DARKTRACE plc DARK S
January 31, 2023 - 7:36am EST by
rodin1975
2023 2024
Price: 209.30 EPS 0 0
Shares Out. (in M): 718 P/E 0 0
Market Cap (in $M): 1,503 P/FCF 0 0
Net Debt (in $M): 51 EBIT 0 0
TEV (in $M): 1,238 TEV/EBIT 0 0
Borrow Cost: Available 0-15% cost

Sign up for free guest access to view investment idea with a 45 days delay.

 
* Idea not eligible for membership requirements

Description

Autonomy 2.0?

The dark side of Darktrace

A picture containing sky, outdoor, nature

Description automatically generated

 

Report by Quintessential Capital Management

Monday, January 30, 2023

DISCLAIMER

This presentation reflects the opinions and projections of Quintessential Capital Management ("QCM") as of the date of publication, which is subject to change without notice at any time following the date of issue.   QCM does not represent that any opinion or projection will be realized.  While the information presented in this report is believed to be reliable, no representation or warranty is made concerning the accuracy of any data presented in this report or its attachments.   All information provided in this report is for informational purposes only and should not be deemed as investment advice or a recommendation to purchase or sell any specific security.  

QCM, with the aim that investors should pay the right price when investing in shares and in recognition of the need to support market integrity and public confidence, has an economic interest in the price movement of the securities mentioned in this report, but QCM's economic interest is subject to change without notice at any time including during or immediately following the release of this report. QCM reserves the right to purchase, sell and/or sell short the securities mentioned in this report and any other securities at any time without notice.

This report may not be reproduced or transmitted to third parties without prior written permission from QCM. 

The information presented in this report is supplemented by footnotes, which identify QCM's sources, assumptions, estimates, and calculations.  The information contained herein should be reviewed in conjunction with the footnotes. Readers should do their autonomous evaluations in relation hereof.

This report shall not constitute an offer to sell or the solicitation of an offer to buy any interests in any fund managed by QCM or any of its affiliates.  Such an offer to sell or solicitation of an offer to buy interests may only be made pursuant to definitive subscription documents between QCM and an investor.

Quintessential is SHORT shares of Darktrace (“DT”)

 

IMPORTANT: the following text contains important hyperlinks and footnotes

Executive Summary

Even before the mysterious failure of the sale to US private equity fund Thoma Bravo, we have targeted Darktrace (“DT”) with a thorough investigation into its business model, selling practices, international partnerships, affiliates, and sales force. After a careful analysis, we are deeply skeptical about the validity of Darktrace’s financial statements and fear that sales, margins, and growth rates may be overstated and close to a sharp correction. 

Our opinion is based primarily on numerous transactions we detected during the period leading to DT’s IPO seemingly involving simulated or anticipated sales to phantom end-users through a network of willing resellers. Darktrace seems to have repeatedly used marketing activities to channel funds back into its partners as payment for apparently fictitious purchases. These alleged channel stuffing and round-tripping activities seem to have even involved shell companies in offshore jurisdictions manned by individuals with ties to organized crime, money-laundering, and fraud. 

While the transactions we detected are limited to the geographical areas we focused on during our investigation and to the period preceding DT’s IPO, we are concerned that the issues they flag may be systemic and widespread.

Moreover, we have detected a pattern of transactions suggesting that a portion of Darktrace’s past recurring software sales may instead be one-off sales of hardware appliances, an issue with a potentially strong impact on DT’s financial metrics. Too, accounting anomalies involving deferred revenue suggest possible problems with DT’s revenue recognition, providing a potentially misleading picture about the Company’s cash generation.

Finally, we suspect that a large portion of legitimate sales have been obtained through an extremely aggressive sales force thanks to unsustainably high marketing expenses (about 100% of revenue) and despite an impossibly low R&D budget (less than 10%). We fear that true customer retention and addressable market are much lower than advertised and that sales momentum might be about to drop as the surge in contracts signed before Darktrace’s IPO expire without being renewed by disappointed customers.  

Far from coincidental, we believe that this situation may exist because Darktrace has been led or strongly influenced by many of the very same individuals that participated in the Autonomy debacle, especially during the years leading to its IPO and to an even greater extent than is currently acknowledged by the public.  

We are about to show you detailed evidence and specific instances of these alleged situations including names, dates, sums, and entities involved. In most cases you will be able to confirm our findings using the same public sources we used. 

If our allegations are confirmed, we expect Darktrace to follow the same tragic destiny of its predecessor, Autonomy. 

 

Given the above, we would like to give our strongest possible warning to investors and believe that DT’s equity is overvalued and liable to a major correction, or worse



Quintessential and its goals

We are an American hedge fund based in New York City. Our main activity consists in identifying, investigating and exposing fraud and criminal conduct in public companies around the world. 

We use state-of-the-art investigative techniques and only act after acquiring overwhelming evidence to substantiate our claims. Since 2015, we have completed over ten short activist campaigns exposing various dishonest companies with a 100% success rate.  

Our recent intervention against Cassava Sciences, was closely followed by the announcement of critical regulatory and criminal probes by US federal authorities.

In July 2019, our in-depth report named “A Parmalat in Bologna” led to the collapse of the Italian €1.1b-unicorn Bio-on S.p.A. and the arrest and criminal prosecution of the executives involved.

In May 2018 our campaign against the Greek retailer Folli Follie led to the collapse and de-listing of the company in just three weeks: the perpetrators are currently behind bars. 

In December 2018, our action against Aphria, a Canadian cannabis company with a market cap of more than $4 billion, led to the immediate collapse of the stock and the dismissal of the entire board of directors. 

In 2015 our report entitled "A Greek Parmalat" on Globo Plc led to the immediate collapse of the stock, bankruptcy of the company and resignation of the executives involved, who promptly admitted their guilt. 

We also exposed fraud at Akazoo, a Nasdaq-listed music streaming provider. The stock collapsed, was delisted, and management was successfully sued by the Securities and Exchange Commission.

Our 2020 intervention  against Penumbra, a US medical device manufacturer, has led to an immediate FDA recall of the product we denounced as deadly (stock price dropped 36%).

We are a commercial enterprise, and we work for profit. However, we firmly believe in the moral character of our work, which has the effect of removing dishonest companies from the markets. These "bad apples" take financial and human resources away from legitimate companies and harm both shareholders and the public.

 

Methodology

There have been several whistleblowers pointing to possible issues with DT’s corporate governance and culture, sales practices, or accounting standards. Most of the red flags presented so far are worrisome, but there has been no mention of irregular business practices. In our investigation we aimed to gather evidence of questionable conduct, to understand in depth the dynamics of the alleged situation and to analyze its implications.

 

Given its close ties to Autonomy, it would be reasonable to wonder whether certain individuals within DT’s management team may have been tempted to replicate its problematic sales practices, perhaps with additional sophistication. We note that DT started operating in 2013, well before the Autonomy debacle led to pecuniary and criminal penalties for the perpetrators. Indeed, given the remarkable transaction price paid by HP, the Autonomy fraud may have been seen initially by its leadership as a successful “model” to be replicated elsewhere. We will show convincing evidence that, at least until the IPO and possibly beyond, DT may have been de facto led by Autonomy’s former management team.

 

We studied Autonomy’s legal proceedings and identified problematic business practices that may have been exported to DT as well. The next obvious step was investigating DT and checking for the presence of these irregular practices.

 

DT is a sizeable multinational company claiming over 7,000 customers, 500 “partners” (e.g., distributors and resellers) and operations in over 100 countries. It would have been prohibitively expensive and time consuming to probe DT’s entire network systematically. Instead, we focused our attention on a handful of European countries (especially Italy, Monaco, Malta and Switzerland) and Latin America (especially Central America) and sought to understand how DT operates there. 

 

Following months of careful investigation, we collected a sample of dubious transactions that appear very similar – or even identical - to the ones that brought Autonomy to its demise. While each instance individually constituted a small portion of DT’s business, when taken together these problem practices give rise to the concern that there may be a more systematic problem and, in our opinion, put into question the reliability of DT’s financial statements. 

 

It is important to point out that, while we feel confident in the transactions we highlighted, only an in-depth government probe can definitively confirm and assess to full extent of this alleged situation.

 

Our investigation focused on the following activities: 

 

  • Analysis of DT’s and selected partners’ official filings 

  • Analysis of Autonomy’s court documents

  • Interviews with industry participants

  • Background checks on selected individuals & corporate entities

  • Open-source information e.g., social media

  • Site visits

  • Expert opinions from high-level accountants, legal advisors, and IT experts

 

The initial part of this report will provide a quick overview of the Autonomy fraud and its extensive links with DT. The next section will carefully explain the dynamics of the alleged scheme and provide many examples of problem transactions we identified during our investigation. The final part explores how accounting anomalies and opinions of employees and clients seem highly consistent with our findings. We also show convincing evidence that DT may be at an inflection point indicating a possible imminent unfolding of its fate.

The Autonomy saga [if you are already familiar with Autonomy and its ties to DT you may skip to page 21]

Background

The nature of DT’s alleged scheme cannot be grasped without understanding the Autonomy story since, as we will see, DT seems to be engaging in a similar behavior, at least in the areas we sampled.

Autonomy was an enterprise software company co-founded in Cambridge (UK) in 1996 by Mike Lynch, a British entrepreneur. The company claimed to utilize artificial intelligence (AI) to aid enterprises in document management.

 

Autonomy’s rise climaxed in 2011 when it was acquired by Hewlett-Packard for $11.7b. Within a year, HP wrote off 75% of Autonomy's value claiming that its management had “used accounting improprieties, misrepresentations, and disclosure failures to inflate the underlying financial metrics”. The affair led to a civil lawsuit by HP and a criminal probe by the US Department of Justice, both of which ended catastrophically for Autonomy, with heavy fines and criminal prosecution for its executives. The civil proceedings in the UK terminated in 2022 with an adverse outcome for the company. 

 

 

Autonomy’s fraudulent practices

The case against Autonomy was challenging due to the fraud’s high level of sophistication. A summary of the allegations can be found in the sentencing in the UK lawsuit dated May 17th 2022 and in the US criminal proceedings:

 

(1) artificially inflating and accelerating Autonomy’s reported revenues

(2) understating Autonomy’s costs of goods sold to inflate gross margins

(3) misrepresenting Autonomy’s rate of organic growth; and

(4) misrepresenting the nature and quality of revenues, as well as overstating gross and net profit

 

This scheme included the following sales practices which may not have been illegal per se, but together had the effect of inflating the perceived value of Autonomy’s. We believe we have identified some of these practices in DT’s modus operandi as well:

 

  1. VAR or “anticipated” sales: a form of channel stuffing i.e. inflating revenue by pressuring resellers to acquire a product in the absence of a committed end user.

  2. Reciprocal transactions: a form of round-tripping with a company selling an unused product or service to a reseller, agreeing to buy back an item of similar same price.

  3. Acceleration of revenue: front loading sales contracts with increasing revenue on the first year at the expense of the subsequent years and thereby misleadingly  inflating recurring revenue figures.

  4. Hardware transactions: Autonomy would buy hardware in the open market and sell it at a loss to resellers. This was at odds with Autonomy’s description as a “pure software” company and generated fictitious revenue. Too, the cost of hardware purchases was erroneously booked as a “sales & marketing” expense, rather than as cost of sales, misleadingly inflating gross margins. Finally, Autonomy would use such sales to reward resellers.

 

DT and Autonomy: multiple worrying links

A screenshot of a computer

Description automatically generated with low confidence

“Dr [Mike] Lynch ran the Autonomy group informally and through small cliques of loyal lieutenants within the “MRL Leadership Group”, namely Mr Hussain, Mr Kanter and Mr Chamberlain, with lesser input from Dr Menell and Ms Eagan, implementing decisions at the sales level, and through Mr Egan, Mr Scott and Mr Sullivan in the US. I describe them later as a cabal, of which Dr Lynch, when not ostensibly involved, was nevertheless the éminence grise.” 

 

Honourable Mr Justice Hildyward

Text

Description automatically generated

Screenshot from Autonomy’s annual report showing how almost all of Autonomy’s executives are now (or have been) running DT

 

DT appears to be profoundly linked to Autonomy through common leadership, key investors, offices and, as we shall see, alleged business practices: this bond is key to the allegations at the core of this report. As of February 2020, “half of DT’s board and six of its eight top executives are ex-Autonomy folks, which included Gustafsson (ex-corporate controller) and co-CEO Nicole Eagan (ex-chief marketing officer) . 

 

Autonomy’s former leadership

Mike Lynch (CEO) and Sushovan Hussain (CFO) have been heavily sanctioned for the Autonomy fraud and their links to DT have been extensive from day one. 

 

Mike Lynch features prominently as DT’s co-founder, early provider of capital, and inventor of the company’s flagship product. Until recently, he remained a member on the company’s advisory council, and he still owns, together with his wife Angela Bacares, a 12% stake in the company. 

 

Sushovan Hussain was a director at DT until 2016, when he was charged (and convicted) for fraud. He is currently serving a 5-year sentence in a US federal prison. Moreover: 

 

“interviews with more than 25 current and former employees reveal his lasting and sometimes troubling influence on the rapidly growing cybersecurity firm. […]

 

“In the early days, Hussain was guiding the management team at DT, including Gustafsson (who started off as financial controller) and chief revenue officer Nick Trim.” […]

 

“He would also ask staff from various offices for daily sales updates (something DT disputes) and helped develop sales strategy, according to former employees, one of whom said that was the case up until at least mid-2017.”

Indeed, even DT seems transparent about Invoke Capital’s involvement in DT’s management, at page 189 of the 2021 Annual Report (see figure below) DT mentions paying over $4m/year to Invoke for “management support services” as well as receiving significantly amounts of money for seemingly sharing office spaces.

Graphical user interface, text, application, email

Description automatically generated

DT’s current executives

Overall, According to ShadowFall’s research, about 41 former Autonomy employees ended up at DT, of which more than 25 remain, including Gustafsson and chief strategy officer Nicole Eagan. During Lynch’s civil fraud trial, lawyers for HP described Eagan as part of a trusted “cabal” around Lynch […]”

 

Our investigation identified many of Autonomy’s or Invoke Capital’s former employees in DT’s current leadership. Again, the presence of shared staff between DT and Autonomy does not automatically suggest that any individual may be necessarily involved in the situations we report in this document. We list a few notable findings: 

Poppy Gustafsson – DT’s CEO & Board Member (previously CFO, COO). She was a Corporate Controller at Autonomy (2009-2011) and Assistant Manager at Deloitte (the auditing firm fined £15m for failings in its audits of Autonomy). One could wonder whether having served as a “financial controller” for a confirmed fraud represents an appropriate credential to head a public company.

Her promotion to the C-suite, despite no prior experience in leading a large corporation, fits the concern that she may have been coached “remotely” by Mr. Lynch and Mr. Sushovan. We note that Mrs. Gustafsson’s prior involvement with Autonomy does not show in her biography on DT’s website (a common pattern, as we shall see): 

Unlike her Linkedin profile on the left, CEO’s bio on DT’s website (on the right) doesn’t mention her involvement with Autonomy 

 

Leadership | Darktrace

Nicole Eagan – DT’s Chief Strategy Officer (previously Co-CEO). She was Chief Marketing Officer at Autonomy between 2005 and 2012, (not mentioned in her bio on DT’s website). “During Lynch’s civil fraud trial, the presiding judge described Eagan as part of a trusted “cabal” around [Mike] Lynch […]”

Steve Chamberlain, Chief Operations Officer, Darktrace

Stephen Chamberlain: according to this Forbes article, he was DT’s Chief Operations Manager until 2020 and Finance VP at Autonomy, for which he was criminally charged by the US authorities. 

 

A picture containing person, suit, person, clothing

Description automatically generated

Eloy Avila – DT’s Chief Technology Officer. Between 2004 and 2014, he has held extensive posts at Autonomy, ranging from CTO to VP of “Presales”. As usual, this is not mentioned on his DT website bio.

 

Emily Orton (@Freida21) / Twitter

Emily Orton – DT’s former Chief Marketing Officer (until July 2022). Between 2009 and 2013, she was EU Marketing Manager at Autonomy (as usual, we could not find this on DT’s website bio). She was also Senior Associate at Invoke Capital, in 2012-2014.

 

A person wearing glasses

Description automatically generated with low confidence

Vanessa Colomar – board member (recently resigned her post). She was SVP of Communications at Autonomy (2011-2012), despite reporting this on LinkedIn just as “HP” instead of “Autonomy HP”. She is the only Director or Executive, for which the DT’s website bio mentions her past at Autonomy, perhaps because she has held a position not directly related to the accounting fraud, unlike Gustafsson, Eagan and others. She is also Co-Founder, Partner and the Head of Communications and Investor Relations at Invoke Capital. 

 

Profile photo of Andrew Kanter

Andrew Kanter – former board member of DT. He was Autonomy’s Chief Operating Officer for 11 years and his name features prominently in Autonomy’s legal proceedings. He was also a partner at Invoke Capital for 9 years. 

 

DT’s shareholders

As of the time of writing, more than 25% of DT’s shares are held by entities directly or indirectly related to the people involved in Autonomy, as can be seen from the table below:

 

 

Notably, the list above includes Mike Lynch (and his wife Angela Bacares), Sushovan Hussein, Andrew Kanter and Nicole Eagan. All these individuals feature prominently in the Autonomy fraud’s legal proceedings and constitute four out of six members of the “cabal”. 

According to DT’s 2021 annual report, Invoke Capital, was deemed to have significant influence over DT especially in the years 2019-2021, during which it held at peak 42% of DT’s shares.

 

The emblematic case of Corrado Broli

 

The name of “Corrado Broli”, DT’s country manager for Italy, features extensively in Autonomy’s fraud trial. According to the proceedings Mr. Broli, who was also country manager for Autonomy for almost 14 years, had a central role in the execution of two of Autonomy’s largest fraudulent transactions: the Vatican “sale” and the “sale” to Poste Italiane. We invite the reader to read the relevant part at this link. In short, Autonomy was in the early stage of a direct marketing pitch to the prestigious Vatican Libraries for a large $11m-sale of its software. Though the Vatican was still far from committing, Autonomy decided to seek the help of one its partners, MicroTech, to “anticipate” the Vatican purchase in exchange for a 5% fee: this was a typical fictitious “VAR sale”. Unfortunately, the Vatican dropped out of the sales process, leaving MicroTech on the hook for the bill. To get it “off the hook” Autonomy purchased software it did not need from MicroTech in a typical “backfilling” (i.e., round-tripping) transaction. Broli had a primary role in this transaction since he was conducting negotiations with the Vatican and because he suggested the use of a partner to “anticipate” the sale. 

In a similar episode, presumably under pressure by Autonomy’s management, Mr. Broli seems to have engineered a fictitious sale to Poste Italiane through a little-known Italian reseller called “Sales Consulting s.r.l.”. Even Autonomy’s CFO Hussain was skeptical as he asked Broli to provide a corporate email address and evidence of creditworthiness for the partner in question. Broli failed to provide either, despite repeated requests. Finally, there was no evidence suggesting that Poste Italiane was indeed an end user. Despite all this, the CFO recorded that “sale” in Autonomy’s financials. Sure enough, Sales Consulting s.r.l. never paid up and filed for bankruptcy shortly after the “purchase”. 

This episode appeared in the lawsuit because it showed a willingness to book a fake sale to non-creditworthy entity. However, it is interesting to us because it shows that Broli seemed to have had no problem producing dubious sales to meet his quotas, apparently eluding even his own fraudulent boss. Now the important takeaway: despite alleged deception, lack of integrity and complicity with the Autonomy fraud, Broli was nevertheless invited to join DT with the very same position that he held in Autonomy: country manager for Italy. We can’t help but wonder whether this alleged lack of integrity, even to his own bosses, may have been overlooked because his “creativity” might have been a useful asset to DT. Whatever the reason, we believe that the presence of a man like Corrado Broli may go a long way to explain the presence of the irregularities we are about to show you. We point out that Mr. Broli has not been charged of any crime.

 

Graphical user interface, text, application

Description automatically generated

Graphical user interface, text, application

Description automatically generated

Glassdoor reviews of former employees of DT alleging close management ties to Autonomy 

 

How the alleged DT system works 

Based on the evidence we reviewed, we asked ourselves whether and how DT may be using multiple venues to inflate its revenue, profit margins and growth rate. What follows is our conclusion about these dubious dynamics, based on the evidence that we will share later in this report. 

 

Channel Stuffing and “anticipated” sales

DT originates roughly a third of its sales from channel partners, including so-called “value added resellers”. Our field investigation suggests that, at least in the geographic areas and periods we investigated, DT frequently scrambles to boost its booked revenue to meet analysts’ expectations. We understand that DT occasionally identifies a direct potential client from its pipeline and asks a reseller to advance a purchase on behalf of that client, posing as an intermediary. The reseller in question is financially incentivized to do so and assumes that no payment is due to DT until the end-user buys the product. 

If all goes well, the end-user completes the purchase from the reseller, enabling it to pay back DT in the next quarter. This looks to us like a form of channel stuffing and has the effect of shifting tomorrow’s revenue into today’s books: it is both unlawful and unsustainable. We roughly estimate that a sizeable portion of DT’s indirect sales transactions may be of this type in the areas and in the period we sampled.

How do these alleged transactions evade the “watchful” eyes of the auditor? First, auditors presumably have access only to the contract between DT and the reseller, not to the one between the reseller and the end user. Second, because DT utilizes, as end-users, clients where a DT hardware device has already been deployed as part of a trial period, if an auditor were to verify a suspicious transaction, it would find an executed contract with a reseller and a device shipped to an end user. The auditor would be presumably unable to detect that the end user has not yet committed to a purchase (and can abandon the sales process at any time).

 

 

Alleged Round-tripping & Fictitious Sales

Occasionally, the end-user in an anticipated transaction drops out of the sales process, leaving the reseller formally indebted to DT for a product it purchased on behalf of a now “phantom” client: this creates an open receivable bound to elicit questions from the auditors. We fear, based on our due diligence, that DT may have been tempted to solve this problem in multiple ways, none of which look kosher:

  1. It may sponsor a seminar, or other marketing event organized by the indebted reseller, which can then use the sponsorship money to repay DT for the fictitious sale.

  2. It may sponsor a reseller’s participation (e.g., purchasing a conference stand) to a sought-after third-party marketing event as payment/incentive.

  3. It may use a shell company in an offshore jurisdiction to pose as a phantom client for that reseller and channel funds into that shell company through hard-to-detect cross-country transactions.

  4. It may instruct its sales force to onboard new direct clients through the reseller until it receives enough business to extinguish its obligation to DT.

Option 1), 2) and 3) essentially would allow DT to fabricate its own sales in circular transactions financed by its marketing budget. Option 4) still qualifies as channel stuffing with additional complexity, as it appears that the initial agreement with the reseller, and DT’s own internal records, may contain the identity of the original end-user, rather than its substitutes.

 

Allegedly disguised hardware sales

Most companies nowadays deliver their software through the cloud, but DT oddly provides its services mostly through hardware appliances which are ostensibly not sold to clients, but given out on loan and accounted for as DT’s assets. Because the appliances remain on DT’s book, their cost is slowly depreciated over a 5-year period, rather than expensed immediately as cost of goods sold, boosting profit margins. 

Our investigation has identified several instances where, at least until 2020, DT may have sold, not lent, its appliances to end-users while probably keeping the devices on its books as assets. Basically, the same device would appear as a capex sale in the contract between the reseller and the end user but would show up as loaned in the contract between the DT and the reseller. This discrepancy is absurd but invisible to the auditors which presumably have access only to the agreements between DT and the resellers. 

If confirmed, this practice has dire implications:

  • One-off hardware appliance sales are presented to investors as recurring software sales, which command far higher multiples and are “front-loaded” toward the first year of the contracting period.

  • If the device is sold, rather than loaned to the client, DT would need to expense its entire cost immediately as cost of sales, rather than depreciating it in 5 years as a fixed asset. As a result, profit margins and EBITDA may appear inflated. 

  • A sizeable portion of DT’s balance sheet is constituted by hardware appliances. If a material part of these is in fact owned by DT’s clients, DT would need to take a large asset write off.

  • This issue echoes with Autonomy’s infamous hardware sales to resellers, a key allegation in the trial. 

 

Although this practice may have stopped around 2020, because many contracts have a duration of 3 years or longer, we deduce that there may be appliances around which have been accounted for erroneously. In addition, if this practice is confirmed, it would shed doubt on the validity of the financials appearing in DT’s IPO prospectus. 

We also heard from our conversations with resellers and other industry participants, that DT occasionally offers a capex/opex option that seems to suggest that both DT and the end user would retain title of the appliance simultaneously (?!). This is the verbatim description of one of the partners who offered the option: 

[we can offer]“a three-year "term license". Whereas the customer normally does OPEX, let's say $100,000 over three years, $33,000 a year. With CapEx we can do it as 60 or $70,000 upfront, then the balance (30 or 40k) as maintenance and support for the three years.” 

 

It’s not clear what that option exactly entails, but it seems to us that both DT and the client would be simultaneously depreciating the device (?) and that the contract might be frontloaded in the first year. 

 

Doubts on deferred revenue accounting and training services

Occasionally, DT receives payments for a software contract before delivering the service. This is not uncommon in the industry, and the excess payment typically is accounted for as “deferred revenue”. We noticed, however, that deferred revenue (non-current) as a percentage of sales has progressively decreased from 33% in 2018 to only 9% in 2022 (see chart below). Unless this reduction reflects a change in contracting terms, we question whether DT, striving to inflate its revenue figures, may have increasingly been booking unearned revenue as actual sales. We estimate that, if (non-current) deferred revenue in 2022 were 33% of sales, as in 2018, booked revenue would be reduced by more than 20%. This concern is backed by a recent accounting restatement involving revenue recognition. 

Alternatively, it should be investigated whether DT may have occasionally tapped into the deferred revenue balance to compensate for missing revenue in the allegedly phantom sales we highlighted earlier.

Opt-outs 

We understand that DT includes opt-out clauses in its client agreements allowing early termination of the contract. According to our understanding of IFRS rules, the opt-out clause can be problematic because it may have the effect of inflating the true value of DT’s backlog and RPO. 

Additionally, because DT uses a straight-line revenue recognition for its multi-year contracts, the yearly revenue can be inflated if the opt-out clause is exercised before the end of the first year. We fear that opt-out clauses in DT’s contracts may not have been properly reflected in DT’s revenue recognition, at least until exit penalties were introduced in its contracts, as suggested by our investigation. 

 

Churn rates

Multiple analysts have made a strong case arguing that DT’s churn rate is significantly understated. In our opinion, this is a mathematical reality because DT calculates its churn rate using the portion of clients who left during the last 12 months, ignoring the fact that the average contract duration is 3 years. A more reasonable approach would compare clients exiting now as a proportion of clients present three years earlier. Because DT’s sales are growing rapidly, the difference between the two approaches can be substantial and some analysts have estimated real churn rates to be as high as 30%, rather than the 7.7% claimed by the DT. 

Diagram

Description automatically generated

Our hypothesis about the nature of DT’s disputed transactions

Examples of suspicious transactions

 

We worked intensely to identify several alleged examples of the irregular business practices we described earlier. We ignored the far more frequent “anticipated” transactions involving an end-user that eventually completed a purchase. Instead, we highlighted the more severe cases where we believe that the end-user “disappeared”, and an alleged round-tripping transaction may have taken place to “fix the problem”. Each instance we detected is the result of a thorough field investigation and, while we could document a limited number of transactions, we fear that this is only the tip of the iceberg.

 

“Sale” to Maserati (2020-2022) [anticipated sale to a phantom end user]

Maserati Official Website - Italian luxury cars | Maserati USA

According to our investigation, in July 2020 a software license sold by DT to a client, the famous Italian car maker Maserati, was about to expire and would have been up for renewal shortly afterwards. As usual, probably due to pressure to meet analysts’ expectations, DT reached out to one of its trusted partners to arrange an “anticipated sale”. 

The partner, unaware of the dubious nature of the request, agreed to sign the contract, assuming that it would not be expected to pay anything until Maserati purchased the license in a back-to-back transaction. After several months it became clear that Maserati did not follow through with the purchase and the partner was left with an unexpected financial obligation to DT. After about 1.5 years of heated discussions, it appears that DT credited that purchase back to the partner. We presume that, yet again, DT may have booked revenue for a sale without financial consideration and with a missing end user. 

Graphical user interface, application, Teams

Description automatically generated

DT’s CEO Poppy Gustavson featured on Maserati’s website as “Investor of the year”. 

 

Aeroporto Valerio Catullo di Verona Villafranca Gruppo Eurosystem Sistemarca: l'Information Technology a misura di azienda

DT’s partner Eurosystem S.p.A. and allegedly phantom end-user Verona Airport

 

Suspected fictitious sale to the Verona Airport Valerio Catullo (phantom sale with backfilling)

According to our understanding of the events, toward the end of 2018 DT approached one of its partners based in Verona, Eurosystem Spa, and asked it to make an anticipated purchase on behalf of a prospective client, the Airport of Verona Valerio Catullo. Eurosystem agreed to sign the agreement while the client was still in its trial period and had not yet decided to commit to a purchase. For unknown reasons, the client decided to drop out of the sale process. 

Shortly afterwards, in the spring of 2019, Eurosystem organized a tour in three Italian cities, Verona, Bergamo and Bologna, hosting events on cybersecurity. The events appeared to have had little substance and counted few participants, including Eurosystem and DT’s staff. DT sponsored all three events, and we believe that the sponsorship money has been used by DT to channel funds into Eurosystem for the “backfilling” of the failed airport transaction. Not surprisingly, it appears that Eurosystem subsequently deleted any reference of the events from its website, but we retrieved it from the Wayback Machine and from social media. [Note: faces and names have been redacted for privacy].

 

Fig. above and below: Eurosystem’s CEO promotes the suspected “backfilling” events on social media (the identity of the CEO has been redacted for privacy)

 

Graphical user interface, application

Description automatically generated

 

Suspected backfilling event as advertised on LinkedIn (note the DT sponsorship at the bottom right corner in the figure below) and Twitter

 

List of suspected “backfilling” Eurosystem events:

  1. Verona, March 21st, 2019. Venue: Hotel Veronesi La Torre

  2. Bologna, Thursday March 28th, 2019. Venue: Ramada Encore Hotel

  3.  Bergamo, Thursday April 4th, 2019. Venue: Winter Garden Hotel

 Graphical user interface, text, application, email

Description automatically generated

Deleted page on Eurosystem’s website and retrieved page on the Wayback Machine

 

Graphical user interface, text, application, email

Description automatically generated

The photo above shows the event in Bologna, left, with DT’s participation and sponsorship. On the right the deleted (and retrieved) page on the Bergamo event

 

Link to deleted page on Eurosystem’s website and link to the retrieved webpage



Sale to Bonfiglioli via Yarix/VAR Group

Logo

Description automatically generated  Logo

Description automatically generated

According to our investigation, around April 2019 DT sold a €700k contract through one of its partners Yarix/VAR Group, to Italian company Bonfiglioli as an end user. We learned that during the subsequent negotiations between Yarix and the end user, the latter refused to pay more than €500k, leaving a €200k gap between the purchase price with DT and the sale price to Bonfiglioli. 

Shortly after this transaction, it appears that DT made a large sponsorship to an upcoming event organized by VAR Group: the 2019 Convention in Riccione (Italy) from May 12th-14th 2019. We suspect that this sponsorship may have been used to compensate VAR Group for the shortfall of the Bonfiglioli sale. 

A person using a camera

Description automatically generated with low confidence

DT features among large corporate sponsors in the VAR Group event in Riccione (May 2019)



 

“Sale” to Bolton Group via DT’s partner HWG [large suspected “anticipated” sale gone wrong]

HWG Bolton Group - Wikipedia

According to our investigation, in June 2018 DT asked its partner HWG to perform a large, €1m “anticipated transaction” with Bolton Group, a large food & beverage multinational, as an end user. It appears that DT’s staff internally even held a small party to celebrate the sale.

 

However, after DT booked the sale to HWG, Bolton Group dropped out of the sales process for unrelated reasons. DT and HWG now had a big problem since the latter had an obligation to DT for a sale to a missing client. Worse, since HWG at the time had sales of only €5.2m, it is debatable whether it was financially solid enough to even justify the purchase on a stand-alone basis.

 

We ignore what happened afterwards, but we question whether the sale to HWG was booked by DT as revenue and never reversed. We hypothesize that DT may have diverted multiple direct clients through HWG in the following months to “backfill” it or perhaps a “marketing transaction” may have been arranged. 

 

We spoke to Bolton Group’s ICT director Mr. Gianluca Cerioli, who confirmed that, despite an initial negotiation, the Group decided not to proceed with a purchase of DT’s software. Interestingly, we cannot find any reference online suggesting that DT and HWG have even been partners, though our direct enquiries with HWG confirm it. 

This transaction is particularly important because its $1m size would exceed 1% of DT’s 2018 sales and, thus, the materiality threshold normally set by auditors.

 

Multicomputos event (Dominican Republic) [suspected backfilling event in Central America]

Multicomputos

Our investigation suggests that there may be a concentration of dubious DT/partners transactions in Central America. For example, on August 6th 2018 an IT consulting firm named “Multicomputos” and based in the Dominican Republic announced a partnership agreement with DT. Only a couple of months later, on October 4th, DT sponsored a cybersecurity event organized by this partner. Our investigation revealed that this sponsorship made little business sense and that DT’s participation occurred despite the reluctance of local staff. We suspect and invite the authorities to inquire whether this sponsorship may have been a payment or incentive for anticipated sales to phantom end users. 

Multicómputos (@Multicomputos) / Twitter

Ad and photograph from the Multicomputos event sponsored bt DT

 

Picture of Multicomputos office and negligible website traffic of its website

Clients that “turn” into partners? Strategic Bridge and Imaging Group

 

Strategic Bridge and I-Quasar (Principality of Monaco)

 

DT’s country manager Corrado Broli in a joint event with Strategic Bridge

 

One of the most shocking situations that emerged from our field investigation was DT’s relationship with Strategic Bridge Monaco (“SB”), a little-known company based in the Principality of Monaco. Based on our understanding of the events, DT made an initial $90k sale (subsequently increased to approx. $400k) to SB, initially as a direct customer. SB, however, apparently did not pay for such sale, presumably creating an open receivable which could not be closed for several months. In the months and years following this initial transaction, we observed a staggering number of probable “backfilling” events, name changes, suspected shell companies, dubious sponsorships, and association with people suspected of money laundering, fraud, and similar crimes. We fear that the SB case may be emblematic of the questionable sales practices we highlighted earlier, featuring a combination of suspected channel staffing, round tripping, and fake invoicing. 

Strategic Bridge Monaco appears to be a shell company: we think it has little or no revenue and its website shows zero traffic. Our visit to its office address in Monaco revealed a small sign on the external part of the building, but we were unable to find an office inside, despite checking every door in the compound. We called the phone number advertised on Google but received no answer. There are two directors, Pier Paolo Ranieri and Monica Macchioni: neither of which mentions Strategic Bridge on their LinkedIn bio. 

Graphical user interface, application

Description automatically generated

Fig. above: website traffic analysis shows no activity whatsoever on Strategic Bridge’s website

Fig. above: our site inspection revealed a name tag on the external part of the building, but no obvious signs of operations inside

We suspect that, from the initial failed transaction with DT, SB has used several shell companies in Italy, Monaco, and the UK to pose as fictitious clients. We also suspect that complex cross-country transactions between these entities and DT may have generated additional questionable revenue (or enabled unpaid receivables to be moved from one entity to another without raising auditors’ concern) and that various activities (e.g., marketing events, e-learning seminars, sponsorships) may have been used for roundtripping. 

For example, we suspect that Strategic Bridge has used a shell company, I-Quasar Monaco, to act as another of DT’s “partners” and acquirer of DT’s products. We are about to show you disturbing evidence of these transactions and some of the questionable characters involved. 

 

  1. DT/Strategic Bridge sponsorship of Team Grillini

In December 2018, only a few months after the alleged “failed” transaction with DT, Strategic Bridge announced in a marketing event its collaboration with DT and the sponsorship of an endurance bike team led by Mr. Andrea Grillini, a Bologna-based entrepreneur. 

 

In the same year, Mr. Grillini was arrested by the Italian police and charged with fake invoicing and money laundering on behalf of Italian organized crime (!). Mr. Grillini would later receive a 4-year prison sentence in the subsequent trial.

 

Pier Paolo Ranieri, founder of DT’s partner Strategic Bridge, posing with convicted felon Andrea Grillini in December 2018 in a Monaco event announcing its collaboration with DT.  The article on the right reports Grillini’s arrest for fake invoicing and money laundering just a few months earlier. 

 

  1. Strategic Bridge “turns” into I-Quasar?

On its Facebook page, I-Quasar boasts of its “exclusive partnership” with DT, the only technology supplier mentioned on its description. The post appears dated July 15th, 2018, approximately when we estimate that Strategic Bridge made its first purchase with DT. A more careful search including the edit history of that post, however, revealed that the original name on I-Quasar Facebook page used to be “Strategic Bridge”, not I-Quasar, and that someone deliberately changed it to I-Quasar on February 2020, only weeks after I-Quasar was incorporated

 

The screenshot above is taken from the edit history of I-Quasar’s Facebook page and shows that Strategic Bridge “turned” into I-quasar in 2020.

 

Similarly, we found Strategic Bridge’s Twitter handle change into I-Quasar as well as posts indicating that I-Quasar was formerly Strategic Bridge, such as the post below dated July 2018 (two years before I-Quasar was even created) clearly referring to Strategic Bridge and listing Mr. Gianpiero Abellonio as a director (he is now a director of I-Quasar). [See figure in the next page]

The very first post on I-Quasar Facebook page clearly refers to Strategic Bridge and lists Gianpiero Abellonio as a director

 

We suspect that this change of identity may be related to the “failed” DT sale we referred to earlier. For example, we question whether I-Quasar may have been created to pose as a “client” of Strategic Bridge to funnel money for the “backfilling” of the failed DT’s sale. We note that I-Quasar is in the Principality of Monaco domiciled at 24 Av. de l'Annonciade, in what appears to be a residential building. There are no reviews appearing on its Google ad.

Suspected shell company I-Quasar is in the Principality of Monaco domiciled at 24 Av. de l'Annonciade. We visited the address and found a small office at the ground floor of this building. 

  1. I-Quasar’s transactions and links

I-Quasar’s webpage and Facebook page show very little concrete activity. The news section is simply reposting old media articles on general cyber-security topics. I-Quasar’s webpage has virtually no traffic and, perhaps surprisingly for a company based in Monaco, most visitors seem to originate from the UK (and from the US), where DT is domiciled. 

Graphical user interface, text, application, email

Description automatically generated

Detail from I-Quasar website showing links with SecurityLab (Lugano), DT and website builder “SEA”

Graphical user interface, application, website

Description automatically generated

I-Quasar’s webpage has almost no traffic, except for a handful of visits originating from the UK…

A look at I-Quasar’s website and its referring sites, reveals that any visible activity seems limited to the following entities: 

SecurityLab: a cyber-security firm based in Lugano (Switzerland) and associated with DT 

SEA SAS: a small website design company led by Stefano A.

Swascan: an Italian IT company which later became a partner of DT in 2021

AlfaTrade & Services Ltd: a London-based “energy shipping” company whose sole director and beneficial owner is Paolo Pensieri (also co-director of I-Quasar) and whose website has also been created by SEA. Alfatrade looks to us like a suspicious shell company because:

  • It has virtually no website traffic and no web footprint

  • It seems to have no employees 

  • Two of its former directors are mentioned in an Italian criminal probe for overseeing bank accounts of UK entities involved in a large-scale, cross-country fraud (more about this later)

  • We checked the address: the company is domiciled  in accountant's office 

  • It seems to have sales of USD$31m, signaling a significant flow of money through this company

We visited Alfatrade’s “seedy” address in 10 London Mews, Tyburnia, London W2 1HY, it corresponds to an accounting firm



A screenshot of a computer

Description automatically generated with medium confidence

Screenshot from the homepage of Alfatrade & Services showing its website has been built by SEA 

 

Graphical user interface, text, application

Description automatically generated

Alfatrade’s (a UK company) web traffic analysis shows minimal activity, all of it originating from the Principality of Monaco (confirming links to Strategic Bridge and I-Quasar) 

 

We detected various dubious activities taking place between DT, I-Quasar, SEA and SecurityLab, such as the “usual” joint marketing events and seminars. We think there is a need to investigate whether some of these events were used by DT in triangulated, cross-country transactions to channel funds back into Strategic Bridge (or its related entities) as “backfill” for purchases of software. 

 

Cyber security webinar hosted by Security Lab in October 2020 with I-Quasar and DT participants. Some names have been redacted for privacy.

Graphical user interface, application

Description automatically generated

E-learning Atelier: Joint I-Quasar/Security lab e-learning activity we fear may have been used for backfilling. Its website never had any traffic

Reposting DT’s country manager Corrado Broli in a joint event with Strategic Bridge in 2018



  1. People of interest in Strategic Bridge, I-Quasar and affiliated companies

A check at the Principality of Monaco’s corporate registry reveals 2 directors for I-Quasar Monaco:

  1. Mr. Paolo Pensieri: he is also a key person (sole director and owner) at Alfatrade & Services

  2. Mr. Gianpiero Abellonio: as we saw earlier, he was also a director of SB. He features in an investigation of the Rome Prosecutor for a “two-billion-euro VAT-dodging and international money-laundering scam” . According to our understanding of this document, Mr. Abellonio, together with Mr. Martin Stein and Mr. Hector Ramos, oversaw the bank accounts of UK entities which had an accessory role in the fraud. Interestingly, Mr. Ramos, Mr. Stein and Mr. Paolo Pensieri are or have been directors of Alfatrade!

 

 

Alphatrade directorship (from Endole): two former directors appear in an Italian criminal probe for money laundering and tax fraud. Mr. Paolo Pensieri is also director at I-Quasar, DT’s “parter”

 

  1. Stefano A. is the owner of SEA SAS. According to his LinkedIn profile, he previously worked for 6 years at Cogefi SAM, another company in Monaco featured in the Panama Papers and subject to criminal investigation and arrests by the Italian police for money laundering through the use of various shell companies. 

How many Strategic Bridge exist? Besides SB (Monaco), we found other companies named “Strategic Bridge” (or similar names) posing as DT’s partners. Our investigation reveals that these entities may also be shell companies and that they are related to the same beneficial owners. Just as in I-Quasar, we fear that these companies may have been used to shift outstanding receivables from one entity to another and/or to channel funds through round-tripping transactions. 

Strategic Bridge (Lugano, CH): Liquidated (apparently also due to criminal problems with one of the directors). 

Strategic Bridge (Pavia, ITA): no obvious signs of operations. Company’s address is an accounting firm. Company seems associated with entities related to I-Quasar and Strategic Risk Consulting.

Strategic Risk Consulting (Rho, ITA): company is domiciled in a residential building in the office of a security guards’ firm. This company is 40% owned by SB (Pavia). 

 

Confused? That’s probably the idea. Based on the evidence we have just shown, we believe that DT and Strategic Bridge may have built or exploited an existing cross-country infrastructure involving companies in Italy, the Principality of Monaco, Switzerland, and the UK to enable round-tripping transactions and fictitious revenue. 

A person taking a selfie

Description automatically generated A person wearing glasses

Description automatically generated with low confidence

Left: Strategic Risk Consulting address in Rho (Milan): address corresponds to a security guards’ firm. Right Strategic Bridge office address in Pavia: it is a wholly residential building except an accounting firm. We spent time with the owner and saw no trace of Strategic Bridge.

 

List of companies that we came across in our investigation on Strategic Bridge. Some of these entities are also related to each other through common beneficial owners, reciprocal transactions, and transactions with DT

 

 

Imaging Group - Home | Facebook

“Sale” to Imaging Group

Imaging Group is a small (less than $5m revenue) firm in the Milan area focusing on document management: it does not specialize in cybersecurity. According to our investigation, it appears that in 2016 Imaging acquired one of DT’s systems for a substantial amount of money. Shortly afterwards, Imaging seems to have become one of DT’s partners and we understand that several of DT’s direct clients may have been channeled through Imaging Group. In addition to this, we detected the usual marketing events sponsored by DT.

Based on the above, we think there is a need to investigate whether the original “sale” to Imaging Group may have been an “anticipated sale” and that Imaging turned into a “partner” to allow DT to backfill it through direct clients. 

DT sponsorship of an event organized by Imaging Group

 

A selection of marketing events that we fear have been used for “backfilling”:

 

Event/reseller

Partner

location

date

url/picture/notes

Sicurezza ICT 2017 Bari

DT partner in southern Italy

BARI

19/10/2017

https://www.soiel.it/eventi/sicurezza-2017-bari/


Cybersecurity Mediterranean

Not identified

Noto (Syracuse, Sicily) 

May 10-11, 2018)

https://cybersecuritytrends.uk/2018/01/08/business-and-industry-4-0-at-the-core-of-the-5th-macro-regional-congress-cybersecurity-romania-sibiu-14-15-september-2017/

Lunch Seminar

Omnitech IT

Milan (Hotel Parigi)

2019

https://www.cybertech.eu/category/blog/cybertech-news/page/11/ (link to a possible 2015 edition)

Expo Security 

DT partner based in Bari

Pescara 

16 May 2019

https://confindustriachpe.it/component/k2/12-credito-finanza-e-fisco/download/6043_d3a034716217333dc05cc1c9852dc458

Cloudia Roadshow  

PC System srl

Lucca, Pisa

23 May 2019 (Lucca), 11 Aprile 2019 (Pisa)

Link to deleted webpage

https://www.facebook.com/pcsystemsrl

Security Workshop

Project Informatica

Bergamo 

Oct 1st 2019

Image

Link to twitter post

Cena de presentación de Darktrace

Alkimia Consultores

Mexico City

Oct 27th 2016

https://www.facebook.com/AlkimiaConsultores/photos/pb.100027587816693.-2207520000./448451168611977/?type=3&locale=zh_CN

The Enterprise Immune System

Alkimia Consultores

Mexico City (presumably)

Apr 19th 2017

https://www.facebook.com/photo/?fbid=546318065491953&set=pb.100027587816693.-2207520000.&locale=zh_CN



Darktrace Launch Event

Newtech

Malta

Sept 2019

Graphical user interface, application, website

Description automatically generated

Graphical user interface

Description automatically generated with medium confidence

https://newtech.mt/blog-news/darktrace-launch-event/


From its webpage and Facebook page it appears little more than a laptop repair shop. Yet, D&B shows Newtech sales of $3.8m. LinkedIn lists 11 employees. According to Semrush, Newtech’s website had zero visits until September 2019, exactly the date when it announced its partnership with DT. Also, Newtech’s web archive has no entries prior to September 2019.








Instances of “capex” contracts

As mentioned earlier, despite DT’s assertion in official filings that most appliances are generally given on loan to clients with DT retaining ownership, we found multiple instances of Capex contracts, with hardware sold, not loaned, to clients. For example, we found the following documents taken from various local US government entities which publish online their contracts with DT for transparency reasons:

 

A four year “capex” contract for the City of Elgin

 

Text, letter

Description automatically generated

 

A pure “capex” contract with the City of Tukwila

 

A pure “capex”  contract to the Palmdale Water District

 

 

Table

Description automatically generated

A four-year “capex” contract with the County of Klamath (title transferred to client after 24 months)

Graphical user interface, application, table

Description automatically generatedGraphical user interface, text, application, email

Description automatically generated

 



In addition to the direct contracts above, we are aware of multiple capex contracts signed through partners/resellers in the years prior to 2020. For example, we have learned from our field investigation that Italian company “Poste Italiane” has signed a “capex” agreement with one of DT’s partners, but we have reason to believe that DT may have recorded such sale as “Opex”: if that is correct, an absurd situation would exist with both DT and its client claiming title simultaneously for the same asset. 

 

Our investigation suggests that DT is no longer selling its appliances as Capex, as the most recent capex contracts we found are dated around 2020. Still, DT’s IPO prospectus issued in 2021 may be misleading in its claim that virtually all appliances are given out on-loan. Again, there are multiple direct hardware sales that prove it, and we suspect that some reseller sales might show a discrepancy between the sale of hardware from DT to the reseller (Opex) and from the reseller to the end user (Capex). 






 

Accounting red flags

Our financial analysis has detected several accounting anomalies consistent with the suspicious practices we described in our report. We briefly mention the most interesting ones:

  1. Auditors’ concerns

DT’s auditors have flagged potential issues with revenue recognition and, specifically, with sales through channel partners. DT’s auditors detected “findings relating to the existence of end users” in DT’s channel partners.  This is exactly what you would expect if an auditor came across one of the anticipated “phantom” transactions we explored earlier. These problem findings have been described by Grant Thornton as “immaterial” because they are presumably below the $2.7m threshold for materiality (1% of 2021 sales). However, what if there are enough of these “findings” that, despite being “immaterial” individually, together they constitute a major issue?

Text

Description automatically generated

Similarly, Grant Thornton has detected deferred revenue as an area where the “opportunity and incentive for […] misstatement could occur.”

  1. Auditors’ identity

DT has been consistently audited by Grant Thornton, an audit firm with an arguably less-than-stellar track record in detecting accounting fraud. Inter alia, we can mention Parmalat, Globo Plc (exposed by QCM) and Patisserie Valerie among complete accounting frauds audited by Grand Thornton, whose chief incredibly asserted that auditors “are not looking for fraud”.

 

Graphical user interface, text

Description automatically generated

Graphical user interface

Description automatically generated

 

  1. Extremely high Selling, General, and Administrative (SG&A) Expenses as % of revenue

As clearly shown in this chart, DT’s SG&A, of which marketing expenses are probably the vast majority, are a huge proportion of revenue, exceeding 100% of sales until 2019. Even if all these expenses were legitimate, we question the sustainability of a business that needs to redeploy all of its revenue in marketing expenses to sustain growth. However, we are very concerned about our findings earlier in this report highlighting possible round-tripping transactions allegedly funded through DT’s marketing budget and worry that high SG&A expenses may be a confirmation of the scale of this problem.

 

  1. Low Research & Development (R&D) Expenses

Similarly, we find DT’s R&D expenses, consistently below 10% of sales, to be inadequate to support the long-term viability of the company. Industry observers claim that a good software company should have R&D expenses around 40% of sales: DT’s allocation seems grossly deficient and unsustainable.

 

  1. Commissions anomalies

According to an in-depth accounting analysis performed by Shadowfall earlier in 2022, estimated commissions earned by DT’s staff in 2021 were about 20% of sales. This number seems to clash with several employees’ reviews Shadowfall detected (and confirmed by us) on Glassdoor and with our own field investigation that suggest that sales staff commissions are instead closer to 5%. We find that 15% gap disturbing and wonder whether the mismatch could partly be related to the “anticipated” sales and their “backfilling”, as we saw earlier. 



  1. Credit losses and receivables

Again, according to an analysis provided earlier by Shadowfall, while receivables as a percentage of sales appear to be dropping somewhat (admittedly a good sign), the quality of those receivables seems to be deteriorating as credit losses and write offs appear to be increasing rapidly (now about 12% of sales leads to bad debt or credit loss provisions). Based on our investigation, we understand that partners over time might have become less willing to engage in the alleged “backfilling” practices we described earlier so that “failed” anticipated sales might lead to bad debt rather than to long receivables.



Graphical user interface, website

Description automatically generated

 

Product quality and clients’ opinion

While a few individuals we interviewed had a good opinion of DT’s products, the majority were skeptical. We summarize the most recurring criticisms below: 

  1. System’s failure to detect attacks (both in testing and real ones)

  2. High number of false positives even after the initial “learning period”

  3. Fancy user interface perceived as “smoke & mirrors”

  4. System unable to detect threat if present prior to installation

  5. Product perceived as too expensive relative to alternative solutions

Noteworthy links pointing to the issues above: 

 

Graphical user interface, text, application, email

Description automatically generated

Recent feedback on DT’s products we found on Reddit

 

Selection of negative customer reviews on Reddit:

Graphical user interface, text, application, email

Description automatically generated

Graphical user interface, text, application

Description automatically generated Graphical user interface, text, application, Word

Description automatically generated

Graphical user interface, text, application

Description automatically generated





Human resources issues

We suggest our readers to have a careful look at DT’s employees’ reviews on Glassdoor. The overall grade is a low 3.1, and several posts dismiss positive reviews as “fake”. Overall, the hundreds of negative reviews we came across paint a picture consistent with the situation we have been describing in our report. Apparently, the environment is “toxic”, sales practices are unethical, staff turnover is extremely high and links with Autonomy are often obvious. The overall impression we received is that DT focuses hiring on recent graduates with little prior experience, enticing them with high potential commissions despite a low base salary. Most hires quit or are fired quickly after they understand that the reality is very different, often before receiving part of their sales commission. Clearly this situation is unsustainable as DT is forming a bad reputation among the pool of potential hires.

Graphical user interface, text, application, email

Description automatically generated

A typical DT negative review we selected on Glassdoor, out of hundreds of similar ones available

 

DT at an inflection point?

If Darktrace is indeed relying on creative accounting to improve its with its investor base, it would be vulnerable to a slowdown in the underlying market conditions. We have detected several signs suggesting that such slowdown may be taking place as we speak. Indeed, the trading update issued on January 11th seems to confirm this. 

  1. Competitors are warning of tough times ahead: DT’s competitor’s Crowdstrike has recently issued a profit warning citing “increased macroeconomic headwinds” and “elongated sales cycles”. Other players such as Palo Alto expressed concerns about the worsening macro situation.

  2. Our LinkedIn analysis suggests that DT’s may have sharply reduced hiring during the last three months and headcount has been dropping in key areas after years of sustained growth.

  3. Our analysis of website traffic and Google trends suggest that interest for Darktrace may have peaked around July 2022 and is now declining. This contrasts with continued interest for most of DT’s competitors.

  4. Many insiders and key investors appear to be selling stock and a few key staff have left the company (notable recent sellers include resigning director Vanessa Colomar, Nicole Eagan, Jack Stockdale, Mike Lynch).

  5. Our talks with industry players suggest that, in certain geographical areas, DT’s relationships with vendors might be deteriorating and that resellers might be less willing to play along with the conduct we highlighted in this report.



 

Graphical user interface, text, application, email

Description automatically generated

LinkedIn shows a drop in DT’s headcount in key growth areas

Graphical user interface, text, application, email

Description automatically generated

LinkedIn shows a sharp drop in DT’s job openings in key growth areas

 

 Chart, line chart

Description automatically generated

DT website traffic shows a 25% drop in website visits since July 2022 (source: Semrush)

 

Graphical user interface, application

Description automatically generated

Google Trends shows a recent marked decrease in the frequency of searches for the word “Darktrace”

 

 

Devil’s advocate

As an intellectual honesty exercise, we present data and theories that may be contrary to our thesis to allow the reader to form an unbiased opinion. 

 

  • Unlike a few frauds we came across during our careers, we verified that DT has a real product with legitimate sales. We do fear, based on our investigation, that a percentage of sales may qualify as “channel stuffing”, with a portion of these leading to “phantom” clients and round-tripping transactions. 

  • A few of the industry players we sampled had a good opinion of DT’s products, though most pointed out that it was “overhyped” and had important limitations/constraints and doubted its competitive stance vis-à-vis emerging players.

  • Though we have a high degree of conviction regarding the existence of the problematic sales practices, it is harder to make an accurate estimate of their prevalence. However, a few factors lead us to believe that such issues may be systemic and widespread:

    • We detected nearly identical dubious transactions and conduct in very different geographical areas (e.g. Southern Europe, Central America), suggesting a common “architect”.

    • The occasional appearance of DT’s senior managers from London in possible “backfilling” events.

    • The placement of Mr. Corrado Broli as Italy’s Country Manager and of other individuals involved with the Autonomy fraud.

    • The striking similarity between the transactions we detected and the ones at Autonomy, makes it unlikely that they have spontaneously originated in a few “rogue” countries. 

    • The consistency between some of these alleged practices and the accounting issues we raised earlier. 

  • DT has added several new board members upon their IPO, including members of the UK Parliament and former members of the UK intelligence community. We respect UK institutions and doubt that such figures would have knowingly gotten involved with this situation. Indeed, we assume that most independent board members and some executives are unaware of the issues we highlighted. If so, we would expect such people to distance themselves from the company, especially if once our thesis is confirmed in an official probe.

 

Valuation: how much is DT worth?

DT is trading at an EBITDA/Sales multiple of 4.5, which is not particularly expensive for a software company. However, we have issues with DT’s sales figures due to the reasons highlighted elsewhere in this report. Too, we note that the company is barely breaking even on an accounting basis. It is our opinion that, should R&D expenses be normalized to a more acceptable level, DT would still be unprofitable. Too, a contraction in its marketing budget might cause a reduction in sales and operating leverage, further pressuring margins. Finally, there are significant legal, regulatory, and reputational liabilities should DT’s alleged sales practices be confirmed in an official probe.

Due to the above, we fear that DT, in the long term, may be structurally unprofitable and believe it should be trading “at cash”, implying an 85% downside. 

 

Conclusion: Caveat Emptor!

A correct grasp of Darktrace’s true nature and its hidden risks is even more urgent for investors after Thoma Bravo walked away from its proposed acquisition. We are convinced, based on our probe, that something very sinister is happening at DT and fear that there won’t be a happy ending. 

We have exposed in depth DT’s strong links with Autonomy at every level of the organization. We have provided a clear analysis of the business conduct that brought Autonomy to its knees. We have identified and dissected dozens of suspicious transactions at DT in multiple countries and in multiple years, suggesting a nearly identical modus operandi to its fraudulent predecessor. We have shared accounting red flags, a set of clients and employees’ reviews and many dubious partners which are consistent with these problem practices. Though our investigation is necessarily based on a limited sample of transactions, we have explained why we believe that the problem may be widespread and systemic. In any case, we note how Autonomy seemingly collapsed due to only 35 fraudulent transactions and a handful of problem partners. Finally, we have shared several red flags indicating that DT may be approaching an inflection point and be close to a ruinous fall. 

Based on the above, we provide a strong warning to DT’s investors and to regulators about the gravity of the situation and call for an extensive probe to determine the full extent of these allegations. 

In the case of Autonomy, the market failed to detect problems before they ballooned reaching giant proportions: we are here to make sure this does not happen again.

 

Errare humanum est, perseverare diabolicum

 

A WARNING TO DT’S MANAGEMENT TEAM AND ITS AFFILIATES

 

We have the right to express our opinion about DT and management has a right to respond to our allegations. However, we will not tolerate any harassment via social media or any other means: threats, hacking attempts as well as any other violation by the company or its supporters will be immediately made public and forwarded to the relevant law enforcement institutions. 

Consider yourselves warned.

 

If you have additional information about these important matters, please email us at [email protected].

Follow our updates on Twitter at @qcmfunds

 

Appendix 1: 

Selection of DT’s partners that attracted our attention due to web traffic patterns, headcount, sales, domicile, or other factors. Inclusion in this list does not imply any wrongdoing, but the list might constitute a good starting point to inquire about additional dubious transactions with DT. 

Table

Description automatically generated with low confidence

 

 

I do not hold a position with the issuer such as employment, directorship, or consultancy.
I and/or others I advise hold a material investment in the issuer's securities.

Catalyst

Activist intervention by Quintessential Capital Management

    show   sort by    
      Back to top