In 2008, Carr founded Project Grey Goose, a crowd-sourced open-source intelligence effort to attribute major cyber attacks. The Project soliticited the expertise of vetted volunteers, while seeking to filter out non-experts and cyber criminals. The Project's first area of research was the campaign of cyberattacks during the Russo-Georgian War.
In 2011, Carr created the Suits and Spooks conference series, which offered a private forum for intelligence veterans to meet with technologists, academics, hackers, and business executives. The forum was acquired by Wired Business Media in 2014.
He is currently founder and principal consultant at "The 20K League", a cybersecurity provider for medical and legal practices. Carr was the founder and CEO of cybersecurity firm Taia Global Ltd, which, according to Carr, failed in 2016. He was previously founder of GreyLogic. Carr has lectured on cybersecurity issues at the Defense Intelligence Agency, U.S. Army War College, Air Force Institute of Technology, NATO’s CCDCOE Conference on Cyber Conflict, and DEF CON.
Writing and research
He is the author of Inside Cyber Warfare: Mapping the Cyber Underworld (O'Reilly Media 2009, 2011), which analyzed cyber conflicts from 2002 until 2009. In Cyber Warfare, Carr argued that international cyber attacks are predominantly deployed by non-state actors, who are sometimes encouraged and tolerated by state entities. Alternately, as Carr later told the Christian Science Monitor, it is private IT infrastructure, rather than government policy, that lies at the heart of US vulnerability to international cyber attacks.
Jeffrey Carr has blogged about cyber security and warfare at Intelfusion.net (until September 1, 2010) and Forbes' The Firewall. Carr said he had quit the The Firewall in protest, after his post on Yuri Milner's relationship to the Russian FSB was taken down by Forbes at the request of Milner's lawyer.
In March 2017, Carr stated there was growing doubt in the computer security industry regarding the narrative of Russian state sponsorship of hacks associated with the 2016 US elections. Carr described that the FBI never examined the servers that were hacked at the DNC, and the DNC instead employed cybersecurity firm CrowdStrike to investigate the penetrations. According to Carr, "All the forensic work on those servers was done by CrowdStrike, and everyone else is relying on information they provided." Carr described that CrowdStrike's narrative relied on the argument that the AGENT-X malware used in the operation was exclusively possessed by the Russian government, but that in reality AGENT-X was also in the possession of Ukrainian hackers, an American cybersecurity company, and likely others.
- “The Classification of Valuable Data in an Assumption of Breach Paradigm”, Georgetown Journal of International Affairs, March 2014
- “The Misunderstood Acronym: Why Cyber Weapons aren’t WMD”, Bulletin of the Atomic Scientists, Sept 1, 2013, Vol, 69, No. 5, p. 3237
- “Intelligence Preparation of the Information and Communications Environment”, Air & Space Power Journal, 2012, Vol 24, No. 3
- Springer, Paul J. (2015-02-24). Cyber Warfare: A Reference Handbook: A Reference Handbook. ABC-CLIO. pp. 150–151. ISBN 9781610694445.
- Carr, Jeff. "Announcing Project Grey Goose - Operation Poachers". Jeff Carr Blog. Blogspot.com. Retrieved 4 March 2017.
- Sterling, Bruce. "The Project Grey Goose cyberwar report". Wired.com. Retrieved 4 March 2017.
- Flook, Kara (May 13, 2009). "Russia and the Cyber Threat". Critical Threats. Retrieved 3 March 2017.
- "SecurityWeek Acquires Suits and Spooks Security Events | SecurityWeek.Com". www.securityweek.com. Retrieved 2017-03-04.
- Carr, Jeff. "About Us". 20K League. Retrieved 4 March 2017.
- Carr, Jeffrey. "Crushing Force as a Change Agent (or The Bullshit Luxury of 10,000 Failed Attempts)". Jeffrey Carr Blog. Retrieved 18 April 2017.
- Greenberg, Andy (2010-03-03). "The Real Meaning Of Cyberwarfare". Forbes. Retrieved 2017-03-04.
- "Jeffrey Carr". O'Reilly Media. Retrieved 3 November 2016.
- Library of Congress. "Inside cyber warfare". Library of Congress. Retrieved 8 April 2012.[permanent dead link]
- Marks, Larry (4 July 2013). "Inside Cyber Warfare, Mapping the Cyber Underworld, by Carr, Jeffrey". Information Security Journal: A Global Perspective. 22 (4): 201–202. doi:10.1080/19393555.2013.828804. ISSN 1939-3555.
- Carr, Jeffrey (1 January 2009). "Inside Cyber Warfare: Mapping the Cyber Underworld". ACM Digital Library. O'Reilly Media, Inc.
- Armerding, Taylor. "Will a cyber crisis add to chaos of Trump's first 100 days?". CSO Online. Retrieved 2017-03-04.
- Forbes, http://www.forbes.com/sites/jeffreycarr/#7a516d094e71
- Shackelford, Scott J. (2014-07-10). Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. Cambridge University Press. pp. xxiv. ISBN 9781107354777.
- Reveron, Derek S. (2012-09-11). Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World. Georgetown University Press. pp. 186, 187. ISBN 1589019180.
- Fallows, James. "If You Were Going to Read Only One Thing About Cyber-Security...". The Atlantic. Retrieved 2017-03-04.
- "Interview With Cybersecurity Expert And Suits & Spooks Founder Jeffrey Carr". Publicyte | Microsoft Technet. Retrieved 2017-03-03.
- "Were the hackers who broke into the DNC's email really Russian". Miami Herald. March 24, 2017.