DarkCyber for December 14, 2021, Now Available
December 14, 2021
The December 14, 2021, Dark Cyber video news program is now available on the Beyond Search Web log and YouTube at this link.
Program number 25 for 2021 includes five stories.
The first is that a list of companies engaged in surveillance technology and specialized software for law enforcement and intelligence professionals is available without charge. The list is not comprehensive, but it is one of the first open source documents which identifies companies operating “off the radar” of many analysts, law enforcement professionals, private detectives, and would-be investigative journalists.
The second story adds another chapter to the chronicle of missteps by a company doing business as NSO Group. The Israel company develops and licenses specialized software to government agencies. However, the use of that software has become problematic. This edition of Dark Cyber reports about the alleged use of the Pegasus mobile phone data collection system to obtain information from US diplomats’ mobile devices. The consequences of MBA thinking have roiled the specialized services market worldwide.
The third story extracts pricing information made public by the Brennan Center. The documents obtained via a FOIA request to California were prepared by the Los Angeles Police Department. Although redacted, the documents contained what appears to be trade secret pricing information about the Voyager Labs’ surveillance data analytics system marketed worldwide. The Dark Cyber story reveals how to download the document
collection and additional details about a very low profile company’s technology and methods.
The fourth story describes new digital cameras which are the size of a grain of salt. Dark Cyber then reveals that
a small roll up drone has been developed. The form factor is similar to a seed which spins as it floats to the
ground. Combining the miniature cameras with the seed-like phone factor creates opportunities for a new approach to video surveillance.
The final story announces a new Dark Cyber service. The weekly Instagram post will provide specific information about Web sites now used by law enforcement, analysts, and intelligence professionals to gather data about persons of interests, the social media activities, their location, and other high-value facts. The new service goes live in January 2022.
Dark Cyber is produced by Stephen E Arnold, who publishes the Web log called Beyond Search and available at this link.
Kenny Toth, December 14, 2021
NSO Group: How about That Debt?
December 14, 2021
The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article, and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:
the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.
First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:
Point 1. What was secret is now open and easily available information.
Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.
Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.
There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.
Point 3. Too few customers to go around.
There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.
What’s next?
Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.
Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.
More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.
Stephen E Arnold, December 14, 2021
AI-Powered Alternative to Polygraph Emerging out of Israel
December 6, 2021
Will AI eventually replace the polygraph in discerning truth from falsehood? The Times of Israel suggests we may be heading that direction in, “Liar, Liar! ‘Reading’ Faces, Israeli Tech Spots Fibbers with 73% Accuracy.” The emerging technology is the project of a team at Tel Aviv University. Writer Nathan Jeffay reports:
“Israeli scientists say they have found a way to ‘read’ minuscule movements in the face in order to spot fibbers, and have done so with 73 percent accuracy. With highly sensitive electrodes placed to detect the smallest of movements by facial muscles, the researchers got their subjects to either speak truthfully or lie. They fed details on the patterns of those facial movements into an artificial intelligence tool, and taught it to determine whether other people are lying or telling the truth. Now, they are aiming to teach the AI tool to analyze face movements without electrodes. Instead, they want to develop the tech to follow faces in order to determine truthfulness via cameras — which could enable them to spot a liar from dozens of meters away.”
A 73% accuracy rate would leave a lot of room for false accusations. It is considerably smaller than the estimated 87% accuracy rate of polygraph tests (a figure that is itself contested). Researchers promise, however, accuracy will improve as development continues. The approach, we’re told, has a significant advantage over polygraphs, which some subjects can fool by regulating their heart rate, blood pressure, and breathing. Regarding the examination of facial muscles instead, researcher Kino Levy states:
“We knew before now that facial expressions that are manifested by contractions in face muscles represent various emotions. … But up until now when people tried to identify these small movements in face muscles, we can’t do—our brains and our perception aren’t fast or sophisticated enough to pick up these tiny movements in the face. Many studies have shown that it’s almost impossible for us to tell when someone is lying to us. Even experts, such as police interrogators, do only a little better than the rest of us.”
This specially tailored AI, however, can accurately interpret these movements; 73% of the time, anyway. Levy insists his team’s technology will be a game changer. Once they have been able to improve accuracy, of course.
And here’s a question for Israeli companies with specialized software, “Are your systems used to hack American elected officials?”
Cynthia Murrell, December 6, 2021
Amazon: Lobbying Is a Component of the Model Of Course
November 23, 2021
Small news item from the trusted source Thomson Reuters. The title of the item is “Amazon Wages Secret War on Americans’ Privacy, Documents Show.” What’s interesting is that the trusted outfit has tapped into Amazon “internal documents.” These content objects reveal to the intrepid trusted real news folks that
“Amazon.com has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.”
In my lectures about this online bookstore I described some of Amazon’s public documents about its data wrangling, data stores, and data analytics capabilities. Sure, my lectures were directed at law enforcement and intelligence professionals.
How can an old person like myself using open source intelligence capture the scope, capabilities, and functionality of Amazon’s capabilities without resorting to the use of company confidential information.
If a person were to reveal company confidential information about Thomson Reuters or any of its subsidiaries, how might the Thomson Reuters “trust” brigade react to this situation?
I am no cheerleader for Amazon. I have been critical of leakers, including the cutesy Edward Snowden person.
Lobbying is an established component of many business organizations processes. Let’s think about big pharma, shall we? No, let’s not. What about those Beltway Bandits? No, let’s not.
“Trust” is an interesting concept, and I am disappointed that sensationalism and confidential information is what helps define “trust.”
Yep, real journalism. Why not rely more on open source information and good old fashioned analysis, interviews, and research? Is “too good to pass up” a factor? Blocking and tackling, right?
Stephen E Arnold, November 23, 2021
Gmail: Is It a Go To Platform for Bad Actors?
November 22, 2021
“91% of All Bait Attacks Conducted over Gmail” is a report. Like many other cyber security related studies, the information is shaped to send a shiver of fear through the reader. Now is the assertion “all” accurate? Categorical affirmatives appear to make the writer appear confident in the data presented. The phrase “bait attack” sounds like insider speak. What’s the write up present? Here’s a passage I found interesting:
Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.
Where are the findings; specifically, the information about “bait attacks”?
The answer is, “Not in the article.” The write up points the reader to a link for a study conducted by Barracuda. If you want to read that report in its marketing home, navigate here. Then accept cookies. You will see that the examples are indeed email. The connection to Google is that the service is popular. It makes sense that bad actors would use a large email system as a convenient method of reaching individuals, obtaining information about valid and invalid email accounts, and other sorts of mischief.
What’s the fix? Put the onus on Goggle? Nah. Buy a Barracuda product? But if the cyber defense system worked, wouldn’t the method become less effective. Organizations would license the solution in droves. Has that happened?
Well, the attacks are widespread, according to the research. Google apparently is not able to manage the messages. The user remains an unwitting target.
So what’s the fix?
My thought is that Gmail accounts have to be verified. Cyber security companies should publish reports that reveal significant payoffs from their methods. Users should be smarter, more willing to keep their email address under wraps, and better at security.
Right now, none of these actions and attitudes are happening. What is happening is content marketing and jargon.
Some companies are quite good at talk. Cyber security solutions? That’s another story. I love that “all” approach too.
Stephen E Arnold, November 22, 20201
An Example of Modern Moral Responsibility Avoidance
November 22, 2021
Virtual Private Networks (VPNs) are supposed to be one of the Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:
“Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”
Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:
“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”
Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.
And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.
Cynthia Murrell November 22, 2021
Heads Up, Dark Overlord: Annoying the FBI May Not Be a Great Idea
November 19, 2021
Well this is embarrassing. The New York Post reports, “FBI Server Hacked, Spam Emails Sent to Over 100,000 People.” Writer Patrick Reilly tells us:
“The FBI’s email server was apparently hacked on Friday night to send threatening spam emails to over 100,000 people, the agency said. Authorities have not determined the sender or motive behind the rambling, incoherent emails, filled with technological nonsense. The emails warned receivers that their information may be under attack by Vinny Troia, famous hacker and owner of cybersecurity company Night Lion Security, in connection with notorious cybersecurity group TheDarkOverlord. The FBI confirmed the incident on Saturday, but said the hacked systems were ‘taken offline quickly,’ after it had been reported. ‘The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,’ the agency said in a statement. ‘This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity ic3.gov or cisa.gov.’”
First reported by European nonprofit the Spamhaus Project, the emails came from an FBI server. Readers may recall TheDarkOverlord stole Netflix videos in 2017 and released them online as torrents after the streaming platform refused to pay the ransom. A year before that, the same outfit stole patient information (though, thankfully, not medical records) from three medical databases. Those groups also refused to give in to demands, so the hacker(s) sold the data from hundreds of thousands of patients on the Dark Web. If this attack is indeed the work of TheDarkOverlord, we wonder what the outfit expects will happen when annoying a quite capable entity. I have an anecdote for my lectures. That’s a plus for me.
Cynthia Murrell November 19, 2021
About Microsoft Exchange Security?
November 12, 2021
I spotted “Microsoft urges Exchange Admins to Patch Their On-Prem Servers Now.” I like the “now.” I interpret this suggestion to mean, “Well, our much hyped security enhancements… are sort of not enough.”
The write up asserts:
[“November 2021 Exchange Server Security Updates” goes on to add that the bug only impacts on-premise Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode.
With Microsoft telemetry, smart updates, and remote access controls to Microsoft systems — why are licensees hanging in the digital wind?
Net net: This type of “bulletin” is catnip to bad actors. Perhaps it is too expensive to do more than issue PR about security.
Stephen E Arnold, November 12, 2021
Who Remembers Palantir or Anduril? Maybe Peter Thiel?
November 4, 2021
Despite sci-fi stoked fears about artificial general intelligences (AGI) taking over the world, CNBC reports, “Palantir’s Peter Thiel Thinks People Should Be Concerned About Surveillance AI.” Theil, co-founder of Palantir and investor in drone-maker Anduril, is certainly in the position to know what he is talking about. The influential venture capitalist made the remarks at a recent event in Miami. Writer Sam Shead reports:
“Tech billionaire Peter Thiel believes that people should be more worried about ‘surveillance AI’ rather than artificial general intelligences, which are hypothetical AI systems with superhuman abilities. … Those that are worried about AGI aren’t actually ‘paying attention to the thing that really matters,’ Thiel said, adding that governments will use AI-powered facial recognition technology to control people. His comments come three years after Bloomberg reported that ‘Palantir knows everything about you.’ Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army. AGI, depicted in a negative light in sci-fi movies such as ‘The Terminator’ and ‘Ex Machina,’ is being pursued by companies like DeepMind, which Thiel invested in before it was acquired by Google. Depending on who you ask, the timescale for reaching AGI ranges from a few years, to a few decades, to a few hundred years, to never.”
Yes, enthusiasm for AGI has waned as folks accept that success, if attainable at all, is a long way off. Meanwhile, Thiel is now very interested in crypto currencies. For the famously libertarian mogul, that technology helps pave the way for his vision of the future: a decentralized world. That is an interesting position for a friend of law enforcement.
Cynthia Murrell, November 4, 2021
Encouragement for Bad Actors: Plenty of Targets Guaranteed
November 2, 2021
If the information in the Silicon Valley-esque business news service Venture Beat is accurate, 2022 is going to be a good year for bad actors. “Report: 55% of Execs Say That SolarWinds Hack Hasn’t Affected Software Purchases.” Now “purchase” is a misleading word. Vendors like users to subscribe, so the revenue projections are less fraught. Subscriptions can be tough to terminate, and paying that bill is like a bad habit, easy to fall into, tough to get out of.
The article states:
According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.
This statement translates to status quo-ism.
The Microsoft products are targets because Microsoft’s yummy software is widely used and is like a 1980s Toys-R-Us filled with new Teddy bears, battery powered trucks, and role-model dolls.
What’s the fix for escalating cyber attacks? Different business policies and more rigorous security procedures.
To sum up, a potentially big year for bad actors, some of whom practice their craft from prison with a contraband smartphone. The Fancy Bear types will be dancing and some of the APT kids will be wallowing in endless chocolate cake.
Digitally speaking, of course.
Stephen E Arnold, November 2, 2021