CrowdStrike caused a global computer meltdown – at the Black Hat cybersecurity conference people can’t get enough of its swag


Get ‘em while they’re hot. CrowdStrike’s collectible figurines were all the rage at Black Hat. — SHARON GOLDMAN/The New York Times

Elvis, Britney, and Cher all found redemption in Las Vegas after going through a rocky phase.

This week, it was CrowdStrike’s turn.

The embattled cybersecurity company, whose buggy software update brought much of the world to a standstill last month, is enjoying a moment of strange cultural cachet at the annual Black Hat security conference, as throngs of visitors flock to its booth to snap selfies and load up on branded company shirts and other swag.

"My friend says I have to get one," one person waiting in line by the CrowdStrike booth told Fortune, referring to the collectible figurines the company was offering.

For many, the newfound notoriety of the CrowdStrike name is part of the appeal.

Frank Flanagan, a senior security engineer for a large west coast chain of convenience stores and fuel stations, clad in a colourful shirt and cowboy hat, told Fortune he was in line strictly to get his hands on a figurine.

“I hope it will be worth more after a year,” he chuckled, and joked that the value would be even greater if the company were to go out of business as a result of the legal woes stemming from the flawed software update.

CrowdStrike's stock has plunged roughly 40% since the incident, which caused computers running Microsoft Windows to display the dreaded “blue screen of death”, grounding thousands of flights and freezing systems at banks and hospitals around the globe. Delta has said CrowdStrike is solely responsible for cancelled flights that it claims cost it more than US$500mil (RM2.20bil).

While many Black Hat attendees found amusement in the company's brush with public notoriety, most of the people that Fortune spoke to at the event believed CrowdStrike was a solid and reputable company despite the incident.

One CrowdStrike customer, a security professional at a restaurant chain, said he was very happy with the company’s response to the outage and that his company was quickly up and running again.

Other attendees collectively shrugged at the idea that CrowdStrike could be blamed for a problem with a routine update that could happen to any of the security companies deeply intertwined with Microsoft Windows.

Steve Black, a professor of law and cybersecurity at Texas Tech University, pointed out that Delta’s argument against CrowdStrike is not a slam-dunk. There is a significant legal question about how much responsibility a business has for its own resilience, he said.

“Courts have been divided over the nature of digital harms,” said Black. “Does a plaintiff have to show financial harm to win?”

A legal case will hinge on how dependent Delta was on the systems affected by the update, what its service agreement with CrowdStrike said, and what Delta’s remediation looked like. “If I delay, I may be responsible for some of the losses,” he said.

A CEO apology and hot-pressed T-shirts

If the CrowdStrike name seemed to be everywhere at the Black Hat conference, it wasn't entirely due to the news cycle. In an ironic twist, CrowdStrike is one of the top sponsors of this year’s annual conference, eliciting occasional chuckles as its name is announced during panel sessions and displayed on large billboards.

“Adversaries aren’t stopping. Neither are we,” proclaims one oversized CrowdStrike advertisement above the indoor walk to the Mandalay Bay hotel conference convention center. “Resilience starts with us. Our focus remains with you.”

George Kurtz, the CrowdStrike CEO, spoke during a panel at the event and apologised to the audience for the debacle, according to the Washington Post.

“George’s comments were brief but well said,” someone in the audience told the Post, noting that the comments got a warm reception, “which surprised me, given how critical the security community can be.”

The CrowdStrike incident was a frequent topic during the opening keynote panel session featuring Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency. Easterly said the widespread outage reinforced the need for "cyber resiliency" and diligent testing and designing by tech vendors.

Jerry Layden, CEO at CyberSaint, told Fortune that the stakes are high when it comes to placing blame for the outage, since the scale of the economic impact is so big. His company’s analysis estimated operational costs of the outage reaching US$5bil (RM22.03bil) for the Fortune 500 alone.

Layden believes that Delta has some culpability for its losses. “They have to take some responsibility for understanding their environment, understanding where their biggest risks are,” he said, pointing out that most organisations think most about being attacked as the biggest cyber risk, but flaws in software updates can also impact the entire business. “Throwing it all on CrowdStrike is not fair.”

Others pointed out that Microsoft should take their fair share of the blame for the outage, which many say was caused by the design of Windows in its core architecture that leads to malware, spyware and driver instability.

“Microsoft should not be giving any third party that level of access,” said Eric O’Neill, a cybersecurity expert, attorney and former FBI operative. “Microsoft will complain, well, it’s just the way that the technology works, or licensing works, but that’s BS, because this same problem didn’t affect Linux or Mac. And CrowdStrike caught it super-early.”

Back at the CrowdStrike booth, staffers busily operated machines to create custom-pressed shirts at the “T-Shirt bar”, while others handed out small boxes containing the coveted figurines. The figurines, dubbed “Aquatic Panda” and “Scattered Spider”, represent famous hacker groups and cyber criminals.

One security researcher in line said he didn’t know what the collectibles were, but had heard they were a hot item. Then again, the researcher added, as if to avoid setting his expectations too high, “they probably aren’t anything fancy.” After all, he said, “the company lost like 40% of its stock.” – Fortune.com/The New York Times

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Italy fines OpenAI 15 million euros over privacy rules breach
UK watchdog says $35 billion Synopsys-Ansys deal raises competition concerns
EU approves Nvidia's acquisition of Run:ai
Malaysia approves Data Sharing Bill 2024 for federal government agencies
MITRS online platform available from April 2025
MCMC publishes code of conduct for Internet and social media providers
Disruptive 10-minute deliveries spread to India’s food business
Slovak battery maker InoBat raises 100 million euros in latest funding round
‘Skibidi toilet’ has come to Fortnite. What the heck is it?
TikTok parent ByteDance intensifies China AI rivalry with 85% price cut for visual model

Others Also Read