Clearview: More Tradecraft Exposed

March 26, 2020

After years of dancing around the difference between brain dead products like enterprise search, content management, and predictive analytics, anyone can gain insight into the specialized software provided by generally low profile companies. Verint is publicly traded. Do you know what Verint does? Sure, look it up on Bing or Google.

I read with some discomfort “I Got My File From Clearview AI, and It Freaked Me Out.”

Here are some factoids from the write up. Are these true? DarkCyber assumes that everything the team sees on the Internet meets the highest standards of integrity, objectivity, and truthiness. DarkCyber’s comments are in italic:

  1. “Someone really has been monitoring nearly everything you post to the public internet. And they genuinely are doing “something” with it. The someone is Clearview AI. And the something is this: building a detailed profile about you from the photos you post online, making it searchable using only your face, and then selling it to government agencies and police departments who use it to help track you, identify your face in a crowd, and investigate you — even if you’ve been accused of no crime.”
  2. “Clearview AI was founded in 2017. It’s the brainchild of Australian entrepreneur Hoan Ton-That and former political aide Richard Schwartz. For several years, Clearview essentially operated in the shadows.”
  3. “The Times, not usually an institution prone to hyperbole, wrote that Clearview could “end privacy as we know it.” [This statement is a reference to a New York Times intelware article. The New York Times continues to hunt for real news that advances an agenda of “this stuff is terrible, horrible, unconstitutional, pro anything the NYT believes in, etc.”]
  4. “the company [Clearview] scrapes public images from the internet. These can come from news articles, public Facebook posts, social media profiles, or multiple other sources. Clearview has apparently slurped up more than 3 billion of these images.” [The images are those which are available on the Internet and possibly from other sources; for example, commercial content vendors.]
  5. “The images are then clustered together which allows the company to form a detailed, face-linked profile of nearly anyone who has published a picture of themselves online (or has had their face featured in a news story, a company website, a mug shot, or the like).” [This is called enrichment, context, or machine learning indexing and — heaven help DarkCyber — social graphs or semantic relationships. Jargon varies according to fashion trends.]
  6. “Clearview packages this database into an easy-to-query service (originally called Smartcheckr) and sells it to government agencies, police departments, and a handful of private companies….As of early 2020, the company had more than 2,200 customers using its service.” [DarkCyber wants to point out that law enforcement entities are strapped for cash, and many deals are little more than proofs-of-concept. Some departments cycle through policeware and intelware in order to know what the systems do versus what the marketing people say the systems do. Big difference? Yep, yep.]
  7. “Clearview’s clients can upload a photo of an unknown person to the system. This can be from a surveillance camera, an anonymous video posted online, or any other source.”
  8. “In a matter of seconds, Clearview locates the person in its database using only their face. It then provides their complete profile back to the client.”

Now let’s look at what the write up reported that seemed to DarkCyber to be edging closer to “real news.”

This is the report the author obtained:


The article reports that the individual who obtained this information from Clearview was surprised. DarkCyber noted this series of statements:

The depth and variety of data that Clearview has gathered on me is staggering. My profile contains, for example, a story published about me in my alma mater’s alumni magazine from 2012, and a follow-up article published a year later. It also includes a profile page from a Python coders’ meet up group that I had forgotten I belonged to, as well as a wide variety of posts from a personal blog my wife and I started just after getting married. The profile contains the URL of my Facebook page, as well as the names of several people with connections to me, including my faculty advisor and a family member (I have redacted their information and images in red prior to publishing my profile here).

The write up includes commentary on the service, its threats to individual privacy, and similar sentiments.

DarkCyber’s observations include:

  • Perhaps universities could include information about applications of math, statistics, and machine learning in their business and other courses? At a lecture DarkCyber gave at the University of Louisville in January 2019, cluelessness among students and faculty was the principal takeaway for the DarkCyber team.
  • Clearview’s technology is not unique, nor is it competitive with the integrated systems available from other specialized software vendors, based on information available to DarkCyber.
  • The summary of what Clearview does captures information that would have been considered classified and may still be considerate classified in some countries.
  • Clearview does not appear to have video capability like other vendors with richer, more sophisticated technology.

Why did DarkCyber experience discomfort? Some information is not — at this time or in the present environment — suitable for wide dissemination. A good actor with technical expertise can become a bad actor because the systems and methods are presented in sufficient detail to enable certain activities. Knowledge is power, but knowledge in the hands of certain individuals can yield unexpected consequences. DarkCyber is old fashioned and plans to stay that way.

Stephen E Arnold, March 26, 2020

The Google: Geofence Misdirection a Consequence of Good Enough Analytics?

March 18, 2020

What a surprise—the use of Google tracking data by police nearly led to a false arrest, we’re told in the NBC News article, “Google Tracked his Bike Ride Past a Burglarized Home. That Made him a Suspect.” Last January, programmer and recreational cyclist Zachary McCoy received an email from Google informing him, as it does, that the cops had demanded information from his account. He had one week to try to block the release in court, yet McCoy had no idea what prompted the warrant. Writer Jon Schuppe reports:

“There was one clue. In the notice from Google was a case number. McCoy searched for it on the Gainesville Police Department’s website, and found a one-page investigation report on the burglary of an elderly woman’s home 10 months earlier. The crime had occurred less than a mile from the home that McCoy … shared with two others. Now McCoy was even more panicked and confused.”

After hearing of his plight, McCoy’s parents sprang for an attorney:

“The lawyer, Caleb Kenyon, dug around and learned that the notice had been prompted by a ‘geofence warrant,’ a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby. The warrants, which have increased dramatically in the past two years, can help police find potential suspects when they have no leads. They also scoop up data from people who have nothing to do with the crime, often without their knowing ? which Google itself has described as ‘a significant incursion on privacy.’ Still confused ? and very worried ? McCoy examined his phone. An avid biker, he used an exercise-tracking app, RunKeeper, to record his rides.”

Aha! There was the source of the “suspicious” data—RunKeeper tapped into his Android phone’s location service and fed that information to Google. The records show that, on the day of the break-in, his exercise route had taken him past the victim’s house three times in an hour. Eventually, the lawyer was able to convince the police his client (still not unmasked by Google) was not the burglar. Perhaps ironically, it was RunKeeper data showing he had been biking past the victim’s house for months, not just proximate to the burglary, that removed suspicion.

Luck, and a good lawyer, were on McCoy’s side, but the larger civil rights issue looms large. Though such tracking data is anonymized until law enforcement finds something “suspicious,” this case illustrates how easy it can be to attract that attention. Do geofence warrants violate our protections against unreasonable searches? See the article for more discussion.

Cynthia Murrell, March 18, 2020

Banjo: A How To for Procedures Once Kept Secret

March 13, 2020

DarkCyber wrote about BlueDot and its making reasonably clear what steps it takes to derive actionable intelligence from open source and some other types of data. Ten years ago, the processes implemented by BlueDot would have been shrouded in secrecy.

From Secrets to Commercial Systems

Secret and classified information seems to find its way into social media and the mainstream media. DarkCyber noted another example of a company utilizing some interesting methods written up in a free online publication.

DarkCyber can visualize old-school companies depending on sales to law enforcement and the intelligence community asking themselves, “What’s going on? How are commercial firms getting this know how? Why are how to and do it yourself travel guides to intelligence methods becoming so darned public?”

It puzzles DarkCyber as well.

Let’s take a look at the revelations in “Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media.” The write up explains:

  • A company called Pink Unicorn Labs created apps which obtained information from users. Users did not know their data were gathered, filtered, and cross correlated.
  • Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. The developer of the apps was Pink Unicorn. Banjo CEO Damien Patton created Pink Unicorn.
  • Why create apps that seemed to do one while performing data inhalation: “Dataminr received an investment from Twitter. Dataminr has access to the Twitter fire hose. Banjo, the write up says, “did not have that sort of data access.” The fix? Create apps that sucked data.
  • The apps obtained information from Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo.
  • The article points out: “Once users logged into the innocent looking apps via a social network OAuth provider, Banjo saved the login credentials, according to two former employees and an expert analysis of the apps performed by Kasra Rahjerdi, who has been an Android developer since the original Android project was launched. Banjo then scraped social media content.”
  • The write up explains, Banjo, via a deal with Utah, has access to the “state’s traffic, CCTV, and public safety cameras. Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time.”

Why social media? On the surface and to most parents and casual users of Facebook, Twitter, and YouTube, there are quite a few cat posts. But via the magic of math, an analyst or a script can look for data which fills in missing information. The idea is to create a record of a person, leave blanks where desirable information is not yet plugged in, and then rely on software to spot the missing item. How is this accomplished? The idea is simple. One known fact appears in the profile and that fact appears in another unrelated item of content. Then the correlated item of content is scanned by a script and any information missing from the profile is plugged in. Using this method and content from different sources, a clever system can compile a dossier on an entity. Open source information yields numerous gems; for example, a cute name applied to a boy friend might become part of a person of interest’s Dark Web handle. Phone numbers, geographic information, friends, and links to other interesting content surface. Scripts work through available data. Data can be obtained in many ways. The methods are those which were shrouded in secrecy before the Internet started publishing essays revealing what some have called “tradecraft.”

Net Net

Banjo troubles DarkCyber on a number of levels:

  1. Secrecy has significant benefits. Secrets, once let loose, have interesting consequences.
  2. Users are unaware of the risks apps pose. Cluelessness is in some cases problematic.
  3. The “now” world looks more like an intelligence agency than a social construct.

Stephen E Arnold, March 13, 2020

Sintelix Adds Unstructured Text to IBM i2 Solutions

March 12, 2020

DarkCyber noted that IBM is promoting the Sintelix text and data analytics software. The tie up makes it easier for i2 users to make sense of unstructured text. Sintelix does not compete with IBM. Sintelix has filled a gap in IBM’s presentation of the i2 solutions. For more information, navigate to this IBM page. No pricing details. Sintelix’s headquarters are in Australia.

Stephen E Arnold, March 12, 2020

Fighting Cyber Crime: New Approach Described by FBI

March 6, 2020

DarkCyber noted a report from ABC News called “FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure.” The report states that “law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks.”

Some factoids appeared in the write up:

  • A 40 percent increase in ransomware attacks between 2018 and 2019
  • Ransomware has emerged as a major bad actor method
  • Foreign actors are using cyber attacks to steal information from certain vendors in the US.

As DarkCyber points out in the forthcoming March 10, 2020, video program many of the hacker tools are available as open source software. Programming languages widely taught in schools and online courses provide the equivalent of a tabula rasa for bad actors. An often overlooked source of “how to” information are instructional information, code snippets, and technical road maps distributed via online discussion groups. Dark Web resources exist, but there are bad actors advertising their software and expertise available via a standard Web browser. Will the infrastructure focus result in stepped up investigations of hosting providers?

This new approach illustrates a shift in response to the escalating risks associated with online connectivity.

Stephen E Arnold, March 6, 2020

Africa: Booming Intelware and Policeware Markets?

February 20, 2020

DarkCyber has a difficult time determining what information is on the money and what information is on the floor of the data casino. We read “Inside Africa’s Increasingly Lucrative Surveillance Market.” The write up is chock full of details. Some of the allegedly accurate information was interesting.

Here’s a sampling of factoids to evaluate:

Market size, but it is not clear what “market” means, just Africa, the world, or developed countries: The cybersecurity market was worth $118.78bn in 2018. By 2024, this figure is expected to hit $267.73bn.

Name of Gabonese Republic’s enforcement unit: SILAM which is allegedly run by French national Jean-Charles Solon. The write up states: “Solon previously worked for the General Directorate for External Security (Direction générale de la sécurité extérieure – DGSE), France’s intelligence agency.” Allegedly Solor is familiar with the ins and outs of wire tapping. The write up asserts without providing a specific source: “According to our sources, Solon is well equipped and handles everything from wiretap transcripts, text message and WhatsApp conversation interceptions, and email and social media surveillance.” Solon is likely to find the write up in This Is GCN worth some special attention, but that’s just DarkCyber hunch.

Entities (governmental and commercial) linked to the Gabonese Republic include: Amesys and its Cerebro tool, SDECE/DGSE, AMES, Nexa Technologies, and Suneris Solutions (Thales).

Current market leaders: The write up reports, “Ercom and Suneris Solutions have a leading position in the African market, especially in the sub-Saharan region.” These two companies are owned by Thales.

What sells and where to buy: The write up notes, ““Clients want to buy something that has a proven track record. They’re not looking for an experimental gadget.” For Africa, the two must-see events are Milipol Paris, held in November, and ISS World Middle East and Africa, held in March in Dubai.”

Israeli companies selling or trying to sell in Africa: The write up identifies these firms as eyeing the African markets –—Thales (includes Ercom and Suneris Solutions), Mer Group and its unit Athena GS3 (Mer Group (Congo, Guinea, Nigeria and DRC), Verint Systems and Elbit Systems (South Africa, Angola, Ethiopia, Nigeria, etc.), AD Consultants, and NSO Group. The write up asserts, “The Israelis are everywhere. They even managed to equip Saudi Arabia! It’s pretty much impossible to bypass them.”

Other companies trying to sell to African markets include: BAE Systems, Gamma Group, Trovicor (now a unit of Nexa), Hacking Team, VasTech, Protei (a Russian firm), Huawei, and ZTE Corporation (described in the article as a compatriot of Huawei).

DarkCyber will leave it to you, gentle reader, to figure out if the write up in This is GCN is fact or fluff. What is known is that most of the named entities in this write up work overtime to avoid big time news coverage, traditional marketing, and noisy public relations. DarkCyber believes that firms providing specialized services should remain low profile.

In closing, if you want information about Sudanese intelligence activities, you may find this thesis by Muhammad Bathily helpful. Its title is “Reform of Senegalese Gendarmerie Intelligence Services.” You can locate the document at this url (Verified at 1049 am US Eastern time, 2 20 20)

Stephen E Arnold, February 20, 2020

India: A New Front in the War Against Obfuscation

February 19, 2020

DarkCyber noted “Indian Police Open Case against Hundreds in Kashmir for Using VPN.” VPNs are perceived as a secure way to access certain Internet content. VPNs sit in the middle, and many vendors insist that their approach deletes logs of user activity. Be that as it may, under specific condition, the VPN transfer point can be monitored. For some enforcement agencies, getting customer data and other information is a hassle.

A short cut is sometimes discussed. India may have found a shortcut appropriate for its needs in contentious Kashmir. The write up reports:

Local authorities in India-controlled Kashmir have opened a case against hundreds of people who used virtual private networks (VPNs) to circumvent a social media ban in the disputed Himalayan region in a move that has been denounced by human rights and privacy activists.

Arresting VPN users complements other tools in the Indian government’s kit; for example, blocking Internet service and capping access speeds.

DarkCyber believes that other governments may examine India’s approach. If these countries’ assessment is positive, the “Indian method” may be used by other countries struggling to deal with online information and services.

The flow of digital content often erodes existing processes. Bits, like some rivers, become more tractable when blocked by a dam in order to reduce the destructive power of floods. India’s action block data streams in an effort to prevent a torrent of bits that will erode institutions and other artifacts of a social construct.

Stephen E Arnold, February 19, 2020

Venntel: Some Details

February 18, 2020

Venntel in Virginia has the unwanted attention of journalists. The company provides mobile location data and services. Like many of the firms providing specialized services to the US government, Venntel makes an effort to communicate with potential government customers via trade shows, informal gatherings, and referrals.

Venntel’s secret sauce is cleaner mobile data. The company says:

Over 50% of location data is flawed. Venntel’s proprietary platform efficiently distinguishes between erroneous data and data of value. The platform delivers 100% validated data, allowing your team to focus on results – not data quality.

Image result for map mobile phone location

NextGov reported in “Senator Questions DHS’ Use of Cellphone Location Data for Immigration Enforcement” some information about the company; for example:

  • Customers include DHS and CBP
  • Mobile and other sources of location data are available from the company
  • The firm offers software
  • Venntel, like Oracle and other data aggregators, obtains information from third-party sources; for example, marketing companies brokering mobile phone app data

Senator. Ed Markey, a democrat from Massachusetts, has posed questions to the low profile company and has requested answers by March 3, 2020.

A similar issued surfaced for other mobile data specialists. Other geo-analytic specialists work overtime to have zero public facing profile. Example, you ask. Try to chase down information about Geogence. (Bing and Google try their darnedest to change “Geogence” to “geofence.” This is a tribute to the name choice the stakeholders of Geogence have selected, and a clever exploitation of Bing’s and Google’s inept attempts to “help” its users find information.

If you want to get a sense of what can be done with location data, check out this video which provides information about the capabilities of Maltego, a go-to system to analyze cell phone records and geolocate actions. The video is two years old, but it is representative of the basic functions. Some specialist companies wrap more user friendly interfaces and point-and-click templates for analysts and investigators to use. There are hybrid systems which combine Analyst Notebook type functions with access to email and mobile phone data. Unlike the Watson marketing, IBM keeps these important services in the background because the company wants to focus on the needs of its customers, not on the needs of “real” journalists chasing “real news.”

DarkCyber laments the fact that special services companies which try to maintain a low profile and serve a narrow range of customers is in the news.

Stephen E Arnold, February 18, 2020

Facebook: Chock Full of Good Ideas

December 31, 2019

Investigators are not a priority for Facebook. How does DarkCyber know this? “WhatsApp to Add ‘Disappearing Messages’ Feature Soon” explained a function that may make those managing interesting groups to have more control over content.

Here’s the statement which caught the attention of our alert service:

With the ‘Delete Messages’ feature, group admins will able to select a specific duration for messages on the group and once a message crosses the duration, it will be automatically deleted, news portal GSMArena reported recently. Initially, the new feature was expected to be available for both individual chats and group chats, but now the report claims that the feature will be limited to group chats only. The ‘Delete Messages’ feature for group chats will make it easy for the admins to manage old messages and chats.

How many coordinators will find this new feature helpful? Too many.

Stephen E Arnold, December 31, 2019

Amazon: What Does the S Team Do without a Policeware Leader?

December 9, 2019

GeekWire published the members of Jeff Bezos’ S Team. The idea is that the TV show A Team has been upgraded by 17 letters. There is an S Team member for fashion and for Alexa, but none for policeware. You can get the list of S Team members in “Amazon Expands Bezos’ Elite ‘S-Team,’ Adding 6 Execs from Emerging Branches of the Company.” Perhaps the omission of a public sector Amazon manager signals that the company is not interested in government contracts, work for law enforcement departments, and countries interested in using Amazon’s blockchain technology? That is a possibility. DarkCyber believes that there is a commitment at Amazon for policeware and developing services to assist authorities in determining if tax returns are on the up and up. The apparent exclusion of a designated policeware “owner” suggests that the company wants to continue its low profile approach to this high potential revenue sector.

Stephen E Arnold, December 9, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta