Terrorism and Big Data: A Solution?

August 18, 2022

I recall hearing that a person allegedly named Ayman al-Zawahiri was a terrorist and, thus, became a target for the US. (I thought an entity named Ayman al-Zawahiri had been terminated on one, maybe two previous occasions. But maybe not. Since that action, I have noted a number of terrorism related articles. One that caught my attention was “How Big Data Is Helping Fight Terrorism?” The article contains a shopping list of intelware functions. These types of content types and their applicability to deterring terrorism can, for some, be difficult to find. Here are the items on the list presented in the article. For definitions of leach function, please, consult the original source:

  1. Processing test, audio, and video inputs. The idea is that intelware can do this work more quickly than officers and analysts.
  2. Identifying money laundering activities. The gist of this function is that intelware can detect actions and patterns more quickly and effectively than investigators.
  3. Pattern identification. The idea I think is that smart software can extract from large data sets sequences or connected events better than a person sitting in a cube in a government office.
  4. AI and machine learning. The author is confident that smart software can improve, learn, and operate in a more effective way than a task force.
  5. Risk projects. Smart software can identify that doing A presents a greater likelihood of taking place than B.

Stepping back from this list, it is clear to me that the hype, the PR, and the jargon of intelware has diffused outside of specialist circles and been recycled in a particularly snappy way. From my point of view, this article is quite different from the information my team and I will present at an upcoming law enforcement conference in mid September. The jazz and zing of marketers has obscured a number of very important points about what intelware can and cannot do. In fact, there are more cannots than many want to accept.

Stephen E Arnold, August 18, 2022

NSO Group: Now a Humor Piñata

August 16, 2022

Intelware once was serious, secret, and one of the few topics would be comedians would reference in an act. Not any more. Navigate to “NSO Group Finally Figures Out How Many European Countries It Does Business With” reports:

It seemingly takes about six weeks to count higher than five but NSO has put in the time and effort to ensure EU lawmakers have something more than the vague (and obviously low) estimate the company previously decided to provide in lieu of actual data.

Ho ho ho.

The quip is unlikely to cause chuckles in Tel Aviv. Three observations:

  • A topic which becomes the focus of a joke has entered popular culture. This is intelware, remember, not a remake of Elvis’ life story with glitter.
  • NSO Group appears to lack the management infrastructure to respond in a way which does not cause graduates of an online university MBA program to roll their eyes.
  • The NSO Group continues to demonstrate an ability to attract attention.

Net net: What’s next for the intelware sector? More marketing, slicker PowerPoint decks, and the quest for smarter software and (hopefully) decision makers.

Stephen E Arnold, August 16, 2022

NSO Group-Like Software: Where Did It Originate?

August 15, 2022

I noted another story related to the NSO Group Pegasus coverage. This report was “Israel Police’s Pegasus Spyware Prototype Revealed” talks about what may be an ur-NSO Group type software. Like literature majors who puzzle over an urHamlet, the mystery is, “Where does the idea originate?” Like Shakespeare, one of the most notable recyclers, the article suggests that:

Details and screenshots of a prototype version of the Pegasus spyware designed for Israeli police back in 2014 reveal the tools and far-reaching capabilities of a system that was slated to be deployed in everyday police work.

That suggests that the intelware was mostly functio0nal eight years ago. I learned:

… the [Pegasus] spyware was operationally deployed as early as 2016

That was six years ago.

The article points out:

Pegasus could read WhatsApp messages.

The article asserts:

Another capability … mentioned in the presentation is the interception of incoming and outgoing phone calls. Besides this ability, which seems to be relatively routine in the world of intelligence surveillance, there is another one known in the professional parlance as “volume listening” and is considered much more intrusive. In simple terms it means real time wiretapping to a device’s surrounding through the remote activation of the device’s microphone.

Another interesting alleged functionality is:

With the spyware, the police can gain full access to all the files stored on the phone, including those that are end-to-end encrypted. This encryption technology prevents access to a device’s content through cellular antennae or other infrastructures. Even if a file is intercepted, it cannot be decoded. However, on a device that has been infected with the spyware, all the files become visible.

My recollection is that the “origin” of the Pegasus tool was a person who worked in a mobile phone store. Perhaps this is true, but the functionality of the “prototype” almost a decade ago begs a question I find interesting:

“Where did the idea for Pegasus originate? Who came up with the requirements for a mobile phone capability like this?

I don’t have an answer to this question, but I will raise it in the context of the remarkable similarity among other types of intelware developed by individuals with some experience in the armed forces whose offices are in relatively close proximity in one country with reasonably close ties to the US. My lecture to a US government entity will be in mid-September. Perhaps other “real news” outfits will pursue the history of Pegasus. But whose idea was it in the first place? Maybe like the ur-Hamlet the question may not be answered. But those requirements! Spot on.

Stephen E Arnold, August xx, 2022

Palantir Technologies: Following a Well Worn Path

August 11, 2022

Most intelware vendors are pretty much search and retrieval with a layer of search based applications. I think of these specialized services like an over-priced foam dog bed. The foam is hidden beneath what looks like a rich, comfy, and pet friendly cover. The dog climbs on, sniffs the fumes and scratches the cover. A bite or two and the cover tears and foam shards litter the floor.

When I think of some intelware vendors’ solutions, I keep thinking about that Alibaba-type dog bed. Wow. Not good.

I read “Palantir Stock Skids As Exec Says Downbeat Forecast Is All the More Disappointing Given Opportunities Ahead”, and I saw that dog bed, the torn cover, and the weird pink and green foam chunks in our family room. I know this association is not one shared by those who cheerlead for Palantir or the stakeholders who must look at the value of their “stakes”.

The write up reports:

Government deals “at the billion-dollar range of the contracts that we are working on…have the bug of them taking too long and the feature of, in a highly difficult, tumultuous and politically uncertain world, that you actually get paid and you actually make free-cash flow,” Chief Executive Alex Karp said on the earnings call.

Yep, that’s true.

However, Palantir has been working hard to convince outfits like chocolate companies, big banks, and some pharma companies to rely on Palantir for their information plumbing and intelligence dashboard. (Dashboards are hot, even though many intelware vendors just recycle the components associated with Elasticsearch, a popular open source search and retrieval system, and other members of the species ELK.

If Palantir were closing deals with non governmental entities, wouldn’t that revenue make up for the historically slow and sketchy US government procurement process. For those in the know, FAR is a friend. For those who have racked up a track record of grousing about Federal procurement rules, FAR can be associated with the concept “far outside the circle of decision makers.”

If we accept my assertion of intelware as basic search, indexing and classifying content objects, and output nice looking reports. These reports, by the way, depend upon some widely used numerical recipes. The outputs of competitive intelware systems which use the same test set of content objects is often similar. In some cases, very similar. (In September at CyCon, we will show some screenshots and challenge the audience of law enforcement and intelligence professionals to identify the output with the system generating the diagrams, charts, graphs, and maps. In previous lectures this audience involvement ploy yielded one predictable result: No one could match outputs with the system producing it.

What are the paths available to a vendor of intelware chasing huge contracts for getting close to 20 years? That’s two decades, gentle reader.

Based on my observations and research for my books and monographs, here are the historical precedents I have noticed. Will Palantir follow any of these paths? Probably not, but I enjoy trotting them out in order to provide some color for the search and specialized software sector competitors. What each competitor lacked in applications, stable products and services, and informed and available customer support, the PP (Palantir predecessors) had outstanding marketing, nifty technical jargon, and a bit of the Steve Jobs reality distortion field magic.

  1. The vendor just gets acquired. Recorded Future is now Insight. Super secretive Detica is BAE Systems, etc. etc. The idea is that the buyer has the resources to make the software work and develop innovations that will keep ahead of open source offerings and pesky start ups. A variation is continuous resales as owners of intelware companies realize there are not enough customers to deliver the claims in PowerPoint decks’ revenue projections. Is one example this sequence? i2 Ltd (UK) —>  venture firm –> IBM Corp. –> Harris?
  2. The vendor hooks up with the government and presents the face of a standalone, independent outfit when affiliated with a government entity. Example: Some intelware firms in China, Israel, and the UK.
  3. The vendor goes away or turns a few cartwheels and emerges as something else entirely. Example: Cobwebs Technologies doesn’t do intelware; it provides anti money laundering services. I still like LifeRaft’s positioning as a marketing intelligence company.
  4. Everybody involved with the company moves on, new executives arrive, and the firm emerges as a customer service outfit or a customer experience provider. Rightly or wrongly I think of LucidWorks as this type of outfit.
  5. A combo deal. The inner workings of this type of deal converts Excalibur into Convera which becomes Ntent and then becomes a property of Allen & Co. Where is Convera today? I heard that some of its DNA survives in Seekr, but I have not heard back from the company to verify this rumor. The firm’s PR professional is apparently busy doing more meaningful PR things.
  6. Creative accounting. Believe it or not, some senior executives are found guilty of financial fancy dancing. Example: The founder of a certain search vendor with government clients. I think a year in the slammer was talked about.
  7. The company just closes up. Example: Perhaps Delphis, Entopia, or Stull, among others.

Net net: Vendors selling to law enforcement, crime analysts, and intelligence agencies face formidable competition from incumbents; for example, big Beltway bandits like the one for which I used to work. Furthermore, when selling intelware (event with a name change and a flashy PowerPoint deck) corporate types are not comfortable buying from a company working closely with some of the badge-and-gun agencies. Intelware vendors can talk about big sales to commercial enterprises. True, the intelware vendor may land some deals. But the majority of leads just become money pits: Sales calls, presentations, meetings with shills for the firm’s lawyers, and similar human resources. Those foam chunks from the Alibaba dog bed are similar to some investors’ dreams of giant stakeholder paydays. Oh, well, there is recycling.

Stephen E Arnold, August 11, 2022

The Expanding PR Challenge for Cyber Threat Intelligence Outfits

August 10, 2022

Companies engaged in providing specialized services to law enforcement and intelligence entities have to find a way to surf on the building wave of NSO Group  backlash.

What do I mean?

With the interest real journalists have in specialized software and services has come more scrutiny from journalists, financial analysts, and outfits like Citizens Lab.

The most recent example is the article which appeared in an online publication focused on gadgets. The write up is “: These Companies Know When You’re Pregnant—And They’re Not Keeping It Secret. Gizmodo Identified 32 Brokers Selling Data on 2.9 Billion Profiles of U.S. Residents Pegged as Actively Pregnant or Shopping for Maternity Products.” The write up reports:

A Gizmodo investigation into some of the nation’s biggest data brokers found more than two dozen promoting access to datasets containing digital information on millions of pregnant and potentially pregnant people across the country. At least one of those companies also offered a large catalogue of people who were using the same sorts of birth control that’s being targeted by more restrictive states right now. In total, Gizmodo identified 32 different brokers across the U.S. selling access to the unique mobile IDs from some 2.9 billion profiles of people pegged as “actively pregnant” or “shopping for maternity products.” Also on the market: data on 478 million customer profiles labeled “interested in pregnancy” or “intending to become pregnant.”

To add some zest to the write up, the “real news” outfit provided a link to 32 companies allegedly engaged in such data aggregation, normalization, and provision. Here are the 32 companies available from the gadget blogs link. Note sic means this is the actual company name. The trendy means very hip marketing.

Adprime Health
Alike Audience
Anteriad (180byTwo)
Cross Pixel
Datastream Group
Dstillery (sic and trendy)
Eyeota (sic and trendy)
Fyllo (sic)
Lighthouse (Ameribase Digital)
Reklaim (sic)
Stirista (Crosswalk) (sic)
Valassis Digital
Weborama Inc
Ziff Davis
ZoomInfo (Clickagy)

How many of these do you recognize? Perhaps Experian, usually associated with pristine security practices and credit checks? What about Ziff Davis, the outfit which publishes blogs which reveal the inner workings of Microsoft and a number of other “insider” information? Or Zoom Info, an outfit once focused on executive information and now apparently identified as a source of information to make a pregnant teen fear the “parent talk”?

But the others? Most people won’t have a clue? Now keep in mind these are companies in the consumer information database business. Are there other firms with more imaginative sources of personal data than outfits poking around open source datasets, marketing companies with helpful log file data, and blossoming data scientists gathering information from retail outlets?

The answer is, “Yes, there are.”

That brings me to the building wave of NSO Group backlash. How does one bridge the gap between a government agency using NSO Group type tools and data?

The answer is that specialized software and services firms themselves are the building blocks, engineer-constructors, and architect-engineers of these important bridges.

So what’s the PR problem?

Each week interesting items of information surface. For example, cyber threat firms report new digital exploits. I read this morning about Cerebrate’s Redeemer. What’s interesting is that cyber threat firms provide software and services to block such malware, right? So the new threat appears to evade existing defense mechanisms. Isn’t this a circular proposition: Buy more cyber security. Learn about new threats. Ignore the fact that existing systems do not prevent the malware from scoring a home run? Iterate… iterate… iterate.

At some point, a “real news” outfit will identify the low profile engineers engaged in what might be called “flawed bridge engineering.”

Another PR problem is latent. People like the Kardashians are grousing about Instagram. What happens when influencers and maybe some intrepid “real journalists” push back against the firms collecting personal information very few people think of as enormously revelatory. Example: Who has purchased a “weapon” within a certain geofence? Or who has outfitted an RV with a mobile Internet rig? Or who has signed up for a Dark Web forum and accessed it with a made up user name?

Who provides these interesting data types?

The gadget blog is fixated on pregnancy because of the current news magnetism. Unfortunately the pursuit of clicks with what seems really significant does not provide much insight into the third party data businesses in the US, Israel, and other countries.

That’s the looming PR problem. Someone is going to step back and take a look at companies which do not want to become the subject of a gadget blog write up with a 30 plus word headline. In my opinion, that will happen, and that’s the reason certain third party data providers and specialized software and services firms face a crisis. These organizations have to sell to survive, except for a handful supported by their countries’ governments. If that marketing becomes too visible, then the gadget bloggers will out them.

What’s it mean when a cyber threat company hires a former mainstream media personality to bolster the company’s marketing efforts? I have some thoughts. Mine are colored by great sensitivity to the NSO Group and the allegations about its Pegasus specialized software. If these allegations are true, what better way to get personal data than suck it directly from a single target’s or group of targets’ mobile devices in real time?

Here are the chemical compounds in the data lab: The NSO Group-type technology which is increasingly understood and replicated. Gadget bloggers poking around data aggregators chasing ad and marketing service firms. Cyber threat companies trying to market themselves without being too visible.

The building wave is on the horizon, just moving slowly.

Stephen E Arnold, August 10, 2022

FinFisher Videos: How Long Will These Be Available via YouTube?

August 4, 2022

If you are interested in intelware and similar specialized software, you may find the sequence of videos  available at this link interesting. The videos are a decade old, but the basic ideas expressed are applicable today. We spotted this content in Spy News via a Medium post. The visuals in the video compilation are — well — weird. Spy News says:

The videos are for: FinTraining, FinSpy, FinSpy Mobile, FinFly ISP, FinFly LAN, FinFly Web, FinIntrusion Kit (including FinTrack), FinFireWire, and FinUSB.

The jargon in the videos is entertainingly cyber-babble; for example, TrueCrypt container, FinFly, FinIntrusion, etc. An intrepid open source expert may be able to locate other Gamma Group/FinFisher information on the information superhighway. Keep in mind that the procedures in the decade old videos are similar to comparing an electric Ford 150 to a 2011 Ford Ranger.

But why “fin”? Think about sharks near a beach and a GenX or GenY person floating on a rubber raft. The fin is a sign to some that a finny friend is near and might grab lunch.

Stephen E Arnold, August 4, 2022

Accidental News: There Is a Google of the Dark Web.

August 2, 2022

Yesterday one of the research team was playing the YouTube version of TWIT which is Silicon Valley acronym speak for “This Week in Tech.” The program is hosted by a former TV personality and features “experts”. The experts discuss major news events. The August 1, 2022 (captured on July 31, 2022) has the title “The Barn Has Left the Horse — CHIPS Act, Earnings Week, FTC Sues Meta, Twitter Blue Price Hike.” The “experts” fielding questions and allegedly insightful observations by Mr. LaPorte can be viewed at this link. The “experts” on the “great panel” for this program included:

In the midst of recycled information and summaries of assorted viewpoints, there was what I thought was information warranting a bit more attention. You can watch and hear what Dan Patterson says at 2:22:30. A bit of context: Mr. Patterson announced that he is the Editorial Director at Cybersixgill, [supplemental links appear below my name at the foot of this blog post] a firm named after a shark and with, until now, a very low profile. I think the outfit is based in Tel Aviv and it, as I recall, provides what I call specialized software and services to government entities. A few other firms in this particular market space are NSO Group and Voyager Labs, among other. Rightly or wrongly, I think of Herliya as the nerve center for certain types of sophisticated intercept, surveillance, analytic, and stealth systems. Thus, “low profile” is necessary. Once the functionality of an NSO Group-type system becomes known, then the knock on effect is to put Candiru-type firms in the spotlight too. (Other fish swimming unseen in the digital ocean have inspired names like “FinFisher,” “Candiru,” and “Sixgill.”)

So what’s the big news? A CBS technology reported quitting is no big deal. A technology reporter who joins a commercial software and services firm is not a headline maker either.

This is, in my opinion, a pretty remarkable assertion, and I think it should be noted. Mr. Patterson was asked by Mr. LaPorte, “So CyberSixgill is a threat intelligence…” Mr. Patterson added some verbal filler with a thank you and some body movement. Then this…

CyberSixgill is like a Google for the Dark Web.

That’s an interesting comparison because outfits like Kagi and Neva emphasize how different they are from Google. Like Facebook, Google appears to on the path to becoming an icon for generating cash, wild and crazy decisions, and an emblem of distrust.

Mr. Patterson then said:

I don’t want to log roll…. I joined the threat detection company because their technology is really interesting. It really mines the Dark Web and provides a portal into it in ways that are really fascinating.

Several observations:

  1. Mr. Patterson’s simile caught my attention. (I suppose it is better than saying, “My employer is like an old school AT&T surveillance operation in 1941.”
  2. Mr. Patterson’s obvious discomfort when talking about CyberSixgill indicates that he has not yet crafted the “editorial message” for CyberSixgill.
  3. With the heightened scrutiny of firm’s with specialized software causing outfits like Citizens Lab in Toronto to vibrate with excitement and the Brennan Center somewhat gleefully making available Voyager Labs’s information, marketing a company like CyberSixgill may be a challenge. These specialized software companies have to be visible to government procurement officers but not too visible to other sectors.

Net net: For specialized software and services firms in Israel, Zurich, Tyson’s Corner, and elsewhere, NSO Group’s visibility puts specialized software and services company on the horns of a dilemma: Visible but not too visible. These companies cannot make PR and marketing missteps. Using the tag line from a “real” journalist’s lips like “a Google for the Dark Web” is to me news which Mr. LaPorte and the other members of the panel should have noticed. They did not. There you go: “Like a Google for the Dark Web”. That’s something of interest to me and perhaps a few other people.

Stephen E Arnold, August 2, 2022


1 “Sixgill” is the blunt nose “six gill” shark, hexnchoid (Hexanchus griseus). It is big and also called the cow shark by fish aficionados. The shark itself can be eaten.

2 The company’s product is explained at https://www.cybersixgill.com/products/portal/. One “product” is a cloud service which delivers “exclusive access to closed underground sources with the most comprehensive, automated collection from the deep and dark Web. The investigative portal delivers the threat intel security teams need: Real time context and actionable alerts along with the ability to conduct cover investigations.” Mr. Patterson may want to include in his list of work tasks some rewriting of this passage. “Covert investigations,” “closed underground sources,” and “automated collection” attract some attention.

3 The company’s blog provides some interesting information to those interested in specific investigative procedures; for example, “Use Case Blog: Threat Monitoring & Hunting.” I noted the word “hunting.”

4 The company received a fresh injection of funding from CrowdStrike, Elron Ventures, OurCrowd, and Sonae. According to CyberGestion, the firm’s total funding as of May 2022 is about $55 million US.

5 The Dark Web, according to my research team, is getting smaller. Thus, what does “deep web”? The term is undefined on the cited CyberSixgill page. “Like Google” suggests more than 35 billion Web pages in its public index. Is this what CyberSixgill offers?

Mobile Surveillance: Morocco?

August 2, 2022

I read “L’Union Européenne a Discrètement Fourni au Maroc de Puissants Systèmes de Piratage des Téléphones.” I try to believe everything I read on the information superhighway’s sign posts. So far, this story which appeared on July 24, 2022, in Disclose is yet to be verified by my super duper thumbtyping research team. Therefore, I cannot agree or disagree with its statements or the spin put on the story. If you don’t read French, you can try the service at this link to render the mysteries of French is the world’s most lawyer-friendly language.

The company identified as providing mobile phone forensics does business as MSAB, which is a sponsor of the European Academy of Forensic Science conference on mobile device forensics. The firm’s customers are government agencies.. The firm provides “complete solutions.” Its Web site is MSAB.com.

The “Oxygen” referenced in the article may be the entity doing business as Oxygen Forensics. The firm’s Web site is www.oxygenforensic.com. The firm’s mobile phone software is called Detective. Years ago, I did a DarkCyber video about the tool’s capabilities. I have removed my DarkCyber videos from public access because some perceived my explanations as too revealing. For example, I believe I mentioned that the core technology was developed in Russia. Now the firm’s company profile here does not mention much about the non-US facets of the firm.

The write up points out with what I might call Gallic skepticism that the use of the forensic tools is related to immigration. Yep, tools can be used for many purposes. Think about those Buzzfeed articles which explain how to use household products for surprising applications. Who knew dish washing liquid was a jack of all trades?

Worth monitoring because non-US forensic technology is, in my team’s opinion, outperforming US developed solutions in some intelware and policeware sectors. Examples? Sure, just check out the companies in Herliya focused on specialized services.

Stephen E Arnold, August 2, 2022

Surprise: NSO Group Pegasus Is in the News Again

July 28, 2022

On July 27, 2022, the winger wonder Pegasus cast a shadow over the desks of the House Intelligence Committee. The flapping of the mythical creatures wings could not be stilled. Gavel pounding, heavy breathing from lobbyists in the gallery, and convoluted statements by elected leaders did not cause the beastie to fly away. Nope. Pegasus with its NSO Group logo branded on its comely haunch was present. Even mythical creatures can leave behind a mess.

And it appears as if the mess is semi-permanent and odiferous.

We’re Likely Only Seeing the Tip of the Iceberg of Pegasus Spyware Use Against the US” states:

US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. This, of course, is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.

I like the Hotel Rawanda reference. Younger elected officials may not know much about intelware, but they definitely know about the motion picture in my opinion. Hutus Tutsis and a big box office. A target of Pegasus. Credibility? Yep.

The hearings continue of July 28, 2022. According to the article:

Schiff called NSO’s software and similar eavesdropping tools “a threat to Americans,” and pointed to news reports from last year about cellphones belonging to US diplomats in Uganda being compromised by Pegasus. It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors,” Schiff said.

Google — the go to source for objective information — is allegedly tracking 30 firms “that sell exploits or surveillance capabilities to government-backed groups.

Just 30? Interesting, but, hey, Google knows surveillance cold I suppose.

A handful of observations:

  1. NSO Group’s Pegasus continues to capture attention like a Kentucky Derby winner which allegedly has banned substances rubbed on its belly. Some of those rub ons have a powerful scent. Even a boozy race track veterinarian can wince when checking a specific thoroughbred’s nether region.
  2. The knock on effect of NSO Group’s alleged management oversight means that scrutiny of intelware companies is going to spotlight the founders, funders, and stakeholders. I think this is like a deer standing on railroad tracks mesmerized by the bright white light heading down the rails at 60 miles per hour. In the train versus deer competitions in the past, trains hold a decided advantage.
  3. Individual companies in the specialized software business face an uncertain future.

How uncertain?

Regulations and bans seem to be on the menus in a number of countries. Also, there are a finite number of big dollar contracts for specialized software and smaller firms are going to have to get big fast, sell out to a larger company with multiple lines of law enforcement, defense, and intelligence revenue, or find a way to market without marketing “too well.”

And the “too well”?

Since NSO Group’s spotlight appearances, smaller intelware companies have had to be very careful abut their sales and marketing activities. Why? There are reporters from big time newspapers nosing around for information. There are online podcasts which have guests who talk about what specialized software can do, where the data originate, and how a “food chain” of information providers provide high value information. There are the tireless contributors of Twitter’s #OSINT threads who offer sometimes dumb and less frequently high-value nuggets about specialized services vendors. Finally, there are the marketers at specialized services firms themselves who use email blasts to tout their latest breakthroughs. Other small specialized software vendors prowl the niche law enforcement and intelligence conferences in search of sales leads. In some cases, there are more marketers than there are individuals who can license a data set, an analytics package, or the whole enchilada needed to monitor — how shall I phrase it — comprehensively. These energetic marketers learn that their employer becomes a journalist’s subject of interest.

Net net: When I reflect on the golden years of specialized software and services marketing, testing, and deploying, I have one hypotheses: NSO Group’s visibility has changed the game. There will be losers and a very few big winners. Who could have foreseen specialized software and services working like a bet on the baccarat tables in Monaco? Who anticipated NSO Group-type technology becoming “personal” to the US? I sure did not. The light at the end of the tunnel, once the train clears the deer, is that the discipline of “marketing without marketing too much” may become mainstream in France, Germany, Israel, Switzerland, and the US. I hear that train a-comin’ do you?

Stephen E Arnold, July 28, 2022

NSO Group: Lobbying Is Often Helpful

July 20, 2022

More NSO Group news. “Pegasus Spyware Maker NSO Is Conducting a Lobbying Campaign to Get Off U.S. Blacklist.” The article states as actual factual:

NSO has invested hundreds of thousands of dollars in the past year in payments to lobbyists, public relations companies and law firms in the U.S., in the hope of reversing the Biden administration’s November decision, according to public records filed under the Foreign Agent Registration Act and conversations with people familiar with the effort. These firms have approached members of the U.S. House and Senate, as well as various media outlets and think tanks across the U.S., on NSO’s behalf.

Who knew? NSO Group has been able to attract media attention for months.

The write up points out:

NSO is trying to get the matter raised during a meeting between U.S. President Joe Biden and Israeli Prime Minister Yair Lapid when the former visits Israel this week. In addition, NSO lobbyists unsuccessfully tried to set up a meeting between representatives of the company and U.S. National Security Adviser Jake Sullivan, but it did not take place. Asked for comment, an NSO spokesperson declined to comment on the campaign but “thanked” Shomrim for publishing an article on its efforts, which he described as “supportive.”

Interesting. Why won’t world leaders do what a high tech outfit providing specialized services want?

NSO Group has been trying to explain its position; for example, the cited article notes:

In a different letter distributed by the firm this year, NSO states it has “developed a human rights governance compliance program,” saying it would conduct a review of all users to see whether they might use the technology used to “violate human rights.”

In my upcoming lecture for a law enforcement group, I point out that with each passing day it is increasingly difficult to figure out what information is “valid”. As a result, the utility of open source information is eroding. Perhaps the Golden Age of OSINT is darkened with weaponized information?


Stephen E Arnold, July 20, 2022

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta