Cybersecurity Breach Tier List 2024

00:00

inspired by the recent events in the

00:02

cyber security space that caused

00:04

absolute pandemonium a giant monster is

00:07

attacking bikini botom major shutdowns

00:11

globally in what might arguably be

00:13

considered the biggest cyber security

00:15

incident in all of history and I want to

00:18

take a look at the biggest cyber

00:19

security incidents SL breaches SL big

00:22

boo boos to have occurred since the

00:25

birth of the internet and the rapidly

00:27

growing technology that we've seen so

00:28

I've done some majorly salty late night

00:30

research all to answer the question

00:32

looming in all of our minds was the

00:34

crowd strike incident really all that

00:36

bad well let's compare and contrast the

00:38

[ __ ] out of it using The Mad Hat metrics

00:41

of course that I brewed together in The

00:42

Mad Hat Labs just for this video impact

00:45

how widespread were the effects of the

00:47

incident who was affected and for how

00:49

long total losses you know money

00:52

estimated obviously and the difficulty

00:54

of the incident how complicated was it

00:56

are we talking about an expensive ass

00:58

zero day exploit carried out by a nation

01:00

State actor or was it just someone too

01:03

stupid to have realized what they gone

01:05

done did before it was too late or my

01:07

favorite was it just some kid bored on a

01:10

Tuesday afternoon in the UK a big like

01:14

game I suppose it was see who would who

01:16

who could be better a multi-billion

01:19

dollar you know agency or a 14y sitting

01:22

in his bedroom doing as they saying

01:24

around and finding out but for the sake

01:26

of all of our sanity I'm going to limit

01:28

this tier list to the major 10 incidents

01:31

breaches of all time and that should be

01:33

enough to compare and place all of these

01:35

incidents on the tier list of

01:38

imp ranking them from fail to so bad

01:41

that it's just plain stupid let's begin

01:44

on September 8th 2018 Marriott received

01:48

an alert from an internal security tool

01:50

regarding an attempt to access the

01:53

Starwood guest reservation database in

01:56

the US which flagged on an unusual

01:58

database query upon investigating the

02:00

alert they come to find out there had

02:02

been unauthorized access to the Starwood

02:05

Network since 2014 the breach impacted

02:08

an estimated 500 to 600 million accounts

02:12

with an estimated 300 million containing

02:15

name mailing address phone number email

02:18

address passport number Starwood

02:20

Preferred Guest SG account information

02:23

date of birth gender arrival and

02:25

departure information reservation date

02:28

and communication preferences that's a

02:30

lot of data some even included payment

02:32

card information card number and

02:34

expiration but don't worry folks it was

02:37

encrypted using the unbreakable AES 128

02:40

encryption algorithm which has never

02:42

been broken into before oh they had the

02:45

encryption Keys too patience ising is

02:50

[Music]

02:52

theing okay so lots of people were

02:54

affected globally all and I mean all of

02:56

their data which was readily available

02:58

in clear text but how did they they do

03:00

it now Marriott has not made any of that

03:02

publicly available information so we

03:04

don't know exactly what happened but we

03:07

do know that Starwood had been

03:08

compromised since 2014 back before

03:11

Marriott acquired it in 2016 and it took

03:14

an additional 2 years for Marriott to

03:18

detect any malicious

03:22

activity now I'm not sure about that one

03:24

I don't know if that checks out because

03:27

Marriott was not equipped to handle the

03:29

reservations it had just acquired so in

03:31

true company merger fashion they left

03:33

this largely unsecured database continue

03:36

operating which was confirmed later to

03:38

contain a remote access Trojan a rat and

03:41

MIM cats a tool for sniffing outs

03:44

username password combos in system

03:46

memory we can only guess that this is

03:48

what allowed the malicious Bad actors to

03:50

gain admin privileges and query the

03:52

database and as of today we still don't

03:54

know who actually did it but government

03:56

sources speculates that it was in fact

03:59

nation state actors part of a broader

04:01

Chinese effort to gain information on

04:03

American government employees and

04:05

Intelligence Officers their reasoning

04:07

the code and attack patterns matched up

04:09

with techniques employed by state

04:11

sponsored Chinese hackers when in doubt

04:13

blame nation state actors the overall

04:15

difficulty here was low as it was rooted

04:17

in what I like to call security comes

04:20

last and the Legacy system was unsecured

04:22

long enough to allow for a breach now

04:24

there are currently class action

04:25

lawsuits against the company which are

04:27

still ongoing it seems my dog stepped on

04:29

a be total estimated losses and fines

04:32

combined from what I can tell are

04:34

roughly 150 million but supposedly could

04:36

reach as high as $ 12.5 billion after

04:40

the class action lawsuit with Marriott's

04:42

net market cap of 62.4 n billion that's

04:45

a significant hit but we'll see if we

04:47

actually get anywhere near that after

04:49

the class action lawsuit completes

04:51

catastrophic the total impact was very

04:53

high however the losses for the company

04:55

are basically nothing which is

04:57

ridiculous look at their stock I think

05:00

it's safe to say their reputation is

05:01

unaffected and the hack was probably as

05:03

easy as sending a fishing email probably

05:05

and poking around undetected for 4 years

05:07

the hacker had time to graduate college

05:09

before they found

05:11

them in October of 2013 Adobe received

05:15

an alert that the hard drive for one of

05:17

its application servers was nearing

05:19

capacity further investigation

05:21

discovered that one or more unauthorized

05:23

Intruders had compromised a public

05:25

facing web server and used it to access

05:28

other servers on adobe's network

05:30

including areas where Adobe stored

05:32

consumer data okay okay exploiting a

05:35

public facing server that's difficult

05:37

right now Adobe being a leading software

05:39

company known for products like

05:41

Photoshop and Adobe Acrobat Reader the

05:43

thing I had to troubleshoot a stupid

05:45

amount of times to complete Dunces who

05:47

didn't know how to click the signin

05:49

button hey how about you smash right

05:53

there smash right there come on smash

05:58

smash yes they immediately announced a

06:01

massive security breach the breach

06:04

impacted 153 million Adobe accounts not

06:08

as much as Maria the data exposed in the

06:10

breach included user IDs encrypted

06:12

passwords names email addresses and of

06:15

course credit card info so how did it

06:17

happen well this is somewhat unclear

06:19

with the information available the

06:21

attackers reportedly gained access by

06:23

targeting a backup server which was due

06:25

to be decommissioned sure due to be

06:29

decom missioned huh that's company speak

06:31

for we'll replace it when it becomes a

06:33

problem good afternoon Bob I was

06:35

wondering if I could have $500,000 to

06:37

upgrade our call Center

06:44

Technology you

06:47

serious and the server only had

06:49

customers passwords and credit card

06:50

information encrypted but of course the

06:53

report said Adobe had used a single

06:55

block Cipher through the database

06:58

resulting in identical p passwords

07:00

having the same Cipher text in the

07:02

database which became a bigger issue

07:04

when the password hints not encrypted

07:06

were the literal password or obvious

07:09

enough to guess the password hints have

07:10

since been removed which is probably for

07:13

the best how do they gain access to the

07:14

server you might ask H Doby didn't say

07:17

of course but the most likely cause of

07:19

the breach was the vulnerability in the

07:21

cold fusion servers being deployed by

07:24

Adobe and hackers abusing that to

07:26

remotely control web servers running the

07:28

software a vulnerability ability by the

07:30

way that adobe knew about that

07:32

supposedly pushed an update but

07:34

conveniently these servers had not

07:36

gotten that update shocking or you know

07:38

it could have been a spear fishing

07:40

campaign equally as likely get a really

07:42

catchy subject line something like hey

07:46

I'm probably going to open that up with

07:47

roughly $1.1 million in attorney fees

07:51

and undisclosed sums of money to

07:52

affected users and having its stock

07:54

value unaffected this is sadly ranked as

07:57

just a fail on adobe's part and the sad

08:00

history of breaches but they did respond

08:02

relatively quickly to the breach with

08:03

roughly a couple months spanning in

08:05

between when hackers were first

08:06

confirmed to have access to when they

08:08

finally detected them in actioned on and

08:10

announced to the public about the breach

08:12

not an epic failure by any means but

08:15

still they a failure now we still don't

08:17

know who gondon did it but security

08:19

researchers are guessing that the

08:20

attackers were somewhere in Eastern

08:21

Europe or Russia based on the language

08:23

and location of some of the underground

08:25

forums where the stolen data was traded

08:27

I can smell the failure January 2010

08:31

inspectors visiting natan's uranium

08:33

enrichment plant in Iran noticed that

08:36

centrifuges using two enrich uranium gas

08:38

were failing and they were failing fast

08:41

replacing the centrifuges did not fix

08:43

the issue as there was something more

08:45

Sinister at play 5 months later some it

08:49

nerds finally found the culprit after

08:50

troubleshooting computers that had been

08:52

randomly crashing and rebooting they

08:55

discovered the world's first digital

08:57

weapon infamously known as stucks net a

09:00

worm specifically designed to disrupt

09:03

Iran's nuclear program now obviously the

09:05

impact here was to Iran's ska system but

09:08

by Nature a worm tries to infect

09:10

everything and anything around it so

09:12

that's what it did traces of this worm

09:14

can be seen globally but the only real

09:17

impact was to what the worm was intended

09:19

to do and hardcoded to actually attack

09:22

Seamans step seven software a

09:25

windows-based software used to program

09:27

industrial control systems that operate

09:29

specific equipment in Iran's case

09:31

specifically the operation of the

09:32

centrifuges now monetary loss is kind of

09:34

hard to gauge here since Iran didn't

09:36

release numbers as far as I could find

09:38

but if we lowball the estimate costs of

09:40

repairs about 1,000 replaced centrifuges

09:43

it's probably $50 million or more now

09:45

how did stuck net infiltrate Iran's

09:47

airgap systems originally it was thought

09:49

to have been delivered via a USB stick

09:51

that someone just tossed and hoped it

09:53

would get plugged in

09:59

but new information has surfaced January

10:02

of this year that stuck net was instead

10:04

loaded into a water pump near the

10:06

Iranian Nan's nuclear facility simple

10:09

yet effective and with reports stating

10:11

that this worm cost upwards of a billion

10:14

dollars to create this was one

10:15

sophisticated and expensive Cyber attack

10:18

to carry out this was no script Kitty

10:20

and no one's taking the WAP for this but

10:21

a lot of places are pointing fingers at

10:23

the US and Israel for doing it now if

10:25

the worm targeted more than plc's this

10:28

would have been a apocalyptic but

10:30

because the impact was relatively low

10:32

and contained within Iran's nuclear

10:34

facility got to drop it down a notch to

10:36

blighting which is fitting for a worm as

10:39

it did in fact spread quite like a

10:46

blight on April 4th 2011 the activist

10:49

group Anonymous launched a targeted

10:51

distributed denial of service attack on

10:53

Sony's Playstation network in

10:56

retaliation for Sony's legal actions

10:58

against hack known as geohot and graph

11:01

cholo Cho the attack by Anonymous

11:03

disrupted the PlayStation Network for 3

11:05

days before they suspended it realizing

11:07

that it was negatively impacting

11:09

consumers which is not who they were

11:11

targeting Sony experienced additional

11:12

issues on April 19th when the

11:14

PlayStation Network went down again

11:16

revealing a significant security breach

11:19

affecting 77 million users Sony said in

11:23

illegal and unauthorized person quote

11:25

unquote got access to people's names

11:28

addresses email addresses birth dates

11:30

usernames passwords logins security

11:33

questions and probably credit card info

11:35

now the company did say it saw no

11:36

evidence that credit cards were stolen

11:38

but it did add out of an abundance of

11:40

caution we are advising you that your

11:42

credit card number excluding security

11:44

code and expiration date may have been

11:47

obtained right sounds like you just

11:49

don't want to say that it was taken now

11:51

the exact methods and tools used by the

11:53

hackers is still unknown with no

11:55

specific Mal mentioned anywhere but

11:57

Sony's Chief Information officer CIO

12:00

this dude believed that the application

12:01

server was the weakest link with the Le

12:04

hacker able to exploit vulnerabilities

12:06

on it sounds complicated but from the

12:07

sounds of it the application server was

12:09

poorly secured and the database as well

12:11

as far as I can tell with reports

12:13

stating the hack was performed via very

12:16

simple single SQL injection methods by a

12:19

hacker group named L SEC o you hate to

12:22

see that but I'm not surprised packs are

12:24

rarely sophisticated it seems and sonyy

12:26

stated that the outage costs roughly 171

12:30

million peanuts to Sony really and while

12:32

we can see a small drop in their stock

12:34

price after the breach it has since

12:36

rebounded and rebuilt its reputation and

12:38

considering this was done from some

12:40

random hacker group who appeared to have

12:42

just been bored and Sony was just

12:43

coincidentally their target that they

12:45

used as their playground for fun and the

12:47

relatively low costes to the company and

12:50

total users impacted sad that 77 million

12:52

users is low but here we are this is our

12:55

life now I'd rank it as disastrous since

12:58

it was far more impact F in adobe's

12:59

breach in March 2017 personal

13:02

identifying data of hundreds of millions

13:05

of people were stolen from Equifax one

13:07

of the credit reporting agencies that

13:10

assessed the Financial Health of nearly

13:12

everyone in the United States and

13:14

shortly after on September 7th 2017

13:17

Equifax announced that someone had

13:19

breached the data of

13:21

approximately 143 million us consumers

13:25

the hackers did not access the data from

13:27

equifax's core Consumer Credit credit

13:29

reporting databases but from the

13:31

company's Us online dispute portal web

13:34

application I guess that's not as bad

13:36

then oh [ __ ] that's 40% of Americans oh

13:39

[ __ ] the data included names Social

13:40

Security numbers birth dates addresses

13:43

and driver's license numbers you know

13:45

everything that you would need to know

13:46

to open up a new credit line identity

13:48

theft is not a joke Jim millions of

13:50

families suffer every year nice I've

13:53

always said at this point if someone

13:55

wants that information on you and they

13:56

give a [ __ ] enough to look for it

13:58

they're going to find online somewhere

13:59

the attackers were active with equifax's

14:02

networks for 76 days without being

14:06

discovered bruh the breach was caused by

14:08

a severe security vulnerability and

14:10

apatchy struts that allowed the

14:12

attackers to exploit unpatched systems

14:14

and unsurprisingly enough they had a

14:16

patch released on March 7th and Equifax

14:19

was instructed to apply it following a

14:21

penetration test but the patch was never

14:23

implemented by the IT team come on what

14:25

the having worked in security for a

14:27

minute now I'm sensing a pattern and

14:29

patching policies getting told to update

14:31

not updating and this goes on endlessly

14:33

so some hacker discovered the unpatched

14:36

version of Apache strut software running

14:38

on a server in equifax's DMZ an internet

14:42

facing server and went to town using

14:44

what is considered to be beginner or

14:47

novice level hacking why did it take so

14:49

long to detect the exfiltration well

14:51

equifax's failure to renew a crucial

14:54

public key certificate meant that their

14:56

data exfiltration detection tools were

14:59

unable to inspect encrypted traffic

15:01

allowing the hackers to operate

15:03

undetected now Equifax has since agreed

15:05

to a settlement that will cost them

15:07

$1.38 billion and that's not including

15:11

the over $1 billion they've already

15:13

spent upgrading their security holy look

15:16

at all this damage which isn't really a

15:18

cost induced by the breach or created by

15:20

it really but something that they should

15:22

have spent before to secure their sh and

15:24

ultimately the US government blamed

15:26

Chinese military backed hackers and

15:29

charge them in 2020 you just can't make

15:31

this up these little bits of update

15:33

security policies get overlooked and all

15:35

of a sudden you have an apocalyptic

15:38

breach definitely one for the record

15:39

books for overall impact for such little

15:42

hacking knowledge needed in December of

15:44

2013 credit card numbers of almost 40

15:48

million customers were stolen from a

15:50

retail giant known as Target which led

15:52

into another announcement in January

15:54

2014 where Target announced that

15:57

personal identifiable information Pi

15:59

data in the form of names phone numbers

16:01

addresses email addresses of up to 70

16:05

million customers were stolen as well

16:07

how'd that happen well in early 2013

16:10

attackers conducted extensive

16:12

reconnaissance On Target and its vendors

16:14

uncovering details about Target's

16:16

technical infrastructure through a

16:18

Microsoft case study they exploited

16:20

vulnerabilities in third-party vendor

16:22

Fazio mechanical some HVAC company using

16:25

a fishing attack to install Citadel

16:27

malor and gain access to targets Network

16:29

on November 12th 20133 now the company

16:32

could have prevented this if they had

16:33

realtime detection but instead they were

16:35

using a free version of malware bites oh

16:38

my God the attacker is used an

16:41

administrative account to navigate to

16:42

Target's Network eventually finding an

16:44

exploiting a vulnerability in a Windows

16:46

domain controller to access the point of

16:49

sale systems by November 30th a custom

16:51

black point of sale malware was

16:53

installed on most point of sale systems

16:56

and funny enough this malware is

16:57

available for sale in the online black

16:59

market for roughly $2,000 just goes to

17:02

show you you don't need to know how to

17:04

write malware or hack like a pro just a

17:06

little money on the black market and

17:08

basic hacking can get you into pretty

17:09

much anywhere these days or at least

17:11

back then the saddest bit of all that

17:12

despite major alerts firing off in

17:15

Target's environment their intrusion

17:17

detection system and detection of

17:18

malicious behavior by their semantic

17:21

antivirus no action was taken by the

17:23

security team what the hackers even

17:25

managed to update the Mal a few times

17:27

which fired off even more alert and on

17:29

December 2nd hackers exfiltrated data to

17:32

servers in Eastern

17:35

Europe with another security tool called

17:38

fireye detecting the breach and

17:39

notifying staff in India who then

17:42

relayed the alerts to the staff in the

17:44

US who did nothing again the deed was

17:47

done with stolen credit card information

17:49

sold on the black market these people

17:51

were literally kicking back casually

17:52

breaking and messing around and copy

17:54

posting data overseas now this is an

17:57

interesting case because it involves a

17:58

third-party vendor breach and failure

18:01

combined with some major no shits given

18:03

to the alerts that triggered in targets

18:05

network with an estimated 200 million

18:07

and Target stock doing just fine it's

18:10

almost as if customers didn't care about

18:11

this breach they just kept on going with

18:13

their tar trips and sipping on their

18:15

Starbucks waps not a care in the world

18:17

now I'd say given the sophistication of

18:19

the attack all the Recon involved and

18:21

exploitation of technical

18:22

vulnerabilities paired with evading

18:24

their detection

18:27

systems sort of this was pretty

18:29

catastrophic if there was more data

18:31

available to the hackers I'm sure they

18:32

would have taken it luckily they were

18:34

limited to what Target had otherwise

18:36

we'd be looking at an apocalyptic breach

18:38

on May 12th 2017 a worm spread to more

18:41

than 200,000 computers in over 150

18:45

countries stuck net 2.0 nah this was

18:47

none other than the one a cry ransomware

18:50

affecting companies like FedEx Honda

18:52

Nissan and the UK's National Health

18:54

Service the NHS ambulances were having

18:56

to be rerouted absolute Pandemonium the

18:59

one a cry attack occurred in the span of

19:02

4 days but it left people with a lot of

19:04

work on their hands while infected

19:05

systems in over 150 countries resulted

19:08

in roughly $100,000 payout for the

19:10

attackers North Korea duh who else would

19:13

want to send out that kind of ransomware

19:15

worm that could take out country's

19:16

infrastructure this guy would now the

19:18

actual damages induced were reported in

19:20

the $4 billion range damn that's a lot

19:22

of wow subscriptions now this of course

19:24

spread across multiple countries and

19:26

agencies but still God Dam damn now how

19:29

did all this happen imagine a plague but

19:31

instead of humans it's Windows 7

19:35

machines scary times now W cry was

19:37

unique due to its wormlike nature

19:40

allowing it to self-replicate and spread

19:41

rapidly across networks from infected

19:43

computers but unlike typical ransomware

19:46

that infects devices via malicious sites

19:48

or links one cry used infected devices

19:51

to propagate itself it exploited an NSA

19:54

discovered vulnerability Eternal blue

19:56

thanks guys appreciate it and another

19:58

back door double Pulsar to infect

20:01

primarily Windows 7 devices the attack

20:03

began in April 2017 in Asia spreading

20:06

quickly through network devices and if

20:09

not for the quick thinking of this guy

20:12

Marcus hutkins a cyber security

20:14

researcher who is working in loose

20:16

collaboration with the UK's National

20:18

cyber security Center saying that I'm a

20:19

hero I mean I sort of just registered

20:21

this domain for tracking researched the

20:23

Mau and discovered a kill switch which

20:25

more or less just stopped the ransomware

20:27

entirely I'm screwing over over the rest

20:29

of the world that it had not yet had

20:30

time to reach at 22 he single-handedly

20:34

put a stop to the worst cyber attch the

20:36

world had ever seen what have you done

20:38

with your life you stop a national Cyber

20:40

attack yet that's what I thought get to

20:42

work anyways this went full blight on us

20:44

so naturally it's blighting for this

20:46

Cyber attack in June 2017 the world was

20:49

introduced to the most destructive Mal

20:53

ever deployed we had just we just got we

20:55

just got one a cry damn 2017 was a fun

20:58

year I had no clue I was in my second

21:00

year of my cyber security program

21:01

ignoring my assignments to play League

21:03

of Legends pter games now while Ukraine

21:05

was the primary target here not Peta

21:07

quickly spread to more than 60 countries

21:10

destroying the computer systems of

21:12

thousands of multinationals between one

21:14

a cry in this system admins and security

21:16

analysts at the time must have had their

21:18

hands full full of resignations [ __ ]

21:21

this [ __ ] I'm out cuz you know security

21:24

kind of is and always has been the last

21:26

thing on the sea su's mind first thing

21:28

being

21:29

money I wouldn't what a million dollars

21:31

even smells like now much like the one

21:34

cry attack it also used the

21:35

vulnerability exploit known as Eternal

21:37

blue do spread like crazy because people

21:39

didn't install the fix to the Eternal

21:42

blue patch when it was first available

21:44

that's what you get not Peta spread

21:46

through the network on its own

21:48

extracting admin credentials and

21:49

schedules of tasks to reboot the machine

21:52

as soon as a victim reboots their

21:53

machine not Peta overwrites the master

21:55

boot record with a malicious payload

21:57

that encrypts the full disc now it asks

22:00

for a ransom but it doesn't actually

22:01

have a decryption key because this was

22:03

not a financially driven attack it was

22:05

Russia but you move attempting to more

22:08

or less [ __ ] over Ukraine what you

22:10

thought the war in Ukraine was a new

22:12

thing nah there's always been beef a one

22:13

affected company was Global Transport

22:16

and Logistics Giant M where not Peta

22:18

destroyed all end user devices including

22:22

49,000 laptops because this was not a

22:24

traditional ransomware that would

22:26

actually release your files if you paid

22:27

the ransom it was designed to Brick

22:31

everything a wiper as they're called in

22:33

total with companies RIT bener mandes

22:36

International Nuance Communications

22:38

FedEx did you not learn your lesson the

22:40

first time with one cry honestly this

22:42

doesn't surprise me FedEx kind of sucks

22:43

as a reason this meme

22:48

exists $10 billion in estimated losses

22:52

later due to this malware I'm sorry but

22:54

God damn that's a step above one or cry

22:56

we' reached apocalyptic levels of damage

22:59

and all of this could have been avoided

23:01

if you just pushed the update to all

23:03

devices [ __ ] don't no don't do that test

23:05

the update then push it we'll see why

23:08

that's important in a minute here now I

23:09

know what you're thinking it can't

23:11

possibly get any worse than the ones

23:12

I've covered right it can and it it did

23:15

in 2013 and 2014 a major internet

23:19

service provider Yahoo faced two massive

23:21

data breaches that led to the theft of

23:24

sensitive information from billions of

23:27

its users three billion users all of its

23:31

users the largest breach in history the

23:33

compromised data included usernames

23:35

email addresses birth dates phone

23:37

numbers and encrypted passwords credit

23:39

cards too no luckily not but I wouldn't

23:41

put it past these regular users to reuse

23:44

their passwords I don't know in

23:46

something like their login for their

23:47

Bank nah n there's no way people do that

23:50

how was Yahoo affected you ask well it

23:52

paid around 150 million in settlement

23:55

and fees and reduced its sale price to

23:58

to Verizon by $350 million okay okay

24:02

that they should feel that right oh [ __ ]

24:05

it's sold for 4.8 billion my

24:08

disappointment is

24:10

immeasurable and my day is ruined leak

24:13

every bit of your users's data and still

24:15

get paid this is the world we live in

24:17

that is some grade a apocalypse right

24:20

there so at long last how does crowd

24:23

strike incident compare to all these and

24:25

rank on our wonderful tier list of of

24:28

infamy well on July 19th 2024 an

24:32

estimated

24:34

8.5 million Windows computers worldwide

24:39

crashed and were unable to reboot stuck

24:42

in a blue screen of death that regular

24:45

users had no hope of fixing all because

24:48

crowd strike released an update to a

24:51

file that the colonel communicates with

24:53

so after the update the colonel was like

24:56

yo file what's up and the file was was

24:58

like I got nothing literally it had

25:00

nothing it had null pointers so

25:03

combining that with other issues

25:04

involved in the update it bricked the

25:07

kernel more or less and you get the blue

25:09

screen now I will say it was an easy fix

25:12

but one that required system admins and

25:14

it professionals to more or less

25:17

manually fix and it's basically

25:19

impossible to estimate the amount of

25:21

people that were affected by this no

25:22

longer people in the company that were

25:24

affected but it's disruptions everywhere

25:26

disruptions included cancelled flights

25:29

Hospital surgeries and 911 system

25:32

outages Fortune 500 companies are

25:34

estimated at 5.4 billion in losses

25:39

excluding Microsoft share God damn it I

25:42

try indicating a significant operation

25:45

cost insured losses through cyber

25:47

insurance from 540 million to

25:51

1.08 billion covering only 10 to 20% of

25:56

the total impact to these for 500

25:58

companies Delta Airlines alone reported

26:01

$500 million in losses over the 5 days

26:05

of this outage and that's not including

26:08

what the people lost by not being able

26:10

to get on their flights That's not

26:12

including hotels their Reserve

26:14

Transportation none of that it's it's

26:17

it's it's huge it's massive just this is

26:20

unprecedented size that's what she said

26:23

and you know we don't have to estimate

26:25

this [ __ ] crowd strike lost its market

26:27

value by $25 billion as a result and it

26:33

still looks like it's going down so we

26:35

have millions of Windows computers blue

26:37

screening and we have billions of

26:40

dollars in losses now I ain't no math

26:42

wizard but them numbers are anomalous we

26:45

haven't seen this kind of [ __ ] in an

26:47

incident ever now now think about if

26:51

crowd strike had been breached and

26:53

someone was able to push out something

26:55

truly malicious to all of its wonderful

26:58

ful customers unimaginable this incident

27:01

was simply

27:05

stupid you treat me like you

27:09

do when you play your