CIA Invests In Firm That Datamines Social Networks

By xxxevilgrinxxx | Published: October 21, 2009

Slashdot
Tuesday October 20

An anonymous reader writes with this excerpt from Wired:

“In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ‘open source intelligence’ — information that’s publicly available… Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords. ‘That’s kind of the basic step — get in and monitor,’ says company senior vice president Blake Cahill. Then Visible ‘scores’ each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (‘Trying to determine who really matters,’ as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.”

Apropos: Another anonymous reader points out an article making the point that users don’t even realize how much private information they’re sharing over these services.

Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets

Wired | Noah Shachtman

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using “open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Visible crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords.

“That’s kind of the basic step — get in and monitor,” says company senior vice president Blake Cahill.

Then Visible “scores” each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (“Trying to determine who really matters,” as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.

In-Q-Tel says it wants Visible to keep track of foreign social media, and give spooks “early-warning detection on how issues are playing internationally,” spokesperson Donald Tighe tells Danger Room.

Of course, such a tool can also be pointed inward, at domestic bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for Dell, AT&T and Verizon. For Microsoft, the company is monitoring the buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is tracking animal-right activists’ online campaigns against the company.

“Anything that is out in the open is fair game for collection,” says Steven Aftergood, who tracks intelligence issues at the Federation of American Scientists. But “even if information is openly gathered by intelligence agencies it would still be problematic if it were used for unauthorized domestic investigations or operations. Intelligence agencies or employees might be tempted to use the tools at their disposal to compile information on political figures, critics, journalists or others, and to exploit such information for political advantage. That is not permissible even if all of the information in question is technically ‘open source.’”

Visible chief executive officer Dan Vetras says the CIA is now an “end customer,” thanks to the In-Q-Tel investment. And more government clients are now on the horizon. “We just got awarded another one in the last few days,” Vetras adds.

Tighe disputes this — sort of. “This contract, this deal, this investment has nothing to do with any agency of government and this company,” he says. But Tighe quickly notes that In-Q-Tel does have “an interested end customer” in the intelligence community for Visibile. And if all goes well, the company’s software will be used in pilot programs at that agency. “In pilots, we use real data. And during the adoption phase, we use it real missions.”

Neither party would disclose the size of In-Q-Tel’s investment in Visible, a 90-person company with expected revenues of about $20 million in 2010. But a source familiar with the deal says the In-Q-Tel cash will be used to boost Visible’s foreign languages capabilities, which already include Arabic, French, Spanish and nine other languages.

Visible has been trying for nearly a year to break into the government field. In late 2008, the company teamed up with the Washington, DC, consulting firm Concepts & Strategies, which has handled media monitoring and translation services for U.S. Strategic Command and the Joint Chiefs of Staff, among others. On its website, Concepts & Strategies is recruiting “social media engagement specialists” with Defense Department experience and a high proficiency in Arabic, Farsi, French, Urdu or Russian. The company is also looking for an “information system security engineer” who already has a “Top Secret SCI [Sensitive Compartmentalized Information] with NSA Full Scope Polygraph” security clearance.

The intelligence community has been interested in social media for years. In-Q-Tel has sunk money into companies like Attensity, which recently announced its own web 2.0-monitoring service. The agencies have their own, password-protected blogs and wikis — even a MySpace for spooks. The Office of the Director of National Intelligence maintains an Open Source Center, which combs publicly available information, including web 2.0 sites. Doug Naquin, the Center’s Director, told an audience of intelligence professionals in October 2007 that “we’re looking now at YouTube, which carries some unique and honest-to-goodness intelligence…. We have groups looking at what they call ‘citizens media’: people taking pictures with their cell phones and posting them on the internet. Then there’s social media, phenomena like MySpace and blogs.”

But, “the CIA specifically needs the help of innovative tech firms to keep up with the pace of innovation in social media. Experienced IC [intelligence community] analysts may not be the best at detecting the incessant shift in popularity of social-networking sites. They need help in following young international internet user-herds as they move their allegiance from one site to another,” Lewis Shepherd, the former senior technology officer at the Defense Intelligence Agency, says in an e-mail. “Facebook says that more than 70 percent of its users are outside the U.S., in more than 180 countries. There are more than 200 non-U.S., non-English-language microblogging Twitter-clone sites today. If the intelligence community ignored that tsunami of real-time information, we’d call them incompetent.”

How social networking can hurt you

net-security.org | Mirko Zorz

Let’s put aside all the positive reasons to use social networking services and focus on the dark side. Most of the time, users don’t even realize how much private information they’re sharing over these services. There have already been stories about people Twittering or posting on Facebook that they’re on holiday and getting robbed, but the problems don’t end there.

At RSA Conference Europe 2009, Dr. Herbert Thompson talked about how attackers are launching innovative attacks against individuals and companies using the information shared over public social networking channels.

Dr. Thompson provided real-life examples where he was able to break into online accounts of several people (with their permission, of course). He didn’t use complex tools or some esoteric hacking techniques, but rather focused on publicly available information.

The problem is even larger when you realize that you might not even be the one divulging the information. Maybe you’re the kind of user that doesn’t use Facebook, doesn’t have a blog and avoids being photographed. At the same time, your e-mail password reset question may be: “What’s my mother’s maiden name?”. This kind of data may be shared by other people you know and it could become a security problem.

The lesson to be learned here is that online hygiene doesn’t necessarily depend only on the information you share, but it depends on everyone around you. If you don’t have a Facebook page but a friend posts any personal information related to you, it can come back to haunt you.

We live in interesting times, in which we need to control not only what we do online, but also keep track of the information others are making available online.

Should we define a set of security policies for our friends? Surely, that would be a tough thing to implement.

Help Net Security photos from the RSA Conference Europe 2009 keynote sessions are available over here.

Tags: , , , , ,

possibly related posts:

This entry was posted in Data Theft, Intelligence and tagged , , , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>