Last week, Public and Racket published the first CTIL Files, which revealed the origins of the Censorship Industrial Complex in offensive tactics developed by US and UK military contractors.
Now, a second whistleblower has come forward with Slack messages showing far greater government and military involvement in the Cyber Threat Intelligence League (CTIL) than we had previously discovered.
The CTIL Slack “disinformation” channel and the “law enforcement escalation” channel included current and former FBI employees, as well as personnel from the Michigan Cyber Command Center, the US Defense Digital Service (DDS), and at least one European government.
DDS is headquartered in the Pentagon and was founded by Secretary of Defense Ash Carter in November 2015. DDS’s website states, “The Department of Defense has a secret weapon.”
The Department of Defense told Public that it combined DDS with other agencies. “DDS merged with three other organizations to form the Chief Digital and Artificial Intelligence Office (CDAO) back in Feb 2022. CDAO is not currently involved with CTI and we do not have situational awareness on project participation which predated that merger,” a spokesperson said.
As for the CTI League, it claimed to serve an essential function, cybersecurity, protecting hospitals and healthcare systems from serious threats.
However, according to the new whistleblower, “The essential function of CTI League was largely duplicative of other free and paid threat services available to health care defenders.”
Justin Frappier, who worked for the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS), wrote on his profile, “The opinions expressed here are my own as an analyst, and not those of CISA, or the US Government unless otherwise stated.”
But Frappier put the CISA seal as his profile image and was an eager participant in the CTI League. When he first joined CTIL, he asked if the group was “consolidating a list of disinformation resources to validate.” A CTIL member replied, “Yes, we are working on that. There is a whole Disinfo gathering [and] analysis operation happening in another group connected to CTI-League, which we’re working to incorporate as a threat stream.”
Responded Frappier, “That’s awesome, I think it’s amazing to see this happening at scale, long overdue but massive effort.”
Note: we redacted the files to protect identities of individuals who did not appear to play a leadership role. (Read more: Public/Substack, 12/07/2023) (Archive)