[cj]

FWIW: CSC is a company that other companies hire to act on its behalf.

It's very likely that the company you work for uses CSC as it's registered agent in the State of Delaware for administrative purposes (CSC doesn't really do anything other than exist on paper and file annual forms to satisfy legal and compliance requirements necessary for companies to exist in the US).

I wasn't aware they file DMCA requests on behalf of companies... that seems off brand for them.

(After writing the above) turns out CSC has a Online Brand Protection service. https://www.cscdbs.com/en/brand-protection/ I wouldn't be surprised if:

1) Crowdstrike incident takes down internet

2) Crowdstrike files a claim on their cyber insurance policy which includes coverage for brand protection

3) Crowdstrike (or their insurance company) buys some brand protection service, like the one offered by CSC

4) This guy receives a takedown

When I started writing this comment I was intending to defend CSC. But after googling I think CSC's brand protection services are to blame. Seems to be having the opposite effect for Crowdstrike considering they paid to have their brand "protected" and now this guy's site is getting lots of traffic!

[chatmasta]

It’s ironic that Crowdstrike could be suffering reputational damage due to a failure mode they didn’t realize existed in the services provided by a vendor they hired to protect them from reputational damage.

Maybe this will give them some empathy for their users who bought their services to protect their infrastructure.

[darby_nine]

> It’s ironic that Crowdstrike could be suffering reputational damage due to a failure mode they didn’t realize existed in the services provided by a vendor they hired to protect them from reputational damage.

If you spend enough time around VC's it becomes difficult to imagine how this doesn't happen more often. Many times companies grow too quickly for a clearly seasoned veteran of the market to get a chance to take the wheel. Combine this with "nobody ever got fired for purchasing IBM" and you get a perfect storm for taking out the IT infrastructure for an entire culture—all you need is a majoritarian marketshare and you can take out an entire people.

[not2b]

I think it's going to shift. Airlines in particular are probably going to decide that they can't afford to take another hit like this, and come up with a way to limit the damage if a software update (even from Microsoft) is broken, and come up with a way to test updates before pushing them to all devices.

[VistaNumba1]

Ah, got it. So instead they'll just keep doing what they were already doing for half their systems: Keeping them without updates for decades. Those terminals survived, afterall.

[alephnerd]

> come up with a way to test updates before pushing them to all devices

This is SOP for plenty of purchasers already.

Some orgs just don't have the ability to build processes like that.

[quantified]

I think the leaders of Crowdstrike should be considered clearly seasoned veterans. George Kurtz was high up at McAfee. But maybe Cathleen Anderson is a little new to the chief of legal role.

[Nition]

Okay, well done, it's hilarious how perfectly this works for both the parent comment and the CrowdStrike bug.

[subpub47]

You don't need empathy when you have a captive market. I'm afraid we're about to enter the "lol fuck you, what're you gonna do, leave?" stage of this organization.

[evilduck]

Crowdstrike has several competitors, CarbonBlack, McAfee, Sophos, PaloAlto, etc.

Sure, they're all equal shades of shitty, but that's a different issue.

[sowerssix]

For what it's worth, McAfee is now called Trellix, and they now have what used to be called FireEye in their product line too.

[EvanAnderson]

> Sure, they're all equal shades of shitty, but that's a different issue.

You can choose which digital shotgun is strapped to your organizational forehead.

[jamwil]

I’ll take several different shotguns each strapped to a different limb please.

[paranoidrobot]

I am quite certain that CSC won't proactively send Cease and Desist/takedown notices without first confirming with the customer that they want it done.

Someone at CrowdStike had to say "Yes, send the takedown for this".

I base this on prior experience working at places which used CSC brand protection (among other services)

[account42]

Lol they actually registered clownstrike.com and have it redirect to crowdstrike.com.

https://who.is/whois/clownstrike.com

[nurettin]

Underrated. It almost looks like self-flagellation.

[dheera]

I actually thought CSC was a parody website ... it just seems a bunch of buzzword fluff and no products. Just "solutions" which at other companies is usually code for "we don't actually have anything to sell".

[Dalewyn]

> Seems to be having the opposite effect for Crowdstrike considering they paid to have their brand "protected" and now this guy's site is getting lots of traffic!

Streissand Effect.

[BenjiWiebe]

s/ss/s/

That was fun.

[jjguy]

Based on how well CrowdStrike has managed their response to date, this is a plausible scenario.

[aragonite]

Reminds me of that time when Mike Bloomberg's lawyers preemptively registered 400 .nyc domains for him, apparently without his knowledge, many of which are hilariously negative (MikeIsTooShort.nyc, MikeBloombergIsADweeb.nyc, GetALifeMike.nyc etc.):

https://www.huffpost.com/entry/michael-bloomberg-nyc-domain-...

[defrost]

So, Mike, tell us, your lawyers, what slur cuts the deepest so that we may register it in public to protect you . . .

[bag_boy]

“Okay, 1 down and 399 to go”

[batch12]

I bet that brainstorming session was a blast

[fsckboy]

a trademark claim is not DMCA, copyright only.

and what is shown on the page is Cloudflare boilerplate about DMCA, not Crowdstrike.

if Crowdstrike did use the DMCA form as a way of getting attention, that still serves as "notice" of the trademark infringement which Clownstrike has graciously acknowledged receipt of

[toast0]

> I wasn't aware they file DMCA requests on behalf of companies... that seems off brand for them.

CSC is a well know high value domain registrar. Similar to MarkMonitor. I'm not surprised CSC does brand protection, also similar to MarkMonitor.

When I was at an employer that became a MarkMonitor customer, we didn't have enough domain business to meet the minimum spend, so we started using the Brand Protection "for free". Sometimes they have a hair trigger, we had our own accessory apps taken down occasionally. ¯\_(ツ)_/¯

Previous registrar was NetworkSolutions, lol; they had a customer service agent get phished, and the phishermen set new NS records for several domains, including ours. Major PITA.

[znkynz]

Have used CSC for domain / brand protection. They offer a reputable service in this space, but i must admit, i developed the view that CSC much be a surreal place to work - i just couldn't figure out what/how/why motivates people to their mission. [obv, employee compensation]

[freehorse]

They also apparently own the clownstrike.com domain [0] and this is since 2012, crowdstrike itself exists since 2011, so they must have hired them since close to the beginning. But could be that now they are probed to do damage control after the incident (though as always this tactic tends to disperse more damage than control it).

[0] https://www.whois.com/whois/clownstrike.com

[batch12]

Where they may have messed up is with the use of crowdstrike's branding. I've worked for a company that had a near 100% success rate with taking over domains that used their branding. Not just taking down the site, but taking ownership of the whole domain.

[_heimdall]

Were any of those success for violation of copyright or trademark when used in parody? I don't know if it would hold up, or how long it would even be between a domain registrar handing it over and having a day in court, but there does seem to be a good case for this being a protected use of CrowdStrike's protected branding.

[tyingq]

Untied.com lasted for a a really long time, but did eventually get taken down based on copyright.

https://en.wikipedia.org/wiki/Untied.com

[account42]

That ruling is only relevant if the operator of clownstrike.lol is in Canada. The US in particular has much better protections for parody than most countries.

[batch12]

Yeah, there were a few. I believe they had to demonstrate that there was a risk that a customer could be misled or something.

[account42]

Trademark is about protecting customers not for companies to protect their image.

[Daviey]

Sorry, do you mean morally, by intent/design or legally?