The Good, the Bad and the Ugly in Cybersecurity – Week 6

The Good

A court in Dublin, Ireland, has sentenced two cyber criminals, Daniel Almajanu, 35, and his aid Albert Gimy Linul, 29, to four and three years in prison, respectively. The two were a part of a gang that ran a carding operation, stealing credit card details and manufacturing counterfeit cards. Using a skimmer, they collected card details from more than 1000 people at several UK bank outlets as well as the London Underground. Then they embedded these on empty plastic cards using a card writer.

Once ready, they set out to test the cards at various shops around Dublin, buying goods such as cigarettes and liquor, which they then sold on. They were caught in a Dublin pub after raising the suspicions of local police officers. They were found to be carrying 65 counterfeit cards between them, which led to the police searching their homes and seizing a laptop containing stolen data that had the potential to yield up to €5m.

After the arrest, it was discovered that the two were a part of a larger Romanian cyber criminal gang and are wanted by the Belgian, UK and Romanian police forces as well as Europol. Authorities are investigating the gang not only for credit card fraud but also to links with human trafficking, money laundering and prostitution.

The Bad

The SolarWinds hack continues to unfold in several different directions. First, Reuters disclosed this week that it was not only Russian APTs that piggy-backed on the software products made by the company but also Chinese hackers. It now seems that Chinese cyberspies exploited a flaw in the software made by SolarWinds to help themselves compromise U.S. government computers last year.

The vulnerability exploited was different from the one used by Russian hackers to break into numerous organizations throughout the majority of 2020. The flaw was used to breach the National Finance Center, a federal payroll agency, potentially exposing data belonging to thousands of government employees, including staff at the Department of Homeland Security.

Meanwhile, as for SolarWinds Orion, the software originally used as an entry point by Russian hackers, it was announced this week that three new vulnerabilities had been identified and patched. Discovered by researchers at Trustwave’s SpiderLabs unit, the bugs have been assigned CVEs 2021-25274, 2021-25275 and CVE-2021-25276. The most critical, CVE-2021-25276 in SolarWinds Serv-U FTP for Windows, allows remote code execution with high privileges. There is no evidence at present that any of the vulnerabilities have been actively exploited in the wild, but admins and users are advised to update at the earliest opportunity.

SolarWinds have also said that they have managed to identify the original source of the breach. CEO Sudhakar Ramakrishna announced this week that “suspicious activity” in SolarWinds’ Office 365 environment allowed hackers to gain access to and exploit the Orion development environment. It is unclear weather the attackers penetrated the company’s environment through compromised credentials or through a third-party application that capitalized on a zero-day vulnerability. In the latter case, that would make it one of the most sophisticated supply chain attacks in history: hacking a 3rd party vendor to hack SolarWinds to hack other U.S. companies and government agencies.

The Ugly

Over three million customers of a U.S. car company have had their details stolen after a cyber criminal posted them to a dark web forum, reports Infosecurity magazine. The data was stolen from DriveSure, a car dealership service provider focused on employee training programs and customer retention (also known as Krex, Inc) back in December. The data included names, home and email addresses, phone numbers, car and damage details, text and email messages with dealerships.

Security reserachers from Risk Based Security said that nearly 30GB of data had been stolen, including the company’s MySQL databases, logs and backups of their databases, and some 3.3 million email addresses. The leak contains many .mil and .gov email addresses, and more than 5000 addresses from more than a hundred leading corporations, which makes it a very lucrative haul for threat actors.

The data can be used for anything from nation-state spearphishing operations, malware and ransomware campaigns and even simpler insurance fraud schemes. The PIIs leaked in this breach could be exploited to break into bank and email accounts, resulting in additional collateral damage to DriveSure clients. For their part, DriveSure responded promptly to Risk Based Security and are said to be investigating the incident.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Lightspeed’s Gaurav Gupta and Grafana’s Raj Dutt discuss pitch decks, pricing and how to nail the narrative

Before he was a partner at Lightspeed Venture Partners, Gaurav Gupta had his eye on Grafana Labs, the company that supports open-source analytics platform Grafana. But Raj Dutt, Grafana’s co-founder and CEO, played hard to get.

This week on Extra Crunch Live, the duo explained how they came together for Grafana’s Series A — and eventually, its Series B. They also walked us through Grafana’s original Series A pitch deck before Gupta shared the aspects that stood out to him and how he communicated those points to the broader partnership at Lightspeed.

Gupta and Dutt also offered feedback on pitch decks submitted by audience members and shared their thoughts about what makes a great founder presentation, pulling back the curtain on how VCs actually consume pitch decks.

We’ve included highlights below as well as the full video of our conversation.

We record new episodes of Extra Crunch Live each Wednesday at 12 p.m. PST/3 p.m. EST/8 p.m. GMT. Check out the February schedule here.

Episode breakdown:

  • How they met — 2:20
  • Grafana’s early pitch deck — 12:25
  • The enterprise ecosystem — 26:00
  • The pitch deck teardown — 33:00

How they met

As soon as Gupta joined Lightspeed in June 2019, he began pursuing Dutt and Grafana Labs. He texted, called and emailed, but he got little to no response. Eventually, he made plans to go meet the team in Stockholm but, even then, Dutt wasn’t super responsive.

The pair told the story with smiles on their faces. Dutt said that not only was he disorganized and not entirely sure of his own travel plans to see his co-founder in Stockholm, Grafana wasn’t even raising. Still, Gupta persisted and eventually sent a stern email.

“At one point, I was like ‘Raj, forget it. This isn’t working’,” recalled Gupta. “And suddenly he woke up.” Gupta added that he got mad, which “usually does not work for VCs, by the way, but in this case, it kind of worked.”

When they finally met, they got along. Dutt said they were able to talk shop due to Gupta’s experience inside organizations like Splunk and Elastic. Gupta described the trip as a whirlwind, where time just flew by.

“One of the reasons that I liked Gaurav is that he was a new VC,” explained Dutt. “So to me, he seemed like one of the most non-VC VCs I’d ever met. And that was actually quite attractive.”

To this day, Gupta and Dutt don’t have weekly standing meetings. Instead, they speak several times a week, conversing organically about industry news, Grafana’s products and the company’s overall trajectory.

Grafana’s early pitch deck

Dutt shared Grafana’s pre-Series A pitch deck — which he actually sent to Gupta and Lightspeed before they met — with the Extra Crunch Live audience. But as we know now, it was the conversations that Dutt and Gupta had (eventually) that provided the spark for that deal.

BigChange raises $102M for a platform to help manage service fleets

We talk a lot these days about the future of work and the proliferation of new and better tools for distributed workforces, but companies focused on developing fleet management software — even if they have not really been viewed as “tech startups” — have been working on this problem for many years already. Today, one of the older players in the field is announcing its first significant round of investment, a sign both of how investors are taking more notice of these B2B players, and how the companies themselves are seeing a new opportunity for growth.

BigChange, a U.K. startup that builds fleet management software to help track and direct jobs to those on the go whose “offices” tend to be vehicles, has closed a round of £75 million ($102 million at today’s rates). U.S. investor Great Hill Partners led the round.

The company has built a business by tapping into the advances of technology to build apps for field service engineers and those back at the mothership who run operations and help manage their jobs, workers who in the past might have used phone calls, paperwork and lots of extra round trips between offices and sites in order to run things.

“I founded BigChange to revolutionise mobile workforce management and bring it into the 21st century. Our platform eliminates paperwork, dramatically cuts carbon, creates efficiency, promotes safer driving and means that engineers are spending less time on the roads or filling out forms and more time completing jobs,” said founder and CEO Martin Port in a statement. “We are incredibly excited to partner with Great Hill and leverage their successful track-record scaling vertical and enterprise software companies both in the U.K. and overseas.”

BigChange said that Great Hill’s stake values the company at £100 million (or $136 million). One report points to part of that funding being a secondary transaction, with Port pocketing £48 million of that. The company has been around since 2012 and appears to be profitable. It has raised very little in funding (around $2 million) before this, at one point trying to raise an angel round but cancelling the process before it completed, according to filings tracked by PitchBook.

As the technology industry continues to become essentially a part of every other industry in the world, this deal is notable as a sign of how its boundaries are expanding and getting more blurred.

BigChange is not a London startup, nor from the Cambridge or Oxford areas, nor from Bristol or anywhere in the south. It’s from the north, specifically Leeds — a city that has an impressive number of startups in it even if these have not had anything like the funding or attention that startups in cities and areas in the South have attracted. (One eye-catching exception is the online store Pharmacy2U: the Leeds startup has been backed by Atomico, BGF and others: given the interest of companies like Amazon to grow in this space, it’s likely one to watch.)

One of the big themes in technology right now is how a lot of the action is getting decentralised — a result of many of us now working remotely to stave off the spread of COVID-19, many people using that situation to reconsider whether they need to be living in any specific place at all, and subsequently choosing to relocate from expensive regions like the Bay Area to other places for better quality of life.

There are of course other cities, like Manchester, Edinburg, Cardiff and more in the U.K., with technology ecosystems (just as there have been across many cities in the U.S. for years). But when one of these, this time out of Leeds, attracts a significant funding round, it points to the potential of something similar playing out in the U.K., too, with not just talent but more money going into regions beyond the usual suspects.

The other part of the decentralisation story here focuses on what BigChange is actually building.

Here, it’s one of the many companies that have dived into the area of building apps and larger pieces of software aimed not at “knowledge workers” but those who do not sit at desks, are on the move and tend to work with their hands. For those who are on the road, it has apps to better manage their jobs and routes (which it calls JourneyWatch). For those back in the dispatch part of the operations, it has an app to track them better and use the software to balance the jobs and gain further analytics from the work (sold as JobWatch). These work on ruggedised devices and lean on SaaS architecture for distribution, and there are some 50,000 people across some 1,500 organizations using its apps today, with those customers located around the world, but with a large proportion of them in the U.K. itself.

BigChange is not the only company targeting workers in the field. We covered a significant funding round for another one of them out of North America, Jobber, which builds software for service professionals, just last month. Others tapping into the opportunity of bringing tech to a wider audience beyond knowledge workers include Hover (technology and a wider set of tools for home repair people to source materials, make pricing and work estimates, and run the administration of their businesses) and GoSite (a platform to help all kinds of SMBs — the key factor being that many of them are coming online for the first time — build out and run their businesses). Others in this specific area include Klipboard, Azuga, ServiceTitan, ServiceMax and more.

You might recognise the name Great Hill Partners as the PE firm that has taken majority stakes in a range of media companies like Gizmodo, Ziff Davis (way back when) and Storyblocks, and backed companies like The RealReal and Wayfair. In this case, the company was attracted by how BigChange was being adopted by a very wide range of industries that fall under “field service” as part of their workload.

“Unlike niche players that focus on smaller customers and specific sub-verticals, Martin and his accomplished team have built a flexible, all-in-one platform for field service professionals and operators,” said Drew Loucks, a partner at Great Hill Partners, in a statement. “BigChange’s technology is differentiated not only by its ability to serve commercial and residential clients of nearly any scale or vertical, but also by its award-winning product development and customer service capabilities.”

Microsoft launches Viva, its new take on the old intranet

Microsoft today launched Viva, a new “employee experience platform,” or, in non-marketing terms, its new take on the intranet sites most large companies tend to offer their employees. This includes standard features like access to internal communications built on integrations with SharePoint, Yammer and other Microsoft tools. In addition, Viva also offers access to team analytics and an integration with LinkedIn Learning and other training content providers (including the likes of SAP SuccessFactors), as well as what Microsoft calls Viva Topics for knowledge sharing within a company.

If you’re like most employees, you know that your company spends a lot of money on internal communications and its accompanying intranet offerings — and you then promptly ignore that in order to get actual work done. But Microsoft argues that times are changing, as remote work is here to stay for many companies, even after the pandemic (hopefully) ends. Even if a small percentage of a company’s workforce remains remote or opts for a hybrid approach, those workers still need to have access to the right tools and feel like they are part of the company.

Image Credits: Microsoft

“We have participated in the largest at-scale remote work experiment the world has seen and it has had a dramatic impact on the employee experience,” Microsoft CEO Satya Nadella said in a pre-recorded video. “As the world recovers, there is no going back. Flexibility in when, where and how we work will be key.”

He argues that every organization will require a unified employee experience platform that supports workers from their onboarding process to collaborating with their colleagues and continuing their education within the company. Yet as employees work remotely, companies are now struggling to keep their internal culture and foster community among employees. Viva aims to fix this.

Unsurprisingly, Viva is powered by Microsoft 365 and all of the tools that come with that, as well as integrations with Microsoft Teams, the company’s flagship collaboration service, and even Yammer, the employee communication tool it acquired back in 2012 and continues to support.

There are several parts to Viva: Viva Connections for accessing company news, policies, benefits and internal communities (powered by Yammer); Viva Learning for, you guessed it, accessing learning resources; and Viva Topics, the service’s take on company-wide knowledge sharing. For the most part, that’s all standard fair in any modern intranet, whether it’s from a startup provider or an established player like Jive.

Viva Insights feels like the odd one out here, especially after Microsoft’s kerfuffle around its Productivity Score. The idea here is to give managers insights into whether their team (but not individual team members) are at risk of burnout, for example, in order to encourage them to turn off notifications or set daily priorities (a good manager, I’d hope, could do this without analytics, but here we are, in 2021). It’s also meant to help company leaders “address complex challenges and respond to change by shedding light on organizational work patterns and trends.” Sure.

Because this is Microsoft in 2021, there’s also a lot of talk about employee well-being in today’s announcement. For most employees, that means fewer meetings, more focus time and turning off notifications after work. Obviously there are technical tools to help with that, but it’s really a question of company culture and management. I’m not sure you need analytics integrated with LinkedIn’s Glint for that, but you can now have those, too.

“As the world of work changes, the next horizon of innovation will come from a focus on creativity, engagement and well-being so organizations can build cultures of resilience and ingenuity,” said Jared Spataro, corporate vice president, Microsoft 365. “Our vision is to deliver a platform for the employee experience that helps organizations create a thriving culture with engaged employees and inspiring leaders.”

The cloud infrastructure market hit $129B in 2020

The cloud infrastructure market in 2020 reflected society itself, with the richest companies getting richer and the ones at the bottom of the market getting poorer. It grew to $129 billion for the year, according to data from Synergy Research Group. That’s up from around $97 billion in 2019.

Synergy also reported that the cloud infra market reached $37 billion in the fourth quarter, up from $33 billion in the third quarter, and 35% from a year ago.

I’ve heard from every founder under the sun for the last nine months that the pandemic was accelerating digital transformation, and that a big part of that was an expedited shift to the cloud. These numbers would seem to bear that out.

As usual the big three were Amazon, Microsoft and Google, with Alibaba now firmly entrenched in fourth place and IBM falling back to fifth. But Microsoft grew more quickly than rival Amazon, reaching 20% market share at the end of 2020 for the first time. Keep in mind that the Redmond-based software giant has now doubled its share since 2017. That’s remarkably rapid rapid growth. Meanwhile Google and Alibaba took home 9% and 6%, respectively.

Here’s what that all looks like in chart form:

Cloud infrastructure marketshare for fourth quarter 2020 from Synergy Research.

Image Credits: Synergy Research

Amazon is an interesting case in that it has plateaued at around 33% for four straight years of Synergy data, but because it’s one-third share of an increasingly growing market, that means that it has kept growing its public cloud revenues as the category itself has expanded.

Amazon closed out the year with $12.74 billion in Q4 AWS revenue, putting it on a run rate of just over $50 billion for the first time. That was up from $11.6 billion the prior quarter. While Microsoft’s numbers are always difficult to parse from its earning’s reports, doing the math of 20% of $37 billion, it came in with $7.4 billion up from $5.9 billion last quarter.

Google brought in $3.3 billion, up from $2.98 billion in Q3 2020, and Alibaba pulled in $2.22 billion, up from $1.65 billion over the same time frame.

John Dinsdale, principal analyst at Synergy, says the leaders are pretty firmly entrenched at this point with huge absolute market numbers and also huge gaps between the cloud providers. “AWS has been a great success story for over 10 years now and it remains in an extremely strong market position despite increasing competition from a broad swathe of strong IT industry companies. That is a great testament both to Amazon and to the AWS leadership team and you’d have to suspect that will not change with the new regime,” he told me.

He sees Microsoft as a worthy rival, but one that is bound to hit a growth wall at some point. “It is certainly feasible that Microsoft will continue to narrow the gap between itself and Amazon, but the bigger Microsoft Azure becomes the tougher it is to maintain really high growth rates. That is just the law of large numbers.”

Meanwhile, market share at the bottom of the cloud infrastructure space continued to decline even while the number of dollars at stake have continued to expand dramatically. “The market share losers have been the large group of smaller cloud providers, who collectively have lost 13 percentage points of market share over the last 16 quarters,” Synergy wrote in a statement.

Dinsdale says all is not lost for these players, however. “Regarding the smaller players (or the big companies that have only a small market share), they can either focus on specific market niches (can be based around geography, service type or customer vertical) or they can try to offer a broad range of cloud services to a broad range of customers. Companies doing the former can do quite well, while companies doing the latter will find it extremely tough,” Dinsdale told me.

It’s worth noting that Canalys has slightly different numbers with a total market of around $142 billion and almost $40 billion for the quarter, but the percentages are in line with Synergy’s:

Canalys 4th quarter 2021 cloud infrastructure market share percentages

Image Credits: Canalys

At some point the numbers get so big they almost cease to have meaning, but as large as the public cloud revenue numbers become, they remain a relatively small percentage of overall worldwide IT spend. According to Gartner estimates, worldwide IT spend in 2020 was $3.6 trillion (with a T). That means that the cloud infrastructure market accounted for just 3.85% of total spend in 2020.

Think about that for a moment: less than 4% of IT spend currently is on cloud infrastructure, leaving so much room for growth and for those billions to grow ever bigger in the coming years.

It would certainly make it more interesting if someone could come in and disrupt the leaders, but for now at least they are going to be hard to push out of the way unless something unforeseen and dramatic happens to the way we think about computing.

HubSpot acquires media startup The Hustle

Marketing software company HubSpot is acquiring The Hustle, the business and tech media startup behind the popular newsletter of the same name.

Axios broke the news of the deal and reported that it values the startup at around $27 million. HubSpot declined to comment on the deal price, and while tweeting about the acquisition, The Hustle CEO Sam Parr wrote, “Early in my career I was transparent with money. But I didn’t like the result of sharing that stuff. So we’re not disclosing the price and HubSpot has agreed. I’m taking it to the grave!”

In its press release about the acquisition, HubSpot noted that customers are finding its products through content like its YouTube videos and HubSpot Academy.

“By acquiring The Hustle, we’ll be able to better meet the needs of these scaling companies by delivering educational, business and tech trend content in their preferred formats,” said HubSpot’s senior vice president of marketing Kieran Flanagan in a statement. “Sam and his team have a proven ability to create content that entrepreneurs, startups and scaling companies are deeply passionate about, and I’m excited to bring them on board to take that work to the next level.”

HubSpot says The Hustle’s flagship newsletter has 1.5 million subscribers. It also has a subscription offering called Trends and a podcast called My First Million.

“The goal is to build the largest business content network in the world,” Parr tweeted. “Soon, we’ll expand to a variety of mediums on a bunch of different topics and will have really innovative products coming out. We’re also going to hire the best content creators in the world.”

Google Cloud launches Apigee X, the next generation of its API management platform

Google today announced the launch of Apigee X, the next major release of the Apgiee API management platform it acquired back in 2016.

“If you look at what’s happening — especially after the pandemic started in March last year — the volume of digital activities has gone up in every kind of industry, all kinds of use cases are coming up. And one of the things we see is the need for a really high-performance, reliable, global digital transformation platform,” Amit Zavery, Google Cloud’s head of platform, told me.

He noted that the number of API calls has gone up 47% from last year and that the platform now handles about 2.2 trillion API calls per year.

At the core of the updates are deeper integrations with Google Cloud’s AI, security and networking tools. In practice, this means Apigee users can now deploy their APIs across 24 Google Cloud regions, for example, and use Google’s caching services in more than 100 edge locations.

Image Credits: Google

In addition, Apigee X now integrates with Google’s Cloud Armor firewall and its Cloud Identity Access Management platform. This also means that Apigee users won’t have to use third-party tools for their firewall and identity management needs.

“We do a lot of AI/ML-based anomaly detection and operations management,” Zavery explained. “We can predict any kind of malicious intent or any other things which might happen to those API calls or your traffic by embedding a lot of those insights into our API platform. I think [that] is a big improvement, as well as new features, especially in operations management, security management, vulnerability management and making those a core capability so that as a business, you don’t have to worry about all these things. It comes with the core capabilities and that is really where the front doors of digital front-ends can shine and customers can focus on that.”

The platform now also makes better use of Google’s AI capabilities to help users identify anomalies or predict traffic for peak seasons. The idea here is to help customers automate a lot of the standards automation tasks and, of course, improve security at the same time.

As Zavery stressed, API management is now about more than just managing traffic between applications. But more than just helping customers manage their digital transformation projects, the Apigee team is now thinking about what it calls “digital excellence.” “That’s how we’re thinking of the journey for customers moving from not just ‘hey, I can have a front end,’ but what about all the excellent things you want to do and how we can do that,” Zavery said.

“During these uncertain times, organizations worldwide are doubling-down on their API strategies to operate anywhere, automate processes, and deliver new digital experiences quickly and securely,” said James Fairweather, chief innovation officer at Pitney Bowes. “By powering APIs with new capabilities like reCAPTCHA Enterprise, Cloud Armor (WAF), and Cloud CDN, Apigee X makes it easy for enterprises like us to scale digital initiatives, and deliver innovative experiences to our customers, employees and partners.”

Daily Crunch: Microsoft rethinks corporate intranet

Microsoft tries to improve corporate intranet, Google will offer new smartphone health measurements and 23andMe is going public via SPAC. This is your Daily Crunch for February 4, 2021.

The big story: Microsoft rethinks corporate intranet

Microsoft launched what it’s calling a new “employee experience platform,” designed to reinvent those corporate intranet sites that large companies use to share content with their employees.

What makes this new platform, called Viva, any different? Well, it integrates with Microsoft’s other collaboration tools like SharePoint and Yammer, along with LinkedIn Learning and other training services, and it also includes team analytics.

In a pre-recorded video, CEO Satya Nadella said Microsoft is launching this because, “We have participated in the largest at-scale remote work experiment the world has seen and it has had a dramatic impact on the employee experience. As the world recovers, there is no going back. Flexibility in when, where and how we work will be key.”

The tech giants

Venmo to gain crypto, budgeting, savings and Honey integrations this year — The Venmo mobile payments app is going to look very different in 2021 as it inches closer to neobank territory.

Google to offer heart and respiratory rate measurements using just your smartphone’s camera — Google is introducing features that will allow users to take vital health measurements using just the camera they already have on their smartphone.

HubSpot acquires media startup The Hustle — HubSpot says content is an increasingly important part of its business, with customers finding its products through things like YouTube videos and HubSpot Academy.

Startups, funding and venture capital

23andMe set to go public via a Virgin Group SPAC merger — The transaction is expected to result in 23andMe having around $984 million in cash available at close.

Accel backs Mexican startup Flink’s effort to bring consumer investing to Latin America — Since launching its first brokerage product in July of 2020, Flink has surpassed 1 million users and 800,000 active brokerage accounts.

Tovala, the smart oven and meal kit service, heats up with $30M more in funding — This is the second round of funding for the startup in the space of six months.

Advice and analysis from Extra Crunch

Four strategies for deep tech founders who are fundraising — Step one: Use storytelling to highlight your big vision.

Why one Databricks investor thinks the company may be undervalued — The recent Databricks funding round, a $1 billion investment at a $28 billion valuation, was one of the year’s most notable private investments so far.

Extra Crunch is now hiring for reporter, editor and project manager positions — Extra Crunch is about to turn two years old and we now have a lot of demanding subscribers. (We love them, of course.)

(Extra Crunch is our membership program, which helps founders and startup teams get ahead. You can sign up here.)

Everything else

A growing number of startups are creating APIs to assess and offset corporate carbon emissions — It was only a matter of time before application programming interfaces came for the carbon credit offsets.

The cloud infrastructure market hit $129B in 2020 — That’s up from around $97 billion in 2019, according to data from Synergy Research Group.

China’s national blockchain network embraces global developers — Last year, an ambitious, government-backed blockchain infrastructure network launched in China.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.

At the center of the account ban wave are some of the most active members of OGUsers, a forum that caters to thousands of people selling access to hijacked social media and other online accounts.

Particularly prized by this community are short usernames, which can often be resold for thousands of dollars to those looking to claim a choice vanity name.

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting.

THE MIDDLEMEN

Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Like most cybercrime forums, OGUsers is overrun with shady characters who are there mainly to rip off other members. As a result, some of the most popular denizens of the community are those who’ve earned a reputation as trusted “middlemen.”

These core members offer escrow services that – in exchange for a cut of the total transaction cost (usually five percent) — will hold the buyer’s funds until he is satisfied that the seller has delivered the credentials and any email account access needed to control the hijacked social media account.

For example, one of the most active accounts targeted in this week’s social network crackdown is the Instagram profileTrusted,” self-described as “top-tier professional middleman/escrow since 2014.”

Trusted’s profile included several screenshots of his OGUsers persona, “Beam,” who warns members about an uptick in the number of new OGUsers profiles impersonating him and other middlemen on the forum. Beam currently has more reputation points or “vouches” than almost anyone on the forum, save for perhaps the current and former site administrators.

The now-banned Instagram account for the middleman @trusted/beam.

Helpfully, OGUsers has been hacked multiple times over the years, and its database of user details and private messages posted on competing crime forums. Those databases show Beam was just the 12th user account created on OGUsers back in 2014.

In his posts, Beam says he has brokered well north of 10,000 transactions. Indeed, the leaked OGUsers databases — which include private messages on the forum prior to June 2020 — offer a small window into the overall value of the hijacked social media account industry.

In each of Beam’s direct messages to other members who hired him as a middleman he would include the address of the bitcoin wallet to which the buyer was to send the funds. Just two of the bitcoin wallets Beam used for middlemanning over the past of couple of years recorded in excess of 6,700 transactions totaling more than 243 bitcoins — or roughly $8.5 million by today’s valuation (~$35,000 per coin)Beam would have earned roughly $425,000 in commissions on those sales.

Beam, a Canadian whose real name is Noah Hawkins, declined to be interviewed when contacted earlier this week. But his “Trusted” account on Instagram was taken down by Facebook today, as were “@Killer,” — a personal Instagram account he used under the nickname “noah/beam.” Beam’s Twitter account — @NH — has been deactivated by Twitter; it was hacked and stolen from its original owner back in 2014.

Reached for comment, Twitter confirmed that it worked in tandem with Facebook to seize accounts tied to top members of OGUsers, citing its platform manipulation and spam policy. Twitter said its investigation into the people behind these accounts is ongoing.

TikTok confirmed it also took action to target accounts tied to top OGUusers members, although it declined to say how many accounts were reclaimed.

“As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok usernames that were being used for account squatting,” TikTok said in a written statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.”

‘SOCIAL MEDIA SPECIALISTS’

Other key middlemen who’ve brokered thousands more social media account transactions via OGUsers that were part of this week’s ban wave included Farzad (OGUser #81), who used the Instagram accounts @middleman and @frzd; and @rl, a.k.a. “Amp,” a major middleman and account seller on OGUusers.

Naturally, the top middlemen in the OGUsers community get much of their business from sellers of compromised social media and online gaming accounts, and these two groups tend to cross-promote one another. Among the top seller accounts targeted in the ban wave was the Instagram account belonging to Ryan Zanelli (@zanelli), a 22-year-old self-described “social media marketing specialist” from Melbourne, Australia.

The leaked OGusers databases suggest Zanelli is better known to the OGusers community as “Verdict,” the fifth profile created on the forum and a longtime administrator of the site.

Reached via Telegram, Zanelli acknowledged he was an administrator of OGUsers, but denied being involved in anything illegal.

“I’m an early adaptor to the forum yes just like other countless members, and no social media property I sell is hacked or has been obtained through illegitimate means,” he said. “If you want the truth, I don’t even own any of the stock, I just resell off of people who do.”

This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic, some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes.

“This is my full-time income, so it’s very detrimental to my livelihood,” Zanelli told The Atlantic, which identified him only by his first name. “I was trying to eat dinner and socialize with my family, but knowing behind the scenes everything I’ve built, my entire net worth, was just gone before my eyes.”

Another top seller account targeted in the ban wave was the Instagram account @h4ck, whose Telegram sales channel also advertises various services to get certain accounts banned and unbanned from differed platforms, including Snapchat and Instagram.

Snippets from the Telegram sales channel for @h4ck, one of the Instagram handles seized by Facebook today.

Facebook said while this is hardly the first time it has reclaimed accounts associated with hijackers, it is the first time it has done so publicly. The company says it has no illusions that this latest enforcement action is going to put a stop to the rampant problem of account hijacking for resale, but views the effort as part of an ongoing strategy to drive up costs for account traffickers, and to educate potential account buyers about the damage inflicted on people whose accounts are hijacked.

In recognition of the scale of the problem, Instagram today rolled out a new feature called “Recently Deleted,” which seeks to help victims undo the damage wrought by an account takeover.

“We know hackers sometimes delete content when they gain access to an account, and until now people had no way of easily getting their photos and videos back,” Instagram explained in a blog post. “Starting today, we will ask people to first verify that they are the rightful account holders when permanently deleting or restoring content from Recently Deleted.”

Facebook wasn’t exaggerating about the hijacking community’s use of extortion and other serious threats to gain control over highly prized usernames. I wish I could get back the many hours spent reading private messages from the OGUsers community, but it is certainly not uncommon for targets to be threatened with swatting attacks, or to have their deeply personal and/or financial information posted publicly online unless they relinquish control over a desired account.

WHAT YOU CAN DO

Any accounts that you value should be secured with a unique and strong password, as well the most robust form of multi-factor authentication available. Usually, this is a mobile app that generates a one-time code, but some sites like Twitter and Facebook now support even more robust options — such as physical security keys.

Whenever possible, avoid opting to receive the second factor via text message or automated phone calls, as these methods are prone to compromise via SIM swapping — a crime that is prevalent among people engaged in stealing social media accounts. SIM swapping involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

These precautions are even more important for any email accounts you may have. Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts –merely by requesting a password reset email. Unfortunately, many email providers still let users reset their account passwords by having a link sent via text to the phone number on file for the account.

Most online services require users to supply a mobile phone number when setting up the account, but do not require the number to remain associated with the account after it is established. I advise readers to remove their phone numbers from accounts wherever possible, and to take advantage of a mobile app to generate any one-time codes for multifactor authentication.

TouchCast raises $55M to grow its mixed reality-based virtual event platform

Events — when they haven’t been cancelled altogether in the last 12 months due to the global health pandemic — have gone virtual and online, and a wave of startups that are helping people create and participate in those experiences are seeing a surge of attention — and funding.

In the latest development, New York video startup TouchCast — which has developed a platform aimed at companies to produce lifelike, virtual conferences and other events without much technical heavy-lifting — has picked up funding of $55 million, money that co-founder and CEO Edo Segal said the startup will use to build out its services and teams after being “overrun by demand” in the wake of COVID-19.

The funding is being led by a strategic investor, Accenture Ventures — the investment arm of the systems integrator and consultancy behemoth — with Alexander Capital Ventures, Saatchi Invest, Ronald Lauder and other unnamed investors also participating. The startup up to now has been largely self-funded, and while Segal isn’t disclosing the valuation, he said it was definitely in the nine-figures (that is, somewhere in the large region of hundreds of millions of dollars).

Accenture has been using TouchCast’s technology for its own events, but that is likely just one part of its interest: Accenture also has a lot of corporate customers that tap it to build and implement interactive services, so potentially this could lead to more customers in TouchCast’s pipeline.

(Case in point: My interview with Segal, over Zoom, found me speaking to him in the middle of a vast aircraft hangar, with a 747 from one of the big airlines of the world — I won’t say which — parked behind him. He said he’d just come from a business pitch with the airline in question.)

A lot of what we have seen in virtual events, and in particular conferences, has to date been, effectively, a managed version of a group call on one of the established videoconferencing platforms like Zoom, Google’s Hangout, Microsoft’s Teams, Webex and so on.

You get a screen with participants’ individual video streams presented to you in a grid more reminiscent of the opening credits of the Brady Bunch or Hollywood Squares than an actual stage or venue.

There are some, of course, that are taking a much different route. Witness Apple’s online events in the last year, productions that have elevated what a virtual event can mean, with more detail and information, and less awkwardness, than an actual live event.

The problem is that not every company is Apple, unable to afford much less execute Hollywood-level presentations.

The essence of what TouchCast has built, as Segal describes it, is a platform that combines computer vision, video streaming technology and natural language processing to let other organizations create experiences that are closer to that of the iPhone giant’s than they are to a game show.

“We have created a platform so that all companies can create events like Apple’s,” Segal said. “We’re taking them on a journey beyond people sitting in their home offices.”

Yet “home office” remains the operative phrase. With TouchCast, people (the organizers and the onstage participants) still use basic videoconferencing solutions like Zoom and Teams — in their homes, even — to produce the action. But behind the scenes, TouchCast is taking those videos, using computer vision to trim out the people and place them into virtual “venues” so that they appear as if they are on stage in an actual conference.

These venues come from a selection of templates, or the organiser can arrange for a specific venue to be shot and used. And in addition to the actual event, TouchCast then also provides tools for audience members to participate with questions and to chat to each other. As the event is progressing, TouchCast also produces transcriptions and summaries of the key points for those who want them.

Segal said that TouchCast is not planning to make this a consumer-focused product, not even on the B2B2C side, but it’s preparing a feature so that when business conference organisers do want to hold a music segment with a special guest, those can be incorporated, too. (In all honesty, it seems like a small leap to use this for more consumer-focused events, too.)

TouchCast’s growth into a startup serving an audience of hungry and anxious event planners has been an interesting pivot that is a reminder to founders (and investors) that the right opportunities might not be the ones you think they are.

You might recall that the company first came out of stealth back in 2013, with former TechCrunch editor Erick Schonfeld one of the co-founders.

Back then, the company’s concept was to supercharge online video, by making it easier for creators to bring in interactive elements and media widgets into their work, to essentially make videos closer to the kind of interactivity and busy media mix that we find on web pages themselves.

All that might have been too clever by half. Or, it was simply not the right time for that technology. The service never made many waves, and one of my colleagues even assumed it had deadpooled at some point.

Not at all, it turns out. Segal (a serial entrepreneur who also used to work at AOL as VP of emerging platforms — AOL being the company that acquired TechCrunch and eventually became a part of Verizon) notes that the technology that TouchCast is using for its conferencing solution is essentially the same as what it built for its original video product.

After launching an earlier, less feature-rich version of what it has on the market today, it took the company about six months to retool it, adding in more mixed reality customization via the use of Unreal Engine, to make it what it is now, and to meet the demand it started to see from customers, who approached the startup for their own events after attending conferences held by others using TouchCast.

“It took us eight years to get to our overnight success story,” Segal joked.

Figures from Grand View Research cited by TouchCast estimate that virtual events will be a $400 billion business by 2027, and that has made for a pretty large array of companies building out experiences that will make those events worth attending, and putting on.

They include the likes of Hopin and Bizzabo — both of which have recently also raised big rounds — but also more enhanced services from the big, established players in videoconferencing like Zoom, Google, Microsoft, Cisco and more.

It’s no surprise to see Accenture throwing its hat into that ring as a backer of what it has decided is one of the more interesting technology players in that mix.

The reason is because many understand and now accept that — similar to working life in general — it’s very likely that even when we do return to “live” events, the virtual component, and the expectation that it will work well and be compelling enough to watch, is here to stay.

“Digital disruption, distributed workforces, and customer experience are the driving forces behind the need for companies to transform how they do business and move toward the future of work,” said Tom Lounibos, managing director, Accenture Ventures, in a statement. “For organizations to harness the power of virtual experiences to deliver business impact, the pandemic has shown that quality interactions and insights are needed. Our investment in Touchcast demonstrates our commitment to identifying the latest technologies that help address our clients’ critical business needs.”