NSO: Back in the News Again

April 3, 2020

Let’s assume that the Beeb is on the money. “Coronavirus: Israeli Spyware Firm Pitches to Be Covid 19 Saviors” is a bit of British snark. First, the word “coronavirus” is newsy, and it is clickbait. Second, “Israeli spyware pitches” converts the use of specialized software into a carnival barker’s shout. (One might ask, “Why?” I think I know the answer. The British Cervantes is on the gallop perhaps?)

The point of the story which contains some loaded words like “controversial” is that NSO has technology which can assist governments in gathering useful information about the virus. The write up states after the Beeb explains that Facebook and NSO are in a legal wrestling match:

NSO says its employees will not have access to any data, but its software will work best if a government asks local mobile phone operators to provide the records of every subscriber in the country. Each person known to be infected with Covid-19 could then be tracked, with the people they had met and the places they had visited, even before showing symptoms, plotted on a map.

Scary, ominous, Orwellian, something that British government agencies would never, ever in a million years consider.

The reality is that monitoring a population is happening in quite a few countries. Perhaps even merrie olde Land of the Angles?

A news story is okay. Shading the coverage to advance the agenda “NSO is just not such a fine piece of British wool” is unsettling — possibly more so than specialized service firms’ software.

Stephen E Arnold, April 3, 2020

MiningLamp Technology: Another Palantir?

March 30, 2020

DarkCyber found “China’s Palantir MiningLamp Raises US$300 Million in Funding Round Co-Led by Temasek, Tencent” intriguing. Palantir Technologies, a company providing commercial and government services, has obtained about $2 billion in funding since it was founded in 2003. Furthermore, Palantir in the past 17 years has worked to become the Analyst Notebook and BAE NetReveal for some of its clients. Note that Analyst Notebook was founded in the early 1990s and BAE’s initial intelware products date from a few years later. In short, MiningLamp wants to become:

  1. A company that requires decades to gain momentum
  2. A company that requires billions in funding or the support of a giant industrialized services firm like BAE to survive
  3. Expert lobbying to spark and obtain government contracts
  4. Remain out of the public spotlight while endeavoring to displace products that are long in the tooth.

Does this make sense? Of course, the MiningLamp operation wants to be a global software and services company. The backers of MiningLamp want to have a seat at the table when certain types of projects are planned and executed.

The write up does not point out these rather obvious facts. DarkCyber learned:

Founded in 2014, MiningLamp gained initial success by offering online ad performance evaluations and fraud detection services for advertisers, before expanding the business to industries such as public security, smart cities, finance, logistics, entertainment, retail and manufacturing.

What’s MiningLamp’s technology deliver?

Although not as well known as US equivalent Palantir Technologies, which reportedly contributed to America’s success in hunting down Osama bin Laden, MiningLamp’s data mining software is used to spot crime patterns, track drug dealers and prevent human trafficking.

Plus, the write up points out:

The company’s software enables users to search huge volumes of heterogeneous data – information with a great variety of types and formats – and process that into actionable knowledge and insight using a combination of proprietary data management tools.

The interesting point is that advertising technology leads to a Palantir metaphor. The second fact is that the funding is anchored in Singapore and the allegedly independent company Tencent. There’s no reference to any other funding, including funding from Chinese government entities or fellow travelers. Finally, Singapore has become a hub for many companies engaged in Palantir-like activities. Need a bagel? Singapore has them because there are quite a few foreign nationals who crave this food essential.

Now how much revenue can specialized software companies generate. Analyst Notebook, BAE NetReveal, Recorded Future, and similar firms do generate revenues, but none of these companies bang into glass ceilings and walls. For example, how many government agencies are there that can pay hundreds of thousands of dollars and dedicate personnel to using these intelware systems? Are there other benefits to companies in the intelware business? The market for intelware is tough to move laterally. Talk about intelware methods and customers in non-government sectors, and many of the prospects get really nervous. There are good reasons.

Is MiningLamp another Palantir? Sure, it will require large amounts of cash, lobbyist support, and funding the peculiar and costly intelware marketing puzzle.

There are interesting facets to the MiningLamp effort, but DarkCyber does not think the answer will be found in providing Bluedot-type services or morphing into an outfit like Palantir Technologies. Palantir, DarkCyber recalls, has experienced employee protests, litigation with Analyst Notebook related to reverse engineering the ANB file format, and bureaucratic scuffles with procurement professionals.

Another Palantir? Maybe, maybe not. Those writing checks for $300 million may be surprised at the intelware market’s behavior. Will the Five Eyes sign up for MiningLamp licenses? Maybe, maybe not.

Stephen E Arnold, March 30, 2020

TikTok, TikTok: What Does That Sound Mean?

March 30, 2020

DarkCyber noted “TikTok, a Chinese Soft Power Time Bomb in US Living Rooms.” The SCMP is, of course, an independent, real news outfit. The use of the B work in the headline is not accidental. Maybe it is one of those warnings or messages hidden in plain sight. A digital purloined letter is one possibility.

Zoom, partially backed by investors from China, is another video outfit. “Zoom iOS App Sends Data to Facebook Even If You Don’t Have a Facebook Account” reports that video can be an interesting service to provide.

The SCMP article reports:

Privacy advocates and several US congressmen want to rein in the app over concerns it may censor and monitor content for the Chinese government, and be used for misinformation and election interference. This despite the fact that TikTok keeps its servers outside China and swears it will not hand over user data.

Would a Chinese company ignore a government order? Yeah, well, sure in bizarro world.

Zoom, on the other hand, shares data:

What the company and its privacy policy don’t make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don’t have a Facebook account…

Now a few questions:

  1. What data are sent where?
  2. With Chinese influence in both TikTok and Zoom what information finds its way (directly or indirectly) to Chinese data pools?
  3. Why are video services presumed to be innocent, just for fun services when Amazon, Facebook, Google, and other firms are essentially in the data collection and analysis business?

Yesterday a person with a mostly technical work history asked me why my Zoom account is listed under the name of a couple of my dogs and a defunct cigarette brand?

Now you know. A standalone computer. A separate Internet connection. An alias. A drug store debit card. These make me feel a little bit more secure when DarkCyber has to do a video conference call.

Maybe we will create a 30 second video about Zoom, Chinese influence, and data leakage? That’s good for eight or nine views.

Stephen E Arnold, March 30, 2020

Clearview: More Tradecraft Exposed

March 26, 2020

After years of dancing around the difference between brain dead products like enterprise search, content management, and predictive analytics, anyone can gain insight into the specialized software provided by generally low profile companies. Verint is publicly traded. Do you know what Verint does? Sure, look it up on Bing or Google.

I read with some discomfort “I Got My File From Clearview AI, and It Freaked Me Out.”

Here are some factoids from the write up. Are these true? DarkCyber assumes that everything the team sees on the Internet meets the highest standards of integrity, objectivity, and truthiness. DarkCyber’s comments are in italic:

  1. “Someone really has been monitoring nearly everything you post to the public internet. And they genuinely are doing “something” with it. The someone is Clearview AI. And the something is this: building a detailed profile about you from the photos you post online, making it searchable using only your face, and then selling it to government agencies and police departments who use it to help track you, identify your face in a crowd, and investigate you — even if you’ve been accused of no crime.”
  2. “Clearview AI was founded in 2017. It’s the brainchild of Australian entrepreneur Hoan Ton-That and former political aide Richard Schwartz. For several years, Clearview essentially operated in the shadows.”
  3. “The Times, not usually an institution prone to hyperbole, wrote that Clearview could “end privacy as we know it.” [This statement is a reference to a New York Times intelware article. The New York Times continues to hunt for real news that advances an agenda of “this stuff is terrible, horrible, unconstitutional, pro anything the NYT believes in, etc.”]
  4. “the company [Clearview] scrapes public images from the internet. These can come from news articles, public Facebook posts, social media profiles, or multiple other sources. Clearview has apparently slurped up more than 3 billion of these images.” [The images are those which are available on the Internet and possibly from other sources; for example, commercial content vendors.]
  5. “The images are then clustered together which allows the company to form a detailed, face-linked profile of nearly anyone who has published a picture of themselves online (or has had their face featured in a news story, a company website, a mug shot, or the like).” [This is called enrichment, context, or machine learning indexing and — heaven help DarkCyber — social graphs or semantic relationships. Jargon varies according to fashion trends.]
  6. “Clearview packages this database into an easy-to-query service (originally called Smartcheckr) and sells it to government agencies, police departments, and a handful of private companies….As of early 2020, the company had more than 2,200 customers using its service.” [DarkCyber wants to point out that law enforcement entities are strapped for cash, and many deals are little more than proofs-of-concept. Some departments cycle through policeware and intelware in order to know what the systems do versus what the marketing people say the systems do. Big difference? Yep, yep.]
  7. “Clearview’s clients can upload a photo of an unknown person to the system. This can be from a surveillance camera, an anonymous video posted online, or any other source.”
  8. “In a matter of seconds, Clearview locates the person in its database using only their face. It then provides their complete profile back to the client.”

Now let’s look at what the write up reported that seemed to DarkCyber to be edging closer to “real news.”

This is the report the author obtained:


The article reports that the individual who obtained this information from Clearview was surprised. DarkCyber noted this series of statements:

The depth and variety of data that Clearview has gathered on me is staggering. My profile contains, for example, a story published about me in my alma mater’s alumni magazine from 2012, and a follow-up article published a year later. It also includes a profile page from a Python coders’ meet up group that I had forgotten I belonged to, as well as a wide variety of posts from a personal blog my wife and I started just after getting married. The profile contains the URL of my Facebook page, as well as the names of several people with connections to me, including my faculty advisor and a family member (I have redacted their information and images in red prior to publishing my profile here).

The write up includes commentary on the service, its threats to individual privacy, and similar sentiments.

DarkCyber’s observations include:

  • Perhaps universities could include information about applications of math, statistics, and machine learning in their business and other courses? At a lecture DarkCyber gave at the University of Louisville in January 2019, cluelessness among students and faculty was the principal takeaway for the DarkCyber team.
  • Clearview’s technology is not unique, nor is it competitive with the integrated systems available from other specialized software vendors, based on information available to DarkCyber.
  • The summary of what Clearview does captures information that would have been considered classified and may still be considerate classified in some countries.
  • Clearview does not appear to have video capability like other vendors with richer, more sophisticated technology.

Why did DarkCyber experience discomfort? Some information is not — at this time or in the present environment — suitable for wide dissemination. A good actor with technical expertise can become a bad actor because the systems and methods are presented in sufficient detail to enable certain activities. Knowledge is power, but knowledge in the hands of certain individuals can yield unexpected consequences. DarkCyber is old fashioned and plans to stay that way.

Stephen E Arnold, March 26, 2020

Contact Tracing: A Tradecraft Component Released as Open Source Software

March 25, 2020

DarkCyber does not want to beat the drum about keeping some information from finding its way into general circulation. We want to point to “Singapore Government to Make Its Contact Tracing App Freely Available to Developers Worldwide.” The article states:

the Government [of Singapore] will be making the software for its contact-tracing application TraceTogether, which has already been installed by more than 620,000 people, freely available to developers around the world.

With the code in open source, those with some technical skill can develop, enhance, expand, and implement some of the features of TraceTogether.


The article points out:

the TraceTogether app can identify people who have been within 2m of coronavirus patients for at least 30 minutes, using wireless Bluetooth technology.

The article includes a how to graphic. The method revealed in the diagram, in the opinion of DarkCyber, seems similar to specialized tools available but in close hold mode for a number of years.

DarkCyber chooses to let the article speak for itself and you, gentle reader, to formulate your own upsides and downsides to the information disclosed by the Straits Times.

Stephen E Arnold, March 25, 2020

Wolfram Mathematica

March 19, 2020

DarkCyber noted “In Less Than a Year, So Much New: Launching Version 12.1 of Wolfram Language & Mathematica” contains highly suggestive information. Yes, this is a mathy program. The innovations are significant for analysts and some government professionals. To cite one example:

I’ve been recording hundreds of hours of video in connection with a new project I’m working on. So I decided to try our new capabilities on it. It’s spectacular! I could take a 4-hour video, and immediately extract a bunch of sample frames from it, and then—yes, in a few hours of CPU time—“summarize the whole video”, using SpeechRecognize to do speech-to-text on everything that was said and then generating a word cloud…

DarkCyber reacts positively to other additions and enhancements to the Mathematica “system.” Version 12.1 will make it easier to develop specific functions for policeware and intelware use cases.

Remarkable because the “system” can geo-everything. That’s important in many situations.

Stephen E Arnold, March 19, 2020

Israel and Mobile Phone Data: Some Hypotheticals

March 19, 2020

DarkCyber spotted a story in the New York Times: “Israel Looks to Repurpose a Trove of Cell Phone Data.” The story appeared in the dead tree edition on March 17, 2020, and you can access the online version of the write up at this link.

The write up reports:

Prime Minister Benjamin Netanyahu of Israel authorized the country’s internal security agency to tap into a vast , previously undisclosed trove of cell phone data to retract the movements of people who have contracted the corona virus and identify others who should be quarantined because their paths crossed.

Okay, cell phone data. Track people. Paths crossed. So what?

Apparently not much.

The Gray Lady does the handwaving about privacy and the fragility of democracy in Israel. There’s a quote about the need for oversight when certain specialized data are retained and then made available for analysis. Standard journalism stuff.

DarkCyber’s team talked about the write up and what the real journalists left out of the story. Remember. DarkCyber operates from a hollow in rural Kentucky and knows zero about Israel’s data collection realities. Nevertheless, my team was able to identify some interesting use cases.

Let’s look at a couple and conclude with a handful of observations.

First, the idea of retaining cell phone data is not exactly a new one. What if these data can be extracted using an identifier for a person of interest? What if a time-series query could extract the geolocation data for each movement of the person of interest captured by a cell tower? What if this path could be displayed on a map? Here’s a dummy example of what the plot for a single person of interest might look like. Please, note these graphics are examples selected from open sources. Examples are not related to a single investigation or vendor. These are for illustrative purposes only.


Source: Standard mobile phone tracking within a geofence. Map with blue lines showing a person’s path. SPIE at https://bit.ly/2TXPBby

Useful indeed.

Second, what if the intersection of two or more individuals can be plotted. Here’s a simulation of such a path intersection:


Source: Map showing the location of a person’s mobile phone over a period of time. Tyler Bell at https://bit.ly/2IVqf7y

Would these data provide a way to identify an individual with a mobile phone who was in “contact” with a person of interest? Would the authorities be able to perform additional analyses to determine who is in either party’s social network?

Third, could these relationship data be minded so that connections can be further explored?

Image result for analyst notebook mapping route

Source:  Diagram of people who have crossed paths visualized via Analyst Notebook functions. Globalconservation.org

Can these data be arrayed on a timeline? Can the routes be converted into an animation that shows a particular person of interest’s movements at a specific window of time?


Source: Vertical dots diagram from Recorded Future showing events on a timeline. https://bit.ly/39Xhbex

These hypothetical displays of data derived from cross correlations, geotagging, and timeline generation based on date stamps seem feasible. If earnest individuals in rural Kentucky can see the value of these “secret” data disclosed in the New York Times’ article, why didn’t the journalist and the others who presumably read the story?

What’s interesting is that systems, methods, and tools clearly disclosed in open source information is overlooked, ignored, or just not understood.

Now the big question: Do other countries have these “secret” troves of data?

DarkCyber does not know; however, it seems possible. Log files are a useful function of data processes. Data exhaust may have value.

Stephen E Arnold, March 19, 2020

Medical Surveillance: Numerous Applications for Government Entities and Entrepreneurs

March 16, 2020

With the Corona virus capturing headlines and disrupting routines, how can smart software monitoring data help with the current problem?

DarkCyber assumes that government health professionals would want to make use of technology that reduced a Corona disruption. Enforcement professionals would understand that monitoring, alerting, and identifying functions could assist in spotting issues; for example, in a particular region.

What’s interesting is that the application of intelware systems and methods to health issues is likely to become a robust business. However, despite the effective application of established techniques, identifying signals in a stream of data is an extension of innovations reaching back to i2 Analyst Notebook and other sensemaking systems in wide use in many countries’ enforcement and intelligence agencies.

What’s different is the keen attention these monitoring, alerting, and identifying systems are attracting.

Let’s take one example: Bluedot, a company operating from Canada. Founded by  an infectious disease physician, Dr. Kamran Kahn. This company was one of the first firms to highlight the threat posed by the Coronavirus. According to Diginomica, BlueDot “alerted its private sector and government clients about a cluster of unusual pneumonia cases happening around a market in Wuhan, China.”


BlueDot, founded in 2013, combined expertise in infectious disease, artificial intelligence, analytics, and flows of open source and specialized information. “How Canadian AI start-up BlueDot Spotted Coronavirus before Anyone Else Had a Clue” explains what the company did to sound the alarm:

The BlueDot engine gathers data on over 150 diseases and syndromes around the world searching every 15 minutes, 24 hours a day. This includes official data from organizations like the Center for Disease Control or the World Health Organization. But, the system also counts on less structured information. Much of BlueDot’s predictive ability comes from data it collects outside official health care sources including, for example, the worldwide movements of more than four billion travelers on commercial flights every year; human, animal and insect population data; climate data from satellites; and local information from journalists and healthcare workers, pouring through 100,000 online articles each day spanning 65 languages. BlueDot’s specialists manually classified the data, developed a taxonomy so relevant keywords could be scanned efficiently, and then applied machine learning and natural language processing to train the system. As a result, it says, only a handful of cases are flagged for human experts to analyze. BlueDot sends out regular alerts to health care, government, business, and public health clients. The alerts provide brief synopses of anomalous disease outbreaks that its AI engine has discovered and the risks they may pose.

DarkCyber interprets BlueDot’s pinpointing of the Corona virus as an important achievement. More importantly, DarkCyber sees BlueDot’s system as an example of innovators replicating the systems, methods, procedures, and outputs from intelware and policeware systems.

Independent thinkers arrive at a practical workflow to convert raw data into high-value insights. BlueDot is a company that points the way to the future of deriving actionable information from a range of content.

Some vendors of specialized software work hard to keep their systems and methods confidential and in some cases secret. Now a person interested in how some specialized software and service providers assist government agencies, intelligence professionals, and security experts can read about BlueDot in open source articles like the one cited in this blog post or work through the information on the BlueDot Web site. The company wants to hire a surveillance analyst. Click here for information.

Net net: BlueDot provides a template for innovators wanting to apply systems and methods that once were classified or confidential to commercial problems. Business intelligence may become more like traditional intelligence more quickly than some anticipated.

Stephen E Arnold, March 16, 2020

Banjo: A How To for Procedures Once Kept Secret

March 13, 2020

DarkCyber wrote about BlueDot and its making reasonably clear what steps it takes to derive actionable intelligence from open source and some other types of data. Ten years ago, the processes implemented by BlueDot would have been shrouded in secrecy.

From Secrets to Commercial Systems

Secret and classified information seems to find its way into social media and the mainstream media. DarkCyber noted another example of a company utilizing some interesting methods written up in a free online publication.

DarkCyber can visualize old-school companies depending on sales to law enforcement and the intelligence community asking themselves, “What’s going on? How are commercial firms getting this know how? Why are how to and do it yourself travel guides to intelligence methods becoming so darned public?”

It puzzles DarkCyber as well.

Let’s take a look at the revelations in “Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media.” The write up explains:

  • A company called Pink Unicorn Labs created apps which obtained information from users. Users did not know their data were gathered, filtered, and cross correlated.
  • Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. The developer of the apps was Pink Unicorn. Banjo CEO Damien Patton created Pink Unicorn.
  • Why create apps that seemed to do one while performing data inhalation: “Dataminr received an investment from Twitter. Dataminr has access to the Twitter fire hose. Banjo, the write up says, “did not have that sort of data access.” The fix? Create apps that sucked data.
  • The apps obtained information from Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo.
  • The article points out: “Once users logged into the innocent looking apps via a social network OAuth provider, Banjo saved the login credentials, according to two former employees and an expert analysis of the apps performed by Kasra Rahjerdi, who has been an Android developer since the original Android project was launched. Banjo then scraped social media content.”
  • The write up explains, Banjo, via a deal with Utah, has access to the “state’s traffic, CCTV, and public safety cameras. Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time.”

Why social media? On the surface and to most parents and casual users of Facebook, Twitter, and YouTube, there are quite a few cat posts. But via the magic of math, an analyst or a script can look for data which fills in missing information. The idea is to create a record of a person, leave blanks where desirable information is not yet plugged in, and then rely on software to spot the missing item. How is this accomplished? The idea is simple. One known fact appears in the profile and that fact appears in another unrelated item of content. Then the correlated item of content is scanned by a script and any information missing from the profile is plugged in. Using this method and content from different sources, a clever system can compile a dossier on an entity. Open source information yields numerous gems; for example, a cute name applied to a boy friend might become part of a person of interest’s Dark Web handle. Phone numbers, geographic information, friends, and links to other interesting content surface. Scripts work through available data. Data can be obtained in many ways. The methods are those which were shrouded in secrecy before the Internet started publishing essays revealing what some have called “tradecraft.”

Net Net

Banjo troubles DarkCyber on a number of levels:

  1. Secrecy has significant benefits. Secrets, once let loose, have interesting consequences.
  2. Users are unaware of the risks apps pose. Cluelessness is in some cases problematic.
  3. The “now” world looks more like an intelligence agency than a social construct.

Stephen E Arnold, March 13, 2020

DCGS: Palantir and BAE Seem to Be Winners

March 9, 2020

DarkCyber noted “BAE, Palantir Earn Spots on $823M Army Contract.” The Distributed Common Ground System Army has an interesting history. To make a long story short, DCGS chugs along. BAE System will compete for task orders with Palantir.

The write up reports:

That system provides the Army with intelligence from multiple sources over networks of varying security levels and includes “laptops and desktops, fixed, portable and vehicle-mounted servers, and ground stations to receive, share and store collected intelligence” and software programs to analyze and share that information.

According to the US Army:

DCGS-A connects Soldiers to the Intelligence Community, other Services, multiple joint intelligence, surveillance and reconnaissance (ISR) platforms and sensors and Army Mission Command systems. It gives commanders the ability to view ISR information in one place. It also integrates that information into tools that can support intelligence development.

The key point is that DCGS A becomes a “model” approach for other military branches as well as for some of the US government’s enforcement entities.

Stephen E Arnold, March 9, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta