How Cyberwarfare Actually Works

  Рет қаралды 3,170,301

Wendover Productions

Wendover Productions

Күн бұрын

Пікірлер: 2 300
@Oliver-eg7wg
@Oliver-eg7wg 2 жыл бұрын
02:18 Sam : “This new era was made possible” Me : “by skillshare, an online learnin…” Sam : “by one single concept.” Me : Oh
@nicnic7273
@nicnic7273 2 жыл бұрын
Yes i thaught that to 😂😂
@Nnx1ful
@Nnx1ful 2 жыл бұрын
I actualy automaticly skipped that part. If it was not for you I would never have known XD
@stevesmith1810
@stevesmith1810 2 жыл бұрын
This wins
@bananek1208
@bananek1208 2 жыл бұрын
I was about to comment the exact same thing
@fastfiddler1625
@fastfiddler1625 2 жыл бұрын
Came to see if anyone beat me to it. Of course they have. Lol
@chrome1157
@chrome1157 2 жыл бұрын
3:29 For anyone interested: this is only partially true. A zero day IS a bug, but not every bug is a 0-day. A 0-day is a bug that the vendor of the product in question has known about since 0 days (so: they don’t know about it while it is already being exploited/found by someone else)
@DanKaschel
@DanKaschel 2 жыл бұрын
And of course it also has the fall into several categories of utility; a bug that causes the wrong shade of yellow to appear is (probably) not a zero day
@pchris
@pchris 2 жыл бұрын
This is a much better explanation than the top comment rn. Better grammar too.
@delusionnnnn
@delusionnnnn 2 жыл бұрын
And the name comes from the warez scene (since there was significant overlap in the early to mid 80s), when "0-day warez" meant a game which was cracked on the day it was released. You'd get "-1 day" sometimes due to time zone issues, but 0-day was the gold standard.
@en0n126
@en0n126 2 жыл бұрын
Thank you. Hearing the video's definition was a bit of a forehead slapper. A zero-day is an exploit that was discovered being actively exploited in the wild, without the hardware/software manufacturer being aware of it, so there is no fix available at that time. The alternative would be if the manufacturer was made aware before the exploit was found being used in the wild, and likely already has a patch available.
@cerebraldreams4738
@cerebraldreams4738 2 жыл бұрын
@@DanKaschel - Zero days imply code execution.
@AdamEmond
@AdamEmond 2 жыл бұрын
Nothing like an existential crisis on a Tuesday's lunch break!
@calebleon9103
@calebleon9103 2 жыл бұрын
On the back half of my lunch watching this, and I cannot agree more
@freedomofspeech2867
@freedomofspeech2867 2 жыл бұрын
Solve it by getting chickens and putting potatoes in the ground.
@michaelh9656
@michaelh9656 2 жыл бұрын
We're actually starting a club now
@VishnuAi
@VishnuAi 2 жыл бұрын
This video makes it worth taking a break.
@Queleb1
@Queleb1 2 жыл бұрын
literally me rn
@TheLouisianan
@TheLouisianan 2 жыл бұрын
FYI, the reason those centrifuges are so fickle ( said around 9:47) is because of the precise balancing and precision you need on the bearings to separate Uranium 235 from 238. They need an air layer in the bearings (because mechanical bearings with an oil layer can't go to high enough RPM and aren't precise enough) I.E. gas or magnetic bearings to work correctly which need final tuning to make the system run correctly. It would be incredibly easy to just change 1 or 2 parameters that would make a mag bearing system rotate out of orbit and they can literally tear themselves apart if you wanted it to. Stuxnet running at bad RPM ranges likely caused the motors and bearing stators to run at bad efficiency (creating a lot more heat) which can "cook" your mag bearings, motor, and stator by basically annealing the laminar sheets of steel and changes their characteristics (which also removes their magnetism and makes them run horribly). This would likely do this to the motor stator and rotors as well.
@thomas_testing
@thomas_testing 2 жыл бұрын
So you got hired right?
@dylannewton9986
@dylannewton9986 2 жыл бұрын
Isn't that obvious?
@chrisc1140
@chrisc1140 Жыл бұрын
In some ways, I almost feel like pre-programming something to make them run like, just a bit shit might actually be harder than running in a way that'd simply rip themselves apart. Which of course gets you less dramatic damage, but lets you interfere for MUCH longer before discovery.
@MadScientist267
@MadScientist267 Жыл бұрын
Hey if you were spinning at Hz, you'd be all screwed up too...
@Mr_Boifriend
@Mr_Boifriend 11 ай бұрын
Yea that's exactly what I was gonna say..
@mikvance
@mikvance 2 жыл бұрын
Wendover: "No one has officially accepted responsibility for creating Stuxnet." US & Israel: (holding back giggles)
@ziadghannam7704
@ziadghannam7704 2 жыл бұрын
Useless virus, useless designers, useless countries
@carlosandleon
@carlosandleon 2 жыл бұрын
I thought the UK and Israel did it.
@QuantumNaut
@QuantumNaut 2 жыл бұрын
@@carlosandleon CIA with collaboration with others in Israel.
@Geerice
@Geerice 2 жыл бұрын
@@carlosandleon No one actually knows, but I'd bet money that the DoD had a few hands in it
@bananian
@bananian 2 жыл бұрын
Ikr, as if the typical basement dwelling hacker would know how an underground uranium centrifuge in Iran works.
@berttorpson2592
@berttorpson2592 2 жыл бұрын
"This new era was made possible" my brain finished the sentence "with skillshare" you've ruined me
@WaseemYusuf
@WaseemYusuf 2 жыл бұрын
😂😂 saame
@qualeb8164
@qualeb8164 2 жыл бұрын
Same here
@MrRinoHunter
@MrRinoHunter 2 жыл бұрын
Lol
@Costumekiller
@Costumekiller 2 жыл бұрын
Too
@6233791
@6233791 2 жыл бұрын
We’ve all been conditioned
@AhmedW-sy9ti
@AhmedW-sy9ti 2 жыл бұрын
But the real question is: How would this affect airline logistics?
@MegaBallPowerBall
@MegaBallPowerBall 2 жыл бұрын
cd 66 A single cyber bug can completely shutdown an entire country's airline industry in a matter of seconds.
@l.u.c.a.s.
@l.u.c.a.s. 2 жыл бұрын
I'm sure airline and airplane software vulnerabilities are highly sought after actually. Imagine having an airplane botnet.
@niembro64
@niembro64 2 жыл бұрын
lmao
@cockatoo010
@cockatoo010 2 жыл бұрын
If the target is Air Traffic Control, you could stop airlines from getting filing flight plans and no flight plan, no clearance. You could shut down instrument landing systems on a day with bad weather, the airport's operational minima will be increased and if the day is foggy enough, you've shut down the airport
@bdmxh
@bdmxh 2 жыл бұрын
He’s being sarcastic 😂
@themisir
@themisir 2 жыл бұрын
Correction: zero day is a case when discovered vulnerability haven't been fixed yet. Not all software bugs are zero day. Only the ones that's discovered and used before software manufacturer produced a patch to fix it.
@pleasedontwatchthese9593
@pleasedontwatchthese9593 2 жыл бұрын
Thank you for pointing this out. Its confusing because people describe exploits/vulnerability as zero days in the media but its only describing the effect and not what it actually is. Its like calling a car a zoom. The zoom being the zero day and the car being the exploit.
@johnmackenzie3871
@johnmackenzie3871 2 жыл бұрын
Another correction, most zero day exploits are not known by the devs. Known zero day exploits are usually quickly fixed by devs when brought to their attention.
@nekko3559
@nekko3559 2 жыл бұрын
Not trying to correct you or anything, but arent zero days vulnerabilities that have been discovered before the software is released?
@pleasedontwatchthese9593
@pleasedontwatchthese9593 2 жыл бұрын
@@nekko3559 It's a exploit in existing software that is activity being exploited that was not previously known. Sometimes exploits are know or reversed engined from patches and these are not zero days. If a bug is found and disclosed its also not a zero day.
@pleasedontwatchthese9593
@pleasedontwatchthese9593 2 жыл бұрын
@@johnmackenzie3871 zero days are always not know by the devs by definition. Devs don't always act fast and it's always been a topic in the security world when to publicly disclose exploits to force devs to act so zero days don't happen.
@triptheroad
@triptheroad 2 жыл бұрын
The fact that they found that many obscure bugs and managed to package them all together and transmit them across the network intact as printer metadata is absolutely amazing
@itemushmush
@itemushmush Жыл бұрын
there was an exploit in iPhone image decoding called "FORCEDENTRY" where a genius team of hackers created a whole turing machine to run their own code. its insane how talented people are
@triptheroad
@triptheroad Жыл бұрын
@@Neuroburger are you trying to say that software engineers intentionally developed and documented these vulnerabilities to conveniently use in this specific scenario later?
@alinaqirizvi1441
@alinaqirizvi1441 9 ай бұрын
And it shows the tyrannical and evil nature of the US and Israel hypocritically stunting Iran's lawful nuclear programme
@yitzakIr
@yitzakIr 2 жыл бұрын
The lesson is listen to your programmers when they tell you they need more time. ESPECIALLY if you work on something critical.
@smnbrgss
@smnbrgss 2 жыл бұрын
And always have the most up to date software version
@anthonybanderas9930
@anthonybanderas9930 2 жыл бұрын
@@smnbrgss yeah, tell that to end users and product owners... "I ain't paying you for fixing working things, gimme features NOW!!!11111"...
@unixtreme
@unixtreme 2 жыл бұрын
When I was in high school I rigged the USB autorun like the one at the beginning of the video to inject my own payload instead of the intended one. From that moment on whenever a new USB key was inserted it would: - Transfer all .txt .doc .xls and such document files to a hidden folder in C:\Windows\ - If the Label was a specific label (sort of like a password) it would instead copy all files in this hidden folder onto the USB drive. - Self-replicate to the inserted USB key and make itself part of it's autorun. I used this USB key to then turn in my class assignment to my teacher. I think in like a week I could go around to any computer in the school, plug in my USB key with the right label, wait a few minutes, and a bunch of new documents would be in there, including: - Future Assignments. - Future tests. - Other student's assignments/projects. - Personal documents (that was dicey). - Some people even had text files with their passwords. Sorry I feel like a rambling boomer. The reason why I can disclose this is that it just prescribed so even if they found me out nothing could happen.
@0xKnownError
@0xKnownError 2 жыл бұрын
@@unixtreme Genius, copying them into a directory where almost no one opens in Explorer, ever, haha
@thitran6105
@thitran6105 2 жыл бұрын
ok
@coldham77
@coldham77 2 жыл бұрын
Stuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.
@AxxLAfriku
@AxxLAfriku 2 жыл бұрын
GAGAGAGAGAGA!!! I want to cut my toenails... NEVER! I am the feet KZbinr. Thanks for being a fan, dear chr9s
@computer_toucher
@computer_toucher 2 жыл бұрын
Yeah, the payload, distribution of it and effects should be Infosec and Malware 101 -- it's sublime.
@johnmackenzie3871
@johnmackenzie3871 2 жыл бұрын
Cyber-terrorism isn't "beautiful", it's a sophisticated virus that was originally intended to damage industrial plants but was then repurposed for nuclear power plants.
@distortedmist
@distortedmist 2 жыл бұрын
Lucky for you - he explains it in the video.
@Fishmans
@Fishmans 2 жыл бұрын
Even more interesting is the history behind the notorious Mirai botnet. Such a powerful tool just so a couple guys could run a protection racket off Minecraft server hosting.
@zancloufer
@zancloufer 2 жыл бұрын
A few years ago when they started making fridges, stoves and other "smart" appliances I half joked that hooking your toaster doesn't do much more than making is possible for someone to burn you house down remotely. Not sure if it's a good thing that I was right. Internet connection for 90% of devices is useless and pretty much just an extra thing to go wrong and a vulnerability.
@peterweller8583
@peterweller8583 2 жыл бұрын
Scary right?
@ericcartman9594
@ericcartman9594 2 жыл бұрын
That may be the original porpose
@karl0ssus1
@karl0ssus1 2 жыл бұрын
@Nunya Business IoT devices are usually fairly insecure and almost never updated, making them easy targets for hackers. Really not a concern for the average consumer, very few hackers are interested in burning down your kitchen with your smart toaster, but they can be recruited into botnets or used to more widely propagate malicious code.
@jimurrata6785
@jimurrata6785 2 жыл бұрын
@@karl0ssus1 How many HIK Vision cameras or home AP's are _still_ on their default settings/password? How many were/are used for ddos over the years?
@zancloufer
@zancloufer 2 жыл бұрын
Forgot "to the internet". "Hooking your toaster to the internet". Even if it's not a concern right now there is nothing saying we won't start seeing serious cyber terrorism. There is very rarely a purpose for remote access to home appliances while the possible bot use or remote terrorism possibilities are endless. There is nothing stopping a foreign power from investing in accessing these devices to launch untraceable attacks on countries they would normally have no hope of fighting conventionally.
@bob32qwerty
@bob32qwerty 2 жыл бұрын
Sucks this video was erroneously taken down for so long, hope this helps you guys keep doing good work!
@clintrichardsonclintfromny203
@clintrichardsonclintfromny203 2 жыл бұрын
Its how YT shaves profit from the creators.
@taavitammaru5671
@taavitammaru5671 2 жыл бұрын
Any idea why it was taken down?
@lilyliao9521
@lilyliao9521 2 жыл бұрын
@@taavitammaru5671 copyright strike
@lilyliao9521
@lilyliao9521 2 жыл бұрын
@@taavitammaru5671 nicole perloth doesnt like it when you credit and use her as a source
@clintrichardsonclintfromny203
@clintrichardsonclintfromny203 2 жыл бұрын
@@Noobscodee Its possible I dont get how the system works because Ive been banned for 4 years, but the most views usually occur shortly after release.
@ericdiaz9775
@ericdiaz9775 2 жыл бұрын
I'm a programmer and a hobby hacker. I expected some flaws since no one can make accurate cyber security videos. However, you did a really good job. Thoroughly enjoyed this one, thanks!
@jakestavinsky3480
@jakestavinsky3480 2 жыл бұрын
Hobby hacker?
@ughcreature
@ughcreature 2 жыл бұрын
@@jakestavinsky3480 they do it as a hobby
@mastershooter64
@mastershooter64 2 жыл бұрын
@@jakestavinsky3480 Their hobby is hacking and learning about hacking
@theramendutchman
@theramendutchman 2 жыл бұрын
Not really, a lot of the info in this video is half-true, and he doesn't seem to know what a lot of the terms (such as zero-day and remote execution) mean
@vez3834
@vez3834 2 жыл бұрын
@@jakestavinsky3480 They hack Hobby Lobby, an American arts and crafts company, presumably in order to take crayons from your children.
@ronan5228
@ronan5228 2 жыл бұрын
As someone who works in cybersecurity, I can say this was a brilliant video for bringing awareness to the massive concerns that nations, companies and, individuals face in this regard.
@17thshard62
@17thshard62 2 жыл бұрын
When it comes to cyberwarfare, every nation with sense operates on a policy of 'Those in the know aren't talking, and only those who are not in the know are talking.' I once chatted with one of their ex-security guys and apparently Fort Meade is so insanely paranoid when it comes to security, they immediately began renovations on their headquarters when some college discovered a way to get wireless data through the massive Faraday cage already cladding those buildings. These are the same guys that encase every wire coming into Fort Meade inside sensor-lined concrete.
@pinkfluffyant6335
@pinkfluffyant6335 2 жыл бұрын
Interesting! I take it you're a brandon sanderson fan?
@BRoyce69
@BRoyce69 Жыл бұрын
​@@pinkfluffyant6335 nah he's just some guy names Hoid, living his life
@DaNerd01
@DaNerd01 2 жыл бұрын
i’ve been a part of the cyber security industry for over a decade, it’s crazy to see how much it’s changed!
@DaNerd01
@DaNerd01 2 жыл бұрын
also I am impressed by how well you explained stuxnet. For a guy who is likely not a computer scientist or a security engineer, it was a near perfect presentation. My hat is off to you!
@c128stuff
@c128stuff 2 жыл бұрын
What surprises me at times is how long it really took for those things to happen. I agree that something like stuxnet happening was huge, but first of all because it became public, and people started to think about it, and take some things people in the security industry have been saying for a long time now, a lot more serious. But.. imo, this being possible wasn't news, and shouldn't have been news for decades now.
@autohmae
@autohmae 2 жыл бұрын
What nobody talks about is how, probably Israel, killed some of the engineers from the nuclear plant who were trying to clean it up where killed on the streets in the city. And how the security expert from Microsoft had an unfortunate accident before his big talk about Stuxnet at a security conference. Probably that last one was purely an accident and coincidence. But the dead Iranians clearly aren't. It does indicate that working in IT Operations and Security has become a more dangerous job than it used to be. And as XKCD 538 indicates the weakest link at some point might end up being us.
@Bell_plejdo568p
@Bell_plejdo568p Жыл бұрын
@@autohmaewho was the security expert
@autohmae
@autohmae Жыл бұрын
@@Bell_plejdo568p the talk: 27C3: Adventures in analyzing Stuxnet (Bruce Dang from Microsoft)
@Volition1001
@Volition1001 2 жыл бұрын
As an information security professional I’m ecstatic that cyber has entered the public consciousness, thank you for this video
@HaveanOreshnik
@HaveanOreshnik 2 жыл бұрын
I'm scared, there's this guy who was friends with my friend and told me he was with some hacking group from Belarus, like he started phishing people from 50 accounts, said he knew some kind of 'people' called Sandworm, possibly them
@bullpup1337
@bullpup1337 2 жыл бұрын
if you think cyber just entered the public consciousness, you must have missed the 80s.
@Josh-eb5vm
@Josh-eb5vm 2 жыл бұрын
as a bullshit detector professional i call bullshit
@bullpup1337
@bullpup1337 2 жыл бұрын
@Plentus Have you ever heard of the term cyberpunk? Yes, that is from 1980.
@DR-54
@DR-54 2 жыл бұрын
@@HaveanOreshnik there's a shit ton of hacking groups with their own names think like petty youth gangs that shoplift and pickpocket people or break into cars, the difference between them and a nation state hacking group is identical to the difference of those petty gangbangers and the most powerful cartels
@Kevin-jb2pv
@Kevin-jb2pv 2 жыл бұрын
Hacker: Hey, we found some bugs you might want to know about. Big tech: We sue. Later: Hacker: I'ma post bugs on the forums cuz I don't want to be sued. Security company: _Yoink!_ Also Security company: Hey, we found some bugs you might want to know about. Big tech: We buy.
@jacobp8294
@jacobp8294 10 ай бұрын
I have a bachelors degree in cybersecurity, this documentary was well put together and includes some suprisingly well communicated technical segments. Wendover productions did a great job.
@philsephton
@philsephton 2 жыл бұрын
The best way I've found to fully understand Stuxnet was listening to the Darknet Diaries podcast. It goes into a lot more detail and shows how amazing the whole Stuxnet operation was
@drewsipos5035
@drewsipos5035 2 жыл бұрын
Dude that podcast rules
@blakegreen82
@blakegreen82 2 жыл бұрын
Where does one find that podcast?
@dhess34
@dhess34 2 жыл бұрын
Stuxnet’s dev artifacts date it to at least 2005. Imagine how potent current-gen cyber weapons are, *17 years* later…
@philsephton
@philsephton 2 жыл бұрын
@@dhess34 there's definitely hacks going on right now that are way crazier than Stuxnet, but they're that good we don't know about them yet, because the victim doesn't even know about them 👀
@the_maxus
@the_maxus 2 жыл бұрын
I really like the analysis of Stuxnet called "To kill a centrifuge" by Ralph Langner as it explains lots of technical details about Stuxnet and centrifuges in question. Also the virus portrayed in this video is actually a second less sneaky version of Stuxnet, the first one was much more sneaky and destructive, but much less exciting as it had no 0-days nor any way to spread via local network.
@SteamTech_4468
@SteamTech_4468 2 жыл бұрын
As someone who works with PLCs its nice to see them actually mentioned. I wasn't aware that Stuxnet hit the PLC's themselves I thought it crippled the SCADA system. I guess that shows how PLC's tend slide into the background in the media. The only comment is you used a modern Logo PLC (more akin to home automation or tiny single function machine) instead of the S7-300 more akin to massive machines and entire factories.
@will75wallace
@will75wallace 2 жыл бұрын
PLC security is a joke and mostly relies on being on an isolated network. That obviously isn’t enough if someone really wants access to your stuff as stuxnet proved. Makes you think twice every time you swap a usb flash drive between a business and process computer.
@prestonsiegfried9403
@prestonsiegfried9403 2 жыл бұрын
Yeah, controllogix 5000 don't have any credential requirements (or even an option to set any as far as I've seen), just need the ip and you can mess some thing up badly
@SteamTech_4468
@SteamTech_4468 2 жыл бұрын
@@prestonsiegfried9403 Yeah I'm haven't seen any passwords on AB plcs either. I know siemens have added them now.
@will75wallace
@will75wallace 2 жыл бұрын
@@SteamTech_4468 controllogix can have passwords but they’re use is frowned upon unless it’s a safety program or pharma.
@onemorechris
@onemorechris 2 жыл бұрын
the people who discovered Stuxnet didn’t know what device it was looking for when they were reading the code. i guess a PLC for nuclear centrifuge is pretty obscure hehe. i think they ended up buying one to test for real to make sure they had the right thing
@ilkoallexandroff
@ilkoallexandroff 2 жыл бұрын
Haven’t been so early on a Wendover video! Getting some popcorn, and staring it! Cheers from Japan!
@HaveanOreshnik
@HaveanOreshnik 2 жыл бұрын
Love to Japan from Russia, our country is not at a great spot, things are becoming restricted, I need to use a VPN to actually see this, who cares though, I condemn the war in Ukraine, idc
@florianschneider3982
@florianschneider3982 2 жыл бұрын
isn't it about one o'clock in the morning in Japan? What are you still doing here?
@Cless_Aurion
@Cless_Aurion 2 жыл бұрын
@@florianschneider3982 We are rebels!
@HaveanOreshnik
@HaveanOreshnik 2 жыл бұрын
@@florianschneider3982 Imagine asking why are they still awake like is that against the law?
@ilkoallexandroff
@ilkoallexandroff 2 жыл бұрын
@@florianschneider3982 still to early t9 sleep! Lol
@gdubaz
@gdubaz 2 жыл бұрын
Zero Day doesn’t refer to the software flaw itself, it refers to the small window of time between when it is discovered and when it it publicly announced. This is when it’s most valuable, because it can basically be exploited at will, because no one even know s to look out for it yet. So any flaw, no matter how major or minor, can be called a Zero Day during this limited timeframe. It doesn’t depend on complexity, just how widely known is it.
@agiliteaV
@agiliteaV 2 жыл бұрын
I'm just getting done my first semester of Cyberseurity and I noticed the hexidecimal in your thumbnail translates to Wendover. Simple I know, but learning this stuff makes you look at numbers and encryptions completley different.
@ericj199
@ericj199 6 ай бұрын
I'm thinking of pursuing cybersecurity too. Is it worth it?
@sicKlown86
@sicKlown86 2 жыл бұрын
The book referenced, "This is How They Tell Me The World Ends", is an amazing deep dive into this subject, and the beginning and ending sections dealing with the author's time in Ukraine were disturbingly prescient.
@jamez2022
@jamez2022 2 жыл бұрын
I learnt about day-zero exploits in my cyber security course. They are dangerous. And it is interesting to see them being used in this Ukrainian-russian war. Both Ukraine and Russia have been victim of these exploits because of the war.
@TheAssassin74
@TheAssassin74 2 жыл бұрын
Israel is so badass ngl
@misham6547
@misham6547 2 жыл бұрын
@@TheAssassin74 they are making bank selling to both sides
@john_smith_john
@john_smith_john 2 жыл бұрын
wow you must've been really smart to repeat these basic facts, what a useful comment.
@thanoscube8573
@thanoscube8573 2 жыл бұрын
@@TheAssassin74 I was strolling through Beer Sheba when an air raid took place, the sky opened up, a rocket barreling towards the Earth, yet a thousand more attacked it like a swarm of ants. Israel is infact, very cool.
@JohnSmith-fq3rg
@JohnSmith-fq3rg 2 жыл бұрын
They aren't inherently dangerous. They are either dangerous or completely harmless. It just refers to any undisclosed security exploit, bug or issue.
@KutAnimus
@KutAnimus 2 жыл бұрын
Just something to consider: This was discovered like 10 years ago. Just imagine how much more powerful cyberweapons must exist nowadays. No one listened, so now we wallow inside the pit of insecurity.
@mikemartin6748
@mikemartin6748 2 жыл бұрын
Plenty of people listened. There's just not a lot we can do to patch 0-days that, by definition, we don't know about yet
@musicplaylist6353
@musicplaylist6353 2 жыл бұрын
Modern cyber warfare also targets public opinion and psyche.
@countcampula
@countcampula 2 жыл бұрын
There's stronger ones with tens of zero days that is almost 100% already on your phone vibing till it finds it's sweet spot. The US makes up the majority of cyber attacks and we aren't shy about it lol
@peterweller8583
@peterweller8583 2 жыл бұрын
Not just in the vulnerabilities but in the implementation and discretion of the objectives it is the nature of cyber warfare to evolving faster than the nasty little bug eaters. Zero day exploits suck.
@BocchiSensei
@BocchiSensei 2 жыл бұрын
Tbh we have always been vulnerable, defenses and attacks develop day by day but one thing for sure is that the results will be the same, the only difference is perspective. A virus infecting 100mil devices decades ago would not be any different from a virus infecting 1bil devices today, its the same results, someone's property will get damaged.
@Grandwigg
@Grandwigg 2 жыл бұрын
I remember watching more information about this unfold while in IT class. It's amazing how simple payload concept was. Security Now podcast was a stream of weekly updates for a while there. This video is an excellent piece of coverage pulling it all together.
@Kirstyn-s7z
@Kirstyn-s7z 8 ай бұрын
If I could reach up and hold a star for every time you've made me smile, the entire evening sky would be in the palm of my hand.
@d2o3n4
@d2o3n4 2 жыл бұрын
2:16 I actually thought you were going to say "this new era was made possible by Curiosity Stream / Nebula / Brilliant / etc" lol
@user2C47
@user2C47 2 жыл бұрын
...Squarespace, Cloudflare, Nord or Express VPN...
@konstagold
@konstagold 2 жыл бұрын
This representation is somewhat inaccurate: Exploits, big and small are found all the time and are patched all the time. They're not nukes, you can't just sit on one for years because it may either get discovered and patched or rendered pointless by some other update or just a new software/OS/etc. They're also typically already out and about (ex: Meltdown) and, if big enough, get a ton of attention and very fast reaction to it. The log4j fix is an example of this. That doesn't mean they can't do a ton of damage, it's just that more often they're just happening all the time, and the vulnerabilities are just getting patched all the time. Organizations that are bad at security and keeping up with this, government or otherwise, are obviously the easiest targets.
@ShimmeringSpectrum
@ShimmeringSpectrum 2 жыл бұрын
As a counterexample, the Shellshock bug had existed since 1989 and wasn't identified until 2014. It is certainly conceivable that, even in the absence of conspiracy theories about government/corporate partnerships, a devastating bug could go unnoticed for decades.
@konstagold
@konstagold 2 жыл бұрын
@@ShimmeringSpectrum true, though that bug was exploited primarily cause the patch sucked and people weren't updating their unix servers. I guess the point I'm making is banking for a long time on no one discovering the discovery that you bought and hired a team of people to implement maliciously sounds like a stupid idea. It's like finding a $100 bill on a crowded street. You better hope no one else saw it. But as I said, I concede that sometimes exploits exist for literal decades, so a fair example for sure.
@codyoftheinternet
@codyoftheinternet 10 ай бұрын
Okay, I’m a controls engineer that works on Siemens Step7 and other brands of PLCs and I have to say that as long as they had a copy of what that program was originally doing, this industry is decades behind in security. It was quite possibly the easiest layer of this malware attack. Siemens is also the industry leader worldwide and since then have gotten a lot better but it’s all still very far off from being something we can all trust.
@TimeBucks
@TimeBucks 2 жыл бұрын
it is amazing
@morellatovar4151
@morellatovar4151 2 жыл бұрын
Bien
@jcast112358
@jcast112358 2 жыл бұрын
When he said "This new era was made possible..." I thought he was gonna say "by Nord VPN"
@oxide9717
@oxide9717 2 жыл бұрын
Omg same 😭😭😭😭😭
@jdatlas4668
@jdatlas4668 2 жыл бұрын
The common theory I've heard is that to at least some degree, Stuxnet wanted to be found eventually, after causing significant damage - the US wanted to show off their capabilities, and this is just about the only way you can. You can't exactly have a military parade with a bunch of soldiers holding up USB drives.
@Calvin_Coolage
@Calvin_Coolage 2 жыл бұрын
Makes sense, kinda like the motivation behind the use of the atomic bombs.
@LOLquendoTV
@LOLquendoTV 2 жыл бұрын
@@Calvin_Coolage a fitting metaphor, seeing as the US opened the floodgates to a new scary dimension of warfare, much like Hiroshima
@Calvin_Coolage
@Calvin_Coolage 2 жыл бұрын
@@LOLquendoTV At least nukes have MAD. If you get cyberattacked, assume it's the US or Russia or whatever, and launch a counterattack, then you just look like an asshole because the origins of these attacks are fairly difficult to prove.
@richardarriaga6271
@richardarriaga6271 2 жыл бұрын
Not really. Spies can keep doing the same thing if they never get caught.
@KafshakTashtak
@KafshakTashtak 2 жыл бұрын
Trust me, Iran will hold a millitary parade with soldiers holding laptops (made in the US) or some USB drives.
@MaxVliet
@MaxVliet 2 жыл бұрын
At 2:11 please tell me im not the only one who thought he was going to say "this new era was made possible..... by skillshare"? 😂
@AugustusTitus
@AugustusTitus 2 жыл бұрын
It used to be that zero-day vulnerabilites were immediately disclosed as the bad guys had them, and the more people who knew about them, the better they could change the security posture. However, the banks and Apple didn't like not having "advanced notice", so they changed to the current model, where severe bug may be unpublished for a period of time while the vendor makes corrections, rather than launching into a 90-day sprint to solve a Heartbleed bug.
@ViincenttB
@ViincenttB 2 жыл бұрын
Wendover is still one of the best informative youtube channels. Amazing work, brother!
@remi_gio
@remi_gio 2 жыл бұрын
If only he’d learnt how pronounce Iran correctly….😅😂
@gabrielbarnes6657
@gabrielbarnes6657 2 жыл бұрын
thanks for all the work you and your team put into the products you guys create, they are always made with care and even on HAI made with wittiness.
@seanwangsk
@seanwangsk 2 жыл бұрын
Thanks!
@WalnutBun
@WalnutBun 11 ай бұрын
3:25 Minor correction: the "holes" are called vulnerabilities. Zero-days are a subset of vulnerabilities that are exploited before the vendor is made aware of their existence - it refers to the amount of time a vendor has to fix the vulnerability before it can be exploited (since the vulnerability is already being exploited, they have zero days to fix it before exploitation).
@Th3EpitapH
@Th3EpitapH 2 жыл бұрын
3:12 that is a very weird way to explain what zero-day exploits are. not sure why you would go so far to avoid actually tying the name to the core concept directly. have a feeling a lot of people walked away with some weird idea of what they are.
@Calvin_Coolage
@Calvin_Coolage 2 жыл бұрын
A zero-day is literally just an undiscovered exploit in software corrrect?
@Th3EpitapH
@Th3EpitapH 2 жыл бұрын
@@Calvin_Coolage yup. one defenders have had no time to set up defenses for when it's used.
@muchavvir
@muchavvir 2 жыл бұрын
Yeah, 0-day-exploit = the manufacturer has had 0 days to look at the exploit, therefore hasn't been able to fix it.
@mateuszzimon8216
@mateuszzimon8216 2 жыл бұрын
They are 0-click exploits
@巫女みこメガネ
@巫女みこメガネ 2 жыл бұрын
8:53 the claim that 58% of computers in Iran were infected is inaccurate. 58% of infected computers were found in Iran, which is a very different thing.
@navyseal1689
@navyseal1689 2 жыл бұрын
Source?
@巫女みこメガネ
@巫女みこメガネ 2 жыл бұрын
@@navyseal1689 the same as this video: the Wikipedia article on Stuxnet. The article has a table listing affected countries, and "Share of infected computers" for each country. The creator of this video misinterpreted this as "amount of computers infected from the total amount of computers in that country", when in actuality, the table lists "amount of computers in that country from the total amount of known infected computers".
@navyseal1689
@navyseal1689 2 жыл бұрын
@@巫女みこメガネ ok, you have excellent English my guy
@SamtheIrishexan
@SamtheIrishexan 2 жыл бұрын
As someone who has had an attack that infected my network at home I can say its quite the nightmare. So bad I went to school to retrain into IT because I saw what this could do.
@mizzamoe
@mizzamoe 2 жыл бұрын
Dude! What's up? Funny I run into you in a comments section again; I tend to peruse the comments on pertinent subjects to get a feel for general perspective. So you've figured out SA's definitely got a problem with some psycho hackers. These weirdos are capable of some downright insane sh!t. I've been looking into a lot of bizarre hacking incidents and an overwhelming number of cases are cited in SA and the surrounding areas. It looks like there is some possible connection to the psychiatric community/industry...I mean you can actually hear voices in the environment, no bullshit. I'll stop there cause im just painting myself crazy at this point. Hope you're faring better now, this sh!t is no joke. Holler back!
@zdelrod829
@zdelrod829 10 ай бұрын
It's insane to think that the fact that companies would threaten people who would alert the developers about vulnerabilities in their products.
@eldaiblol1492
@eldaiblol1492 2 жыл бұрын
Very well presented. I think you should have made more clear how enormous 1MB is in this scenario. People take pictures or videos of hundreds of MBs or even GBs all the time. But this is just code and 1MB of just code for one single purpose is crazy.
@xMaFiaKinGz
@xMaFiaKinGz 2 жыл бұрын
How big are is 1MB of codes, Any idea how many lines, Are viruses usually in KB?
@agentnull5242
@agentnull5242 2 жыл бұрын
Yeah, so it’s undetectable. But they fill it with loads of padding so you can’t scan for viruses.
@xplinux22
@xplinux22 2 жыл бұрын
@@xMaFiaKinGz A few things to note here: it really depends on whether we are talking about the average size of graphical (point-and-click) programs versus the size of console programs, like Stuxnet. Graphical programs tend to be much larger than console programs, often several megabytes in size versus several (kilo)bytes for most console programs. For example, *bf1.exe* (the Battlefield 1 game executable) sits at about 13MB in size, depending on the specific version you have installed. This is all just code, so you can imagine how densely packed the information is inside a compiled binary such as this. To give you a similar perspective on the console program side of things, *cl.exe* (the Microsoft Visual C++ compiler executable) is a few hundred _kilobytes_ in size. This is an incredibly complex program designed to perform a very complex and open-ended task, but it's much smaller than *bf1.exe* because its scope is much narrower and it doesn't have to display anything graphical. So to have a virus (usually a single-purpose console program designed to do little more than spread and replicate itself, often kilobytes or even mere _bytes_ in size) take up >1MB of space with just code is very unusual and unprecedented. Stuxnet, as a non-graphical program meant to run in the background, had to have been _enormously_ complex to be that heavy.
@whateverrandomnumber
@whateverrandomnumber 2 жыл бұрын
What stopped white hat hackers from selling the exploit, and then immediately delivering them to the software developer to be fixed? Why hasn't this business model changed to some sort of subscription, where security companies would buy an exploit, and then pay some daily/weekly/monthly fee until the bug was patched by the developer (this way, encouraging the bug to be kept low profile)?
@saintjezebel
@saintjezebel 2 жыл бұрын
White hats are not nearly as common as you might notice, because of a combination of things, but here's something pertinent: When a bug gets reported, it usually comes after the reporter has abused it for a while and got bored or feels bad about it. So most of the time, reporting bugs can get you extreme suspicion and or bans/punishment. This alone demotivates a majority of regular (ie. non corporate employed) white hats. But other than this, generally, cybersecurity firms are hired in the process of creating new infrastructure. The problem is software devs LOVE to reuse old shit, so basically unless you're making a whole new internet, bugs from a billion other places will be incorporated. The internet is a lot like building a house and your house building tech only gets better the further in you've gotten. By the time you're installing solar panels, people are starting to realize the foundation is made of packed dirt.
@whateverrandomnumber
@whateverrandomnumber 2 жыл бұрын
@@saintjezebel unfortunately it makes a lot of sense. :/
@Jcewazhere
@Jcewazhere 2 жыл бұрын
With proper security monitoring zero days are not that scary. RCE would be detected and countered as it happened and the spread would be minimized. The problem is many corporations spend money on cyber security insurance because it's cheaper than proper security. Just like having the CEO pop their golden parachute and take the blame for something bad the company did cyber insurance lets the corporation save money until things go bad and then they get a big payout. The only ones harmed are the customers. Yet another instance where putting profit over everything is costing average people. We need more stakeholders in business, and less shareholders.
@DD-vp7fz
@DD-vp7fz 2 жыл бұрын
I doubt most security monitoring would detect or prevent a RCE 0day.
@Ronin99take-ur-time
@Ronin99take-ur-time 2 жыл бұрын
2:26, I was SHOOK, that it wasn’t skill share that made it possible..
@CEOdawg
@CEOdawg 2 жыл бұрын
As a D.C. native, I smiled when I saw the stock footage of my hometown in the video. Great work!!
@Eideric
@Eideric 2 жыл бұрын
Zero Days (which like this video take the stuxnet worm as its starting point) is a great documentary and a must-see for anyone wanting to dive deeper from this video.
@impermanence4300
@impermanence4300 2 жыл бұрын
As someone who's worked in industrial maintenance, Stuxnet is genius. Keeping the RPM consistant but speeding up and slowing down to cause further damage wouldn't be picked up on for weeks. Even when it was, the first option would've been to lubcricate everything and replace worn parts. It'd have been months before someone suggested watching the centrifuges to see if anything dodgy was going on.
@jk484
@jk484 2 жыл бұрын
Glad this video is back up after the fake copyright claim
@TrotterG
@TrotterG 2 жыл бұрын
2:18 "This new era [of cyberwarfare] was made possible, and perhaps more importantly, made profitable by-" I really thought that was gonna be the most unlikely ad transition I've ever heard.
@GNX22
@GNX22 2 жыл бұрын
Thanks
@josephgordon1269
@josephgordon1269 2 жыл бұрын
EVERY - SINGLE - VIDEO - GOLD
@RealHiipixel
@RealHiipixel 2 жыл бұрын
As someone big into technology, this was truely a gift given to us from Wendover Productions
@vintyprod
@vintyprod 2 жыл бұрын
Stuxnet is an engineering masterpiece.
@ernest3286
@ernest3286 2 жыл бұрын
So interesting! I only had a very rudimentary knowledge of how this whole thing works, and it's so cool to learn how it started and the sort of 'logistics' behind it.
@HaveanOreshnik
@HaveanOreshnik 2 жыл бұрын
i want to know, at the moment, i'm scared, a friend of a friend i know has been hanging out with this man part of a Cyberunit known for phishing, hacking, vulnerable information, possibly Sandworm
@virgilscipion
@virgilscipion 2 жыл бұрын
You did it : I subscribed to Nebula, I love it :)
@ytrew9717
@ytrew9717 2 жыл бұрын
Why is it called zero days? The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw - which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day.
@harter864
@harter864 2 жыл бұрын
You have a major error at 1:35. The correct statement is, "60% of all computers with Stuxnet were located in Iran", NOT "60% of all of Iran's computers were infected".
@RK-252
@RK-252 2 жыл бұрын
This. 👍
@kayinoue2497
@kayinoue2497 2 жыл бұрын
This is by far one of my favorite stories. Anyone who wants a more in depth dive, read "Countdown to Zero Day:," it's an incredible retelling and well researched record of the story of Stuxnet / Olympic Games
@MandoMonge
@MandoMonge 2 жыл бұрын
I’m really digging these Lemmino style documentaries Wendover is pushing out. Really good job guys!
@aashaytambi3268
@aashaytambi3268 2 жыл бұрын
And the video is back!
@JeremyPickett
@JeremyPickett 2 жыл бұрын
Stux was fun. Came from Utah, was propagated by a 'lost' usb thumb drive, exploited not only the zero days but also DMA capabilities of usb, so it could make the air gap jump. That's how it got onto the gapped control machines that ran Iran's centerfuges. And the payload was brilliant--make the uranium enrichment *unreliable*, not completely broken. Absolutely brilliant spycraft.
@SpencerGD
@SpencerGD 2 жыл бұрын
Wow, it is hard to believe the Shadow Brokers' leak was already five years ago! That was a big one. The ransomware campaigns that followed it were unprecedented in scale and simplicity.
@gave2haze
@gave2haze 2 жыл бұрын
I'm surprised he barely touched on it considering that the Shadow Brokers were an independent group who infiltrated the 'best' agency and not only leaked their tools but all the exploits they had paid millions for, in the days of utmost secrecy and govt v govt cyberwarfare
@Lvjy
@Lvjy 2 жыл бұрын
Its back!
@dragonhunter8807
@dragonhunter8807 2 жыл бұрын
what i would like to add is that Siemens PLCs have a pretty huge market share, especially in and around europe. Most other companies have special usecases, but what i have seen Siemens stuff is used often because a lot of people know how to use it, get a good price and know how to program it.
@eric7330
@eric7330 2 жыл бұрын
I went crazy for 3 days trying to find this video to show a friend. It was actually gone. I'm sane again
@fatimapina811
@fatimapina811 2 жыл бұрын
Your consistency and quality of content never disappoints ♥️
@bababababababa6124
@bababababababa6124 2 жыл бұрын
@@amiriteLMAO why are you subscribing to an obvious bot 😂
@Sp00n00n00n00
@Sp00n00n00n00 2 жыл бұрын
Stuxnet was signed with private keys that could only have been stolen by some very sophisticated hackers.
@arman4440
@arman4440 2 жыл бұрын
Walked into this video thinking "My country (Iran) has been in a cyberwar for years now, I wonder if this video will mention anything about it" and found out that at least one of my two computers is infected because of it.
@boozecruiser
@boozecruiser 2 жыл бұрын
Hmm, I /wonder/ who could be behind this
@kevinzhang9625
@kevinzhang9625 9 ай бұрын
I just want to point out that on the thumbnail the error: 57:45:4e:44:4f:56:45:52 says WENDOVER
@Windows__2000
@Windows__2000 2 жыл бұрын
I knew what this is about from the first 30 seconds of the video and still enjoyed it. Great job.
@mythofechelon
@mythofechelon 2 жыл бұрын
As a Senior Information Security Engineer, I was very intrigued to see what would be covered in this video. I'm pleased to report that it's largely very accurate, and I look forward to seeing more! If you want to know more about this topic / Stuxnet (and I mean almost mind-numbing levels of details), read or listen to Countdown to Zero Day. Other great cybersecurity books I've recently listened to are (1) Sandworm which is about Russia's terrifying cyberwarfare capabilities and attacks and (2) The Cuckoo's Egg which is the story of the first proper Incident Response and the methodology borne out of that. Practically the entire industry thought that the next major war would have a HEAVY cybersecurity element, but it's been (morbidly) interesting to see that seemingly no such thing has come of the Ukraine war yet. It seems that, in most cases, "cyberweapons" will be relegated to intelligence gathering and "under the radar" attacks.
@s_SoNick
@s_SoNick 2 жыл бұрын
From my (admittedly incredibly distant) perspective it looks like disinformation is the most visible weapon currently in use lately. On one hand that's a minor relief on the network side, but on the other it's really annoying seeing less discriminating contacts willfully spread easily-disproven nonsense. That's a whole can other can of worms though, and neither this video nor this comment are part of that problem.
@piggynatorcool668
@piggynatorcool668 2 жыл бұрын
There is a titanically large cyber war going on its just most people aren't involved.
@onemorechris
@onemorechris 2 жыл бұрын
the book is really good. it’s possible to follow even if you don’t know much about the subject. it does a great job of going into detail without getting complex technically.
@IhabFahmy
@IhabFahmy 2 жыл бұрын
... or cyber weapons will be carefully saved as the last resort... The "f¥¢k everything" move. Can't keep them locked up too long however because they can be rendered useless by a patch or unrelated update in the meantime. So, yes, doing duty as intelligence collectors while they wait is a likely use of their capabilities.
@grantwilliams630
@grantwilliams630 2 жыл бұрын
Hands down my favorite cyber security story ever. Love that the virus only targets a very specific centrifuge setup.
@6Glitch
@6Glitch 2 жыл бұрын
It’s interesting how US cyber warfare seems to be less active, but at the same time more advanced
@Bpinator
@Bpinator 2 жыл бұрын
Its still fairly active, every one of these "Anonymous" claimed hacks during the Russia-Ukraine crisis are most certainly US state sponsored.
@johnmackenzie3871
@johnmackenzie3871 2 жыл бұрын
You only get the impression that it's "less active" because the media doesn't talk about it. In reality China, Russia, Iran and many other countries have accused the US of cyber attacks countless times already. We've been seeing it recently with US state-hackers going after Russian IT infrastructure and the mainstream media attributing the attacks to "Anonymous" as a coverup, even though there's no "Anonymous" group in existence.
@duitk
@duitk 2 жыл бұрын
It's not less active, they just get caught less. American intelligence is very good, we only hear about their screw ups in the news, however we don't hear about their many successful operations. The war in Ukraine has proven that, the US knew when the Russians would invade, they have provided intelligence and cyber warfare capabilities to Ukraine and have been invaluable in halting Russia.
@mateuszzimon8216
@mateuszzimon8216 2 жыл бұрын
I can tell, most of cyber warfare national operation are outsourced.
@LeonCouch
@LeonCouch 2 жыл бұрын
I was already aware of this whole story, but I think you told it the best and have made it more relevant and understandable to most people. Very well done.
@Mr_3raqi
@Mr_3raqi 2 жыл бұрын
2:19 had PTSD there, thought he was going to say skillshare 😂😂😂
@sethapex9670
@sethapex9670 2 жыл бұрын
I have never understood how hackers in movies are able to break into secure systems with a few keystrokes.
@user2C47
@user2C47 2 жыл бұрын
If it's in a tactical situation, they likely use a script prepared beforehand that tells their worm to execute its payload.
@sethapex9670
@sethapex9670 2 жыл бұрын
@@user2C47 but they have to access the system in order to even get the worm inside.
@KeppyKep
@KeppyKep 2 жыл бұрын
...because it's a movie
@colinmartin9797
@colinmartin9797 2 жыл бұрын
It kinda terrifies me that my university labs have PC's still running windows XP. They're obviously not connected to the network at all, but imagine what one guy with a long cat5 cable and a few minutes could do to the whole university network.
@kkfoto
@kkfoto 2 жыл бұрын
I don't know the mechanism, but my university suffered a devastating cyber attack. All the systems shut down, and more than a month later, some of them are still down.
@flippdogg1474
@flippdogg1474 2 жыл бұрын
The problem is not that they are not willing to upgrade but rather that Software Companies are either to lazy or that the Software that they build are from the 80is or 90is. Everyone who has a little unterstanding how OS works knows what works on a Win10 does not mean it is going to work on older Versions. A good solution would be to switch those Softwares on Linux but I guess the American Lobby would have a small problem with that and on the other hand to convert the whole Software on a different Kernel and Operation System would take ages.
@MattBidewell
@MattBidewell 2 жыл бұрын
If you enjoyed this - Countdown to Zeroday: Stuxnet is an amazing book that dissects how the virus works and potential ways it was delivered.
@sarthakdeore1815
@sarthakdeore1815 2 жыл бұрын
Wendover Productions thanks for providing good quality informational content for free guys!
@baylinkdashyt
@baylinkdashyt 2 жыл бұрын
We need to be clear about the Colonial Pipeline attack. The attack didn't go anywhere *near* fuel and pipeline operations. It was a DP attack; it would have shjut down *the computers they used to bill customers*. *They shut down the pipeline*, lest they be unable to collect money for the prodcut moved.
@caljaysoc
@caljaysoc Жыл бұрын
This guy is so good at transitioning to ads I don’t even realize he’s doing it until he says the product/service.
@d.lawrencemiller5755
@d.lawrencemiller5755 2 жыл бұрын
3:30 maybe this is a bit philosophical and pedantic (a la "a tree falls down in the woods"), but I think your definition of zero day is a bit unusual. I don't think zero day means "all vulnerabilities that exist in a technology" it means "any vulnerability *which has been discovered* by a researcher." Since most people only learn of a zero day exploit once it has been used in an attack and researchers have noticed and named it, "zero day" has come to mean "new attack pattern that just made its debut." This better suits the etymological origin anyway. "It has been 0 days since [disastrous thing happened]."
@GoldenPantaloons
@GoldenPantaloons 2 жыл бұрын
More accurately it's "any vulnerability which is unknown to the developers" - the idea being that once the vulnerability is known, its value starts to diminish over time ('n'-day vulnerabilities). A 1-day vulnerability might still be missing an official patch, widely unknown, and as such invaluable in the right hands. A 7-day vulnerability's probably patched, worthless vs. security-conscious targets, but valuable for other uses. Depending on the software in question there could be a vast quantity of old installations runninng. A 500-day vulnerability is pretty much worthless. (Well... I say that, but if I recall correctly the ransomware attacks that devastated some public health systems a few years back were using ancient exploits... the hackers had made it on the cheap, and were just kinda shotgunning it around hoping to hit something. Turned out a bunch of hospitals still had their entire networks running Windows XP hahaha)
@charliereeve3850
@charliereeve3850 2 жыл бұрын
As a PLC programmer I can honestly say you should do many more videos on PLCs and other ICS devices ❤
@MrAmad3us
@MrAmad3us 2 жыл бұрын
I mean... People don't update their systems, especially industrial companies. You realistically don't need a zDay to infect those networks. Most network compromises come from people getting phished by obvious schemas 🤷
@alexanderherzog3064
@alexanderherzog3064 2 жыл бұрын
If you find any of this interesting I completely recommend the podcast Darknet Diaries, it has a whole sub series about stuxnet, as well as attacks such as notPetya and others. It's a very well produced show made by someone who is very very good at research and knows the industry in and out. Jack Rhysider is a beast
@PixelPanterIJ
@PixelPanterIJ 2 жыл бұрын
All your video’s are great, but this one was excellent 👌
@42thgamer80
@42thgamer80 2 жыл бұрын
I can really recommend the book Zero day. It's about stuxnet and really interesting. But I do think that cyberwarfare is a lot more diverse than this.
@dylan522p
@dylan522p 2 жыл бұрын
A lot of this is focused on Western and Russian cyber but you completely ignored the frets and depth of Chinese government sponsored cyber attacks for corporate espionage. The Iran incident did not open Pandora's box it was already happening.
@thunderbird1921
@thunderbird1921 2 жыл бұрын
How about the WannaCry cyber attack? Affected the entire world and was reportedly a massive cash grab operation by North Korea. Even Russia's government had their files hacked and encrypted.
@SF-zc3mm
@SF-zc3mm 2 жыл бұрын
Whether you think this is good or bad, it is still amazing.
@RomanBartocci
@RomanBartocci 2 жыл бұрын
dude! been a fan of your work since you began ... and this is one of your best (and im in IT/cyber) nice work!
@ahernandez50
@ahernandez50 2 жыл бұрын
On minute 11, I swear I got goose bumps. Great story, magnificently told. Great job guys!
@YTBK
@YTBK 2 жыл бұрын
To be fair, it was already "here" in 2011 - yes eleven years ago. But due to it being ignored and labeled as a "non-issue" (with victims i.e. companies/govs always denying they got hacked/whatever) it hardly received any publicity. It needed an actual war with a large nation for "Cyberwarfare" to finally receive some actual recognition.
@Fenriswaffle
@Fenriswaffle 2 жыл бұрын
I remember first hearing about Stuxnet in a podcast years ago and it was kind of the first time I questioned the ethics of a nation's government to inflict damage on another with that sheer lack of accountability. Of course since then read about tons of other incidents that reinforced that idea, so its stuck (no, no pun here) with me as a poignant example of this issue.
@mateuszzimon8216
@mateuszzimon8216 2 жыл бұрын
Harm on nation - Yes In safe way - Yes Not like operation orchid where they bomb shit out of not fueled reactors
@jonathanpfeffer3716
@jonathanpfeffer3716 2 жыл бұрын
What’s wrong with Stuxnet? An Iranian nuclear state is an absolutely nightmarish scenario.
@ahm4642
@ahm4642 Жыл бұрын
@@jonathanpfeffer3716 israel and US are not better then iran
@willmungas8964
@willmungas8964 2 жыл бұрын
A zero-day isn’t just a bug, it’s specifically an exploit that has yet been undiscovered (eg “it’s been zero days since our staff was made aware of etc”). This is usually a monumental discovery, because it means this exploit may have been around for a long time undetected, and none of the programmers have any idea how much damage has been done in that time. Not every bug is a zero day, because not every bug is an exploitable issue unknown to developers.
The Failed Logistics of Russia's Invasion of Ukraine
19:43
Wendover Productions
Рет қаралды 10 МЛН
How Cell Service Actually Works
18:56
Wendover Productions
Рет қаралды 3 МЛН
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН
coco在求救? #小丑 #天使 #shorts
00:29
好人小丑
Рет қаралды 120 МЛН
Electric Vehicles' Battery Problem
17:30
Wendover Productions
Рет қаралды 3,1 МЛН
Why Hacking is the Future of War
31:45
Johnny Harris
Рет қаралды 3,4 МЛН
How the Korean DMZ Works
21:52
Wendover Productions
Рет қаралды 1,6 МЛН
Where People Go When They Want to Hack You
34:40
Cybernews
Рет қаралды 2,3 МЛН
The Chinese Hack that Stole 22m People’s Data | Cyberwar
22:33
How Boeing Lost Its Way
23:19
Wendover Productions
Рет қаралды 2,2 МЛН
Samsung’s Dangerous Dominance over South Korea
21:06
Wendover Productions
Рет қаралды 6 МЛН
Why We Shouldn't Underestimate This Spy Network
26:31
Johnny Harris
Рет қаралды 3,6 МЛН
Saudi Arabia's Oil Problem
21:10
Wendover Productions
Рет қаралды 3,5 МЛН
The Sanction-Fueled Destruction of the Russian Aviation Industry
21:55
Wendover Productions
Рет қаралды 5 МЛН