Two Charged in SIM Swapping, Vishing Scams

/0 Comments/in /by

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information.

Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “vishing” attacks and “SIM swapping,” a form of fraud that involves bribing or tricking employees at mobile phone companies.

Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

According to the indictment (PDF), Milleson and Bryan used their phished access to wireless company employee tools to reassign the subscriber identity module (SIM) tied to a target’s mobile device. A SIM card is a small, removable smart chip in mobile phones that links the device to the customer’s phone number, and their purloined access to employee tools meant they could reassign any customer’s phone number to a SIM card in a mobile device they controlled.

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers.

Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men. Prosecutors say on June 26, 2019, “Bryan called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence.”

“During the call, Bryan, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him,” reads a statement from the U.S. Attorney’s Office for the District of Maryland. “The call was a ‘swatting’ attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response — thereby causing a life-threatening situation.”

The indictment alleges Bryan swatted his alleged partner in retaliation for Milleson failing to share the proceeds of a digital currency theft. Milleson and Bryan are facing charges of wire fraud, unauthorized access to protected computers, aggravated identity theft and wire fraud conspiracy.

The indictment doesn’t specify the wireless companies targeted by the phishing and vishing schemes, but sources close to the investigation tell KrebsOnSecurity the two men were active members of OGusers, an online forum that caters to people selling access to hijacked social media accounts.

Bryan allegedly used the nickname “Champagne” on OGusers. On at least two occasions in the past few years, the OGusers forum was hacked and its user database — including private messages between forum members — were posted online. In a private message dated Nov. 15, 2019, Champagne can be seen asking another OGusers member to create a phishing site mimicking T-Mobile’s employee login page (t-mobileupdates[.]com).

Sources tell KrebsOnSecurity the two men are part of a larger conspiracy involving individuals from the United States and United Kingdom who’ve used vishing and phishing to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks.

Leena AI nabs $8M Series A as it expands from chatbots to HR service platform

/0 Comments/in /by

When we covered Leena AI as a member of the Y Combinator Summer 2018 cohort, the young startup was firmly focused on building HR chatbots, but in the intervening years it has expanded the vision to a broader HR policy platform. Today, the company announced an $8 million Series A led by Greycroft with help from several individual industry investors.

Company CEO and co-founder Adit Jain says that in 2018 the company was concentrating on building an intelligent virtual assistant for HR-related questions. It allowed employees to ask the bot questions like how many vacation days they have left or what holidays they have off this year.

Over the last couple of years since leaving Y Combinator, the company has moved into broader HR service delivery. “So I’m talking about having an intelligent case management, knowledge management and document management system, which is backing the virtual assistant as well,” Jain explained.

He says that users should think of it as an entire system where the chatbot is the user interface for employees to interact with the HR information on the back end. For example, he says that the knowledge management component is where the chatbots find the answers to questions, and as employees interact with the chatbot, it grows more intelligent based on the feedback from them.

The document management piece enables HR to write or import HR policies and the case management system comes into play when the situation is too complex for the chatbot to handle and it has to be escalated to a human HR representative.

Leena AI builds HR chatbots to answer policy questions automatically

When we spoke to Jain in September 2018 at the time of his startup’s $2 million seed round, he had 16 customers and hoped to have 50 in the next 12-18 months. Today the company has 100 enterprise customers with 300,000 employees using the platform worldwide.

In fact, the pandemic has fueled business with more than half of those customers coming on board this year. He says this is because companies are looking for ways to digitize processes like HR as employees are working from home more.

“This is a trend that’s going to continue as organizations have realized the value of doing things with more and more digital applications taking care of your processes […] especially mundane, repeatable tasks being handed over to technology more and more,” Jain said.

As the business has grown this year, the company has expanded from 30 to 75 employees and he hopes to double that number in the next year. As he does, he has discussed with his lead investor how to build a diverse and inclusive culture at Leena AI .

One thing he is trying to do is raise some money from a diverse group of investors, approximately $400,000, and his hope is that these diverse investors can help him build solid diversity programs as he adds employees to his growing company.

That the startup hasn’t only grown during these turbulent times, but thrived, shows that companies are looking to modernize every part of the enterprise technology stack, and that includes HR.

Fresh out of Y Combinator, Leena AI scores $2M seed round

Email creation startup Stensul raises $16M

/0 Comments/in /by

Stensul, a startup aiming to streamline the process of building marketing emails, has raised $16 million in Series B funding.

When the company raised its $7 million Series A two years ago, founder and CEO Noah Dinkin told me about how it spun out of his previous startup, FanBridge. And while there are many products focused on email delivery, he said Stensul is focused on the email creation process.

Dinkin made many similar points when we discussed the Series B last week. He said that for many teams, creating a marketing email can take weeks. With Stensul, that process can be reduced to just two hours, with marketers able to create the email on their own, without asking developers for help. Things like brand guidelines are already built in, and it’s easy to get feedback and approval from executives and other teams.

Dinkin also noted that while the big marketing clouds all include “some kind of email builder, it’s not their center of gravity.”

He added, “What we tell folks [is that] literally over half the company is engineers, and they are only working on email creation.”

Stensul

Image Credits: Stensul

The team has recently grown to more than 100 employees, with new customers like Capital One, ASICS Digital, Greenhouse, Samsung, AppDynamics, Kroger and Clover Health. New features include an integration with work management platform Workfront.

Plus, with other marketing channels paused or diminished during the pandemic, Dinkin said that email has only become more important, with the old, time-intensive process becoming more and more of a burden.

“We need more emails — whether that’s more versions or more segments or more languages, the requests are through the roof,” he said. “The teams are the same size … and so that’s where especially the leaders of these organizations have looked inward a lot more. The ways that they have been doing it for years or decades just doesn’t work anymore and prevents them from being competitive in the marketplace.”

The new round was led by USVP, with participation from Capital One Ventures, Peak State Ventures, plus existing investors Javelin Venture Partners, Uncork Capital, First Round Capital and Lowercase Capital . Individual investors include Okta co-founder and COO Frederic Kerrest, Okta CMO Ryan Carlson, former Marketo/Adobe executive Aaron Bird, Avid Larizadeh Duggan, Gary Swart and Talend CMO Lauren Vaccarello.

Dinkin said the money will allow Stensul to expand its marketing, product, engineering and sales teams.

“We originally thought: Everybody who sends email should have an email creation platform,” he said. “And ‘everyone who sends email’ is synonymous with ‘every company in the world.’ We’ve just seen that accelerate in that last few years.”

How to get people to open your emails

Twilio wraps $3.2B purchase of Segment after warp-speed courtship

/0 Comments/in /by

It was barely a month ago we began hearing rumors that Twilio was interested in acquiring Segment. The $3.2 billion deal was officially announced three weeks ago, and this morning the communications API company announced that the deal had closed, astonishingly fast for an acquisition of this size.

While we can’t know for sure, the speed with which the deal closed could suggest that it was in the works longer than we had known, and when we began hearing rumors of the acquisition, it could have already been signed, sealed and delivered. In addition, the fact that Twilio CEO Jeff Lawson and Segment CEO Peter Reinhardt knew one another before coming to terms might have helped accelerate the process.

Twilio confirms it is buying Segment for $3.2B in an all-stock deal

Regardless, the two companies are a nice fit. Both deal with the API economy, providing a set of tools to help developers easily add a particular set of functions to their applications. For Twilio, that’s a set of communications APIs, while Segment focuses on customer data.

When you pull the two sets of tooling together, and combine that with Twilio’s 2018 SendGrid acquisition, you can see the possibility to build more complete applications for interacting with customers at every level, including basic communications like video, SMS and audio from Twilio, as well as customer data from Segment and customized emails and ads based on those interactions from SendGrid.

As companies increasingly focus on digital engagement, especially in the midst of a pandemic, Twilio’s Lawson believes the biggest roadblock to this type of engagement has been that data has been locked in silos, precisely the kind of problem that Segment has been attacking.

“With the addition of Segment, Twilio’s Customer Engagement Platform now enables companies to both understand their customer and engage with them digitally — the combination is key to building great digital experiences,” Lawson said in a statement.

In a recent post looking at the reasoning behind the deal, Brent Leary, founder and principal analyst at CRM Essentials, saw it this way: “This move allows Twilio to impact the data-insight-interaction-experience transformation process by removing friction from developers using their platform,” Leary explained.

With the deal closed, Segment will become a division of Twilio. Reinhardt will continue to be CEO, and will report directly to Lawson.

Twilio’s $3.2B Segment acquisition is about helping developers build data-fueled apps

Coupa Software snags Llamasoft for $1.5B to bring together spending and supply chain data

/0 Comments/in /by

Coupa Software, a publicly traded company that helps large corporations manage spending, announced that it was buying Llamasoft, an 18-year-old Michigan company that helps large companies manage their supply chain. The deal was pegged at $1.5 billion.

This year Llamasoft released its latest tool, an AI-driven platform for managing supply chains intelligently. This capability in particular seemed to attract Coupa’s attention, as it was looking for a supply chain application to complement its spend management capabilities.

Coupa CEO and chairman Rob Bernshteyn says when you combine that supply chain data with Coupa’s spending data, it can produce a powerful combination.

“Llamasoft’s deep supply chain expertise and sophisticated data science and modeling capabilities, combined with the roughly $2 trillion of cumulative transactional spend data we have in Coupa, will empower businesses with the intelligence needed to pivot on a dime,” Bernshteyn said in a statement.

Free tool helps manufacturers map where COVID-19 impacts supply chain

The purchase comes at a time when companies are focusing more and more on digitizing processes across enterprise, and when supply chains can be uncertain, depending on the location of COVID hotspots at any particular time.

“With demand uncertainty on one hand, and supply volatility on the other, companies are in need of supply chain technology that can help them assess alternatives and balance trade-offs to achieve desired business results. LLamasoft provides these capabilities with an AI-powered cloud platform that empowers companies to make smarter supply chain decisions, faster,” the company wrote in a statement.

Llamasoft was founded in 2002 in Ann Arbor, Michigan and has raised more than $56 million, according to Crunchbase data. Its largest raise was a $50 million Series B in 2015 led by Goldman Sachs .

The company generated more than $100 million in revenue and has 650 big customers, including Boeing, DHL, Kimberly-Clark and GM, according to company data.

Coupa has been extremely acquisitive over the years, buying 17 companies, according to Crunchbase data. This deal represents the fourth acquisition this year for the company. So far the stock market is not enamored with the acquisition; the company’s stock price is down 5.20% at publication.

Customer experience and digital transformation concepts are merging during the pandemic

AWS launches its next-gen GPU instances

/0 Comments/in /by

AWS today announced the launch of its newest GPU-equipped instances. Dubbed P4, these new instances are launching a decade after AWS launched its first set of Cluster GPU instances. This new generation is powered by Intel Cascade Lake processors and eight of Nvidia’s A100 Tensor Core GPUs. These instances, AWS promises, offer up to 2.5x the deep learning performance of the previous generation — and training a comparable model should be about 60% cheaper with these new instances.

Image Credits: AWS

For now, there is only one size available, the p4d.12xlarge instance, in AWS slang, and the eight A100 GPUs are connected over Nvidia’s NVLink communication interface and offer support for the company’s GPUDirect interface as well.

With 320 GB of high-bandwidth GPU memory and 400 Gbps networking, this is obviously a very powerful machine. Add to that the 96 CPU cores, 1.1 TB of system memory and 8 TB of SSD storage and it’s maybe no surprise that the on-demand price is $32.77 per hour (though that price goes down to less than $20/hour for one-year reserved instances and $11.57 for three-year reserved instances.

Image Credits: AWS

On the extreme end, you can combine 4,000 or more GPUs into an EC2 UltraCluster, as AWS calls these machines, for high-performance computing workloads at what is essentially a supercomputer-scale machine. Given the price, you’re not likely to spin up one of these clusters to train your model for your toy app anytime soon, but AWS has already been working with a number of enterprise customers to test these instances and clusters, including Toyota Research Institute, GE Healthcare and Aon.

“At [Toyota Research Institute], we’re working to build a future where everyone has the freedom to move,” said Mike Garrison, Technical Lead, Infrastructure Engineering at TRI. “The previous generation P3 instances helped us reduce our time to train machine learning models from days to hours and we are looking forward to utilizing P4d instances, as the additional GPU memory and more efficient float formats will allow our machine learning team to train with more complex models at an even faster speed.”

Nvidia begins shipping the A100, its first Ampere-based data center GPU

Udacity raises $75M in debt, says its tech education business is profitable after enterprise pivot

/0 Comments/in /by

Online education tools continue to see a surge of interest boosted by major changes in work and learning practices in the midst of a global health pandemic. And today, one of the early pioneers of the medium is announcing some funding as it tips into profitability on the back of a pivot to enterprise services, targeting businesses and governments who are looking to upskill workers to give them tech expertise more relevant to modern demands.

Udacity, which provides online courses and popularized the concept of “nanodegrees” in tech-related subjects like artificial intelligence, programming, autonomous driving and cloud computing, has secured $75 million in the form of a debt facility. The funding will be used to continue investing in its platform to target more business customers.

Udacity said that part of the business is growing fast, with Q3 bookings up by 120% year-over-year and average run rates up 260% in H1 2020.

Udacity said that customers in the segment include “five of the world’s top seven aerospace companies, three of the Big Four professional services firms, the world’s leading pharmaceutical company, Egypt’s Information Technology Industry Development Agency, and three of the four branches of the United States Department of Defense”, which work with Udacity to build tailor-made courses for their specific needs, as well as use off-the-shelf content from its catalogue.

Udacity also works with companies to build programs as part of their CSR remits, and with tech companies like Microsoft to build programs to get more developers using their tools.

“We’re seeing tremendous demand on the enterprise and government side,” said Gabe Dalporto, Udacity’s CEO who joined the company in 2019. “But to date it’s mostly been inbound, with enterprises, Fortune 500 companies and government organizations coming in and wanting to work with us. Now it’s time to build out a sales team to go after them.”

The news today is a welcome turn of events for a company that has been in the spotlight over the years for less rosy reasons, partly because it found it challenging to land on a profitable business model.

Founded nearly a decade ago by three robotics specialists including Sebastian Thrun, the Stanford professor who at the time was instrumental in building and running Google’s self-driving car and larger moonshot programs, Udacity initially saw an opportunity to partner with colleges and universities to build online tech courses (Thrun’s academic standing, and the vogue for MOOCs, were possibly two fillips for that strategy).

After that proved to be too challenging and costly, Udacity pivoted to positioning itself as a vocational learning provider targeting adults, specifically those who didn’t have the hours or money to embark on full-time courses but wanted to learn tech skills that could help them land better jobs.

That resulted in some substantial user growth, but still no profit. Eventually, the company faced multiple rounds of layoffs as it restructured and gravitated closer to its current form.

Currently, the company still provides direct-to-consumer (direct-to-learner?) courses, but it won’t be long, Dalporto said, before enterprise and government customers account for about 80% of the company’s business.

Previously, Udacity had raised nearly $170 million from a pretty illustrious group of investors that include Andreessen Horowitz, Ballie Gifford, CRV, Emerson Collective and more. This latest tranche is coming in the form of a debt facility from a single company, Hercules Capital.

Dalporto said the decision to take the debt route came after initially getting a number of term sheets for an equity round.

“We had multiple term sheets on the equity side, but then we received an unsolicited debt term sheet unsolicited,” he said. That led to the company modelling out the cost of capital and dilution, he said, and “it turned out it was the better option.” For now, he added, equity was “off the table” but it may consider revisiting the idea en route to a public listing. “For the foreseeable future, we are cash flow positive so there is no compelling reason right now, but we might do something closer to an IPO.”

Being a debt facility, this funding does not mean a revisiting of Udacity’s valuation. The company was last capitalized five years ago at $1 billion, but Dalporto would not comment on how that had changed in the (uncompleted) equity term sheets it had received.

Education is in session

The interest Udacity is seeing — both from investors and as a company — is part of the bigger spotlight that online education companies have had in the last year. In K-12 and university education, the focus has been on building better technology and content to help students stay engaged and continue learning even when they cannot be in their normal physical classrooms as schools, districts, governments and public health officials implement social distancing to slow the spread of COVID-19.

But that’s not the only classroom where online education is getting called on. In the world of business, organizations that have also gone remote because of the pandemic are facing a matrix of challenges. How can they keep employees productive and feeling like part of a team when they no longer work next to each other? How do they make sure their workforces have the skills they need to work in the new environment? How do they make sure their own businesses are equipped with the right technology, and the expertise of people to run it, for this latest and future iterations of “work”? And how can governments make sure their economies don’t fall off a cliff as a result of the pandemic?

Online education has been seen as something of a panacea for all of these questions, and that has spelled a lot of opportunity for tech companies building online learning tools and other infrastructure — with others including the likes of Coursera, LinkedIn, Pluralsight, Treehouse and Springboard in the area of tech-related courses and learning platforms for workers.

As with other market segments like e-commerce, this isn’t about a trend emerging out of the blue, but about it accelerating much faster than people projected it would.

“Given Udacity’s growth, focus on sustainable business practices, and expanding reach across multiple industries, we are excited to provide this investment. We look forward to working with the company to help them sustain their impressive global growth, and continued innovation in upskilling and reskilling,” said Steve Kuo, Senior MD and Technology Group Head at Hercules Capital, in a statement.

In the areas of enterprise and government, Dalporto described a number of scenarios where Udacity is already active, which are natural progressions of the kind of vocational learning it was already offering.

They include, for example, the energy company Shell retraining structural and geological engineers “who had good math skills but no machine learning expertise” to be able to work in data science, needed as the company builds more automation into its operation and moves into new kinds of energy technology.

And he said that Egypt and other nations — looking to the success that India has had — have been providing technology expertise training to residents to help them find jobs in the “outsourcing economy.” He said that the program in Egypt has seen an 80% graduation rate and 70% “positive outcomes” (resulting in jobs).

“If you take just AI and machine learning, demand for these skills is growing at a rate of 70% year-over-year, but there is a shortage of talent to fill those roles,” Dalporto said.

Udacity is for now not looking at any acquisitions, he added, for another 6-12 months. “We have so much demand and work to do internally that there is no compelling reason to do that. At some point we will look at that but it needs to be linked to our strategy.”

Warren gets $1.4 million to help local cloud infrastructure providers compete against Amazon and other giants

/0 Comments/in /by

Started as a side project by its founders, Warren is now helping regional cloud infrastructure service providers compete against Amazon, Microsoft, IBM, Google and other tech giants. Based in Tallinn, Estonia, Warren’s self-service distributed cloud platform is gaining traction in Southeast Asia, one of the world’s fastest-growing cloud service markets, and Europe. It recently closed a $1.4 million seed round led by Passion Capital, with plans to expand in South America, where it recently launched in Brazil.

Warren’s seed funding also included participation from Lemonade Stand and angel investors like former Nokia vice president Paul Melin and Marek Kiisa, co-founder of funds Superangel and NordicNinja.

The leading global cloud providers are aggressively expanding their international businesses by growing their marketing teams and data centers around the world (for example, over the past few months, Microsoft has launched a new data center region in Austria, expanded in Brazil and announced it will build a new region in Taiwan as it competes against Amazon Web Services).

But demand for customized service and control over data still prompt many companies, especially smaller ones, to pick local cloud infrastructure providers instead, Warren co-founder and chief executive officer Tarmo Tael told TechCrunch.

AWS remains in firm control of the cloud infrastructure market

“Local providers pay more attention to personal sales and support, in local language, to all clients in general, and more importantly, take the time to focus on SME clients to provide flexibility and address their custom needs,” he said. “Whereas global providers give a personal touch maybe only to a few big clients in the enterprise sectors.” Many local providers also offer lower prices and give a large amount of bandwidth for free, attracting SMEs.

He added that “the data sovereignty aspect that plays an important role in choosing their cloud platform for many of the clients.”

In 2015, Tael and co-founder Henry Vaaderpass began working on the project that eventually became Warren while running a development agency for e-commerce sites. From the beginning, the two wanted to develop a product of their own and tested several ideas out, but weren’t really excited by any of them, he said. At the same time, the agency’s e-commerce clients were running into challenges as their businesses grew.

Tael and Vaaderpass’s clients tended to pick local cloud infrastructure providers because of lower costs and more personalized support. But setting up new e-commerce projects with scalable infrastructure was costly because many local cloud infrastructure providers use different platforms.

“So we started looking for tools to use for managing our e-commerce projects better and more efficiently,” Tael said. “As we didn’t find what we were looking for, we saw this as an opportunity to build our own.”

After creating their first prototype, Tael and Vaaderpass realized that it could be used by other development teams, and decided to seek angel funding from investors, like Kiisa, who have experience working with cloud data centers or infrastructure providers.

Southeast Asia, one of the world’s fastest-growing cloud markets, is an important part of Warren’s business. Warren will continue to expand in Southeast Asia, while focusing on other developing regions with large domestic markets, like South America (starting with Brazil). Tael said the startup is also in discussion with potential partners in other markets, including Russia, Turkey and China.

Warren’s current clients include Estonian cloud provider Pilw.io and Indonesian cloud provider IdCloudHost. Tael said working with Warren means its customers spend less time dealing with technical issues related to infrastructure software, so their teams, including developers, can instead focus on supporting clients and managing other services they sell.

The company’s goal is to give local cloud infrastructure providers the ability to meet increasing demand, and eventually expand internationally, with tools to handle more installations and end users. These include features like automated maintenance and DevOps processes that streamline feature testing and handling different platforms.

Ultimately, Warren wants to connect providers in a network that end users can access through a single API and user interface. It also envisions the network as a community where Warren’s clients can share resources and, eventually, have a marketplace for their apps and services.

In terms of competition, Tael said local cloud infrastructure providers often turn to OpenStack, Virtuozzo, Stratoscale or Mirantis. The advantage these companies currently have over Warren is a wider network, but Warren is busy building out its own. The company will be able to connect several locations to one provider by the first quarter of 2021. After that, Tael said, it will “gradually connect providers to each other, upgrading our user management and billing services to handle all that complexity.”

APAC cloud infrastructure revenue reaches $9B in Q2 with Amazon leading the way