From Wikipedia, the free encyclopedia

ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures (Tom Crotty, Sunil Dhaliwal, and Scott Tobin) and Ted Julian. Its initial core team of technologists included Dan Geer (Chief Technical Officer) and the east coast security team from Cambridge Technology Partners (including Dave Goldsmith).


In January 2000, @stake acquired L0pht Heavy Industries (who were known for their many hacker employees), bringing on Mudge as its Vice President of Research and Development. Its domain name was atstake.com.[1] In July 2000, @stake acquired Cerberus Information Security Limited of London, England, from David and Mark Litchfield and Robert Stein-Rostaing, to be their launchpad into Europe, the Middle East and Africa.[2] @stake was subsequently acquired by Symantec in 2004.[3]

In addition to Dan Geer and Mudge, @stake employed many famous security experts including Dildog, Window Snyder, Dave Aitel, Katie Moussouris, David Litchfield, Mark Kriegsman, Mike Schiffman, Chris Wysopal, Alex Stamos, Cris Thomas, and Joe Grand.[4][5]

In September 2000, an @stake recruiter contacted Mark Abene to recruit him for a security consultant position. The recruiter was apparently unaware of his past felony conviction since @stake had a policy of not hiring convicted hackers. Mark was informed by a company representative that @stake could not hire him, saying: "We ran a background check." This caused some debate regarding the role of convicted hackers working in the security business.

@stake was primarily a consulting company, but also offered information security training through the @stake academy, and created a number of software security tools:

  • LC 3, LC 4 and LC 5 were versions of a password auditing and recovery tool also known as L0phtCrack
  • WebProxy was a security testing tool for Web applications
  • SmartRisk Analyzer was an application security analysis tool
  • The @stake Sleuth Kit (TASK) was an open source digital forensics tool (now called The Sleuth Kit).

Symantec later stopped selling LC5 to new customers citing US Government export regulations, and discontinued support in December 2006.[6] In January 2009, L0phtCrack was acquired by the original authors from Symantec; L0phtCrack 6 was announced at the SOURCE Boston Conference on March 11, 2009.[7] The technology underlying SmartRisk Analyzer was extended, and eventually brought to market by the Symantec spinoff Veracode.

Symantec announced its acquisition of @stake on September 16, 2004,[8] and completed the transaction on October 9, 2004.[9]

Several members of @Stake left to form the computer security company "iSEC Partners"[10] in 2004. Former @stake academy instructors Rob Cheyne and Paul Hinkle later formed the information security training company "Safelight Security Advisors"[11] in 2007. The remaining portion of the @Stake consulting group continues to operate as the "Security Advisory Services"[12] team within Symantec's Security Business Practice.

Post @stake[edit]

Numerous @stake employees pre and post the acquisition by Symantec started their own cyber security services companies, these included:

  • iSec Partners, USA
  • ImmunitySec, USA
  • Matasano, USA
  • NGS Software, UK
  • Safelight Security Advisors, USA
  • Leviathan Security , USA
  • VSR, USA

of these companies NCC Group latterly acquired:

  • NGS Software, UK
  • iSec Partners, USA
  • Matasano, USA
  • VSR, USA


  1. ^ "A disaster foretold — and ignored". Washington Post. June 22, 2015.
  2. ^ Bacon, Jono. "A Security CEO and Two Hackers on Building a Safer Internet, Powered by a Community of Hackers". Forbes. Retrieved 2020-04-15.
  3. ^ "Exclusive: Facebook ex-security chief: How 'hypertargeting' threatens democracy". finance.yahoo.com. Retrieved 2020-04-15.
  4. ^ Fisher, Dennis (6 March 2018). "'We Got to Be Cool About This': An Oral History of the L0pht, Part 1". Decipher. Duo Security. Retrieved 17 June 2018.
  5. ^ "Space Rogue". Forbes. USA. 7 Feb 2000. Retrieved 18 Dec 2017.
  6. ^ Naraine, Ryan (2006-03-08). "Symantec Pulls Plug on L0phtCrack". Retrieved 2008-09-18.
  7. ^ "New version of L0phtcrack to be unveiled next week". Infosecurity Magazine. 2009-03-03. Retrieved 2009-05-29.
  8. ^ "Symantec press release, September 16, 2004". Archived from the original on 2005-12-12. Retrieved 2005-10-26.
  9. ^ "Symantec press release, October 9, 2004". Archived from the original on 2009-07-31. Retrieved 2018-09-07.
  10. ^ "www.nccgroup.trust/us/our-services/cyber-security/". www.nccgroup.trust. Retrieved 2018-04-02.
  11. ^ "Application Security Training and Assessments - Security Innovation". Archived from the original on 2014-08-13. Retrieved 2020-06-06.
  12. ^ Symantec.com Archived 2010-09-07 at the Wayback Machine

External links[edit]