Windows IT outage blamed on software update; CrowdStrike works on fix

A global computer outage that first hit Australia and has worked its way around the world as nations woke up this morning is “most likely” to have been caused by a misconfiguration in a cyber security threat checker, rather than malicious activity, according to former CEO of National Cyber Security Centre Ciaran Martin.

The outage – first reported as Australia woke up – has affected dozens of banks, supermarkets, broadcasters, stock exchanges, airports and trainlines around the world. It has also meant that Sky News in the UK  could not broadcast live this morning.

Speaking on BBC Radio 4’s Today programme this morning, Martin said that information was emerging that attributed the outage to a misconfiguration in cyber company CrowdStrike’s Falcon sensor software update.

“This is heavily caveated because it’s all happened so quickly. In cyber security terms there’s a very well-known company called CrowdStrike which a lot of companies use for all sorts of corporate network protection, they provide updates.

“They were carrying out a sensor update on one called Falcon which seems to have been misconfigured in such a way that it wrecks Windows.

“So, if a company is using both CrowdStrike and Windows for its OS it seems they get, what people in the trade call a ‘blue screen of death’ [BSOD] and Windows doesn’t work. And that’s why, for time zone reasons, it seems to have emerged first in Australia.”

The expert continued :  “These complex systems operate inter dependently so the cyber security tools must be able to interact with Windows. Companies spend a lot of time, money and effort on both sides of that equation making sure that they are compatible when you are deploying things and making sure you don’t destabilise other parts of the network.

“Most of the time that works, occasionally it doesn’t. It’s very rare for it to be as serious this.”

According to Martin, while these mistakes were rare, it happened to Facebook a couple of years ago when the social media app accidently deleted itself from the internet by misconfiguring its domain name routing that the internet depends on.

“These things do happen. So, it’s very plausible that this isn’t an attack until we see evidence to the contrary.”

For its part CrowdStrike has acknowledged “reports of crashes on Windows hosts related to the Falcon Sensor” and is working on a fix to the Falcon sensor update bug.

US airlines United, Delta and American Airlines have issued a global ground stop while Irish carrier Ryanair warned of delays. Dozens of firms and organisations in Australia – where the bug first hit – are reporting ongoing issues.

The glitch has also meant that departure boards have frozen at Edinburgh Airport, and Berlin Airport has reported delays. A series of train companies Thameslink, Southern , Gatwick Express and Great Northern also reported “widespread issues” this morning across the entire network.