Delta: CrowdStrike's offer to help in Falcon meltdown was too little, too late Delta Air Lines has come out swinging at CrowdStrike in a letter accusing the security giant of trying to "shift the blame" for the IT meltdown caused by its software – and that CrowdStrike CEO George Kurtz's offer of support was too little, too late. Last month, CrowdStrike pushed out a flawed update to its Falcon threat- …
I think you list the precisely the reasons why this won't go to trial. And Delta has blotted its copybook by saying, correctly in my view, that relying on Microsoft's software and services was part of the problem. Cue pressure from investors either to come up with a credible migration plan to something cheaper or to STFU. As we see from the class action against CrowdStrike, investorts don't give a fuck about quality, but they do about returns and we're currently in the era of "no one got fired for using Microsoft…"
This all sounds like posturing to me, on both sides. One of them will back down, and my bet is on Delta to do that since they clearly have never tested a disaster recovery plan or even restoring from backups.
What if it were ransomware? Who would have Delta sued in that case for their inability to restore service after weeks of downtime?
CrowdStrike's monumental failures are responsible for Delta going down, but not for if failing to get back up for so long.
Yes. Delta has a very large problem with this suit, which is that it took them much longer than their competitors and other organizations of similar size to recover. That's strong evidence that Delta's practices were sub-standard. Particularly if Crowdstrike go with a jury trial that will not be a good position for Delta to defend in court.
As I noted in another comment, if they had a strong case they wouldn't need Bois.
So this lawsuit is a distraction and an attempt to shift blame. Since certainly Crowdstrike already has most of that, Delta sees an opportunity to give them a bit more. And Delta are probably hoping to get a settlement from Crowdstrike to defray some of their losses, or to advance their position in line should Crowdstrike close up shop.
More evidence that this exchange of public letters is bullshit is Bois' text. "grossly negligent, even willful" is 1) redundant (since gross negligence in US law requires willfulness) and 2) unsupported by any facts yet known about the case, and unlikely to be supportable in court. He's bluffing and puffing.
Obviously Delta are going to have some dead bodies… erm, technical debt in their estate for myriad reasons which maybe meant their recovery was slower.
But even if those decisions were due to budgetary or shareholder concerns (which seems to be the insinuation here) the playground pile-on with Microsoft egging them on chanting “fight! fight!” … from the people who made this mess is such a dick move.
Kudos to Delta for pushing back.
Lawyers everywhere will be dribbling with excitement. Hohum.
@weirdbeardmt "the playground pile-on with Microsoft egging them on chanting “fight! fight!”"
There was nothing playground about Microsoft's lawyer's letter to Delta's Lawyers. https://regmedia.co.uk/2024/08/06/msft_letter_to_delta.pdf
This was Microsoft pushing back against the opening salvo of Delta's Lawyers lawsuit against Microsoft. They lay all the blame for the outage on CloudStrike, and that they are in no way responsible for Delta's trouble restoring their IT systems, the recovery was slow because Delta were having trouble restoring non MS systems.
"(e) In fact, it is rapidly becoming apparent that Delta likely refused Microsoft’s help because the IT system it was most having trouble restoring—its crew-tracking and scheduling system—was being serviced by other technology providers, such as IBM, because it runs on those providers’ systems, and not Microsoft Windows or Azure. "
Microsoft's view is there are only two companies at fault CloudStike and Delta and Delta's view is the companies at fault CloudStike and Microsoft. But at least there is one thing they both agree on, it certainly CloudStike's fault.
According to Microsoft's statement posted by the BBC, Delta were also using "outdated IT infrastructure." Doesn't specify what though.
The people suing Delta have suggested that other affected airlines had a cancellation rate during the incident that was around 10% of that of Delta, so it'll be interesting to see what happens.
https://www.bbc.co.uk/news/articles/c6284e7r7d7o
Yes, Microsoft's OS architecture is garbage. Yes, Crowdstrike's QA is garbage
BUT: Where's Delta's change management process? Where's evidence of their dev, stage and prod environments> Where's their rollback plan?
And why have their standardised on a single OS? Why are they using Windows for single use compute, such as displays and kiosks?
Android and even iOS are far superior for this role
They are as much to blame as CS and MS
Yes, it's amazing that we still have people coming here and sounding out about staging without having read exactly how this happened. I'm sure a few admins who thought they had a staging setup got a nasty shock when they found it didn't help them.
Crowdstrike couldn't update machines that weren't connected to the Internet, and they couldn't update machines or VMs that weren't running, and they couldn't update VM snapshots.
Delta clearly did not have adequate DR. Yes, Crowdstrike gets most of the blame; but this incident has shown that Delta were more exposed and less resilient than most other victims.
"Crowdstrike couldn't update machines that weren't connected to the Internet, and they couldn't update machines or VMs that weren't running, and they couldn't update VM snapshots."
They couldn't update machines that were switched off either.
So?
> Delta clearly did not have adequate DR.
With hindsight it is obvious the only DR solution was to have a complete system not running CrowdStrike software. And DR solution that simply replicated the live system, would fail as soon as it went online and CrowdStrike downloaded the latest updates…
There is a lesson there, as who runs totally different systems as their DR ?
Rewind to December 2022.... Southwest's IT crapped the bed. 16,900 flights canceled. Holiday travelers stranded. Remember that? Just because their loss of revenue, market share, and customer confidence wasn't enough, the US Department of Transportation kicked them in the crotch with a $140 million fine a year later.
With this level of government punishment, Delta HAS to defer the blame as much as possible. And they need to control the narrative early to prevent angry travelers from calling their congress people and demanding retribution.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
