Monday, July 22, 2024

Conspiracy theories take off after global IT crash

From fearmongering about a looming “World War III” to false narratives linking a cabal of global elite to a cyberattack, a torrent of online conspiracy theories took off Friday after a major IT crash.

Airlines, banks, TV channels and financial institutions were engulfed in turmoil after the crash, one of the biggest in recent years that was the result of a faulty software update to an antivirus program operating on Microsoft Windows.

The proliferation of internet-breaking conspiracy theories on social media platforms — many of which have removed guardrails that once contained the spread of misinformation — illustrates the new normal of information chaos after a major world event.

The outage gave way to a swirl of evidence-free posts on X, the Elon Musk-owned site formerly known as Twitter, that peddled an apocalyptic narrative: The world was under attack by a nefarious force.

“I read somewhere once that ww3 (World War III) would be mostly a cyber war,” one user wrote on X.

The IT crash also stirred up an unfounded theory that the World Economic Forum — long a magnet for wild falsehoods — had plotted a global cyberattack.

To make that theory appear credible, many posts linked an old WEF video that warned about the possibility of a “cyberattack with Covid-like characteristics.”

The video, available on the WEF’s website, had cautioned that the only way to stop the exponential spread of the cyber threat would be to disconnect millions of vulnerable devices from each other and the internet.

– ‘Sad testament’ –

The WEF has long been a target for conspiracy theorists pushing the idea of a shadowy cabal of elites working for private gain under the garb of solving global issues.

Also gaining rapid traction online were conspiratorial posts using the hashtag “cyber polygon,” a reference to a global training event aimed at preparing for potential future attacks.

“The proliferation of conspiracy theories in the wake of major global events such as the outage is a sad testament to the volatile nature of the information ecosystem,” Rafi Mendelsohn, vice president at the disinformation security company Cyabra, told AFP.

“What is unique to events like these is how social media platforms, forums, and messaging apps facilitate the rapid dissemination of content, allowing theories to gain traction quickly and reach a global audience.”

The trend demonstrates the ability of falsehoods to mutate into viral narratives on tech platforms, which have scaled back content moderation and reinstated accounts that are known purveyors of misinformation.

During fast-developing news events, confusion now often reigns on major tech platforms, with users scrambling to obtain accurate information in what appears to be a sea of false or misleading posts that rapidly gain traction.

– ‘Nefarious motives’ –

“This poses the larger question of combatting mis- and disinformation,” Michael W. Mosser, executive director of the Global Disinformation Lab at the University of Texas at Austin, told AFP.

“The level of trust that is required to accept information from reputable sources has declined to such an extent that people are more willing to believe wild conspiracies that ‘must be true’ rather than the factual information relayed to them.”

The global outage, which brought myriad aspects of daily life to a standstill and sent US stocks falling, was linked to a bug in an update to an antivirus program for Windows systems from American cybersecurity group CrowdStrike.

Assurances by the Austin-based company’s chief executive, George Kurtz, that CrowdStrike had rolled out a fix and was “actively working” to resolve the crisis did little to stem the spread of online conspiracies.

“Combatting this misinformation with factual rebuttals is difficult, because the issue is so technical,” Mosser said.

“Explaining that the fault was in an improperly configured system file and that a fix is in process may be accurate, but it is not believed by those who are predisposed to see nefarious motives behind failures.”

by Anuj CHOPRA


A Day the Digital World Stood Still: Lessons from the Microsoft and CrowdStrike Crisis

In an era where our lives are increasingly intertwined with technology, the seamless functioning of our digital tools often goes unnoticed.


BYTUHU NUGRAHA
JULY 22, 2024

Multiple blue screens of death, caused by an update pushed by CrowdStrike, on airport luggage conveyer belts at LaGuardia Airport, New York City. Image source: Wikipedia


Authors: Tuhu Nugraha and Raditio Ghifiardi*

In an era where our lives are increasingly intertwined with technology, the seamless functioning of our digital tools often goes unnoticed. However, a single disruption can ripple across the globe, highlighting the fragility of our digital ecosystem. Such was the case in July 2024, when tech giants Microsoft and CrowdStrike faced an unprecedented challenge that served as a stark reminder of our digital dependency. Microsoft estimated that approximately 8.5 million computers worldwide were disabled by a major IT outage, triggered by a software update from CrowdStrike, a leading global cybersecurity firm.

The update caused system problems that grounded flights, forced broadcasters off the air, and left customers without access to essential services such as healthcare and banking. Microsoft stated that the error affected approximately one percent of Windows computers globally. This article recounts the events that unfolded and the lessons learned from this crisis.

Act 1: The Calm Before the Storm

The day began like any other. Businesses were bustling, airlines were gearing up for a busy day of travel, and financial markets were buzzing. Unbeknownst to many, a storm was brewing in cyberspace that would soon disrupt the status quo.

Act 2: The First Tremors

The crisis began with scattered reports of issues with Microsoft’s Azure platform. Users in the United States experienced trouble accessing critical applications. The situation escalated quickly, causing significant disruptions. Airlines felt the impact first, with major carriers grounding flights. The Federal Aviation Administration (FAA) confirmed the outage affected all airlines nationwide, causing chaos in airports. The disruption spread, halting trading at the London Stock Exchange and causing widespread issues for UK railway companies and the media sector.

Act 3: A Second Blow

While the world was grappling with Microsoft’s outage, CrowdStrike, a leader in cybersecurity, faced its crisis. A defect in a recent content update for Windows hosts caused widespread operational disruptions. Businesses relying on CrowdStrike’s Falcon platform found themselves vulnerable, scrambling to secure their networks and mitigate the impact.

Act 4: The Global Impact

The digital earthquake had far-reaching consequences. Air traffic ground to a halt at Berlin’s Brandenburg Airport, and financial institutions worldwide faced interruptions, causing ripples in global markets. No sector was left untouched due to the interconnectedness of our digital world. The stock market reacted swiftly, with Microsoft’s stock price plummeting nearly 10% and CrowdStrike’s shares also taking a significant hit.

Act 5: The Heroes Emerge

In the face of adversity, the response from Microsoft and CrowdStrike was nothing short of heroic. Engineers and IT professionals worked tirelessly to resolve the crises. Microsoft’s Azure team rerouted traffic to alternative systems, while CrowdStrike’s experts rolled out patches and updates to stabilize their clients’ environments. AI and machine learning played a crucial role in recovery. Microsoft’s AI-driven monitoring systems quickly identified anomalies, and CrowdStrike’s machine learning algorithms detected and isolated the defective update. Generative AI also contributed by generating real-time insights and predictive models, allowing teams to proactively address issues before they escalated.

Act 6: The Road to Recovery

As the dust settled, the world began to take stock of the events. The immediate crisis was over, but the journey to full recovery and rebuilding trust had just begun. Both Microsoft and CrowdStrike committed to enhancing their testing protocols, investing in more robust infrastructure, and implementing advanced monitoring systems to prevent future incidents.

However, as the affected organizations worked on recovery, cybercriminals sought to exploit the chaos. Reports emerged of hackers launching email scams and phishing attacks, preying on the fear and confusion caused by the crisis. These malicious actors sent fraudulent emails pretending to be from Microsoft or CrowdStrike, tricking users into revealing personal information or paying for fake services to fix non-existent issues. The influx of such attacks highlighted the need for heightened awareness and vigilance among users.

Act 7: A New Dawn

In the aftermath of the crisis, the tech industry undertook a critical reassessment of its practices. Companies globally began investing in more rigorous testing environments, embracing chaos engineering practices, and refining their incident response strategies. AI and generative AI technologies played pivotal roles in enhancing resilience and adaptability.

Both Microsoft and CrowdStrike reaffirmed their commitment to customers and the integrity of the digital infrastructure. They also are advised to explore safer programming languages like Rust, known for its memory safety features, to replace traditional languages like C++ that are more prone to vulnerabilities.

Visual Comparison:

The following chart illustrates the number of vulnerabilities found in C++ compared to Rust. As shown, Rust has significantly fewer vulnerabilities, underscoring its potential for building more secure software systems.

Expert Insight:

Bruce Schneier, An internationally renowned security technologist and author of numerous books on computer security and cryptography. His blog and books, such as “Data and Goliath” and “Liars and Outliers,” are highly regarded in the industry. He emphasizes the importance of adopting safer programming languages: “In today’s cybersecurity landscape, reducing the attack surface is crucial. Languages like Rust, with built-in memory safety, are a significant step forward in preventing vulnerabilities that are common in C++.”

Real-World Application:

For example, Microsoft has already begun integrating Rust into some of its critical systems, showcasing a proactive approach to enhancing software security. By transitioning from C++ to Rust, Microsoft aims to minimize vulnerabilities and improve the reliability of its software products. These changes mark a significant shift towards more secure and resilient digital infrastructures, demonstrating the industry’s dedication to preventing future crises.

Lessons Learned

The events of July 2024 serve as a stark reminder that even the most robust systems can fail, underscoring the necessity of having contingency plans to expect the unexpected. In times of crisis, collaboration across multiple disciplines is crucial. IT and cybersecurity teams must work together with AI and machine learning experts to utilize real-time monitoring, anomaly detection, and predictive analytics to identify and mitigate issues swiftly. Transparent communication is vital, and PR teams must ensure stakeholders are informed with regular updates and detailed explanations.

In addition, legal and compliance teams should be involved to anticipate and manage potential class action lawsuits from affected consumers. Risk management professionals must analyze incidents thoroughly to identify root causes and implement measures to prevent future occurrences. Continuous improvement should be a shared goal, using incidents as learning opportunities to strengthen systems and processes. This multi-faceted approach, involving IT, cybersecurity, PR, risk management, legal, and compliance teams, ensures a comprehensive and resilient response to digital crises.

Step-by-Step Guidance for Crisis Management

Managing a crisis requires comprehensive step-by-step guidance. First, during the Immediate Response phase, teams must promptly identify and assess the scope of the issue, communicate clearly with affected parties, and implement temporary fixes to contain the problem. Next, during the Stabilization phase, teams should work on permanent solutions, provide continuous updates to stakeholders, and offer support and compensation where necessary.

In the Recovery and Prevention phase, it is crucial to analyze the incident to understand its root cause, enhance testing protocols and infrastructure, and invest in advanced monitoring and response systems. Fostering a culture of continuous improvement and innovation is also essential. Incorporating AI and Generative AI becomes critical in this crisis. Using AI for predictive analytics and real-time monitoring and implementing Generative AI tools for simulations and stress tests, should be done continuously to adapt AI models to new threats and challenges.

From a cybersecurity perspective, collaboration between IT and cybersecurity teams is vital. However, the perspective of public relations and communication must also be considered. The PR team should ensure transparent and regular communication with stakeholders, including shareholders, providing detailed updates on the issues and steps being taken to resolve them. A good communication strategy will help restore reputation and public trust after the incident.

Restoring reputation and public trust requires a holistic approach. In addition to open communication, offering adequate customer support and compensation can help alleviate customer anxiety. Engaging stakeholders in the recovery process through open dialogue and transparency about future prevention measures is also crucial. This engagement should be carried out through multiple media channels to ensure comprehensive reach and impact:

  1. Press Releases and Media Briefings: Regularly updated press releases and media briefings can provide the public and stakeholders with the latest information, ensuring transparency.
  2. Social Media Platforms: Utilize platforms like Twitter, LinkedIn, and Facebook to share real-time updates and engage directly with the community. Social media allows for immediate dissemination of information and interactive communication.
  3. Company Website and Blogs: Create a dedicated section on the company website for crisis updates. Regular blog posts can offer in-depth explanations of the steps being taken and future prevention plans.
  4. Email Newsletters: Send detailed email newsletters to stakeholders, including shareholders, customers, and partners. This ensures that critical information reaches those directly impacted by the crisis.
  5. Webinars and Virtual Town Halls: Host webinars and virtual town halls to engage stakeholders directly. These forums allow for real-time interaction, addressing concerns and questions from stakeholders.
  6. Customer Service Channels: Enhance customer service support through hotlines, chatbots, and email support to address individual concerns and provide personalized assistance.
  7. Industry Conferences and Public Forums: Participate in industry conferences and public forums to discuss the incident, share lessons learned, and demonstrate the company’s commitment to transparency and improvement.

By utilizing these various media channels, organizations can maintain an open dialogue with stakeholders, rebuild trust, and demonstrate their commitment to future resilience and improvement. This multi-faceted communication strategy ensures that all stakeholders are informed, involved, and reassured throughout the recovery process.

Conclusion and Future Outlook

The events of July 2024 serve as a powerful reminder of the vulnerabilities inherent in our digital world. Despite the significant advancements in technology and cybersecurity, even the most robust systems can fail, leading to widespread disruptions. The Microsoft and CrowdStrike crisis underscored the importance of having comprehensive contingency plans, robust infrastructure, and the ability to adapt swiftly to unforeseen challenges.

In the immediate aftermath, both Microsoft and CrowdStrike demonstrated exemplary crisis management by working tirelessly to resolve the issues and restore services. Their commitment to enhancing testing protocols, investing in advanced monitoring systems, and adopting safer programming practices like using Rust over C++ showcases a proactive approach to mitigating future risks.

However, the journey towards a more secure digital future extends beyond immediate recovery. The tech industry must embrace continuous improvement and innovation to build resilience against evolving threats. This involves not only enhancing technical measures but also fostering a culture of collaboration across disciplines. IT and cybersecurity teams must work together with AI experts, risk management professionals, and public relations teams to create a holistic approach to crisis management.

Looking ahead, several key areas demand attention to strengthen our digital ecosystem:

  1. Enhanced Testing and Simulation:
  2. Rigorous Testing: Companies should invest in more comprehensive testing environments that simulate real-world scenarios to identify potential vulnerabilities before they escalate.
  3. Chaos Engineering: Embracing chaos engineering practices can help organizations understand how systems behave under stress, allowing them to build more resilient infrastructures.
  • Advanced Monitoring and AI Integration:
  • Real-time Monitoring: Implementing advanced monitoring systems that leverage AI and machine learning can help detect anomalies early and respond swiftly.
  • Predictive Analytics: Utilizing AI for predictive analytics can provide insights into potential future threats, enabling proactive measures.
  • Adoption of Safer Programming Languages:

Transition to Rust: Encouraging the adoption of safer programming languages like Rust, known for its memory safety features, can significantly reduce vulnerabilities in software systems.

  • Holistic Crisis Management:
  • Multi-Disciplinary Collaboration: Building a crisis management framework that involves IT, cybersecurity, PR, legal, and risk management teams ensures a comprehensive response to incidents.
  • Transparent Communication: Maintaining open and transparent communication with stakeholders, including customers, partners, and the public, helps rebuild trust and mitigate reputational damage.
  • Continuous Improvement and Innovation:
  • Learning from Incidents: Treating every incident as a learning opportunity to strengthen systems and processes is crucial. Organizations should regularly review and update their crisis management strategies.
  • Investing in Research: Ongoing investment in research and development to explore new technologies and methodologies for enhancing digital security is essential.

The July 2024 crisis was a wake-up call for the tech industry, highlighting the need for robust preparedness and continuous evolution. By learning from this incident and implementing the lessons learned, we can build a more resilient and secure digital future. As technology continues to advance, so must our strategies for safeguarding the digital world we rely on.

*Raditio Ghifiardi is an acclaimed IT and cybersecurity professional and future transformative leader in AI/ML strategy. Expert in IT security, speaker at global and international conferences, and driver of innovation and compliance in the telecom and banking sectors. Renowned for advancing industry standards and implementing cutting-edge security solutions and frameworks.

Tuhu Nugraha
Tuhu Nugraha
Digital Business & Metaverse Expert Principal of Indonesia Applied Economy & Regulatory Network (IADERN)
CrowdStrike: Accidents and Designs

By Edward Lucas
July 21, 2024

Last week’s meltdown is an overdue reminder of our wider vulnerability to cyberattack.




Fragility is dangerous. That is the lesson of last week’s computer meltdowns. The culprit was a carelessly written update to CrowdStrike’s widely used Falcon Sentinel cybersecurity software. It crashed millions of Windows computers, causing caused chaos in air transport, financial services and health-care, at great financial and human cost.

But it could have been far worse. Few users realize that allowing automatic updates means their computers and other devices are, in effect, remote-controlled. In other—nefarious—contexts, we would call the mass hijacking of computers a botnet. These are at the heart of the cybercrime industry. In May the US Justice Department and the FBI arrested a Chinese national, YunHe Wang, who had illegally and secretly gained control of millions of computers around the world that ran Windows software. He then rented them out to cybercriminals, making nearly $100m, the DOJ says.

Organized crime should be seen as a national security threat. It corrodes public confidence in the integrity of state administration. The Kremlin increasingly outsources its assassination and sabotage campaigns to gangsters.

But far worse would be if China, Russia or Iran were able to turn legitimate software updates into a de facto botnet. By exploiting the trust we have in legitimate software companies, their spies and saboteurs could steal our data, scramble it, or make it inaccessible on computers and networks all over the world.

Western decision-makers and opinion-formers worry a lot about the phantom menace of Russia’s nuclear weapons. We all pay far too little attention to these much more pressing national security threats to the fragile but deeply interconnected computer systems that underpin our economies, public services, and societies.

Few noticed, for example, the most horrifying near-miss in the history of the internet, revealed earlier this year. The target was far less well-known than CrowdStrike or Microsoft. It was the xy compression utility. These open-source tools, written and maintained by volunteers, are the workhorses of the software world. Anyone can inspect them and suggest improvements. If you can gain the trust of other experts, your suggestions will be implemented—and become the building blocks of countless other programs.

We still know startlingly little about the perpetrator of this attack. He or she first emerged in November 2021 making expert contributions to other open-source projects under the username JiaT75. Nobody ever met this person face-to-face or checked their identity, but they gradually took over the job of updating xy, until they were able to issue an update that would have, in effect, made any computer that installed it open to manipulation: a master key, in effect, to hundreds of millions of machines.

By chance, a conscientious Microsoft engineer called Andres Freund noticed that a trial version of xy was using slightly more memory than it should, and was able to diagnose the flaw just before its general release. Few outside the cybersecurity world even noticed.

The sophistication and patience of the attack probably points to the SVR, Russia’s foreign intelligence service. But the clues left could be a clever double-bluff, designed to distract attention from the real culprits: China, Iran or North Korea.

The attacker’s near-success, and the difficulty of attributing it, stems from the same simple fact: the internet was not designed with security in mind. We have no easy way of checking the identity of the people we interact with. And we take most of what arrives on our computers on trust.

That carefree attitude has stoked amazing technological innovation and cut many costs to near-zero. But it comes with huge, hidden costs. We need to update not just our software, but our online security culture.

Edward Lucas is a Non-resident Senior Fellow and Senior Adviser at the Center for European Policy Analysis (CEPA).

Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.

 

Capitalism And Its Narcissist Culture Of Entitlement – OpEd

Anti-capitalism and anti-globalization banners. Photo by Guillaume Paumier, Wikimedia Commons.


By 

Capitalism, with its inherent culture of psychopathic narcissism, nurtures a pervasive consumerist mindset of entitlement. This parasitic mentality enables capitalist entities to thrive off the value generated by the labour of working individuals. These chronic attitudes, processes, and structural norms are ingrained within society to perpetuate a culture of entitlement unique to capitalist systems based on unearned incomes and profits. Today, this epidemic of entitlement manifests broadly across various societies, shaping the economic, political, cultural and social landscapes.


In capitalist societies, the notion of entitlement extends beyond mere economic gain. It permeates social interactions, influencing how individuals perceive their rights and privileges. The normalisation of this entitlement is evident in the way wealth and resources are disproportionately allocated, consumed and controlled often justifying the exploitation of labour for personal or corporate gain. The entitlement epidemic is not limited to the upper echelons of society. It trickles down, affecting interpersonal relationships, family and community dynamics. The constant pursuit of self-interest, driven by the culture of narcissism, undermines collective well-being and encourages social fragmentation.

The personality traits of narcissism and entitlement are not organically innate; they are products of capitalist socialisation, which instils and perpetuates such values and practices. In a capitalist society, individuals are often encouraged to prioritise self-interest, competition, and material success over communal well-being and cooperation. This environment fosters a sense of entitlement and narcissism, as people are conditioned to view themselves as superior and deserving of special treatment. The focus on personal gain and achievement at the expense of others erodes collective values and promotes a culture where these traits are normalised and even rewarded. The understanding of social roots of narcissism and entitlement is essential for addressing their pervasive influence.

The narcissist culture of entitlement cultivates chronic laziness, selfishness, extreme individualism and various forms of exploitative culture in everyday lives. In this environment, individuals believe they are entitled to reap the benefits of others’ labour without contributing anything themselves. They operate under the assumption that everyone owes them everything, yet they owe nothing to anyone. Limitless self-indulgence continues to be the lifeblood of narcissism and entitlement.

This unchecked pursuit of personal gratification fuels these traits, reinforcing a cycle of selfishness and disregard for others. Narcissistic individuals prioritise their own desires and needs above all else, often at the expense of those around them. Their sense of entitlement drives them to seek constant validation and special treatment, perpetuating a mindset that justifies their actions and attitudes. This relentless focus on self-indulgence not only harms relationships and community dynamics but also undermines the potential for genuine personal growth and fulfilment.

These narcissistic and entitled individuals, groups, and cultures manifest in various forms of delusional self-confidence, often devoid of any real substance in their personal or professional lives. Despite their lack of genuine achievement or merit, they maintain an inflated sense of self-worth, ethics and entitlement. A common thread among all entitled and narcissistic individuals is their parasitic nature. They consistently seek to exploit the efforts and resources of others, displaying a profound lack of empathy and communal responsibility. This parasitism undermines the very fabric of social cohesion, creating an environment where mutual respect and cooperation are eroded.


From grandiose narcissism to vulnerable narcissism and all other forms, these traits persist by projecting either superiority or inferiority. Grandiose narcissists assert their dominance and self-importance, often exhibiting arrogance and an inflated sense of self-worth. In contrast, vulnerable narcissists mask their insecurities and fragility by seeking excessive validation and attention. Both types, along with other variations of narcissism, rely on externalising their self-perception to manipulate how others view them. This projection not only reinforces their self-image but also serves as a defence mechanism against self-reflection and personal growth. 

Narcissists and entitled individuals consistently project their ignorance, incompetence, vulnerabilities and failures onto others, avoiding any form of self-reflection. They engage in relentless blaming, defaming, gaslighting, and manipulation, constantly redirecting every situation back to themselves. Their lack of accountability is coupled with a deep-seated need to control the narrative through falsehoods, making it difficult for others to realise the realities. Such behaviours not only erode trust but also undermines the potential for genuine relationships. It is important to understand these patterns of behaviour for recognising and protecting oneself from such toxic dynamics of capitalist culture. 

Narcissists and their culture of entitlement erode the collective foundations of society, promoting individualism in a way that enables capitalism to thrive without resistance. This shift undermines communal bonds and fosters an environment where personal gain is prioritised over the common good. The resulting fragmentation weakens societal cohesion, making it easier for exploitative systems to perpetuate themselves. 

Moreover, this culture of narcissistic entitlement has broader implications for society. It promotes a mentality where success is measured not by one’s contributions or achievements, but by one’s ability to manipulate and exploit. This distorts social values, prioritising self-interest over collective well-being and eroding trust within communities.

It is crucial to foster a culture that values genuine contributions and reciprocal relationships based on truth. The growth of accountability, empathy, and community engagement can help mitigate the negative impacts of narcissistic entitlement, promoting a more equitable and cohesive society. It is possible to cultivate a culture of resilience that values collective prosperity over individual gain by challenging the capitalist norms of narcissistic entitlement.


Bhabani Shankar Nayak works as Professor of Business Management, Guildhall School of Business and Law, London Metropolitan University, UK.

 

Advanced HIV Disease Threatens To Wither Away The Gains Made In Fight Against AIDS – OpEd

Photo Credit: Citizen News Service

  

By 

No one needs to die of AIDS because, thanks to science, lifesaving antiretroviral therapy and viral suppression can gift all people living with HIV a healthy and fulfilling life. But, unfortunately, many a slip between the cup and the lip. “Even one AIDS death is a death too many. Despite having the tools and scientific know-how to avert AIDS deaths, 630,000 people died of AIDS in 2022. Governments, donors, pharmaceutical and medical device manufacturing companies, HIV and health advocates and activists, and all other stakeholders could have done better if we were to avert AIDS-related deaths,” said firebrand health and human rights activist Loon Gangte who leads Delhi Network of People living with HIV (DNP Plus) and International Treatment Preparedness Coalition (ITPC) in South Asian region.


Looming threat of advanced HIV disease

According to the World Health Organization (WHO), people with advanced HIV disease are at a very high risk of opportunistic infections and deaths. About one fifth of people living with HIV admitted to hospital do not survive their hospital admission, and of those who survive, nearly a third die or are readmitted to hospital within a year.

People with advanced HIV disease are dying. It is time to hold governments to account, said Loon. He was speaking at a pre-conference of 25th International AIDS Conference (AIDS 2024) in Munich, Germany.

WHO defines advanced HIV disease as CD4 cell count less than 200cells/mm3 (or WHO stage 3 or 4 in adults and adolescents). All children younger than five years of age are considered to have advanced HIV disease, given their heightened risk of disease progression and mortality.

People with advanced HIV disease are at high risk of death, even after starting antiretroviral therapy; this risk increases with decreasing CD4 cell count. The most common causes of severe illness and death are TB, severe bacterial infections and cryptococcal meningitis.

“20 years ago, we all had advanced HIV disease. My CD4 cell count was 98 before I started taking antiretroviral therapy,” said Loon Gangte. His words are also a reminder that India began the free rollout of antiretroviral therapy as part of government-run programme on 7th April 2004.


“There is some good news as a lot of people have been put on lifesaving antiretroviral therapy and are virally suppressed – and live healthy normal lives,” said Loon. According to Indian government’s Sankalak report 2023, 1.68 million people are on antiretroviral therapy (out of an estimated 2.46 million people living with HIV in India). However, out of every 1000 people who were put on the therapy in India, 107 were reported as lost to follow up in 2022.

“A year ago, the organisation I am a part of (DNP Plus) began an advanced HIV disease outreach project because as an HIV advocacy network, we felt we had been neglecting this population with or at risk of advanced HIV disease. We reached out to more than 1100 people and more than 400 of them had advanced HIV disease. This is why it is so important to focus on advanced HIV disease,” said Loon.

He added: “About 30% of people living with HIV have CD4 counts below 200 (in a project of DNP Plus). These are the people who may develop advanced HIV disease. Why is this still happening? Governments, funders and even networks of people living with HIV have forgotten that advanced HIV disease is still killing people.”

To reduce morbidity and mortality in people with advanced HIV disease, WHO recommends offering a package of interventions including screening, treatment and preventive treatment (prophylaxis) for major opportunistic infections, initiating antiretroviral therapy as soon as possible, and a much robust set of adherence support interventions.

Inaccessible diagnostics is the leading cause of death for people with HIV

WHO’s package for advanced HIV disease intends to widen access to key medicines and diagnostics to manage the most common causes of illness and death. But both, medicines and diagnostics – remain inaccessible for so many in need.

If we do not have the diagnostic tools accessible to people living with HIV in a rights-based, people-centred and gender transformative manner then how will we monitor their viral suppression, or manage life-threatening diseases like TB or cryptococcal meningitis?

“The leading cause of death for people living with HIV is inaccessible diagnostics” rightly said Loon.

“Most of us have forgotten what AIDS looks like (as people with HIV who are receiving treatment and are virally suppressed remain healthy fulfilling lives. No one should develop AIDS or die of AIDS). Many countries hardly do CD4 tests anymore and manufacturers have stopped making the tests because they say they are not profitable enough. Without CD4 tests how will we manage advanced HIV disease?” asks Loon.

“The people who are developing advanced HIV disease (or AHD), have not been able to access treatment and do not have the opportunity to achieve undetectable equals untransmittable (or #UequalsU). Some of them have TB, or drug-resistant forms of TB and some develop cryptococcal meningitis,” he added. U equals U refers to the WHO backed evidence that there is zero risk of HIV transmission from people with HIV whose viral load remains undetectable. So, undetectable equals untransmittable and HIV treatment is prevention.

“Most experts will tell you the leading cause of death for people with advanced HIV disease is TB. They are wrong – the leading cause of death for people living with HIV is inaccessible diagnostics. We have developed very cheap, effective TB diagnostics, such as TB LAM that only cost about US$ 3, but in many countries including my own, we cannot access it,” questions Loon.

Loon is right: it is 9 years now since WHO guidelines recommended TB LAM test as it has better sensitivity for diagnosing TB among people with HIV. Its sensitivity is even greater for those with lower CD4 counts. There should be no delay between the time when scientific breakthroughs happen (like TB LAM test) and by the time they reach the people and are deployed equitably to fully yield the public health gains. TB LAM point-of-care test is based on the detection of mycobacterial lipo-arabino-mannan (LAM) antigen in urine.

We have progressed but major gaps remain

In India, as per government’s Sankalak report, in 2022, a little over 1.2 million viral load tests and 930,000 CD4 tests were done (when number of people on antiretroviral therapy was 1.68 million in 2022).

In India, TB screening for people living with HIV is done verbally for 4 classic symptoms of TB of the lungs. Even in general population, government’s TB prevalence survey shows that over half of people with active TB disease were asymptomatic (and found only when x-ray screening was done and all those found with presumptive TB were offered a confirmatory TB test). So, why are we not finding TB with best of science and technology (such as artificial intelligence-backed ultraportable handheld x-rays that can be used by community health workers to screen people for TB) among those who are a heightened risk of TB (such as people with HIV)? Risk of extrapulmonary TB is also higher which will warrant stronger action to find all TB, treat all TB and prevent all TB among people with HIV.

Cryptococcal meningitis: one of the most horrific ways to die

“As mortal human beings (with or without HIV), we all have to confront the reality that we are going to die eventually, but people with advanced HIV disease often develop cryptococcal meningitis. It is the most horrific ways to die. You cannot see, you cannot hear… It is a very painful disease,” shared Loon.

“We must ask ourselves who we are advocating for. Do our organisations only represent healthy people living with HIV or are we working where we are needed most, for people with advanced HIV disease? We must ensure that everyone benefits from the scientific advances we have access to, but the reality is that we seem to have forgotten these people,” said Loon.

“We will talk about advanced HIV disease at this conference (#AIDS2024) but when we go home, we need to remember that advanced HIV disease is real, and it is killing our friends. We need to advocate for the diagnostics required for advanced HIV disease, cryptococcal meningitis and drug-resistant forms of TB – along with equitable access to latest treatment regimens – and full cascade of care,” summed up Loon.



Shobha Shukla  co-leads the editorial content of CNS (Citizen News Service) and is on the governing board of Global Antimicrobial Resistance Media Alliance (GAMA) and Asia Pacific Media Alliance for Health and Development (APCAT Media).