Monday, July 22, 2024

Conspiracy theories take off after global IT crash

From fearmongering about a looming “World War III” to false narratives linking a cabal of global elite to a cyberattack, a torrent of online conspiracy theories took off Friday after a major IT crash.

Airlines, banks, TV channels and financial institutions were engulfed in turmoil after the crash, one of the biggest in recent years that was the result of a faulty software update to an antivirus program operating on Microsoft Windows.

The proliferation of internet-breaking conspiracy theories on social media platforms — many of which have removed guardrails that once contained the spread of misinformation — illustrates the new normal of information chaos after a major world event.

The outage gave way to a swirl of evidence-free posts on X, the Elon Musk-owned site formerly known as Twitter, that peddled an apocalyptic narrative: The world was under attack by a nefarious force.

“I read somewhere once that ww3 (World War III) would be mostly a cyber war,” one user wrote on X.

The IT crash also stirred up an unfounded theory that the World Economic Forum — long a magnet for wild falsehoods — had plotted a global cyberattack.

To make that theory appear credible, many posts linked an old WEF video that warned about the possibility of a “cyberattack with Covid-like characteristics.”

The video, available on the WEF’s website, had cautioned that the only way to stop the exponential spread of the cyber threat would be to disconnect millions of vulnerable devices from each other and the internet.

– ‘Sad testament’ –

The WEF has long been a target for conspiracy theorists pushing the idea of a shadowy cabal of elites working for private gain under the garb of solving global issues.

Also gaining rapid traction online were conspiratorial posts using the hashtag “cyber polygon,” a reference to a global training event aimed at preparing for potential future attacks.

“The proliferation of conspiracy theories in the wake of major global events such as the outage is a sad testament to the volatile nature of the information ecosystem,” Rafi Mendelsohn, vice president at the disinformation security company Cyabra, told AFP.

“What is unique to events like these is how social media platforms, forums, and messaging apps facilitate the rapid dissemination of content, allowing theories to gain traction quickly and reach a global audience.”

The trend demonstrates the ability of falsehoods to mutate into viral narratives on tech platforms, which have scaled back content moderation and reinstated accounts that are known purveyors of misinformation.

During fast-developing news events, confusion now often reigns on major tech platforms, with users scrambling to obtain accurate information in what appears to be a sea of false or misleading posts that rapidly gain traction.

– ‘Nefarious motives’ –

“This poses the larger question of combatting mis- and disinformation,” Michael W. Mosser, executive director of the Global Disinformation Lab at the University of Texas at Austin, told AFP.

“The level of trust that is required to accept information from reputable sources has declined to such an extent that people are more willing to believe wild conspiracies that ‘must be true’ rather than the factual information relayed to them.”

The global outage, which brought myriad aspects of daily life to a standstill and sent US stocks falling, was linked to a bug in an update to an antivirus program for Windows systems from American cybersecurity group CrowdStrike.

Assurances by the Austin-based company’s chief executive, George Kurtz, that CrowdStrike had rolled out a fix and was “actively working” to resolve the crisis did little to stem the spread of online conspiracies.

“Combatting this misinformation with factual rebuttals is difficult, because the issue is so technical,” Mosser said.

“Explaining that the fault was in an improperly configured system file and that a fix is in process may be accurate, but it is not believed by those who are predisposed to see nefarious motives behind failures.”

by Anuj CHOPRA


A Day the Digital World Stood Still: Lessons from the Microsoft and CrowdStrike Crisis

In an era where our lives are increasingly intertwined with technology, the seamless functioning of our digital tools often goes unnoticed.


BYTUHU NUGRAHA
JULY 22, 2024

Multiple blue screens of death, caused by an update pushed by CrowdStrike, on airport luggage conveyer belts at LaGuardia Airport, New York City. Image source: Wikipedia


Authors: Tuhu Nugraha and Raditio Ghifiardi*

In an era where our lives are increasingly intertwined with technology, the seamless functioning of our digital tools often goes unnoticed. However, a single disruption can ripple across the globe, highlighting the fragility of our digital ecosystem. Such was the case in July 2024, when tech giants Microsoft and CrowdStrike faced an unprecedented challenge that served as a stark reminder of our digital dependency. Microsoft estimated that approximately 8.5 million computers worldwide were disabled by a major IT outage, triggered by a software update from CrowdStrike, a leading global cybersecurity firm.

The update caused system problems that grounded flights, forced broadcasters off the air, and left customers without access to essential services such as healthcare and banking. Microsoft stated that the error affected approximately one percent of Windows computers globally. This article recounts the events that unfolded and the lessons learned from this crisis.

Act 1: The Calm Before the Storm

The day began like any other. Businesses were bustling, airlines were gearing up for a busy day of travel, and financial markets were buzzing. Unbeknownst to many, a storm was brewing in cyberspace that would soon disrupt the status quo.

Act 2: The First Tremors

The crisis began with scattered reports of issues with Microsoft’s Azure platform. Users in the United States experienced trouble accessing critical applications. The situation escalated quickly, causing significant disruptions. Airlines felt the impact first, with major carriers grounding flights. The Federal Aviation Administration (FAA) confirmed the outage affected all airlines nationwide, causing chaos in airports. The disruption spread, halting trading at the London Stock Exchange and causing widespread issues for UK railway companies and the media sector.

Act 3: A Second Blow

While the world was grappling with Microsoft’s outage, CrowdStrike, a leader in cybersecurity, faced its crisis. A defect in a recent content update for Windows hosts caused widespread operational disruptions. Businesses relying on CrowdStrike’s Falcon platform found themselves vulnerable, scrambling to secure their networks and mitigate the impact.

Act 4: The Global Impact

The digital earthquake had far-reaching consequences. Air traffic ground to a halt at Berlin’s Brandenburg Airport, and financial institutions worldwide faced interruptions, causing ripples in global markets. No sector was left untouched due to the interconnectedness of our digital world. The stock market reacted swiftly, with Microsoft’s stock price plummeting nearly 10% and CrowdStrike’s shares also taking a significant hit.

Act 5: The Heroes Emerge

In the face of adversity, the response from Microsoft and CrowdStrike was nothing short of heroic. Engineers and IT professionals worked tirelessly to resolve the crises. Microsoft’s Azure team rerouted traffic to alternative systems, while CrowdStrike’s experts rolled out patches and updates to stabilize their clients’ environments. AI and machine learning played a crucial role in recovery. Microsoft’s AI-driven monitoring systems quickly identified anomalies, and CrowdStrike’s machine learning algorithms detected and isolated the defective update. Generative AI also contributed by generating real-time insights and predictive models, allowing teams to proactively address issues before they escalated.

Act 6: The Road to Recovery

As the dust settled, the world began to take stock of the events. The immediate crisis was over, but the journey to full recovery and rebuilding trust had just begun. Both Microsoft and CrowdStrike committed to enhancing their testing protocols, investing in more robust infrastructure, and implementing advanced monitoring systems to prevent future incidents.

However, as the affected organizations worked on recovery, cybercriminals sought to exploit the chaos. Reports emerged of hackers launching email scams and phishing attacks, preying on the fear and confusion caused by the crisis. These malicious actors sent fraudulent emails pretending to be from Microsoft or CrowdStrike, tricking users into revealing personal information or paying for fake services to fix non-existent issues. The influx of such attacks highlighted the need for heightened awareness and vigilance among users.

Act 7: A New Dawn

In the aftermath of the crisis, the tech industry undertook a critical reassessment of its practices. Companies globally began investing in more rigorous testing environments, embracing chaos engineering practices, and refining their incident response strategies. AI and generative AI technologies played pivotal roles in enhancing resilience and adaptability.

Both Microsoft and CrowdStrike reaffirmed their commitment to customers and the integrity of the digital infrastructure. They also are advised to explore safer programming languages like Rust, known for its memory safety features, to replace traditional languages like C++ that are more prone to vulnerabilities.

Visual Comparison:

The following chart illustrates the number of vulnerabilities found in C++ compared to Rust. As shown, Rust has significantly fewer vulnerabilities, underscoring its potential for building more secure software systems.

Expert Insight:

Bruce Schneier, An internationally renowned security technologist and author of numerous books on computer security and cryptography. His blog and books, such as “Data and Goliath” and “Liars and Outliers,” are highly regarded in the industry. He emphasizes the importance of adopting safer programming languages: “In today’s cybersecurity landscape, reducing the attack surface is crucial. Languages like Rust, with built-in memory safety, are a significant step forward in preventing vulnerabilities that are common in C++.”

Real-World Application:

For example, Microsoft has already begun integrating Rust into some of its critical systems, showcasing a proactive approach to enhancing software security. By transitioning from C++ to Rust, Microsoft aims to minimize vulnerabilities and improve the reliability of its software products. These changes mark a significant shift towards more secure and resilient digital infrastructures, demonstrating the industry’s dedication to preventing future crises.

Lessons Learned

The events of July 2024 serve as a stark reminder that even the most robust systems can fail, underscoring the necessity of having contingency plans to expect the unexpected. In times of crisis, collaboration across multiple disciplines is crucial. IT and cybersecurity teams must work together with AI and machine learning experts to utilize real-time monitoring, anomaly detection, and predictive analytics to identify and mitigate issues swiftly. Transparent communication is vital, and PR teams must ensure stakeholders are informed with regular updates and detailed explanations.

In addition, legal and compliance teams should be involved to anticipate and manage potential class action lawsuits from affected consumers. Risk management professionals must analyze incidents thoroughly to identify root causes and implement measures to prevent future occurrences. Continuous improvement should be a shared goal, using incidents as learning opportunities to strengthen systems and processes. This multi-faceted approach, involving IT, cybersecurity, PR, risk management, legal, and compliance teams, ensures a comprehensive and resilient response to digital crises.

Step-by-Step Guidance for Crisis Management

Managing a crisis requires comprehensive step-by-step guidance. First, during the Immediate Response phase, teams must promptly identify and assess the scope of the issue, communicate clearly with affected parties, and implement temporary fixes to contain the problem. Next, during the Stabilization phase, teams should work on permanent solutions, provide continuous updates to stakeholders, and offer support and compensation where necessary.

In the Recovery and Prevention phase, it is crucial to analyze the incident to understand its root cause, enhance testing protocols and infrastructure, and invest in advanced monitoring and response systems. Fostering a culture of continuous improvement and innovation is also essential. Incorporating AI and Generative AI becomes critical in this crisis. Using AI for predictive analytics and real-time monitoring and implementing Generative AI tools for simulations and stress tests, should be done continuously to adapt AI models to new threats and challenges.

From a cybersecurity perspective, collaboration between IT and cybersecurity teams is vital. However, the perspective of public relations and communication must also be considered. The PR team should ensure transparent and regular communication with stakeholders, including shareholders, providing detailed updates on the issues and steps being taken to resolve them. A good communication strategy will help restore reputation and public trust after the incident.

Restoring reputation and public trust requires a holistic approach. In addition to open communication, offering adequate customer support and compensation can help alleviate customer anxiety. Engaging stakeholders in the recovery process through open dialogue and transparency about future prevention measures is also crucial. This engagement should be carried out through multiple media channels to ensure comprehensive reach and impact:

  1. Press Releases and Media Briefings: Regularly updated press releases and media briefings can provide the public and stakeholders with the latest information, ensuring transparency.
  2. Social Media Platforms: Utilize platforms like Twitter, LinkedIn, and Facebook to share real-time updates and engage directly with the community. Social media allows for immediate dissemination of information and interactive communication.
  3. Company Website and Blogs: Create a dedicated section on the company website for crisis updates. Regular blog posts can offer in-depth explanations of the steps being taken and future prevention plans.
  4. Email Newsletters: Send detailed email newsletters to stakeholders, including shareholders, customers, and partners. This ensures that critical information reaches those directly impacted by the crisis.
  5. Webinars and Virtual Town Halls: Host webinars and virtual town halls to engage stakeholders directly. These forums allow for real-time interaction, addressing concerns and questions from stakeholders.
  6. Customer Service Channels: Enhance customer service support through hotlines, chatbots, and email support to address individual concerns and provide personalized assistance.
  7. Industry Conferences and Public Forums: Participate in industry conferences and public forums to discuss the incident, share lessons learned, and demonstrate the company’s commitment to transparency and improvement.

By utilizing these various media channels, organizations can maintain an open dialogue with stakeholders, rebuild trust, and demonstrate their commitment to future resilience and improvement. This multi-faceted communication strategy ensures that all stakeholders are informed, involved, and reassured throughout the recovery process.

Conclusion and Future Outlook

The events of July 2024 serve as a powerful reminder of the vulnerabilities inherent in our digital world. Despite the significant advancements in technology and cybersecurity, even the most robust systems can fail, leading to widespread disruptions. The Microsoft and CrowdStrike crisis underscored the importance of having comprehensive contingency plans, robust infrastructure, and the ability to adapt swiftly to unforeseen challenges.

In the immediate aftermath, both Microsoft and CrowdStrike demonstrated exemplary crisis management by working tirelessly to resolve the issues and restore services. Their commitment to enhancing testing protocols, investing in advanced monitoring systems, and adopting safer programming practices like using Rust over C++ showcases a proactive approach to mitigating future risks.

However, the journey towards a more secure digital future extends beyond immediate recovery. The tech industry must embrace continuous improvement and innovation to build resilience against evolving threats. This involves not only enhancing technical measures but also fostering a culture of collaboration across disciplines. IT and cybersecurity teams must work together with AI experts, risk management professionals, and public relations teams to create a holistic approach to crisis management.

Looking ahead, several key areas demand attention to strengthen our digital ecosystem:

  1. Enhanced Testing and Simulation:
  2. Rigorous Testing: Companies should invest in more comprehensive testing environments that simulate real-world scenarios to identify potential vulnerabilities before they escalate.
  3. Chaos Engineering: Embracing chaos engineering practices can help organizations understand how systems behave under stress, allowing them to build more resilient infrastructures.
  • Advanced Monitoring and AI Integration:
  • Real-time Monitoring: Implementing advanced monitoring systems that leverage AI and machine learning can help detect anomalies early and respond swiftly.
  • Predictive Analytics: Utilizing AI for predictive analytics can provide insights into potential future threats, enabling proactive measures.
  • Adoption of Safer Programming Languages:

Transition to Rust: Encouraging the adoption of safer programming languages like Rust, known for its memory safety features, can significantly reduce vulnerabilities in software systems.

  • Holistic Crisis Management:
  • Multi-Disciplinary Collaboration: Building a crisis management framework that involves IT, cybersecurity, PR, legal, and risk management teams ensures a comprehensive response to incidents.
  • Transparent Communication: Maintaining open and transparent communication with stakeholders, including customers, partners, and the public, helps rebuild trust and mitigate reputational damage.
  • Continuous Improvement and Innovation:
  • Learning from Incidents: Treating every incident as a learning opportunity to strengthen systems and processes is crucial. Organizations should regularly review and update their crisis management strategies.
  • Investing in Research: Ongoing investment in research and development to explore new technologies and methodologies for enhancing digital security is essential.

The July 2024 crisis was a wake-up call for the tech industry, highlighting the need for robust preparedness and continuous evolution. By learning from this incident and implementing the lessons learned, we can build a more resilient and secure digital future. As technology continues to advance, so must our strategies for safeguarding the digital world we rely on.

*Raditio Ghifiardi is an acclaimed IT and cybersecurity professional and future transformative leader in AI/ML strategy. Expert in IT security, speaker at global and international conferences, and driver of innovation and compliance in the telecom and banking sectors. Renowned for advancing industry standards and implementing cutting-edge security solutions and frameworks.

Tuhu Nugraha
Tuhu Nugraha
Digital Business & Metaverse Expert Principal of Indonesia Applied Economy & Regulatory Network (IADERN)
CrowdStrike: Accidents and Designs

By Edward Lucas
July 21, 2024

Last week’s meltdown is an overdue reminder of our wider vulnerability to cyberattack.




Fragility is dangerous. That is the lesson of last week’s computer meltdowns. The culprit was a carelessly written update to CrowdStrike’s widely used Falcon Sentinel cybersecurity software. It crashed millions of Windows computers, causing caused chaos in air transport, financial services and health-care, at great financial and human cost.

But it could have been far worse. Few users realize that allowing automatic updates means their computers and other devices are, in effect, remote-controlled. In other—nefarious—contexts, we would call the mass hijacking of computers a botnet. These are at the heart of the cybercrime industry. In May the US Justice Department and the FBI arrested a Chinese national, YunHe Wang, who had illegally and secretly gained control of millions of computers around the world that ran Windows software. He then rented them out to cybercriminals, making nearly $100m, the DOJ says.

Organized crime should be seen as a national security threat. It corrodes public confidence in the integrity of state administration. The Kremlin increasingly outsources its assassination and sabotage campaigns to gangsters.

But far worse would be if China, Russia or Iran were able to turn legitimate software updates into a de facto botnet. By exploiting the trust we have in legitimate software companies, their spies and saboteurs could steal our data, scramble it, or make it inaccessible on computers and networks all over the world.

Western decision-makers and opinion-formers worry a lot about the phantom menace of Russia’s nuclear weapons. We all pay far too little attention to these much more pressing national security threats to the fragile but deeply interconnected computer systems that underpin our economies, public services, and societies.

Few noticed, for example, the most horrifying near-miss in the history of the internet, revealed earlier this year. The target was far less well-known than CrowdStrike or Microsoft. It was the xy compression utility. These open-source tools, written and maintained by volunteers, are the workhorses of the software world. Anyone can inspect them and suggest improvements. If you can gain the trust of other experts, your suggestions will be implemented—and become the building blocks of countless other programs.

We still know startlingly little about the perpetrator of this attack. He or she first emerged in November 2021 making expert contributions to other open-source projects under the username JiaT75. Nobody ever met this person face-to-face or checked their identity, but they gradually took over the job of updating xy, until they were able to issue an update that would have, in effect, made any computer that installed it open to manipulation: a master key, in effect, to hundreds of millions of machines.

By chance, a conscientious Microsoft engineer called Andres Freund noticed that a trial version of xy was using slightly more memory than it should, and was able to diagnose the flaw just before its general release. Few outside the cybersecurity world even noticed.

The sophistication and patience of the attack probably points to the SVR, Russia’s foreign intelligence service. But the clues left could be a clever double-bluff, designed to distract attention from the real culprits: China, Iran or North Korea.

The attacker’s near-success, and the difficulty of attributing it, stems from the same simple fact: the internet was not designed with security in mind. We have no easy way of checking the identity of the people we interact with. And we take most of what arrives on our computers on trust.

That carefree attitude has stoked amazing technological innovation and cut many costs to near-zero. But it comes with huge, hidden costs. We need to update not just our software, but our online security culture.

Edward Lucas is a Non-resident Senior Fellow and Senior Adviser at the Center for European Policy Analysis (CEPA).

Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.

No comments:

Post a Comment