My story of being ripped off
This all started after I got done for $20,000. I sent my invoice as a PDF with my bank details on it like any other time. BUT, my client had been compromised and the criminals were sitting in their network waiting. They changed my bank details on my invoice and sent it on. My client knew nothing was wrong and accounts trusted it as had come from the CEO. They paid me and the money didn't arrive. When queried, they sent me my Bank details and they were wrong. I asked how and they sent me my invoice and it had the wrong details.
At this point, I was believing it was me. But as I dug further and looked at the internals of the PDF. I found that it had been modified in Eastern Europe and proved this back to my client that it was them hacked up with other data I had gathered. After a long run around, I finally got paid but they were out an extra $20,000 and our trust of each other was broken.
This really annoyed me, a long term techie who has hard passwords, knows about hacking and very careful.
I then did work to find out what had happened and how easy to was to be done. Then went looking for a solution, but I found a hole. Everything is about your company, teaching staff good habits, keeping security up to date, hard passwords and 2FA models which is all about a “wall” model, just like the old” walled cities”. But this method of attack completely by-passes all these as playing upon peoples trust so they can walk through all the walls, so there was no way I can protect myself .
I found it is a broken system where even the big guys are getting hit, even with all their tech as walls leak and humans will be humans.
I then went to my network to ask, and what I got back blew me away. $1M stolen and many more where luck saved them and the stories.
One was saved when the client ran to tell them the change to their bank details would delay the payment. When questioned, they had a sign letter on letterhead from them with the bank change and even had a phone call to confirm the change to be done. Another was for $650k where the lawyer’s email system had been breached and they inserted in the conversation a bank change request and only by luck did they catch it. Had many more showing how many methods had been used so no one defence could be used.
With this hard learnings, I created CyberBUND taking an “outside the box idea” of flipping the model which I’m know for. Based it on same model we now operate our cities without the walls but with cameras and backed up with alarms. The idea is about building for each company their own army (cameras) to fight these criminals who are united to form a global army that supports many for the good. This operates in a way that it just happens, the same as how "back to base alarms" work of watch, detect, verify and then alert so the business can focus on what it needs of making money. Now the criminals will go elsewhere as now too hard and risky, just like when they look at our house and see a camera or alarm box, move to the next one, it is all about effort and risk to them.
CyberBUND at its core, a network to help protect each other through simple actions.
What We've Achieved
Done a Proof of Concept to prove can be done.
Connected to my personal network and asked. Got back stories totalling more than $1M in known attacks
Talked to customers, got positive feedback and more ideas
Talked to Accountants and learnt they have all had at least one client who has been done
Studying about the methods being used
Attending events to learn more stories and start building networks of support
Design the architecture based upon the premise we will be attacked
Build a workable business model
Building a releasable version implementing the first stage
Shipped to first clients
Who am I
I have been building award winning software for nearly 40 years covering SMB accounting, SMB Legal software , Live TV with the likes of ESPN, NBC, CNN, FOX and SMB messaging system as a top line that has given me a unique view on this.