The Future of Twitter Revealed

September 30, 2020

Twitter is an interesting outfit. Forbes (the capitalist tool, I believe) published “Bitcoin and Blockchain Are the Future of Twitter, CEO Jack Dorsey Reveals”. Twitter is an interesting outfit; for example, it has a new chief information security officer. That’s a good idea, maybe too late for some stakeholders, but it is a step forward.

Forbes reports:

Dorsey, who… said bitcoin is “probably the best” native currency of the internet, has previously gone as far as saying bitcoin has the potential to be the world’s sole currency by 2030…. Now, speaking at the virtual Oslo Freedom Forum 2020, Dorsey has said bitcoin and its underlying decentralized blockchain technology are the future of Twitter.

Forbes quotes Twitter’s top management Zen person as saying:

“The whole spirit of bitcoin, for instance, is to provide a trusted system in a distrusted environment, which is the internet,” Dorsey said…. Earlier this month, Dorsey told Reuters bitcoin is “probably the best” native currency of the internet due to bitcoin being “consensus-driven” and “built by everyone.”

Yep, trust.

A couple of observations:

  • Twitter owns a payment system. Perhaps Mr. Dorsey’s confident assertion about the future is influenced by the method of communications and the beneficiary of the digital currency cheerleading?
  • Twitter licenses its data selectively to commercial enterprises developing products and services to assist law enforcement and intelligence agencies. With Bitcoin generally perceived as a lubricant for illegal transactions, what’s Twitter’s goal? (Check out the Geospark Analytics – Twitter deal for some color. Geofeedia has not been as fortunate as the virtual intelware vendor.)
  • How will enhanced Bitcoin capabilities assist bad actors in money laundering and other possibly questionable activities?

DarkCyber finds Twitter fascinating. A half-time CEO, a messaging system which can spark interesting social consequences, and a peculiar way of supporting law enforcement and other groups simultaneously.

Worth monitoring the dualism.

Stephen E Arnold, September 30, 2020

Always: An Alluring Notion

September 30, 2020

DarkCyber ran a short video about a product called the Dronut. It looks like a small flying donut. You can get a link to the company, its patent document, and a snippet of the promotional video for your product at this link at the 10 minute 36 second point in the show.

I was interested in “Why You Should Be Very Skeptical of Ring’s Indoor Security Drone,” an article in IEEE Spectrum. My team and I have done lectures, briefings, and even a book chapter about Amazon’s policeware and intelware activities. I know first hand that no one, not even law enforcement and intelligence officers, care.

In fact, at one digital security conference last year in San Antonio, an attendee — an Air Force intel professional — summed up the attitude of the 100 people in the lecture hall:

My wife loves Amazon. The company may have some interesting technology, but, come on, even my kids depend on Amazon videos. Amazon is not an intelware player.

Not bad for a colonel’s analytic and content processing skills, right?

I am not going to rehash our research about Amazon’s intelligence related services. I want to focus on IEEE Spectrum’s write up; for example, this statement in the article:

Ring, the smart home company owned by Amazon, announced the Always Home Cam, a “next-level indoor security” system in the form of a small autonomous drone. It costs US $250 and is designed to closely integrate with the rest of Ring’s home security hardware and software. Technologically, it’s impressive. But you almost certainly don’t want one.

Clueless? Not completely. The Amazon surveillance drone is not marketed like the Dronut. Plus, the Amazon home surveillance drone is not a standalone product. The Always Home Cam provides the equivalent of a content acquisition “paint by numbers” module to the Amazon intelware infrastructure.

Little patches of data particularized and indexed by time, location, and other metadata can be cross correlated with other information. Some information is unique to Amazon; for example, the “signal” generated by processing payment history, video viewing, and product purchase information for an account holder. The cross-correlation (Amazon’s lingo from one of its blockchain related inventions) makes it possible to perform the type of analytic work associated with intelligence analysis software and subject matter experts.

The article notes:

Ring hasn’t revealed a lot of details on the drone itself, but here’s what we can puzzle out. My guess is that there’s a planar lidar right at the top that the drone uses to localize, and that it probably has a downward-looking camera as well. Ring says that you pre-map the areas that you want the drone to fly in, which works because the environment mostly doesn’t change. It’s also nice that you don’t have to worry about weather, and minimal battery life isn’t a big deal since you don’t need to fly for very long and the recharging dock is always close by. I like that the user can only direct the drone to specific waypoints rather than piloting it directly, which (depending on how well the drone actually performs) should help minimize crashes.

The author is either ignoring UAS characteristics of surveillance devices or unaware of those conventions. The write up does reference to the challenge of avoiding mobile cameras. The parallel between Amazon’s in home UAS and a telepresence robot misses the point. The data, not the device, are the story. At least the author reaches a reasonable conclusion:

But is it worth $250, questionably better security versus cheap static cameras, and a much larger potential for misuse or abuse? I’m not convinced.

If you are interested in a one hour briefing about Amazon’s policeware and intelware initiative, write benkent2020 at yahoo dot com. Someone on the DarkCyber team will respond with options and fees.

On the other hand, why not be like the intel colonel, “What’s the big deal?”

Stephen E Arnold, September 28, 2020

Palantir Technologies: A Problem for Intelware Competitors?

September 24, 2020

The Palantir Technologies initial public offering is looming. Pundits are excited; for example, “Palantir Has A Long Uphill Battle Towards Customer Acquisition, But Benefits From Stickiness And Contract Expansion” makes clear that the journey to profitability may be like the Beatles observed: A long and winding road. Others are focused on churn; for example, “5 things to Know about Palantir’s Upcoming IPO.” DarkCyber’s response: “Just five?”

The issue is intelware. Many companies have tried to convert selling to law enforcement, intelligence agencies, and regulators into a billion dollar software and services business. There are some success stories; for example, Booz Allen fits the bill. The company sells time. The company has its own software, not much, but it exists. The company cheerleads, which is a nice way to say that for money “experts” will talk about promising products from the competitive marketplace.

Palantir is more like Autonomy than a blue-chip consulting firm. Autonomy played the “secret black box” chip with its neuro-linguistic programming. It worked until it did not. The firm licensed its black box to BAE Systems in the 1990s. The Autonomy marketing machine then generated revenue slowly and steadily. Then Autonomy acquired companies and cranked up its sales machine. At “peak Autonomy,” the well managed outfit Hewlett Packard, grabbed a brass ring with Autonomy engraved on it.  The cost was north of $10 billion and years of legal bills. Autonomy was a publicly traded company, and it had a revenue track record dating from 1996. The HP deal was completed in October 2011. That means that the FY2010 data give us an idea about how much secret black box software can generate with “advanced” software, great marketing, and demanding management. The revenue for Autonomy after 15 years was in the neighborhood of $870 million.

7 graph A

One of Palantir Gotham’s innovations: A right mouse click displays a wheel of choices. The interface is definitely jazzier than that of Analyst’s Notebook, now owned by IBM.

Palantir Technologies opened for business in 2003. The company has been in business for 17 years. Yep, that’s two years longer than Autonomy. And what is Palantir’s alleged revenue for the last fiscal year? $742 million. The company’s advantages were the support of Peter Thiel (a Silicon Valley Thor), secrecy, a method for importing ANB files (if you don’t know what this is, well, what can I tell you in a free blog post?), and okay sales and so-so marketing. (One of Palantir’s innovations was a wheel of choices, not Bayesian methods wrapped in mystery.)

If my math is correct, Autonomy generated $128 million more revenue that Autonomy. If one uses 2011 dollars, not the Rona roiled 2020 dollars, the difference is more like $400 million, give or take $20 million or so. Yep, Autonomy appears to have outperformed Palantir: Less time, more revenue.





Let’s take each question.

First, what? The lackluster performance of Palantir Technologies illustrates the difficulty intelware companies, even ones with great advantages like the aforementioned ANB filter, have making really big money quickly. Remember. To generate less revenue than Autonomy, Palantir required $2.6 billion in funding. DarkCyber thinks that patient investors may be nervous about their investment which could melt away like a real snowflake. You can work out the math. Take 17 years of losses, subtract the revenue generated over 17 years, add in some interest just for spice, and mix into a pressurized container containing the fumes of burning a big cash pile. Read more

Alleged Russian Spy Training Information

September 23, 2020

DarkCyber is not sure if the information in “How to Catch a Spy who Uses Numbers Stations? The KGB Experience.” The write up includes an introduction, an alleged translation of Russian information along the lines of “How to Catch a Spy,” and some illustrations. Accurate or shapeshifted? DarkCyber does not know, but the information is interesting.

We noted this passage:

One of the main objectives was to infiltrate Filatovs apartment to add tracking devices and carry out covert search to find objects indicating espionage activity. However, it was impossible at first as the entry door had a difficult lock of foreign origin.

Interesting. Too bad there was no Google Local available to direct the agents to a locksmith.

DarkCyber was intrigued by this passage:

This case was chosen by KGB educators as an exemplary case on how to discover an agent who is using radio signals, how to prove it, how to secure evidence and how to arrest both the Soviet CIA agent and his embassy handler.

Relevant to the world of mobile phones, encrypted chat, “in plain site” posts on social media forums, and anonymous text messages on a pastesite?


Stephen E Arnold, September 23, 2020

Palantir: Will Investors Embrace Intelware Outfit Generating Consistent, Substantial Losses for More Than a Decade?

September 11, 2020

The stock market is chugging along, fueled by greed, the Rona, and a need to fuel the 21st-century F. Scott Fitzgerald gestalt. “Palantir Is Being Valued around $10.5 billion ahead of Direct Listing as Investors Question Growth Story” includes some interesting information about Palantir, an intelware startup which is only 17 years old, losing money, and shrouded in mysterious behavior.

The write up states:

Palantir said in its updated prospectus on Wednesday that it has 1.64 billion shares outstanding, as of Sept. 1 [2020]. Based on the average private market transaction price in the latest quarter of $6.45 a share, the company is being valued by investors at just over $10.5 billion. That’s far below Palantir’s valuation of $20.4 billion in a 2015 funding round.

Is “far below” a signal?

The write up notes:

In July, Palantir raised $410.5 million by selling shares at $4.75 a piece, according to the filing, which comes out to a valuation of about $7.8 billion. Transactions during the quarter took place at anywhere from $4.17 a share to $11.50 a share, suggesting a range of $6.83 billion to $18.8 billion. The math gets even fuzzier when considering that Palantir had a reported valuation of $20.4 billion in 2015, when the share price was $11.38. That price, based on the supplied share count as of Sept. 1, would indicate a current valuation of $18.6 billion.


But the losses need to be viewed differently; for example:

Palantir wants investors to concentrate on what the company calls its contribution margin, or the revenue left after subtracting the costs it bears to generate sales. That number climbed to 55% in the second quarter from 18% a year earlier.

I don’t recall “contribution margin” from my economics class in 1962.

The write up points out:

Palantir has only 125 customers that spent on average $5.6 million each in 2019. Glazer says the company’s products and sales strategies are “in their infancies.”

DarkCyber believes that Palantir’s trajectory over the last decade makes clear that there is a glass ceiling for software and services centric solutions. If our data are semi-accurate, Palantir is unlikely to grow in a way to repay its investors or achieve profitability in a highly competitive market sector.

Interesting play in the time of Rona, constrained budgets in government agencies, and a hint of financial desperation in some allied sectors.

Stephen E Arnold, September 11, 2020

Lucky Ukraine: A Data Bomb Test Site

June 26, 2020

Russia surprised the world when Putin ordered his soldiers to invade Ukraine and annex Crimea. Putin’s actions against the Ukraine are not the only modern war stories circling Russia. The Small Wars Journal examines how the Great Bear could be conducting a futuristic warfare using technology: “Russia In Ukraine 2013-2016: The Application Of New Type Warfare Maximizing The Exploitation Of Cyber, IO, and Media.”

Russia could be masters of cyber and information warfare tp support militaristic/political objectives against domestic and international enemies. The thesis study reads logically, but also Russia’s recent actions support it:

“The Russians were able to use Ukraine operations as a test for New Generation Warfare (NGW) to enhance the deep battle concept. Russia has adeptly executed deep battle, creating time and space to effectively employ limited ground forces and special operations to achieve desired effects. The employment of the cyber domain created windows of opportunity for success and simultaneous execution of offensive and defensive tasks across the strategic and operational levels and other domains. Additionally, the cyber capabilities employed allowed the Russians to achieve three critical strategic effects; 1) troop levels were minimized through integrated cyber operations and operational advantage gained; 2) Russian leadership maintained plausible deniability through effective cyber and information operations delaying international intervention; 3) cyber operations achieved desired effects and kept the threshold for violence below an international outcry for intervention or interference allowing the Russians to achieve the strategic objective to control key terrain in Ukraine.”

While Russia remains the punch line for jokes about international affairs, the country is not a laughing matter as history shows. Under Putin’s leadership, Russia proves to be masterful at manipulating multiple information sources: TV, Internet, radio, etc. to cover their rears while executing desired. Russia has invested capital in homegrown technology, instead of relying on foreign made.

Russia used its cyber forces to overwhelm the Ukraine with malware and disinformation through media channels to annex the Crimean territory. It was a brilliant, mostly bloodless tactic, because Ukraine does not have the technology nor physical forces to fend off the Great Bear. Smaller countries, especially in Eastern Europe and Asia, remain sitting ducks if the enter Russia’s crosshairs.

The biggest issue is proving Russia’s culpability and whether the country will be held accountable. Russia’s more militaristic past still casts shadows on its current society, but Russian citizens are not in favor of being a military power again. Like the rest of the world, they want to live a steady, peaceful life.

Whitney Grace, June 26, 2020

NSO Group: More Publicity than Lady Gaga?

June 22, 2020

I want to note briefly the story “Days After New Human Rights Policy, NSO Client Hacked an Activist.” It is clear that the “real news” outfit Motherboard Vice is paying close attention to intelware vendor NSO Group. What’s interesting is that the “real news” hounds have not sniffed around the shoes of other vendors of specialized services. There are hundreds of them, and many of these companies mark their territory with fascinating information. There are videos on YouTube of drones identifying cows about the cross the border into the US. Facial recognition systems with accuracy rates below 50 percent. There are information services which index more contraband sources than a dedicated 15 year old can locate in a month from his parents’ basement.

The NSO beat is predictable. Specialized company licenses technology to a country or shady and mysterious organization. System is used to reveal information. “Real news” outfits report on this terrible transgression. Repeat.

The current story states:

Just three days after controversial surveillance vendor NSO Group announced its new human rights policy, saying that clients can only use the company’s products to combat serious crime and to ensure that they’re not used to violate human rights, a likely Moroccan government agency hacked the phone of a human rights defender using NSO malware, according to a new technical report from Amnesty International.

DarkCyber’s view is that when specialized software vendors hire sales professionals, those sales professionals are like beavers. Beavers do what beavers do; that is, gnaw through trees and build a dam to create a cash pile.

Net net: There are other vendors to monitor. DarkCyber is suffering from NSO Group fatigue. News flash: Other vendors are larger, have more interesting products, and service larger customers. Maybe expand your view to cover intelware without the fixation and repetition of the NSO Group story? Hint: Most specialized software vendors remain true to their corporate vision and, like leopards, rarely change their spots. How about a cross between a beaver and a leopard? What’s that animal do? Bite journalists? Possibly.

Stephen E Arnold, June 22, 2020

NSO Group and Its Covid Tracker

May 30, 2020

As the COVID-19 virus globally spread, people want know where it is, when an individual was infected, and other pertinent information. Two week self-imposed isolation periods are mandatory for most potential carriers, but that is not enough to ease worried minds. TechCrunch reports that, “A Passwordless Server Run By Spyware Maker NSO Sparks Contact-Tracing Privacy Concerns.”

NSO is an Israeli company known for making mobile hacking tools. The company developed a COVID-19 app that tracks carriers. A security researcher discovered NSO’s content-tracing project “Fleming” online, he contacted them and NSO removed it. Fleming most likely contained fake data. The project was most likely a demonstration of NSO’s technology, but it still causes concern that people’s personal data is kept in a centralized database without proper security measures. The Israeli government has not approved usage of Fleming yet.

When the COVID-19 outbreak worsened in March, the Israeli government granted its security service Shin Bet unprecedented access to collecting mobile phone data to track potential infections. Fleming was one of two systems the government working on and NSO said it used location data purchased from data brokers. Data brokers sell data amassed from apps that collect and sell user data.

Content-tracking apps are beneficial during the pandemic, but an individual’s privacy should be taken into consideration. There are ways to have these apps and protect privacy rights:

“Most countries are favoring decentralized efforts, like the joint project between Apple and Google, which uses anonymized Bluetooth signals picked up from phones in near proximity, instead of collecting cell location data into a single database. Bluetooth contact tracing has won the support of academics and security researchers over location-based contact-tracing efforts, which they say would enable large-scale surveillance.”

NSO has possible ties to the Middle East, including an allegation that the Saudi Arabian government used the company’s Pegasus software to compromise Jeff Bezo’s cell phone. There is also a current legal battle that NSO built a hacking tool for Facebook’s WhatsApp. NSO Group is a provider of specialized services to government entities.

Whitney Grace, May 30, 2020

4iQ Amps Up Its Marketing

May 28, 2020

It is all about volume. Though most of us delete the ubiquitous “sextortion” emails with little thought but a passing sense of distaste, enough victims fork over Bitcoin to make it a lucrative scam. 4iQ’s blog examines the tactic in, “Demystifying ‘Sextortion’ & Blackmail Scams.”

Lest you, dear reader, are so fortunate as to be unfamiliar with such emails, the post includes examples. Dripping scorn for those who would exploit fears and threaten people during a pandemic, writer ClairelfEye explains these deceivers purchase real email addresses and passwords stolen in one of the large-scale data breaches that have become all too common. They then leverage this information to convince marks they possess more, very personal, details. She writes:

“I reached out to my social networks to see if this is widespread, and sure enough, many people confirmed that they — or someone they know — have received these types of scams in the past five weeks. … While most people get annoyed, roll their eyes and delete these blackmail e-mails, this is a numbers game. There will be a few people that fall for these low-level scams. Out of the many sextortion scams forwarded to me by friends and family, one [Bitcoin] address received 0.270616 BTC, which equals $2,082.03 USD as of April 27, 2020.”

Regarding the data breaches that make this scam possible, ClairelfEye explains:

“Working at 4iQ, I am almost too aware of data breaches happening on a daily basis. We investigate, validate and report on breached data every day. In fact, I can probably accurately surmise that this scammer got my email and clear text password in the 1.4 billion clear text credentials trove our breach hunters found back in 2017. Same goes for many of the forwarded scam emails I received. Interesting to see this information run full circle.”

The author’s colleague Alberto Casares, she tells us, is aggregating, investigating, and reporting on these extortion attempts. To participate, receivers of such emails can send them to Dubbing itself the “Adversary Intelligence Company,” 4iQ offers consumer protection products and curates and normalizes compromised identities to help combat fraud and other crimes. Founded in 2016, the company is based in Los Altos, California.

Another specialized services firm amps up its marketing. This quest for sales and venture funding may be a trend.

Cynthia Murrell, May 28, 2020

Policeware Marketing: Medium Blog Post a Preferred Channel

May 27, 2020

Just a short note. Sintelix, a developer of policeware, published a white paper called “Sintelix – The Text Intelligence Solution.” The document is available on Medium, a popular publishing platform. The white paper / product description is about 1,500 words in length. The article contains illustrations, diagrams, and lists. One of the DarkCyber team said, “It reads like a product brochure.” I thought the information was useful. The Sintelix decision to use Medium is one additional example of the stepped up marketing policeware and intelware vendors are taking. Shadowdragon is using Twitter to promote its policeware system. Palantir Technologies’ CEO has used public forums and video to explain use cases for its investigative and analytic system. LookingGlass has moved forward with online demonstrations and webinars for potential licensees of its cyber system.


  1. Tradition has dictated that vendors of specialized services developed for law enforcement and intelligence agencies market via personal contacts or restricted/classified events. The fierce competition for available government contracts may be forcing a change.
  2. Face-to-face events like breakfasts, brown bag presentations, and lectures for LE and intel professionals may be difficult to supplement with online-only initiatives. Plus, there is the danger of webinar fatigue or the sign up and no show problem. Security is also a consideration because some attendees may not be whom they purport to be on registration form.
  3. Expanded visibility like that achieved by NSO Group may have unexpected consequences. Some government procurement processes shy away from high-profile vendors. As a result, obtaining information about the activities of a Leidos, for example, is difficult. Increased visibility may repel some potential customers.

The shift in marketing, no matter how minor, is important. The downstream consequences of visibility are difficult to predict because conference organizers, procurement processes, customers who prefer face-to-face interactions, and similar pre Rona methods may no longer work as well.

Stephen E Arnold, May 27, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta