Talk:CrowdStrike/Archive 1

This edit request by an editor with a conflict of interest has now been answered.

Hi! CrowdStrike is a client of mine, and I'd like to request some updates to this article.

• First up, would love some feedback on what needs to be done to this article to get the {{ad}} template removed. Happy to propose some wording tweaks, but I'm genuinely not sure where the issue is and don't want to waste anyone's time with superfluous requests.

The rest of the requests are in the "Russian hacking investigations" section...

1. Adding this to the end of the first paragraph as some additional context: On July 13, 2018, the U.S. Justice Department indicted 12 Russian officials who were allegedly responsible for the DNC attack.[1]

    Done

2. Deleting the word "erroneously" from the second sentence of the second paragraph. This statement is unsourced, and as the rest of the section breaks down the nuances of how this assessment played out, I think "erroneous" is too definitive in its framing.

    Done

3. Deleting However, they failed to show that the hacked variation of POPR-D30 was actually installed by any Ukrainian soldiers.[2][3] from the end of the second paragraph. The first source, Medium, is WP:SPS. The second source is useful for backing up the previous sentence, but does not corroborate this statement.

   Partly done I kept the second source. As you said, it backs up the sentence CrowdStrike found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant. and the Budapest University of Technology and Economics is a reliable source for a statement like this.

4. In the third paragraph, replacing The International Institute for Strategic Studies, whose data on Ukrainian D30 howitzer losses was misused by CrowdStrike in their report, rejected CrowdStrike's assessment of hacking causing losses to Ukrainian artillery units. with The International Institute for Strategic Studies, whose data on Ukrainian D30 howitzer losses was referenced by CrowdStrike in their report, rejected CrowdStrike's interpretation of its data., which is less redundant and, I believe, more neutral.

   Partly done Rephrased this to The International Institute for Strategic Studies rejected CrowdStrike's assessment of hacking causing losses to Ukrainian artillery units, saying that their data on Ukrainian D30 howitzer losses was misused by CrowdStrike in their report. which I think best represents what the source says.

5. Replacing the final, unsourced sentence – However, there is no evidence that they succeeded in hacking Sherstyuk's email. – with While Secureworks did not publish complete lists of individuals it believed were hacked, it did conclude "the majority of the activity appears to focus on Russia's military involvement in eastern Ukraine".[4] Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear;[5] Radio Free Europe's summary of the AP report notes that it "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted."[6] (Ref name already in use in article.)

    Done with minor modifications. I trust AP's assessment.

Due to my COI, I won't be editing the article directly. I appreciate any help or feedback! Thank you. Mary Gaulke (talk) 19:05, 2 April 2019 (UTC)

See my responses above. feminist (talk) 04:04, 12 April 2019 (UTC)

@Feminist: Thank you so much! Any thoughts on the {{ad}} template? Trying to be thoughtful and specific in how I go about rectifying whatever needs to be fixed to address it. Mary Gaulke (talk) 01:51, 15 April 2019 (UTC)

This edit request by an editor with a conflict of interest was declined. Some or all of the changes may be promotional in tone.

Hi again! As disclosed above, CrowdStrike is a client of mine. I'd like to request a few more updates to this article.

1. Firstly, I'm still hoping for some guidance about what this article needs in order to get the {{ad}} template removed. I want to work with the community on this, and honestly, I'm not certain right now where the issue is in the current article.

2. Updating the history section for a) improved chronology, b) additional context, c) neutral language, d) combining a duplicate ref, and e) adding a new "Funding" subsection into which I moved existing info, plus incorporating some of the major items from the "Industry recognition" section as prose. Additions are highlighted and deletions are struck through:

CrowdStrike was co-founded by entrepreneur George Kurtz (CEO),[1][2] Dmitri Alperovitch (CTO),[3] and Gregg Marston (CFO, retired) in 2011.[4] In 2012, Shawn Henry, a former Federal Bureau of Investigation (FBI) executive who led both the FBI's criminal and cyber divisions, was hired to lead sister company CrowdStrike Services, Inc., which is focused on proactive and incident response services.[5] In June 2013 the company launched its first product, CrowdStrike Falcon.[6]

The company gained recognition for providing threat intelligence and attribution to nation state actors[7] conducting economic espionage and IP theft. This includes the outing of state-sponsored Chinese group, Putter Panda, linked to China's spying on United States defense and European satellite and aerospace industries.[8] In May 2014, supported by CrowdStrike's reports, the United States Department of Justice charged five Chinese military hackers for economic cyber espionage against United States corporations. Similarly, the firm is known for uncovering the activities of Energetic Bear, an adversary group with a nexus to the Russian Federation that conducts intelligence operations against a variety of global victims with a primary focus on the energy sector.

Following the very public Sony Pictures hack, CrowdStrike produced attribution to the government of North Korea within 48 hours and demonstrated how the attack was carried out step-by-step.[9] In 2013, the company launched the Falcon software platform, a technology that stops breaches by combining next-generation antivirus, endpoint detection and response, and proactive hunting. In 2014, CrowdStrike was instrumental played a major role in identifying members of Putter Panda, the state-sponsored Chinese group also known as PLA Unit 61486, as the perpetrators of a number of cyberattacks on U.S. infrastructure and defense as well as on European satellite and aerospace industries.[8][10]

In 2014 and 2015, CRN Magazine named the company to its Top Emerging Vendors list.[11] In May 2015, the company released Researcher Jason Geffner's discovery of VENOM, a critical flaw in open source hypervisor called Quick Emulator (QEMU),[12] which is used in a number of common virtualization products. This vulnerability could allow attackers to access sensitive personal information.[13] In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies immediately before and after President Barack Obama and Chinese President Xi Jinping publicly agreed not to use cyberspies as part of economic espionage against each other. The alleged hacking would have been in violation of that agreement.[14]

In 2016, the company was ranked #40 on the Deloitte Fast 500 North America list,[15] and Inc. named CrowdStrike as one of America’s 500 fastest-growing companies.[16]

CrowdStrike released research in 2017 showing that 66 percent of the attacks to which the company responded that year were fileless or malware-free. The company also compiled data on the average time needed to detect an attack and the percentage of attacks detected by organizations themselves.[17] In 2017 and 2018, CrowdStrike was listed on LinkedIn’s Top Companies: Start Ups,[18][19] on the Forbes Cloud 100,[20][21] and as one of the CNBC Disruptor 50.[22][23]

In February 2018, CrowdStrike reported that in November and December 2017 it had observed a credential harvesting operation in the international sporting sector, with possible links to the cyber attack on the opening ceremonies of the Winter Olympics in Pyeongchang.[24] That same month, Crowdstrike released research showing that 39% of all attacks observed by the company were malware-free intrusions. The company also named which industries attackers most frequently targeted.[25]

In January 2019, CrowdStrike published research reporting that Ryuk ransomware, used by cyber actor Grim Spider to target businesses, had accumulated more than $3.7 million in cryptocurrency payments since it first appeared in August.[26] That March, the company released a version of its Falcon product for mobile devices and launched the CrowdStrike Store, which opens the Falcon platform to third-party applications.[27]

Also in 2019, CrowdStrike released its 2018 Global Threat Report, which ranked cybercriminals in order of fastest actors to operate within a network, with Russia coming in first.[28][29] The company also revealed that it tracked 81 named state-sponsored actors in 2018, and at least 28 were conducting active operations throughout the year. The research showed that of the sophisticated attacks that the company attributed to nation-states, China was responsible for the plurality: more than 25 percent.[30]

According to the company, its customers include three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.[31] 44 of the Fortune 100 and 37 of the 100 top global companies.[32]

===Funding===

In July 2015, Google invested in the company's Series C funding round, which in total raised $100 million. Series D in May 2017 brought in $100 million,[33] and Series E in June 2018 brought in $200 million.[34] In total, as of May 2019, the company has raised more than $480 million in funding.[35] In June 2018, the company said it was valued at more than $3 billion.[34] To date, CrowdStrike has achieved total funding of $256 million, with estimated annual revenue of $100 million and valuation more than $1 billion.[36] Investors include Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus.[37][38]

3. "Russian hacking investigations" may make more sense as a subsection of "History".

4. Deleting the "Industry recognition" section, since the major items were incorporated into "History".

5. Adding a new "Corporate affairs" section:

==Corporate affairs==

Fortune has given CrowdStrike three of its "Great Place to Work" awards,[73] and Inc. has praised the company's remote work program.[74]

6. Updating the products parameter of the infobox: Endpoint security, security and IT operations, and threat intelligence

Happy to mock up what all the edits would look like in effect if it's helpful – I've received varying feedback on doing so in the past. Due to my COI, I won't be editing the article directly. Thank you for your help or feedback! Mary Gaulke (talk) 15:00, 3 June 2019 (UTC)

Hi @MaryGaulke: Thank you for thoroughly stating your request (although it is a lot to take in). First, in order to remove the advertisement tag, the article will need a thorough scrub of WP:PUFF, WP:PEACOCK, and WP:PROMO. Please review the information in those links, as it will help explain better than I what it is we see in the article that seems promotional. Then, please review your edit request with that guidance in mind. Once your updated revision request is ready, please add this code -> {{ping|Orville1974}} <- (paste as plain text) to your reply, and I'll get a notification that you're ready for me to look over the updated request. Thank you! Orville1974 (talk) 02:59, 20 June 2019 (UTC)

@Orville1974: Thanks for the reply! I know it's a lot; happy to receive any feedback about how to make it more digestible/easier to review and reformat accordingly. Also, to clarify, not all of this request is related to the {{ad}} tag, but since it's the item you mentioned, I'll dig in a little more:

I've reviewed WP:PUFF, WP:PEACOCK, and WP:PROMO in detail and taken an intensive look at the article, and I can't find any examples of any specific issues identified in those policies:

• Positive or exaggerated adjectives that aren't tied to any kind of source. Closest I can see is:
  • "high-profile" to describe the attacks mentioned in the lead, which is objectively true – each of those attacks has its own detailed Wikipedia article backed up by extensive media coverage
  • "was instrumental" in "History" – our request specifically removes this wording
• Absence of criticism or industry context
  • "Russian hacking investigations" goes into detail regarding criticisms, including citations from industry pubications
• Claims of objective superiority
• Excessive or comprehensive detail
  • In fact we're requesting this be addressed by revising the "Awards and recognition" listing and integrating only the most major items into the "History" narrative
  • No comprehensive listing of products or company announcements
• No use of non-reliable sources except for very basic information
• None of the "words to watch" listed at WP:PEACOCK are used, and per above, I believe the article also follows the spirit of this rule
• And as someone who has been working on Wikipedia for five years, I have a lot of familiarity with WP:PROMO especially and do not see anything in this article that qualifies as advocacy or advertising

I hope that's helpful. Thank you again for your time! Mary Gaulke (talk) 19:33, 24 June 2019 (UTC)

I'm not sure why this article doesn't at all bring up the legal action between CrowdStrike and NSS labs. It seems like pertinent information and I would edit it in myself but this article is so closely monitored by CrowdStrike that any edits I make would likely be immediately reverted as as conspiracy theories or baseless propaganda. I'd like to make a request for a section about the NSS Labs controversy and the conclusions of that, or lack-of. — Preceding unsigned comment added by 207.228.78.118 (talk) 22:18, 11 June 2019 (UTC)

I want to be 100% clear, as a representative of CrowdStrike: I never directly edit this article, and since the company has engaged me, to my knowledge no one at CrowdStrike has directly edited the article either. If I saw any direct COI interference occurring, I would take steps to revert it myself and address it with my client. Best wishes! Mary Gaulke (talk) 02:20, 12 June 2019 (UTC)

I have not followed this story or CrowdStrike in detail, but have noted how frequently Mr. Trump is mentioning CrowdStrike recently. Trump made the claim on Fox and Friends via telephone today, that "...the owner of CrowdStrike is Ukranian." One assumes he refers to one of multiple owners, who is a U.S. citizen born in Moscow and raised in the U.S.

I don't know if someone has the bandwidth and expertise to address some of this without politicizing it, but it could be helpful, if facts are better known by anyone. Conspiracy theories seem to appear here on the Talk page, so this is concerning, plays into messy narratives that make the truth hard to decipher.

I support the World Wide Web Foundation's international movement to apply principles of integrity to Internet use. https://contractfortheweb.org/

This edit request by an editor with a conflict of interest has now been answered.

Hi, in December 2021 CrowdStrike moved its headquarters to Austin, Texas: https://www.crowdstrike.com/blog/crowdstrike-changes-principal-executive-office-to-austin-texas/

Can an editor:

• Change the headquarters location to Austin, Texas in the first sentence of this article
• Change the headquarters location to Austin, Texas in the infobox
• Delete the categories at the bottom of the article "companies based in Sunnyvale, California" and "Technology Companies based in the San Francisco Bay Area" and add Category:Companies based in Austin, Texas

I am asking because I have a financial conflict of interest so even though this is a small and uncontroversial edit request, I prefer to refrain from editing directly. Thanks, -JeffreyArthurVA (talk) 21:33, 26 January 2022 (UTC)

•  Done.--Vulp❯❯❯here! 15:53, 2 February 2022 (UTC)

https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html 84.186.127.225 (talk) 14:24, 22 August 2022 (UTC)

The private?? government company needs some explanation, private company? Guess we all know that this is not the case!!!! The fist section of the information needs to be rewritten.

• what is CrowdStrike, and who is paying them, Follow the money, who is supporting them!
• What right do private companies have, are they hackers, hacking for the government? A big question, so are they hackers or are they in for the money?

i will rewrite the first section, we now know what they do! We only need to know who is paying them! If the US is is founding them, it's just government! Only governments can do this kind of recherche, or they are just hackers?

• At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” --87.159.115.250 (talk) 17:54, 11 July 2017 (UTC)

Since they are listed on the NASDAQ they are a private sector public company. One owner, telstra, is the largest Australian telecommunications company, but most telstra shareholders would be unaware that telstra owns shares in CrowdStrike. The number of security companies and agencies (some of them government) seem to nullify the savings made through digitization. Last year we had so much trouble with telstra's email that we nearly lost the way to live, and others had big trouble, too. We are having a global outage of massive proportions as we speak because someone couldn't leave things alone, doing an update that was obviously a dud. 2001:8003:A070:7F00:891D:387A:4981:FC9A (talk) 12:11, 19 July 2024 (UTC)

Part of an edit requested by an editor with a conflict of interest has been implemented.

Hi, COI editor for CrowdStrike here again, with a few new requests.

In the infobox:

• Adding Gregg Marston as a company founder, per the article body.  Done
• Under "Products", replace "Threat intelligence" with "Security cloud". Here are a few sources on that term: SDX Central, CRN, Security Brief. Done
• Updating revenue: $481.4 million (2020)[1] Done
• Updating the number of employees to a 2020 figure: 3,163[2]  Done

In second sentence of lead, update endpoint security to cloud workload[3] and endpoint security.

In "History:

• Updating "sister company" to "subsidiary" as a descriptor for CrowdStrike Services.^[4]  Done
• Updating which provided threat intelligence and attribution to which provided endpoint protection, threat intelligence and attribution per the source. In that same sentence, I think it may make sense to delete "to nation state actors" and "that are conducting economic espionage and IP theft" so the {{Better source}} flag can be removed.  Done
• At end of first paragraph, adding: Since then, the company has launched multiple additional modules for the platform.[5]  Not done I feel this is common practice in most businesses, particularly in tech, and it’s understood. This takes the article which already has quite a bit of advertising language a step too close to being marked for improvement.

• Add to "Accolades": An IDC report in July 2020 named CrowdStrike as the fastest-growing endpoint security software vendor.[6]  Not done This is clearly advertising for the company, and likely to do more harm to the quality of the article than good. I would suggest to skip it.

Thank you for your help or feedback! Mary Gaulke (talk) 20:51, 26 March 2021 (UTC)

Most of requests fulfilled. If you don’t agree with my edit, please feel free to ask for a new edit. Ferkjl (talk) 17:59, 4 April 2021 (UTC)

@Ferkjl: Thank you! One question – did you deliberately omit this item from my original request?

In second sentence of lead, update endpoint security to cloud workload[7] and endpoint security.

Thanks again! Mary Gaulke (talk) 15:44, 6 April 2021 (UTC)

@MaryGaulke: No, my bad, I completely missed it. Had to read a bit about the definition, the citation, and the Crowdstrike portfolio to verify it, but I just added it. Sorry for the delay. Ferkjl (talk) 16:39, 6 April 2021 (UTC)

Can we add some details about how it is spyware? 2A02:3033:605:E23:8DE0:86BF:BADB:B286 (talk) 13:45, 19 July 2024 (UTC)

Okay, would you mind providing a source explaining those details? Can't really add those supposed details to the article if nobody knows what said details are, or if there aren't any sources pointing out said details. 🔥HOTm̵̟͆e̷̜̓s̵̼̊s̸̜̃🔥 (talk・edits) 14:12, 19 July 2024 (UTC)

This edit request to CrowdStrike has been answered. Set the |answered= parameter to no to reactivate your request.

Change the "2024 incident" section title to "2024 Incident", and unindent (?) it so that it is not under the "Acquisitions: 2020–2024" header on the sidebar. This incident seems to now be more notable than the company; the page detailing the incident is already much longer than the page for the company itself. 202.89.148.53 (talk) 00:21, 20 July 2024 (UTC)

Thank you for suggesting an edit. But I don’t think your capitalization is right. Your second request is done. Hym3242 (talk) 00:45, 20 July 2024 (UTC)

Does anyone how many outages has CrowdStrike has prevented to make the page more neutral? Has it ever prevented any outage? 90.166.193.231 (talk) 08:42, 20 July 2024 (UTC)

https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/ Jamesjpk (talk) 06:49, 19 July 2024 (UTC)

Yes, this is absolutely true. They have pushed UNTESTED and BROKEN software to millions of corporate computers, shutting down many companies. — Preceding unsigned comment added by 108.185.180.195 (talk) 14:14, 19 July 2024 (UTC)

19 July 2024 is now informally recognized as "International BSOD Day" in view of the significance of this event across the world. — Preceding unsigned comment added by Crstwin (talk • contribs) 11:17, 20 July 2024 (UTC)

Do you have a citation for that point about it being designated 'International BSOD Day'? 🔥HOTm̵̟͆e̷̜̓s̵̼̊s̸̜̃🔥 (talk・edits) 15:51, 21 July 2024 (UTC)

This edit request to CrowdStrike has been answered. Set the |answered= parameter to no to reactivate your request.

The point about "the root cause of this update and the vulnerability of IT systems in this world to an update by a single company needs to be put under focus" Kniranj (talk) 18:58, 20 July 2024 (UTC)

 Not done: — DaxServer (t·m·e·c) 19:23, 20 July 2024 (UTC)

I think a better way to state the issue would be "an untested update by an incompetent development team that was propagated to critical machines worldwide without benefit of independent review". Or something similar. — Preceding unsigned comment added by 2600:1700:6AE5:2510:0:0:0:40 (talk) 17:26, 21 July 2024 (UTC)

This edit request to CrowdStrike has been answered. Set the |answered= parameter to no to reactivate your request.

Change the lead sentence in the "Severe Outage Incidents" section from "CrowdStrike software has a history of causing serious outages on various platforms" to the more neutral "CrowdStrike software has been implicated in several major outages across various platforms." 202.89.148.53 (talk) 05:15, 23 July 2024 (UTC)

 Done Jamedeus (talk) 07:32, 23 July 2024 (UTC)

"Microsoft has reported that some customers were able to remediate the issue solely by rebooting impacted devices up to 15 times."

There should be some specification here that this only works/worked for Azure virtual machines: https://www.businessinsider.com/microsoft-restart-computer-15-times-itoutage-issue-crowdstrike-2024-7 I think there was some general confusion that this would work for any Windows devices but according to Microsoft's post that is not the case, and would only help for a small percentage of cases. Jeb CC (talk) 04:32, 26 July 2024 (UTC)

@Brandon Removing my entire section saying those sources "are not appropriate" is absurd. One of the sources was Adobe.com. Can also ref https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/ if I forgot to, which is just as valid as some of the already cited sources. Trying to remove the history of their broken updates without further digging and citing arbitrary rules, that are decided per Wikipedia user, is revisionist history. Jericho347 (talk) 06:01, 22 July 2024 (UTC)

I am not denying Crowdstrike has a poor track record of software quality, I work in information security for a large Crowdstrike customer and know this to be true. However your additions are original research that draw a conclusion that is not supported by reliable sources.

• • The resource.dopus.com source is a vendor forum post
  • The Neowin article is explicitly just repackaging a Hacker News comment and a Rocky Linux forum thread
  • The community.adobe.com source is another vendor forum post
  • And the last source is a Reddit thread

All of these sources are either directly or indirectly based on discussion forums and are not reliable sources. Brandon (talk) 13:31, 22 July 2024 (UTC)

Flag them as unreliable source if you feel that way. Depending on who you ask, you can get someone to say the same about almost any citation/reference in Wikipedia. Such a flag is fair and lets the reader draw their own conclusions. If you think I errantly drew a conclusion not supported by the citations or prior text, feel free to suggest edits to that. Jericho347 (talk) 03:00, 25 July 2024 (UTC)

Wikipedia:Verifiability is project policy, the guidelines around referencing user-generated content are clear, and the burden to provide reliable sources is on those that add content. Brandon (talk)

Hello, I’m Jeff. I work for CrowdStrike and posted a COI disclosure on my user page. Based on that I'll avoid making any direct edits and instead will stick to discussions on this Talk page. I have a small edit request that I'm hoping editors can help me with:

Currently, the July 2024 incident is organized as a subsection under “Severe outage incidents” and is packaged alongside a few minor topics that are not “severe outage incidents” and are not supported by WP:RS. As noted by @Brandon:, all of these minor topics are sourced to internet forum discussions and an article that repackaged the forum discussions.

I propose the following update, and I would appreciate if editors could evaluate it:

• Elevate “July 2024 incident” back to being its own dedicated section
• Remove the three “incident” additions not supported by WP:RS

Please let me know if you can help or have any questions. Thank you, JatCRWD (talk) 21:52, 13 August 2024 (UTC)

I've edited the section to bring the 2024 CrowdStrike incident to the foreground instead of giving undue weight to the Linux bugs/incidents/outages. The 2024 incident received massive press coverage, the others not so much. I do not feel comfortable removing the Linux content as I've already removed it once unsuccessfully and I fear losing too much hacker cred being on the same side of an argument as the CrowdStrike PR team. :) Brandon (talk) 03:29, 14 August 2024 (UTC)

The cost of the problem for Fortune 500 companies (excluding Microsoft) has been estimated at $5.4 billion. Such a high cost should be included in the article.

Sources:

https://www.parametrixinsurance.com/in-the-news/crowdstrike-to-cost-fortune-500-5-4-billion

https://www.theregister.com/2024/07/26/crowdstrike_insurance_money/ 81.131.103.168 (talk) 22:06, 26 July 2024 (UTC)