Facebook Takes on NSO Group

October 30, 2019

Now this is an interesting and possibly inadvisable move. Facebook is big and it has become the one company able to create more negative vibes than an outfit like Boeing (737 Max which allegedly was called “flying coffins”or Johnson & Johnson (the outfit famous for baby powder with a possible secret ingredient).

Why WhatsApp Is Pushing Back on NSO Group Hacking” provides a Facebook professional’s explanation of the decision to go after the NSO Group, a specialized software and services firm with some government clients:

As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO. In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful.

I particularly relished this statement by the Facebook professional:

At WhatsApp, we believe people have a fundamental right to privacy and that no one else should have access to your private conversations, not even us. Mobile phones provide us with great utility, but turned against us they can reveal our locations and our private messages, and record sensitive conversations we have with others.

Yeah, yeah, the DarkCyber team hears your voice. Is that voice one that resonates with truth, honor, and “ethical behavior” cranked up on the baloney amplifier?

Several observations:

  • It is generally a good idea to understand one’s opponent before getting into a bit of a tussle. Some opponents have special capabilities which are not often understood in the go go, move fast and break things world of Facebook
  • Facebook lacks what DarkCyber thinks of as “credibility stature.” In fact, the shadow the firm casts is a long one, but the path the company has followed in its crepuscular journey of those who may be afraid of the light. (Apologies to Plato)
  • NSO Group states: “NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror.”

Based on information I glean from my lectures at law enforcement and intelligence conferences, WhatsApp is an encrypted messaging service popular among some bad actors.

Oh, one final question, “Where did some of NSO’s team garner their operational experience?”

Give up. Gentle reader, knowing the answer is probably important. Does Facebook know the answer? Another good question.

Stephen E Arnold, October 30, 2019

Smart Software and Investigations

October 30, 2019

It should come as no surprise that governments are using AI to boost their surveillance capabilities, but we find some interesting specifics in the piece, “Artificial Intelligence Used for Mass Surveillance in 75 Countries” at WiredFocus. The article shares some details of a recent report from the Carnegie Endowment for International Peace that examined just how different countries are using the technologies. Reporter Steven Feldstein writes:

“A growing number of states are deploying advanced AI surveillance tools to monitor, track, and surveil citizens to accomplish a range of policy objectives—some lawful, others that violate human rights, and many of which fall into a murky middle ground. In order to appropriately address the effects of this technology, it is important to first understand where these tools are being deployed and how they are being used. Unfortunately, such information is scarce. To provide greater clarity, this paper presents an AI Global Surveillance (AIGS) Index—representing one of the first research efforts of its kind. The index compiles empirical data on AI surveillance use for 176 countries around the world. It does not distinguish between legitimate and unlawful uses of AI surveillance. Rather, the purpose of the research is to show how new surveillance capabilities are transforming the ability of governments to monitor and track individuals or systems. It specifically asks:

*Which countries are adopting AI surveillance technology?

*What specific types of AI surveillance are governments deploying?

*Which countries and companies are supplying this technology?”

Navigate to the write-up for key findings. For example, these practices are spreading faster than expected, with at least 75 out of 176 countries now actively using AI tech for surveillance—56 use smart city/safe city platforms, 64 use facial recognition systems, and 52 use “smart policing.” Not surprisingly, China is a major source of AI surveillance technology worldwide, but companies based in democracies also play a large role (including the US). Autocratic governments, of course, are especially prone to abuse these technologies, and counties that spend a lot on their militaries also invest heavily in AI surveillance.

The article closes with some links to more information. The AI Global Surveillance Index itself can be found here, while an interactive map based upon it is at this link. The truly curious should check out the open Zotero library holding all reference source material that researchers used to build the index.

Cynthia Murrell, October 30, 2019

Why Analyzing Amazon EBook Reading Lists Is Useful

October 30, 2019

An intriguing study in machine-learning models suggests human language behaviors may be more affected by what we read than previously thought. Neuroscience News tells us “What 26,000 Books Reveal When it Comes to Learning Language.” Brendan T. Johns, an assistant professor at the University at Buffalo, and Randall K. Jamieson, a professor at the University of Manitoba, created the models. The article tells us:

“The models, called distributional models, serve as analogies to the human language learning process. The 26,000 books that support the analysis of this research come from 3,000 different authors (about 2,000 from the U.S. and roughly 500 from the U.K.) who used over 1.3 billion total words. George Bernard Shaw is often credited with saying Britain and America are two countries separated by a common language. But the languages are not identical, and in order to establish and represent potential cultural differences, the researchers considered where each of the 26,000 books was located in both time (when the author was born) and place (where the book was published). With that information established, the researchers analyzed data from 10 different studies involving more than 1,000 participants, using multiple psycholinguistic tasks. ‘The question this paper tries to answer is, “If we train a model with similar materials that someone in the U.K. might have read versus what someone in the U.S. might have read, will they become more like these people?”’ says Johns. ‘We found that the environment people are embedded in seems to shape their behavior.’”

The researchers have developed what they call their “selective reading hypothesis.” They report that culture-specific and time-specific collections represent different language environments, and different behaviors arise from exposure to these environments. Conversely, they say one could predict what types of things people have read based on their language behavior.

Informed by the results, Johns is now working to build machine-learning frameworks for education that would pinpoint information to enhance each individual’s learning. He also sees a potential here to help people at risk of developing Alzheimer’s—researchers might be able to create exercises and stimuli to help such patients retain semantic associations longer, for example, or at least develop more personalized assessments. It is nice to see machine language models being put to such worthwhile purposes.

Now about that Kindle library some individuals have amassed?

Cynthia Murrell, October 30, 2019

Percipient.ai: A Promising Innovator

October 4, 2019

Intelware refers to software designed to support the work of intelligence officers, analysts, and related personnel. Percipient.ai is one of the leading “artificial intelligence, machine learning and computer vision firm in Silicon Valley focused on intelligence and national security missions. Mirage’s modules provide state-of-the-art computer vision and correlation to operators and analysts in front line missions.”

According to “Percipient.ai delivers Mirage into the US National Security Market and Closes its Series B”, the company received confirmation of:

…the operational procurement of Mirage’s Full Motion Video Module and Mirage’s Geospatial Module by organizations in the US Intelligence Community and the National Geospatial Intelligence Agency (NGA), respectively.

The company was founded in 2017 and has attention from the intelligence community.

The company’s funding is less than $25 million, which is peanuts compared to Palantir Technologies’ intake of about $2 billion.

Stephen E Arnold, October 4, 2019

Palantir Technologies: Fund Raising Signal

September 6, 2019

Palantir Technologies offers products and services which serve analysts and investigators. The company was founded in 2003, and it gained some traction in a number of US government agencies. The last time I checked for Palantir’s total funding, my recollection is that the firm has ingested about $2 billion from a couple dozen funding rounds. If you subscribe to Crunchbase, you can view that service’s funding round up. An outfit known as Growjo reports that Palantir has 2,262 employees. That works out cash intake of $884,173 per employee. Palantir is a secretive outfit, so who knows about funding, the revenue, the profits or losses, and the number of full time equivalents, contractors, etc. But Palantir is one of the highest profile companies in the law enforcement, regulatory, and intelligence sectors.

I read “Palantir to Seek Funding on Private Market, Delay IPO” and noted this statement:

The company has never turned an annual profit.

Bloomberg points out that customization of the system is expensive. Automation is a priority. Sales cycles are lengthy. And some stakeholders and investors are critical of the company.

Understandable. After 16 years and allegedly zero profits, annoyance is likely to surface in the NYAC after an intense game of squash.

But I am not interested in Palantir. The information about Palantir strikes me as germane to the dozens upon dozens of Palantir competitors. Consider these questions:

  1. Intelligence, like enterprise search, requires software and services that meet the needs of users who have quite particular work processes. Why pay lots of money to customize something that will have to be changed when a surprise event tips over established procedures? Roll your own? Look for the lowest cost solution?
  2. With so many competitors, how will government agencies be able to invest in a wide range of solutions. Why not seek a single source solution and find ways to escape from the costs of procuring, acquiring, tuning, training, and changing systems? If Palantir was the home run, why haven’t Palantir customers convinced their peers and superiors to back one solution? That hasn’t happened, which makes an interesting statement in itself. Why isn’t Palantir the US government wide solution the way Oracle was a few years ago?
  3. Are the systems outputting useful, actionable information. Users of these systems who give talks at LE and intel conferences are generally quite positive. But the reality is that cyber problems remain and have not been inhibited by Palantir and similar tools or the raft of cyber intelligence innovations from companies in the UK, Germany, Israel, and China. What’s the problem? Staff turnover, complexity, training cost, reliability of outputs?

Net net: Palantir’s needing money is an interesting signal. Stealth, secrecy, good customer support, and impressive visuals of networks of bad actors — important. But maybe — just maybe — the systems are ultimately not working as advertised. Sustainable revenues, eager investors, and a home run product equivalent to Facebook or Netflix — nowhere to be found. Yellow lights are flashing in DarkCyber’s office for some intelware vendors.

Stephen E Arnold, September 6, 2019

Spy on the Competition: Sounds Good, Right?

July 11, 2019

DarkCyber noted this consumer and small business oriented write up about spying. Navigate to “7 ways to Spy on Your Competitor’s Facebook Ads [2019 Update].” The update promises to add some nifty new, useful methods to the original story.

What are the methods? Here’s a run down of four of them. You will have to navigate to the original story for the other three, or you could just not bother. Spoiler: None of the methods reference commercially available tools and services available from specialist vendors. Who’s a specialist vendor? Attend one of our LE and intel training sessions, and we will share a list of 30 firms with you.

Here are four methods we found interesting:

  1. Use services which report about a firm’s online advertising activities.
  2. Use services which report about a firm’s online advertising activities.
  3. Use services which report about a firm’s online advertising activities.
  4. Use services which report about a firm’s online advertising activities.

There you go. The spying methods.

DarkCyber wants to point out that these methods are different from the persistent tracking bug data some vendors helpfully install on one’s Internet connected device.

Plus, these methods are quite different from the approaches implemented in commercial OSINT and intercept analysis systems.

My next relatively public lecture will be in October in San Antonio. After the session, look me up. I might share a couple of solutions. Better yet write darkcyber333 at yandex dot com and sign up for a for fee intelligence systems webinar.

Stephen E Arnold, July 11, 2019

ICE Document Collection

July 10, 2019

DarkCyber noted that Mijente published a collection of US government documents. According the landing page for “Ice Papers”:

The ongoing threat of raids for mass deportations has made it necessary for us to understand the inner workings of ICE’s mass raid operations. We’ve confirmed in government documents that ICE operations are politically motivated and not at all about national security, as the administration claims. In their own words, via plans and tactics we uncovered, you will catch a glimpse into their machinations to target, harass, and expel migrants from their communities. While the documents detail information about raids planned back in 2017, we noted the “rinse-and-repeat” nature of ICE’s operations and what we can expect, as Trump reignites the threat of more raids to come after July 4th.

In the collection are documents which provide some competitive insight into Palantir Technologies. Here’s a snip from the Mijente collection. The blue text is a direct quote.

Palantir’s programs and databases were integrated into all Operation Mega planned raids. They are now part of most enforcement actions by ICE.

These raids now use powerful tech and databases in the field. ICE is given authority to use the newest technology and equipment during local operations, including FALCON, FALCON Mobile, ICE EDDIE and Cellbrite [sic] during arrests. [Source document]

  • Palantir-designed FALCON and FALCON Mobile. FALCON Mobile can scan body biometrics, including tattoos and irises. FALCON and FALCON Mobile can use “link analysis” to connect profiles and biometrics with associates and vehicles.
  • EDDIE is a mobile fingerprinting program that is attached to a mobile fingerprint collection device. These fingerprints are then put into FALCON systems, including ICE’s case management system, Integrated Case Management (ICM, see below). The fingerprints are used to identify people to see if they have criminal history or immigration history, including a final deportation order.
  • Cellbrite is a handheld unit that breaks into smartphones and downloads information – up to 3000 phones for one device. It can even extract data that was deleted from your phone.  ICE claims that they should obtain consent. (See Operation Raging Bull Field Guidance.) FALCON includes access to services provided by Cellbrite.
  • ICM was integrated into Operation Mega. All the systems mentioned above feed into the massive new ICE case management system, ICM, another Palantir Technologies product. ICM is a new intelligence system capable of linking across dozens of databases from inside and outside DHS. ICM is scheduled to be completed by September 2019.

The information is used to support the political objectives of ICE. Both HSI and the Fugitive Operations Team set up a detailed and comprehensive reporting system for arrests and deportations that focused on contact with the criminal system, not on their ties to family or communities.agencies. The reporting system, comprised of Daily Operation Reports (DORs), which included numbers arrested after an immigration raid, and “egregious write-ups,” which were summaries of certain arrests during national or local ICE operations, was aligned with ICE’s public affairs and communications system, e.g. this information usually went into ICE press releases.

DarkCyber’s view is that these types of document collections are likely to be controversial. On one hand, individuals testing intelligence analysis software are likely to find the content useful for certain queries. Those working in other fields may make use of the information in these documents in other ways.

While this information is online (as of July 9, 2019), it may warrant a quick look.

Stephen E Arnold, July 10, 2019

  • Archives

  • Recent Posts

  • Meta