The sharp-elbowed, ultra-connected data mining firm Palantir may be best known around Washington these days for its war with Army over its intelligence software. But the company is also making inroads in Foggy Bottom, where it's using its terror-hunting tech to help State Department fight human traffickers. And it's getting assists from unlikely allies like Google and LexisNexis.
Since 2012, Foggy Bottom's National Human Trafficking Resource Training Center and the Polaris Project, an NGO that fights human trafficking, have been using Palantir's software to analyze data they collect from victims and tipsters.
They use Palantir's software to identify patterns in information about traffickers and victims that are gathered by anti-trafficking hotlines around the globe. Basically, Palantir lets Polaris take information other anti-trafficking groups receive and put it into one large database -- making it easier to connect cases of trafficking, map trends, and create plans to combat trafficking operations in a specific area.
All of this gives non-technical people a "view of the world as discrete objects, relationships and their describing data," according to the firm's website.
Palantir isn't the only tech firm that's working with State and the Polaris Project to fight human trafficking. Google provided Polaris and similar NGOs -- Liberty Asia and La Strada International -- with $3 million to tie their hotlines together so they could use Palantir's computing power to "identify illicit patterns and provide victims with more effective support," according to a State Department announcement about its 2013 report on human trafficking, which was released today.
LexisNexis also developed a tool allowing these organizations to quickly mine news articles from 6,000 worldwide sources for information on human trafficking.
As for the company's fight with the Army, Plantir was used some troops in Afghanistan instead of the service's existing tool designed to do similar things, the Distributed Common Ground System Army (DCGS-A; pronounced dee-sigs a, seriously).
When glowing reports of Palantir's system began popping up in the Army, the backers of DCGS-A brought out the knives, even accusing the general who wanted Palantir sent to Afghanistan as having the firm ghost write his request to the Pentagon for the software. They also accused Palantir lobbyists of getting lawmakers to include cash for the software in wartime funding packages. Other Army documents knocking DCGS and insisting that Palantir should be used in Afghanistan were ordered destroyed and replaced with nearly identical documents save for the fact they don't recommend Palantir.
This fight was behind Gen. Ray Odierno's famous smackdown of Rep. Duncan Hunter during a House hearing earlier this year after the Congressman said the service was ignoring soldier complaints about DCGS. Army Secretary John McHugh said after the exchange that the service has purchased Palantir's software and is integrating it into DCGS.
Despite Palantir's reputation for providing spies with the tools they need to see everything - and clawing out the eyes of any bureaucrat that tries to stop 'em -- it looks like this is a case where Palantir's software is being used for something unmistakably good. Of course, that makes for good headlines, which can lead to more government contracts.
Cyberspies have wasted no time exploiting the release of secret document about the National Security Agency's digital surveillance methods. Just this week, a new spearphishing campaign that tries to lure its victims by sending a malware-laden email that claims to have information on PRISM, the NSA's famous program that collects information on people's Internet activities.
The best part about this email? It's designed to look like it's from Jill Kelley, the woman who played a role in revealing David Petraeus' affair with Paula Broadwell.
The email itself contains a malicious Microsoft Word document, titled Monitored List 1.doc that attempts to infect victims' machines with malware that matches that used by the Chinese hacker crew known as Red Star APT, according to Brandon Dixon, who first discovered the attack.
(Red Star APT is the team that cybersecurity firm Kaspersky Lab revealed as being behind the NetTraveler attacks that we wrote about earlier this month.)
Red Star is believed by Kaspersky to be a state-backed hacking team similar to Unit 61398 of the PLA, better known as APT1, the alleged Chinese-government hacker crew whose exploits were revealed by cybersecurity firm Mandiant in February. APT1 was found by Mandiant to be stealing "hundreds of terabytes of data" from businesses around the world whose secrets the Chinese government had a strong interest in obtaining.
"The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan," reads Mandiant's report on APT1.
The only known victim of this attack (so far) belongs to the Regional Tibet Youth Conference -- an organization the Chinese government likely has a strong interest in keeping tabs on -- another fact that makes security researchers like Dixon and the staff at Kaspersky Lab think that the Red Star APT crew are behind the attack.
The latest email is full of terribly-written English text about the Edward Snowden affair, making it seem like this particular attack was designed by one of the newer recruits to Red Star or whichever organization is behind the attack.
"Omnipotent CIA agent, was a sudden, the CIA wanted his club hunt, Spy Game Hollywood blockbuster this week staged in reality true," reads the email's first sentence.
Dixon notes that if this is Red Star -- he hasn't yet been able to find the IP address or command and control server behind the email --, they don't seem too concerned about the fact that everyone knows what they're up to.
"It's funny to note that these actors are keeping up with their same techniques and infrastructure [not all of it] despite being 100% outed," he writes in his analysis of the email. "Again, this sort of behavior shows poor operational security or a complete lack of care."
"The NetTraveler attackers have been going strong since the early 2007-2008?s and I doubt they will be stopping anytime soon," he noted.
The publication of Mandiant's report earlier this year combined with recent news about the NSA's vast overseas Internet spying operations (though neither of these were necessarily news to anyone paying attention), we might just be entering a new era in cyber conflict, where instead of operating in the shadows, state actors rifle through the world's secrets in plain view.
The Director of the National Security Agency is defending his organization's practice of collecting and storing for several years the phone records of millions of Americans, but he told a panel of lawmakers Tuesday that his agency may be willing to relinquish some control over that massive database.
Gen. Keith Alexander told the House Intelligence Committee that cellphone metadata such as phone numbers and call duration has been used in foiling "a little over" ten "potential" terrorist attacks on U.S soil. But the agency may look at asking phone companies to hold onto their call records and only turn over details on specific accounts being investigated by the government, he said.
Several lawmakers expressed concern at the hearing that the NSA was collecting and storing too much information connected to Americans, the overwhelming majority of whom could not possibly be connected to terrorism. Leaving the metadata with the phone companies, rather than copying it into NSA's databases, could alleviate some of those concerns at a time when the electronic spy is facing renewed scrutiny of its secretive intelligence-gathering efforts.
"FBI, NSA are looking at the architectural framework of how we actually do this program," Alexander said. "If you leave [telephone metadata] at the service providers, you have a separate set of issues in terms of how you actually get the information; how you have go back and get that information [from them] how you follow it down and the legal authority for how you compel them to keep that information for a certain period of time."
But Alexander cautioned that having the data in-hand at NSA allowed the agency to respond quickly to potential threats, and that going to the phone companies with repeated requests might take too long. "The concern is speed in a crisis," he said
Alexander's statement came in response to a question from Rep. Adam Schiff, a Democrat from California, who wanted to know the prospects for changing a section of the Patriot Act such that telecommunications companies would be required to retain the metadata, and only hand it over to the government when they were specifically queried.
Alexander and other officials from the intelligence community noted that while they have collected millions of Americans' phone records, they are kept in a "lockbox," as committee chairman Mike Rogers has described it. Only if NSA has "reasonable, articulable suspicion" that a phone number from outside the United States is talking to someone in the country, are NSA officials allowed to go into that lockbox and see which domestic line the outside number is communicating with. That has only happened about 300 times in the last year and only 22 NSA officials are allowed to look at the information, according to the witnesses at the hearing, which included senior officials from the Justice Department and the FBI.
The NSA is also implementing a buddy system of sorts aimed at preventing unauthorized leaks by about 1,000 fairly low-level IT systems administrators, the position held by Edward Snowden, who first disclosed a court order connected to the NSA's massive collection of cellphone metadata.
"Working with the Director of National Intelligence, what we're doing is working to come up with a two-person rule and oversight for those [individuals] and ensure we have a way of blocking people from taking information out of our system," Alexander told lawmakers. Basically, systems administrator accessing sensitive information will need someone else there to make sure they don't abscond with it.
Alexander also disclosed some more details about what kind of information Snowden was able to access on NSA's internal networks. The systems administrator did not have access to specific intelligence that was collected by the NSA, but rather only to documents that "say how we do our business," said Alexander.
"To get to any data like the business records [call-tracking data] that we're talking about, that's in an exceptionally controlled area," said Alexander. "You would have to have specific certificates to get into that. I am not aware that...Snowden, had any access to that."
However, Snowden did obtain a copy of the Foreign Intelligence Surveillance Court order directing Verizon to hand over its metadata. That happened while Snowden was attending a training session at the NSA's headquarters in Ft. Meade, Md., Alexander revealed.
"The FISA warrant was on a web server that he had access to as an analyst coming into the Threat Operations Center," said Alexander. "It was in a special classified section that as he was getting his training he went to."
Snowden found other documents such as the slides on the now famous PRISM Internet surveillance program on "open" internal forums that NSA employees could access, Alexander said. "Those are forums that help people understand how to operate NSA's collection authorities."
Alexander sought to defend the NSA's collection of huge amounts of telephone and Internet data as key tools that the government uses to disrupt or prevent terrorist attacks. All told, he said, NSA's activities have potentially disrupted more than 50 terrorist events around the globe, including at least ten inside the United States.
In 90-percent of those 50 cases, collection pursuant to section 702 of FISA contributed to the government's efforts, Alexander said. (That section governs the collection and analysis of Internet data associated with the PRISM system.) And in 50-percent of those cases, the collection authority was "critical" to stopping an attack, Alexander said.
Of the ten potential attacks in the United States, telephone metadata was used in the "vast majority" of investigations, he said. Administration officials have said the metadata is only used to determine if a foreign terrorism suspect is making contact with individuals in the United States. Alexander said that the number of cases in which metadata played a role stopping a plot was probably more than ten, but he wanted to confirm the estimate with other intelligence officials before nailing down a precise number.
FBI Deputy Director Sean Joyce described four specific terrorism cases in which officials used information collected through PRISM or the metadata system:
Whether you call him a hero or a traitor, it looks like Edward Snowden's disclosure of the NSA's gathering of phone records in bulk may in fact lead to the practice ending.
Additional reporting by Shane Harris.
National Security Agency chief Gen. Keith Alexander is set to testify before the House intelligence committee Tuesday on the NSA's vast operations to collect the phone and Internet records of millions of people.
Nothing overtly illegal has surfaced - at least not yet -- in the nearly two weeks since NSA's data-collection efforts were leaked to The Guardian and The Washington Post. But there are still all sorts of question marks surrounding the activities that America's digital spies are undertaking on U.S. soil. Here are seven questions we'd like the Representatives to ask tomorrow.
While we're at it, we'd like to ask the tech companies like Apple, how on Earth are their legal departments able to quickly analyze through the thousands of government requests to view customer data and determine how to respond? Maybe these tech company CEOs will be the next witnesses as Congress tries to untangle this vast NSA surveillance web.
Apple today joined the chorus of tech firms revealing they have given the U.S. government access to data on tens of thousands of customer "accounts and devices." But the tech giant claimed that most of those data dumps have nothing to do with NSA surveillance.
Over a five-month period between December 2012 and May 2013, the California tech giant received 4,000 to 5,000 requests by U.S. law enforcement agencies to view customer involving 9,000 to 10,000 user accounts and devices, according to a statement on its website. The "most common" requests came from police investigating crimes such as robberies, "looking for missing children, trying to locate a patient with Alzheimer's disease or hoping to prevent a suicide."
Still, Apple notes that some of these cases involve "national security matters," meaning intelligence agencies like the NSA are involved.
(The businesses on the receiving end of these government requests are barred from revealing the exact details of the volume of government request, hence the relatively broad statistics provided. Google is trying to change that.)
The disclosure by Apple -- as well as by tech giants Microsoft and Facebook -- reveals just how large the government's surveillance of people's online activities is, even when limited to a small slice of the firm's clients. Apple and the other tech companies are disclosing this information in the wake of news reports that the National Security Agency had "direct access" to customer information on the firm's servers under one such program called PRISM. Keep in mind that PRISM is just one of many NSA programs aimed at collecting all sorts of electronic information, from telephone calls to sharing "digital threat signatures" with Internet service providers around the globe -- all of which is supposed to be aimed at foreign sources not at American citizens.
However, it remains unclear how much data on Americans who are not suspected of having ties to terrorists or involved in law enforcement investigations are accidentally scooped up by agencies like the NSA and what, exactly is done to "minimize" the amount of personal information about Americans that is accidentally collected by intelligence agencies.
In the nearly two weeks since news of PRISM -- the so-called "direct access" program -- emerged, the companies listed on a slideshow provided to The Guardian and The Washington Post by former NSA contractor Edward Snowden, as participating in PRISM have denied giving the government wide-ranging access to their customers' data.
However, the firms may not know they are participating in the program if it relies on data they turn over to the government under the types of law enforcement and national security requests Apple described in its statement.
"The only access [to specific user data] is a fraction of a fraction of a percent," House intelligence committee chair and staunch defender of the National Security Agency's surveillance operations Mike Rogers told reporters last week when discussing the government's access to tech firm's user data under a number of programs designed to collect information on foreign threats to the United States. (In order to access the contents of American's email, NSA is supposed to work with the FBI and request a warrant to do so from a Foreign Intelligence Surveillance Act court.)
Apple goes on to say that it's legal team conducts an evaluation of each request, and "only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."
It's also unclear how exactly the tech giants' legal teams manage to quickly sift through the thousands of government requests pouring in to determine which are legal and which ones they should fight.
The company insists that it doesn't "retain" data on iMessage and FaceTime conversations along with customer locations, map searches and Siri queries.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them" said the statement. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."
Still, Apple (and therefore the government or a hacker) could, in theory, get to at least some of your "encrypted" data when you store it on Apple's servers. That's because Apple ultimately holds your encryption keys, according to some cryptography experts.
Apple's disclosure comes after Facebook revealed that it received between 9,000 and 10,000 government requests to view user data over the last six months of 2012. Those government requests sought to access information from 18,000 to 19,000 Facebook "user accounts."
Just like the request Apple received, these requests come from everyone from local sheriffs looking for missing children to "a national security official investigating a terrorist threat," according to a statement by Facebook's General Council Ted Ullyot on Friday.
Microsoft also on Friday revealed how much data has been requested by the federal, state and local government entities:
"For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities," said the Seattle-based firm.
Obama may be looking to arm the Syrian rebels. But it looks like the opposition already has its hands on a working version of one of the world's deadliest shoulder-fired anti-aircraft missiles. The video above supposedly shows a rebel group with complete Russian-made SA-24 Grinch Man Portable Air Defense System (MANPADS) -- a first according to Matt Schroeder of the Federation of American Scientists, who sent FP the video, calling this an "eerie, eerie development."
(The video also shows a Chinese-made FN-6 shoulder-fired surface-to-air missile, a weapon we wrote about being in the hands of Syrian rebels a few months ago.)
"This video appears to show a group with what appears to be a modern Russian SA-24 manpads AND a modern Chinese FN-6," said Schroeder in an email. "The FN-6s are fairly well documented but the SA-24s are not; I've only seen one video with an SA-24 and a gripstock in Syria. Never have I seen the two systems together - anywhere."
(Keep in mind that it's almost impossible to fire such missiles without a gripstock and battery. We're seen plenty of videos showing rebels handling the missiles and their launch tubes without grip stocks, making them pretty much harmless against aircraft.)
Why is this so significant? Introduced in 2004, the SA-24 is Russia's newest shoulder-fired anti-aircraft missile and is "much more sophisticated than systems more commonly found on the black market, just in terms of range, ease of use, sensitivity of the seeker, speed," said Schroeder in a telephone interview.
The heat-seeking SA-24 is designed to hit targets flying at speeds of up to 720 miles per-hour and can fly as high as 20,000 feet and reach a top speed of 890 miles per-hour; a nasty little weapon. (Earlier this week, video emerged of Syrian rebels shooting down a government chopper with an older version of the Grinch known as an SA-16.)
One of the most disturbing things about this development, according to Schroeder. is that these weapons likely smuggled into the country via the black market. The Syrian military is not believed to have had SA-24s and the sale of such weapons is supposed to be strictly regulated.
"These are systems that could have been manufactures and exported since the MANPADS transfer control agreements were negotiated in 2003, 2004 and 2005," said Schroeder. "Those agreements lay out very specific guidelines for transfer controls and for stockpile security."
This could signal the "states involved are either defying those agreements or not taking them seriously enough," he added.
Interestingly, there are reports that SA-24s were smuggled out of Libya in during or immediately after the war to oust Muammar al Gaddafi in 2011 and ended up in the hands of militants in Gaza and Syria's Levantine neighbor, Lebanon.
While it would take "dozens" of SA-24s to do serious damage to Assad's air force, it would only take a few of these systems ending up in the wrong hands to pose a serious threat to civilian aircraft.
"Just a few dozen is a scary development in terms of the threat to civilian aircraft and the damage done to the" MANPADS export control framework, "is a very disturbing development," added Schroeder. "Even if a dozen were deliberately transferred to a non-state group by a state actor, a supporter of the Syrian rebels, that's a very disturbing development."
Top Pentagon brass have been ambivalent in the extreme about getting involved in the Syrian crisis since it began more than two years ago. And now, even as the Obama administration signals its intention to provide direct military aid to opponents of the Syrian regime, there remains deep skepticism across the military that it will work.
With some notable exceptions, top brass believe arming Syrian rebels, creating a no-fly zone and intervening in other ways militarily, amounts to a risky approach with enormous costs that won't likely give the Syrian opposition the lift it needs. The announcement Thursday from the White House that its intelligence now confirms that the Assad regime has used chemical weapons signaled the Obama administration's apparent plan to lean forward militarily in Syria. But it does not appear to be the result of any change of thinking in the military.
While no one is talking about sending boots on the ground, top brass is extremely reluctant to commit assets. For example, senior military officers believe arming rebels, long one of the most popular initiatives among Syrian interventionists, will result in those arms getting into the wrong hands sooner or later. "There is no way to ensure their safeguarding and recovery procedures in the event the weapons are stolen or lost and end up in the wrong hands," one senior military officer said, speaking on an issue with which he is familiar but on which he isn't authorized to speak publicly.
Creating a no-fly zone sounds good on paper, military officials say, and might help to give a morale boost to the opposition. But it represents little more than a symbolic strategy meant to show the Assad regime that the U.S. and its allies want to contain the conflict. But if one of President Bashar al-Assad's aircraft are shot down, then what, military officials ask. Indeed, the military only sees the political costs to creating a no-fly zone and few of the benefits. Besides, some believe that since the Syrian regime isn't making heavy use of its air assets in its efforts to tighten its grip on the uprising negates the purpose of a no-fly zone.
Forget the small arms. If the White House really wants to alter the course of the Syrian civil war, it may well need to impose a no-fly zone. The good news is it probably won't be too hard to pull off, given the battered state of Assad's air defenses. The bad news is it could drag the U.S. into a wider war.
Bashar al-Assad's air force that has conducted between 115 and 141 air strikes a month from January through April of this year, largely with old Czechoslovakian-made L-39 Delfin trainer jets and helicopters such as the Soviet-designed Mi-8, Mi-17 and Mi-24.
The weapons may be old, but many analysts believe that they've made a crucial difference as pro-regime troops have seized the momentum in Syria's civil war. Some in the U.S. government are pushing for a total no-fly zone similar to the one imposed on Libya in 2011 in order to take out that air force.
(The map above shows the location of Assad's main air bases - the prime targets of any American campaign to limit Assad's power to strike from the sky.Let us know if we're missing any.)
On Friday, Anthony Cordesman of the influential Center for Strategic and International Studies said that anything less than (a pretty darn expensive) no-fly zone that totally grounds Assad's air force would be a "half-pregnant" solution similar to "supplying too few arms of too few lethality," as the U.S. and other nations have been said to be doing secretly for months without giving the rebels enough of an advantage to overthrow Assad.
A full-on no-fly zone would involve the U.S. and any other nations launching a high end assault with everything from B-2 stealth bombers to submarine and ship-launched Tomahawk cruise missiles aimed at destroying Assad's radars, missile sites and air defense control networks. It'd be similar to what was done at the start of Operation Odyssey Dawn, only bigger due to the fact that Syria has a much better air defense network than Libya did. Once these door-kickers have taken out the most dangerous elements of Syria's air defenses, other strike fighters such as U.S. Air Force F-15E Strike Eagles, F-16 Vipers -- some of which are already in neighboring Jordan --, and U.S. Navy and Marine Corps F/A-18E/F Super Hornets and F/A-18 Hornets would then be relatively free to hunt down and destroy Assad's aircraft on the ground or in the air.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.