Firewall

Yeah, after that debacle it was pretty obvious to anyone knowing me that I would have to give my two cents on that subject.I will begin this article by asking you to share it with your friends, family and the people you know because this will touch, in layman’s terms, about a phenomenon taking place with your devices that is downright evil, and I am not particularly known to use that term lightly.

Now, on the surface, this whole mess is an inexcusable IT mismanagement of updates(to keep it simple) at best. See, these kinds of things are supposed to be tested in a safe environment before being distributed. Clearly, this either wasn’t, was poorly tested or someone decided to distribute it regardless of receiving the all clear or not. As I said, inexcusable, especially considering the sheer scale of damage this has caused.

Now, I will not go into conspiracies (like the fact that one of the executives sold for over a million dollars in shares the day before this was released) but will focus on facts. Facts, mind you, that everyone but a few have conveniently overlooked when informing all of you about this matter. These elements are what I want to shed a light on for you dear readers.

CrowdStrike

I want to preface the rest of this article by discussing CrowdStrike a bit. CrowdStrike is a Cybersecurity, publicly traded company. They offer various products, specifically, software, that acts as vulnerability scanners and antiviruses. In short, you would expect these companies to be expert at all aspects of cybersecurity.

This leads us to the question of “what does cybersecurity entails”? We can largely speaking detail the answer in three categories.

Our first category is proactive prevention of threats. This takes place both within and without the system. Antiviruses and Vulnerability Scanners, a Firewall and other such software are certainly one part of proactive defenses, but also learning good old common sense, along with familiarizing oneself against social engineering techniques is another. You my friend are considerably more vulnerable than your small handheld device you are probably reading this article from, no matter how much you feel to the contrary. You have emotions, the greatest vulnerability of all. A computer does not have such a vulnerability.

Our second category is reactionary defenses. This is usually the reaction after a threat was exposed, or made itself manifest, like a ransomware. This is usually way above most end users head on how to deal with, and where companies usually calls the IT department to deal with the problem. This can include diagnostic, removal of malware, up to completely resetting the computer from the ground up.Largely easy tasks if you are familiar with the subject, but most people know considerably less about their devices than they believe they do.

Our final category is research. Threats are emerging daily and cybersecurity researchers spend their days analyzing codes, testing how a malware behaves in an isolated environment, and how to defend against it. This is usually the really hidden part of cybersecurity that most people are completely ignorant of. Sofware engineers developping countermeasures, penetration testers playing the role of hackers that tries to invade a system, and other various experts working day and night to keep up with the malfeasants of the ‘net.

CrowdStrike for the longest time was working in the third category, only occasionally pointing their heads in the first and second categories.

The real kicker, is that this said third category is also where some of the biggest cybersecurity threats also grow up unnoticed.

Falcon Sensor-A dire example

The specific piece of software that caused the bootloop was an update with a piece of software called Falcon Sensor. To quote CrowdStrike’s FAQ on their Falcon product:

CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence,managed threat hunting capabilities and security hygiene — all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.

This sounds like an extraordinary good piece of software isn’t it? Well, it does if you have no idea what half of these buzzwords mean. I’ll give you the gist of it. This is a small piece of software installed inside your computer that lets an employee or a contractor from CrowdStrike to monitor your computer from the cloud. This is achieved by gathering information about your system, your behavior when interacting with said system, and using that data to formulate defenses against malwares in the futur.

Noticed the issue with what I said? I’ll spell it out.

This piece of software surveils everything happening on your computer and sends that information back to the cloud where anyone who has access to it can now see what you’ve been doing on it.

And they make you pay for it too. Afterall, this is provided as a Service, like Netflix. Everything as a Service is an entire issue I might discuss another time but for now know that I have utter contempt for it. However, our main issue in this case is the fact that this is a “CLoud-Based Security”.

Cloud-Based Security

Whenever a company tries to sell you a product that is “cloud-based”, you should immediately have all red flags up. This very website is no exception by the way, but as I am avoiding disclosing any personal information and am using…other measures to create a wall between my identity and my usage of these services, I accept the necessary, if mitigated risks to bring you this kind of information because clearly, no one else will.

So, what is my problem with the Cloud, and especially “cloud-based security”? To put it shortly, this is delegating your own security to an unknown, external source. I stand firmly with Machiavelli on the usage of mercenaries. Just build your own security that is going to be loyal to you and you alone. Outsiders will inevitably stab you in the back. Speaking by experience here.

What you do by using a Cloud-Based Security software is giving all your information, be it private or not, to a third party who, if you read their terms&Conditions, usually state that they reserve the right to resell that information, if “anonymized” (which if you have been following me, you know this means jack poodoo). Even if they do not, you have to remember this is an entire company that now has potential access to your personal data. Certainly, these are usually vetted, but in a time where political affiliations at all makes you “fair game” for extremists to systematically hunt you down and destroy your livelihood if not directly threaten your very life, giving your information like that to 200+ people you personally know nothing about is at best playing russian roulette.

As previously stated, you should never entrust your personal security to a third party source. This goes both fo individuals and for companies. Especially if sensitive data is included, and I reckon it is the case for every single one of you one way or another.

This gets even worse as this also opens a very sensitive vector of attack. If a hacker manages to hack into the software’s company servers, they now have also complete access to your computer, can modify the code of the software to install a backdoor in all linked systems…See where that goes? At best we are talking a cataclysmic security failure of proportions that could cost billions in damage, and that is the best case scenario. Now imagine, just for a second, the following:

airports, governments, the military and co use this kind of services in some places in the world, and yes, this does includes most of the west. A bad actor at the national level has billions in resources to incentivise hackers to find these kinds of vulnerabilities to destabilize a country before attacking.

Now, certainly, this is on a much wider scale than your personal, home computer. But I know many people have very sensitive information stored on their systems. Nudes, bank passwords, social medias accounts, that one picture of your cat that you told your parents you absolutely did not keep. The point being, cloud-based security software is possibly the single largest cybersecurity threat currently incurred in the entire world. Sold to you by so called Cybersecurity companies in the name of “convenience”.

What to do?

How do we fight back this threat? Well, by establishing a threat model and systematically removing everything cloud-based from our systems. I know, harsh, a bit extreme even. Possibly ruthless. I have no patience for these corporations selling convenience in exchange of not only your hard earned money, but also all your data and anonymity.

We fight this threat by shaking of our complacence and retaking an active role in our own security. This can be by changing our OS from Windows or MacOS(if you think for a second MacOS or Apple products are exempt from this problem, I have time to sell for clocks and water to sell for fishes) and instead changing it to Linux, reading on social engineering, carefully changing the software we use for open-source ones.

Take back what is rightfully yours my friends. Do your own research, learn, and ascend beyond those chains of complacency sold to you by these soulless corporations.

We will be watching.

The G.H05t

---

Filed under: Uncategorized - @ July 22, 2024 5:10 am