CrowdStrike 的错误按键如何导致微软网络全球中断

【中美创新时报2024 年 7 月 19 日编译讯】（记者温友平编译）德克萨斯州网络安全公司 CrowdStrike 的某人只需几次错误的按键，就会导致数字崩溃，影响全球数百万台计算机。

《波士顿环球报》记者海华沙·布雷（Hiawatha Bray） 对此作了下述报道。

要了解发生了什么，需要参加网络安全速成课程。

我们的家用电脑依赖于在单个机器上运行的安全软件，并定期更新以检测最新威胁。但这对企业和政府机构来说还不够好。他们受到专业犯罪分子和外国情报机构的无情攻​​击，这些机构不断寻找新方法来入侵和窃取数据。

根据 CrowdStrike 网站和监管文件的信息，该公司使用名为 Falcon 的人工智能系统进行反击，该系统全天候监控客户的计算机。通过利用流入和流出这些设备的数据训练人工智能，Falcon 可以快速识别新的攻击并在造成太大损害之前将其关闭。

CrowdStrike 的技术在全球超过 29,000 家企业中使用，包括英特尔、Target 和 Salesforce 等公司，以及俄克拉荷马州和伊利诺伊州的州政府机构以及凤凰城和拉斯维加斯等城市。

该系统要求在网络上的每台数字设备上安装 Falcon 软件——台式电脑、笔记本电脑、服务器，甚至智能手机。周四晚上，CrowdStrike 为运行微软 Windows 操作系统的计算机发布了该软件的更新。由于尚不清楚的原因，更新包含一个非常严重的错误，一旦安装，Windows 计算机就无法正常启动，并开始显示臭名昭著的“蓝屏死机”。

错误的更新导致单个程序停止运行是一回事。但 Falcon 漏洞却使整台计算机崩溃，使用户无法进行任何工作。

令人高兴的是，这些恶意代码没有被输入到运行非 Windows 操作系统的设备中，包括使用 Linux 或 Apple Mac 操作系统的计算机。智能手机也没有受到影响。但 Windows 机器在大多数企业和政府办公室中占据主导地位。数百万台机器崩溃，造成了全球性的灾难。

伍斯特理工学院计算机科学系主任 Craig Shue 表示，现在到了最困难的部分。所有受影响的计算机都必须由知识渊博的技术人员进行维修，他们必须以“安全模式”启动计算机，然后删除并替换有毒的 Falcon 软件。对场地内的每台 PC 重复此操作。

“这就是会减慢恢复速度的原因，”Shue 说。“如果你有一千台电脑，那将需要一段时间才能完成。”

人们很容易将这一问题归咎于微软。难道微软不应该将 Windows 设计成不会被简单的软件更新所破坏吗？Shue 说，在这种情况下，情况并非如此，因为网络安全软件与普通软件应用程序截然不同。

大多数应用程序无法访问计算机的基本功能。相反，它们依赖于操作系统。因此，当您使用 Microsoft Word 打印文档时，该软件会要求操作系统将文件转发到打印机。这样，Word 中的错误只会影响 Word，而机器的其余部分则不受影响。

Windows 本身的错误可能更糟糕，因为它是操作系统，可以完全访问所有机器功能。严重的错误可能会使计算机瘫痪或完全无法运行。

Shue 说，与其他应用程序不同，像 Falcon 这样的网络安全程序几乎与操作系统一样强大。它必须防止计算机运行有毒软件或执行非法命令。

Shue 说：“它基本上可以在计算机上做任何事情。它可以删除任何文件。它可以阻止任何程序运行。当你对抗病毒时，这一点非常重要。”

Shue 补充说，如果微软拒绝向外部网络安全供应商提供这种级别的访问权限，该公司可能会面临反垄断诉讼，因为它试图强迫公司只使用微软自己的网络安全服务。因此，微软别无选择，只能与 CrowdStrike 等公司合作。

微软没有立即回应置评请求。

反过来，CrowdStrike 有义务在将其软件推向世界之前对其进行彻底测试。该公司未能做到这一点，已造成严重的全球后果。

但麻省理工学院斯隆管理学院信息技术教授 Stuart Madnick 预计，这种打击会继续发生。“许多公司依赖某些 IT 供应商提供所有功能，”Madnick 说。

因此，供应商软件中的错误，无论是意外的还是故意的，都可能影响世界各地的公司。这就是为什么网络犯罪分子越来越多地试图破解这些供应商销售的软件，以此来一次性非法访问数十或数百个组织。

“这种情况发生得越来越频繁，”Madnick 说，“后果也越来越严重。”

他引用了 2020 年黑客入侵 SolarWinds 软件的事件，SolarWinds 是一家全球公司使用的网络管理工具制造商。黑客窃取了美国国务院、国土安全部、商务部和财政部等多个主要机构的数据。

题图：据世界各地的航空公司和其他企业报告，软件故障导致芝加哥奥黑尔国际机场出现大面积中断，显示“蓝屏死机”而不是航班信息。ERIN HOOLEY/美联社

附原英文报道：

How errant keystrokes at CrowdStrike led to a global outage of Microsoft networks

By Hiawatha Bray Globe Staff,Updated July 19, 2024 

It took just a few errant keystrokes by someone at the Texas cybersecurity firm CrowdStrike to cause a digital meltdown that has afflicted millions of computers around the world.

Understanding what happened requires a crash course in cyber security.

Our home computers rely on security software that runs on individual machines and is regularly updated to detect the latest threats. But that’s not good enough for businesses and government agencies. They’re under relentless attack by professional criminals and foreign intelligence services that keep finding new ways to break in and steal data.

The company fights back with an artificial intelligence system called Falcon, which monitors its customers’ computers around the clock, according to information from CrowdStrike’s website and regulatory filings. By training the AI on the data that flows in and out of these devices, Falcon can quickly recognize new attacks and shut them down before they do too much damage.

CrowdStrike’s technology is used in more than 29, 000 enterprises worldwide, including companies such as Intel, Target and Salesforce, as well as state agencies in Oklahoma and Illinois, and cities such as Phoenix and Las Vegas.

The system requires installing Falcon software on every digital device on the network — desktop computers, laptops, servers, even smartphones. On Thursday night, CrowdStrike issued an update to this software for computers running Microsoft’s Windows operating system. For reasons yet unknown, the update contained a bug so severe that once installed, the Windows computer could no longer boot up properly, and began displaying the notorious “Blue Screen of Death.”

It’s one thing when a faulty update causes an individual program to stop running. But the Falcon bug crashed the entire computer, making it impossible for users to do any work at all.

Happily, the bad code wasn’t fed to devices running non-Windows operating systems, including computers that use the Linux or Apple Mac operating systems. Smartphones weren’t affected either. But Windows machines dominate in most businesses and government offices. And millions of them crashed, creating a global fiasco.

And now comes the hard part, according to Craig Shue, head of the computer science department at Worcester Polytechnic Institute. All the affected computers will have to be repaired by knowledgeable technicians, who will have to boot the computers in “safe mode,” then delete and replace the toxic Falcon software. Rinse and repeat for every PC on the premises.

“That’s what’s going to slow down the recovery on this,” said Shue. “If you’ve got a thousand computers, that’s going to take somebody a while to do.”

It’s tempting to blame Microsoft for this. Shouldn’t the company have designed Windows so it couldn’t be ravaged by a mere software update? Not in this case, said Shue, because cyber security software is so different from ordinary software apps.

Most apps can’t access the basic functions of the computer. Instead they rely on the operating system. So when you print a document using Microsoft Word, the software asks the operating system to forward the file to the printer. This way, a bug in Word will only affect Word, and the rest of the machine is unaffected.

A bug in Windows itself can be much worse, because it’s the operating system, with full access to all machine functions. A severe bug can cripple the computer or make it totally inoperable.

Shue said that unlike other apps, a cyber security program like Falcon is almost as powerful as the operating system. It must be to prevent the computer from running toxic software or carrying out illicit commands.

“It can basically do anything on the computer, ” said Shue. “It can delete any file. It can stop any program from running. And that’s really important when you’re fighting a virus.”

Shue added that if Microsoft denied this level of access to outside cyber security vendors, the company could face an antitrust lawsuit, for seeking to force companies to use only Microsoft’s own cyber security services. So Microsoft has no choice but to work with firms such as CrowdStrike.

Microsoft did not immediately respond to a request for comment.

In turn, CrowdStrike has an obligation to thoroughly test its software before turning it loose upon the world. The company’s failure to do this has had severe global consequences.

But Stuart Madnick, professor of Information technology at the MIT Sloan School of Management, expects the hits to keep on coming. “So many companies are dependent on certain IT vendors for all of their capabilities,” said Madnick.

As a result, a bug in the vendors’ software, whether accidental or deliberate, can affect companies all over the world. That’s why cyber criminals are increasingly trying to hack the software sold by these vendors, as a way to gain illicit access to dozens or hundreds of organizations at a single stroke.

“This is happening more and more often,” said Madnick, “and the consequences are larger and larger.”

He cited the 2020 incident when hackers compromised software from SolarWinds, a maker of network management tools used by companies worldwide. The hackers stole data from a host of major organizations, including the US departments of State, Homeland Security, Commerce and Treasury.