Thursday, March 6, 2014

Fireeye's Ashar Aziz Becomes First Pakistani-American Tech Billionaire

Silicon Valley has minted the first Pakistani-American billionaire with an incredible 377% surge in the price of Fireeye (NASDAQ: FEYE) shares since its IPO last year.

The advanced computer security software company , founded by Ashar Aziz, priced its initial public offering of 15.2 million shares at $20 per share in September, raising about $304 million after increasing its expected price range to $15 to $17 per share.

Aziz owns about 10.91 million shares in the Milipitas, Calif.-based security company; that 9.3% stake on the close of the first day of trading in September was worth more than $392 million.

Here are some of the reasons for the huge spike as described by Business Insider:

1. The company's flagship product solves a really hard computer security problem. It is able to stop hack attacks that were previously almost impossible to stop.

2. FireEye bought another security firm, Mandiant, for $1 billion. Mandiant was famous for uncovering links between Chinese hackers and attacks on U.S. companies.

3. With Mandiant, FireEye launched a cloud computing security service that competes with SourceFire. SourceFire is the company Cisco bought last summer for $2.7 billion.

4. The company beat expectations on its fourth quarter with revenue of $57.3 million, a beat by $1.26 million, and EPS of $-0.35, a beat by $0.03.

5. Some Wall Street analysts have been really gung ho on the company. Wells Fargo started tracking it a month ago, saying it was "a once in a decade opportunity to invest in a truly disruptive technology."

The world has dramatically changed since the 1990s when Wintel ruled the roost. PC is no longer the dominant device. Smartphones and tablets have brought the era of mobile cloud computing where neither Intel nor Microsoft enjoy leadership position. Even developing countries like Pakistan are deploying cloud computing applications. A Google sponsored survey in Pakistan found that mobile computing is expected to overtake desktop computing this year. Several new and more innovative and powerful players have emerged to in this market.

As more and more enterprises embrace cloud-based computing, cloud security is becoming a hot area for many entrepreneurs. This shift means over $2 billion annual market for cloud security vendors like Fireeye and Elastica. Researchers at Gartner forecast the highest growth to occur in cloud-based tokenisation and encryption, security information and event management (SIEM), vulnerability assessment and web application firewalls.

Recently, a Silicon Valley cloud security start-up Ealstica was launched by Rehan Jalil, a Pakistani-American alumnus of NED University of Engineering, Karachi, Pakistan. Elastica received $6.3 million funding from Mayfield Ventures, a premier Silicon Valley Venture Capital firm.

Several analysts have recently upgraded Fireeye to buy with the target price above $100.

Related Links:

Haq's Musings

Pakistani-American Ashar Aziz's Fireeye Goes Public

Pakistani-American Shahid Khan Richest South Asian in America

Two Pakistani-American Silicon Valley Techs Among Top 5 VC Deals

Pakistani-American's Game-Changing Vision 

Minorities Are Majority in Silicon Valley 

US Promoting Venture Capital & Private Equity in Pakistan

Pakistani-American Population Growth Second Fastest Among Asian-Americans

Edible Arrangements: Pakistani-American's Success Story

Pakistani-American Elected Mayor

Upwardly Mobile Pakistan

6 comments:

CanadianBoy said...

http://www.scmp.com/comment/insight-opinion/article/1430177/fight-corruption-beijing-should-look-pakistan

To fight corruption, Beijing should look to 'Failed State' Pakistan.

Feature on HongKong's oldest English News Paper by Professor Dan Hough, Director of the Sussex Centre for the Study of Corruption at the University of Sussex, UK:

One approach that might have mileage on the mainland, however, can be found in Punjab, Pakistan. Corruption in land transactions in particular reached such proportions in Lahore that the chief minister, Shahbaz Sharif, introduced a system, the Citizen Feedback Model, that would enable people to report corrupt transactions. The authorities created a platform to send a text to citizens who had dealings with local government offices, asking them about the quality of the service they had received, and, most pressingly, whether they had been asked to pay a bribe.

Over 2.1 million text messages have been dispatched since 2010 and over 8,000 cases of corruption have been reported. From that, officers can create so-called heat maps, illustrating where bribes tend to be demanded and how much has generally been paid.

The information isn't there solely to enable law enforcement to arrest corrupt public servants; the aims are more subtle. On the one hand, public servants who are suspected of feathering their own nests can be tested out by so-called "mystery customers". Corrupt officials can then be caught in the act. On the other hand, the very knowledge that the text message service exists is hopefully enough to channel the minds of some potential bribers. The system therefore has both carrots and sticks in it, as well as a degree of subtlety.

The Pakistan system clearly can't simply be transposed on to the whole of China. It does, however, have the advantage of empowering citizens to take action. It also doesn't go against the ethos of the current anti-corruption drive.

Riaz Haq said...

SAN FRANCISCO — For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — most of them publicly traded health care or pharmaceutical companies — apparently in pursuit of information significant enough to affect global financial markets.

The group’s activities, detailed in a report released Monday morning by FireEye, a Silicon Valley security company, shed light on a new breed of criminals intent on using their hacking skills to gain a market edge in the pharmaceutical industry, where news of clinical trials, regulatory decisions or safety or legal issues can significantly affect a company’s stock price.

Starting in mid-2013, FireEye began responding to the group’s intrusions at publicly traded companies — two-thirds of them, it said, in the health care and pharmaceutical sector — as well as advisory firms, such as investment banking offices or companies that provide legal or compliance services.

Continue reading the main story
RELATED COVERAGE

The headquarters of JPMorgan Chase in New York.Hackers’ Attack Cracked 10 Companies in Major AssaultOCT. 3, 2014
Hackers targeted the phone system at Bob Foreman’s architecture firm in Georgia, making $166,000 in calls in a weekend.Phone Hackers Dial and Redial to Steal BillionsOCT. 19, 2014
The attackers, whom FireEye named “Fin4” because they are one of several groups that hack for financial gain, appear to be native English speakers, based in North America or Western Europe, who are well versed in the Wall Street vernacular. Their email lures are precisely tailored toward each victim, written in flawless English and carefully worded to sound as if they were sent by someone with an extensive background in investment banking and with knowledge of the terms those in the industry employ.

---------
FireEye said it had notified the victims, as well as the Federal Bureau of Investigation, but did not know whether other organizations like the Securities and Exchange Commission were investigating.

Representatives of the F.B.I. and S.E.C. declined to comment on the case.

FireEye has aggressively marketed its security research and breach detection products since it went public last year.

Its Fin4 research was published the day after David G. Dewalt, FireEye’s chief executive, appeared in a “60 Minutes” report, lamenting the fact that companies do not detect their breaches sooner.

The company’s stock price — which surged to $100 a share last March — has since dropped to $30 a share in part because of a report that indicated one of FireEye’s intrusion detection products did not perform as well as others in a lab test.

On Monday, the same day FireEye released its Fin4 report, lawyers filed a class-action suit in the United States District Court for the Northern District of California on behalf of FireEye shareholders.


http://www.nytimes.com/2014/12/02/technology/hackers-target-biotech-companies.html?_r=0

Riaz Haq said...

From CBS 60 Minutes on Fire-eye:

Target declined our request for an on-camera interview, but the breach of its security a year ago is a case study in how hackers operate. It started when criminals stole the username and password from one of Target's vendors -- a Pennsylvania heating and air conditioning company. The credentials got them into Target's network without attracting attention. Once inside they easily spread to thousands of checkout terminals in nearly every store. The hackers then installed malicious software, or malware, to record card swipes.
Dave DeWalt: The company invested a lot of money in security. It wasn't like they weren't trying to stop the bad guys. It's just the bad guys were really good, number one. Number two, they're very persistent.
A security system Target recently bought from Dave DeWalt's company, did detect the intrusion, and triggered alarms. But Target's older security systems were still in place, generating millions of alerts similar to these. Most were for minor technical glitches and the warnings from FireEye were lost in the noise.
Bill Whitaker: So alarms were going off?
Dave DeWalt: Alarms were going off. And when you get millions of alerts a day and there's one or two alerts that are the ones blinking red, "There's a problem. There's a problem." You can miss it and it's very hard to find the needle in the haystack. So Target's problem ultimately became, "I couldn't find the needle. I couldn't see the one alert that was bright red."
Last December 18, a week before Christmas, a cybersecurity blogger named Brian Krebs first reported the story publicly.
Brian Krebs: The breach lasted for a little more than three weeks. But they actually managed to hit Target at the busiest time of year for them.

http://www.cbsnews.com/news/swiping-your-credit-card-and-hacking-and-cybercrime/

Riaz Haq said...

The Syrian conflict has been marked by a very active, if only sporadically visible, cyberbattle that has engulfed all sides, one that is less dramatic than the barrel bombs, snipers and chemical weapons — but perhaps just as effective. The United States had deeply penetrated the web and phone systems in Syria a year before the Arab Spring uprisings spread throughout the country. And once it began, Mr. Assad’s digital warriors have been out in force, looking for any advantage that could keep him in power.

In this case, the fighter had fallen for the oldest scam on the Internet, one that helped Mr. Assad’s allies. The chat is drawn from a new study by the intelligence-gathering division of FireEye, a computer security firm, which has delved into the hidden corners of the Syrian conflict — one in which even a low-tech fighting force has figured out a way to use cyberespionage to its advantage. FireEye researchers found a collection of chats and documents while researching malware hidden in PDF documents, which are commonly used to share letters, books or other images. That quickly took them to the servers where the stolen data was stored.

Like the hackers who the United States says were working for North Korea when they attacked Sony Pictures in November, the assailants aiding Mr. Assad’s forces in this case took steps to hide their true identities.

The report says the pro-Assad hackers stole large caches of critical documents revealing the Syrian opposition’s strategy, tactical battle plans, supply requirements and data about the forces themselves — which could be used to track them down. But it is not evident how or whether this battlefield information was used.

“You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets,” said one senior American intelligence official who spoke on the condition of anonymity to discuss espionage matters. “And it’s clear Assad’s forces have the capability to drain all that out.”

http://www.nytimes.com/2015/02/02/world/middleeast/hackers-use-old-web-lure-to-aid-assad.html?_r=0

https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf

Riaz Haq said...

New Delhi: A Pakistani cyber security firm, which has worked with the authorities in that country, has been found stealing information from the Indian government and defence establishments, a report by a US-based security firm FireEye (founded by Pakistani-American Ashar Aziz) said today.


The Pakistani cyber firm accessed computers of bureaucrats through malware and targeted Indian establishments using leased US hosting services, FireEye said.

"An Islamabad-based IT security firm called Tranchulas, which claims to have helped prepare the Pakistani government for cyber warfare, bombarded officials in Indian government organizations with emails containing malicious software, or malware," it said.

The report reveals that India remains a vulnerable target for cyber-attacks even after documents leaked by whistleblower Edward Snowden exposed widespread spying by US National Security Agency.

The firm used terms like 'Sarabjit Singh', 'Devyani Khoragade' and 'Salary hikes for government employees' in the subject line to lure officials into opening attachments containing the malware.

The malware, identified by FireEye, has been active since early 2013 with the name of a Tranchulas employee, Umair Aziz, in its code.


FireEye said that since "July 2013, different variants of the malware with modified names have surfaced. It is indicated that it was common for cyber attackers to use servers located in a different country to avoid detection".

http://zeenews.india.com/news/sci-tech/pakistani-cybersecurity-firm-stealing-indian-data-fireeye_1560512.html

Riaz Haq said...

#Pakistani-#American Asher Aziz's cybersecurity firm #FireEye probing #Bangladesh bank heist of $100m. http://reut.rs/1U6vS3z via @Reuters

Investigators suspect unknown hackers managed to install malware in the Bangladesh central bank's computer systems and watched, probably for weeks, how to go about withdrawing money from its U.S. account, two bank officials briefed on the matter said on Friday.

More than a month after hackers breached Bangladesh Bank's systems and attempted to steal nearly $1 billion from its account at the Federal Reserve Bank of New York, cyber security experts are trying to find out how the hackers got in.

FireEye Inc's Mandiant forensics division is helping investigate the cyber heist, which netted hackers more than $80 million before it was uncovered.

Investigators now suspect that malware that allowed hackers to learn how to withdraw the money could have been installed several weeks before the incident, which took place between Feb. 4 and Feb. 5, the officials said.

Investigators suspect the attack was sophisticated, describing the use of a "zero day" and referring to an "advanced persistent threat", the officials said.

A zero day is a vulnerability in software that has yet to be identified or patched. Hackers leverage this hole to plant malware on the target computer.

Advanced persistent threat is a long-term attack on a system, where hackers remain inside the target, for months, and sometimes even years.

So far investigators have not found any proof of involvement of the central bank staff in Bangladesh, one of the officials said, but added that the probe was continuing.

Unraveling the mystery behind one of the largest cyber heists in history is crucial for security in a connected world. Understanding how it happened could help banks shore up security of their computer systems and payment networks that form the backbone of global commerce.

Security experts say the perpetrators had deep knowledge of the Bangladeshi institution's internal workings, likely gained by spying on bank workers.

Bangladesh Bank officials have said hackers appeared to have stolen their credentials for the SWIFT messaging system, which banks around the world use for secure financial communication.

The Fed, which provides banking services to some 250 central banks and other institutions, has said its systems were not compromised.

The Bangladesh central bank had billions of dollars in its current account, which it used for international settlements, officials have said.

The money stolen from the Bangladesh central bank made its way to the other side of the world.

Some $80 million are believed to have ended in the Philippines, and further diverted to casinos and then to Hong Kong, according to bank officials.

One $20 million transaction was directed to a non-profit organization in Sri Lanka.

But the unusually large transaction for the island nation and a misspelling of the NGO's name raised red flags that helped bring the robbery to light. The transaction was blocked as was another huge payment instruction that was for between $850 million and $870 million.