.jpg)
Written By - Pranav A (Senior Columnist)
If you ever ask a 9-5 corporate employee what their favourite day of the week is, you will expect an internationally religious answer as “Friday”. The reason is pretty self-explanatory: while employees were working on their last trick for the week, scheming plans and chores for the weekend, little did they expect Microsoft to have other plans for them. What seemed like a panic attack turned out to be a global tech epidemic; however, once the employees realised that the day was turning out to be an unannounced extension of the weekend, one could relate this feeling to that of schoolchildren suddenly hearing about an unexpected holiday, declared for the most abrupt of reasons.
On July 19, 2024, the tech giant Microsoft initiated an unsolicited global off-day for the corporate world as their products displayed the Blue Screen of Death (BSOD), along with an error. Millions, if not billions, of computers around the world were victims of this outage, thanks to an update pushed by enterprise cyber security firm CROWDSTRIKE. Hospitals were unable to treat their patients, banks were unable to transfer their customers money, and air passengers had their boarding pass handwritten. Pundits working in the field of information technology are even claiming it to be the biggest IT outage in history. What caused this outage? Who were the ones behind this technical disaster? This article is an investigative attempt to answer these questions in the most straightforward way possible without perplexing the readers with technical jargon.
The centre of this mass glitch is linked to CrowdStrike. A huge number of Fortune 500 companies use CrowdStrike for cyber security. Its primary product is a censor called “The Falcon” a tool that provides endpoint protection using artificial intelligence and analytics to detect threats in real time. The Falcon censor is installed as regular software but later integrates itself with the operating system at a low level, often using kernel mode drivers, and basically sits in the background looking for anomalies. Kernel-mode drivers act as specialised programmes running behind the scenes. These drivers utilise this privileged access to kernel mode and use specialised tools to handle complex interactions between everyday programmes and devices, like printers. They essentially mediate communication, ensuring everything runs smoothly without the user needing to understand the intricate details of the hardware. So bottom line, the falcon censor is third-party software that sits in the critical path of a computer, which means if it fails, the entire computer might fail. That is exactly what happened during the outage.
The issue started when an automated update referred to as “Channel File 291” was pushed to systems running Falcon Sensor for Windows on the night of July 18. This update contained a bad code, which defeated its initial purpose of improving protection against alien cyberattack methods but inadvertently caused a crash in the operating system of the affected devices. Since matters had collapsed until kernel mode, for systems to return to their original state, they needed to get the update removed manually, and since employees do not have access to do that on their own, the IT personnel of every company have to manually remove it. So, the work of an IT personnel was equivalent to that of a surgeon on the battlefield of World War I.
To understand this in a more simplified version, Imagine having a new security feature on your phone. After the installation, a part of the phone’s settings are now messed up, and the apps on the phone stop working correctly. The security update, which was meant to keep the phone safe but accidentally caused problems instead. The issue however, was fixed, as both Microsoft and CrowdStrike acted swiftly to mitigate the chances of harm. CrowdStrike CEO George Kurtz, soon after the issue escalated, tweeted, “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed.”
But the consequences, however, cannot be overlooked. Affecting over 8.5 million systems worldwide, around 3000 flights were cancelled, and supplies were delayed due to the anxiety of the impact. The incident was nothing short of a giant tsunami wave that hit all the sectors. Finance giants like JP Morgan Chase and Goldman Sachs faced setbacks in internal communication and trading platforms reliant on Microsoft’s infrastructure that were inaccessible. Other giants from different sectors, such as Walmart, Amazon, AT&T, Disney, Netflix, and United Health Group, were among the notable companies that were affected. Contemplating the outright chaos caused, the US Senate has summoned CEO George Kurtz to testify about what caused the global IT outage in front of a panel of top House lawmakers. CrowdStrike too has been severely affected by their stock price, which was trading at almost $338 per share last Thursday. On Friday, shares fell to $294 per share, and as of Tuesday morning, they are trading at around $264. That’s a decline of roughly 22%.
Although what we have here is a situation where the cure is more harmful than the disease, Public mega corporations are under a tonne of pressure to secure their computer systems and are constantly audited by third parties. Companies in the Fortune 500, for example, don’t go out and hire a team of hundred cyber security professionals; instead, they’ll pay a company like CrowdStrike a few millions of dollars per year to figure out cyber security for them. This gives them someone else to blame if their systems get hacked. What everyone fails to realise, though, is that giving one company kernel access to the computers of most Fortune 500 companies might actually be a bad idea because it only takes one automatic update with a misplaced 0 to nearly destroy the entire world.
Comments