Former U.S. cybersecurity official Chris Krebs and former Facebook chief security officer Alex Stamos have founded a new cybersecurity consultancy firm, which already has its first client: SolarWinds .
The two have been hired as consultants to help the Texas-based software maker recover from a devastating breach by suspected Russian hackers, which used the company's software to set backdoors in thousands of organizations and to infiltrate at least 10 U.S. federal agencies and several Fortune 500 businesses.
At least the Treasury Dept., State Dept. and the Department of Energy have been confirmed breached, in what has been described as likely the most significant espionage campaign against the U.S. government in years. And while the U.S. government has already pinned the blame on Russia, the scale of the intrusions are not likely to be known for some time.
Krebs was one of the most senior cybersecurity officials in the U.S. government, most recently serving as the director of Homeland Security's CISA cybersecurity advisory agency from 2018, until he was fired by President Trump for his efforts to debunk false election claims — many of which came from the president himself. Stamos, meanwhile, joined the Stanford Internet Observatory after holding senior cybersecurity positions at Facebook and Yahoo. He also consulted for Zoom amid a spate of security problems.
In an interview with the Financial Times, which broke the story, Krebs said it could take years before the hackers are ejected from infiltrated systems.
SolarWinds chief executive Sudhakar Ramakrishna acknowledged in a blog post that it had brought on the consultants to help the embattled company to be "transparent with our customers, our government partners, and the general public in both the near-term and long-term about our security enhancements."