In a world where a single point of failure can throw our machines into chaos, everything from sharks to authoritarian governments to old ladies have brought the web to its knees.
On Friday 19 July, 2024, the world woke up to what many have called the worst digital crisis of all time. A botched software update from cybersecurity giant CrowdStrike crashed some 8.5 million computers, smearing Microsoft’s dreaded “blue screen of death” across the globe. Airlines cancelled over 46,000 flights in a single day, according to the FlightAware. Hospitals called off surgeries. 911 emergency services faced disruptions in the US. Film Forum, an arthouse cinema in New York, switched to cash payments as its credit card system went down. Microsoft and CrowdStrike issued a solution, but the outages continue almost a week later. It’s a reminder, frustrated IT experts said, to never push updates out on a Friday.
As our infrastructure becomes ever more tangled with the internet, this won’t be the last catastrophic online outage. But CrowdStrike wasn’t the first, either. The history of computing is littered with examples of our digital fragility, and crashes of the past offer a glimpse of what it will feel like on the day the internet turns off.
“There’s a price to pay for the convenience we enjoy,” says Ritesh Kotak, a cybersecurity and technology analyst. “It will happen again, and from a technical standpoint, the fix for CrowdStrike was relatively easy. Next time, we might not be so lucky.”
A glitch in the matrix
One of the earliest major outages came in 1997 thanks to a glitch at the company Network Solutions Inc., one of the main registrars that issues domain names for websites. According to the New York Times, a misconfigured database crashed every single website ending in .com or .net. It took down around one million sites, which at that point in history was a huge portion of the web. Some people didn’t get their email. An untold number of web searches ended in frustration. Some businesses who couldn’t reach clients and customers lost business around the 1997 crash, but overall, the problems were minimal.
Yet with the internet now touching nearly every part of our daily lives, anything close to the Network Solutions outage has far greater consequences. Twenty-one years later, for example, a malware attack on the Alaskan community of Matanuska-Susitna took an array of digital services offline. The internet blackout sent 100,000 people back in time.
On some level, the internet really is just a series of tubes
“The cyber-attack, God help us, just about stopped everything, you know,” local Helen Munoz told the BBC in 2019. “In fact, the borough still [hasn’t sorted out] their computers.”
Employees were locked out of their workstations. Local libraries were ordered to turn off all their devices. In one government office, workers had to switch to typewriters to do their jobs. It was 10 weeks before the majority of the Matanuska-Susitna’s systems came back online.
We’re going to need a bigger cable
Sometimes the problems start in the physical world. For a while, the entire nation of Armenia’s internet connectivity depended on a single fibre-optic cable running through Georgia. If that sounds precarious, you’re right. In 2011, a 75-year-old woman took all 2.9 million Armenians offline when she sliced through that cable with a spade near the Georgian village of Ksani. The woman, who was scavenging for copper at the time, was arrested but reportedly let go soon after because of her advanced age. She later told reporters: “I have no idea what the internet is.”
Others felt its absence more keenly. “You can feel it when you don’t have access to the internet. You start going crazy,” says Vahan Hovsepyan, senior community and public policy advisor at RIPE NCC, the regional internet registry for Europe, the Middle East and Central Asia, who lives in Armenia. “There’s no way to ensure stability when you have a cable that’s thousands of kilometres long,” Hovsepyan says, which highlights the importance of building redundancies into digital infrastructure.
It’s proof positive that, on some level, the internet really is just a series of tubes. Pensioners aren’t the only threat to those tubes, either. In 2017, all of Zimbabwe lost its internet access for half a day. Local newspapers reported that a tractor had torn through a cable in South Africa.
The fibre-optic cables in our backyards need protection from human beings, but the thousands of kilometres worth of cables draped across the ocean floor face their own dangers. Sharks have a mysterious fondness for biting undersea cables, which has caused outages in the past. There’s a long history of teeth marks on these ocean cables, not just from sharks but other fish and barracudas. A tooth can penetrate the insulation and mix sea water to ground the power conductors. It’s been causing problems for phone and telegraph cables since at least 1964, according to a report from the United Nations Environment Programme. Today, Google reportedly wraps its underwater cables in a Kevlar-like material, in part to stop sharks and other ocean dwellers from biting through the internet. Videos posted online have captured the web-hating sharks in action.
Digital fallout
A quarter of Canada’s internet and phone service was knocked out in 2022 because of a failure at Rogers Communications, one of the country’s biggest telecom providers. It gave 11 million people a preview of last week’s CrowdStrike debacle. Emergency services couldn’t accept phone calls, hospitals cancelled appointments and businesses across the country couldn’t accept debit card transactions. Canadian R&B star the Weeknd was forced to postpone a concert.
Kotak, who lives in Toronto, says the Rogers outage didn’t have a major impact on his life, but others weren’t so lucky. “A friend of mine literally missed the bar exam,” he says. “Her whole family were Rogers customers, and she couldn’t get the exact address and room number for the test because she only had it written down in her email.”
Legislators can prevent these kinds of problems by mandating safety measures in the technology and telecom industries, Kotak says. But sometimes, governments are responsible for internet shutdowns in the first place.
Disabling the internet is also a go-to method for government censorship, both for authoritarian governments and stable democracies. “It’s a pretty massive problem,” says Zach Rosson, a data analyst at Access Now, a digital rights advocacy group. “By our definition, there have been over 1,500 internet shutdowns since 2016”, by governments, militaries and police forces.
In fact, the CrowdStrike disaster shadowed an example that began the same day. For the last week, Bangladesh has face near total internet blackout after a government shutdown in response to violent clashes between protesting stuidents and police. The online cutoff has been accompanied by a curfew and reporters say the lack of internet access makes accurate information harder to come by. At least 150 people have been killed in the clashes, with some local media putting the figure much higher.
There’s a growing push to understand internet access as a human right. “Think about all the things it gives you access to: employment, healthcare, education, communication, business and just understanding the world around you. We’ve found that internet shutdowns actually impede humanitarian delivery and prevent the documentation of atrocities,” Rosson says.
India is probably the world leader in using internet shutdowns to quell unrest, but it’s a widespread tactic that’s been deployed in at least 83 countries including Iran, Russia, Algeria, Senegal, Tanzania, Cameroon and Venezuela, according to Access Now.
The big one
In places where the internet connection depends on one fibre-optic cable, it makes for a glaring Achilles heel. After decades of the internet worming its way into every corner of our lives through wires and WiFi connections, you might think there would be more built-in fail-safes to keep the world churning. But largely the opposite is true, according to Casey Oppenheim, chief executive at Disconnect, a cybersecurity company.
“To me this is the real lesson of the CrowdStrike event,” Oppenheim says. CrowdStrike holds a massive market share in its corner of the security business, serving more than half the companies on the Fortune 500 list. “The less diversity you have in any ecosystem, the more vulnerable you become, and there’s zero diversity at the top of the internet supply chain. You can pick any core area of the internet and you’ll find a very short list of companies in control.”
In other words, Oppenheim says, the potential for catastrophic internet failures is yet another consequence of “monopolistic forces” in the tech business. When so much depends on a single company, one wrong move can bring it all tumbling down. “As governments take on antitrust issues, it’s something we may want to think about,” he says.
The most famous internet failure in history is one that didn’t really happen. Twenty-five years ago, the public went into a frenzy over the Y2K Bug. Many predicted that the dawn of the new millennium in the year 2000 would come with a global computer failure. Thanks to short-sighted engineers, many computer programmes relied on calendars that used two digits for the year instead of four. That meant 2000 would be indistinguishable from 1900 on New Year’s Day. Forecasts about the resulting computer crashes were nothing short of apocalyptic, with stories about failing governments, riots in the streets and total societal collapse. The world was just starting to comprehend the power of the tech industry, and for many, the Y2K bug was as terrifying as it was obscure. Some people stocked up on food, water and weapons.
Elevators didn’t stop running, as some building managers were reported to fear. Years of warnings about a collapse of the global financial system were for naught. Prison doors did not fling open and let convicts free, despite some warnings. And unlike the early days of the Covid-19 pandemic, the recommended toilet paper stock piles weren’t necessary. The problems could have been far more severe, though the most dramatic prophecies were always overblown.
CrowdStrike is the closest we’ve come to a full-blown internet shutdown. Even with its unprecedented scale, however, the consequences lasted just a few days. CrowdStrike was a taste of what’s possible. Security experts are still bracing for the big one.