It was around 3 pm in Sydney (7 am Paris time) on July 19 when the first problems appeared. In Australia's largest airport, the information screens had just turned blue: No departure times were displayed. Soon, the machines used to check in passengers also failed. In Canberra, Perth, in Auckland (New Zealand), Jetstar, Virgin, and other airlines began canceling their flights.

An hour later, what appeared to be an air traffic problem – already serious on the eve of one of the summer's biggest holiday weekends – turned out to be far more serious. Australia's ABC television channel briefly disappeared from the screens, the payment systems of two of the country's major banks malfunctioned and the cash registers of several supermarket chains stopped working. Australia and New Zealand didn't know it yet, but they had just experienced what is likely set to be the biggest computer failure in history.

Cyber attack ruled out

Amid the panic and chaos, the Australian authorities quickly allayed fears: There was no evidence of a cyber-attack or malicious operation. However, in the early hours of the morning, the first suspect emerged on a specialized discussion forum. Internet users were complaining of crashes on their Windows computers. Reports of the "blue screen of death," the famous name given to Microsoft-run computers when the system encounters a fatal error, multiplied. Those in the forum, most of them network administrators and IT department managers, gradually discovered the extent of the damage as they started their working day. "I'm in Malaysia, 70% of our laptops are down, the head office in Japan has ordered a company-wide shutdown," wrote one of them. What do these machines have in common? They use a well-known security tool marketed by the American company CrowdStrike.

In the hours that followed, as new victims of the outage continued to emerge, the lead was definitively confirmed: The problem originated in Falcon Sensor, an IT security solution marketed by the American company. The stakes were high: CrowdStrike is a major player in cybersecurity. Its tools are used by large companies for their networks, where the security solutions scrutinize every unusual activity or suspicious connection to block attempts at intrusion or data theft. But a recent update, released overnight, appeared to contain a piece of code that caused serious problems on machines running Windows. On discussion forums, solutions began to be put forward: For each computer, you would need to reboot the machine and then search for and delete an incriminating file.

You have 74.41% of this article left to read. The rest is for subscribers only.