July 22, 2024 - Health Ranger - Mike Adams
47:29
| 
| Time | Text |
|---|---|
| All right, welcome everyone to this BrightTown.com interview. | |
| I'm Mike Adams, and today we are joined by the Google whistleblower, Zach Voorhees, in the aftermath of the CrowdStrike Falcon security failure that bricked, I think, maybe millions of Windows server systems all over the world with repeating endless loop blue screen of death boot failure. | |
| So welcome, Zach. | |
| Quite an interesting time to be talking about all this, isn't it? | |
| Yes, it is. | |
| CrowdStrike's update was rolled out to millions of computers, and it caused a blue screen of death because it was causing a crash in a privileged piece of code called a system driver. | |
| And this system driver, when it crashes, it doesn't just terminate, it actually halts the operating system because it doesn't know what to do anymore because you cannot have a crash in privileged code. | |
| You can have a crash in unprivileged code in which the application terminates, but that's not what's going on here. | |
| Right. | |
| I saw there was a post that took a look at that file. | |
| I don't know if you've seen this, or if I'm wrong, correct me, but I thought it showed that at least part of this file was just a bunch of zeros, like literally filled with the digit zero over and over again. | |
| Did you see that? | |
| I did, and I looked at the Hacker News Forum, and some system administrators came in and said that that's not... | |
| Always the case that all the computers that they have been working with, it is not filled with zeros. | |
| So that was pointed to as the culprit at the beginning, but it looks like that's not always the case. | |
| Okay. | |
| So let's talk about the technical side of this and rolling out. | |
| I mean, you're an accomplished developer, so you know that there's always a staging test area for this, and there's always... | |
| New code is always tested against a wide variety of different operating system variants or installs or hardware systems. | |
| Can you talk to us about what would be typical in a company like this, responsible for security, what kind of normal pre-rollout QC would they have gone through? | |
| Yeah, so the normal way that C++ codebases are checked is that they've got a set of automated tools. | |
| It looks like those automated tools were not run on this codebase for whatever reason, probably because it's old and there's a lot of... | |
| It was kind of before a lot of these modern tool sets came in. | |
| So first off, they're not running a lot of the automated tool sets. | |
| That's my speculation. | |
| But more than that, They're rolling it out to everyone at the same time. | |
| And that's not the way that you do a rollout because what you have to assume is that, well, we all know that code has a lot of bugs in it. | |
| It's just the way software is. | |
| And so rather than try to make sure you do all the possible checks and roll it out to everyone, what you do is you do a staged rollout where you roll it out to, let's say, a region. | |
| And then if you wait like an hour, you wait like maybe four hours, if no one starts complaining, then you roll it out to a larger area and you just roll it out. | |
| That way, if there is a fatal problem... | |
| to get wind of it really quickly. | |
| And if they had done that, in this case, what they would have done is got a call from a bunch of angry system administrators that just said, you just took down every single one of our computers with this software update. | |
| Right. | |
| And instead of doing that, they just rolled it out to everyone. | |
| And so I hit with this. | |
| So my question is, does it seem, and I understand this is just going to be an educated guess, but does it seem like they bypassed, or maybe a rogue... | |
| Deployment person or developer bypass the normal operating procedure. | |
| There should be a sequence of steps that they go through before they roll out a new patch. | |
| Does it seem like they bypass that? | |
| Yeah, I think it was somebody trying to go on vacation, and they were rolling this out on a Friday. | |
| It's pretty famous that you don't release software on a Friday right before you go home for a weekend. | |
| Yeah. | |
| Absolutely. | |
| You start rolling it out on Monday for this very reason. | |
| And it looks like this person rolled it out. | |
| It looks like it might have actually bypassed Windows updates because no one got any notification. | |
| They didn't get the consent to opt out. | |
| They just got it pushed to them. | |
| And the problem with this is that CrowdStrike's software is sort of an anti-malware, anti-virus, anti-penetration software. | |
| So what it does is it penetrates other applications and injects code into their executable so that it can monitor bad, malicious behavior and catch it really quickly. | |
| So it's got this privileged access that needs to do. | |
| And so this update rollout Just simply swapped out the previously working code for a new system driver, and that system driver crashed the operating system. | |
| So, would I be wrong to describe this push of this CrowdStrike system file update as itself malware? | |
| I mean, this took down systems, which is what it's supposed to prevent from happening, but it did a very effective job. | |
| In fact, I don't think there's ever been a piece of malware that's ever been as effective as this at taking down as many systems all at once, has there? | |
| Nope, not since the viruses in the 90s used to do something similar, but now it's bad software updates by reputable companies that are taking down large sections of the internet. | |
| Can you think of any other failure in history that had as big of an impact on the world as this? | |
| No, no, this is the biggest one to date. | |
| There's been other security vulnerabilities that have happened, but nothing that's taken down so many computers. | |
| It's almost like an attack from Russia or China to take down infrastructure. | |
| That's the scale of this oopsie. | |
| Okay, so you use the word oopsie. | |
| How do we know it wasn't something on purpose by somebody within CrowdStrike? | |
| And I'm not saying that the CrowdStrike company intended to do this, but perhaps a rogue operator took a payment, you know, hey, here's 50 Bitcoin, push this thing. | |
| And they did it. | |
| Is there any way to exclude that as a possibility? | |
| I can't exclude it. | |
| I mean, that is definitely possible that they did this in order to sort of weaken our infrastructure and, you know, weaken Microsoft, one of the leading computer companies in the world. | |
| Okay. | |
| You know, until we see that this is not programmer error. | |
| It's C++. It's an old code base. | |
| This sort of problem is endemic with these old code bases. | |
| The newer version of C++ has a lot of fixes that prevents this sort of class of errors. | |
| But, you know, this code base probably existed way before things got cleaned up in the language. | |
| Okay. | |
| All right. | |
| Fair enough. | |
| But CrowdStrike, whether this was intentional or accidental, CrowdStrike has just proven a couple of very worrisome things that I'd like your comments on. | |
| One is that global Windows server security is very centralized. | |
| It's in the hands of one guy. | |
| That's really frightening. | |
| And secondly, there is a mechanism that exists that was just demonstrated where the CrowdStrike company can bring down much of the Western world's transportation and supply chain infrastructure. | |
| And that's now a fact, right? | |
| That's not theory. | |
| That's a fact. | |
| What are your thoughts about these two emerging facts? | |
| I think that a lot of these companies need to have audits. | |
| I think that a lot of this falls into the hands of Microsoft and their insecurity to allow a company like CrowdStrike to go ahead and inject this code into computers. | |
| I mean, how do we know that CrowdStrike Is it infiltrated? | |
| Is it compromised? | |
| If this was a deliberate attack, we would be really screwed right now. | |
| All of our systems would have been taken offline if this was an attack and not a mistake. | |
| And in the future, it could be an attack and not a mistake. | |
| In fact, this could even be an attack, hypothetically. | |
| We just don't know. | |
| So let me lay out a scenario for you. | |
| Let's just say an agent of the CCP comes over to the U.S., finds the high-level employees of CrowdStrike, identifies it. | |
| It's probably not difficult to figure out who they are. | |
| Starts Following them, researching them, and kidnaps their kid or something, and says, hey, you ever want to see your kid again? | |
| You're going to push this update. | |
| I mean, that's not a James Bond movie. | |
| That could happen in real life. | |
| Yeah. | |
| And this supply side attack has happened before with SSH, the common way that we log into computers on Unix. | |
| There was a well-planned out supply side attack Of an unknown person who spent two years gaining the trust of the open-source community to put in a supply-side attack that compromised the way that we log in into computers. | |
| And so this isn't unprecedented. | |
| This isn't science fiction. | |
| This isn't fantasy. | |
| This is something that's happened before. | |
| Wow. | |
| And this... | |
| This event with CrowdStrike reiterates and drives home the point that we need to have auditing of these centralized services or possibly even break them up so that we don't have these sorts of problems again. | |
| Well, speaking to that exact point, Russia's transportation infrastructure was mostly not affected. | |
| You know, their airports were functioning, planes were in the air, while in the U.S. and even in the U.K. and many other countries, the planes were grounded, the airports were in chaos. | |
| Well, that's because Russia uses, I think, a variant of a Linux operating system for their, you know, air transportation backbone. | |
| Are you thinking, can you confirm that, or do you have any knowledge of that? | |
| You know, what's interesting is that CrowdStrike actually borked a lot of Unix machines last month. | |
| But because there's not a centralized way that code is pushed on Unix, the damage that it did was very small, contained, identified, rolled back. | |
| and not on a global scale. | |
| In fact, nobody had even heard about it until this event happened where we looked back and we said, oh, actually, you know, Linux was affected, but because it was, you know, because there's no centralized way that all Linux operating systems can receive a code push, because there's no centralized way that all Linux operating systems can receive a code push, it turned out that they were able to take care of it right away and not Wow. | |
| Okay. | |
| Well, I may ask you another question about the core differences between Unix slash Linux flavors versus Windows, but I've got something else real quick. | |
| I was on Amazon today checking an order status because I still do order some things from Amazon. | |
| Here's a message that pops up under your orders. | |
| Quote, a small number of deliveries may arrive a day later than anticipated due to a third-party technology outage. | |
| So here's a case where it's even affecting Amazon and their logistics systems, not just banks. | |
| Payroll was also impacted, and I understand that supply chain logistics transactions were delayed, which will affect auto manufacturing and many other things. | |
| Do you have a sense of how widespread this is in terms of industries affected? | |
| I mean, there's a lot of industries that run Windows. | |
| I don't know why they run Windows for their server backend operations. | |
| Windows is spyware. | |
| Windows is communism. | |
| You know, there's a centralized bureaucracy that controls the updates and pushes it to you. | |
| And now they're going to start monitoring your actions and clicks with artificial intelligence. | |
| And for some reason, a lot of the industry uses Windows as a server to run their services. | |
| Yes. | |
| Now, keep in mind, if they're running Linux, which is free and open source, they're not running into this issue. | |
| Well, yeah, exactly right. | |
| So that was one of my questions. | |
| Talk to us about the structure or the architecture of Linux and why it doesn't have the same vulnerabilities where a security company has to have these low-level sys files with hooks into every function within RAM. I mean, talk to us about the differences. | |
| Right. | |
| So the difference between Linux and Windows is that Linux... | |
| Linux was a free operating system that was spawned off of Unix. | |
| Unix was developed in Bell Labs, I think in the 1970s. | |
| Linus Travolts basically decided that we needed to have a consumer PC version, free version of Unix. | |
| He spawned Linux. | |
| Linux became the trunk of a whole bunch of family of operating systems that are all based upon his kernel. | |
| Now, the kernel is sort of like the core of the operating system, and then people build on top of that. | |
| And that's been actually going on until this day right now. | |
| And so what's interesting is that most of the software that you use, like Facebook, you know, Google, their services, they're all based upon the free Unix operating system known as Linux. | |
| It's free as in air. | |
| It's amazing. | |
| I use it. | |
| And the thing is, is that because nobody really controls Linux, you have absolute sovereignty over the state of your server, right? | |
| So no one can push an update if you don't want them to push an update, right? | |
| And the difference between that and Microsoft's Windows operating system is that Windows operating system is completely closed source. | |
| Microsoft owns it. | |
| If you get a copy of the Windows code, you can be sued in a court of law. | |
| And because of that, there's a lot of mysterious things. | |
| We don't exactly know how it works. | |
| Can you really trust it? | |
| Is it capturing your keystrokes? | |
| We have to trust Microsoft by faith that they're not doing any of those things. | |
| But we can't audit it. | |
| We can't see what's going on. | |
| And that's really the difference between Linux and Microsoft Windows is that one is free, open source. | |
| We can view it. | |
| It's incredible. | |
| And the other one, well, they can do whatever they want, including stealthily pushing code updates right into your computer. | |
| Wow. | |
| Wow. | |
| Well, you know, it's really interesting. | |
| We have a partnership with a company called Above Phone, and they do de-Googled phones, as you may know. | |
| But they just pushed out a Linux laptop that they call Above Books, like a notebook. | |
| And it's got apps on it that look and function very much like Microsoft Office. | |
| But, of course, the apps are open source. | |
| And they don't call home, right? | |
| So it's all yours. | |
| It's all under your control. | |
| And the main difference, the gap in usability between Linux and Windows is really closing, where Linux is becoming more and more user-friendly with the GUI interface and the apps, which... | |
| Wouldn't you say that it's becoming a lot easier for mainstream people to use now? | |
| It is becoming easier for mainstream people to use, especially since a lot of mainstream users just want to open up a browser and view the internet. | |
| And for that, it's absolutely fantastic. | |
| The big problem that still exists with Unix is that because not a lot of people use it as a consumer PC, Right now | |
| that's... | |
| Really the biggest barrier for a lot of these engineers. | |
| Like, for example, I still use Windows 10. | |
| Why? | |
| Because a lot of my software, a lot of my hardware does not work on Linux. | |
| And until they fix that, I'm forced to use Windows. | |
| But I might just bite the bullet now that Windows is forcing a whole bunch of, you know, unreasonable... | |
| Capturing metrics on what you're typing and artificial intelligence that I may just have to bite the bullet and go to Linux for my consumer PC. I'm already using it for the servers that I deploy, but I've got three monitors, cameras, microphone, button board, all this kind of stuff that really just does not work on Linux very well at all. | |
| Well, that's interesting because you're very familiar with our AI project. | |
| We've talked about it. | |
| And in our AI processing of articles and transcripts and so on, I do run Windows systems. | |
| But most of those systems, especially the ones that are processing the bigger books, which take a long time, I do not have those systems connected to the Internet at all. | |
| Not even Ethernet. | |
| Not even local LAN. I walk up with a thumb drive, and I put the book files on it with a thumb drive, and then I let it process, and then I take them off with a thumb drive. | |
| Windows is not updating, and then it's great, but obviously that's not useful for day-to-day business use. | |
| I find Windows is only tolerable when it's completely disconnected from the Internet. | |
| Right. | |
| Well, you're using NVIDIA graphics cards. | |
| Right. | |
| NVIDIA graphics cards on Linux has always been a second, you know, redheaded stepchild. | |
| It's not well supported. | |
| And it's always been that way. | |
| And it's been a subject of fury. | |
| And you've run into this exact same problem, which has forced you to go to Windows. | |
| Right. | |
| And unfortunately, that's just the state of the world right now. | |
| Now, as far as this big, you know, apocalypse here, this IT apocalypse, I call it, that just happened with CrowdStrike, do you think this is going to cause a lot of companies to move away from Windows servers now? | |
| I mean, Elon Musk announced that he, of course, removed CrowdStrike from all the Tesla systems, which I guess means Tesla is still using Windows servers, which is a little bit surprising. | |
| But are there going to be some long-term changes from this that are significant? | |
| Yeah, there are. | |
| There's a lot of negatives about running Windows because a lot of corporate IT departments, not only do they have CrowdStrike, but they also have BitLocker. | |
| And the problem with this is that this bug with CrowdStrike and the combination of BitLocker meant that people were doubly locked out of their machines. | |
| Yeah. | |
| And for a very long time. | |
| And BitLocker issued an update on how to bypass their security methods, which I guess was previously unknown, to basically break out of their shell and disable the service so that somebody could get in and delete the offending driver and get back up and running. | |
| But it requires like 10 reboots. | |
| in order to get it to work. | |
| Wow. | |
| And everything with Windows is just really slow because of the security software. | |
| Linux will run, like when I compile an executable, you know, at work, I was running Windows, it took like 10 times longer than it did on the Linux operating system. | |
| And this is endemic throughout the entire, you know, corporate world, is that they are very slow when you're running Windows and it's very fast when you're running Linux. | |
| And the reason is because all the Windows machines are pretty much the same. | |
| So if you penetrate one, you penetrate them all. | |
| Where Linux, because there's such a difference in flavors and packages that are installed, there's not the same attack surface vulnerabilities for these Linux operating systems. | |
| Really good point. | |
| One question along those lines. | |
| It's my understanding that the manual fix process that these systems administrators had to follow in order to, you know, boot to safe mode, launch PowerShell, find the sys files, delete them, reboot, And then after that next reboot, | |
| it seems like those systems then were not protected by CrowdStrike and that there would have been some time of an open vulnerability or no CrowdStrike protection until an additional system replacement was installed. | |
| Does that make sense to you? | |
| Or do you think these systems may have been vulnerable for some period of time? | |
| Well, yeah. | |
| I mean, here's the thing is that... | |
| CrowdStrike is not necessarily there to prevent intrusion. | |
| It's more as a secondary defense, like an immune system, to detect that intrusion has happened and then clean it up. | |
| And so, you know, the Microsoft's operating system, you could think of it as like the outer shell. | |
| By default, it's pretty locked down to prevent intrusion. | |
| But if that intrusion were to happen anyways, like let's say you stuck a USB drive in, Or somebody new of a zero-day vulnerability, so a vulnerability that hasn't been disclosed yet, then, you know, yes, they can get into the system and they can make changes, but, you know... | |
| When you get a blue screen of death, the computer pretty much shuts down and doesn't continue. | |
| And so it's that time when CrowdStrike is not on there that the computer would become vulnerable. | |
| And until they put that CrowdStrike back on, then it could possibly be able to detect the system files that have changed. | |
| Who knows? | |
| Well, but the reason I ask is because of the history of Stuxnet and the CIA and perhaps Mossad was involved in that. | |
| Very clever. | |
| I know you're familiar with the history, and that was to stop Iran's nuclear weapons or nuclear materials development program. | |
| And it was a very successful virus, but it was built by the intelligence communities. | |
| Here's the thing. | |
| Every computer that runs an Intel processor is backdoored. | |
| There's a hidden operating system within the CPU called ME or something. | |
| It can be activated over the network and can run privileged code. | |
| CrowdStrike is not going to stop this. | |
| None of this stuff is going to be able to stop it. | |
| If the intelligence services want to get into your computer, they can get into your computer by this built-in backdoor at the hardware level that you can't even disable. | |
| Let's look at the bigger picture. | |
| All of our computers are vulnerable. | |
| It's just that the people that are in the know haven't activated the trigger yet. | |
| Okay, so since some people are wondering very vocally, you know, people like Roger Stone, for example, saying that he believes this CrowdStrike push was on purpose in order to change the conversation and take attention away from the success of the Trump speech and the Republican rally and so on. | |
| Isn't it possible then that, I mean, the deep state, I think the deep state tried to kill Trump. | |
| Is it possible they could also try to disrupt the world's computers to distract everybody? | |
| That's possible, yeah. | |
| Take out 8 million machines, take the news media offline, that's totally possible. | |
| Absolutely. | |
| Absolutely. | |
| What's interesting about this bug is that this bug has actually existed for a very long time. | |
| That's the conversation I got from the Hacker News Forum. | |
| And what they said is that this bug existed for a very long time and that it was waiting for the right conditions in order to activate. | |
| And it got activated immediately. | |
| I think it was by the Windows 11 boxes that it got activated by and not Windows 10. | |
| I might be wrong. | |
| I might have that switched. | |
| But yeah, this bug has been lurking for a very long time. | |
| It was a grenade waiting to go off. | |
| And for some reason, a certain combination of things meant that it went off now. | |
| Okay, so then there could be other bugs lurking, also waiting for the right conditions. | |
| And are you aware of any, you know, has CrowdStrike announced any meaningful method to prevent this from happening again? | |
| They have. | |
| In fact, they've been pre-typed lipped about exactly how this attack or this error was actually propagated or the technical details about it. | |
| The issue is that they're not running certain tools that would catch this sort of thing automatically. | |
| There's this thing called address sanitizer, thread sanitizer. | |
| It's going to catch these no-pointer dereferences, these invalid reads, and basically alert the developer, and they're going to fix it. | |
| This is what happened at Google for YouTube products that are binaries that run on the... | |
| You know, the game consoles, like we put it through a test system embedded into our deployment pipeline. | |
| And so when you did a little oopsie, you would get an error message later on saying that this detector detected that there was a possibility of an error in your program and you needed to take care of it, and the test would go right until you took care of it. | |
| And we found a whole bunch of bugs like that. | |
| And the thing is, is that CrowdStrike simply isn't running any of this stuff because if they had, it would have detected that either this is a race condition because of multi-threading or they're just simply not checking pointers to whether they're null or not and assuming that they're valid. | |
| They refer to valid pieces of memory. | |
| And then you get a crash like this. | |
| So this is bad on them. | |
| They're not running the tool set. | |
| They need to. | |
| And I'm sure that going forward, they're going to put a lot of these safety checks in place so it doesn't happen again. | |
| Well, maybe McAfee will announce a new software package to protect Windows servers from CrowdStrike malware. | |
| Right. | |
| It's like now CrowdStrike is a threat. | |
| And I don't see any reason why they have stopped becoming a threat if they just did what you just described. | |
| Then it's like, whoa, you know, worse than hackers. | |
| Right. | |
| I mean, it's almost like a virus. | |
| Like, what they're doing, just like swapping out system driver with their own system driver. | |
| I mean, that's what viruses do. | |
| And why is Microsoft allowing them to do that on all these computers? | |
| Like, what sort of backroom deal do they have that allows them to deploy untrusted code into all these computers? | |
| Yeah. | |
| I mean, the only thing it lacked was an on-screen message that said, you know, give us Bitcoin and we'll unlock your computer, you know? | |
| Right. | |
| Right. | |
| Exactly. | |
| Yeah. | |
| Okay, Zach, this has been incredibly helpful. | |
| How can people follow you and reach you? | |
| Give us your social, your website, everything else. | |
| Yeah, follow me at twitter.com slash perpetualmaniac, also known as x.com. | |
| Or if you want to see the disclosure that I had about blowing the whistle on Google, check it out at zachvorhees.com or check out my book, googleleaksbook.com. | |
| Okay, googleleaksbook.com, zachvorhees, that's v-o-r-h-i-e-s.com, and then also perpetualmaniac on Twitter, correct? | |
| Yep. | |
| All right, Zach, welcome back. | |
| I understand you have new information because some technical details have been released now about the CrowdStrike, what I'm calling almost a malware type of attack or disabling all these computer systems. | |
| So go ahead. | |
| Tell us what you've learned. | |
| Yeah, so CrowdStrike released a technical report on exactly what the issue was, possibly in relation to my tweets that got 23 million impressions, but they clarified what exactly went down and the results are actually really surprising. | |
| So check it out. | |
| It turns out that this was not a driver update that was pushed. | |
| There was this speculation that I did that there was new code that was pushed to all these machines and that this code had a ticking time bomb in it that was released. | |
| It turns out that ticking time bomb was already installed on everyone's computers prior to this event. | |
| And what they pushed was actually a data file that was bad. | |
| And this data file was called a.sys file, so we thought that it was a system driver, but it actually wasn't executable code. | |
| It contained data. | |
| This data had invalid pointers. | |
| These pointers were loaded into code. | |
| And then when those pointers were dereferenced, they referred to code in that null region, that first page space of a computer, which you shouldn't ever, ever access. | |
| And that was causing the blue screen of death. | |
| So instead of a bomb being pushed, that bomb already existed. | |
| The question is, How many other ticking time bombs do we have because of CrowdStrike's shoddy code practices? | |
| Okay, wow. | |
| Wow, I have so many questions, Zach. | |
| First of all, who pushes out data files named.sys? | |
| I mean, that seems crazy. | |
| Yeah. | |
| I mean, I guess CrowdStrike does. | |
| That's crazy. | |
| I don't even know where to begin on that. | |
| But then secondly, you know, in our interview that we conducted previously, we talked about there should be a quality control process. | |
| There should be a staging area rollout to check everything. | |
| Are you saying that these data files, when they are pushed, that there's potentially no staging testing or no quality control check on data files? | |
| Data files typically don't go through the same QA process that system executables do because it's assumed, or more assumed, that data is benign and that it's the executable code that needs to go under rigorous review. | |
| And because these are data files, they just raw-dogged it to everyone instead of going through the normal QA process for executable code. | |
| Okay. | |
| All right. | |
| Then the next question is, you describe this as a time bomb that had already sort of pre-existed on all these machines and it got triggered by this payload of this data file. | |
| Doesn't this mean there could be many other time bombs in place right now yet to be triggered in the future? | |
| Oh yeah, that's my assumption. | |
| I mean, if this exists in one place, then I'm sure... | |
| I mean, the reason why this time bomb exists at all is because they're not using the automated tools that are available to make sure that code like this, this unsafe code, is caught and fixed and doesn't roll out to production to everyone's machines. | |
| And the only reason why Linux and Mac were not affected is because they didn't get this data rollout. | |
| If they had this data rollout, this would have affected Mac, Linux, and Windows. | |
| Oh, my. | |
| Yeah, but it just affected Windows because they were the only ones that got this data payload. | |
| Over the weekend, I've been watching videos from systems administrators who look like they've had no sleep, by the way. | |
| Unhappy. | |
| They've had to walk up to servers physically, plug in keyboard and monitor. | |
| You know what I'm talking about? | |
| And boot to safe mode. | |
| And they're having to do this for tens of thousands of machines. | |
| What are you hearing about the remediation efforts so far? | |
| It involves a very long process, and it's a long process that they do not have BitLocker installed, which is another security package. | |
| BitLocker likes to lock down a machine whenever something goes wrong. | |
| And so this corruption of memory basically is a double whammy where people have to go through about 10 boot sequences in order to bring up a machine. | |
| They can't do it remotely. | |
| They have to plug in a keyboard and mouse or at least a keyboard in order to unlock the machine and delete the effective system driver and then boot up normally. | |
| And so this whole thing with, you know, cloud infrastructure where you don't actually manage the machines yourself, you have somebody else manage a machine. | |
| This is really, really unfortunate for them because all of a sudden their machines are locked and they can't get keyboard access to this cloud machine that's in there. | |
| you know, Well, right. | |
| Yeah. | |
| And, I mean, for example, my own company, Brighteon Servers, they're in a data center that I've never been to. | |
| I would not even know how to enter that data center. | |
| I'm sure somebody in my company has access, but I've never been there. | |
| This kind of conundrum must be happening everywhere. | |
| People responsible for servers have never been to the location where they're running. | |
| That's common, right? | |
| That's totally common, yeah. | |
| For a lot of these people, it's like, well, they're going to go to a backup where they had a backup of their system on a previous day and just wipe out all the data that existed from that backup until now and basically just live with the data loss because it's easier than not having access to anything. | |
| Well, in fact, I have a question for you about data loss. | |
| I meant to ask you this in our previous interview. | |
| Is it possible that if rogue code were pushed, let's say a rogue employee of CrowdStrike or some other company that has this low-level access, could these system drivers wipe hard drives and format hard drives? | |
| Absolutely. | |
| Yep. | |
| Especially with CrowdStrike. | |
| The way that CrowdStrike's software works is that it's injecting itself into all the running processes of your system. | |
| Okay? | |
| And so the system thinks that it's interacting with a Windows API call, but it's actually being intercepted by CrowdStrike. | |
| And CrowdStrike is then checking the code, what's being called, and then forwarding the call to the actual Windows drivers in order to detect malicious software. | |
| Now, if CrowdStrike had a ticking time bomb, what they could do is that they could just intercept a call and then just wipe the hard drive. | |
| And that's... | |
| And they can do that because they've got privileged access to your computer. | |
| So in other words, the IT apocalypse that we've just experienced as a world is nowhere near as bad as it could be if malicious code were pushed that just started wiping hard drives. | |
| Then there would be no recovery for these machines. | |
| As you well know, backups are not done as frequently as they typically should be. | |
| Right. | |
| So let me give you kind of a nightmare scenario, right? | |
| Like, let's say the Chinese Communist Party wanted to take out America's infrastructure. | |
| What they could do is that they could just take these, you know, CrowdStrike system drivers, because they're public, they're deployed on each and every computer, they could reverse compile them back into C code. | |
| Or a form of C code that's kind of hard to read, but not impossible for a determination state. | |
| Uh, figure out where the bugs are, and then, uh, figure out how to alter the data files. | |
| Now, it's, you know, system drivers are privileged, um, You can't just go and modify them with a virus. | |
| But data files, on the other hand, are much more easily accessed. | |
| And so if a nation state wanted to take out large swaths of infrastructure, they could just simply know that there's a bug in reading a file, change that file that's read, and then boom, all of a sudden a bunch of computers go down, adversaries, or maybe even somebody that's working within CrowdStrike Could push a data file like this out to millions or billions of machines and then all of a sudden all those machines just get locked down suddenly. | |
| And this is something that needs to be taken a look at. | |
| I'm sure that CrowdStrike is going to revise the policy for pushing data files to their client machines because if they don't, this is going to continue to be a critical bug that can detonate at any time. | |
| Very important terminology you're using there. | |
| This could detonate at any time. | |
| There may be other unknown time bombs already in place on these systems. | |
| But what you just said that's really important is that potentially a third party actor, even a nation state actor, could exploit... | |
| Vulnerabilities that are already in place, and simply by modifying data files, which would not require potentially defeating the CrowdStrike protection layer. | |
| That could be done through some other mechanism. | |
| They could set off a similar type of cyber apocalypse event, is I think what you're saying. | |
| That's exactly what I'm saying, right? | |
| Yes. | |
| Okay. | |
| So, given that everything in our banks, for example, It's all virtual. | |
| It's all just on a database somewhere. | |
| The bank doesn't have a stack of cash that's yours, right? | |
| They don't even want to give you cash when you ask for it. | |
| Everything is virtual. | |
| It seems like there's a feasible pathway to a kind of infrastructure takedown that could be very widespread, even a lot wider than what we just saw, especially if it impacts Linux or Unix machines. | |
| I'm concerned about this. | |
| Are you? | |
| Oh, absolutely. | |
| Absolutely. | |
| And the thing is that there are tools in place to catch these types of issues, but they're just not being run. | |
| And the question is, why? | |
| Why? | |
| Do you have any indication? | |
| I mean, let me say this. | |
| There's been a lot of speculation over the last couple of days from many people who are convinced that this is not a coincidence. | |
| They think the timing of it is very suspicious to maybe distract people from asking questions about the attempted assassination of Trump. | |
| That whole story is, of course, blowing up big time. | |
| We can't prove such a connection. | |
| But is there anything... | |
| That you stumbled upon that could indicate one way or another whether this was for sure an accident or possibly not an accident? | |
| You know, now that I see that it was a data file and that it had this sort of backdoor access, I'm now starting to think that this could have a little bit more malicious intent. | |
| The amount of damage that they did was only limited to Windows machines. | |
| If this data rollout had gone to Linux, it would have been orders of magnitude more catastrophic. | |
| Is there anything in the Linux systems that would automatically prevent this? | |
| Or are Linux systems similarly vulnerable to data file updates? | |
| Well, the problem is that this is a CrowdStrike update, not necessarily a Windows update. | |
| That's just why it went around all this consent and just, you know, just modified the information. | |
| And so it's CrowdStrike's, you know, infrastructure that injected this data file. | |
| And so, you know... | |
| This isn't even something that Linux can prevent, right? | |
| Like a program is free to download a new file and stash it somewhere. | |
| And so I think that this backdoor would have extended to Linux and Mac OS as well if they had been targeted, but they just simply weren't. | |
| And that's the reason why we only had it localized to, I believe it's Windows 11 that had this data file push. | |
| Okay. | |
| Wow. | |
| All right, Zach, this is really fascinating and a little bit horrifying. | |
| Is there anything else you want to add that we haven't covered? | |
| Nope. | |
| I mean, that's pretty much it. | |
| There you go. | |
| So mystery solved. | |
| It was the data file push by CrowdStrike that took all these machines down. | |
| Okay. | |
| All right. | |
| Fantastic. | |
| Let's give out your contact information one more time. | |
| Your handle on Twitter? | |
| Twitter.com slash perpetualmaniac. | |
| And check out my Google Leaks disclosure of 950 pages. | |
| You get to see how the sausage is made at zachvorhees.com. | |
| Also check out my book, Google Leaks, A Whistleblower's Exposé of Big Tech Censorship. | |
| All right. | |
| Fantastic. | |
| Zach, thanks for reaching out and updating us. | |
| And please keep us posted as more developments become public. | |
| You got it, Mike. | |
| It was a pleasure. | |
| Thank you, Zach. | |
| Yep. | |
| Take care. | |
| And thank all of you for listening. | |
| This is Mike Adams here with Brighteon.com. | |
| And feel free to share and repost this interview on other channels and platforms. | |
| Take care, everybody. | |
| The hurricane that recently blew through Texas caused over 2 million people to lose power in the Houston area. | |
| And more people have lost power throughout Texas and other states as well as this has moved through. | |
| Our sponsor, the Satellite Phone Store, has a sister site called beready123.com. | |
| If you go there, you'll find that they've got power solutions, backup power systems right here. | |
| They've got solar generators. | |
| They've got storage systems. | |
| They've got a survival go bag on top of that and many other items. | |
| Plus, of course, you can get satellite phones and backup communication devices from them. | |
| They've made them all affordable with a monthly payment instead of having to buy everything up front with the phones. | |
| But if you go there, beready123.com, you'll find these systems that I use as backup power systems. | |
| And right now the power grid is less reliable than ever before. | |
| It seems like we're suffering more kind of storms or outages or just cyber attacks on the power grid from time to time. | |
| It's always important to have a backup system. | |
| These solar generators, you can charge them from the sun. | |
| Obviously, they have built-in charge controllers and inverters. | |
| You can run small refrigerators off of these if you want to, or even blenders. | |
| You can recharge computers or mobile phones or batteries for flashlights or even night vision devices. | |
| So this is a really important technology area to make sure that you have squared away for your own personal preparedness and survival planning. | |
| Again, check out the website, beready123.com, or you can go to the Satellite Phone Store if you just want the comms equipment, and that's at sat123.com. | |
| And thank you for supporting our sponsors. | |
| Your own government has the power to activate a kill switch on all telecommunications, instantly shutting down all private phone calls and texts. | |
| An EMP weapon or solar flare can achieve the same result. | |
| Rolling blackouts or permanent power outages will also take out the power supply to cell tower antennas, rendering mobile devices all but useless. | |
| During these emergencies, how do you stay in touch with the important people in your life anywhere on the planet? | |
| The answer is the Bivy Stick at sat123.com. | |
| The Bivy Stick is a two-way satellite text messaging device that uses a satellite constellation, not cell towers, to send and receive text messages. | |
| It works anywhere on planet Earth, including in war zones or blackout areas, in unpredictable times. | |
| The Bivy Stick helps you stay connected when it matters most. | |
| Visit sat123.com to get one while they're still available. | |
| A global reset is coming, and that's why I've recorded a new nine-hour audiobook. | |
| It's called The Global Reset Survival Guide. | |
| You can download it for free by subscribing to the naturalnews.com email newsletter, which is also free. | |
| I'll describe how the monetary system fails. | |
| I also cover emergency medicine and first aid and what to buy to help you avoid infections. | |
| So download this guide. | |
| It's free. |
Export Selection