04.05.2023 | By: Sid Trivedi
Last month, amid the chaos of Silicon Valley Bank’s collapse, my friend Dmitri Alperovitch and I found ourselves preparing to take the stage at SXSW. Our topic was another mounting, yet rarely discussed, threat: digital warfare.
As the cofounder of CrowdStrike, one of the world’s most valuable cybersecurity companies, Dmitri has been fighting off the digital bad guys for two decades. He is considered by many to be one of the world’s greatest hackers and has been called on by some of the largest companies and countries to investigate the most consequential cybersecurity breaches of our time, including the Russian hack of the Democratic National Committee in 2016 and the sweeping Chinese cyberespionage operations of the mid-2000s and 2010s. He is also the cofounder of the Silverado Policy Accelerator and currently serves as an advisor to the Department of Homeland Security, the Defending Digital Democracy Project at Harvard, and prominent CEOs.
We spoke in Austin in front of a standing-room-only crowd of 500+ attendees. And our hour-long SXSW conversation covered a range of topics, from Russia’s current invasion of Ukraine to China’s imminent (according to Dmitri) invasion of Taiwan, from what national-security risk TikTok poses, to what it takes to build a massively valuable company. The discussion, in which Dmitri revealed some scary truths about the geopolitical climate and cyber threats, was, in a word, electrifying.
You can listen to the full conversation here:
SXSW | Digital Warfare With One of the Greatest Hackers, Mar 11, 2023
Or read excerpts from our conversation (lightly edited for clarity) below. Check it out and if you have any reactions or feedback, I’d love to know what you think. I lead early-stage investments in cybersecurity and IT infrastructure and am always eager to connect with builders and operators in the field. You can find me at strivedi@foundationcap@com.
Hello, everyone. We have a full room. Dmitri and I were joking how many people would attend a conversation on digital warfare. But thank you so much for coming out here.
I think they all think this is an [SVB] conversation.
Before companies like Facebook and LinkedIn were founded in the early 2000s, nobody was comfortable sharing their personal information online. And it’s estimated today that over five billion people use social media platforms. That’s two thirds of the world’s population and over 90 percent of total Internet users. Our world today is a digital world. And in this digital world, our digital property -— our money, our personal information, our assets — have to be protected just like our physical assets are protected in the physical world. And just like countries have physical armies, over the past decade they’ve also been building digital armies.
Thanks, everyone, for joining. My name is Sid Trivedi. I’m one of the partners at Foundation Capital. We’re an early-stage Silicon Valley-based Seed and Series A venture fund. And our goal is really to invest in the next generation of technology companies. These are companies like Netflix and Solana and Chegg and ForgeRock. I focus specifically on cybersecurity and IT infrastructure. This is something I’ve been doing for the past decade.
Today, I’m joined by my friend Dmitri Alperovitch, who happens to be one of the world’s greatest hackers. A little bit on Dmitri before we get started on questions. Dmitri’s the cofounder and executive chairman of Silverado Policy Accelerator. He’s also the cofounder and former CTO of CrowdStrike, which is one of the leading cybersecurity companies today. He’s also previously served as special advisor to the Department of Defense and was last year appointed by Homeland Security Secretary Alejandro Mayorkas to the prestigious Homeland Security Advisory Council. He happens to also be an active angel investor — I’ve been fortunate to have him on a couple of my companies as well — and an active startup board member.
Dmitri, let’s get started with Russia. Back in December of 2021, before any of us were even aware of what was going on, you went on Twitter and posted this tweet that we see on the screen. And you predicted, very accurately, that Russia would invade Ukraine later that winter. We just passed the one-year anniversary of that invasion. What do you predict is going to happen next?
Well, this war has really become a war of attrition on both sides. I also have a podcast on geopolitics, and we cover both the war in Ukraine as well as potential war in Taiwan and China, and related issues. In the last episode, we talked about how this has become the war of the mobilized on both sides because basically what has happened is that both sides, Russia and Ukraine, have suffered such horrific casualties among their experienced personnel that there’s virtually no one left.
Now you just have these newly mobilized people that go through maybe a couple of months of training that are being sent to the front, both on the Russian side and the Ukrainian side. And you just have a massive amount of attrition of both personnel, equipment. And one thing that has become very clear is that while this war was never existential for Russia, Putin has made it existential, and now he’s all in.
He has gambled his regime on it, his hold on power. As a result, he’s going to keep going for as long as he can. Obviously, for Ukraine it is an existential fight, and they have the same willpower to keep on fighting. So unfortunately, I think it’s going to continue on for quite some time. The way the fight is going, I think, will change because this level of intensity, no one can sustain. Both sides are running out of ammunition. They’re running out of mobilized personnel even. So they’ll probably have to do more mobilization waves. I think we should expect that this war will continue on for years, unfortunately.
And you don’t think there’s any end in sight or any significant change that we will see any time, whether that be this year or next year?
Well, so Russia launched its counter offense — or its offensive in February. It has been very underwhelming. And they will probably take one city, the city of Bakhmut where the fighting’s been going on since June. It was a city of about 70,000 people before the war, and now it’s a city of about 5,000, completely decimated, not really a strategic location. So they’ll be able to say that they got something, but it’s certainly not anywhere close to anything that they’ve been thinking about when they launched the war, which was a war of regime change, taking over Ukraine, and so forth.
Then probably next month Ukraine will launch its counteroffensive, and we’ll see what happens. It’s really hard to predict how these wars go. They’re most likely going to try to take some of the areas of the south that they’ve lost to the Russians since the war began. If they actually succeed, that could be a gamechanger. If they get all the way to the borders of Crimea, they can actually put Crimea at risk because it’s an isolated peninsula where you can destroy Russian logistics and have a lot of effects.
If they don’t, it’s going to be — I don’t want to say a stalemate because there’s going to be active fighting — but it’s going to get into this entrenched warfare that frankly looks a lot like World War I-style warfare. You have people sitting in trenches, shooting artillery at each other, in mud, in rain, in the cold, and taking numerous casualties.
Obviously, [this conversation is] on digital warfare. And probably the one major cyberattack that we know of that was connected with this Russia-Ukraine conflict was this attack on Viasat, which happened an hour before the Russians invaded Ukraine. Maybe talk a little bit about what happened there and why it matters.
So overall, a lot of people I think were quite surprised by the underperformance of the Russian military, not just on the battlefield itself but also in cyber because, certainly, they’ve been one of the top cyber threat actors for decades. They were one of the first ones to really weaponize cyber in the late ’80s, have used it consistently through the ’90s, 2000s, 2010s, launched a lot of historic cyberattacks on the West and America in particular.
And they’ve done some of that in Ukraine. Most of it has not been very successful. But this one attack on Viasat is probably the most successful cyberattack in history in terms of its effects. So Viasat is a commercial satellite provider. It’s an American company that basically provides satellites for communications all over the world. They had purchased, a couple of years ago, a European company that was focused on satellite coverage in Eastern Europe, and they had a lot of customers in Eastern Europe, including Ukraine.
And what the Russians were able to do, their military intelligence service to GRU, is they hacked into Viasat. They were able to deploy an update to all the modems that were connected to one particular satellite spot beam covering Ukraine, and essentially [brick] those modems. [They sent] actually not even a technically very sophisticated update. It did the equivalent of getting on the device and deleting every file on the device and making sure that you could no longer boot the system. So you would have to either get new modems from Viasat or send it in and have them reflash the firmware to make it operational again.
And because they timed it with the invasion, the effect was really dramatic because they were able to disable Ukrainian communications that were using satellites. Now luckily for the Ukrainians, they weren’t just relying on satellites. They had landlines, as you can imagine. They had radio communications. But what the Russians did so effectively on that first day is they used electronic warfare to try to jam radio communications. They had kinetic strikes — missile strikes — targeting telecommunications infrastructure to take out landlines.
That had an effect of essentially blinding Ukrainians in those initial really crucial hours of the war. And we now know, as the reporting has gotten better about how those initial days unfolded, that the Ukrainians were effectively blind. They literally had to send runners to the frontlines to figure out what was going on to communicate with their troops. The Russians have done really terribly in this war in every respect. But in those initial hours, they were able to take about 30 percent of the country within 48 hours. And I think the fact that the Ukrainians were blind communications wise had a tremendous effect on it.
So it wasn’t the Viasat in and of itself, but as a contributor to this combined arms operation to blind Ukrainian communications using jamming techniques, using strikes against telecommunications infrastructure, I’m not sure in history you have anything that is equivalent where one side in a conflict can literally shut down all communications with the other side. An incredible coup, right?
Now unfortunately for the Russians and fortunately for the Ukrainians, they didn’t — they couldn’t take full advantage of that. Their offensive stalled. They got stuck on the outskirts of Kyiv, couldn’t follow through on the regime change, and then everything unfolded from there. By the way, that’s one of the lessons of the cyberattacks as well: the effects are fleeting. So one of the things that the Ukrainians were able to do very rapidly is restore their communications within a couple of days. Elon Musk, to his credit, helped a lot by sending out the Starlink terminal. Starlink, by the way, has become absolutely essential to this fight.
More than any weapons system, it has become the thing that everyone in Ukraine, every soldier in a platoon is using to communicate, not just with their peers and their command but they’re also using it to guide artillery, to correct artillery strikes, to do intelligence surveillance and reconnaissance operations to find Russian forces, and just become an incredibly powerful tool in this conflict. I’m not sure that Elon had anticipated that, and there’s been a lot of coverage of how he’s sort of saying, Wait a second, this is not a military tool, and I’m not necessarily signed up for providing weapons.
Nevertheless, the Ukrainians have adapted in part with Starlink and in part with other technologies as well. So it shows you the power of cyber but also its limitations, that this is not a tool that’s going to win wars, but if you use it in conjunction with other capabilities — and that’s the thing, and also the reason why the Russians failed in other cyberattacks that they’ve launched against Ukraine — is that they didn’t use it in a combined arms operation. Cyber is not an end to itself. It’s a tool, and it can achieve temporary effects, but you have to follow through on that in the physical world to actually get a strategic advantage over your adversary.
Yeah, this whole concept of human intelligence combined with digital intelligence and digital activity is so critical. I think that’s a great point that you mentioned. Do you think that we’re going to see more of these types of attacks happen as a result of the success of Viaset?
I do. And we’re going to talk about China later on as well, but I think it’s important not to assume that the future war is going to look like the current war in any scenario. But particularly in cyber, you do have, at the end of the day, pretty Soviet-style armies fighting each other on both sides. And they’re frankly not using very advanced weapons. I mean, they have tanks that were built in the ’60s and ’70s. And not only are they not network connected, they don’t even have chips in them. So your ability to impact the other side through cyber is highly limited. You have some ability to impact communications, but you can’t really target weapons systems in a significant way.
If you look at a potential conflict between the United States and China, for example, that’s a very, very different fight. Everyone is going to be using advanced weapons systems, like the F-35, like the [Aegis] destroyers — and those systems are highly network connected. You can actually impact their logistics. You can in some cases impact their operations with cyberattacks. So you have many more opportunities for cyber to achieve some effects on the battlefield directly in that type of conflict than I think either Russia or Ukraine can do in this fight.
Now despite the Viaset attack, which I think is very interesting in a whole number of areas that you’ve highlighted, we haven’t seen that much of cyber activity in this Russia-Ukraine conflict. Maybe talk a little bit about why we haven’t seen more happen here.
So there’s actually been a lot going on. Part of the problem we have is that we have a very one-sided view of this war. Russia’s not really talking a lot about the operations, either successful operations or ones that fail. And what you get from Ukraine — from the Ukrainian side is very one-sided. Obviously, they have an interest in putting out the best version that minimizes the impacts to them and showcases how well they do. So there’s a lot that we don’t know, and I think in the coming months and years we’ll learn a lot more about what actually happened both in cyber as well as in some of the battlefield operations as well.
But we do know that there’ve been dozens and dozens of cyberattacks that the Russians have launched, destructive attacks against Ukrainian energy infrastructure, against the Ukrainian financial sector, rail, telecommunications, and a variety of others. None of them have really been successful, as far as we can tell, in part because a) they’ve only been cyberattacks, so again, you’re not fusing cyber with physical, with satellite communications, with the full spectrum operations to achieve maximum effects.
And 2) one of the things that I think a lot of people underestimated is that Ukraine has had effectively eight years of experience dealing with destructive cyberattacks because the Russians have been pummeling them with these attacks since 2014 when the conflict first emerged, when Russia invaded Crimea and started the insurgency in the Donbas region of Ukraine. And they’ve had cyberattacks that have taken down the energy grid in part of Ukraine on two occasions in December of 2015 and then December of 2016.
They’ve had attacks on their financial sector. They’ve had one of the most destructive attacks in history called NotPetya that was targeted at most major companies in Ukraine. They were filing taxes online using the software called MeDoc’s in Ukraine that allows you to file your business taxes online. And that attack used the update channel for that software to release malware and destroy the network and actually spread well beyond Ukraine.
It was not very well designed to be self-contained because they didn’t appreciate that there were lots of contractors, including Western contractors who were working with Ukrainian companies, including Russian contractors as well. So the malware quickly jumped from Ukrainian networks into Russian networks, German networks, American networks; took down companies like Merck and Maersk in the West and actually had impacts even to Rosneft, the major Russian oil company, unintended effects.
But those attacks in combination have really trained the Ukrainians to have resiliency in how quickly they can rebuild networks. That’s something that I think a lot of people have underestimated, because if you’re dealing with those types of attacks day in and day out, you get really, really good at rebuilding systems, rebuilding networks. And it’s no longer a big deal to have an entire system go down as it might be if this is your first time.
So that’s what the Russians have found is that, yes, they’re having some tactical effects; yes, they’re able to turn off the lights for maybe 10-20 minutes in a particular region through cyberattack. But it goes back on —
It doesn’t matter. Yeah.
— right. And that resiliency I think also tells us a lot about the fact that cyber does not need to be an existential threat. Maybe SVB is an existential threat —
[Laughs] Yeah, unfortunately.
Dmitri: — but you can survive cyberattacks.
One more question on Russia, and I want to bring it back home to the U.S. Maybe a bunch of people know this, but for those who don’t, you aren’t any stranger to dealing with Russia yourself. In 2016 you were hired by and uncovered the significant breach of the Democratic National Committee by Russian intelligence, who stole pretty compromising emails on Hillary Clinton’s campaign via Wikileaks and pushed them to Wikileaks.
Just to clarify, there were actually a number of attacks / intrusions in 2016. So there was the hack of the DNC. The DNC is separate from the Hillary Clinton campaign.
I learned a lot about politics and how parties are structured. There was a separate hack of a personal email of John Podesta, who was working with the Hillary Clinton campaign, and those documents were leaked. And then there was another hack of the Democratic Congressional Committee, which works to elect members of the House of Representatives on the Democratic side, and they leaked information from there. So a lot of operations that all got conflated in the media. But yes.
But you were involved in figuring out what happened there. And certainly, you learned a whole bunch on what was going on there. The question I have for you is, if we look at 2023, where we are today, how significant do you think an impact on Russian intelligence having any sort of campaign — any sort of impact on the U.S. elections — how significant do you think that threat is as we look at 2024 and beyond?
I actually have a very contrarian view on this that might surprise people. So having been intimately involved in the 2016 investigations, I actually don’t think that they had that much of an effect, to be honest with you.
The reality is that I guarantee you almost no one in this room — maybe no one in this room has read a single email that was released in those hack and leak operations. There was really nothing of interest in those emails, just boring campaign stuff. Someone was not happy with Bernie Sanders. I mean, that happens with staffers on the campaign. So I think in the minds of people, it got conflated with the Hillary email server, which was totally separate, her private server and the FBI investigations around it. So there’s all that stuff happening that I think had some effect, maybe on people just not wanting to vote for her. But in terms of the hack and leak operation, I think we made — we in the U.S. and the media made way too much out of it and made the Russians look ten feet tall and, frankly, probably got a lot of people in Russian military intelligence, the GRU that was responsible for it, medals for something that really was a pretty basic operation that probably did not have that much of an effect on the election. Remember, there was a lot of stuff that was happening — an election; there was Comey, the FBI Director, coming out and doing the investigation saying Hillary Clinton has been vindicated — well, not vindicated but he’s not going to charge her, then saying, Well, we changed our minds and we’re going to investigate her.
There was so much going on aside from the issues themselves that to pin something on one element that was happening in 2016, I think, was a mistake and, frankly, I think the Democrats took advantage of it to say, Oh my God, we didn’t lose this campaign. The Russians made us lose this campaign. There was a lot of blame shifting that took place. But I think if you look at what happened afterwards, everyone was like, Oh my God, the 2018 election’s going to be messed with; 2020, 2022. We haven’t seen anything of the sort. Yeah, there’s some social media activity that barely anyone ever looks at, and ads that are being purchased on Facebook that a thousand people may have ever seen. Those are not the things that are going to change elections.
And by the way, the Russians are actually really, really bad at information operations. They don’t understand the West. They don’t even understand Ukraine. They’re launching a lot of information operations in Ukraine right now, and they don’t understand what content they need to put out. Like this one example, early in the war: they were trying to convince the Ukrainians that Russia was not the enemy, and they were trying to put out information that said that Poland was about to invade Ukraine.
Well, guess what? The Ukrainian people are looking at Russian tanks roll over the border, and they know that Poland is not the one they should worry about. So they’re good at information operations against their own population — we’re seeing that with the propaganda that they put out through their TV stations and other media outlets — and really getting most of the people in Russia, if not supporting this war, certainly being agnostic and not being against it.
But in terms of other populations, they just don’t know what even works. And they don’t have the reach that most people think they do. So I’m not a believer that misinformation and disinformation are the number one threat to democracy. There’s obviously a lot of polarization in our country, and people on the right don’t talk to people on the left. And those are real issues that I think are problematic. But blaming it all on Russia or other countries is giving them frankly too much credit.
Before we get into [audience] questions — and we do have two mics, one mic out here in the room if folks want to ask us questions — I do want to ask one hopefully lighter note question. This is a picture of you and the team at CrowdStrike ringing the bell on the Nasdaq back in 2019. In 2011 you teamed up with a former colleague George Kurtz, and you ended up founding CrowdStrike, which today has over two billion in annual recurring revenue, and over 20,000 customers. You’re an active angel investor yourself. You serve on a bunch of different startup boards. What do you think are the traits that define successful founders?
I think the key characteristic is perseverance. CrowdStrike was obviously very successful, became one of the largest cybersecurity companies, depending on the metric, maybe the largest, depending on the date and the markets. That was not a straight line. In fact, there were many days — almost every day that could have been existential for the company, so many threats from competitors, from other issues that would come up, time and time again. And your ability to have the backbone to fight through it, not to give up, no matter what is thrown at you, to keep on going, is so vital.
I mean, look at founders today dealing with [SVB] issues. Who right now wants to deal with the question of how do I make payroll, how do I access my money in a bank that I thought was completely safe, right? Life deals you lemons, make lemonade. And that is really, really vital. I see so many founders that just give up. I was working with one founder that had an amazing idea for a company that could have been easily worth tens of billions of dollars, ran into some personal issues at home. His mother died and had all kinds of issues with their kids and so forth. And he calls me one day and is like, “I’m just going to sell.” I’m like, “Dude, this can be billions of dollars and you’re selling for 25 million. You’re going to be returning money to investors, but it’s certainly not the outcome anyone would expect. Just stick with it. I get it. Everyone has problems.” He’s like, “I can’t.” So understanding who has the stamina to deal with personal issues, business issues, to keep on fighting no matter what is absolutely vital.
Honestly, more important than even that idea, a lot of founders I find get so protective of their idea, they think that only they have come up with it. Guess what? Fifty thousand people around the world probably had the same idea as you did. The difference between a successful founder and not are the people that are going to run with it and get the funding, build the team, execute on it, and succeed. Ideas are a dime a dozen. Finding a great team to build on it is not. So that’s really important.
The other thing that I think is really important is recruiting. I see so many people just settling and saying, “Well, this person is good enough, and they’ll work out for the first couple of years.” The first couple of years are just so essential to a company, you’ve got to go after the best people. I mean, this is the one thing that I think was a huge differentiator for us is that I insisted on, against our board actually — they kept telling me in every board meeting, What are you doing? This is nuts! — I insisted on us being a completely remote company. And this was 2011, when we got started, completely unheard of, before Zoom was around, or maybe it was around but no one’s using it yet. And I’m like, I want to hire the best people, wherever they are. I don’t want to be limited by geography. I don’t want to be limited by country. I want to hire people in Germany. I want to hire people in Australia. I want to hire people in suburbs or Wisconsin, everywhere. And we basically built a distributed company with incredible talent. And that made all the difference.
So many startups, I think, limit themselves geographically, get comfortable with, well, let me hire my friend; I’m comfortable with him or her. Maybe they’re not the best, but it’s a good click. And you’ve got to shoot for the stars. It’s absolutely essential.
I completely agree. I think the trait I continuously highlight is this point around relentlessness, which is really just never giving up but, more importantly, doing whatever it takes to win. And whether that situation is you’re trying to close a customer, or you’re trying to deal with SVB and you’re trying to get your money out, or something else.
There’s an amazing New Yorker cartoon that I just absolutely love; I have a t-shirt with it. It’s a couple of dogs sitting at a bar — a lot of you may have seen it — and they say, “It’s not enough for us to win. Cats must also fail.” [Laughter] And I think that is the embodiment of my personality. We have Ilina in the audience who used to work with me at CrowdStrike for many years. She knows that I’m relentless about winning — and I’m relentless about destroying competitors. I want the children of the salespeople of my competitors to go hungry because their salespeople don’t meet quota. Not literally. I have nothing against kids. But you get my point. That competitive nature, that you have to win and everyone else has to lose, I think, is absolutely essential and is critical to success in building huge companies.
I think I’ve told you this, but I do remember one of my founders, who’s in a company that both Dmitri and I have invested in, said in a board meeting about closing a critical deal, “Sid, I’m either going to get a purchase order or a restraining order.” And that I think is what you want to see.
I think we have a whole bunch of questions, so let’s get started. Maybe if you could just say your name and the question.
Hi. I’m Richard, a journalist from Germany. To what extent do you see TikTok as being a threat? And if so, what kind of threat?
Look, I think China presents an existential threat to the United States in a whole slew of areas. Out of all the things that they’re doing to us with technologies like Huawei and with stealing intellectual property and so forth, TikTok is at the bottom of my list of concerns. I don’t mind us blocking it. I just don’t think it matters a great deal because if TikTok is used to manipulate content overtly by China, a) we’ll see it, b) we’ll be able to block it at that point. I actually think that TikTok has some productive use cases. I’ll tell you as someone who’s deeply involved in watching the Russian buildup on the border of Ukraine, TikTok was essential.
The fact that Russians were taking these videos of the mobilization of equipment and transferring that equipment to the border, gave us a really good view from an open source perspective that was unprecedented, about what Russia was trying to do and really was a big part of me deciding that this was a real war and not an exercise. So there are positive elements to it.
There are also some threats. We know that China has the ability — or TikTok has the ability to collect information from the device, track locations and so forth. I’m not thrilled about government officials having TikTok on their phone, and Congress just passed a bill last year banning that. So I think that’s fine.
Again, I’m not opposed to a ban. I just don’t think out of all the things we’re concerned about with China that it meets the threshold. And I think sometimes people jump on it in D.C. like, We’re doing something against China; we’re going to ban TikTok! It’s not going to solve a whole lot.
Hi. My name is Mike Ronan. I’m a reporter based here in Austin. Thanks very much, Dmitri and Sid. It’s extremely intellectually stimulating. And I’m particularly interested in your contrarian view on the 2016 election. My understanding is that Russia has an extremely sophisticated understanding of the West and our country in particular and that its bot and troll farms were able to sow discord on issues such as race, gun control, abortion, and other polarizing issues. And one could posit that Russia defeated the United States in a war without firing a shot because we elected a wannabe despot, and now we don’t believe in our own elections and the validity of those elections.
So I’m not going to get into the politics, but I’ll just say that Russia did not elect Donald Trump. Americans elected Donald Trump, and I think we have to recognize that, whether you like that or not. But Russia did not change votes. I believe that both the 2016 elections were secure, as I believe the 2020 elections were secure. That probably makes both sides mad at me, but that is just factually correct.
And in terms of Russian influence operations, look, they amplified stuff that was already there. A lot of it was just being put out by folks on the right. Sometimes they amplify folks from the left as well to try to sow discord. They don’t know what actually works. They just try to throw stuff at the wall, and a lot of it is just domestic propaganda that is being pushed out by various actors in the political sphere that they just retweet through bot farms, that they make fake ads about, et cetera.
I just don’t think that that is the root cause of our polarization. I think we have polarization that they’re trying to amplify. But I think it’s a copout to say our problem is Russia in this sphere. Look, I’m no fan of Russia. The Russian government, Vladimir Putin, personally sanctioned me in November of last year. So I’m certainly not someone who’s an appeaser of Russia. I just think we have to be realistic about the threat. And on this stuff, we have to look inside at our own populations versus blaming some external third party.
Good evening. Great presentation. Thank you so much. My name is Loyzan from Brazil. I’m actually covering [Unintelligible] for CNN in Brazil. We’ve seen business escalate from our ability to distribute technology or content has grown substantially. Do you believe something like that might happen with [sort of] warfare, with people attacking people, so that we can — I mean, it’s not government attacking citizens but citizens attacking each other or maybe attackers from one country attacking other countries?
Well, we have a lot of that going on, right? We have criminal groups. We have vigilante groups. One of the most dangerous groups out there is a group called — in the cyberworld there’s a group called Lapsus$. I’m actually a member of something called the Cyber Safety Review Board, which is a new organization that the U.S. government stood up as sort of the equivalent of the National Transportation Safety Board that is tasked with investigating cyber incidents, like NTSB investigates airplane crashes and what not.
And we’re doing an investigation right now into Lapsus$. This is a group of essentially teenagers, not nation-states, in countries like Latin America, like Brazil, and some Western countries, [well], UK, et cetera that are breaking into major companies, huge companies, Fortune 500 companies stealing their data. So it doesn’t have to be a nation-state. It doesn’t have to be a super sophisticated threat actor. They’re not even technically sophisticated. But what they’re really, really good at is social engineering, being able to call someone up, pretend to be a member of their company, get access, and steal data. So not every attack needs to be sophisticated to succeed. In fact, most aren’t.
Hi, Dmitri. My name is Rahil. Great presentation, by the way. I’m a senior analyst. And one thing that’s been on my mind is that there’s been a recent derailment in East Palestine, and it’s been all over the news. And even though that wasn’t necessarily a cyberattack, I’m thinking about the vulnerability of utilities and rail and what not. So my question to you is, within the CrowdStrike threat adversary universe, like Fancy Bear and all that, what do you see is the biggest threat to utilities and rail in 2023, if you could name like one or two off the top of your head?
So Russia does have the ability to attack the industrial control systems. And I’m on the board of a company called Dragos that is a leader in industrial control systems security. And we look a lot at Russia in particular. They’re one of the most advanced actors outside of Western countries that also have a lot of capabilities in this space. Looking at the threat actors that we care about, Russia’s at the top of the list. They’ve demonstrated capability on several occasions. There’s a case in 2017 where they targeted a Saudi Arabian refinery system and were able to disable the safety system. And if the attack had fully gone through, it could have caused an explosion and killed potentially a dozen people at that refinery. Luckily, it was stopped in time.
So the capabilities certainly exist to cause damage through cyberattacks, and Russia does have that capability. It’s an interesting question. The one prediction I got wrong in this war is that I assumed that Russia would retaliate against America and Europe for the sanctions that we put in place on them as the result of the invasion. So far, they haven’t done that. I don’t think it means that they’ll never do it. Right now, they’re a little bit busy in this quagmire in Ukraine. But at some point, I think they may lash out, and cyber is a great asymmetric tool for them to indicate we’re fed up with all the weapons you’re sending to Ukraine and we can hurt you, too. So that possibility exists. I think right now, they’re actually very much afraid of escalation. And given that half of the Russian military is destroyed in Ukraine, the last thing they want is a conflict with NATO. But at some point, if things start going the wrong way for them and they think that American weapons and European weapons are a key factor in that, they may lash out.
You should also mention that sometimes it’s a secondary impact, right? Like the Viasat attack actually did impact a whole bunch of I believe it was wind turbines in Germany.
That’s right. So a lot of infrastructure these days is remotely controlled. And one of the ways you can control something remotely where you may not have a [fise] line or other communications going to it from a wire perspective is through satellite communications. So one of the accidental impacts of Viasat is they took a bunch of turbines offline. They were still operational, but they couldn’t remote into that and manage them.
You guys have mentioned SVB a couple of times, and it happened so quickly where a couple of VCs told their portcos that you need to move your money out of SVB. A couple of people sent some messages on Telegram, and that spread like wildfire. We’re now very interconnected from a social perspective, which adds some fragility into the system. I’m curious on your perspective, is there a lot more fragility from a social perspective for people to spread fear quickly and how that could cause potential bank runs to spread much more quickly than they ever have because of the interconnectedness? And is there any existential threat that that fragility poses right now in the financial system, given what we’ve seen over the last like 48-72 hours of how quickly people can withdraw funds, especially since all banks are digital now?
Yeah. Look, I think we spent a lot of time working the SVB issue over the last 48 hours. I’ve gotten little sleep because of that. But I think it’s a unique case where you have this bank that mostly caters to startups with venture capitalist investors on their board. One venture capitalist says we’ve got to pull money out. Everyone else immediately calls their companies and it spreads like wildfire because of that tight-knit community and the unique dynamics there. I’m not sure applies to other sectors as easily.
And look, Matt Levine, the Bloomberg columnist, had a great newsletter yesterday on this that there’s no more herd-like mentality anywhere in society like there is in venture capital. Everyone follows each other, and here’s something and immediately everyone runs after it. That I think caused unique problems with SVB. But you’re absolutely right that social media has helped amplify it.
Everything is faster these days, right? Innovation is faster. The way we create companies. CrowdStrike was one of the fastest. It may have been actually the fastest company to reach a hundred million dollars in enterprise software ever. Our whole society now runs at such a speed that it has both positive effects and negative effects. And this is clearly one of the negatives.
I think that’s our cue to end our session. Thank you, everyone, for joining us. And thank you, Dmitri, for coming out.
Thanks so much.
Published on 04.05.2023
Written by Sid Trivedi