• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Threat Intelligence Purchases

Many companies are (rightly) are putting more emphasis on cybersecurity. In order to make the task easier and more efficient, a business might invest in software to help manage and analyze all the data involved. BetaNews offers “Five Pointers for Choosing a Threat Intelligence Platform: What to Look For in a TIP.” We see this write-up as but a starting point—it holds some useful pointers but includes no benchmark about SolarWinds and Exchange type exploits. Nor does it address the vital points of insider threats and phishing. Readers looking to expand their cybersecurity efforts would do well to carry their research beyond this article. That said, we turn to writer Anthony Perridge’s description of a TIP:

“A Threat Intelligence Platform, or TIP, serves as a central repository for all threat data and intelligence from internal and internal sources. Correctly configured, the TIP should be able to deliver essential context around threats that helps the team understand the who, what, when, how and why of a threat. Crucially, it should also help prioritize threats, based on the parameters set by the organization, filtering out the noise so the resulting actions are clear. A good TIP benefits a range of stakeholders, from the board aiming to understand strategic risk to CISOs focusing on improving defense while staying on budget, and from security analysts collaborating more effectively to incident response teams benefiting from automated prioritization of incidents. Knowing what you need to invest in is the first step. The next is to understand the key features you need and why. There is a lot to consider, but in my view the following are five key areas that should be on your checklist as you evaluate TIPs.”

The piece goes on to describe each of these five factors: support for both structured and unstructured data (shouldn’t that be a given by now?); the ability to provide context around data; how the platform scores and prioritizes indicators; the integration options available; and effective automation balanced with manual investigation. Then there are the “business considerations,” in other words, the costs involved. For example, TIPs are usually offered on a subscription, per user basis. One should consider carefully how many users should get access—teams outside security operations, like risk management, might need to be included. Also, pay close attention to the fees that can add up, like integration and cloud hosting fees. See the write-up for more information; just remember not to stop your investigation there.

Cynthia Murrell, February 8, 2021

NSO Group: Under Watch Names Revealed

I noted the Calcalist article “No One Was Immune: Israel Police Pegasus Surveillance List Revealed.” The downstream consequences of the NSO Group’s MBA-infused approach to specialized software and services continue to become visible.

This passage refers to Israel; however, it is a thought starter:

The bland term used by police for these activities was “technological and data oriented policing,” but Calcalist reveals that the use of Pegasus wasn’t local or limited to a small number of cases. This became one of the most useful tools implemented by police to gather intelligence. Special operations members of the police’s cyber-SIGINT unit have been penetrating the phones of citizens secretly and without judicial warrants, taking control of them with Pegasus against the law and with the understanding that judges wouldn’t approve such activity.

I want to reiterate that the old-school specialized software and services vendors focus their efforts on direct contacts with government agencies and/or attending limited or restricted attendance conferences. As the number of firms tapping open source and proprietary methods to gain access to certain data streams increased, the need for MBA-type marketing exponentiated.

A return to more traditional methods would be a refreshing change. Who is to blame? I think the entrepreneurs who create specialized software and services firms are prime movers. However, the enablers are the entities which fund these often young go-getters bear some responsibility. Blaming under funded, understaffed, and under equipped government professionals may be warranted under some circumstances.

My view is that an engineer chock full of MBA-isms should be licensed prior to hanging out a shingle, signing up for a trade show stand, and generating buzz via news releases and social media posts on LinkedIn.

Until then, the knock ons from the NSO Group’s global visibility are likely to hold some surprises. Do you like surprises? I don’t too much.

Stephen E Arnold, February 7, 2022

NSO Group: Media Pile On

A helpful person posted a link to a July 2021 story about NSO Group this weekend (January 29 – 30, 2022. The New York Times (that bustling digitally aware Gray Lady) published a New York Times Magazine story about NSO Group. But the killer item of PR appeared in Sputnik International (a favorite of some in Moscow) “India Bought Pegasus Spyware from Israel in an Alleged Deal Concerning Palestinians, Claims NYT.” I find this interesting because:

1. The NSO Group continues to be a PR magnet. At this point, I am not sure the old adage “any publicity is good publicity.”
2. Russian “real journalists” have wired together some click baity words: India, Israel, Palestinians, and the New York Times
3. The intelware sector has a stiff upper lip, but the NSO Group – whether a viable business or not – has destabilized an entire industry sector.

Net net: A big problem which seems to be growing.

Stephen E Arnold, February 2, 2022

NSO Group Factoids: Dominoes Game Underway

I read “The Company Trying to Give Cyber Intel a Good Name.” The somewhat lofty goal of the write up is to put a bit of lipstick on what is now a somewhat unattractive blobfish. I don’t have an animal in the fight, although the image of squabbling blobfish strikes me as amusing. Maybe a cyber version of “Animal Farm”?

The article contains what I thought were interesting factoids and, as is my wont, I shall capture these gems:

1. NSO Group is still for sale with a valuation of about $1.0 billion US.
2. NSO Group technology “makes it possible, at the push of a button, to take over a telephone remotely, record conversations via its microphone, film via its camera, or determine its location, without its owner knowing.”
3. Israeli police have been criticized for its use of technology like NSO Group’s.
4. “Crime organizations use encrypted communications, on apps such as Telegram and Signal, and in countries like Russia and China the problem has been solved very simply: giant US companies like Google and Meta, and Chinese ones like WeChat and Weibo, provide the authorities with the key to read chat or listen to voice calls on their apps without having to break the encryption.”
5. “… European countries were pioneers of planting Trojan horses and developing vulnerabilities for hacking telephones, among them Italian company Hacking Team, which was shut down and re-emerged as Memento Labs, and Amesys…”
6. Germany “bought a system from NSO”
7. “Israeli company Quadream is selling to Middle Eastern and African countries systems with capabilities similar to those of NSO, in collaboration with a Cypriot sales company InReach Technologies, while Cognyte, formerly the offensive cyber division of Verint, is already developing the next generation of its Trojan horses in a secret division called Ace Labs.”
8. “One company trying to adapt to the new era is Paragon Solutions, an offensive cyber company founded two-and-a-half years ago by former IDF intelligence unit 8200 commander Ehud Schneerson, and Idan Nurick and Igor Bogudlov, who served in the unit, together with former prime minister Ehud Barak.”
9. Paragon will sell to customers in 39 countries which have to be “enlightened democracies”.
10. Paragon has “American DNA” and money from Battery Ventures
11. Paragon “has grown to 110 employees, most of them people recently demobilized from the IDF who served in 8200’s cyber units, and the rest former employees of companies like NSO, Check Point, Cobwebs Technologies, and Cyberbit.”

Now what is that game again? Oh, right: Dominoes, a blocking game, right?

Stephen E Arnold, February 2, 2022

The Gray Lady Rides the NSO Group Pegasus

Quite an image right? The New York Times, the flabby dowager of real news, is riding the Pegasus. ‘”FBI Secretly Bought Israeli Spyware and Explored Hacking US Phones” reveals that like most investigative units in the world tested the specialized software and services available from organizations once shrouded in secrecy. No more. It seems that NSO Group’s secrets are more widely shared that Minnie Mouse’s hip new blue jump suit.

The Gray Lady states:

The F.B.I., in a deal never previously reported, bought the spyware in 2019, despite multiple reports that it had been used against activists and political opponents in other countries. It also spent two years discussing whether to deploy a newer product, called Phantom, inside
the United States.

Are you frightened yet? I am not. I expect government agencies to acquire, test, and implement tools necessary to obtain mission objectives. Most of the tested specialized software and systems is discontinued. Some useful tools are never used because the budget no longer permits assigning a full time employee to remain current on a system.

The write up is less about the research done by government agencies and more about the outrage that some feel. My hunch is that the Gray Lady’s “real news” professionals are among the most put upon by what is a routine function.

And the news? The Gray Lady wants to ride the Pegasus, but the tired, old, beaten down Pegasus is not able to get the flaccid passenger aloft.

Stephen E Arnold, February 01, 2022

Palantir Technologies: Will the Company Soar?

Palantir is an intelware company that specializes in search technology with consulting services layered on top. According to Seeking Alpha, Palantir might not do well in 2022: “Palantir Stock: Bullish, But Downward Pressure On Price.”

Palantir’s stock has dropped considerably in the past six months. People who purchased stocker before October 2020 are doing all right, but November 2020 buyers lost their money. Palantir is projected to have growth an that appears to be the only bright spot at the moment.

The stock market is experiencing inflation and it is suspected to last longer than six months. Value stocks will benefit the most in this market, while growth stocks, like Palantir, will suffer. Macroeconomic factors will impact growth stocks. Palantir might not be doing too well, but it is doing better than it was last year.

Also there is more positive news:

“What’s especially good is that PLTR continues to “weave” itself into very large organizations. Obviously there are the military partners, which most investors know about. But PLTR is getting closer with commercial partners, left, right, and center. For example, IBM (NYSE:IBM), Amazon (NASDAQ:AMZN) and Rio Tinto (NYSE:RIO).

Quite importantly, this news isn’t just flowing from PLTR press releases. Sure, some of the distribution is fluff, hype and related PR. However, what gets me excited is that these tie-ups are showing in presentations, case studies, earnings reports, and much more. Again, PLTR is becoming a critical part of the fabric, not just simple player, or dashboard provider.

Third, PLTR regularly provides real-world updates, useful research, plus case studies. This is a strong positive for hiring, and keeping the talent pool aware of PLTR, but it’s also good for designers and developers in other companies that could be doing business with PLTR.

Palantir is definitely going to see upheavals in 2022, but search and intelware technology has always been a challenging sell when repositioned for business use cases.

Whitney Grace, February 1, 2022

NSO Group: Yes, Again with the PR Trigger

I have no idea if the write up “NSO’s Pegasus Spyware Used to Target a Senior Human Rights Watch Activist” is spot on. The validity of the report is a matter for other, more youthful and intelligent individuals. My thought when reading this statement in the article went in a different direction. Here’s the quote I noted:

In a tweet, Fakih showed a screenshot of a notification she received from Apple informing her she may have been the target of a state-sponsored attacker.

Okay, surveillance. Usually surveillance requires someone to identify something as warranting observation. the paragraph continues:

Though others versions of Pegasus software uses text messages embedded with malicious links to gain access to a target’s device, Fakih said she was the victim of a “zero-click attack” that is capable of infecting a device without the target ever clicking a link. Once a target is successfully infected, NSO’s Pegasus software allows the end-user to surveil the target’s photos, documents, and even encrypted messages without the target ever knowing.

The message is that NSO Group continues to get coverage in what might be called Silicon Valley real news media. Are there other systems which provide similar functionality? Why is a cloud service unable to filter problematic activities?

The public relations magnetism of the NSO Group appears to be growing, not attenuating. Other vendors of specialized software and services whose very existence was a secret a few years ago has emerged as the equivalent of the Coca-Cola logo, McDonald’s golden arches, or the Eiffel tower.

My view is that the downstream consequences of exposing specialized software and services may have some unexpected consequences. Example: See the Golden Arches. Crave a Big Mac. What’s the NSO Group trigger evoke? More coverage, more suspicions, and more interest in the methods used to snag personal and confidential information.

Stephen E Arnold, January 31, 2022

ShadowDragon Profiled by Esteemed Tech Expert Kim Komando

This is an interesting turn of events. Policeware vendor ShadowDragon has been profiled by computer guru-ette Kim Komando on her Tech Refresh podcast episode, “Software Tracking Everything You Do, New iPhone, Alexa on Wheels.” The video’s description reads:

“Have you heard of ShadowDragon? It collects data from 120 major sites going back a decade. Yes, 10 years of info about YOU. Plus, the iPhone 13 and iOS 15 are here, along with Amazon’s new smart home gear, including Astro, the Echo on wheels.”

Yes, we have heard of ShadowDragon. The security company mines data from more than 120 social-media websites, archives results for a decade, and shares the information with its law-enforcement clients around the world. ShadowDragon boasts its software can take an investigation down “from months to minutes.” The podcast starts discussing the company at timestamp 13:05, warning one would have to refrain from social media altogether to avoid its reach. The inclusion seems to support our prediction that reporters are becoming more aware of, and reporting more on, such specialized service vendors. This will make it harder for such firms to keep their generally preferred low profiles. Based in Cheyenne, Wyoming, ShadowDragon was founded in 2015.

For those curious, that podcast episode also discussed the newest iPhones, covered some weird news stories, and reviewed smart floodlights, among other wide-ranging topics. Their coverage of Amazon’s Astro home robot caught the attention of this Alexa-wary writer—apparently the device is so thirsty to identify folks with facial recognition it will (if left in “patrol” mode) follow guests around until it can identify them. It also, according to Motherboard, tracks everything owners do.

Cynthia Murrell, January 13, 2021

Foreshadowing 2022: Specialized Software Companies May Face Bumps in the Information Highway

At one international intelligence conference, representatives of NSO Group were in good humor. The revelations about the use of their Pegasus system were, according to one person in attendance, great marketing. It struck me that this person who was sharing his impressions with me about NSO Group’s participation in a cocktail party, did not appreciate the power of marketing.

Specialized software vendors are now becoming part of the software landscape. “Former US Intelligence Analysts Sued For Hacking A Saudi Activist’s Phone On Behalf Of The United Arab Emirates” reports that there are risks to those who sign on to work for certain firms who obtain access to quite interesting software, tools, and and systems which allow confidential information to be made un-confidential.

The write up explains:

Three former US intelligence community analysts (two of which worked for the NSA) were fined $1.68 million for utilizing powerful hacking tools to target dissidents, activists, journalists, and the occasional American citizen for the UAE government.

Additional lawsuits are likely to be filed.

Here’s my take on the specialized software vendors in 2022:

• Scrutiny and discussion of the companies providing governments with sophisticated surveillance and intelligence gathering systems will increase
• The attention is going to make clear additional details about how these tools and systems accomplish their tasks. That information is going to diffuse. Actors will innovate and accelerate their efforts to increase the capabilities of unregulated and uncontrolled surveillance software.
• Some of the specialized software vendors will have to shift their strategy. News releases about tie ups between specialized software companies may not be helpful in closing deals.

My hunch is that specialized software vendors will have to lower their profiles, rethink their marketing and positioning, and find a way to take more responsibility for their innovations. Since many specialized software vendors operate networks which validate and monitor their software’s operations, isn’t that a mechanism to take a more responsible approach to the use of what some like the Citizen’s Lab and the Electronic Frontier Foundation consider weapons?

My thought is that the Facebook-type approach has become popular among some specialized software vendors. But I don’t think 2022 will see a significant change in the vendors’ behavior. Those who monitor the sector, however, will amp up their activities.

Stephen E Arnold, January 5, 2022

Meta (Facezuck) Tries More Adulting

Facebook is one of the biggest purveyors of possibly questionable information and malware during the pandemic and into the present day. The social media’s platform has been to slap bandaids over its problems, however, that does not prevent Facebook from hemorrhaging blood. TechDirt states that Facebook could be turning a corner and becoming a more responsible company: “Facebook Blocks Seven Malware Purveyors, Deletes Hundreds Of Accounts, Notifies 50,000 Potential Hacking Targets.”

Malware purveyors, including Israel-based company NSO Group, are facing lawsuits from Facebook and Apple. These large tech companies are upset that these bad acting companies exploited their technology to hack average consumers as well as journalists, religious leaders, and activist:

“Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform. ‘As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet,’ said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski. ‘These surveillance providers are based in China, Israel, India, and North Macedonia. They targeted people in over 100 countries around the world on behalf of their clients.’”

In total, there are seven companies, one hundred countries, 1,500 Facebook/Instagram accounts, and 50,000 potential victims involved with the lawsuit. Facebook alerted the 50,000 accounts. When Facebook and other tech companies deny these bad acting companies access to data, they are halting the supply chain.

Many of the malware companies are based in Israel. The Israeli government funds some specialized software firms. Even Meta does not relish more bad press.

Whitney Grace, January 6, 2022

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness
  • Point-and-Click Coding: An eGame Boom Booster
  • China Smart, US Dumb: LLMs Bad, MoEs Good
  • Management Brilliance Microsoft Suggests to Customers, “You Did It!”

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org