Intelware: A Tricky Business

March 25, 2019

Short honk: I read “A New Age of Warfare”. The write up names specific companies like the NSO Group and DarkMatter. People are identified as well. Most coverage of intelligence software and systems is conducted in trade publications and at specialized conferences. The NYT may be sending a not-so-subtle alert that it wants to dig into software, systems, and business practices of highly specialized products and services. My hunch is that some companies and people will be eager to assist the NYT. Others may take a  different approach. Worth monitoring how the Gray Lady moves forward. Unforeseen consequences ahead? Absolutely.

Stephen E Arnold, March 25, 2019

DarkCyber for January 1, 2019, Now Available

January 1, 2019

DarkCyber for January 1, 2019, is now available at and on Vimeo at The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web and lesser known Internet services.

This week’s story line up includes… novelty currency and email collection services… Primer, a next-generation investigative tool with NLG… and homemade explosive device constituents become a regulators’ focal point.

First, there is confusion between novelty currency (a banknote worth one million dollars) and counterfeit currency. seems to offer counterfeit bills one can use as a legal banknote. DarkCyber points out that the Surface Web service is an odd combination of useful information about how government’s protect their banknotes and a too-good-to-be-true offer of counterfeit currency. DarkCyber urges cautions. The Web site may be an online service designed to gather the email addresses and other information of unsuspecting, online users.

Second, DarkCyber profiles a company which has deployed smart software which uses NLG or natural language generation. Primer’s technology processes large volumes of information collected in an investigation, identifies the key entities in the content, and produces a report automatically. The company has clients in law enforcement, intelligence, and financial services. DarkCyber highlights the important innovations the company has revealed in its patents for its intellectual property.

The final story reports that homemade explosive devices can be created with easy-to-get chemicals and compounds. In 2019, more stringent controls may be placed on certain materials; for example, concentratged forms of hydrogen peroxide and sulfuric acid. An individual with some training in chemistry can assemble explosive devices, some of which can generate about 80 percent of the force of commercial TNT.

Kenny Toth, January 1, 2019

Thomson Reuters on a Privacy International Beat

November 26, 2018

I know that commercial database publishers can be profitable operations. But in order to keep pace with erosion of some traditional revenue streams, some professional publishers have been working to generate new databases which can be licensed to certain government agencies. In most cases, a researcher or librarian will not have these electronic files in their toolkit.

Privacy International published “Who Supplies the Data, Analysis, and Tech Infrastructure to US Immigration Authorities?” The report is available without charge, but I suggest that you download it promptly. Certain reports about some topics can go offline without notice.

I don’t want to dig through the references to references to Palantir. The information about that company is not particularly fresh. However, Privacy International has gathered some useful examples of Thomson Reuters’ products and services to law enforcement and other government agencies.

Privacy International seems unaware that many LE and intel entities routinely outsource work to third part, license a wide range of numeric and factual data, and tap into the talent pools at third party firms.

The Privacy International report does not provide much information about Thomson Reuters’ use of the Palantir technology. That might be an interesting topic for some young researcher to explore. We will do a short item about some of the Privacy International information in the DarkCyber for December 11, 2018.

Stephen E Arnold, November 26, 2018

Applique Logic: Alex Jones and Turbo Charging Magnetism

August 9, 2018

I am not sure I have read an Alex Jones’ essay or watched an Alex Jones’ video. In fact, he was one of the individuals of whom I was aware, but he was not on my knowledge radar. Now he is difficult to ignore.

Today’s New York Times corrected my knowledge gap. I noted in my dead tree edition today (August 9, 2018) these stories:

  • Facebook’s Worst Demons Have Come Home to Roost, page B1
  • Infowars App Is Trending As Platforms Ban Content, B6
  • The Internet Trolls Have Won. Get Used to It, B7

I want to mention “Rules Won’t Save Twitter. Values Will” at this online location.

From my vantage point in rural Kentucky, each of the writes up contributes to the logic quilt for censoring the real Alex Jones.

Taken together, the information in the write ups provide a helpful example of what I call “appliqué logic.”

Applique means, according to Google which helpfully points to Wikipedia, another information source which may be questionable to some, is:

Appliqué is ornamental needlework in which pieces of fabric in different shapes and patterns are sewn or stuck onto a larger piece to form a picture or pattern. It it commonly used as decoration, especially on garments. The technique is accomplished either by hand or machine. Appliqué is commonly practiced with textiles, but the term may be applied to similar techniques used on different materials.

Applique logic is reasoning stuck on to something else. In this case, the “something else” are the online monopolies which control access to certain types of information.

The logic is that the monopolies are technology, which is assumed to be neutral. I won’t drag you through my Eagleton Award lecture from a quarter century ago to remind you that the assumption may not be correct.

The way to fix challenges like “Alex Jones” is to stick a solution on the monopoly. This is similar to customizing a vehicle like this one:

Image result for outrageous automobiles

Notice how the school bus (a mundane vehicle) has been enhanced with what are appliqués. The result does not change the functioning of the school bus, but it now has some sizzle. I suppose the appliqué logician could write a paper and submit the essay to an open access publisher to explain the needed improvements the horns add.

With the oddly synchronized actions against the Alex Jones content, we have the equivalent of a group of automobile customizers finding ways to “enhance” their system.

The result is to convert what no one notices into something that would make a Silicon Valley PR person delighted to promote. I assume that a presentation at a zippy new conference would be easy for the appliqué team to book.

The apparent censorship of Alex Jones is now drawing a crowd. Here I am in Harrods Creek writing about a person to whom I previously directed zero attention. The New York Times coverage is doing a better job than I could with a single write up in a personal blog. In the land of “free speech” the Alex Jones affair may become an Amazon Prime or Netflix original program. Maybe a movie is in the works?

Back to appliqué logic. When it comes to digital content, sticking on a solution may not have the desired outcome. The sticker wants one thing. The stickee is motivated to solve the problem; for example, the earthquake watcher Dutch Sinse has jumped from YouTube to Twitch to avoid censorship. He offered an explanation about this action and referenced the Washington Post. I don’t follow Dutch Sinse so I don’t know what he is referencing, and I don’t care to be honest.

But the more interesting outcome of these Alex Jones related actions is that the appliqué logic has to embrace the “stickoids.” These are the people who now have a rallying point. My hunch is that whatever information Alex Jones provides, he is in a position to ride a pretty frisky pony at least for a a moment in Internet time.

Why won’t appliqué logic work when trying to address the challenges companies like Facebook, Google, et al face?

  1. Stick ons increase complexity. Complexity creates security issues which, until it is too late, remain unknown
  2. Alex Jones type actions rally the troops. I am not a troop, but here I am writing about this individual. Imagine the motivation for those who care about Mr. Jones’ messages
  3. Opportunities for misinformation, disinformation, and reformation multiply. In short, the filtering and other appliqué solutions will increase computational cost, legal costs, and administrative costs. Facebook and Google type companies are not keen on increased costs in my opinion.
  4. Alex Jones type actions attack legal eagles.

What’s the fix? There is a spectrum of options available. On one end, believe that the experts running the monopolies will do the right thing. Hope is useful, maybe even in this case. At the other end, the Putin approach may be needed. Censorship, fines, jail time, and more extreme measures if the online systems don’t snap a crisp salute.

Applique solutions are what’s available. I await the final creation. I assume there will be something more eye catching than green paint, white flame decoration, and (I don’t want to forget) the big green horns.

For Alex Jones, censorship may have turbocharged his messaging capability. What can one stick on him now? What will the stickoids do? Protest marches, Dark Web collections of his content, encrypted chat among fans?

I know one thing: Pundits and real journalists will come up with more appliqué fixes. Easy, fast, and cheap. Reasoning from the aisles of Hobby Lobby or Michael’s is better than other types of analytic thought.

Stephen E Arnold, August 9, 2018

DarkCyber for August 7, 2018, Now Available

August 7, 2018

This week’s DarkCyber video news program is now available at and on Vimeo at .

DarkCyber covers news related to the Dark Web and lesser known Internet services. The program is produced and hosted by Stephen E Arnold, author of CyberOSINT and the Dark Web Notebook.

This week’s program includes four stories.

The first story reviews how hardware devices can be used by an individual to compromise an organization’s computers, servers, and network. The video illustrates how a normally appearing wristwatch can transfer malware to a computer or server. The video also explains how cufflinks which are housing for men’s cufflinks can evade a physical security inspection. The object is to make clear that an insider with physical access to computing devices can compromise those devices in a matter of minutes. Stephen E Arnold said: “Anyone with access to a computer within an organization can easily create havoc on existing systems. Security guards usually overlook watches and jewelry which contain storage devices, programs, and capabilities which can penetrate cyber barriers. These direct access attacks like the Evil Maid method are a threat because interns, temporary workers, and compromised employees have the opportunity and means to perform malicious actions.”

The second report summarizes findings about successful email phishing attacks. These are seemingly innocuous and legitimate emails which are conduits for malware. The most effective phishing scams reference Amazon deliveries and requests for information from what appear to be legitimate sources like Facebook.

The third story provides an overview of the Zotero research assistant software. The software keeps track of information discovered on the Internet and performs a number of functions for a researcher, an analyst, or an investigator. The Zotero tool allows the user to maintain an archive of data and generate reports which can be submitted to a colleague or a legal team. The software is available without charge, and DarkCyber provides a link for downloading the program.

The final story revisits the mythical idea that a person can hire an assassin on the Dark Web. A physician in England tried to arrange the death of his financial adviser. The doctor suffered cold feet, but police arrested him for malicious email. The Chechen mob did not get the doctor’s bitcoin nor the opportunity to terminate a financial wizard.

Kenny Toth, August 7, 2018

Fake News: Maybe Deadly

July 25, 2018

Politics aside for a moment, a disturbing new trend is becoming more obvious thanks to social media and fake news. Human lives are being lost thanks to false news stories being circulated and it might just be the one arena in which everyone can agree there is a problem. This first came to our attention via an NBC News story, “Social Media Rumors Trigger Violence in India; 3 Killed by Mobs.”

According to the story:

“Mobs of villagers killed at least three people and attacked several others after social media messages warned that gangs of kidnappers were roaming southern India in search of children, police said ….Authorities said there was no indication that such gangs actually existed.”

This scourge of fake news leading to real world consequences has led to the government stepping in and perhaps becoming an incubator for other nations going forward. The Indian Government has reached out to WhatsApp and demanded that they begin filtering out fake news stories. Google and Facebook have already begun attempting to police themselves. If the Indian government’s move to take control over fake news proves successful, censorship dominoes are falling in many different nation states. In the July 31, 2018, DarkCyber video we report about recent developments and Kazakhstan. The video will be available on the 31st at

Patrick Roland, July 25, 2018

Dark Web and Identity

July 24, 2018

Many in the media are making the Dark Web out to be a boogie man who will steal your identity and ruin your life. While that is possible, a greater threat lurks out there on the regular everyday Web that we all use. A fascinating recent study discovered that we are extremely vulnerable to anyone looking for our personal data. We learned just how vulnerable in a recent Which? story, “How The Internet Reveals Your Personal Data Secrets.”

According to the story, when 14 hackers were paid to do a test run and look for dirt on everyday citizens:

“None of the personal data sources we found were on the ‘dark web’ – a phrase that describes websites accessible only by a specialist browser geared up for anonymity. We were able to discover passwords and password hints, email and postal addresses, dates of birth, phone numbers, middle names and even signatures. There was also a wealth of ‘softer’ information revealing people’s interests, hobbies, religion and political preferences.”

If that isn’t enough to scare you, consider that the place where we are supposed to feel the most safe, is actually a hotbed of identity theft. According to US News and World Report, your doctor’s medical files on you is an ID thief’s dream come true.

Patrick Roland, July 24, 2018

DarkCyber, May 29, 2018, Now Available

May 29, 2018

Stephen E Arnold’s DarkCyber video news program for Tuesday, May 29, 2018, is now available.

This week’s story line up is:

  • The “personality” of a good Web hacker
  • Why lists are replacing free Dark Web search services
  • Where to find a directory of OSINT software
  • A new Dark Web index from a commercial vendor.

You can find this week’s program at either or on Vimeo at

On June 5, 2018, Stephen will be giving two lectures at the Telestrategies ISS conference in Prague. The audiences will consist of intelligence, law enforcement, and security professionals from Europe. A handful of attendees from other countries will be among the attendees.

On Tuesday, June 5, 2018, Stephen will reveal one finding from our analysis of Amazon’s law enforcement, war fighting, and intelligence services initiative.

Because his books have been reused (in several cases without permission) by other analysts, the information about Amazon is available via online or in person presentations.

The DarkCyber team has prepared short video highlighting one research finding. He will include some of the DarkCyber research information in his Prague lectures.

The Amazon-centric video will be available on Tuesday, June 5, 2018. After viewing the video, if you want the details of his for fee lecture, write him at darkcyber333@yandex dot com. Please, put “Amazon” in the subject line.

Several on the DarkCyber team believe that most people will dismiss Stephen’s analysis of Amazon. The reason is that people buy T shirts, books, and videos from the company. However, the DarkCyber research team has identified facts which suggest a major new revenue play from the one time bookseller.

Just as Stephen’s analyses of Google in 2006 altered how some Wall Street professionals viewed Google, his work on Amazon is equally significant. Remember those rumors about Alexa recording what it “hears”? Now think of Amazon’s services/products as pieces in a mosaic.

The picture is fascinating and it has significant financial implications as well.

Enjoy today’s program at this link.

Kenny Toth, May 29, 2018

DarkCyber for May 1, 2018, Now Available

May 1, 2018

DarkCyber is a weekly video news program which covers important Dark Web stories and information about less well known Internet services. Produced by Stephen E Arnold, publisher of the Beyond Search blog, DarkCyber is available at and streaming on Vimeo at  .

Russia has blocked Telegram, the popular messaging app which had an estimated nine million users in Russia. DarkCyber explains that Russian government officials must now use decades old technology for their text messages. One consequence of the Russian blocking of Telegram is that service to Amazon and Google was interrupted. DarkCyber provides a workaround that Russian users may want to consider adopting to respond to the stepped up censorship in Russia.

A new report from a unit of the GHCQ (Britain’s equivalent of the US National Security Agency) provides a thorough run down of cyber crime activity in England. DarkCyber highlights how a person can download a free copy of this important report. Plus, DarkCyber describes a case example of Crime as a Service highlighted in the study. The particular CaaS involves an individual providing malware programmers a way to verify that their code could elude some detection systems. Plus, DarkCyber reveals how the bad actor provided his paying customers with free customer support.

DarkCyber provides basic information explaining how a person can set up a Dark Web server. The procedure is straightforward but may be too complex or cumbersome for some users who want to take advantage of Tor’s anonymity features. DarkCyber provides an easy solution which can get a Dark Web site online in a matter of minutes and costs pennies a day.

The final story reiterates a theme based on a person’s assumption that the Dark Web is anonymous. For an individual who believed that Ecstasy purchases with payment via Bitcoin were invisible to law enforcement, the Dark Web is not as Dark as she assumed. Australian and UK authorities arrested the person who assumed incorrectly that Tor was 100 percent anonymous.

We have also updated Stephen’s brief biography. We have reproduced it below:

Stephen E Arnold is the author of “Dark Web Notebook” and “CyberOSINT: Next Generation Information Access.” This book describes some of the technologies used by GSR and Cambridge Analytica to acquire and analyze Facebook user data. He has been named as a technology adviser to the UK based Judicial Commission of Inquiry into Human Trafficking and Child Sex Abuse.” Mr. Arnold also lectures to law enforcement and intelligence professionals attending the Telestrategies ISS conferences in Prague, At that conference, he will describe a major vendor’s virtually-unknown digital currency deanonymizing service. In addition, Mr. Arnold will appear at the Washington, DC, and Panama City, Panama, Telestrategies ISS events. In recent months, he has shared his research with law enforcement and intelligence professionals in the US and Europe. His most recent lectures focus on deanonymizing chat and digital currency transactions. One hour and full day programs are available via webinars and on-site presentations. He publishes the free Web log “Beyond Search,” which is available at .

DarkCyber is available at this link. (The splash page for the video contains a nod to May Day celebrations in a certain country.) We are working on a special DarkCyber about Amazon’s “intel play” which will be released coincident with his lectures at the Telestrategies ISS conference in Prague during the first week of June.

Kenny Toth, May 1, 2018

Amazon: Why Support Blockchain? To Chase IBM? Wrong.

April 30, 2018

In June 2018, I will describe Amazon’s lynch pin approach to intelligence analysis. The “play” has been ignored or overlooked by those who monitor the next generation information access market. At the Telestrategies ISS conference, I will report the DarkCyber and Beyond Search analysts’ assessment of this important Amazon service. The audience for the Telestrategies ISS programs are law enforcement and intelligence professionals. We have developed a for fee webinar which provides details of the Amazon “swing for the fences” approach to a number of intelligence-related services. Personally I was surprised by the audaciousness of the Amazon approach.

In this context, I noted a report in “Amazon’s New Blockchain Service Could Hurt IBM” which misses the main point of the Amazon “invention.” Yes, there is a patent as well as publicly accessible data about this data management play.

The write up explains that Amazon is offering BaaS or Blockchain as a Service. The spin in the write up is the threat which Amazon poses to IBM. From my analysts’ viewpoint, this is just a tiny piece of a much larger story.

What if Amazon is interested in a far larger market than one envisioned by IBM with its arm waving?

Assessing Amazon’s “invention” on the basis of this type of data might be misleading:

Amazon’s decision to launch both the Ethereum and Hyperledger Fabric services means that it wants to straddle the public and private cloud markets with its blockchain services. IBM has a firm grasp of the private on-premise cloud market, but AWS has been gaining ground with Virtual Private Cloud (VPC) services, which isolate sections of AWS’ public cloud for private use. The CIA, for example, already uses a “secret region” of AWS to host its classified data. Therefore, deploying Fabric on AWS’ VPCs could counter IBM’s deployment of Fabric on its on-premise private clouds.

Hmm. Quite a mishmash of assertions and services.

For a different point of view, catch my sessions at the Prague Telestrategies ISS program in Prague. If you want the information now, write benkent2020 at and request information about our online webinar. Coincident with my presentation, my team will release a story in Beyond Search, and we will post a brief video highlighting some of the main points of my presentation.

Oh, with regard to IBM, that company hired an Amazon executive to help IBM catch up. That’s more than worry. That’s reaction to a system which has been under construction since 2011. With a seven year head start, big time vendors involved, and contracts in negotiation, IBM has to do more than poach a manager.

Amazon sells books, right?

Stephen E Arnold, April 30, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta