Doesn't CrowdStrike have more important things to do right now than try to take down a parody site?
That's what IT consultant David Senk wondered when CrowdStrike sent a Digital Millennium Copyright Act (DMCA) takedown notice targeting his parody site ClownStrike.
Senk created ClownStrike in the aftermath of the largest IT outage the world has ever seen—which CrowdStrike blamed on a buggy security update that shut down systems and incited prolonged chaos in airports, hospitals, and businesses worldwide.
Although Senk wasn't personally impacted by the outage, he told Ars he is "a proponent of decentralization." He seized the opportunity to mock "CrowdStrike's ability to cause literal billions of dollars of damage" because he viewed this as "collateral from the incredible amount of 'centralization' in the tech industry."
Setting up the parody site at clownstrike.lol on July 24, Senk's site design is simple. It shows the CrowdStrike logo fading into a cartoon clown, with circus music blasting throughout the transition. For the first 48 hours of its existence, the site used an unaltered version of CrowdStrike's Falcon logo, which is used for its cybersecurity platform, but Senk later added a rainbow propeller hat to the falcon's head.
"I put the site up initially just to be silly," Senk told Ars, noting that he's a bit "old-school" and has "always loved parody sites" (like this one).
It was all fun and games, but on July 31, Senk received a DMCA notice from Cloudflare's trust and safety team, which was then hosting the parody site. The notice informed Senk that CSC Digital Brand Services' global anti-fraud team, on behalf of CrowdStrike, was requesting the immediate removal of the CrowdStrike logo from the parody site, or else Senk risked Cloudflare taking down the whole site.
Senk immediately felt the takedown was bogus. His site was obviously parody, which he felt should have made his use of the CrowdStrike logos—altered or not—fair use. He immediately responded to Cloudflare to contest the notice, but Cloudflare did not respond to or even acknowledge receipt of his counter notice. Instead, Cloudflare sent a second email warning Senk of the alleged infringement, but once again, Cloudflare failed to respond to his counter notice.
This left Senk little choice but to relocate his parody site to "somewhere less-susceptible to DMCA takedown requests," Senk told Ars, which ended up being a Hetzner server in Finland.
Currently on the ClownStrike site, when you click a CSC logo altered with a clown wig, you can find Senk venting about "corporate cyberbullies" taking down "content that they disagree with" and calling Cloudflare's counter notice system "hilariously ineffective."
"The DMCA requires service providers to 'act expeditiously to remove or disable access to the infringing material,' yet it gives those same 'service providers' 14 days to restore access in the event of a counternotice!" Senk complained. "The DMCA, like much American legislation, is heavily biased towards corporations instead of the actual living, breathing citizens of the country."
Reached for comment, CrowdStrike confirmed that the takedown notice probably never should have been sent to Senk. His parody site got swept up in CrowdStrike's anti-fraud efforts to stop bad actors attempting to take advantage of the global IT outage by deceptively using CrowdStrike's logo on malicious sites.
“As part of our proactive fraud management activities, CrowdStrike’s anti-fraud partners have issued more than 500 takedown notices in the last two weeks to help prevent bad actors from exploiting current events," CrowdStrike's statement said. "These actions are taken to help protect customers and the industry from phishing sites and malicious activity. While parody sites are not the intended target of these efforts, it’s possible for such sites to be inadvertently impacted. We will review the process and, where appropriate, evolve ongoing anti-fraud activities.”