What We Can Learn from the Global Microsoft Outage?
Bappa Sinha
A GLOBAL IT outage on July 19th, 2024, affected more than 8.5 Million Microsoft computers worldwide, disrupting airlines, hospitals, banks, train services, and even government agencies. The outage was caused by a faulty update from the cybersecurity provider, CrowdStrike, which caused Microsoft Windows machines to crash and get stuck in the infamous “blue screen of death” booting loop. Interestingly, the global disruption wasn't caused by cyber-attacks from hostile hackers but by the cybersecurity firm whose product was meant to prevent such attacks.
This is not the first time that CrowdStrike CEO George Kurtz has been involved in a global IT disaster. In 2010, antivirus company McAfee released an update that caused millions of Microsoft Windows machines to crash globally. George Kurtz was McAfee’s CTO at that time. McAfee’s reputation took such a hit that it had to end up selling itself. George Kurtz resigned from McAfee and went on to start another cybersecurity company, CrowdStrike. Clearly, last week’s events show that Mr Kurtz, Microsoft, the tech community and regulators didn't learn much from the 2010 disaster and the mistakes were repeated to cause another such global outage.
CrowdStrike was involved in investigating the now discredited “Russian Election Interference” case. In 2016, Democratic National Committee servers and Hillary Clinton’s campaign chair’s emails were hacked. These emails ended up with WikiLeaks which published them causing major embarrassment to Hillary Clinton as they exposed the disingenuous and cynical nature of her presidential campaign and her direct involvement with the US invasion of Libya, leading to charges of Russian interference from her and the democrats. CrowdStrike had claimed to have found evidence of Russian hacking attempts. The Steele dossier which officially laid the grounds for the “Russian interference” allegations and FBI investigations has now been thoroughly debunked. Earlier this year, CrowdStrike CEO also made claims of hacking attempts by the Chinese state actors. CrowdStrike has strong ties with several Israeli cybersecurity firms.
Perhaps having such powerful friends in the political and intelligence establishment provides CrowdStrike with immunity from regulatory authorities over its negligence. As per CrowdStrike's contract, its liability for causing such a global disruption is limited to a simple refund of the fees paid for its software. Such was their casual attitude to this incident that they even offered $10 Uber Eat gift cards to “teammates and partners” for “the additional work that the July 19 incident has caused.”
Microsoft also shouldn't escape blame for these repeated incidents involving its software. The CrowdStrike update didn't affect Linux servers. The free and open-source Linux software has a proven record of being more stable and secure than the expensive operating system software provided by Microsoft, which has a near monopoly in the personal computer space. The fact that Linux is open source allows for more rigorous scrutiny of its software while Microsoft’s proprietary nature, the need to support legacy code and various surveillance features that snoop on user activity and report back to the company, result in their software being more vulnerable to attacks.
The widespread global impact of a single faulty update also highlights the risks involved in our near-total dependence on software and cloud services provided by US technology monopolies such as Microsoft, Google, Apple, Amazon and Facebook. These companies today provide services on which most of our critical services rely, such as government services, banking, telecommunications, health care, power distribution, airlines, trains and other transportation services. Not only should we worry about the impact of inadvertent outages and faults in these products and services but given the US Government’s total control over their tech companies, the threat to national sovereignty from an over-dependence on such companies also needs to be considered.
The Snowden revelations on the US National Security Agency’s (NSA’s) activities along with WikiLeaks’ Vault 7 documents about the CIA’s global hacking program clearly show the extent of US surveillance reach and control over technology products and services. According to Snowden documents released in 2013, the NSA runs a programme codenamed ‘BULLRUN’ whose explicit mandate is to undermine encryption and secure communications by working to undermine encryption standards and working with companies to install “backdoors” in their products. Every conceivable technology product such as communication equipment, encryption software, operating systems like Microsoft, Apple, Android, etc., and popular internet services like Google, Amazon, Facebook, etc. have backdoors for the US Intelligence to snoop over and control their products and services.
Wikileaks “Vault 7” documents released in 2017, exposed the CIA’s covert global hacking programme. These documents revealed that the CIA had built a programme parallel to the NSA whose scope matched, if not exceeded, the NSA programme. This program “had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponised” malware.” These tools can target smartphones such as iPhones and Android phones, iPads and smart-TVs to effectively convert them into listening devices. Vehicle control systems in modern cars and trucks could also be hacked. The CIA had developed techniques to “bypass the encryption of WhatsApp, Signal, Telegram, etc., by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied.” The program developed tools to attack operating systems such as Windows as well as Internet routers.
The US government can at the drop of a hat not just impose economic sanctions on a country, as witnessed against Russia, but also cripple the digital infrastructure on which many of our critical services rely, bringing a country to its knees. Thus given the importance of technology in today’s world it becomes imperative for countries, in order to maintain their independence, to invest in developing their own homegrown technology supply chains as far as possible.