Another M&A in Charleston, who knew?

Mergers and acquisitions are always on the minds of key stakeholders in a business. Investors are looking for their return, employees are looking for the ability to turn their equity into cash, and the CEO may be looking for closure on the wild rollercoaster ride of running a startup.

Today in a blog post, it was announced that local Charleston firm PeopleMatter was being acquired by Snagajob. This is great news for Charleston. The most impressive part of this announcement has been the lack of any foresight into this acquisition. Lips were sealed on both sides of the deal and as far as we’ve heard no one had a clue. Or did they?

At Soteria we’ve built a pretty robust intelligence analytics platform we’ve codenamed Dionisis™. Dionisis™ is not one platform - instead it’s the analytic platform built in house to correlate information from different sources such as our DNSense™, PhishPhry™, and Artemis™ products.

As a growing platform, we are constantly monitoring and tuning our tools to create reliable and actionable intelligence. During the process of load testing and analysis we began tasking our platform with the names of clients, partners, South Carolina based companies, and ultimately any and every startup we came across. Logically as our neighbors in Charleston, PeopleMatter quickly made that list.

A key function of DNSense™ is to proactively monitor over 1,500+ top level domains for new registrations. When looking at registrations we look for direct brand usage (IE Company Name), variations of brand name (Typosquatting), and variations of protected trademarks. DNSense™ is constantly parsing data and the results are fed into our Dionisis™ analytics engine to look for relationships and evaluate threat risks.

On June 2nd, 2016 Dionisis™ indicated a domain registration of a suspicious nature. Our DNSense records had indicated a domain was registered that infringed on not one, but two brands listed in our system.

Registration notification.

Curious, we noticed that unlike most of our threats, this was likely a legitimate registration based upon the details provided to the registrar.

All valid information.

At this point, we followed internal process for further validation. As the url didn’t pose a threat to our current clients, nor was it being utilized for malicious intent, we flagged it as neutral. Periodically we monitor these domains for changes, compromise, and gather snapshots when applicable.

Here were are now, Thursday June 23rd, 21 days later, and has launched. Dionisis™ has once again indicated change, this time it’s flagged as probable safe.

The Site is live!

As PeopleMatter is not a publicly traded company, there wouldn’t necessarily be a direct way to leverage this information for nefarious gains. That said, during the Mergers and Acquisitions phase there have been numerous instances where leaked information has derailed or even stopped negotiations.

In this instance, PeopleMatter and Snagajob did a great job in keeping things quiet, and barring a slight misstep in domain registration, it would have been nearly impossible to guess anything was taking place.

Two lessons that can be learned from this are:
1. Security and IT operations play an important role in the M&A process in mitigating risks and disclosure.
2. When registering domains pre-launch, it’s probably best to use a Proxy Registrar.

On behalf of the Soteria Team, congratulations to the teams at PeopleMatter and Snagajob!

Interested in learning more? We’re providing free security services and support to qualified startups!

For Incident Response, and more visit