It is a little known fact that Mark Zaid, the Ukraine call whistleblower’s maverick attorney, has a number of superpowers. These talents go far beyond his uncanny ability to squeeze money and fame from the dead, instantly teleport to the CNN studio, and provide a never ending pseudo-legal narrative that supports President Trump’s impeachment and the justification for general Flynn’s persecution. Zaid himself, as well as his sizable fan base have compared him to hybrid of Clark Kent and James Bond.
Image 1: Mark Steven Zaid and his alter egos of Clark Kent and James Bond
Image 2: Squeezing money and fame from the dead: Mark Zaid, the attorney of Mohamed Al-Fayed, promoting the conspiracy theory that Princess Diane was murdered by the Crown because she was pregnant
But in addition to these superpowers, Zaid has some additional skillz that haven’t been made public until now. It turns out that he is psychic and a fortune teller as well. In March 13, 2017 using what can only be attributed to divination, Zaid’s partner, John N. Tye, reinstated a 4 year defunct company called Values United DBA Whistleblower Aid.
Tye described this reborn organization as:
“a pioneering, non-profit law firm that helps patriotic government employees and brave, private-sector workers report and publicize their concerns” with legal advice that “is confidential, but never ideological or partisan.”
Image 3: Mark Zaid, the founding legal partner and John Tye, the CEO of Whistleblower Aid
Shortly after their 2017 re-formation, Tye donated $1.5 million to the organization (oddly, in 2015, he had difficulty paying $13K in legal fees) and launched a media blitz in Washington D.C. to publicize their services. The $$$ advertising campaign included ads on the D.C. Metro, people on street corners handing out branded red and blue whistles, posters, and mobile billboards that drove 8-10 hours a day circling the White House, the Capitol, the Pentagon, the CIA HQ, and the the National Security Agency HQ.
Image 4: Sample Whistleblower Aid advertisement blitz on the D.C. Metro, mobile billboard, street signs, and John Tye personally handing out flyers soliciting leakers of classified government materials
Currently, Whistleblower Aid advertises the following services:
Whistleblower Aid seeks to lower the barriers for courageous patriots to step forward. As a human and civil rights organization headquartered in the District of Columbia, in some cases we hope to provide clients with additional support including:
Media & public relations coaching
Dedicated, Secure Devices for clients’ use in communicating with us about their case
Employment claims under the Whistleblower Protection Act
Temporary rent or mortgage support and networking to help find new jobs, in case of loss of employment
Psycho-social counseling and treatment
The 5 star pampered treatment they offer (i.e. PR coaching, psycho-social consulting and treatment, temporary rent and mortgage support, and job placement), suspiciously looks more like a luxury spa/resort service than a legal aid service. Even more noteworthy is their mysterious business/revenue model. For example, it’s a puzzle how this little altruistic law firm (with > 12 employees) provides all of these expensive services pro-bono. Or, how using GoFoundMe to finance their legal fees is not violating the gift prohibition to federal employee and the following American Bar Association’s rules for avoiding conflicts of interest?
“lawyers may not subsidize lawsuits or administrative proceedings brought on behalf of their clients, including making or guaranteeing loans to their clients for living expenses, because to do so would encourage clients to pursue lawsuits that might not otherwise be brought and because such assistance gives lawyers too great a financial stake in the litigation.”
Image 5: Whistleblower Aid 2017 taxes
Whistleblower Aid specific language and statements also suggest that they are not your average non-partisan non-profit. In an 2017 interview with WaPo, Tye stated:
“This is not a partisan effort, at the same time, yes, the rule of law starts with the office of the president. Like many other people, we are definitely concerned about things that are happening in the administration. The decision to fire [FBI Director] James Comey. The lack of transparency. A lot of people have questions about whether this administration respects the rule of law.”
and “We want to advise people what to do, whether it’s going to Congress, or an inspector general or Robert Mueller,”
These statements echo Evelyn Farkas’s partisan call in late 2016 to all federal agency employees to “get as much intelligence [about Trump] as you can” and then publish/leak it as fast as possible, and John Brennan’s recent call for all available whistleblowers to carpe diem and step forward. All of these complementary activities suggest that we are witnessing the assembly of some sort of a political death ray machine with Mr. Zaid and Co. at the helm channeling the dark litigative energy at the president.
Video 1: Evelyn Farkas confirming her call to collect intelligence on the Trump team and publish/leak it. Farkas was also deliberately spreading disinformation about the Russian collusion, on one hand, telling the MSM that there was evidence of collusion, and on the other hand denying that there was such evidence during her testimony in front of the House Intelligence Committee
Image 6: John Brennan calling all whistleblower
It’s possible that all of these people and aggressive calls for leakers are unrelated and that they just somehow converged. But, Occam’s Razor suggests that it’s more likely that the formation of Whistleblower Aid organization was a political coordinated effort to stand-up a factory style assembly-line in order to deliver a steady supply of political hits.
The timeframe for their re-activation (52 days after President Trump’s inauguration), Zaid’s January 2017 fortune teller style proclamation that the “#coup” against president Trump has started, and his commitment in July 2017 that “we will get rid of him”, also supports the argument that Whistleblower Aid is in fact part of the “#rebellion” and that the only real service they provide is fuel for the “#impeachment” furnace.
Image 7: Mark Zaid’s proclamation that the coup against president Trump has begun
Image 8: July 2017, Mark Zaid sharing his plan to “get rid of” President Trump
Image 9: Examples of various linkages between Mark Zaid, his anti-Trump targeted media appearances, ‘the resistance’, his on-line activity, and his social network (POI-ED is a person of interest that is related to him).
Zoltar (another well known psychic-fortune teller) once said, “Lucky at cards, unlucky in love”. From analyzing Zaid’s social and professional profile (Image 9), it certainly looks like Zoltar was right on the money. But what still remains a financial puzzle is how does John Tye’s salary of >$200K per year balances against Whistleblower Aid’s income of about $22K? And in this vein, who has been covering their losses since their inception (over $619K USD in 2017 alone), …and why?
Some Final Words from Zoltar Dear Mr. Zaid, Tye, and Bakaj, Whistleblower Aid’s practice of using obscurity for security like aliases to create on-line accounts, burner phones, and private email communications to store and transmit government secrets only works in the movies. In the real-word, every piece of classified information your clients remove from the SCIF and transmit to you via your super-duper ‘dedicated secure devices’, can be easily intercepted by every hostile foreign state actor that is monitoring your traffic. Also, I hate to break it to you guys, but TOR is just an anonymizer, it’s not an end-to-end encrypted platform (and even if it was, it would still be insecure). If you don’t understand the differences and the fine nuances, maybe you shouldn’t be providing paid cyber security advice and data services to federal government employees. Back in Craplikistan (where Zoltar used to practice law without a license before becoming a fortune teller), providing such advice and services would be considered negligence, breach of fiduciary duty, or breach of contract by a lawyer and could be considered grounds for a legal malpractice action.
In fact, Zoltar would be positively shocked if the Whistleblower Aid society isn’t one of the biggest watering holes for foreign intelligence gathering. But, considering Mr. Zaid’s awesome psychic powers and cyber security expertise, I expect that none of this is news to him.
Image 10: Mark Zaid delivering keynote on the topic of cyber security
Image 11: An example of using an AI object classifiers to find a hidden linkage between Mark Zaid and POI-ED (a person of interest related to him). Both have independent shared objects such as photos, paintings, a cat, articles of clothing, and household items that the ML classifier was able to identify independently, match, and link
Image 12: Evelyn Farkas the queen of disinformation, saving US democracy one leak at a time, her $$$ Burisma consulting gig, and her 2019 bid for US Congress
On July 24th at 8:32 AM EST, all eyes and ears were turned to the former special counsel, the honorable Robert Mueller. Going into the hearings, the Republicans hoped to expose multiple structural cracks in the report. The Democrats, on the other hand, tried to get just one conclusive evidence of collusion and election tampering to justify impeachment.
Just like other interested citizens, I have been following the Russian collusion and DNC email hacking saga since 2016, so naturally, I expected that special counsel Mueller would address some of the key findings in the report, but alas, my hopes for insight and clarity were dashed. What promised to be simple Q&A session turned out to be a painful, 454 minute game of charades where you never got to figure out most of the answers.
At 8:54 AM, 48 minutes and 18 seconds into his sworn testimony, Robert Mueller–the consummate DC political bureaucrat–activated his industrial strength fog machine and deployed a force field deflector shield. This set in motion a reoccurring pattern of ducking, dodging, and sidestepping direct and specific questions about his pet project report.
Despite the lack of clarity in his answers and his alarming unfamiliarity with his own work (e.g. not knowing who Fusion GPS was), I found the session to be insightful and a veritable treasure trove in terms of body language, image artifacts, and audio content worthy of analysis. Special counsel Mueller spoke for about 7 hours and provided a rare opportunity to capture his conversational patterns, facial characteristics, and behavioral fingerprint when under duress while in a single continual homogeneous session–and all of this in a well lit environment in front of high resolution cameras. For video analytics, It don’t get no better than this!
A Note About Lie Detection Nonverbal queues or AKA body language is a form of communication. It is similar to verbal communications expect that it’s done through facial expressions, gestures, touching, physical movements, posture, bling, tone, timbre, and various speech and voice characteristics. Nonverbal behavior comprises a large percent of all interpersonal communication and can provided insight into a person’s thoughts and feelings.
The theory behind the ability to detect lies from body language is that most people who are lying find it difficult to maintain physical and mental comfort under ongoing questioning. The result is observable distress in their speech and appearance. This is because disguising the truth requires significant amount of left brain creative processing, that in turn, increases cognitive load as the person struggles to ‘make up’ answers to what would otherwise be fast memory recollection responses.
That said, there is no such thing as an accurate lie detector. Polygraphs or professional body language readers can sometimes spot person’s discomfort and stress as they relate to certain topics of conversation and then focus on these areas for further analysis. If the annals of polygraph testing teach us anything, it is that professional liars like Aldrich Ames, Robert Hanssen, and Kim Philby (who ironically wrote the chapter about catching double agents), were resistant to lie detectors.
It is also relevant to note that criminal courts usually don’t accept polygraph tests or body language reading as evidence because they are considered unreliable by academic psychologists (Christine Blasey Ford may disagree with this finding) and by reputable scientists. In addition, the person who administers and assesses the test has a great deal of control over how the test is conducted and its outcome. This, by itself, can completely skew or invalidate the test.
An Experienced Counter Intelligence Officer When evaluating Mueller’s testimony, it is important to remember that he is a professional with years of experience in briefings and debriefings (over 80 congressional testimonies), legal depositions, interrogations, and counter intelligence work. This was evident in his testimony. With a few exceptions, he avoided taking the bait from hostile questioners’ and utilized common counter-interrogation techniques such as draining the clock by asking for questions to be repeated (18 times), requesting the speaker to cite and point to the specific references in his copy of the documents (9 times), endlessly paging though his folders without finding or reading any of the referenced content (7 times), and answering at length about unrelated issues.
Special counsel Mueller’s most frequent deflection tactic was to use I-phrases such as “I can’t get into…” or “I’m not going to…”. The former special special counsel declined to answer all relevant questions about topics such as the Steele Dossier, Fusion GPS, the usage of paid informants, and the genealogy of the FISA applications. As can be seen in Table 1, out of about 230 total questions, Mueller dodged about 198 and only provided vague non-committal responses to 10 others. This amounted to failing to answer about 87% of all questions.
This was quite a performance for the shining knight of justice, especially if you consider the DOJ mission statement of:
“To enforce the law and defend the interests of the United States according to the law; to ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; to seek just punishment for those guilty of unlawful behavior; and to ensure fair and impartial administration of justice for all Americans.”
The key operative word here is “ensure”, not try, attempt, or do your best, but to verify and confirm.
Chart 1: The distribution of Mueller’s instances of dodging or refusing to answer questions during his testimony
Mueller’s Response Algorithm Special counsel Mueller was selective in what questions he deflected. To the casual observer, it may have seemed that he was laconic across the board, but that wasn’t’ the case. In multiple non–sequential instances, he provided elaborate and definitive responses to questions but these were almost exclusively from Democratic Congress and Intelligence Oversight Committee members. With a few exceptions, most of his verbose responses could be categorized as being damaging to President Trump.
Image 1: Special counsel Mueller’s Tag Cloud of the types of words and phrases that he used to avoid answering the questions. The operative sentence that proceeded most of these words was ”I’m not going to…”
As can be seen in Table 1, the taxonomy of his answers contains a large variation of the first person “I”, “I’m”, and “my”. This suggests that Mueller felt a strong affinity to the document. He never used the form “we”, “our”, or “the team” which would have been more appropriate considering his repeated assertions that the report was a large team effort and that no single individual has mastered its content.
Response to Question
I stick with the language that is in front of you
I will leave the answer to our report
I’m not going to discuss other matters
I’ll refer to the report
I can’t say I understand the statistics
I direct you to the report for how its characterized
I rely on the language in the report
This is one of those area which I decline to discuss and will direct you to the report
Again, I send you to the report
I have to pass on that
I rely on the report
This is outside my purview
That is outside my purview
Outside my purview
I refer you to the report
This is still outside my purview
I will refer you to the report on that episode
I’m going to ask you rely on what we wrote about that incident
I’m again would refer you to the report and the way its characterized in the report
I’m not going to get into that
I can’t get into that. That’s internal deliberation of the justice department
I direct you again to the report
Whatever was said will be in the report
I can’t answer that questions
That’s not in my purview
I can’t get into that
I can’t get into that
I am not going to get into it
I would refer you to the coverage of this in the report
I would refer you to the report
I send you back to the report
I refer you to the write-up of this in the report
I can’t beyond what’s in the report
I can’t get into internal deliberations
I can’t get into the evidentiary findings
Can’t get into that
I will leave it as it appears in the report
I’m just going to have to refer you to the report if I could
I don’t want to speculate
I rely on the wording of the report
With regards to Steele, that beyond my purview
It’s not within my purview
As I said before and said again, it’s not within my purview
I refer you to the report on that
That’s an area in which I cannot get into
I’m not going to get into what we may or may not have included in our investigation
I’m not going to get into subsidiary details. I refer you again to the page 91-92
I can’t speak to that
I am under orders that don’t allow me to give you an answer to that particular question
I can’t get into the discussion on that
I’m not going to be involved in the discussion on that…
I’m not going to go further in terms of discussion…
I can’t get into our investigative moves
I’m not going to get into that any further than I already have
I can’t speak to that
I would say I rely on what’s in the report
That letter speaks for itself
I’m not going to go beyond that
I refer you to the court proceedings on that issue
I’m not going to get into that
I can’t speak to that
I’m not going to talk to that
I’m not going to speak that
I’m not going to get into what was in Mr. Comey’s mind
I’m not going to delve more into the details of what happened
I’ll leave that to the attorney General
I’m not going to get into ta discussion on that
Again, I refer you to the report
I refer you to the lengthy dissertation on exactly whose issues that appears in the report
I can’t speak to that
That was outside out purview
I’m not going to speak to that
And I am not going to answer that question, sir
I’m not going to speak anymore to that
I’m not going to answer that
I have nothing to add
I’m not going to add to what I have stated before
I feel uncomfortable discussing anything to do with the Stone indictment
I’m not going to speculate
I’m not going top discuss that
Not going to talk about that
I’m not going to answer that
I’m not going to talk about that issue
I’m not going to get into that. It’s a little of track
I have to say the letter itself speaks for itself
I go back to the latter. The letter speaks for itself
I can’t answer that question in a vacuum
We have not specified the persons mentioned
I’m not going to speculate
I’m going to pass on that
I’m not going to comment
I’m not going to go into details of the report
Those areas, I’m going to stay away from
I’m not going to get into those matters to which you refer
I’m not going to speak to the series of happenings as you explained them
I’d have to refer you to the reports on that one
I’m not going to speculate
I can speak to the half of the half of your question that’s on the screen being accurate
I’m not going to speak to that
Again, I’m not going to discuss the issues related to Mr. Steele
Again, I pass on answering that question
That’s about all I’ll say on this aspect of it
I’m going to pass on that
I take your question
I’m not going to speculate along those lines
I’m not going to opine on that. I don’t have the expertise in that arena to opine
I cannot agree with that. Not that it’s not true, but hat I can’t agree with it…
That portion or that matter does not fall within our jurisdiction
I direct you to the report for how its characterized
I’m not going to discuss any other alternatives
I can’t speak to that. That would be in levels of classification
I’m going to stay away from one particular or two particular situations
I’m not going to talk about specifics
I’m not going to speak to that
I’m not going to get into that. It goes into internal deliberations
Again, I’m going to pass on that
As I said before, this is an area that I cannot speak to
Again, I’m not going to speak to that issue
Questions such as that should go to the FBI
And I’m not going to discuss that
I’m not going to get into that
And again, I’m not going to respond to that
Again, I can’t respond
Again, I can’t speak to it
Again, I can’t answer that
Again, I’m not going to go there
I think you understand I cannot get into either classified or law enforcement information
I can’t respond to that question, it’s outside my jurisdiction
Again, I can’t speak to that
I can’t go into it
I’m no longer in the Federal government, so I’ll pass
I don’t want to wade into those waters
I defer to the report on that
I can’t get into a discussion on it
I can’t answer that
I can’t get into that
Again, it’s the same territory that I’m loath to get into
I’m not going to talk to that
I’m not going to talk to that
That I can’t get into
And I can’t get into that area
I can’t answer that question
I’m not going to get into that
I cannot get into that
I will not get into that
I leave that to you
Table 1: Sampling of reasons from about 200 instances for Mueller’s refusal to answer questions
The Evaluation Process Special counsel Mueller’s testimony consisted of over 750,000 video frames. Evan a trained interrogator could only process a small percentage of this data. Add to this the observer’s distraction, blinking, and fatigue and it becomes virtually impossible for a human to be able to accurately capture the fine nuances of all of these these frames or sequences for content. At best, a person would be able to provide a summarized ‘gut feeling’ about the overall session and reference some vague (and often inaccurate) actions such as ‘he touched his nose’ which could suggest that he was lying.
AI based video analytics on the other hand, can easily process each video frame in a consistent, repeatable manner, and with no observer bios. The objective of my evaluation of Mueller’s testimony was not to determine if he was lying with certainty, but rather to identify recurring patterns of stress that are associated with deception and correlate them to the topics of conversation.
Special counsel Mueller did a great job obfuscating the report details but the large high quality volume of video and audio in his testimony made it possible to analyze the session and find anomalies and various patterns that could provide insight into his mindset.
In this project just as in several of my previous posts (1, 2,3), I used AI based video analytics, text, and speech analysis platforms. These included:
For the text/speech, I used a hybrid approach to word and phrase speech pattern analysis. The textual analysis evaluated these types of speech categories:
I-words (I, Me, My, I’m)
For the video analytics, I established special counsel Mueller’s facial and other video objects baseline using several on-line sources and the main testimony video. The baseline cataloging included his unique facial expressions such as Microexpressions and other visually detectable actions like use of hand gesture, hand related activities, head motion, mouth movement, gaze, etc.
Image 2: Sampling of special counsel Mueller’s Microexpressions such as (L-R): loathing/anger, surprise, fear, happiness
Image 3: Sampling of special counsel Mueller’s’ body dynamics as related to left hand usage
Following the creation of a facial baseline catalog, I proceeded with the ML training using his unique data sets for non-facial activity such as paging through the report folder, eye blink rate, gaze, etc.
Image 4: Sampling of image set used to train the machine learning (ML) to identify special counsel Mueller flipping pages through his report folders
After the training was completed, I ran the first 15 minutes of special counsel Mueller’s testimony through the engine and performed a search for known classified objects such as him ‘reading the report’.
Imager 5: Sample search results of instances of Mueller looking at the report
I noted the detections and examined several thousand video frames prior, during, and after the detections to capture the actual ground truth. The visual search results of the 15 minute video segment correlated to within a 83% match rate against the baseline catalog created with the ML training set. I then used the missed detections to re-train the ML again and repeated this cycle several times on random video segments of his testimony until the match rate stabilized at about 94%.
In addition to creating a catalog of special counsel Mueller’s microexpressions I also created a library of sequences of his composite facial expressions. These sequences were close consecutively spaced combinations of microexpressions and other body activity that were 0.5-3.5 seconds long. One example for these types of composite expressions was eye flutter combined with ‘lip twitching’ or some other mouth movement.
In this sequence, Mueller typically stared at the speaker while his bottom lip would involuntary twitch or quiver several times or his lips would tighten; he would then break eye contact with the speaker and rotate his head downwards, recompose, then bring his head upwards and re-establish eye contact with the speaker.
Image 6: Sample of a typical special counsel Mueller sequence showing mouth activity and breaking eye contact with the speaker. The context here is Rep Jim Jordan’s asking Mueller to confirm if Joseph Mifsud was interviewed, did he lie, and is he Russian or Western Intelligence
Once I completed calibrating special counsel Mueller’s video object catalog and the library of sequential expressions, I conducted searches for facial anomalies. Anomalies are defined as any variations from his standard single image or sequence patterns such as unusual cycle of head, eye, or mouth movements.
For example, based on his standard detection for “blinking”, special counsel Mueller’s blinking interval baseline was established to be 3–7 seconds with a blinking duration of approximately 1/10th-1/3rd of a second (see Image 7-8).
Image 7: Sample of one baseline feature in special counsel Mueller’s visual object catalog showing his normal blink pattern.
Image 8: Sample detections of special counsel Mueller’s normal blinking pattern throughout his testimony. Special counsel Mueller’s blinking follows a pattern of a full single closure of the eyelid at a 3-7 second interval
Any blinking variation form this base line generated an anomaly that was then evaluated manually before becoming certified as a new pattern of interest. This exception was then further evaluated in the context of the topic of conversation and the microexpressions involved.
One such anomaly was associated with special counsel Mueller’s unusual blinking pattern. On closer examination, it turned out that what on the surface appeared to be unusual blinking was in fact a reoccurring cycle of rapid flutter of the eyelids. This unusual sequence was also at times accompanied by certain head, tongue, and lip movements.
After mapping this ‘Flutter Cycle” to the topic that was being discussed at the time of the event, it became clear that this was some sort of an involuntary display of distress and/or fear. It was so prevalent that it could even be used to predict what questions were being discussed.
Some of the subjects that triggered this ‘Flutter Cycle’ were:
DOJ and FBI media leaks
Christopher Steele, the dossier and its funding sources
Fusion GPS and its work with the DNC, HRC, and foreign governments
Glen Simpson and Natalia Veselnitskaya
The meeting at the Trump Tower
Informants and surveillance (i.e. Mifsud, Downer, Halper, etc.)
The FISA warrants
Image 9: An illustration of special counsel Mueller’s typical Flutter Cycle.
The Flutter Cycle sequence was characterized by 2-5 rapid flutters of the eyelids and an upward eye roll, head, mouth, and accompanying tongue movements. This Flutter Cycle sequence seen in the left side of the collection in Image 10 (also, see 1:26:00 in the video) corresponds to questions by Rep Steve Chabot of Mueller’s investigation of the relationship between Glen Simpson, Natalia Veselnitskaya, and the latter’s visit to Trump Tower.
The same type of events were observed during other pointed inquires such as Rep Louie Gohmert’s challenging special counsel Mueller’s credibility due to his refusal to answer basic questions (see 1:33:30 in the video).
Image 10: (L-R) A sampling of three anomalies a complex facial flutter, lip twitching, and simple eye flutter sequences
Several other interesting anomalies that turned out to be repeating patterns in special counsel Mueller’s facial expression and composite sequences were:
Lip Twitching – Associated with microexpressions such as fear and surprise
Downward Head Nodding – Associated with other defensive posture the was triggered by breaking eye contact with the speaker
Flattened Mouth or Lips – Associated with signs of frustration as in ‘Iwant to answer this question, but I really shouldn’t’
Prolonged Blinkless Stare – Associated with angry and combative response to some question
Imager 11: Samples of special counsel Mueller’s dozens of “flutter cycle” episodes during the Q&A
The Jolly Affable Mueller Not all of special counsel Mueller’s testimony was marked by doom and gloom. On a number of occasions (mostly when talking to Democratic representatives), he showed himself to be charming, in high spirits, engaged, and animated. Mueller had no inhibitions about making remarks regarding the report’s failure to exonerate President Trump and the possibility of persecuting President Trump after he left office. He freely cited legal sources and DOJ procedures and protocols and provided detailed rationale for his team’s action and conclusions.
Image 12: The suave, charming, engaged, and animated Mueller in action
Mueller’s predictable patterns of distress were almost always associated with ‘difficult’ questions on topics such as the role of Fusion GPS, spying on President Trump, and Christopher Steele. Images 13 and 14 show a typical triggering events of a Flutter Cycles.
Image 13: Samples of Mueller’s Flutter Cycle episodes during Q&A session dealing with him leaking report details to the media Image 14: Sample of Mueller’s Flutter Cycle episodes during Q&A session dealing with separating the grand jury materials from the report
Analysis Results Special counsel Mueller’s body language and facial sentiment analysis shows high levels of discomfort and tension when discussing certain parts of the report. He exhibited many facial signs of distress that included:
Multiple Flutter cycles
Mouth quivering cycles
Self shooting and fidgeting behavior
Sudden breaking of eye contact
Rapid downward head movement
Tightening of the mouth and lips
I didn’t have a baseline for incidents where special counsel Mueller was being untruthful so I can’t explicitly call out potential incidents of lying during his testimony. However, the baseline of his normal conversational dynamics vs. the ones he exhibited show signs of clear distress which strongly suggest that at least from special counsel Mueller’s perspective, not all questions were equal and not all of his answers were factual.
Special counsel Mueller distress patterns consistently overlapped with certain trigger topics and his verbal response to almost all of these interactions was a variation on the “I’m not going to…”. He deviated from this pattern only a handful of times and actively engaged the questioner. One of these back alley knife fight sessions involved Rep Ben Cline’s stating that Andrew Weissmann was running a rogue investigation that was based on flawed legal theory that was overturned unanimously by the Supreme Court.
As the question was being asked, special counsel Mueller became defensive; he shifted uncomfortably in his chair, exhibited his Flutter Cycle, and replaced his poker face and laconic I-word response pattern with a passionate and verbose defense of Weissmann (see 3:19:40 in the video or sound file below).
Image 15: Sample of one of Mueller’s distress patterns that includes his Flutter Cycle and shifting in his seat
Recording 1: Exchange between Rep Cline and Mueller about Weismann’s legal foundation of his obstruction of justice investigation
During this segment which lasted about two minutes, special counsel Mueller argued, spoke over Cline, and attempted several times to repeat his assertions about Weismann. This continued even after the subject of the questions changed to Obama’s culpability in Obstruction of Justice when he announced publicly that the HRC private email server did not pose any threat to national security. Mueller, without much difficulty, exhibited a decent mastery of the report’s content, cited specific areas in it that included a lengthy dissertation and in general tried to rehabilitate himself and his team.
Conclusion The overwhelming majority of special counsel Mueller’s testimony failed to illuminate any of the big questions about the DNC email hack, the genesis of the Steele Dossier, the DNC/Fusion GPS relationship with Russian state actors, and the 2016 surveillance on the Trump team. In fact, his answers raised even more questions about the real power behind the throne and R&R within the special counsel team.
If it is indeed the case, as special counsel Mueller confirmed in multiple answers, that no single individual on his vast team had intimate familiarly with the whole report, then who compiled the final version of the document? Was this just a collation of multiple taskforce reports that were later combined into a single master? And if that is the case, who was the person that harmonized all the individual versions in order to make sure that the index, footnotes, format, dates, people, places, reductions, and events were in sync?
Image 16: The Special Counsel Team and testimony attendees
It is noteworthy that special counsel Mueller continued to play the I-phrase card and refused to address any of the procedural questions about the compilation of the report. Even though, this information had little bearing on the report’s content and that there is nothing classified or proprietary about the way the DOJ writes and edits their documents.
Even though special counsel Mueller attempted to obfuscate the report’s composition methods and authors, the writing style, document layout, context, and several other administrative clues strongly suggest that Andrew Weismann was the architect and Aaron Zebley was chief editor of the document. This is also likely the reason why special counsel Mueller insisted that Zebley be present by his side and be sworn in.
The evidence from the video analytics, speech dynamics, and the decision tree special counsel Mueller used to answer the questions (i.e. question objective vs. answer strategy) shows a decent mental agility and the ability to alternate between complete ‘radio silence’ and ‘singing like a canary’ on demand.
To those who believe that special counsel Mueller was just a senile old man with little familiarity with the content of the report, consider the fact that his verbose answers show that he had a pretty good grasp of the document. He also artfully navigated the many minefields in the report without blowing up a leg in the process. Some experts in the MSM have been suggesting that Mueller’s poor verbal performance and optics can be attributed to some form of cognitive impairment but this argument is inconsistent with his ability to effectively deliver the following:
Selectively discuss specific topics, most of which were prejudicial towards President Trump
Answer questions that almost exclusively supported the impeachment narrative with certainty and conviction
Justify and emphasize specific areas in the report that exonerated his team from claims of bias towards President Trump and instances of hostile conduct by FBI senior management and its agents (i.e. Comey, Strzok, Page, agent 2, and others)
Utilize the “I’m not going to…” strategy to answer any questions about the “insurance policy”
Refuse to address the media leaks that either came from him personally, his direct reports, or his team
Exhibited great mental agility and dexterity during the May 29th, 2019 Mueller news conference
Come up with over 198 different ways of not answering a direct question
The patterns identified by the analytics strongly suggest that all of special counsel Mueller’s behavioral stress patterns matched the typical anxiety profiles and signs of internal struggle that are exhibited by a deceptive suspect during an integration. For the first time in his long bureaucratic career, he found himself at the wrong side of the table with the bright lights in his face and a real possibility of being charged with perjury. For several hours, the fearless hunter became the pray and he clearly didn’t like the experience.
Contextually, the majority of his testimony turned out to be an underhanded attempt to use the Q&A session to justify, promote, and surreptitiously inject political narrative into the public hearing. None of this should come as a surprise as it is the same circular “Impeach Trump” agenda that launched this investigation in the first place. At the end of the day, despite special counsel Mueller’s title and god-like pedigree, it seems that he turned out to be just another DC power broker who placed his bets on the losing presidential candidate.
Image 18: Two pages (a total of 856 words) form the Mueller report dealing with George Papadopoulos being told by Joseph Mifsud about the Russian having “Dirt” on HRC.
Special counsel Mueller’s elaborate 448 page report that took close to two years to complete, cost over 25 million dollars (that’s about $51K per page), involved 19 lawyers, 23 legal researchers, 40 FBI agents, 10 intelligence analysts, 7 forensic accountants, 25 other professional staff, and the unlimited resources of the DOJ, the State department, NSA, and the intelligence community, delivered an indefensible dud.
And it if that is not bad enough, Almost none of the content of the Mueller report can be reconciled with sources like the Ellen Nakashima WaPo June 14, 2016 report about the DNC hack. The dates, timeline of events, the details, and people are completely discombobulated.
Reading the reports, you can’t but stop and appreciate the authors’ Kafkaesque sense of humor. In the example pages shown in Image 18, the report discusses the chain of transmission of the Russian ‘Dirt’ from Joseph Mifsud, to Papadopoulos, to a mysteries western diplomat (Alexander Downer) who then informed the FBI, who naturally became alarmed and started this massive investigation. On the face of it, the document looks solid. It has all of the right trimmings, detailed claims, massive amount of footnotes, intelligence lingo, hush hush sources, and strategic reductions with alarming labels like “Harm to ongoing matter”. It is as convincing as a Vegas levitation magic act.
But, levitating magic acts are always predicated on the audience viewing the scene from a distance and through a carefully controlled field of view–which is exactly what the special counsel Mueller report and testimony turned out to be. Magic doesn’t work if you get a glimpse of the crane and the wires supporting the magician. Once you understand the mechanics of the act, the awe gives way to a letdown.
You can test this premise by substituting any good magic act with the report and special counsel Mueller with any illusionist. Any question you ask the magician about the inner workings of his trick would be deflected using the exact same techniques Special Counsel Mueller used during his testimony. The most important rule in magic is NEVER tell the secret of the trick, just let the magic speak for itself.
Image 19: The levitating magic act
What is ostensibly missing from these two magical pages in Image 18 is that the source of the ‘Dirt’ was none other than Stefan Halper, a paid informant who billed (using DUNS # 078459148) the Federal Government about $656,535 for his services. By the time you factor Halper and Mifsud and their harem of young female assistants, Mifsud and his life of debauchery at his safe house, Downer’s expenses, and at least 11 other IC, CI, and State Department assets that supported Halper in fattening Papadopoulos before he was shish-ka-bobbed by bob, the cost of these two pages to the US taxpayer was probably upwards of a million dollars.
Image 20: The Supposedly dead Mifsud in action and two of his Red Sparrows
So, to those of you who still think that majoring in contemporary English fiction won’t pay the bills, it clearly can! After all, what other line of work pays $1168 per word?
Image 21: Stefan Halper’s government payment record for service provided to the DoD and DOJ from 2016-2018
Summum bonum I have difficulty finding solace in special counsel Mueller’s bragging about the higher good from his recovery of about $40 million from the Paul Manafort persecution. I’m also not sure if we should laugh or cry about the concept of the DOJ becoming a profit center. The problem with the DOJ acting as a collection agency that recovers the cost of prosecution from its targets is the political nature of their victim selection algorithm. Each one of us including the Honorable Mr. Mueller has something in his past, present, or future that could warrant jail time and property seizure. With over 3000 federal and thousands more state laws on the books, we are all guilty of some misdemeanor or a felony. Who in the DOJ then, gets to make the decisions about who/why to persecute and the ultimate greater good? Is it going to be one of the dozens of high power attorneys that regularly walk through the DOJ revolving doors to personally enrich themselves by constantly hopping between government gigs and private practice?
The problem with the whole Manafort affair is that if he was so thoroughly corrupt in 2007, then why didn’t special counsel Mueller investigate him earlier during his 11 year tenure as the director of the FBI. Why did he wait until 2018 to bring these charges?:
“…crimes arising out of payments he received from the Ukrainian government before and during the tenure of President Viktor Yanukovych.”
After all, the DOJ, FBI, and the IC had a supersized file on Manafort going back to 2007, so why wait for all these years?
Image 22: The Triumvirate or Threesome (depending on your view)
Mark Twain once wrote that:
“Anybody can tell lies: there is no merit in a mere lie, [for a good deceit] it must possess art, it must exhibit a splendid & plausible & convincing probability; that is to say, it must be powerfully calculated to deceive.”
Special Counsel Mueller’s report doesn’t come close to Twain’s definition of deceptive genius, but it does have a certain kitschy synthetic Disneyland feel to it. In many ways its similar to another secretive report, the Protocols of the Elders of Zion. Both, share the same conspiratorial elements, treachery, mysterious meetings, made-up events and agendas, secret societies, informants, and intrigue.
All of this hush-hush secret agent man stuff in the report seems very mysterious, but at its core, it’s really a simple criminal matter. If you’ve ever been a juror on a criminal trial, you should be familiar with the routine. If you haven’t, it goes a s follows:
The prosecution and the defense present their case with an opening statement
Both show evidence and present witnesses
Both cross-examine witnesses
Each side delivers their closing arguments
The jury goes into deliberation and comes up with a verdict
In any normal criminal trial in the US, they typically follow the Federal Rules of Evidence, there is no such thing as secret testimony that can’t be verified or evidence that can’t be shown to the jury. If the DA doesn’t want to expose his sources/methods then they get excluded from trial. If witnesses can’t be cross-examined, their testimony is inadmissible. It’s as simple as that. Image 22: Rep Gowdy and DOJ IG Horowitz Q&A session regarding Peter Strzok’s and Lisa Page’s involvement in the Mueller and HRC Email investigations
So, no, I don’t think we can classify special counsel Mueller’s report as a deceptive masterpiece, I would rather categorize it as more of a ‘true story’ type of a tale.
The event is taking place at the 5-star Verdure resort in Sicily. Due to the high prestige and number of guests, the hotel is fully booked, and room prices start at $930 per night.
The all-expenses-paid, three-day event hosted by Google, will cost about $20 million which comes to about $33K per person, per day. The estimated 120-200 participants will discuss urgent global issues such as on-line user data privacy, freedom of speech, and global warming. The main focus of the event will be climate change, which, according to several of the attending subject-matter experts is the biggest threat to the world and our future generations.
The guests will be arriving at the event over the next 12 hours in 116 private jets and the world’s largest private megayachts. The estimated combined carbon footprint output from the resort activity and travel to and from the three-day event will be equivalent to the yearly carbon production of over 900K US households.
Image 1: A dinner and a show at the Temple of Hera and private jets delivering the summit attendees
In the spirit of openness, Google went the extra mile to keep all resort activity a secret—all support, hotel, and security staff signed restrictive non-disclosure agreements prohibiting them from discussing or taking any images of the events and participants.
And yes, as the video analytics reveals, the environmentally-conscious guests are using plastic straws for sipping their very expensive, Google sponsored cocktails.
Image 2: The Carbon footprint of David Geffen and Katy Perry, two of the over 140 Google climate change summit attendees
But WAIT! What did I just hear? Google doesn’t get its 260-400 million watts of energy (2-4 percent of the world’s electricity) from unicorn powered wind farms and eco-friendly solar panels? And it’s responsible for 1.5-3 million metric tons of carbon dioxide emissions every year, which is about 20%-40% of the internet carbon footprint?
I’m Shocked, SHOCKED To Find There’s Gambling in the Casino!
To the legions of the woke, if you haven’t caught up yet, you are looking at corporate greed incarnate. Where environmental disasters like the BP Deepwater Horizon or Union Carbide/Dow Bhopal were terrible but isolated events that could be attributed to human error or gross negligence, Google’s entire business model is based on a carefully executed global human and environmental exploitation.
Aren’t you a bit curious how is it that social media giants the likes of Google, Twitter, and Facebook spend hundreds of millions of dollars on software development, hardware, and pay astronomical electric bills for their worldwide datacenter operations, and still make billions in profit–all while offering these services for ‘free’?
At the end of the day, this whole climate change summit thingy is just a cynical PR move to hide the fact that Google can’t burn fossil fuel fast enough to power its worldwide data center expansion–which since 2016 have been working overtime to promote fake news via their ad-sense cash cow, while at the same time, destroying whatever little is left of privacy and suppressing free speech.
You can also group all of the Gretas and other ‘progressive’ campaigns and slogans with the climate rhetoric. It doesn’t really matter if it’s ‘Beef is Murder’ or some other trendy gimmick. You can be certain that if it looks good, it tastes good, or feels good, most the celebrity role models are doing/having it on a wholesale scale.
Image 3: Leonardo DiCaprio’s important work on reducing beef consumption
So next time the likes of Google or a celebrity tells you just how important climate change is (or gives you any moral advice) and asks you to donate to their foundation, tell them that you are open to learning more about it over dinner at the all-expense-paid outing on their private jet or megayacht.
Maybe you are thinking about buying a new technology platform or investing in a software startup. Following industry practices, you will likely conduct some form of due diligence before you make your big move. This may include interviewing members of the management, technology and finance teams. You may also conduct operational audits, review sales figures, talk to customers, and check for references.
All advisable but in the end, you will still be left with a certain amount of nagging doubt. After all, how do you really know what this company’s true technology abilities are? How can you tell with a high degree of certainty that you are not buying the Brooklyn Bridge equivalent of some useless/over-hyped software? In today’s frenzied Internet of Things, mobile and Big Data buzz-ridden world, sometimes it seems as if the sky is the limit. To the uninitiated, it is exceedingly difficult to tell the difference between a solid early stage software idea and a useless concept professing to be the next big, anti-gravity SaaS solution.
I know. You are probably asking yourself: how difficult can it be? After all there are numerous simplified due diligence guides that answers questions like:
Does the company really own its supposed product?
Is the technology integrated/constructed in the right way?
Can their technology scale?
Unfortunately, when you are evaluating a technology potential, you may find that the answers to such questions are fuzzy and not always easily discernable. So before you make your investment decision based on some generic checklist, you may want to consider the following tale about the rise and fall of a flying super hero in tights.
In 2010, following the meteoric success of the Spider-Man movie franchise—which grossed over $2.5 billion worldwide—a stage adaptation entitled “Spider-Man: Turn Off the Dark” arrived to Broadway. The investors spared neither expenses nor talent in pouring over $75 million into the production in hopes of recreating the movie magic and revenue.
To stay true to Spider-Man’s legacy, the play executed some complex aerobatics sequences and flight scenes across the stage. These stunts quickly gained notoriety as the show became plagued by accidents.
Some of the more noteworthy injuries included:
Stunt double Kevin Aubin broke both wrists when he was catapulted from one end of the stage to the other
Natalie Mendoza, who played villain Arachne, suffered a concussion when she was struck in the head with a piece of equipment
Carpio, Mendoza’s replacement, suffered a neck injury after a battle scene with Spider-Man
Stuntman Christopher Tierney fell 30 feet into the orchestra pit suffering a fractured skull, a fractured shoulder blade, four broken ribs, and three broken vertebrae
Daniel Curry, a stunt double, got his right foot stuck in a stage lift and then a trapdoor closed on the foot, breaking the foot and both of his legs, necessitating amputations
This reads more like an account from the trenches of Verdun than a Broadway musical. Despite the carnage, the performances went on with regular venue changes and constant retooling of the storyline and musical score.
Finally last month, the producers announced that they plan to end the production in January 2014, the main reasons being falling ticket sales and—not surprisingly—the inability to get injury insurance for the cast.
In the end, the show will have run for over three years and will have lost an estimated $60 million.
So, what went wrong? Why did life fail to imitate art? It seems that on the live stage, the same stunts that were so easy to achieve in virtual CGI failed miserably when ported to the physical world. Why wasn’t it obvious from the start that the Spider-Man storyline could only work in the pages of comics and on the silver screen?
The investors behind the Broadway adaptation were seasoned entertainment entrepreneurs. Before committing funds to the project, they conducted their due diligence and found the venture to be worthy. Yet over a period of 3 years and despite watching repeating cycles of misfortune, they failed to pull the plug. Apparently, hope springs eternal—at least in the investor’s breast. Sometimes, even though red flags may be staring you right in the face, you can still miss all of the warning signs.
Image 1:Spider-Man Planned vs. Actual
Over the years, I have conducted due diligence on various software partnerships, acquisitions, and investment opportunities. It turns out that questions like: ‘how scalable/portable is this solution?’, or ‘how valuable is the code?’ are not only difficult to answer but often irrelevant.
And just like in the example of the Spider-Man fiasco, even seasoned professionals can fall victim to a well rehearsed pitch presented by a charismatic team of snake oil salesman who can sell you dehydrated water without even blinking.
In many ways, evaluating an investment opportunity in software is like a game of cat and mouse. Your evaluation will involve constant pursuit, near captures, and repeated escapes. You will have to sift through piles of partial facts, exaggerations, and in some cases even deliberate misinformation.
This is to be expected. No cause for alarm though. Here is a three phase approach to conducting due diligence effective enough to help strip the thin veneer of pretense so that you can get deeper insight into how your potential acquisition functions and what its possible soft spots are.
Phase-1 Before you start probing any soft spots, though, you will need to get the regular DD action items out of the way. Conduct some background research and get Intel on the following:
Litigation (are the company and/or it’s principals in court for any reason?)
Costs to operate the business for the next 12 months based on current burn down rate
3rd party licenses and vendor agreements (both, in terms of income and expense)
Customer base, future growth projections, and teaming agreements
Forecasted capital investments (what are the costs of boarding one new customer?)
Phase-2 Now that you have the basics you can proceed to look for chinks in the armor. Schedule some face time with the technology team, including: security, architects, operations, IT, development, QA, etc. It is important that you conduct both group and personal interviews with these individuals because the group dynamics will effect the detail and quality of the answers you get.
The topics that I find to be the most illuminating include:
Management Pedigree – Find out if the the leadership team has prior successful entrepreneurial experience. Take the time to check them out on-line before meeting them face to face. (LinkedIn is a great source for this.) Each technical leader should have at least five to seven years of “specific and proven” experience in the areas that the company is trying to innovate (i.e. cyber security, analytics, etc.). Having general practitioner without deep domain experience will dramatically decrease the chances of their success because they will have to learn on the job and this will undoubtedly be time consuming and error prone.
Also, look into the tenure of the key members on the technical team. Has the CTO or VP of engineering been with the company from the get go? Is there rapid turnover in any of these key positions? A revolving door syndrome could be an indication that the company failed to mature their technology and is trying to bridge the gap by searching for “the one” who will save them from impending doom—a strategy which rarely works.
The Buzz Factor – Check out the industry buzz about the company, the segment in which the company operates in and the competitive landscape. See if they are covered by reputable media sources or if they have one any competitions or awards. A common strategy that some startups use is to make PR releases or pay for favorable coverage. Independent coverage is a good sign that the company is legit and is getting traction. When reading feature articles about the company, look for ranking. Many publications will provide a listing of the top leaders in the domain. If your company is not in the top list and is just being mentioned using language similar to “also active in this space is…”, this could be a sign that they paid the publisher just to get into print.
Team Makeup – In software more so than in most other engineering disciplines, the human factor and the work environment are critical to success. A salt mine culture and a dysfunctional team are indications that the company will perform poorly. When evaluating the team, inquire about the FTE to contractor ratio. Heavy offshore presence could be an indication that the company is a façade with the bulk of the architecture, development, and engineering work being done offsite/offshore by some outsourced firm. This could a problem if you are under the impression that you are investing in domestic IP and human capital.
Work Culture – The work culture is a good indicator of how functional the organization is. Find out if they are burning the midnight oil every day and if so, why? Are they fixing bugs? Trying to catch-up on backlog features? Working long hours in a startup is the norm, but doing it for long periods of time could be an indication that they have not yet found their stride. Ask questions like: “What do you love and hate about the company?” or “If you could change three things, what would they be?”
Compensation – This may not be obvious but compensation can teach you a lot about how well the company is doing. Working in a startup requires some financial tradeoffs but the compensation for the technical team should be within/above the standard industry pay rates. The company should not run like a charity. Did the team get their bonuses last year? Missed yearly bonuses and compensation that is low on cash and high in stock options should raise red flags about how well the company is doing.
Phase-3 Now that you have your finger on the pulse of the organization you are ready to separate the wheat from chaff by identifying the most important takeaways about your target company.
As you complete the two previous DD phases, you will most likely discover that not all of the representations made to you were correct, nor were your original assumptions. The objective of this last exercise is to draw a critical line in the sand that if crossed will result in your walking away from the deal.
The following is my list of eight key assumptions that must pass validation:
1. Platform stability – This covers production matrix such as up-time, downtime, maintenance windows, and singed SLAs. The solution must have published SLA and a historical record of past system shutdowns. All systems go down for one reason or another. It’s important that you understand how frequently their system/sub systems bounce and what the reasons are. The need to babysit the system 24X7 or having a large IT to development ratio can be an indication that the solution is on constant life support.
2. Ease of deployability – This covers questions such as hosting (cloud based vs. hosted), provisioning, and the mechanisms for deployment of new customers and users. When it comes to creating new customer environments, look for manual steps used for copying code, configuring/populating databases, and the usage of script to create work regions. Clearly, any manual process for setting up and boarding customers and the need to manipulate the back-end through manually is a big no-no.
3. Solution scalability – This covers questions regarding number of current transactions per customer, number of customers, daily feed sizes, batch processing schedules, daily feed timeline, and core processing windows. Pay close attention to storage, processing, clustering, and load balancing. Look for obvious signs that the solution will not scale. For example, if the company plans to double its customer base in 12 months, they should already have in place the infrastructure to support such growth. Very few organizations are capable of simultaneously galloping and changing horses mid-stream by making significant alterations to to their storage and load balancing architecture.
4. Maintainability – This covers questions such as production release readiness, customer reporting, and bug tracking. Regardless of how young the company is and their appetite for technology debt, they need to have a functional configuration management, change control, and monitoring capabilities. This doesn’t mean that it’s either HP OpenView or bust. To achieve monitoring, open source tools like Nagios will do. Regardless of the tool, they need to have something in place that is integrated into their solution. Without such controls, they will be flying in the dark, which almost certainly will adversely impact their customers.
5. Disaster recovery, business continuity planning, and availability – This covers questions like how and if the company will recover from various disaster scenarios. What happens if they lose a customer database or the records of important transactions? Is this data being backed up daily? Have they ever attempted to recover from backups? If the company is providing financial services or uses big data, find out how they backup the sensitive information such as PCI data and the terabytes of records on their HDFS.
6. Sophistication of intellectual property – This covers questions regarding the robustness of the algorithms, the structure of the data models, the coupling of the various tiers, the utilization of new and cutting edge frameworks, (i.e. big data components like CPE, queue, plug-ins like R, etc.), and how well everything is mashed together. Remember, just because they use cloud storage/hosting or Hadoop doesn’t mean that their solution can achieve their business objectives or even successfully process large amounts of data.
7. Support for internationalization – This covers questions regarding multi-lingual support, localization, redundant hosting and customer support that follows the sun. Very few startups will be able to fully support internationalization. If you are planning to offer this solution as part of your international portfolio of products, you will need real internationalization that goes beyond the skin deep ability to customize logos and labels. Just like in the case of scalability question, if the functionality is not there now, it will require a significant development effort downstream.
8.Security and privacy – This covers questions regarding authentication, anonymization, encryption, sensitive data storage, data retention, compliance with PCI, FFIEC, etc. Security, due to its nature, is viewed almost universally as overhead and an afterthought. If the platform you are evaluating needs to run silent and deep in hostile waters, you need to make sure that areas such as intrusion detection/prevention, access controls, malware/firewall management, and auditing are up to snuff. Look for up-to-date security policies, records of ongoing security audits (SAS 70, CISA, etc.), vulnerability assessments reviews, and penetration tests. If the company has no such records on file, this can be a strong indication of poor security planning, which is a ticking liability time bomb.
General Consideration During your Due Diligence My primary indicator of readiness and prospect for success is the number of customers that currently use the software. Obviously these numbers may vary with the type of the solution but if your investment target has a steady and growing customer base, they have at least survived the valley of death and are for real. When evaluating the customer base, look for active accounts that use the system regularly. In many startups, the customers are often made up of relatives/friends and pilot users, although, these types of accounts are important for testing they have little commercial value.
Remember, in the end, it doesn’t matter how compelling the business case may seem, what great technologies they have, or how modular their solution architecture is, without a real customer base, it’s a risky gamble.
A secondary indicator is that of the team and organization. Are you are just buying the software, the team, or the entire package? If you are only interested in the IP, then you will need to identify and secure the architects, lead developers, and core technical team in order to assimilate the technology. On the other hand, if you want the product, then you will need to insure that the organizational structure will be maintained. This is not an easy thing to do, as often many core team member will cash their chips and move on to pursue other opportunities after the sale of the company.
A third indicator is that of Intellectual Property. You need to carefully address IP questions and determine who owns it, where the inventions come from, who was exposed to the inventions, what are the rights of the FTE/contractors to these ideas, and if there are any invention disclosure forms or patent filings in place.
An in-depth evaluation of the architecture through a code review of the key algorithms, data structure, and framework that form the secret sauce should help answer most of these questions. It is important that you conduct this discovery hands-on by reviewing code and metrics such as code quality, code complexity, and unit test coverage. This is the only way for you to insure that the magic is real.
Summary Executing an effective technology due diligence is more of an art than a science because each software solution you will evaluate is unique. Many early and mid stage startups need to trade off between delivering basic business value and developing a fully mature prime time ready platform. These competing factors make it hard to determine with certainty if a solution has the potential evolve into a commercial success or if it is just being held together with chicken wire and chewing gum.
It is important to approach each discovery phase with a set of simple objectives that are critical for a favorable evaluation of the overall solution. This way, during the evaluation of each key assumption, you will be able to clearly identify the main decision gates and confidently make a go/no-go determination.
The fact that the military is using social media (SM) manipulation tools to fight the war is laudable. It’s about time they started using non conventional methods to carry the war into the back alley Internet cafes where virtual battlefields of radicalization are raging.
The national defense agencies, which are among the most technical and professional organizations, are self-conscious about the pros and cons of dabbling with SM. The USAF social media guide illustrates these concerns. It offers a detailed analysis and operational recommendations for engaging in SM influence activity. For example, the global SM information flow is shown in the following diagram:
In another section, the “guidelines to assist Airmen in engaging online conversations” offers a list of the following dos and don’ts:
No Classified Info Do not post classified or sensitive information (for example, troop movement, force size, weapons details, etc.). If in doubt, talk to your supervisor or security manager.
Replace Error with fact Not Argument When you see misrepresentations made about the Air Force in social media, you may certainly use your blog, their’s, or someone else’s to point out the error. Always do so with respect and with the facts. When you speak to someone with an adversarial position, make sure that what you say is factual and is not disparaging. Avoid arguments.
Admit Mistakes Be the first to respond to your own mistakes.If you make an error, be up front about your mistake and correct it quickly. If you choose to modify an earlier post, make it clear that you have done so (such as by using the strikethrough function).
Use Your Best Judgment Remember there are always consequences to what you write. If you’re still unsure, and the post is about the Air Force, discuss your proposed post with your supervisor. Ultimately, however, you have sole responsibility for what you choose to post to your blog.
Avoid The Offensive Do not post any defamatory, libelous, vulgar, obscene, abusive, profane, threatening, racially and ethnically hateful, or otherwise offensive or illegal information or material.
Avoid Copyright Do not post any information or other material protected by copyright without the permission of the copyright owner. Also, consider using a Creative Commons license to protect your own work (see http://creativecommons.org for details).
Trademarks- Don’t Breach Do not use any words, logos or other marks that would infringe upon the trademark, service mark, certification mark, or other intellectual property rights of the owners of such marks without the permission of such owners.
Don’t Violate Privacy Do not post any information that would infringe upon the proprietary, privacy or personal rights of others.
Avoid Endorsements Do not use the Air Force name to endorse or promote products, opinions or causes.
No Impersonations Do not forge or otherwise manipulate identifiers in your post in an attempt to disguise, impersonate or otherwise misrepresent your identity or affiliation with any other person or entity.
Use Disclaimers Identify to readers of a personal social media site or post that the views you express are yours alone and that they do not necessarily reflect the views of the Air Force. Use a disclaimer such as: “The postings on this site are my own and don’t necessarily represent Air Force positions, strategies or opinions.”
Stay In Your Lane Discussing issues related to your AFSC or personal experiences is acceptable but do not discuss areas of expertise for which you have no background or knowledge.
Considering the fact that SM manipulation tools bridge/breech numerous EULA and jurisdictional boundaries, it’s likely that these tools will end up violating some privacy laws. But with that having been said, I also have the utmost faith in the military’s ability to regulate and control itself. Between the office of the inspector general, the Uniform Code of Military Justice, and the clear constitutional limitations imposed on the military’s ability to operate on US soil, I think that there are enough checks and balances to prevent wide scale domestic Orwellian style abuse of this technology.
So, what seems to be the problem? Well, the issue is that parts of the SM intelligence collection, monitoring, analysis, and delivery, are no longer being carried out by the military/three letter government agencies. Rather, it’s being conducted by a horde of private intelligence firms. Some of these include: Palantir, Stratfor, HBGary Federal, Berico Technologies, Endgame Systems, and Booz Allen Hamilton which recently gained notoriety thanks to Edward Snowden’s mega leaks.
A better insight into the functioning of this rent-an-intelligence world of shadows can be gleaned from the hack by LulzSec. In 2010, the group successfully breached the private intelligence firm HBGary/HBGary Federal. The hack captured over 75,000 e-mails. It revealed the close cooperation between large commercial firms such as Bank of America and various government agencies. For example, it showed that BoA solicited the Department of Justice for help regarding possible disclosure by WikiLeaks. The Department of Justice then referred BoA to the political lobby firm Hunton and Willliams, which in turn connected the bank with a group of information security ‘fixers’ known as Team Themis.
Team Themis—a group made up of HBGary Federal and the intelligence firms Palantir Technologies (named after Saruman’s seeing stone in J. R. Tolkien’s Lord of the Rings), Berico Technologies, and Endgame Systems—was consulted regarding ways to destroy the credibility of WikiLeaks and Glenn Greenwald, a Salon.com reporter who wrote favorably about WikiLeaks. The strategy, sought to “sabotage or discredit the opposing organization” and even included a plan to submit fake leaked documents and then call out the error.
Interestingly, some of the leaked documents contained Palantir’s and HBGary’s PowerPoint decks and e-mails which detailed various Machiavellian schemes. One notable example was the strategy for destroying the credibility of Glenn Greenwald.
Even more troubling were plans to use malicious software to hack into computers owned by various ‘opponents’ and their families. The e-mails show a proposal to develop and use “custom malware” and “zero day” exploits to gain control of a target’s computer network in order to snoop their files, delete content, monitor keystrokes, and manipulate websites.
In one e-mail, a 27 year old Matthew Steckman, a Palantir employee who was central to the Themis operations, boasted:
“We are the best money can buy! Damn it feels good to be a gangsta.”
It turns out that Palantir, in addition to living the “gangsta” life style to the fullest was also shooting ‘sideways’ at it’s competitors by allegedly misappropriating IP by fraudulent means and conducting domestic industrial espionage.
The bizarre story revolves around Shyam Sankar, Palantir’s Director of Forward Deployed Engineering who allegedly represented himself as a principal of SRS Enterprises, a straw company registered under the names of his parents in Florida, he and his brother fraudulently obtained i2 competing software solutions and used them to design Palantir’s products.
Image 1: i2 Civil Action Against Palantir
Image 2: Company registration Details for SRS
Image 3: Shyam Sankar
I don’t know if any of these allegations are true because the case was just settled before going to trail, but if even some of details are correct, this is the stuff that cheep spy novels are made out of.
I’m not sure what I find to be more outrages in this case, Palantir’s complete disregard for the law or their nonchalant gangster attitude.
I have no problem rationalizing the military’s proposal to carefully use software like MetalGear to conduct “classified blogging activities on foreign-language Web sites to enable CENTCOM to counter violent extremist and enemy propaganda outside the U.S.”, but Palantir and HBGary were proposing to use such SM manipulation technologies wholesale on US soil for subversive (and most likely illegal) corporate and financial gain.
Several months after the attack against HBGary Federal, Anonymous hacked into another private intelligence firm Stratfor. They released a stash of about five million e-mails which provided deep insight into how the private security/intelligence companies view themselves vis-a-vis government agencies like the CIA. and FBI.
In one e-mail to his employees, Stratfor chairman arrogantly dismisses the CIA’s capabilities. He writes:
From: George Friedman [mailto:email@example.com] Sent: Wednesday, December 29, 2004 9:13 AM To: firstname.lastname@example.org; email@example.com Subject: CIA head of analysis fired
Jamie Miscik, Deputy Director of Intelligence at the CIA was fired today. As DDI, she ran the analytic shop. According to media reports, she was fired for squandering resources on day to day reports while ignoring the broad trends. In other words, she was fired for looking at the trees and being unable to see the forest. She was also accused of spending too much time updating policy makers and too little time trying to grasp the broad trends–giving customers what they wanted instead of what they needed. In the end, it was her customers that turned on her. My charge against her was and remains that she took no pride in her craft and turned intelligence into PR and shoddy process. She and her gang are now history.
This gives Stratfor an enormous, historic opportunity. The CIA model of analysis has been invalidated. The ponderous, process driven machine that could only manage the small things now needs to be replaced by a robust, visionary, courageous analytic system. Stratfor has the opportunity to show the way. In fact, we are showing the way. Everyone in Langley knows that we do things they have never been able to do with a small fraction of their resources. They have always asked how we did it. We can now show them and maybe they can learn.
Reading this statement makes you wonder how the CIA has ever managed all of these years without Strafor’s robust, visionary, and courageous guidance.
Stratfor Also illustrated their ability to collect deep intelligence by performing private surveillance activities on US soil of protestors in Occupy Austin movement. To achieve this, one of their agents went undercover and joined an Occupy Austin meeting in order to gain insight into how the group operated.
Yet, in another e-mail reveals their ability to gain access to secret government documents. Fred Burton, the Stratfor vice president for Intelligence told one corporate client: “The F.B.I. has a classified investigation [that may be of interest and]…I’ll see what I can uncover.” in similar e-mail, he claims to have access to top secret materials captured during the raid on the OBL [Osama Bin Laden] compound and goes as far as offering a Q&A session regarding it’s content:
From: Fred Burton To: Secure List Subject: OBL take — quick response needed Sent: May 12, 2011 15:25
I can get access to the materials seized from the OBL safe house. What are the top (not 45) questions we want addressed? — Sean Noonan Tactical Analyst Office: +1 512-279-9479 Mobile: +1 512-758-5967 Strategic Forecasting, Inc. www.stratfor.com
Now, I could understand if Strafor was offering supplementary intel to various government agencies, but the ironic implication here is that they are syphoning classified information from the government and handing it over to their corporate clients.
Indeed, as Morpheus stated, “Fate, it seems, is not without its sense of irony”, Stratfor, the organization that prided itself on teaching the CIA a thing or two about security and intelligence gathering got Pwnd through the most benign means.
When you read the details of the Stratfor and HBGary exploits, you can’t help but scratch your head in amazement. For example:
HBGary website failed through a simple SQL injection. The site didn’t scrub nor sanitize any requests. This allowed the attackers to quickly retrieve the site’s User IDs and Passwords.
With a User ID and Password in their possession, they download the entire user database. Next, they proceeded to crack it. If the password database was properly protected, they would have gotten nowhere, but again, poor security design enabled them to retrieve all the passwords. It turns out that the HBGary Federal database stored passwords in simple MD5 hashes. To overcome this, the attackers used readily available rainbow tables.
After getting the passwords of two of HBGary’s executives, Aaron Barr and Ted Vera, they discovered that the passwords only consisted of eight characters: six lower-case letters and two numbers. With the User ID and Password details of the two executives, the attackers found out that this pair reused their passwords in multiple applications, including: e-mail accounts, LinkedIn (see bellow), Twitter and a customer facing server. So now Anonymous was able to access their e-mails too.
Image 4: Aaron Barr’s 2013 defaced LinkedIn page
Image 5: Aaron Barr’s 2014 updated LinkedIn pages (note the striped personal details and the recommendation by Pulkit Kapila, from Bozz Allen Hamilton
Image 6: Aaron Barr’s 2018 LinkedIn page
The accounts on the support server belonged to ordinary users but the system wasn’t patched against a privilege elevation attack. Now, with administrative access and due to the fact that one of the executives was also the administrator of the entire e-mail system, Anonymous gained full control of all HBGary Federal e-mail accounts. Using this vulnerability, they gained access to the account of another executive, Greg Hoglund, where they found an e-mail containing the root password for the entire site.
Anonymous had a root password, but couldn’t access the site server from outside of the firewall. They needed to login as a standard user and then switch to root.
To achieve this, they utilized a simple social engineering exploit. Using Greg Hoglund’s account, they contacted an administrator who had root access to the server. Through an e-mail exchange, they said that they had a problem logging in to the server and convinced the root admin to reset Greg’s password and also reveal his username–the two pieces of information they needed to complete their exploit and gain access to the Stratfor list of customers and their credit card files, which interestingly enough, were kept in a plane text file.
This wasn’t unique to HBGary or Strafor. In all hacking cases involving private security or intelligence companies, the analysis of the attack shows that it was executed via the most rudimentary methods. No mission impossible scenarios took place, the root cause was just your common run of the mill information security negligence and incompetence.
Time and time again, these von Wallenstein style wannabe spies have proven themselves to be a legal and an ethical liability. Case in point is that regardless of their patriotic pitch and public assertions of lofty ideals such as “solve the most important problems for the world’s most important institutions”, most of these individuals and companies are bottom feeders who are in it just for a fistful of dollars and narcissistic bragging rights. From the various e-mails disclosed, its obvious that they have no qualms conducting criminal influence operations against their customer’s political opponents and their families on US soil.
Image 6: Aaron Barr as a Secret Service Agent and other personas
The complete lack of moral scruples from guns for hire, like Aaron Barr, who engaged in the worst type of for-pay defamation doesn’t seem to change with time. Barr—after scrubbing his on-line persona several times—resurfaces in 2015 as a progressive, environmentally friendly activist this time dedicated to promoting Russian collusion theories, climate change awareness, and bemoaning the loss of on-line privacy.
Image 7: Aaron Barr the champion of transparency and a crusader against Wikileaks
Regardless of how attractive privatizing national security may seem at the moment, ultimately national intelligence should be managed by military and career civil servants that should report to elected officials who in turn should have specific term limits. True, this may not be the best way; after all, J Edgar Hoover managed to abuse the process throughout the terms of six different presidents. But in the end, the system does self-correct. It has been doing that now for over two hundred years.
*** Update 11/1/2017 harvested new imagery for Aaron Barr ***
My wife is a potter. She conducts most of her glazedOver pottery business on-line. Over the past 2 years, she has incrementally leveraged social networks to supplement her regular marketing and advertising efforts and she has progressively built-up a large following of loyal customers and a network of peer artists. She will tell you that without a doubt, a focused Internet advertising campaign translates instantly to higher site traffic and sales.
Clearly, an important component in successfully operating a small on-line craft business is to leverage social and professional networks and to tactfully promote your product. One way to do this is by paying a service to expose your store. Another, more organic method, is to form a guild that promotes the interests of a group of related artists via blogs and other publications. High traffic sites like these typically contain interviews, product reviews, giveaways, and links to member shops.
The Internet barons the likes of Google and Microsoft are aware of the relationship between traffic and revenue, and so they court high volume sites to host advertising content. One of the most popular on-line money making schemes (eclipsed only by Nigerian get rich quick 4XX offers) is the Google AdSense program. With programs like AdSense, you place sponsored advertisements on your blog and Google then delivers specialized content based on your site classification. The premise of this model is that if you have a high traffic site, you will most likely generate product or service sales for the ad sponsor. The more clicks, the more you make.
Google obviously requires that the sponsor of the AdSense campaign operates a legitimate website or blog. Their definition of what is deceptive or manipulative behavior is quite specific as you can see from their guidelines:
Quality guidelines Make pages primarily for users, not for search engines. Don’t deceive your users or present different content to search engines than you display to users, which is commonly referred to as “cloaking.”
Avoid tricks intended to improve search engine rankings. A good rule of thumb is whether you’d feel comfortable explaining what you’ve done to a website that competes with you. Another useful test is to ask, “Does this help my users? Would I do this if search engines didn’t exist?”
Avoid hidden text or hidden links.
Don’t use cloaking or sneaky redirects.
Don’t send automated queries to Google.
Don’t load pages with irrelevant keywords.
Don’t create multiple pages, subdomains, or domains with substantially duplicate content.
Avoid “doorway” pages created just for search engines, or other “cookie cutter” approaches such as affiliate programs with little or no original content.
If your site participates in an affiliate program, make sure that your site adds value. Provide unique and relevant content that gives users a reason to visit your site first.
Hosting Google adware has both its fans and its critics. Some users abstain from the practice on the grounds that it cheapens and waters down their brand (akin to placing a 30 foot billboard on your Victorian mansion), but many other popular blogs and websites do it enthusiastically, and they make some decent $$$ in the process.
It seems that if necessity is the mother of invention, then revenue from high internet traffic is the father of the con. Site sponsored advertising practice has now become so popular that many enterprising individuals/organizations are running large campaigns for site scams know as MFA (made for AdSense). These scraper sites are siphoning millions of dollars from the likes of Google.
The scam is ingenious and requires dedicated resources and some technical skill (like purchasing domains and manipulating content). I discovered this several days ago after my wife told me that someone was showcasing her pottery work on their site without crediting her. She first came upon it when she noticed an interesting pottery link in her twitter feed and asked me to have a look. After clicking on the link, I was routed to a site called VisionPottery.com. At first, the site looked legit; just another average blog dedicated to hand crafted goods.
Twitter feed, article, other site pages, and domain ownership information
The blog was designed reasonably well. The cover article titled “Folk Art Craft-From the past” featured a set of my wife’s pottery bowls. I scanned the article for a link to her shop (assuming that the author used her work as an illustration), but found neither links or credits.
When I checked the properties of the actual image, I was surprised to discover that it was hosted on the server and not linked to her site in any way (clearly, a copyright violation). I figured that the next best thing would be to read the article more carefully. The essay turned out to be laced with numerous grammatical errors and its contents made little sense.
Massive grammatical incoherencies smack of either human or machine altered text, so I performed a quick on-line search and located the original essay in “Articlebase.com”.
I diffed both essays and confirmed that the article hosted on VisionPottery.com was in fact a plagiarized version.
A textual analysis of the content revealed that the changes were purely based on a simple word substitution technique where one word, for example America is replaced by United States. It is clear that the plagiarizer’s objective was not to ‘lift’ the ideas from the article. Rather it was an attempted to prevent search engines from identifying and tagging the content as duplicate and thus improve their SEO (search engine optimization). This was also confirmed by the fact that the name of the original author could be found at the bottom of the plagiarized text.
An examination of the site structure reveled that it was built with a combination of machine generated scripts (many still contained the default WordPress template settings) and manual customization (logos and UI elements). The contents on the other hand, was managed by human ‘adaptors’ who took existing materials and resources from various on-line locations and altered them to create the appearance of an original composition, all for the sole purpose of scoring better search engine visibility.
Checking the VisionPottery.com domain registration shed some additional light on its modus operandi. The site is registered to Beverly Butler of Emerald Enterprise LLC; Beverly proudly advertises herself as the owner of the same on LinkedIn. As it happens, the server hosting her VisionPottery site also hosts many other parasitic marketing sites that operate along the same lines. Interestingly, the plagiarized version of the essay text where my wife’s bowls were found was also used verbatim by several other sites registered to different owners that were hosted on this machine as well.
A quick estimate (based on a sampling of the domains hosted on one server) suggests that there are potentially tens of thousands of sites that engage in this type of activity each making upwards of $150 a month. Clearly, this is a well coordinated and thriving criminal enterprise. It also turns out that there are hundreds of thriving franchises that for as low as 79.95 will provide you with ten ready AdSense sites (you also get a starter kit, a centralized dashboard to manage your growing Internet empire, and even a spamming pipeline into relevant Twitter feeds). A major sales pitch for these offer is the promise of “Passive-Residual” income which is defined by one developer of such sites as:
“… a steady stream of income that you have to do nothing at all to maintain, once you have established it. Passive-Residual Income is the ONLY income that gives you the freedom to come and go as you please, on your own schedule, while working at home or in your spare time.”
If you think that this is business as usual on the lawless Internet, think again. This type of conduct severely impacts all of us, from content creators who’s work is stolen and diluted, to service providers like Google who lose millions in revenue and all the way down to the average end user who gets spammed.
And yes, VisionPottery.com does have a copyright notice at the bottom of their web page, after all, they are only trying to protect their IP from other unscrupulous marketing entrepreneurs. Can you blame them?
Several weeks ago, my wife was searching online for the words to one of Shel Silverstein’s poems. With the Internet within closer reach than the bookshelf in our den, she went to Google and typed in the key words “shel silverstein pancakes,” and within 0.32 seconds got several matching results (Image 1).
Image 1: Google Search Results
She clicked on one of the top results on the first search page and almost instantly got prompted by a message box (Image 2) indicating something to the effect that her computer contained various signs of viruses and immediately needed to be examined. It then offered an option to perform a security scan.
Image 2: Infection Warning
We keep our OS well patched and the anti malware software up to date, so she decided to decline the offer and clicked on the cancel button. The message box went away but then another screen popped up telling her that her system was being scanned for viruses. Thinking that she may have clicked the OK button instead by mistake, she waited for the scan results.
Image 3: Infection Warning
When the scan was complete (within 15 seconds or so), she was informed that her computer indeed had been infected with several nasty viruses (Image 3) and that she would need to download and install the offered security program in order to remove these viruses (Image 4).
Image 4: Malware Download Dialog Box
At that point, she realized that malware itself was communicating with her and trying to install itself on her machine. She clicked the Cancel button dialog box but instead of terminating the installation, she was taken back to the first message box which told her again that her computer contained various signs of viruses and needed to be examined. Essentially, she was trapped in a loop, unable to close the Browser. After another round of scans and cancelations, she decided to bring up the Task Manager and terminate the process from there.
Several days later during dinner, she happened to mention her run-in with the malware and I made a sly comment that these are the rewards we reap for hanging around dubious websites. She took offense. “Dubious web sites?” she said, mocking me, “this was the fourth entry on the first search results page of Google. How ‘dubious’ can that be?”
I found it hard to believe that the writers of the malware were clever enough to sneak by the Google filters and make it to the top of the first search results page. I executed the same search she did just day previous. My search results were almost identical, but ironically her malware link had by then moved a step upwards in relevance.
Instead of clicking on the link I copied its URL and went directly to the website (Image 5)
Image 5: Actual page with download link and keywords
The web site turned out the be a newsgroup called derkeiler.com, which is one of the most popular and most heavily advertised mailing list archives on the net. Looking closer at the page, I found the following:
Next was a link which activated the malware download script.
Finally at the bottom of the page was an extensive list of hundreds of keywords that were associated with the works of Shel Silverstein.
I looked at the parent directory page and found a long list of dated directories (Image 6).
Image 6: Parent Directory (note heavy commercial advertising)
Each one of these directories contained dozens of linked entries. After randomly clicking on about 30 links, I determined that most of them were identical to the Shel Silverstein page (Image 5) in terms of content, layout and malware activation functionality. I checked out several other public newsgroups and “personal” web sites to compare. It appeared as if indeed there was a method to this madness.
Image 6: Sample directory contents with links to malware download
So what does it all mean? Well, the modus operandi seems to be as follows:
The creators of the malware install the program on a large number of personal websites (some have been breached and others are dedicated). One example is Rosuto Samurai which was allegedly created to support fantasy gaming but in reality never had any content beside the malware.
They then proceed to automatically create hundreds of highly popular topic pages (i.e. Ipod, Shel Silverstein, movies, etc.) in newsgroups and mailing lists, each of which contains a link to the malware download website.
Each of the pages also includes a large list of keywords (generated by some machine learning process) that are associated with the topic. The purpose of the keyword list is to increase the radar signature for the search engine spiders.
The search engines find these individual topic pages, traverse the keyword list and algorithmically determine that all the words are related. They also see the hyperlinks and postings on each page (which makes them appear like miniature websites) and as a result assign them a top rating—which to the user, translates as top hits in topic search results.
The outcome of this strategy is cheap and effective SEO penetration and viral dissemination of viral contents (no pun intended) via top search results.
Another interesting observation—which is not without its irony—is that large vendors such as Microsoft are completely unaware of this practice and are aggressively purchasing advertising space on these sites, (including ads for their security products). Clearly, this is being done without the realization that they are actually sharing living space with some of the most aggressive malware distribution centers.
Stay tuned, in a future posting, we will dive deeper to see who is actually developing and marketing this malware.