BUSINESS OWNERS ARE rarely keen to admit their companies have been hacked, but John Daly will – probably because it gave him the idea for his latest startup.
Prior to his current cybersecurity venture, Daly owned a Belgian-based company that provided voice calls over the internet, also known as VoIP calls.
His firm piggybacked off a larger wholesale network, and one day the door was opened to hackers when, Daly believes, a password was sold.
“We think it was an insider job, but we were told by our wholesaler they had seven layers of fraud protection, and we had four layers ourselves,” he tells Fora.
“After an hour, our own alert system was saying there is a lot of call activity from one customer. As we looked into it, the calls were growing in volume.
“The hacker had got in, got the password, made a couple of test calls and was now building out a massive call volume. Meanwhile, there was no fraud alert coming from our wholesaler.”
This type of attack, as Daly explains, could have been used for toll fraud – a scheme hackers use to make fraudulent long-distance calls and scam money.
He had no option – the customer’s account had to be taken out of action for a few days while the issue was sorted out.
“We went to our wholesaler and said, ‘There is a $5,000 bill here. You guys told us you had seven layers of fraud protection and we have no proof anything kicked in.’ We asked what they were going to do about it, and they said ‘nothing’.”
The business that was hacked was Daly’s previous enterprise Talking Sense, a firm he set up with Tony Friar in 2012 and sold for €750,000 three years later.
It wasn’t the stress of running a business that prompted Cork-based Daly to sell. He was just eager to start something a little closer to home.
“When I started the company with Tony there were three flights out of Cork a week to Brussels, and by the time we finished it was only one, which made it very onerous.
“We had given it a run, we had our exit. Belgium is a nice country, but it’s a high-cost country to do business in. Getting staff, retaining them and even paying them is expensive.”
Keen to start something new and with the memory of the hacking incident still fresh in their minds, Daly and Friar decided cybersecurity was a logical area to move into.
Daly says the “germ of the idea” for Velona Systems – a cybersecurity startup that helps VoIP providers monitor hacking threats – can be traced back to that original breach.
He adds it’s an area that might not be very “sexy” at the moment, but it will be the “new frontier of cybersecurity”.
“When 5G lands, all mobile phone calls and networks will be run on VoIP. So voice now becomes data in motion and massively flexible, which is great. The price point to get into the market will be cheaper.
“But it’s very vulnerable due to the billions of end points (phone devices). Malware will get onto the phones and the networks and attacks will be enormous.”
The attacks that Daly is talking about could be telephony denial of service (TDoS), where a phone network is taken down by being overloaded with calls, as well as toll fraud scams.
“You can buy a denial-of-service attack against any website on the dark net for about €50 an hour.
“VoIP will transition from a $100 billion business into a $4 trillion one and will attract the finest minds from the hacking industry.
“Mobile networks will be so focused on signal reliability, and when big operators are down for a minute they’re losing thousands of hours of calls.
“The telcos are lagging behind the cyber industry in quite a serious way, currently. The legacy tech that mobile phones are built on is very much a walled garden. You really need to know your stuff to hack it. VoIP is more vulnerable.”
Since setting up in 2016, Velona Systems has raised €750,000 as part of a seed round. One notable backer has been Stephen Brewer, a former executive for Vodafone and the first man to sell Apple computers in Europe in 1980.
The startup has used some of that funding to developed two products to help VoIP providers track breaches in their networks.
The first product, called ‘Cracker’, is a solution that helps firms keep track if the “doors were locked properly”, according to Daly.
He says the product is designed to ensure that no extension, or back door, has been added to a network by an engineer that would leave a system open to hackers.
Velona has also created a real-time product called ‘Watcher’, which allows a service provider to watch all VoIP traffic in real time and scans for evidence of toll fraud and denial-of-service attacks.
These products have been developed out of Velona’s numerous bases in Europe. The firm is headquartered in Cork, but it also has operations in Portugal and Maidenhead in the UK.
“We would love to have it all in Cork but it’s very hard to get the people with the right skillset. We’re talking to Japanese clients about the market there now – interest in voice data is big over there.”
There are a few different sectors the firm is tapping up for potential customers of its products, which were launched at the end of last year, but he cannot reveal the exact firms Velona is working with as the work is, by its nature, secretive.
“There is no telco company that will admit they have a fraud problem,” Daly says.
He adds that communications service providers are the big customers they are chasing and Velona has held talks with Polish and Canadian firms about its cloud products – which are sold on a subscription basis.
He says that the startup’s target to crack €1 million in revenue within two years while also adding more products to its suite.
“You can always do more and always add features. We have a full road map that is 10-times bigger than the amount of engineering resources we have.”
The company, which has seven staff in total, is also trying to raise another €3 million to make the leap into the US market.
“A lot of the vendors are telling us that all their traction is in North America and will we go into North America with them,” Daly says.
“But America is a very expensive market to get into because you have to pay the right people pretty well to crack. It’s quite a flexible market, but it’s expensive to get in.”