November 15, 2017

root9B Holdings, a company that many in the security industry consider little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year.

Founded in 2011 as root9B Technologies, the company touted itself as an IT security training firm staffed by an impressive list of ex-military leaders with many years of cybersecurity experience at the Department of Defense and National Security Agency (NSA). As it began to attract more attention from investors, root9B’s focus shifted to helping organizations hunt for cyber intruders within their networks.

By 2015, root9B was announcing lucrative cybersecurity contracts with government agencies and the infusion of millions from investors. The company’s stock was ballooning in price, reaching an all-time high in mid-May 2015.

That was just days after root9B issued a headline-grabbing report about how its cyber intelligence had single-handedly derailed a planned Russian cyber attack on several U.S. financial institutions.

The report, released May 12, 2015, claimed root9B had uncovered plans by an infamous Russian hacking group to target several banks. The company said the thwarted operation was orchestrated by Fancy Bear/Sofacy, a so-called “advanced persistent threat” (APT) hacking group known for launching sophisticated phishing attacks aimed at infiltrating some of the world’s biggest corporations.  root9B released its Q1 2015 earnings two days later, reporting record revenues.

On May 20, 2015, KrebsOnSecurity published a rather visceral dissection of that root9B report: Security Firm Redefines APT; African Phishing Threat. The story highlighted the thinness of the report’s claims, pointing to multiple contradictory findings by other security firms which suggested the company had merely detected several new phishing domains being erected by a comparatively low-skilled African phishing gang that was well-known to investigators and U.S. banks.

In mid-June 2015, an anonymous researcher who’d apparently done a rather detailed investigation into root9B’s finances said the company was “a worthless reverse-merger created by insiders with [a] long history of penny-stock wipeouts, fraud allegations, and disaster.”

That report, published by the crowd-sourced financial market research site, sought to debunk claims by root9B that it possessed “proprietary” cybersecurity hardware and software, noting that the company mainly acts as a reseller of a training module produced by a third party.

root9B’s stock price never recovered from those reports, and began a slow but steady decline after mid-2015. In Dec. 2016, root9B Technologies announced a reverse split of its issued and outstanding common stock, saying it would be moving to the NASDAQ market with the trading symbol RTNB and a new name — root9B Holdings. On January 18, 2017, a reshuffled root9B rang the market opening bell at NASDAQ, and got a bounce when it said it’d been awarded a five-year training contract to support the U.S. Defense Department.

The company’s founders remained upbeat even into mid-2017. On June 6, 2017 it announced that Michael Hayden, the four-star general who until recently served as director of the U.S. National Security Agency, had joined the company’s board.

On June 23, 2017, root9B issued a press release reminding everyone that the company had remained #1 on the Cybersecurity 500 for the 6th consecutive quarter. The Cybersecurity 500, by the way, rates cybersecurity firms based on their “branding and marketing.”

Nobody ever accused root9B of bad marketing. But all the press releases in the world couldn’t hide the fact that the company had never turned a profit. It lost more than $18.3 million in 2016, more than doubling a $8.03 million loss in 2015.

Since August 2017, shares of the company’s stock have fallen more than 90 percent. On Sept. 28, 2017, all of root9B Holdings’ assets were acquired by venture investment firm Tracker Capital Management LLC, and then sold at auction.

On Nov. 13, root9B Holdings issued a press release saying NASDAQ was de-listing the firm on Nov. 15 and that it was ceasing operations at the end of this year.

“With the absence of any operating assets remaining after the Foreclosure, the Company will cease any and all operations effective, December 31, 2017,” the (final?) root9B press release concludes.

Several followers on Twitter say it’s too soon to sound the death knell for root9B as a whole, pointing out that while root9B Holdings may have been gutted and sold, for now it appears the security company root9B LLC is intact and is merely going back to being a private concern.

In any case, the demise of root9B Holdings resonates loudly with that of Norse Corp., another flashy, imploded cybersecurity startup that banked heavily on attracting and touting top talent, while managing to produce very little that was useful to or actionable by anybody.

Companies like these are a reminder that your success or failure in business as in life is directly tied to what you produce — not what you promise or represent. There is no shortcut to knowledge, success or mastery, and this goes for infosec students as well as active practitioners of the craft. Focus on consistently producing quality, unique content and/or services that are of real value to others, and the rest will take care of itself.

Update, 10:30 a.m.: Added perspective from Twitter readers.

40 thoughts on “R.I.P. root9B? We Hardly Knew Ya!

  1. Scott

    “There is no shortcut to knowledge, success or mastery, and this goes for infosec students as well as active practitioners of the craft. Focus on consistently producing quality, unique content and/or services that are of real value to others, and the rest will take care of itself.”

    Such great truth!

    1. dave

      In theory, sure.
      In reality, you need to get real. In this day and age of security practices being derailed at the “base” due to tech. advances just breaking everything. I think you should re-evaluate your statement, sometimes in the field there is NO way to consistantly “FOCUS”on quality. More to the point I think the statement, “focus on the issues of your customer/client/and the environment.”
      Quality may not be available depending on the situation and its constituents.
      Also, Quality is a Subjective term. with the way the threat landscape morphs from day to day, what may be “quality” one day may cause more harm the next.
      As a practitioner, on the front line, try to leverage your resources to the best of the abilities at hand to produced a well informed “fix” that aligns with your client situation, the external impacts at hand, and that it does bring true value to which you are probably being paid for.. Do not mistake a bad idea, or an attempt by some other sphere of influence as an open invitation to go rampant crazy, temper your actions with the thought of “whats really right” based ethical extrapolation of the situation at hand..

      1. dave

        Sorry for the poorly worded and grammatically lacking response. Unfortunately with so many breaches out there pending, and surfaced I had unfortunately gotten distracted.
        My sincerest ap0ologies for wasting any ones time reading my posted comments, as that was not my intent..
        Although, I am sure and or hope that one can extrapolate what I am trying to convey aside from the poor wording..

  2. Phil

    Brian, I love your reporting. In a world of nonsense, you tell it like it is. Please be careful and protect yourself. If the idiots can SWAT you, they can do other things. I want you around forever! I’m sure you’ve got it covered but it stresses me. Anyway, thank you again for your great work.

  3. Geoff

    Here, Here, Brian! Very well said! I agree with the two preceding comments completely.
    While regrettably I don’t expect you (or any of us) will be around forever, I so much appreciate what you do for so many of us who are fighting the good fight it is difficult to express in words.

    Thank you for continuing to keep the world safe from flim-flam artists, shysters and fakes.

    Stay safe!

    No, I would NOT like another bottle of Dr. Good’s.

  4. Joe

    I had the (dis)pleasure of working with this company previously and could tell right away that their technology was a thinly-veiled set of scripts and mashed up code disguised as an enterprise offering. Add to that the military-retiree exchange program in their leadership that relied mostly on their DoD/Gov’t connections for profit told you all you needed to know as to the future of this company. I’m glad I stood firm to never allow these guys into my organization as doing so would have RAISED my security exposure, rather than lower it.

  5. Cynic

    Who needs product? Just market the hell out of yourself, collect big paychecks for a few years, fleece investors and then fold. Laugh all the way to the bank. Nothing new here except the industry.

    1. JimV

      Vaporware has been around since onset of the personal computing age, and release of over-inflated stock-pumping news has been since the onset of those financial instruments even before there were formal markets.

      Good to see that this company won’t be able to pursue either again in the future.

      1. SeymourB

        When it comes to vaporware, one should never forget Microsoft. During the 90s antitrust proceedings they were found to have announced products simply to prevent anyone from buying a competitors new product, many times making announcements before any formal work had begun on the project. The very act of Microsoft’s announcement paralyzed some companies from buying their competitors products. Some projects never got past the planning stages, yet companies still held off purchasing fully available and working products from their competitors.

        In short, Microsoft weaponized vaporware.

      2. Bob

        Vaporware has been around since the very beginning of mainframes.

  6. JCitizen

    It is a sad fact of life, that leaders in big corporations are so ignorant of IT security, that they can be so easily duped by such charlatans. They need to start teaching the tenets of this highly important subject in business schools ASAP!!

    1. Mahhn

      It’s very trusting of you to not think that these prior top 2 weren’t there because they would say what ever those that paid them to.

  7. Anonymous

    You can purchase your position on the Cybersecurity 500 list.
    Norse were ranked number 2 on the list, after Root9B.
    After they closed, they removed them from list retroactively to pretend they were never there.
    I wonder if they’ll try the same with Root9b…

    1. Brian

      No sign of Root9B on the list anymore, although they are still carrying an advert for them. That list is a joke.

  8. Scott L

    Brian – I have been in the industry for decades and I have seen them come and go. This example of BBA (Brilliance By Association) is used in every vertical – relying on the leveraging of several well-known big names, the association of DoD leadership with security value, and marketing sleight-of-hand to create a steaming pile of sparkle that loses it’s luster when a bright light is shown on it.

    I was glad to see that you were one of the bright lights. Keep shining, those of us in the trenches follow you and believe.

  9. Wm Buxton

    We have just started a new IT security training company here ourselves. Please give us a try.

    Brooklyn Bridge IT Security Technologies

    1. Brian Fiori (AKA The Dean)

      Awesome. I’d eagerly buy the Brooklyn Bridge IT…hey wait a minute!!

  10. James

    …”root9B LLC is intact and is merely going back to being a private concern”

    Classic case of whack-a-mole. These guys are going to [try to] have the same “products”, the same “services”, and the same “leadership” that jilted investors and doomed this company. I point fingers at all who led this company, but my middle one goes to their CEO, Hipkins. He knew how to spit shine a turd, collect his winnings, and jump ship when it got bad. Now that’s real leadership (/s). I know many of their current employees and genuinely feel bad for them. They continue to drink the veritable Kool-Aid, but they’ll be unemployed soon enough. I wish them the best.

  11. Adam

    This type of activity is endemic among companies that generals set themselves up to jump to after retiring, as sort of an icing on the cake of their large retirement pays they are already going to be drawing. They use their contacts to ensure plenty of taxpayer-funded business gets funneled into the company that is to take them on, both before and after retiring. Perhaps they even startup their own shop for the purpose. It isn’t at all based on the merit of the companies getting the government contracts, but solely who’s connected to who. It’s pretty sad to see tax paying dollars pissed away in this manner.

    Generals are not much different than corporate CEOs. Yes, there are a few good, innovative, and well intentioned ones, but there are just as many greedy and unethical ones. I think this has been shown as the house of cards has continued to fall over the years with all the scandals involving generals.

  12. PFMonitor

    So many flashes in the pan, although this one sounds like it never intended to innovate, just money grab. Just like Norses Map, that was great for illustrating to dummies how many cyber attacks happen each day, and literally nothing else.

    We are working on our own cyber-security projects, namely our main project PFMonitor which allows remote management, monitoring, as well as cross referencing of actual threat data from your firewalls all under a single pane of glass. It currently works with OPNSense, and pfSense Firewalls, as well as Dell IDrac controllers, we are adding more supported types of firewalls as time goes on.

  13. Ralph Cramden

    So you are saying I should not reply to the email I just received 15 minutes ago from Root9B, hawking their Orkos and Orion products?

    I am inclined to reply with a link to your story just to get a reaction, but then they’d know my email is live…

  14. Terry Bowden

    The kiss of death for Tracker Capital Management, LLC

    “root9B will now operate as an independent, privately-held company with no affiliation with root9B Holdings, Inc. (NASDAQ: RTNB). It will continue to be headquartered in Colorado Springs and led by its *existing management team*.”

    1. Mary

      What do you see for the future of this company? Will they be around in 1 year?

  15. Martin

    I wonder if the only folks who will shed a tear over the root9B demise will be the NSA, DoD and Homeland Security who I suspect leveraged much of any related root9B report/study/marketing invective to sustain or increase government funding for their own initiatives.

  16. Amazon

    Profits? Nobody (certainly not us) needs no stinkin’ profits!!

    Kinda proud of them myself. And, no I’m not talking about Amazon. 🙂

  17. Dave

    I had several sets of interviews with root9b in 2015 as they tried to expand to central MD to accommodate the CyberCom/NSA business in 2015. It seemed off to me that they needed teaching expertise without a solid curriculum in place first or even a building to teach in.

    Glad my Spidey-sense is still working!

  18. JCR

    anything Hayden is involved with is immediately suspect. They snag this retired generals who have no clue about CS just for access, Hayden and the other Cyber Generals, admirals, etc….are on many boards or act as “consultants” to multiple organizations.

  19. Ish Cabible

    Now RTNB is a worthless piece of paper. Sold as high as $11.99 on July 6, 2017. Today, selling for $.34…down $.22 for the day. That equates to a 40.1% loss of principal.

    Such are the [mis] fortunes of Wall Street.

  20. Richard

    No they are alive and well. root9B, LLC – Eric Hipkins and team – is alive and well – and far better positioned than ever before. To include substantial funding and resources.

    Sadly, the Holdings entity (root9B Holdings, Inc. Nasdaq: RTNB) was not successful in selling its “shell”. The board of the Holdings company was forced to put a press release out due to the 8K filing they did on Tuesday. Bottom line is – there were always two entities – root9B LLC and root9B Holdings, Inc. the Holdings company was trying to save the shareholders by selling its public shell following Tracker Capital’s (spin off of Cerberus) acquition of root9B, LLC.

  21. Jeff

    You have to wonder what the do with all that money from funding and the government contracts.

    1. Infosec Pro

      Pay their execs healthy salaries, that they then bank, after raking extravagant expense account write-offs,
      is my guess.

  22. NotMe

    Reminds me of half of the garbage you see at the RSA conference. A total crap show put on by ex government employees for current government employees. What a waste of tax payer money in the name of education.

    Thanks for shedding light on these hucksters.

  23. Dubs

    Didn’t they just shutter the holdings company, and buy the assets , and start a new private Root9B company? It appears they operate with the same management just under a private company.

  24. Rajinder Verma

    Hey Brain,
    Thanks for sharing this update on root9B Holdings company… but i think they must come back soon!

    Keep up the awesome work!


  25. rondity

    Stick with what has been tried and tested first. Let the newcomers prove themselves before using them. All that glitters is not gold.

Comments are closed.