‘ On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”’
Kitboga is a well-known streamer whose entire schtick is wasting scammers' time. He uses a voice changer and has a very thorough setup of fake websites including Google, the Google Play store, a bank, and more, as well as fake screen sharing tricks that show him exactly what a scammer is trying to do when they use a remote-access tool to access his system. When they use their RAT to black out his screen so they can hide DOM manipulation in the browser or something, he can actually watch them do it.
In the video above, at about 53:00 in, Kitboga "redeems" the fake Google Play Store card that he "bought" rather than letting the scammer copy the numbers.
One thing he's shown many times is how persistent scammers can be. One time he hit the password reset on his fake bank and made the scammer help him solve a password game. https://youtu.be/wkLPk2tmyNI
Am I correct in interpreting that they canceled a multi-use code after it was shared publicly? I think that would be quite reasonable and an insignificant offense compared to pushing code that breaks your clients' computers or offering $10 of compensation for having done so.
This is definitely worse than no gift card. Insulting. A general maxim: When something is a big deal, your response should make a bigger deal out of it than the complaints. $10 says "We don't think this matters." Now watch as everyone explains precisely why it does. PR 101 fail.
More like..."We recognize that we have a moral, ethical, and likely legal obligation to make things right and pay back the damage we have caused...but we're not going to."
“We are sorry. We really messed up with this deployment. In fact, we’ve questioned whether we should be alive, or whether we should have even been born at all. Heck, maybe none of this should exist.”
The only way I can imagine one-upping the detractors at this point.
Heh, at my last job my store was breaking all sorts of profit records and generally put every other store in the district to shame. I don't need to tell you that we worked hard for that.
Corporate sent us a $25 gift card. Not for each of us, one $25 gift card for a team of 8 people. We had made well over three million in sales that year. Felt like a slap in the face for a job well done.
This reminds me of something that happened at a former employer. After I had been employed there for a couple of years, someone in HR or Legal noticed that the programmers had never signed any "our code belongs to the company" agreement. So they asked us to sign a paper to that effect, and gave us each a check for $20. My thought was that I always assumed the company owned this code, but if they were going to pay for it, then $20 was waaaay too little. Anyway I took the $20, signed the paper, and got back to work. But it always gave me a chuckle.
Any contract requires consideration. Without it, it's not a valid contract. It doesn't require fair consideration, so a clause giving e.g. $1 is typical for many contracts. They were nice and bumped it up to $20.
I suspect your work DID belong to the company already, under work-for-hire doctrine, but an explicit contract avoids that ambiguity. Ambiguity can be bad and super-expensive, whether during litigation or even something like an audit. If someone is buying a company, investing, making a major loan, that's the kind thing which comes up in due diligence and can be annoying.
So I don't think they were paying you for the code, so much as trying to come into compliance. Very likely, this was triggered by some similar audit for some deal they were trying to make.
Interesting. I worked for a company that got bought by another company. Pretty much everyone was a salaried employee with a standard employment contract. There was no formal rehire process, but at some point the new company did the same thing as OP's company, saying that anything we produce at work or with work resources belongs to the company. But with an added "no moonlighting" clause.
We did not get any consideration, cash, or gift cards. Instead we were told that if we didn't sign the new company's mandatory agreements, our employment status could be up for review.
That's exactly it. The $20 is not an assessed value of the code; it's to establish consideration. $1 would have been legal. It's legal to make asymmetric contracts that benefit one party more than the other, just not contracts that are completely one-sided. They probably did $20 just so it wouldn't seem quite as insulting.
Anytime you see stories of "[insert name of rich CEO or politician] takes salary of only $1", that's why. They can't work literally for free, or the rest of the contract becomes nonbinding.
Watch out for "work-for-hire doctrine" erm... assumptions.
Last time I looked work-for-hire law only takes effect if there is explicit mention of the term "work-for-hire" in the contract, otherwise it's not "work-for-hire". And I have never seen a contract actually mention "work-for-hire".
Do current employment contracts state "work-for-hire"?
This is also why companies will reward employees filing a patent application with a silver dollar. It's a nice token of appreciation but also fulfills the contract aspect of assigning rights.
Salary in this case would serve as the consideration for the work they perform, but lawyers love making things as explicit as possible (understandably).
You think the $20 was consideration, and yet you think they were not paying for the code? Aren't these the same thing?
> Ambiguity can be bad and super-expensive
If the corporation had some ambiguity in their favor, I expect they would call it "value" and ask for as much as they could get to remove it. But if the ambiguity is in favor of an employee or client, let's remove it for a token $20. Ugly society this one is.
My friends and I contracted to a company in 2004 to build a text message system. The company decided they didn't want to pay us the last month's bill. They'd spent all their money buying a custom Harley as a prize for the customers and now had nothing left.
We met with their CEO+CFO+lawyers and our lawyers. They were adamant they wouldn't pay the last payment. We pulled out our contract and showed they didn't own any of their code because there was no IP transfer in there. They said "We need a minute." We left the room, came back in and there was a check for the outstanding balance in the middle of the table.
This is because it's a contract oddity - if they told you to sign it but offered nothing; you could challenge it in court, and the courts have often said a "one-sided contract" is not valid (e.g., you give me copyright I give you nothing).
The $20 is "due consideration" - just like how some deals involve selling an item for a dollar.
I wonder when we'll start to have some estimate of indirect/direct death toll. This took down several 911 type services and hospitals, some reported imaging down, some being back to paper and pen at ER.
At least their domain is descriptive, that article is much to do about nothing -- civil cases aren't criminal cases with a boolean outcome. The award isn't recognition that the life was worth $4, it is a recognition that the defendant did just about nothing wrong.
50 years from now, unclassified documents reveal that crowdstrike was secretly a CIA controlled business which was operating an offensive botnet created for the anticipated cyberwar, with a peacetime cover story of being security software with automatic updates. Everybody rolls their eyes and asks how anybody ever fell for that when the name openly says what it is.
Probably bullshit, but honestly... Wtf is up with the name?
It's a dumb name and I've already wasted a considerable amount of time looking for an explanation but to no avail. Sounds like something a group of seven year old boys would come up with because it sounded cool.
Why do you think this is BS? It perfectly explains the name and also why something like this is installed so ubiquitously and still installed despite such a massive screw up. Also offensive capabilities need wide deployment just as much as defensive. Cybersecurity and cyberwar is a real thing, and surely DDOS botnets are a core part of that.
Maybe it's controlled by the CIA, or maybe just has a quiet contract with USCYBERCOM and/or ARCCYBER.
I mean, people don't seem that concerned about all of the nuclear missiles and submarines, aircraft carriers, and US military bases everywhere. Computers and the internet are now part of that and have been for quite awhile. If you are invested in this system then you probably want that dominance to continue (otherwise you should probably start learning Chinese). In which case we probably need something like a "crowd strike" widely deployed on the monopoly OS so that we have offensive capabilities.
If you don't like that idea then why use Windows at all? Use Linux at least.
I don't think this is really conspiracy theory territory unless you are in denial that cyberwarfare exists or that the US must participate in it.
I've begun referring to them as ClownStrike, given that so far they have seemed to act more like a bunch of circus clowns than an actual knowledgeable entity.
This tone deaf offer just reinforces the impression that they are just a bunch of clowns.
Not quite enough? The last time I had a "discount" for Uber Eats, it was a $15 meal with so many fees on it that AFTER the $30 discount, I still needed to pay $35. Cancelled.
Yes, Uber Eats is so expensive it feels like they could give away $10 vouchers and still make a handsome profit. I wonder how much CrowdStrike paid for these vouchers? Surely nothing like $10 each.
£7.75 GBP, ill admit i haven't used Uber eats in years because the prices are insane but im not sure that covers much more than the delivery fee.
(Also, people who want McDonalds 20 minutes after it was remotely edible and shaken to shit on the back of a moped, who are you? I see the bikes everywhere but have never met one of you irl)
A girl I went to school with in the American South is now a reporter in the Midwest. She was supposed to go home for a brief visit to see her family, but Delta canceled her flight due to the CrowdStrike outage. A few days later her father was murdered by a disgruntled customer while working at his jewelry store in their hometown.
What an awful coincidence. I can’t even imagine how it must feel to have a freak technical accident deprive you of seeing your father for the last time.
This would happen with literally anything. Bus is late and you miss the flight. Weather is bad, flight gets delayed. You eat out and get food poisoning, can't get the flight.
Anything could have caused that really. Still very unfortunate but c'est la vie sometimes.
I agree. My desired tone for my comment was less “CrowdStrike is evil” and more “the universe, through its indifference to you, can be very cruel and absurd”
It could have happened with anything, but instead, it happened because a company run by a guy with a multi-billion-dollar net worth couldn't be bothered to check if the software they were shipping actually worked.
Think about this: Someone came up with that idea. A group of people probably approved it. Someone else had to purchase those cards or set up the job to send them to customers.
At no point did anyone think "this doesn't seem like the right response, I should warn someone further up the chain". Probably due to the idea coming from further up the chain.
And those ubereats/doordash/grubhub cards are worthless because $10 won't get you a thing, you'll need to spend another $30. Which is why corporate always buys those because I am guessing they're much less than $10 to buy.
Readit News
Dead Comment
https://youtu.be/sRMMwpDTs5k
Kitboga is a well-known streamer whose entire schtick is wasting scammers' time. He uses a voice changer and has a very thorough setup of fake websites including Google, the Google Play store, a bank, and more, as well as fake screen sharing tricks that show him exactly what a scammer is trying to do when they use a remote-access tool to access his system. When they use their RAT to black out his screen so they can hide DOM manipulation in the browser or something, he can actually watch them do it.
In the video above, at about 53:00 in, Kitboga "redeems" the fake Google Play Store card that he "bought" rather than letting the scammer copy the numbers.
One thing he's shown many times is how persistent scammers can be. One time he hit the password reset on his fake bank and made the scammer help him solve a password game. https://youtu.be/wkLPk2tmyNI
While I do understand that this might have been sent by a department far removed from IT, it's still scary that they didn't think of possible abuse.
Deleted Comment
More like..."We recognize that we have a moral, ethical, and likely legal obligation to make things right and pay back the damage we have caused...but we're not going to."
The only way I can imagine one-upping the detractors at this point.
Corporate sent us a $25 gift card. Not for each of us, one $25 gift card for a team of 8 people. We had made well over three million in sales that year. Felt like a slap in the face for a job well done.
Any contract requires consideration. Without it, it's not a valid contract. It doesn't require fair consideration, so a clause giving e.g. $1 is typical for many contracts. They were nice and bumped it up to $20.
I suspect your work DID belong to the company already, under work-for-hire doctrine, but an explicit contract avoids that ambiguity. Ambiguity can be bad and super-expensive, whether during litigation or even something like an audit. If someone is buying a company, investing, making a major loan, that's the kind thing which comes up in due diligence and can be annoying.
So I don't think they were paying you for the code, so much as trying to come into compliance. Very likely, this was triggered by some similar audit for some deal they were trying to make.
We did not get any consideration, cash, or gift cards. Instead we were told that if we didn't sign the new company's mandatory agreements, our employment status could be up for review.
Anytime you see stories of "[insert name of rich CEO or politician] takes salary of only $1", that's why. They can't work literally for free, or the rest of the contract becomes nonbinding.
Last time I looked work-for-hire law only takes effect if there is explicit mention of the term "work-for-hire" in the contract, otherwise it's not "work-for-hire". And I have never seen a contract actually mention "work-for-hire".
Do current employment contracts state "work-for-hire"?
I am not a lawyer and I don't understand this phrase. But many legal systems require that a contract is at arm's length.
> Ambiguity can be bad and super-expensive
If the corporation had some ambiguity in their favor, I expect they would call it "value" and ask for as much as they could get to remove it. But if the ambiguity is in favor of an employee or client, let's remove it for a token $20. Ugly society this one is.
https://www.nolo.com/legal-encyclopedia/consideration-every-...
Any contract request that includes a small cash payout should merit extra scrutiny.
We met with their CEO+CFO+lawyers and our lawyers. They were adamant they wouldn't pay the last payment. We pulled out our contract and showed they didn't own any of their code because there was no IP transfer in there. They said "We need a minute." We left the room, came back in and there was a check for the outstanding balance in the middle of the table.
The $20 is "due consideration" - just like how some deals involve selling an item for a dollar.
[0] https://hotair.com/jazz-shaw/2018/06/01/jury-awards-family-f...
https://www.tcpalm.com/story/news/local/st-lucie-county/2022...
All involved very split juries - so I think the low amount was kind of a compromise by the jury in each case.
> jurors sent a note to U.S. District Judge Aileen Cannon stating “we are deadlocked. We are unable to come to a unanimous decision.”
> Cannon encouraged them to continue deliberating.
I find it funny that their name, CrowdStrike, sounds like an anti-personnel reaper drone. Now metaphorically fits.
Probably bullshit, but honestly... Wtf is up with the name?
Maybe it's controlled by the CIA, or maybe just has a quiet contract with USCYBERCOM and/or ARCCYBER.
I mean, people don't seem that concerned about all of the nuclear missiles and submarines, aircraft carriers, and US military bases everywhere. Computers and the internet are now part of that and have been for quite awhile. If you are invested in this system then you probably want that dominance to continue (otherwise you should probably start learning Chinese). In which case we probably need something like a "crowd strike" widely deployed on the monopoly OS so that we have offensive capabilities.
If you don't like that idea then why use Windows at all? Use Linux at least.
I don't think this is really conspiracy theory territory unless you are in denial that cyberwarfare exists or that the US must participate in it.
This tone deaf offer just reinforces the impression that they are just a bunch of clowns.
...wait
At least an Amazon gift card is near its cash value, when you account for the markup on food delivery that $10 is about 4 USD
(Also, people who want McDonalds 20 minutes after it was remotely edible and shaken to shit on the back of a moped, who are you? I see the bikes everywhere but have never met one of you irl)
Deleted Comment
What an awful coincidence. I can’t even imagine how it must feel to have a freak technical accident deprive you of seeing your father for the last time.
Anything could have caused that really. Still very unfortunate but c'est la vie sometimes.
Ouch. That has potential to go that bit extra badly in the press/media too.
Though with the scale of ClownStrike's fuck up, they might not even notice.
At no point did anyone think "this doesn't seem like the right response, I should warn someone further up the chain". Probably due to the idea coming from further up the chain.
And those ubereats/doordash/grubhub cards are worthless because $10 won't get you a thing, you'll need to spend another $30. Which is why corporate always buys those because I am guessing they're much less than $10 to buy.
What an utter clown strike.