Russian Cybercrime Boss Burkov Gets 9 Years

/0 Comments/in /by

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Photo: Andrei Shirokov / Tass via Getty Images.

Alexsei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers.

As KrebsOnSecurity noted in a November 2019 profile of Burkov’s hacker nickname ‘k0pa,’ “a deep dive into the various pseudonyms allegedly used by Burkov suggests this individual may be one of the most connected and skilled malicious hackers ever apprehended by U.S. authorities, and that the Russian government is probably concerned that he simply knows too much.”

Burkov was arrested in 2015 on an international warrant while visiting Israel, and over the ensuing four years the Russian government aggressively sought to keep him from being extradited to the United States.

When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians then imprisoned Israeli citizen Naama Issachar on trumped-up drug charges in a bid to trade prisoners. Nevertheless, Burkov was extradited to the United States in November 2019. Russian President Vladimir Putin pardoned Issachar in January 2020, just hours after Burkov pleaded guilty.

Arkady Bukh is a New York attorney who has represented a number of accused and convicted cybercriminals from Eastern Europe and Russia. Bukh said he suspects Burkov did not cooperate with the Justice Department investigators apart from agreeing not to take the case to trial.

“Nine years is a huge sentence, and the government doesn’t give nine years to defendants who cooperate,” Bukh said. “Also, the time span [between Burkov’s guilty plea and sentencing] was very short.”

DirectConnection was something of a Who’s Who of major cybercriminals, and many of its most well-known members have likewise been extradited to and prosecuted by the United States. Those include Sergey “Fly” Vovnenko, who was sentenced to 41 months in prison for operating a botnet and stealing login and payment card data. Vovnenko also served as administrator of his own cybercrime forum, which he used in 2013 to carry out a plan to have Yours Truly framed for heroin possession.

As noted in last year’s profile of Burkov, an early and important member of DirectConnection was a hacker who went by the moniker “aqua” and ran the banking sub-forum on Burkov’s site. In December 2019, the FBI offered a $5 million bounty leading to the arrest and conviction of aqua, who’s been identified as Maksim Viktorovich Yakubets. The Justice Department says Yakubets/aqua ran a transnational cybercrime organization called “Evil Corp.” that stole roughly $100 million from victims.

In this 2011 screenshot of DirectConnection, we can see the nickname of “aqua,” who ran the “banking” sub-forum on DirectConecttion. Aqua, a.k.a. Maksim V. Yakubets of Russia, now has a $5 million bounty on his head from the FBI.

According to a statement of facts in Burkov’s case, the author of the infamous SpyEye banking trojan — Aleksandr “Gribodemon” Panin— was personally vouched for by Burkov. Panin was sentenced in 2016 to more than nine years in prison.

Other top DirectConnection members include convicted credit card fraudsters Vladislav “Badb” Horohorin and Sergey “zo0mer” Kozerev, as well as the infamous spammer and botnet master Peter “Severa” Levashov.

Also on Friday, the Justice Department said it obtained a guilty plea from another top cybercrime forum boss — Sergey “Stells” Medvedev — who admitted to administering the Infraud forum. The government says Infraud, whose slogan was “In Fraud We Trust,” attracted more than 10,000 members and inflicted more than $568 million in actual losses from the sale of stolen identity information, payment card data and malware.

A copy of the 108-month judgment entered against Burkov is available here (PDF).

The Good, the Bad and the Ugly in Cybersecurity – Week 26

/0 Comments/in /by

The Good

Big technology companies have been the source of many privacy scandals. Some have been accused of disregarding their users’ rights and peddling the immense information they gather about their users’ (us) activities and whereabouts. This week, however, the two largest tech giants that control the phones in our pockets have both announced new features that should improve user privacy safeguards.

First up, Apple announced new privacy features for its devices at its annual Worldwide Developers Conference. One important new feature coming to iOS 14 displays an orange dot indicator on the status bar whenever the iPhone’s camera or microphone is turned on. iOS 14 will also limit the location information shared with apps, making it possible to only share your approximate location with certain apps rather than your precise location. Apple also introduced a new privacy labeling system, resembling those in food products. Erik Neuenschwander, Apple’s user privacy manager said:

“For food, you have nutrition labels, So we thought it would be great to have something similar for apps. We’re going to require each developer to self-report their practices”.

Labels will indicate app permissions to inform people how much data an app requests before they download them in two categories: “Data Linked To You” and “Data Used to Track You.” Apple also updated user tracking on iOS 14, meaning that only users who give explicit permission to an app can be shown targeted ads, share location data with advertisers, share advertising ID or any other identifiers with third parties

Meanwhile, Google followed up with its own privacy update. Google CEO, Sundar Pichai, announced that new Google accounts will auto-delete activity and location every 18 months by default. YouTube history will also auto-delete every 36 months. This will not affect existing accounts, which will still need to proactively turn on the “Auto-delete” feature. Google is also introducing “Incognito Mode” in its Search, Maps, and YouTube mobile apps. In addition, the company is updating its Security Checkup feature to include a Password Checkup mechanism. This will allow users a “one stop shop” for reviewing and improving their security and privacy settings, and ensure their passwords have not been previously exposed in a data breach.

The Bad

The recent political and cultural turmoil in the US has already caused several cyber incidents involving DDoS attacks and social media harassments. But these were rather small scale and benign in nature, until a mega-breach occurred this week involving a million files containing 269-gigabytes worth of police data, including emails, audio, video, and intelligence documents.

The data was obtained and leaked by information-freedom activists known as “Distributed Denial of Secrets”, or DDoSecrets. Sources suggest it was stolen from a web development firm called Netsential. The data trove was then published on a dedicated, searchable portal dubbed “Blueleaks”. The breach contains data from more than 200 state, local, and federal agencies, including intelligence fusion centers. Although the DDoSecrets group said it tried to remove sensitive information prior to publishing, it still contains such information as bank account routing numbers, personally identifiable information, images of criminal suspects and details about law enforcement officers.

Such a massive data breach and subsequent exposure is not just an embarrassment to law enforcement agencies, eroding the already shaken confidence of the public in them. It could potentially also help to single out and target specific members of law enforcement agencies and their families, both online and in the real world.

The Ugly

Data breaches are bad, no question, but when these breaches expose the details of victims of abuse, it becomes seriously ugly. Security and Privacy researchers Noam Rotem and Ran Locar recently discovered a data breach originating from the domestic violence prevention app called “Aspire News App”, operated by a non-profit founded by American TV personalities Robin McGraw and her husband “Dr. Phil” McGraw.

This app, “Aspire News”, can be installed on a user’s phone, where it appears to be yet another news app. However, it also features an emergency help section with resources for domestic abuse victims, a “panic button” to allow them to send an emergency distress message to a trusted contact. These messages can be sent via voice recording and include the victim’s details, home address, the nature of their emergency, and their current location. This is a clever way to allow victims to report abuse and call for help.

Unfortunately, these voice messages were stored on a misconfigured Amazon Web Services (AWS) S3 bucket, allowing them to be viewed and downloaded by external parties. This extremely sensitive data includes:

  • Victims’ full names and home addresses
  • Details of their emergencies and/or personal circumstances
  • Abusers’ names and personal details

While the organization behind Aspire News App secured the misconfigured repository within 24 hours of being contacted by the researchers, this isn’t the first time misconfigured AWS buckets have been the difference between good intentions and serious privacy breaches. Given the media exposure and high public profile that comes with critical data breaches, it’s concerning that here we are midway through 2020 and we still need to reinforce this message: data security is serious business, folks!

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

CIO Cynthia Stoddard explains Adobe’s journey from boxes to the cloud

/0 Comments/in /by

Up until 2013, Adobe sold its software in cardboard boxes that were distributed mostly by third party vendors.

In time, the company realized there were a number of problems with that approach. For starters, it took months or years to update, and Adobe software was so costly, much of its user base didn’t upgrade. But perhaps even more important than the revenue/development gap was the fact that Adobe had no direct connection to the people who purchased its products.

By abdicating sales to others, Adobe’s customers were third-party resellers, but changing the distribution system also meant transforming the way the company developed and sold their most lucrative products.

The shift was a bold move that has paid off handsomely as the company surpassed an $11 billion annual run rate in December — but it still was an enormous risk at the time. We spoke to Adobe CIO Cynthia Stoddard to learn more about what it took to completely transform the way they did business.

Understanding the customer

Before Adobe could make the switch to selling software as a cloud service subscription, it needed a mechanism for doing that, and that involved completely repurposing their web site, Adobe.com, which at the time was a purely informational site.

“So when you think about transformation the first transformation was how do we connect and sell and how do we transition from this large network of third parties into selling direct to consumer with a commerce site that needed to be up 24×7,” Stoddard explained.

She didn’t stop there though because they weren’t just abandoning the entire distribution network that was in place. In the new cloud model, they still have a healthy network of partners and they had to set up the new system to accommodate them alongside individual and business customers.

She says one of the keys to managing a set of changes this immense was that they didn’t try to do everything at once. “One of the things we didn’t do was say, ‘We’re going to move to the cloud, let’s throw everything away.’ What we actually did is say we’re going to move to the cloud, so let’s iterate and figure out what’s working and not working. Then we could change how we interact with customers, and then we could change the reporting, back office systems and everything else in a very agile manner,” she said.

New Charges, Sentencing in Satori IoT Botnet Conspiracy

/0 Comments/in /by

The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy.

Indictments unsealed by a federal court in Alaska today allege 20-year-old Aaron Sterritt from Larne, Northern Ireland, and 21-year-old Logan Shwydiuk of Saskatoon, Canada conspired to build, operate and improve their IoT crime machines over several years.

Prosecutors say Sterritt, using the hacker aliases “Vamp” and “Viktor,” was the brains behind the computer code that powered several potent and increasingly complex IoT botnet strains that became known by exotic names such as “Masuta,” “Satori,” “Okiru” and “Fbot.”

Shwydiuk, a.k.a. “Drake,” “Dingle, and “Chickenmelon,” is alleged to have taken the lead in managing sales and customer support for people who leased access to the IoT botnets to conduct their own DDoS attacks.

A third member of the botnet conspiracy — 22-year-old Kenneth Currin Schuchman of Vancouver, Wash. — pleaded guilty in Sept. 2019 to aiding and abetting computer intrusions in September 2019. Schuchman, whose role was to acquire software exploits that could be used to infect new IoT devices, was sentenced today by a judge in Alaska to 18 months of community confinement and drug treatment, followed by three years of supervised release.

Kenneth “Nexus-Zeta” Schuchman, in an undated photo.

The government says the defendants built and maintained their IoT botnets by constantly scanning the Web for insecure devices. That scanning primarily targeted devices that were placed online with weak, factory default settings and/or passwords. But the group also seized upon a series of newly-discovered security vulnerabilities in these IoT systems — commandeering devices that hadn’t yet been updated with the latest software patches.

Some of the IoT botnets enslaved hundreds of thousands of hacked devices. For example, by November 2017, Masuta had infected an estimated 700,000 systems, allegedly allowing the defendants to launch crippling DDoS attacks capable of hurling 100 gigabits of junk data per second at targets — enough firepower to take down many large websites.

In 2015, then 15-year-old Sterritt was involved in the high-profile hack against U.K. telecommunications provider TalkTalk. Sterritt later pleaded guilty to his part in the intrusion, and at his sentencing in 2018 was ordered to complete 50 hours of community service.

The indictments against Sterritt and Shwydiuk (PDF) do not mention specific DDoS attacks thought to have been carried out with the IoT botnets. In an interview today with KrebsOnSecurity, prosecutors in Alaska declined to discuss any of their alleged offenses beyond building, maintaining and selling the above-mentioned IoT botnets.

But multiple sources tell KrebsOnSecuirty Vamp was principally responsible for the 2016 massive denial-of-service attack that swamped Dyn — a company that provides core Internet services for a host of big-name Web sites. On October 21, 2016, an attack by a Mirai-based IoT botnet variant overwhelmed Dyn’s infrastructure, causing outages at a number of top Internet destinations, including Twitter, Spotify, Reddit and others.

In 2018, authorities with the U.K.’s National Crime Agency (NCA) interviewed a suspect in connection with the Dyn attack, but ultimately filed no charges against the youth because all of his digital devices had been encrypted.

“The principal suspect of this investigation is a UK national resident in Northern Ireland,” reads a June 2018 NCA brief on their investigation into the Dyn attack (PDF), dubbed Operation Midmonth. “In 2018 the subject returned for interview, however there was insufficient evidence against him to provide a realistic prospect of conviction.”

The login prompt for Nexus Zeta’s IoT botnet included the message “Masuta is powered and hosted on Brian Kreb’s [sic] 4head.” To be precise, it’s a 5head.

The unsealing of the indictments against Sterritt and Shwydiuk came just minutes after Schuchman was sentenced today. Schuchman has been confined to an Alaskan jail for the past 13 months, and Chief U.S. District Judge Timothy Burgess today ordered the sentence of 18 months community confinement to begin Aug. 1.

Community confinement in Schuchman’s case means he will spend most or all of that time in a drug treatment program. In a memo (PDF) released prior to Schuchman’s sentencing today, prosecutors detailed the defendant’s ongoing struggle with narcotics, noting that on multiple occasions he was discharged from treatment programs after testing positive for Suboxone — which is used to treat opiate addiction and is sometimes abused by addicts — and for possessing drug contraband.

The government’s sentencing memo also says Schuchman on multiple occasions absconded from pretrial supervision, and went right back to committing the botnet crimes for which he’d been arrested — even communicating with Sterritt about the details of the ongoing FBI investigation.

“Defendant’s performance on pretrial supervision has been spectacularly poor,” prosecutors explained. “Even after being interviewed by the FBI and put on restrictions, he continued to create and operate a DDoS botnet.”

Prosecutors told the judge that when he was ultimately re-arrested by U.S. Marshals, Schuchman was found at a computer in violation of the terms of his release. In that incident, Schuchman allegedly told his dad to trash his computer, before successfully encrypting his hard drive (which the Marshals service is still trying to decrypt). According to the memo, the defendant admitted to marshals that he had received and viewed videos of “juveniles engaged in sex acts with other juveniles.”

“The circumstances surrounding the defendant’s most recent re-arrest are troubling,” the memo recounts. “The management staff at the defendant’s father’s apartment complex, where the defendant was residing while on abscond status, reported numerous complaints against the defendant, including invitations to underage children to swim naked in the pool.”

Adam Alexander, assistant US attorney for the district of Alaska, declined to say whether the DOJ would seek extradition of Sterritt and Shwydiuk. Alexander said the success of these prosecutions is highly dependent on the assistance of domestic and international law enforcement partners, as well as a list of private and public entities named at the conclusion of the DOJ’s press release on the Schuchman sentencing (PDF).

However, a DOJ motion (PDF) to seal the case records filed back in September 2019 says the government is in fact seeking to extradite the defendants.

Chief Judge Burgess was the same magistrate who presided over the 2018 sentencing of the co-authors of Mirai, a highly disruptive IoT botnet strain whose source code was leaked online in 2016 and was built upon by the defendants in this case. Both Mirai co-authors were sentenced to community service and home confinement thanks to their considerable cooperation with the government’s ongoing IoT botnet investigations.

Asked whether he was satisfied with the sentence handed down against Schuchman, Alexander maintained it was more than just another slap on the wrist, noting that Schuchman has waived his right to appeal the conviction and faces additional confinement of two years if he absconds again or fails to complete his treatment.

“In every case the statutory factors have to do with the history of the defendants, who in these crimes tend to be extremely youthful offenders,” Alexander said. “In this case, we had a young man who struggles with mental health and really pronounced substance abuse issues. Contrary to what many people might think, the goal of the DOJ in cases like this is not to put people in jail for as long as possible but to try to achieve the best balance of safeguarding communities and affording the defendant the best possible chance of rehabilitation.”

William Walton, supervisory special agent for the FBI’s cybercrime investigation division in Anchorage, Ala., said he hopes today’s indictments and sentencing send a clear message to what he described as a relatively insular and small group of individuals who are still building, running and leasing IoT-based botnets to further a range of cybercrimes.

“One of the things we hope in our efforts here and in our partnerships with our international partners is when we identify these people, we want very much to hold them to account in a just but appropriate way,” Walton said. “Hopefully, any associates who are aspiring to fill the vacuum once we take some players off the board realize that there are going to be real consequences for doing that.”

Ransomware – A Complex Attack Needs a Sophisticated Defense

/0 Comments/in /by

A guest post from Arete, by

  • Jim Jaeger, President and Chief Cyber Strategist, Arete Incident Response
  • Larry Wescott, CISSP, Cyber Strategist, Arete Incident Response
  • Rae Jewell, Director, MDR & IR Security Operations, Arete Incident Response, contributed to this article.

A ransomware attack is not a simple infection from malware. It is a complex series of actions in which the initial infection is only the first step. A successful ransomware attack almost always involves a variety of attack vectors, frequently guided by human intervention. Successfully resisting a ransomware attack requires a solution that can neutralize the full range of threats from these vectors.

Microsoft recently issued a detailed report describing how complex ransomware variants, which are manually guided by their issuers, operate. Here are some of the characteristics of these human-guided ransomware variants:

  • They begin with unsophisticated types of malware which can trigger multiple alerts, but tend to be triaged as unimportant and not thoroughly investigated
  • They may drop multiple variants of malware until a variant is not caught by antivirus software
  • They can attack servers which have Remote Desktop Protocol (RDP) configured as open to the internet, and use brute force attacks to gain access to the corporate network
  • Once inside, they surveil the network
  • They can use other utilities to steal credentials to gain administrative privileges
    • They can then stop services such as antivirus protection or other services which may lead to their detection
    • Other tools are downloaded to enable persistence of the malware, elevation of privileges and clearing of event logs
  • They can execute PowerShell scripts connecting to a command and control server, allowing persistent control over other machines
  • They will stop Exchange Server, SQL Server and other similar services which can lock certain files so they cannot be encrypted
  • They can introduce legitimate binaries and use Alternate Data Streams to masquerade the execution of ransomware code as legitimate code

Ransomware Techniques Seen in the Wild

Execution of the ransomware payload at the highest privilege level with the fewest obstacles is the ultimate goal of the attacker. Often the attackers will also disable or encrypt on-line back-up systems so they cannot be used to recover data encrypted in the ransomware attack. We are now seeing some ransomware variants exfiltrating sensitive data with the additional goal of threatening the victim with exposure of the data if the ransom is not paid.

Other pernicious ransomware techniques include polymorphism, or code which constantly changes itself to avoid detection, and the use of fileless strategies to infect machines without dropping files onto the target machine. Some have noted the use of artificial intelligence tactics to take over some of the human-guided techniques described above, such as reconnaissance and scaling attacks.

AV Signatures Are Failing to Block Ransomware

Defensive antivirus systems which are signature-based are totally insufficient to repel attacks from this wide variety of potential attack vectors.

We respond to hundreds of ransomware attacks a year. In every case where the victim was using signature-based antivirus defenses, it did NOT detect the ransomware and allowed it to execute and encrypt critical data.

The National Institute of Standards and Technologies describes the limitations of signature-based detection systems this way:

Signature-based detection is very effective at detecting known threats but largely ineffective at detecting previously unknown threats, threats disguised using evasion techniques, and many variants of known threats. For example, if an attacker modified the malware to use a filename of “freepics2.exe”, a signature-based defense looking for “freepics.exe” would not match it.

Signature-based detection is the simplest detection method because it just compares the current unit of activity, such as a packet or a log entry, to a list of signatures using string comparison operations. Signature-based detection technologies have little understanding of many network or application protocols and cannot track and understand the state of complex communications. They also lack the ability to remember previous requests when processing the current request. This limitation prevents signature-based detection methods from detecting attacks that comprise multiple events if none of the events contains a clear indication of an attack.

The Next Step in Evolution: EPP

An Endpoint Protection Platform (EPP) is a step up the protection ladder. An EPP system is a

“set of software tools and technologies that enable the securing of endpoint devices. It is a unified security solution that combines antivirus, antispyware, intrusion detection/prevention, a personal firewall and other endpoint protection solutions.”

Although some EPP solutions include threat intelligence and data analytics, they sometimes lack capabilities such as the ability to analyze memory, which would allow detection of memory resident attacks, or existing operating system binaries and capabilities (such as PowerShell), which could detect LOL “living-off-the-land” attacks which hijack these operating system functions.

An EPP is an important step in the right direction, as a correctly deployed solution provides a defensive perimeter around the organization, on all of the endpoints which represent potential access channels for malware. Even one unmonitored access point may be all that is needed for an intruder to get inside and start the processes which could culminate in a successful ransomware attack.

A consequence of a fully deployed EPP solution, however, is a potentially massive amount of data generated by the endpoints, which must be analyzed in order to detect the hits that even a signature-based detection process would generate. That’s assuming that the malware can be detected by the signature based system – that constantly evolving polymorphic malware is not involved, and that the malware is identified by the signatures stored by the system, which, is not a given. Further, as the size of the business increases, obviously the magnitude of the data generated increases exponentially.

Problem Solved: EDR

But perhaps more importantly, as the NIST comment pointed out, a signature based system will not be able to analyze the context of an attack, and trigger an alert if a pattern emerges, such as repeated login attempts, especially over a number of endpoints, which may indicate a brute force attack. To the extent that an EPP solution contains threat intelligence or data analytics, it may be able to detect these kinds of attacks.

But as attacks grow more sophisticated, how those solutions implement their analytical capabilities may become an issue. In terms of sheer volume, a University of Maryland study estimated in 2007 that attacks occur every 39 seconds, a volume which has undoubtedly increased. Both cloud-based solutions and those involving a central database can present bottlenecks and delays in triggering alerts, which could provide attackers with critical advantages in establishing themselves inside networks. Attacks are also increasing in sophistication, with some seeing indications that attackers are beginning to incorporate artificial intelligence into their malware.

Endpoint detection and response (EDR) technology incorporates data analytics and threat intelligence solutions into a package which can respond to the threat, by killing or quarantining the malicious process. The most effective and advanced solutions are active EDR solutions, which incorporate artificial intelligence and machine learning (AI/ML) into behavioral analysis of system activity. These solutions apply data analytics at the endpoint, leveraging advanced methods of applying data science at the endpoint in real time, with minimal performance overhead. Another advantage of active EDR is autonomous response – the ability to respond to threats at machine speed. The use of AI allows active EDR to respond to a ransomware attack before the malware can encrypt the data – much more quickly than a human could respond to an alert.

Proud to Protect the World’s Leading Enterprises
The World’s Leading and Largest Enterprises Trust in SentinelOne.

Hear their Stories

Conclusion

By focusing on behavior rather than conformance to a signature, active EDR can detect patterns at variance with the system baseline, whether from new (or evolved) variants, or activities occurring within the network which are at odds from the normal. Processes indicating suspicious activity can be killed or isolated before they can spread.

Active EDR also automates analysis of the activity to provide context for the human analyst, thus reducing by orders of magnitude the data generated by an EPP solution. This additional context reduces the amount of time required for human analysis, thus either allowing them to keep up with the anomalies generated by the system, or otherwise reducing the number of human analysts required in the absence of the active EDR system.

We routinely employ active EDR technology on every ransomware incident that we respond to and find it to be 100% effective in containing and neutralizing the malware. Active EDR enables us to confidently recover encrypted systems into a clean environment, whether we are restoring from (off-line) back-ups or employing decryption keys. Active EDR technology has proven to be effective against the most persistent ransomware variants being employed by attackers. Once our clients see how effective the active EDR tools we employ during our incident response operations are, they frequently purchase these systems for long term use on their networks.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Cape Privacy launches data science collaboration platform with $5.06M seed investment

/0 Comments/in /by

Cape Privacy emerged from stealth today after spending two years building a platform for data scientists to privately share encrypted data. The startup also announced $2.95 million in new funding and $2.11 million in funding it got when the business launched in 2018, for a total of $5.06 million raised.

Boldstart Ventures and Version One led the round, with participation from Haystack, Radical Ventures and Faktory Ventures.

Company CEO Ché Wijesinghe says that data science teams often have to deal with data sets that contain sensitive data and share data internally or externally for collaboration purposes. It creates a legal and regulatory data privacy conundrum that Cape Privacy is trying to solve.

“Cape Privacy is a collaboration platform designed to help focus on data privacy for data scientists. So the biggest challenge that people have today from a business perspective is managing privacy policies for machine learning and data science,” Wijesinghe told TechCrunch.

The product breaks down that problem into a couple of key areas. First of all it can take language from lawyers and compliance teams and convert that into code that automatically generates policies about who can see the different types of data in a given data set. What’s more, it has machine learning underpinnings so it also learns about company rules and preferences over time.

It also has a cryptographic privacy component. By wrapping the data with a cryptographic cypher, it lets teams share sensitive data in a safe way without exposing the data to people who shouldn’t be seeing it because of legal or regulatory compliance reasons.

“You can send something to a competitor as an example that’s encrypted, and they’re able to process that encrypted data without decrypting it, so they can train their model on encrypted data,” company co-founder and CTO Gavin Uhma explained.

The company closed the new round in April, which means they were raising in the middle of a pandemic, but it didn’t hurt that they had built the product already and were ready to go to market, and that Uhma and his co-founders had already built a successful startup, GoInstant, which was acquired by Salesforce in 2012. (It’s worth noting that GoInstant debuted at TechCrunch Disrupt in 2011.)

Uhma and his team brought Wijesinghe on board to build the sales and marketing team because, as a technical team, they wanted someone with go-to-market experience running the company so they could concentrate on building product.

The company has 14 employees and is already an all-remote team, so the team didn’t have to adjust at all when the pandemic hit. While it plans to keep hiring fairly limited for the foreseeable future, the company has had a diversity and inclusion plan from the start.

“You have to be intentional about about seeking diversity, so it’s something that when we sit down and map out our hiring and work with recruiters in terms of our pipeline, we really make sure that diversity is one of our objectives. You just have it as a goal, as part of your culture, and it’s something that when we see the picture of the team, we want to see diversity,” he said.

Wijesinghe adds, “As a person of color myself, I’m very sensitive to making sure that we have a very diverse team, not just from a color perspective, but a gender perspective as well.”

The company is gearing up to sell the product  and has paid pilots starting in the coming weeks.

Dell’s debt hangover from $67B EMC deal could put VMware stock in play

/0 Comments/in /by

When Dell bought EMC in 2016 for $67 billion it was one of the biggest acquisitions in tech history, and it brought with it a boatload of debt. Since then Dell has been working on ways to mitigate that debt by selling off various pieces of the corporate empire and going public again, but one of its most valuable assets remains VMware, a company that came over as part of the huge EMC deal.

The Wall Street Journal reported yesterday that Dell is considering selling part of its stake in VMware. The news sent the stock of both companies soaring.

It’s important to understand that even though VMware is part of the Dell family, it runs as a separate company, with its own stock and operations, just as it did when it was part of EMC. Still, Dell owns 81% of that stock, so it could sell a substantial stake and still own a majority of the company, or it could sell it all, or incorporate into the Dell family, or of course it could do nothing at all.

Patrick Moorhead, founder and principal analyst at Moor Insights & Strategy, thinks this might just be about floating a trial balloon. “Companies do things like this all the time to gauge value, together and apart, and my hunch is this is one of those pieces of research,” Moorhead told TechCrunch.

But as Holger Mueller, an analyst with Constellation Research, points out, it’s an idea that could make sense. “It’s plausible. VMware is more valuable than Dell, and their innovation track record is better than Dell’s over the last few years,” he said.

Mueller added that Dell has been juggling its debts since the EMC acquisition, and it will struggle to innovate its way out of that situation. What’s more, Dell has to wait on any decision until September 2021 when it can move some or all of VMware tax-free, five years after the EMC acquisition closed.

“While Dell can juggle finances, it cannot master innovation. The company’s cloud strategy is only working on a shrinking market and that ain’t easy to execute and grow on. So yeah, next year makes sense after the five-year tax-free thing kicks in,” he said.

$67 billion Dell-EMC deal closes today

In between the spreadsheets

VMware is worth $63.9 billion today, while Dell is valued at a far more modest $38.9 billion, according to Yahoo Finance data. But beyond the fact that the companies’ market caps differ, they are also quite different in terms of their ability to generate profit.

Looking at their most recent quarters each ending May 1, 2020, Dell turned $21.9 billion in revenue into just $143 million in net income after all expenses were counted. In contrast, VMware generated just $2.73 billion in revenue, but managed to turn that top line into $386 million worth of net income.

So, VMware is far more profitable than Dell from a far smaller revenue base. Even more, VMware grew more last year (from $2.45 billion to $2.73 billion in revenue in its most recent quarter) than Dell, which shrank from $21.91 billion in Q1 F2020 revenue to $21.90 billion in its own most recent three-month period.

VMware also has growing subscription software (SaaS) revenues. Investors love that top line varietal in 2020, having pushed the valuation of SaaS companies to new heights. VMware grew its SaaS revenues from $411 million in the year-ago period to $572 million in its most recent quarter. That’s not rocketship growth mind you, but the business category was VMware’s fastest growing segment in percentage and gross dollar terms.

So VMware is worth more than Dell, and there are some understandable reasons for the situation. Why wouldn’t Dell sell some VMware to lower its debts if the market is willing to price the virtualization company so strongly? Heck, with less debt perhaps Dell’s own market value would rise.

Dell votes to buy back VMware tracking stock and go public again

It’s all about that debt

Almost four years after the deal closed, Dell is still struggling to figure out how to handle all the debt, and in a weak economy, that’s an even bigger challenge now. At some point, it would make sense for Dell to cash in some of its valuable chips, and its most valuable one is clearly VMware.

Nothing is imminent because of the five-year tax break business, but could something happen? September 2021 is a long time away, and a lot could change between now and then, but on its face, VMware offers a good avenue to erase a bunch of that outstanding debt very quickly and get Dell on much firmer financial ground. Time will tell if that’s what happens.

Dell spent $67B buying EMC — more than 3 years later, was it worth the debt?

AWS launches Amazon Honeycode, a no-code mobile and web app builder

/0 Comments/in /by

AWS today announced the beta launch of Amazon Honeycode, a new, fully managed low-code/no-code development tool that aims to make it easy for anybody in a company to build their own applications. All of this, of course, is backed by a database in AWS and a web-based, drag-and-drop interface builder.

Developers can build applications for up to 20 users for free. After that, they pay per user and for the storage their applications take up.

Image Credits: Amazon/AWS

“Customers have told us that the need for custom applications far outstrips the capacity of developers to create them,” said AWS VP Larry Augustin in the announcement. “Now with Amazon Honeycode, almost anyone can create powerful custom mobile and web applications without the need to write code.”

Like similar tools, Honeycode provides users with a set of templates for common use cases like to-do list applications, customer trackers, surveys, schedules and inventory management. Traditionally, AWS argues, a lot of businesses have relied on shared spreadsheets to do these things.

“Customers try to solve for the static nature of spreadsheets by emailing them back and forth, but all of the emailing just compounds the inefficiency because email is slow, doesn’t scale, and introduces versioning and data syncing errors,” the company notes in today’s announcement. “As a result, people often prefer having custom applications built, but the demand for custom programming often outstrips developer capacity, creating a situation where teams either need to wait for developers to free up or have to hire expensive consultants to build applications.”

It’s no surprise then that Honeycode uses a spreadsheet view as its core data interface, which makes sense, given how familiar virtually every potential user is with this concept. To manipulate data, users can work with standard spreadsheet-style formulas, which seems to be about the closest the service gets to actual programming. ‘Builders,” as AWS calls Honeycode users, can also set up notifications, reminders and approval workflows within the service.

AWS says these databases can easily scale up to 100,000 rows per workbook. With this, AWS argues, users can then focus on building their applications without having to worry about the underlying infrastructure.

As of now, it doesn’t look like users will be able to bring in any outside data sources, though that may still be on the company’s roadmap. On the other hand, these kinds of integrations would also complicate the process of building an app and it looks like AWS is trying to keep things simple for now.

Honeycode currently only runs in the AWS US West region in Oregon but is coming to other regions soon.

Among Honeycode’s first customers are SmugMug and Slack.

“We’re excited about the opportunity that Amazon Honeycode creates for teams to build apps to drive and adapt to today’s ever-changing business landscape,” said Brad Armstrong, VP of Business and Corporate Development at Slack in today’s release. “We see Amazon Honeycode as a great complement and extension to Slack and are excited about the opportunity to work together to create ways for our joint customers to work more efficiently and to do more with their data than ever before.”

Why AWS built a no-code tool

Why AWS built a no-code tool

/0 Comments/in /by

AWS today launched Amazon Honeycode, a no-code environment built around a spreadsheet-like interface that is a bit of a detour for Amazon’s cloud service. Typically, after all, AWS is all about giving developers all of the tools to build their applications — but they then have to put all of the pieces together. Honeycode, on the other hand, is meant to appeal to non-coders who want to build basic line-of-business applications. If you know how to work a spreadsheet and want to turn that into an app, Honeycode is all you need.

To understand AWS’s motivation behind the service, I talked to AWS VP Larry Augustin and Meera Vaidyanathan, a general manager at AWS.

“For us, it was about extending the power of AWS to more and more users across our customers,” explained Augustin. “We consistently hear from customers that there are problems they want to solve, they would love to have their IT teams or other teams — even outsourced help — build applications to solve some of those problems. But there’s just more demand for some kind of custom application than there are available developers to solve it.”

Image Credits: Amazon

In that respect then, the motivation behind Honeycode isn’t all that different from what Microsoft is doing with its PowerApps low-code tool. That, too, after all, opens up the Azure platform to users who aren’t necessarily full-time developers. AWS is taking a slightly different approach here, though, but emphasizing the no-code part of Honeycode.

“Our goal with honey code was to enable the people in the line of business, the business analysts, project managers, program managers who are right there in the midst, to easily create a custom application that can solve some of the problems for them without the need to write any code,” said Augustin. “And that was a key piece. There’s no coding required. And we chose to do that by giving them a spreadsheet-like interface that we felt many people would be familiar with as a good starting point.”

A lot of low-code/no-code tools also allow developers to then “escape the code,” as Augstin called it, but that’s not the intent here and there’s no real mechanism for exporting code from Honeycode and take it elsewhere, for example. “One of the tenets we thought about as we were building Honeycode was, gee, if there are things that people want to do and we would want to answer that by letting them escape the code — we kept coming back and trying to answer the question, ‘Well, okay, how can we enable that without forcing them to escape the code?’ So we really tried to force ourselves into the mindset of wanting to give people a great deal of power without escaping to code,” he noted.

Image Credits: Amazon

There are, however, APIs that would allow experienced developers to pull in data from elsewhere. Augustin and Vaidyanathan expect that companies may do this for their users on tthe platform or that AWS partners may create these integrations, too.

Even with these limitations, though, the team argues that you can build some pretty complex applications.

“We’ve been talking to lots of people internally at Amazon who have been building different apps and even within our team and I can honestly say that we haven’t yet come across something that is impossible,” Vaidyanathan said. “I think the level of complexity really depends on how expert of a builder you are. You can get very complicated with the expressions [in the spreadsheet] that you write to display data in a specific way in the app. And I’ve seen people write — and I’m not making this up — 30-line expressions that are just nested and nested and nested. So I really think that it depends on the skills of the builder and I’ve also noticed that once people start building on Honeycode — myself included — I start with something simple and then I get ambitious and I want to add this layer to it — and I want to do this. That’s really how I’ve seen the journey of builders progress. You start with something that’s maybe just one table and a couple of screens, and very quickly, before you know, it’s a far more robust app that continues to evolve with your needs.”

Another feature that sets Honeycode apart is that a spreadsheet sits at the center of its user interface. In that respect, the service may seem a bit like Airtable, but I don’t think that comparison holds up, given that both then take these spreadsheets into very different directions. I’ve also seen it compared to Retool, which may be a better comparison, but Retool is going after a more advanced developer and doesn’t hide the code. There is a reason, though, why these services were built around them and that is simply that everybody is familiar with how to use them.

“People have been using spreadsheets for decades,” noted Augustin. “They’re very familiar. And you can write some very complicated, deep, very powerful expressions and build some very powerful spreadsheets. You can do the same with Honeycode. We felt people were familiar enough with that metaphor that we could give them that full power along with the ability to turn that into an app.”

The team itself used the service to manage the launch of Honeycode, Vaidyanathan stressed — and to vote on the name for the product (though Vaidyanathan and Augustin wouldn’t say which other names they considered.

“I think we have really, in some ways, a revolutionary product in terms of bringing the power of AWS and putting it in the hands of people who are not coders,” said Augustin.

AWS launches Amazon Honeycode, a no-code mobile and web app builder

Zoom founder and CEO Eric Yuan will speak at Disrupt 2020

/0 Comments/in /by

The coronavirus pandemic has bruised and battered many technology startups, but it has also boosted a small few. One such company is Zoom, which has shouldered the task of keeping us connected to one another in the midst of remote work and social distancing.

So, of course, we’re absolutely thrilled to have the chance to chat with Zoom founder and CEO Eric Yuan at Disrupt 2020 online.

Yuan moved to Silicon Valley in 1997 after being rejected for a work visa nine times. He got a job at WebEx and, upon the company’s acquisition by Cisco, became VP of Engineering at the company. He pitched an idea for a mobile-friendly video conferencing system that was rejected by his higher-ups.

And thus, Zoom was born.

Zoom launched in 2011 and quickly became one of the biggest teleconferencing platforms in the world, competing with the likes of Google and Cisco. The company has investors like Emergence, Horizon Ventures, and Sequoia, and ultimately filed to go public in 2019.

With some of the most reliable video conferencing software on the market, a tiered pricing structure that’s friendly to average users and massive enterprises alike, and a lively ecosystem of apps and bots on the Zoom App Marketplace, Zoom was well poised to be a public company. In fact, Zoom popped 81 percent in its first day of trading on the Nasdaq, garnering a valuation of $16 billion at the time.

But few could have prepared the company for the explosive growth it would see in 2020.

The coronavirus pandemic necessitated access to a reliable and user-friendly video conferencing software for everyone, not just companies moving to remote work. People used Zoom for family dinners, cocktail hours with friends, first dates, and religious gatherings.

In fact, Zoom reported 300 million daily active participants in April.

But that growth led to increased scrutiny of the business and the product. The company was beset by security issues and had to pause product innovation to focus its energy on resolving those issues.

We’ll talk to Yuan about the growing pains the company went through, his plans for Zoom’s future, the acceleration in changing user behavior, and more.

It’ll be a conversation you won’t want to miss.

Disrupt 2020 runs from September 14 to September 18, and the show will be completely virtual. That means it’s easier than ever to attend and engage with the show. There are just a few Digital Pro Passes left at the $245 price – once they are gone, prices will increase. Discounts are available for current students and non-profit/government employees. Or if you are a founder you can exhibit and be able to generate leads even before the event kicks off at your virtual booth for $445. Get your tickets today.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-6dc1569ad0f69868975c3a5843dfa621’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-6dc1569ad0f69868975c3a5843dfa621’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();