Darktrace: He Said, She Said, and Probably They Said Too

January 20, 2022

The high flying cyber security sector suffered a headache when the SolarWinds’ misstep was disclosed. Since that time, the mass media have started paying attention to what a year or two ago was the content discussed at cyber security conferences and workshops. Now, everyone including most US government agencies, hundreds of start ups, and probably a grandmother or two in a Golden Years Long Term Care facility are talking about cyber security, ransomware, bad actors, the Dark Web, the Deep Web, bots, smart malware, and the equivalent of Crime as a Service or CaaS, the on demand resource for stealing financial data.

I read “Short Seller says Darktrace Targets Are a Pipe Dream”. The back and forth between the UK financial firm and the Darktrace cyber services firm is interesting.(Keep in mind that years ago I did some small project for Autonomy, but my experience was pretty good. Nevertheless, before some research-minded 20 something tweets about my consulting, you have been alerted.)

The write up hits three interesting points. I am not interested in Darktrace, however. I think these points apply to a large number of the companies closing deals, often for Palantir-scale invoices, for threat intelligence, cyber defenses, digital canaries, smart perimeters, yada yada.

What are those points?

  1. Projections are extremely optimistic. What cyber security firm thinks about running out of clients for six and seven figure license fees? Hint: Think of a number between minus one and one.
  2. Headcounts move around, change, and are disconnected from an old school GraybaR (circa 1869) organization chart
  3. Customers sign on and then bail out. Does this sound like a Theranos-type observation.

The write up states:

ShadowFall says Darktrace’s business is driven by “an aggressive, promotional, sales focus” and is unlikely to stand the test of time. British hedge fund ShadowFall has taken a short position against cybersecurity specialist Darktrace, calling its business “watery-thin”. The hedge fund is known in the City as the ‘dark destroyer’ for its practices of unpicking corporate reports and devaluing shares. While the fund paints its work as a public service, as a short seller its own business model relies on driving down the prices of companies it bets against.

What’s up here? I think Darktrace is like many cyber security vendors. Consequently, ShadowFall is probably getting the curling stone close to the scoring circle in the game of full body contact investment curling. However, the specific issues like the three I identified above are part of the Silicon Valley territory. I call this phenomenon of overstatement, misdirection, and management management magical misdirection part of the behavior I described a decade ago in my monograph “The Google Legacy.”

The cyber security sector is not doing a Tom Brady grade job protecting an organization’s data. Why? Breaches occur because careless or indifferent employees click on links which invite bad actors to come in and have a seat in the engineering meeting. Bad actors prowl message boards for an unhappy employee, pay that employee to insert a USB stick into a laptop, or exfiltrate log on credentials. Finally, giant companies don’t build software with security as Job One. Every day I learn about another flaw in either commercial software or open source libraries. Bad actors don’t have to worry too much. There are quite a few bright bad actors and an expanding pool of oligarchs responding to a business opportunity.

No cyber vendor can keep up. In fact, best of class outfits are selling to those outside of the cyber security National Honor Society and Phi Beta Kappa stratum. (Example: Recorded Future to a general service outfit.) There are too few top flight cyber security engineers to staff the companies building or needing these specialists. Yep, a people shortage exists.

The net net is that ShadowFall has diagnosed an industry wide problem. The write up, however, focuses on ShadowFall’s analysis of a single company. A more useful and fair analysis would take a good, hard look at other cyber security firms. A spectrum or league table of behaviors can be generated. Then a company in the cyber security business can be put into a performance context. I understand that in the UK Darktrace is news. That’s okay with me. There is a far more significant analysis job to do. Darktrace becomes a data point, and my experience suggests there are outfits which warrant a similar analysis and commercial enterprises for which there is more data available.

Where is this type of analysis? I have not seen one. The reason may be, “Who wants to kill the gold goose laying cyber threat eggs filled with money?”

Stephen E Arnold, January 20, 2022

A Small Reminder: Finding Accurate, Actionable Information Is More Than Marketing Hoo-hah

January 14, 2022

Information retrieval ignites many interesting discussions. In our global environment, factionalism is the soup du jour. Talking about search can triggering dysphagia if a foot is consumed or apoplexy if one’s emotions go ballistic.

To keep search chatter in balance, I recommend “Scoop: IBM Tries to Sell Watson Health Again.” The write up does an non-job of romping through the craziness of IBM Watson and assorted medical windmills. There is one telling passage in the write up which I wish to highlight; to wit:

Big Blue wants out of health care, after spending billions to stake its claim, just as rival Oracle is moving big into the sector via its $28 billion bet for Cerner.

What’s up with IBM Watson in general and health care in particular? Several observations from my snowy redoubt in rural Kentucky, a state which has failed to emulate the business success of Tennessee. Is it Mitch? I don’t know.

Now my thoughts:

  1. Answering questions about scientific, technical, and medical questions is less demanding than figuring out what a TikTok message means. Failing in STM is like tripping over a bottle cap in a deserted NFL stadium’s parking lot
  2. Watson and its cognitive assertions requires training. Training is expensive. Google is working hard to convince itself and others to embrace the Snorkelesque approach. Watson’s method is a bit behind the sail boat’s curve in my opinion. Maybe the training race is over and Watson is in dry dock.
  3. The crazy assertions that cancer doctors could work better, faster, and more cheaply with Watson by their side resulted in one major event. The flashy Houston medical center showed Watson where the Exit door was located.

What will happen when a group of money people buy Watson? Lots of meetings, some tax planning, and quite a few telephone calls to college friends. Then a flip.

Will Watson health emerge a winner? IBM missed its chance the first time around. Perhaps the company can team with other health care competitors and craft a revenue winner. Will IBM ring up the Google? Will IBM make a trip to Redmond, home of the OS/2 debacle?

Who knows? Perhaps the company will apply some effort to fixing up its lagging cloud business? Again, who knows? Let’s ask Watson.

Stephen E Arnold, January 14, 2022

The Use Case for Digital Currency

January 12, 2022

A question I have been asked by those in my law enforcement lectures is, “What’s digital currency good for?” This question is easy to answer, and I think the officers in my sessions know the answer. The question is designed to elicit my opinion as a student of intelware. The former world chess champion Gary Kasparov says that crypto means freedom. Why? Math protects you.

Okay, but the answer I give is, “Criminal activity.”

Sure, one can gild the lily and say that digital currency offers an alternative to traditional legal tender. Digital currency is a way to work around the traditional banking system. Digital currency is a way to automate many financial transactions via smart contracts.

The reality is that digital currency solves one big problem for bad actors: Keeping otherwise noticeable financial transactions less visible to government entities and financial institutions.

What’s the factual basis for my view?

Navigate to “Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity.” Here’s the relevant statement:

Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.

The write up adds:

Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all.

The answer to the question, in my opinion, is, “Criminal activity.”

Stephen E Arnold, January 11, 2022

How about That Smart Software?

January 3, 2022

In the short cut world of training smart software, minor glitches are to be expected. When an OCR program delivers 95 percent accuracy, that works out to five mistakes in every 100 words. When Alexa tells a child to put a metal object into a home electrical outlet, what do you expert? This is close enough for horse shoes.

Now what about the Google Maps of today, a maps solution which I find almost unusable. “Google Maps May Have Led Tahoe Travelers Astray During Snowstorm” quoted a Tweet from a person who is obviously unaware of the role probabilities play in the magical world of Google. Here’s the Tweet:

This is an abject failure. You are sending people up a poorly maintained forest road to their death in a severe blizzard. Hire people who can address winter storms in your code (or maybe get some of your engineers who are stuck in Tahoe right now on it).

Big deal? Of course not, Amazon and Google are focused on the efficiencies of machine-centric methods for identifying relevant, on point information. The probability is that most of the Amazon and Google outputs will be on the money. Google Maps rarely misses on pizza or the location of March Madness basketball games.

Severely injured children? Well, that probably won’t happen. Individuals lost in a snow storm? Well, that probably won’t happen.

The flaw in these giant firms’ methods are correct from these companies’ point of view in the majority of cases. A terminated humanoid or a driver wondering if a friendly forest ranger will come along the logging road? Not a big deal.

What happens when these smart systems output decisions which have ever larger consequences? Autonomous weapons, anyone?

Stephen E Arnold, January 3, 2021

JPMorgan Chase: One Insignificant Question

December 24, 2021

Years ago I did some analysis for an upscale financial outfit which shall remain nameless in this post. I recall one question I was asked at lunch, at institution-sponsored conferences, and in hallways. The question? It was, “How do burner phones work?” The individuals asking often said, “I am just curious, of course.”

Of course.

I thought of these questions when I read “SEC Gives JPMorgan Chase Record Fine for Using WhatsApp to Conduct Business.” [If the link is dead, you are on your own, gentle reader.] The write up explains that some over achievers were sidestepping assorted rules, guidelines, recommendations, suggestions, and cultural norms to “conduct business” without being monitored. Here’s a passage I noted:

The SEC said the practice of using third-party communication apps was widespread at JPMorgan Chase. Another regulator, the Commodity Futures Trading Commission, also said Friday that it fined JPMorgan $75 million for using unapproved communications.

Okay. WhatsApp.

But what about burner phones? Probably not a problem among the squash playing financial health fanatics. I am just curious, of course.

Stephen E Arnold, December 24, 2021

Amazon: Emulating the Big Apple

December 23, 2021

I love the idea that giant technology companies operate in a space untethered from too many conventions, regulatory constraints, and ethical meshes. Apple I have heard entered into a two-buck deal with China. Okay, okay, the dollar amount was closer to US$ 3 billion. What’s the big deal?

Now it seems that Amazon has channeled its inner apple core. “Amazon Partnered with China Propaganda Arm” reports in a truthy and trustworthy way:

That [once confidential Amazon] briefing document, and interviews with more than two dozen people who have been involved in Amazon’s China operation, reveal how the company has survived and thrived in China by helping to further the ruling Communist Party’s global economic and political agenda, while at times pushing back on some government demands. In a core element of this strategy, the internal document and interviews show, Amazon partnered with an arm of China’s propaganda apparatus to create a selling portal on the company’s U.S. site, Amazon.com – a project that came to be known as China Books. The venture – which eventually offered more than 90,000 publications for sale – hasn’t generated significant revenue. But the document shows that it was seen by Amazon as crucial to winning support in China as the company grew its Kindle electronic-book device, cloud-computing and e-commerce businesses.

Is it a surprise that China’s ruling elite told the dog outside the online bookstore to bite the digital hand of any human or bot daring to give a very special book a bad review.

What is the book, one might ask? It appears that the instant best seller and biographical high water mark is “Xi Jinping: The Governance of China.

The answer, one supposes, is money. The truthy and trustworthy report says:

Amazon Web Services, or AWS, is now one of the largest providers to Chinese companies globally, according to a report this year by analysis firm iResearch in China, and people who have worked for AWS.

Gee, Leader Xi can ping Amazon and Apple any time he chooses. Let’s make a TikTok on a mobile and a desktop too while dining at a TikTok restaurant. Endangered animal stir fry, anyone? It is called Kung Pao Democracy I think.

Stephen E Arnold, December 23, 2021

Silicon Valley: Morphing into Medieval Italy?

December 23, 2021

The historical precedents include Florence (Facebook), Genoa (Google), and Venice (a2z). Venice because it was mostly money people and secret ways of keeping track of who owed whom what, so that’s close enough to a2z for me. The city states had their own ways of ruling, punishing, and exerting influence. What’s a few skirmishes among those who speak the same language. Does this sound like the Silicon Valley we know and love and its giant technology companies? I thought about the golden age of Italian city states as I read a scribe’s retelling of a recent digital skirmish among a couple of these power houses.

Jack Dorsey’s Hot Web3 Takes Are Apparently Too Much for Marc Andreessen to Handle” reveals that two Duchies are in sharp disagreement. No catapults, just PR. The write up from a modern day Giovanni Villani states:

Marc Andreessen decided to take the step of blocking @jack, and Dorsey responded by saying he’s been “banned from Web3.” That’s not an unfair statement either, as the former Netscape co-founder and co-founder of Andreessen Horowitz (a16z) is now a huge investor in Web3 startups, tossing money around on DeFi projects, metaverse sneakers, tokens, and anything else that catches his eye. According to its “Web3 reading list” (pdf) document from October, “a16z is the largest investor in this space.”

And other digital princes are aligning against the former guru of Twitter.

Are there other signs that the apparent coziness of the impactful environs of Silicon Valley are fraught with digital tension? Are these indicators?

    1. Google’s unhappiness with its trust score and human relations / people management department
    2. Apple’s once secret deal with a foreign power. What’s a quarter trillion dollars among friends?
    3. Intel’s apology to China issued in order to comply with US government requirements. What about those chip fabs in Arizona and the water hurdle?
    4. Amazon’s three consecutive outages and surging orders for pizza to fuel is “two pizza teams”. Isn’t it three strikes and you are out? No, this is no big deal, right Epic.
    5. Facebook’s alleged dominance of the worst US company rankings. This is unjust.

I don’t know. But unfollowing the guru of the Tweeter and the apparent fractures in a snug club house strike me as an important moment in the history of the technology revolution.

Are there coincidences? My little iTunes’ set up is playing the Beatles’ Revolution:

You say you got a real solution
Well, you know
We’d all love to see the plan
You ask me for a contribution
Well, you know
We’re all doing what we can

Yes, what’s the plan? Perhaps a Decoder to explain what’s happening?

Stephen E Arnold, December 23, 2021

Verizon and Google Are Love Birds? Their Call Is 5G 5G 5G

December 22, 2021

The folks involved with electronic equipment for air planes are expressing some concerns about 5G. Why? Potential issues related to interference. See the FAA and others care about passengers and air freight. Now Verizon and Google care about each other and are moving forward with more 5G goodness. (Please, turn off those 5G mobiles.)

Verizon is regarded as the top mobile provider in the United States. Verizon earns that title, because the company is always innovating. Tech Radar has the story on one of Verizon’s newest innovations: “Verizon Partners With Google Cloud On 5G Edge.” Google Cloud and Verizon will pool their resources to offer 5G mobile edge with guaranteed performance for enterprise customers.

Verizon is promising its 5G networks will have lower latency with faster speeds, reliable connections, and greater capacity. The mobile provider will deliver on its 5G and lower latency promise by decentralizing infrastructures and virtualizing networks, so they are closer to customers. Edge computing means data is processed closer to its collection point. This will enable more advanced technology to take root: smart city applications, telemedicine, and virtual reality.

Google Cloud’s storage and compute capabilities are what Verizon needs to deliver 5G:

“The partnership will initially combine Verizon’s private on-site 5G and its private 5G edge services with Google Distributed Cloud Edge, but the two companies have said they plan to develop capabilities for public networks that will allow enterprises to deploy applications across the US.”

Verizon’s new Google partnership makes it the first mobile provider to offer edge services with Amazon Web Services, Google Cloud, and Microsoft Azure.

The advancement of 5G will transform developed countries into automated science-fiction dreams. Verizon 5G edge sounds like it requires the use of more user data in order for it to be processed closer to the collection point. Is this why Verizon has been capturing more of late? Will 5G networks require more private user data to function?

One of my colleagues at Beyond Search had the silly idea that the Verizon Google discussions contributed to Verizon’s keen interest in capturing more customer data. Will the cooing of 5G 5G 5G soothe those worried about having a 757 visit the apartments adjacent O’Hare Airport? Of course not. Verizon and Google are incapable of making technical missteps.

Whitney Grace, December 22, 2021

NSO Group: How about That Debt?

December 14, 2021

The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article,  and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:

the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.

First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:

Point 1. What was secret is now open and easily available information.

Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.

Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.

There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.

Point 3. Too few customers to go around.

There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.

What’s next?

Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.

Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.

More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.

Stephen E Arnold, December 14, 2021

Rising Cyber Crimes Mean High Prevention Costs

December 13, 2021

The COVID-19 pandemic forced organizations to institute remote work. Many organizations were not prepared, because they lacked secure networks and other necessary security measures to prevent cyber crimes. It is not surprising when Read Write explains in “Lessons Learned From The Skyrocketing Cost Of Cyber Crime” are loss of revenue, obvious preventable issues, and that cyber security and cyber crimes are burgeoning industries.

The pandemic spurred a rise in cyber crime, especially in ransomware, phishing, malware, island hopping, and hyper-targeted nation state attacks. (Does spreading of misinformation count as a cyber crime?). Cloud computing company Iomart recorded that data breaches rose by 273% in the first quarter of 2020 compared to 2019. Cyber crime cost the US an estimated $3.5 billion and the UK $1.8 billion, but it could be more as many crimes are unnoticed.

The cost of cyber crimes are projected to rise exponentially and cause more economic damage than natural disasters. It is important that organizations take preventative measures:

“With all the realistic threats that lurk in the digital space, it’s imperative for companies to deploy best practices in cybersecurity to protect their data and other digital assets. Plus, companies need to do everything they can to avoid the burdensome financial costs associated with cybercrime. While we can’t always prevent cyber attacks, we can learn from them and apply tangible steps to protect ourselves and our businesses.”

Good cyber security practices include implementing and enforcing identification, robust encryption policies, strong data hygiene, patch management programs, using blockchain and crypto currency solutions, and use traditional measures like firewalls, antivirus software, and anti-spyware.

Whitney Grace, December 13, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta