Tag Archives: National security

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service.

The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left.

To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to use it—and we quickly found my wife, emptying her trolley at checkout line 17. Behind her was our daughter in her stroller, not being overly patient. It took us an hour but in the end we established what look liked a pretty clear chain of events. She had the bag containing the phone, which she gave to our daughter to distract her at the checkout. One frame shows the bag falling from her hands onto the floor, unnoticed by my wife.

Then, a few seconds later, the bag is mysteriously whisked off the floor by another shopper. I couldn’t believe someone would so quickly swoop. The CCTV records only a frame a second, so it took us some time to narrow it down to a woman wearing black leggings, a white top and a black belt. Another half hour of checks and we got her face as she bought her groceries at another till. No sign of the phone bag by this time, but I was pretty sure we had our man. Well, woman.

Except I’m not sure we did. What I learned in that control room is that video offers a promise of surveillance that doesn’t lie. It seems to tell us a story, to establish a clear chain of events. But the first thing I noticed was when I walked back out into the supermarket, was that how little of the floor it covered, and how narrow each camera’s perspective was.

For the most part we’ve learned that photos don’t always tell the truth. They can be manipulated; they offer only a snapshot, without context. But what about videos? We now expect to see cameraphone footage in our news bulletins, jerky, grainy recordings taken by unseen hands, raw and often without context.

This is not to say videos are not powerful truth tellers. But we tend to see what we want to see. When a policeman pepper sprays protests at the University of California there is outrage, and it does indeed appear to be unwarranted. But when four of the videos are synchronized together a more complex picture emerges. Not only can one see the incident within context, but also one gets a glimpse of a prior exchange, as the officer explains what he is about to do to one protester, who replies, almost eagerly: “You’re shooting us specifically? No that’s fine, that’s fine.”

This is not to condone what happens next, but this exchange is missing from most of the videos. The two videos that contain the full prelude are, of course, longer, and have been watched much fewer times: 12,658 (15 minutes) and 245,226 times (8 minutes) versus 1,346,781 times (1 minute) for the one that does not  (the other video has since been taken down).

I’m not suggesting that the more popular video has been deliberately edited to convey a different impression, but it’s clearly the version of events that most are going to remember.

We tend to believe video more than photos. They seem harder to doctor, harder to hoodwink us, harder to take out of context. But should we?

It’s true that videos are harder to fake. For now. But even unfaked videos might seem to offer a version of the facts that isn’t the whole story. Allegations that former IMF president  Dominique Strauss-Kahn may have been framed during a sexual encounter at a New York Hotel, for example, have recently been buttressed by an extensive investigation published recently in the New York Review of Books. There’s plenty of questions raised by the article, which assembles cellphone records, door key records, as well as hotel CCTV footage.

The last seems particularly damning. A senior member of the hotel staff is seen high-fiving an unidentified man and then performing what seems to be an extensive dance of celebration shortly after the event. This may well be the case, but I’d caution against relying on the CCTV footage. For one thing, if this person was in any way involved, would they not be smart enough to confine their emotions until they’re out of sight of the cameras they may well have installed themselves?

Back to my case: Later that night we got a call that our phone had been recovered. The police, to whom I had handed over all my CCTV evidence, said I was lucky. A woman had handed it in to the mall’s security people. I sent her a text message to thank her. I didn’t have the heart to ask her whether she had been wearing black trousers and white top.

But I did realise that the narrative I’d constructed and persuaded myself was the right one was just that: a story I’d chosen to see.

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

Taking Shady RAT to the Next Level

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data.

Alperovitch points out that their data goes back to mid-2006:

We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises.

This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard drives were filling up with eavesdropped documents:

We have received over 1 million documents from 13 countries, despite not having publicly launched yet! (Wikileaks Leak, Jan, 2007)

Although Assange has since denied the material came from eavesdropping, it seems clear that it was, until McAfee’s report, the earliest example of a significant trove of documents and emails stolen by China-based hackers. This may have been the same channel stumbled upon a year later by Egerstad (Dan Egerstad’s Tor exit nodes get him arrested and proves a point I made in July | ZDNet).

There were, however, reports in mid 2006 of largescale theft of documents: State Dept (May), and NIPRNet (June), US War College (Sept) and German organisations (October).

I would like to see more data from McAfee and, in the interests of transparency, at least the metadata from the still unrevealed WikiLeaks stash in order to do some note comparing and triangulation. I’d also like to see this material compared with the groundbreaking work by three young Taiwanese white hats, who have sifted through malware samples to try to group together some of these APTs: APT Secrets in Asia – InSun的日志 – 网易博客.

The work has just begun.

Data, WikiLeaks and War

I’m not going to get into the rights and wrongs of the WikiLeaks thing. Nor am I going to look at the bigger implications for the balance of power between governed and governing, and between the U.S. and its allies and foes. Others have written much better than I can on these topics.

I want to look at what the cables tell us about the sorting, sifting and accessing of this information. In short, what does this tell us about how the world’s most powerful nation organized some of its most prized data?

To start, with, I want to revisit a conversation I had sitting in the garden of a Kabul pub called the Gandermack a few weeks back when it struck me: the biggest problem facing NATO in winning the war in Afghanistan is data.

I was talking to a buff security guy—very buff, in fact, as my female companions kept remarking—who was what might have once been a rare breed, but are now in big demand in Afghanistan. He was a former marine (I think), but was also a computer guy with an anthropology or sociology degree under his black belt somewhere. This guy knew his stuff.

And he was telling the NATO forces where they were going wrong: data management.

The problem, he explained, is not that there isn’t enough of it. It’s that there’s too much of it, and it’s not being shared in a useful way. Connections are not being made. Soldiers are drowning in intelligence.

All the allied forces in Afghanistan have their own data systems. But, I was told, there’s no system to make sense of it. Nor is there one to share it. So data collected by a garrison from one country in one part of the country is not accessible by any of the other 48 nations.

On the surface it seems this problem was fixed. In the wake of 9/11 U.S. departments were told to stop being so secretive. Which is why we got to WikiLeaks–one guy apparently able to access millions of classified documents from pretty much every corner of the planet. If he could do then so could thousands of other people. And, one would have to assume, so could more than a few people who weren’t supposed to have access. To give you an idea of the trove unearthed, WikiLeaks has released about 1,000 so far, meaning it’s going to take them nearly seven years to get all the cables out. Cable fatigue, anyone?

So, it would seem that the solution to the problem of not having enough pooled information is to just let anyone have it. But that, it turns out, isn’t enough. That’s because what we see from the WikiLeaks material is how old it looks.

I spent much of the early 1980s trawling through this kind of thing as a history student. Of course, they were all declassified documents going back to the 1950s, but the language was remarkably similar, the structure, the tone, the topics, the look and feel. A diplomatic cable in 2010 looks a lot like a cable from 50 years ago. In the meantime communication has gone from the telegraph to the fax to email to blogs to the iphone to twitter to Facebook.

This, to me, is the problem. It’s not that we’ve suddenly glimpsed inside another world: We would have seen a lot of this stuff at some point anyway, though it’s useful to see it earlier. Actually we can take some succour from the fact that diplomats seem to be doing a pretty good job of reporting on the countries they’re posted to. Journalists shouldn’t be surprised; we’ve relied on diplomats for a while. (And they might rightly feel somewhat aggrieved we now do this to them.)

No, the problem that WikiLeaks unearths is that the most powerful nation on earth doesn’t seem to have any better way of working with all this information than anyone else. Each cable has some header material—who it’s intended for, who it’s by, and when it was written. Then there’s a line called TAGS, which, in true U.S. bureaucratic style doesn’t actually mean tags but “Traffic Analysis by Geography and Subject”—a state department system to organize and manage the cables. Many are two letter country or regional tags—US, AF, PK etc—while others are four letter subject tags—from AADP for Automated Data Processing to PREL for external political relations, or SMIG for immigration related terms.

Of course there’s nothing wrong with this—the tag list is updated regularly (that last one seems to be in January 2008). You can filter a search by, say, a combination of countries, a subject tag and then what’s called a program tag, which always begins with K, such as KPAO for Public Affairs Office.

This is all very well, but it’s very dark ages. The trouble is, as my buff friend in the Kabul garden points out, there’s not much out there that’s better. A CIA or State Department analyst may use a computer to sift through the tags and other metadata, but that seems to be the only real difference between him and his Mum or Dad 50 years before.

My buff friend made a comparison with the political officer in today’s ISAF with a political officer (sometimes called an agent) back in the days of the British Raj. Back then the swashbuckling fella would ride a horse, sleep on the ground and know the Afghan hinterlands like the back of his hand, often riding alone, sipping tea with local chieftains to collect intelligence and use it to effect change (in this case meaning extend the already bulging British sphere of influence.) He would know the ins and outs of local tribal rivalries, who hated whom, etc. All of it stored in his head or in little notebooks.

His modern equivalent may actually have the same information, but it’ll be gleaned from the occasional photo opportunity, a squillion intelligence reports, all suitably tagged, and perhaps footage from a couple of drones. If the chieftain he’s interested in coopting straddles a regional command, chances are that he won’t be able to access anyone else’s information on him–assuming they have any.

In short, the problem in the military and diplomatic world is the same we’re facing in the open world. We have a lot more information than we can use—or keep track of—and it’s not necessarily making us any smarter. Computers haven’t helped us understand stuff better—they’ve just helped us collect, share, and lose more of it.

I must confess I’ve not made much progress on this myself. My main contribution is persuading a researcher friend to use a program called PersonalBrain, which helps you to join the dots between people, things, organisations, whatever you’re trying to figure out. It’s all manual though, which puts people off: What you mean I have to make the connections myself? Well, yes. Computers aren’t magic.

Yet. It’s clear to me that 10 years down the track, I hope, we’ll finally get that writing in prose, and then adding a hierarchy of labels to a document, is no longer the way to go. Instead, we’ll be writing into live forms that make connections as we write, annotate on the fly, draw spindly threads to other parts of our text, and make everything come to life. I will be able to pull into the document visuals, audio, other people, old records, chronologies, maps, and work with the data in three dimensions.

If this sounds familiar, it’s probably because it sounds like science fiction, something like Minority Report. But it’s not; it’s a glimpse inside the mind of our imperial political agent; how he would make those connections because they were all in his head—neurons firing transmitters, axons alive, binding synapses.

If I were the U.S. government, I would take Cablegate as a wake up call. Not at the affrontery of this humiliation, but as a chance to rethink how its data is being gathered and made use of. Cablegate tells us that the world of the cable is over.

Singapore Details ‘Waves’ of Cyberattacks

Officials and delegates from APEC economies were targeted ahead of last year’s Singapore meeting with malware-laden emails faked so they appeared to have been sent by Singapore government officials on the Organising Committee.

Singapore officials have said the attacks were not the first on the country. Although Singapore regularly highlights threats to national security—including Islamic terrorism—the admission that it has been the victim of cyber attacks is, according to the Straits Times, its most detailed account.

Although it’s hard to read too much into the statements made to judge who may have been behind the attacks, it’s interesting that Singapore is drawing attention to this—not least because there’s bound to be speculation about just this point. The current flood of WikiLeaks cables about this very issue is a coincidence. But the description of the attacks fits a pattern familiar to security experts:

Between September and November 2009 APEC officials, and delegates of several APEC economies were targeted with Trojan-laden emails “with the aim of infiltrating their computers and extracting privileged information.” There were at least seven waves of such attacks, focusing on members of the APEC organising committe and APEC delegates whose email addresses were published on websites or in APEC mailing lists. (APEC, Asia-Pacific Economic Cooperation, is a forum for 21 regional economies set up in 1989. Singapore hosted meetings throughout 2009 culminating in a leaders’ meeting in Singapore from November 14-15.) 

The attacks were first mentioned in a speech by Ho Peng Kee, Senior Minister Of State For Law & Home Affairs, who told a seminar on Sept 28 that “Singapore has its fair share of cyber attacks.” More details were  added in an internal but publicly accessible Ministry of Home Affairs magazine, the Home Team Journal, by Loh Phin Juay, head of the Singapore Infocomm Technology Security Authority and reported in the Straits Times on Saturday, December 4.  (The Straits Times called the perpetrators “cyberterrorists”.)

Loh wrote in the magazine article that “between 2004 and 2005, the Singapore government saw waves of Trojan email attacks which were commonly referred to as the Trojan Riler attacks.” The attacks came in four waves over a span of two years, he said, in the form of more than 900 emails targeting officials in several ministries.  

Loh Phin Juay said that the first two waves in the 2009 attacks used PowerPoint and PDF attachments to emails puportedly warning about possible terrorist attacks on the meeting. A subsequent wave included “legitimate information relevant to the APEC 2009 meetings”—in this case an invitation to an actual APEC symposium.

Some of the malicious emails “contained details of actual APEC events (date, time, venue) not known to the general public.” This suggests to me that either the first wave was successful in gaining access to some sensitive information, or, less likely, that those perpetrating the attack were already privy to it (raising the question why they didn’t use that information in the first wave.) Both officials said no significant disruption was caused by the APEC attack.

Singapore last year set up a special body, the Singapore Infocomm Technology Security Authority (SITSA), “to safeguard Singapore against infocomm technology (IT) security threats. SITSA will be the national specialist authority overseeing operational IT security. SITSA’s mission is to secure Singapore’s IT environment, especially vis-à-vis external threats to national security such as cyber-terrorism and cyber-espionage.”

Neither official speculates about the origin of the attacks. In his speech Ho Peng Kee referred separately to Operation Aurora, a cyber attack from mid 2009 to December 2009 on dozens of Western companies including Google, which alleged the attacks began in China. Loh Phin Juay referred in his article to GhostNet, a cyber espionage network which had its command and control network based in China and which penetrated government and embassy computers in a number of countries, including some in Southeast Asia. (Singapore was not mentioned in reports of the compromised computers.)

But he writes that “to date, the perpetrators of GhostNet remain unknown,” and neither man links the Singapore attacks to either event. The Trojan Riler was, according to Symantec, first discovered on September 8, 2004; It has been associated with corporate espionage but also the GhostNet attacks.

A pale white man shows us what journalism is

My weekly Loose Wire Service column.

Is the Internet replacing journalism?

It’s a question that popped up as I gazed at the blurred, distorted web-stream of a press conference from London by the founder of WikiLeaks, a website designed to “protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public”.

On the podium there’s Julian Assange. You can’t make a guy like this up. White haired, articulate and defensive, aloof and grungy, specific and then sweepingly angry. Fascinating. In a world of people obsessed by the shininess of their iPhones, Assange is either a throwback to the past or a gulf of fresh air.

WikiLeaks, which has been around for a few years but has, with the release of mounds of classified data about the Afghan War, come center stage.

Assange doesn’t mince his words. He shrugs off questions he doesn’t like by pointing his face elsewhere and saying “I don’t find that question interesting.” He berates journalists for not doing their job — never

something to endear an interviewee to the writer.
But in some ways he’s right. We haven’t been doing our job. We’ve not chased down enough stories, put enough bad guys behind bars (celebrities don’t really count.) His broadsides may be more blunderbuss than surgical strike, but he does have a point. Journalism is a funny game. And it’s changing.

Asked why he chose to work with three major news outlets to release the Afghan data, he said it was the only way to get heard. He pointed out that he’d put out masses of interesting leaks on spending on the Afghan war previously and hardly a single journalist had picked it up.

Hence the — inspired — notion of creating a bit of noise around the material this time around. After all, any journalist can tell you the value of the material is less intrinsic than extrinsic: Who else is looking for it, who else has got it, and if so can we publish it before them.

Sad but true. We media tend to only value something if a competitor does. A bit like kids in the schoolyard. By giving it to three major outlets — New York Times, The Guardian, Der Spiegel — Assange ensured there was not only a triple splash but also the matchers from their competitors.

So Assange is right. But that’s always been like that. Assange is part of — and has identified — a much deeper trend that may be more significant than all the hand-wringing about the future of the media.

You see, we’ve been looking at media at something that just needs a leg-up. We readily admit the business model of the media is imploding.

But very little discussion of journalism centers on whether journalism itself might be broken. Assange — and others – believe it is.

The argument goes like this.

The model whereby media made a lot of money as monopolistic enterprises — fleecing advertisers at one end, asking subscribers to pay out at the other, keeping a death grip on the spigot of public, official or company information in the middle — has gone. We know that.

But what we don’t perhaps realize is that the Internet itself has changed the way that information moves around. I’m not just talking about one person saying something on Twitter, and everyone else online reporting it.

I’m talking about what news is. We journalists define news in an odd way — as I said above, we attach value to it based on how others value it, meaning that we tend to see news as a kind of product to grab.

The Internet has changed that. It’s turned news into some more amorphous, that can be assembled from many parts.

Assange and his colleagues at WikiLeaks don’t just act as a clearing house for leaked data. They add extraordinary value to it.

Don’t believe me? Read a piece in The New Yorker in June, about the months spent on cracking the code on, and then editing video shot in Iraq.

In a more modest way this is being done every day by bloggers and folk online, who build news out of small parts they piece together —some data here, a report there, a graphic to make sense of it. None of these separate parts might be considered news, but they come together to make it so.

Assange calls WikiLeaks a stateless news organization. Dave Winer, an Internet guru, points out that this pretty much is what the blogosphere is as well. And he’s right. WikiLeaks works based on donations and collaborative effort. Crowd-sourcing, if you will.

I agree with all this, and I think it’s great. This is happening in lots of interesting places — such as Indonesia, where social media has mobilized public opinion in ways that traditional media has failed.

But what of journalism, then?

Jeff Jarvis, a future-of-media pundit, asked the editor of The Guardian, one of the three papers that WikiLeak gave the data too first, whether The Guardian should have been doing the digging.

He said no; his reporters add value by analyzing it. “I think the Afghan leaks make the case for journalism,” Alan Rusbridger told Jarvis. “We had the people and expertise to make sense of it.”

That’s true. As far as it goes. I tell my students, editors, colleagues, anyone who will listen, that our future lies not so much in reporting first but adding sense first. And no question, The Guardian has done some great stuff with the data. But this is a sad admission of failure — of The Guardian, of reporting, of our profession.

We should be looking at WikiLeaks and learning whatever lessons we can from it. WikiLeaks’ genius is manifold: It has somehow found a way to persuade people, at great risk to themselves, to send it reams of secrets. The WikiLeaks people do this by taking that data seriously, but they also maintain a healthy paranoia about everyone — including themselves — which ensures that sources are protected.

Then they work on adding value to that data. Rusbridger’s comments are, frankly, patronizing about WikiLeaks’ role in this and previous episodes.

We journalists need to go back to our drawing boards and think hard about how WikiLeaks and the Warholesque Assange have managed to not only shake up governments, but our industry, by leveraging the disparate and motivated forces of the Internet.

We could start by redefining the base currency of our profession — what news, what a scoop, what an exclusive is. Maybe it’s the small pieces around us, joined together.

Indian Slumdwellers Protest Biometric Scanning of Impersonators. I Think

Who says that privacy is only an issue in the First World? According to The Times of India residents of Palsora and Lal Bahadur Shastri colonies have demonstrated against “alleged irregularities in the biometric test, which is being carried out in the slum areas to check “impersonation at any level.” The problem, it seems, is that people have been impersonating other people, sometimes twice, to register or occupy property.

A couple of interesting things about this. First off, this is not just any old biometric test. The administration, the story says, plans to test “all those living in slums [who] will have to furnish details of their fingerprints, photographs, face recognition, voice recognition, signature, shape of the hand, and other such details.” This sounds quite advanced. (Shape of the hand? Is this a first? ) Slumdwellers would also be asked to submit the usual stuff, such as “personal details, including date and place of birth, father’s name, number of family members, present address, et al.” All in all, that’s quite a survey. The government is going to have more data on the slumdwellers of Chandigarh than probably anyone else on the planet.

Slumdwellers are now protesting outside the regional government offices, probably as we speak. Well, not today, as it’s the Hindu New Year, I believe. However, they are not up in arms about this apparent invasion of their privacy (voice recognition?), but that “genuine people were being ignored in the survey.” I take this to mean (and I could be wrong) that the survey teams seem to be focusing mainly on impersonators. (Can that be right? – Ed) If true, this might be the first recorded Protest Against A Survey of Slumdweller Impersonators.

The Real Lesson From CardSystems

The sad truth about the CardSystems debacle is that it wasn’t unusual, at least in the delay and obfuscation over reporting it. An AP report in yesterday’s HoustonChronicle says

Most businesses do not report cyber attacks to law enforcement authorities, fearing the disclosure would harm their image and benefit rivals, FBI Director Robert Mueller said Tuesday.

Mueller’s comments were based on an annual survey conducted by the FBI and the private Computer Security Institute that found just 20 percent of businesses reported computer intrusions last year, a figure that has held steady for several years.

The reasons cited most often for keeping the incidents quiet were loss of business to competitors and potential damage to a company’s image.

In other words, don’t tell anyone and you’re fine. The old security through secrecy thang. Hopefully CardSystems will make people aware that’s just not going to cut it anymore.

Fingerprint Readers And Baths

Something I’ve noticed about biometric fingerprint readers. They don’t work well after a bath. Why is that? Are our fingers different after a bath? I mean, they look different — all wrinkly, for one thing — but why does that mess up the fingerprint reader? I do my best thinking in the bath, and it’s getting frustrating to have to wait five minutes while my fingers return to normal before I can gain access to my computer. That’s the sort of warning they should put on the box.

Can We Trust Anti-Spy Software?

Who watches over the watchers? In software, it seems, it’s often the same folk.
 
Reading a press release for X-Cleaner, “a privacy tool suite that detects and removes installed spyware and adware components”, it sounded interesting enough for a mention. After all, it “includes tools to securely delete files, edit the registry, disable startup programs”, as well as “IE home page protection, cookie, cache and history cleaning, built-in password generator and more”. What’s more, there’s a free version with some features disabled. Not a bad tool for those folk worried about keylogging phisher trojans and whatnot.
 
But when I tried to find out who the company is behind it — never easy with companies working outside the U.S., I find — I saw some of the other software sold by the same company. The company is called XKee, it does not reveal where it’s based (and the WHOIS registrant information for the website contains a UK-based email address and a half-complete New York mailing address). XKee says (and I reproduce the original formatting here) “WE DO NOT MAKE ANY OF THE SOFTWARE! EACH PRODUCT IS SUBMITTED BY A SOFTWARE COMPANY OR DEVELOPER, OR IS PICKED FROM THE INTERNET BY OUR EDITORS. WHAT WE DO IS REVIEW AND RATE THE SOFTWARE, CATEGORIZE IT AND MAKE IT AVAILABLE TO YOU.”
 
Among those products are:
  •  iSpyNOW, “the critically acclaimed, award winning remotely deployable computer monitoring application. iSpyNOW is first of its kind – offering users the ability to remotely monitor a machine via a web interface without ever having physical access to that PC. iSpyNOW 3.0 now sets a standard in the remote monitoring and surveillance market. Read below to see why iSpyNOW 3.0 is the most powerful remote surveillance software offered anywhere!”
  • SpyBuddy,  ”the award-winning, powerful spy software and computer monitoring product for monitoring spouses, children, co-workers, or just about anyone else! SpyBuddy allows you to monitor all areas of your PC, tracking every action down the last keystroke pressed or the last file deleted! SpyBuddy comes equipped with the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, every application executed, every document printed, every file or folder renamed and/or modified, all text and images sent to the clipboard, every keystroke pressed, every password typed, and more!”

Now, I know that software sites such as this are not unusual, and it’s also not unusual that they’re going to sell software that plays both sides of the fence — snooping, and anti-snooping — but it made me wonder: In these days of sophisticated fakery, how do we know the anti-snooping software does what it says it does? How do we know the software is not doing its own kind of snooping, like the other products on sale? If a company is happily selling snooping software, how far can we trust them to sell us something that does what it says it does?

The answer in the case of X-Cleaner is this: Despite the similar sounding names, it does not appear that X-Cleaner is related to XKee. X-Cleaner, from what I can see, is a bona fide anti-spyware program produced in Belgium by a company called Xblock. It has been reviewed in PCWorld and elsewhere, so is probably kosher. But there’s no easy way of telling any of this by visiting the websites of XKee, X-Cleaner or Xblock. I could find no useful company page, nothing to identify the folk behind it and an address or something to grab a hold of.

My feeling is this: I’m sure XKee and companies are not into anything sleazy, but nowadays I think they have got be much more upfront about who they are if they want to be credible: Especially if they’re selling potentially law-breaking software like spyware and mass-mailers. We need a physical address, some names, a corporate identity that stands up to scrutiny and customer queries. For the user, I’d say this: Be wary of any software that promises to keep your privacy unless you’ve read a review by someone you respect, and you have a pretty good idea of who’s behind it. For columnists like me, I’m going to be more careful about what software I recommend in future. End of sermon.