As an analyst for the CIA, Tim Junio spent three years keeping tabs on the United States’ adversaries, watching their digital attacks on the networks and electrical grids that kept the country going. In 2014, he was consulting for DARPA, the Department of Defense’s research arm, when he helped uncover potential weaknesses in government’s digital framework, those that would be cataclysmic for the U.S economy if attacked by an enemy of the state. He remembers reporting back to his DARPA overseers that with just two lines of code, they could cause large-scale web blackouts. “Basically enough to have a noticeable degradation on internet performance, particularly in the U.S. and Europe,” Junio, 32, told FORBES.
“The internet is much more broken than people think… It’s kind of amazing it works every day.”
In these holes, Junio and three of his DARPA comrades saw a million-dollar opportunity. Several million dollars, to be more accurate, in the form of a company that continuously scans servers, routers, CCTV cameras, power plant control systems – any device connecting to the public internet – and reports back vulnerabilities to customers before malicious hackers get there first. That’s the tech behind their business Qadium, which just received $20 million in a Series A funding round led by NEA’s Scott Sandell, a decade-long member of FORBES’ Midas List of top tech investors. Prior to this payday, shared exclusively with FORBES, Peter Thiel, another Midas list member, Facebook FB +0% board member and chairman of US government favorite and Big Data giant Palantir, led seed funding in 2015 of $6 million.
Now living in San Francisco — ground zero for tech startups — Junio serves as CEO alongside CTO Matt Kraning and chairman Shaun Maguire (former CEO and co-founder Joe Meyerowitz departed due to health reasons). They claim it’s the first comprehensive, customer-focused, web-scale sensing company – what most would call mass scanning – and the Google GOOGL +0% Street View for devices on the internet.
Over the last three years of being in stealth mode, Qadium’s globally-distributed servers have been blasting scripts to collect hundreds of terabytes of data, building up a monstrous encyclopedia of billions of internet-connected machines. For governments and private firms who can afford up to $1 million a year access to Qadium’s Expander browser-based tool, they can expect to learn about pieces of their network they never knew existed, as the platform creates links between different pieces of connected hardware spread across the world. They’ll also receive warnings about any hackable machines they own, failing firewalls and unauthorized IT deployments.
Folk in Washington D.C. are not balking at the cost, nor the original concept. The Department of Defense has given more than half a dozen contracts to Qadium. Government records show state Qadium spend at $6.3 million since the firm’s founding in 2013 (Junio claims that figure is significantly lower than the real amount but won’t say how much it’s earned from the Obama administration), as the administration tries to prevent another catastrophic, OPM-esque breach from happening again.