WTH? — Why Big Companies Like Walmart are Part of the Cyber Security Problem!

“Know thy self, know thy enemy. A thousand battles, a thousand victories.” — Sun Tzu, “The Art of War”

It is often said, “It takes a village”.

Someone needs to explain the meaning of this to Walmart and other large companies.

On October 10, 2018, CYBR discovered that a website named Walmartleaf.com was supposedly selling official Walmart crypto currency. I took a screenshot of the website which can be seen below:

Obviously, this would be a HUGE announcement for crypto. It seemed odd that I had not seen any prior announcements so I began to do some research. I found that the offer was being publicized on several crypto news sites. Here are two examples which I screenshot from CryptoCoin.News and CryptoNinjas:

At this point, I personally considered sending my Ethereum over. I mean this is Walmart, and this would most likely be a HUGE opportunity. But being a cyber security “expert”, I decided to run it by one of our team members, whom is a “go by your gut” kind of guy. It didn’t sit well with him. So we discussed it and agreed this was most likely a scam. 750M coins were being offered at $.13 a piece. If you do the math, that’s $97.5M USD in potential financial losses to the general public. So I called the Walmart “corporate office”, and here’s where it all went off the rails.

A polite but clueless employee answered my call. He tried to reach the “IT Department” but they were closed. I explained to him that if this was a scam, there was $97.5M in potential losses at stake here form public investors. He simply offered to take down my information. I told him to have a nice day and called one of our other Advisors with lot of connections. We quickly got connected to a “National Cyber-Forensics and Training Alliance (NCFTA) executive. This organization’s mantra is “Companies, Government and Academia working together to neutralize cyber crime.” What a perfect fit these folks should be. I am going to be tactful and leave out names for most of this article. I do this to protect the “guilty and the inept”. After speaking with this executive, he roped in the CEO of this organization. I was asked to forward my information and a short description of the issue. I was VERY thorough and provided details and accompanying screenshots. I never hear anything back…

At this juncture, our CYBR advisor had found the contact info for Walmart’s CISO. I sent him a LinkedIn outlining the serious issue we were dealing with in real-time. Here is that screenshot:

The entire message read as follows:

“*URGENT* Greetings, My name is Shawn Key and I am the CEO of CYBRToken.io. I have reported a cyber security/blockchain incident affecting Walmart to Ron Plesk at the NCFTA. I have worked with the FBI, DHS, and other LE groups on many security incidents. I’ve been an analyst for CNN and other global media sources re: cyber security and financial thefts. We have a current and exponentially growing problem relating to Walmart credibility which we have identified.

“Reliable” news sources are spreading information about Walmart launching its own crypto currency. Investors are sending BTC and ETH in droves thinking they are getting into something amazing (the countdown shows only 3 days left to buy). We have shared this as many places as we can:

*Breaking News* CYBR has uncovered an emerging scam (please see WalmartLeaf.com)

that seeks to steal millions ($97.5M USD) of ETH or BTC from duped investors. Do NOT send funds to WalmartLeaf.com. CYBR is working with Walmart Corporate to inform the general public and protect the crypto community. This, people, is why CYBR was created! Please share this amongst your security team and ensure no other crypto investor is scammed.

FYI, this is potentially one of the single largest scams of the year in crypto and when I spoke with Walmart “Corporate,” I was told “Our IT department is closed, and they can’t do anything about this until tomorrow.”

This scam is spreading like wildfire. Please help us get the word out to protect the community? Thank you.”

The CYBR team began posting messages about the scam on Bitcointalk, Twitter, Telegram, Facebook and other social media sites.

In parallel, our trusty CYBR advisor had found the contact info for Walmart’s Cyber Security group. HE patched me in to a gentleman who quickly explained they had been aware of this scam since September. “Okay,” I thought to myself. “Then why haven’t you handled the problematic website and protected investors’ money”. About that time, he mentioned a site which was similar to this issue at hand but it wasn’t the website I was referring to. So, I immediately told him what the site name was (Walmartleafy.com). He brought the site up and his response, verbatim, was, “Oh, shit!”

So after a short discussion, it was agreed the best thing to do was to contact CloudFlare and have them cut the site’s connection. He thanked me for my help, we exchanged emails, and I politely asked him to please consider sending us a brief letter so we could demonstrate our capability to the crypto community, as we are new and credibility means everything at this juncture. We hung up. After a half hour or so, I received an email from the Walmart Cyber Security POC, which read, “Site nuked with an ion cannon!”

I checked and indeed the site was down and all seemed to be well in the wonderful world of Walmart again!

As a side note, our Advisor had contacted ABC News and left a message about the potentially huge scam that we had uncovered. We wanted to air something so any duped users would know to attempt to take some kind of recourse.

I contacted CryptoCoin.News, explained in an email that they were promoting a massive scam and went back to the late night/early business of CYBR. Within a few hours, I received this in an email:

Feeling good about contributing to the “good fight”, I continued to work until around 3AM. For grins I refreshed the wlamartleafy.com page. Much to my chagrin, it had come back! The problem was NOT solved. The counter had been moved up to reflect only a few hours left of the “sale” most likely to entice more unwary investors to hurry and “get in”. Again, I screenshot the website (notice the timestamp):

I went to LinkedIn to send yet another message to Walmart’s CISO, and found that he had responded with this:

To which I immediately responded:

I then followed up moments later with this message:

I also sent the Walmart Cyber Security POC a similar email stating that the site was up and that this is what needed to be done.

I heard nothing back. I was just in disbelief. CYBR worked hard to post in Bitcointalk, Twitter, Telegram, etc. spreading the concern about the continued scam. Many people thanked us for our notifications.

I spoke with my advisor and he simply said, “What more can we do? It’s Walmart’s responsibility”.

Eight hours later, I was just saddened to see the site was still up (you can see this from the countdown being approximately eight hours less than the previous screenshot in this article):

Again, no one followed up except for the television reporter (Channel 8, ABC News: sbgtv.com) who informed me that their editorial team was going to pass because:

Read that again…you’re telling me a potential $97.5M scam being perpetrated under the guise of one of the largest retail chain stores in the world is NOT geared to nor in the best interest of the viewership?!

I wish to summarize all of this in one word: “debacle”. The worst part of all of this is that it happens far too often. Here’s why:

Walmart doesn’t want to publicize this blight on their corporate image. Rather than own up and take culpability for allowing this scam to circumvent their radar, they would leave the potential liability for millions of dollars in theft upon the public. They simply DO NOT CARE about the little guy.

The NCFTA and other organizations like them seek to “firewall” this type of intelligence. It’s more valuable if it is only shared amongst a small cyber security community. These companies and organizations can commercialize and monetize threat intelligence so it is only propagated to those willing to PAY for it. Organizations like this are quick to publicize their knowledge base because it allows them to receive large government contracts and funding. It is an incestuous group that doe NOT have the best interest of the public at heart.

Additionally, none of these organizations wants to publicly acknowledge these types of aforementioned incidents, much less give credit where credit is due. If the latter were to occur, new startups and disruptive companies like CYBR will take a piece of the pie.

The fact that crypto news sites proliferated this clearly demonstrates ignorance. The lack of due diligence done prior to issuing this “news” is appalling and shows that investors who rely on these sites are behaving foolishly and putting their investments at risk.

Make no mistake; we are at war in the information sense. We are at war with bad actors, bad nation states and from this article it is apparent, we are at war with those we trust.

In closing, Walmart, the NCFTA and a slew of other cyber security players are just a few examples of why CYBR seeks to disrupt the threat intelligence vertical. CYBR seeks to SHARE threat data to the masses protecting EVERYONE’S crypto investments and hard earned money. More and more charlatans will enter the crypto and blockchain verticals, soon. It’s a new source of wealth for them. I encourage the community to share this article, THINK about what I am saying and support CYBR and other companies like CYBR who seek to place the power of knowledge in the hands of the many; not the few.