ShadowDragon Profiled by Esteemed Tech Expert Kim Komando

January 13, 2022

This is an interesting turn of events. Policeware vendor ShadowDragon has been profiled by computer guru-ette Kim Komando on her Tech Refresh podcast episode, “Software Tracking Everything You Do, New iPhone, Alexa on Wheels.” The video’s description reads:

“Have you heard of ShadowDragon? It collects data from 120 major sites going back a decade. Yes, 10 years of info about YOU. Plus, the iPhone 13 and iOS 15 are here, along with Amazon’s new smart home gear, including Astro, the Echo on wheels.”

Yes, we have heard of ShadowDragon. The security company mines data from more than 120 social-media websites, archives results for a decade, and shares the information with its law-enforcement clients around the world. ShadowDragon boasts its software can take an investigation down “from months to minutes.” The podcast starts discussing the company at timestamp 13:05, warning one would have to refrain from social media altogether to avoid its reach. The inclusion seems to support our prediction that reporters are becoming more aware of, and reporting more on, such specialized service vendors. This will make it harder for such firms to keep their generally preferred low profiles. Based in Cheyenne, Wyoming, ShadowDragon was founded in 2015.

For those curious, that podcast episode also discussed the newest iPhones, covered some weird news stories, and reviewed smart floodlights, among other wide-ranging topics. Their coverage of Amazon’s Astro home robot caught the attention of this Alexa-wary writer—apparently the device is so thirsty to identify folks with facial recognition it will (if left in “patrol” mode) follow guests around until it can identify them. It also, according to Motherboard, tracks everything owners do.

Cynthia Murrell, January 13, 2021

Foreshadowing 2022: Specialized Software Companies May Face Bumps in the Information Highway

January 6, 2022

At one international intelligence conference, representatives of NSO Group were in good humor. The revelations about the use of their Pegasus system were, according to one person in attendance, great marketing. It struck me that this person who was sharing his impressions with me about NSO Group’s participation in a cocktail party, did not appreciate the power of marketing.

Specialized software vendors are now becoming part of the software landscape. “Former US Intelligence Analysts Sued For Hacking A Saudi Activist’s Phone On Behalf Of The United Arab Emirates” reports that there are risks to those who sign on to work for certain firms who obtain access to quite interesting software, tools, and and systems which allow confidential information to be made un-confidential.

The write up explains:

Three former US intelligence community analysts (two of which worked for the NSA) were fined $1.68 million for utilizing powerful hacking tools to target dissidents, activists, journalists, and the occasional American citizen for the UAE government.

Additional lawsuits are likely to be filed.

Here’s my take on the specialized software vendors in 2022:

  • Scrutiny and discussion of the companies providing governments with sophisticated surveillance and intelligence gathering systems will increase
  • The attention is going to make clear additional details about how these tools and systems accomplish their tasks. That information is going to diffuse. Actors will innovate and accelerate their efforts to increase the capabilities of unregulated and uncontrolled surveillance software.
  • Some of the specialized software vendors will have to shift their strategy. News releases about tie ups between specialized software companies may not be helpful in closing deals.

My hunch is that specialized software vendors will have to lower their profiles, rethink their marketing and positioning, and find a way to take more responsibility for their innovations. Since many specialized software vendors operate networks which validate and monitor their software’s operations, isn’t that a mechanism to take a more responsible approach to the use of what some like the Citizen’s Lab and the Electronic Frontier Foundation consider weapons?

My thought is that the Facebook-type approach has become popular among some specialized software vendors. But I don’t think 2022 will see a significant change in the vendors’ behavior. Those who monitor the sector, however, will amp up their activities.

Stephen E Arnold, January 5, 2022

Meta (Facezuck) Tries More Adulting

January 6, 2022

Facebook is one of the biggest purveyors of possibly questionable information and malware during the pandemic and into the present day. The social media’s platform has been to slap bandaids over its problems, however, that does not prevent Facebook from hemorrhaging blood. TechDirt states that Facebook could be turning a corner and becoming a more responsible company: “Facebook Blocks Seven Malware Purveyors, Deletes Hundreds Of Accounts, Notifies 50,000 Potential Hacking Targets.”

Malware purveyors, including Israel-based company NSO Group, are facing lawsuits from Facebook and Apple. These large tech companies are upset that these bad acting companies exploited their technology to hack average consumers as well as journalists, religious leaders, and activist:

“Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform. ‘As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet,’ said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski. ‘These surveillance providers are based in China, Israel, India, and North Macedonia. They targeted people in over 100 countries around the world on behalf of their clients.’”

In total, there are seven companies, one hundred countries, 1,500 Facebook/Instagram accounts, and 50,000 potential victims involved with the lawsuit. Facebook alerted the 50,000 accounts. When Facebook and other tech companies deny these bad acting companies access to data, they are halting the supply chain.

Many of the malware companies are based in Israel. The Israeli government funds some specialized software firms. Even Meta does not relish more bad press.

Whitney Grace, January 6, 2022

Specialized Software Vendors: Should They Remember the Domino Theory?

December 15, 2021

Lining up dominoes, knocking one down, and watching the others in a line react to what some non-nuclear types call a chain reaction is YouTube fodder. One can watch geometric growth manifested in knocked down dominoes. Click here for the revelation. We may have some domino action in the specialized software and services market. This “specialized software and services” is my code word for developers of intelware and policeware.

US Calls for Sanctions against NSO Group and Other Spyware Firms” reports:

a group of politicians (including Senate Finance Committee chair Ron Wyden, House Intelligence Committee chair Adam Schiff and 16 other Democrats) accuses NSO and three other foreign surveillance firms of helping authoritarian governments to commit human rights abuses.

And what firms are the intended focus of this hoped for action? According to the write up, the companies are:

  1. Amesys (now called Nexa Technologies). This was a company which found purchase in some interesting countries bordering the Mediterranean, garnered some attention, and morphed into today’s organization.)
  2. DarkMatter (based in United Arab Emirates). This is an interesting outfit which has allegedly recruited in the US and possibly developed a super duper secure mobile device. The idea was to avoid surveillance. Right?
  3. Trovicor (based in Germany) once was allegedly a unit of Nokia Siemens Networks and is mentioned in a fiery write up called “Explosive Wikileaks Files Reveal Mass Interception of Entire Population.” That’s a grabber headline I suppose. True or false? I have zero idea but it illustrates the enthusiasm some evidence when realizing that interesting companies provide some unique services to their customers.

The reason for the hand waving is the publicity the NSO Group has inadvertently generated.

Will the knock on NSO Group have an impact on Amesys Nexa, DarkMatter, and Trovicor? Those YouTube videos may foreshadow what might happen if government officials look for the more interesting and more technologically advanced specialized software and services companies. Where can one find a list of such organizations? Perhaps the developer of the new OSINT service knows? Curious? Write darkcyber333 @ yandex dot com.

Stephen E Arnold, December 15, 2021

NSO Group: How about That Debt?

December 14, 2021

The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article,  and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:

the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.

First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:

Point 1. What was secret is now open and easily available information.

Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.

Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.

There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.

Point 3. Too few customers to go around.

There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.

What’s next?

Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.

Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.

More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.

Stephen E Arnold, December 14, 2021

Siren 12 Security Platform Relies on Elasticsearch

December 13, 2021

Here is an example of Elastic being stretched a different way. The Intelligence Community News announces, “Siren Releases Siren 12.” The new version of Siren’s security search and analysis platform relies heavily on Elasticsearch—it incorporates Elastic Platinum subscriptions and will support Elasticsearch v8 (still in alpha). Siren 12 consolidates investigative tools for law enforcement, intelligence, and cyber security organizations. Writer Loren Blinde specifies:

“Siren’s latest release makes it easier for users to organize and join data in a way that suits their requirements, with intuitive UI driven schema editing and ETL. It allows organizations to forensically analyze device data and link it to other available data sources. Siren 12 enables investigators to not only browse existing information, but also to create new records and edit graphs freely, for the first time merging the ‘analysis’, the ‘data entry’ and ‘hypothesis and presentation’ phases in investigation in a single intuitive interface. Lastly Siren doubles down on Investigative AI capabilities by introducing Siren Vision, a deep learning based toolkit for automatic image annotation and classification, integrating with Elastic’s anomaly and outlier detection in a way that is consistent with Siren Investigative use cases.”

We note the emphasis on AI; it seems the security field is not letting concerns over algorithmic bias slow it down. Siren execs call this version a huge step forward and hopes it will position their platform as the go-to global reference investigative intelligence platform. Founded in 2014, the company is based in Galway, Ireland.

Cynthia Murrell December 13, 2021

Palantir Technologies: On the Runway for a Trillion Dollar Take Off?

November 29, 2021

Palantir Technologies is an interesting company. Its technology is a combination of 2003 legacy innovations, some open source goodness, and 18 years of working hard to put a fence around policeware, intelware, financial fraud, and a handful of other markets. It sure seems to me that The Motley Fool, who is neither motley nor a fool, believes that this financial benchmark is a possibility; otherwise, why write the story? PR, stock churn, controversy, to catch the attention of observers and sideline sitters like myself? I don’t know, but with Apple putting the PR in PRivacy, who knows?

The premise is interesting. I noted this passage in the Motley and Fool write up called “Will Palantir Be a Trillion Dollar Stock by 2042“:

 Palantir is valued at $41.3 billion, or 27 times this year’s sales.

Good but with unicorns being birthed with Malthusian energy, there may be some boundaries on Palantir’s ambitions. (I will mention a couple of them at the close of this blog post.)

The write up also states:

The company expects that growth to be driven by its new and expanded contracts with government agencies, as well as the growth of its Foundry platform for large commercial customers. The accelerating growth of its commercial business over the past year, which notably outpaced the growth of its government business last quarter, supports that thesis.

I noted this statement, which I find somewhat amusing:

The company has gained a firm foothold with the U.S. government, but it still faces competition from internally developed systems. Immigration and Customs Enforcement (ICE), for example, has been developing its own platform to replace Palantir’s Falcon. If other agencies follow ICE’s lead, the company’s dream of becoming the “default operating system for data across the U.S. government” could abruptly end.

I assume that Messrs. Motley and Fool know something about government procurement, why US and EU agencies license multiple systems, and stimulate internal innovation. Yep, I am thinking about DoD incubation centers and 18f. To Motley’s and Fool’s analysis, I tip my fake fur hat to the mention of Amazon as a competitor. Many don’t understand the scope of Amazon’s government services, and probably if told, still wouldn’t grasp the online bookstore as provider of streaming business data and slick AWS blockchain tools.

Let me share some of the hurdles that the galloping stallion has to clear after 18 years on the track:

  1. The NSO Group dust up has changed the table stakes for policeware and intelware outfits which seek to expand into commercial markets. The impact of NSO Group has been biting Israeli firms, but who knows what will happen tomorrow. The past is not a reliable predictor in today’s flash mob environment.
  2. The newer methods developed since Palantir opened for “business” are impressive. Many are more capable than Palantir because many tasks with which a trained Palantir forward deployed engineer must engage are point-and-click. Check out Datawalk, Sphinx 12, or a few of the Tel Aviv based outfits’ methods. (A ton of Voyager insider information has been dumped online courtesy of FOIA and the LAPD.)
  3. Crime is rising, but cyber crime in its multiferous manisfestations is sky rocketing. That means that the vendors pitching solutions could face buyer remorse. What will some of those who find that nifty smart software is not too much of a barrier to novel exploits engendered by the good enough software approaches of Google-Android type coding or Microsoft cloud-type engineering? Maybe some big time litigation?

Net net: From my perspective Palantir Technologies is an intelware and policeware outfit which has to deal with upstart competitors, tough to predict regulation and trade controls, and the looming shadow of buyer remorse which will fall across the cyber intelligence sector and hit vendors indiscriminately.

A trillion dollar outfit? Is there an NFT for Seeing Stones yet?

Stephen E Arnold, November 29, 2021

Frisky Israeli Cyber Innovators Locked Down and Confined to Quarters

November 26, 2021

Before the NSO Group demonstrated remarkable PR powers, cyber centric companies in Israel were able to market to a large number of prospects. Conference organizers could count on NSO Group to provide speakers, purchase trade show space, and maybe sponsor a tchotchke for attendees. Governments and even some commercial enterprises knew about NSO Group’s technological capabilities and the firm’s ability to provide a network which eliminated quite a bit of the muss and fuss associated with mobile device surveillance, data analysis, and related activities.

How did that work out?

The PR sparked “real journalists” to use their powers of collecting information, analyzing those items, and making warranted conclusions about NSO Group’s enabling activities. Sure, pesky Canadian researchers were writing about NSO Group, but there wasn’t a “real news” story. Then… bingo. A certain individual associated with a “real news” organization was terminated and the arrows of data and supposition pointed to NSO Group’s capabilities and what one of the firm’s alleged customers was able to do with the system.

The journalistic horses raced out of the gate, and the NSO Group became a “thing.”

Vendors of specialized software are not accustomed to the spotlight. Making sales, collecting fees, and enjoying pats on the backs from colleagues who try hard to keep a low, low profile are more typical activities. But, oh, those spotlights.

The consequences have been ones to which cyber innovators like to avoid. Former superiors send email asking, “What are you doing?” Then government committees, consisting of people who don’t know much about next generation technologies, have to be briefed. And those explanations are painful because the nuances of cyber centric firms are different from explaining how to plug in a Tesla in Tel Aviv. Oh, painful.

Now, if the information in the Calcalist’s article “The Ministry of Defense Has Cut by Two-Thirds the Number of Countries That Cyber Companies Can Sell To” is accurate, the Israeli government has put a shock collar on NSO Group’s ankle and clamped the devices on other firm’s well-formed, powerful legs as well. The message is clear: Stay in bounds or you will be zapped. (I leave it to you to figure out what “zap” connotes.)

The publication’s story says:

The [Israeli] Ministry of Defense has cut by two-thirds the number of countries that cyber companies can sell to The previous list included 102 countries to which cyber exports are allowed, and now it includes only 37 countries. The latest list from the beginning of November does not include countries such as Morocco, Mexico, Saudi Arabia and the United Arab Emirates.

Who’s at fault? The Calcalist offers this statement:

It is implied that Israel used in a very permissive manner the special certificates that it may grant and was in any case aware of where the Israeli society is known. It is important to note that the new list includes companies to which cyber can now be exported and it is possible that in the past lists there were other countries to which systems could be exported without fear.

My knowledge of Hebrew is lousy and Google translate is not helping me much. The main idea is that up and down the chain of command, the “chain” was not managed well. Hence, the PR gaffes, the alleged terminations, and the large number of high intensity lights directed at companies which once thrived in the shadows.

Some observations:

    1. Countries unable to acquire the technology associated with NSO Group are likely to buy from non-Israeli firms. Gee, I wonder if China and Russia have specialized software vendors who will recognize a sales opportunity and not do the PR thing in which NSO Group specialized?
    2. The publicity directed at NSO Group has been a more successful college class than the dump of information from the Hacking Team. A better class may translate to more capable coders who can duplicate and possibly go beyond the Israeli firms’ capabilities. This is a new state of affairs in my opinion.
    3. Cyber technologies are the lubricant for modern warfare. Israel had a lead in this software sector. It is now highly likely that the slick system of government specialists moving into the private sector with “support” from certain entities may be changed. Bummer for some entrepreneurs? Yep.

Net net: The NSO Group’s PR excesses — combined with its marketing know how — has affected a large number of companies. Keeping secrets is known to be a wise practice for some activities. Blending secrecy with market dynamics is less wise in my experience. This NSO Group case is more impactful than the Theranos Silicon Valley matter.

Stephen E Arnold, November 25, 2021

OSINT: As Good as Government Intel

November 16, 2021

It is truly amazing how much information private citizens in the OSINT community can now glean from publicly available data. As The Economist puts it, “Open-Source Intelligence Challenges State Monopolies on Information.” Complete with intriguing examples, the extensive article details the growth of technologies and networks that have drastically changed the intelligence-gathering game over the last decade. We learn of Geo4Nonpro, a project of the James Martin Centre for Nonproliferation

Studies (CNS) at the Middlebury Institute for International Studies at Monterey, California. The write-up reports:

“The CNS is a leader in gathering and analyzing open-source intelligence (OSINT). It has pulled off some dramatic coups with satellite pictures, including on one occasion actually catching the launch of a North Korean missile in an image provided by Planet, a company in San Francisco. Satellite data, though, is only one of the resources feeding a veritable boom in non-state OSINT. There are websites which track all sorts of useful goings-on, including the routes taken by aircraft and ships. There are vast searchable databases. Terabytes of footage from phones are uploaded to social-media sites every day, much of it handily tagged. … And it is not just the data. There are also tools and techniques for working with them—3D modeling packages, for example, which let you work out what sort of object might be throwing the shadow you see in a picture. And there are social media and institutional settings that let this be done collaboratively. Eclectic expertise and experience can easily be leveraged with less-well-versed enthusiasm and curiosity in the service of projects which link academics, activists, journalists and people who mix the attributes of all three groups.”

We recommend reading the whole article for more about those who make a hobby of painstakingly analyzing images and footage. Some of these projects have come to startling conclusions. Government intelligence agencies are understandably wary as capabilities that used to be their purview spread among private OSINT enthusiasts. Not so wary, though, that they will not utilize the results when they prove useful. In fact, the government is a big customer of companies that supply higher-resolution satellite images than one can pull from the Web for free—outfits like American satellite maker Maxar and European aerospace firm Airbus. The article is eye-opening, and we can only wonder what the long-term results of this phenomenon will be.

Cynthia Murrell November 16, 2021

Talkwalker Acquires Reviewbox: The Start of a Roll Up Play?

November 8, 2021

Keeping up with shifting customer sentiment is the realm of consumer intelligence, a field underpinned by AI that differs a bit from traditional market research. We learn from Silicon Luxembourg that one consumer intelligence firm is boosting its capabilities through a recent acquisition in, “Talkwalker Acquires Reviewbox And Expands Its Reach.” The write-up specifies:

“As a global brand today, selling a quality service or product is no longer sufficient to stay relevant. Interacting with consumers and responding to trends has become just as important. A vital piece of this process lies in timely and appropriate responses to customer feedback. By acquiring Reviewbox, Talkwalker integrates product data and reviews from sites such as Amazon, eBay and Wal-Mart, thus giving their customers an improved understanding of how their customers feel about their products. ‘Talkwalker and Reviewbox are a perfect fit,’ said Reviewbox CEO James Horey, who will join Talkwalker to continue developing reviews as a prominent channel. ‘Over the past 5 years, Reviewbox’s unified analytics platform has supplied customers with top-of-the-line industry review data, providing an essential part of the customer intelligence puzzle. Our integration into Talkwalker completes this puzzle, enabling our clients to turn insights into real-time actions.’ By uniting award-winning technology with industry-leading customer support, Talkwalker helps companies connect the dots between what customers think, say and do. This helps companies get a fuller picture of what drives their customers, better react to their input and increase revenue and retention.”

Based in Luxembourg, Talkwalker also maintains offices in New York, San Francisco, Frankfurt, Singapore, Paris, Tokyo, London, and Milan. The company was founded in 2009 and was itself bought out by Marlin Equity Partners in 2018. Since its launch in 2016, Reviewbox has snagged several global corporate clients, from label-maker Avery to appliance manufacturer Whirlpool. The firm is based in Knoxville, Tennessee.

Cynthia Murrell November 8, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta