NSO Group Knock On: Live from Madrid
May 10, 2022
The NSO Group fan Paz Esteban has been gored (metaphorically speaking, of course). “Spain’s Spy Chief Sacked after Pegasus Spyware Revelations” reports that “Paz Esteban reportedly loses job after Catalan independence figures were said to have been targeted.” How about those hedging Latinate structures. The write up alleges:
Paz Esteban reportedly confirmed last week that 18 members of the Catalan independence movement were spied on with judicial approval by Spain’s National Intelligence Centre.
I suppose spying on the Barcelona football team makes sense if one roots for Real Madrid. It is a stretch that 18 individuals who want to do a 180 degree turn away from Madrid’s approach to maintaining law, order, health, peace, prosperity, etc. etc.
The write up notes:
Esteban reportedly confirmed last week to a congressional committee that 18 members of the Catalan independence movement were spied on with judicial approval by Spain’s National Intelligence Centre (CNI), leaving the Catalan regional government demanding answers.
Yep, the action was approved. Life would have been more like a late dinner than a burger from a fantastic American fast food restaurant. That’s the problem. The gobbling of the fries was approved by lawyers.
That’s a crisis. Making the spry 64 year old Ms. Esteban López the beard is unfortunate. My hunch is that some youthful whiz kids found the NSO Group’s Pegasus a fun digital horse to ride. The idea floated upwards for approval and ended up in front of the “judiciary.” That mysterious entity thought letting the kids ride the Pegasus was a perfectly okay idea.
Now a crisis is brewing. The gored Ms. Esteban López may only be one of the first in the intelligence, law enforcement, and judiciary to feel the prick of the digital bull’s horns and the knock from the beastie’s hooves.
Several observations:
- Who else will be implicated in this interesting matter? Who will be tossed aloft only to crash to the albero del ruedo?
- Will a parliamentary inquiry move forward? What will that become? A romp with Don Quixote and Sancho?
- Is a new Spanish inquisition about to begin?
Excitement in the Plaza de Toros de Las Ventas perhaps?
Stephen E Arnold, May 10, 2022
Some Real News People Are Never Happy
May 10, 2022
The European Publishers Council has joined the fight against Googley ad practices. Reuters reveals, “Google’s Advertising Tech Targeted in European Publishers’ Complaint.” Reporter Foo Yun Chee suggests the move could strengthen the current EU antitrust investigation into the company, but we have seen how Google tends to shrug off European efforts to constrain it. We are not sure this is the straw to break the behemoth’s back. Nevertheless, the write-up tells us:
“The European Commission opened an investigation in June into whether Google favors its own online display advertising technology services to the detriment of rivals, advertisers and online publishers. read more The publishers’ trade body, whose members include Axel Springer (SPRGn.S), News UK, Conde Nast, Bonnier News and Editorial Prensa Iberica, took its grievance to the European Commission, alleging Google has an adtech stranglehold over press publishers. ‘It is high time for the European Commission to impose measures on Google that actually change, not just challenge, its behavior,’ EPC Chairman Christian Van Thillo said in a statement. ‘Google has achieved end-to-end control of the ad tech value chain, boasting market shares as high as 90-100% in segments of the ad tech chain,’ he said.”
Indeed, which is why it is difficult to imagine consequences strong enough to make the company change its rapacious practices. Naturally Google denies any wrongdoing, gesturing at the billions of dollars it pays out to publishers each year. We appreciate the effort at redirection, but the real issue is whether publishers and other advertisers would be making more if Google played fair.
Cynthia Murrell, May 10, 2022
NCC April TikTok: Yeah, Not Good for Teenies
April 29, 2022
We wonder whether China will more aggressively exploit TikTok’s ability to influence. The New York Post describes “How TikTok Has Become a Dangerous Breeding Ground for Mental Disorders.” Apparently, tiktoks discussing mental health conditions are trending, especially among teen girls. This would be a good thing—if they were all produced by medical experts, contained good information, and offered guidance for seeking professional help when warranted. Instead influencers, many of whom are teenagers themselves, purport to help others self-diagnose their mental conditions. As one might imagine, this rarely goes well. Writer Riki Schlott tells us:
“After nearly two years of lockdowns and school closures, lonely teens are spending more time online, and many inevitably come across mental health content on TikTok. When they do, the platform’s algorithm kicks in, serving suggestible young girls even more videos on the topic. While mental health awareness is surely a good thing, well-meaning influencers are inadvertently harming young, impressionable viewers, many of whom seem to be incorrectly self-diagnosing with disorders or suddenly manifesting symptoms because they are now aware of them.”
The author continues, expanding her warning to include social media in general:
“Eating disorders have also been shown to spread within friend groups. As a member of Gen Z, I’ve watched firsthand what social media has done to a generation of young women — it even left behind self-harm scars on many of my peers’ wrists. I know a terrifying number of peers who have self harmed, many of whom were habitual social media users. Rates of depression have doubled among teen girls between 2009 and 2019, and self-harm hospital admissions have soared 100 percent for girls aged 10 to 14 during the rise of social media between 2010 and 2014, the most recently available data.”
Clearly a solution is needed, but Schlott knows where we cannot turn—politicians are too “clueless” to craft effective regulations and the platforms are too greedy to do anything about it. Instead it falls to parents to take responsibility for their teens’ media consumption, as difficult as that may be. Citing psychology professor and author on the subject Dr. Jean Twenge, the write-up advises a few precautions. First parents must recognize that, unlike playing age-appropriate games or texting friends on their devices, social media is completely inappropriate for children, tweens, and young teens. The platforms themselves officially limit accounts to those 13 and older, but Twenge suggests holding off until a child is 16 if possible. She also proposes a household rule whereby everyone, including parents, stops using electronic devices an hour before bedtime and leaves their phones outside their bedrooms at night. Yes, parents too—after all, leading by example is often the only way to convince teens to comply.
Cynthia Murrell, April 29, 2022
NCC April McKinsey: More Controversy
April 27, 2022
The real news outfit AP (once Associated Press) published “Macron holds 1st big rally; Rivals stir up ‘McKinsey Affair’.” [If this link 404s, please, contact your local AP professional, not me.] The main point of the news story is that the entity name “McKinsey” is not the blue chip, money machine. Nope. McKinsey, in the French context of Covid and re-election, means allegations of about the use of American consultants. What adds some zip to the blue chip company’s name is its association by the French senate with allegedly improper tax practices. The venerable and litigious AP uses the word “dodging” in the article. Another point is that fees paid to consulting firms have risen. Now this is not news to anyone with some familiarity with the practices of blue chip consulting companies. For me, the key sentence in the AP’s article is this sentence:
…the [French senate] report says McKinsey hasn’t paid corporate profit taxes in France since at least 2011, but instead used a system of ‘tax optimization’ through its Delaware-based parent company.
That’s nifty. More than a decade. Impressive enforcement by the French tax authority. I suppose the good news is that the tax optimization method did not make use of banking facilities in the Cayman Islands. Perhaps McKinsey needs to hire lawyers and its own business advisors. First the opioid misstep in the US and now the French government.
Impressive.
Stephen E Arnold, April 27, 2022
Were Some Party Goers at 10 Downing Street Targeted by NSO Group Technology?
April 26, 2022
The New Scientist (yes, the New Scientist for goodness sakes) published “UK Prime Minister’s Office Smartphones Targeted by Pegasus Spyware.” (You may have to pay to view this write up, gentle reader.) The main point of the write up is it seems to me:
Researchers claim to have uncovered cyber attacks using Pegasus software against 10 Downing Street and the Foreign and Commonwealth Office.
Is this the government office about which Euronews said that UK prime minister Boris Johnson was fined over Downing Street lockdown partiers? It sure looks like it to me.
The New Scientist story recycles the Citizen Lab reports about someone using NSO Group technology to snoop on individuals in the British government. I don’t know if the research is on the money. I described the University of Toronto’s interest in NSO Group as a Munk-ey on the poster child company.
Several observations:
- I am concerned that the recycling of information about NSO Group technology may have unintended consequences; for example, if I were a college computer science professor, I could envision asking students to check out the Pegasus software on GitHub and come up with similar functionality. But I am not a college prof yet there may be a professor in Estonia who comes up with a similar idea.
- The idea that a scientific research publication is focusing attention on an Israeli firm whose software was used by a government illustrates how information leakage can slosh around. Is this a click decision or a political decision or an ethical decision? I have no idea, but someone made a decision to recycle the Munk story.
- Companies pay big money to get their “brand” in front of eyeballs. NSO Group is clearly the brand champion in the intelware sector. Winner? Well, maybe.
Net net: This NSO Group buzz shows no sign of decreasing. That’s not good.
Stephen E Arnold, April 26, 2022
UAE Earns a Spot on Global Gray List
April 26, 2022
Forget Darkmatter. This is a gray matter.
Where is the best place to stash ill-gotten gains? The Cayman Islands and Switzerland come to mind, and we have to admit the US is also in the running. But there is another big contender—the United Arab Emirates. The StarTribune reports, “Anti-Money-Laundering Body Puts UAE on Global ‘Gray’ List.” Writer Jon Gambrell tells us:
“A global body focused on fighting money laundering has placed the United Arab Emirates on its so-called ‘gray list’ over concerns that the global trade hub isn’t doing enough to stop criminals and militants from hiding wealth there. The decision late Friday night by the Paris-based Financial Action Task Force [FATF] puts the UAE, home to Dubai and oil-rich Abu Dhabi, on a list of 23 countries including fellow Mideast nations Jordan, Syria and Yemen.”
Will the official censure grievously wound business in the country? Not by a long shot, though it might slightly tarnish its image and even affect interest rates. The FATF admits the UAE has made significant progress in fighting the problem but insists more must be done. Admittedly, the task was monumental from the start. We learn:
“The UAE long has been known as a place where bags of cash, diamonds, gold and other valuables can be moved into and through. In recent years, the State Department had described ‘bulk cash smuggling’ as ‘a significant problem’ in the Emirates. A 2018 report by the Washington-based Center for Advanced Defense Studies, relying on leaked Dubai property data, found that war profiteers, terror financiers and drug traffickers sanctioned by the U.S. had used the city-state’s boom-and-bust real estate market as a safe haven for their money.”
Is the government motivated to change its country’s ways? Yes, according to a statement from the Emirates’ Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism. That ponderously named body promises to continue its efforts to thwart and punish the bad actors. The country’s senior diplomat also chimed in on Twitter, pledging ever stronger cooperation with global partners to address the issue.
Cynthia Murrell, April 26, 2022
Covid Info, Misinfo, Disinfo, and Reformed Info: The US Government Now Cares
April 25, 2022
In a long overdue move, reports Engadget, “US Surgeon General Orders Tech Companies to Reveal Sources of COVID-19 Misinformation.” In keeping with his declaration last year that health misinformation is an urgent threat, Surgeon General Vivek Murthy has appealed to tech companies to voluntarily reveal the sources and scale of misinformation that has crossed their platforms related to the disease itself and vaccinations. Writer S. Dent cites reporting from The Washington Post as he tells us:
“Murthy’s request pertains to social networks, search engines, crowd sourced platforms, e-commerce and instant messaging companies. To start with, he wants data and analysis on typical vaccine misinformation already identified by the Centers for Disease Control and Prevention. That includes falsities like ‘the ingredients in COVID-19 vaccines are dangerous’ and ‘COVID-19 vaccines contain microchips.’ The administration seeks to learn how many users have been exposed to such misinformation, and which demographic groups may have been disproportionally affected. On top of that, it’s looking for data about the major sources of COVID-19 misinformation, including individuals or businesses that sell unapproved COVID-19 products or services. Tech companies have until May 2nd to comply, though they won’t be penalized if they don’t.”
We recognize a strongly worded advisory is the limit of the Surgeon General’s regulatory power, but will these companies cough up the requested information voluntarily? Certain platforms make big bucks from circulating false information. They have shown time and again profits are more important than their reputations, so a public shaming is likely to be ineffective. Still, we suppose Murthy had to try. The advisory is part of the administration’s “COVID National Preparedness Plan.” (Preparedness? Hasn’t that ship sailed?)
Cynthia Murrell, April 25, 2022
TransUnion: Squeezing Juice from a 20-Year Regulatory Drought
April 21, 2022
I believe everything I read on the Internet. Some things I believe a whole lot, even though the information may be shaded. Navigate to “Feds sue TransUnion, Calling It Unwilling or Incapable of Operating Lawfully.” I noted this passage:
TransUnion tricked people into recurring payments after previously being fined for the activity, the consumer watchdog agency said…
The company’s position echoes the emissions from some high-technology firms:
TransUnion dismissed the claims as “meritless,” saying the allegations “in no way reflect the consumer-first approach we take to managing of our businesses.”
Let’s not regulate or let the financial information sector self regulate. Both are great ideas.
Now let’s think about a government which can manage a large firm operating within its borders. The allegation is that the estimable TransUnion ignored guidelines, suggestions, and rules. Why? Maybe too expensive or just annoying bureaucratic clap trap?
Several observations:
- What other firms have adopted the TransUnion approach to treating their customers in a fair and ethical way?
- Does the US government see the irony of a commercial enterprise doing what it wants and then having the government sue the company so that it modifies its behavior?
- Will TransUnion modify its executive incentive program and make obeying the guidelines, suggestions, and rules of a federal agency important?
I can answer all three questions. My answer: Nope.
Stephen E Arnold, April 21, 2022
Is This a Wake Up Call for Cyber Crime Experts?
April 20, 2022
Do you want to be an in-demand cyber expert? You can. You can learn what you need by watching, downloading, or paying for online courses. Then go for the real money: Consulting, training, and explaining to law enforcement, intelligence, and security professionals. Easy, right.
Just be selective about your customers.
“U.S. Hacker Sentenced to Five Years Following Crypto Lessons in North Korea” reports an actual factual situation involving “expert knowledge.” The write up states:
… crypto currency expert and hacker Virgil Griffith was sentenced to five years in prison this Tuesday for aiding North Korea in avoiding U.S. sanctions. The sentence comes in wake of his participation in a crypto currency-focused conference held in North Korea’s capital city, Pyongyang in April 2019, which the U.S. citizen attended even after being denied a travel permit for the purpose. Griffith pled guilty to conspiracy last year, which accelerated his sentencing.
The original article provides additional information. I just want to focus on the risks of not keeping information confidential and out of certain channels. The issues related to incidents associated with FinFisher, Hacking Team, NSO Group, and other companies have not had much impact on specialized software and services never intended for a nation state at odds with the US or not created for commercial use.
The cyber crime training sector is booming. But certain information can blow up in one’s face. One can recover after five years of rest I suppose. But where was the fabric of clear decision making? In a Pyongyang relaxation spa? Perhaps with McKinsey & Company in Paris, a fave destination for some North Koreans?
Stephen E Arnold, April 20, 2022
TikTok: A Murky, Poorly Lit Space
April 15, 2022
TikTok, according to its champions, is in the words of Ernie (Endurance) Hemingway:
You do not understand. This is a clean and pleasant café. It is well lighted. (Quote from “A Clean, Well-Lighted Place”)
No, I understand. If the information in “TikTok under US Government Investigation on Child Sexual Abuse Material” is on the money, the Department of Justice and the US Department of Homeland Security, TikTok may not be a “clean and pleasant café.”
The paywalled story says that TikTok is a digital watering hole for bad actors who have an unusually keen interest in young people. The write up points out that TikTok is sort of trying to deal with its content stream. However, there is the matter of a connection with China and that country’s interest in metadata. Then there is the money which just keeps flowing and growing. (Facebook and Google are now breathing TikTok’s diesel exhaust. Those sleek EV-loving companies are forced to stop and recharge as the TikTok tractor trailer barrels down the information highway.
For those Sillycon Valley types who see TikTok as benign, check out some of TikTok’s offers to young people. Give wlw a whirl. Oh, and the three letters work like a champ on YouTube. Alternatively ask some young people. Yeah, that’s a super idea, isn’t it. Now about unclean, poorly illuminated digital spaces.
Stephen E Arnold, April 15, 2022