JumpCloud raises $75M Series E as cloud directory service thrives during pandemic

JumpCloud, the cloud directory service that debuted at TechCrunch Disrupt Battlefield in 2013, announced a $75 million Series E today. The round was led by BlackRock with participation from existing investor General Atlantic.

The company wasn’t willing to discuss the current valuation, but has now raised over $166 million, according to Crunchbase data.

Changes in the way that IT works have been evolving since the company launched. Back then, most companies used Microsoft Active Directory in a Windows-centric environment. Since then, things have gotten more heterogeneous with multiple operating systems, web applications, the cloud and mobile and that has required a different way of thinking about directory structures.

JumpCloud co-founder and CEO Rajat Bhargava says that the pandemic has only accelerated the need for his company’s kind of service as more companies move to the cloud. “Obviously now with COVID, all these changes made it much more difficult for IT to connect their users to all the resources that they needed, and to us that’s one of the most critical tasks that an IT organization has is making their team productive,” he said.

He said their idea was to build an “independent cloud directory platform that would connect people to really whatever it is they need and do that in a secure way while giving IT complete control over that access.”

The product which includes a free tier for 10 users on 10 systems for an unlimited amount of time, has 100,000 users. Of those, Bhargava says that about 3000 are paying.

The company has 300 employees with plans to add 200-250 in the next year with a goal of adding 500 in the next couple of years. As he does that, Bhargava, who is South Asian, sees diversity and inclusion as an important component of the hiring process. In fact, the company tries to make sure it always has diverse candidates in the hiring pool.

“Some of the things that we’ve tried to do is make sure that every role has some diversity candidates involved in the hiring process. That’s something that our recruiting team is working on and making sure that we’re having that conversation with every single hire,” he said. He acknowledges that it’s a work in progress, and a problem across the entire tech industry that he and his company continue to try and address.

Since the pandemic, the company, which is based in Colorado, has made the decision to be remote first and they will be hiring from across the country and across the world as they make these new hires, which could help contribute to a more diverse workforce over time.

With a $75 million investment, and having reached Series E, it’s fair to ask if the company is thinking ahead to an IPO, but Bhargava didn’t want to discuss that. “We just raised this $75 million round. There’s so much work to be done, so we’re just looking forward to that right now,” he said.

Explo snags $2.3M seed to help build customer-facing BI dashboards

Explo, a member of the Y Combinator Winter 2020 class, which is helping customers build customer-facing business intelligence dashboards, announced a $2.3 million seed round today. Investors included Amplo VC, Soma Capital and Y Combinator along with several individual investors.

The company originally was looking at a way to simplify getting data ready for models or other applications, but as the founders spoke to customers, they saw a big need for a simple way to build dashboards backed by that data and quickly pivoted.

Company CEO and co-founder Gary Lin says the company was able to leverage the core infrastructure, data engineering and production that it had built while at Y Combinator, but the new service they have created is much different from the original idea.

“In terms of the UI and the output, we had to build out the ability for our end users to create dashboards, for them to embed the dashboards and for them to customize the styles on these dashboards, so that it looks and feels as though it was part of their own product,” Lin explained.

While the founders had been working on the original idea since last year, they didn’t actually make the pivot until September. They made the change because they were hearing this was really what customers needed more than the tool they had been building while at Y Combinator. In fact, Chen says that their YC mentors and investors have been highly supportive of the switch.

The company is just getting started with the four original co-founders — Lin, COO Andrew Chen, CTO Rohan Varma and product designer Carly Stanisic — but the plan is to use this money to beef up the engineering team with three to five new hires.

With a diverse founding team, the company wants to continue looking at diversity as it builds the company. “One of the biggest reasons that we think diversity is important is that it allows us to have a bigger perspective and a grander perspective on things. And honestly, it’s in environments where I have personally […] been involved where we’ve actually been able to create the best ideas was by having a larger perspective. And so we definitely are going to be as inclusive as possible and are definitely thinking about that as we hire,” Lin said.

As the company has grown up during the pandemic, the founding core is used to working remotely and the goal moving forward is to be a distributed company. “We will be a remote distributed company so we’re hiring people no matter where they are, which actually makes it a lot easier from a hiring perspective because we’re able to reach a much more diverse and large pool of applicants,” Lin said.

They are in the process of thinking about how they can build a culture as they bring in distributed employees. “I think the way that we’ve started to see it is that working distributed is not a reduced experience, but just a different one and we are thinking about different things like how e organize new people when they on board, and maybe we can meet up as a team and have a retreat where we are located in the same place [when travel allows],” he said.

For now, they will remain remote as they take their first half dozen customers and begin to build the company with the new investment.

With $29M in funding, Isovalent launches its cloud-native networking and security platform

Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreesen Horowitz and Google. In addition, the company today officially launched its Cilium platform (which was in stealth until now) to help enterprises connect, observe and secure their applications.

The open-source Cilium project is already seeing growing adoption, with Google choosing it for its new GKE dataplane, for example. Other users include Adobe, Capital One, Datadog and GitLab. Isovalent is following what is now the standard model for commercializing open-source projects by launching an enterprise version.

Image Credits: Cilium

The founding team of CEO Dan Wendlandt and CTO Thomas Graf has deep experience in working on the Linux kernel and building networking products. Graf spent 15 years working on the Linux kernel and created the Cilium open-source project, while Wendlandt worked on Open vSwitch at Nicira (and then VMware).

Image Credits: Isovalent

“We saw that first wave of network intelligence be moved into software, but I think we both shared the view that the first wave was about replicating the traditional network devices in software,” Wendlandt told me. “You had IPs, you still had ports, you created virtual routers, and this and that. We both had that shared vision that the next step was to go beyond what the hardware did in software — and now, in software, you can do so much more. Thomas, with his deep insight in the Linux kernel, really saw this eBPF technology as something that was just obviously going to be groundbreaking technology, in terms of where we could take Linux networking and security.”

As Graf told me, when Docker, Kubernetes and containers, in general, become popular, what he saw was that networking companies at first were simply trying to reapply what they had already done for virtualization. “Let’s just treat containers as many as miniature VMs. That was incredibly wrong,” he said. “So we looked around, and we saw eBPF and said: this is just out there and it is perfect, how can we shape it forward?”

And while Isovalent’s focus is on cloud-native networking, the added benefit of how it uses the eBPF Linux kernel technology is that it also gains deep insights into how data flows between services and hence allows it to add advanced security features as well.

As the team noted, though, users definitely don’t need to understand or program eBPF, which is essentially the next generation of Linux kernel modules, themselves.

Image Credits: Isovalent

“I have spent my entire career in this space, and the North Star has always been to go beyond IPs + ports and build networking visibility and security at a layer that is aligned with how developers, operations and security think about their applications and data,” said Martin Casado, partner at Andreesen Horowitz (and the founder of Nicira). “Until just recently, the technology did not exist. All of that changed with Kubernetes and eBPF.  Dan and Thomas have put together the best team in the industry and given the traction around Cilium, they are well on their way to upending the world of networking yet again.”

As more companies adopt Kubernetes, they are now reaching a stage where they have the basics down but are now facing the next set of problems that come with this transition. Those, almost by default, include figuring out how to isolate workloads and get visibility into their networks — all areas where Isovalent/Cilium can help.

The team tells me its focus, now that the product is out of stealth, is about building out its go-to-market efforts and, of course, continue to build out its platform.

Three Key Challenges for Cloud Security in a World Changed by COVID-19

Coronavirus 2019 (COVID-19) has had an effect on organizations’ cloud adoption plans. In its 2020 State of the Cloud Report, for instance, Flexera found that the pandemic had altered the strategies of a subset of survey respondents’ employers. More than half of that group said that their cloud usage would be higher than initially planned because of the growing demands posed by remote work. Other respondents said that their organizations might accelerate their migration plans given difficulties in accessing traditional data centers and delays in their supply chains.

That’s a worry, as most organizations that have migrated to the cloud are already struggling with security concerns. In Cybersecurity Insiders’ 2020 Cloud Security Report, 75 percent of respondents said that they were either “very concerned” or “extremely concerned” about public cloud security. Continuity Central reported that security in the cloud is even more challenging seeing how 68% of respondents said that their employers used two or more different public cloud providers. This means that security teams need to use multiple native tools to try to enforce security across their employers’ cloud infrastructure.

These results beg some important questions. For instance, why are organizations having such a difficult time securing their cloud environments? And what challenges stand in their way?

This blog post highlights three challenges that organizations commonly face when it comes to securing their cloud environments: misconfiguration, limited visibility and unprotected cloud runtime environments. After a brief discussion of each, we provide recommendations on how organizations can address these challenges and enhance their cloud security.

1. Cloud & Container Misconfiguration

A cloud misconfiguration is when an administrator inadvertently deploys settings for a cloud system that don’t align with the organization’s security policies. The risk here is that a misconfiguration could jeopardize the security of the organization’s cloud-based data depending on which asset or system is affected. Dark Reading explains that a malicious actor could leverage compromised credentials or a software vulnerability in their environment to ultimately spread to other areas of a victim’s environment:

… [T]hey leverage privileges within the compromised node to access other nodes remotely, probe for improperly secured apps and databases, or simply abuse weak network controls. They can then exfiltrate your data while remaining under the radar by copying data to an anonymous node on the Web or creating a storage gateway to access data from a remote location.

Misconfiguration can be difficult to spot. Even more significantly, threat actors use automation to probe organizations’ cloud defenses even as the majority of enterprises are stuck with manual methods of managing their cloud configurations.

This threat isn’t theoretical, either. In its 2020 Cloud Misconfigurations Report, DivvyCloud found that 196 publicly reported data breaches caused primarily by cloud misconfigurations had occurred between 2018 and 2019. Those incidents exposed a combined total of more than 33 billion records and collectively cost victim organizations $5 trillion.

2. Limited Network Visibility

Visibility of a network implies that an organization knows what is going on in that network. That includes what hardware and software is connected to the network and what network events are transpiring. In the absence of network visibility, however, an organization is blind to potential digital threats such as attackers using a misconfiguration incident to infiltrate the network, installing malware and/or moving laterally to sensitive data.

Achieving comprehensive visibility in the cloud isn’t always easy, however. As noted by Help Net Security, administrators cannot access their environment’s net flows as easily as they could in a data center via a switch or firewall. That’s because they don’t have direct access to the cloud infrastructure provided by their CSP. Instead, they need to go through their CSP’s list of offerings. Those tools may or may not contain tools that provide valuable (or complete) insight into which devices are connecting to one another.

That’s not the only visibility difference between the cloud and traditional data centers. Help Net Security notes that compute resources are segmented by default. This means that administrators sometimes need more data points than just an IP address to keep track of their cloud-based entities. It also requires that administrators use roles and policies to enable particular connections to happen instead of relying on firewalls to disallow certain connection attempts.

3. Unprotected Cloud Runtime Environments

Besides misconfiguration and poor visibility, there’s the issue of the runtime environment. Left unprotected, cloud runtime environments grant malicious actors plenty of opportunities through which they can prey upon an organization. For instance, they can exploit vulnerabilities within the organization’s own code or within the software packages used by an application that is executed in the runtime environment to infiltrate the network.

The first issue with securing cloud runtime environments is that organizations sometimes either do not know what their responsibilities are in the cloud or have difficulty managing them. Organizations with assets in the public cloud hold shared responsibility for cloud security with the CSP. The former is responsible for security “in” the cloud, while the latter is charged with ensuring security “of” the cloud. Sometimes organizations do not understand what this shared responsibility model entails or else they struggle with executing those responsibilities, meaning they could fail to harden their cloud security and/or not implement measures available from the CSP.

There is also the problem with understanding what types of security tools work for the cloud. The tools, methods, and skills which secure on-prem IT often fall flat in the cloud, where visibility is challenged, the perimeter ethereal, and the speed of innovation far beyond manual methods. On top of this, the rush from on-prem to cloud has spawned a large number of point-specific solutions, often with overlapping functions, which have unnecessarily complicated the job of security cloud instances. In some case, organizations may think they can apply their legacy AV solutions to cover their cloud systems and data, but these solutions fail to address threats that commonly target cloud workloads.

How to Address These Threats

While the future is uncertain, the playbook for securing cloud workloads is relatively straightforward. In order to help address misconfiguration, organizations can follow Gartner’s Market Guide for Cloud Workload Protection Platforms and use secure configuration management to establish a baseline for assets connected to the network, monitor those assets for deviations from that baseline and return their assets to an approved baseline in the event a deviation occurs. Moreover, organizations require automated defense measures in order to protect their systems against automated attacks that could abuse a misconfiguration or other security vulnerability.

Automated Application Control for Cloud Workloads
Protect cloud-native workloads with advanced lockdown capabilities that guarantee the immutable state of containerized workloads.

As for network visibility, it is essential to be aware of not only what is on your network but also which assets remain unprotected. This can be achieved through asset discovery tools such as SentinelOne’s Ranger technology, which can provide device discovery and rogue device isolation across the network by leveraging protected endpoints as sensors without adding resource overhead or requiring extra hardware.

Finally, organizations can safeguard the cloud runtime environment by proactively resolving digital threats in real time with runtime protection and EDR for containerized workloads. This can include tools like an Application Control Engine, which lock down a container and protect it against unauthorized installation and abuse of attacker tools, regardless of whether those are legitimage LOLBins or custom-built malware.

Learn how SentinelOne’s platform can help your organization address these and other security challenges in their ongoing efforts to embrace the cloud.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

What we’ve learned about working from home 7 months into the pandemic

When large parts of the world were shutting down in March, we really didn’t know how we would move massive numbers of employees used to working in the office to work from home.

In early March, I wrote a piece on how to prepare for such an eventuality, speaking to several experts who had a background in the software and other tooling that would be involved. But the shift involved so much more than the mechanics of working at home. We were making this transition during a pandemic that was forcing us to deal with a much broader set of issues in our lives.

Yet here we are seven months later, and surely we must have learned some lessons along the way about working from home effectively, but what do these lessons look like and how can we make the most of this working approach for however long this pandemic lasts?

I spoke to Karen Mangia, vice president of customer and market insights at Salesforce and author of the book, Working from Home, Making the New Normal Work for You, to get her perspective on what working from home looks like as we enter our eighth month and what we’ve learned along the way.

Staying productive

As employees moved home in March, managers had to wonder how productive employees would be without being in the office. While many companies had flexible approaches to work, this usually involved some small percentage of employees working from home, not the entire workforce, and that presented challenges to management used to judging employee performance based for the most part on being in the building during the work day.

One of the things that we looked at in March was putting the correct tools in place to enable communication even when we weren’t together. Mangia says that those tools can help close what she calls the trust gap.

“Leaders want to know that their employees are working on what’s expected and delivering outcomes. Employees want to make sure their managers know how hard they’re working and that they’re getting things done. And the technology and tools I think help us solve for that trust gap in the middle,” she explained.

She believes the biggest thing that individuals can do at the moment is to simply reassess and look for small ways to improve your work life because we are probably not going to be returning to the office anytime soon. “I think what we’re discovering is the things that we can put in place to improve the quality of our own experiences as employees, as learners and as leaders can be very simple adjustments. This does not have to be a five year, five phase, $5 million roadmap kind of a situation. Simple adjustments matter,” she said, adding that could be measures as basic as purchasing a comfortable chair because the one you’ve been using at the dining room table is hurting your back.

Tim Berners Lee’s startup Inrupt releases Solid privacy platform for enterprises

Inrupt, the startup from World Wide Web founder Tim Berners-Lee, announced an enterprise version of the Solid privacy platform today, which allows large organizations and governments to build applications that put users in control of their data.

Berners-Lee has always believed that the web should be free and open, but large organizations have grown up over the last 20 years that make their money using our data. He wanted to put people back in charge of their data, and the Solid open source project, developed at MIT, was the first step in that process.

Three years ago he launched Inrupt, a startup built on top of the open source project, and hired John Bruce to run the company. The two shared the same vision of shifting data ownership without changing the way websites get developed. With Solid, developers use the same standards and methods of building sites, and these applications will work in any browser. What Solid aims to do is alter the balance of data power and redirect it to the user.

“Fast forward to today, and we’re releasing the first significant technology as the fruits of our labor, which is an enterprise version of Solid to be deployed at scale by large organizations,” Bruce explained.

The core idea behind this approach is that users control their data in online storage entities called Personal Online Data Stores or Pods for short. The enterprise version consists of Solid Server to manage the Pods, and developers can build applications using an SDK to take advantage of the Pods and access the data they need to do a particular job like pay taxes or interact with a healthcare provider. Bruce points out that the enterprise version is fully compatible with the open source Solid project specifications.

The company has been working with some major organizations prior to today’s release including the BBC and National Health Service in the UK and the Government of Flanders in Belgium as they have been working to bring this to market.

To give you a sense of how this works, the National Health Service has been building an application for patients interacting with them, who using Solid can control their health data. “Patients will be able to permit doctors, family or at-home caregivers to read certain data from their Solid Pods, and add caretaking notes or observations that doctors can then read in order to improve patient care,” the company explained.

The difference between this and more conventional web or phone apps is that it is up to the user who can access this information and the application owner has to ask the user for permission and the user has to explicitly grant it and under what conditions.

The startup launched in 2017 and has raised about $20 million so far. Bruce and Berners-Lee understand that for this to take root, it has to be easy to use, be standards-based and and have the capacity to handle massive scale. Anyone can download and use the open source version of Solid, but by having an enterprise version, it gives large organizations like the ones they have been working with the support, security and scale that these companies require.

Cellwize raises $32M to help carriers and their partners adopt and run 5G services

As 5G slowly moves from being a theoretical to an active part of the coverage map for the mobile industry — if not for consumers themselves — companies that are helping carriers make the migration less painful and less costly are seeing a boost of attention.

In the latest development, Cellwize, a startup that’s built a platform to automate and optimize data for carriers to run 5G networks within multi-vendor environments, has raised $32 million — funding that it will use to continue expanding its business into more geographies and investing in R&D to bring more capabilities to its flagship CHIME platform.

The funding is notable because of the list of strategic companies doing the investing, as well as because of the amount of traction that Cellwize has had to date.

The Series B round is being co-led Intel Capital and Qualcomm Ventures LLC, and Verizon Ventures (which is part of Verizon, which also owns TechCrunch by way of Verizon Media) and Samsung Next, with existing shareholders also participating. That list includes Deutsche Telekom and Sonae, a Portuguese conglomerate that owns multiple brands in retail, financial services, telecoms and more.

That backing underscores Cellwize’s growth. The company — which is based in Israel with operations also in Dallas and Singapore — says it currently provides services to some 40 carriers (including Verizon, Telefonica and more), covering 16 countries, 3 million cell sites, and 800 million subscribers.

Cellwize is not disclosing its valuation but it has raised $56.5 million from investors to date.

5G holds a lot of promise for carriers, their vendors, handset makers and others in the mobile ecosystem: the belief is that faster and more efficient speeds for wireless data will unlock a new wave of services and usage and revenues from services for consumers and business, covering not just people but IoT networks, too.

Notwithstanding the concerns some have had with health risks, despite much of that theory being debunked over the years, one of the technical issues with 5G has been implementing it.

Migrating can be costly and laborious, not least because carriers need to deploy more equipment at closer distances, and because they will likely be running hybrid systems in the Radio Access Network (RAN, which controls how devices interface with carriers’ networks); and they will be managing legacy networks (eg, 2G, 3G, 4G, LTE) alongside 5G, and working with multiple vendors within 5G itself.

Cellwize positions its CHIME platform — which works as an all-in-one tool that leverages AI and other tech in the cloud, and covers configuring new 5G networks, optimizing and monitoring data on them, and also providing APIs for third-party developers to integrate with it — as the bridge to letting carriers operate in the more open-shop approach that marks the move to 5G.

“While large companies have traditionally been more dominant in the RAN market, 5G is changing the landscape for how the entire mobile industry operates,” said Ofir Zemer, Cellwize’s CEO. “These traditional vendors usually offer solutions which plug into their own equipment, while not allowing third parties to connect, and this creates a closed and limited ecosystem. [But] the large operators also are not interested in being tied to one vendor: not technology-wise and not on the business side – as they identify this as an inhibitor to their own innovation.”

Cellwize provides an open platform that allows a carrier to plan, deploy and manage the RAN in that kind of multi-vendor ecosystem. “We have seen an extremely high demand for our solution and as 5G rollouts continue to increase globally, we expect the demand for our product will only continue to grow,” he added.

Previously, Zemer said that carriers would build their own products internally to manage data in the RAN, but these “struggle to support 5G.”

The competition element is not just lip service: the fact that both Intel and Qualcomm — competitors in key respects — are investing in this round underscores how Cellwize sees itself as a kind of Switzerland in mobile architecture. It also underscores that both view easy and deep integrations with its tech as something worth backing, given the priorities of each of their carrier customers.

“Over the last decade, Intel technologies have been instrumental in enabling the communications industry to transform networks with an agile and scalable infrastructure,” said David Flanagan, VP and senior MD at Intel Capital, in a statement. “With the challenges in managing the high complexity of radio access networks, we are encouraged by the opportunity in front of Cellwize to explore ways to utilize their AI-based automation capabilities as Intel brings the benefits of cloud architectures to service provider and private networks.”

“Qualcomm is at the forefront of 5G expansion, creating a robust ecosystem of technologies that will usher in the new era of connectivity,” added Merav Weinryb, Senior Director of Qualcomm Israel Ltd. and MD of Qualcomm Ventures Israel and Europe. “As a leader in RAN automation and orchestration, Cellwize plays an important role in 5G deployment. We are excited to support Cellwize through the Qualcomm Ventures’ 5G global ecosystem fund as they scale and expedite 5G adoption worldwide.”

And that is the key point. Right now there are precious few 5G deployments, and sometimes, when you read some the less shiny reports of 5G rollouts, you might be forgiven for feeling like it’s more marketing than reality at this point. But Zemer — who is not a co-founder (both of them have left the company) but has been with it since 2013, almost from the start — is sitting in on the meetings with carriers, and he believes that it won’t be long before all that tips.

“Within the next five years, approximately 75% of mobile connections will be powered by 5G, and 2.6 billion 5G mobile subscriptions will be serving 65% of the world’s population,” he said. “While 5G technology holds a tremendous amount of promise, the reality is that it is also hyper-complex, comprised of multiple technologies, architectures, bands, layers, and RAN/vRAN players. We are working with network operators around the world to help them overcome the challenges of rolling out and managing these next generation networks, by automating their entire RAN processes, allowing them to successfully deliver 5G to their customers.”

Qumulo update adds NvME caching for more efficient use of flash storage

Qumulo, the Seattle-based data storage startup, announced a bunch of updates today including support for NvME caching, an approach that should enable customers to access faster flash storage at a lower price point.

NvME flash storage development is evolving quickly, driving down the price with higher performance, a win-win situation for large data producers, but it’s still more expensive than traditional drives. Qumulo CEO Bill Richter pointed out that the software still has to take advantage of these changing flash storage dynamics.

To that end, the company claims with its new NvME caching capability, it is giving customers the ability to access faster flash storage for the same price as spinning disks by optimizing the software to more intelligently manage data on its platform and take advantage of the higher performance storage.

The company is also announcing the ability to dynamically scale using the latest technologies such as chips, memory and storage in an automated way. Further, it’s providing automated data encryption at no additional charge and new instant updates, which it says can be implemented without any down time. Finally, it has introduced a new interface to make it easier for customers to move their data from on premises data storage to Amazon S3.

Richter says that the company’s mission has always been about creating, managing and consuming massive amounts of file-based data. As the pandemic has taken hold, more companies are moving their data and applications to the cloud.

“The major secular trends that underpin Qumulo’s mission — the massive amount of file-based content, and the use of cloud computing to solve the content challenge, have both accelerated during the pandemic and we have received really clear signs of that,” he said.

Qumulo was founded back in 2012 and has raised $351 million. Its most recent raise was a hefty $125 million last July on a valuation over $1.2 billion.

Body Found in Canada Identified as Neo-Nazi Spam King

The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named Jesse James.

Davis Wolfgang Hawke. Image: Spam Kings, by Brian McWilliams.

But according to a report from CTV News, at a press conference late last month authorities said new DNA evidence linked to a missing persons investigation has confirmed the man’s true identity as Davis Wolfgang Hawke.

A key subject of the book Spam Kings by Brian McWilliams, Hawke was a Jewish-born American who’d legally changed his name from Andrew Britt Greenbaum. For many years, Hawke was a big time purveyor of spam emails hawking pornography and male enhancement supplements, such as herbal Viagra.

Hawke had reportedly bragged about the money he earned from spam, but told friends he didn’t trust banks and decided to convert his earnings into gold and platinum bars. That sparked rumors that he had possibly buried his ill-gotten gains on his parents’ Massachusetts property.

In 2005, AOL won a $12.8 million lawsuit against him for relentlessly spamming its users. A year later, AOL won a court judgment authorizing them to dig on that property, although no precious metals were ever found.

More recently, Hawke’s Jesse James identity penned a book called Psychology of Seduction, which claimed to merge the “shady world of the pickup artist with modern science, unraveling the mystery of attraction using evolutionary biology and examining seduction through the lens of social and evolutionary psychology.”

The book’s “about the author” page said James was a “disruptive technology pioneer” who was into rock climbing and was a resident of Squamish. It also claimed James held a PhD in theoretical physics from Stanford, and that he was an officer in the Israeli Defense Force.

It might be difficult to fathom why, but Hawke may have made a few enemies over the years. Spam Kings author McWilliams notes that Hawke changed his name with regularity and used many pseudonyms.

“I could definitely see this guy making someone so mad at him they’d want to kill him,” McWilliams told CTV. “He was a guy who really pushed people that way and was a crook. I mean, he was a conman. That was what he was and I can see how somebody might get mad. I can also see him staging his own death or committing suicide in a fashion like that, if that’s what he chose to do. He was just a perplexing guy. I still don’t feel like I have a handle on him and I spent the better part of a year trying to figure out what made him tick.”

The father of the deceased, Hy Greenbaum, has offered a $10,000 reward to any tipster who can help solve his son’s homicide. British Columbia’s Integrated Homicide Investigation Team also is seeking clues, and can be reached at ihitinfo@rcmp-grc.gc.ca.

The Good, the Bad and the Ugly in Cybersecurity – Week 45

The Good

While all eyes have been on the U.S. this week and the hotly contested election, some rare good cyber security news came out of Russia, as the Ministry of Internal Affairs there reportedly arrested a malware developer known only by the handle “1ms0rry”.

The unnamed 20 year-old male had the misfortune to cross a red line that most other cyber criminals have learned to steer clear of: allowing his malware to infect computer users across Russia, netting profits in the region of 4.3 million rubles (around $55,000) from over 2000 of his compatriots.

Reports suggest the hacker was involved with a trojan/cryptocurrency miner called 1ms0rry-Miner, as well as the LoaderBot and N0f1l3 trojan and infostealers. His code has also been identified as source for several other more powerful malware strains including Bumblebee, FelixHTTP, EnlightenedHTTP and Evrial, a MaaS (malware-as-a-service) capable of stealing cryptocurrency wallet addresses and other credentials from Windows passwords.

While it’s lamentable that Russian authorities turn a blind-eye to home-grown hackers wantonly attacking non-Russian targets, it’s good to see another malware developer nabbed for whatever reason. Let’s just hope he’s not back on the cyber streets too soon with a better understanding of how to determine language preferences in his code.

The Bad

Resident Evil developers Capcom were hit by a Ragnar Locker ransomware attack on Monday, according to reports, resulting in the theft of around 1TB of Capcom data.

In common with other “leak-and-lock” ransomware operations, the threat actors are threatening to release a smorgasbord of IP and private sensitive data if the company fails to pay up. This ranges from financial documents and client and employee PII, such as passports and visas, to business contracts and private corporate emails and messenger conversations.

Reports suggest the ransomware has encrypted at least 2000 devices and that the attackers are demanding a hefty $11 million ransom in bitcoins.

The attack comes just a day after Ragnar Locker ransomware also hit drinks vendor Campari with a similar demand for $15 million in ransom.

In both cases, the attackers have leaked samples of the stolen data on their own “temporary Leak page”, a darknet website set up to “show examples and proofs of penetration” to incentivize payment. True to form, they have promised to sell the data to “third parties” if the victims refuse to pay up. At this time, there is no indication that either Capcom or Campari are cooperating with the threat actors.

The Ugly

Misconfiguration of cloud assets is a known security headache for companies transitioning to the cloud, and it doesn’t get any better when attempts to keep things like encrypted passwords safe are undermined by using flawed hashing algorithms like md5. Such are the painful lessons being learned this week by GrowDiaries, an online community of cannabis growers that plugs itself as “100% anonymous and secure”.

Trouble began with two unsecured Kibana apps. Kibana is a charting tool for Elasticsearch and provides a user interface for monitoring, managing and securing an Elastic Stack cluster. Unfortunately, admins for GrowDiaries appear to have left two instances of Kibana apps exposed without passwords since September, potentially allowing hackers access to around 3.4 million user records and passwords.

Worryingly for some GrowDiaries users, it appears from some of the IP addresses exposed that they are resident in countries where growing marijuana is illegal. While the company did secure the data on October 15th, five days after being alerted by cyber security researcher Bob Diachenko, it appears that the data may have been exposed since at least September 22.

It is not known at this point in time whether the data was accessed by malicious parties, but GrowDiaries users should urgently change their passwords as md5 hashes are crackable. Diachenko also notes that members of the community should be aware of targeted phishing attacks as well as account takeovers, as cracked passwords can be used in credential stuffing attacks on user’s other accounts.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security