25 comments

[ 0.63 ms ] story [ 78.8 ms ] thread
How do these private equity firms no one has ever heard of get $4.4B to make such an acquisition?
That's actually a pretty genius espionage strategy. Don't bother to set-up a fake-ish company to say sell secure phones to cartels. Just wait until somebody does and then buy them out.
(comment deleted)
They pitch investors on a strategy with a prospectus and then do a capital call when they've identified an acquisition target. The investments are illiquid (and potentially levered with debt), and you typically have to be an accredited investor or a fund manager to get access.
Yup. I call these a "trigger funds".

There are also entire non-investment-registered regular C-corps (e.g. Flow) that are, effectively, also "trigger funds".

1. You setup a pool of capital with a small board of all-insiders that are also investors + one token "independent". Usually the token "independent" is also the "face".

2. That pool of capital registers as a normal C-corp in Delaware with the stated "trigger" as a vaguely worded business model.

3. To maintain the illusion of C-corp, you immediately get into a low-capital-requirement "ancillary" slim-margin commodity business. The sole purpose of the "ancillary" business is to have a balance sheet with some assets, debits, credit, and cashflows on the books for auditing, PR, and tax purposes.

4. Whenever the "trigger" happens, all that sleepy capital suddenly awakens for the actual business activity--usually rampant acquisitions and brand consolidation.

5. If the "trigger" never happens, then the business is auto-dissolved with a known prior dissolution agreement between the original partners.

By the way, this is how SPACs were done before formal SPAC regulation. Since so many SPACs failed, this practice of a reversion to non-SPAC SPACs has had a significant upswing.

backing by a big bank or other private financier
https://techstrongitsm.com/features/turn-rivers-4-4-billion-... provides more context here: "Turn/River, which specializes in optimizing software companies and cloud-based software-as-service companies, already has investments in cloud-based IT company Paessler and cybersecurity company Tufin."

More generally, this is a leveraged buyout: the acquiring firm uses debt from banks and other sources to pay for most of the acquisition. That debt then becomes the responsibility of the acquired company to service - often pushing the company towards cost-cutting measures and an emphasis on harvesting short-term value from accounts. This is sometimes done in an effective and customer-centric way... but that's not always the case. It's hard to know what the outcome will be here.

Mostly they're friends with people who control large institutional funds: pensions, endowments, etc.
Corporate welfare, LIBOR loans, over leveraging.
Turn/River is well known in the space if you know about it. They’ve raised like over $100bn across all their funds.

There are hundreds of these firms that you don’t know about and may never know about. They’re not hiding or anything, just the nature of the PE business to work in the background.

papertrail... look how they massacred my boy...
I didn't use it pre-SolarWinds, but even now it seems OK? Hope it stays that way.
Up go prices until all customers leave and then they'll sell off whatever IP is left. Private Equity playbook 101. Sad to see.
What happened? Did they just stall out on growth and the board got the itch to cash out?
Too many security breaches, cash out before the next one!!
They lost too many key contracts after the breach, and they never bothered to fix their reputation.
They were private until I believe 2017 or 18. Not that it matters, the whole company only grew by acquisition
I just interviewed an MSP (managed service provider) to take a contact at our company. I turned them down after they told me they use CrowdStrike and SolarWinds exclusively with no other options.

I laughed outright because I initially thought they were joking. The “grey beard” they brought on as their head tech assured me basically that it was OK they both suffered global breaches , that “they can’t be hacked again!”…

Not surprised to see SW or N-Able or whatever change hands. Another company I manage dropped N-Able this year, they saw it coming too.

I'm not disagreeing with your overall point, but I think it's important to clarify that Crowdstrike did not experience a breach -- rather, they pushed a bad software update to their global customer base, resulting in widespread chaos. The cause was an internal mistake, not a threat actor.
Right, that's much worse.
Internal mistake seems to be underplaying it. They do not follow modern SDLC practices, have no mechanism for testing, are unable to rollback effectively etc.

The bad software update was a mistake made a global catastrophe due to deliberately bad practices. No tests is not a mistake, they simply did not give a damn.

With such an internal mistake so easily deployed, i would argue that a breach might've already happened that's a lot more sophisticated and was not detected at all.
That their shitty internal processes permitted such a thing to happen indicates that they _were_ the threat actor.