Blog

Links

Locked out! part two

posted: September 26, 2024

tl;dr: Security systems themselves can cause outages, when they malfunction...

(continued from part one):

I flew during one of the largest security system-caused outages in history, the infamous CrowdStrike/Microsoft Windows issue of July, 2024. Fortunately for me, I flew on Southwest Airlines, which was not affected by the issue. Apparently Southwest uses an antiquated version of Microsoft Windows that does not run (and may not even be capable of running) CrowdStrike’s security software. Or perhaps Southwest followed my advice in Mind the gap and avoided connecting mission-critical computers to the Internet by using a private network instead. If a computer is not connected up to the Internet, then you don’t need to install sophisticated security software like CrowdStrike that protects against hacks that come into a computer over the Internet.

As I traversed through airports, I saw many blue screens of death, the infamous screen that Microsoft Windows displays when a major fault prevents the operating system from being able to fully boot up and run. All the airport screens which normally display advertising were blue; apparently these are connected to the Internet to receive new ad content. The arrival and departure screens in the airports fortunately were not blue; it must be a non-Internet-connected, non-CrowdStrike system that updates this information. But there were huge lines in various places throughout the airports, including one in Seattle that I initially thought was the main security line. Fortunately for me it wasn’t, and I made it onto my flight.

Delta appeared to me to be the most affected airline. There were large lines at all the Delta counters. Delta was still able to operate a small number of flights, however. As I passed one Delta gate on my way to my Southwest flight, I heard the gate agent announce that there were six too many passengers for the flight, and that they needed six people to volunteer to give up their seats. The opening offer was $1,000, which is quite high when this happens. I didn’t stick around long enough to see where the bidding ended up, but it was clear that this mess was costing Delta a lot of money.

A closeup of an airport baggage claim, with a metal chute in the background and two dsplay screens in the foreground, both of which are bright blue with some text on them with the word 'recovery' being the largest

Why were Delta’s operationally-critical computers connected up to the Internet, therefore creating the need, they felt, to protect them with CrowdStrike? Perhaps there was some information Delta’s system needed, such as weather reports, where they decided to use an Internet-based source. Hopefully it wasn’t just so that Delta employees could browse the Web during lulls. Delta is suing CrowdStrike for damages, but they also need to examine the architecture of their system to see if there are ways to better isolate it from the Internet and all the bad, as well as good things, that can come into a computer connected to the Internet.

Security software presents a unique problem, because it needs privileged access to the underlying operating system and computer itself in order to do its job. It will typically intercept network traffic, examine restricted memory locations and operating system data, and may even capture keystrokes. It is incredibly important that the security system come from a competent, trusted organization.

Hackers take advantage of this. One of the most common phishing scam emails I receive, sometimes multiple times a day, is a fraudulent email from a scammer claiming that my Norton antivirus software has expired, and directing me to click a link to reactivate and install the latest version. I get these scam emails even though I haven’t been responsible for a Windows PC in my family since 2016. I advise users to always consider the source when using their computers to access information.

Artificial intelligence is already being used by scammers, to increase the quality and quantity of their scams. I see no reason to believe that the problem of securing computer systems will ever go away, which is why computer security experts will always have work. It was a great field to get into forty years ago, and it has more opportunities than ever.