DIGITAL DEFENDERS
After high-profile attacks, cyberdefence contractors are making massive profits
High-profile breaches have meant increased business for cybersecurity firms,
When the Democratic National Committee discovered in April that its computer networks had been hacked, leaders there did not just alert government intelligence. They called CrowdStrike, a five-year-old cybersecurity firm that makes millions from mercenary work sold with a promise: “We Stop Breaches.”
Last month, the contractor revealed what it had found: Two Russian intelligence groups, codenamed Cozy Bear and Fancy Bear, had spearheaded competing hacks over the last year using a barrage of malicious “implants” and “backdoors.” CrowdStrike’s experts knew the hackers well: They’d also recently infiltrated the White House, State Department and Joint Chiefs of Staff.
Their weapon of choice: The cybersecurity equivalent of “a neighbourhood watch program on steroids,” said CrowdStrike co-founder George Kurtz. That same offering has helped them turn their young business into a juggernaut, with sales of $100 million (U.S.) this year.
“Our clients now include the crème de la crème of companies,” said Kurtz, a former chief technology officer of antivirus giant McAfee. “From a growth perspective, it’s just been explosive.”
CrowdStrike is one soldier in a very new kind of army: private cyberdefence contractors. Their skill in fending off and eradicating hacks has become increasingly prized at the top echelons of business following the crippling attacks on Target, insurance giant Anthem and Sony Pictures — the first time a foreign gov- ernment targeted a U.S. company.
As payback for a movie poking fun at North Korea’s supreme leader, state-sponsored hackers stole the studio’s employee records, trade secrets and unfinished movies; shared embarrassing internal emails; and wiped thousands of computers and servers.
But the cyberdefence firms are also increasingly being called in to shield quasi-governmental agencies such as the DNC and think tanks, which the company said are “highly targeted” by hackers aligned with nations such as Russia, China and Iran due to their stables of prominent experts and activists.
For companies such as CrowdStrike, the new age of information warfare — and the ensuing climate of fear — has led to a flood of cash. Analysts at research firm Gartner say the security software market climbed to $22 billion last year, with sales growing by $1 billion for three straight years. The growing business has also led to fierce competition in the cybersecurity industry, including with companies such as Cylance, ThreatConnect and Palantir.
CrowdStrike said it would not share its client list or details of financial performance, but said it now works with three of the world’s 10 largest companies and five of the world’s 10 largest banks.
Their battlefield was made centre stage on Wednesday, when Republican presidential candidate Donald Trump encouraged the Russian government to infiltrate and distribute private emails from his Democratic opponent, Hillary Clinton, a former Secretary of State.
“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press,” Trump said during a press conference.
“It gives me no pause. If they have them, they have them,” Trump said later, when asked if his comments were inappropriate. “If Russia, or China, or any other country has those emails, I mean, to be honest with you, I’d love to see them.” Trump’s comments came amid an FBI investigation into whether Russian state actors were responsible for stealing emails from inside DNC computers and distributing them ahead of the party’s convention, a politically damaging move that forced the resignation of DNC Chairwoman Debbie Wasserman Schultz and could affect the election.
The DNC first alerted CrowdStrike of their breach in April, and within 24 hours a threat-analyst team installed software on DNC computers to examine the attack. The firm’s report tying Russian intelligence to the hack has since been supported by other watchdogs, such as Fidelis Cybersecurity and Mandiant, and discussed as evidence in government officials’ intelligence briefings.
CrowdStrike’s report detailed the dossiers of the rival intelligence groups — units of the FSB, Russia’s state security agency, and the GRU, its foreign intelligence directorate — and outlined the malicious code the hackers had implanted, marked by telltale “indicators of compromise.” Dmitri Alperovitch, the firm’s cofounder, also warned that “attacks against electoral candidates and the parties they represent are likely to continue up until the election in November.”
“Our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis,” Alperovitch wrote in a “From the Front Lines” report last month, entitled, “Bears in the Midst.” “Their tradecraft is superb.”
CrowdStrike actively tracks 80 global “threat-actor” groups, including Cozy Bear, that specialize in three tiers of modern cyberattacks: cashseeking “e-crime,” cause-centric “hacktivism” and nation-state hacks engineered for political warfare or espionage.
Military terminology is rampant in CrowdStrike’s business model: Falcon Overwatch, the firm’s “24/7 global team of expert adversary hunters,” is named after the battlefield tactic of supporting allies by scouting and sniping enemies.
“As a company, we do have a strong mission focus, which is really protecting our customers from the adversary,” Kurtz said. “When you have a purpose, which is to fight the bad guy, people take that very seriously.