Pentagon Cancels JEDI Computing Contract, Yields to Amazon Legal Stalling

Hatemail: Newsletter and Intel from the LaBac Hacker Collective

On Tuesday, the Pentagon cancelled its massive cloud computing contract known as JEDI (Joint Enterprise Defense Infrastructure) with Microsoft. The Pentagon also announced plans to recall the JEDI contract offering and launch a brand new multi-vendor contract in its place.

The cancelled contract – which was meant to be the first in a long-term deal that could have potentially valued up to $10 billion dollars – was also the subject of a contentious legal battle between Microsoft and Amazon Web Services (AWS), the two major companies that had been seeking the contract bid. 

Almost immediately after the initial JEDI contract was awarded to Microsoft in 2019, Amazon disputed the outcome and brought the matter to court. Amazon’s lawsuit argues that the contract bidding process had been unfairly influenced by political pressure from the Trump administration, due to bias against Amazon’s then-CEO Jeff Bezos. 

In April 2020, a report released by the Department of Defense inspector general found no evidence of White House political intervention in the contract awards process. However, the same report also noted that it could not complete its full ethical misconduct review as it received limited cooperation from White House officials during the investigation. 

The Pentagon’s decision may represent an expensive contract loss for Microsoft and a legal victory for Amazon, but (ultimately) it also represents a breakdown in military procurement of technology infrastructure meant to protect the United States. 

As we learn more about the factors that played into the Pentagon’s decision to kill the JEDI contract and start the bidding process all over again, it’s becoming clear that national security officials were increasingly concerned about Amazon’s drawn-out litigation battle. Specifically, in how the prolonged lawsuit was effectively taking a toll on national security by stalling much needed security updates that were meant to be provided by the contract. As the Verge reports:

In a statement to Congress in January, the Defense Department had suggested that a protracted dispute with Amazon could jeopardize JEDI’s future, thanks to an “urgent, unmet requirement” for cloud computing.

At this point in time, the Pentagon has signaled that JEDI can “no longer meet its [the Department of Defense] needs,” in part because the contract has been stuck in litigation since 2019.

What incredible power Amazon exacted against not only a competitor, but its own customer! Yes, Amazon, with Microsoft and Google, maintains the biggest and best in cloud computing services. But have they reached a point where the demand for such services can be molded through a toolkit of leverage and obstruction?

Tech Struggles to Contain Harassment on Their Platforms

  • [ArsTechnica] Last week, Facebook, Google, TikTok, and Twitter collectively signed a pledge to improve the safety of women on their respective online platforms. The pledge was a response to recommendations made by a Web Foundation working group of 120 experts. Critics say the commitments outlined in the pledge are too vague to be meaningful, and that it is unclear how these companies plan to implement these changes.

  • [Huffington Post] TheTexas Supreme Court recently ruled that Facebook must be held liable for the content on their platform in accordance with state law. At the heart of the ruling are several victims of cyber sexual abuse all who testifiedthat Facebook facilitated abuse and sex trafficking. Facebook maintains that federal law shields them from legal responsibility over user-posted content.

  • [Engadget] Things are kind of tense with Audacity right now. Audacity, the popular open-source free tool, dropped a new privacy policy  on July 2nd, adding updated terms that user data could be shared with regional law enforcement and a Russian-based company WSM via telemetry. Though it appears that concerns related to telemetry had previously been addressed, the terms caused uproar among many users and has since prompted the company to change the wording of its updated terms. The situation was further obfuscated by accusations that these changes resembled “possible spyware,” a claim which Audacity denies and that othermedia outlets have pushed back on as misleading. 

US, China, and Global Authorities

  • [CNN] [ABC] The FBI continues to charge insurrectionists for their breach of the Capitol building on January 6. In new indictments, agents reveal that they successfully infiltrated one far-right group’s “bible study” that acted as a touchpoint between insurrectionists who discussed surveilling the US Capitol.

  • [Reuters] An Israeli hacker was charged in the US for what prosecutors say was a “hack-for-hire” scheme. The hacker is connected to an Indian company, BellTroX InfoTech Services, which has been accused of hacking and espionage.

  • [CISA] [NCSC] [Bloomberg] US and UK intelligence agencies published an advisory warning that Russian hacking groups are using a novel, containerized technique that is proving effective at brute forcing computers around the world. Meanwhile, the FBI is implementing an active defense approach to defend against hackers “going bananas.”

  • [Bloomberg] Excellent research from Bloomberg Economics over the weekend laying out the risks of stalled Chinese growth. Add in the market-moving crackdowns on tech that are rattling the markets, and it looks like this could be a huge opportunity for Western organizations to exploit what appears to be Chinese weakness and economic risk. 

On Our Radar...

  • [The Guardian] A Chinese-owned company has purchased the United Kingdom’s largest semiconductor chip manufacturer. In the lens of the global chip supply shortage (which we’ve written about here), this recent move not only risks to amp up market protectionism, but could result in a serious national security concern.

  • [Bloomberg] [Vox] Worldcoin, a new project bySam Altman (you might know him from founding Y Combinator) and backed by Andreessen Horowitz has come under the spotlight recently. The project, conceived in 2019, intends to be technology that supports universal basic income backing it with cryptocurrency. It also relies on dystopian iris-scanning orbs to do work. Yikes.

  • [CryptoSlate] Stablecoins are meant to represent one of the safest cryptocurrency investments by offering a coin pegged to static or real tender. Popular ones, such as ‘Tether,’ attempt to tie their value directly to the US Dollar. However, like all software, cryptocurrency has a long way to go before being able to offer genuine stability. And this week, stablecoin Safedollar’s value was reduced to $0 as an exploit wreaked havoc on its underlying blockchain.

  • [NBC News] It’s getting increasingly difficult to ignore the environmental hazards of increased cryptocurrency adoption. Residents near the Finger Lakes in New York state are reporting extreme amounts of pollution near a power plant known to enable the region’s largest bitcoin mining operations.

  • [The Markup] A recently published manual for the facial recognition software Anyvision demonstrates the numerous ways in which the technology is being used to surveil everyday people.

Hate speech website: gettr[.]com

Who hosts: Amazon, Cloudflare

Today’s site is gettr[.]com. Getter is a new Trump-backed social media network that had a somewhat quiet launch this week. It has already been cited for hate speech that, because of the site’s “free speech policies,” is allowed to be openly spread on the platform.

We have observed that Gettr’s site is protected by Cloudflare, but we have observed it to previously be resolving to the IP address 143.204.245[.]95.

Summercon Hacker Conference (Fri, Jul 9, 2021, 10:00 AM – Sat, Jul 10, 2021, 7:00 PM EDT): The annual SUMMERCON conference is BACK! In-person! The New York City-based conference is not only one of the best the city has to offer, but also the oldest hacker conference in the country. LaBac spoke last year in the virtual iteration, and members will be on-site to welcome back NYC’s hacker community <3 Register now for online or in-person.

Infosec Campout 2021 (Fri, Aug 27, 3:00 PM – Sun, Aug 29, 2021, 11:00 AM PST): Infosec Campout is back again this year after a successful launch in 2019 and delayed for Covid which operates a small and safe camping / conference experience in the Pacific Northwest (and tides us over until ToorCamp returns). RV/Camping spots fill up fast, but some conference attendance only tickets remain easy to get. Link here.