A recent global IT outage caused by a faulty CrowdStrike update has sparked renewed scrutiny of the cybersecurity firm’s dominant market position and its controversial role in the 2016 Democratic National Committee (DNC) hacking investigation.
The incident, which affected clients worldwide, including airlines, trains, banks, and broadcasters, highlights the far-reaching consequences of a single point of failure in the interconnected global IT infrastructure. The extent of the damage is unclear, but reports suggest the issue is widespread, spanning Asia, Europe, and the United States.
The concentration of power within the cybersecurity industry has also come under the spotlight. According to SecurityScorecard, just 15 companies account for 62 percent of the market in cybersecurity products and services. In the modern endpoint security sector, three companies, including Microsoft and CrowdStrike, controlled half the market last year.
The outage has reignited discussions about CrowdStrike’s prominent role in the investigation of the alleged Russian hacking of the DNC during the 2016 presidential election. The company, founded by George Kurtz and Dmitri Alperovitch, was contracted by the DNC to investigate the suspected breach of its computer systems. CrowdStrike’s findings, which attributed the hack to Russian state actors, became a cornerstone of subsequent investigations into foreign interference in the election process.
However, details about CrowdStrike’s financing and connections have raised questions about potential conflicts of interest. In 2015, the company received a significant $100 million investment led by Google Capital, now known as CapitalG. This connection is notable given Eric Schmidt’s support for Hillary Clinton and his long-time donations to the Democratic Party.
The relationship between CrowdStrike and the FBI during the DNC hack investigation has also come under scrutiny. According to a senior law enforcement official, the DNC “rebuffed” the FBI’s request to directly examine its servers after the alleged hacking. Instead, the FBI relied on CrowdStrike’s assessment that Russian agents were likely responsible for the breach.
The controversy surrounding CrowdStrike’s role in the investigation has led to questions about the thoroughness of the investigation and the reliance on third-party assessments in high-profile cybersecurity cases. The company’s co-founder, Dmitri Alperovitch, a Russian expatriate, has been central to the company’s findings. According to an Esquire profile, Alperovitch discovered the alleged Russian breach when one of his analysts installed proprietary software on the DNC’s system.
