Medical Intelligence Sentinels

April 29, 2020

Analysts at the U.S. National Center for Medical Intelligence were concerned about the novel coronavirus well before most of the country. That is because researchers at the agency are good at their jobs; if only those in charge would listen to them. The Star Advertiser shares the article, “Medical Intelligence Sleuths Tracked, Warned of New Coronavirus.” A division of the Defense Intelligence Agency, the organization has been around since World War II, when it was part of the U.S. Army Surgeon General’s office. The article reports:

“At least 100 epidemiologists, virologists, chemical engineers, toxicologists, biologists and military medical expert — all schooled in intelligence trade craft — work at the medical intelligence unit, located at Fort Detrick in Frederick, Maryland. … Most of the information they study is public, called ‘open source’ material. A local newspaper in Africa might publish a story about an increasing number of people getting sick, and that raises a flag because there’s no mention of any such illness on the other side of the country. A doctor in the Middle East might post concerns about a virus on social media. But unlike organizations such as the WHO, the medical intelligence team, part of the Defense Intelligence Agency, also has access to classified intelligence collected by the 17 U.S. spy agencies. The medical unit can dig into signals intelligence and intercepts of communications collected by the National Security Agency. It can read information that CIA officers pick up in the field overseas. The National Geospatial-Intelligence Agency can share satellite imagery and terrain maps to help assess how a disease, like Ebola or avian flu, might spread through a population.”

The quality and availability of information varies by region. Countries with underdeveloped health systems may not compile good data, for example, while some governments cannot be trusted to admit how serious an epidemic is. In such cases, researchers rely more heavily on reports from the local level. The scientists analyze data from these many sources on infectious diseases, natural disasters, toxic materials, bioterrorism, and different countries’ preparedness for each type of threat. They regularly report their conclusions to military commanders, defense health officials, and policymakers. Constantly on the lookout for threats to our armed forces overseas and our citizens at home, these professionals should really be given the consideration they deserve.

Cynthia Murrell, April 29, 2020

Palantir to Help HHS Track Coronavirus

April 28, 2020

With Peter Theil’s ally in the Oval Office, Palantir Technologies’ fortunes have ballooned. Now, in addition to working with intelligence, military, and law enforcement agencies, the data-mining firm has contracted with the Department of Health and Human Services. The Daily Beast reports, “Team Trump Turns to Peter Theil’s Palantir to Track Virus.” Sources say the company will contribute a major aspect of the HHS Protect Now platform, perhaps even its core element. That element is rumored to be the existing Foundry data integration and management platform. The CDC has been using Foundry to track hospitals’ efforts to cope with the surge in COVID-19 patients.

Reporters Erin Banco and Spencer Ackerman write:

“The HHS Protect Now platform, which is set to be unveiled later this week, pulls data from across the federal government, state and local governments, healthcare facilities, and colleges, to help administration officials determine how to ‘mitigate and prevent spread’ of the coronavirus, according to a spokesperson for the department. HHS told The Daily Beast that the department was working with the Centers for Disease Control and Prevention (CDC) and the Federal Emergency Management System (FEMA) on scaling the HHS Protect Now project, which became operational on April 10. … HHS said it has 187 data sets integrated into the platform, with inputs that include hospital capacity and inventories, supply chain data from the government and industry, diagnostic and geographic testing data, demographic statistics, state policy actions, and coronavirus and flu-like emergency department data. The spokesperson also said HHS was relying on ‘private sector partner contributions of data.’”

The tool generate models to predict the spread of the disease as well as the impact of decisions by the administration’s task force, state governments, and local leaders.

Cynthia Murrell, April 28, 2020

A Russian System for Citizen Scanning

April 27, 2020

This may simply be propaganda, but it is interesting. Sputnik News tells us Russia is developing a new, frisk-less citizen search tool in its article, “Russian Engineers Working on Total Recall-Style Unobtrusive Screening System.” Under development at a subsidiary of defense contractor RTI Systems, the project should be completed by next year, we’re told. The tool would “discretely” scan people without having to stop them and use AI to recognize objects in real time. The article cites RTI’s Kirill Makarov as it relates:

“The scanning system is envisioned as a ten-meter corridor accommodating three inspection zones. Passing through these zones, a person can be examined remotely, with the computer determining what he or she is carrying or hiding. The system is expected to help authorities scan for carriers of illegal weapons, controlled substances, or other objects. According to the businessman, the institute tasked with creating the system is already in the process of receiving technical requirements from would-be customers, who see the complex’s unobtrusive nature and ability to work clandestinely as huge advantages. ‘At the moment such a thing is not being implemented anywhere else. Only Israel has something similar, but the low resolution with which they’re working does not allow for the use of neural networks for object recognition,’ Makarov boasted. Makarov also promised that between 85-90 percent of the system would be created using domestically-made components. As far as safety is concerned, the businessman pointed out that the complex will be based on non-ionizing radiation, making it safe for humans.

I suppose we’ll just have to take their word for that.

Cynthia Murrell, April 27, 2020

Apple and Google: Teaming Up for a Super Great Reason?

April 21, 2020

In a remarkable virtue signaling action, Apple and Google joined forces to deal with coronavirus. The approach is not the invention of a remedy, although both companies have dabbled in health. The mechanism is surveillance-centric in the view of DarkCyber.

Google Apple Contact Tracing (GACT): A Wolf in Sheep’s Clothes” provides an interesting opinion about the Google Apple Contact Tracing method. The idea seems to be that there are two wolves amongst the sheep. The sheep cooperate because that’s the nature of sheep. The wolves have the system, data, and methodology to make the sheep better. Are there other uses of the system? It is too soon to tell. But we can consider what the author asserts.

But the bigger picture is this: it creates a platform for contact tracing that works all across the globe for most modern smart phones (Android Marshmallow and up, and iOS 13 capable devices) across both OS platforms.

image

The write up states:

Whenever a user tests positive, the daily keys his or her devices used the last 14 days can be retrieved by the app through the GACT API, presumably only after an authorised request from the health authorities. How this exactly works, and in particular how a health authority gets authorised to sign such request or generate a valid confirmation code is not clear (yet). The assumption is that these keys are submitted to a central server set up by the contact tracing app. Other instances of the same app on other people’s phones are supposed to regularly poll this central server to see if new daily keys of phones of recently infected people have been uploaded. Another function in the GACT API allows the app to submit these daily keys to the operating system for analysis. The OS then uses these keys to derive all possible proximity identifiers from them, and compares each of these with the proximity identifiers it has stored in the database of identifiers recently received over Bluetooth. Whenever a match is found, the app is informed, and given the duration and time of contact (where the time may be rounded to daily intervals).

The author includes this observation about the procedure:

Google and Apple announced they intend to release the API’s in May and build this functionality into the underlying platforms in the months to follow. This means that at some point in time operating system updates (through Google Play Services updates in the case of Android) will contain the new contact tracing code, ensuring that all users of a modern iPhone or Android smartphone will be tracked as soon as they accept the OS update. (Again, to be clear: this happens already even if you decide not to install a contact tracing app!) It is unclear yet how consent is handled, whether there will be OS settings allowing one to switch on or off contact tracing, what the default will be.

The write up concludes with this statement:

We have to trust Apple and Google to diligently perform this strict vetting of apps, to resist any coercion by governments, and to withstand the temptation of commercial exploitation of the data under their control. Remember: the data is collected by the operating system, whether we have an app installed or not. This is an awful amount of trust….

DarkCyber formulated several observations:

  1. The system appears to be more accessible than existing specialized services now available to some authorities
  2. Apple’s and Google’s cooperation seems mature in terms of operational set up. When did work on this method begin?
  3. Systems operated by private companies on behalf of government agencies rely on existing legal and contractual methods to persist through time; that is, once funded or supported in a fungible manner, the programs operate in an increasingly seamless manner.

Worth monitoring this somewhat rapid and slightly interesting tag team duo defeat their opponent.,

Stephen E Arnold, April 21, 2020

Cookies and Fingerprints: You Will Be Monitored by Mom

April 15, 2020

Everywhere you go on the Internet, cookies are tracking your movements (even with a VPN). The technology is over a decade old and they range from tracking pixels, content tracker, cross-site tracking cookies, social trackers and browser finger-printing. The Next Web explains that browser fingerprinting is becoming more popular with advertisers in the article, “Digital Fingerprints Are The New Cookies-And Advertisers Want Yours.”

Digital Fingerprinting refers to a company generating a profile about your device’s characteristics. These can include everything from operating system down to browser settings. In other words, it is more like an anonymous barcode. Your identity is not attached to the digital fingerprint, but your data is for advertisers to send targeted ads.

Banks use digital fingerprinting as a security measure. Banking Web sites can identify the device you are on, but if they do not they ask security questions. Advertisers now want the technology to make more money. For users, it is more along the lines of capitalist Big Brother.

There are ways to turn off digital fingerprinting. Most of the tracking happens when you are on the Internet, so look through your browser settings and see if it has tracking protection. Even if you turn on tracking protection it does not entirely hide you:

“While “incognito mode” prevents your browser history from being recorded on your computer and prevents your spouse to spy on you, it does not prevent websites that you visit from collecting data about you and it does nothing to block fingerprinting. Similarly, clearing your browsing history on a regular basis, while a healthy thing to do, does not address fingerprinting either.

While ad blockers block ads from loading, not all ad blockers also block trackers, even less fingerprinters. Trackers can come attached to ads, but quite often they are not part of the ad delivery process itself. Social trackers, tracking pixels and fingerprinters for instance don’t need to piggyback on an ad to track your data.”

To avoid cookies, use a private connection, a good decent VPN, and browse in incognito mode. It does not work 100%, but it is better than capitalist Big Brother.

Whitney Grace, April 15, 2020

Startup Gretel Building Anonymized Data Platform

March 19, 2020

There is a lot of valuable but sensitive data out there that developers and engineers would love to get their innovative hands on, but it is difficult to impossible for them to access. Until now.

Enter Gretel, a startup working to anonymize confidential data. We learn about the upcoming platform from Inventiva’s article, “A Group of Ex-NSA And Amazon Engineers Are Building a ‘GitHub for Data’.” Co-founders Alex Watson, John Myers, Ali Golshan, and Laszlo Bock were inspired by the source code sharing platform GitHub. Reporter surbhi writes:

“Often, developers don’t need full access to a bank of user data — they just need a portion or a sample to work with. In many cases, developers could suffice with data that looks like real user data. … ‘We’re building right now software that enables developers to automatically check out an anonymized version of the data set,’ said Watson. This so-called ‘synthetic data’ is essentially artificial data that looks and works just like regular sensitive user data. Gretel uses machine learning to categorize the data — like names, addresses and other customer identifiers — and classify as many labels to the data as possible. Once that data is labeled, it can be applied access policies. Then, the platform applies differential privacy — a technique used to anonymize vast amounts of data — so that it’s no longer tied to customer information. ‘It’s an entirely fake data set that was generated by machine learning,’ said Watson.”

The founders are not the only ones who see the merit in this idea; so far, the startup has raised $3.5 million in seed funding. Gretel plans to charge users based on consumption, and the team hopes to make the platform available within the next six months.

Cynthia Murrell, March 19, 2020

Banjo: A How To for Procedures Once Kept Secret

March 13, 2020

DarkCyber wrote about BlueDot and its making reasonably clear what steps it takes to derive actionable intelligence from open source and some other types of data. Ten years ago, the processes implemented by BlueDot would have been shrouded in secrecy.

From Secrets to Commercial Systems

Secret and classified information seems to find its way into social media and the mainstream media. DarkCyber noted another example of a company utilizing some interesting methods written up in a free online publication.

DarkCyber can visualize old-school companies depending on sales to law enforcement and the intelligence community asking themselves, “What’s going on? How are commercial firms getting this know how? Why are how to and do it yourself travel guides to intelligence methods becoming so darned public?”

It puzzles DarkCyber as well.

Let’s take a look at the revelations in “Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media.” The write up explains:

  • A company called Pink Unicorn Labs created apps which obtained information from users. Users did not know their data were gathered, filtered, and cross correlated.
  • Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. The developer of the apps was Pink Unicorn. Banjo CEO Damien Patton created Pink Unicorn.
  • Why create apps that seemed to do one while performing data inhalation: “Dataminr received an investment from Twitter. Dataminr has access to the Twitter fire hose. Banjo, the write up says, “did not have that sort of data access.” The fix? Create apps that sucked data.
  • The apps obtained information from Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo.
  • The article points out: “Once users logged into the innocent looking apps via a social network OAuth provider, Banjo saved the login credentials, according to two former employees and an expert analysis of the apps performed by Kasra Rahjerdi, who has been an Android developer since the original Android project was launched. Banjo then scraped social media content.”
  • The write up explains, Banjo, via a deal with Utah, has access to the “state’s traffic, CCTV, and public safety cameras. Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time.”
Discussion

Why social media? On the surface and to most parents and casual users of Facebook, Twitter, and YouTube, there are quite a few cat posts. But via the magic of math, an analyst or a script can look for data which fills in missing information. The idea is to create a record of a person, leave blanks where desirable information is not yet plugged in, and then rely on software to spot the missing item. How is this accomplished? The idea is simple. One known fact appears in the profile and that fact appears in another unrelated item of content. Then the correlated item of content is scanned by a script and any information missing from the profile is plugged in. Using this method and content from different sources, a clever system can compile a dossier on an entity. Open source information yields numerous gems; for example, a cute name applied to a boy friend might become part of a person of interest’s Dark Web handle. Phone numbers, geographic information, friends, and links to other interesting content surface. Scripts work through available data. Data can be obtained in many ways. The methods are those which were shrouded in secrecy before the Internet started publishing essays revealing what some have called “tradecraft.”

Net Net

Banjo troubles DarkCyber on a number of levels:

  1. Secrecy has significant benefits. Secrets, once let loose, have interesting consequences.
  2. Users are unaware of the risks apps pose. Cluelessness is in some cases problematic.
  3. The “now” world looks more like an intelligence agency than a social construct.

Stephen E Arnold, March 13, 2020

Eliminalia: Reputation Management and Content Removal

March 12, 2020

One of our readers called our attention to a company called Eliminalia. This firm provides what DarkCyber considers reputation management services. The unique selling proposition for the firm is that it says that it can achieve results quickly. DarkCyber does not have a firm position on the value of reputation management firms. The organizations or individuals who want content removed may feel a compelling need to modify history or take content corrective actions. Because removing content rests in the hands of a third party, often a large indexing company, getting attention and action can be a challenging job. Europa Press asserts that 24 percent of people and businesses want to have data about them removed from “the Internet.” We took a quick look at our files and located some information. Here’s a summary of points we found interesting.

image

Plus, the firm asserts:

We are the first to guarantee the results or we will refund your money. We will give an answer to your doubts and needs. We will help you and advise you on a global level.

The firm adds:

We delete internet data and information and guarantee your right to be forgotten. Eliminalia is the leading company in the field which guarantees that the information that bothers and harms you is completely deleted from Internet search engines (Google, Bing, etc.), web portals, blogs..

The firm offers three videos on Vimeo. The most recent video is at https://vimeo.com/222670049 and includes this commentary:

Eliminalia is a renowned company with several world headquarters that protects online privacy and reputation of its customers, finding and removing negative contents from the Web.

There are several YouTube videos as well. These may be located at this link.

The company has offices in Brazil, Colombia, Ecuador, Italy, Mexico, Switzerland, and the United Kingdom.

image

Eliminalia offers a mobile app for iPhones and Android devices.

The firm’s Web site asserts:

  • 99% happy satisfied clients
  • 8260+ success stories
  • 3540 business clients.

The company states:

We delete your name from:

  • Mass media
  • State gazettes
  • Social media

The president of Eliminalia is Dídac Sánchez. The company was founded in 2013. Crunchbase lists the date of the company’s founding as 2011.

image

There is an interesting, but difficult to verify, article about the Eliminalia process in “Why Is William Hill a Corporate Partner of Alzheimer’s Society?” The assertions about Eliminalia appear toward the end of the WordPress post. These can be located by searching for the term “Eliminalia.” One interesting item in the write up is that the Eliminalia business allegedly shares an address with World Intelligence Ltd. It is also not clear if Eliminalia is headquartered in Manchester at 53 Fountain Street. Note: the William Hill article includes other names allegedly associated with the company.

DarkCyber believes the company focuses on selling its services in countries with data protection regulations. The firm has a strong Spanish flavor.

If you are interested in having content removed from the Internet, consider speaking with Eliminalia. DarkCyber believes that some content can be difficult to remove. Requests for removal can be submitted. Some sites have a “removal request button” like www.accessify.com. However, there may be backlogs, bureaucracy, and indifference to requests which may be interpreted as trivial or nuisance. Some of our information revealed quite interesting information about the firm. DarkCyber can prepare a more robust summary of the company, including information about the methods used to remove content from the Internet.

Stephen E Arnold, March 12, 2020

BOB: A Blockchain Phone

November 29, 2019

Remember the comment by some FBI officials about going dark. The darkness is now spreading. “Meet BOB, World’s First Modular Blockchain-Powered Smartphone” reports that a crypto currency centric phone may become more widely available.

The write up states:

BOB runs on Function X OS, which is an open-source operating system. As it uses the blockchain ecosystem, every task on the phone, be it sending texts, making calls, browsing the web, and file sharing, all happen on a decentralized network, making it highly encrypted and thus secure. Each unit of the BOB is a node that supports the entire Function X blockchain system.

DarkCyber thinks that Mr. Comey was anticipating these types of devices as well as thinking about Facebook’s encrypted message systems.

For more details, consult the TechRadar article.

One important point: The BOB has a headphone jack. Even those concerned about privacy and secrecy like their tunes.

Stephen E Arnold, November 29, 2019

Is Google Thinking about Turkeys?

November 27, 2019

Is Google actually fearful of an authoritarian government? Google is okay with firing people who do not go along. Google exerts considerable force. Is Google is a company driven by dollar signs? Is it possible that Google fears anything and anyone that threatens its net profit? The Register explains the cause of Google’s fear in “Google Takes Sole Stand on Privacy, Rejects New Rules For Fear Of ‘Authoritarian’ Review.”

Google, like any company from a capitalist society, is leery of any organization that wishes to restrain its power. Google recently blocked a new draft for he Privacy Interest Group (PING)’s charter. PING is a member of the W3C web standards body. Google blocked the new draft, because it creates an unchecked authoritarian review group and will create “significant unnecessary chaos in the development of the web platform.”

PING exists to enforce technical specifications that W3C issued to respect people’s Web privacy. W3C provides horizontal review, where members share suggestions with technical specifications authors to ensure they respect privacy. Ever since the middle of 2019, PING’s sixty-eight members have tried to rewrite its charter. The first draft was shared with 450 W3C members, one of which is Google, and only twenty-six members responded. Of the twenty-six members, Google was the only one that objected.

Google supports PING’s horizontal review, bit the search engine giant did not want to invest in the new charter without the group having more experience. There are not many differences between the charter drafts:

“‘The new charter is not dramatically different from the existing one, Doty said in an email. ‘It includes providing input and recommendations to other groups that set process, conduct reviews or approve the progression of standards and mentions looking at existing standards and not just new ones. I think those would all have been possible under the old charter (which I drafted originally); they’re just stated more explicitly in this draft. It includes a new co-chair from Brave, in addition to the existing co-chairs from the Internet Society and Google.’

Doty said he’s not surprised there would be discussion and disagreement about how to conduct horizontal spec reviews. ‘I am surprised that Google chose to formally object to the continued existence of this interest group as a way to communicate those differences,’ he said.”

Doty hopes that Google will invest in PING and Web privacy, but Google’s stance is more adversarial. Google and other tech companies are worried about their business models changing of cookies are blocked. Google does not want to lose the majority of its business, which comes from advertising through its search engine. Google might protect privacy, but only so far as it does not interfere with their bottom line.

Whitney Grace, November 27, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta