Albo’s major move amid outage chaos
The Prime Minister has made an announcement as the country grapples with the ongoing effects of a global IT outage.
Online
Don't miss out on the headlines from Online. Followed categories will be added to My News.
Welcome to our rolling coverage of the CrowdStrike outage that has that crippled banks, supermarkets and airlines around the world.
The company behind the outage says a “fix” has been deployed but the knock-on effects of the outage could span days or even weeks according to experts.
Follow our live coverage.
PM’s shock move amid outage chaos
Anthony Albanese is taking a five-day holiday break in Queensland as the mop up continues over the computer outage that is impacting companies globally.
The long planned leave starts today and Deputy Prime Minister Richard Marles is now Acting Prime Minister.
A spokesperson for the PM said Mr Albanese has been being continuously briefed on the outage.
“The Prime Minister will be on leave for five days from Saturday 20 July 2024,” she said.
“During this time, the Deputy Prime Minister will be Acting Prime Minister.”
The Prime Minister will continue to be briefed regularly on the IT outage while on leave.
CrowdStrike have indicated that the IT outage is now on a path to resolution.
Officials continue to monitor the situation closely.
“Critical” thing all Aussies can do today
Aussies are being warned to keep a look out for phishing scams, as the nation continues to grapple with the fallout of Friday’s outage.
Speaking at a press conference on Saturday, Minister for Home Affairs Clare O’Neil said:
“There is something critical that I would like to ask Australians to do today and that is to be really careful and really on the lookout for attempts to use this to scam Australians.
“We are hearing that some small businesses and some individuals are receiving emails from people who are pretending to be CrowdStrike or Microsoft and are indicating that you need to put in bank details to get access to a reboot.”
Minister O’Neil advised Aussies who receive an email regarding CrowdStrike or the outage to immediately “stop”.
“Don’t put in any details. If someone has called you and is suggesting that they’re going to help you talk you through a reboot of your system, I would hang up the phone,” she said.
“Then just step back and think. Have a look at the communication that you’ve just received and just ask, ‘Does it make sense for you?’ Your bank is not going to ask you to put your bank details in.”
“If you have given away some personal information, just make sure that you’re contacting your banking institution, for example, and making sure that you let them know that you’re concerned about a phone call or an email that you might have responded to.”
As a final step, she encouraged Aussies to report the suspected scam on the Scamwatch website.
“This is a moment where we can help our fellow Australian citizens.”
Aussie’s awkward IT meltdown interview
One of the key figures in the horrendous global IT outage is an Australian multi-millionaire.
Mike Sentonas, from Melbourne, is worth an estimated $225 million and is the global president of CrowdStrike.
CrowdStrike, the cybersecurity company behind a massive global IT outage, is one of the best-known cybersecurity companies in the world.
It provides data protection software for its customers. However, it’s believed an update to one of its products - Falcon sensor - pushed out overnight in the US contained a “defect” — leading to global chaos.
Mr Sentonas joined the company in 2016 as vice president of technology strategy.
He served as chief technical officer from 2020 to 2023. He was promoted to president of the growing company last year after completing a computer science degree at Edith Cowan University in Perth.
Mr Sentonas gave a now-awkward interview earlier this year. He spoke about helping other companies deal with IT breaches and how they shouldn’t attempt to ‘trivialise’ any problems.
“If an organisation has been breached, I’ll often work with the team to coach them on how to deal with it,” he told The Age.
“That could be how to deal with press, or avoiding coming out to say, ‘there’s a sophisticated adversary’. I try to coach people on being open and transparent about what happened and how you’re dealing with it, which is so critically important to the customer.
“You have to go to your customers and be upfront, and if you try to trivialise it, it won’t go well.”
You need to restart your PC 15 times
CrowdStrike has recommended people take the following steps as a workaround to the issue affectings PCs:
1. Boot in Safe Mode
2. Navigate to Windows\System32\drivers\CrowdStrike
3. Find and delete “C-00000291*.sys”
4. Reboot normally
Another solution is to restart the computer — although you may need to do this 15 times.
“We’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage,” a Microsoft spokesman said.
— Andrew Backhouse
Airports getting back on track
Sydney, Brisbane and Melbourne airports have come back online after flights were grounded and travellers were plunged into chaos yesterday.
“Airport systems are online and operations are normal,” Sydney Airport wrote in a statement on X on Saturday morning.
However, it warned, “there are some knock-on impacts to individual airlines”.
“If you’re travelling today check with your airline regarding the status of your flight.”
Melbourne Airport issued a similar statement, confirming airlines can now check in passengers. It’s understood United has cancelled their San Francisco service.
“There may be an increase in passenger congestion today in our terminals as airlines process some delayed passengers from last night. Please allow a little extra time to check-in and thank you for your patience,” Melbourne Airport wrote on X.
Jetstar was among the airlines affected by the outage, with flights cancelled until 2am on Saturday.
The airline has since confirmed the airline’s IT system has begun to stabilise, with flights expected to operate as scheduled on Saturday.
What other services are still affected in Australia
In Australia, multiple businesses have been affected including media organisations such as News Corp’s global operations, the ABC, SBS, Channel 7, Channel 9, and Network 10.
But it has also hit EFTPOS services, airlines, banks and supermarkets, throwing the entire nation into chaos.
You can find a full list of affected services here.
Crowdstrike at heart of chaos
The outage hit Australia about 3pm AEST, with millions reporting their computers had shut down and showed a “blue screen of death”.
The company confirmed the outage was a result of a planned upgrade for Microsoft.
CrowdStrike has said it may be able to come to a solution shortly.
The shutdown hit multiple countries including New Zealand, Japan, India, the US and the United Kingdom.
Multiple businesses have been affected including media organisations such as News Corp’s global operations, the ABC, SBS, Channel 7, Channel 9 and Network 10.
It has also hit EFTPOS services, airlines, banks and supermarkets, throwing the entire nation into chaos.
Crowd-sourced website Downdetector has listed outages for Foxtel, NAB, Bendigo Bank, Suncorp Bank, Commonwealth Bank, Me Bank and more.
Qantas was forced to delay some flights on Friday evening because of the issue but the flagship airliner is still flying.
CrowdStrike, a $125bn US-listed company, lost billions of dollars in value on the New York stock exchange.
The company went public in 2019 and has rocketed up in value since then, with its share price climbing from about US$64 to about US$343 before Friday’s sudden slump.
The company provides cloud-delivered protection of endpoints, cloud workloads, identity and data.
Its customers include private sector clients in the corporate world and also government and public service bodies.
“Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon platform leverages real-time indicators of attack, threat intelligence on evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritised observability of vulnerabilities, all through a single, lightweight agent,” the company says on its website.
Microsoft is also trading lower on the news, with the US$3.2 trillion tech behemoth down about 1.4 per cent in pre-market trading.
Huge update from Jetstar
Jetstar has posted a welcome update on the major tech outage affecting flights around the world — saying flights would go as planned on Saturday.
“Our IT systems are beginning to stabilise, and flights on Saturday 20 July are currently planned to operate as scheduled. Please proceed to the Airport as usual,” a spokesman said.
“There may be a small number of flights impacted due to operational reasons. If your flight is impacted, we will communicate directly to you using the contact details on your booking.”
Australian travellers had been warned there may “flow-on effects” for days after a global tech outage caused flight delays and cancellations across the country and world.
In Australia, all Jetstar flights had been cancelled until 2am on Saturday.
On Friday pictures at Sydney Airport showed the airline’s check-in computers taken over by what has become known as “the blue screen of death”.
The airport’s arrival and departure boards also turned blue.
The IT issue has affected multiple countries including New Zealand, Japan, India, the US and the United Kingdom.
In the US, “several airlines” requested Federal Aviation Administration assistance “with ground stops until the issue is resolved”.
The Australian Government’s Smartraveller took to social media at 9pm on Friday – about six hours after computers began shutting down – to tell Aussies it “cannot organise alternative travel arrangements for you”.
Instead, Smartraveller, which is a part of the Department of Foreign Affairs and Trade, instructed Aussies to contact their airline or travel insurer for alternative travel arrangements if their flights are affected.
“A major IT outage is causing significant disruption to airlines and international travel. Many flights have been cancelled or delayed. There may be flow-on effects for travel over the next few days,” Smartraveller said.
“Other services such as banking, shopping and healthcare may also be impacted. Follow the advice of local authorities and check local media for updates.”
Australian budget airline Jetstar confirmed on Friday night it had been force to cancel all flights until 2am Saturday, July 20 “as a result of the outage”.
“The IT outage is impacting multiple Jetstar systems, including the system we use to contact customers and we sincerely apologise for the frustration this is causing,” a statement provided to news.com.au said.
“Our teams are working on recovery options and we will contact customers with updates as soon as our systems are back online.”
Jetstar customers who are due to travel Friday or Saturday and no longer wish to travel are being offered free moves 7 days from date of travel, or voucher refunds. Jetstar can be contacted via LiveChat on its website to discuss options.
What is CrowdStrike?
CrowdStrike, the cybersecurity company behind a massive global IT outage, is the leader in its sector, known for building software defences for the cloud computing age and exposing Russian and North Korean threats.
Based in Austin, Texas, the company was founded in 2011 by George Kurtz, Dmitri Alperovitch and Gregg Marston.
Both Kurtz and Alperovitch had extensive backgrounds in cybersecurity, working at companies like McAfee.
Two years after its founding, CrowdStrike launched its signature product, the Falcon platform.
Crucially, the company embraced a “cloud-first” model to reduce big computing needs on customers and provide more effective protection.
In particular, remote computing enables updates to be carried out quickly and regularly, something that failed spectacularly in Friday’s outage when an update proved incompatible with computers running on Microsoft software.
Rather than just focusing on malware and antivirus products, the founders wanted to shift attention to identifying and stopping the attackers themselves and their techniques.
“CrowdStrike is one of the best-known cybersecurity companies around,” said Michael Daniel, who worked as the White House cybersecurity co-ordinator during the Barack Obama administration.
“It provides typically what we think of as sort of endpoint protection, meaning that it’s actually got software running on a server, or on a particular device, like a laptop or a desktop, and it’s scanning for potential malware connections to bad domain names,” he said.
“It’s looking for behaviour that might be unusual — that sort of thing,” said Daniel, who now runs the Cyber Threat Alliance.
A report published this year by CrowdStrike estimates that 70 per cent of attacks do not include viruses, but were rather manipulations carried out directly by hackers, who often use stolen or recovered credentials.
The company’s share price was down by about 12 per cent on Wall Street on Friday. CrowdStrike became a publicly traded company in 2019, and in 2023 the group generated sales of $3.05 billion, up 36 per cent year-on-year.
Boosted by the wave of so-called generative AI, which requires the development of additional capabilities in the cloud, CrowdStrike raised its annual forecasts in June.
Although its business has been booming, the group is still struggling with profitability.
In 2023, it recorded a net profit of just $89 million, its first annual profit since its creation.
The company’s main competitors are Palo Alto Networks and SentinelOne, both stand-alone cybersecurity firms.
But cloud computing giants Microsoft, Amazon and Google provide their own cybersecurity software and are also rivals.
North Korea hack
CrowdStrike, which is also a cyber intelligence company, made headlines when it helped investigate several high-profile cyber attacks.
Most famously, in 2014, CrowdStrike discovered evidence linking North Korean actors to the hacking of servers at Sony Pictures.
The hackers stole large amounts of data and threatened terrorist acts against movie theatres to prevent the release of “The Interview,” a comedy about North Korea’s leader.
The studio initially cancelled the movie’s theatrical release, but reversed its decision after criticism.
Sony estimated the direct costs of the hack to be $35 million for investigating and remediating the breach.
CrowdStrike also helped investigate the 2015-2016 cyber attacks on the Democratic National Committee (DNC) in the United States and their connection to Russian intelligence services.
In December 2016, CrowdStrike released a report stating that a Russian government-affiliated group called Fancy Bear had hacked a Ukrainian artillery app, potentially causing significant losses to Ukrainian artillery units in their fight against Moscow-backed separatists.
However, this assessment was later disputed by some organisations and CrowdStrike rolled back some of the claims.
Criticism of Microsoft
In recent months, CrowdStrike has criticised Microsoft for its lapses on cybersecurity as the Windows maker admitted to vulnerabilities and hackings by outside actors.
Among other criticisms, CrowdStrike slammed Microsoft for still doing business in China.
“You’re telling the public they can’t use Huawei, and they can’t let kids watch dance videos on TikTok because China is going to collect intelligence,” Shawn Henry, chief security officer at CrowdStrike, said last year.
“Yet, the most ubiquitous software, which is used throughout the government and throughout every single corporation in this country and around the world, has engineers in China working on their software,” Henry told Forbes.
‘This was not a cyberattack’
CEO Mr Kurtz apologised for the issue, which left users with a “blue screen of death” and confirmed the company has deployed a fix.
“This was not a cyberattack,” he said in a public statement.
“The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted.”
“All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”
Mr Kurtz added “nothing is more important” to him than the trust customers and partners have in Crowdstrike.
“As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again.”
In a statement on Friday, Prime Minister Anthony Albanese acknowledged Australians are “concerned about the outage that is unfolding globally and affecting a wide range of services”.
“My Government is working closely with the National Cyber Security Coordinator,” Mr Albanese said.
“There is no impact to critical infrastructure, government services or Triple-0 services at this stage.”
Deputy secretary of the Cyber and Infrastructure Security Centre, Hamish Hansford, said it could take “days” for systems to recover.
“Over the next hours and days, we hope that this incident will self-resolve as technical responses kick in. There is no reason to panic, it is not a cybersecurity incident.”
Originally published as Albo’s major move amid outage chaos