NSO Group Knock On: Live from Madrid
May 10, 2022
The NSO Group fan Paz Esteban has been gored (metaphorically speaking, of course). “Spain’s Spy Chief Sacked after Pegasus Spyware Revelations” reports that “Paz Esteban reportedly loses job after Catalan independence figures were said to have been targeted.” How about those hedging Latinate structures. The write up alleges:
Paz Esteban reportedly confirmed last week that 18 members of the Catalan independence movement were spied on with judicial approval by Spain’s National Intelligence Centre.
I suppose spying on the Barcelona football team makes sense if one roots for Real Madrid. It is a stretch that 18 individuals who want to do a 180 degree turn away from Madrid’s approach to maintaining law, order, health, peace, prosperity, etc. etc.
The write up notes:
Esteban reportedly confirmed last week to a congressional committee that 18 members of the Catalan independence movement were spied on with judicial approval by Spain’s National Intelligence Centre (CNI), leaving the Catalan regional government demanding answers.
Yep, the action was approved. Life would have been more like a late dinner than a burger from a fantastic American fast food restaurant. That’s the problem. The gobbling of the fries was approved by lawyers.
That’s a crisis. Making the spry 64 year old Ms. Esteban López the beard is unfortunate. My hunch is that some youthful whiz kids found the NSO Group’s Pegasus a fun digital horse to ride. The idea floated upwards for approval and ended up in front of the “judiciary.” That mysterious entity thought letting the kids ride the Pegasus was a perfectly okay idea.
Now a crisis is brewing. The gored Ms. Esteban López may only be one of the first in the intelligence, law enforcement, and judiciary to feel the prick of the digital bull’s horns and the knock from the beastie’s hooves.
Several observations:
- Who else will be implicated in this interesting matter? Who will be tossed aloft only to crash to the albero del ruedo?
- Will a parliamentary inquiry move forward? What will that become? A romp with Don Quixote and Sancho?
- Is a new Spanish inquisition about to begin?
Excitement in the Plaza de Toros de Las Ventas perhaps?
Stephen E Arnold, May 10, 2022
Voyager Labs Exposed: Another NSO Group?
May 10, 2022
I read “Voyager Labs: L’Arma spuntata dell’intelienza artificiale.” I was expecting some high-flying smart software. What the article delivers is some juicy detail about intelware, conferences where quite non-public stories are told, and an alleged tie up between those fine folks at Palantir Technologies and the shadowy Israeli company. One caveat: One has to be able to read Italian or have a way to work around the limitations of online translation systems. (Good luck with finding a free to use system. I just asked my local Pizza Hut delivery person, who speaks and reads Italian like a Roma fan.)
Here are some allegedly spot on factoids from the write up:
- One of the directors of the company has a remarkably unusual career at a US government agency. The individual presided over specialized interrogation activities and allowing a person with a bomb to enter a government facility. There were a handful of deaths.
- The Voyager Labs’ cloud services are allegedly “managed globally by Palantir’s Gotham platform.
- Voyager’s Labs’ content was described at an intelligence conference owned and managed by an American in this way: “usable and previously unattainable information by analyzing and understanding huge amounts of open, deep and obscure Web data.”
- Allegations about the use of Voyager Labs’ system to influence an Italian election.
- Voyager Labs identifies for licensees people with red, orange, and green icons. Green is good; red is bad; orange is in the middle?
Interesting stuff. But the zinger is the assertion that Voyager Labs’ smart software can output either dumb or aberrant results. The whiz kids at Gartner Group concluded in 2017 that Voyager Labs was a “cool vendor.” That’s good to know. Gartner likes intelware that sort of works. Cool.
Interesting profile and there are more than 100 footnotes. I assume that the founder of Voyager Labs, the conference organizer, and assorted clients were not will to participate in an interview. This is an understandable position, particularly when an Israeli outfit could be the next in the NSO Group spotlight.
Stephen E Arnold, May 10, 2022
Palantir Technologies: Following in the Footsteps of Northern Light and Autonomy
May 4, 2022
What market sector is the one least likely to resonate with race car fans? I would suggest that the third party Chinese vendor TopCharm23232 is an unlikely candidate. Another outlier might be PicRights, a fascinating copyright enforcement outfit relying on ageing technology from Israel.
What do you think about search and content processing vendors?
I spotted this ad in the Murdoch-owned Wall Street Journal which resides behind a very proper paywall.
The full page ad appeared in my Kentucky edition on May 3, 2022. I was interested when Northern Light, a vendor of search systems relying originally on open source technology shaped by Dr. Marc Krellenstein, sponsored a NASCAR vehicle. I wonder how my NASCAR fans were into Northern Light’s approach to content clustering? Some I suppose.
I also noted Autonomy plc’s sponsorship of an F-1 car and the company’s logo on the uniform of the soccer / football club Tottenham Hotspur. (That’s the club logo with a big chicken balancing on a hummingbird egg.)
How did the sponsorships work out? I am not sure about sales and closing deals, but hanging with the race car drivers and team engineers is allegedly a hoot.
Will Palantir’s technology provide the boost necessary to win the remaining F-1 races? I don’t do predictive analytics so, of course, Palantir is a winner. The stock on May 4, 2022, opened at $10.55. For purposes of comparison, Verint which is a company with some similar technology opened at $54.04. Verint does not do race cars from what I have heard.
Stephen E Arnold, May 4, 2022
Stephen E Arnold
Stephen E Arnold
Disinformation: Live and Obvious in the Windows 11 Crazy Train
April 28, 2022
I noted that a number of OSINT experts sidestepped the issues of misinformation (making stuff up), disinformation (data which nuke other information), and reformation (moving the data walnut shells like a walnut shell wizard). The experts offered comments at a recent conference I attended, and I was fascinated by the avoidance of what seems to be as a showstopper for analysts.
Let me give you an example unrelated to the professional OSINT lecturers.
The first is the story in Ars Technica. The headline is “Businesses Are Adopting Windows 11 More Quickly Than Past Versions, Says Microsoft.” Straightforward and actual factual.
Now consider “Windows 10 Still Growing, But Win 11 Had Another Bad Month, Says AdDuplex.” This appears to report data slightly off course with the Ars Technica write up.
Okay, are both sort of true? Is one statement more accurate than another? Maybe one or both are baloney?
The problem is that in order to figure out which is disinformation, one has to do quite a bit of work.
Now imagine that a really smart machine learning system ingests the content and shoves it into a whiz bang smart software system. The smart software will do what? Identify the rightness or wrongness of each set of factoids? Will the smart software go with a simple voting method and the most likely rightness will emerge from the murky plumbing of the smart software? Will the system punt as some digitally learned systems do?
The answer is that manipulation of information can generate outputs that may be disconnected from what is shaking in the real world.
Is this a problem? Yep. Is there a fix? Nope. Are there downstream consequences? Does a calculating predator exist in the technology theme park?
Stephen E Arnold, April 28, 2022
Were Some Party Goers at 10 Downing Street Targeted by NSO Group Technology?
April 26, 2022
The New Scientist (yes, the New Scientist for goodness sakes) published “UK Prime Minister’s Office Smartphones Targeted by Pegasus Spyware.” (You may have to pay to view this write up, gentle reader.) The main point of the write up is it seems to me:
Researchers claim to have uncovered cyber attacks using Pegasus software against 10 Downing Street and the Foreign and Commonwealth Office.
Is this the government office about which Euronews said that UK prime minister Boris Johnson was fined over Downing Street lockdown partiers? It sure looks like it to me.
The New Scientist story recycles the Citizen Lab reports about someone using NSO Group technology to snoop on individuals in the British government. I don’t know if the research is on the money. I described the University of Toronto’s interest in NSO Group as a Munk-ey on the poster child company.
Several observations:
- I am concerned that the recycling of information about NSO Group technology may have unintended consequences; for example, if I were a college computer science professor, I could envision asking students to check out the Pegasus software on GitHub and come up with similar functionality. But I am not a college prof yet there may be a professor in Estonia who comes up with a similar idea.
- The idea that a scientific research publication is focusing attention on an Israeli firm whose software was used by a government illustrates how information leakage can slosh around. Is this a click decision or a political decision or an ethical decision? I have no idea, but someone made a decision to recycle the Munk story.
- Companies pay big money to get their “brand” in front of eyeballs. NSO Group is clearly the brand champion in the intelware sector. Winner? Well, maybe.
Net net: This NSO Group buzz shows no sign of decreasing. That’s not good.
Stephen E Arnold, April 26, 2022
The Munk-ey on the Back of NSO Group
April 20, 2022
The Munk School at the University of Toronto has a keen interest in the NSO Group. I read “CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru.” (I wish someone would ask me about the candiru at a dinner party. I really want to answer using my own style of expressing myself. Ah, you don’t know about the penis centric creature? Knowing can be helpful before a dip in certain South American rivers and streams.)
Back to munk-ey on NSO Group’s back.
The write up states:
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware. At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both. Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations. Family members were also infected in some cases.
What’s interesting is that the Munk folks want to prevent a government from performing certain actions. How’s that working out for those who want to influence Mr. Putin. A commercial enterprise sells to a government agency, how exactly is the vendor supposed to prevent a nation state from doing what it wants?
The write up focuses on political issues, and the NSO Group’s technology is not an interesting system with useful functions. The platform becomes the equivalent of Darth Vader’s favorite light saber. How will the Munk experts control an entity its researchers deem Darth Vader pretenders?
Yeah, how would that play out?
The write up is interesting and reveals quite a bit of research.
However, the more significant issue is one which is ignored. Technology can be placed in a context. The context then defines the technology. Our present context is that technology facilitates weaponization. The ethical underpinnings of behavior, in my opinion, have been torn or removed.
Thus, the Munk team is talking about technology and seems to be disinterested in what is allowing outfits like NSO Group become a ping pong ball. Without a net, there is no game.
Perhaps the net is a thing which can be put front and center? Legacies of Roman rule, control of national state officials, and the inherent badness of core mobile phone functions are a way to let off emotional steam?
What about no click exploits for Android devices? Perhaps that is next up on the Munk agenda?
Stephen E Arnold, April 20, 2022
Tim Apple and Unintended Consequences: AirPods?
April 19, 2022
Apple in my opinion emphasizes privacy. (How about the iPhone and the alleged NSO Group Pegasus functionality?) “Ukrainians Are Tracking the Movement of Russian Troops Thanks to One Occupier Looter with AirPods.” I am not sure if the write up is accurate. The source says “truth.” But…
The tracking thing is interesting; for example, Phone home malware on an iPhone, an AirTag hidden on a Russian T-14 Armata, or AirPods. Head phones? Yep.
The cited article reports:
A Russian soldier stole [a Ukrainian’s] AirPods (wireless headphones) when looting [the Ukrainian’s] apartment while Russian occupying forces were in Gostomel. Russian soldiers withdrew, but thanks to the technology on Apple devices, Ukrainians can keep track of where their headphones are. Find My technology on Apple devices lets you find the location of a lost device on the map if it’s near Bluetooth smartphones or connected to Wi-Fi.
What can one do with the help geo-location functions? One idea is to use the coordinates as a target for a semi-smart missile. (This is not a criticism of smart software. It is part of the close enough for horseshoes methods which can often deliver the payload somewhere unintended.)
Now about that Tim Apple privacy thing? Pravda or falsehood?
Stephen E Arnold, April 19, 2022
The Value of the NSO Group? Probably More Than Zero
April 19, 2022
The Financial Times published “NSO Group Deemed Valueless to Private Equity Backers.” The orange newspaper stated that a consulting firm studied the intelware outfit and provided information with this startling number. There’s a legal dust up underway, and my hunch is that legal eagles will flock to this situation: Alleged misuse of the Pegasus system, financial investments, and the people involved in assorted agreements. The story points out that NSO Group is “not a party” to this particular lawsuit. The folks funding the legal eagles are a consulting outfit called Berkeley Research Group. An outfit called Novalpina Capital convinced some to put money into the cyber gold mine. Then the PR spotlight illuminated NSO Group and a torrent flowed downhill knocking down some once impregnable structures. Plus the FT’s article references to an outfit called Integrity Partners who, according to the Financial Times, are willing to buy NSO Group for several hundred million dollars. Is this a good deal? In my opinion, something is better than zilch.
An unnamed NSO Group spokesperson indicated that the NSO Group’s system was of interest to many customers. If this is true, wasn’t the most recent license deal inked in mid 2021 for the platform? My thought is that the company’s proprietary technology would be of interest to other intelware firms interested in obtaining the licensee base and the platform which might benefit from newer, more sophisticated geo-spatial functionality which I will describe in my OSINT lecture at the US National Cyber Crime Conference on April 26, 2022. Sorry, the info is not for a free blog, gentle reader.
In my opinion, the referenced write up presents a fairly chaotic snapshot of the players, the valuation, and the legal trajectory for this matter. We need to bear in mind that NSO Group is hitting up the US Supreme Court and dealing with its Tim Apple issues.
One thing is crystal clear to me: The NSO Group’s misstep is now sending out concentric pulses which are extremely disruptive to entities rarely in the public spotlight. This is unfortunate and underscores why the Silicon Valley Tel Aviv style is not appreciated in some upscale social circles.
Stephen E Arnold, April 19, 2022
FinFisher: Grilled or Fried?
April 18, 2022
I read “Criminal Complaint against Illegal Export of Surveillance Software Is Making an Impact: The FinFisher Group of Companies Ceases Business Operations after Its Accounts Are Seized by Public Prosecutor’s Office.” FinFisher was a developer of specialized software and services. The write up quotes Gesellschaft für Freiheitsrechte e.V.’s spokesperson as saying:
“FinFisher is dead. Its business with illegal exports of surveillance software to repressive regimes has failed. This is a direct success of our criminal complaint.
The company’s system, according to the write up allows “police and secret services [to] pinpoint a person’s location, record their telephone conversations and chats and read all their mobile phone and computer data.”
Stephen E Arnold, April 18, 2022
NSO Group to US Supreme Court: Help!
April 14, 2022
The “real news” outfit the Associated Press ran an article called “NSO Turns to US Supreme Court for Immunity in WhatsApp Suit.” The main idea is that Zuckbook’s lawsuit has to go away. The legal dust up dates from 2019. Zuckbook alleges that NSO Group zapped more than 1,000 users of WhatsApp, a popular instant messaging service. WhatsApp delivers alleged end to end encrypted messaging (EE2E). Intercepting content WhatsApp users think is secure can deliver some high value intelligence if available to certain professionals. NSO Group’s idea is that it is a “foreign government agent.” As such, NSO Group cannot be hassled for its specialized software and services. Why is the issue at the US Supreme Court? The answer is that in previous legal proceedings, federal court rulings said, “Sorry. Zuckbook’s case goes forward.”
I am no attorney, but the sovereign immunity angle sounds good: Intelware, used by some US allies, and good at what it does. The reasoning of the courts is that the NSO Group is not going to get the sovereign “get out of jail free” card in this Monopoly game. Why? According to the information in the write up, NSO Group is software, not an “agent.”
Three observations:
- NSO Group is hoping the third time is a charm in US courts it seems.
- The company just cannot stay out of the newsfeeds. Maybe its management team should start a PR firm.
- The Supreme Court can be picky about what it takes on and when it does accept a case, the outcome can be surprising, very surprising.
Net net: The intelware sector is likely to find itself under more intense scrutiny as the endless barrage of NSO Group publicity flows.
Stephen E Arnold, April 14, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
