Great video Ralph. I’ve gone back and rewatched your Ted Talk more than a few times, as it was so interesting to me I was blown away by it.
@FutureCommentary12 жыл бұрын
Here while reading 'This is how they tell me the world ends".
@mrhassell28 күн бұрын
Not with a bang, but a whimper. Great story! I enjoyed reading it, immensely.
@orlandostevenson721411 ай бұрын
Your work and prior talks, including one with NATO, led up to this enormous opportunity you landed and delivered on so well - even if it took some time for open source to connect the dots to confirm your assertions and, since then, gain additional big-picture perspective. The payload-related risk persists, as you point out, and the threat landscape continues to advance even with distracting theater, making sure the defensive capabilities starting with basics to address risk matters very much!
@mrhassell28 күн бұрын
Another great video! You're making quite a habit of this now. As always, enjoyed listening to your thoughts and discussion. In 2024, potentially being even more relevant today, the discussion of threat actors, having a more focused role with regard to software. DARPA and their current program, Translating All C to Rust (TRACTOR). It's all very interesting, how this all resolves back to a book, from the 20th Century by Bertrand Russell and Alfred Whitehead, originally in three volumes “Principia Mathematica”. Now more widely known as, “Principia Mathematica to '56”, by Alfred North Whitehead. Discussing the, “Theory of Types”. I think, it's pretty safe to say, this is no longer merely a “theory”. The existence and prevalence of vulnerabilities, exposed by lack of type safe languages, is enormous. Thanks to languages, such as Ruby, many threats, are now amplified, and have considerable room for expansion (the entire language, although very useful (especially rails), is by default, equal to being, an insecure Python module), type safety. So very simple! (yet, even people with multiple science degrees, still don't understand their value!).
@digilux40172 жыл бұрын
Thanks, Ralph
@Ucfahmad Жыл бұрын
I understand the feeling of worthwhileness for doing just a 10 minute talk - the topic certainly deserves much more than that to present. It may not have been clear back then, but stuxnet was a major event in history in both the areas of cybersecurity as well as warfare. Documenting and reporting on such things is important for the benefit of both present and future society.
@OTbase Жыл бұрын
well you can watch my enhanced 40 min version ("The Stuxnet story") on this very channel
@Ucfahmad Жыл бұрын
@@OTbase In fact I already did so right after typing that comment
@ericpa062 жыл бұрын
First of all great TED Talk, and great analysis video. As far as I understand your main takeaway after these 10 years is that is that the whole situation isn't as dangerous as you imagined it would be, that apparently hackers can't do THAT much harm as you considered? If I was able to understand your main point... Do you think that this will keep being the case in the future? Cause, more and more things are connected to the internet, and there is more and more microchips being put into everything and more and more devices running some sort of software. I mean, people talk about pilotless planes in the future. I see more and more opportunities for bad agents to do something horribly remotely as the time goes by. What if Stuxnet was just the beginning, and this would be child's play compared to the cyber attacks that will happen in the future or cyber attacks that could happen in the future...
@OTbase2 жыл бұрын
You captured my main point accurately. Anything can happen in the future, especially in 100 something years. But this possibility does not relate to what we have (or have not) seen during the last decade, and what is likely to happen within the next decade.
@threadtapwhisperer51362 жыл бұрын
Always a good thing to re-asses our past findings, no mattet the contexts. Let's dig in, learn me something!
@jimshorts03 жыл бұрын
Genuine question: How can we be sure that there wasn’t/isn’t a cyberwar but it’s very subtle / silent and the targets still don’t know what’s happening? It’s very possible that stuxnet may never have been discovered (and therefore most likely remained a covert operation and unknown publicly) if it wasn’t for the later, more aggressive, versions of it released.
@OTbase3 жыл бұрын
That's a matter of definition. In my opinion the Stuxnet campaign should be considered as cyber war because it's about attacking a designated military target.
@kestasjk2 жыл бұрын
If you cant notice a war it’s probably not much of a war
@josiahz212 жыл бұрын
@@kestasjk Not that it’s all doom and gloom, but didn’t notice the rats were carrying a bug until people started dropping like flies during the Black Plague. All that keeps nukes at bay is corrupt politicians promises on paper. Cyber security is no different imo. House of cards as they say.
@AdmV0rl0n3 жыл бұрын
I was working at an un named company in this timeframe. The company used siemens PLC, step 7 on engineer laptops, a not entirely distant thing (at least at first) from the basic story. Theatre automation moves very large objects around, and puts actors on cable - flying them. So, an automation platform going bezerk and running outside of safe coded workload could prospectively kill people. Ralph, and the researchers did enough work that it became clear it was a specific targetted attack. It did leak, but IMHO that was more the windows components that were party on that. I'm probably wrong here in suggesting (and how dare I!) that I am unsure that I agree with Ralph's current view. I don't think many people using the gear have fundamentally got better at the security around it. I don't think funding has been better. I question if in a general sense wether security and posture has got better. I would say that its harder to some degree to create the worm piece via the windows engineer laptop part of the puzzle. So there is that. But even there, as with in Florida, many municiple and governmental infrastructure pieces are really quite under funded, under manned, and under skilled. I am also unsure about the trolling part. In terms of Ukraine, that did not stop in Ukraine. It really walloped some orgs like Maersk. gvnshtn.com/maersk-me-notpetya/ So, do we have the hackers, the bunker kids and the troll artists. Yes. In this, Ralph is right. And in one way, PLCs are... kinda ... well, boring to a kid in the bedroom. But, I also take it this way. If Ralph really considered that he and his team could generate a 14 byte code release, and he (IMHO) rightly concluded not to release as this would lead to real consequences - then we should remain vigilent. And I say that because IMHO, the world cyber war did not cool off between the talk and now. I'd rather say that - if we look at the US in the last two weeks - in regard to Microsoft Exchange - that the cyber war now has larger 'armies', targets, and 'arguments'. If there was only one super power then, I'd argue it is at least contested/multi polar now. The Iranians, The terror cells, the Chinese, The Russians, The North Koreans, Criminals, Ransom ware creators - all of these forces are on the move, and seeking targets. That remains why I hold Mr Langer's original concern back at TED as a real thing, and as much as what we see is trolling, this doesn't equate to only trolling tomorrow... I do share his happiness that things did not get as ugly as was perhaps possible, and for that I will always be thankful. Thank you for your time as always Mr Langer. I sincerely appreciate it!
@anfo_42413 жыл бұрын
Hello Mr Langner, have you put these thoughts into a company report or paper please?
@OTbase3 жыл бұрын
No. That was just a spontaneous ramble.
@superola013 жыл бұрын
I don't get it; what would have been the use of the first version if it never was going to be used but just stayed hidden forever in the Natanz plant?
@OTbase3 жыл бұрын
The first version was used. And it stayed in the later code (though de-activated) because the attackers wanted the world to see it.
@kestasjk2 жыл бұрын
@@OTbase Do you think they definitely wanted the world to see? Wasn't there code references to compile locations etc, text that referenced the project name as some middle-eastern flower etc? It could just be sloppiness, maybe at some point it was using both payloads at the same time?
@kestasjk2 жыл бұрын
I'm not saying they minded the world seeing or were trying to hide it, if so they could have done better there, just not sure if they wanted it out there. Natanz was still operating at the time, they only closed it off after it was made public right?
@luka63412 жыл бұрын
Also verstehe ich das richtig: Stixnet hat nur die Uran Anreicherung in Natanz betroffen oder alle Anreicherungsstandorte in Iran?
@SogMosee2 жыл бұрын
So the US built the first version of stuxnet alone, then israel helped on the second version?
@OTbase2 жыл бұрын
Correct
@OTbase2 жыл бұрын
Another way to put it is: The US built the first version of Stuxnet, and Israel fucked it up in the second version. See my video "The Stuxnet Story".
@7eis2 жыл бұрын
Comment about sympathy for Ukraine didn't age all too well 😅
@imagingconcepts11 ай бұрын
I still find it hard to believe that Stuxnet was a first, if it truly was, that means that mankind created an extremely sophisticated product that worked perfectly right out of the box… it clearly must be Alien. ;)
@OTbase11 ай бұрын
It was well tested on Lybian centrifuges of the same model, and it didn't work perfectly...