News of the Cyber World

[kyonides]

Global Tech Outage

Malicious actors trying to exploit global tech outage for their own gain

As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.

Government cybersecurity agencies across the globe and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage.

“We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”

The UK Cyber Security Center said they have noticed an increase in phishing attempts around this event.

Microsoft said 8.5 million devices running its Windows operating system were affected by the faulty cybersecurity update Friday that led to worldwide disruptions. That’s less than 1% of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post on Saturday.

He also said such a significant disturbance is rare but “demonstrates the interconnected nature of our broad ecosystem.”

What’s happening with air travel?

With their tightly timed, interwoven schedules and complex technology systems, many big airlines struggle to stay on time when everything goes well. It perhaps was not surprising that the industry was among the hardest hit by the outage, with crews and planes caught out of position.

By mid-afternoon Saturday on the U.S. East Coast, airlines around the world had canceled more than 2,000 flights, according to tracking service FlightAware. That was down from 5,100-plus cancellations on Friday.

About 1,600 of Saturday’s canceled flights occurred in the United States, where carriers scrambled to get planes and crews back into position after massive disruptions the day before. According to travel data provider Cirium, U.S. carriers canceled about 3.5% of their scheduled flights for Saturday. Only Australia was hit harder.
Canceled flights were running at about 1% in the United Kingdom, France and Brazil and about 2% in Canada, Italy and India among major air-travel markets.

Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear exactly why U.S. airlines were suffering disproportionate cancellations, but possible causes include a greater degree of outsourcing of technology and more exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike.

Which airlines are getting hit the hardest?

Delta Air Lines canceled more than 800 flights, or one-fourth of its schedule for Saturday, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which dropped nearly 400 flights.

The worst airport to be, for a second straight day, was Hartsfield–Jackson Atlanta International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floors.

European airlines and airports appeared to be recovering slowly, although Lufthansa and its affiliates canceled dozens of flights. Its Eurowings budget subsidiary said check-in, boarding, booking and rebooking flights were all available again, although “isolated disruptions” were possible.

London’s Heathrow Airport said it was busy but operating normally on Saturday and that “all systems are back up and running.” Flights at Berlin’s main airport were departing on or close to schedule, German Press Agency dpa reported, citing an airport spokesman.

How are healthcare systems holding up?

Health care systems affected by the outage faced clinic closures, canceled surgeries and appointments and restricted access to patient records.

Cedars-Sinai Medical Center in Los Angeles, Calif., said “steady progress has been made” to bring its servers back online and thanked its patients for being flexible during the crisis.

“Our teams will be working actively through the weekend as we continue to resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a statement.

In Austria, a leading organization of doctors said the outage exposed the vulnerability of relying on digital systems. Harald Mayer, vice president of the Austrian Chamber of Doctors, said the outage showed that hospitals need analog backups to protect patient care.

The organization also called on governments to impose high standards in patient data protection and security, and on health providers to train staff and put systems in place to manage crises.

“Happily, where there were problems, these were kept small and short-lived and many areas of care were unaffected” in Austria, Mayer said.

The Schleswig-Holstein University Hospital in northern Germany, which canceled all elective procedures Friday, said Saturday that systems were gradually being restored and that elective surgery could resume by Monday.

Russia Avoided Microsoft Crash

Russia Brags Sanctions Helped It Avoid Microsoft Crash

The Russian Digital Communications Ministry bragged on Friday that the worldwide information technology (IT) outage did not affect Russian airlines and banks, thanks to Russia’s countermeasures against Western sanctions.

“At the moment, the ministry has not received reports of system failures at Russian airports,” the ministry claimed.

“The situation with Microsoft once again shows the importance of import substitution of foreign software, primarily at critical information infrastructure facilities,” the ministry statement asserted.

This was a reference to Russia’s practice of replacing foreign imports with Russian-made alternatives after President Vladimir Putin’s illegal annexation of Crimea in 2014 prompted a wave of Western sanctions. More sanctions were imposed after Putin invaded Ukraine in 2022, so the “import substitution” program grew more wide-reaching and more expensive.

Analysts outside the Russian government say import substitution has largely failed because Russia does not produce goods in the quantity and quality needed to make do without foreign products. Replacing food imports with heavily subsidized local agriculture, for example, wound up tripling food prices for Russian consumers.

Bank of Finland Institute for Emerging Economies analyst Heli Simola calculated in June that production costs in several key industries have soared by up to 700 percent over the past two years as Russian manufacturers struggle to make do without foreign imports.

“Russia is especially dependent on technologically sophisticated imports. This makes import substitution even more difficult for the country, given its weak performance in most high-tech sectors and technological innovation development,” Simola noted.

If the claims of the Digital Communications Ministry are correct, Russia separating itself from the worldwide electronic ecosystem for Microsoft Windows might be the first real success for import substitution. On Friday, a faulty software update that cybersecurity giant CrowdStrike pushed out apparently caused thousands of computers worldwide to crash with the dreaded “blue screen of death.” Financial and transportation systems ground to a halt as a result and could take days to resume full operating capacity.

Cybersecurity expert Troy Hunt captured the scope of the problem on Friday by calling it “the largest IT outage in history.”

“This is basically what we were all worried about with Y2K, except it’s actually happened this time,” he said.

Denis Kuskov, director-general of Russia’s TelecomDaily research agency, told the state-run Tass news service on Friday that Russian computers “will not be much affected by this outage because, in most cases, we no longer have a major connection to Microsoft.”

Kuskov and other Russian IT specialists said Russian computers running Windows tend to lag far behind the rest of the world in updates due to sanctions.

“Affected were airlines, railroads, logistics, warehouses, stores, stock exchanges. Everyone using Microsoft. Russia will not be affected because we have been making strenuous efforts to replace their cloud, their software for two years,” said Mobile Research Group analyst Eldar Murtazin.

Murtazin said Chinese computers would probably be unaffected by the global IT outage for similar reasons.

Let us read another report published days ago on Business Insider.

911 Outage

Emergency services say 911 lines are down in several states as a mass IT outage causes havoc

Emergency lines have gone down in several US states after a massive IT outage sparked chaos across the globe.

Major airlines, banks, and retailers are experiencing widespread disruptions after Microsoft reported problems with its online services, linked to an issue at cybersecurity firm CrowdStrike.

The Alaska State Troopers service confirmed in a post on Facebook that 911 and non-emergency call services were down across the state due to the "nationwide" outage, with emergency services in New Hampshire and Ohio posting similar messages.

"Due to a nationwide technology-related outage, many 911 and non-emergency call centers are not working correctly across the State of Alaska," the police force wrote in a Facebook post.

It is unclear how widespread the outage is. Emergency services in other states also took to social media to warn of issues with 911 services.

The Office of Emergency Management for the city of Nashua, New Hampshire, posted on Facebook that "statewide 911 is down," while an X account for the Middletown Division of Police in Ohio wrote that they were experiencing a phone outage "that includes 911."

A spokesperson for the Federal Communications Commission, which regulates 911 communications, said the agency was aware of reports of 911 outages.

"The FCC is aware of reports of a systems outage that is causing disruptions in service, including 9-1-1. We're closely working with other federal agencies to provide assistance and determine the extent of these service disruptions," they said.

Business Insider did not receive a response to a request for comment from the Alaska State Troopers, the New Hampshire Office of Emergency Management, and the Ohio State Police, which were sent outside of working hours.

Details are still emerging about the scale of the global IT outage. The disruption has already impacted airlines, banks, and grocery stores worldwide.

American Airlines, Delta Airlines, and United Airlines are among the airlines that have issued ground stops for their aircraft due to communication issues.

Budget airline Frontier Airlines wrote on X on Thursday that its services were being impacted by a "major Microsoft technical outage."

Early Friday, it said that the ground stop had been lifted, its systems were "gradually normalizing," and it was in the process of resuming flight operations.

On the assassination attempt:

FBI Hacked Crooks' Phone

Report: FBI Broke into Trump Attacker’s Phone with Unreleased Tech from Cellebrite

The FBI reportedly utilized advanced, unreleased technology from digital intelligence company Cellebrite to access the phone of Thomas Matthew Crooks, the man identified as the shooter in the recent attack on former President Donald Trump.

Bloomberg reports that in the wake of the shooting incident at a rally in Bethel Park, Pennsylvania, which left former President Donald Trump with a bullet wound to his ear and resulted in the death of a spectator as well as other injuries, the FBI faced a critical challenge in accessing the shooter’s phone. The device, identified as a newer Samsung model running Android’s operating system, proved resistant to the FBI’s initial attempts at data extraction using their existing Cellebrite software license.

The urgency of the situation reportedly prompted FBI agents to make a direct appeal to Cellebrite, an Israel-founded digital intelligence company that provides technology to various U.S. federal agencies. The FBI’s goal was to extract data from the device to help uncover the motives behind the attack carried out by Crooks, who was killed during the incident.

According to sources familiar with the investigation, who spoke on condition of anonymity, the local FBI bureau in Pittsburgh initially attempted to use their licensed Cellebrite software to identify or bypass the phone’s passcode. However, this attempt proved unsuccessful, necessitating further assistance from Cellebrite’s federal team.

In response to the FBI’s request, Cellebrite swiftly provided additional technical support and transferred new, unreleased software that was still in development to the FBI in Quantico, Virginia. This rapid response underscores the critical nature of the investigation and the company’s ability to provide cutting-edge solutions in high-stakes situations.

The Washington Post, which first reported on the FBI’s use of Cellebrite technology in this case, revealed that once the FBI received the software update, it took approximately 40 minutes to unlock the phone. The specific method used to gain access to Crooks’ phone remains unclear, as Cellebrite’s software employs various techniques, including disabling built-in mechanisms that block repeated passcode attempts while simultaneously generating millions of codes.

Cellebrite, a Nasdaq-listed company, has reported that about a fifth of its public sector work is for federal customers. In the first quarter of 2024, the company announced annual recurring revenue of $89.6 million and claimed involvement in over 5 million cases. This incident highlights Cellebrite’s ongoing efforts to expand its business with US federal customers, as evidenced by a recent company statement.

While Cellebrite’s technology has proven invaluable in law enforcement investigations, it has not been without controversy. Privacy advocates have raised concerns about the ethical implications of such technology, arguing that it could be used for unethical hacking or by foreign governments against activists. In response to these concerns, Cellebrite reported to federal regulators in 2021 that it had ceased operations in certain locations, including China and Hong Kong, due to human rights concerns.

The company maintains that its software is used solely for unlocking seized phones in legally sanctioned cases and not for surveillance purposes. This stance reflects the ongoing debate surrounding the balance between law enforcement capabilities and individual privacy rights in the digital age.

And Elon Musk couldn't remain silent for a whole week.

SpaceX Would Leave California

Adios, California: Elon Musk Announces Relocation of SpaceX and X/Twitter Headquarters to Texas

Elon Musk, owner of SpaceX and X/Twitter, has officially announced the relocation of both companies’ headquarters from California to Texas, citing concerns over California’s laws and urban safety issues.

Business Insider reports that on Tuesday, Elon Musk announced via X (formerly Twitter) that SpaceX would be relocating its headquarters from Hawthorne, California, to the SpaceX Starbase near Boca Chica Village, Texas. Musk attributed this decision to laws in California that he described as “attacking both families and companies.”

The specific legislation Musk referenced was a bill signed Monday by California Gov. Gavin Newsom (D). This new law prohibits “forced disclosure” rules in public K-12 schools, effectively banning requirements for teachers to notify parents if a child changes their name, pronouns, or gender identity at school. California is the first state to outlaw such requirements, as reported by the Los Angeles Times.

Musk called this legislation “the last straw” and stated, “Because of this law and the many others that preceded it, attacking both families and companies, SpaceX will now move its HQ from Hawthorne, California, to Starbase, Texas.” He further claimed that families would have to “leave California to protect their children.”

In the same announcement, Musk revealed that X (formerly Twitter) would also be moving its headquarters from San Francisco to Austin, Texas. He justified this decision by stating he has “had enough of dodging gangs of violent drug addicts just to get in and out of the building.” This move aligns with a recent report from the San Francisco Chronicle, which indicated that X was seeking to sublease all of its San Francisco headquarters.

These relocations follow a pattern established by Tesla, another of Musk’s companies, which moved its headquarters to Texas in 2021. Musk had also previously stated his intention to move SpaceX’s business incorporation from Delaware to Texas.