NSO Does Not Play the Facebook Game

January 16, 2020

We spotted a write up in Techdirt, an interesting publication indeed. The story is “Malware Marketer NSO Group Looks Like It’s Blowing Off Facebook’s Lawsuit.”

The title suggested to some of the DarkCyber team that NSO is a not so good company. It is a malware marketer. Furthermore, the company is “blowing off” Facebook’s lawsuit.

The Facebook case asserts that the NSO Group exploited WhatsApp. The goal? Compromise an actor’s mobile device via software. This approach is known as an attack vector created by Facebook.

NSO, as DarkCyber has noted in this blog and our videos, has been generating media attention. Specialized software companies providing technology to government entities generally prefer to maintain a lower profile.

What’s the status of Facebook’s legal action? Techdirt states:

Facebook’s lawsuit is going nowhere fast. While it’s not uncommon for there to be a delay between the filing of a complaint and the defendant’s response, NSO hasn’t filed anything — not even a notice of appearance from its corporate counsel — since the filing of the suit.

NSO is not a US company. It is owned by a Japanese firm and most of the technical operations are still under the umbrella of Israeli citizens.

DarkCyber thinks that Facebook’s challenge to NSO was an interesting action.

First, NSO responds to its customers’ needs. This means that outfits like Facebook which often drag their running shoe shod feet when it comes to dealing with government requests for data invites attention from specialist firms. Look in the mirror, Facebookers.

Second, Facebook wants to encrypt everything, create its own walled garden, and operate like a country. Okay, Facebookers, that attitude invites some special attention. Look in the mirror, Facebookers.

Third, the challenge to NSO strikes DarkCyber like an New Age slow cooker calling a microwave an unnecessary luxury. Nope. Look in the mirror, Facebooks, or in this case, in the reflection in the slow cooker’s aluminum skin.

Net net: Facebook may want to think a bit harder about the resources available to specialist software firms. Why? Nothing special, of course.

Stephen E Arnold, February 16, 2020

Belated Recognition: Barn Burned, Intelligence Costco Operating

December 18, 2019

Amnesty International has described the “Architecture of Surveillance.” Quick out of the gate?

Concerns about privacy and the ways in which large tech companies use and profit off user data have been more and more in the news lately. A recent report by Amnesty International goes so far as to say Facebook and Google, in particular, maintain a “surveillance-based business model.” Common Dreams discusses the report in its article, “Unprecedented ‘Architecture of Surveillance’ Created by Facebook and Google Poses Grave Human Rights Threat: Report.” Writer Andrea Germanos summarizes:

“With Facebook controlling not only its eponymous social media platform but also WhatsApp, Messenger, and Instagram, and Google parent company Alphabet in control of YouTube and the Android mobile operating system as well as the search engine, the companies ‘control the primary channels that people rely on to engage with the internet.’ In fact, the report continues, the two companies control ‘an architecture of surveillance that has no basis for comparison in human history.’ … The companies hoover up user data—as well as metadata like email recipients—and ‘they are using that data to infer and create new information about us,’ relying in part on artificial intelligence (AI).The report says that ‘as a default Google stores search history across all of an individual’s devices, information on every app and extension they use, and all of their YouTube history, while Facebook collects data about people even if they don’t have a Facebook account.’ Smart phones also offer the companies a ‘rich source of data,’ but the reach of surveillance doesn’t stop there.”

In fact, the reach now extends into homes via AI assistants like Alexa and devices connected to the internet of things. It also extends through public spaces courtesy of smart city implementations. All of this has crept upon us gradually and, largely, with the full cooperation of the subjects being surveilled (a.k.a. “users”), whether they fully understood what they were signing up for or not. The connections and conclusions algorithms can draw from all this information is mind-boggling even to someone who writes about data and AI for a living. See the article for a more in-depth discussion of the possibilities and repercussions.

Because the big tech companies are not going to stop these lucrative practices on their own, Amnesty International insists governments must step in. Companies must stop requiring users to surrender all rights to their data in order to use their services, for example, and the right to not be tracked must be enshrined into law. Transparency is also to be required, and companies mustn’t be allowed to lobby for weakened protections. Society has gone so far down the digital road that opting out of an online existence is simply not a workable option for most—that’s just not how it works anymore. But will it be possible to hold the big techs’ feet to the fire, or have they become too powerful?

Cynthia Murrell, December 18, 2019

This Snooping Stuff

December 14, 2019

The Economist’s story “Offering Software for Snooping to Governments Is a Booming Business” sounds good. The article is locked behind a paywall so you will have to sign up to read the quite British analysis. There are some interesting comments zipping around about the article. For example, a useful thread appears at this link.

Several observations struck me as informative; for example:

  • The Economist does not mention Cisco. This is important because Cisco has an “intelligence” capability with some useful connections to innovators in other countries.
  • Palantir, a recipient of another US government contract, is not mentioned in the write up. For information about this new Palantir project, navigate to “Palantir Wins New Pentagon Deal With $111 Million From the Army.” This is paywalled as well.
  • There is even a reference to surveillance technology delivering a benefit.

Perhaps those interested in surveillance software will find the interview Robert Steele, a former CIA professional, conducted with me. You can find that information at this link.

Perhaps the Economist will revisit this topic and move beyond NSO Group and colloquial language like snooping?

Stephen E Arnold

Amazon Fraud Detector: Policeware Service?

December 6, 2019

The camel is poking its nose into another tent. Navigate to “Amazon Fraud Detector.” The service makes it easy to identify potentially fraudulent online activities. The service seems to focus on a commercial use case. There may be a government or public sector application or two enabled as well. Which is more important? Both are equally important.

The commercial push is likely to provide a new revenue stream for Amazon from individuals, mid sized sellers, and quite large commercial operations. Equifax-like outfits? Maybe a JPMorgan-like enterprise?

The government push is part of the company’s policeware initiatives. What’s this policeware you reference? If you are curious, I have a free eight page summary of a forthcoming chapter which will appear in a book about blocking in 2020.

To get on the list for the free white paper, just write darkcyber333 at yandex dot com. Name, company email, and agency required, however.

Stephen E Arnold, December 6, 2019

Why Is MiningLamp Getting Ink?

December 3, 2019

The question “Why is MiningLamp getting ink?” is an interesting one to some people. The firm was founded in 2014. The company was a product of bunsha practiced by Miaozhen Systems, a company engaged in advertising “analysis.” The company is funded by Tencent, China Renaissance, and Sequoia Capital China. The firm may have revenues in the hundreds of millions of dollars. Data about the influence of the Chinese government is not available to the DarkCyber team at this time. MiningLamp may have received as much as $290 million from its backers.


Companies want publicity to get sales leads, attract investors, create buzz to lure new hires, and become known to procurement professionals in government agencies.


We noted talk about MiningLamp at a couple of law enforcement and intelligence conferences. The company provides policeware and intelware to customers in China and elsewhere. You can read about the firm on its Web site at this link. (Be patient. The service seems to provide a high latency experience.) Product pages also seem to be missing in action.

Nevertheless, “Chinese Data Mining Firm MiningLamp, Now a National AI Champion, Began by Helping Police Solve Crimes” does not talk about a dearth of public information. The write up states that “MiningLamp’s business analytics tools are used by more than 200 companies in the Fortune 200.” That’s a lot of big companies embracing investigative software. Judging from the attendees at law enforcement and intelligence conference, these big companies are finding out about a Chinese company somehow.

The news story states that “Like Palantir, this Chinese start up uses AI to help corporate clients convert huge volumes of data into actionable information.” Palantir is a big ticket item. Perhaps price is a factor or Fortune 200 companies want to rely on a business intelligence system operated by a company located outside the span of control of some government authorities.

The company has been named a Chinese champion. The article reveals:

Although not as well known as US equivalent Palantir Technologies, which reportedly contributed to America’s success in hunting down Osama bin Laden, MiningLamp’s data mining software is used to spot crime patterns, track drug dealers and prevent human trafficking.

DarkCyber thinks that any company which has 200 Fortune listed companies as customers is reasonably well known.

We learned:

“Cases are being resolved on our platforms every day” in more than 60 cities and regions in China, said founder and CEO Wu Minghui. “We can run fast analysis on potential drug dealers or major suspects, improving the overall case-solving efficiency several hundred times.”

Read more

Sherlock: An Interesting Open Source Intelligence Contribution

December 2, 2019

Secrets have a way of becoming non-secrets. How is often mysterious. Navigate to “Find Usernames across Social Networks.” Fire up the system and behold what for some was a function worthy of hushed tones in meetings held in drab rooms with plastic furniture.


Plug in a user name. The software chugs through publicly accessible services looking for matches.

Why is this useful? If the value of locating user names is not clear, DarkCyber is not going to flip on your light bulb.

As I write this, I can think of companies in England, Germany, Israel, and Italy which are likely to be doing a bit of critical thinking.

Sherlock could have an impact on those firms’ sales pitches and possibly their revenue. As our fictional hero allegedly said, “You know my methods, Watson.”

Stephen E Arnold, December 2, 2019

NSO Group and Facebook: An Escalation

November 27, 2019

Workers at Israeli Surveillance Firm NSO Sue Facebook for Blocking Private Accounts” adds some zest to the dust up between the digital country of Facebook and a company which develops policeware. Facebook’s WhatsApp accused NSO of fiddling with content of the encrypted messaging service.

Reuters reports:

NSO employees said Facebook had imposed a “collective punishment” by choosing to block their private accounts due to the legal process Facebook is conducting against NSO. They also said their lawsuit came only after they made repeated requests to Facebook that went unanswered. “Blocking our private accounts is a hurtful and unjust move by Facebook,” the statement said. “The idea that personal data was searched for and used is very disturbing to us”.

In this legal battle of a digital nation and a software and services company, whose lawyers will prevail?

Worth monitoring because policeware (software and services for law enforcement) and intelware (software and services for intelligence agencies) is rarely in the news.

Will the story have legs or will the legal eagles nibble at these entities patellas? Maybe crippling one or both?

Stephen E Arnold, November 27, 2019

Facebook Takes on NSO Group

October 30, 2019

Now this is an interesting and possibly inadvisable move. Facebook is big and it has become the one company able to create more negative vibes than an outfit like Boeing (737 Max which allegedly was called “flying coffins”or Johnson & Johnson (the outfit famous for baby powder with a possible secret ingredient).

Why WhatsApp Is Pushing Back on NSO Group Hacking” provides a Facebook professional’s explanation of the decision to go after the NSO Group, a specialized software and services firm with some government clients:

As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO. In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful.

I particularly relished this statement by the Facebook professional:

At WhatsApp, we believe people have a fundamental right to privacy and that no one else should have access to your private conversations, not even us. Mobile phones provide us with great utility, but turned against us they can reveal our locations and our private messages, and record sensitive conversations we have with others.

Yeah, yeah, the DarkCyber team hears your voice. Is that voice one that resonates with truth, honor, and “ethical behavior” cranked up on the baloney amplifier?

Several observations:

  • It is generally a good idea to understand one’s opponent before getting into a bit of a tussle. Some opponents have special capabilities which are not often understood in the go go, move fast and break things world of Facebook
  • Facebook lacks what DarkCyber thinks of as “credibility stature.” In fact, the shadow the firm casts is a long one, but the path the company has followed in its crepuscular journey of those who may be afraid of the light. (Apologies to Plato)
  • NSO Group states: “NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror.”

Based on information I glean from my lectures at law enforcement and intelligence conferences, WhatsApp is an encrypted messaging service popular among some bad actors.

Oh, one final question, “Where did some of NSO’s team garner their operational experience?”

Give up. Gentle reader, knowing the answer is probably important. Does Facebook know the answer? Another good question.

Stephen E Arnold, October 30, 2019

Blockchains: A Role in Human Trafficking Investigations?

October 25, 2019

Human trafficking is one of the greatest evils in history as well as modern day. The Internet facilitates easy communication human traffickers, but they do not conduct their business in plain sight. They use the dark web to cover their sadistic business tracks. The Next Web explains that human traffickers might be easier to find than before in, “How A Blockchain-Based Digital ID System Could Help Tackle Human Trafficking.”

It is estimated that 20-40 million people are human trafficked, bringing in profits of $150 billion a year. Those are outrageous numbers! Emerging technologies such as data sharing and blockchain are becoming the favorable way to traffic people, but these technologies could also save the victims.

Digital IDs would be the key to blockchain technology. Human trafficking victims are denied resources that could help them escape, such as phones, computers, and other mobile technology. The victims are also stripped of any physical identification like passports or driver’s licenses. What if victims had a digital ID, made unique due to a fingerprint or eye scan, that cannot be stolen and would be easy to track?

“Once this is saved on a blockchain, the information is immutable and as such can not be forged, meaning traffickers wouldn’t be able to tamper it or change a victim’s identity. A strategy often used by traffickers to get their victims across border controls.

Importantly, blockchain technology is also decentralized, meaning that the embedded data is far more secure than it would be on a centralized server.

As a borderless technology, blockchain ID documentation and tracking can take place anywhere — so long as the parties involved are able to cooperate and collaborate while pledging to input the correct data.”

In other words, it is still the work of science fiction, but the possibility to make it a reality is not that far off.

Whitney Grace, October 25, 2019

Australian Police Crowdsource Missing Person Investigations

October 14, 2019

DarkCyber noted the report “Police Turn to Hackers in Australia’s First Crowdsourced Attempt to Find Missing People.” The idea is interesting and illustrates the lateral thinking law enforcement is increasingly directing at certain investigative challenges.

The write up states:

More than 350 internet sleuths and “ethical hackers” — hobbyists and professionals — gathered at 10 locations around the country on Friday in a national missing-persons “hackathon”. The aim was to generate leads for 12 of Australia’s most frustrating cold cases, using sophisticated but legal methods of trawling the Internet.

There have been OSINT efforts to address criminal issues. Open source information is an important component of the approach.

WorldStack, according to the article, “has built a search index of content on the ‘dark web’ — a network of hidden, encrypted websites, sometimes used to organize illegal activity, and hoped to use image-matching software to help find some of the 12 missing people.”

Australian engineers have developed or contributed a number of useful tools. Examples include Sintelix, TeraText, ISYS Search Software, Funnelback, and LMNTrix, among others.

Stephen E Arnold, October 14, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta