NSO Group: More Lumens Added to the PR Spotlight
February 1, 2020
DarkCyber noted this Thomson Reuters’ story: “FBI Probes Use of Israeli Firm’s Spyware in Personal and Government Hacks.” This is an exclusive story from “sources.” The write up reports:
The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments.
Our view is that companies purpose built to serve the needs of government agencies may find themselves struggling to break through a revenue ceiling made of Level 1 bullet resistant acrylic sheet. That may be an issue. Also, some of the specialized tools may be used for extracurricular activities which may not be monitored or authorized.
Why?
- Developing and maintaining the efficacy of special purpose software is expensive. Think in terms of more demand for certain engineers than there are engineers. Think in terms of the time required to figure out how to perform certain tasks.
- Investors have many, many choices of cyber security ventures in which to invest. The companies which have been around for several years may not provide the potential “lift” a funding source requires. (It doesn’t matter if these Borges-like dreams are possible. Dreams about big payoffs are just more interesting. Otherwise, a fund could buy stock in Verint.)
- There are a finite number of really big specialized software buyers. This means that price pressure on licensing fees exists for most of the companies.
- Numerous “me too” services are pushing down prices of specialized tools; possibly Sixgill, another firm based in Israel, with the tag line “deep, dark, and beyond.
- There are unexpected competitors; for example, some specialized tools can be located using off the grid services located via WhatsApp groups, i2p services, or the on-again, off-again Dark Web.
A changing market with more companies facing a need to make sales may push specialized software vendors to look for other sources of revenue. And there may be some enterprise customers who could be repurposing certain systems and methods. Some software may be so useful it can punch holes in that acrylic ceiling.
Net net: What is clear that change is afoot.
Stephen E Arnold, February 1, 2020
DarkCyber for January 28, 2020, Now Available
January 28, 2020
The end-of-January 2020 DarkCyber presents two stories. The first is an explanation about growing security vulnerabilities. When countries and billionaires are at risk, DarkCyber points out the obvious. The second story is a follow-up interview with Robert David Steele, former CIA professional and intelligence analyst. The topic is Amazon in India. Mr. Steele comments about the impact of Amazon on China’s door step. You can view the video on Vimeo or YouTube.
Kenny Toth, January 28, 2020
About the Bezos Mobile Matter: Who Can Speculate? Everyone
January 22, 2020
I received a couple of communications about the mobile phone allegedly operated by Jeff Bezos, a tireless worker and high profile wealthy genius. A British newspaper suggested that Mr. Bezos’s mobile was compromised. Then the ever reliable Internet began passing along the story. A few moments ago (it is now 0704 am US Eastern on January 22, 2020) I spotted “Saudi Dismisses Reports It Is Behind Hacking of Amazon Boss Bezos’ Phone.”
The write up states:
“Recent media reports that suggest the Kingdom is behind a hacking of Mr Jeff Bezos’ phone are absurd. We call for an investigation on these claims so that we can have all the facts out,” Saudi’s US embassy said in a message posted on Twitter.
First, how many countries’ intelligence agencies have access to specialized software tuned to compromise a mobile device? The correct answer is, “No one is supposed to know.” DarkCyber estimates that specialized tools are available to many countries. Some using software from Europe; others using software from the East; and others relying on basement methods. Zerodium pays for mobile exploits for a reason. Companies like NSO Group want to maintain a low profile for a reason. IBM does not talk about the CyberTap technology it acquired years ago. The list could be expanded, but you will have to attend one of my law enforcement and intelligence lectures to get more information.
Second, how easy is it to spoof one mobile for another? Not as easy as performing other interesting acts. However, there are companies providing a range of hardware and software tools to make this type of spoofing possible. If you want the names of these outfits, that information will not appear in a free blog post. But these outfits are doing business and providing certain unique services. The customers are usually governments, but friends of friends are a reality. Where can these spoofs take place? Think in terms of a coffee shop or a communications control facility.
Third, who did it? The list of possible actors is long. With Amazon’s increasing success in Bahrain, Saudi Arabia, and United Arab Emirates, there are a number of possibles. Would one of these countries attempt to access Mr. Bezos’ mobile? DarkCyber suggests having some facts before disseminating allegations. Certain types of chatter can have interesting downstream consequences; for example, Mr. Snowden’s ability to enjoy the weather in the south of France and Mr. Greenwald’s interactions with the current Brazilian authorities.
Several observations:
- The message is that mobiles are targets
- A high profile individual can be made the center of an international media magnet
- Work is needed to work backwards to determine if a compromise took place, who did it, and why?
In the meantime, there are security gaps everywhere. S3 buckets expose information. Complex systems generate vulnerabilities. Assumptions about cyber access are often wrong.
Where was Amazon’s chief technology officer? At Mr. Bezos’ side? Probably not. That individual was grilling a Facebook executive about access to personal data in Germany.
Perhaps someone is sending a message to Amazon? Who is paying attention? Probably journalists, high profile mobile phone users, and individuals with leverageable information.
Stephen E Arnold, January 22, 2020
China: Making Sales in a Booming Surveillance Market
January 22, 2020
China has an authoritarian government, so it is not surprising they are developing AI surveillance technology. What is surprising, however and yet not so much, is that China is exporting their AI surveillance technology to other countries. Japan Times reports how, “AI Surveillance Proliferating, With China Exporting Tech To Over To 60 Countries, Report Says.”
Among the countries China has sold the technology to are Venezuela, Myanmar, Iran, and Zimbabwe (all less than reputable places).
China uses facial recognition technology to monitor Muslim minorities, who have been imprisoned in concentration camps. The Carnegie Endowment for International Peace shared the news about China’s AI technology sales. The fears are that these authoritarian governments would use the technology to augment their dominance and share the data with China.
As China slowly gains more economic prominence, it is trying to encourage more countries to purchase its technology and other electronics. These include countries in Europe, Asia, and Africa. China is slowly making these countries rely on their technology:
“ ‘Chinese product pitches are often accompanied by soft loans to encourage governments to purchase their equipment,’ [the report] said. ‘This raises troubling questions about the extent to which the Chinese government is subsidizing the purchase of advanced repressive technology.’
China has come under international condemnation in the wake of an investigative report by the International Consortium of Investigative Journalists on the country’s surveillance and predictive-policing system to oppress Uighurs and send them to internment camps.”
Democratic countries are also developing AI surveillance technology, but they are not controlling how the technology is used and how it could violate laws.
China has a powerful piece of police ware technology and are already using it to violate human rights. What will China do when the technology becomes more advanced?
Whitney Grace, January 22, 2020
Crypto Currencies In Japan
January 22, 2020
As one of the most highly technological nations in the world, Japan is a prime market for crypto currencies. Japanese law enforcement officials want to keep crypto currencies on the straight and narrow, so it is no wonder that crypto analytics companies recently hired Japanese CEOs and attracted more Japanese investors. The companies in question are the top three crypto analytics companies: Elliptic, Bitfury, and Chainalysis. Medium delves into the details behind crypto currencies in Japan with the article, “Crypto Investigates Tools In Japan-A Marketplace Analysis.”
Contrary to how it used to be, Bitcoin transactions are traceable, especially with Elliptic, Bitfury, and Chainalysis. Chainalysis appointed Kenji Sugawara as head of the Japanese division. The company’s main product lines are investigating software Reactor that traces blockchains, KYT (Know Your Transaction)-automated crypto currency monitoring software, and Kryptos vets new opportunities and risks in crypto currencies.
Elliptic placed Ken Yagami as head of its Japanese outlet and the company raised $23 million in Series B funding. The funding series was to expand into the Asian market. Elliptic’s main product is Discovery, which helps banks identify and assess risks posed by crypto currencies.
Bitfury hired Katsuya Konno as head of its Japanese operations. The advertising firm Dentsu invested in a 2018 funding round. Unlike the other crypto analytics companies, Bitfury makes hardware and software. Its hardware is designed to keep blockchains secure and its software Exonum-a private blockchain framework, uses its Crystal Blockchain, an advanced analytics platform.
While these are the top three crypto analytics companies in Asia, Merkle Science from Singapore and Uppsala Security with its Threat intelligence Platform called Sentinel Protocol are trying to win part of the markets. Asia is hard to crack:
“While the company appears to focus initially on the South East Asian markets, a Japan market entry does not seem too far-fetched, but obviously the “Big Three” have set the bar quite high in terms of organizational structure, local leadership and Japanese investor base.”
Asia is a hotbed for crypto currency activity, especially China. Japan has one of the strongest Asian economies and as a country heavily invested in advanced technology it needs to be monitor the crypto currencies.
Whitney Grace, January 15, 2020
Shutting Down a C Suite Person to Cyber Security
January 7, 2020
DarkCyber spotted an interesting approach to marketing. The write up “Implications for CEOs Who Miss Security Targets” offers words of wisdom from a consultancy doing business as Thycotic. With what does this name rhyme? Note: This is a question, you gentle reader, can answer. DarkCyber thinks stenotic perhaps. The word, as you may know, means narrowing.
With the poetry out of the way, what are the issues related to a “security target”?
One of the main reasons behind this is that there is a disconnect between the C-suite and the IT security team. A lack of effective communication between the two can often result in security targets that are based on KPIs that have little relation to business objectives.
Yes, we have a failure to communicate.
And there is evidence, proof from a sample of 550 “IT decision makers”:
a Thycotic survey of 550 IT decision makers shows that a quarter (26 percent) report that IT security is not prioritized or invested in by their boards as strategically important. Further, more than half (52 percent) of IT security decision makers say their organizations struggle to align business goals and security initiatives. Four out of 10 (43 percent) say their business’s goals are not communicated with them and a third (36 percent) admit that they aren’t clear on what the business goals even are.
DarkCyber can add the following downsides:
- The IT person will be given an opportunity to [a] testify and [b] find his/her future elsewhere
- New cyber security vendors will be hired, adding to the confusion and complexity for sitting ducks to fend off guerilla hunters working alone, in squads, or for an industrialize criminal organization
- Employees will be reminded to change their passwords, zip their lips, and avoid clicking on emails which usually look pretty darned authentic.
DarkCyber’s view is that change, particularly with regard to cyber security, comes slowly for many organizations.
PS. The C suite may be given an overhaul.
Stephen E Arnold, January 7, 2020
Mobile Security: Bad News, Consumer
January 1, 2020
An online information service called Hindu Business Line has become a source for amusing digital information. Consider the factoids included in “Most People Are Not Aware of Malware on Their Mobile’.” A word of caution, the Web page may redirect some users to a malicious site, which makes the information just so much more special.
Here are some of the factoids:
- 23 percent of organizations in Indian run a risk of malware attacks. (DarkCyber thinks that the risk is much higher because malware is a growth business and most users are clueless when it comes to preventing and neutralizing mobile centric malware. Example: The page for this content.)
- It takes about a year for a person to realize that a mobile device has been affected. (DarkCyber thinks that most users dispose of their mobile phone before the malware has been discovered.)
- Globally 25 million devices are infected. (DarkCyber wants to point out that there are about 4.5 billion mobile phones globally. Source: Statista. The 25 million number seems quite modest and probably wildly off the mark.)
- Google had 16 apps on its store which were malware mechanisms. (DarkCyber wants to remind its gentle readers that these are apps Google said it knew about. The real number of malware apps is not known by users and Google is not a Chatty Cathy on this subject.)
Yep, great article. Outstanding in fact.
Stephen E Arnold, January 1, 2020
A Reminder about Malware
December 25, 2019
Digital information systems are faster, more reliable, take up less space, and offer greater insights than paper systems. The one great thing about paper systems, however, is they are immune to malware infestations. Chiapas Parlelo delves into how cyber criminals are using malware to extort money from businesses in the article, “Cyber Criminals: Network Harassment And Extortion Of Large Companies Through Malware.”
A growing cyber crime is uploading malware into a company’s network, then hackers usurp control of the network and hold it for ransom. If the company refuses to pay the ransom, the hackers threaten to destroy or post the information, often it is sensitive and private. Malware is one of the biggest types of cyber crime in Mexico, but it is one among many that includes financial, child pornography, and sexually explicit photos (usually with women). Other crimes are smaller in nature, such as the removal of a few pesos from an account or credit car scams. Cyber crimes cost Mexico three billion dollars in 2016.
The amount of cyber crimes continue to rise, but the best way to not be a victim is to take preventative measures:
“One of the main approaches to cyber criminology is prevention…the importance of basic care measures to avoid being the victim of an attack. He also mentioned that, beyond taking care of the privacy settings of what is shared, special attention should be paid to the content.”
People need cybercrime literacy. It is similar to teaching children not to speak with strangers or follow a person down a dark alley. Educate yourself and it will knock a large portion of the attacks.
Whitney Grace, December 25, 2019
DarkCyber for December 17, 2019, Now Available
December 17, 2019
Robert David Steele, a former CIA professional, learned about Stephen E Arnold’s blockchain research. Steele interviewed Stephen. This week’s DarkCyber is an extract of the original interview. You can access the video on Vimeo.
Kenny Toth, December 17, 2019
Swedish Ethical Hackers Raise More Funding
December 9, 2019
Have you ever heard the cyber security terms white hat and black hat? They are metaphors for types of hacking. The terms originate from old western movies, where the good cowboys wore white hats while the villains had black ones. In reference to hacking, the black hat hackers are bad actors and the white hat hackers are ethical. Ethical hackers had a big score in Sweden says Bisman Area News in the article, “Detectify Raises Additional €21M For Its Ethical Hacking Network.”
Detectify is a Swedish cybersecurity startup that developed a powerful Web site vulnerability scanner. Detectify has raised another €21 million in funding; Balderton Capital led the fundraising with investors Inventure, Insight Partners, and Paua Ventures. The startup plans to use the funding to hire more white hat hackers to accelerate the company’s growth.
Detectify was founded in 2013 by elite white hat hackers. The team’s scanner is a Web site security tool that is automated to scan Web sites and discover vulnerabilities so users can remain on top of the security. The scanner’s most unique feature is that it is powered and updated by an ethical hacker network a.k.a. crowdsourcing.
Detectify used its first funding round in a clever and innovative way:
“As we explained when the startup raised its €5 million Series A round, this sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.”
The company gained clients in the US, including Spotify, Trello, and King. Detectify plans to continue its expansion by relying on talent acquisitions and crowdsourcing.
Whitney Grace, December 9, 2019, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
