NSO: More PR Excitement, Facts, or Bloomberg Style Reporting?
July 20, 2019
I read the Financial Times’ write up about NSO Group. The title is a show stopper: “Israeli Group’s Spyware Offers Keys to Big Tech’s Cloud.” (Note: You may have to pay money to view the orange newspaper’s online “real” news write up.
There’s a diagram:
There’s a reminder that NSO is owned by an outfit called “Q Cyber.” There’s information contained in a “pitch document.” There’s a quote from Citizen Lab, a watchdog outfit on cyber intelligence firms and other interesting topics.
What’s missing?
- Information from a Q Cyber or NSO professional. A quote or two would be good.
- Statements from an entity which has used the method and obtained the desired results; for example, high value intel, a person of interest neutralized, the interruption of an industrialized crime operation, or something similar
- Scanned images of documents similar to the Palantir Gotham how to recently exposed by Vice, a zippy new news outfit.
Think about the PR problem the revelations create: NSO gets another whack on the nose.
Think about the upside: Visibility and in the Financial Times no less. (Does NSO need more visibility and semantic connections to Amazon, Apple, or any other “in the barrel” high tech outfit?)
Outfits engaged in cyber intelligence follow some unwritten rules of the road:
First, these outfits are not chatty people. Even at a classified conference where almost everyone knows everyone else, there’s not much in the way of sales tactics associated with used car dealers.
Second, documentation, particularly PowerPoints or PDFs of presentations, are not handed out like chocolate drops for booth attendees who looked semi alert during a run through of a feature or service. Why not whip out a mobile device with a camera and snap some of the slides from the presentation materials or marketing collateral? The graphic is redrawn and quite unlike the diagrams used by NSO type cyber intel outfits. Most trained intelligence professionals are not into “nifty graphics.”
Third, cyber intel companies are not into the media. There are conference organizers who snap at people who once worked as a journalist and made the mistake of telling someone that “before I joined company X, I worked at the ABC newspaper.” Hot stuff New York Times’ stringers are stopped by security guards or police before getting near the actual conference venue. Don’t believe me. Well, try to gate crash the upcoming geo spatial conference in Washington, DC, and let me know how this works out for you.
Fourth, why is NSO acting in a manner so different from the other Israel-influenced cyber intelligence firms? Is Voyager Labs leaking details of its analytic and workflow technology? What about Sixgill’s system for Dark Web content analysis? What’s Webhose.io doing with its content and expanding software suite? What’s Verint, a public company, rolling out next quarter? NSO is behaving differently, and that is an item of interest, worthy of some research, investigation, and analysis.
For the established cyber intel firms like NSO, assertions are not exactly what sells licenses or make BAE Systems, IBM, or Raytheon fear that their licensees will terminate their contracts. How many “customers” for NSO type systems are there? (If you said a couple of hundred, you are getting close to the bull’s eye.) Does publicity sell law enforcement, security, and intelligence systems? Search engine optimization specialists are loco if they think cyber intel firms want to be on the first page of a Google results page.
Consider this series of bound phrases:
Cat’s paw. Bloomberg methods. Buzzfeed and Vice envy. A desire to sell papers. Loss of experienced editors. Journalists who confuse marketing with functioning software?
These are the ideas the DarkCyber team suggested as topics an investigator could explore. Will anyone do this? Unlikely. Too arcane. Too different from what problems multiple systems operating on a global scale present for one method to work. Five Eyes’ partners struggle with WhatsApp and Telegram messages. “Everything” in Amazon or Apple? Really?
Net net: Great assertion. How about something more?
Stephen E Arnold, July 20, 2019
Snowden: Struggling for Relevance?
July 20, 2019
Notorious government information leaker, Edward Snowden recently explained how he protected himself during his treasonous acts. The Next Web shares the details in, “Edward Snowden Used Bitcoin To Buy Servers For 2013 Mass Surveillance Leak.” Snowden revealed that he relied on Bitcoin’s censorship resistance to leak information in 2013. He revealed this information at Bitcoin 2019, a conference held in San Francisco.
Snowden said he transferred the sensitive information about the National Security Agency and Five Eyes Intelligence Agency to servers paid for with Bitcoin. Snowden lauded Bitcoin’s permission less and decentralized infrastructure that allows users to exchange funds without being watched. Snowden praised Bitcoin more:
“ ‘Bitcoin is free money […] you are able to exchange and interact permissionless. And when I think about privacy, that’s what it’s all about. What does liberty mean? It’s freedom from permission, it means we live our lives in a way that we can experiment, we can engage, we can try things, we can even fail, and we don’t have to get a permission slip from the principal’s office. We are not watched, we are not recorded […] this ability to act without permission […] is the foundation of all rights. It used to be that governments could watch you […] but now all of this happens with devices that we, ourselves, pay for,” said Snowden, adding “and while we do that privacy stops being the status quo and liberty stops being the natural state of things,’ he noted.”
Snowden reiterated his support that privacy is not about needing to hide something, but more about protecting oneself. He also addressed that criminals use Bitcoin, but stated that more criminals use the US dollar. Snowden was charged in 2012 and his passport was revoked. Russia currently grants him asylum, but his residency permit will run out in 2020.
DarkCyber awaits the next Snowden announcement. Perhaps a rah rah for Facebook and Libra?
Whitney Grace, July 20, 2019
Professional Publishers, Release the Legal Eagles
July 19, 2019
Most people don’t pay any attention to professional publishing. There are some folks who live and breathe the world of academics who write, fame loving lawyers who write essays about the “law”, and bright individuals who just want to share what graduate students have discovered. There’s also wonky papers cooked up so that the “authors” can attend a conference in Las Vegas, where some dreams can become reality.
Nature published “The Plan to Mine the World’s Research Papers.” The subtitle asks the question, “A giant data store quietly being built in India could free vast swathes of science for computer analysis — but is it legal?”
The answer may be, “Sure, the project is in India, a country which has taken an interesting approach to production of name brand pharmaceuticals.”
The write up is very long: Here’s a summary.
Copy journal, technical, and professional papers. Extract the text and images. Tag the content. Make the data available for data mining.
Simple enough.
DarkCyber noted this statement in the write up:
When Nature contacted 15 publishers about the JNU data depot, the six who responded said that this was the first time they had heard of the project, and that they couldn’t comment on its legality without further information. But all six — Elsevier, BMJ, the American Chemical Society, Springer Nature, the American Association for the Advancement of Sciences and the US National Academy of Sciences — stated that researchers looking to mine their papers needed their authorization. (Springer Nature publishes this journal; Nature’s news team is editorially independent of its publisher.)
How many universities, researchers, and editors working at professional publishing companies would find a use for this information when it is free?
Enough to tip over the classy, little understood worlds of:
- Tenure track processes
- Library budgets
- Professional publishing companies themselves.
Worth watching? Yes, indeed.
Stephen E Arnold, July 19, 2019
Facebook: Soldiering On Despite Adversity
July 19, 2019
The Libra hearing was painful to watch. Not only was the information presented in a colorless manner, Facebook’s attention shifter illuminates what happens when governance and regulation take a holiday.
Anyone considering a job at a large company should take note of this resource— ZDNet reports, “Glassdoor Survey: Employees Give Top Rating to VMWare’s CEO, but Zuckerberg Plunges.” Poor Zuck; the famous Facebook CEO dove from 16th place last year to number 55 in this year’s roster of the 100 best CEOs to work for. It could be worse. Amazon’s Jeff Bezos has yet to appear on the list, which began in 2013.
Glassdoor only considers companies with more than 1,000 employees “large” for the purpose of this survey. Writer Tom Foremski reports:
“The annual ranking of the top 100 CEOs of the largest US companies is prepared by Glassdoor, which hosts reviews of companies and their management by employees. … Adobe, Microsoft, and LinkedIn CEOs joined VMware in the 2019 top 10. Overall, the tech sector has the most employee-approved CEOs with 27 in the Top 100, followed by healthcare with 12 CEOs, and manufacturing with eight CEOs. The San Francisco/Bay Area is home to 17 CEOs on the Top 100 List — with nearly all in tech. New York City has 16 CEOs on the list — none are in tech — with mostly financial services and management consulting companies.
We also noted this statement:
“Zuckerberg held the No. 1 spot on the list in 2013 and maintained a top 10 rank until 2018, dropping to No. 16. His declining popularity with employees appear to mirror his handling of high-profile problems over privacy and targeted advertising. A similar fall from grace has affected Google, which had the No. 1 CEO in 2015 with Larry Page but now sits at No. 46. Like Facebook, Google has come under considerable public criticism over the past few years.”
Three CEOs have made the list every year for the past three: Zuckerberg, Tim Cook of Apple, and Salesforce’s Marc Benioff. Only seven women appear on this year’s list; that’s actually pretty good, though, considering only five percent of CEOs at S&P 500 companies are female. Glassdoor assures us it employs an algorithm that can tell if respondents are trying to skew results, and that it punishes guilty companies accordingly. The curious can see this year’s results, and an archive of previous ones, here.
DarkCyber believes that more exposure of the company’s plans and ideas may not add sparkle to the social media firm.
Cynthia Murrell, July 19, 2019
More Encouragement for Bad Actors
July 19, 2019
If one is looking to avoid censorship or regional blocking online, the best option is really to set up a VPN. However, for those who prefer a browser-based solution, PirateBrowser may be the answer. MakeUseOf gives us “3 Shocking Reasons to Use PirateBrowser in Your Country.” Reporter Christian Cawley begins with a little background:
“First released in 2013, the PirateBrowser is a web browser issued by the Pirate Bay website. The notorious file sharing site created the browser to help members find the site after it was banned. … The PirateBrowser is a version of Mozilla Firefox with the FoxyProxy add-on. There is also Tor integration (using Vidalia), which helps to beat censorship. For example, sites blocked in countries across the European Union, Iran, and North Korea can be accessed using the Pirate Browser. Sites blocked or limited by ISPs are unblocked when viewing with the PirateBrowser.”
Pirate Bay went on to make another version, PirateSnoop, which is based on Chrome instead of Firefox. So, yes, if one wants to get around censorship or geo-blocked streaming services, these are good options. The third reason may surprise some, but makes perfect sense—getting better prices on hotels, flights, and other purchases. Cawley writes:
“Online stores of all kinds base their pricing on where you are based. With a tool like PirateBrowser, you can visit sites selling technology and other goods and get a different price. This might even be substantially lower than the price on offer in your usual browser. This is a trick that is regularly used with a VPN. Usually, booking flights and hotel stays can prove cheaper by visiting a different version of the usual site. For example, you might live in country A and book from country B to make a saving. While this option isn’t available in PirateBrowser, its ability to circumvent website detection can result in lower prices.”
The article assures us that we need not navigate to Pirate Bay to access PirateBrowser or PirateSnoop, so they are completely legal to download (see the links above). We are cautioned, though, that the browser does not render users anonymous. Websites and internet providers will be able to see what you do, which is more or less of a problem depending on which country you are in. Once again we come to the notion of setting up a VPN—it is your best bet if you need your privacy. In case readers wish to know more about that option, the article supplies this link to MakeUseOf’s list of The Best VPN Services.
Cynthia Murrell, July 19, 2019
A Partial Look: Data Discovery Service for Anyone
July 18, 2019
F-Secure has made available a Data Discovery Portal. The idea is that a curious person (not anyone on the DarkCyber team but one of our contractors will be beavering away today) can “find out what information you have given to the tech giants over the years.” Pick a social media service — for example, Apple — and this is what you see:
A curious person plugs in the Apple ID information and F-Secure obtains and displays the “data.” If one works through the services for which F-Secure offers this data discovery service, the curious user will have provided some interesting data to F-Secure.
Sound like a good idea? You can try it yourself at this F-Secure link.
F-Secure operates from Finland and was founded in 1988.
Do you trust the Finnish anti virus wizards with your user names and passwords to your social media accounts?
Are the data displayed by F-Secure comprehensive? Filtered? Accurate?
Stephen E Arnold, July 18, 2019
Intel: Chips Like a Brain
July 18, 2019
We noted “Intel Unveils Neuromorphic Computing System That Mimics the Human Brain.” The main idea is that Intel is a chip leader. Forget the security issues with some Intel processors. Forget the fabrication challenges. Forget the supply problem for certain Intel silicon.
Think “neuromophic computing.”
According to the marketing centric write up:
Intel said the Loihi chips can process information up to 1,000 times faster and 10,000 times more efficiently than traditional central processing units for specialized applications such as sparse coding, graph search and constraint-satisfaction problems.
Buzz, buzz, buzz. That’s the sound of marketing jargon zipping around.
How about this statement, offered without any charts, graphs, or benchmarks?
With the Loihi chip we’ve been able to demonstrate 109 times lower power consumption running a real-time deep learning benchmark compared to a graphics processing unit, and five times lower power consumption compared to specialized IoT inference hardware,” said Chris Eliasmith, co-chief executive officer of Applied Brain Research Inc., which is one of Intel’s research partners. “Even better, as we scale the network up by 50-times, Loihi maintains real-time performance results and uses only 30% more power, whereas the IoT hardware uses 500% more power and is no longer in real-time.”
Excited? What about the security, fab, and supply chain facets of getting neuromorphic disrupting other vendors eager to support the artificial intelligence revolution? Not in the Silicon Angle write up.
How quickly will an enterprise search vendor embrace “neuromorphic”? Proably more quickly than Intel can deliver seven nanometer nodes.
Stephen E Arnold, July 18, 2019
YouTube Videos with Zero Views
July 18, 2019
DarkCyber does a video news program. But DarkCyber does not watch videos. Some do. What about watching videos no one bothers to watch? Navigate to Astronaut.io. Just click and chill. Interesting content. So far, no DarkCyber researcher has spotted our programs. This service may be the future of search; that is, do nothing. Just watch.
Stephen E Arnold, July 18, 2019
Need a Machine Learning Algorithm?
July 17, 2019
The R-Bloggers.com Web site published “101 Machine Learning Algorithms for Data Science with Cheat Sheets.” The write up recycles information from DataScienceDojo, and some of the information looks familiar. But lists of algorithms are not original. They are useful. What sets this list apart is the inclusion of “cheat sheets.”
What’s a cheat sheet?
In this particular collection, a cheat sheet looks like this:
You can see the entry for the algorithm: Bernoulli Naive Bayes with a definition. The “cheat sheet” is a link to a python example. In this case, the example is a link to an explanation on the Chris Albon blog.
What’s interesting is that the 101 algorithms are grouped under 18 categories. Of these 18, Bayes and derivative methods total five.
No big deal, but in my lectures about widely used algorithms I highlight 10, mostly because it is a nice round number. The point is that most of the analytics vendors use the same basic algorithms. Variations among products built on these algorithms are significant.
As analytics systems become more modular — that is, like Lego blocks — it seems that the trajectory of development will be to select, preconfigure thresholds, and streamline processes in a black box.
Is this good or bad?
It depends on whether one’s black box is a dominant solution or platform?
Will users know that this almost inevitable narrowing has upsides and downsides?
Nope.
Stephen E Arnold, July 17, 2019
Is Google Aiding the Chinese Government?
July 17, 2019
DarkCyber does not know if Google is aiding the Chinese government. Axios published this story — “Peter Thiel says FBI, CIA should probe Google” — which seems to suggest that the fun loving Googlers are up to something. Here’s the segment of the write up which we circled in red:
“Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI?
“Number two, does Google’s senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?
“Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military… because they are making the sort of bad, short-term rationalistic [decision] that if the technology doesn’t go out the front door, it gets stolen out the backdoor anyway?”
These appear to be allegations wrapped in a question bundle. Who can get upset with a few questions?
One thing is certain: Google needs big, new revenue to keep the system rolling. With costs of infrastructure skyrocketing, Google has to generate revenue or face the unpleasant task of curtailing spending. Add to the mix the Bezos bulldozer; that is, the system which gets people to pay for the Amazon plumbing as the company expands its online advertising, policeware, and services businesses. Facebook — despite its self inflicted wounds — continues to push forward. Libra, the proposed digital currency for the country of Facebook, seems more innovative than Google’s new social media meet up service.
Who can answer the Peter Thiel questions? Perhaps Palantir Gotham armed with the “right” data? Will Google trip on its shoelaces?
Stephen E Arnold, July 17, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
