Microsoft Blames Global IT Outage on European Union as Crowdstrike Stock Continues Plummeting But Life Goes on for Crypto

2009 European Union Deal Blamed for Crowdstrike Failure

According to The Wall Street Journal, a Microsoft spokesperson attributed the recent Crowdstrike failure to a 2009 regulatory agreement between Microsoft and the European Union, arguing that the company is unable to secure its operating system as tightly as Apple due to a pact with the European Commission.

The spokesperson claimed that Microsoft had agreed to provide external security developers with the same level of access to interact with the software as Microsoft itself, which has led to critical bugs.

The infamous "blue screen of death," a symbol of technological malfunction since Microsoft's Windows became the dominant operating system in the 1990s, resurfaced on millions of computers on Friday as a result of the outage.

Patrick Wardle, CEO of DoubleYou, explained that monolithic ecosystems like Apple's macOS are more resilient to such critical errors due to their walled-off architecture.

In 2020, Apple revoked similar security clearances for its operating system, shielding it from third-party security failures and coding conflicts.

Security experts have criticised Microsoft for not taking its software's vulnerabilities seriously enough.

A blog post from the company stated that 8.5 million Windows machines were affected, which is less than 1% of their global presence.

However, this was sufficient to disrupt major businesses in healthcare, media, and restaurants.

The turmoil extended into Saturday, with nearly 2,000 flights canceled by US airlines, compared to 3,400 the day before.

Delta was the hardest hit, cancelling more than half of its flights on Saturday.

How Did the IT Blackout Happened?

The chaos unfolded with a flawed update distributed to corporate clients by CrowdStrike, one of the many cybersecurity firms striving to fortify Windows environments.

Microsoft itself offers a competing product, Windows Defender.

Between 18 and 19 July, the world was struck by what has been termed "the largest information technology outage in history."

In its first post on X with regard to the outage, Microsoft 365 Status announced that it was investigating an issue "impacting users' ability to access various Microsoft 365 apps and services."

In the latest communication from Microsoft, it confirmed that the issue has been mitigated.

The IT blackout affected approximately 8.5 million Windows systems globally, bringing operations to a standstill at financial institutions, airports, emergency services, and media broadcasting networks.

At the heart of the crash was an upgrade bug linked to third-party security firm CrowdStrike.

CrowdStrike's CEO George Kurtz acknowledged the problem on Friday and stated that they were working to restore service for their customers.

However, his apology was met with criticism.

Satya Nadella, Chairman and CEO of Microsoft also chimed in but was met with disapproval from influential figures like Elon Musk.

In a subsequent update, Kurtz emphasized that the downtime was not the result of a hack or malicious exploit.

He directed users to engage with official CrowdStrike support channels and update their affected software through the security firm's portal.

The CEO also assured the public that the issue had been identified and rectified.

Chief security officer Shawn Henry described the incident as a "gut punch" for the firm, which had previously been regarded as one of the most trusted names in the industry.

He lamented:

"We let down the very people we committed to protect, and to say we're devastated is a huge understatement.

Security has long been an Achilles' heel for Microsoft, with its software frequently targeted by criminal hackers and state-sponsored entities from countries like Russia and China.

Top executives have been called to testify before Congress to account for Windows' vulnerabilities.

Decentralisation Would Have Prevented the IT Outage From Happening

Decentralisation offers a robust alternative that could have prevented such a widespread disruption.

By dispersing data and security controls across numerous nodes, decentralised systems eradicate single points of failure.

Even if a single node is compromised, the system as a whole continues to function.

This architecture ensures that there will never be a large-scale disruption akin to the recent outage.

Cryptographically secured and verified data makes it challenging for attackers to modify or corrupt information undetected.

Decentralised agents can independently monitor and respond to threats, guaranteeing continuous security without reliance on a central server.

Jameson Lopp, co-founder of the Bitcoin wallet service Casa, leveraged the high-profile outage to explain why Bitcoin's core software does not auto-update, stating that "Auto-updates introduce systemic risk."

Senator Cynthia Lummis, a staunch proponent of decentralised technologies, echoed the sentiments of blockchain software developers.

The GOP lawmaker pointed to Bitcoin's demonstrated resilience during critical software failures as a testament to its superior architecture, in contrast to contemporary centralised systems with their inherent single points of failure and other performance limitations.

Crowdstrike Share Prices on a Downward Trajectory

The share prices of CrowdStrike continued their descent on Monday, following a mishandled software update that triggered a global computer outage.

Jimmy Su, Chief Security Officer at Binance, suggested that such incidents are likely to recur due to the centralised nature of computing.

CrowdStrike Holdings Inc. (CRWD) stock plummeted by an additional 13% on 22 July, dropping to $263 in after-hours trading and maintaining a slow but steady downward trajectory.

The company has experienced a 30% devaluation of its share value this month, with 23% of that occurring since it caused a worldwide IT outage.

CrowdStrike shares reached an all-time high of $392 on 1 July, as per Google Finance, but have since shed 33%, hitting their lowest point since early January.

Short sellers capitalised on the company's 23% two-day stock price drop, the most severe in its history, reaping $978 million in profits.

The cybersecurity software sector has witnessed a surge in short interest, totalling nearly $12 billion this year, with CrowdStrike ranking as the second-most shorted company after Microsoft.

In the aftermath of the incident, analysts have downgraded CrowdStrike's stock and reduced price targets.

Guggenheim, for instance, withdrew its $424 price target for CRWD but indicated that the company "will eventually become even stronger as a result of this incident."

Guggenheim analysts led by John DiFucci pointed out in a note on 21 July:

“We find it difficult to tell investors that they need to buy CRWD right now.”

Despite the temporary setback, many Wall Street analysts remain optimistic about the firm's long-term prospects, with an average price target suggesting a 40% increase from current levels.

Life Goes On for the Crypto Market

Despite the software outage impacting traditional sectors such as banking, healthcare, and airlines, key blockchain and cryptocurrency networks maintained normal operations due to their distributed architecture, as noted by Su.

Major networks including Bitcoin, Ethereum, and Solana, among others, have not experienced any disruptions and have sustained 100% uptime in generating new blocks.

Moreover, cryptocurrency websites, which are often prone to downtimes during periods of widespread market volatility, have continued to operate without incident.

According to DownDetector, users have not reported any issues with platforms like Coinbase, Crypto.com, CoinGecko, and CoinMarketCap.

Su highlighted that the last downtime for the Bitcoin network occurred over 4,150 days ago, marking more than 11 years without any interruptions.

He added:

“Because the nodes are independent of each other and interchangeable, it doesn’t matter if 5% or 15% of them fail, the network will remain fully functional.”

He concluded:

“As long as the bulk of the world's interconnected and interdependent computer systems rely on a centralized, single-point-of-failure architecture, we are likely to experience similar incidents.”