On our new Xconomy Voices podcast, we find the smartest, most successful entrepreneurs and innovators in Xconomy’s network of cities and regions, and we ask them to open up about what they’re working on, what they’re excited about, and why they think their company, product, or idea is going to take the world by storm.
Today, we’re very pleased to roll out Episode 2: Our guest is Christopher Ahlberg, the CEO of Recorded Future, a cybersecurity startup based in Somerville, MA. Recorded Future has an intriguing approach to solving some of the biggest problems in data and network security.
According to Ahlberg, who co-founded the company in 2010, traditional spycraft isn’t enough to keep up with today’s cyber attackers. The real threats won’t be detected by spy satellites, telephone wiretapping, or agents running around on the ground. Security software running on your network or machines isn’t enough, either. He says cyber defenders need to dwell in the same places as the attackers: the Web itself.
“We started off with this idea that the world’s information was quickly flowing to the Internet and the Web,” Ahlberg says. “And so we started off harvesting the Web at a large scale and doing that not just in English but in basically all the languages that bad news happens in: Chinese, Russian, Farsi, Arabic, Spanish, French.”
Ahlberg’s company scours both the public Web and its lesser-known technical and “dark” corners, such as the black-market sites where hackers sell zero-day vulnerabilities that could help other hackers break into corporate or government computer systems.
The startup collects the data, uses a myriad of AI-related techniques to identify patterns in the chatter, and “pre-connects the dots” to help its clients plug holes before they’re exploited, says Ahlberg, a Swedish native who previously founded business intelligence firm Spotfire (which was acquired by TIBCO in 2007).
Sometimes Recorded Future even intervenes directly to take out the threats. In November 2016, for example, the company identified a hacker—they code-named him “Rasputin”—who was selling an exploit that would have opened up access to the U.S. Election Assistance Commission, which tests and certifies voting machines.
“We bought the exploit—which was somewhat edgy, in the way that we did it—we shared that with the relevant government authorities in a nice orderly fashion, and then we worked for them primarily,” Ahlberg says. The company described the episode on its blog in December.
If it feels like cyber attacks are a growing threat, that’s partly because of the endless news coverage of investigations in Washington into Russian interference in the U.S. political system. But Ahlberg says the severity and the absolute number of attacks are also going up.
“We used to see a lot of people… stealing credit card information or stealing credentials,” Ahlberg says. “Now what we saw last year in 2016, and are presumably going to see more of this year, is three things. One is the attack on political elections and the like, political infrastructure… Number two, the idea of attacking the Internet in itself, [like] the Mirai botnet in the fall where somebody attacked the Dyn servers up in New Hampshire… And then, three, systems that we never thought were hackable at all being attacked,” like the Swift money-transfer network, which hackers penetrated last year to siphon $81 million from a Bangladeshi bank.”
“There is a little bit of a perfect storm,” Ahlberg says.