E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)22/11/2009 Written by Roberto Preatoni
In case you didn’t understand, this is the solution of our *crypto* jeopardy game posted in the last news.
We received a notice that on WikiLeaks somebody uploaded an interesting document. It’s a PDF file, called Project Ethan (after Tom Cruise’s Mission Impossible caracther?) and it refers to E2-labs very recent plans to open in India an educational and IT security franchise network. We downloaded the document and we found some very interesting information in it, regarding E2-labs future plans and how the name of Zone-H (and a few others) was used to back up the whole plan to convince possible investors to invest money in Mr. Zaki Qureshey expansion plans. Needless to say, Zone-H was never informed about such plans and never gave any consent to be included in it.
The document is a financial investment porposal, made up by 28 pages. It seems to be written by Grant Thornton, a well-known financial advisor company. We have no doubt that the document was originally produced by such company, it’s too well structured, E2-labs and Zaki Qureshey definitely don’t posses the business skills to do that. Nevertheless, the document it’s filled by improper statements. We don’t think that Grand Thornton did it on purpose, we just imagine the situation where they were given some statements and material by Zaki Qureshey and they granted it for real, without verifying it. And that is bad, after all, the entire businell proposal carry their name.
The result is a well written document meant to attract possible investors, backed up by Grant Thornton name, which sounds to the ears of possible investors as a guarantee that it is referring to a serious proposal. This is probably the reason why E2-Labs Mr.Zaki Qureshey decided to invest some money to look for Grant Thornton advocacy. Just another case to use somebody’s name for his plans.
In this article, we are going to show some excerpts from that document, followed by some of our comments. Why did we decide to make this document public? Because that document is yet another example of Mr. Zaki Qureshey unethical business practices and because it’s involving directly my an Zone-H name and because this is the only way we have to make clear to the general public that we have nothing to do with Mr. Zaki Qureshey bogus proposals.
As you can see, this page to the document is referring to E2-Labs’ partnerships with known security industry names around the globe and to the world’s premier digital security observatory, which is Zone-H (we’ll see the name in clear later on). Needless to say, E2-Labs doesn’t have any exclusive tie-up with Zone-H. Actually doesn’t have any tie-up at all.
Here we have an interesting statement: “number of hackers are three times the security professionals”. Interesting, I’d like to know the source of such information…
Here again, we have:
1) Zone-H name spent one more time.
2) reference to E2-Labs job oriented courses. Remember, E2-Labs was advertising such “job guaranteed” courses illegally using my face and we already analyzed the business scheme behind such offer.
3) statements boasting E2-labs having exclusive partnerships with companies such Verisign. We found and interesting article on an Indian newspaper, in which E2-Labs is named as a franchisee of the Verisign brand. It’s interesting, we didn’t know that Verisign’s business model was to expand through a franchising model…
Here it’s written: “E2-Labs in association with Zone-H has developed a world class training curriculum…”. Let me make it clear: E2-Labs has developed nothing in association with Zone-H. They are using Zone-H’s trademark “Hands on Hacking Unlimited” on the page CareerOrientedTraining.htm without our consent.
Here again, Zone-H is named as a key partner into Ethan project, which is not true.
Here Zone-H is labeled as such organization providing training, services and consulting on behalf of E2-labs in the SAARC region. This is not true. Zone-H never provided any service in such region in cooperation with E2-Labs.
A funny statement: “E2-Labs will be appointed as information security advisor for Indian Defence and Intelligence Agencies”. We have 2 questions here:
1) why “will be”? Is it yet a dream?
2) isn’t it inapproriate to name such cooperation agreement, give the extremely confidential nature of it? If it ever was true…
This is the slide which is causing me most of the anger. I am named as part of the key management and technical board, in the slide “Management Overview”. I am not a member of any E2-Labs management committee!
Again, Zone-H dragged into the franchisor-franchisee scheme
Here it’s made clear that the franchising scheme is based also on the guaranteed jobs scheme, involving the franchisee in it, with all the possible legal consequences…
… as well as it’s made clear in the financial forecasts, where the guaranteed job business line is the most important among the revenues items. A quick note on this budget: a Gross Profit Margin starting from 46% and topping 60% throughout the years seems very unreasonable. Grant Thornthon’s guys should have noticed this…
This is the interesting part of the Ethan plan. Giving the strong partnership between E2-Labs and some big foreign names and brands, the targeted franchisee has to pay a hefty goodwill of 50,000 USD to benefit from it. The point is that in reality, the franchisee is paying this money for unexisting parterships which he will never be able to benefit from.
Some more words about Zone-H in the ending slide of the document. Are you ready to invest now?
Some final considerations: E2-Labs plans to start an IT security college in India was indeed a good idea. Mr. Zaki Qureshey brilliantly forecasted India’s future needs of IT security experts. Even this Ethan project franchising scheme could have been a good idea, if what stated in it was true. But unfortunately it is ruined by the way E2-Labs conducted business in the last 7 years.
What Mr. Zaki Qureshey does not understand is that if his way of doing business was normal his company was probably at this time 100 times larger than it is today, considering how big is the Indian market. This means respecting contracts, respecting and pay people working for him, not selling courses luring students offering them non-sustainable jobs, not abusing of somebody’s else image and brands, not bullshitting about James Bondish partnerships, not screwing people, not threatening people etc. etc. All practices unknown to E2-Labs way of doing business. Business never means fucking the counterparts.
What a pity, what a waste and what a lost opportunity.
PS: shouts to littleyoda…
UPDATE: we received from Fyodor Yarochkin, the former SNORT developer this email (It was sent also to E2-labs):
Date: 27-11-2009 16:47
Subject: Recent zone-h publication
Hey Zaki and guys,
Today to my attention came the post at zone-h.org blog claiming to
publish some business documentation, which was leaked from e2labs.
I am personally not interested at all to be involved in the whole
scandal, but one thing I’d like to note, if the exctracts from so
called “proposal” are authentic, this may bring serious trouble to
violator. Let me repeat it again:
1. I am not affilated with “snort” as brandname/organization/whatever.
I am former developer of the snort software, I can proffesionally
support and promote snort as opensource IDS, but I don’t own rights to
the name and I don’t represent “snort” as organization, business
partner in any possible way.
2. I never ever gave anyone permission to use snort as brand name,
not even that I am allowed to do such thing at all. (see #1). If snort
name or logo’ve been used anywhere — this is serious violation of
sourcefire and nowdays checkpoint copyright rights.
3. Violating 2 may get violating party into serious trouble with
sourcefire (which was recently aquired by even bigger monster -
CheckPoint). and those guys have alot of money to spend on lawers to
make sure that violating party pays. Knowing how israeli companies
work, I am sure they would do it, shall this info get public. I am not
Please keep this in mind