Hacker News new | past | comments | ask | show | jobs | submit login

Isn't Crowdstrike the same company the heavily lobbied to get make all their features a requirement for government computers? https://www.opensecrets.org/federal-lobbying/clients/summary... They have plenty of money for congress, but it seem little for any kind of reasonable software development practices. This isn't the first time crowdstrike has pushed system breaking changes.



Since we are in political season here in the US, they are also well known as the company that investigated the Russian hack of the DNC.

https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...


The DNC has since has implemented many layers of protection including crowdstrike, hardware keys, as well as special auth software from Google. They learned many lessons from 2016.


If I were to hazard a guess I think the OP is attempting to say they are incompetent and wrong in fingering the GRU as the cause of the DNC hacks (even though they were one of many groups that made that very obvious conclusion).


What? No.


Not you, the person you were responding to.


Afaik didn't they hack republicans too? They only released democrat emails though.


Correct. Also, the DNC breach was investigated by FireEye and Fidelis as well (who also attributed it to Russia).


Several groups doubted the results such as Threat Connect and Ukraine's military:

https://threatconnect.com/resource/webinar-guccifer-2-0-the-...

https://www.voanews.com/a/crowdstrike-comey-russia-hack-dnc-...


The second link has nothing to do with the DNC breach. It's the Ukrainian military disagreeing with Crowdstrike attributing a hack of Ukrainian software to Russia. And ThreatConnect also attributed it to Russia: https://threatconnect.com/blog/shiny-object-guccifer-2-0-and...

>we assess Guccifer 2.0 most likely is a Russian denial and deception (D&D) effort that has been cast to sow doubt about the prevailing narrative of Russian perfidy


So Ukraine's military and the app creator denied their artillery app was hacked by Russians, which might have caused them to lose some artillery pieces? Sounds like they aren't entirely unbiased. Ironically, DNC initially didn't believe they were hacked either.


And CrowdStrike accurately point all the facts.

Seems like they're pretty good at what they do. Maybe that's why there are so many critical infrastructure depends on them.


I mean... the DNC thought Bernie hacked them so...


Yeah this is the fringe view. The fact that the GRU is responsible is the closest thing you can get to settled in infosec.

Especially since the alternative scenarios described usually devolve into conspiracy theories about inside jobs


There's something of a difference between 'alternative scenarios' and demonstrating that the 'settled' story doesn't fit with the limited evidence. One popular example is that the exploit Crowdstrike claim was used wasn't in production until after they claimed it was used.


>There's something of a difference between 'alternative scenarios' and demonstrating that the 'settled' story doesn't fit with the limited evidence.

You've failed to demonstrate that, since your second link doesn't show the Ukrainian military disputing the DNC hack, just a separate hack of Ukrainian software, and the first link doesn't show ThreatConnect disagreeing with the assessment. ThreatConnect (and CrowdStrike, Fidelis, and FireEye) attributes the DNC hack to Russia.

>One popular example is that the exploit Crowdstrike claim was used wasn't in production until after they claimed it was used.

Can you provide more info there?


> You've failed to demonstrate that

I see that now. I should have been more careful while searching for and sharing links. I have shot myself in the foot. And I'm not going to waste my time or others digging for and sharing what I think I remembered reading. I've done enough damage today. Thank you for your thorough reply.


Ok, who did it then?


According to that link the most money they contributed to lobbying in the past 5 years was $600,000 most years around $200,000. That’s barely the cost of a senior engineer.


You'd be surprised how cheap politicians are.


IIRC Menendez was accused and found guilty of accepting around $30,000 per year from foreign governments?


That's probably only the part they had the hard proof for.

Also, the press release[1] says:

> between 2018 and 2022, Senator Menendez and his wife engaged in a corrupt relationship with Wael Hana, Jose Uribe, and Fred Daibes – three New Jersey businessmen who collectively paid hundreds of thousands of dollars of bribes, including cash, gold, a Mercedes Benz, and other things of value

and later:

> Over $480,000 in cash — much of it stuffed into envelopes and hidden in clothing, closets, and a safe — was discovered in the home, as well as over $70,000 in cash in NADINE MENENDEZ’s safe deposit box, which was also searched pursuant to a separate search warrant

This seems to be more than $120K over 4 years. Of course, not all of the cash found may be result of those bribes, but likely at least some of it is.

[1] https://www.justice.gov/usao-sdny/pr/us-senator-robert-menen...


I always half-jokingly think "should I buy a politician?"

I feel like a few friends could go in on it.


It could be like an "insurance" where people pay for politician lobbying. Pool our resources and put it in the right spots.


Ok but that point still defeats the premise that Crowdstrike are spending a large enough amount on lobbying that it is hampering their engineering dept.


I believe the OP was using figurative language. The point seems to be that _something_ is hampering their engineering department and they shouldn't be lobbying the government to have their software so deeply embedded into so many systems until they fix that.


In the UK, a housing minister was bribed with £12,000 in return for a £45m tax break.

3750:1 return on investment, you don't get many investments that lucrative!


Given its origin and involvement in these high profile cases I always thought Crowdstrike is a government subsidized company which barely has any real function or real product. I stand corrected I guess.


This still doesn't demonstrate that it has any real function tbf.


Business Continuity Plan chaos gorilla as a service.


There's something missing here... You know nothing about Crowdstrike (as per your own statement) and critical infrastructure depends on them.

That two things tell us something about your knowledge;)


On the bright side, they are living up to their aptronym.


I wonder if it might starting being a common turn of phrase. "Crowdstrike that directory", etc.


There's a brokenness spectrum. Here are some points on it:

- operational and configured

- operational and at factory defaults

- broken, remote fixable

- crowdstruck (broken remotely by vendor, but not fixable remotely)

- bricked

Usage:

> don't let them install updates or they'll crowdstrike it.


> Isn't Crowdstrike the same company the heavily lobbied to get make all their features a requirement for government computers?

Do you have any more sources on this specifically? The link you gave doesn't seem to reference anything specific.


Seems to be a perfectly rational decision to maximise short term returns for the owners of the company.

Now make of that what you will.


This demonstrated that Crowdstrike lacks the most basic of tests and staging environments.


Corporate brainrot strikes again.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: