CrowdStrike CEO summoned to explain epic fail to US Homeland Security
- Reference: 1721736910
- News link: https://www.theregister.co.uk/2024/07/23/crowdstrike_ceo_to_testify/
- Source link:
Mark E Green, Chairman of the Committee on Homeland Security, and Andrew R Garbarino, Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection, [1]signed the letter .
Kurtz has been asked to show up before 1700 on July 24 for a hearing.
[2]
The letter reads: "We cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history. In less than one day, we have seen [3]major impacts to key functions of the global economy , including aviation, healthcare, banking, media, and emergency services."
[4]
[5]
The full impact of the outage has yet to be determined and may never be. Green and Garbarino listed the more than 3,000 commercial flights cancelled in the US alone, disruptions to emergency call centers, and [6]surgery cancellations as among the consequences of the broken update.
[7]EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
[8]CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes
[9]CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear
[10]Cybercriminals quickly exploit CrowdStrike chaos
While expressing relief that the chaos was not the result of a cyberattack, the chairmen noted: "This incident must serve as a broader warning about the national security risks associated with network dependency. Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely."
"Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking."
While the letter is a request for Kurtz to show up for questions, he could also be subpoenaed to provide testimony. The Register asked CrowdStrike if its CEO planned to put in an appearance.
[11]
Kevin Benacci, Senior Director, Corporate Communications, CrowdStrike, told us: "CrowdStrike is actively in contact with relevant Congressional Committees. Briefings and other engagement timelines may be disclosed at Members' discretion."
Kurtz [12]said on Twitter X on July 19: "As this incident is resolved, you have my commitment to provide full transparency on how this occurred and the steps we're taking to prevent anything like this from happening again."
The incident was caused by a [13]malware signature update issued by CrowdStrike , which resulted in its Falcon software crashing on Windows.
[14]
The software [15]runs at a low level within the Windows kernel , resulting in Windows crashing with a Blue Screen of Death every time it boots.
According to figures from Gartner, CrowdStrike had an Endpoint Protection Platform market share of 14.7 percent in 2023, second only to Microsoft's 40.2 percent. As such, the update was able to wreak havoc around the globe on millions of Windows devices. ®
Get our [16]Tech Resources
[1] https://homeland.house.gov/2024/07/22/chairmen-green-garbarino-request-public-testimony-from-crowdstrike-ceo-following-global-it-outage/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zp-ToFjrWOJQmPKg8c6GbQAAABI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2024/07/19/crowdstrike_shares_sink_as_global/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zp-ToFjrWOJQmPKg8c6GbQAAABI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zp-ToFjrWOJQmPKg8c6GbQAAABI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2024/07/19/crowdstrike_update_nhs_it_outages/
[7] https://www.theregister.com/2024/07/22/windows_crowdstrike_kernel_eu/
[8] https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
[9] https://www.theregister.com/2024/07/19/crowdstrike_windows_kettle/
[10] https://www.theregister.com/2024/07/19/cyber_criminals_quickly_exploit_crowdstrike/
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zp-ToFjrWOJQmPKg8c6GbQAAABI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[12] https://x.com/George_Kurtz/status/1814388276486136251
[13] https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/
[14] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zp-ToFjrWOJQmPKg8c6GbQAAABI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[15] https://www.theregister.com/2024/07/22/windows_crowdstrike_kernel_eu/
[16] https://whitepapers.theregister.com/
Dude. Seriously. ALL politics is stupid parades, theatre, and posturing.
"CrowdStrike had an Endpoint Protection Platform market share of 14.7 percent"
The problem is that it was a disproportionate share of high visibility installations. It's not run by your average Joe, but large public organizations, usually mandated by insurance. It was concentrated where it would do the most good harm.
I wouldn't be surprised if, in a few months time, the word "had" in that sentence starts to assume the leading role.
I have a q....
who exactly are they trying to impress with this presentation ?
Most of the masses dont believe... so why bother ?
RE: parades, and nothing changes
You're absolutely correct, and to find the answer to your question all you need to do is Wiki the two politicians who signed the letter of investigation.
https://en.wikipedia.org/wiki/Mark_Green_(Tennessee_politician)
https://en.wikipedia.org/wiki/Andrew_Garbarino
Look at their party affiliation. That's all you need to know. Watch their hands, not what's happening behind the curtain.
Patchpocalypse now
Did I come to the party late? I can't believe the CEO's name is Kurtz!
"The horror. The horror..."
Re: The horror.
“because there’s a conflict in every human corporate heart between the rational and the irrational, between good and evil. And good does not always triumph”
Re: Patchpocalypse now
Did I come to the party late? I can't believe the CEO's name is Kurtz!
Yep. Kernel Kurtz is also consistent-
https://en.wikipedia.org/wiki/McAfee#DAT_5958_update
On April 21, 2010, beginning at approximately 14:00 UTC, millions of computers worldwide running Windows XP Service Pack 3 were affected by an erroneous virus definition file update by McAfee, resulting in the removal of a Windows system file (svchost.exe) on those machines, causing machines to lose network access and, in some cases, enter a reboot loop.
...On a flight, he watched the passenger seated next to him wait 15 minutes for McAfee software to load on his laptop, an incident he later cited as part of his inspiration for founding CrowdStrike. He resigned from McAfee in October 2011.
Kurtz was McAfee's CTO at the time of their outage. I also wonder if this trait plays a part-
In March 2020, when discussing company strategy at CrowdStrike, he said that "not one time have I regretted firing someone too fast."
Which I suspect might include anyone who says things like 'Are you sure that's a good idea?' or 'Maybe we should spend more on QA and QC'
Well I hope that after they get the CEO to explain the cock up, they'll continue the pantomime and invite the heads of IT departments affected and ask them where their disaster recovery plans were at.
How can they ask q if they dont understand how software does or doesnt work ?
Secondly the ceo himself hasnt a clue, so they are both talking about something they dont understand...
optimum way to make an enpoint security driver
Last time I checked, when you wrote a driver that:
a) has to be up in order for the system to boot
and
b) it can execute arbitrary code (P-Code) in kernel space
the driver has to be divided in two parts:
1) the bulk of the driver as a non essential driver in kernel land
and
2) a watchdog rinny driver that has to be up for the system to boot and whose only task is to make sure that the main driver is up and notify otherwise
sadly the current CEO of cloudstrike was the CTO of mcafee when they had their meltdown, therefore by virtue of top to bottom modeling, most likely crowdstrike programmers do not know and/or do not care.
Re: optimum way to make an enpoint security driver
So much this. But surely the framework for governing this should be developed and run by MS?
Re: optimum way to make an enpoint security driver
MS made a massive fuckup when they allowed each and every application and driver the ability to write their own files to anywhere on the disk.
This means theres no way to identify files, isolate, or even make backups...
The end result is that windows cannot take a snapshot before an update, and then rollback if the update "fails" like it did the other day.
In the meantime - it's July 27th, and if I had any money - I'd gargle it on Crowdstrike stock today.
How about we come back to this post in a month, then in six, and see how my virtual money would have been doing by then.
Here, let's say I just (in my imagination) put ~100k in their stock and bought ~372 shares. Will come back to that one in a month (unless they go belly up before that :-D)
Oh, a summons from Congress
So, Crowdstrike gonna pull a Zuckerberg, or is the CEO actually going to submit to a public flogging ? 'Cause that's what's waiting for him.
Not everyone can be a total asshole. I'm guessing Kurtz is going to bend over backwards to try and keep the share price from falling further.
Time will tell.
It's a culture issue
I found [1]this piece by Ed Zitron quite striking. There appears to be a strong correlation with (largely indiscriminate?) mass lay-offs in the US tech sector and major crises in the months that follow, if you then add a culture of profitability-above-everything-else you have very fertile ground for large scale tech disasters.
Oh, and there's obviously also this: [2]Spotify CEO Daniel Ek surprised by how much laying off 1,500 employees negatively affected the streaming giant’s operations
[1] https://www.wheresyoured.at/crowdstruck-2/
[2] https://fortune.com/europe/2024/04/23/spotify-earnings-q1-ceo-daniel-eklaying-off-1500-spotify-employees-negatively-affected-streaming-giants-operations/
Re: It's a culture issue
Do you really believe anything that the spotify ceo says ?
Suckers born every minute and all that.
In the new age of bullshit, why do they bother with these stupid parades ?
Nothing actually changes, like good american tradition of hollywood this is nothing more than two sets of actors, talking bullshit and then its over, and nothing changed, just like all tv series, something happens in the show but all is reset for the next show.