News: 1730125029

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Delta officially launches lawyers at $500M CrowdStrike problem

(2024/10/28)


Delta Air Lines is suing CrowdStrike in a bid to recover the circa $500 million in estimated lost revenue months after the cybersecurity company "caused" an infamous global IT outage.

Delta, a major US carrier, was among the most vocal victims of the outage in July, reporting thousands of canceled flights which affected more than a million customers, and explored legal avenues to recoup the lost funds early on, [1]hiring David Boies of Boies Schiller Flexner.

Delta had to cancel about 7,000 flights over the five-day period from July 19 to July 24 – a huge disruption hitting around 1.3 million customers and leading to multiple class-action lawsuits from affected passengers.

[2]

Earlier suggestions that the airline itself may seek to recover damages from both CrowdStrike and Microsoft are somewhat confirmed now a complaint against the former was filed in a Georgia state court on Friday.

[3]

[4]

Delta argues that CrowdStrike failed to properly test the Falcon sensor update that led to the widespread blue screen errors on many of its customers' systems.

"CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit," the lawsuit reads per [5]AP News .

[6]

In response, CrowdStrike said Delta's claims were built on misinformation and that the airline's failure to modernize its dated IT infrastructure was the core reason why it took so long to recover from the outage.

"While we aimed to reach a business resolution that puts customers first, Delta has chosen a different path," said a CrowdStrike spokesperson in a statement sent to The Register today.

"Delta's claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure."

[7]

Regarding Delta's allegedly aging IT kit, Microsoft made a similar accusation in [8]response to Delta's threat of legal action against it in August, adding that the airline's suggestion that Windows was complicit in the outage was "false" and "misleading."

CrowdStrike's lawyer, Michael B Carlinsky, also previously noted that the security shop offered Delta free, on-site support to help the airline return to normal service. He said Delta rejected this offer and if the airline did go ahead with the litigation, then CrowdStrike would "respond aggressively."

Delta [9]said this offer of help came too late, more than 65 hours after the initial incident took hold and after the point at which most of its critical systems were back online.

In a statement sent to The Register , the airline said:

"CrowdStrike committed a series of intentional and grossly negligent acts that caused the global IT outage on July 19, impacting 8.5 million computers.

"While CrowdStrike has sought to characterize its actions as simple learning opportunities, the reality is CrowdStrike took shortcuts, circumvented certifications, and intentionally created and exploited an unauthorized door within the Microsoft operating system through which it deployed the faulty update.

"CrowdStrike has also conceded it failed to adhere to even basic industry-standard practices for IT updates, such as conducting a phased roll out and providing rollback capabilities. In fact, if CrowdStrike had tested this on even a single computer, that computer would have crashed."

While Delta attempts to recover some lost revenue from CrowdStrike's pockets, it's also having to deal with the US Transportation Department's [10]investigation into the incident and why the airline took days to recover.

[11]Microsoft punches back at Delta Air Lines and its legal threats

[12]Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late

[13]Uncle Sam opens probe into CrowdStrike turbulence at Delta Air Lines

[14]Administrators have update lessons to learn from the CrowdStrike outage

Delta was by far and away the hardest-hit airline in the US, despite other major carriers Allegiant Air, American Airlines, Frontier Airlines, Spirit Airlines, and United Airlines all reporting major issues.

Transportation Secretary Peter Buttigieg said at the time that the slow recovery was "unacceptable." Around 3,000 complaints were made against Delta including those from people forced to sleep on airport floors as they waited for their flight to be rescheduled. ®

Get our [15]Tech Resources



[1] https://www.theregister.com/2024/07/30/crowdstrike_delta_microsoft_lawsuit/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zx_DOEx1tDYrMVKhYc6AQwAAARA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zx_DOEx1tDYrMVKhYc6AQwAAARA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zx_DOEx1tDYrMVKhYc6AQwAAARA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://apnews.com/article/delta-airlines-crowdstrike-outage-lawsuit-43bb230d2edf235bb9f7928c4279fec2

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zx_DOEx1tDYrMVKhYc6AQwAAARA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zx_DOEx1tDYrMVKhYc6AQwAAARA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2024/08/07/microsoft_delta_fight/

[9] https://www.theregister.com/2024/08/08/delta_crowdstrikes_offer_for_help/

[10] https://www.theregister.com/2024/07/24/transport_department_delta_probe/

[11] https://www.theregister.com/2024/08/07/microsoft_delta_fight/

[12] https://www.theregister.com/2024/08/08/delta_crowdstrikes_offer_for_help/

[13] https://www.theregister.com/2024/07/24/transport_department_delta_probe/

[14] https://www.theregister.com/2024/07/23/crowdstrike_lessons_to_learn/

[15] https://whitepapers.theregister.com/



Groo The Wanderer

Normally I wouldn't root for a big airline, but in this case, all I can say is "Nail those barstages!"

Dr Who

Thumb up for the reference. "Fargin' iceholes!"

food for lawyers!

EvaQ

"its failure to modernize its antiquated IT infrastructure." ... interesting counter argument.

I think somewhere in the CrowdStrike EULA there is a clause their software is not fit for anything at all.

The lawyers are going to get rich.

gryphon

Didn't Microsoft offer them early support as well which was also rejected?

Revenue vs expenses

Marty McFly

"recover the circa $500 million in estimated lost revenue ..."

Revenue is a tough one to sue for. Actual incurred losses are easier to define in court.

Digging deeper... Other news sources are reporting $170M in costs (losses) and $380M in reduced revenue.

FTFY

Anonymous Coward

"Delta caused a global catastrophe because it cut corners, took shortcuts..."

Firstly, in no way do I think that CS and MS shouldn't be held accountable.

But, coming from an enterprise architecture background, working in endpoint compute, *anything* we did to an endpoint was tested. Every iteration of Apple's OS betas throughout the summer was tested.

We had dev, stage and prod environments

Everything was tested with actual endpoint compute

We had roll back plans, and managed change windows

And this was NOT for an organisation where endpoint compute was so customer facing

So, for Delta to have just blindly allowed updates to happen makes them just as culpable as MS and CS

Re: FTFY

doublelayer

And what exactly makes Microsoft culpable here? CrowdStrike made a bad update and didn't test it. Delta installed that update and didn't have any plan for recovering if something went wrong. Microsoft was... also on the computer at the time. No, just because it was the Windows kernel that the faulty software attached to doesn't make Microsoft culpable. I've installed code into the Linux kernel which crashed it in the same way, but that's not Linux's fault. I also installed a piece of software on Windows that had a DRM module which required kernel access and didn't do good things with it. That was the fault of the creator of that DRM tool. I'm also happy to blame the sellers of the product that require the DRM module. Microsoft was not to blame for it.

Re: FTFY

Anonymous Coward

Micro$hit is at fault because the shitty design of their shitty operating system's shitty API allowed the shitty Clown$hit software to break it at a low level.

Micro$hit is PRIMARILY to blame. Clown$hit is secondary.

Re: FTFY

doublelayer

So Linux is also at fault? Because I did already point out that they allow me to do exactly the same thing: run some code at kernel level, do invalid memory accesses, take down the kernel. But Mac OS is better, because if you write a kernel extension and access invalid memory, it will... oh wait it will take down the kernel. What is the bad design here?

Re: FTFY

dippy1

If I understood correctly at the time, the "update" was pushed out from Crowdstike with no intervention or choice from those running the Crowdstrike agent.

There was no means of testing/staging before full production deployment.

So IMHO the culpable ones are Crowdstike.

I think this is the case(and hence the risk) with most security and AntiVirus products these days.

So, briefcases at dawn it is

Pascal Monett

The popcorn futures are looking more and more interesting.

ClownStrike may well respond "aggressively" (I wouldn't expect anything less), but their failure has been rather well documented and I think any lawyer worth his salt will counter the feeble "their infra wasn't up to scratch" argument with ease.

Your job is not to count on your customer's infra and disaster recovery to ensure your business continuity.

Move fast and

cookieMonster

Break things, not such a good idea after all

Never test for an error condition you don't know how to handle.
-- Steinbach