The RCMP: Monitoring Sparks Criticism

March 5, 2024

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The United States and United Kingdom receive bad reps for monitoring their citizens’ Internet usage. Thankfully it is not as bad as China, Russia, and North Korea. The “hat” of the United States is hardly criticized for anything, but even Canada has its foibles. Canada’s Royal Canadian Mounted Police (RCMP) is in water hot enough to melt all its snow says The Madras Tribune: “RCMP Slammed For Private Surveillance Used To Trawl Social Media, ‘Darknet’.”

It’s been known that the RCMP has used private surveillance tools to monitor public facing information and other social media since 2015. The Privacy Commissioner of Canada (OPC) revealed that when the RCMP was collecting information, the police force failed to comply with privacy laws. The RCMP also doesn’t agree with the OPC’s suggestions to make their monitoring activities with third party vendors more transparent. The RCMP also argued that because they were using third party vendors they weren’t required to ensure that information was collected according to Canadian law.

The Mounties’ non-compliance began in 2014 after three police officers were shot. An information monitoring initiative called Project Wideawake started and it involved the software Babel X from Babel Street, a US threat intelligence company. Babel X allowed the RCMP to search social media accounts, including private ones, and information from third party data brokers.

Despite the backlash, the RCMP will continue to use Babel X:

“ ‘Despite the gaps in (the RCMP’s) assessment of compliance with Canadian privacy legislation that our report identifies, the RCMP asserted that it has done enough to review Babel X and will therefore continue to use it,’ the report noted. ‘In our view, the fact that the RCMP chose a subcontracting model to pay for access to services from a range of vendors does not abrogate its responsibility with respect to the services that it receives from each vendor.’”

Canada might be the politest of country in North America, but its government hides a facade dedicated to law enforcement as much as the US.

Whitney Grace, March 5, 2024

Student Surveillance: It Is a Thing

March 1, 2024

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

Once mobile phones were designed with cameras, all technology was equipped with one. Installing cameras and recording devices is SOP now, but facial recognition technology will soon become as common unless privacy advocates have their way. Students at the University of Waterloo were upset to learn that vending machines on their campus were programmed with the controversial technology. The Kitchener explores how the scandal started in: “ ‘Facial Recognition’ Error Message On Vending Machine Sparks Concern At University Of Waterloo.”

A series of smart vending machines decorated with M&M graphics and dispense candy were located throughout the Waterloo campus. They raised privacy concerns when a student noticed an error message about the facial recognition application on one machine. The machines were then removed from campus. Until they were removed, word spread quickly and students covered a hole believed to hold a camera.

Students believed that vending machines didn’t need to have facial recognition applications. They also wondered if there were more places on campus where they were being monitored with similar technology.

The vending machines are owned by MARS, an international candy company, and manufactured by Invenda. The MARS company didn’t respond to queries but Invenda shared more information about the facial recognition application:

“Invenda also did not respond to CTV’s requests for comment but told Stanley in an email ‘the demographic detection software integrated into the smart vending machine operates entirely locally.’ ‘It does not engage in storage, communication, or transmission of any imagery or personally identifiable information,’ it continued.

According to Invenda’s website, the Smart Vending Machines can detect the presence of a person, their estimated age and gender. The website said the ‘software conducts local processing of digital image maps derived from the USB optical sensor in real-time, without storing such data on permanent memory mediums or transmitting it over the Internet to the Cloud.’”

Invenda also said the software is compliant with the European Union privacy General Data Protection Regulation but that doesn’t mean it is legal in Canada. The University of Waterloo has asked that the vending machines be removed from campus.

Net net: Cameras will proliferate and have smart software. Just a reminder.

Whitney Grace, March 1, 2024

Ottawa Law Enforcement and Reasonable Time for Mobile Phone Access

February 5, 2024

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The challenge of mobile phones is that it takes time to access the data if a password is not available to law enforcement. As more mobiles are obtained from alleged bad actors, the more time is required. The backlog can be onerous because many law enforcement agencies have a limited number of cyber investigators and a specific number of forensic software licenses or specialized machines necessary to extract data from a mobile device.

Time is not on their side. The Ottawa Citizen reports, “Police Must Return Phones After 175 Million Passcode Guesses, Judge Says.” It is not actually about the number of guesses, but about how long investigators can retain suspects’ property. After several months trying to crack the passwords on one suspect’s phone, Ottawa police asked Ontario Superior Court Justice Ian Carter to allow them to retain the device for another two years. But even that was a long shot. Writer Andrew Duffy tells us:

“Ontario Superior Court Justice Ian Carter heard that police investigators tried about 175 million passcodes in an effort to break into the phones during the past year. The problem, the judge was told, is that more than 44 nonillion potential passcodes exist for each phone. To be more precise, the judge said, there are 44,012,666,865,176,569,775,543,212,890,625 potential alpha-numeric passcodes for each phone. It means, Carter said, that even though 175 million passcodes were attempted, those efforts represented ‘an infinitesimal number’ of potential answers.”

The article describes the brute-force dictionary attacks police had used so far and defines the term leetspeak for curious readers. Though investigators recently added the password-generating tool Mentalist to their arsenal, the judge determined their chances of breaking into the phone were too slim. We learn:

“In his ruling, Carter said the court had to balance the property rights of an individual against the state’s legitimate interest in preserving evidence in an investigation. The phones, he said, have no evidentiary value unless the police succeed in finding the right passcodes. ‘While it is certainly possible that they may find the needle in the next two years, the odds are so incredibly low as to be virtually non-existent,’ the judge wrote. ‘A detention order for a further six months, two years, or even a decade will not alter the calculus in any meaningful way.’ He denied the Crown’s application to retain the phones and ordered them returned or destroyed.”

The judge suggested investigators instead formally request more data from Google, which supplied the information that led to the warrants in the first place. Good idea, but techno feudal outfits are often not set up to handle a large number of often-complex requests. The result is that law enforcement is expected to perform certain tasks while administrative procedures and business processes slam on the brakes. One would hope that information about the reality of accessing mobile devices were better understood and supported.

Cynthia Murrell, February 5, 2024

Pegasus Equipped with Wings Stomps Around and Leaves Hoof Prints

January 8, 2024

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The NSO Group’s infamous Pegasus spyware is in the news again, this time in India. Newsclick reveals, “New Forensic Report Finds ‘Damning Revelations’ of ‘Repeated’ Pegasus Use to Target Indian Scribes.” The report is a joint project by Amnesty International and The Washington Post. It was spurred by two indicators. First, routine monitoring exercise in June 2023 turned up traces of Pegasus on certain iPhones. Then, in October, several journalists and Opposition party politicians received Apple alerts warning of “State-sponsored attackers.” The article tells us:

“‘As a result, Amnesty International’s Security Lab undertook a forensic analysis on the phones of individuals around the world who received these notifications, including Siddharth Varadarajan and Anand Mangnale. It found traces of Pegasus spyware activity on devices owned by both Indian journalists. The Security Lab recovered evidence from Anand Mangnale’s device of a zero-click exploit which was sent to his phone over iMessage on 23 August 2023, and designed to covertly install the Pegasus spyware. … According to the report, the ‘attempted targeting of Anand Mangnale’s phone happened at a time when he was working on a story about an alleged stock manipulation by a large multinational conglomerate  in India.’”

This was not a first for The Wire co-founder Siddharth Varadarajan. His phone was also infected with Pegasus back in 2018, according to forensic analysis ordered by the Supreme Court of India. The latest findings have Amnesty International urging bans on invasive, opaque spyware worldwide. Naturally, The NSO Group continues to insist all its clients are “vetted law enforcement and intelligence agencies that license our technologies for the sole purpose of fighting terror and major crime” and that it has policies in place to prevent “targeting journalists, lawyers and human rights defenders or political dissidents that are not involved in terror or serious crimes.” Sure.

Meanwhile, some leaders of India’s ruling party blame Apple for those security alerts, alleging the “company’s internal threat algorithms were faulty.” Interesting deflection. We’re told an Apple security rep was called in and directed to craft some other, less alarming explanation for the warnings. Is this because the government itself is behind the spyware? Unclear; Parliament refuses to look into the matter, claiming it is sub judice. How convenient.

Cynthia Murrell, January 8, 2024

Lawyer, Former Government Official, and Podcaster to Head NSO Group

January 2, 2024

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The high-profile intelware and policeware vendor NSO Group has made clear that specialized software is a potent policing tool. NSO Group continues to market its products and services at low-profile trade shows like those sponsored by an obscure outfit in northern Virginia. Now the firm has found a new friend in a former US official. TechDirt reports, “Former DHS/NSA Official Stewart Baker Decides He Can Help NSO Group Turn a Profit.” Writer Tim Cushing tells us:

“This recent filing with the House of Representatives makes it official: Baker, along with his employer Steptoe and Johnson, will now be seeking to advance the interests of an Israeli company linked to abusive surveillance all over the world. In it, Stewart Baker is listed as the primary lobbyist. This is the same Stewart Baker who responded to the Commerce Department blacklist of NSO by saying it wouldn’t matter because authoritarians could always buy spyware from… say…. China.”

So, the reasoning goes, why not allow a Western company to fill that niche? This perspective apparently makes Baker just the fellow to help NSO buff up NSO Group’s reputation. Cushing predicts:

“The better Baker does clearing NSO’s tarnished name, the sooner it and its competitors can return to doing the things that got them in trouble in the first place. Once NSO is considered somewhat acceptable, it can go back to doing the things that made it the most money: i.e., hawking powerful phone exploits to human rights abusers. But this time, NSO has a former US government official in its back pocket. And not just any former government official but one who spent months telling US citizens who were horrified by the implications of the Snowden leaks that they were wrong for being alarmed about bulk surveillance.”

Perhaps the winning combination for the NSO Group is a lawyer, former US government official, and a podcaster in one sleek package will do the job? But there are now alternatives to the Pegasus solution. Some of these do not have the baggage carted around by the stealthy flying horse.

Perhaps there will be a podcast about NSO Group in the near future.

Cynthia Murrell, January 2, 2024

Missing Signals: Are the Tools or Analysts at Fault?

November 7, 2023

green-dino_thumb_thumbThis essay is the work of a dumb humanoid. No smart software required.

Returning from a trip to DC yesterday, I thought about “signals.” The pilot — a specialist in hit-the-runway-hard landings  — used the word “signals” in his welcome-aboard speech. The word sparked two examples of missing signals. The first is the troubling kinetic activities in the Middle East. The second is the US Army reservist who went on a shooting rampage.

image

The intelligence analyst says, “I have tools. I have data. I have real time information. I have so many signals. Now which ones are important, accurate, and actionable?” Our intrepid professionals displays the reality of separating the signal from the noise. Scary, right? Time for a Starbuck’s visit.

I know zero about what software and tools, systems and informers, and analytics and smart software the intelligence operators in Israel relied upon. I know even less about what mechanisms were in place when Robert Card killed more than a dozen people.

The Center for Strategic and International Studies published “Experts React: Assessing the Israeli Intelligence and Potential Policy Failure.” The write up stated:

It is incredible that Hamas planned, procured, and financed the attacks of October 7, likely over the course of at least two years, without being detected by Israeli intelligence. The fact that it appears to have done so without U.S. detection is nothing short of astonishing. The attack was complex and expensive.

And one more passage:

The fact that Israeli intelligence, as well as the international intelligence community (specifically the Five Eyes intelligence-sharing network), missed millions of dollars’ worth of procurement, planning, and preparation activities by a known terrorist entity is extremely troubling.

Now let’s shift to the Lewiston Maine shooting. I had saved on my laptop “Six Missed Warning Signs Before the Maine Mass Shooting Explained.” The UK newspaper The Guardian reported:

The information about why, despite the glaring sequence of warning signs that should have prevented him from being able to possess a gun, he was still able to own over a dozen firearms, remains cloudy.

Those “signs” included punching a fellow officer in the US Army Reserve force, spending some time in a mental health facility, family members’ emitting “watch this fellow” statements, vibes about issues from his workplace, and the weapon activity.

On one hand, Israel had intelligence inputs from just about every imaginable high-value source from people and software. On the other hand, in a small town the only signal that was not emitted by Mr. Card was buying a billboard and posting a message saying, “Do not invite Mr. Card to a church social.”

As the plane droned at 1973 speeds toward the flyover state of Kentucky, I jotted down several thoughts. Like or not, here these ruminations are:

  1. Despite the baloney about identifying signals and determining which are important and which are not, existing systems and methods failed bigly. The proof? Dead people. Subsequent floundering.
  2. The mechanisms in place to deliver on point, significant information do not work. Perhaps it is the hustle bustle of everyday life? Perhaps it is that humans are not very good at figuring out what’s important and what’s unimportant. The proof? Dead people. Constant news releases about the next big thing in open source intelligence analysis. Get real. This stuff failed at the scale of SBF’s machinations.
  3. The uninformed pontifications of cyber security marketers, the bureaucratic chatter flowing from assorted government agencies, and the cloud of unknowing when the signals are as subtle as the foghorn on cruise ship with a passenger overboard. Hello, hello, the basic analysis processes don’t work. A WeWork investor’s thought processes were more on point than the output of reporting systems in use in Maine and Israel.

After the aircraft did the thump-and-bump landing, I was able to walk away. That’s more than I can say for the victims of analysis, investigation, and information processing methods in use where moose roam free and where intelware is crafted and sold like canned beans at TraderJoe’s.

Less baloney and more awareness that talking about advanced information methods is a heck of a lot easier than delivering actual signal analysis.

Stephen E Arnold, November 7, 2023

test

Traveling to France? On a Watch List?

August 25, 2023

The capacity for surveillance has been lurking in our devices all along, of course. Now, reports Azerbaijan’s Azernews, “French Police Can Secretly Activate Phone Cameras, Microphones, and GPS to Spy on Citizens.” The authority to remotely activate devices was part of a larger justice reform bill recently passed. Officials insist, though, this authority will not be used willy-nilly:

“A judge must approve the use of the powers, and the recently amended bill forbids use against journalists, lawyers, and other ‘sensitive professions.’ The measure is also meant to limit use to serious cases, and only for a maximum of six months. Geolocation would be limited to crimes that are punishable by at least five years in prison.”

Surely, law enforcement would never push those limits. Apparently the Orwellian comparisons are evident even to officials, since Justice Minister Éric Dupond-Moretti preemptively batted them away. Nevertheless, we learn:

“French digital rights advocacy group, La Quadrature du Net, has raised serious concerns over infringements of fundamental liberties, and has argued that the bill violates the ‘right to security, right to a private life and to private correspondence’ and ‘the right to come and go freely.’ … The legislation comes as concerns about government device surveillance are growing. There’s been a backlash against NSO Group, whose Pegasus spyware has allegedly been misused to spy on dissidents, activists, and even politicians. The French bill is more focused, but civil liberties advocates are still alarmed at the potential for abuse. The digital rights group La Quadrature du Net has pointed out the potential for abuse, noting that remote access may depend on security vulnerabilities. Police would be exploiting security holes instead of telling manufacturers how to patch those holes, La Quadrature says.”

Smartphones, laptops, vehicles, and any other connected devices are all fair game under the new law. But only if one has filed the proper paperwork, we are sure. Nevertheless, progress.

Cynthia Murrell, August 25, 2023

NSO Group: How Easy Are Mobile Hacks?

April 25, 2023

I am at the 2023 US National Cyber Crime Conference, and I have been asked, “What companies offer NSO-type mobile phone capabilities?” My answer is, “Quite a few.” Will I name these companies in a free blog post? Sure, just call us at 1-800-YOU-WISH.

A more interesting question is, “Why is Israel-based NSO Group the pointy end of a three meter stick aimed at mobile devices?” (To get some public information about newly recognized NSO Group (Pegasus) tricks, navigate to “Triple Threat. NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains.” I would point out that the reference to Access Now is interesting, and a crime analyst may find a few minutes examining what the organization does, its “meetings,” and its hosting services time well spent. Will I provide that information in a free blog post. Please, call the 800 number listed above.)

Now let’s consider the question regarding the productivity of the NSO technical team.

First, Israel’s defense establishment contains many bright people and a world-class training program. What happens when you take well educated people, the threat of war without warning, and an outstanding in-service instructional set up? The answer is, “Ideas get converted into exercises. Exercises become test code. Test code gets revised. And the functional software becomes weaponized.”

Second, the “in our foxhole” mentality extends once trained military specialists leave the formal service and enter the commercial world. As a result, individuals who studied, worked, and in some cases, fought together set up companies. These individuals are a bit like beavers. Beavers do what beavers do. Some of these firms replicate functionality similar to that developed under the government’s watch and sell those products. Please, note, that NSO Group is an exception of sorts. Some of the “insights” originated when the founders were repairing mobile phones. The idea, however, is the same. Learning, testing, deploying, and the hiring individuals with specialized training by the Israeli government. Keep in mind the “in my foxhole” notion, please.

Third, directly or indirectly important firms in Israel or, in some cases, government-assisted development programs provide: [a] Money, [b] meet up opportunities like “tech fests” in Tel Aviv, and [c] suggestions about whom to hire, partner with, consult with, or be aware of.

Do these conditions exist in other countries? In my experience, to some degree this approach to mobile technology exploits does. There are important differences. If you want to know what these are, you know the answer. Buzz that 800 number.

My point is that the expertise, insights, systems, and methods of what the media calls “the NSO Group” have diffused. As a result, there are more choices than ever before when it comes to exploiting mobile devices.

Where’s Apple? Where’s Google? Where’s Samsung? The firms, in my opinion, are in reactive mode, and, in some cases, they don’t know what they don’t know.

Stephen E Arnold, April 25, 2023

Accidental News: There Is a Google of the Dark Web.

August 2, 2022

Yesterday one of the research team was playing the YouTube version of TWIT which is Silicon Valley acronym speak for “This Week in Tech.” The program is hosted by a former TV personality and features “experts”. The experts discuss major news events. The August 1, 2022 (captured on July 31, 2022) has the title “The Barn Has Left the Horse — CHIPS Act, Earnings Week, FTC Sues Meta, Twitter Blue Price Hike.” The “experts” fielding questions and allegedly insightful observations by Mr. LaPorte can be viewed at this link. The “experts” on the “great panel” for this program included:

In the midst of recycled information and summaries of assorted viewpoints, there was what I thought was information warranting a bit more attention. You can watch and hear what Dan Patterson says at 2:22:30. A bit of context: Mr. Patterson announced that he is the Editorial Director at Cybersixgill, [supplemental links appear below my name at the foot of this blog post] a firm named after a shark and with, until now, a very low profile. I think the outfit is based in Tel Aviv and it, as I recall, provides what I call specialized software and services to government entities. A few other firms in this particular market space are NSO Group and Voyager Labs, among other. Rightly or wrongly, I think of Herliya as the nerve center for certain types of sophisticated intercept, surveillance, analytic, and stealth systems. Thus, “low profile” is necessary. Once the functionality of an NSO Group-type system becomes known, then the knock on effect is to put Candiru-type firms in the spotlight too. (Other fish swimming unseen in the digital ocean have inspired names like “FinFisher,” “Candiru,” and “Sixgill.”)

So what’s the big news? A CBS technology reported quitting is no big deal. A technology reporter who joins a commercial software and services firm is not a headline maker either.

This is, in my opinion, a pretty remarkable assertion, and I think it should be noted. Mr. Patterson was asked by Mr. LaPorte, “So CyberSixgill is a threat intelligence…” Mr. Patterson added some verbal filler with a thank you and some body movement. Then this…

CyberSixgill is like a Google for the Dark Web.

That’s an interesting comparison because outfits like Kagi and Neva emphasize how different they are from Google. Like Facebook, Google appears to on the path to becoming an icon for generating cash, wild and crazy decisions, and an emblem of distrust.

Mr. Patterson then said:

I don’t want to log roll…. I joined the threat detection company because their technology is really interesting. It really mines the Dark Web and provides a portal into it in ways that are really fascinating.

Several observations:

  1. Mr. Patterson’s simile caught my attention. (I suppose it is better than saying, “My employer is like an old school AT&T surveillance operation in 1941.”
  2. Mr. Patterson’s obvious discomfort when talking about CyberSixgill indicates that he has not yet crafted the “editorial message” for CyberSixgill.
  3. With the heightened scrutiny of firm’s with specialized software causing outfits like Citizens Lab in Toronto to vibrate with excitement and the Brennan Center somewhat gleefully making available Voyager Labs’s information, marketing a company like CyberSixgill may be a challenge. These specialized software companies have to be visible to government procurement officers but not too visible to other sectors.

Net net: For specialized software and services firms in Israel, Zurich, Tyson’s Corner, and elsewhere, NSO Group’s visibility puts specialized software and services company on the horns of a dilemma: Visible but not too visible. These companies cannot make PR and marketing missteps. Using the tag line from a “real” journalist’s lips like “a Google for the Dark Web” is to me news which Mr. LaPorte and the other members of the panel should have noticed. They did not. There you go: “Like a Google for the Dark Web”. That’s something of interest to me and perhaps a few other people.

Stephen E Arnold, August 2, 2022

Notes:

1 “Sixgill” is the blunt nose “six gill” shark, hexnchoid (Hexanchus griseus). It is big and also called the cow shark by fish aficionados. The shark itself can be eaten.

2 The company’s product is explained at https://www.cybersixgill.com/products/portal/. One “product” is a cloud service which delivers “exclusive access to closed underground sources with the most comprehensive, automated collection from the deep and dark Web. The investigative portal delivers the threat intel security teams need: Real time context and actionable alerts along with the ability to conduct cover investigations.” Mr. Patterson may want to include in his list of work tasks some rewriting of this passage. “Covert investigations,” “closed underground sources,” and “automated collection” attract some attention.

3 The company’s blog provides some interesting information to those interested in specific investigative procedures; for example, “Use Case Blog: Threat Monitoring & Hunting.” I noted the word “hunting.”

4 The company received a fresh injection of funding from CrowdStrike, Elron Ventures, OurCrowd, and Sonae. According to CyberGestion, the firm’s total funding as of May 2022 is about $55 million US.

5 The Dark Web, according to my research team, is getting smaller. Thus, what does “deep web”? The term is undefined on the cited CyberSixgill page. “Like Google” suggests more than 35 billion Web pages in its public index. Is this what CyberSixgill offers?

Surprise: NSO Group Pegasus Is in the News Again

July 28, 2022

On July 27, 2022, the winger wonder Pegasus cast a shadow over the desks of the House Intelligence Committee. The flapping of the mythical creatures wings could not be stilled. Gavel pounding, heavy breathing from lobbyists in the gallery, and convoluted statements by elected leaders did not cause the beastie to fly away. Nope. Pegasus with its NSO Group logo branded on its comely haunch was present. Even mythical creatures can leave behind a mess.

And it appears as if the mess is semi-permanent and odiferous.

We’re Likely Only Seeing the Tip of the Iceberg of Pegasus Spyware Use Against the US” states:

US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. This, of course, is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.

I like the Hotel Rawanda reference. Younger elected officials may not know much about intelware, but they definitely know about the motion picture in my opinion. Hutus Tutsis and a big box office. A target of Pegasus. Credibility? Yep.

The hearings continue of July 28, 2022. According to the article:

Schiff called NSO’s software and similar eavesdropping tools “a threat to Americans,” and pointed to news reports from last year about cellphones belonging to US diplomats in Uganda being compromised by Pegasus. It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors,” Schiff said.

Google — the go to source for objective information — is allegedly tracking 30 firms “that sell exploits or surveillance capabilities to government-backed groups.

Just 30? Interesting, but, hey, Google knows surveillance cold I suppose.

A handful of observations:

  1. NSO Group’s Pegasus continues to capture attention like a Kentucky Derby winner which allegedly has banned substances rubbed on its belly. Some of those rub ons have a powerful scent. Even a boozy race track veterinarian can wince when checking a specific thoroughbred’s nether region.
  2. The knock on effect of NSO Group’s alleged management oversight means that scrutiny of intelware companies is going to spotlight the founders, funders, and stakeholders. I think this is like a deer standing on railroad tracks mesmerized by the bright white light heading down the rails at 60 miles per hour. In the train versus deer competitions in the past, trains hold a decided advantage.
  3. Individual companies in the specialized software business face an uncertain future.

How uncertain?

Regulations and bans seem to be on the menus in a number of countries. Also, there are a finite number of big dollar contracts for specialized software and smaller firms are going to have to get big fast, sell out to a larger company with multiple lines of law enforcement, defense, and intelligence revenue, or find a way to market without marketing “too well.”

And the “too well”?

Since NSO Group’s spotlight appearances, smaller intelware companies have had to be very careful abut their sales and marketing activities. Why? There are reporters from big time newspapers nosing around for information. There are online podcasts which have guests who talk about what specialized software can do, where the data originate, and how a “food chain” of information providers provide high value information. There are the tireless contributors of Twitter’s #OSINT threads who offer sometimes dumb and less frequently high-value nuggets about specialized services vendors. Finally, there are the marketers at specialized services firms themselves who use email blasts to tout their latest breakthroughs. Other small specialized software vendors prowl the niche law enforcement and intelligence conferences in search of sales leads. In some cases, there are more marketers than there are individuals who can license a data set, an analytics package, or the whole enchilada needed to monitor — how shall I phrase it — comprehensively. These energetic marketers learn that their employer becomes a journalist’s subject of interest.

Net net: When I reflect on the golden years of specialized software and services marketing, testing, and deploying, I have one hypotheses: NSO Group’s visibility has changed the game. There will be losers and a very few big winners. Who could have foreseen specialized software and services working like a bet on the baccarat tables in Monaco? Who anticipated NSO Group-type technology becoming “personal” to the US? I sure did not. The light at the end of the tunnel, once the train clears the deer, is that the discipline of “marketing without marketing too much” may become mainstream in France, Germany, Israel, Switzerland, and the US. I hear that train a-comin’ do you?

Stephen E Arnold, July 28, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta