Palantir Technologies: Not Intelware, Now a Leader in Artificial Intelligence

September 27, 2022

I spotted this rather small advertisement in the Wall Street Journal dead tree edition on September 22, 2022. (I have been on the road and I had a stack of newspapers to review upon my return, so I may have the date off by a day or two. No big deal.)

Here’s the ad:

palantir ad fixed

A couple of points jumped out. First, Palantir says in this smallish ad, “Palantir. The industry leader in artificial intelligence software.” That’s a very different positioning for the intelware centric company. I think Palantir was pitching itself a business intelligence solution and maybe a mechanism to identify fraud. Somewhere along the line there was a save the planet or save the children angle to the firm’s consulting-centric solutions.

For me, “consulting centric solutions” means that software (some open source, some whipped up by wizards) is hooked together by Palantir-provided or Palantir-certified engineers. The result is a dashboard with functionality tailored to a licensee’s problem. The money is in the consulting services for this knowledge work. Users of Palantir can fiddle, but to deliver real rock ‘em sock ‘em outputs, the bill by the hour folks are needed. This is no surprise to those familiar with migrations of software developed for one thing which is then, in a quest for revenues, is morphed into a Swiss Army knife and some wowza PowerPoint presentations and slick presentations at conferences. Feel free to disagree, please.

The second thing I noticed is that Palantir presents other leaders in smart software; specifically, the laggards at Microsoft, IBM, Amazon, and the Google. There are many ways to rank leaders. One distinction Palantir has it that it is not generating much of a return for those who bought the company’s stock since the firm’s initial public offering. On the other hand, the other four outfits, despite challenges, don’t have Palantir’s track record in the money department. (Yes, I know the core of Palantir made out for themselves, but the person I know in Harrod’s Creek who bought shares after the IPO: Not a good deal at this time.

The third thing is that Google, which has been marketing the heck out of its smart software is dead last in the Palantir list. Google and its estimable DeepMind outfit is probably not thrilled to be sucking fumes from Microsoft, IBM, and the outstanding product search solution provider Amazon. Google has articles flowing from Medium, technical papers explaining the magic of its AI/ML approach, and cheerleaders in academia and government waving pom poms for the GOOG.

I have to ask myself why? Here’s a breakdown of the notes I made after my team and I talked about this remarkable ad:

  1. Palantir obviously thinks its big reputation can be conveyed in a small ad. Palantir is perhaps having difficulty thinking objectively about the pickle the company’s sales team is in and wants to branch out. (Hey, doesn’t this need big ads?)
  2. Palantir has presented a ranking which is bound to irritate some at Amazon AWS. I have heard that some Palantir clients and some Palantir’s magic software runs on AWS. Is this a signal that Palantir wants to shift cloud providers? Maybe to the government’s go-to source of PowerPoint?
  3. Palantir may want to point out that Google’s Snorkeling and diversity methods are, in fact, not too good. Lagging behind a company like Palantir is not something the senior managers consider after a morning stretching routine.

Net net: This marketing signal, though really small, may presage something more substantive. Maybe a bigger ad, a YouTube video, a couple of TikToks, and some big sales not in the collectible business would be useful next steps. But the AI angle? Well, it is interesting.

Stephen E Arnold, September 27, 2022

The Cloud and Points of Failure: Really?

September 13, 2022

A professional affiliated with Syntropy points out one of my “laws” of online; namely, that centralization is inevitable. What’s interesting about “The Internet is Now So Centralized That One Company Can Break It” is that it does not explain much about Syntropy. In my opinion, there is zero information about the c9ompany. The firm’s Web site explains:

Unlocking the power of the world’s scientific data requires more than a new tool or method – it requires a catalyst for change and collaboration across industries.

The Web site continues:

We are committed to inspiring others around our vision — a world in which the immense power of a single source of truth in biomedical data propels us towards discoveries, breakthroughs and cures faster than ever before.

The company is apparently involved with Merck KGaA, which as I recall from my Pharmaceutical News Index days, is not too keen on sharing its intellectual property, trial data, or staff biographies. Also, the company has some (maybe organic, maybe more diaphanous) connection with Palantir Technologies. Palantir, an interesting search and retrieval company morphing into search based applications and consulting, is a fairly secretive outfit despite its being a publicly traded company. (The firm’s string of quarterly disappointments and its share price send a signal to some astute observers I think.)

But what’s in the article by individual identified at the foot of the essay as Domas Povilauskas, the top dog at Syntropy. Note that the byline for the article is Benzinga Contributor which is not particularly helpful.

Hmmm. What’s up?

The write up recycles the online leads to centralization notion. Okay. But centralization is a general feature of online information, and that’s not a particularly new idea either.

The author continues:

The problem with the modern Internet is that it is essentially a set of private networks run by individual internet service providers. Each has a network, and most connections occur between these networks…. Networks are only managed locally. Routing decisions are made locally by the providers via the BGP protocol. There’s no shared knowledge, and nobody controls the entire route of the connection. Using these public ISPs is like using public transport. You have no control over where it goes. Providers own the cables and everything else. In this system, there are no incentives for ISPs to provide a good service.

The set up of ISPs strikes me as a mix of centralization and whatever works. My working classification of ISPs and providers has three categories: Constrained services (Amazon-type outfits), Boundary Operators (the TOR relay type outfits), and Unconstrained ISPs and providers (CyberBunker-type organizations). My view is that this is the opposite of centralization. In each category there are big and small outfits, but 90 percent of the action follows Arnold’s Law of Centralization. What’s interesting is that in each category — for instance, boundary operators — the centralization repeats just on a smaller scale. AccessNow runs a conference. At this conference are many operators unknown by the general online user.

The author of the article says:

The only way to get a more reliable service is to pay ISPs a lot for high-speed private connections. That’s the only way big tech companies like Amazon run their data centers. But the biggest irony is that there is enough infrastructure to handle much more growth.  70% of Internet infrastructure isn’t utilized because nobody knows about these routes, and ISPs don’t have an excellent solution to monetize them on demand. They prefer to work based on fixed, predetermined contracts, which take a lot of time to negotiate and sign.

I think this is partially correct. As soon as one shifts from focusing on what appear to be legitimate online activities to more questionable and possibly illegal activities, evidence of persistent online services which are difficult for law enforcement to take down thrive. CyberBunker generated millions and required more than two years to knock offline and reign in the owners. There is more dimensionality in the ISP/provider sector than the author of the essay considers.

The knock-offline idea sounds good. One can point to the outages and the pain caused by Microsoft Azure/Microsoft Cloud, Google Cloud, Amazon, and others as points of weakness with as many vulnerabilities as a five-legged Achilles would have.

The reality is that the generalizations about centralization sound good, seem logical, and appear to follow the Arnold Law that says online services tend to centralization. Unfortunately new technologies exist which make it possible for more subtle approaches to put services online.

Plus, I am not sure how a company focused on a biomedical single source of truth fits into what is an emerging and diverse ecosystem of ISPs and service providers.

Stephen E Arnold, September 13, 2022

NSO Group: An Award for Pony Excellence

August 22, 2022

I read “Spyware Maker NSO Won Cellphone Hack of the Year But No One Picked Up the Award.” Two things: NSO Group remains in the news but with a twist. The company has become a #humor outfit. The second thing is that NSO Group did not show up at a recent ambiguous actor conference to claim the plastic Pwnie (pony, I think) statuette.

The write up reports:

This year, NSO Group was nominated for the Best Mobile Bug, for the exploit known as Forced Entry, an iPhone exploit that didn’t require any interaction from the victim, meaning targets could get hacked without realizing anything happened. Security researchers praised the technical sophistication of the exploit, calling it “mind-bending,” a bug that “goes into ‘holy smokes, what?!’ area,” with “several truly beautiful aspects,” and “absolutely stunning.”

Intelware as a foundation for humor. Who would have thought that would ever happen? A little plastic, see through pony. Perfect for a transparent outfit, but NSO Group? Whew.

The one saving grace is that Mark the Zuck wandering around in the Zuckerverse is a bigger magnet for humorists. That’s saying something.

Stephen E Arnold, August 19, 2022

Terrorism and Big Data: A Solution?

August 18, 2022

I recall hearing that a person allegedly named Ayman al-Zawahiri was a terrorist and, thus, became a target for the US. (I thought an entity named Ayman al-Zawahiri had been terminated on one, maybe two previous occasions. But maybe not. Since that action, I have noted a number of terrorism related articles. One that caught my attention was “How Big Data Is Helping Fight Terrorism?” The article contains a shopping list of intelware functions. These types of content types and their applicability to deterring terrorism can, for some, be difficult to find. Here are the items on the list presented in the article. For definitions of leach function, please, consult the original source:

  1. Processing test, audio, and video inputs. The idea is that intelware can do this work more quickly than officers and analysts.
  2. Identifying money laundering activities. The gist of this function is that intelware can detect actions and patterns more quickly and effectively than investigators.
  3. Pattern identification. The idea I think is that smart software can extract from large data sets sequences or connected events better than a person sitting in a cube in a government office.
  4. AI and machine learning. The author is confident that smart software can improve, learn, and operate in a more effective way than a task force.
  5. Risk projects. Smart software can identify that doing A presents a greater likelihood of taking place than B.

Stepping back from this list, it is clear to me that the hype, the PR, and the jargon of intelware has diffused outside of specialist circles and been recycled in a particularly snappy way. From my point of view, this article is quite different from the information my team and I will present at an upcoming law enforcement conference in mid September. The jazz and zing of marketers has obscured a number of very important points about what intelware can and cannot do. In fact, there are more cannots than many want to accept.

Stephen E Arnold, August 18, 2022

NSO Group: Now a Humor Piñata

August 16, 2022

Intelware once was serious, secret, and one of the few topics would be comedians would reference in an act. Not any more. Navigate to “NSO Group Finally Figures Out How Many European Countries It Does Business With” reports:

It seemingly takes about six weeks to count higher than five but NSO has put in the time and effort to ensure EU lawmakers have something more than the vague (and obviously low) estimate the company previously decided to provide in lieu of actual data.

Ho ho ho.

The quip is unlikely to cause chuckles in Tel Aviv. Three observations:

  • A topic which becomes the focus of a joke has entered popular culture. This is intelware, remember, not a remake of Elvis’ life story with glitter.
  • NSO Group appears to lack the management infrastructure to respond in a way which does not cause graduates of an online university MBA program to roll their eyes.
  • The NSO Group continues to demonstrate an ability to attract attention.

Net net: What’s next for the intelware sector? More marketing, slicker PowerPoint decks, and the quest for smarter software and (hopefully) decision makers.

Stephen E Arnold, August 16, 2022

NSO Group-Like Software: Where Did It Originate?

August 15, 2022

I noted another story related to the NSO Group Pegasus coverage. This report was “Israel Police’s Pegasus Spyware Prototype Revealed” talks about what may be an ur-NSO Group type software. Like literature majors who puzzle over an urHamlet, the mystery is, “Where does the idea originate?” Like Shakespeare, one of the most notable recyclers, the article suggests that:

Details and screenshots of a prototype version of the Pegasus spyware designed for Israeli police back in 2014 reveal the tools and far-reaching capabilities of a system that was slated to be deployed in everyday police work.

That suggests that the intelware was mostly functio0nal eight years ago. I learned:

… the [Pegasus] spyware was operationally deployed as early as 2016

That was six years ago.

The article points out:

Pegasus could read WhatsApp messages.

The article asserts:

Another capability … mentioned in the presentation is the interception of incoming and outgoing phone calls. Besides this ability, which seems to be relatively routine in the world of intelligence surveillance, there is another one known in the professional parlance as “volume listening” and is considered much more intrusive. In simple terms it means real time wiretapping to a device’s surrounding through the remote activation of the device’s microphone.

Another interesting alleged functionality is:

With the spyware, the police can gain full access to all the files stored on the phone, including those that are end-to-end encrypted. This encryption technology prevents access to a device’s content through cellular antennae or other infrastructures. Even if a file is intercepted, it cannot be decoded. However, on a device that has been infected with the spyware, all the files become visible.

My recollection is that the “origin” of the Pegasus tool was a person who worked in a mobile phone store. Perhaps this is true, but the functionality of the “prototype” almost a decade ago begs a question I find interesting:

“Where did the idea for Pegasus originate? Who came up with the requirements for a mobile phone capability like this?

I don’t have an answer to this question, but I will raise it in the context of the remarkable similarity among other types of intelware developed by individuals with some experience in the armed forces whose offices are in relatively close proximity in one country with reasonably close ties to the US. My lecture to a US government entity will be in mid-September. Perhaps other “real news” outfits will pursue the history of Pegasus. But whose idea was it in the first place? Maybe like the ur-Hamlet the question may not be answered. But those requirements! Spot on.

Stephen E Arnold, August xx, 2022

Palantir Technologies: Following a Well Worn Path

August 11, 2022

Most intelware vendors are pretty much search and retrieval with a layer of search based applications. I think of these specialized services like an over-priced foam dog bed. The foam is hidden beneath what looks like a rich, comfy, and pet friendly cover. The dog climbs on, sniffs the fumes and scratches the cover. A bite or two and the cover tears and foam shards litter the floor.

When I think of some intelware vendors’ solutions, I keep thinking about that Alibaba-type dog bed. Wow. Not good.

I read “Palantir Stock Skids As Exec Says Downbeat Forecast Is All the More Disappointing Given Opportunities Ahead”, and I saw that dog bed, the torn cover, and the weird pink and green foam chunks in our family room. I know this association is not one shared by those who cheerlead for Palantir or the stakeholders who must look at the value of their “stakes”.

The write up reports:

Government deals “at the billion-dollar range of the contracts that we are working on…have the bug of them taking too long and the feature of, in a highly difficult, tumultuous and politically uncertain world, that you actually get paid and you actually make free-cash flow,” Chief Executive Alex Karp said on the earnings call.

Yep, that’s true.

However, Palantir has been working hard to convince outfits like chocolate companies, big banks, and some pharma companies to rely on Palantir for their information plumbing and intelligence dashboard. (Dashboards are hot, even though many intelware vendors just recycle the components associated with Elasticsearch, a popular open source search and retrieval system, and other members of the species ELK.

If Palantir were closing deals with non governmental entities, wouldn’t that revenue make up for the historically slow and sketchy US government procurement process. For those in the know, FAR is a friend. For those who have racked up a track record of grousing about Federal procurement rules, FAR can be associated with the concept “far outside the circle of decision makers.”

If we accept my assertion of intelware as basic search, indexing and classifying content objects, and output nice looking reports. These reports, by the way, depend upon some widely used numerical recipes. The outputs of competitive intelware systems which use the same test set of content objects is often similar. In some cases, very similar. (In September at CyCon, we will show some screenshots and challenge the audience of law enforcement and intelligence professionals to identify the output with the system generating the diagrams, charts, graphs, and maps. In previous lectures this audience involvement ploy yielded one predictable result: No one could match outputs with the system producing it.

What are the paths available to a vendor of intelware chasing huge contracts for getting close to 20 years? That’s two decades, gentle reader.

Based on my observations and research for my books and monographs, here are the historical precedents I have noticed. Will Palantir follow any of these paths? Probably not, but I enjoy trotting them out in order to provide some color for the search and specialized software sector competitors. What each competitor lacked in applications, stable products and services, and informed and available customer support, the PP (Palantir predecessors) had outstanding marketing, nifty technical jargon, and a bit of the Steve Jobs reality distortion field magic.

  1. The vendor just gets acquired. Recorded Future is now Insight. Super secretive Detica is BAE Systems, etc. etc. The idea is that the buyer has the resources to make the software work and develop innovations that will keep ahead of open source offerings and pesky start ups. A variation is continuous resales as owners of intelware companies realize there are not enough customers to deliver the claims in PowerPoint decks’ revenue projections. Is one example this sequence? i2 Ltd (UK) —>  venture firm –> IBM Corp. –> Harris?
  2. The vendor hooks up with the government and presents the face of a standalone, independent outfit when affiliated with a government entity. Example: Some intelware firms in China, Israel, and the UK.
  3. The vendor goes away or turns a few cartwheels and emerges as something else entirely. Example: Cobwebs Technologies doesn’t do intelware; it provides anti money laundering services. I still like LifeRaft’s positioning as a marketing intelligence company.
  4. Everybody involved with the company moves on, new executives arrive, and the firm emerges as a customer service outfit or a customer experience provider. Rightly or wrongly I think of LucidWorks as this type of outfit.
  5. A combo deal. The inner workings of this type of deal converts Excalibur into Convera which becomes Ntent and then becomes a property of Allen & Co. Where is Convera today? I heard that some of its DNA survives in Seekr, but I have not heard back from the company to verify this rumor. The firm’s PR professional is apparently busy doing more meaningful PR things.
  6. Creative accounting. Believe it or not, some senior executives are found guilty of financial fancy dancing. Example: The founder of a certain search vendor with government clients. I think a year in the slammer was talked about.
  7. The company just closes up. Example: Perhaps Delphis, Entopia, or Stull, among others.

Net net: Vendors selling to law enforcement, crime analysts, and intelligence agencies face formidable competition from incumbents; for example, big Beltway bandits like the one for which I used to work. Furthermore, when selling intelware (event with a name change and a flashy PowerPoint deck) corporate types are not comfortable buying from a company working closely with some of the badge-and-gun agencies. Intelware vendors can talk about big sales to commercial enterprises. True, the intelware vendor may land some deals. But the majority of leads just become money pits: Sales calls, presentations, meetings with shills for the firm’s lawyers, and similar human resources. Those foam chunks from the Alibaba dog bed are similar to some investors’ dreams of giant stakeholder paydays. Oh, well, there is recycling.

Stephen E Arnold, August 11, 2022

The Expanding PR Challenge for Cyber Threat Intelligence Outfits

August 10, 2022

Companies engaged in providing specialized services to law enforcement and intelligence entities have to find a way to surf on the building wave of NSO Group  backlash.

What do I mean?

With the interest real journalists have in specialized software and services has come more scrutiny from journalists, financial analysts, and outfits like Citizens Lab.

The most recent example is the article which appeared in an online publication focused on gadgets. The write up is “: These Companies Know When You’re Pregnant—And They’re Not Keeping It Secret. Gizmodo Identified 32 Brokers Selling Data on 2.9 Billion Profiles of U.S. Residents Pegged as Actively Pregnant or Shopping for Maternity Products.” The write up reports:

A Gizmodo investigation into some of the nation’s biggest data brokers found more than two dozen promoting access to datasets containing digital information on millions of pregnant and potentially pregnant people across the country. At least one of those companies also offered a large catalogue of people who were using the same sorts of birth control that’s being targeted by more restrictive states right now. In total, Gizmodo identified 32 different brokers across the U.S. selling access to the unique mobile IDs from some 2.9 billion profiles of people pegged as “actively pregnant” or “shopping for maternity products.” Also on the market: data on 478 million customer profiles labeled “interested in pregnancy” or “intending to become pregnant.”

To add some zest to the write up, the “real news” outfit provided a link to 32 companies allegedly engaged in such data aggregation, normalization, and provision. Here are the 32 companies available from the gadget blogs link. Note sic means this is the actual company name. The trendy means very hip marketing.

Adprime Health
Alike Audience
Anteriad (180byTwo)
Cross Pixel
Datastream Group
Dstillery (sic and trendy)
Eyeota (sic and trendy)
Fyllo (sic)
Lighthouse (Ameribase Digital)
Reklaim (sic)
Stirista (Crosswalk) (sic)
Valassis Digital
Weborama Inc
Ziff Davis
ZoomInfo (Clickagy)

How many of these do you recognize? Perhaps Experian, usually associated with pristine security practices and credit checks? What about Ziff Davis, the outfit which publishes blogs which reveal the inner workings of Microsoft and a number of other “insider” information? Or Zoom Info, an outfit once focused on executive information and now apparently identified as a source of information to make a pregnant teen fear the “parent talk”?

But the others? Most people won’t have a clue? Now keep in mind these are companies in the consumer information database business. Are there other firms with more imaginative sources of personal data than outfits poking around open source datasets, marketing companies with helpful log file data, and blossoming data scientists gathering information from retail outlets?

The answer is, “Yes, there are.”

That brings me to the building wave of NSO Group backlash. How does one bridge the gap between a government agency using NSO Group type tools and data?

The answer is that specialized software and services firms themselves are the building blocks, engineer-constructors, and architect-engineers of these important bridges.

So what’s the PR problem?

Each week interesting items of information surface. For example, cyber threat firms report new digital exploits. I read this morning about Cerebrate’s Redeemer. What’s interesting is that cyber threat firms provide software and services to block such malware, right? So the new threat appears to evade existing defense mechanisms. Isn’t this a circular proposition: Buy more cyber security. Learn about new threats. Ignore the fact that existing systems do not prevent the malware from scoring a home run? Iterate… iterate… iterate.

At some point, a “real news” outfit will identify the low profile engineers engaged in what might be called “flawed bridge engineering.”

Another PR problem is latent. People like the Kardashians are grousing about Instagram. What happens when influencers and maybe some intrepid “real journalists” push back against the firms collecting personal information very few people think of as enormously revelatory. Example: Who has purchased a “weapon” within a certain geofence? Or who has outfitted an RV with a mobile Internet rig? Or who has signed up for a Dark Web forum and accessed it with a made up user name?

Who provides these interesting data types?

The gadget blog is fixated on pregnancy because of the current news magnetism. Unfortunately the pursuit of clicks with what seems really significant does not provide much insight into the third party data businesses in the US, Israel, and other countries.

That’s the looming PR problem. Someone is going to step back and take a look at companies which do not want to become the subject of a gadget blog write up with a 30 plus word headline. In my opinion, that will happen, and that’s the reason certain third party data providers and specialized software and services firms face a crisis. These organizations have to sell to survive, except for a handful supported by their countries’ governments. If that marketing becomes too visible, then the gadget bloggers will out them.

What’s it mean when a cyber threat company hires a former mainstream media personality to bolster the company’s marketing efforts? I have some thoughts. Mine are colored by great sensitivity to the NSO Group and the allegations about its Pegasus specialized software. If these allegations are true, what better way to get personal data than suck it directly from a single target’s or group of targets’ mobile devices in real time?

Here are the chemical compounds in the data lab: The NSO Group-type technology which is increasingly understood and replicated. Gadget bloggers poking around data aggregators chasing ad and marketing service firms. Cyber threat companies trying to market themselves without being too visible.

The building wave is on the horizon, just moving slowly.

Stephen E Arnold, August 10, 2022

FinFisher Videos: How Long Will These Be Available via YouTube?

August 4, 2022

If you are interested in intelware and similar specialized software, you may find the sequence of videos  available at this link interesting. The videos are a decade old, but the basic ideas expressed are applicable today. We spotted this content in Spy News via a Medium post. The visuals in the video compilation are — well — weird. Spy News says:

The videos are for: FinTraining, FinSpy, FinSpy Mobile, FinFly ISP, FinFly LAN, FinFly Web, FinIntrusion Kit (including FinTrack), FinFireWire, and FinUSB.

The jargon in the videos is entertainingly cyber-babble; for example, TrueCrypt container, FinFly, FinIntrusion, etc. An intrepid open source expert may be able to locate other Gamma Group/FinFisher information on the information superhighway. Keep in mind that the procedures in the decade old videos are similar to comparing an electric Ford 150 to a 2011 Ford Ranger.

But why “fin”? Think about sharks near a beach and a GenX or GenY person floating on a rubber raft. The fin is a sign to some that a finny friend is near and might grab lunch.

Stephen E Arnold, August 4, 2022

Accidental News: There Is a Google of the Dark Web.

August 2, 2022

Yesterday one of the research team was playing the YouTube version of TWIT which is Silicon Valley acronym speak for “This Week in Tech.” The program is hosted by a former TV personality and features “experts”. The experts discuss major news events. The August 1, 2022 (captured on July 31, 2022) has the title “The Barn Has Left the Horse — CHIPS Act, Earnings Week, FTC Sues Meta, Twitter Blue Price Hike.” The “experts” fielding questions and allegedly insightful observations by Mr. LaPorte can be viewed at this link. The “experts” on the “great panel” for this program included:

In the midst of recycled information and summaries of assorted viewpoints, there was what I thought was information warranting a bit more attention. You can watch and hear what Dan Patterson says at 2:22:30. A bit of context: Mr. Patterson announced that he is the Editorial Director at Cybersixgill, [supplemental links appear below my name at the foot of this blog post] a firm named after a shark and with, until now, a very low profile. I think the outfit is based in Tel Aviv and it, as I recall, provides what I call specialized software and services to government entities. A few other firms in this particular market space are NSO Group and Voyager Labs, among other. Rightly or wrongly, I think of Herliya as the nerve center for certain types of sophisticated intercept, surveillance, analytic, and stealth systems. Thus, “low profile” is necessary. Once the functionality of an NSO Group-type system becomes known, then the knock on effect is to put Candiru-type firms in the spotlight too. (Other fish swimming unseen in the digital ocean have inspired names like “FinFisher,” “Candiru,” and “Sixgill.”)

So what’s the big news? A CBS technology reported quitting is no big deal. A technology reporter who joins a commercial software and services firm is not a headline maker either.

This is, in my opinion, a pretty remarkable assertion, and I think it should be noted. Mr. Patterson was asked by Mr. LaPorte, “So CyberSixgill is a threat intelligence…” Mr. Patterson added some verbal filler with a thank you and some body movement. Then this…

CyberSixgill is like a Google for the Dark Web.

That’s an interesting comparison because outfits like Kagi and Neva emphasize how different they are from Google. Like Facebook, Google appears to on the path to becoming an icon for generating cash, wild and crazy decisions, and an emblem of distrust.

Mr. Patterson then said:

I don’t want to log roll…. I joined the threat detection company because their technology is really interesting. It really mines the Dark Web and provides a portal into it in ways that are really fascinating.

Several observations:

  1. Mr. Patterson’s simile caught my attention. (I suppose it is better than saying, “My employer is like an old school AT&T surveillance operation in 1941.”
  2. Mr. Patterson’s obvious discomfort when talking about CyberSixgill indicates that he has not yet crafted the “editorial message” for CyberSixgill.
  3. With the heightened scrutiny of firm’s with specialized software causing outfits like Citizens Lab in Toronto to vibrate with excitement and the Brennan Center somewhat gleefully making available Voyager Labs’s information, marketing a company like CyberSixgill may be a challenge. These specialized software companies have to be visible to government procurement officers but not too visible to other sectors.

Net net: For specialized software and services firms in Israel, Zurich, Tyson’s Corner, and elsewhere, NSO Group’s visibility puts specialized software and services company on the horns of a dilemma: Visible but not too visible. These companies cannot make PR and marketing missteps. Using the tag line from a “real” journalist’s lips like “a Google for the Dark Web” is to me news which Mr. LaPorte and the other members of the panel should have noticed. They did not. There you go: “Like a Google for the Dark Web”. That’s something of interest to me and perhaps a few other people.

Stephen E Arnold, August 2, 2022


1 “Sixgill” is the blunt nose “six gill” shark, hexnchoid (Hexanchus griseus). It is big and also called the cow shark by fish aficionados. The shark itself can be eaten.

2 The company’s product is explained at One “product” is a cloud service which delivers “exclusive access to closed underground sources with the most comprehensive, automated collection from the deep and dark Web. The investigative portal delivers the threat intel security teams need: Real time context and actionable alerts along with the ability to conduct cover investigations.” Mr. Patterson may want to include in his list of work tasks some rewriting of this passage. “Covert investigations,” “closed underground sources,” and “automated collection” attract some attention.

3 The company’s blog provides some interesting information to those interested in specific investigative procedures; for example, “Use Case Blog: Threat Monitoring & Hunting.” I noted the word “hunting.”

4 The company received a fresh injection of funding from CrowdStrike, Elron Ventures, OurCrowd, and Sonae. According to CyberGestion, the firm’s total funding as of May 2022 is about $55 million US.

5 The Dark Web, according to my research team, is getting smaller. Thus, what does “deep web”? The term is undefined on the cited CyberSixgill page. “Like Google” suggests more than 35 billion Web pages in its public index. Is this what CyberSixgill offers?

Next Page »

  • Archives

  • Recent Posts

  • Meta