New Charges Derail COVID Release for Hacker Who Aided ISIS

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic.

Ardit Ferizi, a 25-year-old citizen of Kosovo, was slated to be sent home earlier this month after a federal judge signed an order commuting his sentence to time served. The release was granted in part due to Ferizi’s 2018 diagnosis of asthma, as well as a COVID outbreak at the facility where he was housed in 2020.

But while Ferizi was in quarantine awaiting deportation the Justice Department unsealed new charges against him, saying he’d conspired from prison with associates on the outside to access stolen data and launder the bitcoin proceeds of his previous crimes.

In the years leading up to his arrest, Ferizi was the administrator of a cybercrime forum called Pentagon Crew. He also served as the leader of an ethnic Albanian group of hackers from Kosovo known as Kosova Hacker’s Security (KHS), which focused on compromising government and private websites in Israel, Serbia, Greece, Ukraine and the United States.

The Pentagon Crew forum founded by Ferizi.

In December 2015, Ferizi was apprehended in Malaysia and extradited to the United States. In January 2016, Ferizi pleaded guilty to providing material support to a terrorist group and to unauthorized access. He admitted to hacking a U.S.-based e-commerce company, stealing personal and financial data on 1,300 government employees, and providing the data to an Islamic State hacking group.

Ferizi gave the purloined data to Junaid “Trick” Hussain, a 21-year-old hacker and recruiter for ISIS who published it in August 2015 as part of a directive that ISIS supporters kill the named U.S. military members and government employees. Later that month, Hussain was reportedly killed by a drone strike in Syria.

The government says Ferizi and his associates made money by hacking PayPal and other financial accounts, and through pornography sites he allegedly set up mainly to steal personal and financial data from visitors.

Junaid Hussain’s Twitter profile photo.

Between 2015 and 2019, Ferizi was imprisoned at a facility in Illinois that housed several other notable convicts. For example, prosecutors allege that Ferizi was an associate of Mahmud “Red” Abouhalima, who was serving a 240 year sentence at the prison for his role in the 1993 World Trade Center bombing.

Another inmate incarcerated at the same facility was Shawn Bridges, a former U.S. Secret Service agent serving almost eight years for stealing $820,000 worth of bitcoin from online drug dealers while investigating the hidden underground website Silk Road. Prosecutors say Ferizi and Bridges discussed ways to hide their bitcoin.

The information about Ferizi’s inmate friends came via a tip from another convict, who told the FBI that Ferizi was allegedly using his access to the prison’s email system to share email and bitcoin account passwords with family members back home.

The Justice Department said subpoenas served on Ferizi’s email accounts and interviews with his associates show Ferizi’s brother in Kosovo used the information to “liquidate the proceeds of Ferizi’s previous criminal hacking activities.”

[Side note: It may be little more than a coincidence, but my PayPal account was hacked in Dec. 2015 by criminals who social engineered PayPal employees over the phone into changing my password and bypassing multi-factor authentication. The hackers attempted to send my balance to an account tied to Hussain, but the transfer never went through.]

Ferizi is being tried in California, but has not yet had an initial appearance in court. He’s charged with one count of aggravated identity theft and one count of wire fraud. If convicted of wire fraud, he faces a maximum penalty of 20 years in prison and a fine of $250,000. If convicted of aggravated identity theft, he faces a mandatory penalty of 2 years in prison in addition to the punishment imposed for a wire fraud conviction.

Personio raises $125M on a $1.7B valuation for an HR platform targeting SMEs

With the last year changing how (and where) many of us work, organizations have started to rethink how well they manage their employees, and what tools they use to do that. Today, one of the startups that is building technology to address this challenge is announcing a major round of funding that underscores its traction to date.

Personio — the German startup that targets small- and medium-sized businesses (10-2,000 employees) with an all-in-one HR platform covering recruiting and onboarding, payroll, absence tracking and other major HR functions — has picked up $125 million in funding at a $1.7 billion post-money valuation.

The Series D is being co-led by Index Ventures and Meritech, with previous backers Accel, Lightspeed Venture Partners, Northzone, Global Founders Capital and Picus all participating.

The $1.7 billion valuation is a big jump on the company’s $500 million valuation a year ago, and it comes after a year where the startup has doubled its revenues and was not on the hunt to raise, with much of its previous fundraising still in the bank.

Personio currently counts some 3,000 SMEs in Europe as customers.

In an interview, Hanno Renner, the co-founder and CEO of Personio, said that the startup would be using the funding to continue building out the product — which operates a little like Workday, but built for much smaller organizations — as well as expanding its presence in Europe.

Although SMEs can be a notoriously challenging customer segment, Renner said that a new opportunity has emerged: A new wave of people in the SME sector have started to realise the value of having a modern and integrated HR platform.

“We started Personio in 2016 wanting to become the leading HR platform for midmarket companies, and we knew it could be a great company, but we realize it can be hard to grasp what HR really means,” he said. “But I think what has driven our business in the past year has been the realization that HR is not just an important part, but maybe the most important part, of any business.”

It may take one magic turn to convert users, he said, by providing (as one example) tools to recruit, sign contracts and onboard new employees remotely. Still, he acknowledges that the midmarket — especially those companies not built around technology — has been “lagging for years,” with many still working off Excel spreadsheets, or even more surprisingly, pen and paper. “Supporting them by helping them to digitize in a more efficient way has been driving our business.”

Personio is not the only startup hopeful that the shift in how we work will bring a new appreciation (and appetite) for purchasing HR tools. Others like Hibob have also seen a big boost in their business and have also been raising money to tap into the opportunity more aggressively.

Hibob is looking to build in more training tools, underscoring the feature race that Personio will also have to run to keep up.

But given the sheer numbers of SMBs in the European market — more than 25 million, and accounting for more than 99% of all enterprises, according to research from the European Union — the fact that many of them have yet to adopt any kind of HR platform at all, there remains a lot of growth for a number of players.

“SMEs are the backbone of the European economy, employing 100 million people across the continent, but it is also a sector that has been neglected by software companies focused predominantly on large enterprises,” Martin Mignot, a partner at Index who sits on Personio’s board, said in a statement. “Personio changes that, having created a set of powerful tools tailored to address the needs of small businesses.”

“We have had the pleasure of working with some of the most successful SaaS companies in the world, and given Personio’s success over the past five years and the immense market potential, we strongly believe in Personio’s ability to build an equally successful and impactful business,” added Alex Clayton, general partner at Meritech Capital, in his own statement. “After many great discussions with Hanno over recent years, we are now excited to be joining the journey.” Clayton is also joining the board with this round.

Salesforce leads $15M investment in Asian HR tech platform Darwinbox

Darwinbox, which operates a cloud-based human resource management platform, has raised $15 million in a new financing round as the Indian startup looks to further expand in the country and Southeast Asian markets.

The new round — a Series C — for the Hyderabad-headquartered startup was led by Salesforce Ventures, the venture arm of the American enterprise giant. This is Salesforce Ventures’ one of rare investments in India. Existing investors including Lightspeed India and Sequoia Capital India also participated in the round, which brings the five-year old startup’s raise to-date to about $35 million.

Over 500 firms including — Tokopedia, Indorama, JG Summit Group, Zilingo, Zalora, Fave, Adani, Mahindra, Kotak, TVS, National Stock Exchange, Ujjivan Small Finance Bank, Dr.Reddy’s, Nivea, Puma, Swiggy, Bigbasket — use Darwinbox’s HR platform to provide more than a million employees of theirs with a range of features in 60 nations, up from about 200 firms across 50 nations in late 2019, said Chaitanya Peddi, co-founder of Darwinbox, in an interview with TechCrunch.

Peddi said the startup has always looked up to Salesforce for inspiration, and investment from the enterprise giant is “nothing sort of a child receiving validation from their father,” he said.

The fundraise caps the most successful year for the startup that started with uncertainty as the coronavirus spread across Asian nations. The startup initially took a hit as its customers scrambled to navigate through the global pandemic, but the last two quarters have been its best to date, said Peddi.

Overall, the startup’s revenue has ballooned by 300% since September 2019, when it last raised money, he said. “In HR tech and SaaS space, we are now only behind SAP and Oracle in India in terms of revenue,” he said.

Dev Khare, a partner at Lightspeed India, an early backer of the startup, said that Darwinbox has become the preferred human capital management solution for Asian conglomerates, governments, and high-growth businesses and multi-national corporations operating in Asia as they witness digital transformation.

Image Credits: Darwinbox

Darwinbox’s platform is built to take care of the entire “hiring to retiring” cycle needs of employees. It handles onboarding of new hires, keeps a tab on their performance, monitors attrition rate, and provides an ongoing feedback loop.

It also provides its customers with a social network for their employees to remain connected with one another and an AI assistant to apply for a leave or set up meetings with quick voice commands from their phones.

Peddi said the startup will deploy the fresh capital to expand to several more countries, especially in more emerging markets in the Middle East Asia and Africa, and broaden its offerings. “We will be leveraging the power of our platform to do a lot more. We are a product-led firm and our focus will remain on innovation in that space,” he said. The startup is also open to exploring opportunities to acquire smaller firms for inorganic growth, he said.

“India is home to one of the world’s youngest population, and by 2050, it is expected to account for over 18% of the global working age population,” said Arundhati Bhattacharya, Chairperson and CEO, Salesforce India, in a statement. “This makes technology platforms like Darwinbox, that focuses on workforces, incredibly important. I’m proud that Salesforce is supporting Darwinbox on their journey as they continue to grow and innovate in this space.”

Alex Kayyal, partner and head of international at Salesforce Ventures, told TechCrunch in an interview that the firm helps its partners in a number of ways, including exposing them to the firm’s customers, executives and their networks, and helping startups scale their business.

“We have one of the most innovative and disruptive customer bases that are looking for cloud solutions and digital transformation. So the opportunity to expose companies like Darwinbox to our customer base is something we get really excited about,” said Kayyal. Salesforce Ventures is exploring more investment opportunities in India, he said.

Joker’s Stash Carding Market to Call it Quits

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

The Russian and English language carding store first opened in October 2014, and quickly became a major source of “dumps” — information stolen from compromised payment cards that thieves can buy and use to create physical counterfeit copies of the cards.

But 2020 turned out to be a tough year for Joker’s Stash. As cyber intelligence firm Intel 471 notes, the curator of the store announced in October that he’d contracted COVID-19, spending a week in the hospital. Around that time, Intel 471 says many of Joker’s loyal customers started complaining that the shop’s payment card data quality was increasingly poor.

“The condition impacted the site’s forums, inventory replenishments and other operations,” Intel 471 said.

Image: Gemini Advisory

That COVID diagnosis may have affected the shop owner’s ability to maintain fresh and valid inventory on his site. Gemini Advisory, a New York City-based company that monitors underground carding shops, tracked a “severe decline” in the volume of compromised payment card accounts for sale on Joker’s Stash over the past six months.

“Joker’s Stash has received numerous user complaints alleging that card data validity is low, which even prompted the administrator to upload proof of validity through a card-testing service,” Gemini wrote in a blog post about the planned shutdown.

Image: Gemini Advisory

Then on Dec. 16, 2020, several of Joker’s long-held domains began displaying notices that the sites had been seized by the U.S. Department of Justice and Interpol. The crime shop quickly recovered, moving to new infrastructure and assuring the underground community that it would continue to operate normally.

Gemini estimates that Joker’s Stash generated more than a billion dollars in revenue over the past several years. Much of that revenue came from high-profile breaches, including tens of millions of payment card records stolen from major merchants including Saks Fifth Avenue, Lord and TaylorBebe StoresHilton HotelsJason’s DeliWhole FoodsChipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ.

Joker’s Stash routinely teased big breaches days or weeks in advance of selling payment card records stolen from those companies, and periodically linked to this site and other media outlets as proof of his shop’s prowess and authenticity.

Like many other top cybercrime bazaars, Joker’s Stash was a frequent target of phishers looking to rip off unwary or unsophisticated thieves. In 2018, KrebsOnSecurity detailed a vast network of fake Joker’s Stash sites set up to steal login credentials and bitcoin. The phony sites all traced back to the owners of a Pakistani web site design firm. Many of those fake sites are still active (e.g. jokersstash[.]su).

As noted here in 2016, Joker’s Stash attracted an impressive number of customers who kept five and six-digit balances at the shop, and who were granted early access to new breaches as well as steep discounts for bulk buys. Those “partner” customers will be given the opportunity to cash out their accounts. But the majority of Stash customers do not enjoy this status, and will have to spend their balances by Feb. 15 or forfeit those funds.

The dashboard for a Joker’s Stash customer who’s spent over $10,000 buying stolen credit cards from the site.

Gemini said another event that may have contributed to this threat actor shutting down their marketplace is the recent spike in the value of Bitcoin. A year ago, one bitcoin was worth about $9,000. Today a single bitcoin is valued at more than $35,000.

“JokerStash was an early advocate of Bitcoin and claims to keep all proceeds in this cryptocurrency,” Gemini observed in a blog post. “This actor was already likely to be among the wealthiest cybercriminals, and the spike may have multiplied their fortune, earning them enough money to retire. However, the true reason behind this shutdown remains unclear.”

If the bitcoin price theory holds, that would be fairly rich considering the parting lines in the closure notice posted to Joker’s Stash.

“We are also want to wish all young and mature ones cyber-gangsters not to lose themselves in the pursuit of easy money,” the site administrator(s) advised. “Remember, that even all the money in the world will never make you happy and that all the most truly valuable things in this life are free.”

Regardless, the impending shutdown is unlikely to have much of an impact on the overall underground carding industry, Gemini notes.

“Given Joker’s Stash’s high profile, it relied on a robust network of criminal vendors who offered their stolen records on this marketplace, among others,” the company wrote. “Gemini assesses with a high level of confidence that these vendors are very likely to fully transition to other large, top-tier dark web marketplaces.”

The Good, the Bad and the Ugly in Cybersecurity – Week 3

The Good

The world’s largest illegal marketplace on the dark web, DarkMarket, has been taken offline in an international operation led by German police and law enforcement agencies from Australia, Denmark, Moldova, Ukraine, the United Kingdom, and the USA (DEA, FBI, and IRS), with the support of Europol. The site had close to half a million users, over 2400 sellers, and had handled hundreds of thousands of transactions involving the trade of drugs, counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware. It is estimated that the site handled transactions equal to €140 million.

The takedown was made possible due to the arrest of an Australian citizen involved in the operation of DarkMarket near the German-Danish border over the weekend. The investigation allowed officers to locate and close the marketplace, and seize the criminal infrastructure of more than 20 servers in Moldova and Ukraine. The servers seized contained the data of many other users, sellers and operators and is expected to lead to additional arrests.

The Bad

The move to working from home has left many organizations vulnerable. Allowing employees to access organizational networks and cloud assets requires security tools and discipline that is often lacking, and attackers have taken notice.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Analysis Report saying it is aware of several recent successful cyberattacks against various organizations’ cloud services. According to CISA, threat actors are using several vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.

Gaining access into secured cloud environment requires the use of a variety of tactics and techniques – phishing, brute force login attempts, and possibly a “pass-the-cookie” attack – to attempt to exploit weaknesses in the victim organizations’ cloud security practices.

CISA noted that across several different incident reports, attackers tried to gain access by harvesting user credentials through malicious links. If that tactic failed, they tried harder, generating emails that spoofed a legitimate file hosting service account login. When they obtained the user’s credentials, they would send emails from the victim’s accounts to other employees and obtain their credentials as well. In some cases that wasn’t necessary: one organization allowing employees to connect via VPN left port 80 open…and in return received an aggressive brute force attack.

CISA noted that sometimes attackers simply followed the email-trail, exploiting the fact that employees set up email forwarding rules to automate sending work emails to their personal email accounts. In one case, attackers modified an existing email rule on a user’s account and redirected the emails to an account controlled by the actors.

CISA said that the activity could not be tied to any single threat actor, but they believe it is unrelated to the recent APT group said to be behind the recent SolarWinds breach.

The Ugly

Irresponsibility when it comes to holding customer data reached a new high this week. After social media giants banned President Trump’s accounts indefinitely, many of his supporters flocked to alternative social media platform Parler, which offered to host content without moderation, however heinous. Parler had been known to host extremists of all kinds, and has now been forced off Amazon’s hosting service and had its apps banned from various App Stores.

However, it seems the developers behind the platform were not particularly concerned about securing their users’ privacy, either. Before Parler went down, a hacktivist known as “@donk_enby” found a way to download and save nearly all the messages, photos, and videos in the order they were posted.

Capturing 99.9% of Parler’s entire content didn’t require any particular “leet” hacking skills, either. The site used an insecure direct object reference, or IDOR, which allows anyone to guess the pattern an application uses to refer to its stored data. Simply put, the posts on Parler were listed in chronological order: increasing a value in a Parler post’s URL by one gives you access to the next post on the site. In addition, Parler didn’t require authentication to view public posts and didn’t implement any mechanism to limit scraping like “rate limiting” that would prevent someone from accessing many posts in a short space of time. One cybersecurity expert decried the site’s architecture as “like a Computer Science 101 bad homework assignment”.

Now, many users fear that this data could be used against them in the aftermath of the Capitol Hill assault. Other hacktivists have already started sifting through the data and correlating messages, time and geolocation to pinpoint the location of the perpetrators in the riot (indeed, some posted from within the Capitol building). This is, of course, good news for law enforcement, but as a case study in how to host and secure potentially sensitive user data, it serves as an object lesson in how to fail, and fail big.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Rapid growth in 2020 reveals OKR software market’s untapped potential

Last year, a number of startups building OKR-focused software raised lots of venture capital, drawing TechCrunch’s attention.

Why is everyone making software that measures objectives and key results? we wondered with tongue in cheek. After all, how big could the OKR software market really be?

It’s a subniche of corporate planning tools! In a world where every company already pays for Google or Microsoft’s productivity suite, and some big software companies offer similar planning support, how substantial could demand prove for pure-play OKR startups?


The Exchange explores startups, markets and money. Read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.


Pretty substantial, we’re finding out. After OKR-focused Gtmhub announced its $30 million Series B the other day, The Exchange reached out to a number of OKR-focused startups we’ve previously covered and asked about their 2020 growth.

Gtmhub had released new growth metrics along with its funding news, plus we had historical growth data from some other players in the space. So let’s peek at new and historical numbers from Gthmhub, Perdoo, WorkBoard, Ally.io, Koan and WeekDone.

Growth (and some caveats)

A startup growing 400% in a year from a $50,000 ARR base is not impressive. It would be much more impressive to grow 200% from $1 million ARR, or 150% from $5 million.

So, percentage growth is only so good, as metrics go. But it’s also one that private companies are more likely to share than hard numbers, as the market has taught startups that sharing real data is akin to drowning themselves. Alas.

As we view the following, bear in mind that a simply higher percentage growth number does not indicate that a company added more net ARR than another; it could be growing faster from a smaller base. And some companies in the mix did not share ARR growth, but instead disclosed other bits of data. We got what we could.

Gtmhub:

  • 400% ARR growth, 2019.
  • 300% ARR growth, 2020.
  • More: The company has seen strong ACV growth and its reportedly strong gross margins from 2019 held up in 2020, it said.
  • TechCrunch coverage

Perdoo:

  • 240% paid customer growth, 2020.
  • 340% user base growth, 2020.
  • Given strong market demand, a company representative told The Exchange that Perdoo had to restrict its free tier to 10 users.
  • TechCrunch coverage

WorkBoard:

Twilio CEO Jeff Lawson says wisdom lies with your developers

Twilio CEO Jeff Lawson knows a thing or two about unleashing developers. His company has garnered a market cap of almost $60 billion by creating a set of tools to make it easy for programmers to insert a whole host of communications functionality into an application with a couple of lines of code. Given that background, perhaps it shouldn’t come as a surprise that Lawson has written a book called “Ask Your Developer,” which hit the stores this week.

Lawson’s basic philosophy is that if you can build it, you should.

Lawson’s basic philosophy in the book is that if you can build it, you should. In every company, there is build versus buy calculus that goes into every software decision. Lawson believes deeply that there is incredible power in building yourself instead of purchasing something off the shelf. By using components like the ones from his company, and many others delivering specialized types functionality via API, you can build what your customers need instead of just buying what the vendors are giving you.

While Lawson recognizes this isn’t always possible, he says that by asking your developers, you can begin to learn when it makes sense to build and when it doesn’t. These discussions should stem from customer problems and companies should seek digital solutions with the input of the developer group.

Building great customer experiences

Lawson posits that you can build a better customer experience because you understand your customers so much more  acutely than a generic vendor ever could. “Basically, what you see happening across nearly every industry is that the companies that are able to listen to their customers and hear what the customers need and then build really great digital products and experiences — well, they tend to win the hearts, minds and wallets of their customers,” Lawson told me in an interview about the book this week.

Billboard for book Ask your Developer by Jeff Lawson, CEO of Twilio

Image Credits: Twilio (image has been cropped)

He says that this has caused a shift in how companies perceive IT departments. They have gone from cost centers that provision laptops and buy HR software to something more valuable, helping produce digital products that have a direct impact on the business’s bottom line.

He uses banking as an example in the book. It used to be you judged a bank by a set of criteria like how nice the lobby was, if the tellers were friendly and if they gave your kid a free lollipop. Today, that’s all changed and it’s all about the quality of the mobile app.

“Nowadays your bank is a mobile app and you like your bank if the software is fast, if it is bug free and if they regularly update it with new features and functionality that makes your life better [ … ]. And that same transformation has been happening in nearly every industry and so when you think about it, you can’t buy differentiation if every bank just bought the same mobile app from some vendor and just off the shelf deployed it,” he said.

GitLab oversaw a $195 million secondary sale that values the company at $6 billion

GitLab has confirmed with TechCrunch that it oversaw a $195 million secondary sale that values the company at $6 billion. CNBC broke the story earlier today.

The company’s impressive valuation comes after its most recent 2019 Series E in which it raised $268 million on a 2.75 billion valuation, an increase of $3.25 billion in under 18 months. Company co-founder and CEO Sid Sijbrandij believes the increase is due to his company’s progress adding functionality to the platform.

“We believe the increase in valuation over the past year reflects the progress of our complete DevOps platform towards realizing a greater share of the growing, multi-billion dollar software development market,” he told TechCrunch.

While the startup has raised over $434 million, this round involved buying employee stock options, a move that allows the company’s workers to cash in some of their equity prior to going public. CNBC reported that the firms buying the stock included Alta Park, HMI Capital, OMERS Growth Equity, TCV and Verition.

The next logical step would appear to be IPO, something the company has never shied away from. In fact, it actually at one point included the proposed date of November 18, 2020 as a target IPO date on the company wiki. While they didn’t quite make that goal, Sijbrandij still sees the company going public at some point. He’s just not being so specific as in the past, suggesting that the company has plenty of runway left from the last funding round and can go public when the timing is right.

“We continue to believe that being a public company is an integral part of realizing our mission. As a public company, GitLab would benefit from enhanced brand awareness, access to capital, shareholder liquidity, autonomy and transparency,” he said.

He added, “That said, we want to maximize the outcome by selecting an opportune time. Our most recent capital raise was in 2019 and contributed to an already healthy balance sheet. A strong balance sheet and business model enables us to select a period that works best for realizing our long-term goals.”

GitLab has not only published IPO goals on its Wiki, but its entire company philosophy, goals and OKRs for everyone to see. Sijbrandij told TechCrunch’s Alex Wilhelm at a TechCrunch Disrupt panel in September that he believes that transparency helps attract and keep employees. It doesn’t hurt that the company was and remains a fully remote organization, even pre-COVID.

“We started [this level of] transparency to connect with the wider community around GitLab, but it turned out to be super beneficial for attracting great talent as well,” Sijbrandij told Wilhelm in September.

The company, which launched in 2014, offers a DevOps platform to help move applications through the programming lifecycle.

Update: The original headline of this story has been changed from ‘GitLab raises $195M in secondary funding on $6 billion valuation.’

 

Extra Crunch roundup: Antitrust jitters, SPAC odyssey, white-hot IPOs, more

Some time ago, I gave up on the idea of finding a thread that connects each story in the weekly Extra Crunch roundup; there are no unified theories of technology news.

The stories that left the deepest impression were related to two news pegs that dominated the week — Visa and Plaid calling off their $5.3 billion acquisition agreement, and sizzling-hot IPOs for Affirm and Poshmark.

Watching Plaid and Visa sing “Let’s Call The Whole Thing Off” in harmony after the U.S. Department of Justice filed a lawsuit to block their deal wasn’t shocking. But I was surprised to find myself editing an interview Alex Wilhelm conducted with Plaid CEO Zach Perret the next day in which the executive said growing the company on its own is “once again” the correct strategy.


Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


In an analysis for Extra Crunch, Managing Editor Danny Crichton suggested that federal regulators’ new interest in antitrust enforcement will affect valuations going forward. For example, Procter & Gamble and women’s beauty D2C brand Billie also called off their planned merger last week after the Federal Trade Commission raised objections in December.

Given the FTC’s moves last year to prevent Billie and Harry’s from being acquired, “it seems clear that U.S. antitrust authorities want broad competition for consumers in household goods,” Danny concluded, and I suspect that applies to Plaid as well.

In December, C3.ai, Doordash and Airbnb burst into the public markets to much acclaim. This week, used clothing marketplace Poshmark saw a 140% pop in its first day of trading and consumer-financing company Affirm “priced its IPO above its raised range at $49 per share,” reported Alex.

In a post titled “A theory about the current IPO market”, he identified eight key ingredients for brewing a debut with a big first-day pop, which includes “exist in a climate of near-zero interest rates” and “keep companies private longer.” Truly, words to live by!

Come back next week for more coverage of the public markets in The Exchange, an interview with Bustle CEO Bryan Goldberg where he shares his plans for taking the company public, a comprehensive post that will unpack the regulatory hurdles facing D2C consumer brands, and much more.

If you live in the U.S., enjoy your MLK Day holiday weekend, and wherever you are: Thanks very much for reading Extra Crunch.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

 

Rapid growth in 2020 reveals OKR software market’s untapped potential

After spending much of the week covering 2021’s frothy IPO market, Alex Wilhelm devoted this morning’s column to studying the OKR-focused software sector.

Measuring objectives and key results are core to every enterprise, perhaps more so these days since knowledge workers began working remotely in greater numbers last year.

A sign of the times: This week, enterprise orchestration SaaS platform Gtmhub announced that it raised a $30 million Series B.

To get a sense of how large the TAM is for OKR, Alex reached out to several companies and asked them to share new and historical growth metrics:

  • Gthmhub
  • Perdoo
  • WorkBoard
  • Ally.io
  • Koan
  • WeekDone

“Some OKR-focused startups didn’t get back to us, and some leaders wanted to share the best stuff off the record, which we grant at times for candor amongst startup executives,” he wrote.

5 consumer hardware VCs share their 2021 investment strategies

For our latest investor survey, Matt Burns interviewed five VCs who actively fund consumer electronics startups:

  • Hans Tung, managing partner, GGV Capital
  • Dayna Grayson, co-founder and general partner, Construct Capital
  • Cyril Ebersweiler, general partner, SOSV
  • Bilal Zuberi, partner, Lux Capital
  • Rob Coneybeer, managing director, Shasta Ventures

“Consumer hardware has always been a tough market to crack, but the COVID-19 crisis made it even harder,” says Matt, noting that the pandemic fueled wide interest in fitness startups like Mirror, Peloton and Tonal.

Bonus: Many VCs listed the founders, investors and companies that are taking the lead in consumer hardware innovation.

A theory about the current IPO market

Digital generated image of abstract multi colored curve chart on white background.

Image Credits: Getty Images/Andriy Onufriyenko

If you’re looking for insight into “why everything feels so damn silly this year” in the public markets, a post Alex wrote Thursday afternoon might offer some perspective.

As someone who pays close attention to late-stage venture markets, he’s identified eight factors that are pushing debuts for unicorns like Affirm and Poshmark into the stratosphere.

TL;DR? “Lots of demand, little supply, boom goes the price.”

Poshmark prices IPO above range as public markets continue to YOLO startups

Clothing resale marketplace Poshmark closed up more than 140% on its first trading day yesterday.

In Thursday’s edition of The Exchange, Alex noted that Poshmark boosted its valuation by selling 6.6 million shares at its IPO price, scooping up $277.2 million in the process.

Poshmark’s surge in trading is good news for its employees and stockholders, but it reflects poorly on “the venture-focused money people who we suppose know what they are talking about when it comes to equity in private companies,” he says.

Will startup valuations change given rising antitrust concerns?

GettyImages 926051128

Image Credits: monsitj/Getty Images

This week, Visa announced it would drop its planned acquisition of Plaid after the U.S. Department of Justice filed suit to block it last fall.

Last week, Procter & Gamble called off its purchase of Billie, a women’s beauty products startup — in December, the U.S. Federal Trade Commission sued to block that deal, too.

Once upon a time, the U.S. government took an arm’s-length approach to enforcing antitrust laws, but the tide has turned, says Managing Editor Danny Crichton.

Going forward, “antitrust won’t kill acquisitions in general, but it could prevent the buyers with the highest reserve prices from entering the fray.”

Dear Sophie: What’s the new minimum salary required for H-1B visa applicants?

Image Credits: Sophie Alcorn

Dear Sophie:

I’m a grad student currently working on F-1 STEM OPT. The company I work for has indicated it will sponsor me for an H-1B visa this year.

I hear the random H-1B lottery will be replaced with a new system that selects H-1B candidates based on their salaries.

How will this new process work?

— Positive in Palo Alto

Venture capitalists react to Visa-Plaid deal meltdown

A homemade chocolate cookie with a bite and crumbs on a white background

Image Credits: Ana Maria Serrano/Getty Images

After news broke that Visa’s $5.3 billion purchase of API startup Plaid fell apart, Alex Wilhelm and Ron Miller interviewed several investors to get their reactions:

  • Anshu Sharma, co-founder and CEO, SkyflowAPI
  • Amy Cheetham, principal, Costanoa Ventures
  • Sheel Mohnot, co-founder, Better Tomorrow Ventures
  • Lucas Timberlake, partner, Fintech Ventures
  • Nico Berardi, founder and general partner, ANIMO Ventures
  • Allen Miller, VC, Oak HC/FT
  • Sri Muppidi, VC, Sierra Ventures
  • Christian Lassonde, VC, Impression Ventures

Plaid CEO touts new ‘clarity’ after failed Visa acquisition

Zach Perret, chief executive officer and co-founder of Plaid Technologies Inc., speaks during the Silicon Slopes Tech Summit in Salt Lake City, Utah, U.S., on Friday, Jan. 31, 2020. The summit brings together the leading minds in the tech industry for two-days of keynote speakers, breakout sessions, and networking opportunities. Photographer: George Frey/Bloomberg via Getty Images

Image Credits: George Frey/Bloomberg/Getty Images

Alex Wilhelm interviewed Plaid CEO Zach Perret after the Visa acquisition was called off to learn more about his mindset and the company’s short-term plans.

Perret, who noted that the last few years have been a “roller coaster,” said the Visa deal was the right decision at the time, but going it alone is “once again” Plaid’s best way forward.

2021: A SPAC odyssey

In Tuesday’s edition of The Exchange, Alex Wilhelm took a closer look at blank-check offerings for digital asset marketplace Bakkt and personal finance platform SoFi.

To create a detailed analysis of the investor presentations for both offerings, he tried to answer two questions:

  1. Are special purpose acquisition companies a path to public markets for “potentially promising companies that lacked obvious, near-term growth stories?”
  2. Given the number of unicorns and the limited number of companies that can IPO at any given time, “maybe SPACS would help close the liquidity gap?”

Flexible VC: A new model for startups targeting profitability

12 ‘flexible VCs’ who operate where equity meets revenue share

Spotlit Multi Colored Coil Toy in the Dark.

Image Credits: MirageC/Getty Images

Growth-stage startups in search of funding have a new option: “flexible VC” investors.

An amalgam of revenue-based investment and traditional VC, investors who fall into this category let entrepreneurs “access immediate risk capital while preserving exit, growth trajectory and ownership optionality.”

In a comprehensive explainer, fund managers David Teten and Jamie Finney present different investment structures so founders can get a clear sense of how flexible VC compares to other venture capital models. In a follow-up post, they share a list of a dozen active investors who offer funding via these nontraditional routes.

These 5 VCs have high hopes for cannabis in 2021

Marijuana leaf on a yellow background.

Image Credits: Anton Petrus (opens in a new window)/Getty Images

For some consumers, “cannabis has always been essential,” writes Matt Burns, but once local governments allowed dispensaries to remain open during the pandemic, it signaled a shift in the regulatory environment and investors took notice.

Matt asked five VCs about where they think the industry is heading in 2021 and what advice they’re offering their portfolio companies:

21 Cyber Security Twitter Accounts You Should Be Following in 2021

To remain current with the ever-evolving cybersecurity ecosystem, it is essential to have the right sources to keep you on top of the most important malware research, outbreaks, breaches, pentesting, or reverse engineering news. Twitter is where you’ll find experts sharing their insights and, if you haven’t already, soon discover that it is imperative for your career development. Out of thousands of accounts, we’ve hand-picked 21 for 2021 that between them will not only cover the full spectrum of cybersecurity issues but also, thanks to the wonders of retweeting, curate the most important tweets of those they follow. Our list has some well-established rock stars in the field, but you’ll discover some new, interesting and influential people here, too.

1. @Fox0x01 Azeria |  Maria Markstedter


Azeria is a security researcher, reverse engineer, founder and CEO of Azeria Labs, and Forbes Person of the Year in Cybersecurity for 2020. IRL known as Maria Markstedter, Azeria was also a Forbes under 30 alum. She is an expert in ARM-based systems and is a thought leader in cybersecurity. @Fox0x01 should be top of your list for 2021.

2. @Runasand | Runa Sand


Runa Sandvik works on digital security for journalists. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project. She is a board member of the Norwegian Online News Association, and an advisor to The Signals Network. The passion she has for privacy is second to none. Follow @runasand to keep up with the infosec news others miss.

3. @RobertMLee | Robert M. Lee


Former USAF Cyber Warfare Operations Officer tasked to the National Security Agency (NSA), Robert M Lee now runs his own cybersecurity company and teaches others about his experience of dealing with advanced adversaries targeting Industrial Control Systems (ICS). A thought leader in the field of assessing, hunting and monitoring ICS threats, @RoberMLee’s busy Twitter feed is never short of interesting.

4. @JHaddix | Jason Haddix


Jason Haddix is a leader in the Bug Bounty community. His Bug Hunter’s Methodology is a must for anyone getting into the Bug Bounty field. His tweets show how much he loves being in the trenches and performing actual assessments. Jason is one of the nicest guys in the industry and is willing to have a conversation with anyone about helping them get better technically. @Jhaddix describes himself as a “Father, hacker, educator, gamer & nerd.” If that’s not enough good reasons for him to be on your list for 2021, we don’t know what is!

SentinelOne’s Cybersecurity Predictions 2021 | What Can We Expect After a Year Like This?

5. @campuscodi | Catalin Cimpanu


Catalin Cimpanu is a cybersecurity news reporter at ZDNet, where he covers the full breadth of relevant infosec news, whether it’s data breaches, hacking, threat actors or any other related cyber security topic. Catalin’s tweets are always informative and often must reads. @campuscodi covers both offensive and defensive security, and he caters to his followers by delivering actionable intelligence and essential facts that every security expert needs to be up on.

6. @natashenka | Natalie Silvanovich


Natalie Silvanovich is a Security Engineer for Google Project Zero, where her work involves breaking things other folks think are unbreakable. In 2019, she found a fully remote vulnerability affecting the iPhone, and this year she’s already presented a webinar at Nullcon on exploiting Android Messengers with WebRTC. Make sure you enable notifications for @natashenka because you do not want to miss anything she tweets.

7. @zackwhittaker | Zack Whittaker


Zack Whittaker is security editor at TechCrunch and author of the popular this week in security newsletter. As such, Zack is one of the first sources you should look to for breaking cyber and infosec news. @zackwhittaker’s feed is an essential way to keep up with everything that’s going on in the cyber world that could affect your organization, whether it’s in the U.S. or abroad.

8. @laparisa | Parisa Tabriz


Parisa Tabriz is a computer security expert who works for Google as a Director of Engineering. She describes herself as “a browser boss” and “security princess”. She is a thought leader and influencer and had one of the largest ever turnouts for a keynote speaker at Black Hat.  @laparisa regularly tweets and retweets essential content, often related to browser and web security, Google Chrome usage and cyber security tips.

9. @BillDemirkapi | Bill Demirkapi


When you talk about who is the next big thing in security, Bill’s name is often the first to be mentioned. Bill is currently an offensive security researcher at Zoom, a sophomore at Rochester Institute of Technology, and has presented at DEF CON twice – and he’s only 19 years old! We recommend that you watch Demystifying Modern Windows Rootkits that Bill presented at DEF CON last year or any of his other fascinating videos and you will quickly understand why @BillDemirkapi made our list of 21 essential Twitter accounts to follow in 2021.

10. @Carlos_Perez | Darkoperator


Carlos Perez’s main area of interest is post-exploitation. Carlos considers post-exploitation lacking in many training courses and not sufficiently practiced by many pentesters and security professionals. Aside from being a regular security podcaster and PowerShell MVP, Carlos is also a Metasploit contributor. His @Darkoperator Twitter feed and website are filled with his knowledge and experience, which he loves to share with those looking to learn.

11. @patrickwardle | Patrick Wardle


It’s rare for an organization not to have Macs in their fleets these days, and you won’t find a better curator, tweeter and retweeter of the latest macOS security news than Patrick Wardle. Founder of his own open-source software company, organizer of the Apple-focused OBTS security conferences, and currently Principal Security Researcher at Jamf, @patrickwardle’s feed will keep you on top of what’s happening in the macOS security, malware and reverse engineering world.

12. @binitamshah | Binni Shah


Binni Shah is a must-follow, especially if you like putting your hands on the keyboard and want to learn the latest techniques of offensive and defensive security. Linux evangelist, Kernel developer and security enthusiast, @binitamshah has provided value with her tweets for years, which is why she has almost 90K followers. Almost everything she tweets is a must-read, so if you’re not one of those 90K yet, you know what to do next!

13. @gcluley | Graham Cluley


Since 2013, Gramham Cluley has been working for himself as an independent blogger, podcaster, and public speaker on computer security issues. His tech bio includes work for Sophos and McAfee and he was instrumental in writing an early AntiVirus toolkit for Windows in the 1990s. These days, @gcluley covers a wide-range of cybersecurity news from both his blog and his regular Smashing Security podcast.

14. @ryanaraine | Ryan Naraine


If you had to meet one person in the cybersecurity industry, Ryan Naraine should probably be top of your list. Not only is he a thought leader and influencer, he is also very friendly, willing to help, make an introduction or point you in the right direction. Ryan Naraine is a storyteller with more than 20 years of experience in information security. His tweets are informative and timely, and it is recommended your notifications are set up to alert you whenever @ryanaraine tweets.

15. @JohnLaTwc | John Lambert


You can get an indication of how influential John Lambert is from his Twitter bio, which helpfully warns “**BEWARE There are Tech Support Scams that use my name **”. Distinguished Engineer at Microsoft, John has been with the company for over twenty years. He manages the Microsoft Threat Intelligence Center (MSTIC) in the Cloud and AI Division. John has a wealth of knowledge of adversaries and continues to help the cybersecurity community by publishing reports and tweeting about the latest techniques from @JohnLaTwc.

16. @RGB_Lights | Rob Joyce


Robert E. Joyce is a cybersecurity official who has served as special assistant to the President and Cybersecurity Coordinator on the U.S. National Security Council. He gave the keynote at 2018 DEF CON and has headed the NSA’s TAO (Tailored Access Operations) unit. Rob was also the person behind getting Ghidra released to the public, which has made a huge impact in the reverse engineering community. Although not a prolific Tweeter, if APTs and national security threats are on your radar, you want to be following @RGB_Lights.

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

17. @evacide | Eva Galperin


Eva Galperin is EFF‘s Director of Cybersecurity. Eva’s work is primarily focused on providing privacy and security for vulnerable populations around the world. In April 2019, she convinced anti-virus provider Kaspersky Lab to begin explicitly alerting users of security threats upon detection of stalkerware on the company’s Android product. Eva also asked Apple to allow antivirus applications in its marketplace and, like Kaspersky, to alert its users if their mobile devices have been jailbroken or rooted. Always relevant and often humorous, @evacide is an infosec account not to be missed.

18. @marcusjcarey | Marcus J Carey


Marcus Carey is co-editor of the Tribe of Hackers series of books offering real-world advice from leading cybersecurity experts on everything from Blue and Red Teaming to C-Suite advice on how to build and manage solid enterprise security teams. Marcus is passionate about creating technology solutions that improve cybersecurity for everyone. His tweets are very helpful and @marcusjcarey is always generous with his time in answering questions on any topic.

19. @taviso | Tavis Ormandy


Tavis Ormandy is a vulnerability researcher at Google Project Zero. If you are interested in understanding and hunting for vulnerabilities in software, @taviso is a must follow. Find the time to read everything he’s posted on his personal blog as well as on the Project Zero site and you’ll come away both enlightened and enthused, ready to tackle your own projects with the same zeal and dogged determination.

20. @adversariel | Ariel Herbert-Voss


Ariel Herbert-Voss is an adversarial machine learning and security expert. Her work includes demonstrating practical attacks that can undermine privacy considerations in large language models. She is also the co-founder of AI Village at DEF CON. @adversariel is wicked good at what she does and her Twitter feed shows it.

21. @craiu | Costin Raiu


Costin Raiu describes himself as a “Romanian antihacker from another planet”, but it seems while Costin is visiting Earth, he also happens to be director of Global Research and Analysis at Kaspersky. As such, @craiu is a superb source of intel ranging from new zero-day discoveries to retweets from “the best of the rest” covering breaking news in threat intelligence.

Conclusion

Limiting ourselves to just twenty one of the best Twitter accounts to follow during 2021 of course means there’s plenty of Twitter cybercelebs and gurus we couldn’t include. We compiled this list with the help of our own SentinelLabs researchers @MarcoFigueroa and @philofishal, who are also both worth following for relevant content and breaking research on Windows, Linux and macOS topics. Finally, we’d be remiss not to mention that you can keep up with all our news on Twitter, too, by following @SentinelOne and @LabsSentinel.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security