Russian hackers keep business booming for Irvine cybersecurity firm

CrowdStrike Chief Executive George Kurtz
CrowdStrike Chief Executive George Kurtz
(Katie Falkenberg / For the Times)

When the Democratic National Committee discovered in April that its computer networks had been hacked, leaders there did not just alert government intelligence. They called CrowdStrike, a 5-year-old cybersecurity firm that makes millions from mercenary work sold with a promise: “We Stop Breaches.”

The Irvine-based contractor last month revealed what it had found: Two Russian intelligence groups, code-named Cozy Bear and Fancy Bear, had spearheaded competing hacks over the last year using a barrage of malicious “implants” and “backdoors.” CrowdStrike’s experts knew the hackers well: They’d also recently infiltrated the White House, State Department and Joint Chiefs of Staff.

Their weapon of choice: The cybersecurity equivalent of “a neighborhood watch program on steroids,” said CrowdStrike co-founder George Kurtz. That same offering has helped them turn their young business into a juggernaut, with sales of $100 million this year.


“Our clients now include the crème de la crème of companies,” said Kurtz, a former chief technology officer of antivirus giant McAfee. “From a growth perspective, it’s just been explosive.”

CrowdStrike is one soldier in a very new kind of army: private cyber-defense contractors. Their skill in fending off and eradicating hacks has become increasingly prized at the top echelons of American business following the crippling attacks on Target, insurance-giant Anthem and Sony Pictures -- the first time a foreign government targeted a U.S. company.

As payback for a movie poking fun at North Korea’s supreme leader, state-sponsored hackers stole the studio’s employee records, trade secrets and unfinished movies; shared embarrassing internal emails; and wiped thousands of computers and servers.

But the cyber-defense firms are also increasingly being called in to shield quasi-governmental agencies such as the DNC and American think tanks, which the company said are “highly targeted” by hackers aligned with nations such as Russia, China and Iran due to their stables of prominent experts and activists.

For companies such as CrowdStrike, the new age of information warfare -- and the ensuing climate of fear -- has led to a flood of cash. Analysts at research firm Gartner says the security-software market climbed to $22 billion last year, with sales growing by $1 billion for three straight years.

The growing business has also led to fierce competition in the cybersecurity industry, including with companies such as Cylance, ThreatConnect and Palantir. CrowdStrike said it would not share its client list or details of financial performance, but said it now works with three of the world’s 10 largest companies and five of the world’s 10 largest banks.


Their battlefield was made center stage last week when Republican presidential candidate Donald Trump encouraged the Russian government to infiltrate and distribute private emails from his Democratic opponent, Hillary Clinton, a former secretary of State.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press,” Trump said during a press conference.

Trump’s comments came amid an FBI investigation into whether Russian state actors were responsible for stealing emails from DNC computers and distributing them ahead of the party’s convention.

“This has gone from being a matter of curiosity, and a matter of politics, to being a national security issue,” Jake Sullivan, Clinton’s senior policy advisor, said in a statement last week.

The DNC first alerted CrowdStrike of their breach in April, and within 24 hours a threat-analyst team installed software on DNC computers to examine the attack. The firm’s report tying Russian intelligence to the hack has since been supported by other watchdogs, such as Fidelis Cybersecurity and Mandiant, and discussed as evidence in government officials’ intelligence briefings.

CrowdStrike actively tracks 80 global “threat-actor” groups, including Cozy Bear, that specialize in three tiers of modern cyberattacks: cash-seeking “e-crime”; cause-centric “hacktivism”; and nation-state hacks, engineered for political warfare or espionage.


CrowdStrike’s main threat-tracking platform, Falcon Host, compares and maps 14 billion events a day into a global graph, using the same style of technology powering a social network like Facebook.

The firm’s involvement in the DNC hack began as detective work, but teams there have claimed victory in repelling other attacks. CrowdStrike said last year that its “expert hunters” had successfully blocked a Chinese hacker group, called Hurricane Panda, attempting to blitz an unnamed American technology firm.

But the firms have also attracted criticism over the secrecy of their work. Threat-intelligence companies “have a particularly infuriating habit of being very public with their conclusions, but very secretive about their methods, data, and even malware samples,” wrote Matt Tait, the founder of Capital Alpha Security, a U.K.-based consulting firm. That “actively frustrates independent corroboration, and doesn’t inspire an enormous amount of confidence in their conclusions.”

See the most-read stories in World News this hour >>

CrowdStrike’s rapid growth has attracted big bets from American tech. The firm last year raised $100 million from an investment led by one of Google’s venture-capital arms in the search giant’s first cybersecurity deal. In an investment report, CrowdStrike said it had seen a 700% year-over-year increase in its deals of $1 million or more.

Companies such as CrowdStrike are also finding themselves increasingly tapped to safeguard the political establishment. Administration officials told the Washington Post that the DNC email dump could warrant raising parts of the electoral process to the level of “critical infrastructure,” such as power grids, that receive special protection from cyber-attacks.


“America is digitally exposed,” Sen. Ben Sasse (R-Neb.), said in a statement. “The United States must take serious offensive and defensive actions now.”

CyberStrike now employs 440 engineers, threat analysts and other employees across the globe, including in offices in Silicon Valley, London and in the Washington-defense-contractor hub of Crystal City, Va. Many, Kurtz said, joined the firm following careers in American or foreign military and intelligence.

“As a company, we do have a strong mission focus, which is really protecting our customers from the adversary,” Kurtz said. “When you have a purpose, which is to fight the bad guy, people take that very seriously.”

Drew Harwell writes for the Washington Post.


Why U.S. tech companies can’t figure out China


Tesla-SolarCity merger embodies Elon Musk’s audacious plan for clean energy

Elon Musk tests Wall Street’s appetite for unprofitable cash-burning ventures