After MyBizHomepage was hacked, its founder, Peter Justen, considered declaring bankruptcy or shutting down. Credit Daniel Rosenbaum for The New York Times
IN 2006, Peter Justen, a serial entrepreneur, founded MyBizHomepage, an online service that connected to companies’ QuickBooks accounting software to help business owners monitor their financial metrics. When the site went live in 2008, it attracted significant media attention. It was free to use and the company planned to make money through advertising, a recipe that appealed to Mr. Justen’s investors, who valued the company at $100 million based on the vast potential they perceived.
THE CHALLENGE Rebuilding. After Mr. Justen fired his chief technology officer, strange things started happening at MyBizHomepage, including a series of cyberattacks that brought down the company’s software.
THE BACKGROUND Mr. Justen started MyBizHomepage in Middleburg, Va., five years after he and his co-founders had sold Pace Financial Network to TD Ameritrade, the online brokerage firm. Looking for a new challenge, Mr. Justen, a self-described numbers guy, began researching whether there was a need among small-business owners for help in understanding the financial ratios that drive their companies. He quickly determined there was. He also knew that lots of small businesses used QuickBooks to run their financials. “My idea,” Mr. Justen said, “was to simplify things for business owners to give them an easy way to see the problems and opportunities in the numbers of their business.”
Mr. Justen and a team of programmers spent the next two years working on the prototype for MyBizHomepage, which would use a series of algorithms to analyze data culled from QuickBooks and create financial performance indicators that would be displayed as a financial dashboard for each business. One popular feature, for example, monitored a company’s accounts-receivable balance. When the balance exceeded a set threshold, the software would
http://quickbooks.intuit.com/
send an alert. “The idea was that by checking in on their key numbers every day, a business owner could see where he was headed,” Mr. Justen said.
To help fuel the company’s growth, Mr. Justen turned to several investors to raise capital. They included Joe Silbaugh, a real estate developer, and Bryan Elicker, a friend of Mr. Silbaugh’s who sold a coffin company in 2007. In 2008, Mr. Justen and his investors, who also served on his board, faced an interesting decision: They had a tentative offer to sell the company for a price close to their own valuation. But Mr. Justen and his board decided not to sell. “We hadn’t yet tapped the potential of the product, especially among a global audience,” he said, noting that the company had barely 6,000 customers using the system at the time.
Apparently the decision not to sell did not sit well with the company’s chief technology officer. Mr. Justen said he was soon told that the officer, a longtime associate, had teamed up with two other senior officers in the company in an effort to start a competing company. Mr. Justen said he learned of the new venture from one of his investors who had been approached about joining the group. Furious, Mr. Justen fired the chief technology officer and his cohort, and instructed his lawyer to send them a cease-and-desist letter. That was when the real trouble began. After Mr. Justen fired his chief technology officer, the MyBizHomepage began to crash regularly. Mr. Justen and his board members also found that someone had hacked into their personal e-mail and Facebook accounts and had begun sending people on their contact list messages impugning the ethics of Mr. Justen and the board members. The messages claimed that MyBizHomepage was defrauding investors, a claim that was repeated on several Web sites. “It hurts your reputation when someone Googles your name and finds that,” said Mr. Silbaugh, who had invested more than $1 million in MyBizHomepage.
When Mr. Justen contacted authorities about the attacks and explained what he thought was happening, he said he learned something else about his former chief technology officer: there was little, if any, official proof that he existed. Mr. Justen said he knew that the officer was unusual, that he had been arrested on an outstanding warrant after being pulled over on suspicion of driving with a fake license plate. But Mr. Justen said he did not realize that the chief technology officer had no official identity: no driver’s license, no credit cards, no tax returns. The chief technology officer apparently had been living off the grid, which made tracking him down almost impossible even with the help of the authorities.
Mr. Justen said he concluded that the chief technology officer had built multiple “backdoor” entrances into the MyBizHomepage software and had compromised the company’s backup data. It became clear that the site would need to be shut down indefinitely, essentially putting the company out of business.
THE OPTIONS Given the security breaches and the destruction of the backup copies of the code, Mr. Justen said he knew that he would have to start from scratch if he wanted the company to continue. But he was reluctant to go back to his original investors for more money, and he knew he would have a hard time raising capital after the 2008 credit crisis. He considered having the company declare bankruptcy, but he knew that meant his investors would lose everything.
He also struggled with how public to make what had happened, particularly given that his customers had trusted him with delicate information. They might not be eager to re-enlist, knowing the service had been hacked by an insider. While he had been working with authorities to track down his former chief technology officer, Mr. Justen also considered his legal options if the officer were located.
Finally, Mr. Justen, who had a family to support, considered simply shutting the doors to the business and walking away for good.
WHAT OTHERS SAY Norm Brodsky, a serial entrepreneur and columnist for Inc. magazine in New York City: “Mr. Justen should focus on restructuring or starting a new company using his intellectual property. Bankruptcy won’t help. His only asset is his software, which they will just auction off and sell to the highest bidder. He should also be honest about how he played a role in what went wrong. Why didn’t he run a background check on his C.T.O.? And why did he fire him without first putting a plan in place to protect the software? He can’t afford to make those mistakes again. I always say you should trust everyone but also keep your eyes open.”
Mark Davis, senior director at the White House Writers Group, a consulting company in Washington, and the co-author of “Digital Assassination,” a book on cyberterrorism: “Mr. Justen has no choice but to go public with an apology and an explanation. He should put up a YouTube video explaining what happened and what action steps they are taking to rectify the situation.”
Joy R. Butler, a business and entertainment lawyer in Washington who wrote “The Cyber Citizen’s Guide Through the Legal Jungle”: “Mr. Justen and his company have limited legal options going forward unless they can locate the C.T.O. The company might then seek redress by suing for breach of any noncompete or confidentiality provisions that may have been in the former C.T.O.’s employment agreement.”
John Mutch, chief executive of BeyondTrust, a global provider of security software: “Unfortunately for Mr. Justen, he probably needed to lock the system down before firing his C.T.O. If he decides to go forward, he should consider building role-based security around his company’s critical assets that limits who can access what.”
THE RESULTS Offer your thoughts on Mr. Justen’s decision on the You’re the Boss blog at nytimes.com/boss. Next week, on the blog and in this space, we will explain how the company is doing.
http://www.inc.com/column/street-smarts/
http://www.whwg.com/
http://www.digitalassassinationbook.com/
http://www.guidethroughthelegaljungle.com/cyber/cyberdescription.htm
http://www.guidethroughthelegaljungle.com/cyber/cyberdescription.htm
http://www.beyondtrust.com/?pi_ad_id=13208627440&gclid=CJO-7-fA7LECFYao4AodSCIA4Q
http://nytimes.com/boss
Last week we wrote about the situation faced by Peter Justen, chief executive of MyBizHomepage, after the company’s former chief technology officer set in motion a series of crippling cyberattacks against the company’s Web site.
Once valued by its investors at $100 million, MyBizHomepage was founded in 2006 by Mr. Justen as a way to help small-business owners access financial metrics that can help them run their companies. But then, apparently angered by Mr. Justen’s decision not to sell the company, the chief technology officer tried to start a competing company. When Mr. Justen found out, he fired the officer along with two co-conspirators. And that’s when the cyberattacks began. They rendered the site all but useless, and Mr. Justen struggled with what to do next.
In February 2009, Mr. Justen and his board concluded that they would have to take the site offline, which would effectively close the business and saddle board members like Joe Silbaugh, who had invested more than $1 million, with a devastating loss. “We essentially had no choice because we no longer had a product,” Mr. Justen said. “We also decided to be up front about the decision and explain what happened along with an apology. When bad things happen you can hide under the rug and hope it goes away or you can go public with it and take the teeth out of the tiger. Some people were understanding while others were not.”
The decision did not please the company’s vendors, some of whom quickly filed suit over unpaid bills. But many of the company’s channel partners, who helped distribute the product, decided to stay on. “They told me they liked our product, and they were going to stick with us,” Mr. Justen said. “In tough times, you really get to see who your friends really are.”
Ignoring advice from his lawyers, Mr. Justen, who also had invested heavily in the company, decided not to declare corporate bankruptcy because he did not want to give anyone the opportunity to purchase the company’s intellectual property. He also turned down multiple offers to leave the company and take salaried employment. Rather, he asked his original investors to support him in rebuilding the company from scratch. “We held a shareholder meeting and I told them I would kill myself in trying to restore the company to what it should have been,” said Mr. Justen, who also liquidated his 401(k) and his children’s college funds and invested the money in the company. “Fortunately, they gave me that chance.”
http://www.nytimes.com/2012/08/23/business/smallbusiness/struggling-to-recover-from-a-cyberattack.html
Mr. Justen spent the next two years rebuilding the company, which is now called Five Plus. It features an online subscription software package that synchronizes with a company’s QuickBooks software and presents an easy-to-digest version of critical financial figures such as accounts payable, accounts receivable, cost of goods sold and cash on hand. The new software also embraces social media technology, enabling users to connect with each other and to compare their financial results with those of their industry peers.
While the new business is up and running, Mr. Justen said he and the business remain under cyberattack. In one instance, he was forced to fend off a denial-of-service attack against the new site that attempted to redirect his customers to a site where fraud claims against Mr. Justen and the company’s investors (including Mr. Justen’s 87-year-old mother and deceased father) had been posted. Mr. Justen said he continues to work with the United States Secret Service in attempting to track down the former chief technology officer.
After this case study was published last week, the unnamed former employee contacted The New York Times and identified himself as James Bird. He denied that he had been on the lam and offered an address in Santa Monica, Calif., where he said he is living. While asserting that Mr. Justen owes him $25,000, Mr. Bird acknowledged that he had in fact hacked the MyBizHomepage site.
Mr. Justen discussed the experience — and responded to reader comments — in a brief interview that has been condensed and edited.
Q.
You have said that you discovered after the attacks that Mr. Bird had been living off the grid — no driver’s license, not paying taxes. Didn’t you have to have his Social Security number to pay him? A.
Yes, we paid him as a contractor and did have a Social Security number for him. But what are you going to do with it? He doesn’t use it for anything we could track him with. He doesn’t have credit cards or bank accounts. He paid cash for everything, including his car.
Q.
Why didn’t you run a background check on him before hiring? A.
I had known him for more than 15 years. I was like a mentor to him. He came over to our house for dinner six times a month and played with my kids. He was a very talented software engineer and I highly trusted him.
Q.
Why was he upset after the sale of the company didn’t go through? What was in it for him? A.
He had stock options in the company that would vest over different triggers or events, like a sale. He was in line to make a substantial amount of money.
https://www.fiveplus.co/
Q.
Were you surprised that two of your senior officers went along with Mr. Bird? A.
Yes, I was quite surprised. One of them had worked for me for three years as a trusted financial adviser. I think they just got caught up in the drama of it all. I terminated all three individuals on the same day.
Q.
Do you think Mr. Bird had help in sabotaging the company? A.
Yes, I think all three of them worked together. Jim did the technical stuff and the other guys did the rest. They went to our clients and told them they were starting a new company and that Peter’s company had failed. They would even pull up the site, which Jim would then crash, as proof.
Q.
What lessons do you draw from this experience? A.
I realize I made many mistakes and I have learned a number of things from this experience. Inspect what you expect and trust but verify come to mind. A big lesson I learned was to separate business from personal. I let my personal emotions cloud my better business judgment.
Q.
What do you say to the readers who asked why you didn’t conduct a security audit on the system? A.
When you’re a start-up, you have to make some tough calls about where to spend your money. You throw nickels around like they’re manhole covers. At the time, there didn’t seem to be any reason for us to spend $70,000 to verify something that didn’t seem to be a risk. Jim was a cyber security expert. Our software was rock solid against attacks from the outside. I just never expected someone I trusted so much and had known for so long to do what he did from the inside. That’s why with our new system, no one else has all the keys to the kingdom and we keep multiple copies of our backup code in different locations. We’ve taken as much precaution as is humanly possible to make sure this doesn’t happen again.
Q.
What did you do to protect your customers once you knew the system had been hacked? A.
The customer information was never a target. As part of our design, we never collected any personal data on our customers like bank account information. That was part of our design. All we collected was data like company revenues and receivables. But it wasn’t connected to any personally identifiable information.
Q.
Were you surprised by the reactions of readers? A.
I’ll admit that I thought some of the comments must have come from people who have never stepped foot in the arena and tried to start a company — people who never shed blood, sweat and tears trying to build something. But when you hear from customers who tell you that what you built helped save their company, that’s what makes it all worthwhile.
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Blog
Archive
Contact
google+twitterfacebook
Copyright © 2019 HomeworkMarket.com