When Goktug Yilmaz, a game developer in Ankara, Turkey, wanted help with his business, he turned to Y Combinator, a prestigious startup accelerator firm in Mountain View, California.

Yilmaz recently completed Y Combinator’s first free online course, called Startup School. He was among 7,000 founders from more than 140 countries who participated.

“You talk, you get feedback,” he said, about why he wanted to be part of Startup School. “Just seeing this process would help us get better on focusing on our goals.”

Y Combinator is known for its competitive twice-yearly program that brings companies to Mountain View, California, for 10 intensive weeks of training and advice. Founders receive mentoring from its alumni network that includes such companies as Airbnb, Dropbox, Reddit and Instacart.

YC arrangement for startups

As part of the arrangement, YC, as it is known, invests $120,000 in each startup for 7 percent of common stock. The program culminates in Demo Day, when participants give their pitches to a room full of potential investors.

Since it was founded in 2005, Y Combinator has worked with more than 4,000 founders.

But just 2 percent of applicants make it into Y Combinator’s program. Yilmaz was one of those who tried but didn’t make it.

Then, Yilmaz heard about Y Combinator’s effort to expand its reach with Startup School. He signed up.

Steven Pham, who helps run Startup School, said the firm wanted to reach entrepreneurs beyond Silicon Valley.

“Internet access has been only something people have access to very recently in a lot of these markets,” Pham said. “In a lot of these communities where startups are super, super early, we wanted to get in there and help them learn best practices … best ways to think about building their product, best ways to think about sales strategies and market.”

The demand for Startup School surprised Y Combinator, Pham said. More than 13,000 companies and nearly 20,000 founders applied. The firm had to limit the first class to 3,000 companies and about 7,000 founders so that it could provide enough alumni advisers.

Ti Zhao, a Y Combinator alumnus, was a mentor to 30 companies during Startup School.

“People kind of have this idea of Silicon Valley as where the startups are at and it’s really cool for me to see so many diverse companies from so many places around the world,” she said.

Online pitches

Startup School culminates with Presentation Day, when entrepreneurs around the world make their pitches online. The aim isn’t necessarily to woo investors but to present a prototype of an idea in a clear and succinct way.

It included pitches from war-torn Syria, where one group is teaching children how to create circuits.

Others applied technology to fields such as transportation, travel and education. SocialEyeze, based in Sudan, is trying to help the blind engage on social media more easily. 

“I’ve learned many useful skills, and those skills appeared in the modifications we made on our solution,” Hussam Eldeen Hassan with Socialeyeze said.

In the end, about 56 percent of the first Startup School class, or 1,580 firms, completed the course.

Y Combinator plans to expand the number of companies it can include when it does Startup School again, currently slated for early next year.

“In Startup School, we made a bunch of friends from the online chat,” Yilmaz said. “We are probably going to continue those friendships with other founders.”
…

The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyberattacks.

Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint report from the U.S. Department of Homeland Security and Federal Bureau of Investigation.

The report provided to the industrial firms was reviewed by Reuters Friday. While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, it did not identify any specific victims.

Industry looking into intrusions

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

Homeland Security and FBI officials could not be reached for comment on the report, which was dated June 28. The report was released during a week of heavy hacking activity.

A virus dubbed “NotPetya” attacked Tuesday, spreading from initial infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories.

On Tuesday the energy-industry news site E&E News reported that U.S. investigators were looking into cyber intrusions this year at multiple nuclear power generators.

Reuters has not confirmed details of the E&E News report, which said there was no evidence safety systems had been compromised at affected plants.

Worry since 2016

Industrial firms, including power providers and other utilities, have been particularly worried about the potential for destructive cyber attacks since December 2016, when hackers cut electricity in Ukraine.

U.S. nuclear power generators PSEG, SCANA Corp and Entergy Corp said they were not affected by the recent cyberattacks. SCANA’s V.C. Summer nuclear plant in South Carolina shut down Thursday because of a problem with a valve in the non-nuclear portion of the plant, a spokesman said.

Another nuclear power generator, Dominion Energy, said it does not comment on cyber security.

Two cyber security firms said June 12 that they had identified the malicious software used in the Ukraine attack, which they dubbed Industroyer, warning that it could be easily modified to attack utilities in the United States and Europe.

Industroyer is the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The U.S. government report said attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect so that they create “decoy documents” on topics of interest to their targets.

In an analysis, it described 11 files used in the attacks, including malware downloaders and tools that allow the hackers to take remote control of victims’ computers and travel across their networks.

Chevron Corp, Exxon Mobil Corp and ConocoPhillips, the three largest U.S. oil producers, declined to comment on their network security.
…

Many businesses still struggled Friday to recover hopelessly scrambled computer networks, collateral damage from a massive cyberattack that targeted Ukraine three days ago.

The Heritage Valley Health System couldn’t offer lab and diagnostic imaging services at 14 community and neighborhood offices in western Pennsylvania. DLA Piper, a London-based law firm with offices in 40 countries, said on its website that email systems were down; a receptionist said email hadn’t been restored by the close of business day.

Dave Kennedy, a former Marine cyberwarrior who is now CEO of the security company TrustedSec, said one U.S. company he is helping is rebuilding its entire network of more than 5,000 computers.

“It hit everything, their backups, servers, their workstations, everything,” he said. “Everything was just nuked and wiped.”

Kennedy added, “Some of these companies are actually using pieces of paper to write down credit card numbers. It’s crazy.”

Some attacks are unreported

The cyber attack that began Tuesday brought even some Fortune 1000 companies to their knees, experts say. Kennedy said a lot more “isn’t being reported by companies who don’t want to say that they are hit.”

The malware, which security experts are calling NotPetya, was unleashed through Ukraine tax software, called MeDoc. Customers’ networks became infected downloading automatic updates from its maker’s website. Many customers are multinationals with offices in the eastern European nation.

The malware spread so quickly, worming its way automatically through interconnected private networks, as to be nearly unstoppable. What saved the world from digital mayhem, experts say, was its limited business-to-business connectivity with Ukrainian enterprises, the intended target.

Had those direct connections been extensive — on the level of a major industrial nation — “you are talking about a catastrophic failure of all of our systems and environments across the globe. I mean it could have been absolutely terrifying,” Kennedy said.

Microsoft said NotPetya hit companies in at least 64 nations, including Russia, Germany and the United States. Victims include drug giant Merck & Co. and the shipping company FedEx’s TNT subsidiary. Trade in FedEx stock was temporarily halted Wednesday.

Danish shipping giant still struggling

One major victim, Danish shipping giant A.P. Maersk-Moller, said Friday that its cargo terminals and port operations were “now running close to normal again.” It said operations had been restored in Spain, Morocco, India, Brazil, Argentina and Lima, Peru, but problems lingered in Rotterdam, the Netherlands; Elizabeth, New Jersey; and Los Angeles.

An employee at an international transit company at Lima’s port of Callao told The Associated Press that Maersk employees’ telephone system and email had been knocked out by the virus — so they were “stuck using their personal cellphones.” The employee spoke on condition of anonymity because he’s not authorized to speak to reporters.

Back in Ukraine, the pain continued. Officials assured the public that the outbreak was under control, and service has been restored to cash machines and at the airport.

But some bank branches remain closed as information-technology professionals scrambled to rebuild networks from scratch. One government employee told the AP she was still relying on her iPhone because her office’s computers were “collapsed.” She, too, was not authorized to talk to journalists.

 Security researchers now concur that while NotPetya was wrapped in the guise of extortionate “ransomware” — which encrypts files and demands payment — it was really designed to exact maximum destruction and disruption, with Ukraine the clear target.

FBI joins investigation

Computers were disabled there at banks, government agencies, energy companies, supermarkets, railways and telecommunications providers.

Ukraine’s government said Thursday that the FBI and Britain’s National Crime Agency were assisting in its investigation of the malware.

Suspicion for the attack immediately fell on hackers affiliated with Russia, though there is no evidence tying Vladimir Putin’s government to the attack.

Relations between Russia and Ukraine have been tense since Moscow annexed the Crimean peninsula from Ukraine in 2014. Pro-Russian fighters still battle the government in eastern Ukraine.

U.S. intelligence agencies declined to comment about who might be responsible for the attack. The White House did not immediately respond to questions seeking its reaction to the attack.

Russian hackers blamed before

Experts have blamed pro-Russian hackers for major cyberattacks on the Ukrainian power grid in 2015 and 2016, assaults that have turned the eastern European nation into the world’s leading cyber warfare testing ground.

A disruptive attack on the nation’s voting system ahead of 2014 national elections is also attributed to Russia.

Robert M. Lee, CEO of Dragos Inc. and an expert on cyberattacks on infrastructure including Ukraine’s power grid, said the rules of cyber espionage appear to be changing, with sophisticated actors — state-sponsored or not — violating what had been established norms of avoiding collateral damage.

Besides NotPetya, he pointed to the May ransomware dubbed “WannaCry,” a major cyberassault that some experts have blamed on North Korea.

“I think it’s absolutely reprehensive if we do not have national-level leaders come out and make very clear statements,”  he said, “that this is not activity that can be condoned.”

                 
…