In an alarming series of tweets, cybersecurity expert Ehden Biber has raised serious concerns about the recent global IT outage caused by a Crowdstrike update.
Biber, who gained prominence through the #PfizerLeak, brings his extensive experience in information security to bear on this issue, asserting that the outage was no mere accident.
Biber is well-known in cybersecurity circles, particularly for his work with Pfizer-related leaks. However, his professional background is rooted in information security and cybersecurity, with notable roles such as Head of Information Security at Metro Bank (UK) and working in the Information Security Office for Merck/MSD across Europe, the Middle East, and Africa. His insights into the recent outage are based on years of hands-on experience in the field.
The Incident
A significant number of systems worldwide crashed after an update from Crowdstrike, a cybersecurity company, was deployed. This update led to the infamous Blue Screen of Death (BSoD) on many computers. Biber explains that while most software runs in a restrictive mode to limit access to system resources, certain types, like drivers and antimalware, operate in a highly unrestricted or privileged mode. This mode allows them to interact directly with hardware and other software but also makes them susceptible to causing system crashes if not correctly coded.
DevOps and SecOps Explained
To understand how such an incident could occur, Biber delves into the practices of DevOps and SecOps. DevOps combines software development (Dev) and IT operations (Ops) to streamline and accelerate the software development lifecycle through automation. SecOps integrates security practices into IT operations to ensure continuous protection against evolving threats.
In a modern DevOps/SecOps environment, updates are submitted and automatically tested across multiple systems to ensure they do not cause failures. After passing these tests, updates are cryptographically signed to guarantee their authenticity and prevent tampering.
The Anomaly with Crowdstrike’s Update
Biber emphasises that there is no way the faulty Crowdstrike update could have passed the rigorous quality assurance tests typically required in the software development process. The update’s ability to crash so many systems suggests that either the tests were bypassed, or the update was intentionally designed to cause such damage.
Speculation and Possible Motives
Biber said that the outage may have been orchestrated to cause widespread data loss. When computer systems crash, they often need to be restored from backups, potentially leading to the loss of recent data. This scenario could be advantageous to individuals or groups wishing to erase evidence of their activities. Biber hints at recent significant events, including the attempted assassination on Donald Trump, that might provide a motive for such a drastic action, suggesting that criminals with something to hide could be behind the outage.
The idea that Crowdstrike, a reputable cybersecurity company, could make such a significant error by accident is implausible, according to Biber. He concludes that the outage was likely a deliberate act to erase data and cover up criminal activities, urging the public to consider the broader implications of such an unprecedented event.
THE GLOBAL IT OUTAGE YOU WITNESSED WAS NOT AN ACCIDENT!
IMPORTANT! The purpose of this thread is to explain non-IT and to non information/cyber security professionals why I believe the outage you are seeing around the world due to the update from #Crowdstrike is not an accident.— Ehden (#PfizerLeak/#MonkeyBusiness/#COptiGate) 🌟 (@eh_den) July 20, 2024
Image credit: Towfiqu Barbhuiya
Say no more
This is why OS’s like Linux, that firstly, do not operate for most users at administrator level, are gaining popularity. The fact too, that they are open source, means multiple layers of dev’s are scrutinising code, so slipping something past them in an update, becomes incredibly hard. A uni, for example, tried it on once and was quickly caught out and banned.
Open source is the future, if you want real security.
Yes, agree with you on open source. But I do know that Microsoft runs some of its military applications on Linux platforms. How I know is another matter. Of interest also, the majority of compromised sites were essentially domestic and business. Perhaps this may have been a test for things to come.
WEEKEND UPDATE: July 20th, 2024 – Crowdstrike IT apocalypse explained + expanded analysis of Trump shooting
https://www.brighteon.com/ab1d0c34-9da7-4cf4-8da5-eb364d486aae
There are many differing opinions out there about the CrowdStrike outage:
(1) It was deliberately done by “black hats” in order to erase incriminating evidence, for example, of an assassination attempt: Everything after the last backup would be erased when the backups are used to restore the system and data would be lost.
(2) It was deliberately done by “white hats” in order to “fix” the voting machines so that this time around in the US they really show how the people vote, and not like 2020.
(3) It was caused because of lack of testing where no in-house testing, limited regional testing and no full regional testing was performed before global deployment.
Of course, all the above are not necessarily mutually exclusive. The US federal government “strong arms” companies to use CrowdStrike by threatening them with large audits if they do not. Payments, ATMs and travel systems all use it. I believe that the US voting machines (perhaps others) also use it. It was CrowdStrike that told the DNC that their data was stolen by Russia which has since proved to be false.
So, how about this as a conspiracy theory …
CrowdStrike used the appearance of incompetence (3) in order to do (1). The “white hats” knew what was going on which gave them an “in” to do (2) and gather data from (1).
I’m going to put on my tin foil hat now.
It all falls into place when one finds that the Clintons were the ones that handed CrowdStrike
The contract. A kill switch test for sure.
Funny, but i am thinking banking. How to block people to get access to their bank accounts, crypto etc.
A try out for things to come
On a less conspiratorial note, could’ve kicked America’s adversaries out of the system.