CrowdStrike update causes global tech outage and paralyzes key industries

The global tech outage began late Thursday into the early hours of Friday, July 19-20, 2024. It started due to a faulty software update from CrowdStrike, a major US cybersecurity firm. The impact was felt worldwide, affecting various industries, including airlines, healthcare, and government services.

Companies assessing the financial impact costs potentially exceeding $1 billion

The crisis was triggered by a defect in a content update for CrowdStrike's Falcon software, widely used by Fortune 500 companies, including major banks and healthcare providers. According to CrowdStrike CEO George Kurtz, the issue was quickly identified and isolated, and efforts were made to deploy a fix. However, the damage had already been done, affecting an estimated 8.5 million Windows devices globally.

Travelers have felt the brunt of this outage, with over 1,800 flights canceled and nearly 10,000 delayed in the United States alone. Major airlines, including American Airlines, United Airlines, and Delta Air Lines, reported significant operational challenges. Delta, in particular, paused all flights on Friday morning, leading to thousands of cancellations over the weekend. Transportation Secretary Pete Buttigieg expressed concerns about the unacceptable disruptions and emphasized the need for airlines to provide prompt refunds and adequate customer service to affected passengers.

The ramifications extended beyond travel, severely impacting healthcare systems. Major hospital networks, including Mass General Brigham and Penn Medicine, reported delays in procedures and appointments. Emergency services, including 911 systems in some areas, experienced temporary outages, highlighting the critical nature of reliable technology in public safety.

As companies scramble to restore normal operations, experts warn that recovery will not be straightforward. David Kennedy, co-founder of cybersecurity firm Binary Defense, noted that the complexities involved in rebooting systems at thousands of locations would prolong the recovery process. Additionally, many companies are still assessing the financial impact of the outage, with costs potentially exceeding $1 billion.

CrowdStrike was co-founded in 2011 by George Kurtz, Dmitri Alperovitch, and Gregg Marston

CrowdStrike was co-founded in 2011 by George Kurtz, who serves as the Chief Executive Officer (CEO), Dmitri Alperovitch, the former Chief Technology Officer (CTO), and Gregg Marston, who was the Chief Financial Officer (CFO) before his retirement. In 2012, the company expanded its leadership team by hiring Shawn Henry, a former official of the Federal Bureau of Investigation (FBI), to head CrowdStrike Services, Inc., a subsidiary focused on providing security and incident response services. In June 2013, CrowdStrike introduced its first product to the market, an antivirus package named CrowdStrike Falcon. This product marked the company's entry into the cybersecurity industry, offering advanced threat detection and protection capabilities.

U.S. had publicly charged state-sponsored actors for cybercrimes

In May 2014, CrowdStrike played a crucial role in a landmark case involving cyber espionage. The United States Department of Justice (DOJ) charged five Chinese military hackers with economic cyber espionage against U.S. corporations. These individuals, affiliated with the Chinese People's Liberation Army's (PLA) Unit 61398, were indicted for allegedly hacking into the computer systems of six American companies to steal trade secrets and other sensitive information. The affected companies operated in various sectors, including nuclear power, metals, and solar products, and the stolen data was purportedly used to give Chinese state-owned enterprises a competitive edge​​.

This indictment marked a significant moment as it was the first time the U.S. had publicly charged state-sponsored actors for cybercrimes. The DOJ's actions aimed to hold accountable those involved in stealing intellectual property and trade secrets, emphasizing the seriousness of cyber threats and economic espionage ^[1].

In addition to this, CrowdStrike also uncovered the activities of another cyber espionage group known as Energetic Bear. This group, linked to Russia's Federal Security Service (FSB), targeted various global entities, primarily in the energy sector. Energetic Bear's operations included cyber attacks aimed at gathering intelligence and potentially disrupting critical infrastructure​ ^[2].

CrowdStrike played a crucial role in investigating attacks on DNC

In 2016, the Democratic National Committee (DNC) experienced a series of cyberattacks that were later linked to Russian intelligence agencies. The cybersecurity firm CrowdStrike played a crucial role in investigating these attacks and identifying the perpetrators. CrowdStrike, along with other cybersecurity firms like Mandiant and ThreatConnect, analyzed the evidence and concluded with high confidence that the cyberattacks were executed by two Russian intelligence-linked groups known as APT 28 (Fancy Bear) and APT 29 (Cozy Bear)​.

During a congressional testimony on March 20, 2017, then-FBI Director James Comey confirmed that these firms had reviewed the evidence and linked the cyberattacks to Russian intelligence services. Comey also noted that although the FBI requested direct access to the DNC servers for forensic analysis, the DNC declined, opting instead to share information through CrowdStrike​.

CrowdStrike's involvement in identifying the Russian hackers was significant, as the company had previously encountered both Fancy Bear and Cozy Bear in other contexts, thus recognizing their methods and tools​​. However, CrowdStrike has faced some criticism and scrutiny, particularly regarding its reports on other incidents, such as a disputed claim about Ukrainian artillery losses linked to similar hacking activities. This report was later revised after it was found that some data was misinterpreted​ ^[3]​​.

Donald Trump made several controversial claims regarding CrowdStrike

During his presidency, Donald Trump made several controversial claims regarding the Democratic National Committee (DNC) servers and the cybersecurity firm CrowdStrike. One of his assertions, made during a Fox News interview, suggested that the DNC gave its server to CrowdStrike, which he inaccurately claimed was owned by a wealthy Ukrainian oligarch. He also stated that the FBI was denied access to the servers.

Trump’s call with Ukrainian President Volodymyr Zelensky, played a significant role in the events leading to his impeachment inquiry. During this call, Trump asked Zelensky to investigate CrowdStrike, which further propagated the conspiracy ^[4]​.

CrowdStrike was not directly hired by the DNC

In a revealing development, it has been confirmed that the cybersecurity firm CrowdStrike's contract concerning the investigation into the Democratic National Committee (DNC) breach was not directly with the DNC, but rather with Michael Sussmann of Perkins Coie. This revelation came to light during testimonies and investigations surrounding the 2016 DNC email breach, which was attributed to Russian hackers.

CrowdStrike CEO Shawn Henry testified before Congress, explaining that the firm was brought in by Perkins Coie, the law firm representing the DNC, to investigate the breach. Michael Sussmann, a lawyer at Perkins Coie, was the intermediary who managed this arrangement. This contradicts earlier public perceptions that CrowdStrike was directly hired by the DNC​​.

The situation is further complicated by conflicting accounts regarding the FBI's access to the DNC servers. While the FBI claimed it was denied direct access to the servers, Sussmann and Henry testified that the FBI did not request direct access and instead relied on CrowdStrike's forensic analysis. This has led to criticisms regarding the transparency and thoroughness of the investigation into the DNC breach​ ^[5].

CrowdStrike is a proud partner of the World Economic Forum

CrowdStrike has established a significant partnership with the World Economic Forum (WEF). Dmitri Alperovitch, the co-founder and Chief Technology Officer (CTO) of CrowdStrike, is an active contributor to the WEF, sharing his expertise on cybersecurity and related policies​ ^[6].

Klaus Schwab, the founder and executive chairman of the WEF, has raised alarms about the potential for a large-scale cyberattack that could surpass the impact of the COVID-19 pandemic. Schwab emphasizes the importance of global cooperation and robust cybersecurity measures to mitigate such threats, highlighting the critical role of organizations like CrowdStrike in this effort​.

Interconnectedness reveals the vulnerability of modern technological systems 

The global tech outage of July 19-20, 2024, highlights the critical role cybersecurity firms play in maintaining the digital infrastructure of various industries worldwide. The incident, triggered by a flawed update from CrowdStrike, underscores the need for rigorous testing and contingency planning in software deployment. While CrowdStrike quickly identified and began addressing the issue, the widespread impact on industries such as travel, healthcare, and emergency services reveals the interconnectedness and vulnerability of modern technological systems. The event also raises questions about the preparedness and resilience of critical services in the face of unexpected technological failures.