Real men test in production… The truth about the CrowdStrike disaster

00:00

last Friday the world finally got the

00:01

Y2K experience it deserved when millions

00:04

of Windows machines went down thanks to

00:06

a bad update from cyber security firm

00:08

crowd strike 8.5 million to be exact but

00:11

now the plot is thickened and multiple

00:12

theories for why this actually happened

00:14

have emerged a was it just a silly

00:16

mistake B was it actually a Cyber attack

00:19

being covered up or C was it a false

00:21

flag planned centuries ago by our

00:23

multi-dimensional lizard overlords in

00:24

today's video we'll try to find out what

00:26

really happened by taking a deep dive

00:28

into the technical details but first

00:30

here's a crazy detail you need to know

00:32

on April 21st 2010 at approximately

00:34

1,400 hours a McAfee Antivirus update

00:37

accidentally removed the windows service

00:39

host file and knocked millions of

00:40

computers running Windows XP off the

00:42

internet causing many of them to go into

00:44

an endless reboot loop the blue screen

00:46

of death shut down critical services

00:48

around the world that was 15 years ago

00:50

when Justin Bieber was only 16 years old

00:52

but it's nearly identical to the

00:53

crowdstrike disaster going on right now

00:55

here's the crazy part though the CTO of

00:57

McAfee in 2010 was none other than

00:59

George kurts the CEO of crowd strike

01:02

today that's quite the example of

01:03

failing upwards now he did just lose

01:05

$300 million in paper wealth but most

01:08

importantly we now know the embarrassing

01:10

truth about how the crowd strike

01:11

disaster actually happened almost it is

01:14

July 22nd 2024 and you watching the code

01:16

report the creator of C++ be straup once

01:20

said C++ makes it harder to shoot

01:22

yourself in the foot but when you do you

01:24

blow your entire leg off and we should

01:26

have listened to him crowd strike

01:27

released an official statement

01:28

explaining what happened come on you

01:30

guys there it is right there in front of

01:32

you the whole time you're dereferencing

01:35

a m pointer open your eyes the crowd

01:38

strike Falcon sensor is software that

01:40

sits in the background on your machine

01:42

looking for potential security anomalies

01:44

it contains a driver which is the thing

01:46

that actually executes code along with a

01:48

bunch of Channel files which are

01:50

basically just config files that contain

01:52

rules about new potential attacks that

01:54

the sensor can look for these files are

01:55

not kernel drivers and can be updated on

01:57

the Fly and when crowd strike pushed an

01:59

update to channel file 291 a logic error

02:02

caused the entire system to crash now

02:04

normally when an application crashes it

02:06

only breaks that application running in

02:08

user land or ring three in the CPU

02:10

protection ring no blue screen of death

02:12

required but crowd strike is a unique

02:14

piece of software that runs within ring

02:16

zero or kernel mode the most privileged

02:18

Zone around the CPU usually reserved for

02:21

process scheduling and direct Hardware

02:22

access ring zero is an area that

02:24

normally only microsof is are allowed to

02:26

touch and in order for any third party

02:28

to run code here they must receive a

02:30

whql certification from Microsoft to

02:33

verify that your code won't Breck 8.5

02:35

million devices and shut down the global

02:37

economy the crowd strike driver was whql

02:40

certified so it sounds like it's

02:41

Microsoft's fault well not so fast

02:44

what's unique about crowd strike is that

02:45

they can make updates to those config or

02:47

Channel files dynamically in this case

02:49

the driver had some kind of issue

02:50

reading Channel file 291 causing the

02:53

entire system to fail that's pretty much

02:55

all the detail we have from official

02:56

sources but luckily there's a guy on the

02:58

internet who's a professional C++

03:00

programmer and provided a breakdown that

03:02

went viral his hypothesis was that this

03:04

was a skill issue where some engineer

03:06

coded up a n pointer trying to access a

03:08

memory address that doesn't exist a

03:10

simple rookie coding mistake that could

03:12

have been fixed with an if statement

03:14

this tweet got a lot of traction but

03:15

since then it's been Community noted and

03:17

another security researcher explains

03:20

that this code is reading pointers from

03:21

a table in a loop and some are invalid

03:23

perhaps an error parsing the

03:24

configuration file left some entries

03:26

uninitialized what's kind of crazy here

03:28

is that it looks like the driver code

03:30

has actually been broken for a long time

03:32

and this one config file was the straw

03:33

that broke the camel's back we may not

03:35

know the full truth until there's a

03:36

congressional hearing but it looks like

03:38

some developer there wrote some bad code

03:40

said works on my machine but then made

03:42

the horrible mistake of deploying on a

03:43

Friday but we can't blame this one

03:45

person programmers write bad code all

03:47

the time but a failure like this should

03:49

never reach production the Falcon sensor

03:51

is not just some crappy to-do list app

03:53

when software operates in the critical

03:54

path like this there should be multiple

03:56

layers of protection quality assurance

03:58

continuous integration this staggered

04:00

rollouts and so on it's absolutely

04:02

insane that this wasn't caught by some

04:03

automated process before it killed 8.5

04:06

million computers heads need to roll for

04:08

this but it's not the person who wrote

04:09

the code it's an organizational failure

04:11

and it's not the first time Colonel

04:12

Curts has been connected to a worldwide

04:14

outage he knows that real men test in

04:16

production and is willing to die on that

04:18

Hill the thing is this company sells a

04:20

very expensive product that very few

04:22

people understand and if you want to

04:23

have an exotic car collection like this

04:25

your Enterprise sales team is your

04:26

highest priority not your software

04:28

engineering team those nerds therefore

04:30

the most likely root cause of This

04:31

Disaster is just a lack of quality

04:33

control at the company crowd strike but

04:35

another theory floating around is that

04:37

this wasn't an accident but actually the

04:39

work of a foreign spy who infiltrated

04:41

the company or perhaps a rogue employee

04:43

who wanted to send a message a message

04:45

that is time to switch to the Russ

04:46

programming language for Windows driver

04:48

development but the conspiracy theories

04:49

go even deeper and some think this

04:51

failure is so egregious that it was

04:53

actually pre-planned in advance the

04:54

world economic Forum has made

04:56

predictions about a worldwide Cyber

04:58

attack and crowd strike is a World

04:59

economic Forum partner this was all just

05:01

a test run for the real Cyber attack

05:03

scheduled to happen on August 12th 2026

05:06

most of us will already be dead by then

05:07

but if your goal is to write robust

05:09

Colonel drivers on Windows you'll need

05:10

to know how to problem solve like a

05:12

programmer and you can start doing that

05:13

for free thanks to this video sponsor

05:15

brilliant problem solving is a skill

05:17

that you keep forever brilliant's

05:19

platform will introduce you to essential

05:20

programming Concepts but most

05:22

importantly the handson exercises will

05:24

develop your brain to recognize and

05:26

solve complex problems that developers

05:29

need to over come on a daily basis best

05:31

of all every lesson is concise and

05:33

rewarding by investing just a few

05:34

minutes each day you'll develop habits

05:36

that can level up your programming

05:37

skills for the rest of your life and you

05:39

can do it anywhere even from your phone

05:41

to try everything brilliant has to offer

05:43

for free for 30 days visit brilliant.org

05:46

fireship or scan this QR code for 20%

05:49

off their premium annual subscription

05:51

this has been the code report thanks for

05:53

watching and I will see you in the next

05:55

one