One of the largest cyber threat intelligence companies, Norse Corp went offline over the weekend.
Shut down came in the aftermath of the board of directors meeting, who asked CEO Sam Glines to step down. The company was unavailable for comment and many emails sent remained unanswered. The employees were told they are free to come to work, but nobody could guarantee that they would be paid in the following weeks.
Norse attack map, one of the most popular tools for threat monitoring, suffered the same fate as the company’s main site. It went dark by Sunday evening.
Norse Corp was the tool of choice for the majority of the media reporting on cyber-attacks. However, their reports, especially the one they did on Iran, were routinely met with heavy criticism from other security experts, claiming that both the data and the methodology they used were flawed.
The company started the year with a round of layoffs and some journalist claim that it was to be expected. Investigative journalist Brian Krebs, who broke the story, had this to say: “A careful review of previous ventures launched by the company’s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles.”
The scalding criticism was reinforced with a statement from Norse Corp’s senior data scientist Mary Landesman, claiming that the data the company gathers is far from being spectacular and that it is “pretty much the same thing as if you looked at Web server logs that had automated crawlers and scanning tools hitting it constantly. But if you know how to look at it and bring in a bunch of third-party data and tools, the data is not without its merits, if not just based on the sheer size of it.”
The only Norse Corp employ who spoke publicly in the defense of the company is Jason Belich, former Chief Architect, claiming that Landesman wasn’t a credible source. Interestingly, Belich was let go in the aforementioned layoffs. He also said that Landesman’s comments were invalid because as a “remote employee, who never appeared in the office more than a handful of times, she never had any sort of pulse on the production teams nor the day-to-day operation of the company, nor anything other than the sales efforts.”
Belich does have some criticism for Norse Corp: “What is genuinely frustrating about this story, is there is literally nothing in it about the actual problems and failures which led to Norse’s current situation: /Why/ is Tommy Stiansen such a secretive bastard? Why has Norse garnered so much hate? How did such a toxic corporate culture develop that caused so many former employees to want to speak out? What were the blunders which caused a finance under-run?”
The situation at Norse Corp remain unknown and details regarding the future of the company, as well as the status of its employees, are still fuzzy at best.
In the meantime, Sam Glines, co-founder of Norse Corp, released the following statement, which is reproduced below without any editing.
“I’m writing this statement as the co-founder of Norse, not as an employee as I am no longer with the company, as reported.
“This past Saturday, an article written by Brian Krebs appeared on his blog krebsonsecurity.com. In this piece, the writer conducted an ‘investigation’ into what happened at Norse as a result of layoffs that took place in January. In this investigation, the writer brought forward information, from over 15 years prior, to the point where a former employee described Norse as a ‘scam’.
“It is true that Norse was forced to let go of many talented people in January. There were mistakes made by myself that led to these layoffs. Norse was in the latter half of 2015 running at an aggressive monthly burn to put out groundbreaking product and capabilities. Unfortunately, we were building ahead of very near-term revenue.
“This, coupled with lesser than expected sales in 2H 2015, and the delay in our planned Series B financing led to the perfect financial storm that drove the need to cut back our workforce. And I take full responsibility for these mistakes.
“There were inaccuracies in the article. I was never an owner of a shell company, and wouldn’t know the first thing about setting one up. Second, I was not a founder of any of the companies mentioned, aside from Norse. I was an employee of Nexicon for about 18 months. The history presented in the article with respect to Cyco/Nexicon is wrong, yet it is lauded as “investigative journalism.”
“Unfortunately, none of that information was ever run by any company representative or knowledgeable source for review or verification. If it had been, we would have gladly provided those corrections. All the company ever heard in advance from this blogger (and a few other reporters at the time) was that they wanted to speak with Norse about the January layoffs, and subsequent rumors being spread by sources who wouldn’t be named; another wanted to explore why previous employees had been let go. Norse was open about the fact that the company would not be able to comment on employee issues (even if it wanted to) for privacy reasons.
“I do want to address the implication that the company was somehow conducting less than above-board operations. The word ‘scam’ was used as a direct quote from that same former mid-level employee, who was extremely angry after she was let go. The assumption by readers, who trust this blogger, is that if it’s printed, it must be true.
That did incredible damage to Norse and every person or entity affiliated with it, not to mention that this terminology is an insult to every employee, former employee, investor, and customer of Norse.
“Norse counts customers who purchased a product and renewed their annual services because of the incredible value delivered. The company has major enterprises, governments, and multiple defense intelligence agencies as clients. And these clients invest significant financial resources to extract the incredible value that the company’s technology and people bring to bear. Institutional investors conducted deep due diligence on the technology before deciding to invest.
“I think constantly about the sacrifices and the effort put forth by all current and former employees who tirelessly and without complaint worked incredibly long, hard hours to put out trailblazing product, market and sell, and provide customer support in the fledgling field of cyber threat intelligence, a market that is still, in my view, relatively immature.
“I think about our investors who believed in what we were doing and where we were going, and we were exposing significant cyber threats that could not be found elsewhere. Finally, I think about Norse customers, who worked closely with our teams to develop the capabilities that were difference-makers for their teams of intelligence analysts.
“Ultimately, I was not able to push the company far enough around the corner to realize the success that I consistently believed was within our grasp. It was incredibly difficult for me to have had to let go of employees in January. That is never easy and I take personal responsibility as CEO for that decision and all that led up to it. It was one of the most difficult days of my career.
“Prior to this article, however, significant deals were being closed and other strategic discussions underway. But as soon as this article/blog was posted, everything quickly began to fall apart. Deals were terminated or paused. And all this based on what everyone was reading in black and white from one of the most trusted names in security/tech reporting.
“A lot of people have been hurt. And, in addition to demonstrating how today’s media can be manipulated by persons to suit their purposes or personal vendettas and how facts can be misrepresented to lead an entire industry astray; the events of this week also show how much power a disgruntled employee can wield on an employer.
“This isn’t a case of white-collar crime or fraud or anything illegal; this all comes down to someone who was let go, became angry about it, then set about doing some poor ‘investigating’ and piecing together in a way that works for them, and then getting others to join their crusade.
“This blogger enabled her to be quoted as calling the company a ‘scam’ very publicly. People latch on to things like that, assume they are true, and run with it. Employees aren’t bound by the same restraints, privacy concerns, and legalities that corporations are, so in cases like this there’s little a small or mid-sized company can do to defend itself.”