From MURAT: Project PM, Project Hastings, Project Swartz
Revision as of 14:30, 21 December 2012 by imported>Papers (Anonleaks > Par-AnoIA)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Palantir Technologies is a major component of the intelligence contracting system, producing cutting-edge software and services for a range of government and private sector clients. The firm was founded in 2004 by a small group including Peter Thiel and Dr. Alex Karp (as well as Joe Lonsdale, Stephen Cohen, and Nathan Gettings) with $30,000,000 from Thiel's investment body The Founders Fund as well as $2,000,000 from In-Q-Tel - the latter being the de facto investment arm of the CIA, having been formed for the purpose of encouraging the development of new technologies and capabilities of potential use to the U.S. intelligence community. Each year, the firm holds a conference on related technologies; the 2011 affair quite tellingly featured former DHS Secretary Michael Chertoff as a speaker despite the company's prior, notorious conduct, described below.

Palantir is an entity of interest in large part by virtue of its involvement with HBGary and Berico under the rubric of Team Themis, assembled for the purpose of providing intelligence capabilities to those firms willing to pay for them. Although plans were drawn up at the request of Bank of America and the U.S. Chamber of Commerce by which to target Wikileaks, left-wing activist groups, and the journalist Glenn Greenwald for various forms of online attacks, the plot was unveiled when an Anonymous team took control of HBGary's servers in early February of 2011 and released over 70,000 e-mails, including some to and from Palantir employees Matthew Steckman and Eli Bingham, revealing details of Palantir's involvement in the plot. At least one contract pursuant to the Team Themis conspiracy is signed by Palantir general counsel Matt Long, and several e-mails refer to aspects of the proposed deal having been approved up the chain of command to Dr. Karp himself. Nonetheless, Palantir has claimed to have had no knowledge of what was being done by two of its employees in concert with two corporate partners on behalf of two major corporate clients.

Aside from Steckman, Bingham, and Long, several other Palantir employees are known to have been involved in the firm's work on Team Themis; this e-mail shows that employees Shyam Sankar and Sean Stenstrom were also heavily involved in the efforts for which Steckman alone was suspended.

Palantir has also been connected to the secretive intelligence contractor Endgame Systems through Steckman, who is mentioned by an executive at that firm as having been working with them on projects as of early 2010 (see Endgame entry for details).

Palantir hired former National Counterterrorism Center Director Michael Leiter as a senior counselor in December of 2011.[1]

The document below was prepared by Anonymous participants in late February; it provides a comprehensive analysis of the e-mails in question and facts surrounding the case.

Note that the anonleaks links no longer work; emails can be searched @ Par-AnoIA - Papers ۞ 22:30, 21 December 2012 (UTC)


The following emails clearly establish Matthew Steckman's involvement in the creation of the leaked presentation/proposal entitled, "The Wikileaks Threat," including content allegedly considered unethical by the Internet security firm, Palantir, and possibly illegal under U.S. law. According to emails sent and received by Steckman, Matthew Steckman:

  • Was the first to correspond with Bank of America's legal representation, Hunton & Williams regarding Wikileaks, a publisher allegedly holding leaked documents from Bank of America;
  • Was aware that Hunton & Williams had been recommended to Bank of America by the U.S. Department of Justice;
  • Solicited the involvement of the security firms Berico and HBGary, in addition to his own firm, Palantir;
  • Outlined the format of the presentation to be made to Hunton & Williams by Palantir, Berico and HBGary, including the number of slides and the possible content of slides;
  • Received and approved suggestions for the proposal from representatives from HBGary, Berico and Palantir, including HBGary CEO Aaron Barr;
  • Specifically approved suggestions for the proposal, made by Aaron Barr, regarding strategic "attacks" on journalist Glenn Greenwald and others in the media for the purpose of undermining Wikileaks' support in the media;
  • Specifically approved suggestions for the proposal, made by Aaron Barr, regarding the exploitation of weaknesses in Wikileaks' infrastructure, including its network of staff, volunteers and leakers; its submission servers; its finances; its founder, Julian Assange; etc;
  • Incorporated the above-described suggestions for the proposal, made by Aaron Barr, into the finished proposal;
  • Personally created, formatted, revised, edited, approved and distributed the presentation document in question.
  • Listed emails also detail correspondance between employees of the firms HBGary and Palantir (including Aaron Barr and Matthew Steckman) among others, concerning the internet movement called Anonymous, its alleged connections to Wikileaks, and Aaron's Barr's research on Anonymous, including its alleged connections to Wikileaks.

List of emails TO Matthew Steckman RE: Wikileaks

  • John Woods (Hunton for BoA) requests slides for a presentation to a "large US bank" re: Wikileaks.
  • Eli Bingham (Palantir) requests for sec reps from Palantir, Berico and HBGary to join a conference call regarding the "large US bank" opportunity discussed above.
  • Aaron Barr informs Matthew Steckman that he cannot open a file attachment from Steckman's previous email (linked):
  • Aaron Barr discusses sending analysis information to Matthew Steckman, regarding BoA/Wikileaks. Barr mentions "mapping" [speculation: the analysis maps seen in the presentation made to Hunton for BoA]:
  • Aaron Barr, to Matthew Stuckman, explicitly lays out potential "attack" strategies against Wikileaks' "weak points," citing Wikileaks' volunteers, staff, finances, submission servers, Julian Assange, the perceived security of leakers, etc.
  • Aaron Barr introduces Matthew Steckman to the idea of attacking Glenn Greenwald specifically, and makes a case for strategically undermining Wikileaks' support in the "liberal" media. Barr explicitly uses the word "attack" in relation to organizations/individuals supporting Wikileaks.
  • Aaron Barr informs Matthew Steckman that he cannot open a file attachment sent by Steckman. Attachment appears to be a draft of the presentation to be made to Hunton for BoA.
  • Aaron Barr agrees with Matthew Steckman that they should find out "later" on whose end is the technical issue keeping Barr from accessing Steckman's BoA/Wikileaks proposal file attachments.

List of emails FROM Matthew Steckman RE: Wikileaks=

  • Matthew Steckman invites Aaron Barr (and reps from Palantir and Berico) to join a conference call about an opportunity from a "large US bank" re: Wikileaks (mentioned in previous email).
  • Matthew Steckman summarizes, for Palantir, Berico and HBGary sec reps, a phonecall from Hunton and Williams; outlines BoA/Wikileaks opportunity as "internal investigation;" mentions BoA seeking injunction against wikileaks; mentions US Department of Justice's recommendation of Hunton & *Williams, specifically Richard Wyatt, whom steckman refers to as "the emperor," to BoA's general counsel; mentions roles of Palantir, Berico and HBGary; mentions potential prosecution of Wikileaks/
  • Matthew Steckman outlines possible presentation slides for proposal to Hunton for BoA, and organizes logistics of upcoming conference call.
  • Matthew Steckman sends "a cleaned up version" of a document for sec reps to "work from" [original attachment is not included at listed link, document is an early draft of the BoA proposal.] Steckman informs sec reps from HBGary, Palantir and Berico that he is only collecting information for the time being, regarding the BoA/WIkileaks proposal.
  • Matthew Steckman sends Berico and HBGary reps another "cleaned up version to work from".
  • Matthew Steckman informs John Woods (Hunton for BoA) that the three firms (Palantir, Berico, HBGary) will have coordinated an early proposal by "tonight" [Dec 02, 2010].
  • Matthew Steckman and John Woods (Hunton for BoA) organize logistics of morning conference call.
  • Matthew Steckman sends "working draft" of BoA/Wikileaks proposal to sec reps from Berico, Palantir and HBGary.
  • Matthew Steckman sends conference call details [date, time, phone number] to John Woods (Hunton for BoA) and Berico, Palantir and HBGary sec reps.
  • Matthew Steckman sends proposal notes ["document"] for upcoming conference call/presentation to John Woods (Hunton for BoA) and Berico, Palantir and HBGary sec reps.
  • Matthew Steckman informs Aaron Barr that he approves of Barr's earlier suggestions regarding Wikileaks' strengths/weaknesses and that he plans to "spotlight" an attack on Glenn Greenwald in the upcoming presentation, also per Barr's earlier suggestion [see earlier emails TO Steckman].
  • Matthew Steckman informs Aaron Barr that Barr's suggestions have been added to the updated proposal and thanks Barr for his suggestions [detailed in emails/synopses above].
  • Matthew Steckman sends Aaron Barr a "Pfd" [sic] and suggests that they need to work out Barr's technical difficulties opening steckman's email attachments "afterwards".

List of emails TO/FROM Aaron Barr RE: Anonymous Research and/or Anonymous Connections to Wikileaks

  • Aaron Barr contacts John Woods (Hunton for BoA) about Barr's research on Anonymous. Barr claims to have information about Anonymous that possibly no one else has regarding "organization operations and communications infrastructure as well as key players by name." Barr mentions possible application of this information to another "opportunity" previously discussed with Woods, but does not elaborate.
  • Aaron Barr and Matthew Steckman discuss sharing Barr's research on Anonymous.
  • Aaron Barr and Matthew Stechman discuss meeting and sharing Barr's research on Anonymous.
  • Aaron Barr contacts Dawn Meyerriecks (Office of the Director of National Intelligence) and informs her of his research on Anonymous. Barr claims to have put together "a significant data set" and offers to discuss his "results, methodologies, and significance of social media for analysis and exposure".
  • Aaron Barr corresponds with John Woods (Hunton) and claims that he has mapped out 80-90% of Anonymous' leadership. *Barr claims to be meeting with "govies" [speculation: government officials] "next week" [dated 01/31/2011.] Follow-up to email in which Barr alleges ties between Anonymous and Wikileaks.
  • Aaron Barr discusses with Bill Wansley (Booz, Allen, Hamilton) the possibility of researching ties between Anonymous and Wikileaks; Barr claims there are "many" such ties.

List of emails TO/FROM Other HBGary Employees RE: Wikileaks and/or Anonymous

  • Bob Slapnik (HBGary) recounts to HBGary's sales department a recent conversation at a "customer site" about potential markets created by the Wikileaks release (i.e. China's resultant access to classified US security intelligence and the US's subsequent need for new sec.) Slapnik stresses the importance of targeted language when proposing such products.
  • David Willson informs Ted Vera (HBGary) that the Bank of America/Wikileaks news has been broken by FOX.

"The Wikileaks Threat" (Original Document) Discussed in Listed Emails

The document provides what the authors believed was an overview of the structure and organisation of Wikileaks (some of the information is inaccurate) and promotes the potential role of Palantir Technologies, HBGary Federal, and Berico Technologies against the 'Wikileaks threat'.

From the 'Response Tactics' section:

  • "Speed is crucial!
    • There is no time to develop an infrastructure to support this investigation
    • The threat demands a comprehensive analysis capability now
  • Combating this threat requires advanced subject matter expertise in cybersecurity, insider threats, counter cyberfraud, targeting analysis, social media exploitation.
  • Palantir Technologies, HBGary Federal, and Berico Technologies represent deep domain knowledge in each of these areas
    • They can be deployed tomorrow against this threat as a unified and cohesive investigative analysis cell."

From the 'Potential Proactive Tactics' section:

  • "Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates.
  • Search for leaks. Use social media to profile and identify risky behavior of employees."

From the 'Conclusion' section:

  • "WikiLeaks is not one person or even one organization; it is a network of people and organizations acting in concert for the sole purpose of “untraceable mass document leaking.”
  • Together, Palantir Technologies, HBGary Federal, and Berico Technologies bring the expertise and approach needed to combat the WikiLeaks threat effectively.
  • In the new age of mass social media, the insider threat represents an ongoing and persistent threat even if WikiLeaks is shut down.
  • Traditional responses will fail; we must employ the best investigative team, currently employed by the most sensitive of national security agencies."

There are two versions of the document:

Background Brief

Based on what I’ve seen of their corporate positioning, Palantir seem to be invested in the idea that they are one of the good guys. They claim to offer technology which better distinguishes and discriminates amongst information acquired via mass-surveillance, and to permit the ‘tagging’ of this information so that it is accessible only to those with the appropriate clearance and jurisdiction.

“ dedicated to working for the common good and doing what’s right”

“That deeply felt commitment has been clear since the company’s inception and is evident in the company’s roster of advisors, leaders, engineers, and technology experts.” White Paper: ‘Privacy and Civil Liberties are in Palantir’s DNA’

“Dam it feels good to be a gangsta...”
-Matthew Steckman

(worthwhile background: positioned as trying to make a bad system better NPR: A Tech Fix For Illegal Government Snooping?)

They’re also pretty high profile, with a market capitalisation of over $1 billion (mostly courtesy of PayPal cofounder Peter Thiel) - i.e., they’re a little more serious than HBGary.

Forbes: Names You Need to Know in 2011: Palantir Technologies

All of which makes it likely that they’re going to be looking to isolate Steckman, emphasizing the disparity between their corporate values and his conduct. Obviously, having their emails would make it easier to determine just how much upper management knew about his work without having to actually ask them only to receive the standard incredulous insistence of virtue. Either way, probing this is likely to give some insight into the scale of the threat as they presently perceive it.

On that threat, I think the safest thing to say at the moment is that nobody is quite sure where all of this is going to end up. Equally safe is that whatever we might be able to reduce the ‘Anonymous’ position to, it will likely be directly contrary to Palantir and their ilk – they want this to be a momentary blip, we want it to be the chink that proves the undoing of this sick machine we’ve all ended up serving and despising. The following is intended to describe bigger picture in the form of some choice excerpts from authoritative sources. This will hopefully yield insights into particular pressure points, fissures and weaknesses to be exploited.

Privatization and the Federal Government: An Introduction

December 28, 2006 Kevin R. Kosar. Congressional Reporting Service. CRS: Privatization and the Federal Government: An Introduction

Furthermore, the movement of an activity from the governmental sector to the private sector, or vice versa, has significant ramifications. Most obviously, the behavior of the entity carrying out the task will differ because each sector has different incentives and constraints. One public administration scholar has suggested that the incentives amount to this: a government entity may do only what the law permits and prescribes; a private entity may do whatever the law does not forbid.

Government agencies, unlike private firms, usually operate under complex accountability hierarchies that include multiple and even conflicting goals. Federal agencies, for example, are subject to the corpus of federal management laws. These laws serve as means for keeping executive branch agencies accountable to Congress, the President, and the public. They also embody principles of democratic justice, such as the allowance for public participation and government transparency.

Thus, in shifting an activity from the governmental to the private sector, the nature of government oversight is transformed. As the components of government provision of goods and services are privatized, the jurisdiction of federal management laws, Congress, the President, and the courts is reduced.

Privatization’s Pretensions

Jon D. Michaels. [77:717 2010] The University of Chicago Law Review

Workarounds provide outsourcing agencies with the means of accomplishing distinct policy goals that—but for the pretext of technocratic privatization—would either be legally unattainable or much more difficult to realize.

Consider the following scenario: Exploiting Legal-Status Differentials. The Department of Homeland Security (DHS) would like to establish a data mining operation to gather intelligence on potential terrorist threats. Bristling under stringent federal privacy laws imposed on government officials—laws that inhibit DHS’s ability to collect and analyze personal information without court authorization—policymakers turn to private contractors. Contractors, like most other private individuals, are largely beyond the scope of these federal laws. For the most part, these laws were enacted well before contractors were hired with great regularity to assist with law enforcement and counterterrorism initiatives. Now, in an era where outsourcing is the norm, DHS may use the statutes’ narrowness to its advantage and award government contracts to the unencumbered private data brokers. The contractors can then acquire the information more liberally on their own and submit raw data or synthesized intelligence to the government. DHS thus gets the benefit of more sweeping, intrusive searches than would otherwise be permitted of government officials, short of their first obtaining warrants or securing legislative change.

Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism

Martin Scheinin. HUMAN RIGHTS COUNCIL, Thirteenth session. A/HRC/13/37 28 December 2009

[20]States that previously lacked constitutional or statutory safeguards have been able to radically transform their surveillance powers with few restrictions. In countries that have constitutional and legal safeguards, Governments have endangered the protection of the right to privacy by not extending these safeguards to their cooperation with third countries and private actors, or by placing surveillance systems beyond the jurisdiction of their constitutions.

[41]The Special Rapporteur notes that since September 2001 there has been a trend towards outsourcing the collection of intelligence to private contractors... [raising concerns about] lack of proper training, the introduction of a profit motive into situations which are prone to human rights violations, and the often questionable prospect that such contractors will be subject to judicial and parliamentary accountability mechanisms

On the promotion and protection of human rights and fundamental freedoms while countering terrorism

Martin Scheinin. HUMAN RIGHTS COUNCIL, Tenth session. A/HRC/10/3 4 February 2009

B. Recommendations For legislative assemblies 65. The Special Rapporteur recommends that any interference with the right to privacy, family, home or correspondence by an intelligence agency should be authorized by provisions of law that are particularly precise, proportionate to the security threat, and offer effective guarantees against abuse. States should ensure that competent authorities apply less intrusive investigation methods than special investigation techniques if such methods enable a terrorist offence to be detected, prevented or prosecuted with adequate effectiveness. Decision-making authority should be layered so that the greater the invasion of privacy, the higher the level of necessary authorization. Furthermore, in order to safeguard against the arbitrary use of special investigative techniques and violations of human rights, the use of special investigative techniques by the intelligence agencies must be subject to appropriate supervision and review. 66. There should be a domestic legal basis for the storage and use of data by intelligence and security services, which is foreseeable as to its effects and subject to scrutiny in the public interest. The law should also provide for effective controls on how long information may be retained, the use to which it may be put, and who may have access to it, and ensure compliance with international data protection principles in the handling of information. There should be audit processes, which include external independent personnel, to ensure that such rules are adhered to.

67. The Special Rapporteur also recommends the adoption of legislation that clarifies the rights, responsibilities, and liability of private companies in submitting data to government agencies.

For the executive power 71. The executive should have effective powers of control, provided for in law, over the intelligence agencies and have adequate information about their actions in order to be able to effectively exercise control over them. The minister responsible for the intelligence and security services should therefore have the right to approve matters of political sensitivity (such as cooperation with agencies from other countries) or undertakings that affect fundamental rights (such as the approval of special investigative powers, whether or not additional external approval is required from a judge).

451 Group Report via Penny Leavy-Hoglund (Dated July 2 2010)

If 'data is the new oil,' as the saying goes, think of Palantir as a refinery. Those of you who read our 451 ESP report on e-crime have heard about Palantir, which has become the poster child for powerful data-analytics tools that can ferret out advanced attacks and otherwise make sense of the hodgepodge of data collected by modern, layered security deployments.

We were not surprised by the new funding round, but were taken aback by the dollar amount – a whopping $90m. For starters, Palantir's platform, though powerful, is hardly turnkey. Pricing starts in the mid six figures and deployments can run to well over $1m. The main selling point, according to folks we've talked to, is its incredible flexibility in connecting isolated bits of data to spot patterns of behavior or anomalous/suspicious activity. However, infinite flexibility also carries with it a heavy burden of knowhow and customization that most organizations can't muster. In the case of Palantir, customers need to define their own data ontology to leverage the power of the platform – no mean task.

For now, the company isn't saying much about what it will do with its newfound lucre. We'd recommend a push to develop a hosted version of its platform that would make it easier to go down market from the government and very large enterprise space, and allow Palantir to start building products or feature sets across verticals.


Palo Alto, California-based Palantir was founded in 2004 by PayPal alums Karp and CTO Nathan Gettings. The core idea behind the company was to create a pluggable data-analytics platform that could be used by organizations that need to ferret out intelligence from massive volumes of information – in particular, government and financial services organizations. Palantir was initially funded with seed money from the founders, as well as three prior rounds of investment from the Founders Fund, In-Q-Tel and Reed Elsevier Ventures. Palantir has not disclosed the amount of those rounds. On June 24, Palantir announced that it had raised $90m in a series D funding round. The vendor said that its latest round gives it a valuation of $735m.

For partnerships, Palantir has collaborated with forensics vendor HBGary to integrate HBGary's threat intelligence data to Palantir's information-analysis platform. The integration allows analysts to perform more granular analysis of found threats using HPGary's Malware Genome database (pdf @ There have also been whispers of a partnership between Palantir and network forensics player NetWitness, though nothing has been forthcoming from that.

Palantir now claims 250 employees, up from 200 in the fourth quarter of 2009 and 150 a year ago. The company maintains two divisions: Palantir Government, which designs products for the company's government, defense and intelligence customers; and Palantir Finance, which builds on the same platform, but with an eye toward the needs of large financial services organizations. We can't verify that, but the roster of A-list media appearances that Karp has landed, including NPR, The Wall Street Journal and The Charlie Rose Show – not to mention the latest TechCrunch exclusive – suggests that somebody at the firm has a way with the media.

While Palantir's platform marks an innovation, it isn't the only company in the analytics and forensics space, nor is its platform necessary and sufficient in and of itself to do soup to nuts analysis. Before Palantir can do its thing, you need superfast full-packet capture from the likes of Niksun, Endace or Napatech; threat pattern detection from HBGary or Snort (Sourcefire); or forensic analysis from the likes of NetWitness or Solera Networks. So, while the potential applications for Palantir's technology are limitless, the actual applications of it are thus far very limited: defense and intelligence work, and high finance. That's a relatively small pool to fish from. With an average deal size of $400,000, Palantir would need 250 paying customers to bring in the $100m in annual revenue that might justify the valuation quoted in this funding round. The last time we talked with the company (Q4 2009), it had 10.

Which brings us to Palantir's valuation. Our back-of-the-envelope calculations as of Q4 2009, based on average deal size, put revenue at perhaps as high as $16-20m. No doubt the company's client roster has grown considerably since then, but so has its headcount: up 25%. The valuation Palantir has fetched suggests revenue in the range of $100m or more, but we've seen nothing from the company to suggest that it's anywhere near that. We'd love to learn that we're wrong and to hear more about what Palantir will do with its latest round. We'd also love a chance to sit down and run the numbers with the company's new investors. There's obviously a story to tell.


Palantir's eponymous platform comprises a rather complex system of modules for importing, tagging and then conducting investigations or analysis of disparate structured, semi-structured and unstructured data. At the center of the Palantir Platform is the Palantir Dispatch Server, which acts as a kind of management center for the Palantir Platform, handling business logic, policy and user access controls as well as user access to the back end – the Palantir Revisioning Database, which runs Oracle RDBMS 10g. Dispatch Servers can be clustered in large or active deployments, though an additional Lock Server must be deployed in clustered environments to manage in-memory locks on the Revisioning Database. The Search Server is a modified version of the Apache Software Foundation's Lucene and does indexing and full text search of structured and unstructured data. A separate and optional search server dubbed Raptor allows the Palantir Platform to search across internal and external data sources.

Other modules include the Palantir Configuration Server for managing multi-server environments and logging. A Job Server manages imports of 'large' data sets (which Palantir terms any data set larger than 1MB or 100 data sources to the Palantir Revisioning Database, as well as system operations like persistent searches). Palantir leverages a modified version of Apache's Hadoop/MapReduce service for bulk data imports. The Palantir Workspace front end is a browser-based application written in Java that centralizes all elements of investigation, including data management, case creation, analysis and reporting (output in HTML or PowerPoint). The Dynamic Ontology Manager is a Windows application that is used to classify structured and unstructured data to work with Palantir's Dynamic Ontology – a system for managing and accessing data objects within the Palantir Platform.

The company also sells a wide range of additional components to manage and monitor the health of Palantir Platform deployments, extract data from imported objects, and so on. Deployments of the Palantir Platform vary in terms of the number of servers; the size depends on the amount of data that must be imported and managed and the number of analysts that will be accessing the data. As a rule of thumb, the company says one server can support around 12 analysts. Key functions, including the Dispatch Server, Search Server and Configuration, run on separate boxes, as a rule.


Palantir's core technology resides in its Revisioning Database and comprises methods for providing different views of structured, semi-structured or unstructured data based on different sets of rules or changes to the data set. Palantir's technique, described in its US patent application, allows multiple users to create different versions of the same data object, and then track those changes over time, while allowing users to collaborate on their analysis of the same set of data – tracking changes over time, viewing a history of changes to a data object, or providing access restrictions around certain data objects or even certain 'views' of that data. The Revisioning Database enables the Palantir Platform to easily manipulate disparate data sources for analysis.

Palantir has four other patents pending, including a method for applying object modeling for exploring large data sets, and 'Filter Chains with Associated Views for Exploring Large Data Sets' – a way of tracking a chain of associations between large sets of discrete data elements and an even larger set of related data elements. Within the Palantir Platform, this technology powers the Links feature, which allows the Palantir Platform to graphically represent connections between multiple objects and their properties – that could be relationships between people, temporal events or keywords, for example. Palantir claims it has applications both in intelligence and in the financial services sector for analyzing and graphically representing trends in high-volume trading data.


It's hard to discern Palantir's long-term strategy, except to say that the company's founders are very bullish about the potential of their platform and have thus far done an exemplary job getting noticed and, we understand, winning 'mindshare' within the government and defense sectors. We're less clear about Palantir Finance, but the company has shared the names of some impressive accounts in that space, as well. Since its inception, Palantir has pursued a fairly focused strategy of working closely with very large customers in defense, intelligence and high finance to shape its platform for the specific needs of intelligence and financial analysts. The company notes its reliance on agile development methodology, releasing numerous updates to its platform during the year. It says that it leverages that and queues from its customers about what features are needed in its products, rather than trying to bend its platform to fit into some predefined product category.

The Palantir Platform is licensed by the server core, with additional services and support costs of 20% annually. Deal sizes range from $400,000 to $1.5m. In terms of sales, Palantir says it sells direct only to a small number of very large companies, though its CEO has publicly said that the company has been doubling in size annually based just on word of mouth and doesn't plan on investing in sales and marketing, so it will remain an almost entirely engineering-driven firm. That's a quaint idea, but smacks a bit too much of late 1990s dot-com bravado for our tastes. In terms of partnerships, Palantir notes that it has APIs that allow its platform to digest data from a wide range of third-party data sources, including IDS/IPS, SIEM or third-party databases.


Palantir would no doubt argue that no product does exactly what its platform does and, therefore, that it has no direct competition. It may not be wrong. But there are lots of products that do pieces of what Palantir does. At its root, Palantir is a platform for doing investigations of complex events. In that, it vies with players in both the forensics and e-discovery spaces. That would include companies like Guidance Software, with EnCase, and forensics toolkit vendor AccessData Group. Autonomy Corp is a major player in the e-discovery, government intelligence and financial services markets. Basis Technology and its Rosette multilingual text-analysis platform has been a popular option in government departments for a decade, as was Inxight Software, at least prior to its acquisition by Business Objects (now part of SAP) in May 2007. IBM and SAS Institute each have analytics for both unstructured and structured data and have many customers in government and military intelligence, too. Recommind is strong in e-discovery and has a well-established text-analysis foundation of its own, although not much business in government.

Antifraud comes from the likes of EMC, VeriSign, Guardian Analytics, Oracle, Symantec, NICE Systems, and so on. We also see overlap with network forensics vendors like Solera, NetWitness, Network Instruments and NetScout. In addition, there are firms like Packet Analytics, Niksun, WildPackets, ClearSight Networks, Fluke Networks, CACE Technologies/Wireshark and the newly launched CloudShark, which is a cloud-enabled front end for Wireshark and tshark applications.

Finally, diversified IDS and ESIM vendors could also be considered rivals of Palantir – if only for available budget. We'd note Sourcefire and NitroSecurity, which is both an ESIM and IDS player, as firms with a prolific IDS heritage in addition to ESIM incumbents ArcSight, Q1 Labs, RSA (with its enVision product) and LogLogic, to name but a few.

Palantir will attest (not incorrectly) that its platform can just consume data feeds from those point products to add layers to its analytic capability. But in a constrained capital spending environment, some firms might well decide that SIEM and IDS or network management are enough.

SWOT analysis


Palantir has a unique offering and the right provenance, along with some important backers in the government and defense space. The company's platform slots in well with the focus on stopping advanced threats and adaptive persistent adversaries.


Palantir's platform, while powerful and flexible, still requires significant amounts of customization and comes at a price that limits its reach to all but the largest organizations.


Adaptive persistent adversaries and threats, a flood of data from security point products and, in general, the deluge and complexity of data all bode well for Palantir, presuming it can find a formula to broaden the reach and appeal of its platform.


While nothing does exactly what Palantir's platform does, lots of companies do pieces of what it does: forensics, e-discovery, fraud and threat detection. Given the cost/complexity of deployments, the company could find it hard to grow its customer base to support a nearly $1b valuation.


Palantir Government

Palantir Government integrates structured and unstructured data, provides advanced search and discovery capabilities, enables knowledge management, and facilitates secure collaboration. The Palantir platform includes the privacy and civil liberties protections mandated by legal requirements such as those in the 9/11 Commission Implementation Act. Palantir’s privacy controls keep investigations focused, as opposed to the expansive data mining techniques that have drawn criticism from privacy advocates concerned about civil liberties protection. Palantir maintains security tags at a granular level such that analysts can only see the specific information they have permission to see.


Palantir runs the site AnalyzeThe.US, which allows the public to use Palantir Government to perform analysis on publicly available data from,, the Center for Responsive Politics’ Open Secrets Database, and Community Health Data from

Palantir Finance

Palantir Finance is a software platform for data integration, information management and quantitative analysis. The software connects to commercial, proprietary and public data sets and discovers trends, relationships and anomalies. Palantir Finance is used to study the markets, test and refine trading strategies, and generate complex signals across asset classes.


JoyRide is a public demo of Palantir Finance. It offers training exercises and the data is provided by Thomson Reuters, who markets Palantir's software as QA Studio as of April 2010.


Text from an e-mail announcement of recent Palantir Government Convention.

GovCon 7 Is Almost Here!

Palantir's seventh Government Conference is only a week away and is on track to be our largest event yet! Seating is limited and we encourage you to register now to reserve your spot.

Our guest speakers will be former DHS Secretary Michael Chertoff, National Center for Missing and Exploited Children Assistant Executive VP Linda Krieg and Executive Director Michael Geraghty, and The Institute for the Study of War Deputy Director Marisa Sullivan and Senior Fellow LTG James Dubik.

Palantir engineering talks will hightlight features of our latest software release Version 3.5, infrastructure and analytical advancements for addressing massive-scale data operations, the new Palantir Video Analysis application, and much more.

GovCon 7 will offer an exceptional view into the recent product innovations and deployment successes that continue to demonstrate how Palantir provides customers with unparalleled analytical capabilities, especially in times of fiscal austerity.

For additional details and to view a complete agenda, visit our conference website.

External Links

How Team of Geeks Cracked Spy Trade 4.11.2009

Palantir’s third black eye: i2 lawsuit settled 16.2.2011

Palantir raises $50mil from unknown investors 5.5.2011

Palantir’s $2.5 Billion Mystery, Solved 7.10.2011

Palantir, the War on Terror's Secret Weapon - 22.11.2011

Kellogg of Service blogging on Palantir - 27.6.2011

Palantir's YouTube Channel

Text of e-mail announcement of 7th annual Palantir Government Conference, featuring former Department of Homeland Security head Michael Chertoff as speaker

Interview with Palantir CEO on Charlie Rose

Palantir; The vanguard of cyberterror security

Global surveillance industry gets a new toy