A sloppy update to software made by US cybersecurity giant CrowdStrike has taken PCs and servers used by airlines, railways, banks, broadcasters and even medical facilities around the world offline. For anyone following US politics over the past decade or so, the company’s name should be eerily familiar.
CrowdStrike is making global headlines (and causing global headaches) this week after an update released Friday morning afflicted thousands of corporate machines running Microsoft products with the infamous blue screen of death error.
While the company has already put out a fix, the buggy update is expected to cause billions of dollars and hours in lost productivity, and experts say it may take “weeks” for businesses and governments worldwide to fully recover.
But behind the company’s reputation as a major provider of endpoint security products is the odd routineness of its name popping up in US politics.
During the 2016 US presidential election, the Clinton campaign asked none other than CrowdStrike for help investigating the hack attack against the Democratic National Committee – which had revealed embarrassing info about the party’s efforts to rig the nomination process in Mrs. Clinton’s favor.
CrowdStrike’s probe gave rise to the very first claims that Russia was behind the DNC hack, and the company provided its “forensic evidence and analysis” to the FBI, starting the ball rolling on the Russiagate conspiracy theory that Donald Trump was colluding with Russia to “steal” the election.
CrowdStrike made its trading debut on the Nasdaq in June after pricing its IPO at $34 a share – Sputnik International, 1920, 24.03.2020
Nothing Burger? How CrowdStrike’s Meteoric Rise Was Triggered by Fake “Russia-Hacked-DNC” Story
24 March 2020, 15:00 GMT
CrowdStrike executive Shawn Henry admitted under oath in congressional testimony in 2017 that the company had no “concrete evidence” to back up its “Russian hackers” story, but by that point it was too late, and Trump would spend virtually the entirety of his term in office dogged by the “collusion” claims.
CrowdStrike’s name also came up in the infamous 2019 phone call between Trump and Volodymyr Zelensky, with the then-US president asking Zelensky to “do us a favor” and “find out what happened” with CrowdStrike’s server, which Trump said was in Ukraine.
The Trump team was convinced that CrowdStrike planted evidence on the DNC server to frame Russia while covering up Ukraine’s own efforts to “weaken the Trump bandwagon” during the 2016 race. Democratic politicians and anti-Trump media dismissed the president’s suspicions as groundless.
The Trump-Zelensky phone call, in which he also asked Kiev to look into then former vice president Joe Biden’s role in firing of a prosecutor probing his son Hunter Biden’s alleged corrupt activities while working for Ukrainian energy company Burisma, wound up sparking the first Trump impeachment in 2019.
CrowdStrike was also one a handful of firms tapped by the US Cybersecurity and Infrastructure Security Agency in 2021 to work out a ‘whole-of-nation’ cyber defense plan. The initiative has been criticized as an attempt to strengthen the US intelligence and Big Tech’s surveillance powers using cybersecurity as a cover.
Surveillance – Sputnik International, 1920, 07.08.2021
How New Alliance of US Spooks & Big Tech Using ‘Russia Bugaboo’ to Amplify Surveillance Powers
7 August 2021, 14:00 GMT
The same year, CrowdStrike CEO George Kurtz blamed Russian hackers for the 2020 SolarWinds hack attack on the US Federal Government, but curiously admitted the company had no information of its own “to corroborate that finding.”
‘PR Nightmare’
“The PR aspect is of course a nightmare for CrowdStrike,” veteran independent cybersecurity expert Lars Hilse told Sputnik, commenting on Friday’s outage and the impact it’s had on the company’s image and stock price.
CrowdStrike’s market cap plunged by $12.5 billion, and its CEO George Kurtz saw over $320 million shaved from his personal fortune. The company stock’s price fell from about $343 to $302 per share, signaling that about 12 percent of the company’s market value has been wiped out.
Interestingly, not everyone in the company came out of the outage in the red, with Chief Security Officer Shawn Henry selling off 4,000 shares of CrowdStrike Holdings’ common stock on July 15 for $371.32 per share, or $1.49 million total, according to Security and Exchange Commission data.
Hilse says the main “lesson” from the CrowdStrike mess will be the demand that cybersecurity companies improve testing before rolling out critical updates – something especially important if they’re done as “a single update being pushed to a plethora of customers running cloud-based solutions, including those responsible for the flawless operation of critical infrastructure like airports, banks, etc.”
Lines with digits on computer and laptop screens. – Sputnik International, 1920, 19.07.2024
Russia Unaffected as Mass IT Outage Hits Companies Worldwide
“With increasing reliance on technology comes exponentially increasing impact on society if these technologies fail, whether through a deliberate/targeted attack, or a faulty piece of software, like in this case,” Hilse emphasized.
Russian cybersecurity specialist Alexei Lukatskiy told Sputnik Russia has been able to dodge CrowdStrike bullet thanks to strong homegrown cybersecurity companies. Friday’s outages thus serves as another important “lesson” for Russia, which has been “gradually switching away from products by foreign vendors to Russian ones,” that it’s on the right track, he said.
Another important takeaway, according to Lukatskiy, is the modern world’s increasingly critical level of dependence on computers. “IT has penetrated into a wide array of different areas, and the owners of companies working in critical industries must understand all the consequences and evaluate the unacceptable events that may occur due to the seeming failure of an ordinary computer…,” he said.
Kaspersky Lab office in Moscow – Sputnik International, 1920, 21.06.2024
US Ban on Use of Kaspersky Lab’s Software to Lead to Increase in Cybercrimes – Company
21 June, 00:29 GMT
By Ilya Tsukanov
Published by Sputnik Globe
Republished by The 21st Century
The views expressed in this article are solely those of the author and do not necessarily reflect the opinions of 21cir.com