IanDewarPhotography - stock.adob
Microsoft and CrowdStrike hit back at Delta’s legal threats
Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT systems
Microsoft and CrowdStrike have defended themselves against a series of accusations by Delta, saying the US airline, which was particularly badly hit during the 19 July software outage, rejected their offers of help and had only itself to blame for cancelling thousands of flights, including some scheduled to deliver American athletes to the Paris Olympics.
As a legal battle takes shape between the three organisations, Delta CEO Ed Bastian last week told US news channel CNBC that he had no choice but to sue CrowdStrike, citing the significant sums his business spent on compensating stranded passengers. He also accused the two suppliers of failing to properly collaborate to ensure such technical issues did not arise.
However, following representations to both companies by Delta’s lawyer, David Boies, Microsoft’s representatives accused Bastian and Delta of misrepresenting the facts of the incident.
“Microsoft empathises with Delta and its customers ... but your letter and Delta’s public comments are incomplete, false, misleading, and damaging to Microsoft and its representation,” wrote Mark Cheffo of New York law firm Dechert LLP.
“Even though Microsoft’s software had not caused the CrowdStrike incident, Microsoft immediately jumped in and offered to assist Delta at no charge following the 19 July outage.
“Each day that followed from July 19 through July 23, Microsoft employees repeated their offers to help Delta. Each time, Delta turned down Microsoft’s offers to help, even though Microsoft would not have charged Delta for this assistance,” he added.
Cheffo went on to say that on 24 July, Microsoft CEO Satya Nadella had personally reached out to Bastian by email, but was ignored.
The letter further accused Delta of refusing Microsoft’s assistance because the parts of its IT estate that it was struggling to restore – its crew-tracking and scheduling systems – were serviced by providers “such as IBM” and do not run on Microsoft Windows or in the Azure cloud.
Outdated IT infrastructure
Cheffo added: “Microsoft continues to investigate the circumstances surrounding the CrowdStrike incident to understand why other airlines were able to fully restore business operations so much faster than Delta, including American Airlines and United Airlines.
“Our preliminary review suggests that Delta, unlike its competitors, apparently has not modernised its IT infrastructure, either for the benefit of its customers or for its pilots and flight attendants.”
He said Microsoft would “vigorously defend” itself against any litigation should Delta pursue it.
Meanwhile, over the weekend of 4-5 August, CrowdStrike’s legal representative Michael Carlinsky of Quinn Emanuel also spoke up for the embattled cyber security supplier, whose tainted rapid response update caused the series of crashes that downed the systems of Delta and others.
In a letter to Boies, Carlinsky wrote: “CrowdStrike is highly disappointed by Delta’s suggestions that CrowdStrike acted inappropriately and strongly rejects any allegation that it was grossly negligent or committed wilful misconduct,” he said.
He wrote that CrowdStrike had also reached out to Delta to offer assistance and that CEO George Kurtz had also reached out to Bastian but, like Nadella, “received no response”.
‘Misleading narrative’
“CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed. To this day, CrowdStrike continues to work closely and professionally with the Delta information security team,” wrote Carlinsky.
“Delta’s public threat of litigation distracts from this work and has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage.”
He warned that should a court case ensue, Delta would have to explain a number of points, including why its competitors were able to recover so much quicker and why it turned down offers of help, and answer questions over the design and operational resilience of its IT systems, particularly with regard to updates.
In a statement provided to Computer Weekly’s sister title TechTarget Security, a CrowdStrike spokesperson said the firm had expressed its regret and apologies to customers.
“Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive,” they said.
Read more Computer Weekly and TechTarget coverage of the CrowdStrike incident
- 19 July 2024: An update to CrowdStrike’s Falcon service has led to many Windows users being unable to work. Microsoft 365 is also affected.
- The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage.
- The global outage of Microsoft is rapidly sending shockwaves across all sectors, demonstrating the risk of having a single point of failure.
- A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them.
- As organisations recover from today’s outages, the cyber security industry will need to develop new security software evaluation criteria and requirements and learn to parlay risks.
- 22 July: About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational.
- The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous.
- Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow.
- 23 July: The ‘blue screen of death’ signals a catastrophic Windows failure, which is exactly what many people faced on 19 July 2024 – but why did it happen? One former Microsoft engineer has a theory.
- Disaster recovery has centred on cyber attacks the past few years, but the CrowdStrike outage illustrates why companies can’t forget about traditional business continuity.
- 24 July: Enterprises that emerged unscathed from the roll-out of the botched CrowdStrike software update are being urged to view it as a wake-up call rather than a lucky escape.
- The largest global organisations hit by the CrowdStrike – Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars.
- CrowdStrike publishes preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world.
- 25 July: Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties like CrowdStrike access to the core Windows OS.
- 26 July: Experts say efforts to avoid incidents such the CrowdStrike outage will face time-honoured trade-offs between velocity, stability, access and security.
- CrowdStrike customers grappling with blue screens of death from the recent IT outage may be able to sidestep BitLocker encryption schemes and recover their Windows systems.
- 29 July: The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week.
- Malicious domains exploiting CrowdStrike’s branding are popping up in the wake of the 19 July outage. Experts share some noteworthy examples, and advice on how to avoid getting caught out.
- 30 July: Microsoft will explore alternatives to direct kernel access for partners following the CrowdStrike outage. But some IT pros worry that change could do more harm than good.
- Enterprises with the IT talent might turn to open source software as a backup for commercial products to mitigate damage from a CrowdStrike-like IT outage.
- 31 July: Following the CrowdStrike outage, experts recommended that health IT security practitioners focus on building resilience and tackling third-party risk.
- Communications are critical during an emergency. This is especially true for highly unpredictable disruptions, such as the recent CrowdStrike outage.
- 1 August: A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage.
- Security experts offered their thoughts on the recent IT outage, praising CrowdStrike’s response time but saying the outage highlights issues in the software updating process.
