Information Allegations Directed at Some Law Enforcement Entities
January 26, 2022
Before the advent of modern technology, police states were limited in the amount of surveillance they could conduct. As technology advances, the amount of information police can extract from people’s devices is as scary as science fiction. El Poder Deportivo explains a frightening surveillance tool US police are now using: “AI-Driven People Surveillance: US Cops Reportedly Utilizing Invasive Tool To Grab Candidates’ Social Media Marketing, Pornhub and Tinder.”
Police in Michigan are using a tool called SocialNet that captures data from social media and other pertinent Web sites. ShadowDragon is responsible for inventing SocialNet. Unfortunately or fortunately, depending on your political stance, Michigan is not the only state that is ShadowDragon’s customers. Massachusetts and the US Department of Immigration are on that list.
Law enforcement officials are not broadcasting they are using SocialNet, but the information it is in use is available after a little detective work. Michigan nor ShadowDragon admit what agencies are using SocialNet, but documents show that it was purchased through a third party called Kaseware.
Local and state governments spent a lot of money on the SocialNet application. Authorities are also whitewashing their justification for purchasing and using SocialNet.
It is not surprising that US police are using advances tools to collect people’s personal information. Law enforcement and governments have been doing that for centuries. The bigger question to ask if the US police are collecting the information lawfully or illegally?
“Likening ‘predictive policing’ to ‘AI-driven racial profiling and society surveillance,’ the United states Civil Liberties Union (ACLU) Michigan workplace observed that ShadowDragon tools broken the “basic right to confidentiality.” In a number of tweets, the ACLU required the usage of such hardware https://datingmentor.org/escort/pomona/ to finish.”
SocialNet will probably be used in both positive and negative ways. It will capture plenty of evidence to put bad actors behind bars as well as hinder individuals who the governments do not like. In the wake of the NSO Group’s publicity tsunami, more specialized software vendors are likely to be subject to scrutiny.
Whitney Grace, January 26, 2022
ShadowDragon Profiled by Esteemed Tech Expert Kim Komando
January 13, 2022
This is an interesting turn of events. Policeware vendor ShadowDragon has been profiled by computer guru-ette Kim Komando on her Tech Refresh podcast episode, “Software Tracking Everything You Do, New iPhone, Alexa on Wheels.” The video’s description reads:
“Have you heard of ShadowDragon? It collects data from 120 major sites going back a decade. Yes, 10 years of info about YOU. Plus, the iPhone 13 and iOS 15 are here, along with Amazon’s new smart home gear, including Astro, the Echo on wheels.”
Yes, we have heard of ShadowDragon. The security company mines data from more than 120 social-media websites, archives results for a decade, and shares the information with its law-enforcement clients around the world. ShadowDragon boasts its software can take an investigation down “from months to minutes.” The podcast starts discussing the company at timestamp 13:05, warning one would have to refrain from social media altogether to avoid its reach. The inclusion seems to support our prediction that reporters are becoming more aware of, and reporting more on, such specialized service vendors. This will make it harder for such firms to keep their generally preferred low profiles. Based in Cheyenne, Wyoming, ShadowDragon was founded in 2015.
For those curious, that podcast episode also discussed the newest iPhones, covered some weird news stories, and reviewed smart floodlights, among other wide-ranging topics. Their coverage of Amazon’s Astro home robot caught the attention of this Alexa-wary writer—apparently the device is so thirsty to identify folks with facial recognition it will (if left in “patrol” mode) follow guests around until it can identify them. It also, according to Motherboard, tracks everything owners do.
Cynthia Murrell, January 13, 2021
Foreshadowing 2022: Specialized Software Companies May Face Bumps in the Information Highway
January 6, 2022
At one international intelligence conference, representatives of NSO Group were in good humor. The revelations about the use of their Pegasus system were, according to one person in attendance, great marketing. It struck me that this person who was sharing his impressions with me about NSO Group’s participation in a cocktail party, did not appreciate the power of marketing.
Specialized software vendors are now becoming part of the software landscape. “Former US Intelligence Analysts Sued For Hacking A Saudi Activist’s Phone On Behalf Of The United Arab Emirates” reports that there are risks to those who sign on to work for certain firms who obtain access to quite interesting software, tools, and and systems which allow confidential information to be made un-confidential.
The write up explains:
Three former US intelligence community analysts (two of which worked for the NSA) were fined $1.68 million for utilizing powerful hacking tools to target dissidents, activists, journalists, and the occasional American citizen for the UAE government.
Additional lawsuits are likely to be filed.
Here’s my take on the specialized software vendors in 2022:
- Scrutiny and discussion of the companies providing governments with sophisticated surveillance and intelligence gathering systems will increase
- The attention is going to make clear additional details about how these tools and systems accomplish their tasks. That information is going to diffuse. Actors will innovate and accelerate their efforts to increase the capabilities of unregulated and uncontrolled surveillance software.
- Some of the specialized software vendors will have to shift their strategy. News releases about tie ups between specialized software companies may not be helpful in closing deals.
My hunch is that specialized software vendors will have to lower their profiles, rethink their marketing and positioning, and find a way to take more responsibility for their innovations. Since many specialized software vendors operate networks which validate and monitor their software’s operations, isn’t that a mechanism to take a more responsible approach to the use of what some like the Citizen’s Lab and the Electronic Frontier Foundation consider weapons?
My thought is that the Facebook-type approach has become popular among some specialized software vendors. But I don’t think 2022 will see a significant change in the vendors’ behavior. Those who monitor the sector, however, will amp up their activities.
Stephen E Arnold, January 5, 2022
Voyager Labs: Another NSO Group Moment?
January 6, 2022
Facebook has called out the significant but low-profile firm Voyager Labs, which creates and sells popular AI-based investigation tools, for helping the Los Angeles police department breach its terms of service. We learn from LaptrinhX News, “LAPD Allegedly Warned by Tech Giant to Stop Creating and Using Phony Accounts to Spy on Criminal Suspects.” The write-up reproduces the warning letter interspersed with commentary. The missive states Facebook learned of the dummy accounts from nonpartisan law and policy institute The Brennan Center for Justice. It warns:
“To the extent these practices are ongoing they violate our terms of service. While the legitimacy of such policies may be up to the LAPD, officers must abide by Facebook’s policies when creating accounts on our services. The Police Department should cease all activities on Facebook that involve the use of fake accounts, impersonation of others, and collection of data for surveillance purposes.”
The letter goes on to avow Facebook’s commitment to creating a safe haven for free expression and respect for users’ First Amendment rights. The line about concern for user safety comes across a bit strained amid the company’s current struggles, but no matter. We are more interested in the outfit that reportedly handed the LAPD a tool to make managing fake personas on Facebook easy. The letter states:
“It has also come to our attention that the LAPD has used a third-party vendor to collect data on our platforms regarding our users. Under our policies, developers are prohibited from using data obtained on our platforms for surveillance, including the processing of platform data about people, groups, or events for law enforcement or national security purposes. . . . We regard the above activity as a breach of Facebook’s terms and policies, and as such, we will disable any fake accounts that we identify and take action against third-party vendor conduct that violates our terms.”
Though Facebook did not name the vendor in its letter of admonishment, Breitbart reports The Brennan Center specified Voyager Labs as the culprit. That firm sells to government and law enforcement agencies and to private companies around the world. Founded in 2012 by a former Israeli intelligence agent of two decades, Voyager Labs keeps its R&D department in Tel Aviv, its headquarters in New York City, and satellite offices in Europe, Latin America, and the Asia-Pacific.
Cynthia Murrell, January 6, 2022
Can Policeware Make Corporate Sales?
January 5, 2022
How can makers of policeware jump into the corporate market and thrive? One approach: scare private companies into believing their current techniques are dangerously inadequate. That is the approach Cobwebs Technologies is taking with its recent open letter to corporate security teams. Miscw reproduces an excerpt from their missive in, “Overcoming the Pitfalls of Poor Corporate Intelligence: What Security Teams Need to Get Ahead.” Cobwebs director/ letter writer Johnmichael O’Hare warns:
“Organizations naturally settle on practices that have worked in the past. They may limit their threat scanning to a limited number of social media platforms, for example. Such narrowly focused inquiries, however, fail to account for fast-moving changes in web-based platforms, forums, and chat groups. Users discouraged from posting inflammatory messages on one mainstream platform will frequently move to lesser-known, alternative platforms. … Corporate security teams must also keep tabs on information sources and repositories housed in the deep web and the dark web, both of which are not indexed by conventional search engines. Those web layers contain a multitude of data that could threaten a business. The dark web, in particular, harbors numerous sites and markets trafficking in login credentials, trade secrets, email addresses, credit card numbers, and tools for engaging in cyberattacks. Dark web forums, which suddenly surface and just as rapidly disappear, can also contain information relevant to a corporate security investigation. In short, the organization still dependent on social media channels for threat assessment needs to broaden its horizons.”
And what better way to do so than to enlist the aid of an outfit like Cobwebs? This is not the first Israeli-founded government-agency vendor to try penetrating the corporate market; it follows the likes of Voyager Labs and others. Founded in 2015, OSINT-centric firm Cobwebs is now headquartered in New York City.
Cynthia Murrell, January 4, 2021
Specialized Software Vendors: Should They Remember the Domino Theory?
December 15, 2021
Lining up dominoes, knocking one down, and watching the others in a line react to what some non-nuclear types call a chain reaction is YouTube fodder. One can watch geometric growth manifested in knocked down dominoes. Click here for the revelation. We may have some domino action in the specialized software and services market. This “specialized software and services” is my code word for developers of intelware and policeware.
“US Calls for Sanctions against NSO Group and Other Spyware Firms” reports:
a group of politicians (including Senate Finance Committee chair Ron Wyden, House Intelligence Committee chair Adam Schiff and 16 other Democrats) accuses NSO and three other foreign surveillance firms of helping authoritarian governments to commit human rights abuses.
And what firms are the intended focus of this hoped for action? According to the write up, the companies are:
- Amesys (now called Nexa Technologies). This was a company which found purchase in some interesting countries bordering the Mediterranean, garnered some attention, and morphed into today’s organization.)
- DarkMatter (based in United Arab Emirates). This is an interesting outfit which has allegedly recruited in the US and possibly developed a super duper secure mobile device. The idea was to avoid surveillance. Right?
- Trovicor (based in Germany) once was allegedly a unit of Nokia Siemens Networks and is mentioned in a fiery write up called “Explosive Wikileaks Files Reveal Mass Interception of Entire Population.” That’s a grabber headline I suppose. True or false? I have zero idea but it illustrates the enthusiasm some evidence when realizing that interesting companies provide some unique services to their customers.
The reason for the hand waving is the publicity the NSO Group has inadvertently generated.
Will the knock on NSO Group have an impact on Amesys Nexa, DarkMatter, and Trovicor? Those YouTube videos may foreshadow what might happen if government officials look for the more interesting and more technologically advanced specialized software and services companies. Where can one find a list of such organizations? Perhaps the developer of the new OSINT service knows? Curious? Write darkcyber333 @ yandex dot com.
Stephen E Arnold, December 15, 2021
NSO Group: How about That Debt?
December 14, 2021
The NSO Group continues to make headlines and chisel worry lines in the faces of the many companies in Israel which create specialized software and systems for law enforcement and intelligence professionals. You can read the somewhat unpleasant news in Bloomberg’s report, the Financial Times’ article, and Gizmodo’s Silicon Valley-esque write up. Gizmodo said:
the company’s cumbersome mixture of unpaid debts and growing international scrutiny have made NSO a bloated pariah and is forcing its leadership to consider shutting down its Pegasus spyware unit. Selling the entire company is also reportedly on the table.
First, the reports suggest, without much back up, that NSO Group has about a half a billion US in debt. This is important because it underscores what is the number one flaw in the jazzy business plans of companies making sense of data and providing specialized services to law enforcement, intelligence, and war fighting entities. Here’s my take:
Point 1. What was secret is now open and easily available information.
Since Snowden, the systems and methods informing NSO Group and dozens of similar firms are easy to grasp. Former intelligence professionals can blend what Snowden revealed with whatever these individuals picked up in their service to their country, create a “baby” or “similar” solution and market it. This means that there are more surveillance, penetration, intercept, and analysis options available than at any other time in my 50 year career in online information and systems. Toss in what’s in the wild from dumps of FinFisher and Hacking Team techniques and the gold mine of open source code, and it should be no surprise that the NSO Group’s problem is just the tip of an iceberg, a favorite metaphor in the world of surveillance. None of the newsy reports grasp the magnitude of the NSO Group problem.
Point 2. There’s a lot of “smart” money chasing a big pay day from software purpose built for law enforcement, intelligence, and military operations. VC cows in herds, however, are not that smart or full of wisdom.
There are many investors who buy the line “cyber crime and terrorism” drive big, lucrative sales of specialized software and systems. That’s partially correct. But what’s happened is that the flood of cash has generated a number of commercial enterprisers trying to covert those dollars into highly reliable, easy to use systems. The presentations at off the radar trade shows promise functionality that is almost science fiction. The situation today is that there is a lot of hyper marketing going on because there’s money to apply some very expensive computational methods to what used to be largely secret and manual work. A good case for the travails of selling and keeping customers is the Palantir Technologies’ journey which is more than a decade long and still underway. The marketing is seeping from conferences open only to government agencies and those with clearances to advertising trade shows. I think you can see the risk of moving from low profile or secret government solutions to services for Madison Avenue. I sure can.
Point 3. Too few customers to go around.
There are not enough government customers with deep pockets for the abundant specialized services and systems which are on offer. In this week’s DarkCyber at this link, you can learn about the vendors at conferences where surveillance and applied information collection and analysis explain their products and services. You can also learn that the Brennan Center has revealed documents obtained via FOIA about Voyager Labs, a company which is also engaged in the specialized software and services business. Our DarkCyber report makes clear that license fees are in six figures and include more special add ins than a deal from a flea market vendor selling at the Clignancourt flea market. Competition means prices are falling, and quite effective systems are available for as little as a few hundred dollars per month and sometimes even less. Plus, commercial enterprises are often nervous when the potential customer realizes the power of specialized software and services. Stalking made easy? Yep. Spying on competitors facilitated? Yep. Open source intelligence makes it possible to perform specialized work at a quite attractive price point: Free or a few hundred a month.
What’s next?
Financial wizards may be able to swizzle the NSO Group’s financial pickles into a sweet relish for a ball park frank. There will be other companies in this sector which will face comparable money challenges in the future. From my perspective, it is not possible to put the spilled oil back in the tanker and clean the gunk off the birds now coated in crude.
Policeware and intelware vendors have operated out of sight and out of mind in their bubble since i2 Ltd. in the late 19909s rolled out the Analysts Notebook solution and launched the market for specialized software. The NSO Group’s situation could be or has already shoved a hat pin in that big, fat balloon.
More significantly, formerly blind and indifferent news organizations, government agencies, and potential investors can see what issues specialized software and services pose. More reporting will be forthcoming, including books that purport to reveal how data aggregators are spying on hapless Instagram and TikTok users. Like most of the downstream consequences of the so called digital revolution, NSO Group’s troubles are the tip of an information iceberg drifting into equatorial waters.
Stephen E Arnold, December 14, 2021
Siren 12 Security Platform Relies on Elasticsearch
December 13, 2021
Here is an example of Elastic being stretched a different way. The Intelligence Community News announces, “Siren Releases Siren 12.” The new version of Siren’s security search and analysis platform relies heavily on Elasticsearch—it incorporates Elastic Platinum subscriptions and will support Elasticsearch v8 (still in alpha). Siren 12 consolidates investigative tools for law enforcement, intelligence, and cyber security organizations. Writer Loren Blinde specifies:
“Siren’s latest release makes it easier for users to organize and join data in a way that suits their requirements, with intuitive UI driven schema editing and ETL. It allows organizations to forensically analyze device data and link it to other available data sources. Siren 12 enables investigators to not only browse existing information, but also to create new records and edit graphs freely, for the first time merging the ‘analysis’, the ‘data entry’ and ‘hypothesis and presentation’ phases in investigation in a single intuitive interface. Lastly Siren doubles down on Investigative AI capabilities by introducing Siren Vision, a deep learning based toolkit for automatic image annotation and classification, integrating with Elastic’s anomaly and outlier detection in a way that is consistent with Siren Investigative use cases.”
We note the emphasis on AI; it seems the security field is not letting concerns over algorithmic bias slow it down. Siren execs call this version a huge step forward and hopes it will position their platform as the go-to global reference investigative intelligence platform. Founded in 2014, the company is based in Galway, Ireland.
Cynthia Murrell December 13, 2021
Palantir Technologies: On the Runway for a Trillion Dollar Take Off?
November 29, 2021
Palantir Technologies is an interesting company. Its technology is a combination of 2003 legacy innovations, some open source goodness, and 18 years of working hard to put a fence around policeware, intelware, financial fraud, and a handful of other markets. It sure seems to me that The Motley Fool, who is neither motley nor a fool, believes that this financial benchmark is a possibility; otherwise, why write the story? PR, stock churn, controversy, to catch the attention of observers and sideline sitters like myself? I don’t know, but with Apple putting the PR in PRivacy, who knows?
The premise is interesting. I noted this passage in the Motley and Fool write up called “Will Palantir Be a Trillion Dollar Stock by 2042“:
Palantir is valued at $41.3 billion, or 27 times this year’s sales.
Good but with unicorns being birthed with Malthusian energy, there may be some boundaries on Palantir’s ambitions. (I will mention a couple of them at the close of this blog post.)
The write up also states:
The company expects that growth to be driven by its new and expanded contracts with government agencies, as well as the growth of its Foundry platform for large commercial customers. The accelerating growth of its commercial business over the past year, which notably outpaced the growth of its government business last quarter, supports that thesis.
I noted this statement, which I find somewhat amusing:
The company has gained a firm foothold with the U.S. government, but it still faces competition from internally developed systems. Immigration and Customs Enforcement (ICE), for example, has been developing its own platform to replace Palantir’s Falcon. If other agencies follow ICE’s lead, the company’s dream of becoming the “default operating system for data across the U.S. government” could abruptly end.
I assume that Messrs. Motley and Fool know something about government procurement, why US and EU agencies license multiple systems, and stimulate internal innovation. Yep, I am thinking about DoD incubation centers and 18f. To Motley’s and Fool’s analysis, I tip my fake fur hat to the mention of Amazon as a competitor. Many don’t understand the scope of Amazon’s government services, and probably if told, still wouldn’t grasp the online bookstore as provider of streaming business data and slick AWS blockchain tools.
Let me share some of the hurdles that the galloping stallion has to clear after 18 years on the track:
- The NSO Group dust up has changed the table stakes for policeware and intelware outfits which seek to expand into commercial markets. The impact of NSO Group has been biting Israeli firms, but who knows what will happen tomorrow. The past is not a reliable predictor in today’s flash mob environment.
- The newer methods developed since Palantir opened for “business” are impressive. Many are more capable than Palantir because many tasks with which a trained Palantir forward deployed engineer must engage are point-and-click. Check out Datawalk, Sphinx 12, or a few of the Tel Aviv based outfits’ methods. (A ton of Voyager insider information has been dumped online courtesy of FOIA and the LAPD.)
- Crime is rising, but cyber crime in its multiferous manisfestations is sky rocketing. That means that the vendors pitching solutions could face buyer remorse. What will some of those who find that nifty smart software is not too much of a barrier to novel exploits engendered by the good enough software approaches of Google-Android type coding or Microsoft cloud-type engineering? Maybe some big time litigation?
Net net: From my perspective Palantir Technologies is an intelware and policeware outfit which has to deal with upstart competitors, tough to predict regulation and trade controls, and the looming shadow of buyer remorse which will fall across the cyber intelligence sector and hit vendors indiscriminately.
A trillion dollar outfit? Is there an NFT for Seeing Stones yet?
Stephen E Arnold, November 29, 2021
Frisky Israeli Cyber Innovators Locked Down and Confined to Quarters
November 26, 2021
Before the NSO Group demonstrated remarkable PR powers, cyber centric companies in Israel were able to market to a large number of prospects. Conference organizers could count on NSO Group to provide speakers, purchase trade show space, and maybe sponsor a tchotchke for attendees. Governments and even some commercial enterprises knew about NSO Group’s technological capabilities and the firm’s ability to provide a network which eliminated quite a bit of the muss and fuss associated with mobile device surveillance, data analysis, and related activities.
How did that work out?
The PR sparked “real journalists” to use their powers of collecting information, analyzing those items, and making warranted conclusions about NSO Group’s enabling activities. Sure, pesky Canadian researchers were writing about NSO Group, but there wasn’t a “real news” story. Then… bingo. A certain individual associated with a “real news” organization was terminated and the arrows of data and supposition pointed to NSO Group’s capabilities and what one of the firm’s alleged customers was able to do with the system.
The journalistic horses raced out of the gate, and the NSO Group became a “thing.”
Vendors of specialized software are not accustomed to the spotlight. Making sales, collecting fees, and enjoying pats on the backs from colleagues who try hard to keep a low, low profile are more typical activities. But, oh, those spotlights.
The consequences have been ones to which cyber innovators like to avoid. Former superiors send email asking, “What are you doing?” Then government committees, consisting of people who don’t know much about next generation technologies, have to be briefed. And those explanations are painful because the nuances of cyber centric firms are different from explaining how to plug in a Tesla in Tel Aviv. Oh, painful.
Now, if the information in the Calcalist’s article “The Ministry of Defense Has Cut by Two-Thirds the Number of Countries That Cyber Companies Can Sell To” is accurate, the Israeli government has put a shock collar on NSO Group’s ankle and clamped the devices on other firm’s well-formed, powerful legs as well. The message is clear: Stay in bounds or you will be zapped. (I leave it to you to figure out what “zap” connotes.)
The publication’s story says:
The [Israeli] Ministry of Defense has cut by two-thirds the number of countries that cyber companies can sell to The previous list included 102 countries to which cyber exports are allowed, and now it includes only 37 countries. The latest list from the beginning of November does not include countries such as Morocco, Mexico, Saudi Arabia and the United Arab Emirates.
Who’s at fault? The Calcalist offers this statement:
It is implied that Israel used in a very permissive manner the special certificates that it may grant and was in any case aware of where the Israeli society is known. It is important to note that the new list includes companies to which cyber can now be exported and it is possible that in the past lists there were other countries to which systems could be exported without fear.
My knowledge of Hebrew is lousy and Google translate is not helping me much. The main idea is that up and down the chain of command, the “chain” was not managed well. Hence, the PR gaffes, the alleged terminations, and the large number of high intensity lights directed at companies which once thrived in the shadows.
Some observations:
- Countries unable to acquire the technology associated with NSO Group are likely to buy from non-Israeli firms. Gee, I wonder if China and Russia have specialized software vendors who will recognize a sales opportunity and not do the PR thing in which NSO Group specialized?
- The publicity directed at NSO Group has been a more successful college class than the dump of information from the Hacking Team. A better class may translate to more capable coders who can duplicate and possibly go beyond the Israeli firms’ capabilities. This is a new state of affairs in my opinion.
- Cyber technologies are the lubricant for modern warfare. Israel had a lead in this software sector. It is now highly likely that the slick system of government specialists moving into the private sector with “support” from certain entities may be changed. Bummer for some entrepreneurs? Yep.
Net net: The NSO Group’s PR excesses — combined with its marketing know how — has affected a large number of companies. Keeping secrets is known to be a wise practice for some activities. Blending secrecy with market dynamics is less wise in my experience. This NSO Group case is more impactful than the Theranos Silicon Valley matter.
Stephen E Arnold, November 25, 2021