World
How a group of tech ‘rebels’ triggered the world’s biggest IT meltdown
When George Kurtz announced the establishment of his new company CrowdStrike in 2012 on his blog, few outside the tech industry would have noticed.
Kurtz, along with Dmitri Alperovitch (CTO) and Gregg Marston (CFO), wrote that he wanted to change the way the cybersecurity industry responded to hacking and cyber breaches.
He wanted to assemble a “dream team” of tech experts. A group of rebels, he called them, who believed “the current state of security is fundamentally broken and want to do something about it”.
More than a decade on, the company has been wildly successful in achieving that goal.
But it wasn’t until Friday that it became a household name, and for all the wrong reasons. The world has been grappling with what’s been billed as the largest IT failure in history, and CrowdStrike is right at the centre of it.
The remarkable success of the company is in part what led to the global IT outage that swept the world over the past 48 hours and triggered a wave of interruptions of crucial services.
How CrowdStrike turned from a startup into a global player
Kurtz was a former engineer at McAfee for many years. But he had grown disillusioned with the approach taken to cybersecurity across the industry.
In one of his blog posts, Kurtz wrote he was: “Tired of the status quo of technologies that were incapable of dealing with the most persistent attacks.
“Tired of the malware-centric approaches that only focus on 40 per cent of the problem. Tired of on-premise security technologies that are disconnected, overly complex, easy to break, and costly to administer.”
The idea behind CrowdStrike was different. He and his co-founders set out to develop a new approach to what’s known as cloud-based endpoint security. The company’s slogan was simple: “We stop breaches.”
To achieve this, CrowdStrike built a new type of cybersecurity service that burrowed deep into the systems of companies and services that relied on them. The idea was to provide a bigger base of protection.
There was — Kurtz has said — some scepticism within the industry, but their approach took off. Their signature product, Falcon Platform, was designed as a one-stop shop for security needs to detect malware and stop cyber attacks.
There was strong interest in this new approach from private equity groups. It was initially backed by private investors like Accel and Warburg Pincus. In 2014, it received major backing from Google Capital, raising more than $100 million.
In 2015, Marston announced he was retiring and left the company as CFO. Kurtz and Alperovitch continued on, quickly expanding and growing their client bases all over the world.
The company launched subsidiaries in Australia, the United Kingdom, India, Germany and Canada.
In 2019, CrowdStrike became a publicly listed company in the US. Since then it’s been backed by large institutional investors.
Vanguard is currently the largest shareholder, followed by Blackrock, Jennison Associates, State Street Global Advisors, Invesco Capital Management and Geode Capital Management.
Kurtz himself also continues to hold shares in the company.
In 2020, co-founder Alperovitch left the business to set up a not-for-profit.
The company has chipped away at competitors — including Microsoft — with bombastic statements and snipes about the company’s security failures, including: “Microsoft’s security products can’t even protect Microsoft”.
Since CrowdStrike was launched, the endpoint security market has rapidly grown and is now worth at least $8 billion.
Today, CrowdStrike dominates the market. A 2022 market share report noted that it held more than 17 per cent — followed closely by Microsoft’s Azure program, which is a major competitor.
That means over the past decade, entire systems of banking, communications, health care, education and other vital services have become reliant on CrowdStrike’s security — burrowing deep into their systems to protect them.
CrowdStrike is also everywhere in Australia. It provides services for a number of airlines, transportation services and other companies that were impacted by Friday’s software glitch.
It even provides services to government agencies. The “Falcon intelligence system” is used by agencies including the Australian Signals Directorate, according to a 2019 contract for $624,000.
The company was awarded a $954,323 limited tender contract to the Department of Defence for software services in 2019, and holds software contracts with other government agencies.
CrowdStrike, Donald Trump and a conspiracy theory
Strangely, this isn’t the first time the company has found itself at the centre of global controversy.
In 2016, CrowdStrike was contacted by the US Democratic Party to respond to a major cybersecurity breach of their email systems.
That breach had led to the publication of millions of emails by WikiLeaks in a highly damaging and messy public release.
CrowdStrike were hired by the party in response to the breach and ultimately concluded in May 2016 that two separate Russian state entities were behind the hack.
These findings gave credence to the views of US intelligence agencies that there had been foreign interference by Russia that had set out to damage Hillary Clinton’s electoral prospects in favour of Donald Trump.
CrowdStrike was forced to defend itself after it came under attack for those conclusions. A bizarre series of conspiracy theories then emerged about the company because it hadn’t given the DNC “server” to the FBI.
The tenor of these debunked claims was an effort to debunk the findings of Russian interference by those US government agencies, including the FBI, and that CrowdStrike had somehow colluded in this goal.
Part of that false theory involved the claim that Ukraine and not Russia was somehow linked to the attack.
Then-FBI director James Comey gave evidence at a hearing that there had been an “appropriate substitute” for the server. Special counsel Robert Mueller noted in his report extensive evidence of the analysis undertaken by the FBI and CrowdStrike.
But these theories have continued to circulate.
In 2019, Trump even referenced CrowdStrike in a leaked transcript of a call to Volodymyr Zelenskyy that appeared to support the conspiracy theory that there had been some sort of failure to provide the server.
“I would like you to do us a favour, though, because our country has been through a lot and Ukraine knows a lot about it,” Trump told Zelenskyy, according to the transcript published by the Washington Post.
“I would like you to find out what happened with this whole situation with Ukraine. They say CrowdStrike … I guess you have one of your wealthy people … The server, they say Ukraine has it.”
CrowdStrike apologises for impact
Many in the cybersecurity industry believe the company has done important work in keeping the world’s IT systems more secure.
US-based finance and security analysts Wedbush said in a report released on Friday, “Today CrowdStrike becomes a household name but not in a good way and this will take time to settle down but does not change our positive long term view of CrowdStrike or cyber security sector.”
But their remarkable success, and the reliance of so many institutions on them, is now raising some obvious questions about CrowdStrike’s dominance.
Like all cybersecurity services, they need to be updated. Hackers are constantly looking for exploits in systems that need to be patched.
It’s one of these updates that the company says is responsible for the meltdown.
Kurtz has released a statement explaining that it was caused by an overnight update to users of Windows-based devices of their Falcon sensor product.
“I want to sincerely apologise directly to all of you for today’s outage,” his statement read.
“We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”
CrowdStrike’s stock price plummeted more than 11 per cent after the incident.
For the many people in Australia and around the world who have missed a plane, a train or just couldn’t pay for their groceries because of the meltdown, CrowdStrike’s name will linger for some time.
Some IT experts are already questioning whether its massive chunk of the endpoint security market is itself a gaping vulnerability in the internet’s infrastructures.
The Wedbush report predicts the outage “could create opportunity for some competitive displacements, but this will take time to determine the path of CIOs and companies looking ahead and related legal actions related to this outage”.
The question analysts are still grappling with is: how and why could a seemingly minor update lead to such a catastrophic chain of events across the world?
Posted , updated