Jump to content
  • Global Computer Outages Reveal Vulnerabilities of Internet Centralization

    aum

    • 200 views
    • 6 minutes
     Share


    • 200 views
    • 6 minutes

    As the world’s communications and operations become more concentrated among a handful of tech oligopolies, they become both more efficient and more vulnerable.

     

    This became apparent last week as an antivirus software update issued on the evening of July 18 by CrowdStrike, a security software company, caused more than a billion Windows-based computers to cease to function, taking down essential operations at airports, hospitals, 911 centers, police departments, trains, jails, and other municipal services, as well as corporate operations.

     

    Appearing exhausted at times, CrowdStrike CEO George Kurtz spent July 19 issuing apologies on X and in television interviews, attempting to explain the error and the company’s efforts to resolve it.

     

    “This was not a cyberattack,” Mr. Kurtz stated on the company’s website, explaining that the outage was caused by a defect in a software update for Windows in a security system called Falcon, which CrowdStrike produces.

     

    “All of CrowdStrike understands the gravity and impact of the situation,” he stated. “We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”

     

    But many, including White House officials, were not reassured. Concerns were raised among government officials regarding public safety and national security.

     

    A senior administration official stated on July 19 that “the White House has been convening agencies to assess impacts to the U.S. government’s operations and entities around the country.

     

    “The White House is in regular contact with CrowdStrike’s executive leadership and tracking progress on remediating affected systems,” the official stated.

     

    After tens of thousands of flights were delayed on Friday, airline service was largely restored by the weekend, as other services came back online. But because the software update took out individual computers, many have had, or still will have, to be restored individually and manually.

     

    Tech analysts say the evolution of computer-based operations from Local Area Networks (LANs) to the cloud, in a process termed internet centralization, combined with the consolidation of these operations among a handful of tech oligopolies, has heightened the risk of events like this occurring, according to a post on LinkedIn by Net Expert Solutions. Where operations were once conducted on locally managed systems, today they are integrated and linked together through centralized “nodes.”

     

    “Today, there’s only three companies that control global access to internet trade and commerce, and that’s Alphabet—the parent company of Google—Microsoft, and Apple,” Rex Lee, a security advisor to companies, government agencies, and lawmakers, told NTD. “And the vulnerabilities within that are single choke points throughout the network that can take down millions of customers.”


    CrowdStrike’s Rise to Prominence

     

    Austin, Texas-based CrowdStrike, founded in 2011, provides cloud-based software that protects computer systems against cyberattacks to tens of thousands of companies, organizations, and government agencies around the world, including 300 of the Fortune 500 companies. The company’s software has access to the most central elements of computer operating systems.

     

    The company rose to prominence, offering more nimble, artificial-intelligence-based software, that was seen by many as a better, smarter way to protect operating systems from today’s hackers, who were going beyond circulating computer viruses.

     

    “Today’s sophisticated attackers are going ‘beyond malware’ to breach organizations, increasingly relying on exploits, zero days, and hard-to-detect methods such as credential theft and tools that are already part of the victim’s environment or operating system, such as PowerShell,” CrowdStrike’s website states.

     

    “CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus, endpoint detection and response, cyber threat intelligence, managed threat hunting capabilities and security hygiene—all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.”

     

    As the company’s reputation spread, it was called in by the FBI to help investigate the Sony Pictures hack in 2014, which publicized the company’s confidential internal communications, as well as the hack of the Democratic National Committee in 2016.

     

    CrowdStrike went public in 2019 and its market value exceeded $75 billion, prior to the outages. CrowdStrike’s share price dropped more than 12 percent on July 19.

     

    The widespread system failures that occurred this week were the result of a software update that reportedly contained a faulty kernel.

    In the tech world, a kernel, sometimes called the engine of computer operating systems, is a program within the operating system that manages system and coordinates the different processes within the system. If the kernel is outdated, it can leave the operating system vulnerable to outside tampering; if it malfunctions, the entire operating system may malfunction along with it.

     

    Tech analyst and actor Waseem Mirza noted the irony of the latest failure.

     

    “For me, it’s a little bit ironic that we’re always warning about the potential for cybersecurity actors, and in this case we’re talking about the very people that were supposed to protect the world actually being the root cause of it,” Mr. Mirza told NTD.

     

    The extent of the damage from this single outage has yet to be fully assessed, but analysts say it will be substantial.

     

    “They’re saying that this isn’t a cybersecurity attack, but it had the same net result as a cybersecurity attack, and that bad kernel caused over a billion computers to lose access to back office systems,” Mr. Lee said. “We’re talking about government agencies, we’re talking about Fortune 500 business, airlines … the cascading effects of this are unbelievable.

     

    “If you look at the critical infrastructure that’s being affected, this is actually going to cause harm and people may be dying as a result of this, because first responders are being affected, hospitals are being affected,” Mr. Lee said.

     

    “We won’t know the total damage from all this, but it’s going to go down in history as the largest mistake and/or outage in the history of the internet.”

     

    “This is basically what we were all worried about with Y2K, except it’s actually happened this time,” Troy Hunt, a regional director at Microsoft, wrote on social platform X.

     

    He also noted that “this will be the largest IT outage in history.”

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...