By Jon Brady and Katherine Lawton and Rory Tingle and Ben Endley
01:59 20 Jul 2024, updated 02:43 20 Jul 2024
- Hundreds of flights were cancelled at British airports yesterday due to the fault
- Have YOU been left stranded? Email [email protected]
- Catch up on the biggest technology meltdown in history in our liveblog HERE
IT experts are battling tonight to finish bringing healthcare, financial and travel companies’ systems back online after they were crippled by a cybersecurity firm’s faulty update early on Friday.
Texas-based firm CrowdStrike has admitted responsibility for the issue, thought to have affected hundreds of millions of Microsoft Windows computers across the globe, which was caused by a buggy update to its Falcon security software.
The issue rendered countless computers relied upon by airports, payment systems, restaurants, the NHS and even a Formula 1 team useless until the issue was identified – with experts warning it could take days for systems to be recovered.
On Friday night, passengers hoping to catch flights across the world were hunkering down in terminals, while a firm representing payroll processors has warned millions risk missing their payday because of the CrowdStrike issue.
The effects of what is likely to be the biggest IT meltdown in history are being felt across the world – from travel providers, financial systems and banks to Times Square in New York, where its iconic billboards featured the much-lamented ‘blue screen of death’ that heralds a Windows crash.
CrowdStrike itself has shed billions of dollars in value while its CEO, George Kurtz, made a grovelling apology on American television. He personally lost millions as his company’s share price dipped by a fifth during Friday trading.
Have YOU been left stranded? Email [email protected]
The issue was caused by the firm’s Falcon software, which is used by around 29,000 customers – accounting for a reported 24 per cent of the world’s cybersecurity market – to protect their computers from hackers.
It requires what is known as ‘kernel’ access to Windows – access to critical parts of the system that allow it to operate – in order to provide complete protection from cyberattacks.
But creating any issues at kernel level can stop computers from working at all – and this is exactly what CrowdStrike did with its update, which was automatically pushed out to customers overnight, creating the world’s biggest IT disaster.
Click here to resize this module
Hundreds of flights were cancelled at British airports yesterday, with the disruption set to continue over the weekend and ruin summer holidays after aircraft and crews were left ‘out of position’.
People stranded at Heathrow could be seen bedding down for the night on plastic airport seating, while others leant on their suitcases for comfort.
Frustrated passenger Jessica Lee, who was stuck in airport queues for hours on Friday, told MailOnline: ‘TUI has cancelled our entire package holiday to Rhodes including hotel after 9/10 hours of waiting at Manchester airport.
‘Family with two kids, one is 19 months. It has been a truly horrendous day and we have no idea what to do.’
Experts have warned the effects of the CrowdStrike crash could be felt for days to come.
Dr Amit Rawal, a lecturer in management at City University of London, said: ‘Further implications of this IT outage are expected given the various networks that rely on an update from Crowdstrike.
‘Over the course of the next few days, this will cause a number of delays and further cancellations on flights as they will not all be able to fly at their scheduled times.
‘Airlines are likely to have several customers seeking compensation.’
Others could be feeling the pinch for a few days – as an organisation representing payroll workers warned that issues caused by CrowdStrike could delay people being paid.
Melanie Pizzey, the CEO of the Global Payroll Association, told Quartz it had been contacted by ‘numerous clients… who have been unable to access their payroll software due to the Microsoft outage’.
She added: ‘We could see a backlog with regard to processing payrolls for the coming month end which may delay employees from receiving their monthly wage.’
Meanwhile, passengers found themselves stuck at train stations across the country – with hundreds of commuters stranded on London Euston’s concourse late into the evening.
In a video shared on social media, anxious passengers could be seen stood up at Euston watching the train departure board as they waited for news about how they can make their onward travels.
Travellers hoping to enjoy the hottest day of the year instead found themselves trapped inside as the technical fault caused travel delays enmasse.
Around 200,000 people are set to be hit by delays and cancellations caused by the IT fault – with many travel insurers refusing to pay to rearrange holidays.
CrowdStrike issued a grovelling apology after the fault crippled airlines, airports, broadcasters, the NHS, train services and investment platforms.
The grievous error wiped £9billion from CrowdStrike’s value and $320million (£247m) from Mr Kurtz’s personal wealth; he owns a five per cent stake in the firm and the dip represents a loss of a tenth of his $3.4billion net worth.
Crowdstrike is reported to have a 24 per cent share of the ‘endpoint security’ market – providing software that protects business computers from outside cyberattacks – meaning hundreds of millions of computers were likely affected by the issue.
Mr Kurtz, was initially criticised for his ‘corporate-speak’ response to the incident, but later used a TV interview to say he was ‘deeply sorry’ – before warning it would take ‘some time’ for systems to be fully restored.
He later said in a statement published on CrowdStrike’s website: ‘Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike.
‘As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again.’
Speaking to NBC’s Today Show, Mr Kurtz, who is married to Annamaria Kurtz with whom he shares a son, Alexander, said there had been a ‘negative interaction’ between the update and Microsoft’s operating system
He added ‘it could be some time for some systems’ to return to normal as they would not ‘just automatically recover’.
Microsoft suggested to some customers to reboot their computers up to 15 times to resolve the error, 404 Media reported.
Click here to resize this module
It represents a sorry chapter in CrowdStrike’s otherwise highly successful story – as it has collected an enviable list of customers in its short 13 year history who could now be rethinking their cybersecurity provider.
‘This is clearly a major black eye for CrowdStrike and the stock will be under pressure,’ said Dan Ives, analyst at Wedbush Securities.
Kurtz co-founded the firm in 2011 with Dmitri Alperovitch and Gregg Marston, who retired in 2015 and was replaced as Chief Financial Officer by Burt Podbere.
He made his name early on by co-writing one of the bestselling books on cybersecurity, Hacking Exposed, with Stuart McClure and Joel Scambray.
He then founding his own tech firm, Firmstone, which was later acquired by antivirus company McAfee, where he then served as chief technology officer.
Alongside Alperovitch and Marston, with whom he had worked in his old jobs, Kurtz then started Crowdstrike, quickly collecting high-profile customers that it shows off on its website.
It is perhaps best known for the key role it played in the investigation into the hacking of the US Democratic party during the 2016 Presidential election which found Russian intelligence services had been involved.
It was first to publicly raise concerns about Russia’s interference in the 2016 election and this assessment was later confirmed by US intelligence agencies.
A number of former FBI cybersecurity agents sit on CrowdStrike’s executive team including Shawn Henry, Chief Security Officer who joined in 2012 after retiring from the FBI senior executive service.
But Friday’s issue was tied to Falcon – CrowdStrike’s leading product that works to detect cyberattacks.
As a cybersecurity product, CrowdStrike’s Falcon platform is designed to run silently, eliminating viruses and attempted hacks without causing a fuss.
But a faulty update pushed to the Falcon product at a Windows system level turned CrowdStrike into a household name for the wrong reasons on Friday.
And the fault has exposed the fragility associated with large parts of the world’s infrastructure, which depends on the internet – and protection from threats online – in order to operate.
Click here to resize this module
CrowdStrike has grown rich protecting top brands for Internet breaches, and the irony that it is now responsible for an international crisis wasn’t lost on Elon Musk, who tweeted: ‘The antivirus was the virus.’
‘This is a function of the very homogenous technology that goes into the backbone of all of our IT infrastructure,’ said Gregory Falco, an assistant professor of engineering at Cornell University.
‘What really causes this mess is that we rely on very few companies, and everybody uses the same folks, so everyone goes down at the same time.’
Chris Dimitriadis, chief global strategy officer at ISACA, a professional IT association, described the incident as a ‘digital pandemic’.
He said: ‘When one service provider in the digital supply chain is affected, the whole chain can break, causing large-scale outages.
‘This incident is a clear example of what could be termed a digital pandemic, a single point of failure impacting millions of lives globally.’
Broadcasters including Sky News, airports, airlines, train companies, restaurants, financial platforms and football clubs were unable to operate because of the faulty update.
And there might be more headaches to come – with insurers braced for a raft of business interruption claims, if they are covered by cybersecurity policies.
Experts have pointed out these normally cover for cyberattacks – not snafus like the one created by CrowdStrike earlier. But CrowdStrike itself could face lawsuits.
‘Airlines (and other industries) might have rights under their contracts that allow them financial or other remuneration based on the CrowdStrike outage,’ said Sam Levine of specialty insurance broker CAC.
The Cobra system that deals with matters of national emergency or major disruption has been fired up to manage the UK Government’s response, Chancellor of the Duchy of Lancaster Pat McFadden said this morning.
Ministers are in touch with their sectors to tackle the fallout from the IT failures, with Transport Secretary Louise Haigh saying she is working ‘at pace with industry’ after trains and flights ground to a halt.
Mr McFadden, who is in charge of the Whitehall machine, said: ‘Many people are being affected by Friday’s IT outages impacting services across the country and globally.
‘Ministers are working with their sectors and respective industries on the issue. I am in close contact with teams co-ordinating our response through the COBR response system.’
GPs have been hit, with surgeries in Cumbria, Cheshire, Yorkshire and the West Midlands taking to social media to say their systems had been affected. Two thirds of GP practices in Northern Ireland were affected.
The issue has hit the EMIS system, which allows doctors to book appointments, view patient notes, order prescriptions and make referrals.
Speaking to MailOnline, a practice manager of a GP practice in Berkshire said: ‘We are completely dead in the water.
‘We can’t see any patients are systems are down. It’s not clinically safe to treat patients because we can’t see their notes.’
Airlines including KLM, American Airlines, Delta, United and Ryanair halted flights while Gatwick and Stansted airports cancelled up to 90 percent of their flights.
Disruption also affected Heathrow and Edinburgh airports; Edinburgh bosses say ‘things are returning to normal’ but have advised passengers to check with their airlines on their flights.
Heathrow said: ‘Flights continue to be operational and passengers are advised to check with their airlines for the latest flight information.’
Katie Turner, 52, was waiting at Gatwick with her daughter Poppy Clements, who turned 18 yesterday and was due to take her first flight alone to see a friend in Rome this morning.
Katie said: ‘We’ve moved about 20-feet forward in four hours and that’s only because more and more people have joined the queue, so we’ve all had to move up slightly. This is my daughter’s first solo flight and I’m waiting with her.’
Poppy, who lives in Crystal Palace, South London, added: ‘I really hope I get to fly out. I’ve called my friend in Rome to warn her….and she said: ‘Be prepared to be there all day!”
Rafa de Miguel arrived four hours before his Ryanair flight to Madrid at Stansted when he ‘sensed the mood change’ as passengers found out about the Microsoft outage.
The 56-year-old says staff were forced to write out boarding passes and luggage tags in pen because the IT system was down.
He said: ‘It’s a perfect example of us being too reliant on the internet. It goes down and the world goes crazy.’
Texas resident Stephanie Thompson’s flight from Edinburgh to Heathrow to Dallas was cancelled – so she has paid £5,300 for alternate flights.
She told the PA news agency: ‘I was on hold with American (Airlines) for about an hour and 10 minutes before I finally hung up.
‘We just paid 6,800 dollars for a one-way trip home, hopefully leaving tonight. I didn’t know what else to do. I just wanted something to get us home.’
Student Jack O’Leary, who was queuing for a Ryanair flight to Dublin to go on holiday, said: ‘We’re quite understanding – it’s a global outage and everything’s pretty chaotic.’
Tina, 47, an American TV and radio host who had been hoping to fly to Barcelona from Gatwick this morning, said: ‘We don’t know what to do, do we stay and hope we can fly to Spain at some point or get back on the Gatwick Express and head back to London?’
The London Stock Exchange’s Workspace news and data platform suffered outages, as did Barclays’ Smart Investor platform, while Manchester United had to postpone a scheduled release of tickets.
Hospitality businesses such as Wetherspoons, McDonalds and Starbucks suffered problems with their payment systems due to the outages.
It came as research by Lopay, a card payments system, found that two-thirds of Brits had abandoned paying by cash in favour of using their cards and phones – leaving many high and dry as their favourite local businesses grappled with IT issues.
Lopay founder and CEO Richard Carter said that, despite the issues, many Brits would likely continue wanting to pay by digital means.
‘Cash is not dead and probably never will be, but it is very much on its last legs and gasping for breath,’ he said.
‘But it does mean that small shops with minimum card limits, and small businesses who don’t take cards are almost certainly losing custom now, and risk losing more in the future.’
Falcon requires deep-level access to a computer’s operating system to scan for those threats.
Computer analysts believe a badly-written bit of code in the update sent out overnight crashed servers, desktop PCs, laptops and corporate computer terminals by forcing them into a death spiral of endless reboots – making it impossible for them to operate normally.
MacOS and other operating systems have not been affected.
Kurtz admitted that CrowdStrike was at fault earlier, telling NBC’s Today Show: ‘We’re deeply sorry…the global issues were caused by a single faulty content update.
‘That update had a software bug in it and caused an issue with the Microsoft operating system…we identified this very quickly and remediated the issue.’
IT bosses described the issue as a ‘digital pandemic affecting millions’, with others fearing the disruption will last long into the weekend.
Kurtz is an avid car collector and racing driver, having competed in the GT World Challenge America – a North American sports car racing series. He also drives for CrowdStrike’s own racing team.
So it is of little surprise that CrowdStrike boasts a top motorsports team as one of its clients – the Mercedes-AMG Formula 1 team, for which the company is a major sponsor.
But as a result, Mercedes engineers were left staring at pit wall screens at the Hungaroring circuit in Hungary as they tried to fix the IT bug.
Engineering director Andrew Shovlin said the impact had been minimal ahead of Friday’s free practice (FP) runs, telling Motorsport.com: ‘The impact in FP1 was minimal, if not nil. So, it created a bit of work, but we’re back where we need to be now.’
Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia, earlier said a ‘buggy’ update to Falcon was likely to blame.
‘CrowdStrike is a global cyber security and threat intelligence company. Falcon is what is known as an Endpoint Detection and Response (EDR) platform, which monitors the computers that it is installed on to detect intrusions – hacks – and respond to them.
‘That means that Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave.
Click here to resize this module
‘For example, if it detects that a computer is infected with malware that is causing the computer to communicate with an attacker, then Falcon could conceivably block that communication from occurring.
‘If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons – one: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.
‘Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats (so it can better detect them). We have certainly seen anti-virus updates in the past causing problems. It is possible that today’s outage may have been caused by a buggy update to Falcon.’
CrowdStrike reported more than $3billion (£2.32billion) of revenue last year but following Friday’s crisis its stock price fell 20%.
According to Companies House, CrowdStrike’s UK HQ in an upmarket street in London’s Mayfair is shared with another tech company named Citco. It recorded a £13million loss in 2023, the most recent accounts available.
‘The computing crisis we’re currently witnessing, due to a technical issue in Crowdstrike’s agent, is unprecedented in a scale we haven’t seen in years,’ said Amiram Shachar, founder of rival security firm, Upwind.
‘It has already had a massive impact on critical infrastructure worldwide, including hospitals, banks, airports, and communication services.
‘As the agent causes organisations’ Windows systems to shut down, millions of companies are affected, since most organisations deploy updates automatically.
‘Given that the Crowdstrike agent is installed on millions of devices, ranging from servers to PCs and IoT devices, the damage is unprecedented.’