Google and Its Penchant for Bold Assertions
December 17, 2021
Google claimed quantum supremacy. Recently Google’s engineers studied the technology of the NSO Group and according to “A Deep Dive into an NSO Zero-Click iMessage Exploit: Remote Code Execution” found the “most technically sophisticated exploit ever seen.” The analysis is thorough and reflects considerable enthusiasm for disentangling some of the inner workings of Apple’s mobile operating system. I can almost hear the chuckles of the Google engineers as they figured out how the NSO Group compromised iPhones simply by sending the unlucky target a message packet.
Several observations:
- The NSO Group talks with other entities (people from university, a military unit, colleagues at limited attendance conference, etc.). Consequently information about methods seeps into the intelware community. This community is not quite like the Yacht Club in Manhattan, but it is similar: Traditions, friendships, bon homie, and the like.
- Intelware developers associated with other countries often gain access to specialized tools and services via connections with a nation state which is a customer of an specialized services firm, say, for argument’s sake, the NSO Group. It is probable that other entities have examined and replicated some of the NSO Group’s systems and methods. The fact that Google figured out the system and methods of this particular NSO Group service means that other groups can too. (It is possible that some at Google believe that their work is singular and not replicable. Yeah, high school science club thinking, perhaps?)
- Due to the connection between high value targets and the cachet of the Apple iPhone, figuring out how to penetrate an iPhone is a high value activity. Apple’s engineers are bright and were in their high school science clubs as well. However, engineers do not design to prevent unforeseeable flaws in their engineering innovations. This means that iPhones have flaws. When a device is the focus of attention of numerous nation states’ intelligence services, commercial enterprises in the zero day business, and companies with staff trained by military intelligence organizations — flaws will be found. My Arnold Rule for this situation is that insights will be discovered of which the original developer had no clue.
Kudos to Google for the NSO Group information. However, like quantum supremacy, the statements about the sophistication of the exploit are a bit like the claim for quantum supremacy. There are other entities in the Intel world which have capabilities which will surprise the “experts” just now discovering the world of intelware. Nice paper, very academic, but it reveals a disconnect between the world of the commercial researcher and the robust, broad intelware ecosystem.
Stephen E Arnold, December 17, 2021
How Are Those Cyber Security Strategies Working, Java Fans?
December 16, 2021
As hackers’ methods evolve, so do efforts to thwart them. The SmartData Collective describes “3 Strategies Employed by the Leading Enterprise Cybersecurity Platforms.” We wonder whether the FBI implemented these methods. If so, we think the recent hack of that agency’s systems raises some questions. That case aside, writer Matt James’ reports:
“Stephanie Benoit-Kurtz, Lead Area Faculty Chair for the University of Phoenix’s Cybersecurity Programs, offers a good summary of the changes security organizations should anticipate, especially in the time of the pandemic. ‘The threat landscape over the past 18 months has significantly changed in complexity and frequency of attacks. Long gone are the days when a lone wolf attacker was manually knocking at the door.’ To get acquainted with the ways security firms are handling the new breed of threats in cyberspace, here’s a rundown of the notable strategies the leading cybersecurity platforms and security firms are offering.”
First up is breach and attack simulation, or BAS. As the name implies, this cybersecurity platform feature tests systems for potential weaknesses. Next we learn about continuous automated red teaming (CART). Red teaming is the labor-intensive practice of having a group of white-hat hackers test one’s system for vulnerabilities. It has gotten difficult for mere humans to keep up, though, so automating the process was the logical next step. Finally, there is advanced purple teaming. This color-blending method relies on collaboration between test-attackers (red) and defense teams (blue). This seems so obvious we wonder why it was not being done all along, but apparently departmental silos are resistant to common sense. See the write-up for details on each of these approaches. James concludes:
“Many of the world’s top cybersecurity platforms and security solution providers have already embraced breach and attack simulation, continuous automated red teaming, and advanced purple teaming. These strategies in securing organizations may be relatively new, but cybersecurity professionals can vouch for their effectiveness in view of the new kinds of problems presented by cunning malicious actors in cyberspace.”
This may be true, but these measures will only work if companies, and agencies, actually put them in place. Organizations that drag their feet on security are taking a real risk. Yep, open source Java tools. No problem, right?
Cynthia Murrell, December 16, 2021
Specialized Software Vendors: Should They Remember the Domino Theory?
December 15, 2021
Lining up dominoes, knocking one down, and watching the others in a line react to what some non-nuclear types call a chain reaction is YouTube fodder. One can watch geometric growth manifested in knocked down dominoes. Click here for the revelation. We may have some domino action in the specialized software and services market. This “specialized software and services” is my code word for developers of intelware and policeware.
“US Calls for Sanctions against NSO Group and Other Spyware Firms” reports:
a group of politicians (including Senate Finance Committee chair Ron Wyden, House Intelligence Committee chair Adam Schiff and 16 other Democrats) accuses NSO and three other foreign surveillance firms of helping authoritarian governments to commit human rights abuses.
And what firms are the intended focus of this hoped for action? According to the write up, the companies are:
- Amesys (now called Nexa Technologies). This was a company which found purchase in some interesting countries bordering the Mediterranean, garnered some attention, and morphed into today’s organization.)
- DarkMatter (based in United Arab Emirates). This is an interesting outfit which has allegedly recruited in the US and possibly developed a super duper secure mobile device. The idea was to avoid surveillance. Right?
- Trovicor (based in Germany) once was allegedly a unit of Nokia Siemens Networks and is mentioned in a fiery write up called “Explosive Wikileaks Files Reveal Mass Interception of Entire Population.” That’s a grabber headline I suppose. True or false? I have zero idea but it illustrates the enthusiasm some evidence when realizing that interesting companies provide some unique services to their customers.
The reason for the hand waving is the publicity the NSO Group has inadvertently generated.
Will the knock on NSO Group have an impact on Amesys Nexa, DarkMatter, and Trovicor? Those YouTube videos may foreshadow what might happen if government officials look for the more interesting and more technologically advanced specialized software and services companies. Where can one find a list of such organizations? Perhaps the developer of the new OSINT service knows? Curious? Write darkcyber333 @ yandex dot com.
Stephen E Arnold, December 15, 2021
DarkCyber for December 14, 2021, Now Available
December 14, 2021
The December 14, 2021, Dark Cyber video news program is now available on the Beyond Search Web log and YouTube at this link.
Program number 25 for 2021 includes five stories.
The first is that a list of companies engaged in surveillance technology and specialized software for law enforcement and intelligence professionals is available without charge. The list is not comprehensive, but it is one of the first open source documents which identifies companies operating “off the radar” of many analysts, law enforcement professionals, private detectives, and would-be investigative journalists.
The second story adds another chapter to the chronicle of missteps by a company doing business as NSO Group. The Israel company develops and licenses specialized software to government agencies. However, the use of that software has become problematic. This edition of Dark Cyber reports about the alleged use of the Pegasus mobile phone data collection system to obtain information from US diplomats’ mobile devices. The consequences of MBA thinking have roiled the specialized services market worldwide.
The third story extracts pricing information made public by the Brennan Center. The documents obtained via a FOIA request to California were prepared by the Los Angeles Police Department. Although redacted, the documents contained what appears to be trade secret pricing information about the Voyager Labs’ surveillance data analytics system marketed worldwide. The Dark Cyber story reveals how to download the document
collection and additional details about a very low profile company’s technology and methods.
The fourth story describes new digital cameras which are the size of a grain of salt. Dark Cyber then reveals that
a small roll up drone has been developed. The form factor is similar to a seed which spins as it floats to the
ground. Combining the miniature cameras with the seed-like phone factor creates opportunities for a new approach to video surveillance.
The final story announces a new Dark Cyber service. The weekly Instagram post will provide specific information about Web sites now used by law enforcement, analysts, and intelligence professionals to gather data about persons of interests, the social media activities, their location, and other high-value facts. The new service goes live in January 2022.
Dark Cyber is produced by Stephen E Arnold, who publishes the Web log called Beyond Search and available at this link.
Kenny Toth, December 14, 2021
NSO Group: How about That Debt?
December 14, 2021
The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article, and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:
the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.
First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:
Point 1. What was secret is now open and easily available information.
Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.
Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.
There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.
Point 3. Too few customers to go around.
There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.
What’s next?
Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.
Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.
More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.
Stephen E Arnold, December 14, 2021
AI-Powered Alternative to Polygraph Emerging out of Israel
December 6, 2021
Will AI eventually replace the polygraph in discerning truth from falsehood? The Times of Israel suggests we may be heading that direction in, “Liar, Liar! ‘Reading’ Faces, Israeli Tech Spots Fibbers with 73% Accuracy.” The emerging technology is the project of a team at Tel Aviv University. Writer Nathan Jeffay reports:
“Israeli scientists say they have found a way to ‘read’ minuscule movements in the face in order to spot fibbers, and have done so with 73 percent accuracy. With highly sensitive electrodes placed to detect the smallest of movements by facial muscles, the researchers got their subjects to either speak truthfully or lie. They fed details on the patterns of those facial movements into an artificial intelligence tool, and taught it to determine whether other people are lying or telling the truth. Now, they are aiming to teach the AI tool to analyze face movements without electrodes. Instead, they want to develop the tech to follow faces in order to determine truthfulness via cameras — which could enable them to spot a liar from dozens of meters away.”
A 73% accuracy rate would leave a lot of room for false accusations. It is considerably smaller than the estimated 87% accuracy rate of polygraph tests (a figure that is itself contested). Researchers promise, however, accuracy will improve as development continues. The approach, we’re told, has a significant advantage over polygraphs, which some subjects can fool by regulating their heart rate, blood pressure, and breathing. Regarding the examination of facial muscles instead, researcher Kino Levy states:
“We knew before now that facial expressions that are manifested by contractions in face muscles represent various emotions. … But up until now when people tried to identify these small movements in face muscles, we can’t do—our brains and our perception aren’t fast or sophisticated enough to pick up these tiny movements in the face. Many studies have shown that it’s almost impossible for us to tell when someone is lying to us. Even experts, such as police interrogators, do only a little better than the rest of us.”
This specially tailored AI, however, can accurately interpret these movements; 73% of the time, anyway. Levy insists his team’s technology will be a game changer. Once they have been able to improve accuracy, of course.
And here’s a question for Israeli companies with specialized software, “Are your systems used to hack American elected officials?”
Cynthia Murrell, December 6, 2021
Amazon: Lobbying Is a Component of the Model Of Course
November 23, 2021
Small news item from the trusted source Thomson Reuters. The title of the item is “Amazon Wages Secret War on Americans’ Privacy, Documents Show.” What’s interesting is that the trusted outfit has tapped into Amazon “internal documents.” These content objects reveal to the intrepid trusted real news folks that
“Amazon.com has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.”
In my lectures about this online bookstore I described some of Amazon’s public documents about its data wrangling, data stores, and data analytics capabilities. Sure, my lectures were directed at law enforcement and intelligence professionals.
How can an old person like myself using open source intelligence capture the scope, capabilities, and functionality of Amazon’s capabilities without resorting to the use of company confidential information.
If a person were to reveal company confidential information about Thomson Reuters or any of its subsidiaries, how might the Thomson Reuters “trust” brigade react to this situation?
I am no cheerleader for Amazon. I have been critical of leakers, including the cutesy Edward Snowden person.
Lobbying is an established component of many business organizations processes. Let’s think about big pharma, shall we? No, let’s not. What about those Beltway Bandits? No, let’s not.
“Trust” is an interesting concept, and I am disappointed that sensationalism and confidential information is what helps define “trust.”
Yep, real journalism. Why not rely more on open source information and good old fashioned analysis, interviews, and research? Is “too good to pass up” a factor? Blocking and tackling, right?
Stephen E Arnold, November 23, 2021
Gmail: Is It a Go To Platform for Bad Actors?
November 22, 2021
“91% of All Bait Attacks Conducted over Gmail” is a report. Like many other cyber security related studies, the information is shaped to send a shiver of fear through the reader. Now is the assertion “all” accurate? Categorical affirmatives appear to make the writer appear confident in the data presented. The phrase “bait attack” sounds like insider speak. What’s the write up present? Here’s a passage I found interesting:
Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.
Where are the findings; specifically, the information about “bait attacks”?
The answer is, “Not in the article.” The write up points the reader to a link for a study conducted by Barracuda. If you want to read that report in its marketing home, navigate here. Then accept cookies. You will see that the examples are indeed email. The connection to Google is that the service is popular. It makes sense that bad actors would use a large email system as a convenient method of reaching individuals, obtaining information about valid and invalid email accounts, and other sorts of mischief.
What’s the fix? Put the onus on Goggle? Nah. Buy a Barracuda product? But if the cyber defense system worked, wouldn’t the method become less effective. Organizations would license the solution in droves. Has that happened?
Well, the attacks are widespread, according to the research. Google apparently is not able to manage the messages. The user remains an unwitting target.
So what’s the fix?
My thought is that Gmail accounts have to be verified. Cyber security companies should publish reports that reveal significant payoffs from their methods. Users should be smarter, more willing to keep their email address under wraps, and better at security.
Right now, none of these actions and attitudes are happening. What is happening is content marketing and jargon.
Some companies are quite good at talk. Cyber security solutions? That’s another story. I love that “all” approach too.
Stephen E Arnold, November 22, 20201
An Example of Modern Moral Responsibility Avoidance
November 22, 2021
Virtual Private Networks (VPNs) are supposed to be one of the Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:
“Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”
Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:
“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”
Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.
And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.
Cynthia Murrell November 22, 2021
Heads Up, Dark Overlord: Annoying the FBI May Not Be a Great Idea
November 19, 2021
Well this is embarrassing. The New York Post reports, “FBI Server Hacked, Spam Emails Sent to Over 100,000 People.” Writer Patrick Reilly tells us:
“The FBI’s email server was apparently hacked on Friday night to send threatening spam emails to over 100,000 people, the agency said. Authorities have not determined the sender or motive behind the rambling, incoherent emails, filled with technological nonsense. The emails warned receivers that their information may be under attack by Vinny Troia, famous hacker and owner of cybersecurity company Night Lion Security, in connection with notorious cybersecurity group TheDarkOverlord. The FBI confirmed the incident on Saturday, but said the hacked systems were ‘taken offline quickly,’ after it had been reported. ‘The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,’ the agency said in a statement. ‘This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity ic3.gov or cisa.gov.’”
First reported by European nonprofit the Spamhaus Project, the emails came from an FBI server. Readers may recall TheDarkOverlord stole Netflix videos in 2017 and released them online as torrents after the streaming platform refused to pay the ransom. A year before that, the same outfit stole patient information (though, thankfully, not medical records) from three medical databases. Those groups also refused to give in to demands, so the hacker(s) sold the data from hundreds of thousands of patients on the Dark Web. If this attack is indeed the work of TheDarkOverlord, we wonder what the outfit expects will happen when annoying a quite capable entity. I have an anecdote for my lectures. That’s a plus for me.
Cynthia Murrell November 19, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
