time employees of ICIT.” The only two senior fellows are Scott and Eftekhari.
At the core of ICIT’s pitch is its ability to connect private sector vendors industry with legislators and federal agencies. Today, after just a few years of existence, ICIT is seen as credible enough to elicit on-camera endorsements from cybersecurity leaders at the Department of Homeland Security, a former federal chief information officer in the Office of the President, and the current chief information security officers of the US Air Force and FBI. Its website also carries an endorsement from retired Gen. Keith B Alexander, a former head of the NSA and commander of the US Cyber Command.
Next month ICIT will host its Annual Forum at the Mandarin Hotel in Washington. The current speakers list includes the acting chief of the NSA’s Information Assurance Directorate, the acting CIO of the Department of Commerce, as well as executives from the Federal Election Commission, and NASA. And, of course, James Scott.
During the brief phone interview before he broke off contact, BuzzFeed News asked Scott about the fact that his previous company, SpitFire Alliance, sold retweets and other questionable social media services.
“I don’t recall. I’m not sure what that is. I don’t recall any initiative called SpitFire Alliance,” he said. (Records from DomainTools show he registered the domain name in 2013.)
When asked about his use of the @bill_nizzle Twitter account, Scott said, “What is this? What are you trying to do?”
He said he needed to get off the phone and agreed to follow up by email. A few hours later, he sent a tweet to warn people about “journalists on Russian/Chinese payroll who are targeting us for exposing them in my Information Warfare book.”
Coincidentally, it was also used by a YouTube sockpuppet account in a comment it left on a video of Scott. The account, “AndJaJa Banksss,” claimed that Scott gave a talk at Yale that ended in a standing ovation from students after he told them their professors are “mind midgets who regurgitate work from the experts and try to pawn it off as their own.”
The commenter concluded, “I'd follow this man into hell if he asked me to.” ●