surveillance
Auto Added by WPeMatico
Auto Added by WPeMatico
Solidus Labs, a company that says its surveillance and risk-monitoring software can detect manipulation across cryptocurrency trading platforms, is today announcing $20 million in Series A funding. It’s pretty great timing, given the various signals coming from the U.S. government just last week that it’s intent on improving its crypto monitoring efforts — such as the U.S. Treasury’s call for stricter cryptocurrency compliance with the IRS.
Of course, Solidus didn’t spring into existence last week. Rather, Solidus was founded in 2017 by several former Goldman Sachs employees who worked on the firm’s electronic trading desk for equities. At the time, Bitcoin was only becoming buzzier, but while the engineers anticipated different use cases for the cryptocurrency, they also recognized that a lack of compliance tools would be a barrier to its adoption by bigger financial institutions, so they left to build some.
Fast forward and Solidus today employs 30 people, has raised $23.75 million, and is in the process of doubling its head count to address growing demand. On Friday, we talked with Solidus’s New York-based co-founder and CEO Asaf Meir — one of those former Goldman engineers — about the company’s new round, which was led by Equity Partners, with participation from Hanaco Ventures, Avon Ventures, 645 Ventures, the cryptocurrencies derivative exchange FTX, and a sprinkling of government officials, including former CFTC chair Chris Giancarlo and former SEC commissioner Troy Paredes. We also talked about the kinds of crypto crimes that are on the rise. Excerpts from that chat follow, edited lightly for length.
TC: Who are your customers?
AM: We work with exchanges, broker dealers, OTC desks, liquidity providers and regulators — anyone who is exposed to the risk of buying and selling cryptocurrencies, crypto assets or digital assets, whatever you want to call them.
TC: What are you promising to uncover for them?
AM: What we detect, largely speaking, is volume and price manipulation, and that has to do with wash trading, spoofing, layering, pump and dumps and an additional growing library of crypto-native alerts that truly only exist in our unique market.
We had a 400% increase in inbound demand over 2020 driven largely by two factors, I think. One is regulatory scrutiny. Globally, regulators have gone off to market participants, letting them know that they have to ask for permission, not forgiveness. The second reason — which I like better — is the drastic institutional increase in appetite toward exposure for this asset class. Every institution, the first question they ask any executing platform is: ‘What are your risk mitigation tools? How do you make sure there is market integrity?’
TC: We talked a couple of months ago, and you mentioned having a growing pipeline of customers, like the trading platform Bittrex in Seattle. Is demand coming primarily from the U.S.?
AM: We have demand in Asia and in Europe, as well, so we will be opening offices there, too.
TC: Is your former employer Goldman a customer?
AM: I can’t comment on that, but I would say there isn’t a bank right now that isn’t thinking about how they’re going to get exposure to crypto assets, and in order to do that in a safe, compliant and robust way, they have to employ crypto-specific solutions.
Right now, there’s the new frontier — the clients we’re currently working with, which are these crypto-pure exchanges, broker dealers, liquidity providers and even traditional financial institutions that are coming into crypto and opening a crypto operation or a crypto desk. Then there’s the new new frontier; your NFTs, stablecoins, indexes, lending platforms, decentralized protocols and God knows what [else] all of a sudden reaching out to us, telling us they want to do the right thing, to ensure the users on their platform are well-protected, and that trading activities are audited, and [to enlist us] to prevent any manipulation.
TC: How does your subscription service work and who is building the tech?
AM: We consume private data from our clients — all their training data — and we then put it in our detection models, which we ultimately surface through insights and alerts on our dashboard, which they have access to.
As for who is building it, we have a lot of fintech engineers who are coming from Goldman and Morgan Stanley and Citi and bringing that traditional knowledge of large trading systems at scale; we also have incredible data scientists out of Israel whose expertise is in anomaly detection, which they are applying to financial crime, working with us.
TC: What do these crimes look like?
AM: When we started out, there was much more wholesale manipulation happening whether through wash trading or pump and dumps — things that are more easy to perform. What we’re seeing today are extremely sophisticated manipulation schemes where bad actors are able to exploit different executing platforms. We’re quite literally surfacing new alerts that if you were to use a legacy, rule-based system you wouldn’t be able to [surface] because you’re not really sure what you’re looking for. We oftentimes have an alert that we haven’t named yet; we just know that this type of behavior is considered manipulative in nature and that our client should be looking into it.
TC: Can you elaborate a bit more about these new anomalies?
AM: I’m conflicted about how much can we share of our clients’ private data. But one thing we’re seeing is [a surge in] account extraction attacks, which is when through different ways, bad actors are able to gain access to an account’s funds and are able in a sophisticated way to trade out of the exchange or broker dealer or custodian. That’s happening in different social engineering-related ways, but we’re able, through account deviation and account profiling, to alert the exchange or broker dealer or financial institution we’re working with to avoid that.
We’re about detection and prevention, not about tracing [what went wrong and where] after the fact. And we can do that regardless of knowing even personal identifiable information about that account. It’s not about the name or the IP address; it’s all about the attributes of trading. In fact, if we have an exchange in Hong Kong that’s experiencing a pump and dump on a certain coin pair, we can preemptively warn the rest of our client base so they can take steps to prepare and protect themselves.
TC: On the prevention front, could you also stop that activity on the Hong Kong exchange? Are you empowered by your clients to step in if you detect something anomalous?
AM: We’re bomb-sniffing dogs, so we’re not coming to disable the bot. We know how to take the data and point out manipulation, but it’s then up to the financial institution to handle the case.
Pictured above: Seated left to right is CTO Praveen Kumar and CEO Asaf Meir. Standing is COO Chen Arad.
Powered by WPeMatico
There is a darker side to cybersecurity that’s frequently overlooked.
Just as you have an entire industry of people working to keep systems and networks safe from threats, commercial adversaries are working to exploit them. We’re not talking about red-teamers, who work to ethically hack companies from within. We’re referring to exploit markets that sell details of security vulnerabilities and the commercial spyware companies that use those exploits to help governments and hackers spy on their targets.
These for-profit surveillance companies flew under the radar for years, but have only recently gained notoriety. But now, they’re getting unwanted attention from U.S. lawmakers.
In this week’s Decrypted, we look at the technologies police use against the public.
Last week we looked at how the Justice Department granted the Drug Enforcement Administration new powers to covertly spy on protesters. But that leaves a big question: What kind of surveillance do federal agencies have, and what happens to people’s data once it is collected?
While some surveillance is noticeable — from overhead drones and police helicopters overhead — others are worried that law enforcement are using less than obvious technologies, like facial recognition and access to phone records, CNBC reports. Many police departments around the U.S. also use “stingray” devices that spoof cell towers to trick cell phones into turning over their call, message and location data.
Powered by WPeMatico
This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.
The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.
That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.
The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.
The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.
Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.
Powered by WPeMatico
If only Facebook had been using the kind of technology that TechCrunch Startup Battlefield alumnus D-ID was pitching, it could have avoided exposing all of our faces to privacy destroying software services like Clearview AI.
At least, that’s the pitch that D-ID’s founder and chief executive, Gil Perry, makes when he’s talking about the significance of his startup’s technology.
D-ID, which stands for de-identification, is a pretty straightforward service that’s masking some highly involved and very advanced technology to blur digital images so they can’t be cross-referenced to determine someone’s identity.
It’s a technology whose moment has come as governments and private companies around the world ramp up their use of surveillance technologies as the world adjusts to a new reality in the wake of the COVID-19 epidemic.
“Governments around the world and organizations have used this new reality basically as an excuse for mass surveillance,” says Perry. His own government has used a track and trace system that monitors interactions between Israeli citizens using cell phone location data to determine whether anyone had been in contact with a person who had COVID-19.
While awareness of the issue may be increasing among consumers and regulators alike, the damage has, in many cases, already been done. Social media companies have already had their troves of images scraped by companies like Clearview AI, ClearView, HighQ and NTechLabs, and much of our personal information is already circulating online.
D-ID is undeterred. Founded by Perry and two other members of the Israeli army’s cybersecurity and offensive cyber unit, 8200, Sella Blondheim and Eliran Kuta, D-ID thinks the need for anonymizing technologies will continue to expand — thanks to new privacy legislation in Europe and certain states in the U.S.
Meanwhile, the company is also exploring other applications for its technology. The services that D-ID uses to mask and blur faces can also be used to create deepfakes of images and video.
The market for these types of digital manipulations are still in their earliest days, according to Perry. Still, the company’s pitch managed to intrigue new lead investor AXA Ventures, which joined backers including Pitango, Y Combinator, AI Alliance, Hyundai, Omron, Maverick (U.S.) and Mindset, to participate in the company’s $13.5 million round.
D-ID already sees demand coming from automakers who want to use the technology to anonymize their driving monitoring systems — enabling them to record drivers’ reactions, but not any public identifying information. Security technologies that monitor for threats are another potential customer, according to the company. While closed circuit television monitors a physical space, it doesn’t need to collect the identifying information of people entering and exiting buildings.
“The convergence of increased surveillance and individual privacy protection places enterprises in a position where they must either anonymize their stored footage or risk violating privacy laws and face costly penalties.” said Blondheim.
The technical wizardry that D-ID has mastered is impressive — and a necessary defensive tool to ensure privacy in the modern world, according to its founders. Consumers are demanding it, according to D-ID’s chief executive.
“Privacy awareness and the importance of privacy enhancing technologies have increased,” Perry said.
Powered by WPeMatico
The private space industry is seeing a revolution driven by cube satellites, which are affordable, lightweight satellites that are much easier than traditional satellites to design, build and launch. It’s paving the way for new businesses like Wyvern, an Alberta-based startup that provides a very specific service that wouldn’t even have been possible to offer a decade ago: Relatively low-cost access to hyperspectral imaging taken from low-Earth orbit, which is a method for capturing image data of Earth across many more bands than we’re able to see with our eyes or traditional optics.
Wyvern’s founding team, including CEO Chris Robson, CTO Kristen Cote, CSO Callie Lissinna and VP of Engineering/COO Kurtis Broda, had experience building satellites through their schooling, including working on building the first-ever satellite in space designed and built in Alberta, Ex-Alta 1. They’ve also developed their own proprietary optical technology to develop the kind of imagery that will best serve the needs of the clients they’re pursuing. Their first target market, for instance, are farmers, who will be able to log into the commercial version of their product and get up-to-date hyperspectral imaging data of their fields, which can help them optimize yield, detect changes in soil makeup (which will tell them if they have too little nitrogen) or even help them spot invasive plants and insects.
“We’re doing all sorts of things that directly affect the bottom line of farmers,” explained Robson in an interview. “If you can detect them, and you can quantify them, and the farmers can make decisions on how to act and ultimately how to increase the bottom line. A lot of those things you can’t do with multi-spectral [imaging] right now, for example, you can’t speciate with multi-spectral, so you can’t detect invasive species.”
Multi-spectral imaging, in contrast to hyperspectral imaging, measures light on average in between three to 15 bands, while hyperspectral can manage as many as hundreds of adjoining or neighboring bands, which is why it can do more specialist things like identifying the species of animals on the ground in an observed area from a satellite’s perspective.
Hyperspectral imaging is already a proven technology in use around the world for exactly these purposes, but the main way it’s captured is via drone airplanes, which Robson says is much more costly and less efficient than using CubeSats in orbit.
“Drone airplanes are really expensive, and with us, we’re able to provide it for 10 times less than a lot of these drones currently in use,” he said.
Wyvern’s business model will focus on owning and operating the satellites; providing access to the data, it caters to customers in a way that’s easy for anyone to access and use.
“Our key differentiator is the fact that we allow access to actual actionable information,” Robson said. “Which means that if you want to order imagery, you do it through a web browser, instead of calling somebody up and waiting one to three days to get a price on it, and to find out whether they could even do what you’re asking.”
Robson says that it’s only even become possible and affordable to do this because of advances in optics (“Our optical system allows us to basically put what should be a big satellite into the form factor of a small one without breaking the laws of physics,” Robson told me), small satellites, data storage and monitoring stations, and privatized launches making space accessible through hitching a ride on a launch alongside other clients.
Wyvern will also occupy its own, underserved niche providing this highly specialized info, first to agricultural clients, and then expanding to five other verticals, including forestry, water quality monitoring, environmental monitoring and defense. This isn’t something other more generalist satellite imaging providers like Planet Labs will likely be interested in pursuing, Robson said, because it’s an entirely different kind of business with entirely different equipment, clientele and needs. Eventually, Wyvern hopes to be able to open more broadly access to the data it’s gathering.
“You have the right to access [information regarding] the health of the Earth regardless of who you are, what government you’re under, what country you’re a part of or where you are in the world,” he said. “You have the right to see how other humans are treating the Earth, and to see how you’re treating the Earth and how your country is behaving. But you also have the right to take care of the Earth, because we’re super predators. We’re the most intelligent species. We are; we have the responsibility of being stewards of the Earth. And part of that, though, is being able to add almost omniscience of what’s going on in the Earth in the same way that we understand what’s going on in our bodies. That’s what we want for people.”
Right now, Wyvern is very early on the trajectory of making this happen — they’re working on their first round of funding, and have been speaking to potential customers and getting their initial product validation work finalized. But with actual experience building and launching satellites, and a demonstrated appetite for what they want to build, it seems like they’re off to a promising start.
Powered by WPeMatico

There’s a lot you can make with a 3D printer: from prosthetics, corneas, and firearms — even an Olympic-standard luge.
You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.
Bad news if you’re an Android user: only the iPhone X defended against the attack.
Gone, it seems, are the days of the trusty passcode, which many still find cumbersome, fiddly, and inconvenient — especially when you unlock your phone dozens of times a day. Phone makers are taking to the more convenient unlock methods. Even if Google’s latest Pixel 3 shunned facial recognition, many Android models — including popular Samsung devices — are relying more on your facial biometrics. In its latest models, Apple effectively killed its fingerprint-reading Touch ID in favor of its newer Face ID.
But that poses a problem for your data if a mere 3D-printed model can trick your phone into giving up your secrets. That makes life much easier for hackers, who have no rulebook to go from. But what about the police or the feds, who do?
It’s no secret that biometrics — your fingerprints and your face — aren’t protected under the Fifth Amendment. That means police can’t compel you to give up your passcode, but they can forcibly depress your fingerprint to unlock your phone, or hold it to your face while you’re looking at it. And the police know it — it happens more often than you might realize.
But there’s also little in the way of stopping police from 3D printing or replicating a set of biometrics to break into a phone.
“Legally, it’s no different from using fingerprints to unlock a device,” said Orin Kerr, professor at USC Gould School of Law, in an email. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape, he said.
Although a warrant “wouldn’t necessarily be a requirement” to get the biometric data, one would be needed to use the data to unlock a device, he said.
Jake Laperruque, senior counsel at the Project On Government Oversight, said it was doable but isn’t the most practical or cost-effective way for cops to get access to phone data.
“A situation where you couldn’t get the actual person but could use a 3D print model may exist,” he said. “I think the big threat is that a system where anyone — cops or criminals — can get into your phone by holding your face up to it is a system with serious security limits.”
The FBI alone has thousands of devices in its custody — even after admitting the number of encrypted devices is far lower than first reported. With the ubiquitous nature of surveillance, now even more powerful with high-resolution cameras and facial recognition software, it’s easier than ever for police to obtain our biometric data as we go about our everyday lives.
Those cheering on the “death of the password” might want to think again. They’re still the only thing that’s keeping your data safe from the law.
Powered by WPeMatico
Not far from Tel Aviv a drone flies low over a gritty landscape of warehouses and broken pavement. It slowly approaches its home — a refrigerator-sized box inside a mesh fence, and hovers, preparing to dock. It descends like some giant bug, whining all the way, and disappears into its base where it will be cleaned, recharged and sent back out into the air. This drone is doing the nearly impossible: it’s flying and landing autonomously and can fly again and again without human intervention — and it’s doing it all inside a self-contained unit that is one of the coolest things I’ve seen in a long time.
The company that makes the drone, Airobotics, invited us into their headquarters to see their products in action. In this video we talk with the company about how the drones work, how their clients use the drones for mapping and surveillance in hard-to-reach parts of the world and the future of drone autonomy. It’s a fascinating look into technology that will soon be appearing in jungles, deserts and war zones near you.
Powered by WPeMatico
What’s worse than companies selling the real-time locations of cell phones wholesale? Failing to take security precautions that prevent people from abusing the service. LocationSmart did both, as numerous sources indicated this week.
The company is adjacent to a hack of Securus, a company in the lucrative business of prison inmate communication; LocationSmart was the partner that allowed the former to provide mobile device locations in real time to law enforcement and others. There are perfectly good reasons and methods for establishing customer location, but this isn’t one of them.
Police and FBI and the like are supposed to go directly to carriers for this kind of information. But paperwork is such a hassle! If carriers let LocationSmart, a separate company, access that data, and LocationSmart sells it to someone else (Securus), and that someone else sells it to law enforcement, much less paperwork required! That’s what Securus told Senator Ron Wyden (D-OR) it was doing: acting as a middle man between the government and carriers, with help from LocationSmart.
LocationSmart’s service appears to locate phones by which towers they have recently connected to, giving a location within seconds to as close as within a few hundred feet. To prove the service worked, the company (until recently) provided a free trial of its service where a prospective customer could put in a phone number and, once that number replied yes to a consent text, the location would be returned.
It worked quite well, but is now offline. Because in its excitement to demonstrate the ability to locate a given phone, the company appeared to forget to secure the API by which it did so, Brian Krebs reports.
Krebs heard from CMU security researcher Robert Xiao, who had found that LocationSmart “failed to perform basic checks to prevent anonymous and unauthorized queries.” And not through some hardcore hackery — just by poking around.
“I stumbled upon this almost by accident, and it wasn’t terribly hard to do. This is something anyone could discover with minimal effort,” he told Krebs. Xiao posted the technical details here.
They verified the back door to the API worked by testing it with some known parties, and when they informed LocationSmart, the company’s CEO said they would investigate.
This is enough of an issue on its own. But it also calls into question what the wireless companies say about their own policies of location sharing. When Krebs contacted the four major U.S. carriers, they all said they all require customer consent or law enforcement requests.
Yet using LocationSmart’s tool, phones could be located without user consent on all four of those carriers. Both of these things can’t be true. Of course, one was just demonstrated and documented, while the other is an assurance from an industry infamous for deception and bad privacy policy.
There are three options that I can think of:
None of these is particularly heartening. But no one expected anything good to come out of a poorly secured API that let anyone request the approximate location of anyone’s phone. I’ve asked LocationSmart for comment on how the issue was possible (and also Krebs for a bit of extra data that might shed light on this).
It’s worth mentioning that LocationSmart is not the only business that does this, just the one implicated today in this security failure and in the shady practices of Securus.
Powered by WPeMatico
Chinese authorities revealed over the weekend that they have the capability of retrieving deleted messages from the almost universally used WeChat app. The admission doesn’t come as a surprise to many, but it’s rare for this type of questionable data collection tactic to be acknowledged publicly.
As noted by the South China Morning Post, an anti-corruption commission in Hefei province posted Saturday to social media that it has “retrieved a series of deleted WeChat conversations from a subject” as part of an investigation.
The post was deleted Sunday, but not before many had seen it and understood the ramifications. Tencent, which operates the WeChat service used by nearly a billion people (including myself), explained in a statement that “WeChat does not store any chat histories — they are only stored on users’ phones and computers.”
The technical details of this storage were not disclosed, but it seems clear from the commission’s post that they are accessible in some way to interested authorities, as many have suspected for years. The app does, of course, comply with other government requirements, such as censoring certain topics.
There are still plenty of questions, the answers to which would help explain user vulnerability: Are messages effectively encrypted at rest? Does retrieval require the user’s password and login, or can it be forced with a “master key” or backdoor? Can users permanently and totally delete messages on the WeChat platform at all?
Fears over Chinese government access to data held or handled by Chinese companies has led to a global backlash against those companies, including some countries (including the U.S.) banning Chinese-made devices and services from sensitive applications or official use altogether.
Powered by WPeMatico