What Happened To Norse Corp.? Threat Intelligence Vendor Disappears

itwbennett writes: Over the weekend, Brian Krebs reported that Sam Glines, CEO of threat intelligence vendor Norse Corp., was asked to step down by the board of directors and employees were told that they could report to work on Monday, but that there was no guarantee they'd be paid for their work. 'Less than a day after Krebs published his article, Norse Corp.'s website was offline, and attempts to email the company failed,' writes CSO's Steve Ragan. 'The ever-popular Norse attack map was online for some of the weekend, but that too had gone dark by Sunday evening.' In the aftermath of the company's disappearance, the topic of flawed data and assumptions once again resurfaced in a blog post written by ICS expert, Robert M. Lee.

Before we freak out

[saboosh]

"A careful review of previous ventures launched by the company’s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles." http://krebsonsecurity.com/201...

Re:Before we freak out

[whoever57]

Those sources say the company's investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do.

Isn't that illegal?

Re:Before we freak out

Not necessarily. If the company declares bankruptcy, the employees become first in line for unpaid pay. But if the company has no assets, then you can't get blood from a stone.

However, if the investors just took back some money or have a contract requiring them to put some more money in, odds are a bankruptcy judge would take that money from the investors to pay the employees.

If I worked there and had no other pressing business, I would show up for work while polishing my resume. That way, if there is any money left, I would be first in line to get it, while still looking for another job.

Re:Before we freak out

Of course not. Every time I show up to work for habitat for humanity they tell me not to expect to get paid. It's only illegal if you get them to work under the pretense of paying them, and then refusing.

Re:Before we freak out

[edtice1559]

I can't speak for countries outside of the US, but in the US, you can't pay people less than minimum wage. They can't work for stock options or anything else. Habitat for humanity is different since they are a 501(c)(3) charity. You can't work for free for a for-profit enterprise.

Re:Before we freak out

[whoever57]

Not necessarily. If the company declares bankruptcy, the employees become first in line for unpaid pay. But if the company has no assets, then you can't get blood from a stone.

I don't know about the USA, but in the UK, I think that would constitute "trading while insolvent", and the company directors could be personally liable for the debts.

Re:Before we freak out

[operagost]

You can if you're under contract.

There are CEOs who have worked for $1 before.

Re:Before we freak out

[tnk1]

There is insurance for such things as well. When I was on a Board of Directors for a corporation, the directors were insured against certain claims, so the insurance may end up being responsible for payment if the corporate indemnification did not cover the whole thing.

This is called Directors and Officers Insurance and covers what corporate indemnification will not.

Re:Before we freak out

[LunaticTippy]

What about interns? Candy Stripers? Apple fanboys? None of those are paid.

Re:Before we freak out

[whoever57]

There are CEOs who have worked for $1 before.

Yes, but what's their remedy? Sue for minimum wage?

Re:Before we freak out

[meerling]

There are exceptions to the wage laws, and interns are one of them. Volunteers for certain things are also exempt. Then there's the so called 'stoop labor', which is another exemption, and a really ugly one. And don't forget the primarily paid by tips scam that F's over waiters/waitresses and the like.

Re:Before we freak out

[Darinbob]

Except that this actually happens without workers ever getting paid. Usually this is back wages, as in the workers may be paid monthly but after bankruptcy announcement there is no further paycheck. Sure, perhaps you can't do this legally but under the US system you have to file suit and generally file suit one by one rather than as a class action (especially if you have no union). I have especially heard from some contractors who stop being paid, but I guess they're not employees.

Re:Before we freak out

[gl4ss]

yeah for one dollar and.. plenty of other benefits to make up for it.

the one dollar ceo thing is just a tax dodge disguised as investor PR.

aanyhow... minimum wage laws are there in place to protect people from being able to agree to work for pennies. that's the whole point.

of course, where does that leave contractors? that's why competent minimum wage laws include infrastructure to control that too so that for example mcdonalds can't make every worker sign up as an independent contractor to work for 5 bucks per day.

Re:Before we freak out

[RockDoctor]

Not necessarily. If the company declares bankruptcy, the employees become first in line for unpaid pay.

Again, not in the UK - and I would strongly suspect that it's not the case in the USA either. (NB : bankruptcy laws are different between the two countries!)

In a UK bankruptcy for a business, the first person in line for a pay-out from liquidating the assets of the company are the insolvency practitioners. Otherwise no one would be stupid enough to take the job on. Ten-foot barge pole ; not touching that. Game of tin soldiers. you'd get insolvency practitioners structuring themselves so that they could go bankrupt to avoid touching a poison pill of a corporate corpse.

The next people in line for a payout are the various tax authorities - HMRC and VAT-man being (I think) slightly higher on the pecking order than the NI man (whose slice is dependent on wages). Then it's the secured creditors, in approximate order, the pension fund, the payroll, and suppliers of physical goods. Then suppliers of non-physical goods. Then you're into the "no hope" brigade of unsecured creditors.

But - different countries, different details. Though I doubt the reasoning for paying the insolvency practitioners first would differ between the countries (unless the service is a government service in the US). And I don't see any government putting the interests of workers ahead of those of the government's revenue office.

Company that nobody has every heard of goes under

[CajunArson]

To quote the sage words of Peter Griffin: "Oh. My. God. Who. the Hell. Cares."

Response by a Norse Programmer and Brian Krebs

[Kobun]

This is an interesting exchange in the comments to Brian's article, between him and a former employee of Norse: http://krebsonsecurity.com/201...

The ex-employee has written a blog post here (might be a liiiiiitle one-sided): http://pandawhale.com/post/703...

Re:Response by a Norse Programmer and Brian Krebs

[FlyHelicopters]

Yes, but I find his comments rather... full of hubris....

I quote from his post:

"But I stand behind everything we built and everything we accomplished. No one has the data collection capability that we built. No one has the correlative, actuarial, data analysis capability that we built. And no one is able to do so, not just in real-time, but live, not even the 3 letter agencies."

First, how can he possibly know what the 3 letter agencies can and cannot do?

Second, if they couldn't before, I'd be shocked if they can't now, after taking Norse's code.

Re:Response by a Norse Programmer and Brian Krebs

First, how can he possibly know what the 3 letter agencies can and cannot do?

One way would be if the 3 letter agencies were buying data from Norse. That could also mean that they were refining their own systems, but that just leads into your second question.

Second, if they couldn't before, I'd be shocked if they can't now, after taking Norse's code.

Re:Response by a Norse Programmer and Brian Krebs

[OverlordQ]

> "But I stand behind everything we built and everything we accomplished. No one has the data collection capability that we built. No one has the correlative, actuarial, data analysis capability that we built. And no one is able to do so, not just in real-time, but live, not even the 3 letter agencies."

Hah, that's a load of bullshit. If any of that was true, you'd be selling to somebody, not shuttering the business.

Re:Response by a Norse Programmer and Brian Krebs

[BarbaraHudson]

I wouldn't bother with anyone who brags "not just in real-time, but live"

Re:Response by a Norse Programmer and Brian Krebs

[Kiaser+Zohsay]

Also, he needs to look up the word "actuarial". I work with some real actuaries, and what they do has nothing to do with what he (appears to be) talking about.

Re:Response by a Norse Programmer and Brian Krebs

[tnk1]

Good ideas don't always make for good businesses.

And yes, I am skeptical too, but you can have a good idea and have it fail to be profitable, especially if no one knows what to do with it.

Re:Company that nobody has every heard of goes und

So you're not in the security field. Thanks for letting us know your opinion doesn't matter.

Re:Company that nobody has every heard of goes und

[bigdady92]

You've never seen the graphs, the charts,the data that comes from this site. It's astounding to watch, I used to have a TV showing all the traffic coming from various countries and it was like watching Thermonuclear Warfare in action.

You've probably never heard of that game from a movie you've never watched either. We get it.

LOL ...

[gstoddart]

A careful review of previous ventures launched by the company's founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles.

So, we can't say this was likely vaporware put up by rip off artists with a long history of failed companies making dubious claims ... but it would appear this is the case.

TFA pretty much reads like these guys are likely shady players with a long history of this:

"These shell companies formed by [the company's founders] bilked investors," Landesman said. "Had anyone gone and investigated any of these partnerships they were espousing as being the next big thing, they would have realized this was all smoke and mirrors."

Someone sounds like they're fairly unambiguously calling these guys con artists.

Re:LOL ...

Come on Stoddart, you're a smart guy, stop posting those fucking LOL-tard comments & subjects.

Smarten up already fer fuck sakes.

Re:Company that nobody has every heard of goes und

[FlyHelicopters]

If you're going to reference it, get it right! :)

Global Thermonuclear War :)

How about a nice game of Chess?

A new owner?

[sgtsquid]

Maybe they are being bought out by BIZX, LLC and they are just trying to stir up some buzz before relaunching it as an ad page.

Re:Company that nobody has every heard of goes und

[bigdady92]

No Joshua, no more games for you.

Re:Company that nobody has every heard of goes und

C'mon, give ol' timothy a break. He's been posting articles by himself day and night for several days now. I'm sure his brain is fried... well, more than usual.

Re:Company that nobody has every heard of goes und

[ArchieBunker]

Sure you weren't watching the 1995 movie "Hackers" by mistake? How are all these fancy charts generated in real time?

Re:What Happened To Norse Corp.?

[Penguinisto]

For what it;'s worth, at time of writing the map appears to load, but no data is being presented on it.

(mind, some of this may be the corp proxy cache filling in blanks...)

Unless you have a contract to restore.

Services that go down monitoring traffic is a waste of time.

nice looking graphs != useful graphs

[aepervius]

They were glorified scan graphs some other company presented before which I can't recall the name. They used to have a software to which you could feed your firewalls logs and get a similar graphs (reverse lookup on country always showed my home IP as being from half a world away but i digress). The problem is that scanning does not mean threat or attacks, and those graphs means next to nothing beyond marketing. Sure nice looking. But empty of meaning.

Re:nice looking graphs != useful graphs

[Forgefather]

This sentiment is reflected among the security professionals that I know. They believe that most cyber threat intelligence is bunk, and often ridicule it their spare time. But then again this is opsec. They ridicule everything.

Re:nice looking graphs != useful graphs

[Jawnn]

This sentiment is reflected among the security professionals that I know. They believe that most cyber threat intelligence is bunk, and often ridicule it their spare time.

That's because, by itself, community threat intel is nothing more than "stuff some other guy saw". On the other hand, when woven into a well-tuned correlation engine, along with all the local input, community threat intel can be a very powerful tool.

Re:Company that nobody has every heard of goes und

Nope.

Re:Company that nobody has every heard of goes und

[Frederic54]

Yup, it's like the thing about Finebros on reddit, I never heard of those guys, and who the hell cares? :)

could someone at least...

make a cool looking screensaver that just shoots packets around? ...our VPs are always so impressed when our SOC puts that on the big screen.

Note to the new Slashdot owners

[b1ng0]

No more itwbennet! All his posts link to csoonline.com or cio.com. Obviously a paid schill. And his posts are not worth the bits they are printed with. Kick him to the curb!

Re:Note to the new Slashdot owners

I'm pretty sure you can find several examples of this. I've noticed certain other submitters that religiously submit articles solely from one particular site or family of sites. Considering how blatant it is, do you really think it's gone unnoticed? Do you think that Slashdot/etc isn't basically doing a sponsored content deal with some of these sites?

Re:Note to the new Slashdot owners

b1ng0 : Thank you for pointing this out. I appreciate the effort you're making, and hope that such efforts have an impact. -- an anon reader

Re:Company that nobody has every heard of goes und

Well we could tell you, but then we'd have to kill you.

Re: Company that nobody has every heard of goes un

I had to check but you're right! Turns out this 'Reddit' you mention is actually a thing.

Re:Company that nobody has every heard of goes und

[NoImNotNineVolt]

Fear not, SOC monkey! I have a replacement attribution map for you! Behold! [SFW, but there is audio]

Re:What Happened To Norse Corp.?

... the map appears to load, but no data is being presented on it.

Or maybe the map is accurate and there just aren't any more attacks?

As soon as one shows up, Norse will be back. Just keep a fresh bulb handy so you can fire up the Norse-Signal.

Re:Company that nobody has every heard of goes und

[Mike+Van+Pelt]

GIven the domain name, I suspect goatse. Not clicking...

Re:Company that nobody has every heard of goes und

[BarbaraHudson]

And if you had actually read a few of the articles, you would have known that Norse wasn't in the security field either.

Re:Company that nobody has every heard of goes und

[NoImNotNineVolt]

I have reasonable posting history, but if that's not enough for you, then you might prefer a link to their source repository, which in turn links out to their production instance at threatbutt.com.

But in my opinion, it's their attribution map that's truly la crème de la crème.

Re:Company that nobody has every heard of goes und

[whoever57]

You've never seen the graphs, the charts,the data that comes from this site. It's astounding to watch, I used to have a TV showing all the traffic coming from various countries and it was like watching Thermonuclear Warfare in action.

Given that even within the company, the exact nature of the back end which "captured" the raw data was kept very secret, how do you know that you were looking at actual data and not just something that was made up?

Too bad - the realtime attack map was cool!

See subject - I felt it was just a really truly NEAT & unique 'webpage based app' (for lack of a better expression) I liked!

* Was useful for security-purposes to see "what's-what" & WHO was attacking whom etc. - et al!

APK

P.S.=> It's too bad it had to be done in by this fiasco... apk

Re:Too bad - the realtime attack map was cool!

Fools are easily impressed.

No Pay, No Play

[meerling]

Telling the employees to show up monday, but don't expect to get paid is the same as telling them that they're fired, but you're too much of a douche to admit it to them and want them to work for free while you try to find a way to activate that golden parachute for yourself.

You've done better than that attack map?

See subject: This is a fair challenge to you - Prove it - then we'll SEE who the FOOL is here (not I).

* I liked it, it was useful to me - that doesn't make ME a fool by the way.

APK

P.S.=> Of course, you won't have a thing & will evade that challenge so, You are FOOLING no one ac troll (YOU will prove yourself to be the FOOL here, not I)... apk

Re:You've done better than that attack map?

I know you are but what am I? ~ TheR34LZAPK

Re:Company that nobody has every heard of goes und

Holy smilie-faced shit-posting, did you wake up 12 years old today?

Must be back up

There it is - https://map.norsecorp.com/