Factualities for August 21, 2019
August 21, 2019
Editorial note: Factualities will not appear in September and October 2019. Due to international travel and conference commitments, it will be able to post this summary each week. If significant “fact related” news surfaces and we have access to our publishing system, we will put the item in the daily DarkCyber posts. (The posts between September 10 and September 21, 2019, will be published automatically. Internet access in some of the areas from which the team will be operating may not be available.)
The craziness factor of some of the “facts” served up in the last seven days is keeping pace with the heat wave in the United States. Our factuality of the week is a stunner from ScienceAlert:
55.1. Hours per week a female performs housework when the male is the breadwinner. Here’s a table of the data “proving” women work harder than men.
Other “factualities” which caught our attention in the last seven days include these numerical wonderments:
10. Number of hours per day senior citizens in the US spend accessing and using their computing devices. Source: Economist
15. Percent of log in attempts which use compromised passwords. Source: IT Pro
20 percent. Percentage of California law makers identified as criminals by Amazon Rekognition facial recognition system. Source: Vice
45. The percentage increase in R&D spend by the Top 100 Chinese Internet companies. The spend amounts to 10 percent of the firms’ overall revenue. Source: ZDNet
278. The earnings of US CEO are 278 greater than the average workers’ compensation. Source: Common Dreams
9,088. Number of patents granted to IBM in 2018. (Note: Google obtained 2,597 in the same time period.) Source: PCMag
10,057. Number of pages in one person’s Facebook profile. Source: Slate
293,000. Number of products Amazon sent to a garbage dump in a nine month period. Source: Verge
$629,000. Amount the government of Columbia will fine Uber for obstructing a regulatory visit. Source: Reuters
1.2 million. The number of Dutch citizens who were victims of cyber crime in 2018. [Note: The population of the Netherlands is about 18 million.] Source: NLTimes
$2 million. Rumored amount WordPress’ parent paid Verizon for Tumblr. [Note: Yahoo paid more than $1.1 billion for Tumblr in 2013.]
24 million. Number of jobs which Apple is responsible. Source: Apple Insider
$5.2 million. Amount France spent for 30,000 square feet (0.6 kilometers) of solar road. The solar road project was cancelled because it did not stand up to traffic, leaves, and harsh weather. Source: Science Alert
$1.5 billion. Amount the Trump administration has paid Palantir Technologies for its surveillance system and services. Source: The Next Web
US$17.6 billion. Operating profit of the top 10 Korean conglomerates. One year ago the operating profit of this group was more than US$30 billion. Source: Korea Times
$400 billion. The value of Amazon’s cloud business. Source: Motley Fool
1.5 quintillion. The number of calculations per second the new HP Cray Shasta supercomputer can compute. (Notes: [a] 1.5 quintillion is 1.5 ExaFLOPs. [b] A quintillion is one billion billion operations per second, or 1,000,000,000,000,000,000. An iPhone X can perform only five trillion operations per second or 5,000,000,000,000, but the iPhone is smaller and consumes less energy.) Source: Tom’s Hardware
Stephen E Arnold, August 21, 2019
Amazonia for August 19, 2019
August 19, 2019
Editorial note: Amazonia will not appear in September and October 2019. Due to international travel and conference commitments, it will be able to post this summary each week. If significant Amazon news surfaces and we have access to our publishing system, we will put the item in the daily DarkCyber posts. (The posts between September 10 and September 21, 2019, will be published automatically. Internet access in some of the areas from which the team will be operating may not be available.)
News about Amazon continues to trend toward the happy face side of the spectrum. The flood of “new” and “improved” announcements from the Bezos bulldozer have slowed. With record heat indices, perhaps the giant orange behemoth has overheated and cooling off in a large Amazon warehouse filled with happy, happy Tweeters?
Management, Employees, Immigration, and Religion: A Volatile Mix
DarkCyber noted “Jews Protesting Amazon’s Business with ICE Arrested.” This passage captured the basics of the report:
40 Jews were arrested in New York Protesting Amazon. A protest of Amazon’s work with Immigration and Customs Enforcement (ICE) saw forty Jews arrested in New York City. Close to 700 people were pulled out in the previous week in the agency’s largest-ever raid. The activists rallied together to bring attention to Amazon’s cloud contracts with Palantir Technologies and ICE. Palantir Technologies gives ICE data which they make use of in enforcement actions as well as immigration raids.
The write up included this allegedly accurate factoid:
The protesters weren’t alone. They were joined by 50 other demonstrations which happened across the United States to highlight Tisha b’Av. Tisha b’Av is a Jewish day of mourning and was observed by Jews in the United States to oppose the immigration policy of the United States. The protests took place in many cities such as Washington D.C., Chicago, and Los Angeles.
If true, Amazon faces another staff management challenge. The mixture of religion and law enforcement is complex. DarkCyber will monitor the push back Amazon may be experiencing.
Happy Tweeters
The source of this “real news” is Bellingcat, an online “real news” outfit. We noted this story: “Amazon’s Online Bezos Brigade Unleashed on Twitter.” The thrust of the story is interesting because it reminded DarkCyber of methods employed by those who seek to manipulate the “augmenting” functions of certain social media channels.
The write up asserted:
Last year, Amazon rolled out a program where employees at these fulfillment centers (warehouses) are able to also work as brand ambassadors to describe their experiences working at Amazon. A number of media outlets reported on this new program last year after the first wave of Ambassadors sent out bizarre tweets promoting Amazon’s workplace conditions.
The acronym FC refers to an Amazon fulfillment center or warehouses. There have been allegations about the work environment in these facilities.
DarkCyber finds the report intriguing. If Amazon is manipulating some content streams, would other tech giants use similar tactics? What if search results on Bing, Google, or Yandex were shaped? What if Facebook were tweaking what content appears, where it appears, and when it appears?
DarkCyber has no answer to these questions. But the Amazon operation runs on efficiency and disintermediation, not raw innovation and invention. Therefore, it is possible that the fat bull’s eye of social media content streams may have caught an Amazon whiz kid’s attention.
There’s another approach to the topic in “There’s Something Fishy about Amazon’s FC Ambassadors.”
Amazon Capital One: No Problems
Cyberscoop reported that Amazon found no significant issues at other companies allegedly breached by Paige Thompson. The write up reports that Amazon said:
“As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall installed by Capital One, exacerbated by permissions set by Capital One that were likely broader than intended,” Stephen Schmidt, the chief information security officer for AWS, said in an Aug. 13 response to Wyden.
Paige Thompson once worked at Amazon. Amazon will be more proactive going forward. Amazon will “do more to ensure its anomaly detection services “more broadly adopted and accessible in every geographic region.” Otherwise, no problems.
Amazon Uses Old School Leveraging Methods: Vendors’ Choice
Amazon’s alleged vendor management tactics were the subject of “Amazon Offered Vendors ‘Amazon’s Choice’ Labels in Return for Ad Spending and Lower Prices.” The main point of the write up seems to be:
Amazon’s Choice label, which is a mark that denotes that an item is recommended, gives certain products and items higher and more obvious placement in search results. While it’s unclear how exactly the mark is earned, it’s been accepted that it’s generally a mix of product listing and specifications, price and reviews, operated by Amazon’s algorithms. But sources say that Amazon actually offered sellers the chance to bid on the mark back in 2017.
DarkCyber interprets this statement as the long way around a very small barn. The idea may be to use leverage to herd some products shepherds to a Bezos controlled happy valley. There are other terms which might be used to describe this approach. We prefer “leverage” to “strong arm” or “coercion.” If you are curious, the novel “Sophie’s Choice” is available for the Kindle for about $9, or you could buy it in hardcover for a low as $1.50. Look for the small blue price. Your choice.
Amazon: Price Controls for Some Sellers?
Modern Retail published “A Slippery Slope: Amazon Wants to Control Third Party Sellers Product Pricing.” The idea is that sellers in its third party marketplace submits a product to Amazon. Amazon’s smart software prices the product. The article states:
According to Amazon, SBA doesn’t cost anything additional to FBA, which charges sellers a fee to store and ship items from Amazon’s warehouses with Prime Shipping. With SBA, Amazon also exerts control over the product’s sale price, by dynamically pricing products to make sure Amazon’s prices are lowest.
Modern Retail notes:
But sellers should be wary when forfeiting control over any aspect of their business — and particularly pricing — to Amazon.
Slippery slope for whom? Amazon or its partners in the third party special category? The article sidesteps many questions. Hopefully investigators will be more persistent if Amazon’s use of its market position in an improper way becomes a matter of interest.
Amazon and Modern Marketing: Cheap Gasoline
“Cops Put a Stop to Amazon’s 30 Cent “Mrs. Maisel Gas Promo” reports that the lure of cheap fuel was indeed a marketing magnet. To promote an Amazon film, Amazon hit upon the idea of using an idea from the 1950s. DarkCyber learned:
Santa Monica police made Amazon suspend a one-day Marvelous Mrs. Maisel promotion that charged people 30 cents for gas at a station to reflect prices in 1959 (when the show is set) due to sheer demand. Apparently, the traffic snarls from lined up cars were so severe that law enforcement had no choice but to shut it down.
Any publicity is good publicity, particularly in the Los Angeles area.
The Lure of India
“Amazon Nears Deal for Up to 10% of India’s Second-Largest Retailer” explains that India is important to the Bezos bulldozer. The write up asserts:
Amazon.com Inc. is in late-stage talks to acquire as much as 10% of India’s Future Retail Ltd., people familiar with the negotiations said, as the U.S. company moves to bolster its brick-and-mortar presence in one of the world’s fastest-growing retail markets.
This is not a surprise. Amazon will follow the data to nation states where its approach to efficiency is likely to be welcomed. That’s the assumption.
Amazon Does Do Emotion. Not Its. Yours.
Amazon’s policeware capabilities continue to mature. The facial recognition subsystem has added emotion recognition to its capabilities. “AWS Adds Fear to Facial Recognition Repertoire, Draws Immediate Fire.” DarkCyber does not want to speculate about the use case for fear recognition. The write up is fearless and reports:
The public cloud behemoth has also improved accuracy for emotion detection of the other seven emotions it recognizes. These are “happy”, “sad”, “angry”, “surprised”, “disgusted”, “calm”, and “confused. It has also improved age range estimation accuracy.
DarkCyber anticipates more public announcements about the features and functionality of the SageMaker linked facial recognition subsystem; for example, how could age recognition integrate with surveillance of bars and dance clubs?
Amazon Donates Returns
“Amazon Will Now Donate Unsold Merchandize by Default Instead of Trashing It” explains that “will donate unwanted products from third-party Marketplace sellers instead of sending them to the garbage dump.” The new program is Fulfilled by Amazon Donations. The write up included this statement:
The goal is to reduce waste and to allow sellers a more environmental friendly and cheaper way to get rid of unsold inventory. Prior to the new program, Amazon charged 35 cents less, or just 15 cents per unit, to dispose of a product rather than donate it.
The article did not comment on the tax upside or downside of the donation program. DarkCyber thinks this may be of interest to some Amazon observers.
Amazon and Publishing: Is a Takeover Underway?
“The Amazon Publishing Juggernaut” explains that Amazon may take over traditional publishing. The idea is not a new one. Here’s a summary of where Amazon is in the once chummy world of publishing:
As Amazon Studios does with movies, Amazon Publishing feeds the content pipelines created by the tech giant’s online storefront and Amazon Prime membership program. At its most extreme, Amazon Publishing is a triumph of vertical engineering: If a reader buys one of its titles on a Kindle, Amazon receives a cut both as publisher and as bookseller—not to mention whatever markup it made on the device in the first place, as well as the amortized value of having created more content to draw people into its various book-subscription offerings. (One literary agent summed it up succinctly to The Wall Street Journal in January: “They aren’t gaming the system. They own the system.”)
The idea that Amazon would take over “publishing” is interesting, but once the hot properties are skimmed, what’s left in what has been for many firms a low margin business reduced to begging for dollars, pay walls, and ads which obscure the “real news”?
Amazon Police Interaction: Ring, Ring
“Ring Rewarded Users for Reporting Suspicious Activities” provides more allegedly accurate information about Amazon’s burgeoning policeware business. The article states that Amazon
encouraged users to form Watch teams and to post videos on social media to receive promo codes for future devices. It also promised free swag to anyone who recruits 10 new users and to those who blog about Ring “in a positive way,” as well as 50 percent discounts on Ring products to those who can solve a crime with the help of local cops.
More information may be available at this link. Note: Content may be removed and/or a paywall may be in place. DarkCyber does not update links to keep pace with the fluid, uncertain world of free content from “real news” source.
Amazon and Blockchain
DarkCyber noted FXStreet’s article “Amazon Web Services (AWS) CloudFormation Will Be Integrated with the Firm’s Managed Blockchain.” Amazon has indicated that some of its services can perform deanonymization. The article does not address that interesting facet of Amazon’s blockchain activities. Instead the write up focuses on the fact that:
AWS, the firm’s cloud computing division, is going to be supporting Amazon’s blockchain in the management and structuring of all its interconnected networks and member nodes.
Important? Yep.
AWS Fargate Close Analysis
Curious about AWS Fargate? If so, you will want to read “How Far Out Is Fargate?”
The key phrase in the write up is “clusterless container orchestration,” which strikes DarkCyber as a useful way to think of this feature/service/function.
Amazon describes Fargate this way:
AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. AWS Fargate removes the need for you to interact with or think about servers or clusters. Fargate lets you focus on designing and building your applications instead of managing the infrastructure that runs them.
The article contains a brief comparison of Fargate and Kubernetes and Fargate and Lambda. Good write up.
A related story is “Basecamp’s Cofounder Explains Why It Ditched Google Cloud for Amazon this summer. Note: you will have to pay to read this rah rah article about Amazon. In a nutshell, risk. Amazon is not cheaper and it is not without its own risks. But Basecamp is willing to deal with more complexity. Logical? The argument did not stop one DarkCyber researcher from asking, “Did Amazon cut this outfit a sweetheart deal to get a PR type article published?” We don’t know, but it seems plausible.
Partners/Integrators/Consultants
Amazon’s third party business relationships continue to bloom despite the blistering heat in the Lower 48. Here’s a selection of outfits involved with Amazon. Many of these sport extremely creative names:
AutoGrid. The company offers flexibility management software for the energy industry. The company now collaborates with Amazon Web Services (AWS) to bring artificial intelligence-powered distributed energy management to its energy-industry customers. Source: Yahoo
Center for Internet Security. Amazon has a security partner. Apparently Amazon is eager to do more security in the wake of some interesting developments. This particular service is call ATO on AWS. Does anyone remember the Capital One breach? Well, there may be 29 others after the handiwork of a former AWS professional. Source: MarketWatch
CloudHesive. CloudHesive has achieved Premier Consulting Partner status in the Amazon Web Services (AWS) Partner Network (APN). Source: Yahoo
Elastic. Remember the idea that Amazon would bulldoze Elasticsearch. Now Elastic is offering Elasticsearch on AWS in London. Source: Yahoo
Globe and Mail. The publishing company has adopted Amazon’s SageMaker and related service to promote its content. Source: SiliconAngle
Kickdynamic. This company will use TigerGraph on Amazon Web Services (AWS) Cloud to deliver hyper personalized marketing. Does this meaning user tracking? Maybe, and it means that TigerGraph is an Amazon customer. Source: MarketWatch
Rapid7. The company has increased its involvement with Amazon AWS. The company’s growth has come from products, many of which run on AWS. The firm’s consulting revenues declined. Source: Seeking Alpha
Stephen E Arnold, August 19, 2019
Factualities for August 14, 2019
August 14, 2019
Kick back at the beach, grab a pen, and craft some numbers.
The number of the week is:
3. The rank of medical error as a cause of death in the US. Source: Science Alert
Other notable confections, examples of sleeping in Statistics 101, and the deliria from spreadsheet fever are:
40. Number of Windows drivers which contain privilege of escalation vulnerabilities. Source: Neowin
60. The percent increase in fraud attacks on the food and beverage market. Source: Restaurant Technology
74. Percent of digital transactions handled by Amazon. Source: Search Engine Watch
90. Percentage of startups which fail. Source: Inventiva
200. The percentage increase in destructive malware attacks since January 2019. Source Silicon Angle from IBM
$880. Amount Verizon charged a library for less than 500 megabytes of “roaming” data. Source: ArsTechnica
10,000. Number of medical records lost by the New York Fire Department. Source: Engadget
42,000. Number of fake soldiers receiving pay in Afghanistan. These fakes are called “ghost soldiers.” Source: Military.com
$1 million. Amount Apple with pay for a specific iPhone exploit. Source: Digital Trends
$1.05 million. Amount the US Department of Energy has allocated to a blockchain energy management program. Source: Coin Telegraph
$3 million. Amount Facebook has allegedly promised specific publishers news to participate in a Facebook “news” service. Source: Apple Insider
$8.6 million. Amount Cisco Systems paid as a fine because its security product did not secure. Source: TechDirt
$1.5 billion. Palantir’s government contracts. Source: BizJournals from Lantinx (Note: Paywalls used to protect this high value data about a privately held company doing business related to some low profile work.)
$2 billion. The amount North Korea allegedly stole from cyber crime victims in order to pay for weapons. Source: Computing
$4.25 billion. Amount Apple spent on research and development in the June 2019 quarter1. Source: Apple Insider
$5.24 billion. Uber’s loss in a single 90 day period. In case you are wondering, that works out to more than $50 million per day. Source: MarketWatch
$16 billion. That’s the size of the blockchain solution market in 2023, a mere four years in the future. Evidence? Nope. Source: Crypto browser.io
20 billion. The number of data events Badoo handles each day. Yep, Badoo, not Baido. Evidence: Nah. Source: Infoq
Stephen E Arnold, August 12, 2019
LucidWorks: Another $100 Million
August 14, 2019
LucidWorks is an open source “search” play built on Solr. The company is fighting a battle with Elastic. Both companies are likely to face increased pressure from newcomers like Algolia and from the relentless Amazon AWS search system.
According to Crunchbase:
AI-powered search venture Lucidworks has raised $100 million from Francisco Partners and TPG Sixth Street Partners, the company announced today (first reported by Fortune’s Term Sheet).
What’s interesting is that Crunchbase did some math and stated:
The funding amounts to nearly as much (a combined $109 million) as the twelve-year-old company has raised since it was founded in 2007, according to Crunchbase data. Its last raise took place in May 2018 – a $50 million Series E led by Top Tier Capital Partners. So this round is precisely double its last raise.
A free profile of the LucidWorks system is available at www.xenky.com/vendor-profiles.
How different is today’s Lucid from the system available seven or eight years ago? The publicity and marketing collateral generated by the company suggests that artificial intelligence is the core of the “new” LucidWorks.
The question is, “What type of financial payoff is necessary to deliver an upside for those investors who have provided money to the company?”
With investors expecting a dump truck of money, LucidWorks will have to:
- Grow its revenue well beyond “search successes” like Endeca to warrant a big buy out. But Endeca hit a wall at about $100 million in revenue before Oracle bought out the company for an alleged $1 billion. Where is Endeca now?
- Go an an acquisition spree to increase revenues and groom itself for an Autonomy type deal. Autonomy’s $700 million in revenue fetched $11 billion when the well managed Hewlett Packard snapped up the company.
- Revolutionize something, sign up partners, resellers, and licensees, and push for an initial public offering.
The odds are that LucidWorks, which was founded in 2007, has been laboring to achieve success for 12 years. That effort has now required $209 million.
Unlike Palantir, which is essentially a search and retrieval system, LucidWorks lacks the stealth, sparkle, and cachet of its Palo Alto neighbor. Search and retrieval remains a market niche with has a reputation for generating pivots, repositionings, and massive financial shocks. Will LucidWorks follow the Convera trajectory which carried Allen & Co. into a storm?
LucidWorks has to distinguish itself as more than a cash burning machine, and that is getting more difficult, not easier, carrying the color flag which says, “Artificial intelligence.” The AI parade is choked with similar banners. Maybe AI is the secret sauce that will jump start search vendors struggling for revenue and “smart money” investors?
Stephen E Arnold, August 14, 2019
DarkCyber for August 6, 2019, Now Available
August 6, 2019
DarkCyber for August 6, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/351872293. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
DarkCyber (August 6, 2019) explores reports about four high-profile leaks of confidential or secret information. Each “leak” has unique attributes, and some leaks may be nothing more than attempts to generate publicity, cause embarrassment to a firm, or a clever repurposing of publicly available but little known information. Lockheed Martin made available in a blog about automobiles data related to its innovative propulsion system. The fusion approach is better suited to military applications. The audience for the “leak” may be US government officials. The second leak explains that the breach of a Russian contractor providing technical services to the Russian government may be politically-motivated. The information could be part of an effort to criticize Vladimir Putin. The third example is the disclosure of “secret” Palantir Technologies’ documents. This information may create friction for the rumored Palantir INITIAL PUBLIC OFFERING. The final secret is the startling but unverified assertion that the NSO Group, an Israeli cyber security firm, can compromise the security of major cloud providers like Amazon and Apple, among others. The DarkCyber conclusion from this spate of “leak” stories is that the motivations for each leak are different. In short, leaking secrets may be political, personal, or just marketing.
Other stories in this week’s DarkCyber include:
A report about Kazakhstan stepped up surveillance activities. Monitoring of mobile devices in underway in the capital city. DarkCyber reports that the system may be deployed to other Kazakh cities. The approach appears to be influenced by China’s methods; namely, installing malware on mobile devices and manipulating Internet routing.
DarkCyber explains that F Secure offers a free service to individuals who want to know about their personal information. The Data Discovery Portal makes it possible for a person to plug in an email. The system will then display some of the personal information major online services have in their database about that person.
DarkCyber’s final story points out that online drug merchants are using old-school identity verification methods. With postal services intercepting a larger number of drug packages sent via the mail, physical hand offs of the contraband are necessary. The method used relies on the serial number on currency. When the recipient provides the number, the “drug mule” verifies that number on a printed bank note.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
Kenny Toth, August 6, 2019
DarkCyber for July 30, 2019, Now Available
July 30, 2019
DarkCyber for July 30, 2019, is now available at www.arnoldit.com/wordpress and on Vimeo at https://www.vimeo.com/350567599. The program is a production of Stephen E Arnold. It is the only weekly video news shows focusing on the Dark Web, cybercrime, and lesser known Internet services.
DarkCyber (July 30, 2019) explores China’s aggressive method of dealing with encrypted messaging; Perceptics’ data breach and its consequences; a way to determine email links to other online services; and Palantir’s secret Gotham information exposed.
This week’s lead story concerns Palantir Technologies, a vendor of search and analytic tools for analysts. Founded in 2003, Palantir has draped a cloak of secrecy over one of its flagship products, now more than 16 years’ old. The information about the “secret” document appeared in Vice, an online information service. For those unfamiliar with investigative software, the revelations were of interest to some individuals. Vice’s public records request yielded a user manual written for police with access to the Palantir Gotham “intelware” system. The manual—described as secret and confidential—provides step-by-step instructions for performing certain investigative tasks; for example, how to obtain a profile of a person of interest, how to obtain information about a vehicle, and similar basic investigative questions.
Other stories in the July 23, 2019, program are:
First, China has introduced a very direct method of obtaining access to content on mobile phones and tablets. Citizens and allegedly some visitors have to install software from Xiamen Meiya Pico Information Company. The MFSocket software provides access to images, audio files, location data, call logs, messages, and the phone’s calendar and contacts, including those used in the messaging app Telegram. It is possible that the Meiya Pico organization has a cooperative relationship with the Chinese government. The company allegedly has 40 percent of the Chinese digital forensics market.
Second, a Web service named Deseat.me provides a useful service. Few people know what Web sites and Web services are linked to a person’s email address. Deseat.me makes locating this information easy. The service, at this time, is offered without charge. DarkCyber points out that many modern policeware systems offer a similar functionality for any email address. Deseat, along with a small number of similar services, makes the process of locating these linked sites and services easy and quick.
Finally, Perceptics, a company best known for its license plate identification system, suffered a security breach. Among the items of information compromised were US government data and a range of Perceptics’ proprietary data. The information allegedly included data related to recent border activities, a contentious issue in the United States. Perceptics may find that making sales to the US government more difficult. A loss of contracts would adversely impact the company’s revenue. A larger issue is that the security measures implemented by a company engaged in cyber services failed to deploy systems which guarded high-value data. The cost of a data breach can be high and create a public relations challenge for organizations more comfortable operating in a low-profile way.
DarkCyber videos appears each week through the September 30, 2019. A new series of videos will begin on November 1, 2019. Programs are available on Vimeo.com and YouTube.com.
Kenny Toth, July 30, 2019
NSO: More PR Excitement, Facts, or Bloomberg Style Reporting?
July 20, 2019
I read the Financial Times’ write up about NSO Group. The title is a show stopper: “Israeli Group’s Spyware Offers Keys to Big Tech’s Cloud.” (Note: You may have to pay money to view the orange newspaper’s online “real” news write up.
There’s a diagram:
There’s a reminder that NSO is owned by an outfit called “Q Cyber.” There’s information contained in a “pitch document.” There’s a quote from Citizen Lab, a watchdog outfit on cyber intelligence firms and other interesting topics.
What’s missing?
- Information from a Q Cyber or NSO professional. A quote or two would be good.
- Statements from an entity which has used the method and obtained the desired results; for example, high value intel, a person of interest neutralized, the interruption of an industrialized crime operation, or something similar
- Scanned images of documents similar to the Palantir Gotham how to recently exposed by Vice, a zippy new news outfit.
Think about the PR problem the revelations create: NSO gets another whack on the nose.
Think about the upside: Visibility and in the Financial Times no less. (Does NSO need more visibility and semantic connections to Amazon, Apple, or any other “in the barrel” high tech outfit?)
Outfits engaged in cyber intelligence follow some unwritten rules of the road:
First, these outfits are not chatty people. Even at a classified conference where almost everyone knows everyone else, there’s not much in the way of sales tactics associated with used car dealers.
Second, documentation, particularly PowerPoints or PDFs of presentations, are not handed out like chocolate drops for booth attendees who looked semi alert during a run through of a feature or service. Why not whip out a mobile device with a camera and snap some of the slides from the presentation materials or marketing collateral? The graphic is redrawn and quite unlike the diagrams used by NSO type cyber intel outfits. Most trained intelligence professionals are not into “nifty graphics.”
Third, cyber intel companies are not into the media. There are conference organizers who snap at people who once worked as a journalist and made the mistake of telling someone that “before I joined company X, I worked at the ABC newspaper.” Hot stuff New York Times’ stringers are stopped by security guards or police before getting near the actual conference venue. Don’t believe me. Well, try to gate crash the upcoming geo spatial conference in Washington, DC, and let me know how this works out for you.
Fourth, why is NSO acting in a manner so different from the other Israel-influenced cyber intelligence firms? Is Voyager Labs leaking details of its analytic and workflow technology? What about Sixgill’s system for Dark Web content analysis? What’s Webhose.io doing with its content and expanding software suite? What’s Verint, a public company, rolling out next quarter? NSO is behaving differently, and that is an item of interest, worthy of some research, investigation, and analysis.
For the established cyber intel firms like NSO, assertions are not exactly what sells licenses or make BAE Systems, IBM, or Raytheon fear that their licensees will terminate their contracts. How many “customers” for NSO type systems are there? (If you said a couple of hundred, you are getting close to the bull’s eye.) Does publicity sell law enforcement, security, and intelligence systems? Search engine optimization specialists are loco if they think cyber intel firms want to be on the first page of a Google results page.
Consider this series of bound phrases:
Cat’s paw. Bloomberg methods. Buzzfeed and Vice envy. A desire to sell papers. Loss of experienced editors. Journalists who confuse marketing with functioning software?
These are the ideas the DarkCyber team suggested as topics an investigator could explore. Will anyone do this? Unlikely. Too arcane. Too different from what problems multiple systems operating on a global scale present for one method to work. Five Eyes’ partners struggle with WhatsApp and Telegram messages. “Everything” in Amazon or Apple? Really?
Net net: Great assertion. How about something more?
Stephen E Arnold, July 20, 2019
Is Google Aiding the Chinese Government?
July 17, 2019
DarkCyber does not know if Google is aiding the Chinese government. Axios published this story — “Peter Thiel says FBI, CIA should probe Google” — which seems to suggest that the fun loving Googlers are up to something. Here’s the segment of the write up which we circled in red:
“Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI?
“Number two, does Google’s senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?
“Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military… because they are making the sort of bad, short-term rationalistic [decision] that if the technology doesn’t go out the front door, it gets stolen out the backdoor anyway?”
These appear to be allegations wrapped in a question bundle. Who can get upset with a few questions?
One thing is certain: Google needs big, new revenue to keep the system rolling. With costs of infrastructure skyrocketing, Google has to generate revenue or face the unpleasant task of curtailing spending. Add to the mix the Bezos bulldozer; that is, the system which gets people to pay for the Amazon plumbing as the company expands its online advertising, policeware, and services businesses. Facebook — despite its self inflicted wounds — continues to push forward. Libra, the proposed digital currency for the country of Facebook, seems more innovative than Google’s new social media meet up service.
Who can answer the Peter Thiel questions? Perhaps Palantir Gotham armed with the “right” data? Will Google trip on its shoelaces?
Stephen E Arnold, July 17, 2019
Amazonia for July 15, 2019
July 15, 2019
The Amazon displacement effect appears to be gaining momentum. Here’s a selection of Bezos bulldozer actions for the past week. DarkCyber has included a handful of items that took place outside this review window, but holidays can perturb in unexpected ways.
Amazon: Disinformation or Dissing the Competition?
A quite interesting article appeared in the Brisbane Times. The title caught my attention: “Former Amazon Scientist Pokes Holes in Data Collection at Brisbane Summit.” DarkCyber noted these quotes and statements in the write up:
- …People in poorer economic areas may not drive, so might not see potholes as a problem, or they were less likely to be connected online, so were less likely to report them. DarkCyber note: This means that the data will mis-report potholes. In short, the data leads to uninformed decisions.
- …Organizations should be transparent about how they used private data, and that citizens should be able to see their own data within the organization…The “right to inspect the refinery”, he said, was another right – that any person must be able to see and observe how organizations were using their data.” DarkCyber note: Amazon seems to preserve and use Alexa data, but that information is not revealed to customers of the Alexa devices.
Note that the speaker is a “former” Amazon scientist.
Employment Developments: Efficiency and Beyond
A report which appeared on July 8, 2019, suggested that Amazon workers will strike on Prime Day. That is a Monday, the same day this Amazonia news run down appears. Alas, we can’t update before this goes live on Prime Day. The origin of this story appears to be Engadget which pegs the action in Minnesota. If false, Amazon has dodged a problem. If it is true, disgruntled Amazon low tier workers may become more bold. What happened in the Middle Ages when those lower down the Great Chain of Being were unhappy? I don’t remember. Perhaps Amazon will have a book about these historical antecedents.
“Amazon Finds an Alternative Workforce Through Northwest Center, a Seattle Nonprofit Helping People with Disabilities” explains another Amazon management approach to staffing. The title explains the tactic.
Another tactic is the use of home workers for customer service roles. These employees receive some benefits. For details see “Amazon Is Hiring 3,000 Work-from-Home Employees with Full Benefits.”
Amazon will retrain its workers. Automation is coming and with it, many jobs will be crushed under the Bezos bulldozer. The New York Times explains the $700 million “retraining” effort but does not reference similar initiatives in Stalinist soviets.
ZDNet contributes the notion of a protest about upskilling. ZDNet reported:
Amazon’s announcement comes amid an Amazon Web Services conference in New York where CTO Werner Vogels was interrupted by protesters. Chants, which revolved around AWS providing technology to the US government, repeatedly picked up as Vogels talked early in his keynote. Vogels, flustered a smidge but rolling with it, said: “I’m more than willing to have a conversation, but maybe they should let me finish first.” AWS’ New York Summit had a similar issue last year, but the 2019 version was more persistent. On AWS’ live stream the protester audio was muted. “We’ll all get our voices heard,” said Vogels.
Does the Bezos bulldozer listen to humans directly or just through Alexa devices? DarkCyber does not know the answer.
Business Insider reveals that Amazon employees want the online bookstore to take a stand against the US government’s enforcement of immigration law. These individuals may not realize that Amazon facial recognition technology may be able to identify them.
Build a Serverless Architecture with AWS
A how to, diagrams, and step by step instructions. Navigate to Hypertrack and learn how “awesome” serverless is. The write up includes suggestions for specific AWS functions to include.
AWS Control Tower Available
I bet you didn’t know that Amazon AWS had a control tower. DarkCyber did not. Satellites, yes. Control towers? Sure, but these are a service automating “the process of setting up a new baseline multi account AWS environment.” InfoQ explains:
With Control Tower, a cloud administrator has a tool, which automates various tasks involving the initial setup of a new AWS environment such as identity and access management, centralized logging, and security audits across accounts. Furthermore, the service consists of several components, including:
- A Landing Zone – the multi-account AWS environment the tool sets up
- Blueprints – design patterns used to establish the Landing Zone
- A set of default policy controls known as Guardrails
- The Environment – an AWS account with all of the attendant resources set up to run an application.
Amazon QLDB
Jerry Hargrove published a useful diagram. Yes, we know it is small, but you can get a larger one and more from the link:
A link to the QLDB is included in the source.
Amazon Offers Centralized and Decentralized Blockchain Services
Most of the people with whom DarkCyber speaks are not aware of Amazon’s digital currency and blockchain services. We noted that Forbes, the capitalist tool, has noticed some blockchain capabilities available from Amazon. We noted:
AWS announced the preview for both of these models, centralized and decentralized, in late November of 2018, according to a press release. At the time of the July 3, 2019 interview with me, Pathak noted, “Quantum Ledger Database, QLDB, is still in preview,” while “Amazon Managed Blockchain went into General Availability at the end of April.” While in preview, customers can gain free access to these projects by filling out a form and signing up, an AWS representative clarified via email. When released for General Availability, anyone can use them.
Timely coverage.
Amazon Emotion Detection
Detecting a person’s emotions can be useful. Examples range from an insurance company’s identifying an insured driver evidencing signs of impending “rage” behavior to an Amazon DeepLens camera identifying an individual becoming increasingly problematic in a restaurant, night club, or sporting event. “Amazon May be Developing a Wearable That Detects Human Emotions” discusses this innovation. DarkCyber wonders if the technology has already been implemented in other Amazon devices; for example, the Alexa home gizmos. Could security and government authorities find this type of data-generating technology useful? DarkCyber thinks this is an interesting question.
DeepLens Now Available in Europe
DarkCyber covers the imaging devices in its Dark Web Version 2 lecture. We want to note The Register’s article “AWS’s Upgraded DeepLens AI Camera Zooms in on Europe” states:
The product is the result of work between AWS and Intel. DeepLens’s hardware consists of a mini PC running Ubuntu 16.4 LTS (Long Term Servicing) upon which is mounted an HD camera.
We noted:
The advantage of DeepLens is that it is ready to go, presuming you want to use AWS for your ML project. The pre-installed software includes AWS IoT Greengrass, which does local processing of IoT data such as the stream of images from your DeepLens camera.
This comment warranted a checkmark:
AWS has its own forthcoming Inferentia project, custom hardware for processing all the common ML frameworks, but currently it seems Google Cloud Platform has an advantage for TensorFlow.
Amazon Neighborhood Watch
A viewer of the DarkCyber Video news program questioned our assertion that Amazon was monitoring with humans, not just DeepLens and other zippy technology. Here’s a no cost source of information: “Amazon’s Neighborhood Watch App Raises Discrimination, Privacy Fears.” The problem is, of course, is that people cannot track Amazon’s activities nor do most professionals want to exert that effort. Hey, those meetings are important and there’s yoga and the off site. The write up points out:
Advocates and experts are worried that an Amazon-owned mobile app, used by owners of its Ring security cameras to upload videos for neighbors to see, could entrench racial discrimination and violate people’s privacy.
Why it matters: The app, called Neighbors, is striking deals to partner with police departments across the country.
Driving the news: Last week, journalists on Twitter noticed Ring was hiring an editor — prompting concerns that Amazon was stoking community fears to sell security systems. (Amazon bought the company last year.)
How it works: People with and without Ring cameras can download the Neighbors app. It features a feed where users can post videos and photos from their cameras, file reports of activity they think is suspicious and read crime reports from the app’s “News Team.”
Poke around online and other bits and pieces of information will surface. If you are lucky, you may get to meet Teresa Carlson, a former Microsoftie who is now Amazon’s VP of the Worldwide Public Sector. (This means government work.)
Amazon Brands
Trust Amazon?
Nope. “There’s No Reason to Trust Amazon’s Choice.” The idea is that Amazon recommends its own products. Do consumers know which products are really Amazon’s? No. The write up states:
Amazon’s typical statement on the matter is this: “Amazon’s Choice is just our recommendation, and customers can always ask for specific brands or products if they choose.” But Amazon’s recommendation doesn’t mean much if the recommendation engine is getting fooled.
Typical? Nope, standard operating procedure.
Furthermore, the article “These Are All the Businesses You Never Knew Were Owned by Amazon” was a heroic effort by a shopaholic. Among the gems in the list were these five brands with names DarkCyber found suggestive:
- 206 Collective (Was a variant of this in use in Stalinist stores?)
- Coastal Blue (Similar to the code name for the first stealth aircraft, “Have Blue”)
- Core 10 (a phrase similar to those in use in the nuclear industry)
- The Fix (slang for a rigged event or a drug injection)
- Mint Lilac (a code name similar to those used by SAS operatives).
Amazon Acquisitions
Business Insider (which may or may not beg for your email or demand cash to view the article) compiled from open sources of information a list of Amazon acquisitions. These lists are usually incomplete because the researchers typically exclude partial investments, stakes held by individuals who employed by Amazon, and clever deals in which services are exchanged for stock. The real excitement is often in these secondary holdings. In the case of this article, the coverage of the list is superficial. Contact your local Wall Street purveyor of investor research for a more thorough run down.
Amazon’s Impact on Truck Drivers
Business Insider ran this story: “Truckers Say Amazon’s New Logistics Empire Is Being Underpinned by Low, Ridiculous Rates — and Some Are Refusing to Work with Them.” Amazon’s investments in self driving are not included in the lists of Amazon’s acquisitions. But Amazon is focused on efficiency. Robots are efficient. Humans require benefits, retirement plans, and other “soft” and “squishy” things which add escalating and variable costs. Nope, not in Amazon’s future.
How to Put Amazon in Your Business?
Answer: Just use Amazon. Plus, CTO Vision ran a “real” news story called “Amazon on How Businesses Can Implement AI.” The write up is a pointer to an Amazon movie “How AWS Is Changing Businesses Using Artificial Intelligence.” The video runs about four minutes, too short for popcorn, long enough to get the message across, “Embrace Amazon.” Admission is free even if one does not have a Prime membership. More Amazon PR is included in “At Re:MARS, Amazon Sells Itself As an AI Innovator.” Unlike Facebook and Google, Amazon is taking note of America Online’s disc campaign and refined it. Instead of CD ROMs, Amazon is using digital reminders, flashy technology, and glitzy conferences to make clear that it is the Bezos way or one will be sitting on the side of the Amazon toll way.
Amazon Revenue
According to GeekWire, Amazon’s sale of products make up less than half of Amazon’s revenue. Where’s the other revenue come from? Amazon Web Services, advertising, and “other” revenue streams. Is this important? Facebook, Google, and Microsoft may care. Regulators? Tough to say.
We noted a question posed by the Motley Fool, a rock solid financial advisory service: Is Amazon spending too much cash on Lord of the Rings? You can read the MBAistic discussion at this link. The answer is that the streaming world is a competitive place. Deep pockets are needed for this game. Even Google is working to fix up its YouTube service. If Amazon doesn’t get with the seeing stone, Apple, Disney, Netflix, or another outfit with cash will. Netflix has lost “Friends” and that’s the new world of streaming video. Losing friends.
Amazon: Asking Permission
“Amazon Asks to Join Broadband Space Race with Elon Musk’s SpaceX” signals a new spirit at Amazon. The write up reports:
Amazon.com asked for U.S. permission to launch 3,236 communications satellites, joining a new space race to offer internet service from low orbits and challenge the fleet planned by Elon Musk’s SpaceX.
Yes, asking permission.
Amazon’s satellite initiative is designed to help people get Internet access. Those without Internet access can use Amazon for shopping, videos, and computer services. But the permission angle is noteworthy.
Amazon Faces Challenges
There has been an uptick in “Amazon faces challenges” news. The Telegraph published “As Amazon Turns 25, What Are the Biggest Challenges Facing the World’s Most Powerful Company?” The Week, another UK publishing outfit, chimed in with “Amazon at 25: Where Next for the Online Giant?” These “analyses” recycle truisms. But after a decade of inattention, the rush to criticize is amusing.
More interesting were these items about Amazon’s new world:
Deliveroo Stalled
CNN reported:
UK regulators have ordered Amazon to pause its investment in UK food delivery startup Deliveroo while they consider whether the deal amounts to a takeover.
UK Investigates Amazon
The Associated Press, an outfit which frightens us, emitted a write up called “UK Investigation of Amazon Investment Shows Tougher Approach.” The AP story appeared in SFGate. We won’t quote from the story. What’s up is that government authorities are going to scrutinize Amazon. Amazon has been in business for more than 20 years. What’s the rush? Possible revenue from fines and taxes. These are potent forces in some nation states.
French Push Back
SFGate reported that Amazon faced some environmental pushback in Paris, France. We learned:
Protesters also disrupted Amazon sites in the southern city of Toulouse and northern city of Lille, hoping to inspire similar action in other countries.
C’est dommage.
Adding fuel to the environmental dumpster fire was a report that the online bookstore will not reveal how much carbon is pumped into the atmosphere by its Australian server operations. The Register said:
It’s one rule for Jeff Bezos’ online empire, and another for everyone else.
Security Issue
A new exploit has appeared. The code is Magecart and it attacks misconfigured AWS S3 instances. The method used is called “skimming.” The basic idea is to siphon off credit card data.
One unique feature of the S3 attacks is that the group is using a “spray and pray” technique as opposed to previous attacks that were highly targeted. In this case, the Magecart group is installing the skimmer code on any open S3 instances it can find in the hope that some of them may be linked to sites that have e-commerce functions.
Financial fraud is a new core competency of some bad actors and industrialized crime cartels. You can read more in Silicon Angle.
Selected Partner / Integrator News
- The Chengdu Hi-tech Zone has teamed up with the Chinese non governmental organization to create a joint innovation zone. The idea is that Amazon and its partner will have an accelerator, incubator, international maker space and talent base. Source: Yahoo
- Datadog has achieved AWS Microsoft workloads competency status. Source: Business Wire
- Dobler Consulting has achieved Select Partner status as part of the Amazon Partner Network (APN). Source: Business Insider
- Saviynt announced support for the newly launched Amazon EventBridge, from Amazon Web Services (AWS). (Amazon EventBridge is a serverless event bus service that connects applications using events.) Source: Digital Journal
- Iron Mountain now supports AWS. The announcement included this remarkable phrase: ‘’Iron Mountain announced it has joined the AWS Partner Network (APN) as a Select Technology Partner, enabling customers to accelerate their digital transformation journey with AWS.” Source: Yahoo
- The Spanish vendor Media Interactiva Media Interactiva offers system developers and engineers the chance to prepare for certification in Amazon Web Services (AWS). Source: Business Insider (may be paywall protected or free. It’s sort of hit and miss with this media and “real” news giant.)
- SentryOne has also achieved Advanced Tier status in the Amazon Web Partner Services Network (APN) as well as Amazon Web Services (AWS) Microsoft Workloads Competency status. Source: Yahoo
- SIOS Technology Corp. achieved Amazon Web Services (AWS) Microsoft Workloads Competency status within the AWS Partner Network (APN). Source: Yahoo
- Trend Micro will deliver transparent, inline network security with Amazon Web Services Transit Gateway. Source: MarketWatch
- Turbonomic has achieved Amazon Web Services (AWS) Microsoft Workloads Competency status as an inaugural global launch AWS Partner Network (APN) Partner. Source: Yahoo
- Unissant has joined the AWS consulting partner network. Source: Globe News Wire
- Oooh rah. The US Marines and Amazon have teamed up for AWS training. Source: Education Drive
Stephen E Arnold, July 15, 2019
ICE Document Collection
July 10, 2019
DarkCyber noted that Mijente published a collection of US government documents. According the landing page for “Ice Papers”:
The ongoing threat of raids for mass deportations has made it necessary for us to understand the inner workings of ICE’s mass raid operations. We’ve confirmed in government documents that ICE operations are politically motivated and not at all about national security, as the administration claims. In their own words, via plans and tactics we uncovered, you will catch a glimpse into their machinations to target, harass, and expel migrants from their communities. While the documents detail information about raids planned back in 2017, we noted the “rinse-and-repeat” nature of ICE’s operations and what we can expect, as Trump reignites the threat of more raids to come after July 4th.
In the collection are documents which provide some competitive insight into Palantir Technologies. Here’s a snip from the Mijente collection. The blue text is a direct quote.
Palantir’s programs and databases were integrated into all Operation Mega planned raids. They are now part of most enforcement actions by ICE.
These raids now use powerful tech and databases in the field. ICE is given authority to use the newest technology and equipment during local operations, including FALCON, FALCON Mobile, ICE EDDIE and Cellbrite [sic] during arrests. [Source document]
- Palantir-designed FALCON and FALCON Mobile. FALCON Mobile can scan body biometrics, including tattoos and irises. FALCON and FALCON Mobile can use “link analysis” to connect profiles and biometrics with associates and vehicles.
- EDDIE is a mobile fingerprinting program that is attached to a mobile fingerprint collection device. These fingerprints are then put into FALCON systems, including ICE’s case management system, Integrated Case Management (ICM, see below). The fingerprints are used to identify people to see if they have criminal history or immigration history, including a final deportation order.
- Cellbrite is a handheld unit that breaks into smartphones and downloads information – up to 3000 phones for one device. It can even extract data that was deleted from your phone. ICE claims that they should obtain consent. (See Operation Raging Bull Field Guidance.) FALCON includes access to services provided by Cellbrite.
- ICM was integrated into Operation Mega. All the systems mentioned above feed into the massive new ICE case management system, ICM, another Palantir Technologies product. ICM is a new intelligence system capable of linking across dozens of databases from inside and outside DHS. ICM is scheduled to be completed by September 2019.
The information is used to support the political objectives of ICE. Both HSI and the Fugitive Operations Team set up a detailed and comprehensive reporting system for arrests and deportations that focused on contact with the criminal system, not on their ties to family or communities.agencies. The reporting system, comprised of Daily Operation Reports (DORs), which included numbers arrested after an immigration raid, and “egregious write-ups,” which were summaries of certain arrests during national or local ICE operations, was aligned with ICE’s public affairs and communications system, e.g. this information usually went into ICE press releases.
DarkCyber’s view is that these types of document collections are likely to be controversial. On one hand, individuals testing intelligence analysis software are likely to find the content useful for certain queries. Those working in other fields may make use of the information in these documents in other ways.
While this information is online (as of July 9, 2019), it may warrant a quick look.
Stephen E Arnold, July 10, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
