Accidental News: There Is a Google of the Dark Web.
August 2, 2022
Yesterday one of the research team was playing the YouTube version of TWIT which is Silicon Valley acronym speak for “This Week in Tech.” The program is hosted by a former TV personality and features “experts”. The experts discuss major news events. The August 1, 2022 (captured on July 31, 2022) has the title “The Barn Has Left the Horse — CHIPS Act, Earnings Week, FTC Sues Meta, Twitter Blue Price Hike.” The “experts” fielding questions and allegedly insightful observations by Mr. LaPorte can be viewed at this link. The “experts” on the “great panel” for this program included:
- Jason Snell
- Shoshana Weissmann
- Dan Patterson.
In the midst of recycled information and summaries of assorted viewpoints, there was what I thought was information warranting a bit more attention. You can watch and hear what Dan Patterson says at 2:22:30. A bit of context: Mr. Patterson announced that he is the Editorial Director at Cybersixgill, [supplemental links appear below my name at the foot of this blog post] a firm named after a shark and with, until now, a very low profile. I think the outfit is based in Tel Aviv and it, as I recall, provides what I call specialized software and services to government entities. A few other firms in this particular market space are NSO Group and Voyager Labs, among other. Rightly or wrongly, I think of Herliya as the nerve center for certain types of sophisticated intercept, surveillance, analytic, and stealth systems. Thus, “low profile” is necessary. Once the functionality of an NSO Group-type system becomes known, then the knock on effect is to put Candiru-type firms in the spotlight too. (Other fish swimming unseen in the digital ocean have inspired names like “FinFisher,” “Candiru,” and “Sixgill.”)
So what’s the big news? A CBS technology reported quitting is no big deal. A technology reporter who joins a commercial software and services firm is not a headline maker either.
This is, in my opinion, a pretty remarkable assertion, and I think it should be noted. Mr. Patterson was asked by Mr. LaPorte, “So CyberSixgill is a threat intelligence…” Mr. Patterson added some verbal filler with a thank you and some body movement. Then this…
CyberSixgill is like a Google for the Dark Web.
That’s an interesting comparison because outfits like Kagi and Neva emphasize how different they are from Google. Like Facebook, Google appears to on the path to becoming an icon for generating cash, wild and crazy decisions, and an emblem of distrust.
Mr. Patterson then said:
I don’t want to log roll…. I joined the threat detection company because their technology is really interesting. It really mines the Dark Web and provides a portal into it in ways that are really fascinating.
Several observations:
- Mr. Patterson’s simile caught my attention. (I suppose it is better than saying, “My employer is like an old school AT&T surveillance operation in 1941.”
- Mr. Patterson’s obvious discomfort when talking about CyberSixgill indicates that he has not yet crafted the “editorial message” for CyberSixgill.
- With the heightened scrutiny of firm’s with specialized software causing outfits like Citizens Lab in Toronto to vibrate with excitement and the Brennan Center somewhat gleefully making available Voyager Labs’s information, marketing a company like CyberSixgill may be a challenge. These specialized software companies have to be visible to government procurement officers but not too visible to other sectors.
Net net: For specialized software and services firms in Israel, Zurich, Tyson’s Corner, and elsewhere, NSO Group’s visibility puts specialized software and services company on the horns of a dilemma: Visible but not too visible. These companies cannot make PR and marketing missteps. Using the tag line from a “real” journalist’s lips like “a Google for the Dark Web” is to me news which Mr. LaPorte and the other members of the panel should have noticed. They did not. There you go: “Like a Google for the Dark Web”. That’s something of interest to me and perhaps a few other people.
Stephen E Arnold, August 2, 2022
—
Notes:
1 “Sixgill” is the blunt nose “six gill” shark, hexnchoid (Hexanchus griseus). It is big and also called the cow shark by fish aficionados. The shark itself can be eaten.
2 The company’s product is explained at https://www.cybersixgill.com/products/portal/. One “product” is a cloud service which delivers “exclusive access to closed underground sources with the most comprehensive, automated collection from the deep and dark Web. The investigative portal delivers the threat intel security teams need: Real time context and actionable alerts along with the ability to conduct cover investigations.” Mr. Patterson may want to include in his list of work tasks some rewriting of this passage. “Covert investigations,” “closed underground sources,” and “automated collection” attract some attention.
3 The company’s blog provides some interesting information to those interested in specific investigative procedures; for example, “Use Case Blog: Threat Monitoring & Hunting.” I noted the word “hunting.”
4 The company received a fresh injection of funding from CrowdStrike, Elron Ventures, OurCrowd, and Sonae. According to CyberGestion, the firm’s total funding as of May 2022 is about $55 million US.
5 The Dark Web, according to my research team, is getting smaller. Thus, what does “deep web”? The term is undefined on the cited CyberSixgill page. “Like Google” suggests more than 35 billion Web pages in its public index. Is this what CyberSixgill offers?
Mobile Surveillance: Morocco?
August 2, 2022
I read “L’Union Européenne a Discrètement Fourni au Maroc de Puissants Systèmes de Piratage des Téléphones.” I try to believe everything I read on the information superhighway’s sign posts. So far, this story which appeared on July 24, 2022, in Disclose is yet to be verified by my super duper thumbtyping research team. Therefore, I cannot agree or disagree with its statements or the spin put on the story. If you don’t read French, you can try the service at this link to render the mysteries of French is the world’s most lawyer-friendly language.
The company identified as providing mobile phone forensics does business as MSAB, which is a sponsor of the European Academy of Forensic Science conference on mobile device forensics. The firm’s customers are government agencies.. The firm provides “complete solutions.” Its Web site is MSAB.com.
The “Oxygen” referenced in the article may be the entity doing business as Oxygen Forensics. The firm’s Web site is www.oxygenforensic.com. The firm’s mobile phone software is called Detective. Years ago, I did a DarkCyber video about the tool’s capabilities. I have removed my DarkCyber videos from public access because some perceived my explanations as too revealing. For example, I believe I mentioned that the core technology was developed in Russia. Now the firm’s company profile here does not mention much about the non-US facets of the firm.
The write up points out with what I might call Gallic skepticism that the use of the forensic tools is related to immigration. Yep, tools can be used for many purposes. Think about those Buzzfeed articles which explain how to use household products for surprising applications. Who knew dish washing liquid was a jack of all trades?
Worth monitoring because non-US forensic technology is, in my team’s opinion, outperforming US developed solutions in some intelware and policeware sectors. Examples? Sure, just check out the companies in Herliya focused on specialized services.
Stephen E Arnold, August 2, 2022
Surprise: NSO Group Pegasus Is in the News Again
July 28, 2022
On July 27, 2022, the winger wonder Pegasus cast a shadow over the desks of the House Intelligence Committee. The flapping of the mythical creatures wings could not be stilled. Gavel pounding, heavy breathing from lobbyists in the gallery, and convoluted statements by elected leaders did not cause the beastie to fly away. Nope. Pegasus with its NSO Group logo branded on its comely haunch was present. Even mythical creatures can leave behind a mess.
And it appears as if the mess is semi-permanent and odiferous.
“We’re Likely Only Seeing the Tip of the Iceberg of Pegasus Spyware Use Against the US” states:
US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. This, of course, is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.
I like the Hotel Rawanda reference. Younger elected officials may not know much about intelware, but they definitely know about the motion picture in my opinion. Hutus Tutsis and a big box office. A target of Pegasus. Credibility? Yep.
The hearings continue of July 28, 2022. According to the article:
Schiff called NSO’s software and similar eavesdropping tools “a threat to Americans,” and pointed to news reports from last year about cellphones belonging to US diplomats in Uganda being compromised by Pegasus. It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors,” Schiff said.
Google — the go to source for objective information — is allegedly tracking 30 firms “that sell exploits or surveillance capabilities to government-backed groups.
Just 30? Interesting, but, hey, Google knows surveillance cold I suppose.
A handful of observations:
- NSO Group’s Pegasus continues to capture attention like a Kentucky Derby winner which allegedly has banned substances rubbed on its belly. Some of those rub ons have a powerful scent. Even a boozy race track veterinarian can wince when checking a specific thoroughbred’s nether region.
- The knock on effect of NSO Group’s alleged management oversight means that scrutiny of intelware companies is going to spotlight the founders, funders, and stakeholders. I think this is like a deer standing on railroad tracks mesmerized by the bright white light heading down the rails at 60 miles per hour. In the train versus deer competitions in the past, trains hold a decided advantage.
- Individual companies in the specialized software business face an uncertain future.
How uncertain?
Regulations and bans seem to be on the menus in a number of countries. Also, there are a finite number of big dollar contracts for specialized software and smaller firms are going to have to get big fast, sell out to a larger company with multiple lines of law enforcement, defense, and intelligence revenue, or find a way to market without marketing “too well.”
And the “too well”?
Since NSO Group’s spotlight appearances, smaller intelware companies have had to be very careful abut their sales and marketing activities. Why? There are reporters from big time newspapers nosing around for information. There are online podcasts which have guests who talk about what specialized software can do, where the data originate, and how a “food chain” of information providers provide high value information. There are the tireless contributors of Twitter’s #OSINT threads who offer sometimes dumb and less frequently high-value nuggets about specialized services vendors. Finally, there are the marketers at specialized services firms themselves who use email blasts to tout their latest breakthroughs. Other small specialized software vendors prowl the niche law enforcement and intelligence conferences in search of sales leads. In some cases, there are more marketers than there are individuals who can license a data set, an analytics package, or the whole enchilada needed to monitor — how shall I phrase it — comprehensively. These energetic marketers learn that their employer becomes a journalist’s subject of interest.
Net net: When I reflect on the golden years of specialized software and services marketing, testing, and deploying, I have one hypotheses: NSO Group’s visibility has changed the game. There will be losers and a very few big winners. Who could have foreseen specialized software and services working like a bet on the baccarat tables in Monaco? Who anticipated NSO Group-type technology becoming “personal” to the US? I sure did not. The light at the end of the tunnel, once the train clears the deer, is that the discipline of “marketing without marketing too much” may become mainstream in France, Germany, Israel, Switzerland, and the US. I hear that train a-comin’ do you?
Stephen E Arnold, July 28, 2022
NSO Group: Lobbying Is Often Helpful
July 20, 2022
More NSO Group news. “Pegasus Spyware Maker NSO Is Conducting a Lobbying Campaign to Get Off U.S. Blacklist.” The article states as actual factual:
NSO has invested hundreds of thousands of dollars in the past year in payments to lobbyists, public relations companies and law firms in the U.S., in the hope of reversing the Biden administration’s November decision, according to public records filed under the Foreign Agent Registration Act and conversations with people familiar with the effort. These firms have approached members of the U.S. House and Senate, as well as various media outlets and think tanks across the U.S., on NSO’s behalf.
Who knew? NSO Group has been able to attract media attention for months.
The write up points out:
NSO is trying to get the matter raised during a meeting between U.S. President Joe Biden and Israeli Prime Minister Yair Lapid when the former visits Israel this week. In addition, NSO lobbyists unsuccessfully tried to set up a meeting between representatives of the company and U.S. National Security Adviser Jake Sullivan, but it did not take place. Asked for comment, an NSO spokesperson declined to comment on the campaign but “thanked” Shomrim for publishing an article on its efforts, which he described as “supportive.”
Interesting. Why won’t world leaders do what a high tech outfit providing specialized services want?
NSO Group has been trying to explain its position; for example, the cited article notes:
In a different letter distributed by the firm this year, NSO states it has “developed a human rights governance compliance program,” saying it would conduct a review of all users to see whether they might use the technology used to “violate human rights.”
In my upcoming lecture for a law enforcement group, I point out that with each passing day it is increasingly difficult to figure out what information is “valid”. As a result, the utility of open source information is eroding. Perhaps the Golden Age of OSINT is darkened with weaponized information?
Interesting?
Stephen E Arnold, July 20, 2022
NSO Group and the Big Mango
July 19, 2022
“Pegasus Used to Spy on Protesters, a Popular Actress, and Dozens More in Thailand, Report Shows” presents more allegedly accurate information about the NSO Group. The Israeli company has demonstrated a remarkable ability to make headlines. The cited article states:
At least 30 Thai citizens were targeted by the Pegasus phone-hacking software between October 2020 and November 2021, according to a forensic report by the Canadian digital rights organization CitizenLab and Thai NGOs iLaw and DigitalReach.
What’s interesting about this article about the Pegasus software is the assertion about the targets of the alleged surveillance. I noted this passage:
An anti-government rapper, Dechathorn “Hockhacker” Bamrungmuang; a famous Thai actress, Intira Charoenpura; and a political science professor, Prajak Kongkirati, were also among those attacked.
Fascinating. A rapper named Hockhacker. Curious I searched YouTube and located this audio track: https://www.youtube.com/watch?v=qcqoxUICnU8.
Who knew? Will Hockhacker surge to the pinnacle of musical popularity? Will Hockhacker match NSO Group’s PR-ability? Life is chock full of opportunities.
Stephen E Arnold, July 19, 2022
NSO Group: Sort of For Sale and More Remarkable PR
July 12, 2022
I read “Defense Firm Said US Spies Backed Its Bid for Pegasus Spyware Maker.” Okay, NSO Group, the backchannel produced and identified L3 Harris. The proposed acquisition encountered headwinds. Not particularly surprising. What’s interesting is the “play” a specialized software vendor gets. The estimable New York Times, which is enthusiastic in its business reporting, states:
The talks continued in secret until last month, when word of NSO’s possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance. Days later, L3Harris, which is heavily reliant on government contracts, notified the Biden administration that it had scuttled its plans to purchase NSO, according to three United States government officials, although several people familiar with the talks said there have been attempts to resuscitate the negotiations.
I don’t have a dog in this fight. What catches my attention is that NSO Group and the Pegasus words are attention magnets. Doesn’t it seem reasonable that discussions about a company providing specialized hardware, software, and services acquiring an intelware vendor be handled the old fashioned way: Quietly and confidentially.
I have learned that quiet and confidential are not part of today’s world. Consequently, I read the articles about NSO Group and the “deal” and think:
- Another outfit (possibly not American) has an opportunity to snag the systems and methods, software, data, and customers of the PR magnet
- The use of NSO Group and its outstanding marketing and sales methods have altered in a substantive way the specialized software and services market. The changes may not be net positives in my opinion. (Way to go zoom zoom executives.)
- The let’s reveal as much as possible may have some downstream consequences because there are more significant clear and present data actions underway that deserve more attention. Will I mention TikTok and its data? No, of course not.
How much longer will the dead horse take whacks? Probably months, maybe years? And to what end? Selling real news? Embarrassing a US company? Providing weaponized information about political behaviors? My hunch is that the reason is, “Hey, it’s just right.” Do you agree L3 Harris?
Stephen E Arnold, July 12, 2022
TikTok: One US Government Agency Is Not Addicted
July 6, 2022
“U.S. FCC Commissioner Wants Apple and Google to Remove TikTok from Their App Stores” appears to have avoided the digital addiction which some attribute to TikTok. As I have pointed out in my lectures, some Silicon Valley “real news” types are just thrilled with TikTok. Others, like myself, view the app with considerable suspicion. It appears that the UD Federal Communications Commission has some doubts as well.
The write up states:
A leader of the U.S. Federal Communications Commission said he has asked Apple and Google to remove TikTok from their app stores over China-related data security concerns.
The article points out:
- A China connection
- Data hoovering
- A surveillance tool.
The real news folks did not mention TikTok’s usefulness as a psyops weapon.
Oh, well. Why would psyops be important? Possibly manipulation, blackmail, weaponized information. Yeah, no big deal.
Stephen E Arnold, June xx, 2022
NSO Group: The EU Parliament Has an Annoyed Committee
June 27, 2022
I almost made it through a week without another wild and crazy NSO Group Pegasus kerfuffle. Almost is not good enough. I read “EU Parliament’s Pegasus Committee Fires Against NSO Group.” Do committees tote kinetic weapons in Western Europe?
The write up states:
On Tuesday (21 June), the committee scrutinized the NSO Group by questioning Chaim Gelfand, the tech firm’s General Counsel and Chief Compliance Officer. The MEP and rapporteur Sophie in ‘t Veld said the way Gelfand responded to or declined to answer several questions was “an insult to our intelligence” and that there was a “complete disconnect between reality and what you are saying”.
Does this mean “dismissive”? Maybe “arrogant”? Possibly “exasperated”?
The write up includes a question from a Polish representative; to wit:
“Who and how was checking the governments of Hungary and Poland? How on earth could they be verified by you?”
Not surprisingly, NSO Group has yet to find the equivalent of Meta (Zuckbook’s spokes human). Perhaps NSO Group will find an individual who does not stimulate EU Parliament committee members to be more forceful?
Stephen E Arnold, June 27, 2022
TikTok: Allegations of Data Sharing with China! Why?
June 21, 2022
If one takes a long view about an operation, some planners find information about the behavior of children or older, yet immature, creatures potentially useful. What if a teenager, puts up a TikTok video presenting allegedly “real” illegal actions? Might that teen in three or four years be a target for soft persuasion? Leaking the video to an employer? No, of course not. Who would take such an action?
I read “Leaked Audio from 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed from China.” Let’s assume that this allegation has a tiny shred of credibility. The financially-challenged Buzzfeed might be angling for clicks. Nevertheless, I noted this passage:
…according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users…
Is the audio deeply faked? Could the audio be edited by a budding sound engineer?
Sure.
And what’s with the TikTok “connection” to Oracle? Probably just a coincidence like one of Oracle’s investment units participating in Board meetings for Voyager Labs. A China-linked firm was on the Board for a while. No big deal. Voyager Labs? What does that outfit do? Perhaps it is the Manchester Square office and the delightful restaurants close at hand?
The write up refers to data brokers too. That’s interesting. If a nation state wants app generated data, why not license it. No one pays much attention to “marketing services” which acquire and normalize user data, right?
Buzzfeed tried to reach a wizard at Booz, Allen. That did not work out. Why not drive to Tyson’s Corner and hang out in the Ritz Carlton at lunch time. Get a Booz, Allen expert in the wild.
Yep, China. No problem. Take a longer-term view for creating something interesting like an insider who provides a user name and password. Happens every day and will into the future. Plan ahead I assume.
Real news? Good question.
Stephen E Arnold, June 21, 2022
Quick NSO Group Update
June 20, 2022
Two items for the estimable NSO Group caught my attention.
The first is a Reuters (the trust outfit!) item called “Spanish Court Calls CEO of Israel’s NSO to Testify in Spying Case.” The trusted write up reports that t6he “rogatory” commission will head to Israel and investigate. Nothing new with this. The CEO appears to be a person of interest.
The second is an Axios story with a pat-on-the-back headline: “Scoop: Israelis Push US to Remove NSO from Blacklist.” The core of this item is that looked at one way, routine discussions are underway. Looked at another way, lobbyists are beavering away. NSO Group has not hired one law firm to work on the blacklisting. Nope, NSO Group has two law firms loosing legal eagles.
NSO Group has lost some PR traction to the Alphabet Google YouTube DeepMind Bob Hope-ism that its software is alive and as smart as a seven year old. I think crows are as smart as seven years old. Despite the best efforts of those who want to discredit the specialized software vendors, AGYD’s mastery of messaging is at the top of the heap.
Keep trying NSO Group.
Stephen E Arnold, June 20, 2022