Specialized Technology: Why Processing Talk Can Be Helpful to Anyone

May 7, 2021

Some specialized services companies have provided cheat sheets for audio and video intercepts. I heard that this technology was under wraps and available only to those with certain privileges. Not any longer.

An outfit at Wordcab.com can perform what once was an intelligence function for anyone with Internet access, content, and a way to pay. Navigate to Wordcab.com and sign up. The company says:

Automagically summarize all your internal meetings. Wordcab creates detailed, natural-language summaries of all your meetings and sales calls. So you can focus on people, not paper.

Thumbtypers will thrill with the use of the word “automagically.” The service can ingest a Zoom recording and generate a summary. The outputs can be tweaked, but keep in mind, this is smart software, not Maxwell Perkins reincarnated as your blue pencil toting digital servant. There’s an API so the service can be connected to whizzy distributed services and, if you have a copy of Palantir Gotham-type software, you can do some creative analysis.

The idea is that the smart software can make an iPhone toting bro or bro-ette more efficient.

The key point is that once was a secret capability is now available to anyone with an Internet connection. And to those who don’t think there is useful information in TikTok-type services. Maybe think again?

Stephen E Arnold, May 7, 2021

Signal and Cellebrite: Raising Difficult Questions

April 22, 2021

Signal published an summary of its exploration of the Cellebrite software. Founded in Israel and now owned by the Japanese company Sun Corporation, Cellebrite is a frequent exhibitor, speaker, and training sponsor at law enforcement and intelligence conferences. There are units and subsidiaries of the company, which are not germane to this short blog post. The company’s main business is to provide specialized services to make sense of data on mobile devices. Yes, there are other use cases for the company’s technology, but phones are a magnet at the present time.

Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer from an App’s Perspective” makes clear that Cellebrite’s software is probably neither better nor worse than the SolarWinds, Microsoft Exchange Server, or other vendors’ software. Software has bugs, and once those bugs are discovered and put into circulation via a friendly post on a Dark Web pastesite or a comment in a tweet, it’s party time for some people.

Signal’s trope is that the Cellebrite “package” fell off a truck. I am not sure how many of those in my National Cyber Crime 2021 lectures will find that explanation credible, but some people are skeptics. Signal says:

[Cellebrite’s] products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.

The write up then points out vulnerabilities. The information may be very useful to bad actors who want to configure their mobile devices to defeat the Cellebrite system and method. As readers of this blog may recall, I am not a big fan of disclosures about specialized software for certain government entities. Others — like the Signal analysts — have a different view point. I am not going to get involved in a discussion of this issue.

What I want to point out is that the Signal write up, if accurate, is another example of a specialized services vendor doing the MBA thing of over promising, overselling, and over marketing a cyber security solution.

In the context of the cyber security threat intelligence services which failed to notice the not-so-trivial SolarWinds, Microsoft Exchange Server, and Pulse Secure cyber missteps — the Signal essay is important.

Let me express my concern in questions:

What if the cyber security products and services are not able to provide security? What if the indexes of the Dark Web are not up to date and complete so queries return misleading results? What if the auto-generate alerts are based on flawed  methods?

The cyber vendors and their customers are likely to respond, “Our products are more than 95 percent effective.” That may be accurate in some controlled situations. But at the present time, the breaches and the Signal analysis may form the outlines of a cyber environment in which expensive cyber tools are little more than plastic hammers and saws. Expensive plastic tools which break when subjective to real world work.

Stephen E Arnold, April 22, 2021

Did You Know You Had a LexID? No. Worth Checking Maybe

April 22, 2021

With ICE’s contract with Thomson Reuters’ CLEAR expiring, The Intercept reports, “LexisNexis to Provide Giant Database of Personal Information to ICE.” Apparently the company could not resist the $16.8 million contract despite downplaying its ties to the agency in the past. Once focused on providing data to legal researchers and law firms, reduced sales compelled LexisNexis to branch into serving law enforcement. The firm will be supplying Homeland Security agents with billions of records that aggregate data from sources both public and private, like credit histories, bankruptcy records, license plate photos, and cell phone subscriber info. Naturally, these profiles also come with analytics tools. Reporter Sam Biddle writes:

“It’s hard to wrap one’s head around the enormity of the dossiers LexisNexis creates about citizens and undocumented persons alike. While you can at least attempt to use countermeasures against surveillance technologies like facial recognition or phone tracking, it’s exceedingly difficult to participate in modern society without generating computerized records of the sort that LexisNexis obtains and packages for resale. The company’s databases offer an oceanic computerized view of a person’s existence; by consolidating records of where you’ve lived, where you’ve worked, what you’ve purchased, your debts, run-ins with the law, family members, driving history, and thousands of other types of breadcrumbs, even people particularly diligent about their privacy can be identified and tracked through this sort of digital mosaic. LexisNexis has gone even further than merely aggregating all this data: The company claims it holds 283 million distinct individual dossiers of 99.99% accuracy tied to ‘LexIDs,’ unique identification codes that make pulling all the material collected about a person that much easier. For an undocumented immigrant in the United States, the hazard of such a database is clear.”

Biddle notes that both LexisNexis and Thomson Reuters are official data partners of Palantir, which insists it is not, itself, a data company. It is, however, a crucial partner to law enforcement agencies at all levels across the US, as well as the security departments at several corporations. The firm supplies its clients, including ICE, with huge datasets, analysis tools, and consultants to help organizations track anyone of interest. Despite these partnerships, both Thomson Reuters and LexisNexis have largely escaped the controversy that has surrounded Palantir.

Biddle has trouble reconciling LexisNexis’ new contract with its insistence it is actually on the side of detainees because it supplies them with access to an e-library of legal materials. For its part, the firm takes pains to note the contract complies with President Biden’s Executive Order 13993, which revised immigration enforcement policies and DHS interim guidelines. We are reminded, though, that despite the new occupant of the Oval Office, those running ICE remain the same. It is their hands into which this astounding trove of personal data is being delivered.

Cynthia Murrell, April 22, 2021

Clearview AI Faces Lawsuit on Web Photo Scraping Practices

April 15, 2021

We knew that facial-recognition firm Clearview AI, which sells its software to law enforcement agencies throughout the US, scrapes the Web for our photos and any data connected to them. Several civil liberties groups are trying to put a stop to the practice. The Los Angeles Times reports, “Clearview AI Uses Your Online Photos to Instantly ID You. That’s a Problem, Lawsuit Says.” Writer Johana Bhuiyan tells us the firm has collected more than 3 billion photos from Facebook, Twitter, Google, Venmo, and other sites. We learn:

“It also has caught the attention of civil liberties advocates and activists, who allege in a lawsuit filed Tuesday that the company’s automatic scraping of their images and its extraction of their unique biometric information violate privacy and chill protected political speech and activity. The plaintiffs — four individual civil liberties activists and the groups Mijente and NorCal Resist — allege Clearview AI ‘engages in the widespread collection of California residents’ images and biometric information without notice or consent.’ This is especially consequential, the plaintiffs argue, for proponents of immigration or police reform, whose political speech may be critical of law enforcement and who may be members of communities that have been historically over-policed and targeted by surveillance tactics. Clearview AI enhances law enforcement agencies’ efforts to monitor these activists, as well as immigrants, people of color and those perceived as ‘dissidents,’ such as Black Lives Matter activists, and can potentially discourage their engagement in protected political speech as a result, the plaintiffs say.”

The suit, filed in Alameda County Superior Court, seeks an injunction forcing Clearview to not only cease collecting photos and other biometric information in California, but to also delete all biometric data and personal information from their databases. Meanwhile in Illinois, the American Civil Liberties Union is suing the company, charging it has violated that state’s biometric privacy law. Officials in the European Union and Canada have also expressed concerns. We are unsure how much traction these suits and objections will get, however. Clearview insists it is in full compliance with the law, and cites the First Amendment in defending its databases. Besides, as Bhuiyan notes, citizens are getting used to a low expectation of privacy.

Amazon’s policeware efforts have avoided this type of publicity. Why?

Cynthia Murrell, April 15, 2021

DarkCyber for February 23, 2021 Is Now Available

February 23, 2021

DarkCyber, Series 3, Number 4 includes five stories. The first summarizes the value of an electronic game’s software. Think millions. The second explains that Lokinet is now operating under the brand Oxen. The idea is that the secure services’ offerings are “beefier.” The third story provides an example of how smaller cyber security startups can make valuable contributions in the post-SolarWinds’ era. The fourth story highlights a story about the US government’s getting close to an important security implementation, only to lose track of the mission. And the final story provides some drone dope about the use of unmanned aerial systems on Super Bowl Sunday as FBI agents monitored an FAA imposed no fly zone. You could download the video at this url after we uploaded it to YouTube.

But…

YouTube notified Stephen E Arnold that his interview with Robert David Steele, a former CIA professional, was removed from YouTube. The reason was “bullying.” Mr. Arnold is 76 or 77, and he talked with Mr. Steele about the Jeffrey Epstein allegations. Mr. Epstein was on the radar of Mr. Steele because the legal allegations were of interest to an international tribunal about human trafficking and child sex crime. Mr. Steele is a director of that tribunal. Bullying about a deceased person allegedly involved in a decades long criminal activity? What? 

What’s even more interesting is that the DarkCyber videos, which appear every 14 days focus on law enforcement, intelligence, and cyber crime issues. One law enforcement professional told Mr. Arnold after his Dark Web lecture at the National Cyber Crime Conference in 2020, you make it clear that investigators have to embrace new technology and not wait for budgets to accommodate more specialists.

Mr. Arnold told me that he did not click the bright red button wanting Google / YouTube to entertain an appeal. I am not certain about his reasoning, but I assume that Mr. Arnold, who was an advisor to the world’s largest online search system, was indifferent to the censorship. My perception is that Mr. Arnold recognizes that Alphabet, Google, and YouTube are overwhelmed with management challenges, struggling to figure out how to deal with copyright violations, hate content, and sexually related information. Furthermore, Alphabet, Google, and YouTube face persistent legal challenges, employee outcries about discrimination, and ageing systems and methods.

What does this mean? In early March 2021, we will announce other video services which will make the DarkCyber video programs available.

The DarkCyber team is composed of individuals who are not bullies. If anything, the group is more accurately characterized as researchers and analysts who prefer the libraries of days gone by to the zip zip world of thumbtypers, smart software, and censorship of content related to law enforcement and intelligence professionals.

Mr. Arnold was discussing online clickfraud at lunch next week. Would that make an interesting subject for a DarkCyber story? With two firms controlling more than two thirds of the online advertising, click fraud is a hot potato topic. How does it happen? What’s done to prevent it? What’s the cost to the advertisers? What are the legal consequences of the activity?

Kenny Toth, February 23, 2021

Microsoft GitHub Goodie: Social Profile Finder

February 22, 2021

Do you want to locate the social media profile of a person? How about locating that social media profile across several hundred online services? Sounds good, doesn’t it? You can try this open source tool by navigating to Social Analyzer, downloading the code, and reading the documentation. Is this open source software as good as some of the tools available from specialized service providers? The answer is, “In some situations, it’s close enough to horseshoes.” The GitHub information says:

This project is “currently used by some law enforcement agencies in countries where resources are limited”.

Do some commercial specialized services providers charge their customers for access to this tool? Does Vladimir Putin have a daughter who is an expert dancer?

There are some interesting functions in this open source package; for example:

  • Email detection
  • Use of OCR to make sense of content in images
  • String and entity name analysis.

Having a user name and password for each system may come in handy as well. Microsoft is a helpful outfit in some ways.

Stephen E Arnold, February 22, 2021

Amazon: Putting Eyes on Humans

February 17, 2021

Amazon may have a new driver at the controls of the Bezos bulldozer, but the big orange machine keeps pushing monitoring technology. “Amazon’s Driver Monitoring App Is an Invasive Nightmare” does not like the system the online bookstore uses to keep an eye on human delivery drivers. The write up states:

Mentor is made by eDriving, which describes the app on its website as a “smartphone-based solution that collects and analyzes driver behaviors most predictive of crash risk and helps remediate risky behavior by providing engaging, interactive micro-training modules delivered directly to the driver in the smartphone app.”

From my tumble down shack in rural Kentucky, the Bezos bulldozer seems to be using technology from an outfit called eDriving. There are several options available to the online bookstore. Amazon can continue to pay eDriving. Amazon can clone the system. Amazon can acquire the company, people, or technology.

Based on my on-going research into Amazon’s surveillance capabilities, the enhanced cameras, the online hook to the AWS mothership, and the use of third-parties to nudge monitoring forward is still in its early days. Amazon moves slowly and in a low profile way. Most law enforcement and intelligence organizations observe Amazon the way a tourist does a turtle in the Galapagos: Check out where the turtle is after breakfast and then note that the darned thing moved behind a rock a few fee away by noon. No big deal. Turtles move, right? Turtles are not gazelles, right?

Several observations:

  1. Amazon chugs along in a sprightly manner behind the curtain separating public use of a system like Mentor
  2. Amazon time makes it difficult for some observers to note significant change in a system or technology
  3. The trick to figuring out where Amazon is headed in surveillance systems is to step back and observe the suite of systems.

What does one learn?

How about Amazon as the plumbing for many of the widely used policeware and intelware systems? Who knew that Palantir Technologies is a good Amazon customer? Maybe not IBM which inked a deal with the chipper Denver based “ride ‘em cowboy” policeware firm.

How useful would Amazon’s monitoring technology be if connected to a Palantir content intake system? My guess is that it would be quite useful, and it would require the Amazon cloud to work. What’s that mean for cloud competitors like Google, IBM, and Microsoft?

Amazon’s policeware and intelware approach is a lock in dream. Where could a Mentor-type system be useful to investigators?

Sorry. I can’t think of a single use case. Ho ho ho.

Stephen E Arnold, February 17, 2021

A Tattoo Can Monitor Your Brainwaves

February 17, 2021

Most tattoos are works of art, but some people inject ink into their skin for medical reasons. Medical tattoos often list allergies or say “DNR” (do not resuscitate) on a person’s chest. Digital Trends share that a new type of tattoo ink can monitor brainwaves in the article: “This Game-Changing Graphene Tattoo Can Continuously Monitor Your Brainwaves.”

Brain Scientific, Inc. was founded by Baruch “Boris” Goldstein and specializes in special tattoos. These tattoos are inked on your head with a special grapheme ink, so they can monitor brainwaves. Here is a more accurate description:

“To be clear, Brain Scientific’s new Brain E-Tattoo doesn’t resemble any piece of ink you’ve seen before. It’s a small patch, about the size of a postage stamp that looks, for all intents and purposes, like a microchip wafer affixed above the ear of the wearer. While the company uses the word “tattoo” to describe it, it’s more accurately referred to as a minimally invasive, implantable, 4-channel, micro electroencephalography (EEG) with grapheme electrodes for continuous brain monitoring. And there’s a chance this bit of cyborg tech could one day help save your life.”

The idea is that the grapheme-based electrodes will be connected to a micro EEG to analyze brain patterns and alert you to abnormal brain patterns like seizures and Alzheimer’s.

Brain Scientific specializes in AI technology, but they transitioned into hardware when they could not find the right tools. Goldstein wants the grapheme tattoo to eventually replace EEG headsets and continuously monitor brain activity. With the recorded brain activity, medical professionals can observe how any changes differ from past neurological data. The grapheme tattoo can also monitor other body functions.

Grapheme tattoos may one day be programmed to download information directly into your brain. Companies like Apple, Facebook, and Google will have different grapheme tattoo types and sell exclusive content. How long before those get on the market?

Whitney Grace, February 17, 2021

IBM Acknowledges That Palantir Technologies Is Winning the Battle for Policeware and Intelware

February 9, 2021

I read “Palantir Surges on Deal to Offer Software through IBM.” Yep, the new IBM has apparently accepted reality: Its i2 Analysts Notebook products aren’t the powerhouses they were when Mike Hunter’s company was the go-to policeware and intelware product.

According to the “real” news outfit Bloomberg:

Palantir Technologies Inc. and International Business Machines Corp.are uniting in a partnership that will dramatically expand the reachof Palantir’s sales force while making IBM’s ownartificial-intelligence software easier for non-technical customers touse…

Why? The write up reveals:

Without providing a time frame, Thomas [IBM wizard] said he expects the partnershipto help boost IBM’s customers using AI to 80% from its current 20%. Palantir Chief Operating Officer Shyam Sankar said the technical fitwith IBM and its reach are part of his company’s long-term effort tofinally ramp sales. In addition to commercial customers, governmentcontracts have surged both in number and size during the pandemic. “This is the biggest [partnership] we’ve announced — expectmore,” Sankar said. He said he expects to triple Palantir’sdirect-sales team to about 100 this year, a significant hike for acompany whose management once prided itself on not employing a singlesalesperson.

A couple of minor points:

  • Anyone remember the litigation between Palantir and i2 about intellectual property? Of course not.
  • What Palantir executives were named in the i2 litigation? (This is a really good question by the way?)
  • Do the Palantir solutions generate really happy licensees?
  • How do the former i2 professionals perceive this tie up?
  • How will the deal impact Palantir’s present cloud services providers?

These are questions which “real” news entities do not ask or answer.

Stephen E Arnold, February 9, 2021

Mobile and Social Media Users: Check Out the Utility of Metadata

January 15, 2021

Policeware vendors once commanded big, big bucks to match a person of interest to a location. Over the last decade prices have come down. Some useful products cost a fraction of the industrial strength, incredibly clumsy tools. If you are thinking about the hassle of manipulating data in IBM or Palantir products, you are in the murky field of prediction. I have not named the products which I think are the winners of this particular race.

image

Source: https://thepatr10t.github.io/yall-Qaeda/

The focus of this write up is the useful information derived from the deplatformed Parler social media outfit. An enterprising individual named Patri10tic performed the sort of trick which Geofeedia made semi famous. You can check the map placing specific Parler uses in particular locations based on their messages at this link. What’s the time frame? The unusual protest at the US Capitol.

The point of this short post is different. I want to highlight several points:

  1. Metadata can be more useful than the content of a particular message or voice call
  2. Metadata can be mapped through time creating a nifty path of an individual’s movements
  3. Metadata can be cross correlated with other data. (If you attended one of my Amazon policeware lectures, the cross correlation figures prominently.)
  4. Metadata can be analyzed in more than two dimensions.

To sum up, I want to remind journalists that this type of data detritus has enormous value. That is the reason third parties attempt to bundle data together and provide authorized users with access to them.

What’s this have to do with policeware? From my point of view, almost anyone can replicate what systems costing as much as seven figures a year or more from their laptop at an outdoor table near a coffee shop.

Policeware vendors want to charge a lot. The Parler analysis demonstrates that there are many uses for low or zero cost geo manipulations.

Stephen E Arnold, January 15, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta