April 27, 2017
I have zero contacts at Palantir Technologies. The one time I valiantly contacted the company about a speaking opportunity at one of my wonky DC invitation-only conferences, a lawyer from Palantir referred my inquiry to a millennial who had a one word vocabulary, “No.”
There you go.
I have written about Palantir Technologies because I used to be an adviser to the pre-IBM incarnation of i2 and its widely used investigation tool, Analyst’s Notebook. I did write about a misadventure between i2 Group and Palantir Technologies, but no one paid much attention to my commentary.
An outfit called Buzzfeed, however, does pay attention to Palantir Technologies. My hunch is that the online real news outfit believes there is a story in the low profile, Peter Thiel-supported company. The technology Palantir has crafted is not that different from the Analyst’s Notebook, Centrifuge Systems’ solution, and quite a few other companies which provide industrial-strength software and systems to law enforcement, security firms, and the intelligence community. (I list about 15 of these companies in my forthcoming “Dark Web Notebook.” No, I won’t provide that list in this free blog. I may be retired, but I am not giving away high value information.)
So what’s caught my attention. I read the article “Palantir’s Relationship with the Intelligence Community Has Been Worse Than You Think.” The main idea is that the procurement of Palantir’s Gotham and supporting services provided by outfits specializing in Palantir systems has not been sliding on President Reagan’s type of Teflon. The story has been picked up and recycled by several “real” news outfits; for example, Brainsock. The story meshes like matryoshkas with other write ups; for example, “Inside Palantir, Silicon Valley’s Most Secretive Company” and “Palantir Struggles to Retain Clients and Staff, BuzzFeed Reports.” Palantir, it seems to me in Harrod’s Creek, is a newsy magnet.
The write up about Palantir’s lousy relationship with the intelligence community pivots on a two year old video. I learned that the Big Dog at Palantir, Alex Karp, said in a non public meeting which some clever Hobbit type videoed on a smartphone words presented this way by the real news outfit:
The private remarks, made during a staff meeting, are at odds with a carefully crafted public image that has helped Palantir secure a $20 billion valuation and win business from a long list of corporations, nonprofits, and governments around the world. “As many of you know, the SSDA’s recalcitrant,” Karp, using a Palantir codename for the CIA, said in the August 2015 meeting. “And we’ve walked away, or they walked away from us, at the NSA. Either way, I’m happy about that.” The CIA, he said, “may not like us. Well, when the whole world is using Palantir they can still not like us. They’ll have no choice.” Suggesting that the Federal Bureau of Investigation had also had friction with Palantir, he continued, “That’s de facto how we got the FBI, and every other recalcitrant place.”
Okay, I don’t know the context of the remarks. It does strike me that 2015 was more than a year ago. In the zippy doo world of Sillycon Valley, quite a bit can change in one year.
I don’t know if you recall Paul Doscher who was the CEO of Exalead USA and Lucid Imagination (before the company asserted that its technology actually “works). Mr. Doscher is a good speaker, but he delivered a talk in 2009, captured on video, during which he was interviewed by a fellow in a blue sport coat and shirt. Mr. Doscher wore a baseball cap in gangsta style, a crinkled unbuttoned shirt, and evidenced a hipster approach to discussing travel. Now if you know Mr. Doscher, he is not a manager influenced by gangsta style. My hunch is that he responded to an occasion, and he elected to approach travel with a bit of insouciance.
Could Mr. Karp, the focal point of the lousy relationship article, have been responding to an occasion? Could Mr. Karp have adopted a particular tone and style to express frustration with US government procurement? Keep in mind that a year later, Palantir sued the US Army. My hunch is that views expressed in front of a group of employees may not be news of the moment. Interesting? Sure.
What I find interesting is that the coverage of Palantir Technologies does not dig into the parts of the company which I find most significant. To illustrate: Palantir has a system and method for an authorized user to add new content to the Gotham system. The approach makes it possible to generate an audit trail to make it easy (maybe trivial) to answer these questions:
- What data were added?
- When were the data added?
- What person added the data?
- What index terms were added to the data?
- What entities were added to the metadata?
- What special terms or geographic locations were added to the data?
You get the idea. Palantir’s Gotham brings to intelligence analysis the type of audit trail I found some compelling in the Clearwell system and other legal oriented systems. Instead of a person in information technology saying in response to a question like “Where did this information come from?”, “Duh. I don’t know.”
Gotham gets me an answer.
For me, explaining the reasoning behind Palantir’s approach warrants a write up. I think quite a few people struggling with problems of data quality and what is called by the horrid term “governance” would find Palantir’s approach of some interest.
Now do I care about Palantir? Nah.
Do I care about bashing Palantir? Nah.
What I do care about is tabloidism taking precedence over substantive technical approaches. From my hollow in rural Kentucky, I see folks looking for “sort of” information.
How about more substantive information? I am fed up with podcasts which recycle old information with fake good cheer. I am weary of leaks. I want to know about Palantir’s approach to search and content processing and have its systems and methods compared to what its direct competitors purport to do.
Yeah, I know this is difficult to do. But nothing worthwhile comes easy, right?
I can hear the millennials shouting, “Wrong, you dinosaur.” Hey, no problem. I own a house. I don’t need tabloidism. I have picked out a rest home, and I own 60 cemetery plots.
Do your thing, dudes and dudettes of “real” journalism.
Stephen E Arnold, April 27, 2017
March 1, 2017
Law enforcement’s focus on the Dark Web seems to be paying off, as we learn from the write-up, “Finland: Dark Web Drug Operation Exposed” at Hetq, an outlet of the Association of Investigative Journalists. In what was described as Finland’s largest drug bust, authorities seized over a million dollars’ worth of narcotics from a network selling their wares on the Dark Web. We learn:
The network is alleged to have imported €2 million (US$ 2.2 million) worth of drugs between 2014 and 2016, selling them on the dark web site Silkkitie. More than 40 kilograms of powdered narcotics, such as amphetamine, heroin and cocaine, as well as 40,000 ecstasy tablets and 30,000 LSD blotters were smuggled into Finland from the Netherlands and Germany, and then sold on the site. …
As part of the investigation, customs officers in April seized at least €1.1 million worth of heroin, cocaine, methamphetamine, MDMA and ecstasy in the coastal town of Kustavi. The same month, police arrested three Finnish citizens.
The write-up notes that Silkkitie users communicated through encrypted messages under pseudonyms, and that Bitcoin was the currency used. We’re also reminded that Silkkitie, a.k.a. Valhalla, is one of the Dark Web’s most popular drug marketplaces. The Finnish site was launched in 2013.
Cynthia Murrell, March 1, 2017
February 14, 2017
A feature article on CNN recently provided some background on Dark Web marketplaces. Entitled Inside the illegal online weapons trade, this piece shares the story of Michael Andrew Ryan. Ryan adopted the moniker gunrunner and opened up a gun sales business on the Dark Web while based in a small town in Kansas. Dark Web trading statistics are tough to pinpoint. However, in comparison with other illegal online trading, gun sales on the Dark Web are less than 3% according to a Carnegie Mellon professor and researcher. The author writes,
By the way, it’s entirely legal to buy guns online in the U.S. — although the process is more complicated, depending on various factors. Nonetheless, the ATF said it’s taking enforcement to a new level by creating an Internet Investigations Center aimed at combating illegal online gunrunners. The center includes federal agents, legal counsel and investigators. Their job: track illegal online firearms trafficking and feed intelligence to agents in the field. It’s a gigantic task, which aims to hit a constantly moving target.
While we will not comment on the sensationalizing and dramatizing of the Dark Web through Ryan’s story, we can say found the concluding remarks above to be helpful. This presents a good picture of the interconnectivity between multiple layers of law enforcement. It also hints at a need for technology upgrades in this cybersecurity arena.
Megan Feil, February 14, 2017
January 19, 2017
A prison librarian in England who purchased drugs and weapons over the Dark Web for supplying them to prisoners was sentenced to 7-years in prison.
The Register in a news report Prison Librarian Swaps Books for Bars After Dark-Web Gun Buy Caper says:
Dwain Osborne, of Avenue Road, Penge, in London, was nabbed in October of 2015 after he sought to procure a Glock 19 – a staple of police and security forces worldwide – and 100 rounds of ammunition on the dark web. A search of Osborne’s house revealed the existence of a storage device, two stolen passports, and a police uniform.
Osborne was under the impression that like other Dark Web actors, he too is untraceable. What made the sleuths suspicious is not known, however, the swift action and prosecution are commendable. Law enforcement agencies are challenged by this new facet of crime wherein most perpetrators manage to remain anonymous.
Most arrests related to the purchase of arms and drugs over Dark Web were result of undercover operations. However, going beyond this type of modus operandi is the need of the hour.
Systems like Apacke Teka seem to be promising, but it is premature to say how such kind of systems will evolve and most importantly, will be implemented.
Vishal Ingole, January 19, 2017
January 17, 2017
Unsuspecting Royal Mail postmen are delivering narcotics and drugs ordered over Dark Web to punters and buyers with much efficiency. Taking cognizance of the fact, The Home Office is planning an investment of GBP 1.9 billion over next five years to fight this new face of crime.
The Sun in an article titled Royal Mail Postmen Unknowingly Deliver Drugs Parcels Bought From the Dark Web says:
Royal Mail postmen are unknowingly delivering drug parcels bought from the dark web, it has been revealed. Millions of pounds of drugs are bought online every day via the dark web and shipped to punters anonymously.
The postmen, however, cannot be blamed as they are ill-equipped to find out what’s hidden inside a sealed parcel. Though drug sniffing dogs exist on paper for the Royal Mail, many postmen say they never saw one in their service life. Technology is yet to catch-up with dogs that can sniff out the drugs.
As the postmen are being put at risk delivering these packages, the Home Office in a statement said:
We have committed to spending £1.9bn on cybersecurity over the next five years, including boosting the capabilities of the National Crime Agency’s National Cyber Crime Unit, increasing their ability to investigate the most serious cybercrime.
Law enforcement agencies, including the ones in the US will have to invest in detecting and preventing such crimes. So far the success ratio has been barely encouraging. Till then, unsuspecting people will be used as pawns by cybercriminals, royally!
Vishal Ingole, January 17, 2017
January 13, 2017
Law enforcement officials use fake social media accounts and online profiles to engage with criminals. Their goal is to deter crime, possibly even catching criminals in the act for a rock solid case. While this happened way back in 2011, the comments are still coming. In light of the recent presidential election and the violent acts of the past year, it is no wonder the comments are still fresh. Tech Dirt talked about how the, “US Military Kicks Off Plan To Fill Social Networks With Fake Sock Puppet Accounts.”
The goal was for a company to develop a software that would allow one person to create and manage various social media profiles (including more than one profile on the same platform). These accounts will then, and we are speculating on this given how dummy accounts have been used in the past, to catch criminals. The article highlights how the government would use the sock puppet accounts:
Apparently a company called Ntrepid has scored the contract and the US military is getting ready to roll out these “sock puppet” online personas. Of course, it insists that all of this is targeting foreign individuals, not anyone in the US. And they promise it’s not even going to be used on US-based social networks like Facebook or Twitter, but does anyone actually believe that’s true?
Then the comments roll in a conversation that a span of five years the commentators argue about what it means to be American, reaffirming that the US government spies on its citizens, and making fun of sock puppets.
Whitney Grace, January 13, 2017
January 10, 2017
It seems the dark web is now making it easier for disgruntled employees to take their revenge to the next level, we learn from the KrebsOnSecurity article, “Rise of Darknet Stokes Fear of the Insider.” The article cites Gartner analyst Avivah Litan; she reports a steep increase in calls from clients concerned about vindictive employees, current or former, who might expose sensitive information on the dark web. Not surprisingly, companies with a lot of intellectual property at stake are already working with law-enforcement or private security firms to guard against the threat.
How, exactly, is the dark web making worker retaliation easier than ever before? Writer Brian Krebs explains:
Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in ‘Bidding for Breaches,’ a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.
Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.
I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,’ Jolles said. ‘The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.
According to research by Verizon, few vengeful employees turn out to have been in management positions. Most are workers lower on the totem pole who had to be given access to sensitive information to perform their jobs. The Verizon report cheerfully advises, “At the end of the day, keep up a healthy level of suspicion toward all employees.” What fun.
See the article for more about this threat, and how organizations might go about protecting themselves.
Cynthia Murrell, January 10, 2017