A crypto company’s journey to Data 3.0

Data is a gold mine for a company.

If managed well, it provides the clarity and insights that lead to better decision-making at scale, in addition to an important tool to hold everyone accountable.

However, most companies are stuck in Data 1.0, which means they are leveraging data as a manual and reactive service. Some have started moving to Data 2.0, which employs simple automation to improve team productivity. The complexity of crypto data has opened up new opportunities in data, namely to move to the new frontier of Data 3.0, where you can scale value creation through systematic intelligence and automation. This is our journey to Data 3.0.

The complexity of crypto data has opened up new opportunities in data, namely to move to the new frontier of Data 3.0, where you can scale value creation through systematic intelligence and automation.

Coinbase is neither a finance company nor a tech company — it’s a crypto company. This distinction has big implications for how we work with data. As a crypto company, we work with three major types of data (instead of the usual one or two types of data), each of which is complex and varied:

  1. Blockchain: decentralized and publicly available.
  2. Product: large and real-time.
  3. Financial: high-precision and subject to many financial/legal/compliance regulations.

Image Credits: Michael Li/Coinbase

Our focus has been on how we can scale value creation by making this varied data work together, eliminating data silos, solving issues before they start and creating opportunities for Coinbase that wouldn’t exist otherwise.

Having worked at tech companies like LinkedIn and eBay, and also those in the finance sector, including Capital One, I’ve observed firsthand the evolution from Data 1.0 to Data 3.0. In Data 1.0, data is seen as a reactive function providing ad-hoc manual services or firefighting in urgent situations.

Can We Stop Pretending SMS Is Secure Now?

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Security researcher “Lucky225” worked with Vice.com’s Joseph Cox to intercept Cox’s incoming text messages with his permission. Lucky225 showed how anyone could do the same after creating an account at a service called Sakari, a company that helps celebrities and businesses do SMS marketing and mass messaging.

The “how they did it” was sickeningly simple. It cost just $16, and there was precious little to prevent someone from stealing your text messages without your knowledge. Cox writes:

Sakari offers a free trial to anyone wishing to see what the company’s dashboard looks like. The cheapest plan, which allows customers to add a phone number they want to send and receive texts as, is where the $16 goes. Lucky225 provided Motherboard with screenshots of Sakari’s interface, which show a red “+” symbol where users can add a number.

While adding a number, Sakari provides the Letter of Authorization for the user to sign. Sakari’s LOA says that the user should not conduct any unlawful, harassing, or inappropriate behavior with the text messaging service and phone number.

But as Lucky225 showed, a user can just sign up with someone else’s number and receive their text messages instead.

Lucky told KrebsOnSecurity that Sakari has since taken steps to block its service for being used with mobile telephone numbers. But he said Sakari is just one part of a much larger, unregulated industry that can be used to hijack SMS messages for many phone numbers.

“It’s not a Sakari thing,” Lucky225 replied when first approached for more details. “It’s an industry-wide thing. There are many of these ‘SMS enablement’ providers.”

The most common way thieves hijack SMS messages these days involves “sim swapping,” a crime that involves bribing or tricking employees at wireless phone companies into modifying customer account information.

In a SIM swap, the attackers redirect the target’s phone number to a device they control, and then can intercept the target’s incoming SMS messages and phone calls. From there, the attacker can reset the password of any account which uses that phone number for password reset links.

But the attacks Lucky225 has been demonstrating merely require customers of any number of firms to sign a sworn “letter of authorization” or LOA stating that they indeed do have the authority to act on behalf of the owner of the targeted number.

Allison Nixon is chief research officer at Unit221B, a New York City-based cyber investigations firm. An expert on SIM-swapping attacks who’s been quoted quite a bit on this blog, Nixon said she also had Lucky225 test his interception tricks on her mobile phone, only to watch her incoming SMS messages show up on his burner phone.

“This basically means the only thing standing between anyone and the equivalent of a SIM swap is a forged LOA,” Nixon said. “And the ‘fix’ put in seems to be temporary in nature.”

The interception method that Lucky225 described is still dangerously exposed by a number of systemic weaknesses in the global SMS network, he said.

Most large and legacy telecommunications providers validate transfer requests related to their customers by consulting NPAC, or the Number Portability Administration Center. When customers want to move their phone numbers — mobile or otherwise — that request is routed through NPAC to the customer’s carrier.

That change request carries what’s known as an ALT-SPID, which is a four-digit number that enables NPAC to identify the telecommunications company currently providing service to the customer. More importantly, as part of this process no changes can happen unless the customer’s carrier has verified the changes with the existing customer.

But Lucky225 said the class of SMS interception he’s been testing targets a series of authentication weaknesses tied to a system developed by NetNumber, a private company in Lowell, Mass. NetNumber developed its own proprietary system for mapping telecommunications providers that is used by Sakari and an entire industry of similar firms.

NetNumber developed its six-digit ALT SPIDs (NetNumber IDs) to better organize and track communications service providers that were all using other numbering systems (and differing numbers of digits). But NetNumber also works directly with dozens of voice-over-IP or Internet-based phone companies which do not play by the same regulatory rules that apply to legacy telecommunications providers.

“There are many VoIP providers that offer ‘off net’ ‘text enablement’,” Lucky225 explained. “Companies such as ZipWhip that promise to let you ‘Text enable your existing business phone number’ so that customers can text your main business line whether it be VoIP, toll-free or a landline number.”

As Lucky225 wrote in his comprehensive Medium article, there are a plethora of wholesale VoIP providers that let you become a reseller with little to no verification, many of them allow blanket Letters of Authorization (LOAs), where you as the reseller promise that you have an LOA on file for any number you want to text enable for your resellers or end-users.

“In essence, once you have a reseller account with these VoIP wholesalers you can change the Net Number ID of any phone number to your wholesale provider’s NNID and begin receiving SMS text messages with virtually no authentication whatsoever. No SIM Swap, SS7 attacks, or port outs needed — just type the target’s phone number in a text box and hit submit and within minutes you can start receiving SMS text messages for them. They won’t even be alerted that anything has happened as their voice & data services will continue to work as usual. Surprisingly, despite the fact that I publicly disclosed this in 2018, nothing has been done to stop this relatively unsophisticated attack.”

NetNumber declined to comment on the record, but instead referred to a statement from the CTIA, a trade association representing the wireless industry, which reads:

“After being made aware of this potential threat, we worked immediately to investigate it, and took precautionary measures. Since that time, no carrier has been able to replicate it. We have no indication of any malicious activity involving the potential threat or that any customers were impacted. Consumer privacy and safety is our top priority, and we will continue to investigate this matter.”

Lucky225 told KrebsOnSecurity many of the major mobile companies have moved to ensure none of their customers can be affected by changes requested through NetNumber or its partners. But he suspects some of the smaller wired and wireless telecommunications firms may still be vulnerable.

“I’m pretty sure it’s only the big carriers that they’re protecting now,” he said. “But there’s just so much we don’t know about what they patched because everyone is being so tight lipped about this right now.”

Nixon said it’s time for federal regulators to step up and protect consumers.

“Its clear this is a lot of foundational infrastructure mucky muck and some fundamental changes are going to need to happen here,” she said. “Regulators really need to get involved.”

WHAT CAN YOU DO?

Given the potentially broad impact of fraudsters abusing this and other weaknesses in the vast mobile ecosystem to completely subvert the security of SMS based communications and multi-factor authentication, it’s probably a good idea to rethink your relationship to your phone number. It’s now plainer than ever how foolish it is to trust SMS for anything.

My advice has long been to remove phone numbers from your online accounts wherever you can, and avoid selecting SMS or phone calls for second factor or one-time codes. Phone numbers were never designed to be identity documents, but that’s effectively what they’ve become. It’s time we stopped letting everyone treat them that way.

Any online accounts that you value should be secured with a unique and strong password, as well the most robust form of multi-factor authentication available. Usually, this is a mobile app like Authy or Google Authenticator that generates a one-time code. Some sites like Twitter and Facebook now support even more robust options — such as physical security keys.

Removing your phone number may be even more important for any email accounts you may have. Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts– merely by requesting a password reset email.

Unfortunately, many email providers still let users reset their account passwords by having a link sent via text to the phone number on file for the account. So remove the phone number as a backup for your email account, and ensure a more robust second factor is selected for all available account recovery options.

Here’s the thing: Most online services require users to supply a mobile phone number when setting up the account, but do not require the number to remain associated with the account after it is established. I advise readers to remove their phone numbers from accounts wherever possible, and to take advantage of a mobile app to generate any one-time codes for multifactor authentication.

Feature Spotlight: Fully Custom Role-Based Access Control

We are delighted to announce the next step in SentinelOne’s role-based access control (RBAC) capability: supporting fully custom roles. After collecting customer feedback for this new feature, we are now delivering it to the benefit of our global customer base, including but not limited to multi-site enterprises spanning multiple geographies.

Admins now have the flexibility to create unique roles with custom permission settings tuned to the specific needs of their organization, directly from the SentinelOne management console. The six (6) predefined roles – Viewer, C-Level, IT, SOC, IR Team, and Admin – remain unchanged and immediately available, to assist customers with a quick start. Administrators can also create granular API orchestration roles specific to an XDR workflow.

Custom RBAC Roles

Each SentinelOne customer can now customize permissions so that user experience is optimized for diverse groups of user personas in their organization. Building upon the principle of least privileges, administrators can build and fine-tune the right access level to the minimum set of resources which users need to do their job effectively, striking the right balance between business agility and security. For example, an administrator would not likely grant configuration change privileges for production assets to security analysts, who would instead alert the application owner for follow-up, or perhaps a persona in one site requires different permissions than a similar role at another.

Creating a Custom Role

Creating a custom role is simple. Before starting, make sure you have the appropriate scope selected. Then, from the Settings Panel, select the Users tab. Click Roles, and under Actions, New Role. Give it a unique name and description, then click to select/deselect the various permissions for this role. Once saved, you can assign users to the new role. It’s even easier than it sounds.

Editing a Custom Role

Perhaps you had an oversight or need to make a change. No problem. Modifying a role is equally straightforward. Click on a role name from the list, make the change, and save.

Duplicating a Custom Role

As an extra level of convenience when creating new roles, customers can copy a similar role and make the few permissions changes necessary. This helps admins move forward quickly.

Delete a Custom Role, Reassign Users

Sometimes, a custom role outlives its usefulness. Of course, when deleting a custom role, consideration should be given to the users who have been previously assigned to this role. SentinelOne understands this, so we made it easy for admins to delete a role and reassign users in the same breath.

To delete a role, simply select the role name checkbox, go to Actions > Delete Role. Then select the role to which you wish to reassociate affected users, and click Reassign & Delete. And, for the astute reader: the six aforementioned predefined roles can never be edited or deleted.

Summary

SentinelOne remains fully committed to customer success. Part of that commitment is listening and responding to customer feedback, which we are always grooming within our product innovation backlog. We hope that this fully customizable role capability helps simplify your cybersecurity journey.

To learn more about how SentinelOne has extended autonomous cybersecurity beyond the user endpoint to cloud workloads and IoT devices, feel free to visit our Singularity Cloud and Singularity Ranger pages.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Genesis raises $45M to expand its fintech-focussed low-code platform to more verticals

Low-code and no-code tools have been a huge hit with enterprises keen to give their operations more of a tech boost, but often lack the resources to handle more complex integrations. Today, one of the startups that has been building low-code finance tools is announcing funding to tap into that trend and expand its business.

Genesis — which has to date primarily worked with financial services companies, giving non-technical employees the tools to create ways to monitor and manage real-time risk, high-frequency trades and other activities — has picked up $45 million. It plans to use the funding to bring the tools it has already built to a wider set of verticals that have some of the same needs to manage risk, compliance and other factors as finance — healthcare and manufacturing are two examples — as well as to continue building more into the stack. 

This Series B includes a mix of financial investors along with strategic backers that speak to who already integrates with Genesis’ tools on their own platforms.

Led by Accel, it also includes participation from new backers GV (formerly Google Ventures) and Salesforce Ventures, in addition to existing investors Citi, Illuminate Financial and Tribeca Venture Partners, who also invested in this round. To give you an idea of who it works with, Citi, ING, London Clearing House and XP Investments are some of Genesis’ customers.

Originally conceived in 2012 in Brazil by a pair of British co-founders — Stephen Murphy (CEO) and James Harrison (CTO), who cut their teeth in the world of investment banking — Genesis had raised less than $5 million before this round, mostly bootstrapping its business and leaning on Murphy and Harrison’s existing relationships in the world of finance to grow its customer base.

Today, Murphy lives in and leads the business from Miami — where he moved from New York just as the COVID-19 pandemic was starting to gain steam last year — while James Harrison (CTO) leads part of the team based out of the U.K.

As you might imagine with so little funding before now for a company going on nine years old, Genesis was doing fine financially before this Series B, so the plan is to use the funding specifically to grow faster than it could have on its own steam. The startup is not disclosing its valuation with this round.

“We were not really fixated on valuation,” said Murphy in an interview, who said the funding came about after a number of VCs had approached the startup. “The most important thing is the future opportunity and where we could take the company with additional funding… this will help us hyper scale up.” He did note that the term sheets contained “some amazing numbers and multiples,” given the current interest in no-code and low-code technology.

Indeed, the vogue for no-code and low-code tech — other well-funded names in the crowded space include startups like Zapier, Airtable, Rows, Gyana, Bryter, Ushur, Creatio and EasySend, as well as significant launches from Google and Microsoft and other bigger players — is coming out of two trends colliding.

On one side, we’ve well and truly entered an era in enterprise technology — with the same trend playing out in consumer tech, too — where smart developers are taking sophisticated and complex services and putting “wrappers” around them by way of APIs and simpler (low- or no-code) interfaces, so that those sophisticated tools can in turn be integrated and implemented in more places. This saves needing to build or integrate that complexity from scratch and expands access to the processes within those wrappers.

On the other side, the thirst for tech knowledge has become well and truly mainstream and as a result is getting far more democratized. Working in a variety of applications, using different digital tools and devices and seeing the fruits of tech pay off are all second nature to today’s working world — whether or not you are a technologist. So it’s no surprise to see more proactive, non-technical people looking for more ways to get their hands on these tools themselves.

“You now have a whole citizen developer world, for example business analysts who understand the solution you want but might not know how to get there,” Murphy said. “We play to seasoned developers first but the investment will help us put more low-code and no-code tools into place to widen the tools out to them.”

Starting out in finance made sense not just because that was where the two founders had previously worked, but also because of the history of how different software tools were already being used. Specifically, he noted that the ubiquity of microservices — which themselves are collections of services as apps — laid the groundwork for more low-code. “We saw that if we could build a low-code entry point to microservices, that would be powerful.”

On top of that, investment banks, he said, have a history of wanting to build things themselves to tailor to their specific needs. “Buying off the shelf means you are at the mercy of the vendor,” he said. These factors made financial services companies very receptive to what Genesis was offering.

While a lot of the no/low-code players are coming at the concept with specific verticals in mind — no surprise, since different verticals have very specific use cases and needs — what’s interesting with Genesis is how the company is leveraging what it already knows about finance, and then looking at other industries that have similar demands, structures and rules.

Murphy said that Genesis will stay “very focused on financial markets for 2021” but that it’s identified a number of other verticals similar to it, and is actually already seeing some inbound interest from them.

“A number of people have already approached us from the world of healthcare,” he said, pointing out that these organizations, like financial services, face challenges around how to audit data and regulations around performing transactions. Manufacturing, meanwhile, has some parallels around the area of complex event processing similar to equity algorithmic trading, he said. (In short, this relates to how external events might trigger more transactions, not unlike how external factors affect manufacturing operations.)

The trend is one that analysts forecast will only grow in the coming years: Gartner, for example, says that by 2024, low-code platforms will account for no less than 65% of all app development activity.

“Low-code promises business users the autonomy to make their own technology usage and purchase decisions while enabling them to actually build their own applications without having to rely on IT,” said Andrei Brasoveanu, a partner at Accel, said in a statement. “By bringing one of the most transformative innovations in software development to financial services, Steve and the Genesis team are taking on a huge market of legacy vendors — and winning too — while delivering on the promise of low-code. The confidence they’ve gained from serving such large institutions is proof that there’s a real and urgent need for a purpose-built low-code solution for financial markets. We’re excited to partner with Genesis and support them in delivering this across the world.” Brasoveanu is joining the startup’s board with this round.

Customer experience startup Sprinklr files confidential S-1 with SEC

Sprinklr, a New York-based customer experience company, announced today it has filed a confidential S-1 ahead of a possible IPO.

“Sprinklr today announced that it has confidentially submitted a draft registration statement on Form S-1 with the Securities and Exchange Commission (the ‘SEC”) relating to the proposed initial public offering of its common stock,” the company said in a statement.

It also indicated that it will determine the exact number of shares and the price range at a later point after it receives approval from the SEC to go public.

The company most recently raised $200 million on a $2.7 billion valuation last year. It was its first fundraise in 4 years. At the time, founder and CEO Ragy Thomas said his company expected to end 2020 with $400 million in ARR, certainly a healthy number on which to embark as a public company.

He also said that Sprinklr’s next fundraise would be an IPO, making him true to his word. “I’ve been public about the pathway around this, and the path is that the next financial milestone will be an IPO,” he told me at the time of the $200 million round. He said that with COVID, it probably was a year or so away, but the timing appears to have sped up.

Sprinklr sees customer experience management as a natural extension of CRM, and as such a huge market potentially worth $100 billion, according to Thomas. But he also admitted that he was up against some big competitors like Salesforce and Adobe, helping explain why he fundraised last year.

Sprinklr was founded in 2009 with a focus on social media listening, but it announced a hard push into customer experience in 2017 when it added marketing, advertising, research, customer and e-commerce to its social efforts.

The company has raised $585 million to date, and has also been highly acquisitive, buying 11 companies along the way as it added functionality to the base platform, according to Crunchbase data.

Airtable is now valued at $5.77B with a fresh $270 million in Series E funding

Airtable, the no-code relational database that has amassed a customer base that spans 250,000 different organizations, has today announced the close of $270 million in Series E funding. The valuation comes out to $5.77 billion post-money, more than doubling its valuation from September, when it raised $185 million in Series D funding.

This latest round was led by Greenoaks Capital, with participation from WndrCo, as well as existing investors Caffeinated Capital, CRV and Thrive.

The company says it plans to use the funding to accelerate the development of its enterprise product and growing the team. Also of note: Founder and CEO Howie Liu told Forbes that he was approached by Greenoaks, rather than actively seeking funding.

Airtable is a relational database that many describe as a souped-up version of Excel or Google Sheets. Being such, and having the infrastructure to support an app ecosystem on top of that, means that this no-code tool can actually be used to write software. In other words, the use cases are nearly infinite, and so is the potential customer base.

Greenoaks Capital partner Neil Mehta basically said as much in the press release:

We believe Airtable is chasing a massive opportunity to become the ‘residual’ software platform for every bespoke and custom use case that is either performed manually today or structurally underserved by rigid third-party software. By equipping business users with fundamental software primitives that can be assembled together into powerful business applications, Airtable has become central to its users’ everyday workflows but at the same time is scalable and extensible enough to support incredibly complex enterprise use cases like ticketing, content management, and CRM.

Airtable has raised a total of $617 million since inception, according to Crunchbase.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.

Cyware nabs $30M to help organizations detect and stop advanced cyber attacks

Malicious hacking has become a pernicious and dogged fact of life for more organizations, and it’s a threat that has seemingly grown more complicated and sophisticated over time. One one effective approach to tackling that has been collaboration: not just applying an array of services to address the issue, but creating environments to help those building cybersecurity to work better together. Today one of the startups building tools to do just that is announcing a round of funding, underscoring the opportunity and its own growth within that.

Cyware, a New York startup that has created a platform for organizations to build and operate virtual “cyber fusion centers” —
spaces for people to share threat intelligence, run end-to-end security automation, and orchestrate and execute 360-degree threat responses — has picked up $30 million in funding, a Series B that it will use to continue growing its business.

The funding is being co-led by Advent International and Ten Eleven Ventures. Advent made some waves in the cybersecurity industry last year when it partnered with Crosspoint to acquire Forescout for $1.9 billion. Ten Eleven, meanwhile, is a VC that specializes in cybersecurity startups. Prelude Fund (the venture practice at Mercato Partners), Emerald Development Managers, Great Road Holdings and cloud security firm Zscaler — a mix of financial and strategic investors — also participated. Before this, the startup had raised around $13 million, and it is not disclosing its valuation.

The story of the last year in the world of business has been about how everything has gone online: people and their companies have been working remotely; consumers are browsing, buying and entertaining themselves over the internet and with apps. Digital is where all the traffic is.

Unsurprisingly that has also played out in the world of cybersecurity: the threat landscape has grown, and so cybersecurity responses have grown with them. Cyware said that in the last year it saw 120% year-over-year growth in annual recurring revenue — although it doesn’t disclose actual revenue figures. Its customers are a mix of large enterprises, but also those who both collaborate with others to manage cyber security, such as information sharing communities (ISACs), as well as organizations that manage cybersecurity on behalf of a number of others, such as managed security service providers and computer emergency response teams.

Although many might have a stereotype of a malicious hacker in their heads who sits alone in a darkened room with a determined look in his/her eye, the reality is more likely to be a collaboration between a number of people, providing tips, technology, threads that are developed and so on. Cyware, in its focus on providing a platform for collaboration and creating operations centers, seems to take the same approach in what it has built, a platform to make collaborating easier and part of the solution.

It does so through security orchestration, automation and response (known as SOAR), used by teams to collaborate better and make more informed threat scoring, and to respond better to threat alerts. Indeed, a key part of the challenge for a lot of security services is that they cross multiple parts of organizations, including IT, compliance, trust and safety, and indeed security itself. One aim of Cyware is to create a platform for these all to meet and exchange information that could be helpful to others in one place.

“Over the past decade, security operations teams have had difficulty with trying to sift through copious amounts of threat data and lacked the humans’ role as part of their security orchestration strategies,” said Anuj Goel, Ph.D., cofounder and CEO of Cyware, in a statement. “Our goal with our Virtual Cyber Fusion platform is to help our customers unite their security teams to efficiently respond to high-priority threats by connecting the dots in their environments, and the momentum we’re experiencing is proof that we are executing on that mission. This Series B financing will help us continue to overdeliver for customers, expand our team, improve our platform and truly revolutionize how security operations and threat intelligence teams work together.”

Goel, who cofounded the company with CTO Akshat Jain, cut his teeth in a big security team, as head of global cyber strategy for Citi. He is also an advisor for the Centre for Strategic Cyberspace in London and has worked with other organizations on collaborative approaches to the problem and consequences of malicious hacking.

Investors will have not just been looking at the company’s growth, but also the list of customers — themselves also leaders in cyber — that are trusting Cyware.

“In our increasingly connected environment, companies of all sizes are demanding new and innovative cybersecurity solutions,” said Eric Noeth, Principal, Advent International, in a statement. “Cyware’s early traction among leading enterprises and major ISACs reflects its unique ability to bring together all key security functions to seamlessly anticipate, contextualize and remediate threats. We look forward to drawing on our experience in this sector to help the talented Cyware team make its Virtual Cyber Fusion platform the gold standard technology for enterprises around the world.”

Noogata raises $12M seed round for its no-code enterprise AI platform

Noogata, a startup that offers a no-code AI solution for enterprises, today announced that it has raised a $12 million seed round led by Team8, with participation from Skylake Capital. The company, which was founded in 2019 and counts Colgate and PepsiCo among its customers, currently focuses on e-commerce, retail and financial services, but it notes that it will use the new funding to power its product development and expand into new industries.

The company’s platform offers a collection of what are essentially pre-built AI building blocks that enterprises can then connect to third-party tools like their data warehouse, Salesforce, Stripe and other data sources. An e-commerce retailer could use this to optimize its pricing, for example, thanks to recommendations from the Noogata platform, while a brick-and-mortar retailer could use it to plan which assortment to allocate to a given location.

Image Credits: Noogata

“We believe data teams are at the epicenter of digital transformation and that to drive impact, they need to be able to unlock the value of data. They need access to relevant, continuous and explainable insights and predictions that are reliable and up-to-date,” said Noogata co-founder and CEO Assaf Egozi. “Noogata unlocks the value of data by providing contextual, business-focused blocks that integrate seamlessly into enterprise data environments to generate actionable insights, predictions and recommendations. This empowers users to go far beyond traditional business intelligence by leveraging AI in their self-serve analytics as well as in their data solutions.”

Image Credits: Noogata

We’ve obviously seen a plethora of startups in this space lately. The proliferation of data — and the advent of data warehousing — means that most businesses now have the fuel to create machine learning-based predictions. What’s often lacking, though, is the talent. There’s still a shortage of data scientists and developers who can build these models from scratch, so it’s no surprise that we’re seeing more startups that are creating no-code/low-code services in this space. The well-funded Abacus.ai, for example, targets about the same market as Noogata.

“Noogata is perfectly positioned to address the significant market need for a best-in-class, no-code data analytics platform to drive decision-making,” writes Team8 managing partner Yuval Shachar. “The innovative platform replaces the need for internal build, which is complex and costly, or the use of out-of-the-box vendor solutions which are limited. The company’s ability to unlock the value of data through AI is a game-changer. Add to that a stellar founding team, and there is no doubt in my mind that Noogata will be enormously successful.”

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

For several years, WeLeakInfo was the largest of several services selling access to hacked passwords. Prosecutors said it had indexed, searchable information from more than 10,000 data breaches containing over 12 billion indexed records — including names, email addresses, usernames, phone numbers, and passwords for online accounts.

For a small fee, you could enter an email address and see every password ever associated with that address in a previous breach. Or the reverse — show me all the email accounts that ever used a specific password (see screenshot above). It was a fantastic tool for launching targeted attacks against people, and that’s exactly how the service was viewed by many of its customers.

Now, nearly 24,000 WeLeakInfo’s customers are finding that the personal and payment data they shared with WeLeakInfo over its five-year-run has been leaked online.

WeLeakInfo’s service fees.

In a post on the database leaking forum Raidforums, a regular contributor using the handle “pompompurin” said he stole the WeLeakInfo payment logs and other data after noticing the domain wli[.]design was no longer listed as registered.

“Long story short: FBI let one of weleakinfo’s domains expire that they used for the emails/payments,” pompompurin wrote. “I registered that domain, & was able to [password] reset the stripe.com account & get all the Data. [It’s] only from people that used stripe.com to checkout. If you used paypal or [bitcoin] ur all good.”

Cyber threat intelligence firm Flashpoint obtained a copy of the data leaked by pompompurin, and said it includes partial credit card data, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid. One forum member commented that they found their own payment data in the logs.

How WeLeakInfo stacked up against its competitors (according to WLI).

According to DomainTools [an advertiser on this site] Wli[.]design was registered on Aug. 24, 2016 with the domain registrar Dynadot. On March 12, the domain was moved to another registrar — Namecheap.

Pompompurin released several screenshots of himself logged in to the WeLeakInfo account at stripe.com, an online payment processor. Under “management and ownership” was listed a Gerald Murphy from Fintona, U.K.

Shortly after WeLeakInfo’s domain was seized by authorities in Jan. 2020, the U.K.’s National Crime Agency (NCA) arrested two individuals in connection with the service, including a 22-year-old from Fintona.


PLENTY OF TIME FOR OPSEC MISTAKES

It’s been a tough few months for denizens of various hacking forums, which are finding themselves on the defensive end of a great many attacks testing the security of their aliases and operational security lately. Over the past few weeks three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

In two of the intrusions (against the Russian hacking forums “Mazafaka” and “Verified”) — the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

“Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums,” a recent story here explained.

An exposure of 15 years worth of user data from a forum like Mazafaka is a big risk for registrants because investigators often can use common registration details to connect specific individuals who might have used multiple hacker handles over the years.

Many of the domains from the email addresses listed in the Maza dump date to the early 2000s, back when budding cybercriminals typically took fewer precautions to obfuscate or separate the myriad connections to their real-life identities online.

The biggest potential gold mine for de-anonymizing Maza members is the leak of user numbers for ICQ, an instant messaging service formerly owned by AOL that was widely used by cybercrime forum members up until around 2010. That’s about when AOL sold the platform in 2010 to Russian investor DST for $187.5 million.

Back then, people often associated their ICQ numbers to different interests, pursuits and commerce tied to their real life identities. In many cases, these associations are on public, Russian language forums, such as discussion sites on topics like cars, music or programming.

In a common inadvertent exposure, a cybercriminal happens to make an innocuous post 15 years ago to a now-defunct Russian-language automobile forum.

That post, preserved in perpetuity by sites like archive.org, includes an ICQ number and says there’s a guy named Sergey in Vladivostok who’s selling his car. And the profile link on the auto forum leads to another now-defunct but still-archived personal site for Sergey.

Interestingly, services like WeLeakInfo can just as easily be used against cybercriminals as by them. For example, it’s likely that the database for the automobile forum where Sergey posted got compromised at some point and is for sale on sites like WeLeakInfo (there are active competitors).

Ditto for any other forum where Sergey used the same email address or password. When researchers start finding password re-use across multiple email addresses that all follow a pattern, it becomes much easier to tie Sergey from Vladivostok to his cybercriminal and real-life identities.

DeepSee.ai raises $22.6M Series A for its AI-centric process automation platform

DeepSee.ai, a startup that helps enterprises use AI to automate line-of-business problems, today announced that it has raised a $22.6 million Series A funding round led by led by ForgePoint Capital. Previous investors AllegisCyber Capital and Signal Peak Ventures also participated in this round, which brings the Salt Lake City-based company’s total funding to date to $30.7 million.

The company argues that it offers enterprises a different take on process automation. The industry buzzword these days is ‘robotic process automation,’ but DeepSee.ai argues that what it does is different. I describe its system as ‘knowledge process automation’ (KPA). The company itself defines this as a system that “mines unstructured data, operationalizes AI-powered insights, and automates results into real-time action for the enterprise.” But the company also argues that today’s bots focus on basic task automation that doesn’t offer the kind of deeper insights that sophisticated machine learning models can bring to the table. The company also stresses that it doesn’t aim to replace knowledge workers but help them leverage AI to turn the plethora of data that businesses now collect into actionable insights.

Image Credits: DeepSee.ai

“Executives are telling me they need business outcomes and not science projects,” writes DeepSee.ai CEO Steve Shillingford. “And today, the burgeoning frustration with most AI-centric deployments in large-scale enterprises is they look great in theory but largely fail in production. We think that’s because right now the current ‘AI approach’ lacks a holistic business context relevance. It’s unthinking, rigid, and without the contextual input of subject-matter experts on the ground. We founded DeepSee to bridge the gap between powerful technology and line-of-business, with adaptable solutions that empower our customers to operationalize AI-powered automation – delivering faster, better, and cheaper results for our users.”

To help businesses get started with the platform, DeepSee.ai offers three core tools. There’s DeepSee Assembler, which ingests unstructured data and gets it ready for labeling, model review and analysis. Then, DeepSee Atlas can use this data to train AI models that can understand a company’s business processes and help subject-matter experts define templates, rules and logic for automating a company’s internal processes. The third tool, DeepSee Advisor, meanwhile focuses on using text analysis to help companies better understand and evaluate their business processes.

Currently, the company’s focus is on providing these tools for insurance companies, the public sector and capital markets. In the insurance space, use cases include fraud detection, claims prediction and processing, and using large amounts of unstructured data to identify patterns in agent audits, for example.

That’s a relatively limited number of industries for a startup to operate in, but the company says it will use its new funding to accelerate product development and expand to new verticals.

“Using KPA, line-of-business executives can bridge data science and enterprise outcomes, operationalize AI/ML-powered automation at scale, and use predictive insights in real time to grow revenue, reduce cost, and mitigate risk,” said Sean Cunningham, Managing Director of ForgePoint Capital. “As a leading cybersecurity investor, ForgePoint sees the daily security challenges around insider threat, data visibility, and compliance. This investment in DeepSee accelerates the ability to reduce risk with business automation and delivers much-needed AI transparency required by customers for implementation.”