Browse > Home / Archive by category 'intelware'

NSO Group: Dominoes, Anyone? Anyone?

March 1, 2022

In December 2021, the Zuckbook outfit released a report called “Threat Report on the
Surveillance-for-Hire Industry.” If you want to read this 17-page document, navigate to this url. If the document is disappeared, well, that’s life.

I wasn’t going to write about the banning of these intelware vendors’ firms:

  • BellTroX
  • Black Cube
  • Bluehawk CI
  • Cobwebs Technologies
  • Cognyte
  • Cytrox

And, according to the Zuck’s experts, a couple of Chinese outfits were in the list. I don’t want to hazard a guess, so let me say there are more than two of these types of firms chugging away in the Middle Kingdom.

A flurry of reports surfaced last week, including a report from My QtoA. You can read the summary at this link.

My take on this Zucking of specialized software and services firm is that I really want to ignore the impact NSO Group has had on a much needed and necessary market sector. What is unfortunate is that the Wild West, cowboy, and Silicon Valley “let’s get rich” mentality has diffused into what once was a secret carefully husbanded by government agencies.

Well, obviously, quite a few people, including bad actors, know about Pegasus and something about how it functions. The zero click compromising of a mobile device popped up in a recent phone call with a fellow who operated a trash hauling service. There you go. That’s diffusing if yo8u ask me.

Has the craziness caused by digital Marshal Dillons and their sidekick Chesters stopped? Probably not.

Another knock on that has not exhausted its momentum is the chatter at certain conferences about waiting for the storm to blow over. Yeah, hopeful and optimistic as the dominoes continue to topple. Perhaps the cowboys will hit the bunk house and think about something other than becoming rich and buying discounted yachts once owned by Russian oligarchs.

Stephen E Arnold, March 1, 2022

Written by Stephen E. Arnold · Filed Under intelware, News, Policeware | Comments Off on NSO Group: Dominoes, Anyone? Anyone? 

NSO Group: Now Taking Legal Action to Protect Its Image

February 28, 2022

I am not sure how long this story will be online with legal eagles from media and the intelware company NSO Group taking flight. The story is “NSO Sues Israeli Paper after Explosive Articles on Police.” [Note: The estimable Associated Press may remove the MFTV 9 story or put it behind a paywall where great content should thrive.] The original story whipped up a buzz saw of chatter about one of the more high profile surveillance systems. The Pegasus brand has been trampled by the plodding mules ridden by individuals unaware of the specialized software and services business, their customers, and the unreasonable effectiveness of zero click exploits.

The write up states that NSO Group went to court and demanded that the Calcalist be held to account for a story which is allegedly not true.

And what does NSO Group want? About $300,000 US dollars.

This is an interesting story with security and political implications. But the Kosher Mehadrin margarine on the kubaneh is the charity angle. Is that a PR move by NSO Group?

What’s fascinating to me is that the NSO Group has found a way to remain in the news despite recent events in Ukraine, financial turmoil in financial markets, and the headline making mask wearing thing.

Is this helping or hurting the intelware and policeware vendors? From what I hear, the NSO Group’s PR generating activities has not had a significant impact on vendors based outside of Tel Aviv. Israeli vendors find that some of their MBA-inspired enthusiasm for expanding their market share has been dialed back.

A bigger problem for specialized services and software companies is that knowledge has diffused widely so that start ups operated by good actors and maybe less good actors are popping up. Plus, some of the once secret systems and methods are creeping into the open source software environment.

Maybe secrecy has some value when it comes to government related activities?

Stephen E Arnold, February 28, 2022

Written by Stephen E. Arnold · Filed Under intelware, Legal matters, News, Policeware | Comments Off on NSO Group: Now Taking Legal Action to Protect Its Image 

NSO Collateral Damage: Is an Intelware Bug Zapper at Work

February 11, 2022

I have shared my view about NSO Group: The company’s conversion from secret specialized services vendor to publicity magnet will have downstream consequences. If the information in “Another Israeli Firm Caught Selling Pegasus Hacking Tool for Exploiting iPhone Flaw to Shut Down” is accurate, the knock on effect or some type of advanced bug zapper has killed another intelware vendor. (A bug zapper is a device which is technically a system or device which uses a brief electrical pulse to incinerate insects. I do not own a bug zapper because the little critters deserve to live happy lives despite the chemicals the lawn care company dumps on the yard every couple of weeks.)

The zappers come in a variety of form factors. There are bug zappers which look like pickle ball rackets. These are loved by the over 65 crowd. Some look like 1950s spaceships (pictured below), and others are like big toasters with wires and a weird blue glow.

image

The write up offers some factoids about the QuaDream intelware vendor zapping:

  • QuaDream could compromise iPhones in the manner of NSO Group’s Pegasus system. (Does this suggest that NSO Group’s systems and methods may have been shared in the specialized services’ technology community making QuaDream a reseller?)
  • The app was called “Reign” as in “reign of terror” perhaps?
  • The Reign solution cost upwards of $2.0 million US, excluding maintenance.
  • Reign allegedly could turn on a compromised iPhone’s camera and microphone. (Be sure to look for the small colored dots, iPhone user.)

I have noticed that some Israeli specialized software vendors are forming partnerships with firms providing services to financial institutions, law firms, and other commercial outfits. This is a mad scramble for cover in my opinion. The problem is that when the systems’ functions are explained some executives get cold feet despite the appeal of the specialized systems’ functionality.

This must be quite thrilling for the investment firms who have bet that the market for intelware and policeware was large and going to grow, as Ed Sullivan used to say, “really big.”

A high stakes game is underway and now there’s the mysterious bug zapper at work.

Stephen E Arnold, February 11, 2022

Written by Stephen E. Arnold · Filed Under Business strategy, intelware, News | Comments Off on NSO Collateral Damage: Is an Intelware Bug Zapper at Work 

NSO Group: Former Police Chief Demos Yoga One-Handed Tree Pose

February 10, 2022

Remember the NSO Group? If not, this post is not for you. I read a story from the scary Associated Press. The outfit said it would sue anyone who quoted too much of the richness of its stories. As a former employee of the Courier-Journal & Louisville Times Co., I am pretty easily frightened by outfits like the AP.

The story — should you be able to locate it online — is “Ex-Israeli Police Chief Dismisses Claims of Spyware Hacking.” The write up is typical AP stringer wonderfulness. The main point is that the 58 year old Roni Alsheikh made a video to explain that chatter, allegations, and assertions about alleged use of the NSO Group’s Pegasus specialized service tool was different. I believe this person; however, you may not. That’s okay.

An investigation is underway, and my hunch is that if — note the if — the NSO Group’s system was used, it was within the boundaries of authorized behavior. Innocent until proven guilty, not guilty by PR focused GenXers.

Now is the story spot on? Who knows.

My take on the write up is:

  1. The MBA-inspired drive for revenue created the NSO Group’s marketing and positioning. Big booths and compelling demos are powerful things, particularly when not shrouded in secrecy.
  2. The “sunlight” flooding the specialized software and services industry is spill over from the Silicon Valley behavior model. Yo, bro, problemo.
  3. The yoga exercise the one handed tree thing is not something 58 years olds do before having a morning mouthful of matzah brei.

The one-handed tree pose. It’s tough, correct? The NSO Group helped Roni Alsheikh get in this remarkable position. How long can one “hold” it? I would be able to do two, maybe three seconds with a couple of my research team propping me up.

NSO Group is creating interesting opportunities for retired law enforcement professionals. It’s the difficulty of the pose that is interesting to contemplate.

Stephen E Arnold, February 10, 2022

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on NSO Group: Former Police Chief Demos Yoga One-Handed Tree Pose 

NSO Group: Another Ripple in the Intelware Sector

February 8, 2022

I read Haaretz’s article “Pegasus Scandal Is a Massive Can of Worms About to Erupt All Over Israel’s Elites.” Is a “commission of inquiry” into NSO Group and related topics a good idea, an inevitable action, or just handwaving after the train has left Tel Aviv Savidor Mercaz? Overturning previous legal decisions may be the least disruptive consequence of the NSO Group-type of publicity that specialized software and service firms are attracting.

There’s another twist. This write up states:

Public Security Minister Omer Bar-Lev announced the formation of a commission of inquiry into the police use of Pegasus after both he and Israel Police commissioner Kobi Shabtai had called for an external investigation into the matter. This was a major about-face from earlier statements…

What repercussions will result from this new group poking around in systems, methods, policies, customers, use cases, and functionalities?

My thought is that there will be louder thumps than those created by Ringo Star in the tune “Get Back.”

I found this line particularly interesting:

Netanyahu is also the pioneer of “Pegasus diplomacy,” using the cyber offense tool developed by the NSO Group as a sweetener for all manner of diplomatic and security agreements with foreign leaders – ranging from Brazil’s Jair Bolsonaro to Saudi Crown Prince Mohammed bin Salman.

When will the rest of the band kick in? Nope, says the write up:

This investigation has the potential to rock Israel’s political class, the law enforcement establishment, the intelligence community and Israel’s foreign relations. As a result, it is unlikely to go very far.

Stephen E Arnold, February 8, 2022

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on NSO Group: Another Ripple in the Intelware Sector 

Threat Intelligence Purchases

February 8, 2022

Many companies are (rightly) are putting more emphasis on cybersecurity. In order to make the task easier and more efficient, a business might invest in software to help manage and analyze all the data involved. BetaNews offers “Five Pointers for Choosing a Threat Intelligence Platform: What to Look For in a TIP.” We see this write-up as but a starting point—it holds some useful pointers but includes no benchmark about SolarWinds and Exchange type exploits. Nor does it address the vital points of insider threats and phishing. Readers looking to expand their cybersecurity efforts would do well to carry their research beyond this article. That said, we turn to writer Anthony Perridge’s description of a TIP:

“A Threat Intelligence Platform, or TIP, serves as a central repository for all threat data and intelligence from internal and internal sources. Correctly configured, the TIP should be able to deliver essential context around threats that helps the team understand the who, what, when, how and why of a threat. Crucially, it should also help prioritize threats, based on the parameters set by the organization, filtering out the noise so the resulting actions are clear. A good TIP benefits a range of stakeholders, from the board aiming to understand strategic risk to CISOs focusing on improving defense while staying on budget, and from security analysts collaborating more effectively to incident response teams benefiting from automated prioritization of incidents. Knowing what you need to invest in is the first step. The next is to understand the key features you need and why. There is a lot to consider, but in my view the following are five key areas that should be on your checklist as you evaluate TIPs.”

The piece goes on to describe each of these five factors: support for both structured and unstructured data (shouldn’t that be a given by now?); the ability to provide context around data; how the platform scores and prioritizes indicators; the integration options available; and effective automation balanced with manual investigation. Then there are the “business considerations,” in other words, the costs involved. For example, TIPs are usually offered on a subscription, per user basis. One should consider carefully how many users should get access—teams outside security operations, like risk management, might need to be included. Also, pay close attention to the fees that can add up, like integration and cloud hosting fees. See the write-up for more information; just remember not to stop your investigation there.

Cynthia Murrell, February 8, 2021

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on Threat Intelligence Purchases 

NSO Group: Under Watch Names Revealed

February 7, 2022

I noted the Calcalist article “No One Was Immune: Israel Police Pegasus Surveillance List Revealed.” The downstream consequences of the NSO Group’s MBA-infused approach to specialized software and services continue to become visible.

This passage refers to Israel; however, it is a thought starter:

The bland term used by police for these activities was “technological and data oriented policing,” but Calcalist reveals that the use of Pegasus wasn’t local or limited to a small number of cases. This became one of the most useful tools implemented by police to gather intelligence. Special operations members of the police’s cyber-SIGINT unit have been penetrating the phones of citizens secretly and without judicial warrants, taking control of them with Pegasus against the law and with the understanding that judges wouldn’t approve such activity.

I want to reiterate that the old-school specialized software and services vendors focus their efforts on direct contacts with government agencies and/or attending limited or restricted attendance conferences. As the number of firms tapping open source and proprietary methods to gain access to certain data streams increased, the need for MBA-type marketing exponentiated.

A return to more traditional methods would be a refreshing change. Who is to blame? I think the entrepreneurs who create specialized software and services firms are prime movers. However, the enablers are the entities which fund these often young go-getters bear some responsibility. Blaming under funded, understaffed, and under equipped government professionals may be warranted under some circumstances.

My view is that an engineer chock full of MBA-isms should be licensed prior to hanging out a shingle, signing up for a trade show stand, and generating buzz via news releases and social media posts on LinkedIn.

Until then, the knock ons from the NSO Group’s global visibility are likely to hold some surprises. Do you like surprises? I don’t too much.

Stephen E Arnold, February 7, 2022

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on NSO Group: Under Watch Names Revealed 

NSO Group: Media Pile On

February 3, 2022

A helpful person posted a link to a July 2021 story about NSO Group this weekend (January 29 – 30, 2022. The New York Times (that bustling digitally aware Gray Lady) published a New York Times Magazine story about NSO Group. But the killer item of PR appeared in Sputnik International (a favorite of some in Moscow) “India Bought Pegasus Spyware from Israel in an Alleged Deal Concerning Palestinians, Claims NYT.” I find this interesting because:

  1. The NSO Group continues to be a PR magnet. At this point, I am not sure the old adage “any publicity is good publicity.”
  2. Russian “real journalists” have wired together some click baity words: India, Israel, Palestinians, and the New York Times
  3. The intelware sector has a stiff upper lip, but the NSO Group – whether a viable business or not – has destabilized an entire industry sector.

Net net: A big problem which seems to be growing.

Stephen E Arnold, February 2, 2022

Written by Stephen E. Arnold · Filed Under intelware, Marketing, News | Comments Off on NSO Group: Media Pile On 

NSO Group Factoids: Dominoes Game Underway

February 2, 2022

I read “The Company Trying to Give Cyber Intel a Good Name.” The somewhat lofty goal of the write up is to put a bit of lipstick on what is now a somewhat unattractive blobfish. I don’t have an animal in the fight, although the image of squabbling blobfish strikes me as amusing. Maybe a cyber version of “Animal Farm”?

image

The article contains what I thought were interesting factoids and, as is my wont, I shall capture these gems:

  1. NSO Group is still for sale with a valuation of about $1.0 billion US.
  2. NSO Group technology “makes it possible, at the push of a button, to take over a telephone remotely, record conversations via its microphone, film via its camera, or determine its location, without its owner knowing.”
  3. Israeli police have been criticized for its use of technology like NSO Group’s.
  4. “Crime organizations use encrypted communications, on apps such as Telegram and Signal, and in countries like Russia and China the problem has been solved very simply: giant US companies like Google and Meta, and Chinese ones like WeChat and Weibo, provide the authorities with the key to read chat or listen to voice calls on their apps without having to break the encryption.”
  5. “… European countries were pioneers of planting Trojan horses and developing vulnerabilities for hacking telephones, among them Italian company Hacking Team, which was shut down and re-emerged as Memento Labs, and Amesys…”
  6. Germany “bought a system from NSO”
  7. “Israeli company Quadream is selling to Middle Eastern and African countries systems with capabilities similar to those of NSO, in collaboration with a Cypriot sales company InReach Technologies, while Cognyte, formerly the offensive cyber division of Verint, is already developing the next generation of its Trojan horses in a secret division called Ace Labs.”
  8. “One company trying to adapt to the new era is Paragon Solutions, an offensive cyber company founded two-and-a-half years ago by former IDF intelligence unit 8200 commander Ehud Schneerson, and Idan Nurick and Igor Bogudlov, who served in the unit, together with former prime minister Ehud Barak.”
  9. Paragon will sell to customers in 39 countries which have to be “enlightened democracies”.
  10. Paragon has “American DNA” and money from Battery Ventures
  11. Paragon “has grown to 110 employees, most of them people recently demobilized from the IDF who served in 8200’s cyber units, and the rest former employees of companies like NSO, Check Point, Cobwebs Technologies, and Cyberbit.”

Now what is that game again? Oh, right: Dominoes, a blocking game, right?

Stephen E Arnold, February 2, 2022

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on NSO Group Factoids: Dominoes Game Underway 

The Gray Lady Rides the NSO Group Pegasus

February 1, 2022

Quite an image right? The New York Times, the flabby dowager of real news, is riding the Pegasus. ‘”FBI Secretly Bought Israeli Spyware and Explored Hacking US Phones” reveals that like most investigative units in the world tested the specialized software and services available from organizations once shrouded in secrecy. No more. It seems that NSO Group’s secrets are more widely shared that Minnie Mouse’s hip new blue jump suit.

The Gray Lady states:

The F.B.I., in a deal never previously reported, bought the spyware in 2019, despite multiple reports that it had been used against activists and political opponents in other countries. It also spent two years discussing whether to deploy a newer product, called Phantom, inside
the United States.

Are you frightened yet? I am not. I expect government agencies to acquire, test, and implement tools necessary to obtain mission objectives. Most of the tested specialized software and systems is discontinued. Some useful tools are never used because the budget no longer permits assigning a full time employee to remain current on a system.

The write up is less about the research done by government agencies and more about the outrage that some feel. My hunch is that the Gray Lady’s “real news” professionals are among the most put upon by what is a routine function.

And the news? The Gray Lady wants to ride the Pegasus, but the tired, old, beaten down Pegasus is not able to get the flaccid passenger aloft.

Stephen E Arnold, February 01, 2022

Written by Stephen E. Arnold · Filed Under intelware, News | Comments Off on The Gray Lady Rides the NSO Group Pegasus 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta