NSO Group: PR Push?
July 26, 2021
I checked my Overflight system to see what’s shakin’ with the NSO Group pickle. (I ran these queries on July 25, 2021.) I noted a series of write ups. Here’s a sampling:
Economic Times of India, “Millions Sleep Well at Night, Walk Safely on Streets Due to Technologies like Pegasus: NSO”
New Indian Express, “Millions Sleep Well at Night, Walk Safely on Streets Due to Technologies Like Pegasus: NSO”
ABP Live, “Millions Sleep Well At Night, Walk Safely On Streets Thanks To Technologies Like Pegasus: NSO”
Technology for You, “Millions Sleep Well, Walk Safely Due To Technologies Like Pegasus, Says NSO”
Devdiscourse, “Millions Sleep Well at Night, Walk Safely on Streets Due to Technologies like Pegasus: NSO”
And there are more, quite a few more.
Here’s a screenshot from the low profile Web search engine called 50 Thousand Feet. Notice that this is the fourth page of results:
After making brilliant statements over the last week, NSO Group is now demonstrating content marketing carpet bombing. The idea is to flood certain channels with the message about getting a good night’s sleep. In a market niche characterized by people and organizations keeping a low profile, NSO Group is a veritable Vasco de Gama. The company has launched its stout marketing in order to open a new path to understanding.
Several questions:
- Will the good news content marketing about NSO Group’s positive contributions to a good night sleep deflect the investigative journalists collecting information about the company?
- Was the PR effort a result of a suggestion from an Israeli government task force?
- What content marketing firm pushed out the stories?
- How will the deduplication functions of the stunning Bing.com search, the chart-topping Google search, and the bear-like Yandex handle the same story in numerous outlets?
- How much did this NSO content marketing campaign cost?
- Is the “sleeping well” story the first wave of content bombs or is it a one and done assault?
- Does the content marketing carpet bombing capture the attention of TikTok and YouTube consumers?
I find this an interesting PR campaign. Good news is welcome by many. For some, the flood of “sleeping well” assurances raises the question: “What’s NSO Group trying to accomplish?” The news organizations loosing their investigative reporters on this story may find the smoke, sound, and shock waves from the content marketing carpet bombing like a lavish picnic lunch on a blanket adjacent a fire ant mound:
Those Solenopsidini critters can be industrious, very industrious when content marketing pops the lids on picnic goodies as the campfire grills the mixture of lamb and ground beef. Where’s there is smoke, there is fire. Where there is fire in the summer, it’s either a picnic or disaster.
Stephen E Arnold, July 26, 2021
The NSO Group Story: Inspiring, Incriminating, or Obfuscating?
July 23, 2021
The Washington Post or Wapo to some in the DC orbit is an influential newspaper. The outfit has a connection to the world’s richest man. That billionaire’s idea for an online bookstore spawned a massive online service. One of the customers using that service was allegedly given some good news. The idea was that this particular customer could go elsewhere for online services. This factoid does not appear in “Somebody Has to Do the Dirty Work: NSO Founders Defend the Spyware They Built.” I mention this omission because the ties within the intelware and policeware industry are many and often quite important.
The write up explains:
This week, The Washington Post and a consortium of 16 other media partners reported that the company’s military-grade spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, business executives, and two women close to the murdered Saudi journalist Jamal Khashoggi.
This week refers to the period from July 19 to July 22, 2021, when information about the use of once-classified technology became readily available. What’s happened is that a single intelware and policeware company, the commercial-government connections in Israel, and the threads which tie many of the Herliya-based intelware and policeware companies to American firms is a subject of interest to lots of investigative journalists. I want to point out that the best investigative journalists fit the profile of intelligence operatives and first-class detectives working in government institutions. A few journalists have this type of work experience as well.
This means that a poster child for intelware and policeware is going to be a focal point for a news cycle or two. That’s the good news. The bad—actually really bad, bad news—is that the collateral information could be untangled. Then what will the investigative journalists find?
The Wapo article cited above adds some interesting detail; for example, “it was not appropriate to have any direct knowledge of the internal national security matters of foreign countries. They also thought they weren’t equipped to make political decisions about whom to sell to.”
And this factoid: One of the founders “was on a volunteer search-and-rescue mission in Haiti, pulling bodies out of the rubble of a collapsed university.”
Plus, one founder runs on “little sleep, Diet Coke and takeout sushi.”
There is a suggestion about managing the cyber security industry. How about this idea:
The situation would be better …if the cybersecurity industry were regulated by a global body. More importantly, he said, the Israeli government has a role to play: Countries that violate their agreements should be banned from being recipients of any of Israel’s cyber technology.
One can hypothesize about the questions my DarkCyber research team might raise about this statement, but I won’t speculate.
This article strikes me as a “make nice” write up. That’s good for NSO Group. However, I am not sure the 80 journalists and 17 news organizations are going to leave the NSO Group with stories about hard working entrepreneurs who created a successful company. Some questions I think this group of intrepid “real news” professionals could explore include:
- What’s the story behind NSO Group selling itself to Francisco Group and then buying itself back?
- Who have become the primary stakeholders in the NSO Group since Eddy Shalev made an investment in the company?
- What government contracts has the NSO Group landed in the last two years?
- What vendors resell or provide hosting services to the NSO Group?
- What partnerships exist between NSO Group and other companies?
- What conferences does NSO Group attend? What are the presentations NSO Group professionals deliver?
- What interactions exist among NSO Group and other intelware and policeware companies in Herzliya?
- What companies are now employing former NSO Group professionals?
- Who are the principal technical contractors NSO Group compensates to assist with technology development?
- What university professionals are associated with NSO Group?
- Who has nominated NSO Group for intelware and policeware awards?
There are other questions the 80 journalists and 17 news organizations can address. Digging might yield more useful information than “how quickly the pace of tech and the
advent of smartphones had enabled criminals to outrun law enforcement” or the the founders “didn’t have the background of the typical Israeli entrepreneur.”
Isn’t there more to this story? Weren’t the founders in the Israeli Army? Is that important? Perhaps the 80 journalists and 17 news organizations can answer this question, a question I think it is quite important to pull the knots from this puzzle.
Stephen E Arnold, July 23, 2021
Gartner: Does Analysis Register?
July 23, 2021
I read “Where on Gartner’s Hype Cycle is Gartner’s Hype Cycle?” This is a very insightful write up which raises some interesting issues about misinformation, disinformation, and fact reformation. The principal interrogatory pivots on the phrase “hype cycle.” If you are not familiar with “hype cycle”, it is a curve that looks like this:
The curve with labels on the x and y axis looks like this from the Matplotlib here just without numbers. Do mid tier consulting firms generating billions each year need numbers? Obviously not.
What is the “information payload” of a Garter hype cycle I found from the Yandex Web index:
Notice the x axis is time and the y axis is the subjective “expectations.” Is this consulting “science”? I do like the tag “SmarterWithGartner.” More examples of the Gartner content can be found at this link to the Yandex image search service.
What does the Register’s opinion column address? Please, read the original. I have identified three points which I found interesting; your mileage may vary, particularly if you are one of the Gartner confederation of whiz bang experts.
Gartner’s business positioning
I quote from the characterization of an information company and consulting services firm:
Gartner is an odd fish.
Validity of the information in the hype cycle
I quote from a passage referencing hype cycles for a five year period:
if search engines or ARM chips or OLEDs are in there anywhere, I missed them. Whatever happened to that Google thing, anyway?
Expertise
I quote from what is a discussion of self-referential marketing and feedback sales:
Gartner absorbs the reportage and opinion about how well corporate portals are doing this year, slaps them in or not, and the result gets reported in the press with more or less reaction. Which is duly noted, and fed back into the next time, all the while carrying the name of Gartner through the media with a strong whiff of broad, deep tech mastery.
Accuracy
I quote from the value of the information arrayed in a hype cycle graph without “numbers” or apparent verifiable data:
Gartner would do well to appoint a proper historian, and perhaps a proper ethicist, in recognition of some of the truths about itself that never appear in a PowerPoint deck. The world is ready for a bit less flannel.
My take is that numbers are helpful. Also, I hope the Register take a look at the number free Gartner Magic Quadrant; for instance, the apparently subject examples at this link on Yandex.
I think that the word “flannel” means:
Collins’ Dictionary of Slang says that the noun “flannel” has been used to mean “rubbish, albeit plausible rubbish” since the 1920s, and the verb “to flannel” has meant “to talk nonsense in a soothing, plausible manner, esp for the purposes of charming a woman one wishes to seduce” since the 1940s.
Has Gartner been called out? PT Barnum allegedly said, “I don’t care what people say about me as long as they say something.”
A perfect complement to self-referential information marketing? Smarter with Gartner is a compelling coda.
Stephen E Arnold, July 23, 2021
More Management and PR Deftness at the Google
July 23, 2021
I read “Google Leader Quits, Alleging Corporate Racism.” As a stellar American baseball professional allegedly said, “It’s déjà vu all over again.” The allegedly accurate real news story stated:
Ashley Ray-Harris, a project leader for Google content creation, quit the company, saying in an email to Google that she experienced “some of the worst bureaucratic, corporate racism” that she “ever experienced.” “At a certain point I realized that even if you find a team that makes you feel welcomed, we still work within a company that views Black women as lesser than even as we sacrifice our mental health and work/life balance for this company,” Ray-Harris wrote in her resignation letter, which she posted to Twitter on Friday evening [July 16, 2021].
Several observations:
- Recruiters representing may have to some convincing in order to attract certain talented individuals.
- High school science club management principles are remarkably effective at generating publicity around high profile experts who quit on the very high school-centric service Twitter.
- SHRM might be able to do a session about the Google HR methods.
As the wise Yogi Berra allegedly said: “How can you think and hit at the same time?”
Another strike called.
Stephen E Arnold, July 23, 2021
Google Explains Censorship: Disambiguation Not Included
July 23, 2021
Navigate to this Google “documentation” page: “Abuse Program Policies and Enforcement.”
Now a quick exam to determine how Googley you are. Keep your answers brief because you don’t want to exceed Google storage limits.
What do these words mean?
- Sites
- Positive
- Abide
- Artistic
- Scientific
- Considerations
- Delete content
- Abuse.
I think these mean censorship. What do you think? More important, I assume, is what Google thinks. Wait, does Google think? It is a giant corporation which used its intellectual capabilities to craft what I call the Timnit Gebru strategy?
Stephen E Arnold, July 23, 2021
NSO Group: The Rip in the Fabric of Intelware
July 22, 2021
A contentious relationship with the “real news” organizations can be risky. I have worked at a major newspaper and a major publisher. The tenacity of some of my former colleagues is comparable to the grit one associates with an Army Ranger or Navy Seal, just with a slightly more sensitive wrapper. Journalists favored semi with it clothes, not bushy beards. The editorial team was more comfortable with laptops than an F SCAR.
Communications associated with NSO Group — the headline magnet among the dozens of Israel-based specialized software companies (an very close in group by the way)— may have torn the fabric shrouding the relationship among former colleagues in the military, government agencies, their customers, and their targets.
Whose to blame? The media? Maybe. I don’t have a dog in this particular season’s of fights. The action promises to be interesting and potentially devastating to some comfortable business models. NSO Group is just one of many firms working to capture the money associated with cyber intelligence and cyber security. The spat between the likes of journalists at the Guardian and the Washington Post and NSO Group appears to be diffusing like spilled ink on a camouflage jacket.
I noted “Pegasus Spyware Seller: Blame Our Customers Not Us for Hacking.” The main point seems to be that NSO Group allegedly suggests that those entities licensing the NSO Group specialized software are responsible for their use of the software. The write up reports:
But a company spokesman told BBC News: “Firstly, we don’t have servers in Cyprus.
“And secondly, we don’t have any data of our customers in our possession.
“And more than that, the customers are not related to each other, as each customer is separate.
“So there should not be a list like this at all anywhere.”
And the number of potential targets did not reflect the way Pegasus worked.
“It’s an insane number,” the spokesman said.
“Our customers have an average of 100 targets a year.
“Since the beginning of the company, we didn’t have 50,000 targets total.”
For me, the question becomes, “What controls exist within the Pegasus system to manage the usage of the surveillance system?” If there are controls, why are these not monitored by an appropriate entity; for example, an oversight agency within Israel? If there are no controls, has Pegasus become an “on premises” install set up so that a licensee has a locked down, air tight version of the NSO Group tools?
The second item I noticed was “NSO Says ‘Enough Is Enough,’ Will No Longer Talk to the Press About Damning Reports.” At first glance, I assumed that an inquiry was made by the online news service and the call was not returned. That happens to me several times a day. I am an advocate of my version of cancel culture. I just never call the entity again and move on. I am too old to fiddle with the egos of a younger person who believes that a divine entity has given that individual special privileges. Nope, delete.
But not NSO Group. According to the write up:
“Enough is enough!” a company spokesperson wrote in a statement emailed to news organizations. “In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.” NSO has not responded to Motherboard’s repeated requests for comment and for an interview.
Okay, the enough is enough message is allegedly in “writing.” That’s better than a fake message disseminated via TikTok. However, the “real journalists” are likely to become more persistent. Despite a lack of familiarity with the specialized software sector, a large number of history majors and liberal arts grads can do what “real” intelligence analysts do. Believe me, there’s quite a bit of open source information about the cozy relationship within and among Israel’s specialized software sector, the interaction of these firms with certain government entities, and public messages parked in unlikely open source Web sites to keep the “real” journalists learning, writing, and probing.
In my opinion, allowing specialized software services to become public; that is, actually talk about the capabilities of surveillance and intercept systems was a very, very bad idea. But money is money and sales are sales. Incentive schemes for the owners of specialized software companies guarantee than I can spend eight hours a day watching free webinars that explain the ins and outs of specialized software systems. I won’t but some of the now ignited flames of “real” journalism will. They will learn almost exactly what is presented in classified settings. Why? Capabilities when explained in public and secret forums use almost the same slide decks, the same words, and the same case examples which vary in level of detail presented. This is how marketing works in my opinion.
Observations:
1. A PR disaster is, it appears, becoming a significant political issue. This may pose some interesting challenges within the Israel centric specialized software sector. NSO Group’s system ran on cloud services like Amazon’s until AWS allegedly pushed Pegasus out of the Bezos stable.
2. A breaker of the specialized software business model of selling to governments and companies. The cost of developing, enhancing, and operating most specialized software systems keeps companies on the knife edge of solvency. The push into commercial use of the tools by companies or consumerizing the reports means government contracts will become more important if the non-governmental work is cut off. Does the world need several dozen Dark Web indexing outfits and smart time line and entity tools? Nope.
3. A boost to bad actors. The reporting in the last week or so has provided a detailed road map to bad actors in some countries about [a] What can be done, [b] How systems like Pegasus operate, [c] the inherent lack of security in systems and devices charmingly labeled “insecure by design” by a certain big software company, and [d] specific pointers to the existence of zero day opportunities in blast door protected devices. That’s a hoot at ??????? ???? “Console”.
Net net: The NSO Group “matter” is a very significant milestone in the journey of specialized software companies. The reports from the front lines will be fascinating. I anticipate excitement in Belgium, France, Germany, Israel, the United Kingdom, and a number of other countries. Maybe a specialized software Covid Delta?
Stephen E Arnold, July 22, 2021
Elasticsearch Versus RocksDB: The Old Real Time Razzle Dazzle
July 22, 2021
Something happens. The “event” is captured and written to the file. Even if you are watching the “something” happening, there is latency between the event and the sensor or the human perceiving the event. The calculus of real time is mostly avoiding too much talk about latency. But real time is hot because who wants to look at old data, not TikTok fans and not the money-fueled lovers of Robinhood.
“Rockset CEO on Mission to Bring Real-Time Analytics to the Stack” used lots of buzzwords, sidesteps inherent latency, and avoids commentary on other allegedly real-time analytics systems. Rockset is built on RockDB, an open source software. Nevertheless, there is some interesting information about Elasticsearch; for example:
- Unsupported factoids like: “Every enterprise is now generating more data than what Google had to index in [year] 2000.”
- No definition or baseline for “simple”: “The combination of the converged index along with the distributed SQL engine is what allows Rockset to be fast, scalable, and quite simple to operate.”
- Different from Elasticsearch and RocksDB: “So the biggest difference between Elastic and RocksDB comes from the fact that we support full-featured SQL including JOINs, GROUP BY, ORDER BY, window functions, and everything you might expect from a SQL database. Rockset can do this. Elasticsearch cannot.”
- Similarities with Rockset: “So Lucene and Elasticsearch have a few things in common with Rockset, such as the idea to use indexes for efficient data retrieval.”
- Jargon and unique selling proposition: “We use converged indexes, which deliver both what you might get from a database index and also what you might get from an inverted search index in the same data structure. Lucene gives you half of what a converged index would give you. A data warehouse or columnar database will give you the other half. Converged indexes are a very efficient way to build both.”
Amazon has rolled out its real time system, and there are a number of options available from vendors like Trendalyze.
Each of these vendors emphasizes real time. The problem, however, is that latency exists regardless of system. Each has use cases which make their system seem to be the solution to real time data analysis. That’s what makes horse races interesting. These unfold in real time if one is at the track. Fractional delays have big consequences for those betting their solution is the least latent.
Stephen E Arnold, July 22, 2021
Does Facebook Kill?
July 22, 2021
I found it interesting that the US government suggested that Facebook information kills. You can refresh your knowledge of this assertion in “Biden: COVID Misinformation on Platforms Like Facebook Is ‘Killing People’”. The statement is an attention grabber. Facebook responded, according to Neowin in “Facebook Refutes Biden’s Blame That It’s “Killing People” with COVID Fake News”:
Facebook clearly took issue with these statements and a company spokesperson responded by saying, “We will not be distracted by accusations which aren’t supported by the facts”.
The US government asserts one thing; Facebook another. Which is the correct interpretation of Facebook: An instrument of death or a really great helper of humanity?
The US is a country, and it has legal tools at its disposal. Facebook is a commercial enterprise operating in the US with a single person controlling what the company does.
Facebook wants to use the laws of the country to advantage itself; for example, Facebook is not too keen on Lina Khan. The company filed a legal document to keep that person from getting involved in matters related to Facebook’s commercial behaviors.
I find the situation amusing. Facebook’s assertions are not going to get a like from me. The US government, on the other hand, is a country. When countries take action — as China did with regard to Jack Ma — consequences can be significant.
The phrase “Facebook kills” is meme-able. That may be a persistent problem for the Zuck and the Zuckers in my opinion.
Stephen E Arnold, July 22, 2021
Does GitHub Data Grab for AI Training Violate Licenses?
July 22, 2021
Programmer Nora Tindall has taken to Twitter to call out Microsoft property GitHub on violating licenses for algorithm training purposes. She shares a screenshot of an exchange she had with GitHub Support that seems to confirm her charge:
[Tindall] I am specifically asking if any code from my GitHub account, most of which is licensed GPL, was used in the training set. It is a simple question.”
[GitHub] Sorry about the delay in getting back to you. I reached out to the team about this. Apparently all public GitHub code was used in training. We don’t distinguish by license type. I hope that answers your question!
It does indeed answer Tindall’s question, and she vows to pursue legal action. Predictably, the post prompted a flurry of comments, so navigate there to read that debate. It seems like the legality of this data usage is nebulous until courts weigh in. We note this exchange:
[Daniel Monte] Is there any precedent for training an AI on copyrighted content being a violation of said copyright?
[Nora Tindall] No, there’s no precedent in any of this. This is the deciding moment for the future of the copyleft ideal, and of free software in general. Maybe for copyright as a whole, actually, since this has applications outside software.
[Laurie] The law on all of this is basically non-existent. And there aren’t enough people who really understand the nuances who are also lawyers. It’s a whole mess which results in companies getting to decide for themselves. Not good.
[Critical Oil Theory Salesman] Hard agree. I’d imagine that we would see a completely different set of legal interpretations if the open source community trained a GPT3 model on Microsoft’s publicly available code.
Perhaps—that would be an interesting experiment. Is Microsoft really ignoring licenses? If not, Twitter is disseminating incorrect information. If yes, then Microsoft has designs on open source information in a way that outfoxes Amazon-type of open source maneuvers. But Microsoft is busy securing its own code and may want to envelope GitHub is the same cyber goodness.
Cynthia Murrell, July 22, 2021
Three Here and Now Amazon Management Milestones
July 21, 2021
July 21, 2021, is a day of Amazon management milestones. In my newsfeeds this morning, I noted three items. Obviously none or some or all of these “real news” stories could be falsification from the fecund multi-verse. Who knows? Perhaps the error corrected Google quantum computer’s “supremacy” or IBM Watson can answer the “know” question. What do you think?
ITEM 1: More Competitive Zing
“Build a SQL-Based ETL pipeline with Apache Spark on Amazon EKS” states:
The Arc processing framework strives to enable data personas to build reusable and performant ETL pipelines, without having to delve into the complexities of writing verbose Spark code. Writing your ETL pipeline in native Spark may not scale very well for organizations not familiar with maintaining code, especially when business requirements change frequently. The SQL-first approach provides a declarative harness towards building idempotent data pipelines that can be easily scaled and embedded within your continuous integration and continuous delivery (CI/CD) process. Arc simplifies ETL implementation in Spark and enables a wider audience of users ranging from business analysts to developers, who already have existing skills in SQL. It further accelerates users’ ability to develop efficient ETL pipelines to deliver higher business value.
Remember Elastic, the open source search champion? What about Lucidworks? Oracle, anyone? Amazon wants to get the ingest, normalize, and analyze market in the AWS environment. Will these just named outfits be invited to the celebration of open source life? I don’t need a super smart DeepMind Alpha gizmo or the outstanding IBM Watson to answer this question.
ITEM 2: Big Rocket, Big Boat, Big or Small Body Dysmorphic Disorder
I missed the launch of the brilliantly named Blue Origin. I know. The story was everywhere. I live in rural Kentucky and the power was out. I did read “Jeff Bezos Says His Launch to Space Gave Him Greater Appreciation of Earth’s Fragility.” If true, maybe Green Origin would have been a more poetic name. Have those Bezos delivery trucks, servers, and automated warehouses gone green? Once again, no smart software like Sagemaker is needed. The answer is, “Maybe in one’s imagination” like an expensive amusement part ride powered by solar energy.
ITEM 3: Sensitive Human Resource Management
I spotted “Amazon Denied a Worker Pregnancy Accommodations. Then She Miscarried.” I did some quick checks, and this “real news” item is not too popular in the technology feeds I monitor. The write up states:
Patty Hernandez, a 23-year-old Amazon warehouse worker in Tracy, California, miscarried after pleading with her manager and human resources for lighter duty… Amazon’s human resources denied Hernandez’s doctor’s note, according to Hernandez who said the denial was communicated verbally by a human resources rep. “[HR] just told me there was no specific area for light work that wouldn’t require over 15 pounds of lifting, or for me to be off my feet,” she said.
To sum up: Brilliant competitor tactics management, outstanding management messaging about the environment, and the human resources management approach. Should I mention that some of NSO Group’s processes were allegedly running on AWS servers? Nah, probably just a rumor like Amazon being in the policeware and intelware business itself.
Stephen E Arnold, July 21, 2021