Crowdstrike: Cashing in on a scam
Maybe you saw this recent headline.
The Democratic National Committee famously "rebuffed" a request from the FBI to examine its email server after it was allegedly hacked by Russia during the 2016 election.
You probably remember that, but you've probably forgotten this.
TYT can report that at the same time CrowdStrike was working on behalf of the DNC, the company was also under contract with the FBI for unspecified technical services. According to a US federal government spending database, CrowdStrike’s “period of performance” on behalf of the FBI was between July 2015 and July 2016. CrowdStrike’s findings regarding the DNC server breach — which continue to this day to be cited as authoritative by everyone from former FBI Director James Comey, to NBC anchor Megyn Kelly — were issued in June 2016, when the contract was still active.
OK. Nothing suspicious here. Just a harmless coincidence. NOT!
Do private companies normally withhold access from the FBI to a crime scene, when that company already contracts with the FBI?
What would be their motivation?
Ignoring that for a moment, look at how competent Crowdstrike is since the DNC hack.
The National Republican Congressional Committee was hacked during the 2018 election after hiring CrowdStrike, the cyber-firm that the Democratic National Committee employed that allowed DNC emails to be stolen even after the 2016 hack was detected.
The emails of four top NRCC officials were stolen in a major hack that was detected in April — eight months ago, Politico reported Tuesday.
So in the past three years Crowdstrike:
a) detected the DNC server hack, but failed to stop it
b) falsely accused the Russians of hacking Ukrainian artillery
c) failed to prevent the NRCC from being hacked, eventhough that was why they were hired
In other words, Crowdstrike is really bad at their job.
In addition, Crowdstrike is really bad at business too.
CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million, and negative free cash flow of roughly $59 million.
So what does a cybersecurity company that is hemorrhaging money and can't protect it's clients do?
It does an IPO.
It just goes to show that "getting it right" is not the same thing as "doing a good job."
If you tell the right people what they want to hear, the money will take care of itself.