The cofounder of the security company CrowdStrike wants to help cyberattack victims strike back.
“After the investigation of Operation Aurora, the cyberattack on Google from within China that was revealed in 2010, I realized a completely new type of security strategy and technology was needed. I was leading research at McAfee and had been involved in investigations of criminal activity online, working closely with law enforcement. Aurora put us up against a nation-state, not a criminal. I was briefing the State Department as they crafted statements for Hillary Clinton to make publicly about the issue.
The online criminal problem was and is a big issue, but it pales in comparison to what nation-state attacks are doing to this country and our allies. Google has one of the best security teams on the planet, better than most government organizations, but they and many other companies with very good security practices were still getting hit. The problem was not the security widgets and technology they were using; it was the strategy. That’s why I left McAfee to start CrowdStrike.
The industry and the government were using a passive strategy of trying to detect and block cyberattacks, and that doesn’t work against an actor that’s really determined. China’s army is not going to give up and say, ‘Well, we’re out of the cyber-espionage business.’ What you really want is for a cyberattack to be very costly and risky, so it is used only rarely and only against really high-value targets.
Today security companies look for malware and software exploits, but they change constantly. And new ones are launched by the hundreds of thousands each day. At CrowdStrike we look for traces of the adversary and try to find out who the adversary is, what they are after, and what their tradecraft is. We also disseminate that information to enable collective action. It doesn’t have to just be every company for themselves—they can band together and maybe join with government to put pressure on the enemy. We’re starting to see that with some of the public disclosures about China, including ones I’ve done, leading the U.S. administration to start talking openly about the problem. That helped lead to Obama raising the issue at his summit with the Chinese president.
We use data from many sources to detect traces of adversaries and uncover everything we possibly can about them. Our customers can find out who is targeting them and how. We’ve showed how we could see the Chinese navy crafting spear-phishing e-mails so we could warn targets before they even received one.
We call this new strategy ‘active defense.’ We respect the law, but we’re in discussions with Congress about making changes because most relevant laws were written in 1986. We should enable the private sector to engage in self-defense in the cyber world, like we do in the physical world. Mall cops protect property the government doesn’t have the resources to protect. A cyber-world equivalent could be allowing some licensed cybersecurity companies or individuals to take certain actions in defense of a network. That should not involve retaliations; hacking back to destroy the other guy’s machine has no useful purpose and should be illegal. But if you see your data going to some other network, why can’t you go into that network for the purpose of getting your data back, or take data off that machine to mitigate the damage? Allowing the private sector to do things like that can help companies make themselves a much less attractive target.”
—as told to Tom Simonite
In the jobless economic recovery, an online labor marketplace thrives.
When Leah Busque worked as a software engineer for IBM’s Lotus group, her favorite part of the job was attending an annual conference at Disney World, because it was the only time developers in her division got to meet customers. It made her realize she wanted to start a business of her own.
So in 2008, just before the financial crisis hit, she quit IBM to work on an idea she had: that people should be able to go online and easily hire their neighbors to do quick errands and other odd jobs. She later called it TaskRabbit.
She assumed that the jobs would mainly attract college students who needed extra cash. But the interest turned out to be much wider. Today, 13,000 TaskRabbits bid for jobs in 14 U.S. cities. Three-quarters of them hold bachelor’s degrees; 5 percent have PhDs. These “micro-entrepreneurs,” as Busque calls them, include retirees, mothers, the unemployed, and the underpaid. They do everything from delivering lunches and fixing toilets to dressing up as a hot dog for a surprise birthday party (true story). Pay might be as low as $10 per task, but some skilled jobs fetch hundreds, especially for TaskRabbits with high reputation rankings on the site. The employer pays a 20 percent commission to TaskRabbit.
Busque says TaskRabbit has just scratched the surface of what it can do. It recently expanded to help small businesses or event planners find temp workers without going through expensive placement agencies or the wilds of Craigslist.
“Our vision is huge: to revolutionize the way people work,” she says. “It’s about offering people more choice on how they work, what their schedules are like, how much they get paid, [and the choice of] being their own bosses.”
A startup called Kaggle tries to bring smart people to knotty problems.
Anthony Goldbloom had been a data analyst when he founded Kaggle, a startup that helps companies outsource thorny problems to data crunchers like him. Yet when he was launching Kaggle, he relied on no data at all. He just figured it would work.
Back in 2008, Goldbloom was taking a break from his job as an analyst at the Australian Treasury. He had a reporting internship at The Economist in London—a position he snagged by winning an essay contest. While working on a story about predictive modeling, he spoke to people at large companies who told him how hard it was for them to make sense of data they had collected. Many companies didn’t even have anyone who could do it.
That gave Goldbloom the idea: he would create a website where data scientists could compete to win cash in their spare time by solving such problems for companies. He didn’t know much about programming, so he taught himself to code and built the website in his bedroom in Melbourne, Australia.
The site launched in 2010 with a contest that Goldbloom conceived and sponsored himself: $1,000 to the person who could determine most accurately how countries would vote in the annual Eurovision Song Contest. The BBC picked up the story, as did the tech news site Slashdot, which helped Goldbloom get the attention of institutions including the University of Pennsylvania and NASA. The insurance company Allstate offered $6,000 to whoever could come up with an algorithm for predicting the bodily-injury liability payments that result from accidents involving particular kinds of cars. An actuarial consultant in Australia took that prize.
As more and more companies began putting forward challenges, more and more data geeks joined Kaggle to vie for the opportunities. Now the user base exceeds 100,000, large enough to give the company another revenue stream: for a fee, it will match up companies with specific top performers.
“If you look around in the professional world, I can’t think of another labor market that’s truly meritocratic,” Goldbloom says. “That’s what we’re trying to create: the better you are, the more you earn, the more work you get.”
When the Internet was getting big in Russia, he was in the right place at the right time. Now he hopes to do it again with personal robotics.
Dmitry Grishin was born on a missile base in the Soviet Union. He grew up around technical people working on secret projects; his father designed radar systems for the MiG-29 jet fighter.
In Russia, every boy wanted to be a spaceman. But Grishin was taken by robotics. He remembers seeing his first Western VCR when he was about 12 and being fascinated by the mechanical movement that drew the tape into the player. There were Russian robots to admire as well, like Lunokhod 2, a remote-controlled lander that had set down on the moon in 1973. “That you can sit on Earth and drive the device—I thought it was so cool,” he says.
Then came the end of the Soviet Union and the tarnishing of its glories. Grishin left home for Moscow State Technical University with a few rubles. But he had a knack for programming and for managing others. By the time he was 20, he was overseeing programmers in Florida for a computer-aided design company from his student hostel in Moscow.
Those were the early days of the Russian-language Internet, known as Runet. The goal was to copy U.S. ideas, much as eBay was copied by Molotok.ru, an auction site Grishin joined in 2000. To stretch Molotok’s limited resources, Grishin hunted online for equipment being sold off by failed U.S. dot-coms, scooping up $100,000 networking devices for $5,000. Later, to expand Mail.ru, an e-mail service, he bought cheap servers from China and used software to create redundancies. “We played a lot of tricks to create a big technology,” he says.
By 2001, Molotok and other struggling Web projects were swept together by Yuri Milner, the Russian financier who later made a killing on Facebook shares. Milner made Grishin CEO of the combined company, which is now called Mail.ru Group. Was it typical in Russia to be picked as CEO at just 24? “There’s not that much typical stuff in Russia,” Grishin deadpans.
To be sure, Mail.ru is Russia’s Yahoo, not its Google. It’s the site with cat pictures and tacky come-ons. It owns chat services, e-mail, and a social network, Odnoklassniki (“classmates”), that attracts a lower-tech crowd. Even so, when Mail.ru staged the first large IPO by a Russian Internet firm, in 2010, it raised $912 million. Grishin has managed to steadily increase the profits from ads and online games. “If you watch the performance of the company, then you’d say he’s an innovative visionary who built well on the business model,” says investment banker Terry Schallich of Pacific Crest Securities, which helped manage Mail.ru’s IPO.
Russia’s non-Roman alphabet made foreign services slow to enter the country. But now that Russia has more Internet users than any other country in Europe, it’s not clear how long the domestic Internet firms can maintain their separate fiefdom. Facebook has started to become very popular. Grishin’s response has been to try to expand Mail.ru outside of Russia, or “to go on the attack,” as he says. In 2012, Mail.ru launched a Twitter rival that it built in a month; it offered big pictures and video (which Twitter now offers too). It didn’t succeed, but Grishin has invested heavily in massive multiplayer games that may yet find an international market.
What has most raised Grishin’s profile outside Russia was his launch in 2012 of Grishin Robotics, a venture firm dedicated to what he calls “personal robotics,” in which he invested $25 million, or about 15 percent of his net worth, he said in a 2012 interview. His fund has invested up to half a million dollars each in companies like DoubleRobotics, maker of a $2,500 telepresence robot, and RobotAppstore, a site to download games or instructions into toy robots.
There’s something childlike about Grishin’s interest in robotics. He likes to imagine automated chairs that would swoop to wherever someone wants to sit. Or drones that fly over a wedding to snap pictures. The holdup to these visions has been technology. Now, with inexpensive sensors and software, he thinks robots—like e-mail in Russia a decade ago—are ready for mass consumer markets.
Digital payment systems dreamed up in the Web era still piggyback on credit card networks. There ought to be a faster and cheaper way.
The Internet can move data from one person to another in a fraction of a second. Why can’t it do the same for money? Ben Milne asked himself that question, and the answer led him to found Dwolla, a digital payment network that could make it faster, easier, and safer for money to change hands.
Dwolla is on track to process over $1 billion for 250,000 consumers and businesses in 2013. It has amassed $22.5 million in venture capital and emerged as a threat not only to the likes of PayPal but also to venerable institutions such as Visa. Yet Milne is not a financier or a university-educated wunderkind. He sports the shaved head and full beard of a San Francisco hipster, but he’s an Iowan who is building his company in Des Moines.
Seated in a conference room at the Silicon Valley offices of his latest investor, Andreessen Horowitz, where the founders of Twitter and Skype got funding that led to Internet glory, Milne discusses the complex world of payments with confidence and liberal use of the phrase “the reality is.”
“The reality is, the way we exchange money makes money worth less,” he says. If you sell something for $100 with a $10 margin, your profit would be $7.50 or less if the customer paid with a credit card. “You can’t drive down the fees with regulation, because that’s the technical cost,” he says. “To remove it, you need a better mechanism for exchanging value. That’s Dwolla.”
Milne grew up in Cedar Falls, Iowa, where he passed the time playing soccer and repairing broken appliances his grandmother collected. When he was in middle school, his father, a dentist, was diagnosed with Parkinson’s disease but was determined to do as much as possible while he still could: he built a public soccer stadium and golf course. Those actions held an important lesson for Milne. “I remember thinking, he didn’t know anything about that, but he figured it out and did it,” he says. “I realized that all you need to do, a lot of the time, is decide what you want to do and just get it done.”
Milne started his first company, which made audio speakers, with $1,200 in savings in 2001, while he was a senior in high school. He dropped out of the University of Northern Iowa to build the business, and by 2008 he was racking up $1.5 million in sales annually. But he was troubled by costs. “We were spending $55,000 a year in credit card fees,” he recalls. “I thought, that’s insane. I’m making the sales, and I just sent these people’s kids to college.”
Milne became convinced that no solution existed and that the only way to get one was to build it himself. Over the next two years, he figured out how to do it. “He would commit himself to doing seemingly impossible things,” recalls Matt Harris of Bain Capital Ventures, who funded Dwolla during this period as a managing partner at Village Ventures. “Then we’d meet three months later, and he would have done them and have a new set of impossible things.”
Dwolla launched nationally in December 2010 and was moving $1 million a day in July 2011. By the end of last year it was doing nearly three times that volume. “It was not a beautiful, predictable, calculated process,” Milne says. “It was ‘Don’t go broke and don’t stop.’”
In a market overflowing with mobile payment services and digital cash schemes, Milne’s service is unique. Nearly all electronic payment systems, including PayPal, are built on the four financial networks that carry noncash transactions. Dwolla (as in “dollar” plus “Web”) can avoid all of them. It has built its own network, known as FiSync, that connects to banks directly. So Dwolla doesn’t need to pay fees to anyone. It can be used in just about any scenario: at a cash register, from a phone or a desktop PC, person to person, business to business, bank to bank.
Merchants get the most obvious benefit: the recipient of a Dwolla transfer pays 25 cents per transaction over $10, but nothing for deals worth less than that. Compare that with the 2 to 3 percent plus 30 cents per transaction typical of credit cards and gateways to credit networks. For consumers, the system is simple: they can send money to an e-mail address, phone number, Twitter handle, or Facebook friend; the recipient will get a message prompting him or her to sign up with Dwolla to accept the money. And banks benefit because Dwolla can move money in real time, a capability no other network has. The Automated Clearing House, or ACH, the bank-to-bank transfer system that credit and debit cards depend on, theoretically settles in 24 hours. But in practice it can take up to five days, creating a risk that payers will turn out not to have the money they thought or claimed they had at the moment of a transaction.
FiSync also adds layers of security. Among other things, money is transferred by means of digital tokens that confer authorization to execute specific transactions; account details themselves are not transmitted. Consequently, Dwolla claims fraud rates an order of magnitude smaller than other transaction systems do.
Technically, FiSync is simple. Logistically, it requires that Dwolla ink deals with every bank in the country. That’s because each bank maintains its own database of accounts. A given institution can transfer funds electronically within its own walls instantly and freely, but to go outside, it needs to use the ACH or wire networks. FiSync would replace those by connecting to every bank’s database directly.
Milne has signed up only 16 financial institutions but says he is on the verge of dramatically expanding that number. It will take a lot of legwork, but he is ready to proceed bank by bank. “In Silicon Valley, people are looking for a silver bullet,” he says. “I look at it like a Midwesterner: I have an ax and I’m going to cut down a tree. You close the first customer, then the second, then the third. It’s hard work, but that’s the way you do it.”
The mPedigree Network, based in Ghana, lets people determine with a text message whether their medicine is legitimate.
“I grew up in Ghana, where we’d inherited the British boarding school system. At Presbyterian Boys High School, many upperclassmen were abusive toward the younger students. Once, I was made to stay awake all night in a kneeling position outside. But in my final year at school I became student council president and led efforts to reduce abuses. That experience opened my eyes to a whole new world of fighting the system—of being an activist. And this led directly to my becoming a technology innovator.
A few years later, after studying astrophysics at Durham University in the U.K., I transferred that instinct to try to help African farmers. They grow food organically by default, because they don’t have money for chemicals. But they also don’t have money for the organic certification process that would let them get better prices. So in 2005, I led a team of PhD students to try to implement a solution using mobile technology.
The idea was that at the point of sale there’d be a code on the product. You’d enter that in a mobile device, and up will pop the history and even pictures of the farm. But we realized a big flaw: farmers have to be trained to do the coding. This was not practical.
But picking up a fruit and wanting to know if it is organically grown is similar to picking up a pack of medicine and seeing if it was properly tested and certified. About 2,000 people die every day from counterfeit medicine. So we shifted the idea to pharmaceuticals.
In 2007 we set up a nonprofit organization in Ghana and rolled out a pilot, and the next year Nigerian health officials invited us to replicate the concept there. But we wanted to get to a point where a big company like Sanofi-Aventis would use us. We learned that most companies won’t do business with an NGO, so in 2009 we launched mPedigree as a business.
You can send a free text message and get a reply in a few seconds verifying [that a medicine] is authentic. In addition, distributors and other middlemen can check the codes to verify that the supply has not been compromised. This helped reveal to a major Indian company that there was pilfering at a depot. Genuine antimalarial medicines would be replaced by counterfeits. The shady characters cannot get away with this anymore. If we had not stopped these leakages in the supply chain, they could have put thousands of patients at risk.
The system is used in Ghana, Nigeria, Kenya, and India, with pilots in Uganda, Tanzania, South Africa, and Bangladesh. We’ve got a relationship with many of the major regional—and a growing number of multinational—pharmas, including Sanofi-Aventis. In Nigeria our codes are on 50 million packs of antimalarial drugs alone, and we have just signed up two Chinese drug makers.
We are now expanding to seeds, cosmetics, and other businesses. And new applications are emerging that we hadn’t expected, in the areas of logistics, supply chain management, and marketing. If you send an SMS to check authenticity, you’ve also given good information about exactly where and when a drug was sold—as well as provided a potential marketing opportunity to dispense coupons. We have built a major platform for supply chains in the developing world. But back at my school, of course, they still remember me as the activist.”
—as told to David Talbot
Screening prospective parents for recessive diseases could be the first big hit in clinical genomics.
No company performs more genomic screens for medical use than Counsyl, a startup cofounded by Balaji Srinivasan. It scans the DNA of parents in 3 percent of all births in the United States. And yet when Srinivasan founded the company in 2007 with friends from graduate school and his brother Ramji, a mathematician who was pursuing an MBA, just about everyone was advising against it.
Their father didn’t want them to go into medicine—which is somewhat surprising given that both of their parents are physicians. “He thought we should go into computer science,” Balaji Srinivasan says. And colleagues at Stanford, where he teaches computational biology and statistics, said that if he was going to found a company doing genetic analysis, it should test for genes that might be implicated in common illnesses like heart disease and diabetes. But Srinivasan didn’t want to get mired in the uncertainty over the complex ways genetics plays out in those kinds of diseases. With genome analysis only just beginning its march from research labs into doctors’ offices and other clinical settings, Srinivasan figured a successful company would need to start with a more straightforward problem. That’s why Counsyl began by testing only for recessive genetic diseases that are extremely well understood. “Anything that is a research question is premature for a business,” he says. “Running a business is hard enough. Your fundamental science has to be rock solid.”
Every year, three out of every 1,000 children are born with a genetic disease, such as cystic fibrosis, that did not afflict the parents—who most likely unknowingly carried a defective copy of a particular gene. If both parents carry a damaged copy, there is a 25 percent chance that their child will have the disease.
For around $99 (after insurance coverage), a couple’s doctor can order a test from Counsyl, which will extract DNA from the parents’ saliva or blood and sequence more than 100 different genes linked to recessively inherited diseases. If prospective parents both carry a broken copy of the same gene, then they can decide what to do: try to conceive naturally despite the risk, avoid conceiving, or use in vitro fertilization to conceive and have doctors screen out embryos that carry the double dose of defective genes. Counsyl is now screening the parents in about 120,000 births each year.
“Diagnostics is going to be completely reinvented by genomics,” Srinivasan says. “And we are one of the first to get out there.”