How to bring the Planet to It’s Knees

July was an insane month for news and events. One of the most consequential that didn’t involve stray bullets was the sudden unexpected outage of banks, hospitals, airports, retailers and my local Wendy’s, which took over an hour to deliver my food as they had to hand write all their orders. Things were pretty dire but I survived thanks for asking.

The crash originated on machine running the Falcon Sensor product on Windows supported by cyber security firm Crowdstrike. If you’re a disinformation junkie then Crowdstrike may be a familiar name to you. Their reports were relied upon by the FBI in relation to possible Russian hacks of the DNC during the 2016 election cycle. Trump also mentioned them on his phone calls to Ukraine on the same subject. The Australian based company somehow keeps ending up in the middle of everything.

The patch was supposed to “evaluate named pipe execution on Microsoft Windows” but what it ended up creating was blue screens of death around the world. Home users wouldn’t have noticed anything amiss, but this security software is on a lot of commercial equipment. Crowdstrike caught the error and rolled back to an earlier version, but not before machines automatically updated and died. 8.5m computers around the world are estimated to have been affected. That’s less than 1% of microsofts install base, but all critical infrastructure. Local social media exploded with images of snaking lines in supermarkets. ASB, ANZ and Kiwibank debit and credit cards were affected, although EFTPOS came out unscathed.

Over in the states Republicans hoping to take a short flight home after their big triumphant “Trump is Still Alive” convention were left stranded at the airport for most of a day. Over 10,000 flights were grounded due to the error.

According to an analysis from Parametrix Fortune 500 companies lost as much as $5.4 billion in revenues and gross profit. So far the only recompense have been IT support workers fixing the issue being sent a $10 uber eats voucher by Crowdstrike. The coupon was flagged by Uber as fraud after it was used too much. No doubt companies will be looking to Crowdstrike to open up it’s wallet to make up for such a gargantuan mistake.

Other fallout from the glitch is the sudden flourishing of scam sites claiming to be able to fix the issue. These site are run by hackers hoping to cash in on the mayhem and get deep access on sensitive machines.

This outage could have been avoided if certain best practices were put in place, such as allowing admins to decide when to schedule their updates, and doing staggered releases of their changes to mitigate any damage.

Relying on developers to do their jobs right has thrown the idea of a cashless society into sharp relief. It’s easy to see the downsides of Paywave when you’re standing in the middle of a Paknsave unable to pay, but able to wave cash.

The chances of these sorts of errors aren’t a possibility, but an inevitability of a complex interconnected system, even during peacetime with no malicious actors aiming to take it down. We can’t pretend this won’t happen again, and when it does businesses and the country need to be prepared.

Companies That Could Ruin Civilization or at Least Your Afternoon

Swift
Swift is used to transfer money around the world, and acts as the veins of the global financial ecosystem. 11,000 financial institutions use the system.

Amazon Web Services
This one’s pretty obvious, but AWS runs about 40% of the cloud market. An outage would cut off a lot of web services including Netflix, Slack, NASA and more.

Cloudflare
If you want to take out a fair chunk of the internet, take on Cloudflare which handles DNS requests among others. if a meteor hit the right part of cloudflare it could take out 7.59 million active websites.

GPS
America graces most of the planet with GPS, but if this system was pulled it could have major consequences. A UK report believes that Farming, construction, fishing, and surveying among others would all be affected. It would cost the country $1 billion in the first five days alone. Other countries have already worked to not rely on GPS themselves, and now we have QZSS (Japan), BEIDOU (CHINA), Galileo (Europe) and GLONASS (Russia).