ShadowDragon Profiled by Esteemed Tech Expert Kim Komando

January 13, 2022

This is an interesting turn of events. Policeware vendor ShadowDragon has been profiled by computer guru-ette Kim Komando on her Tech Refresh podcast episode, “Software Tracking Everything You Do, New iPhone, Alexa on Wheels.” The video’s description reads:

“Have you heard of ShadowDragon? It collects data from 120 major sites going back a decade. Yes, 10 years of info about YOU. Plus, the iPhone 13 and iOS 15 are here, along with Amazon’s new smart home gear, including Astro, the Echo on wheels.”

Yes, we have heard of ShadowDragon. The security company mines data from more than 120 social-media websites, archives results for a decade, and shares the information with its law-enforcement clients around the world. ShadowDragon boasts its software can take an investigation down “from months to minutes.” The podcast starts discussing the company at timestamp 13:05, warning one would have to refrain from social media altogether to avoid its reach. The inclusion seems to support our prediction that reporters are becoming more aware of, and reporting more on, such specialized service vendors. This will make it harder for such firms to keep their generally preferred low profiles. Based in Cheyenne, Wyoming, ShadowDragon was founded in 2015.

For those curious, that podcast episode also discussed the newest iPhones, covered some weird news stories, and reviewed smart floodlights, among other wide-ranging topics. Their coverage of Amazon’s Astro home robot caught the attention of this Alexa-wary writer—apparently the device is so thirsty to identify folks with facial recognition it will (if left in “patrol” mode) follow guests around until it can identify them. It also, according to Motherboard, tracks everything owners do.

Cynthia Murrell, January 13, 2021

Palantir at the Intersection of Extremists and Prescription Fraud

January 5, 2022

Blogger Ron Chapman II, ESQ, seems to be quite the fan of Palantir Technologies. We get that impression from his post, “Palantir’s Anti-Terror Tech Used to Fight RX Fraud.” The former Marine fell in love with the company’s tech in Afghanistan, where its analysis of terrorist attack patterns proved effective. We especially enjoyed the rah rah write-up’s line about Palantir’s “success on the battlefield.” Chapman is not the only one enthused about the government-agency darling.

As for Palantir’s move into detecting prescription fraud, we learn the company begins with open-source data from the likes of census data, public and private studies, and Medicare’s Meaningful Use program. Chapman describes the firm’s methodology:

“Palantir then cross-references varying sets of Medicare data to determine which providers statistically deviate from the norm amongst large data sets. For instance, Palantir can analyze prescription data to determine which providers rank the highest in opiate prescribing for a local area. Palantir can then cross-reference those claims against patient location data to determine if the providers’ patients are traveling long distances for opiates. Palantir can further analyze the data to determine if the patient population of a provider has been previously treated by a physician on the Office of Inspector General exclusion database (due to prior misconduct) which would indicate that the patients are not ‘legitimate.’ By using ‘big data’ to determine which providers deviate from statistical trends, Palantir can provide a more accurate basis for a payment audit, generate probable cause for search warrants, or encourage a federal grand jury to further investigate a provider’s activities. After the government obtains additional provider-specific data, Palantir can analyze specific patient files, cell phone data, email correspondence, and electronic discovery. Investigators can review cell phone data and email correspondence to determine if networks exist between providers and patients and determine the existence of a healthcare fraud conspiracy or patient brokering.”

Despite his fondness for Palantir, Chapman does include the obligatory passage on privacy and transparency concerns. He notes that healthcare providers, specifically, are concerned about undue scrutiny should their patient care decisions somehow diverge from a statistical norm. A valid consideration. As with law enforcement, the balance between the good of society and individual rights is a tricky one. Palantir was launched in 2003 by Peter Theil, who was also a cofounder of PayPal and is a notorious figure to some. The company is based in Denver, Colorado.

Cynthia Murrell, January 5, 2022

DarkCyber for December 28, 2021, Now Available

December 28, 2021

This is the 26th program in the third series of DarkCyber video news programs produced by Stephen E Arnold and Beyond Search. You can view the ad-free show at this url. This program includes news of changes to the DarkCyber video series. Starting in January 2022, Dark Cyber will focus on smart software and its impact on intelware and policeware. In addition, Dark Cyber will appear once each month and expand to a 15 to 20 minute format.

What will we do with the production time? We begin a new video series called “OSINT Radar.” OSINT is an acronym for open source intelligence. In a December 2021 presentation to cyber investigators, the idea surfaced of a 60 second profile of a high value OSINT site. We have developed this idea and will publish what we hope will be a weekly video “infodeck” in video form of an OSINT resource currently in use by law enforcement and intelligence professionals. Watch Beyond Search for the details of how to view these short, made-for-mobile video infodecks. Now when you swipe left, you will learn how to perform free reverse phone number look ups, obtain a list of a social media user’s friends, and other helpful data collection actions from completely open source data pools.

Also, in this DarkCyber program are: [a] the blame for government agencies and specialized software vendors using Facebook to crank out false identities. Hint: It’s not the vendors’ fault. [b] why 2022 will be a banner year for bad actors. No, it’s not just passwords, insiders, and corner-cutting software developers. There is a bigger problem. [c] Microsoft has its very own Death Star. Does Microsoft know that the original Death Star was a fiction and it did not survive an attack by the rebels?, and [d] a smart drone with kinetic weapons causes the UN to have a meeting and decide to have another meeting.

Kenny Toth, December 28, 2021

NSO Group: How about That Debt?

December 14, 2021

The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article,  and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:

the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.

First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:

Point 1. What was secret is now open and easily available information.

Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.

Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.

There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.

Point 3. Too few customers to go around.

There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.

What’s next?

Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.

Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.

More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.

Stephen E Arnold, December 14, 2021

Siren 12 Security Platform Relies on Elasticsearch

December 13, 2021

Here is an example of Elastic being stretched a different way. The Intelligence Community News announces, “Siren Releases Siren 12.” The new version of Siren’s security search and analysis platform relies heavily on Elasticsearch—it incorporates Elastic Platinum subscriptions and will support Elasticsearch v8 (still in alpha). Siren 12 consolidates investigative tools for law enforcement, intelligence, and cyber security organizations. Writer Loren Blinde specifies:

“Siren’s latest release makes it easier for users to organize and join data in a way that suits their requirements, with intuitive UI driven schema editing and ETL. It allows organizations to forensically analyze device data and link it to other available data sources. Siren 12 enables investigators to not only browse existing information, but also to create new records and edit graphs freely, for the first time merging the ‘analysis’, the ‘data entry’ and ‘hypothesis and presentation’ phases in investigation in a single intuitive interface. Lastly Siren doubles down on Investigative AI capabilities by introducing Siren Vision, a deep learning based toolkit for automatic image annotation and classification, integrating with Elastic’s anomaly and outlier detection in a way that is consistent with Siren Investigative use cases.”

We note the emphasis on AI; it seems the security field is not letting concerns over algorithmic bias slow it down. Siren execs call this version a huge step forward and hopes it will position their platform as the go-to global reference investigative intelligence platform. Founded in 2014, the company is based in Galway, Ireland.

Cynthia Murrell December 13, 2021

Who Remembers Palantir or Anduril? Maybe Peter Thiel?

November 4, 2021

Despite sci-fi stoked fears about artificial general intelligences (AGI) taking over the world, CNBC reports, “Palantir’s Peter Thiel Thinks People Should Be Concerned About Surveillance AI.” Theil, co-founder of Palantir and investor in drone-maker Anduril, is certainly in the position to know what he is talking about. The influential venture capitalist made the remarks at a recent event in Miami. Writer Sam Shead reports:

“Tech billionaire Peter Thiel believes that people should be more worried about ‘surveillance AI’ rather than artificial general intelligences, which are hypothetical AI systems with superhuman abilities. … Those that are worried about AGI aren’t actually ‘paying attention to the thing that really matters,’ Thiel said, adding that governments will use AI-powered facial recognition technology to control people. His comments come three years after Bloomberg reported that ‘Palantir knows everything about you.’ Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army. AGI, depicted in a negative light in sci-fi movies such as ‘The Terminator’ and ‘Ex Machina,’ is being pursued by companies like DeepMind, which Thiel invested in before it was acquired by Google. Depending on who you ask, the timescale for reaching AGI ranges from a few years, to a few decades, to a few hundred years, to never.”

Yes, enthusiasm for AGI has waned as folks accept that success, if attainable at all, is a long way off. Meanwhile, Thiel is now very interested in crypto currencies. For the famously libertarian mogul, that technology helps pave the way for his vision of the future: a decentralized world. That is an interesting position for a friend of law enforcement.

Cynthia Murrell, November 4, 2021

The Zuck Strikes Back

November 2, 2021

Well, when Facebook strikes back it probably won’t use words. A few threshold modifications, a handful of key words (index terms), and some filter tweaking — – the target will be in for an exciting time. Try explaining why your Facebook page is replete with links to Drug X and other sporty concepts. Yeah, wow.

Mark Zuckerberg angrily Insists Facebook Is the Real Victim Here” includes some interesting observations:

At the top of his company’s third quarter earnings call, the Facebook CEO broadly railed against the 17 news organizations working together to report on a massive trove of leaked internal documents dubbed the Facebook Papers.

Okay, victim.

What could Facebook, Instagram, and WhatsApp do to make life difficult for bylined journalists digging through the company’s confidential-no-more content.

My DarkCyber research team offered some ideas at lunch today. I just listened and jotted notes on a napkin. Here we go:

  1. Populate a journalist’s Facebook page with content related to human trafficking, child sex crime, contraband, etc.
  2. Inject images which are typically banned from online distribution into a journalist’s Instagram content. What no Instagram? Just use Facebook data to locate a relative or friend and put the imagery on one or more of those individuals’ Instagram. That would have some knock on consequences.
  3. Recycle WhatsApp messages from interesting WhatsApp groups to a journalist’s WhatsApp posts; for example, controlled substances, forbidden videos on Dark Web repositories, or some of those sites offering fraudulent Covid vaccination cards, false identification papers, or Fullz (stolen financial data).

Facebook has some fascinating data, and it can be repurposed. I assume the journalists spending time with the company’s documents are aware of what hypothetically Facebook could do if Mr. Zuckerberg gets really angry and becomes – what’s the word – how about vindictive?

How will investigators get access to these hypothetical poisoned data? Maybe one of the specialized services which index social media content?

Stephen E Arnold, November 2, 2021

DarkCyber for November 2, 2021: Spies, Secrets, AI, and a Robot Dog with a Gun

November 2, 2021

The DarkCyber for November 2, 2021 is now available at this link. This program includes six cyber “bites”. These are short items about spies who hide secrets in peanut butter sandwiches, a drug lord who required 500 troops and 22 helicopters to arrest, where to get the Pandora Papers, a once classified document about autonomous killing policies, a US government Web site described as invasive, and a report about the National Security Agency’s contributions to computer science.

The feature in the cyber news program is a look at the Allen Institute’s Ask Delphi system. The smart software serves up answers to ethical questions. The outputs are interesting and provide an indication of the issues that bright AI engineers will have to address.

The final story provides information about a robot dog. The digital canine is equipped with a weapon which fires a cartridge the size of a hot dog at the World Series snack shop. That’s interesting information, but the “killer” feature is that the robot is its own master. Watch DarkCyber to learn the trick this machine can perform.

DarkCyber is produced by Stephen E Arnold. The video contains no advertising and the stories are not subsidized. The video is available at www.arnoldit.com/wordpress or at https://youtu.be/Y24vJetf5eY.

Kenny Toth, November 2, 2021

Voyager Labs Expands into South America

October 14, 2021

Well this is an interesting development. Brazil’s ITForum reports, “Voyager Labs Appoints VP and Opens Operations in Latin America and the Caribbean.” (I read and quote from Google’s serviceable translation.)

Voyager Labs is an Israeli specialized services firm that keeps a very low profile. Their platform uses machine learning to find and analyze clues to fight cyber attacks, organized crime, fraud, corruption, drug trafficking, money laundering, and terrorism. Voyager Labs’ clients include private companies and assorted government agencies around the world.

The brief announcement reveals:

“Voyager Labs, an AI-based cybersecurity and research specialist, announced this week the arrival in Latin America and the Caribbean. To lead the operation, the company appointed Marcelo Comité as regional vice president. The executive, according to the company, has experience in the areas of investigation, security, and defense in Brazil and the region. Comité will have as mission to consolidate teams of experts to improve the services and support in technologies in the region, according to the needs and particularities of each country. ‘It is a great challenge to drive Voyager Labs’ expansion in Latin America and the Caribbean. Together with our network of partners in each country, we will strengthen ties with strategic clients in the areas of government, police, military sector and private companies’, says the executive.”

We are intrigued by the move to South America, since most of the Israeli firms are building operations in Singapore. What’s Voyager know that its competitors do not? Not familiar with Voyager Labs? Worth knowing the company perhaps?

Cynthia Murrell, October 14, 2021

Alleged DHS Monitoring of Naturalized Citizens

September 9, 2021

Are the fates of millions of naturalized immigrants are at the mercy of one secretive algorithm run by the Department of Homeland Security and, unsurprisingly, powered by Amazon Web Services?

The Intercept examined a number of documents acquired by the Open Society Justice Initiative and Muslim Advocates through FOIA lawsuits and reports, “Little-Known Federal Software Can Trigger Revocation of Citizenship.” Dubbed ATLAS, the software runs immigrants’ information through assorted federal databases looking for any sign of dishonesty or danger. Journalists Sam Biddle and Maryam Saleh write:

“ATLAS helps DHS investigate immigrants’ personal relationships and backgrounds, examining biometric information like fingerprints and, in certain circumstances, considering an immigrant’s race, ethnicity, and national origin. It draws information from a variety of unknown sources, plus two that have been criticized as being poorly managed: the FBI’s Terrorist Screening Database, also known as the terrorist watchlist, and the National Crime Information Center. Powered by servers at tech giant Amazon, the system in 2019 alone conducted 16.5 million screenings and flagged more than 120,000 cases of potential fraud or threats to national security and public safety. Ultimately, humans at DHS are involved in determining how to handle immigrants flagged by ATLAS. But the software threatens to amplify the harm caused by bureaucratic mistakes within the immigration system, mistakes that already drive many denaturalization and deportation cases.”

DHS appears reluctant to reveal details of how ATLAS works or what information it uses, which makes it impossible to assess the program’s accuracy. It also seems the humans who act on the algorithm’s recommendations have misplaced faith in the accuracy of the data behind it. The article cites a 2020 document:

“It also notes that the accuracy of ATLAS’s input is taken as a given: ‘USCIS presumes the information submitted is accurate. … ATLAS relies on the accuracy of the information as it is collected from the immigration requestor and from the other government source systems. As such, the accuracy of the information in ATLAS is equivalent to the accuracy of the source information at the point in time when it is collected by ATLAS.’ The document further notes that ‘ATLAS does not employ any mechanisms that allow individuals to amend erroneous information’ and suggests that individuals directly contact the offices maintaining the various databases ATLAS uses if they wish to correct an error.”

We are sure that process must be a piece of cake. The authors also report:

“Denaturalization experts say that putting an immigrant’s paper trail through the algorithmic wringer can lead to automated punitive measures based not on that immigrant’s past conduct but the government’s own incompetence. … According to [Muslim Advocates’ Deborah] Choi, in some cases ‘denaturalization is sought on the basis of the mistakes of others, such as bad attorneys and translators, or even the government’s failures in record-keeping or the failures of the immigration system.’ Bureaucratic blundering can easily be construed as a sign of fraud on an immigrant’s part, especially if decades have passed since filling out the paperwork in question.”

Worth monitoring. Atlas may carry important payloads, or blow up on the launch pad.

Cynthia Murrell, September 9, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta