[hdhshdhshdjd]

You do remember Solarwinds right? This is an obvious high value target, so it is reasonable to entertain malicious causes.

Given the number of systems infected, if you could push code that rebooted every client into a compromised state you’d still have run of some % of the lot until it was halted. That time window could be invaluable.

Now, imagine if you screw up the code and just boot loop everything.

I’d say business wise it’s better for crowd strike to let people think it’s an own-goal.

The truth may be mundane but a hack is as reasonable a theory as “oops we pushed boot loop code to world+dog”.

[saagarjha]

> The truth may be mundane but a hack is as reasonable a theory as “oops we pushed boot loop code to world+dog”.

No it's not. There are many signs that point to this being a mistake. There are very few that point to it being a hack. You can't just go "oh it being a hack is one of the options therefore it is also something worth considering".

[Huggernaut]

Look there are two options on the table so it's 50/50. Ipso facto.

[bunabhucan]

I believe the flying spaghetti monster touched the file with His invisible noodly appendage so now it's a three way split.

[hdhshdhshdjd]

I didn’t say it was 50/50, but an accurate enumeration of options does include a failed attempt at a hack.

I fail to see why this is so difficult to understand.

[azinman2]

Especially because if it was crowdstrike wouldn’t be apologizing and accepting blame.

[owl57]

Why? They are in a very specific business and have more incentive to cover up successful attacks than most other companies.

And while I'm 99% for Hanlon's razor here, I don't see a reason to be sure it wasn't even a completely successful DoS attack.

[hdhshdhshdjd]

“Our employee pushed bad code by accident” is VASTLY better for them than “we didn’t secure the infra that pushes updates to millions of machines”.