CyberOSINT banner

Government IT Procurement Wobble

July 5, 2016

I read “IT Showdown: Tech Giants Face Off against 18F.” What’s an 18F? If you do work for the US government, you associate 18 F with the address of the General Services Administration. The name now evokes some annoyance among established US government contractors. The term 18F refers to a group set up to reduce the time, cost, and hassle of getting IT “done”.

In the good old days, there were people in the US government who did things. Over the years, US government professionals rely on contractors to do certain types of work. In the information technology world, the things range from talking about how one might do something to actually setting up a system to deliver certain outputs.

Along the way, commercial enterprises provided hardware, software, and services. The hardware and software were, for many years, proprietary or custom crafted to meet the needs of a particular government entity. These statements of work made life difficult for a vendor who used what were often perceived as expensive solutions. License agreements made it tricky for a government entity to get another commercial outfit to modify or work around limitations of certain commercial systems.

According to the write up, some of the established vendors are grousing. I learned:

At a House subcommittee hearing on June 10, lobbyists from the IT Alliance for Public Sector (ITAPS) and the Software & Information Industry Association (SIIA) alleged that 18F is hindering profits by acting as both a procurement policymaker and as a tech competitor inside the General Services Administration (GSA). The two groups assert a conflict of interest, and in testimony, have submitted a list of grievances and recommendations intended to curtail 18F’s authority. The hearing was conducted jointly by the House Subcommittees of Government Operations and Information Technology to assess the effectiveness of 18F and the U.S. Digital Service (USDS) — a sister tech consultancy within the White House.

The industry group perceives the 18F outfit as a bit of a threat. Blanket purchase agreements, open source solutions, and giving certain contracts for small coding jobs to non traditional outfits are not what the established information technology vendors want to happen.

I find the dust up amusing. The revenues of established information technology vendors are not likely to suffer sharp declines overnight. The 18F initiative is an example of the US government trying to find a solution to escalating costs for information technology and the gap between the commercial solutions available and actual solutions deployed in a government entity.

Will 18F reduce the gap? One thing is certain. Some vendors associate the term “18F” with some different connotations. Imagine a government professional using a mobile phone app to perform a task for personal work and then using a mainframe act to perform a similar task in a government agency. Exciting.

Stephen E Arnold, July 5, 2016

Palantir Technologies: A Valuation Factoid

July 5, 2016

I read “Palantir Buyback Plan Shows Need for New Silicon Valley Pay System.” (You may have to view this write up. Don’t email me. I don’t think about “real” journalists.) Tucked into the somewhat humorous write up was a factoid. I want to capture it because “real” reporters and “real” information can be tough to track down using an online search system.

Here’s the factoid:

It [Palantir] is offering $7.40 a share to buy back up to 12.5 percent of an employee’s shares…Morgan Stanley recently marked down the value of Palantir’s shares to $5.92.

That $1.48 just hangs there. Too bad the write up did not answer this question:

What were the valuations Morgan Stanley assigned when Palantir Technologies had a valuation of $20 billion. I assume that rainbows, unicorns, and other “real” artifacts, one must assume that Palantir is zipping right along the information superhighway.

Stephen E Arnold, July 5, 2016

More Palantir Spotting

June 27, 2016

Trainspotting is a collection of short stories or a novel presented as a series of short stories by Irvine Welsh. The fun lovers in the fiction embrace avocations which seem to be addictive. The thrill is the thing. Now I think I have identified Palantir spotting.

Navigate to “Palantir Seeks to Muzzle Former Employees.” I am not too interested in the allegations in the write up. What is interesting is that the article is one of what appears to be of series of stories about Palantir Technologies enriched with non public documents.

image

The Thingverse muzzle might be just the ticket for employees who want to chatter about proprietary information. I assume the muzzle is sanitary and durable, comes in various sizes, and adapts to the jaw movement of the lucky dog wearing the gizmo.

Why use the phrase “Palantir spotting.” It seems to me that making an outfit which provides services and software to government entities is an unusual hobby. I, for example, lecture about the Dark Web, how to recognize recycled analytics algorithms and their assorted “foibles,” and how to find information in the new, super helpful Google Web search system.

Poking the innards of an outfit with interesting software and some wizards who might be a bit testy is okay if done with some Onion type  or Colbert like humor. Doing what one of my old employers did in the 1970s to help ensure that company policies remain inside the company is old hat to me.

In the write up, I noted:

The Silicon Valley data-analysis company, which recently said it would buy up to $225 million of its own common stock from current and former staff, has attached some serious strings to the offer. It is requiring former employees who want to sell their shares to renew their non-disclosure agreements, agree not to poach Palantir employees for 12 months, and promise not to sue the company or its executives, a confidential contract reviewed by BuzzFeed News shows. The terms also dictate how former staff can talk to the press. If they get any inquiries about Palantir from reporters, the contract says, they must immediately notify Palantir and then email the company a copy of the inquiry within three business days. These provisions, which haven’t previously been reported, show one way Palantir stands to benefit from the stock purchase offer, known as a “liquidity event.”

Okay, manage information flow. In my experience, money often comes with some caveats. At one time I had lots and lots of @Home goodies which disappeared in a Sillycon Valley minute. The fine print for the deal covered the disappearance. Sigh. That’s life with techno-financial wizards. It seems life has not changed too much since the @Home affair decades ago.

I expect that there will be more Palantir centric stories. I will try to note these when they hit my steam powered radar detector in Harrod’s Creek. My thought is that like the protagonists in Trainspotting, Palantir spotting might have some after effects.

I keep asking myself this question:

How do company confidential documents escape the gravitational field of a comparatively secretive company?

The Palantir spotters are great data gatherers or those with access to the documents are making the material available. No answers yet. Just that question about “how”.

Stephen E Arnold, June 27, 2016

Peak Unicorn: Hooves of Doom

June 23, 2016

I loved the phrase “peak unicorn.” The co9mbination of mixed metaphors and a mythical horned equine is delicious. Navigate to “The Unicorn Godmother Dishes on Silicon Valley.” I find the addition of a “godmother” a bit like a 1958 Chevrolet Impala with additional chrome bolted on by an ambitious retro rod shop. Unicorns, peaks, and godmothers!

The main point of the write up in my opinion is not fruit salad metaphors. Here’s the passage I highlighted in passion fruit reddish purple:

I think we’re in a valuation-adjustment period where we’ve basically had very bullish markets both in the private and the public sectors for tech stocks over the past three to five years, and valuation multiples just got out of whack. There was too much money pouring into tech; and a perception developed that the only way to win was to offer a higher price. You know if there’s one house in a neighborhood that everybody wants, generally the way to get the house is to offer a higher price.

Yes, real estate. The “value” of a house in Holmby Hills compared to the value of a home in Pig, Kentucky.

The write up makes clear that some folks in Sillycon Valley may be getting nervous. Time to cash in and enjoy the good life. Unicorn farming in Pig, Kentucky? Search and content processing vendors are welcome too. A quick trip via flying car I hear.

Stephen E Arnold, June 23, 2016

Digital Currencies: More Excitement

June 21, 2016

An “attacker” explains the legal perception he has. You can read this argument at this link. I do not have a horse in this race. In my recent lecture at a security conference in Myrtle Beach, SC, I pointed out that digital currencies work reasonably well for what I call small scale transactions. Putting one’s life savings into a digital currency is a step some bad actors are reluctant to take. Traditional non digital money laundering and tax evasion methods will slowly yield to Fancy Dan types of “money.” But if you are adventurous, have a go.

Stephen E Arnold, June 21, 2106

The Job Duties of a Security Analyst

June 15, 2016

The Dark Web is a mysterious void that the average user will never venture into, much less understand than the nefarious reputation the media crafts for it.  For certain individuals, however, not only do they make a lively hood by surfing the Dark Web, but they also monitor potential threats to our personal safety.  The New York Times had the luck to interview one Dark Web security analyst and shared some insights into her job with the article, “Scouring The Dark Web To Keep Tabs On Terrorists.”

Flashpoint security analyst Alex Kassirer was interviewed and she described that she spent her days tracking jihadists, terrorist group propaganda, and specific individuals.  Kassirer said that terrorists are engaging more in cybercrimes and hacking in lieu/addition of their usual physical aggressions.  Her educational background is very impressive with a bachelor’s from George Washington University with a focus on conflict and security, a minor in religious studies, and she also learned some Arabic.  She earned her master’s in global affairs at New York University and interned at Interpol, the Afghan Embassy, and Flashpoint.

She handles a lot of information, but she provides:

“I supply information about threats as they develop, new tactics terrorists are planning and targets they’re discussing. We’ve also uncovered people’s personal information that terrorists may have stolen. If I believe that the information might mean that someone is in physical danger, we notify the client. If the information points to financial fraud, I work with the cybercrime unit here.”

While Kassirer does experience anxiety over the information she collects, she knows that she is equipped with the tools and works with a team of people who are capable of disrupting terroristic plots.

 

Whitney Grace, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Ransomware as a Service Deals in Bitcoins of Course

June 14, 2016

Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,

“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”

Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.

 

Megan Feil, June 14, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Alphabet Google Factoid: Media Spend Control

May 31, 2016

I noted “Google Now Controls 12 Percent of All Global Media Spend.” My immediate reaction was, “Just 12 percent.” I assumed that the Alphabet Google thing had cornered much more of the media spend. I learned:

Alphabet controls 12 percent of all global media spend, which primarily comes from Google and YouTube’s ad sales. The company collects $60 billion in U.S. ad spend—a figure 166 percent larger than No. 2 ranking The Walt Disney Company. To compare, Google’s ad revenue was 136 percent larger than Walt Disney last year. Alphabet’s overall ad revenue is up 17 percent year-over-year.

Google is not without competition. I love “competition” in the online digital world. The write up points out:

Facebook in particular continues to become an advertising juggernaut. The social network jumped from No. 10 in 2015 to No. 5 this year, making it the fastest-growing company on Zenith’s list with 65 percent year-over-year growth. Chinese Internet company Baidu is the second fastest-growing company, with ad revenues up 52 percent.

I am not an ad expert. I certainly don’t know anything about media spend. After 15 years of slogging, the 12 percent figure strikes me as interesting. It seems that in a shorter time period, Facebook has been the hot item. Search or social media? Which is the “winner”? Both? Who are the losers?

Traditional media. Another surprise?

Stephen E Arnold, May 31, 2016

Financial Institutes Finally Realize Big Data Is Important

May 30, 2016

One of the fears of automation is that human workers will be replaced and there will no longer be any more jobs for humanity.  Blue-collar jobs are believed to be the first jobs that will be automated, but bankers, financial advisors, and other workers in the financial industry have cause to worry.  Algorithms might replace them, because apparently people are getting faster and better responses from automated bank “workers”.

Perhaps one of the reasons why bankers and financial advisors are being replaced is due to their sudden understanding that “Big Data And Predictive Analytics: A Big Deal, Indeed” says ABA Banking Journal.  One would think that the financial sector would be the first to embrace big data and analytics in order to keep an upper hand on their competition, earn more money, and maintain their relevancy in an ever-changing world.   They, however, have been slow to adapt, slower than retail, search, and insurance.

One of the main reasons the financial district has been holding back is:

“There’s a host of reasons why banks have held back spending on analytics, including privacy concerns and the cost for systems and past merger integrations. Analytics also competes with other areas in tech spending; banks rank digital banking channel development and omnichannel delivery as greater technology priorities, according to Celent.”

After the above quote, the article makes a statement about how customers are moving more to online banking over visiting branches, but it is a very insipid observation.  Big data and analytics offer the banks the opportunity to invest in developing better relationships with their customers and even offering more individualized services as a way to one up Silicon Valley competition.  Big data also helps financial institutions comply with banking laws and standards to avoid violations.

Banks do need to play catch up, but this is probably a lot of moan and groan for nothing.  The financial industry will adapt, especially when they are at risk of losing more money.  This will be the same for all industries, adapt or get left behind.  The further we move from the twentieth century and generations that are not used to digital environments, the more we will see technology integration.

Whitney Grace, May 30, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Open Source Software Needs a Micro-Payment Program

May 27, 2016

Open source software is an excellent idea, because it allows programmers across the globe to share and contribute to the same project.  It also creates a think tank like environment that can be applied (arguably) to any tech field.  There is a downside to open source and creative commons software and that is it not a sustainable model.  Open Source Everything For The 21st Century discusses the issue in their post about “Robert Steele: Should Open Source Code Have A PayPal Address & AON Sliding Scale Rate Sheet?”

The post explains that open source delivers an unclear message about how code is generated, it comes from the greater whole rather than a few people.  It also is not sustainable, because people do need funds to survive as well as maintain the open source software.  Fair Source is a reasonable solution: users are charged if the software is used at a company with fifteen or more employees, but it too is not sustainable.

Micro-payments, small payments of a few cents, might be the ultimate solution.  Robert Steele wrote that:

“I see the need for bits of code to have embedded within them both a PayPalPayPal-like address able to handle micro-payments (fractions of a cent), and a CISCO-like Application Oriented Network (AON) rules and rate sheet that can be updated globally with financial-level latency (which is to say, instantly) and full transparency. Some standards should be set for payment scales, e.g. 10 employees, 100, 1000 and up; such that a package of code with X number of coders will automatically begin to generate PayPal payments to the individual coders when the package hits N use cases within Z organizational or network structures.”

Micro-payments are not a bad idea and it has occasionally been put into practice, but not very widespread.  No one has really pioneered an effective system for it.

Steele is also an advocate for “…Internet access and individual access to code is a human right, devising new rules for a sharing economy in which code is a cost of doing business at a fractional level in comparison to legacy proprietary code — between 1% and 10% of what is paid now.”

It is the ideal version of the Internet, where people are able to make money from their content and creations, users’ privacy is maintained, and ethics is essential are respected.  The current trouble with YouTube channels and copyright comes to mind as does stolen information sold on the Dark Web and the desire to eradicate online bullying.

 

Whitney Grace, May 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Next Page »