CyberOSINT banner

Palantir: Information Leaks from Secret Outfit?

May 24, 2016

I read “Palantir To Buy Up To $225 Million Of Stock From Employees.” I am not too interested in a company trying to provide cash to workers who have to buy food in Sillycon Valley. The main point of the write up from my vantage point in wide open Harrod’s Creek is that the source of the information is a memo. I assume that outfits providing certain government agencies with services some are not supposed to know about or talk about are water tight.

Guess not.

Here’s the passage I highlighted in “loose lips sink ships” red:

The so-called “liquidity event” will be held at a price of $7.40 per share, Palantir said in a memo to staff that was obtained by BuzzFeed News.

Yo, dudes, passive voice. How? Some color, please. Also, who exactly is leaking or hacking what? Was this an encrypted message, a clear text message on a password protected system? Was the message sent using a special “channel”, available to some government contractors.

Several questions fluttered through my mind this fine May morning:

  1. What is Palantir doing which allows memos to find their way into the outside world?
  2. What about the security for some of the projects which Palantir pursues for certain government agencies?
  3. If Palantir itself is leaking information into Sillycon Valley channels, what’s up with the firm’s management?
  4. Is governance an issue at Palantir post i2 and post HBGary?

I have a compendium of 100 pages of Palantir information I have compiled from open sources. I cannot recall an internal document in my collection of research. I may offer this round up of Palantirist factoids and opinion in a for fee Cliff’s Notes-type of PDF. Want a copy? Write, please.

What’s changed at Palantir Technologies, home of the Hobbits, keeper of the seeing stone. Perhaps the seeing stone cannot perceive security issues as well as some assert. The situation reminds me of my comments to the Google about the flow of information about its projects which found its way into open source channels. The Googler with whom I spoke seemed indifferent to the issue. I concluded, “Hey, that stuff does not happen to Google.”


Stephen E Arnold, May 24, 2016

Listen Up. Hear and Know Enables Information Access in an Innovative Way

May 18, 2016

Improbable as it sounds I found myself a short distance from the offices once housing the Exalead search company. Once I used Google Maps to find my way from Opéra to the Rue Royale where Exalead had its office. GPS did not do the job. Exalead was located next to a food shop behind intrepid Parisians who parked their Smart Cars, bicycles, and motos on the sidewalk.

On this trip to Paris I was going to learn about a company with technology that performed some GPS type functions without GPS.

In addition to tracking hardware and firmware, the company called Hear and Know has a database system which sends out emails and SMS alerts to inform the team tracking  an object of interest  exactly where that said object is in real time. Based on my concerns about the precision of GPS centric systems, I wanted to understand the Hear and Know approach. (Yes, “hear” refers to the company’s approach to capturing audio.)

Instead of search, the company Hear and Know developed systems and methods to have information flow directly to a person who needs to know who, what, where, and when events take place. This is practical, real time, and actionable information. None of that keyword search and fuzzy geo-location implementation.

Like Google, Exalead was anchored in the world of Alta Vista, Hotbot, and Lycos. A failure to recognized the impact of mobility, pervasive connectivity, and an insatiable appetite for gizmos or firmware that leapfrog the keyword approach locked the door on traditional search. At the same time, mobile and wireless kicked open the door to new ways of thinking about information. Here and now, real time, flows, and the potential of embedding smart technology in miniaturized components.

Times change.

On the dot, Jean Philippe Lelièvre, founder of Hear and Know, walked in the door of my so-so hotel not far from the Madeleine metro stop in Paris. M. Lelièvre sat down, ordered a Badoit, and reminded me that he and I had met at a conference in a country soon to be named “Czechia.

With my studied Kentucky suaveness, I asked: “What’s up?”

The answer was that Lelièvre’s company continues to attract customers from government sectors as well as commercial operations. Hear and Know works in the technical space described as “radio solutions for traceability and security.” Founded in 2012, Hear and Know tackled the problem of imprecise location of objects like cargo or persons of interest. GPS is okay for finding one’s way to Opéra from Madeleine to the Sorbonne. For many information tasks more precise geo-location coordinates are necessary. Examples range from tracking shipments of nuclear material, persons of interest, individual packages within containers, fire and rescue, and myriad other use cases. GPS is okay, just not as precise as many assume.

The company’s technology combines a miniature radio transmitter which fulfills requirements of traceability, geolocation, and secure data transmissions by authentication and encryption. The system transmits its ID. The “tag” allows the user to find the asset, the vehicle, the person or the package on which the miniaturized component is attached. The firm’s engineers have designed the device to perform other functions; for example, temperature, pressure, and audio. What makes the hardware interesting is that a Hear and Know device can function as what Lelièvre calls an “effector.” I interpreted the concept as making a Hear and Know device function as an “alarm” or a signaling device for another hardware or software system.

In addition to tracking hardware and firmware, the company called Hear and Know has a database system which sends out emails and SMS alerts to inform the team tracking  an object of interest  exactly where that said object is in real time. Based on my concerns about the precision of GPS centric systems, I wanted to understand the Hear and Know approach. (Yes, “hear” refers to the company’s approach to capturing audio.)

In my talk with Lelièvre we did not discuss military applications of the company’s technology. During my flight from Paris to Kentucky, I thought about the value of embedding Lelièvre’s devices into weapon systems. If those weapon systems find themselves “out of bounds,” the devices can activate a disabling mechanism of some type. A smart weapon that becomes stupid without the intervention of a human struck me as an application worth moving to a prototype.

Lelièvre described a use case in which Hear and Know’s radios are deployed for a person of interest. The locations and other details flow into the Hear and Know data center and allow an investigator to formulate a statement of fact along the lines:

John Doe was on MM/DD/2016 at HOUR:MINUTE at the address LATITUDE/LONGITUDE.

Another application is the use of the Hear and Know devices to monitor individuals with a medical condition; for example, people with Lyme disease allows the family to know the family member’s location and support them if help is needed.

These data can be displayed on a map in the same way Geofeedia presents tweets or Palantir shows the location of improvised explosive devices. The difference is that Hear and Know provides:

  • Nearly undetectable radio form factors
  • Adjustable transmission frequencies
  • Multi-month operational autonomy
  • Email and SMS alerts about location of tracked object or person.

Hear and Know has remarkable technology. At this time, the company is best known in Europe. It customers include:

  • Atos
  • BPIFrance
  • Esiglec
  • Mov’eo
  • Thales

US law enforcement, intelligence, and commercial enterprisers are wrestling with pinpoint tracking in real time. My view is that the Hear and Know technology might lead to some hefty revenue opportunities. The company has begun to probe the US market. In January 2016 , Hear and Know received a silver medal certificate for innovation at the January 2016 Consumer Electronic Show in Las Vegas.

Hear and Know will be participating in the Pioneers festival in Vienna May 23 to 25, 2016 and in the Connected Conference in Paris, May 25 to 27, 2016. This summer, their next step will be looking for partners and fundings in the US.

To contact Hear and Know, write

Stephen E Arnold, May 18, 2016

Google Moonshot Targets Disease Management, but Might Face Obstacle with Google Management Methods

May 17, 2016

The article on STAT titled Google’s Bold Bid to Transform Medicine Hits Turbulence Under a Divisive CEO explores Google management methods for one of its “moonshot” projects. Namely, the massive company has directed its considerable resources toward overhauling medicine. Verily Life Sciences is the three year-old startup with a mysterious mission and a controversial leader in Andrew Conrad. So far, roughly a dozen Verily players have abandoned the project.

“But “if they are getting off the roller coaster before it gets to the first dip,” something looks seriously wrong, said Rob Enderle, a technology analyst who has tracked Google since its inception. Those who depart well-financed startups usually forsake potential financial windfalls down the line, which further suggests that the people leaving Verily “are losing confidence in the leadership,” he said. No similar brain drain has occurred at Calico, another ambitious Google spinoff, which is focused on increasing the human lifespan.”

Given the scope of the Verily project, which Sergey Brin, Google co-founder, announced that he hoped would significantly change the way we identify, avoid, and handle illness, perhaps Conrad is cracking under the stress. He has maintained complete radio silence and rumors abound that his employees operate under threat of termination for speaking to a reporter.

Chelsea Kerwin, May 17, 2016

Sponsored by, publisher of the CyberOSINT monograph

Anonymous Hacks Turkish Cops

May 16, 2016

Anonymous has struck again, this time hacking  the Turkish General Directorate of Security (EGM) in its crusade against corruption. The International Business Times reports, “Anonymous: Hacker Unleashes 17.8 GB Trove of Data from a Turkish National Police Server.” It is believed that the hacker responsible is ROR[RG], who was also deemed responsible for last year’s Adult Friend Finder breach.  The MySQL-friendly files are now available for download at TheCthulhu website, which seems to be making a habit of posting hacked police data.

Why has Anonymous targeted Turkey? Reporter Jason Murdock writes:

“Anonymous has an established history with carrying out cyberattacks against Turkey. In 2015 the group, which is made up of a loose collection of hackers and hacktivists from across the globe, officially ‘declared war’ on the country. In a video statement, the collective accused Turkish President Recep Tayyip Erdo?an’s government of supporting the Islamic State (Isis), also known as Daesh.

“’Turkey is supporting Daesh by buying oil from them, and hospitalising their fighters,’ said a masked spokesperson at the time. ‘We won’t accept that Erdogan, the leader of Turkey, will help Isis any longer. If you don’t stop supporting Isis, we will continue attacking your internet […] stop this insanity now Turkey. Your fate is in your own hands.’”

We wonder how Turkey will respond to this breach, and what nuggets of troublesome information will be revealed. We are also curious to see what Anonymous does next; stay tuned.


Cynthia Murrell, May 16, 2016

Sponsored by, publisher of the CyberOSINT monograph



Facebook and Law Enforcement in Cahoots

May 13, 2016

Did you know that Facebook combs your content for criminal intent? American Intelligence Report reveals, “Facebook Monitors Your Private Messages and Photos for Criminal Activity, Reports them to Police.” Naturally, software is the first entity to scan content, using keywords and key phrases to flag items for human follow-up. Of particular interest are “loose” relationships. Reporter Kristan T. Harris writes:

Reuters’ interview with the security officer explains,  Facebook’s software focuses on conversations between members who have a loose relationship on the social network. For example, if two users aren’t friends, only recently became friends, have no mutual friends, interact with each other very little, have a significant age difference, and/or are located far from each other, the tool pays particular attention.

“The scanning program looks for certain phrases found in previously obtained chat records from criminals, including sexual predators (because of the Reuters story, we know of at least one alleged child predator who is being brought before the courts as a direct result of Facebook’s chat scanning). The relationship analysis and phrase material have to add up before a Facebook employee actually looks at communications and makes the final decision of whether to ping the authorities.

“’We’ve never wanted to set up an environment where we have employees looking at private communications, so it’s really important that we use technology that has a very low false-positive rate,’ Sullivan told Reuters.”

Uh-huh. So, one alleged predator  has been caught. We’re told potential murder suspects have also been identified this way, with one case awash in 62 pages of Facebook-based evidence. Justice is a good thing, but Harris notes that most people will be uncomfortable with the idea of Facebook monitoring their communications. She goes on to wonder where this will lead; will it eventually be applied to misdemeanors and even, perhaps, to “thought crimes”?

Users of any social media platform must understand that anything they post could eventually be seen by anyone. Privacy policies can be updated without notice, and changes can apply to old as well as new data. And, of course, hackers are always lurking about. I was once cautioned to imagine that anything I post online I might as well be shouting on a public street; that advice has served me well.


Cynthia Murrell, May 13, 2016

Sponsored by, publisher of the CyberOSINT monograph

Parts Unknown of Dark Web Revealed in Study

May 13, 2016

While the parts unknown of the internet is said to be populated by terrorists’ outreach and propaganda, research shows a different picture. Quartz reports on this in the article, The dark web is too slow and annoying for terrorists to even bother with, experts say. The research mentioned comes from Thomas Rid and Daniel Moore of the Department of War Studies at King’s College London. They found 140 extremist Tor hidden services; inaccessible or inactive services topped the list with 2,482 followed by 1,021 non-illicit services. As far as illicit services, those related to drugs far outnumbered extremism with 423. The write-up offers a few explanations for the lack of terrorists publishing on the Dark Web,

“So why aren’t jihadis taking advantage of running dark web sites? Rid and Moore don’t know for sure, but they guess that it’s for the same reason so few other people publish information on the dark web: It’s just too fiddly. “Hidden services are sometimes slow, and not as stable as you might hope. So ease of use is not as great as it could be. There are better alternatives,” Rid told Quartz. As a communications platform, a site on the dark web doesn’t do what jihadis need it to do very well. It won’t reach many new people compared to “curious Googling,” as the authors point out, limiting its utility as a propaganda tool. It’s not very good for internal communications either, because it’s slow and requires installing additional software to work on a mobile phone.”

This article provides fascinating research and interesting conclusions. However, we must add unreliable and insecure to the descriptors for why the Dark Web may not be suitable for such uses.


Megan Feil, May 13, 2016

Sponsored by, publisher of the CyberOSINT monograph


Amusing Mistake Illustrates Machine Translation Limits

May 12, 2016

Machine translation is not quite perfect yet, but we’ve been assured that it will be someday. That’s the upshot of Business Insider’s piece, “This Microsoft Exec’s Hilarious Presentation Fail Shows Why Computer Translation is so Difficult.” Writer Matt Weinberger relates an anecdote shared by Microsoft research head Peter Lee. The misstep occurred during a 2015 presentation, for which Lee set up Skype Translator to translate his words over the speakers into Mandarin as he went. Weinberger writes:

“Part of Lee’s speech involved a personal story of growing up in a ‘snowy town’ in upper Michigan. He noticed that most of the crowd was enraptured — except for a few native Chinese speakers in the crowd who couldn’t stop giggling. After the presentation, Lee says he asked one of those Chinese speakers the reason for the laughter. It turns out that ‘snowy town’ translates into ‘Snow White’s Town.’ Which seems innocent enough, except that it turns out that ‘Snow White’s town’ is actually Chinese slang for ‘a town where a prostitute lives,’ Lee says. Whoops.

“Lee says it wasn’t caught in the profanity filters because there weren’t actually any bad words in the phrase. But it’s the kind of regional flavor where a direct translation of the words can’t bring across the meaning.”

Whoops indeed. The article notes that another problem with Skype Translator is its penchant for completely disregarding non-word utterances, like “um” and “ahh,” that often carry necessary meaning.  We’re reminded, though, that these and other problems are expected to be ironed out within the next few years, according to Microsoft Research chief scientist Xuedong Huang. I wonder how many more amusing anecdotes will arise in the meantime.


Cynthia Murrell, May 12, 2016

Sponsored by, publisher of the CyberOSINT monograph


Penetration Testing Tool List

May 11, 2016

Want to avoid the effort of convincing a commercial penetration tool vendor to license you their gizmos? Want to understand how some questionable computer exploits work?

Navigate to BlackArch Linux and check out the list of tools in the table called Tools.

In my forthcoming Dark Web Cookbook, we provide some basic info about how you can turn your free time into a learning experience. One suggestion: Buy a used computer and dabble with some prophylactic methods in mind. Better yet, perhaps you should just remain in a cloud of unknowing?

Stephen E Arnold, May 11, 2016

DARPA Seeks Keys to Peace with High-Tech Social Science Research

May 11, 2016

Strife has plagued the human race since the beginning, but the Pentagon’s research arm thinks may be able to get to the root of the problem. Defense Systems informs us, “DARPA Looks to Tap Social Media, Big Data to Probe the Causes of Social Unrest.” Writer George Leopold explains:

“The Defense Advanced Research Projects Agency (DARPA) announced this week it is launching a social science research effort designed to probe what unifies individuals and what causes communities to break down into ‘a chaotic mix of disconnected individuals.’ The Next Generation Social Science (NGS2) program will seek to harness steadily advancing digital connections and emerging social and data science tools to identify ‘the primary drivers of social cooperation, instability and resilience.’

“Adam Russell, DARPA’s NGS2 program manager, said the effort also would address current research limitations such as the technical and logistical hurdles faced when studying large populations and ever-larger datasets. The project seeks to build on the ability to link thousands of diverse volunteers online in order to tackle social science problems with implications for U.S. national and economic security.”

The initiative aims to blend social science research with the hard sciences, including computer and data science. Virtual reality, Web-based gaming, and other large platforms will come into play. Researchers hope their findings will make it easier to study large and diverse populations. Funds from NGS2 will be used for the project, with emphases on predictive modeling, experimental structures, and boosting interpretation and reproducibility of results.

Will it be the Pentagon that finally finds the secret to world peace?


Cynthia Murrell, May 11, 2016

Sponsored by, publisher of the CyberOSINT monograph


The Office of Personnel Management Hack Is Very Bad

May 11, 2016

The US Office of Personnel Management (OPM) was hacked for more than a year before it was discovered in April 2015.  The personal information of 21 million current and former government employees was stolen, including their Social Security numbers and home addresses.  The hack does not seem that important, unless you were or are a government employee, but the Lawfare Blog explains differently in “Why The OPM Hack Is Far Worse Than You Imagine.”

The security breach is much worse than simple identity theft, because background checks were stolen as well.  It might seem that a background check is not that serious (so the hackers discovered a person got a speeding ticket?), but in reality these background checks were far more extensive than the usual as they were used for purposes of entering government mandated areas.  The security clearances included information about family, sexual behavior, and risk of foreign exploitation.  If that was not bad enough,

“Along with the aforementioned databases, the OPM systems are linked electronically to other agencies and databases, and it stored much of this data alongside the security clearance files. According to a 2007 White House report on OPM security clearance performance, checks of State Passport records and searches of military service records are now conducted electronically. According to this report, then, there are electronic linkages between the OPM Security Clearance files, Department of Defense service records, and State Department Passport records.”

OPM took measures to ensure future security, but they either expose whom the victims of the breach are and would allow private contractors access to sensitive data to mitigate future attacks.  OPM is not willing to acknowledge these deficiencies, but would rather continue to expose the victims (and future victims) to further danger.


Whitney Grace, May 11, 2016
Sponsored by, publisher of the CyberOSINT monograph

Next Page »