Global Chaos! The CrowdStrike Outage.

Global Chaos! The CrowdStrike Outage.

Do computers already run the world?  CYBER WAR could be the next major threat to national security!

Last Friday, the world experienced a massive, unprecedented computer outage caused by a defective “routine” software update to Microsoft Windows customers issued by CrowdStrike, an Austin, Texas-based cybersecurity technology company ironically designed to prevent cyber-attacks.  Mac and Linux hosts were not affected.

In only a few hours, companies and industries worldwide were crippled, as over 8.5 million machines were affected causing frozen blue screens referred to as the “Blue Screen of Death!”

For example:

  1. Travel: The big 3 airlines, United, Delta, and American grounded flights in the early hours as over 5000 US flights were canceled on Friday, over 2000 on Saturday, and over 500 at the time of writing this article on Sunday Morning.  American is the only carrier back on schedule for now.  There have been reports of airline agents handwriting boarding passes.  Even bus stops had blank blue screens!
  2. Healthcare: Many hospitals have been forced to cancel ALL elective surgeries, walk-ins, routine appointments and even postpone some life-saving surgeries.  911 calls were adversely affected!
  3. Banks: There have been reports from traders at JP Morgan Chase and other financial institutions of orders that could not be executed. 
  4. Chain Restaurants: Starbucks mobile ordering crashed (Dunkin Donuts survived) and McDonald’s in Japan closed almost a third of their stores for the day.
  5. Governments: The Dutch and UAE foreign ministries reported massive IT (information technology) outages.  In the U.S., downed court systems delayed trials for hours, including Harvey Weinstein’s. 

This is a scary situation as it was allegedly caused by an accident.  What if it was planned, how much worse would it be?  According to Richard Clarke, former White House Counter Terrorism Czar, Putin has already used this technology to plant a “spy package” into a software update for a company called Solar Winds, which affected over 10,000 government and private-sector machines that were not detected for 9 months. 

Unfortunately, there is little regulation, if any, on software and believe it or not, CrowdStrike cannot be sued!

My Suggestions for CrowdStrike and other large firms:

  1. Test your Updates Before releasing them to the masses:  I spoke with tech experts who say technology can be developed to both pre-test these software updates before rollouts and or abort them during problem rollouts!
  2. Do NOT send it to everyone at the same time: This isolates potential problems and the ripple effects of them.
  3. Large Firms Need to Diversify: Large firms and perhaps even mid-size firms should consider spreading their risk by using 2 types of software.

During the chaos last Friday, cybersecurity agencies noticed upticks in copy caters and phishing.  Scammers immediately pounced on the unsuspecting and unprepared public!  Within hours, new domains had surfaced aiming to “dupe” users and designed to steal user data and breach their devices.

My suggestions for individuals:

  1. Turn Off Automatic Updates:  The CrowdStrike outage has taught us the latest isn’t always the greatest when it comes to operating system updates. Unless the update addresses a critical security vulnerability wait a week or two to see if other users are experiencing problems.
  2. Check your Malware:  This is the time to check or add malware protection for your computers.
  3. Consider DuckDuckGo Search Engine: Google uses what is called “cookies” to track your searches and purchases.  Consider adding or using DuckDuckGo in addition to or in lieu of Google.  While Google is the superior search engine, DuckDuckGo does NOT track any of your queries.
  4. Hover Over Email Sources Before Opening: Scammers have gotten more sophisticated using emails and texts.  Take your mouse or trackpad and “hover over” the email sender to see if you recognize the email address before opening and responding.

The bottom line is if one company’s “single content update” software bug can trigger a “worldwide internet outage,” then back up and checks and balances measures need to be taken immediately!