Claude AI: Why are there so many internet outages?

This week, AI chatbot Claude went down, leaving users unable to access the service through its manufacturer Anthropic’s website, but hardly a week goes by without a similar incident at a tech giant, government site or hospital. What is the reason for this apparent increase in problems?

One of the main vulnerabilities of the modern internet is the move to cloud computing, which means that a huge variety of websites and services are now dependent on just a handful of companies, such as Amazon and Microsoft. In the early days of the commercial internet in the 1990s, companies ran their own hardware and software, a bit like individual shops on a high street. If one of these companies had a problem, the store would close, but the rest would be unaffected.

These days, companies are far more likely to host all their operations in the cloud, which is like the street’s road, sewer system and electrical grid all rolled into one. If it goes down, all the stores are out of business and we all hear about it.

Sometimes these problems can be caused by simple human error. Nothing highlights the danger of this type of event better than the 2024 blackout when the cyber security firm CrowdStrike released a software configuration file that took down millions of Windows computers worldwide, knocking airlines, banks, TV companies and alarm centers offline.

Joseph Jarnecki of the Royal United Services Institute, a British defense think tank, says that if a blackout is large and its effects widespread, it is unlikely to be deliberate. Ransomware criminals, who break into systems and lock data before demanding payment, know better than to fight big tech companies full of experts – they go after smaller prey.

Tim Stevens of King’s College London says ransomware attacks are increasingly targeting small local authorities and infrastructure. Their business model is to break in, unlock something people depend on and demand a ransom, so what better to target than a city’s water supply, power grid or local government?

In the UK we have seen just that, with ransomware attacks against Hackney Council, Gloucester City Council and Leicester City Council, as well as the NHS and water providers. Stevens says that for as long as we’ve had computers, there’s been a cat-and-mouse game between hackers and security experts. Unfortunately, at the moment, the hackers are ahead. “I’ve heard, in the last year or so, more than normal from the profession saying we’re losing. Not just that we’re behind, but we’re actually losing.”

State-sponsored hackers from countries like Russia and China are unlikely to take down an entire cloud provider. “They definitely target them, but not to destroy and disrupt,” says Jarnecki. “They are incredibly highly targeted.”

An example of this would be the 2023 attack on Microsoft-run US government email accounts, which were hacked by what Microsoft said was a China-affiliated group. The wider service was largely unaffected, but spies gained access to a treasure trove of US secrets.

Sarah Kreps at Cornell University in New York says that targeted cyber attacks are also being used by nations in what is now called the gray zone – a state of tension that is not quite peace and not quite war, but is a carefully considered and measured battle that stops short of causing all-out conflict.

“This is a form of economic sanction in a way, because so much of our GDP, our economic well-being, depends on the internet. If you can take that down, you weaken your adversaries’ ability to generate wealth. And the ability to generate wealth is how you develop the resources to fund a war, to fund allies in a war,” she says.

Kreps points out that Russia and China are not the only ones doing this. While we occasionally hear about Western cyberwarfare – GCHQ and MI6 have famously hacked into computers belonging to al-Qaeda and changed a recipe for bombs to one for cupcakes – it happens regularly, but is highly classified and done behind closed doors.

“My understanding, based on interactions with the US intelligence community, is that it is happening,” Kreps says. “You have an incentive to erode the strength of an adversary. There’s a good motive behind (attacking) Russia for their involvement in Ukraine, and there’s a good motive for trying to erode China’s capabilities when they become a peer competitor.”

Stevens says Western countries are limited in the scope and target of their cyberattacks because, unlike some nations, they are bound by a strong rule of law. “I have absolutely no doubt that our intelligence agencies and our security services in general are conducting cyber operations against Russian assets,” Stevens says. “But it’s hard work and there’s always lawyers in the room and we’re kind of limited. I think there’s a lot of frustration with that.”

While Claude is back at it now, Anthropic did not respond to questions from New scientist about the cause of the power outage.