Code Skill for Everyone? An Interesting Question

August 8, 2019

Amazon, Google, and Microsoft want “everyone” to code. Not so fast.

Necessity is the mother of invention and prisoners are some of the most ingenious individuals when it comes to making food, tattoo machines, booze, and shanks. Prisoners also prove their dexterity in hiding contraband items and getting them into prisons. Books were being used to get contraband items into prisons and it got so bad many prisons have forbidden people to send books to those behind bars. Specific books have also been banned by prisons because of their content and Oregon and other states are taking a stand by forbidding books that teach code. Motherboard Vice shares why in the article, “Prisons Are Banning Books That Teach Prisoners How To Code.”

Oregon’s Department of Corrections wants to set the record straight that not all technology-related books are banned, but each one that is sent through the mail room is assessed to see if it presents “a clear and present danger.” Some of the books that are deemed unsuitable include Microsoft Excel 2016 for Dummies, Google Adsense for Dummies, and Windows 10 For Dummies. It is not surprising that Black Hat Python by Justin Seitz is on the list, because it does include hacking tricks and black hat is dubbed black hat for a reason.

However, basic programming languages are not inherently a clear and present danger. Some of the content in the books is outdated and not a danger to the prison. Then again prisons, like most federal organizations, are notoriously under budgeted and could still be running on Windows 98 or even worse Windows ME. Not allowing prisoners to gain computer literacy skills is more harmful, because you need to be sufficient in computers for even the most basic jobs. Without the proper skills, it is much easier to slip back into a life of crime.

But…

“Officials at the Oregon Department of Corrections (DOC) argue, however, that knowledge of even these basic programs can pose a threat to prisons. ‘Not only do we have to think about classic prison escape and riot efforts like digging holes, jumping fences and starting fires, modernity requires that we also protect our prisons and the public against data system breaches and malware,’ DOC spokesperson Jennifer Black said in an emailed statement. ‘It is a balancing act we are actively trying to achieve.’”

That is a good point, but…

“According to Rutgers law professor Todd Clear, security concerns are overblown because learning to hack can require more than reading a book (for example, unrestricted internet access and some savvy comrades), and prison staff can monitor prisoners’ activities. “They are different places, no doubt, but the security claim is often specious,’ he said.”

In Oregon’s defense 98% of books and magazines sent into prisons are approved. Items that are banned based on “based on IT experience, DOC technical architecture and DOC’s mandate to run safe and secure institutions for all.” Coding classes, where offered, are popular among inmates.

Should prisoners be given access to educational classes, so they improve their lives and break free of the prison system? Perhaps the “everyone” push needs a footnote?

Whitney Grace, August 8, 2019

Trovicor: A Slogan as an Equation

August 2, 2019

We spotted this slogan on the Trovicor Web site:

The Trovicor formula: Actionable Intelligence = f (data generation; fusion; analysis; visualization)

The function consists of four buzzwords used by vendors of policeware and intelware:

  • Data generation (which suggests metadata assigned to intercepted, scraped, or provided content objects)
  • Fusion (which means in DarkCyber’s world a single index to disparate data)
  • Analysis (numerical recipes to identify patterns or other interesting data
  • Virtualization (use of technology to replace old school methods like 1950s’ style physical wire taps, software defined components, and software centric widgets).

The buzzwords make it easy to identify other companies providing somewhat similar services.

Trovicor maintains a low profile. But obtaining open source information about the company may be a helpful activity.

Stephen E Arnold, August 2, 2019

Palantir: Did ICE Paid $60 Million for an App

August 2, 2019

DarkCyber spotted a short article in Counterpunch. The title?

Records Show Palantir Made $60 Million Contracting with ICE for Mobile App

The write up said:

A critical July 2019 exposé from WNYC based on documents obtained via FOIA request shows how Palantir’s proprietary software, in this case the FALCON mobile app, is essential to the removal operations of ICE and related agencies. As WNYC explained, “FALCON mobile allows agents in the field to search through a fusion of law enforcement databases that include information on people’s immigration histories, family relationships, and past border crossings.”

Counterpunch then shared its own research findings:

Counterpunch has learned that since 2016, Palantir has made more than $60 million in contract awards from ICE for access to FALCON and for Operations & Maintenance (O&M) for the mobile application. This, of course, is solely for FALCON and related services, and likely just scratches the surface of the true scope of Palantir’s profits from collaboration with ICE, to say nothing of Palantir’s lucrative relations with other government agencies such as CIA, DoD, etc.

The write up covers some other information about Palantir. DarkCyber finds the $60 million for an app interesting.

Stephen E Arnold, August 2, 2019

Amazon and Law Enforcement: Irrelevant or Something Else?

August 1, 2019

I have given lectures about Amazon’s policeware initiative. The information about this facet of the online bookstore’s work has attracted little attention. Rumor has it that one big time reporter tried to ask questions about Ring doorbells and related technologies and found a “No Entry” sign posted.

DarkCyber’s approach is to rely on real news stories. It appears that the Bezos bulldozer has revved its engine with regard to the role of the Ring doorbell and a handful of law enforcement entities. (Yes, DarkCyber perceives an alleged 200 tie ups as a handful. We are talking about the Bezos bulldozer’s pulling capacity. Think in terms of larger numbers. Think Five Eyes. Think financial regulators around the world.)

If the information in Ars Technica is accurate, DarkCyber learned:

Amazon reportedly provides marketing scripts to more than 200 police partners.

If true, this is indeed interesting. LE and intel professionals are not too keen on publicity. Amazon, a master of financial reporting to the SEC, is not like a Hollywood producer using communications to make a dead duck fly.

The write up “Amazon Writes Scripts for for Cops to Sling Ring Home Cameras, Report Says” cites another publication which reproduces an allegedly “real” email. The email includes this text:

Hi, all,

Appreciate your patience here as we are currently hashing out some across the board approaches for these exact scenarios. Given that this has been in the works for quite some time and the circumstances you describe, can we agree on the following timeline of events as a compromise:

Wed, June 5th, Boca PD Onboarding to Neighbors Portal (PS can use portal by commenting and engaging, no external promotion or discussion of portal beyond that)

Thurs, June 6th: Boca Foundation Subsidy Launch Event

Mon, June 24th: Earliest day for any Boca PD neighbors Portal external, public facing announcement (to be coordinated with Ring and reviewed in advance to ensure appropriate messaging and not conflated with Subsidy program)

Please, let us know if this timeline is acceptable! This will allow PD to become familiar and state using portal while given the subsidy program full public attention and greatest chance for success. While sticking with our strict policy of not conjoining the two in practice or in presentation.

This text comes from Engadget.

DarkCyber’s attempt to make sense of this alleged Amazon email to someone in the Boca PD is hypothetical. Here’s what the research team derived from the text of the allegedly “real” email, our open source information about Amazon policeware, and suppositions and rumors floated at conferences.

First, Amazon is providing funds to jump start the “program.” This marketing method is just like the LexisNexis “make the legal information available to law school students.” The goal is to condition young attorneys to use the for fee LexisNexis when they get an job in a law firm, government agency, or non profit. The subsidy essential makes it possible for cash strapped police departments to get access to technology and data. The approach may have some other benefits like good PR for Amazon, police departments, and city officials.

Second, the approach appears to minimize the law enforcement value of the Ring video doorbell to law enforcement. That’s okay, but Amazon appears to view the Ring project as a way to control information flows and decision making within “independent” law enforcement entities. This strikes DarkCyber as a variation of the methods spelled out in the classic “How to Sell Anything to Anybody.” Getting the customer to say “yes” or do what the sales person wants is one theme of this decades old classic.

Third, Amazon is not “connecting the dots” for its policeware system. (If you want a for fee webinar for your team about Amazon policeware, write us at darkcyber333 at yandex dot com.) A key part of the Amazon way to present discrete services as islands which are loosely coupled. In order to connect these islands, one has to be [a] told about the connections by Amazon, [b] take Amazon AWS training and become Amazon certified, [c] grunt around for open source information which is written to make the larger connections in the Amazon policeware system difficult to discern.

DarkCyber finds the Ars Technica write up, the allegedly “real” memo from Amazon to a police department, and the lack of understanding by many Amazon observers interesting.

Amazon sells cameras, dog food, and T shirts, right?

Absolutely, but it also is working overtime to create an Oracle Axiom dominator plus a few other minor things. Definitely “minor.”

Stephen E Arnold, August 1, 2019

Exclusive: DataWalk Explained by Chris Westphal

July 9, 2019

An Interview with Chris Westphal” provides an in-depth review of a company now disrupting the analytic and investigative software landscape.

DataWalk is a company shaped by a patented method for making sense of different types of data. The technique is novel and makes it possible for analysts to extract high value insights from large flows of data in near real time with an unprecedented ease of use.

DarkCyber interviewed in late June 2019 Chris Westphal, the innovator who co-founded Visual Analytics. That company’s combination of analytics methods and visualizations was acquired by Raytheon in 2013. Now Westphal is applying his talents to a new venture DataWalk.

Westphal, who monitors advanced analytics, learned about DataWalk and joined the firm in 2017 as the Chief Analytics Officer. The company has grown rapidly and now has client relationships with corporations, governments, and ministries throughout the world. Applications of the DataWalk technology include investigators focused on fraud, corruption, and serious crimes.

Unlike most investigative and analytics systems, users can obtain actionable outputs by pointing and clicking. The system captures these clicks on a ribbon. The actions on the ribbon can be modified, replayed, and shared.

In an exclusive interview with Mr. Westphal, DarkCyber learned:

The [DataWalk] system gets “smarter” by encoding the analytical workflows used to query the data; it stores the steps, values, and filters to produce results thereby delivering more consistency and reliability while minimizing the training time for new users. These workflows (aka “easy buttons”) represent domain or mission-specific knowledge acquired directly from the client’s operations and derived from their own data; a perfect trifecta!

One of the differentiating features of DataWalk’s platform is that it squarely addresses the shortage of trained analysts and investigators in many organizations. Westphal pointed out:

…The workflow idea is one of the ingredients in the DataWalk secret sauce. Not only do these workflows capture the domain expertise of the users and offer management insights and metrics into their operations such as utilization, performance, and throughput, they also form the basis for scoring any entity in the system. DataWalk allows users to create risk scores for any combination of workflows, each with a user-defined weight, to produce an overall, aggregated score for every entity. Want to find the most suspicious person? Easy, just select the person with the highest risk-score and review which workflows were activated. Simple. Adaptable. Efficient.

Another problem some investigative and analytic system developers face is user criticism. According to Westphal, DataWalk takes a different approach:

We listen carefully to our end-user community. We actively solicit their feedback and we prioritize their inputs. We try to solve problems versus selling licenses… DataWalk is focused on interfacing to a wide range of data providers and other technology companies. We want to create a seamless user experience that maximizes the utility of the system in the context of our client’s operational environments.

For more information about DataWalk, navigate to www.datawalk.com. For the full text of the interview, click this link. You can view a short video summary of DataWalk in the July 2, 2019, DarkCyber Video available on Vimeo.

Stephen E Arnold, July 9, 2019

Follow Intelligence? Watch the National Geospatial-Intelligence Agency

April 12, 2019

I read “Is Geospatial Intel the New Framework for Civilization? The NGA’s New Director Speaks His Mind.” The article contains several points which DarkCyber has identified as important. Are you into geo-fencing? If not, you may want to learn a bit more about this function.

Stephen E Arnold, April 12, 2019

Silos Persist: GAO Analysis of DHS Asserts

March 23, 2019

Government reports are often filled with useful information. Some reports can be difficult to locate. A good example is GAP-19-210 “Homeland Security: Research & Development Coordination Has Improved, but Additional Actions Need to Track and Evaluate Project.” This report is online as of March 23, 2019, at this link: https://www.gao.gov/products/GAO-19-210. In order to obtain a copy, right click on the link and download the PDF. Rendering of the document in a browser is not reliable.

I think this findability issue provides a good example of the information sharing issues discussed in the 59 page report.

If you are interested in the structure of DHS, the report contains several current organization charts.

The information about the technologies in use for border control is one of the first lists of this type which I have seen recently. You can find these data in Appendix I: Overview of the Science Technology Directorate’s Research and Development Projects on pages 48 and following.

This is a useful document because future procurements are hinted at.

A quick heads up. If you look for the document at www.gao.gov, the document does not appear on the public facing Web site yet. Experimenting with the different options for locating public information, one selector returned a list of DHS related reports with the most recent document dated 2014.

Stephen E Arnold, March 23, 2019

Cellebrite Products on eBay?

March 8, 2019

Quite an assertion appeared in “Cellebrite’s phone Hacking Tools Going Cheaply on eBay, Many Still Contain Unwiped Data.”

Cellebrite, a unit of Japan’s Sun Corporation, offers specialized services and hardware to law enforcement agencies worldwide. Like other cyber security and policeware vendors, Cellebrite is a secretive company.

Prices much lower than Cellebrite’s. Cellebrite, it appears, may have need to revisit its product resale guidelines for its customers. More information about Cellebrite can be found on the company’s Web site.

Stephen E Arnold, March 8, 2019

Amazon Policeware Links

March 5, 2019

DarkCyber received a request for the four short Amazon policeware videos we created in late 2018. Here are the links:

October 30, 2018 https://vimeo.com/297839909

November 6, 2018 https://vimeo.com/298831585

November 13, 2018 https://vimeo.com/300178710

November 20, 2018 https://vimeo.com/301440474.

Kenny Toth, March 5, 2019

Facebook and Digital Money

March 4, 2019

Digital currency like Bitcoin is often associated with cyber crime. Rightly or wrongly, Bitcoin evokes images of Dark Web markets selling drugs, an association reinforced by the Silk Road bust.

Facebook, on the other hand, evokes smiles from grandmothers, but a UK investigative body characterized Facebook is more negative terms. My recollection is that the British government sees Facebook as an example of Wild West capitalism which intentionally or unintentionally enables outfits like the now defunct Cambridge Analytica.

I thought about these associations when I worked my way through “Regarding Facebook’s Cryptocurerncy.” The write up asserted:

just because Facebook launches a stablecoin cryptocurrency for peer-to-peer payments doesn’t mean people will actually use it.

Facebook’s possible angle is getting money. The write up points out:

Remittances are the obvious target market here. And it would be huge, and important, and wonderful, if Facebook were to make remittances 10x cheaper and faster … but that would require much more than fast international stablecoin transfers, because, again, those stablecoins are not legal tender at their destination, and I don’t know if you’ve noticed but businesses tend to have this whole thing about receiving legal tender.

The fix is for Facebook to find ways to get organizations to accept Facecoins.

The other angle is:

for Facebook to establish relationships with cryptocurrency exchanges worldwide, or — even more dramatically — become or sponsor exchanges themselves.

The write up is interesting, but it left me with several questions zipping through my admittedly limited brain:

  1. How could bad actors make use of Facecoin?
  2. Will Facebook provide these digital currency data to government authorities?
  3. What third party services will Facebook enable through an existing or new API?
  4. What audit mechanisms are in place?
  5. What if Facebook’s presumed digital currency is used for illegal activities?

I would suggest that when digital currency becomes part of an organization which the British government views in a less than positive manner, regulatory authorities may be sitting on the sidelines.

Stephen E Arnold, March 4, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta