Update: Cybersecurity firm picks Springs for HQ


Last week, Colorado Springs Regional Business Alliance announced that a cybersecurity firm root9B will soon conduct round-the-clock manned cybersecurity operations from its Cascade Avenue headquarters.

root9B is preparing to open its new Adversary Pursuit Center (APC) next month, said Chairman and CEO Eric Hipkins. There, it will provide cybersecurity services by remote computer network.

Hipkins said the APC will provide clients 24-hour, seven-day subscription-based services including “adversary pursuit, perimeter and host-based defense, network anomaly analysis, incident response, malware analysis and credential security,” according to its website.

“There’s not a lot of organizations focused on the adversary,” said Hipkins, 47. “The APC is a needed entity in the market.”

But the company is facing legal trouble, with investors suing for “false and misleading statements” about performance and offerings.

Class action lawsuit

root9B Technologies Inc., the parent company of root9B, faces a class action lawsuit in the U.S. District Court from the Central District of California on behalf of shareholders who purchased or held common stock from RTNB between Dec. 1, 2014 and June 15 this year. The suit was filed by Rigrodsky & Long, P.A.

The complaint alleges,  “Defendants made materially false and misleading statements and omitted materially adverse facts, about the Company’s business, operations and prospects. Specifically, the Complaint alleges that the defendants concealed from the investing public that: (1) the Company does not have an advanced cyber security product offering, and (2) a substantial portion of the Company’s Cyber Solutions consists of a one-time low margin hardware installation, which the Company is moving away from. As a result of defendants’ alleged false and misleading statements, the Company’s stock traded at artificially inflated prices during the Class Period.”

According to seekingalpha.com, root9B (RTNB) is “a worthless reverse-merger created by insiders with [a] long history of penny-stock wipeouts, fraud allegations, and disaster while CEO [Joe] Grano [is] embroiled in ‘fraudulent concealment’ and ‘breach of fiduciary duty’ lawsuit.

“RTNB’s claimed ‘cyber’ business is minuscule and imploding, while not a cyber-tech business but largely appears an old employee training program which RTNB resells or other irrelevant, overhyped offerings,” the website continued. “Insight is provided by investors and industry experts rather than sell-side analysts.”

Reached this week, Hipkins offered no comment on the lawsuit. He said plans for the Colorado Springs headquarters and APC will “absolutely not” change as a result of the lawsuit.

Hipkins said he worked for the federal government as a cryptologist, intelligence analyst and cybersecurity specialist, and while there, he said he realized “the government was not going to solve this problem” with its reactive approach.

In 2011, he launched root9B.

“The country needs an active approach, versus reactive,” he said. “We use our hardware and software to place our operators in the customers’ network to hunt for and remove the adversary.”

But the company’s claims also don’t make sense, according to some Web sources.

The Adversary Pursuit Center will be operated round-the-clock in downtown Colorado Springs starting in August.

Questioning root9B

root9B’s proclamations earlier this year of thwarting a cyber attack by a Russian gang known as the Sofacy Group attracted the attention of former Washington Post reporter and now cybersecurity blogger Brian Krebs.

In his blog KrebsonSecurity, he said, “A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.”

Instead of being a “significant event for the international banking community,” as reported by Hipkins, the “threat,” Krebs wrote, involved “activity stemming from Nigerian scammers who have been conducting run-of-the-mill bank phishing scams for almost a decade now and have left quite a trail.”

Colorado Springs

The company employs 50 people, 30 in Colorado Springs, Hipkins said. It is expanding operations in San Antonio, Texas, New York City, Charlotte, N.C., and Honolulu, Hawaii.

“We expect that to grow significantly in the next couple years,” he said of the Colorado Springs workforce. “We have great access to some of the top industry professionals, based on our careers.”

Hipkins said the company has invested more than $2 million into its APC. He did not release the company’s annual budget or names of its clients.

It is also known as root9B Technologies Inc., a publicly traded company. Wednesday, root9B Technologies Inc. traded at 86 cents per share, according to marketwatch.com.

Hipkins said he located the headquarters in Colorado Springs because of its military bases, colleges and universities, current cyber-focused businesses and defense facilities.

Also, his wife is a native of Colorado Springs, and his first U.S. Army post was at Fort Carson, he said.

He added that discussions of cybersecurity often intermingle with those of space operations, and because Colorado Springs is the center of Air Force space operations, locating the headquarters here was a natural choice.

“Colorado Springs is one of the top cyber communities in the United States, and this new center adds a significant piece to this growing sector,” said Dirk Draper, president and CEO of the Colorado Springs Regional Business Alliance.

“With important assets such as Air Force Space Command, U.S. Northern Command, a new partnership between UCCS and the Army Reserve for developing cyber workforce, and over 40 cyber-focused companies, Colorado Springs will continue to be a top location for cyber activity.”

And other organizations believe the company is an important asset.

In the top 50

According to its website, Cybersecurity Ventures is a “research and market intelligence firm focused on startup and emerging companies and major players in the cybersecurity industry.”

On its Cybersecurity 500, a list of its top innovative companies, CV listed root9B as No. 45.

Cybersecurity Venture’s website said this of root9B: “root9B’s personnel are internationally recognized and trusted providers of advanced cyber solutions, satisfying requirements for missions and enterprises globally.

“We are dedicated to the delivery of solutions and services based on technical innovation and professional excellence. root9B’s workforce consists of U.S. military and law enforcement veterans with extensive experience providing advanced technology solutions,” the website said.


  1. cybercos

    “The country needs an active approach, versus reactive,” he said. “We use our hardware and software to place our operators in the customers’ network to hunt for and remove the adversary.”

    How is this approach NOT reactive? You are searching for adversary on the premise that a client has already been breached (also known as “incident response”). Or, are you searching for the “adversary” on networks that could be hacked (which is literally every one in existence)? It is still reactive because you’re looking for indicators of a breach. Sounds like a managed security service provider. APC is just another fancy way of saying “Security Operations Center”, too.

    By the way, root9b has always been “headquartered” in Colorado Springs.

Comments are closed.