The Google: Geofence Misdirection a Consequence of Good Enough Analytics?
March 18, 2020
What a surprise—the use of Google tracking data by police nearly led to a false arrest, we’re told in the NBC News article, “Google Tracked his Bike Ride Past a Burglarized Home. That Made him a Suspect.” Last January, programmer and recreational cyclist Zachary McCoy received an email from Google informing him, as it does, that the cops had demanded information from his account. He had one week to try to block the release in court, yet McCoy had no idea what prompted the warrant. Writer Jon Schuppe reports:
“There was one clue. In the notice from Google was a case number. McCoy searched for it on the Gainesville Police Department’s website, and found a one-page investigation report on the burglary of an elderly woman’s home 10 months earlier. The crime had occurred less than a mile from the home that McCoy … shared with two others. Now McCoy was even more panicked and confused.”
After hearing of his plight, McCoy’s parents sprang for an attorney:
“The lawyer, Caleb Kenyon, dug around and learned that the notice had been prompted by a ‘geofence warrant,’ a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby. The warrants, which have increased dramatically in the past two years, can help police find potential suspects when they have no leads. They also scoop up data from people who have nothing to do with the crime, often without their knowing ? which Google itself has described as ‘a significant incursion on privacy.’ Still confused ? and very worried ? McCoy examined his phone. An avid biker, he used an exercise-tracking app, RunKeeper, to record his rides.”
Aha! There was the source of the “suspicious” data—RunKeeper tapped into his Android phone’s location service and fed that information to Google. The records show that, on the day of the break-in, his exercise route had taken him past the victim’s house three times in an hour. Eventually, the lawyer was able to convince the police his client (still not unmasked by Google) was not the burglar. Perhaps ironically, it was RunKeeper data showing he had been biking past the victim’s house for months, not just proximate to the burglary, that removed suspicion.
Luck, and a good lawyer, were on McCoy’s side, but the larger civil rights issue looms large. Though such tracking data is anonymized until law enforcement finds something “suspicious,” this case illustrates how easy it can be to attract that attention. Do geofence warrants violate our protections against unreasonable searches? See the article for more discussion.
Cynthia Murrell, March 18, 2020
Banjo: A How To for Procedures Once Kept Secret
March 13, 2020
DarkCyber wrote about BlueDot and its making reasonably clear what steps it takes to derive actionable intelligence from open source and some other types of data. Ten years ago, the processes implemented by BlueDot would have been shrouded in secrecy.
From Secrets to Commercial Systems
Secret and classified information seems to find its way into social media and the mainstream media. DarkCyber noted another example of a company utilizing some interesting methods written up in a free online publication.
DarkCyber can visualize old-school companies depending on sales to law enforcement and the intelligence community asking themselves, “What’s going on? How are commercial firms getting this know how? Why are how to and do it yourself travel guides to intelligence methods becoming so darned public?”
It puzzles DarkCyber as well.
Let’s take a look at the revelations in “Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media.” The write up explains:
- A company called Pink Unicorn Labs created apps which obtained information from users. Users did not know their data were gathered, filtered, and cross correlated.
- Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. The developer of the apps was Pink Unicorn. Banjo CEO Damien Patton created Pink Unicorn.
- Why create apps that seemed to do one while performing data inhalation: “Dataminr received an investment from Twitter. Dataminr has access to the Twitter fire hose. Banjo, the write up says, “did not have that sort of data access.” The fix? Create apps that sucked data.
- The apps obtained information from Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo.
- The article points out: “Once users logged into the innocent looking apps via a social network OAuth provider, Banjo saved the login credentials, according to two former employees and an expert analysis of the apps performed by Kasra Rahjerdi, who has been an Android developer since the original Android project was launched. Banjo then scraped social media content.”
- The write up explains, Banjo, via a deal with Utah, has access to the “state’s traffic, CCTV, and public safety cameras. Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time.”
Discussion
Why social media? On the surface and to most parents and casual users of Facebook, Twitter, and YouTube, there are quite a few cat posts. But via the magic of math, an analyst or a script can look for data which fills in missing information. The idea is to create a record of a person, leave blanks where desirable information is not yet plugged in, and then rely on software to spot the missing item. How is this accomplished? The idea is simple. One known fact appears in the profile and that fact appears in another unrelated item of content. Then the correlated item of content is scanned by a script and any information missing from the profile is plugged in. Using this method and content from different sources, a clever system can compile a dossier on an entity. Open source information yields numerous gems; for example, a cute name applied to a boy friend might become part of a person of interest’s Dark Web handle. Phone numbers, geographic information, friends, and links to other interesting content surface. Scripts work through available data. Data can be obtained in many ways. The methods are those which were shrouded in secrecy before the Internet started publishing essays revealing what some have called “tradecraft.”
Net Net
Banjo troubles DarkCyber on a number of levels:
- Secrecy has significant benefits. Secrets, once let loose, have interesting consequences.
- Users are unaware of the risks apps pose. Cluelessness is in some cases problematic.
- The “now” world looks more like an intelligence agency than a social construct.
Stephen E Arnold, March 13, 2020
Sintelix Adds Unstructured Text to IBM i2 Solutions
March 12, 2020
DarkCyber noted that IBM is promoting the Sintelix text and data analytics software. The tie up makes it easier for i2 users to make sense of unstructured text. Sintelix does not compete with IBM. Sintelix has filled a gap in IBM’s presentation of the i2 solutions. For more information, navigate to this IBM page. No pricing details. Sintelix’s headquarters are in Australia.
Stephen E Arnold, March 12, 2020
Fighting Cyber Crime: New Approach Described by FBI
March 6, 2020
DarkCyber noted a report from ABC News called “FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure.” The report states that “law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks.”
Some factoids appeared in the write up:
- A 40 percent increase in ransomware attacks between 2018 and 2019
- Ransomware has emerged as a major bad actor method
- Foreign actors are using cyber attacks to steal information from certain vendors in the US.
As DarkCyber points out in the forthcoming March 10, 2020, video program many of the hacker tools are available as open source software. Programming languages widely taught in schools and online courses provide the equivalent of a tabula rasa for bad actors. An often overlooked source of “how to” information are instructional information, code snippets, and technical road maps distributed via online discussion groups. Dark Web resources exist, but there are bad actors advertising their software and expertise available via a standard Web browser. Will the infrastructure focus result in stepped up investigations of hosting providers?
This new approach illustrates a shift in response to the escalating risks associated with online connectivity.
Stephen E Arnold, March 6, 2020
Africa: Booming Intelware and Policeware Markets?
February 20, 2020
DarkCyber has a difficult time determining what information is on the money and what information is on the floor of the data casino. We read “Inside Africa’s Increasingly Lucrative Surveillance Market.” The write up is chock full of details. Some of the allegedly accurate information was interesting.
Here’s a sampling of factoids to evaluate:
Market size, but it is not clear what “market” means, just Africa, the world, or developed countries: The cybersecurity market was worth $118.78bn in 2018. By 2024, this figure is expected to hit $267.73bn.
Name of Gabonese Republic’s enforcement unit: SILAM which is allegedly run by French national Jean-Charles Solon. The write up states: “Solon previously worked for the General Directorate for External Security (Direction générale de la sécurité extérieure – DGSE), France’s intelligence agency.” Allegedly Solor is familiar with the ins and outs of wire tapping. The write up asserts without providing a specific source: “According to our sources, Solon is well equipped and handles everything from wiretap transcripts, text message and WhatsApp conversation interceptions, and email and social media surveillance.” Solon is likely to find the write up in This Is GCN worth some special attention, but that’s just DarkCyber hunch.
Entities (governmental and commercial) linked to the Gabonese Republic include: Amesys and its Cerebro tool, SDECE/DGSE, AMES, Nexa Technologies, and Suneris Solutions (Thales).
Current market leaders: The write up reports, “Ercom and Suneris Solutions have a leading position in the African market, especially in the sub-Saharan region.” These two companies are owned by Thales.
What sells and where to buy: The write up notes, ““Clients want to buy something that has a proven track record. They’re not looking for an experimental gadget.” For Africa, the two must-see events are Milipol Paris, held in November, and ISS World Middle East and Africa, held in March in Dubai.”
Israeli companies selling or trying to sell in Africa: The write up identifies these firms as eyeing the African markets –—Thales (includes Ercom and Suneris Solutions), Mer Group and its unit Athena GS3 (Mer Group (Congo, Guinea, Nigeria and DRC), Verint Systems and Elbit Systems (South Africa, Angola, Ethiopia, Nigeria, etc.), AD Consultants, and NSO Group. The write up asserts, “The Israelis are everywhere. They even managed to equip Saudi Arabia! It’s pretty much impossible to bypass them.”
Other companies trying to sell to African markets include: BAE Systems, Gamma Group, Trovicor (now a unit of Nexa), Hacking Team, VasTech, Protei (a Russian firm), Huawei, and ZTE Corporation (described in the article as a compatriot of Huawei).
DarkCyber will leave it to you, gentle reader, to figure out if the write up in This is GCN is fact or fluff. What is known is that most of the named entities in this write up work overtime to avoid big time news coverage, traditional marketing, and noisy public relations. DarkCyber believes that firms providing specialized services should remain low profile.
In closing, if you want information about Sudanese intelligence activities, you may find this thesis by Muhammad Bathily helpful. Its title is “Reform of Senegalese Gendarmerie Intelligence Services.” You can locate the document at this url https://t.co/0cp1CCqiKy. (Verified at 1049 am US Eastern time, 2 20 20)
Stephen E Arnold, February 20, 2020
India: A New Front in the War Against Obfuscation
February 19, 2020
DarkCyber noted “Indian Police Open Case against Hundreds in Kashmir for Using VPN.” VPNs are perceived as a secure way to access certain Internet content. VPNs sit in the middle, and many vendors insist that their approach deletes logs of user activity. Be that as it may, under specific condition, the VPN transfer point can be monitored. For some enforcement agencies, getting customer data and other information is a hassle.
A short cut is sometimes discussed. India may have found a shortcut appropriate for its needs in contentious Kashmir. The write up reports:
Local authorities in India-controlled Kashmir have opened a case against hundreds of people who used virtual private networks (VPNs) to circumvent a social media ban in the disputed Himalayan region in a move that has been denounced by human rights and privacy activists.
Arresting VPN users complements other tools in the Indian government’s kit; for example, blocking Internet service and capping access speeds.
DarkCyber believes that other governments may examine India’s approach. If these countries’ assessment is positive, the “Indian method” may be used by other countries struggling to deal with online information and services.
The flow of digital content often erodes existing processes. Bits, like some rivers, become more tractable when blocked by a dam in order to reduce the destructive power of floods. India’s action block data streams in an effort to prevent a torrent of bits that will erode institutions and other artifacts of a social construct.
Stephen E Arnold, February 19, 2020
Venntel: Some Details
February 18, 2020
Venntel in Virginia has the unwanted attention of journalists. The company provides mobile location data and services. Like many of the firms providing specialized services to the US government, Venntel makes an effort to communicate with potential government customers via trade shows, informal gatherings, and referrals.
Venntel’s secret sauce is cleaner mobile data. The company says:
Over 50% of location data is flawed. Venntel’s proprietary platform efficiently distinguishes between erroneous data and data of value. The platform delivers 100% validated data, allowing your team to focus on results – not data quality.
NextGov reported in “Senator Questions DHS’ Use of Cellphone Location Data for Immigration Enforcement” some information about the company; for example:
- Customers include DHS and CBP
- Mobile and other sources of location data are available from the company
- The firm offers software
- Venntel, like Oracle and other data aggregators, obtains information from third-party sources; for example, marketing companies brokering mobile phone app data
Senator. Ed Markey, a democrat from Massachusetts, has posed questions to the low profile company and has requested answers by March 3, 2020.
A similar issued surfaced for other mobile data specialists. Other geo-analytic specialists work overtime to have zero public facing profile. Example, you ask. Try to chase down information about Geogence. (Bing and Google try their darnedest to change “Geogence” to “geofence.” This is a tribute to the name choice the stakeholders of Geogence have selected, and a clever exploitation of Bing’s and Google’s inept attempts to “help” its users find information.
If you want to get a sense of what can be done with location data, check out this video which provides information about the capabilities of Maltego, a go-to system to analyze cell phone records and geolocate actions. The video is two years old, but it is representative of the basic functions. Some specialist companies wrap more user friendly interfaces and point-and-click templates for analysts and investigators to use. There are hybrid systems which combine Analyst Notebook type functions with access to email and mobile phone data. Unlike the Watson marketing, IBM keeps these important services in the background because the company wants to focus on the needs of its customers, not on the needs of “real” journalists chasing “real news.”
DarkCyber laments the fact that special services companies which try to maintain a low profile and serve a narrow range of customers is in the news.
Stephen E Arnold, February 18, 2020
Facebook: Chock Full of Good Ideas
December 31, 2019
Investigators are not a priority for Facebook. How does DarkCyber know this? “WhatsApp to Add ‘Disappearing Messages’ Feature Soon” explained a function that may make those managing interesting groups to have more control over content.
Here’s the statement which caught the attention of our alert service:
With the ‘Delete Messages’ feature, group admins will able to select a specific duration for messages on the group and once a message crosses the duration, it will be automatically deleted, news portal GSMArena reported recently. Initially, the new feature was expected to be available for both individual chats and group chats, but now the report claims that the feature will be limited to group chats only. The ‘Delete Messages’ feature for group chats will make it easy for the admins to manage old messages and chats.
How many coordinators will find this new feature helpful? Too many.
Stephen E Arnold, December 31, 2019
Amazon: What Does the S Team Do without a Policeware Leader?
December 9, 2019
GeekWire published the members of Jeff Bezos’ S Team. The idea is that the TV show A Team has been upgraded by 17 letters. There is an S Team member for fashion and for Alexa, but none for policeware. You can get the list of S Team members in “Amazon Expands Bezos’ Elite ‘S-Team,’ Adding 6 Execs from Emerging Branches of the Company.” Perhaps the omission of a public sector Amazon manager signals that the company is not interested in government contracts, work for law enforcement departments, and countries interested in using Amazon’s blockchain technology? That is a possibility. DarkCyber believes that there is a commitment at Amazon for policeware and developing services to assist authorities in determining if tax returns are on the up and up. The apparent exclusion of a designated policeware “owner” suggests that the company wants to continue its low profile approach to this high potential revenue sector.
Stephen E Arnold, December 9, 2019
Europol Crackdown Factoids
November 28, 2019
“Europol Goes After IS Propaganda Online” contained several interesting items:
Telegram was the online service provider “that contained the most extremism related material.”
Companies cooperating with Europol were Dropbox, Files.fm, Instagram, Google, Telegram.
Crackdowns force content elsewhere.
Is there a solution for encrypted messaging and online channels for activities such as grooming and recruitment?
Yes. The write up states that one approach is to mount “an effort to limit the space for extremist groups to recruit people online.”
Stephen E Arnold, November 28, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
