A Simple Question: Just One Cyber Security Firm?
August 17, 2021
There are quite a few cyber security, cyber intelligence, and cyber threat companies. I have a list of about 100 of the better known outfits in this business. Presumably there are dozens, maybe hundreds of trained analysts and finely tuned intelware programs looking for threats and stolen data 24×7.
I read “Secret Terrorist Watchlist with 2 million Records Exposed Online.” The write up states:
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
Here’s my question: Why was a single researcher the only expert aware of this serious breach (if indeed it is valid)?
My hunch is that the Fancy Dan 24×7 smart systems and the legions of developers refining smart intelware have produced systems that simply don’t work. If they did, numerous alerting services would have spotted the alleged do not fly data. The “single researcher” would have been late to the party. He wasn’t. Thank goodness for this research, Mr. Diachenko.
Those systems, as far as I know, did not. The question remains, “Maybe these commercial services don’t work particularly well?” Marketing is really easy, even fun. Delivering on crazy assertions is a different sort of job.
Stephen E Arnold, August 17, 2021
NSO Group: Okay, Now the UN Is Agitated. Good Job!
August 17, 2021
Once upon a time, intelware was essentially unknown. I think back to the late 1990s when relationship diagrams were talked about quietly in rooms with tinfoil on the windows.
Those halcyon days are gone. The go-go-go MBA-thinking masters of the universe decided that public conferences, online advertisements, and explaining their systems to academics with bobble heads was a spiffy idea.
Where are we now?
“Spyware Scandal: UN Experts Call for Moratorium on Sale of Life Threatening Surveillance Tech” is a high-water mark for the flood-lit specialized software and services sector.
Outstanding!
The write up says:
UN human rights experts* today called on all States to impose a global moratorium on the sale and transfer of surveillance technology until they have put in place robust regulations that guarantee its use in compliance with international human rights standards.
How’s this going to work out? Is there a marketing time machine which will undo the conference publicity? Is there a way to undo the content outputs about what should have been secret software and systems? Is there a way to get those investigative journalists redirected to issues like the homeless and gray market gun sales?
Nope.
The UN may not be a pace-setter in many things. But the organization is quite good at outputting reports and news which can ripple through the deciders in more than 190 member states. That pretty much looks like a global reach.
Remarkable, and I am not sure the Berkeley negotiators are going to deal with the problems of this digital Pandora’s box. Whose fingers will get smashed as fixer uppers try to get the lid locked down?
Stephen E Arnold, August 17, 2021
Quote to Note: When Is the Best Time to Snag Mobile Data?
August 17, 2021
I read “We’re Late Closing the Barn Door on Pegasus.” The write up contains a statement I found interesting. Here’s the passage I noted:
Intelligence agencies around the world have shifted from collecting data in transit to collecting data at rest, since encryption uptake has made the former less fruitful. Sniffing packets in the air or over the wire has traditionally been the first choice for intelligence agencies only because it was the easiest. Intelligence agencies historically targeted devices, too, but usually only for their top targets. But now that so much traffic is encrypted, it makes more sense to focus on its endpoints.
This may seem obvious to some. The point is that specifically articulating a method in mass media is probably not high on my list of communication musts. This is one more example of the knock-on effect of the NSO Group’s media magnetism. I wish I could say that the NSO Group matter was lost in the ever decreasing news cycle. I cannot.
Stephen E Arnold, August 17, 2021
Peraton: Some Notes
August 16, 2021
Peraton received another juicy Federal contract. “Peraton Wins Nearly $1B DOD Contract” reports:
Herndon-based Peraton Inc., a national security contractor, won a nearly $1 billion task order to provide the U.S. Department of Defense’s U.S. Central Command (USCENTCOM) and its mission partners with operational planning, implementation and assessment services (OPIAS). USCENTCOM directs military operations with allies in the Middle East.
Peraton is, to some degree, the Harris Corp’s government unit. Backed by Veritas Capital, the contract winner is an example of the shift taking place in cyber intelligence.
The company is active in a number of government centric sectors; for example, digital forensics, cyber crime, and mission operations and analysis.
What work will Peraton perform? I don’t know and it is highly unlikely that the company will follow NSO Group’s method for generating publicity. I mention this Israeli firm’s misstep because it is continuing to send shockwaves through the intelware sector.
Stephen E Arnold, August 16, 2021
Palantir Pushes Beyond What Any Other System Can Do It Seems
August 13, 2021
I believe everything I read online. Don’t you. I spotted this interesting article: “Palantir: Revolutionizing Big Data Analytics.” The write up shows a Covid dashboard and focuses on what’s called “data integration.” Putting information in an index or series of indexes so a user or software can run a query across that which has been placed in said indexes is sometimes called “federation”. Without entering a rabbit hole, let’s accept the “data integration” idea and ignore the buzzwords like “cross function collaborations.”
The Palantir system has a four step “process flow.” These steps include:
- Aggregating data
- Transforming data
- Securing data
- Empowering data.
I track with the first three steps, which have been required by policeware and intelware systems for decades.
The baffler is “empowering” data. I think this means that Palantir data are more valuable, potent, or muscular than data in a system for which I was a consultant many years ago. That was the i2 Analysts Notebook from the late 1990s.
That’s neither here nor there because Palantir did the Silicon Valley thing and found inspiration in that pioneering i2 system, which is now owned by IBM.
But here’s the statement in the write up that left me scratching my head:
Palantir is different from traditional business intelligence solutions like Tableau, Alteryx, or Cloudera, as it’s able to answer questions that a regular model isn’t able to. Questions such as “What steps should be taken if there’s another global pandemic”, or “How to increase margins in the most effective way”.
The companies cited in the passage are not intelware or policeware centric. Second, Palantir seems to be able to process natural language queries, extract on point facts and data from the aggregated and transformed data, and deliver answers.
As far as I know, NLP system do not reliably field ad hoc questions about general business issues or warfighting/intelligence issues. If systems did, there would not be the grousing about training, complexity, and disused intelware due to complexity and instability.
I don’t want to suggest that Palantir cannot deliver NLP which works. I would like to gently suggest that this just may not work in a way which would be useful in certain situations.
I understand the reasons “traditional” intelware fails. Managing data and logic together is tricky and made more challenging and expensive because real time streams can be ingested into some intelware systems. Specialists exist to deal with the real time challenge, and I am not sure Palantir has the robustness of Trendalyze, for example.
The data integrity issue is a big deal. Palantir makes it possible to know who input data. But the integrity issue is larger than than a single person. There are vendors who assemble data sets. Automated data sets work okay too, but when a stream is lost from an authorized intercept, the data set takes a hit. Plus, there is just bad data; for example, variable mechanisms for counting Covid deaths. Has Palantir whipped this garbage in problem? Maybe.
One weakness of Palantir’s competitors is described this way:
The inability to define key business metrics transparently in a common data foundation
This is an ambiguous statement. Most managers don’t know what they need or want. A case in point is a cyber security vendor offering phishing protection to clients. What happens if phishing techniques rely on auto generated emails with smart software crafting the pitch and the inclusion of valid links to the recipient’s company’s Web site. How is an employee to recognize these malformed email? We know phishing systems are not working because of the notable breaches in the US and elsewhere in the last six months of 2021. Senior managers want answers, and hopefully the answers are “good” or at least don’t lead to a diplomatic crisis or a severe business impact. Has Palantir cracked the problem of people who say, “I know what I want when I see it.” In my experience, quite a few CxOs rely on this method. Unfortunately this is not 1690 in Rhode Island where the vigilant are on the look out for irritated Native Americans. Recognizing that eye ball glimmering in a bush is not something intelware systems are able to do in a reliable, economical, speedy way.
Finally, the Palantir competitors “lack flexibility due to rigid data assets.” I remember the sales pitch of MarkLogic, a vendor of slicing-and-dicing content systems. The idea is that XML was almost magical. Input parameters and one gets output like a book made up of relevant content from the objects in the database. XML is a useful tool, but based on my experience with intelware systems, most of them use structured files, open source software, and the same popular algorithms taught in CompSci 401 around the world. The flexibility issue is a big one because now intelware must make sense of audio, video, pictures, gifs, database files, proprietary files from legacy systems, consumer file types like Word, and numeric streams. The phrase “rigid data assets” does quite capture the nuances of the data chaos facing most organizations.
Net net: This is an interesting write up, but I think it needs evidence, and substantive information. Palantir certainly has magnetism, but I still ask myself:
Why is Palantir funding SPACs and allegedly requiring these firms to agree to license the Palantir system?
This is a mystery to me. Because if Palantir whipped NLP, for instance, or the data chaos problem, the company would the hottest thing since i2 Analysts Notebook.
Stephen E Arnold, August 13, 2021
NSO Group: Let Loose the Legal Eagles
August 13, 2021
I was dismayed to read “More Journalists File Legal Complaints after Being Targeted by Pegasus Surveillance Software.” Outrage and finger pointing are obviously not enough. According to the article:
The list of legal challenges against NSO Group continues to mount after 17 additional journalists from seven countries have filed complaints with prosecutors in Paris, France. To date, international media freedom organization Reporters Without Borders (RSF) and two French/Moroccan journalists have filed cases in court over serious concerns that their governments were spying on them due to their work as journalists, carrying out vital public interest investigations. The latest journalists to file complaints include Sevinc Abassova from Azerbaijan, Szabolcs Panyi and Andras Szabo from Hungary, and others from India, Togo, and Mexico. Among the other complainants are Shubhranshu Choudhary, an RSF correspondent in India, and two RSF Award Winners, Hicham Mansouri from Morocco and Swati Chaturvedi from India.
I am not an attorney. I have enough challenges just being a retired, chubby consultant. Several points seem salient to me:
- NSO Group is essentially the intelware equivalent of the protagonist in Nat Hawthorne’s zippy thriller, The Scarlet Letter.
- The legal process is tough to manage when it involves a single matter in a single jurisdiction. A pride of filings exponentiates the complexities and the likelihood of some intriguing decisions. Say “hello” to high risk litigating.
- The ripple effect of the intelware disclosures is going to intersect with an unrelated security action taken by Apple Computer. The NSO Group matter will raise the stakes for the trillion dollar company everyone once associated with user privacy.
Net net: Excitement ahead. Buckle up.
Stephen E Arnold, August 13, 2021
NSO Group: Origins
August 11, 2021
I read “Israel Tries to Limit Fallout from the Pegasus Spyware Scandal.”
I noted this statement which is has been previously bandied about:
Israel has been trying to limit the damage the Pegasus spyware scandal is threatening to do to France-Israel relations. The Moroccan intelligence service used the software, made by an Israeli company with close ties to Israel’s defense and intelligence establishments, to spy on dozens of French officials, including fourteen current and former cabinet ministers, among them President Emmanuel Macron and former prime minister Edouard Phillipe.
The write up reports:
There were reasons for Macron’s irritation: The NSO Group was established in 2009 by three Israelis — Niv Carmi, Shalev Hulio, and Omri Lavie. Contrary to popular belief, the three were not veterans of the vaunted Unit 8200, the IDF’s signal intelligence branch (although many of the company’s employees are). It is generally accepted by intelligence services around the world that many Israeli high-tech companies share information they glean from their contracts abroad with the Israeli security services, if they think such information is vital to Israel’s security (this is why the Committee on Foreign Investment in the United States, or CFIUS, has been reluctant to allow Israeli cyber companies access to the U.S. market).
Interesting.
Stephen E Arnold, August 11, 2021
Another Perturbation of the Intelware Market: Apple Cores Forbidden Fruit
August 6, 2021
It may be tempting for some to view Apple’s decision to implement a classic man-in-the-middle process. If the information in “Apple Plans to Scan US iPhones for Child Abuse Imagery” is correct, the maker of the iPhone has encroached on the intelware service firms’ bailiwick. The paywalled newspaper reports:
Apple intends to install software on American iPhones to scan for child abuse imagery
The approach — dubbed ‘neuralMatch’ — is on the iPhone device, thus providing functionality substantially similar to other intelware vendors’ methods for obtaining data about a user’s actions.
The article concludes:
According to people briefed on the plans, every photo uploaded to iCloud in the US will be given a “safety voucher” saying whether it is suspect or not. Once a certain number of photos are marked as suspect, Apple will enable all the suspect photos to be decrypted and, if apparently illegal, passed on to the relevant authorities.
Observations:
- The idea allows Apple to provide a function likely to be of interest to law enforcement and intelligence professionals; for example, requesting a report about a phone with filtered and flagged data are metadata
- Specialized software companies may have an opportunity to refine existing intelware or develop a new category of specialized services to make sense of data about on-phone actions
- The proposal, if implemented, would create a PR opportunity for either Apple or its critics to try to leverage
- Legal issues about the on-phone filtering and metadata (if any) would add friction to some legal matters.
One question: How similar is this proposed Apple service to the operation of intelware like that allegedly available from the Hacking Team, NSO Group, and other vendors? Another question: Is this monitoring a trial balloon or has the system and method been implemented in test locations; for example, China or an Eastern European country?
Stephen E Arnold, August 6, 2021
NSO Group: A Somewhat Interesting Comment
August 5, 2021
I read on August 5, 2021, “Israeli Government Finally Decides To Start Looking Into NSO Group And Its Customers.” The write up contained the interesting word “finally.” There’s nothing like criticizing a government agency for an easy pot shot. But here’s the passage which caught my attention:
the Israeli government has opened its own… something… of NSO Group. But this inquiry is moving much more cautiously with local agencies showing much less urgency.
I think the “delay” suggests differential time measurements. Some government agencies do the mañana thing; others have a cadence set to hippity hop time.
The evidence is in and the judgment is rendered:
This seems to indicate that the list of numbers is actually related to NSO Group and potential targets of its customer base. If the list has nothing to do with NSO or its customers — as NSO has claimed — it likely wouldn’t feel compelled to cut off customers and/or curtail their use of Pegasus malware. While this isn’t an explicit admission of culpability by NSO, the implication is that the company sold its products to governments it knew would abuse them to surveil people they didn’t like, rather than just criminals and terrorists.
Intriguing because specific factual information about the delta in time perceptions is ignored. Just go to the conclusion. Helpful.
Stephen E Arnold, August 5, 2021
NSO Group and France: Planning a Trip to Grenoble? Travel Advisory Maybe?
August 3, 2021
The PR poster kid for intelware captured more attention from the Guardian. “Pegasus Spyware Found on Journalists’ Phones, French Intelligence Confirms” reports in “real news” fashion:
French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country’s international television station France 24. It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project – a consortium of 17 media outlets, including the Guardian.
The consistently wonderful and objective, media hip newspaper provided a counter argument to this interesting finding:
NSO said Macron was not and never had been a “target” of any of its customers, meaning the company denies he was selected for surveillance or was surveilled using Pegasus. The company added that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.
Is NSO Group adopting a Facebook- or Google-type of posture? I think response to implied criticism is to say stuff and nod in a reassuring manner? I don’t know. The Guardian, ever new media savvy, wraps up the PR grenade with this comment:
The investigation suggests widespread and continuing abuse of Pegasus, which NSO insists is only intended for use against criminals and terrorists.
Should NSO Group professionals consider a visit to France and a side trip to Grenoble in order to ride Les Bulles?
Stephen E Arnold, August 3, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
