Would like to verify if symantec already have signature for UNITEDRAKE malware?
Sometime in the middle of last year, the office of Mr George Kurtz, chief executive of the cyber-security firm CrowdStrike, took a call from a person who identified himself as a lawyer for the Democratic National Committee (DNC) in the United States.
The ruling party in the US at the time feared that its computer system had been penetrated by a hostile force to leak unfavourable information, and needed to know who was behind it.
CrowdStrike, which is based in Silicon Valley, sent down a team armed with its proprietary Falcon diagnostic software, based on algorithms.Within no time it was obvious that the DNC’s fears were well-founded.
In the world of hackers and cyber warriors, a good analyst is able to read the prints of an intruder as surely as a gypsy reads patrins – a kind of signpost- along a mountain trail. The attack mode, the key strokes and passwords attempted all pointed in one direction: the intruders were Russian intelligence groups.
And just like typhoons are named, there is a method by which hackers are known. A Chinese attack is a panda thrust, a Russian one a bear. This one, because of its origin, came to be called fancy bear, a play on the Julio Iglesias meme So You Think You Are Fancy.
“The DNC asked us to go public with it, so we put out a blog post on it,” Mr Kurtz told me recently.
“The rest is history.”
For Mr Kurtz and his fast-growing team – CrowdStrike adds between 40 and 50 key executives every quarter – this was all in a day’s work. Fast-spreading computerisation and artificial intelligence are making computers ever more powerful.
At the same time, an array of baddies – from state-sponsored hackers to amateur experts – are breaking into computer systems, sometimes to steal money, sometimes commercial secrets, and, who knows, to further a terrorist cause. To stand in their way is the mission of people like Mr Kurtz.
In Singapore recently to attend a conference on cyber security, the 46-year-old former chief technology officer of antivirus firm McAfee told me the story of his rise as one of the top cyber-security experts worldwide, not to mention, being a best-selling author.
As a 10-year-old growing up in New Jersey, he’d been given his first computer, a Texas Instruments 99/4A machine. A geeky kid who had his own bolt and board, as he puts it, he started to code around the same time. Mr Kurtz would have liked to stay with his hobby as he entered college, except that mainframe computers were not too exciting as a study subject.
Fast facts on…
Mr George Kurtz is president, founder and CEO of CrowdStrike. He is 46 years old, married and the father of two children, aged 16 and 19.
Earlier, he was worldwide chief technology officer and executive vice-president at McAfee. Prior to that, he was founder and CEO of Foundstone, a cyber-security firm. He began his career with PriceWaterhouse and also worked for Ernst & Young.
Mr Kurtz was born in New Jersey and educated at Seton Hall University.
CrowdStrike, based in Silicon Valley, California, is a modern security technology company focused on creating next generation endpoint technology delivered from the cloud.
Mr Kurtz and co-founder Dmitri Alperovitch started it in 2011 to fix a fundamental problem: the sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be resolved with existing malware-based defences.
So, he went for an accountancy degree from Seton Hall University and thereafter, got a job with PriceWaterhouse in their accounting and management consultancy practice.
“Pretty soon, they realised I had a knack for computers, so I became the fifth person in PW worldwide when they set up their security group in 1993,” he says.
During his seven years at PriceWaterhouse, and later, at Ernst & Young, Mr Kurtz developed a series of methodologies around the nascent concept of penetration testing, whereby clients paid consultants to check for holes in their computer security systems.
Most of the work at the time centred around dial-up modems since the Internet, as a commercial vehicle, was just rising, and the first firewalls were being erected.
Given charge of developing protocols for Internet security, Mr Kurtz says he developed much of it on his own. He also took a bunch of courses at New York University and looked at various methodologies.
All this provided the underpinnings for Hacking Exposed, a book he published in 1999 with co-authors Stuart McClure and Joel Scambray.
Some experts worried that he had given away too much in the book but Mr Kurtz argued that if this knowledge was already available to a few, it made no sense to be quiet about it. Better to put the knowledge out, so the world is better prepared for their attacks, he argued. Hacking Exposed, which was translated into more than 30 languages, sold more than 600,000 copies.
It was a matter of time before Mr Kurtz started his own company. Thus was Foundstone born in 1999, with a mission to programmatically identify vulnerabilities across networks. When Foundstone was bought by McAfee in 2004, Mr Kurtz found himself an employee of one of the world’s most famous computer security firms.
Explaining the decision to sell Foundstone, the first firm he started, Mr Kurtz says it was not an easy one. Still, he went along with the wishes of the venture capital firms that had been his early investors.
“It was a 1999 fund that had invested in Foundstone,” he says. “If you looked at the carnage tech stocks suffered around 2001, we were one of the companies in their portfolio that was worth anything. So, they wanted to get some money and raise another fund. It all worked out, finally, and it was a good deal at the time.”
Although he was running a couple of business units within McAfee, the call to entrepreneurship continued to beckon. Silicon Valley firms called, offering CEO positions.
At one point, Mr Kurtz went to McAfee chief executive Dave DeWalt and presented his thoughts, saying he wanted to break away and start something small so he could once again run a business.
Instead, Mr DeWalt offered him the job of chief technology officer.
“I turned it down twice,” says Mr Kurtz. “But the third time, I took it. It turned out to be one of those wise decisions. Sitting on top of the entire portfolio gave me a much better picture of the entire antivirus industry. I did that role for a number of years before the business was sold to Intel and by then, I had a much greater appreciation of the limitations of the traditional antivirus and signature updates model.”
Constantly on the move – he says he travelled more than 480,000km in his last year at McAfee – he credits the endpoint security model of CrowdStrike to an epiphany he experienced on an American Airlines flight. A fellow passenger in business class had switched on his computer and while it was booting up, began to chat with the cabin attendant and started arranging his papers.
From where he was sitting, Mr Kurtz could see that a McAfee program was at work, and it took a full 15 minutes before the machine was ready for use. As McAfee’s chief technology officer, he felt sorry for the other man and felt he deserved a better, faster product.
At the time, the broader market was marked by attacks on companies termed advance business threats. Some of them were mounted by nations, and Mr Kurtz and his colleague Dmitri Alperovitch investigated many. But success in cracking cases often depended on whether there was a pre-existing digital fingerprint as a reference point. What if the enemy was creating malware that had never been seen before?
“When I looked at that, I saw a better way forward to create a cloud-based platform using technology that goes beyond signatures,” he says. “Why shouldn’t we do more to be the next wave of endpoint technology in the cloud – for the platform to be running smoothly but all the clunky stuff and the central processing unit cycle offloaded to the cloud for higher efficiency?”
The situation offered him an opportunity to write on a clean slate and thus began CrowdStrike.
Rapid in speech, and not unafraid to criticise a rival, he says he wanted to be rid of the “on-premise Siebel experience” and wanted CrowdStrike to be more like cloud-computing firm Salesforce, a firm founded in 1999 that today commands a market value of US$65 billion (S$88 billion).
And yes, it is easier the second time around. When starting Foundstone in New Jersey, he and his team of six slept on cheap mattresses in a New Jersey home, to save on hotel rooms. That was before they won a contract from Microsoft and moved all the way across America to Seattle. With CrowdStrike, though, raising money was a lot easier since the team now had a track record.
“Someone wanted to invest US$75 million in Foundstone but the timing didn’t work out. So, every year they would call me and say ‘Hey, are you ready to do something else? We really want to back you’.
“The seventh year they called, I said I have a great idea and let me tell you about it.”
Mr Kurtz says he put together a 25-slide presentation and, in no time at all, had a US$25 million investment in his hands. The team joked that he should have made 30 slides. Putting some of their own money as well into the venture, CrowdStrike was on its way.
I asked him to describe a typical hacking encounter and he talks about tackling a Chinese attempt to infiltrate a client’s intellectual property. CrowdStrike was protecting the client’s corporate network but not the customer network. The latter came under continuous attack, and the hackers sought to penetrate the corporate using the customer network route.
“We could track their every move. Initially, they didn’t realise we were there but they figured it out. It was like a bank robbery, with a very small window of opportunity,” says Mr Kurtz.
“Once they got in, it was like a shift change, and they quickly called the boss in. Suddenly, it was like Liberace playing the piano. You can tell when someone knows his way around a computer.”
Hackers typically work to a pattern – “same getaway car, same gun, just a little change of approach here and there. But sometimes you sit back and say ‘Wow, that was really innovative'”.
Mr Kurtz calculates that some 30 nations today have “offensive capabilities” in cyber warfare. China leads the field, and many of its “sleeper” cells lie dormant for years, and become company insiders before they are activated.
The pickings from hacking are huge, especially in matters of intellectual property. Look at the US Joint Strike Fighter, he says. The Chinese version is near-identical to it and that did not happen by accident.
Could you not strike back in equal measure?
“That is for governments to do,” he says.
With CrowdStrike’s turnover soaring to “hundreds of millions” and doubling every year, and an employee strength of 700, Mr Kurtz says he is ready for a share sale. That could happen next year.
Meanwhile, aside from building CrowdStrike, he is having fun racing a McLaren 570 in the Pirelli World Challenge.
“The McLaren is a rolling computer. My only regret is that I didn’t get into racing 10 years ago,” says the father of two. “If you are last, everybody knows it!”