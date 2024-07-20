A human error yesterday triggered a crisis that affected many countries. Flights were cancelled, hospital systems failed, digital payment methods temporarily stopped working, service to some critical infrastructure was interrupted and work was halted in many offices. All because an update to Falcon, the flagship antivirus from the American cybersecurity firm CrowdStrike, included a code error that caused computers using Microsoft’s Windows operating system, the most widely used among companies, to crash.

As luck would have it, the update in question was also carried out on the eve of a Friday in July. This amplified the effects of the incident, as summer weekends are the peak of airport activity. The number of those directly and indirectly affected is still unknown, but it will be high, given the thousands of flights affected.

The technical services of companies were fuming, moving from computer to computer to find a solution to the dreaded “blue screen of death”, as the error message that Windows displays when it is toast is called. The authorities of the numerous affected countries, from India to Germany, via Spain and the USA, transmitted messages of reassurance and offered guidelines to citizens and businesses to solve the problem. Those affected only had to delete the file containing the CrowdStrike update, although this process can be complicated depending on the case.

Passengers at Madrid-Barajas airport during the Microsoft security system outage. Diego Radames (Europa Press) A cash register displays a blue error screen at a supermarket during the computer outage in Sydney, Australia, on Friday. Stella Qiu (REUTERS) Berlin airport employee Derek Bangura assists travelers during the computer blackout on Friday Sean Gallup (Getty Images) Hundreds of passengers wait in the international terminal at Rome’s Fiumicino airport on Friday. Gregor Borgia (AP) Screens with delays and cancellations at Rosalía de Castro Airport, Oscar Corral An employee checks a check-in machine at Orly airport in Paris, France, on Friday. Abdul Saboor (REUTERS) A sign warns customers of the temporary closure of a business on Friday during the computer blackout in Canberra, Australia. AAP (via REUTERS) Dozens of passengers wait at Suvarnabhumi Airport in Bangkok, Thailand, on Friday. Mailee Osten-Tan (Getty Images) A passenger looks at information screens at Delhi International Airport, India. Rajat Gupta (EFE) Several passengers look at the screen with delayed flights at Barcelona airport, this Friday. David Ramos (Getty Images) Dozens of people queue in the check-in area of ​​Terminal 4 of Adolfo Suárez Airport in Madrid following the global Microsoft incident that has affected numerous companies around the world. Daniel Cons (EFE) A group of passengers wait for their international flights at Rome-Fiumicino airport, this Friday Gregor Borgia (AP) Hundreds of people queue in the check-in area at Hamburg Airport (Germany) on Friday. Bodo Marks (AP)

Are we facing the biggest computer failure in history? Some experts already say yes; others, say that it will take days or even weeks to know the true extent of the problem, while some systems will take longer to recover than others, so it is risky to make such statements. “The scale of this outage is unprecedented and will undoubtedly go down in history, potentially surpassing the WannaCry attacks of 2017,” said, for example, Junade Ali, a cybersecurity expert and fellow of the Institution of Engineering and Technology, in statements to the SMC portal.

Santiago Escobar, director of the Incibe-UPV Cybersecurity Chair and researcher at the VRAIN Institute, believes that the comparison with the impact of WannaCry, which hijacked at least 300,000 computers in 150 countries, is exaggerated. “That is saying a lot. I would be surprised if a patch on a virus could have such a significant effect.”

The comparison also forces us to highlight the difference between the two cases. The CrowdStrike failure was an involuntary error: “Someone touched the code and did not carry out the relevant checks before launching it,” says Escobar. WannaCry, on the other hand, was a ransomwarea type of computer virus that hijacks infected computers and releases them upon payment of a ransom. It was developed by the North Korean cybercriminal group Lazarus, presumably driven by profit motive. It is considered the most devastating cyberattack in history.

Have there been any failures comparable to Friday’s? “This is not the first time we have faced this type of problem due to security issues. software. Let’s think about the year 2000 bug, which caused a global problem, but also other small glitches like the video game update Call of Duty: Warzone“What has happened is basically what we feared would happen in 2000. It’s just that it’s happened now,” says Troy Hunt, a cybersecurity specialist and creator of the site Have I been pwned?where you can insert an email address and find out if it has been compromised.

Cybersecurity expert Adam Leon Smith says it could have been worse. “The operating system used in critical infrastructure is Linux, not Windows,” he told SMC. He believes that in some cases the solution can be applied very quickly, but with so many computers affected around the world, it could take a long time: “If the machines act in a way where they appear on blue screens and endless loops, it can be difficult to restore them, it could take days and weeks.”

Other recent major computer failures

In May 2017, a computer crash at British Airways forced the British airline to cancel all its flights from London’s Heathrow and Gatwick airports, leaving 75,000 passengers stranded. On December 14, 2020, Alphabet’s main services (Google, Gmail, Google Docs, YouTube and the cloud storage service) experienced a temporary worldwide outage due to a problem with the authentication system.

In June 2021, thousands of websites around the world stopped working due to an incident in the Fastly content distribution network, which affected, among others, the sites of EL PAÍS, Amazon, Twitch, The New York Times or Reddit. Meta registered a seven-hour outage on October 4, 2021, affecting Facebook, Instagram, and WhatsApp.

In July 2022, a failure in the services of the American cloud services company Akamai caused service interruptions for companies such as Airbnb, video game platforms such as Playstation Network or Steam, airlines such as Delta Air Lines, distribution chains such as Costco Wholesale and financial services such as American Express, as well as banks such as BBVA or media outlets such as EL PAÍS, among others. In December of that year, two months after being acquired by Elon Musk, the social network X experienced incidents that resulted in access to the platform being blocked.

The biggest cyber attacks in history

If unintentional errors can cause havoc, cyberattacks are not far behind. On May 12, 2017, more than 300,000 computers around the world were virtually hijacked. Screens faded to black and the dreaded message appeared: your documents have been encrypted and, to recover them, you must pay $300 in bitcoins. ransomware WannaCry paralyzed thousands of businesses in a matter of minutes. Forensic analysis and subsequent investigations place it as the largest cyberattack in history. Direct and indirect losses are estimated to have exceeded $4 billion.

A year earlier, in 2016, another one appeared ransomwarePetya, which affected the Windows system via an executable PDF file. The prank cost the Danish shipping company Maersk around 250 million euros. However, that was just the appetizer. In March 2017, just one month before the appearance of WannaCry, NotPetya, a new version of this malware, broke out. malware which infected tens of thousands of computers around the world. This time, there was no need to execute anything: the virus trapped and encrypted the systems. It offered no option to release them, which ruled out a financial motive. It later emerged that it was launched by Kremlin-affiliated groups in Ukraine to paralyse critical infrastructure in that country, although it later spread to the rest of the world.

NotPetya is not the only virus launched for political and/or military purposes that has gone out of control. The first major such attack on record was dubbed Stuxnet. In the summer of 2010, someone managed to insert a malicious program into the malware. pendrive on a Siemens computer at a nuclear power plant in Iran. This is how the computer worm, a type of virus that replicates itself to infect other machines, even if they are not connected to the Internet, was introduced through local networks. Stuxnet installed itself on the systems, stole information and then self-destructed. This virus, which affected some 100,000 computers (60% of them in Iran), halted Iran’s uranium enrichment program for a time. Stuxnet’s authorship is unknown, although several analysts point to Israeli or American secret services due to its extreme complexity.

You can follow THE COUNTRY Technology in Facebook and X or sign up here to receive our weekly newsletter.