Update:
Crowdstrike came out and released a technical report confirming my analysis. They were reading in a bad data file and attempting to access invalid memory.
This global crash was a two-part bomb. The detonator apparently, was NOT new.. it was PRE-INSTALLED.
/1
Contrary to initial suspicions, Crowd Strike did NOT push out a faulty driver, the faulty driver ALREADY existed on Mac, Linux AND Windows, likely for months or years.
Sitting there like a ticking time bomb.
/2
This bug was a two-part series.
All it needed was bad data in order to detonate it.
The recent data update, delivered that payload.
/3
Deploying new data files to computers is generally thought to be safe. Data doesn't contain executable instructions for the CPU, after all.
Therefore it doesn't go through the same code review process as new executable code.
In effect, this proved to be the perfect backdoor
/4
When there is a ticking time bomb that's been PRE-INSTALLED on computers, then all it needs is just the right data to activate it.
/5
And unfortunately, this is exactly what happened.
This data update, because of it's assumed low-security implications, was allowed to be raw dogged into every Windows box running Crowd Strike, without consent, and without notification.
/6
And btw, this same ticking time bomb apparently exists in Linux AND MacOS. They just weren't targets of this data update, so they didn't crash. If a similar push had been to Linux, we would have seen a global catastrophe.
/7
Originally, I thought this was simply programmer error. But now, I'm not so sure. My experience seeing corruption at Google showed me that obvious bugs were allowed to exist, with apparent insiders who were aware and exploiting them for their own agenda.
/8
For example, Jordan Peterson got his entire Gmail/Youtube account wiped because some insider knew they could create nearly the same email address as him and start sending spam, knowing that his account would be wiped out by the AI, despite his account being over a decade old.
/9
Is something similar going on here with Crowdstrike?
Some insider with the knowledge that this nuke existed on every Windows/MacOS/Linux box with their software, only needing the proper data-detonator to act as the trigger?
/10
And why wasn't this software bug caught by automated checking at Microsoft? This code is reading data, interpreting that as valid memory locations, and attempting to read it.
HELLO?
/11
@Microsoft, are you aware that tools have existed for DECADES that are designed to find these simple access violations and flag them?
@Microsoft have you NEVER bothered to run these tools on Crowd Strikes system drivers?
/12
This is really bizarre. And the recent facts raise a LOT more questions about why this ticking time bomb has existed on mission critical devices for months or years.
/END
It get's worse, Microsoft granted Crowd Strike's ticking time bomb with "boot-start" privileges, normally reserved for Microsoft drivers.
A boot start driver MUST be installed in order to start the Windows Operating system.
Source: Dave’s Garage. Microsoft developer Gray Beard
These are the bad data files. Notice they are named like system drivers but they are actually data files. To fix a system you need to boot into safe mode, bypassing the boot-start drivers, and then delete these data files.
This will remove part B of this two part blue-screen-of-death detonator. The proverbial explosive device, crowd strikes boot-start drivers, have special privileges that prevent their removal.
…And must remain in the system in order for the system to boot properly.
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.