B (4:18)

This is a message from sponsor Intuit TurboTax tax deadline looming and you're stuck in the dark. We've all been there. Sending documents to a tax pro, then playing the waiting game, constantly checking for updates that seem to never come soon enough. TurboTax changes that match with a TurboTax full service expert and get unlimited support on your taxes at no extra cost, even during evenings and weekends throughout tax season. Simply upload your documents and watch your return progress in real time while you focus on what matters to you. TurboTax experts work to maximize your refund, ensuring you get every dollar you deserve. No more chasing updates or wondering if everything's on track. With TurboTax Expert full service, you'll have the confidence of knowing exactly where your taxes stand every step of the way. Real Time Updates Only an iOS mobile app now this is Taxes Intuit TurboTax. Visit TurboTax.com to match with your expert today.

A (5:21)

From wondery. I'm david brown and this is business wolves.

B (5:42)

Foreign.

A (5:48)

If you're anything like me, flying can be a somewhat stressful experience. It's a lot to think about. Will I get to the airport on time? Do I have my passport? Do all my liquids meet TSA's requirements? But you know, here's something you probably never worried about. A routine software update grounding your flight and stranding you in an airport for days. Well, add that to the list, because in 2024, that's exactly what happened to more than a million passengers around the world. The company behind that disaster was CrowdStrike they launched in 2011 with a bold idea. Instead of using traditional antivirus software, they would build a cybersecurity company entirely around the cloud. This would give them real time control over their client systems without forcing companies to constantly install and update software themselves. And instead of just blocking known viruses, CrowdStrike would take a more proactive approach. They would closely track how elite hackers operate and push frequent updates to their customers, staying one step ahead of potential attackers. Within just a few years of their founding, CrowdStrike's groundbreaking approach paid off. The company attracted big name investors and clients. But eventually, the very approach that made CrowdStrike so powerful exposed a dangerous flaw. And when that weakness finally surfaced, the consequences were catastrophic. Not just for airports, but for countless critical systems around the world. This is episode one guarding the cloud foreign it's 1999, and George Kurtz is sitting at his desk at the accounting firm Ernst and young. He's 29 years old and one of the youngest senior managers of the company, but he's ambitious and ready for more. On paper, Kurtz has done everything right. He earned an accounting degree from Seton hall and taught himself computer programming. After College, he joined PricewaterhouseCoopers, where he gravitated toward a new discipline most people barely CyberSecurity. And in 1993, he became the fifth person to join PwC's security team. He worked hard and learned fast, spending much of his time creating innovative security solutions for Internet connected systems. In 1997, he jumped to Ernst and Young, where he oversaw security work for E Commerce systems. But even with all of these accomplishments, Ernst and Young told Kurtz that he's too young to move up to Parker, and Kurtz is already feeling unfulfilled at work. He stares at his computer screen and he knows he should get back to work. But instead he makes a decision. It's time to strike out on his own. So Kurtz leaves Ernst and Young, walking away from a guaranteed salary, benefits, and prestige. In October 1999, he teams up with some former colleagues to start a new company. They call it Foundstone, and the early days are brutal. Kurtz doesn't pay himself for more than six months. He sleeps on a bare mattress on the floor of one co founder's house. Days blur into nights as the team hustles for clients, pitching companies on their vision, combining enterprise security software with advisory services. Their pitch is that they don't just give advice. They also provide software that continuously manages and tracks security vulnerabilities. Word starts to spread, and eventually foundstone takes off. And Curt's bet on himself pays off. In 2004, antivirus giant McAfee comes calling. They want Foundstone, and they're willing to pay $86 million for it. For Kurtz, it's a massive win. And then comes the twist. McAfee wants him, too. They offer him a top worldwide chief technology officer. Kurtz actually turns down the job twice before finally saying yes. Once there, Kurtz realizes the cybersecurity industry is stuck in the past. The biggest names are using outdated software, pushing slow, infrequent updates to machines that are likely already compromised. By the time help arrives. Everything is reactive and installed locally. To Kurtz, this approach feels antiquated. He starts to wonder how cybersecurity could look different if. If it didn't need to live on individual machines. And eventually, the itch to break out on his own returns. Once again, he's ready to leave stability behind and bet on himself. But this time, he's not just starting a company. He's coming for an entire industry. It's around 2011, and George Kurtz is sitting with a colleague, Dmitri Alperovich, in a quiet Silicon Valley lounge. Alperovich is in his early 30s and joined McAfee a little over two years ago as their vice president of threat research, but he's been interested in cybersecurity since he was a kid. Between them, the two men have decades of experience fighting cyber attacks. They also share a growing sense that current methods aren't working. Their conversation starts where it often does, with frustration. Alperovich goes first. Every breach we investigate looks different on the surface, but underneath is the same story. We're chasing malware after the fact. Kurtz chimes in. And meanwhile, customers are drowning in tools. One agent for this, another console for that. None of them are talking to each other. They've both seen the issues firsthand. Companies spending millions on security and still getting hacked. Alperovich continues his rant, yeah, the attackers aren't slowing down either. They're organized. They share intelligence. But defenders are still operating in silos. Kurtz nods his head vigorously and interjects, which is backwards. Defense should get smarter because of every attack, not reset to zero every time. Kurtz comment lands with Alperovich, who nods. Kurtz continues, hey, what if endpoint security worked the same way attackers do? One view, one stream of data. Intelligence built in from the start. You know what I mean? The two men start talking faster, building on each other's thoughts. Yeah, collected once and reused everywhere. Single agent cloud based always on and a unified data layer. So detection, response, threat hunting. They're all drawing from the same source. Kurtz grabs a pen and slides a napkin between them. They sketch out boxes, arrows and flows of data. Years of experience distilled into something simpler. Kurtz continues. If you build it in the cloud, you can move faster than the attackers. Updates can be pushed instantly and globally. The two men sit back and look at what they've drawn. It's not a finished product, not even a business plan. But it's a philosophy, one shaped by everything they've seen go wrong in cybersecurity. You know, what is it about new business ideas and napkins, huh? If you've ever started anything with another person, a company, a food truck, even a simple side hustle, you know, the hardest part isn't the idea, it's the fit. A good partner doesn't just agree with you. There's a kind of give and take that makes the idea sharper. That's what most of these over the napkin moments are really about, right? Stress testing a dream, but also stress testing a team. It's not so different from a couple figuring out a family budget at the kitchen table. Sometimes these moments are more about making sure the partnership is worth the stress of future disagreements. Kurtz and Alperovich's vision becomes a reality in late 2011, when they co found Crowdstrike alongside Greg Marston, the former CFO of Foundstone. In April 2012, they recruit Sean Henry, a veteran cybersecurity expert from the FBI. Henry brings something the others don't deep experience tracking down sophisticated hackers. His years of expertise not only help shape their product, it also lends them instant credibility, and investors start paying attention. With a $26 million investment from private equity firm Oreberg Pincus, Crowdstrike is off and running. Even the name reflects the company's core idea. CrowdStrike is built around crowdsourcing intelligence, pulling in data on cyber attacks from a global network of analysts, then using that shared knowledge to understand who the hackers are, how they operate, and how to stop them before they Strike again. In 2013, CrowdStrike launches its flagship product, Falcon. It's a cloud based program that monitors Windows and Mac systems, looking for intrusions in real time and flagging threats as they emerge because it needs to spot and stop problems quickly. It's kind of like an antivirus software on steroids, tightly integrated into systems so it can actively shut down attacks. As CEO Kurtz becomes the public face of the company, he crisscrosses the globe, pitching Falcon to corporations Governments and institutions worried about losing their most valuable asset, intellectual property. His message is simple but provocative. I think the most important part about stopping an adversary is first to understand you're fighting an adversary, you're not fighting a piece of malware. And that's where the industry's really been focused. What they've been doing is focusing on the digital bullets, as I like to say, and it's equivalent to someone shooting a gun at you in the physical world. And you're asking, was that a 9 millimeter or.45 that went by? You just don't do that. You ask, why is a person shooting at me? How do I actually protect myself? As CrowdStrike fights to gain a foothold in a nascent industry, the company has no idea what's coming next. Within just a few years, a series of stunning high profile attacks will rock the worlds of entertainment and politics, and CrowdStrike will find itself right in the center of the storm. It's June 2014. Just as CrowdStrike is starting to gain traction with new clients, big news breaks out of Washington, D.C. the Justice Department has filed charges against a handful of Chinese government officials. They're accused of hacking into American companies and entities to steal secrets. This is a case alleging economic espionage by members of the Chinese military. The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. The charges reveal that Chinese hackers have been quietly breaking into US Companies for seven years, siphoning off trade secrets, corporate strategy, and sensitive data, all while largely going undetected. For CrowdStrike, this is a breakthrough moment. Soon after the indictments are announced, the company launches its own independent investigation. And instead of quietly briefing clients, CrowdStrike does something bold. It goes public public with its findings. The company releases a detailed report laying out exactly how the hackers operated. It even gives the hackers a name, Hutter Panda. According to the report, the hackers targeted professionals in sensitive industries. While they were traveling to conferences. The hackers sent phishing emails disguised as event documents or golf brochures, hence the nickname Putter Panda. When the recipients opened the files, they unknowingly installed remote access tools on their computer, giving the attackers a backdoor into corporate networks. Then an even bigger story erupts just a few months later. In late 2014, North Korea is accused of hacking Sony Pictures Entertainment. Unreleased movies and screenplays are put online, including material from the upcoming James Bond film Spectre. The hackers also post embarrassing emails from Sony executives, including corporate financial details and email exchanges between producers And Hollywood figures the fallout is swift. And Sony chairwoman Amy Pascal is pressured to resign. The attack is widely seen as retaliation for the Interview, a new comedy starring Seth Rogen and James Franco that pokes fun at North Korean dictator Kim Jong Un. The hackers threaten further damage unless Sony cancels the film's release. Suddenly, this isn't just a cybersecurity story. It's a geopolitical one. Hollywood and Washington, D.C. collide, and public officials, including President Obama, weigh in on whether an American company should cave to a foreign government's threat. Ultimately, Sony backs down. They alter the interview to soften its portrayal of North Korea, and they limit the movie's release to a small number of theaters. Once again, CrowdStrike steps in. The company conducts a deep forensic investigation and publicly shares its findings. And the media takes notice. CrowdStrike co founder Dmitri Alperovich jumps at the chance to be interviewed and boost his company's profile. He goes on PBS's NewsHour.

C (20:01)

We've actually been tracking this actor. We actually call them Silent Klima. That's our name for this group that's based out of North Korea so far.

A (20:07)

Say that name again.

C (20:08)

Silent Kolyma. Kolyma is actually national animal of North Korea. It's a mythical flying horse. And we've been tracking this group since 2006. They've been engaged in a lot of destructive attacks against South Korea predominantly and US Forces in South Korea. And this is their first major attack against the US Company that's in destructive in nature. The intelligence on this group has been around, as I said, for most of eight years. If these companies that have been coming under attack from them had that intelligence, if they had used it proactively to hunt on their networks for that adversary, this type of event could have been prevented.

A (20:40)

The publicity is rocket fuel and helps CrowdStrike attract more clients and investors. Take note. Pouring hundreds of millions of dollars into the fast rising company, including a $100 million funding round led by Google. You know, when investors start lining up to hand you money, it feels like winning the lottery. But there are hidden costs that no one tells you about. An explosion of growth can turn what were once simple decisions into full blown emergencies. Who to hire, what to build, which customers to prioritize. Small companies see a milder version of this when a single big client suddenly doubles their orders. What looks like good news also exposes every weak process you might have put off fixing the takeaway. This ain't the lottery. Obviously. It's great when you reach the point where Investors are knocking at your door. But in the real world, more money doesn't simplify your life. More often than not, it amplifies whatever you already are. For better or worse, CrowdStrike's infusion of cash allows them to hire more people and expand their services. And for co founder George Kurtz, it also fuels his expensive, adrenaline fueled hobby. Competitive auto racing. It's 2016 and Kurtz is strapped into the cockpit of his aston Martin Vantage GT4, tearing around an otherwise empty racetrack. He's on a practice run, preparing for his debut in the prestigious Pirelli World Challenge this summer. Kurtz bites down on his mouthguard and shifts gears as he rounds the final corner, hits the gas and blasts through the finish line. As he crosses the line, he eases off the throttle and pulls into the pit lane. Kurtz checks his lap time on the scoreboard and smiles wide. It's his best run of the day. If he can replicate this performance on race day, he has a real shot at placing. But as Kurt steps from the car and removes his helmet, he sees his assistant quickly approaching with a phone in her hand. And from the wide eyed look on her face, Kurtz can tell it's serious. He spits out his mouthpiece, grabs the phone and looks at the caller ID. It's Sean Henry, CrowdStrike's chief security officer. Hi, Sean. Sorry to interrupt, but we've got something serious here. Kurtz turns away from the pit crew noise and starts pacing along the edge of the track, his helmet tucked under his arm. Yeah, what's going on? I just got a call from Michael Sussman, a lawyer representing the Democratic National Committee. Kurt slows his pace. The dnc? What do they want? Their IT team flag suspicious activity on their network. They think it could be a cyber attack. Kurtz closes his eyes and briefly exhales. Well, any sign the attackers have made demands or leaked anything publicly? Well, not yet, but DNC is in the middle of a presidential primary and their servers contain emails. And I'm told it's of a sensitive nature. They could be exploited for any number of purposes. Kurtz resumes pacing, the gravity of it sinking in. Well, do they have any idea who's behind it? They've been told it could be Russia, but they want our team to confirm this. Kurtz pauses and thinks through the implications. If CrowdStrike takes this job, they're stepping directly into a political minefield. Determining who hacked the DNC and for what purpose could play a pivotal role in the presidential election. And any conclusion they reach, no matter how carefully supported will almost certainly be questioned, attacked, and spun. But this is also the kind of case that CrowdStrike was built for. He can't say no. All right, let's do it. Yeah. Okay, I'm on it. I got a team ready to deploy monitoring software right away. Kurtz nods. All right, that's good. Get him installed within 24 hours. I want eyes on everything and. And. And Sean? Yeah? Loop me in on every finding. All right. Okay. I'm already doing it. The call ends. Kurtz hands the phone back to his assistant and starts unzipping his race suit. His heart is pounding, part adrenaline, part anticipation. You know, this is the moment a lot of businesses sort of dream about, right? The chance to work for a big, powerful client who has a lot to lose. And you get to save them. On paper, it's a perfect win. Prestige, visibility, new revenue. But in practice, you're signing up for a lot more. Their baggage, their enemies, their headlines. Ask any local business owner who's become the official vendor for some local project that suddenly becomes controversial or maybe starts doing business for a polarizing figure in town. The lesson's pretty simple, but easy to overlook. In all the excitement. Before you lock in a marquee client, ask yourself if your balance sheet and your stomach can handle the drama that might come along with your client's big logo. As Kurtz walks away from the track, he feels a familiar rush, the thrill of risk. But what he doesn't know yet is that this investigation will follow CrowdStrike for years, turning the company into a target for conspiracy theories, partisan outrage, and attacks from the high highest levels of the US Government. In May of 2016, shortly after receiving a call from the Democratic National Committee about a troubling hat, CrowdStrike springs into action. Their incident response team quickly identifies the intrusion and expels the hackers. Soon after, CrowdStrike analysts arrive at the party's headquarters in Washington, D.C. to take a closer look at their servers. And what they find is alarming. Two separate hacking groups successfully infiltrated the DNC's network. CrowdStrike gives them the codenames Cozy Bear and Fancy Bear. Both groups have a history of targeting sensitive networks in the US And Europe, and both are linked to Russian intelligence agencies. CrowdStrike determines that the attacks from Fancy Bear began about a month earlier, but Cozy Bear has been inside for nearly a year. Together, these intrusions gave the groups access to the DNC's emails and internal chats. But the real nightmare for the DNC and for CrowdStrike is just beginning because soon the stolen emails begin appearing online. Posted by WikiLeaks. For the next few months, there's a steady drip of sensitive and sometimes embarrassing internal communications for the press, political opponents and the public to dissect, including emails from Hillary Clinton's campaign chairman, John Podesta, and the head of the DNC, Debbie Wasserman Schultz. The latest emails released by WikiLeaks suggest that top officials at the Democratic National Committee plan to undermine Bernie Sanders presidential campaign. The timing could not be worse. The leaks start just as the Democratic Party is preparing to officially nominate Hillary Clinton for president at its national convention. And days before the convention begins, Wasserman Schultz announces that she will resign. Around the same time, the FBI confirms they are also investigating the DNC hack. Their analysis is largely based on CrowdStrike's research, and they come to the same conclusion. Russian intelligence was behind the attack in late 2016, shortly after Donald Trump wins the presidential election. The CIA, along with multiple other US agencies, echoes this assessment. Some intelligence officials go even further, suggesting that the Russians may have hacked the DNC in order to help Trump win. But Trump and his allies push back on these conclusions. Instead, they offer alternate theories about who was behind the hacks, putting CrowdStrike at the center of the story. Some Trump allied officials, including new Secretary of State Mike Pompeo, suggest it may have actually been Ukraine, not Russia, who hacked the dnc. Others go so far as to say that Ukraine worked with CrowdStrike to hack the DNC and frame Russia in an effort to damage Trump, and that the FBI covered up the scheme. They glom onto the idea that CrowdStrike is partially owned by a wealthy Ukrainian businessman. It's a reference to CrowdStrike co founder Dmitry Alpurovich, who was born in Russia before immigrating to the US As a teenager. The conspiracy theorists also seize on the fact that the FBI never physically took possession of the DNC servers, instead relying on digital copies for their analysis, even though this is standard practice in cybersecurity, because unplugging the servers could destroy locally stored data. None of that stops the rumors. And President Trump repeats them publicly. A lot of it had to do, they say, with Ukraine. But Mr. President, very interesting. They have the server right from the DNC. They gave the server to CrowdStrike or whatever it's called, which is a country, which is a company owned by a very wealthy Ukrainian. And I still want to see that server. You know, the FBI has never gotten that server. That's a big part of this whole thing. Why did they give it to a Ukrainian company. Are you sure they.

C (30:31)

Are you sure they gave it to Ukraine?

A (30:33)

Well, that's what the word is. Despite all the noise, the official findings don't change. Bob Mueller's special counsel report, a Republican led Senate Intelligence committee and several US intelligence agencies all reached the same basic conclusion as CrowdStrike. Russia was responsible. CrowdStrike defends their work in public statements, and Chief Security Officer Sean Henry testifies before Congress about their investigation. But the conspiracy theories persist for years and harden over time. You know, every business lives with two versions of itself. The one on the inside and the one people tell stories about on the outside. Once a narrative takes hold, though, it can outrun any press release you can muster. The wilder the story, the truer this is. You might well have the reports, the expert testimony, and the facts behind you and still lose the battle for perception on social media, which is more and more what counts for news these days. The takeaway here, managing reputation, isn't just about being right. It's about realizing that stories, fair or not, are part of your operating environment. The test is how you deal with it. The conspiracy theories evolve into something even bigger in 2019, during a phone call with Ukraine's new president, Volodymyr Zelensky, President Trump withholds nearly $400 million in congressionally approved military aid and asks Zelenskyy for a favor. He wants Zelenskyy to open investigations into both CrowdStrike and Hunter Biden, the son of presumed 2020 Democratic nominee Joe Biden. This incident will later lead to Trump's impeachment, when the U.S. house of Representatives determines that the president was abusing his power as commander in chief to influence the election. When CrowdStrike agreed to work with the DNC, they knew it was a politically sensitive case. But they never imagined they'd become a talking point in impeachment hearings or a target of the President of the United States. Ironically, the attention does have a silver lining. The controversy raises CrowdStrike's profile, and more potential customers learn about their work. The company's annual revenue continues to grow rapidly and more than doubles from 2018 to 2019. And if the past few years are any indication, cyber threats show no sign of slowing, helping to strengthen CrowdStrike's position. It's June 12, 2019. Just before 9:30 in the morning, CrowdStrike co founder and CEO George Kurtz is standing on stage inside Nasdaq's marketing headquarters in the heart of Times Square. He's flanked by more than two dozen people, including Executives, family and friends. To his right is Dmitri Alperovich, his co founder and partner of eight years. Today, his crowd strikes a ipo. This is a moment every founder dreams of. A mix of celebration and stress. From this point forward, the market will decide what CrowdStrike is worth. Kurtz is optimistic about how the stock will perform, but he can't be sure. It's impossible to know how investors will view the business. Will they be attracted to CrowdStrike's rapid growth? Or turned off by all the push? Political noise is about to find out. As the countdown begins, he looks at Alperovich and they share a smile. They come a long way together from sketching out that initial idea for the company on a napkin, through rapid growth and a series of high profile investigations, all the way to an ipo. No matter how today goes, it's been one heck of a ride. At zero, Kurtz does the honors, pressing a touchpad on the lectern. The opening bell rings. Red confetti rains down as Kurtz embraces his colleagues and friends around him. Then, as the room begins to quiet, Kurtz's attention turns to the big screen, where the company's stock price is now live for the first time. He nervously waits to see how it performs. A moment later, the ticker turns green as the stock price climbs higher. And from there, it just keeps going up. Eventually, the price nearly doubles. Kurtz does the quick math in his head. He owns a 10% stake in CrowdStrike, which means his net worth has reached just over $1 billion. From the outside, this sure looks like an overnight jackpot, doesn't it? One morning bell and suddenly you're a billionaire. But what you're really seeing here is more complicated. This is years of accumulated risk finally getting a market price. Most entrepreneurs will never ring the bell at the New York Stock Exchange, but they know the smaller version. You know, the day the shop finally breaks even, the day the loans get paid off. The day the business can survive without them on the floor. Those aren't jackpots. Those are the receipts. Look, I love an overnight success story just as much as anyone else, but I've come to wonder if there's really such a thing. If you're not up close to a business. There's just so much that goes unaccounted for. The long days and nights working while everyone else is sleeping. The years wondering if you're doing things right. That haunting fear that's always eating away at you. That everything you put into this enterprise, every difficult decision you made along the way, every painful personal choice, every sacrifice might someday be considered all for nothing at all. CrowdStrike has become an industry leader, and their revenue continues to nearly double each of the next several years. The future looks bright, but the company's darkest moment is just over the horizon. On the night of July 19, 2024, CrowdStrike will face its most challenging moment yet. But this time, the fallout won't come from foreign hackers or political spin or conspiracy theories. It'll come from inside the company itself. A routine software update pushed to consumers around the world will trigger the most catastrophic IT outage in history. And unlike everything that came before it, this crisis will be entirely of CrowdStrike's own making. From Wondery this is episode one of CrowdStrike. All systems down for business Wars. A quick note about the recreations you've been hearing. In most cases, we can't know exactly what was said. Those scenes are dramatizations, but they are based on research and we have used many sources for this season, including TechCrunch, Forbes, and the New York Times. I'm your host, David Brown. Cory Metcalfe wrote this story. Sound design by Ryan Potesta. Kyle Randall is our lead sound designer. Fact checking by Gabrielle Drollet. Our managing producer is Desi Blaylock. Our senior producers are Jenny Bloom and Emily Frost. Karen Lowe is our producer emeritus. Our executive producers are Jenny Lauer, Beckman and Marshall Louie. For wondering.