What Happened To Norse Corp.? Threat Intelligence Vendor Disappears

itwbennett writes: Over the weekend, Brian Krebs reported that Sam Glines, CEO of threat intelligence vendor Norse Corp., was asked to step down by the board of directors and employees were told that they could report to work on Monday, but that there was no guarantee they'd be paid for their work. 'Less than a day after Krebs published his article, Norse Corp.'s website was offline, and attempts to email the company failed,' writes CSO's Steve Ragan. 'The ever-popular Norse attack map was online for some of the weekend, but that too had gone dark by Sunday evening.' In the aftermath of the company's disappearance, the topic of flawed data and assumptions once again resurfaced in a blog post written by ICS expert, Robert M. Lee.

Re:

[Penguinisto]

For what it;'s worth, at time of writing the map appears to load, but no data is being presented on it. [norsecorp.com]

(mind, some of this may be the corp proxy cache filling in blanks...)

Before we freak out

[saboosh]

"A careful review of previous ventures launched by the company’s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles." http://krebsonsecurity.com/201... [krebsonsecurity.com]

Re:

[whoever57]

Those sources say the company's investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do.

Isn't that illegal?

Re:

[whoever57]

Not necessarily. If the company declares bankruptcy, the employees become first in line for unpaid pay. But if the company has no assets, then you can't get blood from a stone.

I don't know about the USA, but in the UK, I think that would constitute "trading while insolvent", and the company directors could be personally liable for the debts.

Re:

[tnk1]

There is insurance for such things as well. When I was on a Board of Directors for a corporation, the directors were insured against certain claims, so the insurance may end up being responsible for payment if the corporate indemnification did not cover the whole thing.

This is called Directors and Officers Insurance and covers what corporate indemnification will not.

Re:

[RockDoctor]

Not necessarily. If the company declares bankruptcy, the employees become first in line for unpaid pay.

Again, not in the UK - and I would strongly suspect that it's not the case in the USA either. (NB : bankruptcy laws are different between the two countries!)

In a UK bankruptcy for a business, the first person in line for a pay-out from liquidating the assets of the company are the insolvency practitioners. Otherwise no one would be stupid enough to take the job on. Ten-foot barge pole ; not touching that

Re:

[Anonymous Coward]

Of course not. Every time I show up to work for habitat for humanity they tell me not to expect to get paid. It's only illegal if you get them to work under the pretense of paying them, and then refusing.

Re:

[Ed Tice]

I can't speak for countries outside of the US, but in the US, you can't pay people less than minimum wage. They can't work for stock options or anything else. Habitat for humanity is different since they are a 501(c)(3) charity. You can't work for free for a for-profit enterprise.

Re:

[operagost]

You can if you're under contract.

There are CEOs who have worked for $1 before.

Re:

[whoever57]

There are CEOs who have worked for $1 before.

Yes, but what's their remedy? Sue for minimum wage?

Re:

[gl4ss]

yeah for one dollar and.. plenty of other benefits to make up for it.

the one dollar ceo thing is just a tax dodge disguised as investor PR.

aanyhow... minimum wage laws are there in place to protect people from being able to agree to work for pennies. that's the whole point.

of course, where does that leave contractors? that's why competent minimum wage laws include infrastructure to control that too so that for example mcdonalds can't make every worker sign up as an independent contractor to work for 5 bu

Re:

[LunaticTippy]

What about interns? Candy Stripers? Apple fanboys? None of those are paid.

Re:

[meerling]

There are exceptions to the wage laws, and interns are one of them. Volunteers for certain things are also exempt. Then there's the so called 'stoop labor', which is another exemption, and a really ugly one. And don't forget the primarily paid by tips scam that F's over waiters/waitresses and the like.

Re:

[Darinbob]

Except that this actually happens without workers ever getting paid. Usually this is back wages, as in the workers may be paid monthly but after bankruptcy announcement there is no further paycheck. Sure, perhaps you can't do this legally but under the US system you have to file suit and generally file suit one by one rather than as a class action (especially if you have no union). I have especially heard from some contractors who stop being paid, but I guess they're not employees.

Company that nobody has every heard of goes under

[CajunArson]

To quote the sage words of Peter Griffin: "Oh. My. God. Who. the Hell. Cares."

Re:

[BarbaraHudson]

And if you had actually read a few of the articles, you would have known that Norse wasn't in the security field either.

Re:Company that nobody has every heard of goes und

[bigdady92]

You've never seen the graphs, the charts,the data that comes from this site. It's astounding to watch, I used to have a TV showing all the traffic coming from various countries and it was like watching Thermonuclear Warfare in action.

You've probably never heard of that game from a movie you've never watched either. We get it.

Re:Company that nobody has every heard of goes und

[FlyHelicopters]

If you're going to reference it, get it right! :)

Global Thermonuclear War :)

How about a nice game of Chess?

Re:

[bigdady92]

No Joshua, no more games for you.

Re:

[ArchieBunker]

Sure you weren't watching the 1995 movie "Hackers" by mistake? How are all these fancy charts generated in real time?

nice looking graphs != useful graphs

[aepervius]

They were glorified scan graphs some other company presented before which I can't recall the name. They used to have a software to which you could feed your firewalls logs and get a similar graphs (reverse lookup on country always showed my home IP as being from half a world away but i digress). The problem is that scanning does not mean threat or attacks, and those graphs means next to nothing beyond marketing. Sure nice looking. But empty of meaning.

Re:

[Forgefather]

This sentiment is reflected among the security professionals that I know. They believe that most cyber threat intelligence is bunk, and often ridicule it their spare time. But then again this is opsec. They ridicule everything.

Re:

[Jawnn]

This sentiment is reflected among the security professionals that I know. They believe that most cyber threat intelligence is bunk, and often ridicule it their spare time.

That's because, by itself, community threat intel is nothing more than "stuff some other guy saw". On the other hand, when woven into a well-tuned correlation engine, along with all the local input, community threat intel can be a very powerful tool.

Re:

[NoImNotNineVolt]

Fear not, SOC monkey! I have a replacement attribution map for you! Behold! [threatbutt.com] [SFW, but there is audio]

Re:

[Mike Van Pelt]

GIven the domain name, I suspect goatse. Not clicking...

Re:

[NoImNotNineVolt]

I have reasonable posting history, but if that's not enough for you, then you might prefer a link to their source repository [github.com], which in turn links out to their production instance at threatbutt.com.

But in my opinion, it's their attribution map that's truly la crème de la crème.

Re:

[whoever57]

You've never seen the graphs, the charts,the data that comes from this site. It's astounding to watch, I used to have a TV showing all the traffic coming from various countries and it was like watching Thermonuclear Warfare in action.

Given that even within the company, the exact nature of the back end which "captured" the raw data was kept very secret, how do you know that you were looking at actual data and not just something that was made up?

Re:

[Frederic54]

Yup, it's like the thing about Finebros on reddit, I never heard of those guys, and who the hell cares? :)

Re: Company that nobody has every heard of goes un

[Anonymous Coward]

I had to check but you're right! Turns out this 'Reddit' you mention is actually a thing.

Response by a Norse Programmer and Brian Krebs

[Kobun]

This is an interesting exchange in the comments to Brian's article, between him and a former employee of Norse: http://krebsonsecurity.com/201... [krebsonsecurity.com]

The ex-employee has written a blog post here (might be a liiiiiitle one-sided): http://pandawhale.com/post/703... [pandawhale.com]

Re:

[FlyHelicopters]

Yes, but I find his comments rather... full of hubris....

I quote from his post:

"But I stand behind everything we built and everything we accomplished. No one has the data collection capability that we built. No one has the correlative, actuarial, data analysis capability that we built. And no one is able to do so, not just in real-time, but live, not even the 3 letter agencies."

First, how can he possibly know what the 3 letter agencies can and cannot do?

Second, if they couldn't before, I'd be shocked if th

Re:Response by a Norse Programmer and Brian Krebs

[OverlordQ]

> "But I stand behind everything we built and everything we accomplished. No one has the data collection capability that we built. No one has the correlative, actuarial, data analysis capability that we built. And no one is able to do so, not just in real-time, but live, not even the 3 letter agencies."

Hah, that's a load of bullshit. If any of that was true, you'd be selling to somebody, not shuttering the business.

Re:

[tnk1]

Good ideas don't always make for good businesses.

And yes, I am skeptical too, but you can have a good idea and have it fail to be profitable, especially if no one knows what to do with it.

Re:

[BarbaraHudson]

I wouldn't bother with anyone who brags "not just in real-time, but live"

Re:

[Kiaser Zohsay]

Also, he needs to look up the word "actuarial". I work with some real actuaries, and what they do has nothing to do with what he (appears to be) talking about.

LOL ...

[gstoddart]

A careful review of previous ventures launched by the company's founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles.

So, we can't say this was likely vaporware put up by rip off artists with a long history of failed companies making dubious claims ... but it would appear this is the case.

TFA pretty much reads like these guys are likely shady players with a long history of this:

"These shell companies formed by [the company's founders] bilked investors," Landesman said. "Had anyone gone and investigated any of these partnerships they were espousing as being the next big thing, they would have realized this was all smoke and mirrors."

Someone sounds like they're fairly unambiguously calling these guys con artists.

A new owner?

[sgtsquid]

Maybe they are being bought out by BIZX, LLC and they are just trying to stir up some buzz before relaunching it as an ad page.

Note to the new Slashdot owners

[b1ng0]

No more itwbennet! All his posts link to csoonline.com or cio.com. Obviously a paid schill. And his posts are not worth the bits they are printed with. Kick him to the curb!

Re:

[Anonymous Coward]

I'm pretty sure you can find several examples of this. I've noticed certain other submitters that religiously submit articles solely from one particular site or family of sites. Considering how blatant it is, do you really think it's gone unnoticed? Do you think that Slashdot/etc isn't basically doing a sponsored content deal with some of these sites?

No Pay, No Play

[meerling]

Telling the employees to show up monday, but don't expect to get paid is the same as telling them that they're fired, but you're too much of a douche to admit it to them and want them to work for free while you try to find a way to activate that golden parachute for yourself.