Facebook Takes on NSO Group

October 30, 2019

Now this is an interesting and possibly inadvisable move. Facebook is big and it has become the one company able to create more negative vibes than an outfit like Boeing (737 Max which allegedly was called “flying coffins”or Johnson & Johnson (the outfit famous for baby powder with a possible secret ingredient).

Why WhatsApp Is Pushing Back on NSO Group Hacking” provides a Facebook professional’s explanation of the decision to go after the NSO Group, a specialized software and services firm with some government clients:

As we gathered the information that we lay out in our complaint, we learned that the attackers used servers and Internet-hosting services that were previously associated with NSO. In addition, as our complaint notes, we have tied certain WhatsApp accounts used during the attacks back to NSO. While their attack was highly sophisticated, their attempts to cover their tracks were not entirely successful.

I particularly relished this statement by the Facebook professional:

At WhatsApp, we believe people have a fundamental right to privacy and that no one else should have access to your private conversations, not even us. Mobile phones provide us with great utility, but turned against us they can reveal our locations and our private messages, and record sensitive conversations we have with others.

Yeah, yeah, the DarkCyber team hears your voice. Is that voice one that resonates with truth, honor, and “ethical behavior” cranked up on the baloney amplifier?

Several observations:

  • It is generally a good idea to understand one’s opponent before getting into a bit of a tussle. Some opponents have special capabilities which are not often understood in the go go, move fast and break things world of Facebook
  • Facebook lacks what DarkCyber thinks of as “credibility stature.” In fact, the shadow the firm casts is a long one, but the path the company has followed in its crepuscular journey of those who may be afraid of the light. (Apologies to Plato)
  • NSO Group states: “NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror.”

Based on information I glean from my lectures at law enforcement and intelligence conferences, WhatsApp is an encrypted messaging service popular among some bad actors.

Oh, one final question, “Where did some of NSO’s team garner their operational experience?”

Give up. Gentle reader, knowing the answer is probably important. Does Facebook know the answer? Another good question.

Stephen E Arnold, October 30, 2019

Blockchains: A Role in Human Trafficking Investigations?

October 25, 2019

Human trafficking is one of the greatest evils in history as well as modern day. The Internet facilitates easy communication human traffickers, but they do not conduct their business in plain sight. They use the dark web to cover their sadistic business tracks. The Next Web explains that human traffickers might be easier to find than before in, “How A Blockchain-Based Digital ID System Could Help Tackle Human Trafficking.”

It is estimated that 20-40 million people are human trafficked, bringing in profits of $150 billion a year. Those are outrageous numbers! Emerging technologies such as data sharing and blockchain are becoming the favorable way to traffic people, but these technologies could also save the victims.

Digital IDs would be the key to blockchain technology. Human trafficking victims are denied resources that could help them escape, such as phones, computers, and other mobile technology. The victims are also stripped of any physical identification like passports or driver’s licenses. What if victims had a digital ID, made unique due to a fingerprint or eye scan, that cannot be stolen and would be easy to track?

“Once this is saved on a blockchain, the information is immutable and as such can not be forged, meaning traffickers wouldn’t be able to tamper it or change a victim’s identity. A strategy often used by traffickers to get their victims across border controls.

Importantly, blockchain technology is also decentralized, meaning that the embedded data is far more secure than it would be on a centralized server.

As a borderless technology, blockchain ID documentation and tracking can take place anywhere — so long as the parties involved are able to cooperate and collaborate while pledging to input the correct data.”

In other words, it is still the work of science fiction, but the possibility to make it a reality is not that far off.

Whitney Grace, October 25, 2019

Australian Police Crowdsource Missing Person Investigations

October 14, 2019

DarkCyber noted the report “Police Turn to Hackers in Australia’s First Crowdsourced Attempt to Find Missing People.” The idea is interesting and illustrates the lateral thinking law enforcement is increasingly directing at certain investigative challenges.

The write up states:

More than 350 internet sleuths and “ethical hackers” — hobbyists and professionals — gathered at 10 locations around the country on Friday in a national missing-persons “hackathon”. The aim was to generate leads for 12 of Australia’s most frustrating cold cases, using sophisticated but legal methods of trawling the Internet.

There have been OSINT efforts to address criminal issues. Open source information is an important component of the approach.

WorldStack, according to the article, “has built a search index of content on the ‘dark web’ — a network of hidden, encrypted websites, sometimes used to organize illegal activity, and hoped to use image-matching software to help find some of the 12 missing people.”

Australian engineers have developed or contributed a number of useful tools. Examples include Sintelix, TeraText, ISYS Search Software, Funnelback, and LMNTrix, among others.

Stephen E Arnold, October 14, 2019

Cloudera Bids to Be the Next Gen Anti Financial Crime Platform

October 10, 2019

DarkCyber read “Moving Towards the Next Gen Financial Crimes Platform.” The essay, which is two parts information and three parts marketing collateral, presents a diagram of the Cloudera anti financial crime platform. The phrase “financial crime platform” could be interpreted as the airfield for dispatching a range of malware attacks, a position in which some cloud vendors find themselves either wittingly or unwittingly. In this DarkCyber article, I will refer to the Cloudera vision as an anti financial crimes platform, hopefully to make clear that the cloud vendor is not a bad actor.

In DarkCyber’s view, there are three main points about Cloudera’s enterprise focused solution. Silos of information are a problem, and Cloudera will sweep across organizational data silos, at least that’s the idea. Here are points DarkCyber noted:

  1. The focus is on the enterprise, not on a wider scope; for example, a bank, not a number of FBI field offices, each of which operates more or less autonomously
  2. Smart software (artificial intelligence, machine learning, et al) are used at the edge to provide necessary signals about activity warranting further analysis by more numerical recipes
  3. The solution can accommodate innovations either from Cloudera or from partners.

Cloudera includes a diagram of what the solution’s broad outlines are. Here’s the illustration from the Cloudera article:


Working from right to left, data are ingested by Cloudera. The content goes into an enterprise data store. A suite of financial crime “applications” operate on the data in the Enterprise Data Store and its modules. At the right hand of the diagram analytical tools (maybe like Tibco SpotFire?), business intelligence systems, and Cloudera’s Data Science Workbench allow authorized users to interact with the system.

Cloudera’s article includes this statement:

With CDP as the foundation, intelligence gaps are mitigated by a holistic enterprise view of all customer and financial crime-related data (holistic KYC), systems, models and processes.  You will also be able to tighten the loop between detecting and responding to new fraud patterns. CDP also supports open-source advances to ensure that your teams are able to experiment with and adopt the latest technologies and methods, which helps to mitigate technology and vendor lock-in.  The diagram below illustrates the Cloudera Data Platform and its various components for enterprise management. [Emphasis in the original source]

Several observations are warranted:

  1. Vendor lock is an organic consequence of putting one’s egg in one cloud-centric basket. Although it is possible to envision a system which accepts enhancements, the write and the diagram do not include a provision for this type of extension. DarkCyber posits that restrictions will apply.
  2. The diagram has “financial crime applications” without providing much “color” or detail about these policeware components. One key question is, “Will these policeware applications run “on Cloudera” or on some other system; for example, IBM cloud which delivers Analyst Notebook functions?”
  3. The write up does not provide information about restrictions on data; for example, streaming data from telephone intercept systems.
  4. Information about functional components, application programming interfaces, and programmatic methods for the platform are not provided. DarkCyber understands the need for economy in writing, but a table or a list of suggested links would be helpful.

Why is Cloudera making this play?

DarkCyber hypothesizes that Cloudera realizes Amazon’s “as is” capabilities pose a substantial threat. Cloudera wants to stake out some territory before the Bezos bulldozer rolls through the policeware market.

Stephen E Arnold, October 9, 2019

Amazon Policeware: Getting Visible in Spite of Amazon

October 9, 2019

An enterprising reporter included some information from my Amazon research. You can find these open source factoids in “Meet America’s Newest Military Giant: Amazon.” Like good recipients of Jeffrey Epstein love, the publication will enjoin you to pay to read the recycled version of my research. Hey, that’s capitalism in action.

The write up does veer from “military giant” into policeware, a term I coined to make clear that there are platforms, applications, and tools purpose-built to support law enforcement, analysts, and investigators.


© Stephen E Arnold, 2016

You may want to read the article and take a look at the information I have published in this blog and on YouTube and Vimeo. The search systems struggle to highlight this content, but that’s the way life is in the world of ad-supported search. (Tip: To locate the information, use the search box on this Web site or you can explore these short videos at these links:

October 30, 2018 https://vimeo.com/297839909

November 6, 2018 https://vimeo.com/298831585

November 13, 2018 https://vimeo.com/300178710

November 20, 2018 https://vimeo.com/301440474.)

Another peek at Amazon’s activities is provided in a side mirror attached to a speeding Chevrolet Volt. “Ring’s Police Partnerships Must End, Say More Than 30 Civil Rights Groups” is an “open letter.” That document, according to CNet, “urges local lawmakers to cancel all existing police deals with Amazon’s video doorbell company.”

Good luck with that.

The CNet write up adds:

Ring has more than 500 police partnerships across the US, and a coalition of civil rights groups are calling for local governments to cancel them all. On Tuesday, tech-focused nonprofit Fight For the Future published an open letter to elected officials raising concerns about Ring’s police partnerships and its impacts on privacy and surveillance.  The letter is signed by more than 30 civil rights groups, including the Center for Human Rights and Privacy, Color of Change and the Constitutional Alliance. Along with asking mayors and city councils to cancel existing Ring partnerships, the letter also asks for surveillance oversight ordinances to prevent police departments from making these deals in the future, and also requested members of Congress to investigate Ring’s practices.

Read more

Smart Dubai: An Amazon AWS Connection

October 2, 2019

Amazon AWS provides the plumbing for the Amazon owned Souq.com. Amazon has a “region” and “edge location” in the United Arab Emirates. Amazon is supporting an educational push to infuse those with an interest in computer science in the ways and lingo of AWS. There was an Amazon summit in the UAE as well.

I thought about these Amazon actions when I read “Smart Dubai to Have a Marketplace for Sharing and Exchanging Data by 2021.” I learned:

Smart Dubai is building a data marketplace in a bid to monetise data through centralised and decentralised platforms, a top official said.

This initiative may be a glimpse of the smart data system disclosed in US 9947043. The Dubai activity may be the testing ground for a service which may be rolled out in the US as Amazon edges toward broader investigative services for the US government’s enforcement agencies, the IRS, and the SEC, among others.

Worth monitoring or you can express your interest in DarkCyber’s AWS policeware webinar by writing benkent2020 at yahoo dot com.

Stephen E Arnold, October 2, 2019

Amazon: Airport Purchases

October 1, 2019

DarkCyber spotted a report on the CNBC Web site. Its title was “Amazon Is in Talks to Bring Its Cashierless Go Technology to Airports and Movie Theaters.” Data about movie attendee purchases is interesting, but date about what an airport passenger is quite interesting. Location, method of payment, items purchases, date, and time are likely to be of considerable interest to investigators and intelligence professionals. With cross correlation a number of interesting questions could be answered. Will Amazon dominate airport sales? DarkCyber is not a prediction business. We will go as far as saying, “Worth watching.”

Stephen E Arnold, October 1, 2019

Amazon Policeware: One Possible Output

October 1, 2019

Investigations focus on entities and timelines. The context includes the legal wrapper, procedures, impressions, and similar information usually resident in investigators and their colleagues.

Why gather data unless there is a payoff. The payoff from data in terms of Amazon’s policeware includes these upsides:

  • Data which informs new products and services, especially those signals for latent demand
  • Raw material for analytical processes such as those performed by superordinate Amazon Web Services
  • Outputs which have market magnetism; that is, the product is desirable and LE and intel customers want to buy it.

This illustration which I have taken from my October 2, 2019, TechnoSecurity lecture and from my Amazon policeware webinar illustrates three points:

First, raw data are acquired by Amazon. The sources are diverse and some are unique to Amazon; for example, individual and enterprise purchasing data.

Second, the AWS policeware platform which performs normalization, indexing, and analysis from historic and real time data flows; for example, what books did an individual purchase and when.

Third, an output in the form of a profile or report about a person of interest.


© Stephen E Arnold 2019

I know the image is difficult to read. There are two ways to address this issue. You can attend my lectures at the San Antonio conference or you can sign up for my Amazon policeware webinar.

No Epstein supporters, fans, and acquaintances should express interest in my research. Sorry. I am old fashioned.

Stephen E Arnold, October 1, 2019

Amazon: The Surveillance Mesh Play

September 30, 2019

DarkCyber received a complaint about the small size of the image from my webinar about Amazon Policeware. There are two remedies for tiny images. You can attend my policeware lecture at the TechnoSecurity & Digital Forensics Conference in San Antonio on Wednesday, October 2. Qualified attendees can request a PDF of the image. Second, you can contact DarkCyber at benkent2020 at yahoo dot com and sign up for our LE, security, and intel personnel webinar.

Today, I want to provide several findings from our research related to Amazon Policeware. These are:

  • Amazon’s mesh network in the Sidewalk product provides a solution to blanketing a city with a data collection component. This wide field outdoor mesh network may fail. In the meantime, you may be able to locate your dog if it is wearing a Fetch.
  • Amazon’s Ring doorbell provides an anchor for fixed video feeds. The resolution is poor and the system is far from comprehensive, but the test mechanism is sufficiently compelling for several hundred police departments to show interest.
  • The supplementary data collection devices shown in the figure below feed into the AWS policeware platform. That platform performs a number of analytic functions. Cross correlation is one of these.


© Stephen E Arnold, 2019

So what?

In the US, Amazon is moving forward to put in place a next generation service which provides a new tool to enforcement authorities. The system delivers other benefits to Amazon as well.

DarkCyber identifies some parallels between the efforts the government of China is making with Amazon’s activities.

Will the Epstein friendly academic institution get this story straight? Probably not.

Stephen E Arnold, September 30, 2019

Who Is Assisting China in Its Technology Push?

March 20, 2019

I read “U.S. Firms Are Helping Build China’s Orwellian State.” The write up is interesting because it identifies companies which allegedly provide technology to the Middle Kingdom. The article also uses an interesting phrase; that is, “tech partnerships.” Please, read the original article for the names of the US companies allegedly cooperating with China.

I want to tell a story.

Several years ago, my team was asked to prepare a report for a major US university. Our task was to try and answer what I thought was a simple question when I accepted the engagement, “Why isn’t this university’s computer science program ranked in the top ten in the US?”

The answer, my team and I learned, had zero to do with faculty, courses, or the intelligence of students. The primary reason was that the university’s graduates were returning to their “home countries.” These included China, Russia, and India, among others. In one advanced course, there was no US born, US educated student.

We documented that for over a seven year period, when the undergraduate, the graduate students, and post doctoral students completed their work, they had little incentive to start up companies in proximity to the university, donate to the school’s fund raising, and provide the rah rah that happy graduates often do. To see the rah rah in action, may I suggest you visit a “get together” of graduates near Stanford or an eatery in Boston or on NCAA elimination week end in Las Vegas.

How could my client fix this problem? We were not able to offer a quick fix or even an easy fix. The university had institutionalized revenue from non US student and was, when we did the research, dependent on non US students. These students were very, very capable and they came to the US to learn, form friendships, and sharpen their business and technical “soft” skills. These, I assume, were skills put to use to reach out to firms where a “soft” contact could be easily initiated and brought to fruition.

threads fixed

Follow the threads and the money.

China has been a country eager to learn in and from the US. The identification of some US firms which work with China should not be a surprise.

However, I would suggest that Foreign Policy or another investigative entity consider a slightly different approach to the topic of China’s technical capabilities. Let me offer one example. Consider this question:

What Israeli companies provide technology to China and other countries which may have some antipathy to the US?

This line of inquiry might lead to some interesting items of information; for example, a major US company which meets on a regular basis with a counterpart with what I would characterize as “close links” to the Chinese government. One colloquial way to describe the situation is like a conduit. Digging in  this field of inquiry, one can learn how the Israeli company “flows” US intelligence-related technology from the US and elsewhere through an intermediary so that certain surveillance systems in China can benefit directly from what looks like technology developed in Israel.

Net net: If one wants to understand how US technology moves from the US, the subject must be examined in terms of academic programs, admissions, policies, and connections as well as from the point of view of US company investments in technologies which received funding from Chinese sources routed through entities based in Israel. Looking at a couple of firms does not do the topic justice and indeed suggests a small scale operation.

Uighur monitoring is one thread to follow. But just one.

Stephen E Arnold, March 20, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta