Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firewall Company Palo Alto Buys Stealthy Startup Formed By Ex-NSAers

Posted by Unknown on from the insert-conspiracy-theory-here dept.

alphadogg writes "Next-generation firewall maker Palo Alto Networks today announced its first acquisition, an intriguing buyout of a stealthy Mountain View start-up called Morta Security whose founders hail from the NSA. The price of the purchase was not disclosed. Morta that has been in stealth mode since 2012 and describes its founders as 'executives and engineers from the National Security Agency.' CEO Raj Shahsays he worked in the Air Force Reserve supporting the NSA. 'We have deep experience in protecting our national infrastructure,' he says. (Curious to see if more startups will start marketing their NSA heritage...)"

69 of 102 comments (clear)

  1. I don't think so. by Frosty+Piss · · Score: 5, Funny

    Hmmm, maybe I'll *not* buy their firewall...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:I don't think so. by Hunter-Killer · · Score: 2

      Sonicwall offers a Network Security Appliance firewall. I can hear their marketing department: "NSA? That spells security!" Good luck with that today.

    2. Re:I don't think so. by TheGratefulNet · · Score: 2

      maybe I'll convince people I DON'T LIKE to buy their firewalls....

      --

      --
      "It is now safe to switch off your computer."
    3. Re:I don't think so. by Obijon70 · · Score: 2

      Now, now, Im sure the products they offer will be 100% safe and backdoor proof. Boy that was hard to type with out it getting stuck in my throat...

    4. Re:I don't think so. by MobSwatter · · Score: 1

      Why not? It probably comes stock listening on TCP port 32764.

      1. Buy firewall.
      2. Setup sniffer.
      3. Make questionably threatening statements on phone.
      4. Capture traffic on firewall WAN.

      Wallah! Instant keys to palace to credit card, banking industry, anything that uses RSA security, probably oil company's too!

    5. Re:I don't think so. by MobSwatter · · Score: 1

      Actually I think Dell took care of that one for the spooks, they probably didn't like the option available to the end user to run in FIPS mode or not.

    6. Re:I don't think so. by Stormwatch · · Score: 1

      Wallah!

      It's "voilà".

      --
      Circumcision is child abuse.
    7. Re:I don't think so. by MobSwatter · · Score: 1

      But it's gotta be better than trolling the NSA about an email you accidentally deleted and know they have a copy of!

    8. Re:I don't think so. by Aighearach · · Score: 1

      Most of my clients need to buy these things. Lots of them. So me and my friends have $ to buy some open hardware.

    9. Re:I don't think so. by sconeu · · Score: 2

      That's what he said. He's just Chekov.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    10. Re:I don't think so. by mwvdlee · · Score: 1

      NSA Firewall; where nothing short of a disgruntled employee will expose all your secrets.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    11. Re:I don't think so. by skegg · · Score: 1

      Wallah!

      It's "voilà".

      He could have been quoting Arabic ... in which case that word fits quite well.
      (However I agree he probably meant "voila".)

    12. Re:I don't think so. by MobSwatter · · Score: 1

      Walla! definition
      [w l]
      and Wala!; Wallah!; Viola!

              Voila!
              And there you have it! (All versions are misspellings or misunderstandings of the French The Viola! is a well-meant spelling error.) : exclam. , And walla! There it is. Cooked just right!

      Wallah comes from the phonetic pronunciation of the french word viola. Wallah is an exclamation, it simply means “look at this”.

      Now if we could just get the NSA to put this level of critical thinking and attention to detail towards the constitution we'd be all set!

    13. Re:I don't think so. by Jeremiah+Cornelius · · Score: 1

      "In Roman mythology, Morta was the goddess of death... She is responsible for pain and death that occurs in a half wake half sleep time frame."

      https://en.wikipedia.org/wiki/Morta_(mythology)

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  2. Firewalls with integrated... by Anonymous Coward · · Score: 3, Insightful

    remote access for the NSA

  3. From the NSA? or just kinda near them...ish? by exomondo · · Score: 4, Interesting

    > whose founders hail from the NSA

    > CEO Raj Shahsays he worked in the Air Force Reserve supporting the NSA

    They aren't really the same thing now are they?

    1. Re:From the NSA? or just kinda near them...ish? by Frosty+Piss · · Score: 2

      CEO Raj Shahsays he worked in the Air Force Reserve supporting the NSA

      They aren't really the same thing now are they?

      Either way it's not really a good selling point.

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:From the NSA? or just kinda near them...ish? by recharged95 · · Score: 1

      Nope. Keyword is supporting.

      For instance, I know a lot of BAH employees that are Reserve troops, they don't support, but basically are contractors.

      Heck in the end, it's a silicon valley company. They'll say anything to get a buck or free advertising nowadays.

    3. Re:From the NSA? or just kinda near them...ish? by recharged95 · · Score: 2

      Also, I like the 'wildfire' play on likely the main competition, which is Sourcefire. Which really started stuff like Snort and Ethereal...

    4. Re:From the NSA? or just kinda near them...ish? by ArchieBunker · · Score: 2

      Maybe he knows something we don't and plans to capitalize on it?

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    5. Re:From the NSA? or just kinda near them...ish? by Anonymous Coward · · Score: 1

      according to this article
      http://www.nytimes.com/2013/08/23/technology/the-pentagon-as-start-up-incubator.html

      he was an air force pilot, iam sure some of the real Air force guys here can verify that he did indeed serve, wonder what company he was in ?

      so many liars and fakers you gotta be careful

    6. Re:From the NSA? or just kinda near them...ish? by Aighearach · · Score: 2

      Sure, it might say we've moved beyond knee-jerk racism based on names.

      By "we" I mean, Americans.

    7. Re:From the NSA? or just kinda near them...ish? by Aighearach · · Score: 1

      Yep. All PR is good PR... right?

    8. Re:From the NSA? or just kinda near them...ish? by Anonymous Coward · · Score: 1

      Hang out in Maryland sometime and you will find out that yes, they really are the same thing. Many of the NSA civilian employees are former Air Force. They are trained by the government and then "move up" to the civilian positions where there aren't the same pay grade restrictions. Anyone who has worked in U.S. government in the last decade knows the real money is in "consulting".

    9. Re:From the NSA? or just kinda near them...ish? by hubie · · Score: 1

      he was an air force pilot, iam sure some of the real Air force guys here can verify that he did indeed serve

      300,000 people in the Air Force. That's like finding out what state someone is from, then saying "hey, my friend Bill is from that state. Maybe you know him?"

    10. Re:From the NSA? or just kinda near them...ish? by jalopezp · · Score: 1

      Racism? Social regression?

  4. Buy the cronies to get a right to bid on contracts by dbIII · · Score: 4, Interesting

    When there is corruption you need to employ a former "insider" before your bids on contracts are even looked at.
    Why do you think people like the person that lost the White House emails is employable by a data recovery company?

  5. Waitwhat. by Johann+Lau · · Score: 5, Insightful

    We have deep experience in protecting our national infrastructure

    I beg your pardon? This coming from the fuckwits who insist on just about everything having unfixed holes and/or backdoors? Unless by "deep experience" they are referring to having their heads up their asses, I call BS.

    What do you think would increase security more, in the long run - firewalls by the NSA, or firing squads for the NSA? Sad thing is, what starts out as a polemic rhetorical question is actually not that easy to answer, now is it.

    1. Re:Waitwhat. by ArchieBunker · · Score: 3, Interesting

      I'd call that deep experience. Most people suspected them of having some hidden backdoors or listening powers but no one had proof. I'd call their campaign pretty successful until Edward Snowden blew the doors open.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Waitwhat. by Johann+Lau · · Score: 1

      Would you call that deep experience in securing systems, or rather deep experience in not securing them, even actively making them weaker, and not talking about that fact? It's like saying a butcher has deep experience about what animals need to be alive; technically true, but that doesn't make a butcher a great veterinarian.

    3. Re:Waitwhat. by ZouPrime · · Score: 2

      The NSA does both. Beyond their SIGINT operations, they also support industries in various security initiatives.

    4. Re:Waitwhat. by Vitriol+Angst · · Score: 1

      One of the number one software purchases for people who use Windows computers is something to protect them from viruses and trojan horses.

      If the number one source of profits for exploits and protection from exploits is from former NSA employees, it stands to reason that there will be a feedback mechanism maintaining exploits and backdoors at the NSA. For "security" reasons of course -- not just for profit.

      --
      >>"ad space available -- low rates!!!"
    5. Re:Waitwhat. by Vitriol+Angst · · Score: 1

      I'd say if you can sneak in that back door -- you are going to have a good talent for preventing back doors.

      Only, with ethics like this -- I don't have any sympathy for anyone procuring the services of this company if they find they've got a backdoor engineered into their system.

      Providing and protecting from the same threats is a profitable business model; just ask the weapons industry.

      --
      >>"ad space available -- low rates!!!"
    6. Re:Waitwhat. by Anne_Nonymous · · Score: 1

      >> Silicon Valley-based Morta Security has been operating in "stealth mode," meaning it has not disclosed much information about itself in order to avoid alerting competitors about a product or other activity.

      From here

    7. Re:Waitwhat. by sir-gold · · Score: 1

      They only "supported" those security initatives so that they could install backdoors in them. Stuff like the Dual_EC_DRBG random number specification from NIST that isn't actually random.

      "....the Dual_EC_DRBG, like many algorithms, relies on parameters labelled P and Q for security. These could be randomly generated; however, the actual choice of P and Q were dictated by those involved in the design of the algorithm — the NSA."

    8. Re:Waitwhat. by ZouPrime · · Score: 1

      While what the NSA did with Dual_EC_DRBG is shit, no, it's not the only way they support civilian infrastructure. NSA provide all kind information security expertise, not just with encryption.

    9. Re:Waitwhat. by sir-gold · · Score: 1

      Asking the NSA for advice on information security is like asking a convicted burglar for advice on locks. Sure, he is probably expertly qualified to tell you which locks are the hardest to break, but will he act in your best interest?

  6. Any network startup by Swampash · · Score: 2

    That has any past connection, through staff or projects, with the NSA is now about as popular as cancer.

  7. "Next-generation firewall maker..." by oldhack · · Score: 1

    Well, that's better. Why bother pretending to be something other than a paid-off PR/click-bait site?

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  8. well-named company. that Morta Security by PopeRatzo · · Score: 5, Interesting

    "Morta" in Italian means, "dead man".

    Draw your own conclusions.

    Forget Left and Right, Liberal or Conservative, Republican or Democrat. We are all enemies of the State now. It's starting to look like those divisions have just been artificially put in place in order to make us easier to control. When we're fighting each other, we're not paying attention to the real bad guys. And the bad guys goal is to take everything. If you're not part of the financial/political elite, you're not in the car, you're standing on the side of the road.

    Nothing can really get better - not one thing - unless we deal with this security apparatus in a lasting way. It makes us less secure, poorer and sliding down the economic scale. And today, Janet Yellin was installed as the new bursar for this apparatus, in charge of siphoning wealth to the very few.

    --
    You are welcome on my lawn.
    1. Re:well-named company. that Morta Security by 3.5+stripes · · Score: 2

      Actually, morta would be referring to the feminine, dead man is uomo morto.

      --


      He tried to kill me with a forklift!
    2. Re:well-named company. that Morta Security by Bert64 · · Score: 1

      Because if you deny people the freedom to rant, then they will still do so but hide their actions and you lose track of them...

      If you give people the freedom to rant in public then you know exactly who is saying what, and you can keep track of them as well as anyone who listens to them. Also the apparent freedom acts to placate some who might want to rant.
      If anyone's opposing views ever become too widespread it is much easier to keep them under control and discredit them if you know exactly who they are.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:well-named company. that Morta Security by tomhath · · Score: 1

      There's an old saying: "Dead men tell no tales".

    4. Re:well-named company. that Morta Security by PopeRatzo · · Score: 1

      I disagree and strongly. People argue as much as ever.

      Sure, but isn't it interesting that the US, for example, has become so precisely a 50-50 nation? Every election is close, congress so evenly split, all political media promoting division.

      I think the biggest worry of the 1% is that the Occupy people and the Tea Party people and the union people and the poor people will all realize that they have very similar interests in the things that matter most: economics.

      It's also interesting the way all the big divisive political issues are the ones that are furthest away from the economics. Gay marriage. Abortion. Guns. Religion. Things that split people very nearly down the middle but have nothing to do with the reality of their daily lives. Hot-button issues that avoid the biggest issue of all.

      --
      You are welcome on my lawn.
  9. Cost Saver by hagrin · · Score: 1

    What a great way to save on $10 million dollar backdoor fees - have your ex-employees build the devices themselves!

    --
    Hagrin.com
  10. They still work for the NSA by Anonymous Coward · · Score: 1

    Not fooled.

  11. ITT by Luke+has+no+name · · Score: 2

    People who don't actually work in cybersecurity.

  12. NSA and the firewall .. by DTentilhao · · Score: 1

    Surely the NSA have a number of means of bypassing the firewall by now ...

  13. Supported the NSA? by Anonymous Coward · · Score: 2, Funny

    "Good evening Mr. Sir, I am being your Microsofts supporting person. My name is being Raj Shah and I am being afraid I must inform you that your Windows is being having a virus..."

    1. Re:Supported the NSA? by Anonymous Coward · · Score: 1

      Hey you forgot to include "Oh blimey, goodness gracious me!" to round out the racist stereotype.

  14. Bad ex-bosses by Stormwatch · · Score: 1

    What's the big deal? I mean, do you think Wernher von Braun's later work was bad just because his former boss wasn't the nicest guy in the world?

    --
    Circumcision is child abuse.
  15. Re:Oh Noes! by MobSwatter · · Score: 1

    NSA live this one down? The people will not have it.

  16. Re:Oh Noes! by couchslug · · Score: 1

    I'm not indignant, just amused.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  17. Re:Oh Noes! by Johann+Lau · · Score: 1

    It's not our fault that just about anything coming from that general direction makes everybody else seem like a super intelligent saint. Your jealousy is duly noted.

  18. Re:LOL "Raj Shahsays" by Anonymous Coward · · Score: 1

    I know I risk troll feeding, but another cretin who can't tell Indian from Arab names. There should be a space between Shah and says. The CEO's name would be Raj Shah

  19. Chaper than $10M by eli384 · · Score: 1

    So now, instead of paying 10 mil to "security companies" and having all those nasty paper trails, the NSA just implants its ex-employees in those same "security companies" so that they can add backdoors by hand? That... is actually a pretty good idea, because it gives them a broader reach and is more cost effective.

  20. bad analogy by circletimessquare · · Score: 2

    you can build rockets for hitler, or you can build rockets for truman. they're both still rockets. you can test the rocket, make sure it works, you can separate the creator of the tech from the tech

    but security is not like that. it's an ongoing trust relationship. you have to trust the people involved

    and if your previous job was secretly sabotaging all security to a govt, this is probably not someone you want to trust your company's security to. when the NSA breaches your system, they have an ally already inside your system. if you didn't have a problem working for the NSA before, you probably still don't have any problems with their behavior, the defilement of our foundational rights

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  21. Re:Fools Device by 3.5+stripes · · Score: 1

    I thought the primary reasoning behind firewall "appliances" was the reduced amount of non essential software they run, compared to your average server.

    --


    He tried to kill me with a forklift!
  22. Re:i can smell Rajs bullshit from here by vbraga · · Score: 1

    There's something that calls itself 'Princeton Alumni Weekly' that lists Raj Shah as a F-16 fighter pilot.

    This seems to match his mini resume in AngelList:

    CEO of Morta Security. Strong business (McKinsey, private equity) and government (@USAF F-16 pilot, DoD, NSA) background. @Wharton MBA, @Princeton undergrad.

    --
    English is not my first language. Corrections and suggestions are welcome.
  23. Re:Fools Device by Bert64 · · Score: 1

    So now you have the small amount of software running on the firewall, PLUS all the software running on the server (unless you advocate removing the server and having only the firewall?)... You've not decreased the amount of software you're running, you have increased it.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  24. Re:Fools Device by datapharmer · · Score: 1

    I think a review of the meaning of "attack surface" is due here. The idea here is to keep the bad guys out. If you can't physically secure your infrastructure (including some level of trust in your employees) you are guaranteed trouble. For that reason most networks are guaranteed trouble, but that aside a proper firewall does reduce the attack surface on the WAN by limiting traffic to what you want exiting and entering your network. Does a security guard also make a bank less secure because it increases the "robbery" surface?

    --
    Get a web developer
  25. Stealthy? by BisuDagger · · Score: 1

    Not stealthy enough apparently. Rumor also has it that they are going to sell human sized fly-paper traps that way the ex-NSA-ers could stick it to the man.

  26. Re:i can smell Rajs bullshit from here by McGruber · · Score: 2

    An Air force pilot? really ? no history ? nothing anywhere on the web including the seclists /waves hand....charlatans everywhere

    AC's allegation about Raj Shah being a charlatan really intrigued me, so I just wasted two hours doing a little digging... and I now suspect Raj Shah is lying about having been a USAF F-16 pilot. Here are a few different versions of Raj Shah's CV:

    Khabar: Georgian Raj Shah Wins Soros Fellowship for New Americans (April 2007)

    Raj Shah is among 31 finalists in the 10th annual competition for the Paul & Diasy Soros Fellowships for New Americans (immigrants and children of immigrants). They were selected from over 800 applicants representing 141 nationalities and 360 colleges and universities. Shah is currently the Special Assistant to the Deputy Undersecretary of Defense for International Technology Security in the US Department of Defense. He plans to attend Wharton in the fall to study business. Shah holds an AB from the Woodrow Wilson School at Princeton University. Upon graduating from Princeton, he took a job at McKinsey and Company but left 4 months after 9/11 to join the United States Air Force. Shah flew eighteen combat missions in Iraq as a captain and F-16 pilot. After four years of active duty, he transitioned to the reserves and rejoined McKinsey & Co.; from there he embarked on his present work.

    Times of India: Business honcho bombed Iraq for US Air Force

    He flew US Air force F-16 over Iraqi air space in 2006 and as recently as in March to May in 2010 for nearly 200 hours in 38 combat missions at a speed of Mac 2 (twice the speed of sound). Thirty-three-year-old Gujarati American Raj Shah, then a combat pilot, said, "The biggest fear in a pilot's mind is the fear of making a mistake. If we err, innocent people die." This Wharton School MBA, now vice-president of a defence focused investment firm, is a battle hardened soldier turned business executive.

    "From 500 feet above the sea level to 50,000 feet, I flew as per the requirement. The altitude depended on the targets and in Iraq we flew very low for precision target hitting," said Raj, who joined the US Air Force in 2000 and took his first flight school in December, 2001.

    He flew every third day on missions in Iraq and volunteered himself at Airport Theatre Hospital at Bagdad to help out the medical teams.

    "In January 2006, it was 3 am in Bagdad when the US Air Force base sirens went off. I was sleeping in my flight suit. I ran to the jet and and in five minutes was flying 500 feet over Bagdad where a number of people were trying to block the path of US-Iraqi troops, who were on rescue mission," he said.

    Those quotes about his missions are really strange.... and the the timeline in the 1st article (joined USAF 4 months after 9/1) contradicts the timeline in the 2nd (joined USAF in 2000). Also, in the first article (from 2007), he is described as having flow 18 combat missions, but in the next piece, posted four years later, he claims he flew 38 combat missions:

    NetIP: Vote for Raj Shah (August 2011)

    A reserve F-16 Pilot in the US Air Force, Raj is also is the Vice President of Federal Systems, a defense-focused investment firm. Now in its 6th year, Nanubhai impacts 8,000 students in rural India and has sent over 25 American teachers to India. In the USAF, Raj served two tours of duty in Iraq flying 38 combat missions. Raj has also worked as a Special Assistant in the Office of the Secretary of Defense. Previously Raj worked at McKinsey & Co. serving both private and public s

  27. Re:Fools Device by davidhoude · · Score: 1

    So you think each internal device should be responsible for its own access control on the network? You want the application server to implement layer 7 filtering? What about ASIC's? Are you adding custom silicon to your application servers so they can filter at high speeds? Are you going with a hardware loadbalancer? Your arguments don't make sense in the real world.

  28. Re:Fools Device by Bert64 · · Score: 1

    If your hosts are sensibly configured, then a firewall only serves to prevent external users from sending traffic to closed ports on your server... There isn't a huge risk involved with users being able to send traffic to closed ports.

    If a port is open then it should be open for a reason, and you will configure your firewall to allow that service through anyway.

    By adding a firewall you've increased your hardware costs, increased your hosting (rackspace, power) costs, increased your maintenance costs, decreased throughput, increased latency, added additional potential failure points... And for what?

    Firewalls are often used by people who are too lazy or incompetent to configure their servers properly, so you have a grossly insecure webserver running telnet, smb, ftp etc where the firewall only permits access to http. A properly configured webserver would only allow http in the first place.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  29. Re:To be honest... by davidhoude · · Score: 1

    I know you are posting as Anonymous, so chances are you will not read this. I am just curious where you get this idea of dodgy network compatibility? I also have a hard time believing that in 20 years of administration, you don't see the good side of firewall appliances. I too am a BSD administrator, running countless pf, ipfw, ipfilter, iptables systems. Just because you like and/or use one thing doesn't mean it is the be all end all of the networking world. If you knew anything about these Palo Alto firewalls, you would know the benefits to using them over BSD. I have nothing against BSD firewalls, but you simply cannot compare the two. The PA firewall has customer silicon that processes layer7 data in real time. I have seen L7 filtering with pf and relayd, but come on now, it is not what pf was meant to do. I am sure you can add customer chips to a BSD box and get something similar, hell I wouldn't be surprised if the PA is based off some sort of the OS. I just don't see the point in dismissing what many would argue as 'state of the art' firewalls as being obsolete because you can do the same with open source. There is a reason why people choose VMWare licensing over running purely KVM/BHyve... By the time you factor in enough staff to get the open source platform working, paying workers comp, unemployment, and benefits...you might be better off licensing a turn-key product. I'm not in favor of one or the other, but rather use the right tool for the job.

  30. Re:To be honest... by davidhoude · · Score: 1

    And by customer I mean customer..doh I mean custom.

  31. Re:You've got to laugh by davidhoude · · Score: 1

    Hey look, this anonymous guy on the internet says that Palo Alto doesn't know what they are doing based on something he read on the internet. Can't argue that...

  32. Re:Fools Device by davidhoude · · Score: 1

    >If your hosts are sensibly configured, then a firewall only serves to prevent external users from sending traffic to closed ports on your server. I had a real LOL at this. What about virus protection? What about identifying an infected client and blocking communication with command and control servers? What about web browsing policy, and blocking L7 traffic on known good ports (Think SSH Tunnel on port 443)? While I completely understand your arguments when talking about Layer 3 firewalls, this is not what we are talking about. These Palo Alto firewalls have ASIC's that scan for virus definitions on dedicated hardware in real time. This is just one of their many features. While a firewall is no replacement for a properly configured server, acting like firewalls have no use is laughable.