Tuesday, July 15, 2014

Pakistani Brothers Spawned Multi-Billion Dollar Security Software Industry

The year was 1986. Most personal computers used floppy disks to boot and to move files from one computer to another. Floppy disk was also the medium used by Amjad and Basit Alvi, two Pakistani brothers living in Lahore, to create and spread history's first known PC virus called "The Brain".  Here's how Mikko Hypponen, a software security expert, described it last year at DEF CON, world's largest hackers convention held in Las Vegas:

Creators of First PC Virus: Amjad Farooq and Basit Farooq Alvi

"It's surprisingly advanced, and it has surprising features, including a capability of hiding itself. So when your PC is infected by Brain, and you go and look at your floppies, you will not see Brain on the floppies. It's watching you watching it, and if you try to look at the copy of Brain, it fools you and gives you a clean image of a floppy instead. And we would call this a stealth virus, at the time....
These guys weren't evil at all. They weren't evil even then, 25 years ago, when they wrote the first PC virus. Their intention was never to cause harm to anybody, and they didn't, of course, realize that they made history when they wrote the first PC virus. But Brain was the only virus they ever wrote and they never meant to destroy any data or cause any harm for anyone".  

The Brain, also known as The Pakistani Brain, is the virus that challenged John McAfee to develop anti-virus software. Later, John McAfee launched his company that was acquired in 2010 by Intel for $7.7 billion.  McAfee is just one of several security software companies inspired by the Pakistani Brain virus. Gartner estimates that the security software industry revenue was about $20 billion in 2013.

Cloud security is the latest incarnation of the security software industry. Companies like Fire-eye founded by Pakistani-American Ashar Aziz are leading  cloud security revolution in Silicon Valley.

Here are some of the reasons for the success of Fire-eye as described by Business Insider:

1. The company's flagship product solves a really hard computer security problem. It is able to stop hack attacks that were previously almost impossible to stop.

2. FireEye bought another security firm, Mandiant, for $1 billion. Mandiant was famous for uncovering links between Chinese hackers and attacks on U.S. companies.

3. With Mandiant, FireEye launched a cloud computing security service that competes with SourceFire. SourceFire is the company Cisco bought last summer for $2.7 billion.

4. The company beat expectations on its fourth quarter with revenue of $57.3 million, a beat by $1.26 million, and EPS of $-0.35, a beat by $0.03.

5. Some Wall Street analysts have been really gung ho on the company. Wells Fargo started tracking it a month ago, saying it was "a once in a decade opportunity to invest in a truly disruptive technology."

The world has dramatically changed since the 1990s when Wintel ruled the roost. PC is no longer the dominant device. Smartphones and tablets have brought the era of mobile cloud computing where neither Intel nor Microsoft enjoy leadership position. Even developing countries like Pakistan are deploying cloud computing applications. A Google sponsored survey in Pakistan found that mobile computing is expected to overtake desktop computing this year. Several new and more innovative and powerful players have emerged to in this market.

As more and more enterprises embrace cloud-based computing, cloud security is becoming a hot area for many entrepreneurs. This shift means over $2 billion annual market for cloud security vendors like Fireeye and Elastica. Researchers at Gartner forecast the highest growth to occur in cloud-based tokenisation and encryption, security information and event management (SIEM), vulnerability assessment and web application firewalls.

Recently, a Silicon Valley cloud security start-up Ealstica was launched by Rehan Jalil, a Pakistani-American alumnus of NED University of Engineering, Karachi, Pakistan. Elastica received $6.3 million funding from Mayfield Ventures, a premier Silicon Valley Venture Capital firm.

Several analysts have recently upgraded Fireeye to buy with the target price above $100.

Related Links:

Haq's Musings

Pakistani-American Ashar Aziz's Fireeye Goes Public

Are there Good Hackers? 

Pakistani-Americans Enabling 2nd Machine Revolution

Pakistani-American Shahid Khan Richest South Asian in America

Two Pakistani-American Silicon Valley Techs Among Top 5 VC Deals

Pakistani-American's Game-Changing Vision 

Minorities Are Majority in Silicon Valley 

US Promoting Venture Capital & Private Equity in Pakistan

Pakistani-American Population Growth Second Fastest Among Asian-Americans

Edible Arrangements: Pakistani-American's Success Story

Pakistani-American Elected Mayor

Upwardly Mobile Pakistan


Ali said...

not surprisingly, almost all of the talent is out of Pakistan, serving other countries

Riaz Haq said...

Ali: "not surprisingly, almost all of the talent is out of Pakistan, serving other countries"

Both Amjad and Basit still live in Lahore still at the same address that they put in The Brain virus.

CanadianBoy said...

'Failed State' Pakistan outlook stable, Moody Investor Service.


Despite, a weak track record with previous programmes,'Failed State' Pakistan is making steady progress in meeting reform benchmarks under the current, 36-month $6.8bn Extended Fund Facility with the IMF, which it signed in September 2013, said the report.

So far,'Failed State' Pakistan has cleared THREE programme REVIEWS, most recently at the end of June.'Failed State' Pakistan's government has met 10 of 17 structural benchmarks.

Khalid K. said...

Riaz Bhai:
I don't know what to make of it the Alvi Brothers " Badnaam huay hain tu kia naam na Hoga " . Where they are these days Did they make any money out of it.

Riaz Haq said...

Khalid: "I don't know what to make of it the Alvi Brothers " Badnaam huay hain tu kia naam na Hoga " . Where they are these days Did they make any money out of it."

These brothers still live in Lahore, the same place where they created the "Brain" virus. Amjad and Basit are not evil or "badnam". As Mikko Hypponen puts it:

"These guys weren't evil at all. They weren't evil even then, 25 years ago, when they wrote the first PC virus. Their intention was never to cause harm to anybody, and they didn't, of course, realize that they made history when they wrote the first PC virus. But Brain was the only virus they ever wrote and they never meant to destroy any data or cause any harm for anyone".

I don't think the Alvi brothers were able to capitalize on it like British-American John McAfee did. They could have if they lived in the United States and got themselves funded to create anti-virus software and build a company like McAfee.

That's one of the key differences between equally talented people living in America and elsewhere.

Suhail H. said...

It is ironical (rather iconical) that this comes from persons belonging to the nation having the most perverted collective psyche. The Pakistanis who invented the virus had no intention of benefiting from the effort but just did it because of a natural flair to wrong the normal processes. The extreme state of denial in which we find Pakistanis now is symbolized in this "invention". Glorifying this invention is another characteristic which only Pakistanis will do, and are aggressively doing since it has been recently publicized again.

Riaz Haq said...

Suhail: "The Pakistanis who invented the virus had no intention of benefiting from the effort but just did it because of a natural flair to wrong the normal processes....."

I think Amjad and Basit Alvi brothers did a great service to PC users by creating and spreading a harmless virus to alert them of the dangers that soon became reality with malicious worms proliferating, particularly after PC connectivity became more pervasive in the 1990s.

The brothers also intended to build a business as obvious from the text they embedded in the Brain virus: It said:

"Welcome to the Dungeon, 1986, Brain and Amjad. 730 Nizam Block Allama Iqbal Town, Lahore. Beware of this virus. Contact us for vaccination"

The brothers did develop anti-virus software which they called "vaccination".

Unfortunately, they didn't understand how to turn their talent into a big business which John McAfee did.

Even though McAfee was also a foreigner, the advantage he had was that he was in Silicon Valley where new business models such as shareware and freeware were being tested by entrepreneurs.

McAfee started offering his anti-virus as freeware or shareware and it took off. Then he converted all of his users into paying customers and the rest is history.

This is somewhat similar to the Google story. Google founders Brin and Page developed a powerful search technology but they didn't quite know how to monetize it until they met Omid Kordestani, an Iranian Kurd who has an electrical engineering undergrad degree from SJ State and an MBA degree from Stanford Business School.

Omid came up with the idea of charging for clicks for targeted text ads that came up every time a user used a keyword in their searches. Google did search terms auction which varied daily, even hourly, depending on how many people were searching for it.

I experienced this myself when I bought "Pakistan" as keyword on Google Advwords for 5c a click and then all of a sudden the minimum bid for "Pakistan" went to $1 per click the day Benazir Bhutto was murdered and the search volume for "Pakistan" skyrocketed.

Technical talent alone is not enough for entrepreneurial success. It takes an ecosystem like Silicon Valley's for tech entrepreneurs to succeed.

CanadianBoy said...

@ Suhail H: its interesting you say that since most famous people in history do ' wrong the normal processes' as you say,from Jesus to Galileo to Napoleon to Ganges Khan. That is why average Joes like you don't because part of history because you keep following the 'normal processes'.

Shams said...

By your logic, the terrorists are also heroes because their terroristic activities led to a $50 billion anti-terror security systems' industry.

Riaz Haq said...

Shams: "By your logic, the terrorists are also heroes because their terroristic activities led to a $50 billion anti-terror security systems' industry"

Your comparison of Alvi brothers with terrorists is completely off the mark.

Terrorists commit mass murder. Alvi brothers did no such thing. In fact, they deliberately designed the Pakistan Brain virus to not harm data and apps on computers nor did they exploit people's info as is commonly done today by major high-tech giants.

Riaz Haq said...

Here's an excerpt of New York Times story on how Kordestani helped developed the innovative Google business model that led to their business success:

Larry Page and Sergey Brin were exceedingly ambitious from the day they started Google, but the job of finding some source of revenue fell to Omid Kordestani, an amiable former Netscape sales executive who was brought to the company in 1999 by K. Ram Shriram, another Netscape alumnus and an early Google investor. Mr. Kordestani explored a range of ideas, including charging users for searches as well as selling Google's technology to corporations or to other Web sites - notably Yahoo - that were less shy about selling ads.

Eventually, in 2000, Google started to sell ads on its own site, but they were only a few lines of text placed above the search results. There were no graphics and no banners. At first, these ads - and later, a second form of text advertisement that ran down the right side of the page - were sold at fixed prices. But such an approach would not last long.

In early 2002, a Google employee, Salar Kamangar, now 28, convinced Mr. Schmidt and the founders to switch to an auction-based system like the one set up by Bill Gross, the head of IdeaLab. Mr. Gross had created Goto.com, a search engine made up entirely of ads, where advertisers paid only if their ad was clicked on, and the advertiser who bid the most per click was listed first. (Goto was later renamed Overture Services and then bought by Yahoo, an early Google backer that has become its fiercest rival.)

Mr. Kamangar, though, had an important improvement on the model. Rather than giving priority to the advertisers that bid the most per click, as Goto did, he realized that it was better to save the front of the line for ads that brought in the most money - a combination of the bid and the number of clicks on the ad. This was not only more profitable, but it also linked readers to ads that were more relevant to them. He also figured out that the system should use what is called a Vickrey auction - that is, to charge the winner only one cent more than the second-highest bidder. That gives advertisers an incentive to bid high, knowing that they will not be penalized if they are far higher than the rest of the market.

Mr. Page and Mr. Brin were suspicious of any system that put high-bidding advertisers at the top, Mr. Kamangar said. "They thought if someone was willing to pay more it was a negative," he recalled. But he was able to convince them that the site could be improved by incorporating how often users clicked on an ad.

Mr. Schmidt, who was still new as chief executive, was worried more that moving to an entirely auction-based system - amid a recession in online advertising - could be financially disastrous. "I said to Salar, 'Promise me the revenue won't go down,' " Mr. Schmidt said. "I was afraid people would realize these ads were worthless." In fact, revenue quickly increased tenfold.

As Google's audience took off, advertisers came running - many thousands of smaller ones at first, but soon large companies as well. Among Google's largest advertisers is eBay, which has long bought keywords for nearly every sort of merchandise it sells.

"The smartest thing that Google did was getting smaller advertisers to buy in," said Ellen Siminoff, the chief executive of Efficient Frontier, an agency that helps advertisers manage their campaigns on search engines. She estimates that Google has two to three times as many advertisers as Yahoo does, largely because Yahoo has a 10-cent minimum bid. This lets Google earn money on more obscure search terms for which rivals have no ads....


Riaz Haq said...

#Pakistan Security Firms Ransomware. Intelligence Start-Up i-Sight Goes Behind Enemy Lines to Get Ahead of Hackers http://nyti.ms/1KkAiOI

On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialed into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.

As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark web.”

A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.

The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.

Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.

For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.

ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates. Mr. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.

Riaz Haq said...

Pakistani-American and fellow NEDian Rehan Jalil sells Silicon Valley company he cofounded for $280 million

Enterprise security vendorBlue Coat Systems acquiredElastica on Monday for $280 million, allowing the company to offer a more nuanced portfolio to its global customers.
With Elastica’s Cloud Access Security Broker (CASB) and cloud application security solutions integrated into its feature set, Blue Coat said it can create the industry’s first “global security platform” to protect users no matter where their data resides, whether on-premise, in the cloud or as a hybrid solution. By expanding its portfolio to include more cloud-centric security solutions, Blue Coat said it can also help customers navigate the increasingly complex IT landscape, especially for born-in-the-cloud companies.

“Given the rapid acceleration of cloud adoption, our holistic data science-powered approach to cloud access security will enhance Blue Coat’s globally deployed security platform, empowering its customers to confidently and securely take advantage of the speed and agility that cloud applications offer,” said Rehan Jalil, CEO and founder of Elastica. “Together we are delivering the industry’s strongest set of enterprise cloud security capabilities.”
Blue Coat’s purchase of Elastica is the company’s second major purchase this year as the security vendor looks to establish dominance in the CASB market. In August, Blue Coat purchased Perspecys, a California-based enterprise cloud data protection solution provider under the auspices of bolstering its security and hybrid cloud portfolio.
The company also unveiled the Alliance Ecosystem of Endpoint Detection and Responseto create a network for sharing security threat information.