Subscribe

Archive | Technology

Investigating Internet Crimes

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

investigating_internet_crimesThis year I served as technical editor for this excellent book by Todd Shipley and Art Bowker. Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.

  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

Blackhatonomics: An Inside Look at the Economics of Cybercrime

blackhatonomicsBlackhatonomics: An Inside Look at the Economics of Cybercrime explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware.

The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies towards cyber-warfare.

Written by an exceptional author team of Will Gragido, Daniel J Molina, John Pirc and Nick Selby,  Blackhatonomics takes practical academic principles and backs them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal.

The Russian Software Pirates

Every day here and in dozens of other Russian cities, pirate dealers sell copies of the world’s most popular software titles at $5 per CD-ROM.

Despite fears about the economy, small and medium-sized businesses are flourishing in this elegant northwestern Russian city – and pirated software is installed on almost all of their computers.

Nearly all high-end computer games, Encyclopaedia Britannicas and other educational and reference CDs are distributed through illegal sources.Bootlegged software use is certainly not limited to Russia. Industry analysts say that 27 percent of the software running on American computers is pirated.

And the Business Software Alliance, which monitors business software piracy, says 43 percent of PC business applications installed in Western Europe are illegal copies.

In Russia, however, the piracy rates are a stunning 91 percent for business applications and 93 percent for entertainment software, according to Eric Schwartz, counsel to the International Intellectual Property Association, a Washington, D.C.-based organization that lobbies internationally on behalf of the copyright industry.

Schwartz said that piracy in Russia costs American entertainment software manufacturers $223 million a year and business software makers almost $300 million. The Business Software Alliance estimates worldwide revenue losses to the software industry from piracy at $11.4 billion.

Under the 1992 agreement with the United States that guaranteed Most Favored Nation trading status, Russia is required to effectively enforce anti-piracy laws, but actual enforcement is virtually nonexistent.

Meeting the Dealers
The dealers, who operate in stalls and kiosks around major transportation hubs or in full-scale markets usually 15 minutes from the city center, offer an enormous range of titles, usually bundled in a form their manufacturers would never dream of.

“That’s Windows 98, Front Page 98, Outlook 98, MS Office 97 SR1 and, uh, yeah, Adobe 5.0,” said Pyotr R., a student at St. Petersburg Technical University, of a single CD-ROM. “On the disk there are files, like ‘crack’or ‘serial’ or something, and that’s where you’ll find the CD keys,” he said, referring to the codes that unlock CD-ROMs and allow users to install the programs.

Pyotr (who spoke, as did all others interviewed for this article, on condition of anonymity) sold that disk, plus a second one containing Lotus Organizer 97, several anti-virus programs and some DOS utilities, for 60 rubles or about $10.

Another dealer was offering Windows NT 4.0 for $5, and Back Office for $10. According to Microsoft, the recommended retail prices for these products are $1,609 and $5,599.

Many Russians, who during the days of the Soviet Union bought most necessities through black market sources, think nothing of buying their software this way. They even defend the markets as providing a commodity that had been long-denied them.

After the collapse of the Soviet Union, inexpensive computers began to flood into the country from Taiwan, Germany and the United States, increasing the importance of these illegal software markets. Spending at least $800 on a computer was an enormous investment for Russians, even relatively well-paid St Petersburgians who earn an average salary of around $350 a month. Those who did buy one were in no position to consider purchasing software legitimately, even if it were readily available, which it often wasn’t.

These days, though, legitimate outlets for hardware and software are popping up everywhere in Russia; computer magazines offer licensed versions of everything available in the United States and Western Europe, and software makers advertise in the city’s well-established English-language media.

The markets continue to thrive with an alarming degree of perceived legitimacy. Outside the Sennaya Square metro station in St. Petersburg, a police officer approached a pirate dealer (who offered, among other things, Adobe Font Folio and QuarkXPress) and angrily chastised him for not prominently displaying his license to operate the stall. When the dealer complied, the policeman moved on.

Customers feel secure that the pirated copies will work and that belief appears well-founded. Bootlegged titles come with a written guarantee – good for 15 days from the date of purchase – that they’re virus-free and fully functional.

And files on the CDs themselves boast of high-quality, code-cracking techniques: “When so many groups bring you non-working fakes, X-FORCE always gets you the Best of the Best. ACCEPT NO IMITATION!” boasts one.

“There’s a lot of viruses around in Russia,” said Dima V., a system administrator who runs several small company networks in St. Petersburg using bootlegged copies of Windows NT 4.0, “but most of the disks you buy in the markets are clean. The guys are there every day and if they give you a virus you’ll come back – it’s just easier to sell you the real thing.”

Foreigners get in on the action
Russians are not by any means the only people installing the pirated programs. While employees of multinational companies or representatives of American companies would never dream of risking their job by violating copyright laws, self-employed Westerners, or ones who have established small Russian companies have no qualms about doing so.

They also pose a question software manufacturers find difficult to answer: Who would buy a network operating system package for $5,000 when it’s available for $5?

“Nobody,” said Todd M., an American business owner in St. Petersburg, whose 24-PC network runs a host of Microsoft applications that were all bootlegged.

“There’s just no financial incentive for me to pay the kind of prices that legitimate software costs,” he said. “I mean, it would be nice to get customer service right from the source, but we have really excellent computer technicians and programmers in Russia and they can fix all the little problems that we have.”

Customer support and upgrades are just what the manufacturers point to as advantages of licensed software, even in markets like Russia.

“There are enormous incentives,” said Microsoft’s Mark Thomas, “to buying legitimate software, and they start with excellent customer support and service and upgrades. We spend $3 billion a year on research and development and the money that we make goes right back into making products better and better products. The pirates don’t make any investment in the industry.”

And local industry, Thomas pointed out, suffers disproportionately in the face of piracy.

“A huge amount of our resources are put into making sure local industry builds on our platform,” he said. “When a local company creates packages for, say, accounting firms, and somebody can come along and buy it for $5, these local companies can lose their shirts.”

Piracy getting worse
Despite heavy lobbying by industry representatives and government agencies, piracy has worsened. As CD copying technology becomes cheaper, large factories in Russia and other countries, including Bulgaria, churn out copies of software copied by increasingly sophisticated groups in countries around the world, especially in Asia.

Encyclopaedia Britannica wrote off Malaysia as a market effectively destroyed by pirates, who sold 98 out of every 100 copies of its flagship Encyclopaedia three-CD set for a fraction of its recommended retail price of $125. The same disks, which have not officially even been offered for sale in Russia, are readily available in the St. Petersburg markets for $10.

“For Encyclopaedia Britannica, the cost of piracy is millions a year,” said James Strachan, EB’s international product manager. “One hundred percent of the value of our product is an investment in the authority and depth of our content,” he said. “Piracy causes us extreme concern and we do everything we can to root it out and prosecute.”

Todd M., the businessman with the 24-PC network, offers little hope that the situation will soon change in favor of manufacturers.

“With all the problems I have running my business here in Russia, from armed tax police to Byzantine procedures and customs duties, software piracy just doesn’t register with me,” he said.

“It’s the one thing about doing business here that’s somebody else’s problem.”

FUD is the Bastion of the Weak and the Shameless

Or, A FUD-Flapping Flack and her SCADA-Fear! Mongering

Were I less gracious, I would list the name and PR agency and customer. Sadly, I am gracious. I hate that I am gracious, especially since several people I know received this same papff from this flack. But seriously. This kind of stuff just has to stop. Next time? I swear, I’m naming names.

An open response to two recent emails from incompetent publicists:

On 10/02/2012 16:17, Marge wrote:

> Hi Nick,
> I see you are planning on attending RSA in San Francisco and I wanted to see
> if you have some time for a quick briefing during the show.

> The media have recently reported that hacker collective Anonymous posted
> what appears to be login details for Israeli SCADA industrial-control
> systems; including instructions on how to hack into nuclear power plants and
> water facilities.
>
> I wanted to give you the opportunity to meet with a [redacted] executive to
> discuss how critical infrastructures are utilizing SCADA software to control
> and automate machinery. [redacted] is uniquely suited to provide insights
> into how some of the largest oil & gas companies and nuclear facilities
> worldwide are protecting mission critical systems from cyber attacks.
>
> If you would like to speak with a [redacted] executive, please me know and I
> will be happy to set up a time.
>
> Best,
>
> Marge

> [redacted] PR Team

>

Hiya, Marge,

Let me get this straight: you state that a hacker collective posted what purported to be login details for Israeli SCADA systems and therefore I should learn about [redacted]?

Wayta attempt to capitalize on Anonymous, Marge!

Your measured, weasel-like wordsmithing indicates that you understand fully that no such incident actually occurred, and that you are intentionally misleading me, hoping that I read that, “media have recently reported” as proof that this happened.

Which means that you are trying to trick me into visiting your client.

Does your client understand the Fear, Uncertainty and Doubt you are spreading like so much fertilizer? Do they understand that you are baldly exploiting a totally false episode which did not result in the dissemination of any SCADA credentials, so that your client might sell SCADA security equipment?

What, there weren’t enough actual or possible recent SCADA hacking episodes to capture your imagination?

Marge. Bubaleh.

Shame on you.

 

So I sent that back to her, and the next morning I get a reply from her boss:

 

On 13/02/2012 10:52, Betty betty@flack.comwrote:

Hi Nick

It unfortunate that this made it’s way out the door on Friday. We appreciate your candor in pointing out our error.

We are pointing to the fact that this type of cyber terror is possible. It is never our mission to “fear monger” and we reported what was all over the internet in short order. We were not the original source for this story, and it is certainly our mission to make sure we fact check whenever possible, unfortunately, this went out before we had a chance to double check the new updates on this story.

We have noted this, corrected our records and removed your name from our database of bloggers.

Again, please accept our apologies for upsetting your Saturday morning.

Best,

Betty

 

Well, Betty, “it unfortunate” indeed. Your reply acts as if this was a mere fact-checking error, made in the heat of sending out a breaking story – STOP THE PRESSES! – if only you’d had TIME to tear through this with a red pen as you ordinarily do, why none of this would have happened!

The krypt3ia piece ran on 20 January. Marge’s balderdashtardly missive went out 10 Feburary.

Let’s look at Betty’s explanation once more, hey?

…and its certainly our mission to make sure we fact check whenever possible, unfortunately, this went out before we had a chance to double check the new updates on this story.

I’m glad she likes to check facts whenever possible. Even if she can’t keep her “its”es straight.

Marge, yours was the worst kind of fear-mongering. Where understanding actual attacks against SCADA systems is so important, you’re using that fictional example – in which lazy, non-fact-checking journalists re-spewed rubbish and were later humiliated for doing so – as the pretext to try and get me to meet with you?

Lady, I write a security blog and run a company that deals in response to actual security incidents. Our clients are serious people with serious issues to solve, and no time whatsoever for bullshit.

Did you hope I was some kind of uninformed, lazy, press-release-consuming, video-news-release running hack journalist who would just suck that crap down and spew it out on the other side?

Shame on you.

As a matter of fact, starting right now, I am going to do what I can to call you out for exactly what you are: the worst kind of uninformed, unctuous, disingenuous, FUD-spewing, fear-mongering, press-release-writing hack of a flack. You, Marge, are what gives security PR people a terrible name. You are what make customers afraid to listen to vendors, afraid that their consultants are lying to them, afraid that they must triple-check any statement made by someone outside their organization. This causes delays in responding to actual security incidents, which allows attackers more time to do damage, while the attacked spend cycle after cycle trying to understand from which side they’re being screwed worse, the attackers or the consultants and professionals there to help.

There are scores, if not hundreds, of public relations professionals in the world of security products who have the integrity to leverage the actual product to demonstrate how it can stand on its merits; who believe as I do:

FUD is the bastion of the weak and the shameless.

Shame on you.

Type This…I Said, THIS!!

The idea of speaking into my computer and having it correctly type what I say has intrigued me since I saw the Star Trek episode Assignment: Earth, in which Gary Seven dictates to his IBM Selectric typewriter while plotting to sabotage a NASA launch.

The thought that I can now actually say – and have my computer type – the phrase,”the museum is open Monday to Friday from 9 am to 6 pm, Saturday from 9 am to 3 pm, Sunday from noon to 4 pm, closed major holidays,” makes me positively giddy – covering Disney World doesn’t look so daunting anymore.

It was with this light thought that I cheerfully set about installing IBM’s new SimplySpeaking Gold (remember: IBM made the Selectric! No one gets fired for buying IBM!), touted by Big Blue as the software that would change the world. My father was with me, and as I was describing what the software would do (‘yeah, that’s it… I can just talk into it and it will type what I say,’) he was shooting me looks of open dubiousness, if not mild derision.

“YouE’re skeptical,” I said.

“I’m not skeptical,” he said, “I know it won’t work.”

“Why,” I asked, knowingly,”would IBM offer a 30 day money back guarantee on it if it didn’t work?”

“I don’t know” said my father,”But it won’t work.”

Chuckling to myself (what does he know?) I set to installing SimplySpeaking Gold. Following the directions to the letter, I donned the little headset that came with the software. The training session lasted about half an hour, after which I started talking and it started typing.

Unfortunately, those two actions were entirely independent. It was as if had installed Tourette’sSyndrome for Windows95. I said,”Hey, look Dad, I’m talking and this thing is typing,” and it typed, “pay stark land vice talking in myths saying it is typing.” (“typing”, I noticed later, was one word it consistently spelled correctly, along with`SimplySpeaking Gold”) I said,”this system sucks.” It typed,”cheese feet and ducks.” Okay, it wasn’t really that bad – I am exaggerating a little (just a little) – but it was, in fact, terrible.

I returned it the following day. Later I spoke with a software salesman, who told me that almost everyone who bought the IBM software at his shop (one of New York’s largest) brought it back.

“That’s not to say it’s bad,” he was careful to say, “it’s just that a lot of people bring it back.”

Oh.

This salesman went on to tell me that a lot of the people who were disappointed with IBM really liked Dragon NaturallySpeaking, but that that software was much more difficult to learn then IBM’s. Since I thought that learning IBM’s was simply a matter of training myself to speak in the manner of one of those VCR manuals that has been translated from the original Korean via Swahili, I was game for anything.

To be fair, IBM’s ViaVoice is said (well, said by IBM) to be better than SimplySpeaking. But in an article in the San Francisco Chronicle, David Einstein reported something hauntingly similar to my experience:

“…when I said, “This is my first dictation” ViaVoice wrote “This is mild irritation.” I repeated the sentence and it came out, “This is missus sophistication’.

Why, that is much better!

My next test was with Dragon’s NaturallySpeaking. With doubt in my heart, I installed the software and went through its training session. One thing that struck me immediately was that while I was reading through the training session’s text (it gives you a choice of three, I chose Dave Barry’s Adventures in Cyberspace) it was recognizing my voice right out of the box.

But I was truly astounded when, after finishing the session, I was able to write a long letter with very few mistakes: this thing actually works! Don’t believe it? Come over to my house and I’ll show you (two of my neighbours are going out to buy it after one demo).

For example, I’m writing the following five paragraphs by speaking into my computer. It’s an absolutely joyous thing: I’m sitting here with my feet on my desk speaking absolutely normally and watching it type everything I say.

And okay, there are some drawbacks (like the fact that it just wrote “arson” instead of “all are some’, and I had to go back and correct): I sit at my desk wearing this funky headset and looking for all the world like a Time-Life operator ready to take your phone call (E’Good morning, my name is Nick, are you calling about our Sports Illustrated swimsuit issue?’).

But the fact is, I can dictate into this thing at about 100 words per minute after three days of use – and the folks at Dragon say that this will only improve over time.

I have noticed that in the last few days of using this software intensely it has made the same mistakes on a couple of occasions. But it also learns incredibly quickly. I only had to train “Minas Gerais” and “Sao Paulo” once, and never even had to tell it to recognize Rio de Janeiro. Handy, when IE’m working on Brazil (it also recognized, after training, “rodoviãria” and “real’, which are pronounced decidedly not as theyE’re written).

But you’ve got to have patience (it just wrote “patients’), and realize that it will take about a solid week before you begin to get close to 96% recognition.

The mistakes NaturallySpeaking made while I recited the last five paragraphs were “good morning, my name is neck”; “with my field on my desk”; and the aforementioned “arson” and “patientsE’. Still, that’s not so bad. Earlier OCR scanning devices made far more mistakes, and for most of the friends of mine who can’t type to save their lives, a couple of mistakes in each paragraph is a far happier situation than a blank page.

But Naturally Speaking – or its presence – did cause some problems on my machine. After running it and other programs simultaneously, my computer crashed – but it turned out to be a Microsoft problem, and I had to download a small patch to fix it. You’ll also need a relatively good machine: while Dragon says you need at least a Pentium 133 Mhz, 32MB of RAM and 65MB of hard drive space, I’d say that’s conservative.

Another good question is whether you can dictate into a tape recorder on the road – some smarter authors (and now I) use a tape recorder for mapping (“J&R Music World on the south side of Park row 200 metres south of John St”) and it would be a hoot to have the machine transcribe it. Well, short of spending upwards of $250 on a mini disk recorder, you’re out of luck: traditional minicassette and other analog recorders just don’t have the quality to work with NaturallySpeaking.

NaturallySpeaking has several models to choose from, but the recognition engine is the same on all – bells and whistles change as you spend more money. But their basic Point & Speak (US$59 RRP in the US) model allows you to do everything I did here. The Personal edition and Preferred Editions (US$99 and US$149 to US$159) have greater customization abilities, and very expensive Deluxe editions are available as well. SimplySpeaking Gold sells for US$139 in the US.

Apps Spijk Bought

I bought an iPhone on the Verizon network. I’d long held, after using an iPhone on AT&T a couple years back, that I wouldn’t get another iPhone until it was available on Verizon. In the meantime I fell in love with my Droid phone, until I saw FaceTime. My business partner David used it to video-chat with his kids while we were on a business trip. So I bought the iPhone (don’t tell me about the damn Skype video or whatever. FaceTime is better).

Then I bought Spijk an iPod touch so we could FaceTime.

Apps Spijk bought in the first two days of having his new iPod:

  • Veggie Samurai
  • Tiny Wings
  • Fruit Ninja
  • Doodle Jump
  • Froggy Jump
  • Stick Stunt Biker
  • Egg vs. Chicken
  • Fragger
  • Asphalt 5
  • Doodle Jump Christmas Special
  • Food Processing
  • Pocket God
  • Rat On A Scooter XL
  • Urban Ninja
  • Gravity Guy
  • Cave Bowling
  • Cat Physics
  • Monkey Flight
  • Crazy Chicken Deluxe – Grouse Hunting
  • Sherwood Forest Archery
  • Pig Sticker
  • Shoot or Be Shot
  • Uphill Battle
  • Sharpshooter Surprise
  • Saving My Hero
  • Battleheart
  • Volcano Escape
  • Crazy Chicken Quest
  • Burn the Rope
  • Shopping Cart Hero
  • More Crap

More crap?

Cheesy Feet & Ducks Redux

This is the result of feeding an interview into Dragon Naturally Speaking. Not a word or punctuation mark has been omitted or changed – this is the software in all its glory. The input was a good recording from a Sony ICD-SX750.

I’m still working on how it got “Saddam Hussein”.

So that it will work for just 5 pounds him and I have a small company now… I am starting to think that I am not a moment to him and on Rosenhaus and ask you a few questions are standardized so immersed in really stupid of him will not ask you if you have investigation is ongoing and occasional nasty stuff without going out of their way through it on up until the time that he got the shots were interviewed about 2008 that are possible for them have personal and you typically arrive on the scene with his or her homicidal value on called you arrive after the season closed out with and you can ride generally speaking long long time slot on its own would be dealt with promptly salt or if it’s during the shift will probably do okay at first difficult to be okay you didn’t than just the data to arrive on the scene and no I usually also the guys to do so as to have no car computers I have no car or a computer consultant of soul I don’t get it was like I was but a totally plausible to promote something ownership will call okay so far using it to direct your search for physical evidence or to somehow he even if in your mind or order me respect you a graphic WCCO okay if it’s difficult to Pacific side columns are doing something along the lines of what we’ll try and you will have wanted to go so long as R. what exactly will you stop like to use disputed to the showcase on the direct your search for people in the witnesses are… that’s a no no some threat to serve as the operating room when you let one person calls and as you’ll see shops along policy work for you kind of gauge who’s paying attention more believable claim that he was Saddam Hussein a sort of understanding the process by which interacts across as looking at a crime scene has changed the shots I have see change its enhanced and it’s given us while we…

For more transcription fun, see this article I wrote in 1997

SAP profit surges 60% as profile rises in U.S

SAP AG, the German-based business software giant, said Thursday that first-quarter net earnings rose 60 percent from a year earlier, to E298 million ($325 million), but revenue dropped 8 percent to E1.52 billion.

The company makes software that businesses use for accounting, supply-chain management and customer relationship management. Headquartered in Walldorf, Germany, SAP is the largest business application vendor in the United States and has nearly 20,000 corporate customers worldwide.

SAP said it expanded its U.S. market share in the first quarter, without specifying figures, and cut its operating costs substantially without cutting jobs.

But analysts pointed out that certain sources of revenue, such as those for software maintenance and for consulting services, were down, as were earnings overall in Europe.

SAP said that while the number of European sales contracts increased, companies bought less. Because of a weak European economy, it said, revenue in Europe, the Middle East and Africa dipped 4 percent to E854 million.

First-quarter Asia-Pacific revenue increased 7 percent to E198 million.

In the Americas, where SAP has recently reorganized its U.S. sales force and implemented cost-cutting measures, revenue was down 20 percent at E468 million. When measured in constant currency rates, however, there was a 1 percent increase.

Maintenance revenues – fees the company charges to maintain software it has already sold – increased by 1.8 percent to E608 million but fell short of the company’s own forecasts.

Consulting revenue fell 12 percent to E476 million.

Dresdner Kleinwort Wasserstein in Frankfurt downgraded the stock to “hold” from “buy.” But Morgan Stanley said that SAP performed well in view of the global economic situation.

“As a trajectory, those revenues are a bit of a concern,” said Ross MacMillan, vice president at Morgan Stanley. “But the company is doing a phenomenal job of controlling costs. They’ve ratcheted costs down almost E140 million by cutting variable costs and without layoffs.”

The stock closed up E4.85 at E94.10 in Frankfurt.

The results are the last to be reported before Hasso Plattner, an SAP co-founder, steps down as chief executive next month.

Hats Off: An E-Tailer Who’s Doing It Right

When each of your 200,000 customers gets a hand-signed “thank-you” note in every order box, you’d think they’d notice. Sadly, according to Darryl Collins, CEO of Belfast, Ireland-based online video retailer BlackStar.co.uk, “People don’t really realize how good we are until something goes wrong.”

That’s certainly true of this reporter, who called to say that a video had arrived that wasn’t working. In an hour I got an e-mail apologizing rather profusely. The next day I got a phone call, saying, “We’re very sorry, but we’ve had to special order the replacement, it should be here tomorrow.” And a while later, an impossibly indecipherably Irish accented voice called to tell me that they’d express-mailed the replacement.

“Let me get this straight,” I said, “you’re saying that this problem, which you had nothing to do with, rates one e-mail, two long-distance phone calls and free upgraded shipping?”

Yup. And another e-mail followed, confirming that the order had been shipped.

Now that’s customer service, and it might be the reason that in the crazy, mixed-up, topsy-turvy world that was the e-commerce private equity market this June, BlackStar wrapped up a second round of financing to the tune of €6.2 million.

This is a company to watch.

BlackStar took on a niche in what may have seemed to others to be an impossible-to-conquer market, competing against a certain e- commerce giant named after a swath of Brazil, Columbia and Peru. BlackStar moved on the fact that an online source of PAL-formatted videotapes was lacking in the UK. Amazon.com’s primary market, the US, sold tapes formatted in the US NTSC standard.

That was back in early 1998. And in the same fashion as Amazon founder Jeff Bezos, the team that would become BlackStar had been working to figure out something web-related to do since well before then. When Collins, a former film producer, along with a pre-Netscape era web developer Tony Bowden and former ad-man Jeremy Glover, saw their chance, they pounced, launching the primordial BlackStar site in March 1998.

The corporate history says that they slapped up the first website in just seven days (they make a joke about one of the team having a theology background, but others have run with that so we won’t stoop so low) and within the month they had £2,000 worth of sales. Although Collins refuses to say anything about revenues other than that they’re “substantial, ” sources close to the company confirmed that monthly revenues by this November are in excess of £1.25 million and growing.

In August 1999, BlackStar finally got around to their first venture capital investment, raising £3.8 million from Atlas Venture and Tarrant Venture (an arm of David Bonderman’s Texas Pacific Group). This June, they raised that £6.2 million through IBI Corporate Finance, Dublin, which is planning to fund the business to profitability in 2001. Backers of that second round included Atlas Ventures, Tarrant Venture, Goodbody’s Stockbrokers and a range of private investors through Davy’s Stockbrokers in Dublin.

The stats are impressive: With 100 employees in Belfast and in London, BlackStar claims well over a half million unique visits and more than 6 million page impressions a month and more than 200,000 customers.

Collins credits much of this to the aforementioned customer service, in addition to the fact that worldwide postage is included in the price. “In the beginning, we didn’t have any money and had to be different, and we reckoned that the attraction of buying online was superb,” he said.

“But when you got to the end and someone slapped on $10 for shipping it gave the customers one final ‘do-I-really-want-this’ hurdle before they clicked the ‘buy’ button. So we said, ‘let’s be a bit smarter.’ The price on the site is the one on your credit card, and psychologically it works very well.”

That great customer service platform, by the way, was developed in house, and is constantly under refinement. But the company doesn’t plan to re-license the software it created, effectively cutting off a large potential revenue stream. They fear that licensing software would put them in the position of making it look pretty and dealing with customers who won’t be as forgiving of the system’s bugs as are BlackStar employees, who put up with the constant tweaking and the prioritized bug fixes as a matter of course.

BlackStar said that it will continue doing what it does best: making money by passing on good deals it negotiates with the studios, offering good value (its mainstay offer is a 20% discount on pre- orders, which are delivered on the day of release; others include two-for- one and three-for-£20) and especially keeping up standards of customer service.

Customers seem to notice. BlackStar has added 50,000 customers since July, and people seem to notice the good service. As e-tailers spend hundreds to earn tens, and burn through cash like, well, like e-tailers burning through cash, it’s highly refreshing to see a company paying attention to the basics.

The natural question, then, is when is the company going public? It had planned initial pubic offering on the London Stock Exchange for late this year, but announced in July that it would postpone until market conditions improved. And at the same time it touted the fact that it managed to raise more than £6 million at a time when vultures were circling a bloodbath of tech stocks.

In the past BlackStar has shown another encouraging sign – patience. It waited for a first round of funding until revenues were solidified and for a second round funding until expansion was justified. So there’s reason to suspect that postponing the IPO wasn’t cowardice, but rather cunning.

Stay tuned.

Phoenix Struts Its Wireless Stuff

scared audienceI’m watching on a wide-screen television the most painfully revolting thing I’ve ever seen, and Mikael Hällström is gleefully pointing at the screen.

“This is almost…almost…broadcast quality, and there’s no delay at all,” he said proudly. Hällström’s biggest problem in the coming months is whether to stay at Ericsson, where he has been for four years, or to head out with the spin-off he helped create.

These are good problems to have.

Truth be told, the resolution is more than “almost broadcast” – in fact it’s clear enough to give me nightmares for weeks and ponder each future meal carefully. We’re in Ericsson’s Stockholm headquarters, in a conference room that has been temporarily turned into both a highly impressive display of very cool technology and a chamber of horrors.

Here’s the story: Malmö University Hospital in southern Sweden wished to demonstrate to a hotel conference center packed with leading international medical observers a controversial, highly unorthodox and possibly revolutionary approach to an operation to remove a cancer in a patient’s rectum – going in from the top.

I’m watching the “highlights.”

I’m watching this to see a clear end-use example of the types of networks Ericsson believes will be prevalent in the very near future. And Ericsson Business Innovations (EBI), the “incubator” arm of Ericsson, is looking into using technology like this to create a number of businesses.

For example, EBI has also been working on something it calls the Phoenix Project, based around Ericsson’s Open Service Gateway Initiative (OSGi) protocol. Phoenix was set up to establish a solution for home health care, security and safety products, and EBI is looking internally at Ericsson, as well as at third parties, to develop other OSGi applications.

Now, that horrible tele-operation challenge I am trying not to remember was not part of Phoenix, but with it Phoenix saw a chance to strut its technological stuff. To this end it established a 24-megabit-per-second (MB/s) upstream and downstream connection between the hospital and the conference center (which are meters from one another) by way of a 750km loop through public networks using existing technology and infrastructure.

The setup included two cameras in the operating theatre – one on the surgeons and the other on the action – that broadcast to two projection devices in the conference center, both producing crystal clear 20 and 35 square-meter images. Real-time voice communication between the center and the theatre was a key element, allowing the surgeon to converse with the observers.

“You can’t have voice delays,” said Hällström, the simultaneously mild-mannered and intense architect of Phoenix, “and we did this without compression or echo canceling – if we used those, we could have gone several times farther.”

With traditional broadcasts, such as television, a gap between the time of broadcast and arrival at the user’s device doesn’t matter as it’s a one-way signal. But anyone who’s watched the poor CNN reporter, listening to a question by satellite and standing clueless, staring blankly at the camera for two to six seconds, can understand why a satellite hookup would be unacceptable in a tele-medical situation, where seconds count.

You might well wonder why Ericsson is in the television business, and the answer is that it’s not. It’s in the business of building up teams that will form the core of new units within Ericsson or of new companies that will be spun off.

The broadband system above grew out of research by Ericsson Media Lab and the work of Hällström and others in Ericsson working on telemedicine applications.

Phoenix To Be Spun Off

The goal is to have Phoenix, now still part of Ericsson, build up its system around OSGi, establish and maintain its standards and protocols, license users of the system from health care, security and other industries, and then eventually remove itself from the fray, licensing third party operators who will pay Phoenix for the right to operate the slice of the network in their special fields. Phoenix, of course, would then sit back and count its royalty and licensing income.

Phoenix’s E-Box is an OSGi-based system. It’s a home-running device that brays at you if you leave the iron on and potentially allows you to, for example, let your kids in before you’re home but deny them access to the garage, oven and VCR. The box controls safety issues like those, security (locks and alarms), as well as health-monitoring systems. EBI announced in October that it began an E-box trial run in 3,000 homes in Sweden.

“The Phoenix group deals with infrastructure and we need to have a network,” Hällström said. “We don’t want to operate the network, but we need to make sure that it is, in fact, a network, and it will be maintained and operated in the proper way.”

Working with partners in those related industries (they’ve embargoed us from saying even which space within the industries), other groups deal with the health care and security aspects of the applications, and another deals with the construction and installation aspects.

“We will start to roll this out in new houses initially,” Hällström said, “because then the costs of building the infrastructure in the house is near zero when looked at in context of the building costs. And we want to have a large base of customers.”

Opportunity for VCs

That’s an opportunity for VCs looking to back products in the related industries. EBI is actively seeking venture partners and offering support and resources for venture-funded companies who develop related technologies or end-user applications that would use the OSGi protocol.

“We believe a very strong part of Phoenix is the partner program, which is mainly venture-funded companies – and it’s not just the money, it’s the knowledge the VCs and third-party companies bring to the table,” Hällström said.

If the demonstration I saw is any indication, EBI has a lock on the networking part. Observers interviewed afterward said on camera that the setup was incredibly valuable and remarked that it could have an untold number of applications in medicine.

And, of course, they mentioned the vivacity of the colors. “I’ve seen lots of these types of presentations,” said one doctor. “Many times the details are fuzzy, and the colors are often washed. But here the colors were perfect, the resolution and clarity better than I’ve ever seen.”

 

Smart money would say that, at least technologically speaking, Phoenix should make the cut as a spin-off.