Glad you enjoyed it!

It's all but been directly admitted by our security community because there clearance won't allow them to admit it publicly, though a lot of people involved or that over seen it basically admitted too it years ago. Even Obama got shocked on stage an said he couldn't speak about it when he was asked, notice he didn't say they weren't involved lol so he didn't lie, just that he could speak about it. On top of the fact that only governments would want to do this, any financially motivated group would have no interest in attacking Iran or investing the money to reverse the Siemens hardware, there was little to no research on this hardware back when stuxnet was used unlike now where there is much more public analysis and research of these products available online.

Yes. We point to this as an example of a great S4 Stage 2: Technical Deep Dive session for new Stage 2 speakers. Lots of technical meat that drives to a point. It has had over 50K views on KZbin, and for the first five years was on Vimeo. BTW, 60 Minutes came down to film footage of Ralph giving this session.

Engineers got killed, reprimanded by management, fired and whatnot. Stuxnet had a huge impact on, not just machinery, but peoples lives.

Maybe some Iranians... ;-)

Maybe Mossad doesn't like you exposing their work

Mossad, NSA, or Langner competitors.

*** Eric Chien from Symantec

Check out the book "Countdown to Zeroday"

Not an inside job, but espionage. This is what the CIA does.... get info like this.

Dutch secret service was involved aswel. Apparantly the physical usb insertation was done by an AIVD mole.

The NSA can get inside practically anywhere in the world remotely. They had full access to the software on the system, the cctv, the whole network including the personal devices of many who worked there- thanks to Mossad for providing info & identities on those individuals. How intelligent and creative the NSA is… is just mind blowing- couple that with virtually unlimited funding.

Siemens was involved, they even build a functional sandbox cascade to recreate the real world conditions of the target, as Ralph says, even with the UF6

Langner's definitive work on Stuxnet is "To Kill A Centrifuge" www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf

S4 Events thanks!

Felix was ill and sent hadez in his place. We are putting up two talks a week, so sometime in the next few weeks.

I know

did they punish you for being a human too

Couple follow-ups from the q and a. I'm assuming old-mate at 55:10 ish is referring to what I mentioned above. I agree with the host here, I have never come across a situation where writing to the input tables is required *in production*. And for my example above, I have to doubt there is a solution the vendor could implement to allow us engineers for our sim purposes. I will disagree with the host about the authors of Stuxnet having an exact physical replica. Again, machines operate in predictable ways, which allows us to write sim code. If you see a run signal, put in some small delay, then reflect it back to the running input. The run speed feedback can ramp to the run speed setpoint according to some ramping rules. How machines and processes interact is more complicated, but I'm sure someone with a strong understanding of how a centrifuge cascade works could predict how the target plant would respond. Having a physical reproduction certainly wouldn't hurt though :)

I'm sorry about that. We did not record it that way back in 2012, so this is the best quality we have. Back then it was 60 people in a small room with a single, simple camera. Now the Main Stage is a 4 camera shoot with a lot more emphasis on staging and other elements for the video. I too regret we don't have a higher quality video. So of your two choices, carelessness back during the recording is the answer.

@@S4EventsI was so disappointed 5 days ago, i hope we had tech to upgrade the video atleast to 480p. But I do understand your response. Thanks for the reply.

Why would it be arrogance you mug

@Eduardo Souza whats that?

I thought it was largely written in C (with some assembly bit-fiddling)? Surely it would be almost impossible to keep track of a program this large writing just in an assembly language. Edit: Just seen the part about the C-style pseudo code. This is probably what I've seen before so I assumed it was mostly C code.

@Eduardo Souza no it was written in c and c++

@@moose43h The language is called SCL or Structured Text(ST). It is a PASCAL based language that's used for programming Programmable Logic Controllers

Folks, the high level code samples are translations from SCL to a C-like language in order to understand how the code is structured and what they intend to achieve. Those snippets were created manually and usually required a couple of days of work per SCL module (or function block/FB in Siemens parlance).

How tf are these tools not professional?

@@josefaschwanden1502 I know right? I don't know why the speaker would imply that a tool is not professional because it is open source. BTW, I hope they upstreamed their enhancements with a pull request. Otherwise, a very dick move.

@@elimgarak3597 he didnt imply that open source means bad quality, but that this specific open source project was. Atleast thats how i understood it.

He never implied that open source means bad quality. He's referring to the open source decompiler that he used to decompile StuxNet. Professional anti virus companies use commercial tools like IDA Pro to decompile executables.

@@urnan7499 "we had to make a couple of enhancements BECAUSE it is open source and not really professionally mantained". Ofc he is implying open source means bad quality, that is clear as water.