What is CrowdStrike and why is it part of whistleblower complaint?
The cybersecurity company CrowdStrike, which has been at the center of false conspiracy theories since 2016, is once again in focus after a White House transcript published on Wednesday revealed President Donald Trump brought it up in his July call with Ukrainian President Volodymyr Zelensky.
In a complaint released on Thursday by the intelligence community, a whistleblower expressed confusion about Trump’s references to the company.
What is Crowdstrike?
Founded in 2011, Crowdstrike sells its “Falcon” cybersecurity software to big corporations and government clients, including major global banks, healthcare and energy companies, according to the company. Among its customers are Goldman Sachs, Amazon Web Services, MIT and various US states and cities. Crowdstrike says Falcon protects files saved in the cloud.
The company also helps run cybersecurity investigations for the US government. For example, Crowdstrike has tracked North Korean hackers for more than a decade, the company says. It also was tasked with tracking the hacking groups that carried out the 2014 hack on Sony Pictures.
Crowdstrike gained notoriety in 2016 when the Democratic National Committee paid the company to investigate a hack of its server, which it determined emanated from Russia. The company was the first to publicly sound the alarm about Russia’s interference in the 2016 election and CrowdStrike’s assessment was later confirmed by US intelligence agencies.
Crowdstrike recently went public and brought in $108 million in sales during the most recent quarter. It has a market valuation of $14 billion.
Why is Trump talking about Crowdstrike?
According to the transcript released by the White House, Trump said to Zelensky: “I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike … I guess you have one of your wealthy people…The server, they say Ukraine has it.” (A senior White House official said the rough transcript, was developed with assistance from voice recognition software along with note takers and experts listening. The ellipses are in the White House document.)
In a footnote to his complaint, the whistleblower wrote: “I do not know why the President associates these servers with Ukraine.” The whistleblower added that Trump had previously connected the DNC server to Ukraine in television interviews.
Trump’s interest in CrowdStrike and the DNC server, more than three years after the hacks, is part of a larger effort to undermine the notion that Russia meddled in the 2016 election to help him win.
But conspiracy theories have swelled around CrowdStrike and how it handled the investigation.
Some have latched onto the fact that the FBI, when investigating the hack, looked at CrowdStrike’s “imaged” servers — a direct copy — rather than physically taking the servers themselves. But that’s the FBI’s official guidance or investigating cybercrime — it’s faster and it doesn’t require the victim to completely halt their operations while the FBI takes months, or possibly years, to return those servers.
Former FBI director James Comey, who led the early phases of the Russia investigation, testified in 2017 that it would have been better if the DNC gave the servers to the FBI, but the FBI was able to get the forensic information it needed from CrowdStrike. Mueller later brought detailed criminal charges against Russian hackers for their involvement in the hacks.
False claim CrowdStrike’s founder is Ukrainian
Others have falsely claimed that CrowdStrike blamed Russia because Dmitri Alperovitch, its cofounder and CTO, is Ukrainian. Trump appeared to be alluding this when he referred to “one of your wealthy people” on the call with Zelensky and the President echoed the false claim in a 2017 interview with the Associated Press saying of CrowdStrike that “I heard it’s owned by a very rich Ukrainian, that’s what I heard.”
Alperovitch is a Russian-born US citizen.
Some employees who work at CrowdStrike have privately said that they found the President’s mention of their company ridiculous and funny. But both the DNC and CrowdStrike have issued formal statements plainly rebutting the conspiracy theory.
“This is complete nonsense. Trump still hasn’t accepted that Russia interfered in our election, and instead, is using a call with a foreign leader to push conspiracy theories. This is surreal,” DNC Communications Director Xochitl Hinojosa said Wednesday.
In a statement Wednesday, CrowdStrike said, “With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI. As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community.”
Despite Trump’s suspicions, major Republican political campaigns seem to have no qualms about using the firm, which is widely respected and has also been engaged by Democrats as well as global banks, healthcare and energy companies.
After the National Republican Congressional Committee (NRCC) email system was hacked during the 2018 midterm election cycle, exposing the GOP’s House campaign arm to an intrusion by an “unknown entity,” the National Republican Congressional Committee alerted CrowdStrike, according to a Republican official.
The NRCC paid CrowdStrike $40,000 as recently as June 2019 and the National Republican Senatorial Committee paid the company more than $17,000 in 2018, according to FEC data.
CNN’s Marshall Cohen, Daniel Dale and Clare Duffy contributed to this report.