After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude

On Wednesday morning, thousands of cybersecurity professionals swarmed the halls of the Mandalay Bay Convention Center in Las Vegas, the epicenter of the annual Black Hat cybersecurity conference, where dozens of companies were advertising their wares. 

In the first row and with one of the biggest booths stood CrowdStrike, a company that has recently become a household name — but not because of its prowess in stopping malicious hackers.

On July 19, CrowdStrike pushed a faulty software update that crashed at least 8.5 million computers all over the world, causing flight delays, disrupting hospitals’ operations — including some surgeries — and hamstringing several U.S. government agencies, among many other organizations that had to manually reboot computers and servers to get back to normal. 

Since then, CrowdStrike has been sharing updates on its own investigation of the outage. The company also offered $10 Uber Eats gift cards to partners, some of which had to spend hours to recover from the incident, as a way to send its “heartfelt thanks and apologies for the inconvenience.” 

Several people who received the voucher — some of whom felt the gift was tone-deaf — could not cash in the gift card before Uber flagged it as fraud, “because of high usage rates,” according to a CrowdStrike spokesperson.

Less than three weeks later, some CrowdStrike employees had the tough job of pitching the company’s products at its conference booth. As soon as the doors opened, dozens of attendees started lining up. They were not all there to ask tough questions, but to pick up T-shirts and action figures made by the company to represent some of the nation-state and cybercriminal groups it tracks, such as Scattered Spider, an extortion racket allegedly behind last year’s MGM Resorts and Okta cyberattacks; and Aquatic Panda, a China-linked espionage group. 

“We’re here to give you free stuff,” a CrowdStrike employee told people gathered around a big screen where employees would later give demos.

A conference attendee looked visibly surprised. “I just thought it would be dead, honestly. I thought it would be slower over there. But obviously, people are still fans, right?”

For CrowdStrike at Black Hat, there was an element of business as usual, despite its global IT outage that caused widespread disruption and delays for days — and even weeks for some customers. The conference came at the same time as CrowdStrike released its root cause analysis that explained what happened the day of the outage. In short, CrowdStrike conceded that it messed up but said it’s taken steps to prevent the same incident happening again. And some cybersecurity professionals attending Black Hat appeared ready to give the company a second chance.

On the action figures’ boxes stacked at the company’s booth, which were getting restocked constantly, CrowdStrike wrapped a message addressing the outage. “Adversaries aren’t stopping. Neither are we,” the message read. “Resilience starts with us. Our focus remains with you.” 

The company projected the same message onto a large screen in the hallway that leads from the Mandalay Bay casino to the convention center. 

CrowdStrike’s senior director of corporate communications, Kevin Benacci, told TechCrunch that “the message shares our gratitude and appreciation for the Black Hat community, as well as the support we have received post incident.”

Benacci added that the company had “technical team members in the booth addressing the incident.” 

When TechCrunch visited the booth on Thursday, we saw several sales engineers showing demos of the product, but also CrowdStrike’s vice president of global solutions architecture Chris Kachigian, who has a technical role within the company.  

CrowdStrike’s CEO George Kurtz was also at the Black Hat Innovators & Investors Summit — an event within the conference that requires a separate payment, which means it’s not open to all attendees. Kurtz appeared on a panel, according to the company, as well as posts by two conference attendees.

To gauge how front-line defenders in the cybersecurity industry reacted to the massive outage, TechCrunch spoke to more than a dozen conference attendees who visited the CrowdStrike booth. More than half of attendees we spoke with expressed a positive view of the company following the outage. 

“Does it lower my opinion of their ability to be a leading-edge security company? I don’t think so,” said a U.S. government employee, who said he uses CrowdStrike every day. The employee asked to remain anonymous as he was not authorized to speak to the press.

Brian Wilson, another U.S. government employee who also said he uses CrowdStrike as part of his job, said that he will continue to use the company’s products and that he hasn’t lost faith in the company. 

A security engineer who identified only as Eric L. told TechCrunch that part of his company was affected by the outage, but it was able to recover within 24 hours. “CrowdStrike was really good at providing remediation guidance and doing everything they could to kind of make things right,” he said, adding that his opinion of CrowdStrike has not changed and he is “absolutely not” thinking about switching to a different provider. 

“They are best in class; they are top of the game,” he said.

Others did not feel the same way.

Seth Faeder, an engineer at ClearChoice Dental Implants Centers, said his company wasn’t impacted because it uses Sophos, a CrowdStrike competitor. But his parent company, he said, does use CrowdStrike, so he and his team had to help get the affected workstations back online, which “was not a lot of fun.”

“It’s definitely given me more of a negative outlook on the company, for sure,” Faeder told TechCrunch. “We actually wound up telling [his colleagues] that they might want to actually look into Sophos after that.”

A cybersecurity professional, who asked to remain anonymous because he is not allowed to speak to the press, told TechCrunch that his company is a CrowdStrike customer and was affected by the outage. 

“We do have to look into alternatives, because we need a backup plan,” he told TechCrunch. “We cannot have this issue, but moving away completely from them, I’m not completely sure it’s possible, to be honest, because they are still a leading figure in the industry.”

Ebenezer Chunduru, a security analyst at CapMetro, a company that said it was affected by the outage, told TechCrunch that the incident was eye-opening about the fragility of cybersecurity tools. 

“Can we trust any tools right now?” he said. “We should not depend on a tool. But at the same time, they are doing a pretty good job.”

Ever since the global outage, cybersecurity professionals — who are always happy to crack a joke — have flooded the internet with a seemingly endless stream of CrowdStrike-themed memes. 

The fun crossed over into real life in Las Vegas. A conference attendee showed up at a Black Hat speakers-only event on Tuesday with a T-shirt that said “Crowdstruck” on it. Another attendee gave TechCrunch a sticker that poked fun at CrowdStrike Falcon, the company’s marquee product, replacing its logo with a cartoonish fowl and the fake company name “Fowlstrike.” A researcher who is attending Def Con, a hacking conference that follows Black Hat, made fake CrowdStrike-themed Uber Eats gift cards.

After two days at Black Hat, it’s hard to tell whether the outage has hurt CrowdStrike’s reputation. Perhaps, even, it’s the other way around. A few hours before the end of the conference, a CrowdStrike employee told TechCrunch that the company had printed more than 1,500 T-shirts in two days. Last year, conference organizers said almost 20,000 people were in attendance.

When asked how many action figures they had given out, another employee shook her head and just said, “I have no idea.”