Washington:

Security experts said CrowdStrike’s routine update of its widely used cybersecurity software, which caused clients’ computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.

The latest version of its Falcon sensor software was meant to make CrowdStrike clients’ systems more secure against hacking by updating the threats it defends against. But faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft’s Windows operating system.

Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code. 

“What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through,” said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.

Problems came to light quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as “blue screens of death.”

Patrick Wardle, a security researcher who specialises in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The update’s problem was “in a file that contains either configuration information or signatures,” he said. Such signatures are code that detects specific types of malicious code or malware. 

“It’s very common that security products update their signatures, like once a day… because they’re continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats,” he said. 

The frequency of updates “is probably the reason why (CrowdStrike) didn’t test it as much,” he said. 

It’s unclear how that faulty code got into the update and why it wasn’t detected before being released to customers. 

“Ideally, this would have been rolled out to a limited pool first,” said John Hammond, principal security researcher at Huntress Labs. “That is a safer approach to avoid a big mess like this.”

Other security companies have had similar episodes in the past. McAfee’s buggy antivirus update in 2010 stalled hundreds of thousands of computers. 

But the global impact of this outage reflects CrowdStrike’s dominance. Over half of Fortune 500 companies and many government bodies such as the top U.S. cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company’s software. 

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Washington:

From fearmongering about a looming “World War III” to false narratives linking a cabal of global elite to a cyberattack, a torrent of online conspiracy theories took off Friday after a major IT crash.

Airlines, banks, TV channels and financial institutions were engulfed in turmoil after the crash, one of the biggest in recent years that was the result of a faulty software update to an antivirus program operating on Microsoft Windows.

The proliferation of internet-breaking conspiracy theories on social media platforms — many of which have removed guardrails that once contained the spread of misinformation — illustrates the new normal of information chaos after a major world event.

The outage gave way to a swirl of evidence-free posts on X, the Elon Musk-owned site formerly known as Twitter, that peddled an apocalyptic narrative: The world was under attack by a nefarious force.

“I read somewhere once that ww3 (World War III) would be mostly a cyber war,” one user wrote on X.

The IT crash also stirred up an unfounded theory that the World Economic Forum — long a magnet for wild falsehoods — had plotted a global cyberattack.

To make that theory appear credible, many posts linked an old WEF video that warned about the possibility of a “cyberattack with Covid-like characteristics.”

The video, available on the WEF’s website, had cautioned that the only way to stop the exponential spread of the cyber threat would be to disconnect millions of vulnerable devices from each other and the internet.

– ‘Sad testament’ –
 The WEF has long been a target for conspiracy theorists pushing the idea of a shadowy cabal of elites working for private gain under the garb of solving global issues.

Also gaining rapid traction online were conspiratorial posts using the hashtag “cyber polygon,” a reference to a global training event aimed at preparing for potential future attacks.

“The proliferation of conspiracy theories in the wake of major global events such as the outage is a sad testament to the volatile nature of the information ecosystem,” Rafi Mendelsohn, vice president at the disinformation security company Cyabra, told AFP.

“What is unique to events like these is how social media platforms, forums, and messaging apps facilitate the rapid dissemination of content, allowing theories to gain traction quickly and reach a global audience.”

The trend demonstrates the ability of falsehoods to mutate into viral narratives on tech platforms, which have scaled back content moderation and reinstated accounts that are known purveyors of misinformation.

During fast-developing news events, confusion now often reigns on major tech platforms, with users scrambling to obtain accurate information in what appears to be a sea of false or misleading posts that rapidly gain traction.

– ‘Nefarious motives’ –

“This poses the larger question of combatting mis- and disinformation,” Michael W. Mosser, executive director of the Global Disinformation Lab at the University of Texas at Austin, told AFP.

“The level of trust that is required to accept information from reputable sources has declined to such an extent that people are more willing to believe wild conspiracies that ‘must be true’ rather than the factual information relayed to them.”

The global outage, which brought myriad aspects of daily life to a standstill and sent US stocks falling, was linked to a bug in an update to an antivirus program for Windows systems from American cybersecurity group CrowdStrike.

Assurances by the Austin-based company’s chief executive, George Kurtz, that CrowdStrike had rolled out a fix and was “actively working” to resolve the crisis did little to stem the spread of online conspiracies.

“Combatting this misinformation with factual rebuttals is difficult, because the issue is so technical,” Mosser said.

“Explaining that the fault was in an improperly configured system file and that a fix is in process may be accurate, but it is not believed by those who are predisposed to see nefarious motives behind failures.”

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)