That's actually a pretty genius espionage strategy. Don't bother to set-up a fake-ish company to say sell secure phones to cartels. Just wait until somebody does and then buy them out.
They pitch investors on a strategy with a prospectus and then do a capital call when they've identified an acquisition target. The investments are illiquid (and potentially levered with debt), and you typically have to be an accredited investor or a fund manager to get access.
There are also entire non-investment-registered regular C-corps (e.g. Flow) that are, effectively, also "trigger funds".
1. You setup a pool of capital with a small board of all-insiders that are also investors + one token "independent". Usually the token "independent" is also the "face".
2. That pool of capital registers as a normal C-corp in Delaware with the stated "trigger" as a vaguely worded business model.
3. To maintain the illusion of C-corp, you immediately get into a low-capital-requirement "ancillary" slim-margin commodity business. The sole purpose of the "ancillary" business is to have a balance sheet with some assets, debits, credit, and cashflows on the books for auditing, PR, and tax purposes.
4. Whenever the "trigger" happens, all that sleepy capital suddenly awakens for the actual business activity--usually rampant acquisitions and brand consolidation.
5. If the "trigger" never happens, then the business is auto-dissolved with a known prior dissolution agreement between the original partners.
By the way, this is how SPACs were done before formal SPAC regulation. Since so many SPACs failed, this practice of a reversion to non-SPAC SPACs has had a significant upswing.
https://techstrongitsm.com/features/turn-rivers-4-4-billion-... provides more context here: "Turn/River, which specializes in optimizing software companies and cloud-based software-as-service companies, already has investments in cloud-based IT company Paessler and cybersecurity company Tufin."
More generally, this is a leveraged buyout: the acquiring firm uses debt from banks and other sources to pay for most of the acquisition. That debt then becomes the responsibility of the acquired company to service - often pushing the company towards cost-cutting measures and an emphasis on harvesting short-term value from accounts. This is sometimes done in an effective and customer-centric way... but that's not always the case. It's hard to know what the outcome will be here.
Paessler were purchased in May 2024, and by July 2024 they were moving to a subscription, rather than perpetual licensing model, which came with a 100%-ish price increase.
Start the process for a SolarWinds alternative now.
Turn/River is well known in the space if you know about it. They’ve raised like over $100bn across all their funds.
There are hundreds of these firms that you don’t know about and may never know about. They’re not hiding or anything, just the nature of the PE business to work in the background.
I just interviewed an MSP (managed service provider) to take a contact at our company. I turned them down after they told me they use CrowdStrike and SolarWinds exclusively with no other options.
I laughed outright because I initially thought they were joking. The “grey beard” they brought on as their head tech assured me basically that it was OK they both suffered global breaches , that “they can’t be hacked again!”…
Not surprised to see SW or N-Able or whatever change hands. Another company I manage dropped N-Able this year, they saw it coming too.
I'm not disagreeing with your overall point, but I think it's important to clarify that Crowdstrike did not experience a breach -- rather, they pushed a bad software update to their global customer base, resulting in widespread chaos. The cause was an internal mistake, not a threat actor.
Internal mistake seems to be underplaying it. They do not follow modern SDLC practices, have no mechanism for testing, are unable to rollback effectively etc.
The bad software update was a mistake made a global catastrophe due to deliberately bad practices. No tests is not a mistake, they simply did not give a damn.
With such an internal mistake so easily deployed, i would argue that a breach might've already happened that's a lot more sophisticated and was not detected at all.
25 comments
[ 0.63 ms ] story [ 78.8 ms ] threadThere are also entire non-investment-registered regular C-corps (e.g. Flow) that are, effectively, also "trigger funds".
1. You setup a pool of capital with a small board of all-insiders that are also investors + one token "independent". Usually the token "independent" is also the "face".
2. That pool of capital registers as a normal C-corp in Delaware with the stated "trigger" as a vaguely worded business model.
3. To maintain the illusion of C-corp, you immediately get into a low-capital-requirement "ancillary" slim-margin commodity business. The sole purpose of the "ancillary" business is to have a balance sheet with some assets, debits, credit, and cashflows on the books for auditing, PR, and tax purposes.
4. Whenever the "trigger" happens, all that sleepy capital suddenly awakens for the actual business activity--usually rampant acquisitions and brand consolidation.
5. If the "trigger" never happens, then the business is auto-dissolved with a known prior dissolution agreement between the original partners.
By the way, this is how SPACs were done before formal SPAC regulation. Since so many SPACs failed, this practice of a reversion to non-SPAC SPACs has had a significant upswing.
More generally, this is a leveraged buyout: the acquiring firm uses debt from banks and other sources to pay for most of the acquisition. That debt then becomes the responsibility of the acquired company to service - often pushing the company towards cost-cutting measures and an emphasis on harvesting short-term value from accounts. This is sometimes done in an effective and customer-centric way... but that's not always the case. It's hard to know what the outcome will be here.
Start the process for a SolarWinds alternative now.
https://www.theregister.com/2024/07/05/paessler_brings_in_su...
There are hundreds of these firms that you don’t know about and may never know about. They’re not hiding or anything, just the nature of the PE business to work in the background.
I laughed outright because I initially thought they were joking. The “grey beard” they brought on as their head tech assured me basically that it was OK they both suffered global breaches , that “they can’t be hacked again!”…
Not surprised to see SW or N-Able or whatever change hands. Another company I manage dropped N-Able this year, they saw it coming too.
The bad software update was a mistake made a global catastrophe due to deliberately bad practices. No tests is not a mistake, they simply did not give a damn.