Tap to unmute

How Cyberwarfare Actually Works

  • Published on Apr 18, 2022
  • Sign up for the Nebula/CuriosityStream bundle deal for only $14.79 a year here: CuriosityStream.com/Wendover
    If you'd like to learn more about this topic, "This Is How They Tell Me the World Ends" by Nicole Perlroth provides an excellent in-depth look at the Cyberweapons arms race: www.amazon.com/This-They-Tell...
    Watch Extremities at ru-clip.com/user/extremities
    Buy a Wendover Productions t-shirt: standard.tv/collections/wendo...
    Subscribe to Half as Interesting (The other channel from Wendover Productions): ru-clip.com/user/halfasinteres...
    RU-clip: www.RU-clip.com/WendoverProduc...
    Instagram: sam.from.wendover
    Twitter: WendoverPro
    Sponsorship Enquiries: wendover@standard.tv
    Other emails: sam@wendover.productions
    Reddit: Reddit.com/r/WendoverProductions
    Writing by Sam Denby and Tristan Purdy
    Editing by Alexander Williard
    Animation led by Josh Sherrington
    Sound by Graham Haerther
    Thumbnail by Simon Buckmaster
    [1] This is How They Tell Me the World Ends - Nicole Perlroth
    [2] Countdown to Zero Day - Kim Zetter
    [3] www.iaea.org/sites/default/fi...
    [4] courses.cs.duke.edu/spring20/...
    [5] arstechnica.com/information-t...
    [6] verveindustrial.com/resources...
    [7] mwi.usma.edu/stuxnet-digital-...
    Select footage courtesy Getty and AP; Select imagery courtesy Geolayers; Select music courtesy Epidemic sound

Comments • 2 060

  • Ahmed W
    Ahmed W 7 months ago +10184

    But the real question is: How would this affect airline logistics?

    • Shawn Peters
      Shawn Peters 51 minute ago

      Yeah. Imagine airlines having problems with flights getting in and out on time. Or flights getting cancelled for no reason. That would be crazy...

    • TyLeeGAMEZ
      TyLeeGAMEZ 18 days ago

      A1nt n0 w4yy !! H3llz n4hhhhhhh

    • Daniel inokoba
      Daniel inokoba 26 days ago


    • just something
      just something 29 days ago

      Good question

    • gh0st
      gh0st Month ago

      9/11 was done by remote crash of plane into the towers. Watch 1st episode of Lone Gunmen which aired in march 2001.

  • Bert Torpson
    Bert Torpson 7 months ago +6123

    "This new era was made possible" my brain finished the sentence "with skillshare" you've ruined me

    • Godfrey Goney
      Godfrey Goney 13 days ago

      This new era was made possible by, In God we Trust

    • D Marshall
      D Marshall 27 days ago

      Same hahahaha

    • Björn Lindgren
      Björn Lindgren Month ago

      For me it was "with nordvpn"

    • Amethyst
      Amethyst 5 months ago


    • flubnub
      flubnub 7 months ago +2

      I hate that advertising works this well on some people.

  • Misir
    Misir 7 months ago +1676

    Correction: zero day is a case when discovered vulnerability haven't been fixed yet. Not all software bugs are zero day. Only the ones that's discovered and used before software manufacturer produced a patch to fix it.

    • plsdont
      plsdont Month ago

      No its called zero day exploit because its found and than the clock starts ticking for antovirus providers and manufactures. Its not zero day anymore when the is a path its not zero day anymore when...well actually as soon as the new spreads even to a small circle of insiders, its not 0 day anymore.

    • NotGad
      NotGad 2 months ago

      @ツNekko i

    • SorryImCanadian
      SorryImCanadian 3 months ago +2

      @Navyseal168 They do! In fact, there are numerous cases of the US government forcing companies to include backdoors in their programs so they could access everything without even having to hack in! This is also undoubtedly the case in more authoritarian countries as well.

    • Navyseal168
      Navyseal168 6 months ago

      Since most software manufacturers are US companies, why don't they US government ask the developers how to ruin it

    • Bane
      Bane 6 months ago +2

      @Freedom Of Speech No thanks, but thanks for showing how bad your argument is. Who knows, maybe engineers will be able to make error-free objects sometime within your lifetime.
      Spoiler alert: They won't. :^)

  • Adam Emond
    Adam Emond 7 months ago +3374

    Nothing like an existential crisis on a Tuesday's lunch break!

    • Chetan Bhasin
      Chetan Bhasin 6 months ago

      Two weeks later, and I'm watching this on a Tuesday lunch break. XD

    • Spencer Lukay
      Spencer Lukay 6 months ago

      It’s been a couple years of constant existential crisis. Fight or flight is the new baseline for a normal average relaxing day.

    • ixiiss
      ixiiss 7 months ago

      As a penetration tester - I live in fear

    • Mo n
      Mo n 7 months ago

      Or wed in the middle of the night

    • Stryfe72
      Stryfe72 7 months ago +1

      Wednesday my dudes…

  • Oliver
    Oliver 7 months ago +12236

    Sam : “This new era was made possible”
    Me : “by skillshare, an online learnin…”
    Sam : “by one single concept.”
    Me : Oh

  • Chrome 11
    Chrome 11 7 months ago +1943

    3:29 For anyone interested: this is only partially true. A zero day IS a bug, but not every bug is a 0-day. A 0-day is a bug that the vendor of the product in question has known about since 0 days (so: they don’t know about it while it is already being exploited/found by someone else)

    • plsdont
      plsdont Month ago

      ist also called ZERO DAY EXPLOIT...emphasis on EXPLOIT. When the undiscovered bug causes one pixel to be off in color no one cares its only getting interesting when the bug can be used for an exploit

    • PBMS123
      PBMS123 Month ago

      More easily "a bug not known by the developer"

    • Patrick Conrad
      Patrick Conrad 2 months ago

      Thank you. The most common exploits stem from companies not updating known security vulnerabilities. Probably because hackers also know about them and can look for companies that havent fixed them. But that's what is scary about zero day. They are unknown and can thus possibly be exploited while the hackers remain undetected till the vulnerability is discovered, and even then who knows what they could have done. Become an ethical hacker and make some stacks for real

    • Lyks Zyxer
      Lyks Zyxer 4 months ago

      Honestly that whole segment of the video is ridiculous and totally missing the point from a technical point of view. The next thing that's mentioned is encryption which serves a totally unrelated security goal. Of course both can lead to data being stolen but that just comes with a compromised system. Encryption doesn't really make a difference when someone has physical access to a system that's powered on. And it doesn't really make a difference for sabotage.

    • dzerkle
      dzerkle 4 months ago +1

      Ok, I shall give you all an actual precise, accurate definition: A zero-day is an exploitable vulnerability in software for which there is no current patch (update with a fix) at the current time. That’s it.
      The origin of the terminology is a bit fuzzy, but it refers to time in relation to when the patch came out. A common interpretation is that IT departments would get a vulnerability patch announcement and give themselves a certain number of days to apply it everywhere. It can also refer to the number of days since the patch was released. This is tracked because having old, unfixed vulnerabilities on your systems is terrible; the hackers have had a long time to weaponize the vulnerability.
      So, a zero-day vulnerability is one where the number of days doesn’t exist, because there is no patch yet.
      It is not always due to a bug. In fact, it usually is not.
      It is not always secret. If a vulnerability is announced but not fixed yet, it is still a zero-day. This always sets off a race amongst the software vendor and the hackers.
      It is not always exploited. Sometimes, a zero-day will be announced without a patch, but the hackers aren’t able to use it before it is fixed.
      It does not always allow code execution, although those are usually the worst.
      Even if it does allow code execution, it is not always remote code execution.
      It sometimes but does not always require (victim) user interaction. The ones that do not are called zero-click. Zero-click remote code execution vulnerabilities are called “wormable”.
      So, the very worst vulnerabilities are zero-day zero-click remote code execution. Governments use these to plant spyware on your phone. Stuxnet used these. They are nightmares because there is no good way to defend against them. They’re also worth around a million dollars each to the right buyers.

  • Isaac Roberts
    Isaac Roberts 7 months ago +870

    The lesson is listen to your programmers when they tell you they need more time. ESPECIALLY if you work on something critical.

    • Rafee Ali
      Rafee Ali Month ago

      @Simon Burgess ac id say to have 1 version down of the most recent software unless specifically told not to do so. This is because a developer might of missed a bug that hasn't been accounted for in the newer version of software which may not reveal itself until clients begin using it.

    • grantcivyt
      grantcivyt 2 months ago +2

      Every employer deals with slackers. Not everyone who asks for more time is thinking about careful security. Sometimes they're just slacking off.

    • AnEnderNon
      AnEnderNon 5 months ago

      @flubnub lol log4j moment

    • AnEnderNon
      AnEnderNon 5 months ago +1

      @Serveck nah it wasnt nocom lmao all that did was find location of players ingame

    • Donovaan
      Donovaan 6 months ago +1

      @Simon Burgess
      I always wait a few weeks before updating so they can find and fix the bugs of the new software.

  • TheLouisianan
    TheLouisianan 7 months ago +46

    FYI, the reason those centrifuges are so fickle ( said around 9:47) is because of the precise balancing and precision you need on the bearings to separate Uranium 235 from 238. They need an air layer in the bearings (because mechanical bearings with an oil layer can't go to high enough RPM and aren't precise enough) I.E. gas or magnetic bearings to work correctly which need final tuning to make the system run correctly. It would be incredibly easy to just change 1 or 2 parameters that would make a mag bearing system rotate out of orbit and they can literally tear themselves apart if you wanted it to. Stuxnet running at bad RPM ranges likely caused the motors and bearing stators to run at bad efficiency (creating a lot more heat) which can "cook" your mag bearings, motor, and stator by basically annealing the laminar sheets of steel and changes their characteristics (which also removes their magnetism and makes them run horribly). This would likely do this to the motor stator and rotors as well.

  • mikvance
    mikvance 7 months ago +636

    Wendover: "No one has officially accepted responsibility for creating Stuxnet."
    US & Israel: (holding back giggles)

    • Dexie The Sheep
      Dexie The Sheep Month ago +2

      They did a little bit of trolling

    • James Harding
      James Harding Month ago

      @bananian The typical “basement hacker” does not exist. In the real world, computer science professionals are no different than any other white-collar professional.

    • Pierre Villemaire-Brooks
      Pierre Villemaire-Brooks Month ago +4


    • Hawoo Awooo
      Hawoo Awooo 2 months ago

      As a rule of thumb, if anything suspicious happens in Iran it was probably Israel and/or the US that was the culprit

    • Tal Baskin
      Tal Baskin 2 months ago +9

      @Carlos Leon It was the US and Israel's Mossad with collaboration with multiple Cyber-offensive Military units we have, one of them is Unit 8200, we actually get taught about Stuxnet in schools in Israel which I'd say is cool.

  • zancloufer
    zancloufer 7 months ago +391

    A few years ago when they started making fridges, stoves and other "smart" appliances I half joked that hooking your toaster doesn't do much more than making is possible for someone to burn you house down remotely.
    Not sure if it's a good thing that I was right. Internet connection for 90% of devices is useless and pretty much just an extra thing to go wrong and a vulnerability.

    • Drew Ramadan
      Drew Ramadan Month ago

      Yeah and make for a good entry point to your network to dig further into it

    • ChocolateMilkMage
      ChocolateMilkMage Month ago +1

      @l1mbo Any electrical device can cause a fire.

    • zfqhdjgyb
      zfqhdjgyb Month ago +1

      in the short term yea sure, some home appliances doing some minor extra things for u arent worth much. It may seem just like a bit of luxury for the cost of exposing urself to security risks, but in the long term maybe not. a bunch of minor things saving you a tiny bit of time all added up in ur lifetime x the population of a country can amount to a lot of time that could be used for competitive edge. a major reason why certain civilizations evolved to be more advanced (for example, european ones vs native americans) can be attributed to the extra time people had after taking care of their necessities such as food. there are a lot of advanced civilizations that arose from parts of the world where farming is efficient vs not so much in jungles or deserts.

    • Alex Karasev
      Alex Karasev 2 months ago +4

      Useless? Ask California residents with (as in, "owning" "their") smart thermostats during this last heat wave, and how much luck they'd had lowering the temp.
      100% connected homes are very useful - no question. The only question is, useful to whom? Not to the cattle in those pens, certainly. It'll soon be as hard to find a device only you control as a street payphone where you can drop a quarter and make an anonymous phone call.

    • Hovant
      Hovant 4 months ago +2

      Exactly, those with any awareness of cybersecurity are mortified by the Internet of Things

  • Cameron Bulanda
    Cameron Bulanda 7 months ago +311

    As an information security professional I’m ecstatic that cyber has entered the public consciousness, thank you for this video

    • DR-54
      DR-54 6 months ago

      @Comrade20 like i said it's like sending a photo of a kid who robbed a gas station station talking about a treasury being siphoned

    • Comrade20
      Comrade20 6 months ago

      @DR-54 I got a picture of them one time in a video call he looked really familiar

    • DR-54
      DR-54 6 months ago

      @Comrade20 there's a shit ton of hacking groups with their own names think like petty youth gangs that shoplift and pickpocket people or break into cars, the difference between them and a nation state hacking group is identical to the difference of those petty gangbangers and the most powerful cartels

    • bullpup1337
      bullpup1337 7 months ago +1

      @Plentus Have you ever heard of the term cyberpunk? Yes, that is from 1980.

    • Josh
      Josh 7 months ago +1

      as a bullshit detector professional i call bullshit

  • 17th Shard
    17th Shard 7 months ago +146

    When it comes to cyberwarfare, every nation with sense operates on a policy of 'Those in the know aren't talking, and only those who are not in the know are talking.' I once chatted with one of their ex-security guys and apparently Fort Meade is so insanely paranoid when it comes to security, they immediately began renovations on their headquarters when some college discovered a way to get wireless data through the massive Faraday cage already cladding those buildings. These are the same guys that encase every wire coming into Fort Meade inside sensor-lined concrete.

    • Pinkfluffyant
      Pinkfluffyant Month ago

      Interesting! I take it you're a brandon sanderson fan?

  • FNP Student
    FNP Student 7 months ago +215

    i’ve been a part of the cyber security industry for over a decade, it’s crazy to see how much it’s changed!

    • autohmae
      autohmae 7 months ago +15

      What nobody talks about is how, probably Israel, killed some of the engineers from the nuclear plant who were trying to clean it up where killed on the streets in the city.
      And how the security expert from Microsoft had an unfortunate accident before his big talk about Stuxnet at a security conference. Probably that last one was purely an accident and coincidence. But the dead Iranians clearly aren't. It does indicate that working in IT Operations and Security has become a more dangerous job than it used to be. And as XKCD 538 indicates the weakest link at some point might end up being us.

    • Bart Van Leeuwen
      Bart Van Leeuwen 7 months ago +5

      What surprises me at times is how long it really took for those things to happen. I agree that something like stuxnet happening was huge, but first of all because it became public, and people started to think about it, and take some things people in the security industry have been saying for a long time now, a lot more serious.
      But.. imo, this being possible wasn't news, and shouldn't have been news for decades now.

    • FNP Student
      FNP Student 7 months ago +26

      also I am impressed by how well you explained stuxnet. For a guy who is likely not a computer scientist or a security engineer, it was a near perfect presentation. My hat is off to you!

  • Phil Sephton
    Phil Sephton 7 months ago +216

    The best way I've found to fully understand Stuxnet was listening to the Darknet Diaries podcast. It goes into a lot more detail and shows how amazing the whole Stuxnet operation was

    • Phil Sephton
      Phil Sephton 5 months ago +1

      @Danger Ranger Dan he's literally uploaded the podcast episode onto RU-clip in the last couple of days! Search for Jack Rhysider and it'll be his most recent upload, it's a great story 👍🏻

    • Danger Ranger Dan
      Danger Ranger Dan 5 months ago +1

      thanks for the recommendation I'll look it up!

    • TheMaxus
      TheMaxus 7 months ago +1

      I really like the analysis of Stuxnet called "To kill a centrifuge" by Ralph Langner as it explains lots of technical details about Stuxnet and centrifuges in question. Also the virus portrayed in this video is actually a second less sneaky version of Stuxnet, the first one was much more sneaky and destructive, but much less exciting as it had no 0-days nor any way to spread via local network.

    • Phil Sephton
      Phil Sephton 7 months ago +9

      @Daniel Hess there's definitely hacks going on right now that are way crazier than Stuxnet, but they're that good we don't know about them yet, because the victim doesn't even know about them 👀

    • Daniel Hess
      Daniel Hess 7 months ago +7

      Stuxnet’s dev artifacts date it to at least 2005. Imagine how potent current-gen cyber weapons are, *17 years* later…

  • Steam & Tech
    Steam & Tech 7 months ago +91

    As someone who works with PLCs its nice to see them actually mentioned. I wasn't aware that Stuxnet hit the PLC's themselves I thought it crippled the SCADA system. I guess that shows how PLC's tend slide into the background in the media. The only comment is you used a modern Logo PLC (more akin to home automation or tiny single function machine) instead of the S7-300 more akin to massive machines and entire factories.

    • Mwaniki Mwaniki
      Mwaniki Mwaniki 2 months ago +1

      @Chris Kelly True. PLC would probably be the last thing you think of in such an instance

    • Chris Kelly
      Chris Kelly 4 months ago

      the people who discovered Stuxnet didn’t know what device it was looking for when they were reading the code. i guess a PLC for nuclear centrifuge is pretty obscure hehe. i think they ended up buying one to test for real to make sure they had the right thing

    • Will Wallace
      Will Wallace 7 months ago +1

      @Steam & Tech controllogix can have passwords but they’re use is frowned upon unless it’s a safety program or pharma.

    • Steam & Tech
      Steam & Tech 7 months ago +3

      @Preston Siegfried Yeah I'm haven't seen any passwords on AB plcs either. I know siemens have added them now.

    • Preston Siegfried
      Preston Siegfried 7 months ago +3

      Yeah, controllogix 5000 don't have any credential requirements (or even an option to set any as far as I've seen), just need the ip and you can mess some thing up badly

  • JameZ
    JameZ 7 months ago +110

    I learnt about day-zero exploits in my cyber security course. They are dangerous. And it is interesting to see them being used in this Ukrainian-russian war. Both Ukraine and Russia have been victim of these exploits because of the war.

    • John Smith
      John Smith Month ago +1

      They aren't inherently dangerous. They are either dangerous or completely harmless. It just refers to any undisclosed security exploit, bug or issue.

    • ThanosCube85
      ThanosCube85 2 months ago

      @Prodigity I was strolling through Beer Sheba when an air raid took place, the sky opened up, a rocket barreling towards the Earth, yet a thousand more attacked it like a swarm of ants. Israel is infact, very cool.

    • John Smith
      John Smith 3 months ago

      wow you must've been really smart to repeat these basic facts, what a useful comment.

    • Misha M
      Misha M 6 months ago

      @Prodigity they are making bank selling to both sides

    • Prodigity
      Prodigity 7 months ago +1

      Israel is so badass ngl

  • konstagold
    konstagold 7 months ago +108

    This representation is somewhat inaccurate: Exploits, big and small are found all the time and are patched all the time. They're not nukes, you can't just sit on one for years because it may either get discovered and patched or rendered pointless by some other update or just a new software/OS/etc. They're also typically already out and about (ex: Meltdown) and, if big enough, get a ton of attention and very fast reaction to it. The log4j fix is an example of this. That doesn't mean they can't do a ton of damage, it's just that more often they're just happening all the time, and the vulnerabilities are just getting patched all the time. Organizations that are bad at security and keeping up with this, government or otherwise, are obviously the easiest targets.

    • konstagold
      konstagold 7 months ago +7

      @Sovrim Terraquian true, though that bug was exploited primarily cause the patch sucked and people weren't updating their unix servers. I guess the point I'm making is banking for a long time on no one discovering the discovery that you bought and hired a team of people to implement maliciously sounds like a stupid idea. It's like finding a $100 bill on a crowded street. You better hope no one else saw it. But as I said, I concede that sometimes exploits exist for literal decades, so a fair example for sure.

    • Sovrim Terraquian
      Sovrim Terraquian 7 months ago +26

      As a counterexample, the Shellshock bug had existed since 1989 and wasn't identified until 2014. It is certainly conceivable that, even in the absence of conspiracy theories about government/corporate partnerships, a devastating bug could go unnoticed for decades.

  • ゴゴゴFeelsHowdyゴゴゴ

    For anyone wondering: the reason for the name "zero day" is that before you release your software, you're supposed to debug it, and for every bug you find, you have X days until the release date to fix it. But if you discover a previously unknown bug in an already-released software, the devs have "zero days" to fix it because it should have been fixed before the software released.

    • paenutz
      paenutz 29 days ago

      i was always told 0-day was because the devs have known about the exploit for 0 days
      after 24 hours have passed, it's no longer a 0-day

  • Eric Diaz
    Eric Diaz 7 months ago +166

    I'm a programmer and a hobby hacker. I expected some flaws since no one can make accurate cyber security videos. However, you did a really good job. Thoroughly enjoyed this one, thanks!

    • Jake From Statefarm
      Jake From Statefarm Month ago

      Have you seen the documentary Zero Days?

    • Kraken147
      Kraken147 Month ago +1

      @Eric Diaz teach me master

    • Vez
      Vez Month ago

      @Jake Stavinsky They hack Hobby Lobby, an American arts and crafts company, presumably in order to take crayons from your children.

    • RamenDutchman
      RamenDutchman 6 months ago +12

      Not really, a lot of the info in this video is half-true, and he doesn't seem to know what a lot of the terms (such as zero-day and remote execution) mean

    • master shooter64
      master shooter64 6 months ago +8

      @Jake Stavinsky Their hobby is hacking and learning about hacking

  • ronan
    ronan 7 months ago +19

    As someone who works in cybersecurity, I can say this was a brilliant video for bringing awareness to the massive concerns that nations, companies and, individuals face in this regard.

  • Fenris Waffles
    Fenris Waffles 7 months ago +22

    I remember first hearing about Stuxnet in a podcast years ago and it was kind of the first time I questioned the ethics of a nation's government to inflict damage on another with that sheer lack of accountability. Of course since then read about tons of other incidents that reinforced that idea, so its stuck (no, no pun here) with me as a poignant example of this issue.

    • Jonathan Pfeffer
      Jonathan Pfeffer Month ago +1

      What’s wrong with Stuxnet? An Iranian nuclear state is an absolutely nightmarish scenario.

    • Mateusz Zimon
      Mateusz Zimon 2 months ago

      Harm on nation - Yes
      In safe way - Yes
      Not like operation orchid where they bomb shit out of not fueled reactors

  • MythOfEchelon
    MythOfEchelon 7 months ago +26

    As a Senior Information Security Engineer, I was very intrigued to see what would be covered in this video.
    I'm pleased to report that it's largely very accurate, and I look forward to seeing more!
    If you want to know more about this topic / Stuxnet (and I mean almost mind-numbing levels of details), read or listen to Countdown to Zero Day. Other great cybersecurity books I've recently listened to are (1) Sandworm which is about Russia's terrifying cyberwarfare capabilities and attacks and (2) The Cuckoo's Egg which is the story of the first proper Incident Response and the methodology borne out of that.
    Practically the entire industry thought that the next major war would have a HEAVY cybersecurity element, but it's been (morbidly) interesting to see that seemingly no such thing has come of the Ukraine war yet. It seems that, in most cases, "cyberweapons" will be relegated to intelligence gathering and "under the radar" attacks.

    • Chris Kelly
      Chris Kelly 4 months ago

      the book is really good. it’s possible to follow even if you don’t know much about the subject. it does a great job of going into detail without getting complex technically.

    • Piggynator Cool
      Piggynator Cool 6 months ago

      There is a titanically large cyber war going on its just most people aren't involved.

    • SoNick
      SoNick 7 months ago +8

      From my (admittedly incredibly distant) perspective it looks like disinformation is the most visible weapon currently in use lately.
      On one hand that's a minor relief on the network side, but on the other it's really annoying seeing less discriminating contacts willfully spread easily-disproven nonsense. That's a whole can other can of worms though, and neither this video nor this comment are part of that problem.

  • Michael Atwell
    Michael Atwell 7 months ago +34

    The book referenced, "This is How They Tell Me The World Ends", is an amazing deep dive into this subject, and the beginning and ending sections dealing with the author's time in Ukraine were disturbingly prescient.

  • Alexei Smirnoff
    Alexei Smirnoff 7 months ago +123

    "This new era was made possible and perhaps more importantly profitable"
    I have absolutely no idea why, but I was genuinely expecting (for just a second) that he was going to say "By this channels sponsor, Wix"
    I know the sponsor is not wix, and I have no idea why that popped into my head, but it did.

    • Gregory Vasilyev
      Gregory Vasilyev Month ago

      It is mind conditioning

    • Yurricane
      Yurricane 6 months ago

      For me it was "Raid shadow legends"

    • queenisobeal
      queenisobeal 7 months ago

      Lolol, same

    • User 2C47
      User 2C47 7 months ago +4

      For me it was both Squarespace and Cloudflare, simultaneously.

    • Zaper
      Zaper 7 months ago

      Wix was actually founded by ex 8200 soldiers funnily enough.

  • David Wiggins
    David Wiggins 5 months ago +4

    I remember watching more information about this unfold while in IT class.
    It's amazing how simple payload concept was. Security Now podcast was a stream of weekly updates for a while there.
    This video is an excellent piece of coverage pulling it all together.

  • Christian
    Christian 7 months ago +2490

    Stuxnet was a beautifully designed and engineered virus. The story behind it is fascinating and I encourage everyone to read up about it. Not to discount Sam's video. He does a great job.

    • Christos Kili
      Christos Kili Month ago

      Read it from where?

    • plsdont
      plsdont Month ago

      does he? whos the f uses "zero days" as an expression

    • RUGBYBOY99
      RUGBYBOY99 2 months ago +1

      @Chris Kelly Accurate, though considering the wests involvement in the affair and that the US/Israel could shutdown infrastructure ~15 years ago. Maybe there's aliens fighting on the warfront, who knows

    • Chris Kelly
      Chris Kelly 2 months ago

      @RUGBYBOY99 it would be interesting to know if there has been much going on. Ukraine wouldn’t be able to fund something as complex as Stuxnet and i’m not convinced Russia has the skill

    • RUGBYBOY99
      RUGBYBOY99 2 months ago

      I wonder what stories we will hear in the future in regards to the Ukraine/Russia war.

  • Heads Full Of Eyeballs
    Heads Full Of Eyeballs 7 months ago +69

    18:45 I'm no expert, but I'm _almost_ certain that a lot of people around the world already have experience with wars that they can't simply ignore by turning off the TV.

    • ShihammeDarc
      ShihammeDarc 4 months ago

      @Merennulli calling people you disagree with trolls is just the kind of funny I needed on a Thursday
      And about the emissions, I am not disagreeing with you I just wrote that based on your 6% figure and you mentioning no spike and I can't be bothered to check for myself. As for the other points I'll completely disagree with you but since you're not replying I guess we'll never know why. Thank you for your time.

    • LadyKraken
      LadyKraken 4 months ago

      @ShihammeDarc LMAO look at this clown

    • Merennulli
      Merennulli 4 months ago

      @ShihammeDarc I know you're trolling because this is an absolute horseshit reply and too obvious for you to not have realized it when you posted, but I'll bite:
      - Greenhouse emissions ENORMOUSLY spike when militaries actually go to war. Production increases to replace things destroyed, vehicles burn fuel FAR faster because they're being actually used rather than just periodic drills, equipment is transported all over the planet to deploy, oh and THEY ARE LITERALLY BURNING CITIES AND FIELDS. A few people skipping vacation this summer isn't going to offset a fraction of that. Even with the 2020 lockdowns worldwide and nearly all of us not traveling, CO2 emissions only dropped 5.4%. With everything going on right now, CO2 emissions from gas powered vehicles have dropped by only 1%. So 0.21% of total CO2 emissions.
      - If you actually thought your taxes don't benefit you, you would have to have no concept of how your society works. And I already mentioned the case for if your country isn't one that participates in other people's wars.
      - The impact of Ukrainian exports being stopped hasn't been felt yet. Their harvest season is coming soon. If the current negotiations don't pan out, you WILL be affected wherever you are because your food supply will be competed for by countries like Egypt who just lost theirs. Even if the negotiations are successful, a lot of fields were burned so you will still see an impact.
      - We have had fewer and more constrained wars since adopting this gamesmanship of sanctioning each other and supplying smaller countries rather than going to war directly. And even those proxy wars have fallen out of vogue in recent decades. Your argument is the geopolitical equivalent of claiming "We've always used bloodletting without antiseptic, so it'll never change."
      Saying you don't care after saying you give condolences to them is directly self-contradicting.
      1. It is. See above.
      2. You can. See above.
      3. That's called sociopathy.
      This is all the troll feeding you get. I'm not going to reply to you further since you made it so obvious you were just trolling.

    • ShihammeDarc
      ShihammeDarc 4 months ago

      - The 6% of greenhouse emissions as you said are a general by-product of military activities, a war didn't increase it significantly. (I have no sources to back this up, but the economic depression caused due to the war might even reduce emissions due to rising gas prices in some countries and less trade overall)
      - My nation in specific doesn't get involved in wars, but even if it did and my taxes went to fund fighting there, it's not like my taxes benefit me individually in any significant way.
      - Ukranian exports don't affect my country in general, but the prices of a few goods did increase slightly although it's not like it's unaffordable for me
      - That literally ignores the fundamentals of human nature. As if humans haven't been senselessly killing each other for our entire history.
      My condolences to people affected but I can't personally be bothered to care about them when
      1. It isn't affecting me.
      2. I can't do anything about it.
      3. I care about my personal problems way more than problems of others.

    • Merennulli
      Merennulli 4 months ago +3

      @ShihammeDarc Normally people aren't cool with other people dying needlessly.
      But if you need other reasons:
      - 6% of greenhouse gasses are from military, so wars are affecting you even if you're nowhere near them.
      - If your nation is one of the ones that gets involved in other people's wars, your taxes are going towards them. If not, money your nation would otherwise have obtained from the nations that do is lessened.
      - These wars usually involve sanctions which further worsen your economy. The 2022 Russian invasion of Ukraine is an extreme case since a nuclear superpower with a penchant for genocide picked on a friend of NATO which Russia had committed a genocide against once already, and that also happened to be the #5 exporter of wheat in the world. But even with smaller wars with smaller sanctions, there is an effect on the global market.
      - Everyone else in the world being outraged about senseless killing enough to take actions like sanctions or military aid makes it a little harder for others to commit acts of senseless killing which could include your nation's leaders or neighbors.

  • eldiabolo
    eldiabolo 7 months ago +33

    Very well presented. I think you should have made more clear how enormous 1MB is in this scenario. People take pictures or videos of hundreds of MBs or even GBs all the time.
    But this is just code and 1MB of just code for one single purpose is crazy.

    • Eyal Kalderon
      Eyal Kalderon Month ago

      @HH A few things to note here: it really depends on whether we are talking about the average size of graphical (point-and-click) programs versus the size of console programs, like Stuxnet. Graphical programs tend to be much larger than console programs, often several megabytes in size versus several (kilo)bytes for most console programs. For example, *bf1.exe* (the Battlefield 1 game executable) sits at about 13MB in size, depending on the specific version you have installed. This is all just code, so you can imagine how densely packed the information is inside a compiled binary such as this.
      To give you a similar perspective on the console program side of things, *cl.exe* (the Microsoft Visual C++ compiler executable) is a few hundred _kilobytes_ in size. This is an incredibly complex program designed to perform a very complex and open-ended task, but it's much smaller than *bf1.exe* because its scope is much narrower and it doesn't have to display anything graphical.
      So to have a virus (usually a single-purpose console program designed to do little more than spread and replicate itself, often kilobytes or even mere _bytes_ in size) take up >1MB of space with just code is very unusual and unprecedented. Stuxnet, as a non-graphical program meant to run in the background, had to have been _enormously_ complex to be that heavy.

    • Agent Null
      Agent Null 4 months ago

      Yeah, so it’s undetectable. But they fill it with loads of padding so you can’t scan for viruses.

    • HH
      HH 4 months ago

      How big are is 1MB of codes, Any idea how many lines, Are viruses usually in KB?

  • JA RC
    JA RC 7 months ago +98

    2:16 I actually thought you were going to say "this new era was made possible by Curiosity Stream / Nebula / Brilliant / etc" lol

    • User 2C47
      User 2C47 7 months ago +6

      ...Squarespace, Cloudflare, Nord or Express VPN...

  • Matthew Bidewell
    Matthew Bidewell 7 months ago +27

    If you enjoyed this - Countdown to Zeroday: Stuxnet is an amazing book that dissects how the virus works and potential ways it was delivered.

  • grant williams
    grant williams 7 months ago +9

    Hands down my favorite cyber security story ever. Love that the virus only targets a very specific centrifuge setup.

  • Jcewazhere
    Jcewazhere 7 months ago +31

    With proper security monitoring zero days are not that scary. RCE would be detected and countered as it happened and the spread would be minimized.
    The problem is many corporations spend money on cyber security insurance because it's cheaper than proper security.
    Just like having the CEO pop their golden parachute and take the blame for something bad the company did cyber insurance lets the corporation save money until things go bad and then they get a big payout. The only ones harmed are the customers.
    Yet another instance where putting profit over everything is costing average people.
    We need more stakeholders in business, and less shareholders.

    • D D
      D D 7 months ago +3

      I doubt most security monitoring would detect or prevent a RCE 0day.

  • 7 F
    7 F 7 months ago +47

    3:12 that is a very weird way to explain what zero-day exploits are. not sure why you would go so far to avoid actually tying the name to the core concept directly. have a feeling a lot of people walked away with some weird idea of what they are.

    • Mateusz Zimon
      Mateusz Zimon 2 months ago

      They are 0-click exploits

    • Musavvir Ahmed
      Musavvir Ahmed 7 months ago +11

      Yeah, 0-day-exploit = the manufacturer has had 0 days to look at the exploit, therefore hasn't been able to fix it.

    • 7 F
      7 F 7 months ago +11

      @Calvin_Coolage yup. one defenders have had no time to set up defenses for when it's used.

    • Calvin_Coolage
      Calvin_Coolage 7 months ago +2

      A zero-day is literally just an undiscovered exploit in software corrrect?

  • Süßy baka - KFP Avian Resources Analyst

    I worry about the electrical grid. It’s an incredibly expensive, incredibly important piece of infrastructure that everyone takes for granted. A stuxnet-like exploit applied to the grid can cause damage on the order of billions of dollars, and hamstring entire nations for years.

  • Spencer
    Spencer 7 months ago +6

    Wow, it is hard to believe the Shadow Brokers' leak was already five years ago! That was a big one. The ransomware campaigns that followed it were unprecedented in scale and simplicity.

    • Gave2Haze
      Gave2Haze 7 months ago

      I'm surprised he barely touched on it considering that the Shadow Brokers were an independent group who infiltrated the 'best' agency and not only leaked their tools but all the exploits they had paid millions for, in the days of utmost secrecy and govt v govt cyberwarfare

  • Jonas D Atlas
    Jonas D Atlas 7 months ago +143

    The common theory I've heard is that to at least some degree, Stuxnet wanted to be found eventually, after causing significant damage - the US wanted to show off their capabilities, and this is just about the only way you can. You can't exactly have a military parade with a bunch of soldiers holding up USB drives.

    • Ehud Tal
      Ehud Tal Month ago


    • Insnebob
      Insnebob 2 months ago

      idk... I instantly think of the Colossus computers, or how after breaking the enigma we (allies) allowed axis attacks to be successful in order to hide what we knew.

    • dzerkle
      dzerkle 4 months ago +1

      Not a chance. They would have been happy to keep frying centrifuges forever.

    • GintaPPE1000
      GintaPPE1000 6 months ago +3

      @Gave2Haze Pfft, Israel was the one who wanted to just airstrike the nuclear facilities directly. They have no restraint when it comes to assuaging their own paranoia.

    • Gave2Haze
      Gave2Haze 7 months ago +3

      You'd think israel would hold them back, being the one country that doesn't show off

  • clray123
    clray123 6 months ago +2

    The so called "Trusted Computing" chip is one big backdoor integrated into most mainboards... Microsoft is not really hiding the fact that their goal is to be able to remotely control/shut off every machine in the world, and most companies are switching to their "cloud platform" to make it even easier to accomplish.

  • Hammer87
    Hammer87 3 months ago

    THANK YOU for making this! I have been wondering how cyberwarfare is conducted at the tactical level forever now.

  • Jeremy Pickett
    Jeremy Pickett 7 months ago +4

    Stux was fun. Came from Utah, was propagated by a 'lost' usb thumb drive, exploited not only the zero days but also DMA capabilities of usb, so it could make the air gap jump. That's how it got onto the gapped control machines that ran Iran's centerfuges. And the payload was brilliant--make the uranium enrichment *unreliable*, not completely broken.
    Absolutely brilliant spycraft.

  • Sam Featherstone
    Sam Featherstone 7 months ago +5

    As someone who has had an attack that infected my network at home I can say its quite the nightmare. So bad I went to school to retrain into IT because I saw what this could do.

    • Matthew Trevino
      Matthew Trevino Month ago

      Dude! What's up? Funny I run into you in a comments section again; I tend to peruse the comments on pertinent subjects to get a feel for general perspective. So you've figured out SA's definitely got a problem with some psycho hackers. These weirdos are capable of some downright insane sh!t. I've been looking into a lot of bizarre hacking incidents and an overwhelming number of cases are cited in SA and the surrounding areas. It looks like there is some possible connection to the psychiatric community/industry...I mean you can actually hear voices in the environment, no bullshit. I'll stop there cause im just painting myself crazy at this point. Hope you're faring better now, this sh!t is no joke. Holler back!

  • bob32qwerty
    bob32qwerty 7 months ago +38

    Sucks this video was erroneously taken down for so long, hope this helps you guys keep doing good work!

    • Clint Richardson (@ClintFromNYtoVA)
      Clint Richardson (@ClintFromNYtoVA) 6 months ago +1

      @systems Its possible I dont get how the system works because Ive been banned for 4 years, but the most views usually occur shortly after release.

    • Lily Liao
      Lily Liao 6 months ago

      @Taavi Tammaru nicole perloth doesnt like it when you credit and use her as a source

    • Lily Liao
      Lily Liao 6 months ago

      @Taavi Tammaru copyright strike

    • Taavi Tammaru
      Taavi Tammaru 6 months ago

      Any idea why it was taken down?

    • Clint Richardson (@ClintFromNYtoVA)
      Clint Richardson (@ClintFromNYtoVA) 6 months ago

      Its how YT shaves profit from the creators.

  • LOMan
    LOMan 7 months ago +3

    It used to be that zero-day vulnerabilites were immediately disclosed as the bad guys had them, and the more people who knew about them, the better they could change the security posture. However, the banks and Apple didn't like not having "advanced notice", so they changed to the current model, where severe bug may be unpublished for a period of time while the vendor makes corrections, rather than launching into a 90-day sprint to solve a Heartbleed bug.

  • ImpalerVladTepes
    ImpalerVladTepes 7 months ago +12

    One interesting bit that wasn't covered: it's mentioned in the video that stuxnet got onto the research facility's hardware due to a spy or mole. That may not even have been the case: it's theorized that instead, whoever was trying to deploy the virus did so to either the Siemens controllers or something that would be connected to them, at the source. That is, these machines were infected with stuxnet en masse in their countries of manufacture in the hope that at least some of them would make their way to Iran. And it worked. It's possible that this is also what led to its discovery by the western public: enough of the infected machines made it to western countries that a user who happened to be operating one such machine stumbled on it.

    • Mateusz Zimon
      Mateusz Zimon 2 months ago

      It's possible they got lucky, drop infected USB key to family of worker. Put also bunch of movie's, when they got to Natanz they insert USB to watch some on computer.
      That's why they don't need weight loss therapy.

    • ImpalerVladTepes
      ImpalerVladTepes 7 months ago

      @Nathan Keel the outside propagation theory I laid out was what I read several years ago: there's new evidence that is really was an inside job?

    • Nathan Keel
      Nathan Keel 7 months ago

      It's proven that it originated and propagated from Iran. It was also identified by a Belarusan cyber security firm. Which is closely aligned with Russia and far from the west. The only 3 ways it got in was from someone sneaking it into a Natanz employees labtop, then they brought it to their job where it propagated. Or they had an inside man. Or last they snuck inside the facility and planted it, which is highly unlikely. I also believe it is a highly unlikely chance that the PLCs were infected before or during transit to the facility. Last thing is that Stuxnet was a worm, not a virus. All worms, viruses, trojans, etc are malware(malicious software). This is my opinion from the known facts. I'm not saying the theory you laid out is wrong, but personally i do not believe there is any evidence of a bunch of random PLC's being infected and hoping one ends up inside Natanz's air gapped facility before all the rest of the world.

    • ImpalerVladTepes
      ImpalerVladTepes 7 months ago +1

      @InventorZahran also possible

    • InventorZahran
      InventorZahran 7 months ago +4

      What if a single contaminated USB drive found its way into the factory where those machines were being built, and commanded the system that installed their firmware to include a bit of malicious code within it? The factory would not have had the same level of security as the enrichment facility, so it could've been easier to slip in an imposter or bribe a rogue employee...

  • B. K.
    B. K. 7 months ago +3

    To be fair, it was already "here" in 2011 - yes eleven years ago. But due to it being ignored and labeled as a "non-issue" (with victims i.e. companies/govs always denying they got hacked/whatever) it hardly received any publicity. It needed an actual war with a large nation for "Cyberwarfare" to finally receive some actual recognition.

  • Viincentt
    Viincentt 7 months ago +4

    Wendover is still one of the best informative youtube channels. Amazing work, brother!

    • Remi Gio
      Remi Gio Month ago

      If only he’d learnt how pronounce Iran correctly….😅😂

  • Kevin
    Kevin 7 months ago +5

    Hacker: Hey, we found some bugs you might want to know about.
    Big tech: We sue.
    Hacker: I'ma post bugs on the forums cuz I don't want to be sued.
    Security company: _Yoink!_
    Also Security company: Hey, we found some bugs you might want to know about.
    Big tech: We buy.

  • Ernest
    Ernest 7 months ago +4

    So interesting! I only had a very rudimentary knowledge of how this whole thing works, and it's so cool to learn how it started and the sort of 'logistics' behind it.

    • Comrade20
      Comrade20 7 months ago

      i want to know, at the moment, i'm scared, a friend of a friend i know has been hanging out with this man part of a Cyberunit known for phishing, hacking, vulnerable information, possibly Sandworm

  • MaglevM5
    MaglevM5 7 months ago +3

    One of the best and most sensible RU-clip channels! Amazing content. And the narrator is awesome too!

  • Dr. Leon W. Couch III
    Dr. Leon W. Couch III 2 months ago

    I was already aware of this whole story, but I think you told it the best and have made it more relevant and understandable to most people. Very well done.

  • Seth Apex
    Seth Apex 7 months ago +11

    I have never understood how hackers in movies are able to break into secure systems with a few keystrokes.

    • KeppyKep
      KeppyKep 7 months ago +4

      ...because it's a movie

    • Seth Apex
      Seth Apex 7 months ago +2

      @User 2C47 but they have to access the system in order to even get the worm inside.

    • User 2C47
      User 2C47 7 months ago +3

      If it's in a tactical situation, they likely use a script prepared beforehand that tells their worm to execute its payload.

  • Rudi Coehn
    Rudi Coehn 7 months ago

    On minute 11, I swear I got goose bumps. Great story, magnificently told. Great job guys!

  • Caferock Garito
    Caferock Garito 7 months ago +2

    Impressive video for a discovery of a channel. I was so impressed by not only the content but the editing, and the referral price offer for CS+Nebula was so good that I couldn't resist!

  • MandoMonge
    MandoMonge 7 months ago +1

    I’m really digging these Lemmino style documentaries Wendover is pushing out. Really good job guys!

  • Narretei
    Narretei 7 months ago +1

    what i would like to add is that Siemens PLCs have a pretty huge market share, especially in and around europe. Most other companies have special usecases, but what i have seen Siemens stuff is used often because a lot of people know how to use it, get a good price and know how to program it.

  • 42thgamer
    42thgamer 7 months ago +2

    I can really recommend the book Zero day. It's about stuxnet and really interesting. But I do think that cyberwarfare is a lot more diverse than this.

  • Nooticus
    Nooticus 7 months ago

    Incredible video as always Sam and team! 👏

  • Kay Inoue
    Kay Inoue 7 months ago +1

    This is by far one of my favorite stories. Anyone who wants a more in depth dive, read "Countdown to Zero Day:," it's an incredible retelling and well researched record of the story of Stuxnet / Olympic Games

  • A Zhivago
    A Zhivago 7 months ago +2

    More of this kind of thing, please.

  • Qt Animu
    Qt Animu 7 months ago +775

    Just something to consider: This was discovered like 10 years ago. Just imagine how much more powerful cyberweapons must exist nowadays. No one listened, so now we wallow inside the pit of insecurity.

    • Qt Animu
      Qt Animu Month ago

      @John Doe Luckily there are solutions to this.

    • John Doe
      John Doe Month ago

      It's called Intel ME and AMD PSP. Spyware embedded in your hardware with root level access to your entire computer, which you cannot disable.

    • Qt Animu
      Qt Animu Month ago

      @lone wolf coding You really have to explain this.

    • lone wolf coding
      lone wolf coding 2 months ago

      we can using cdr technology or secure cloud aws

    • Patrick Reid
      Patrick Reid 2 months ago

      10 yrs of divisive social media. Cyberwarfare.

  • 巫女みこメガネ
    巫女みこメガネ 7 months ago +12

    8:53 the claim that 58% of computers in Iran were infected is inaccurate. 58% of infected computers were found in Iran, which is a very different thing.

    • Navyseal168
      Navyseal168 6 months ago

      @巫女みこメガネ ok, you have excellent English my guy

    • 巫女みこメガネ
      巫女みこメガネ 6 months ago +1

      @Navyseal168 the same as this video: the Wikipedia article on Stuxnet. The article has a table listing affected countries, and "Share of infected computers" for each country. The creator of this video misinterpreted this as "amount of computers infected from the total amount of computers in that country", when in actuality, the table lists "amount of computers in that country from the total amount of known infected computers".

    • Navyseal168
      Navyseal168 6 months ago


  • Ashe
    Ashe 7 months ago +2

    i do have to nitpick a bit: not every vulnerability is a zero day. the zero refers to the number of days a defender has to patch it, so until an issue is actually found and used by an attacker it's just a generic vulnerability.

  • S F
    S F 7 months ago +4

    Whether you think this is good or bad, it is still amazing.

  • Zephyr
    Zephyr 7 months ago

    I wonder if there have been cases of developers purposely leaving in exploits then selling them and patching them as soon as they get the money. I guess any company big enough for exploits to be valuable is too rich to care about the bounty

  • TS_Mind_Swept
    TS_Mind_Swept 6 months ago +2

    Imagine everyone just getting along and doing things to help everyone improve..quick! Someone write a song about that!

  • Cody Johnson
    Cody Johnson 7 months ago

    Perfect timing! I just finished This Is How They Tell Me The World Ends by Nicole Perlroth last night. It's a great book on cyberwarfare if anyone's interested.

  • ooooneeee
    ooooneeee 7 months ago +3

    It's a shame you only mentioned ransomware a little at the end. Without the huge market for zero day exploits created by aggressive state cyberwarware ransomware wouldn't be so big now. Some of the organizations doing it have become scarily big, powerful and wealthy. Governments need to band together against them and IT security needs to improve massively. Governments must stop fighting against encryption and safe communication protocols.

    • Gregory Vasilyev
      Gregory Vasilyev Month ago

      The major intelligence agencies are the biggest benefactors of this disaster. They will sooner see the world bun than see some private email they cannot decrypt.

  • Colin Martin
    Colin Martin 7 months ago +9

    It kinda terrifies me that my university labs have PC's still running windows XP. They're obviously not connected to the network at all, but imagine what one guy with a long cat5 cable and a few minutes could do to the whole university network.

    • Flippdogg !
      Flippdogg ! 7 months ago

      The problem is not that they are not willing to upgrade but rather that Software Companies are either to lazy or that the Software that they build are from the 80is or 90is. Everyone who has a little unterstanding how OS works knows what works on a Win10 does not mean it is going to work on older Versions. A good solution would be to switch those Softwares on Linux but I guess the American Lobby would have a small problem with that and on the other hand to convert the whole Software on a different Kernel and Operation System would take ages.

    • KK Foto
      KK Foto 7 months ago +1

      I don't know the mechanism, but my university suffered a devastating cyber attack. All the systems shut down, and more than a month later, some of them are still down.

  • PleaseDontWatchThese
    PleaseDontWatchThese 7 months ago +4

    The amazing part was not so much about the worm spreading over a usb stick. That kind of stuff was done in the 80s with floppies. And its ability to use zero days was also not too special as all exploits found in the wiled are zero days. It was its stealth and really specific targeting to attacked a complicated air gaped machine was what got everyone's attention.

  • Remco F. Gerritsen
    Remco F. Gerritsen 7 months ago +2

    When everything is interconnected digitally and with electricity, a simple hack can destroy the entire world. It's seriously worrying.

  • NoMore Constipation
    NoMore Constipation 7 months ago +1

    It's amazing how far technology has come. As with many things, if you don't keep up with it you get left behind.
    I remember thinking awhile ago how much I knew. But in the blink of an eye I'm old news and outdated.
    Trust the fact that the alphabet boys are keeping up with this advancement. I'm always curious how much thought goes into these trends. Such sophistication and plotting goes into these attacks. Specifically to lay in wait.
    The newest version I saw was talking about storing itself in the bios of a machine. That gives me worries at night for sure if I was a network manager.

  • Jean c
    Jean c 7 months ago

    The research for this video must’ve been huge, amazing work

  • Gary Wilmot
    Gary Wilmot 7 months ago +1

    Zero Day doesn’t refer to the software flaw itself, it refers to the small window of time between when it is discovered and when it it publicly announced. This is when it’s most valuable, because it can basically be exploited at will, because no one even know s to look out for it yet. So any flaw, no matter how major or minor, can be called a Zero Day during this limited timeframe. It doesn’t depend on complexity, just how widely known is it.

  • D. Lawrence Miller
    D. Lawrence Miller 7 months ago +17

    3:30 maybe this is a bit philosophical and pedantic (a la "a tree falls down in the woods"), but I think your definition of zero day is a bit unusual. I don't think zero day means "all vulnerabilities that exist in a technology" it means "any vulnerability *which has been discovered* by a researcher." Since most people only learn of a zero day exploit once it has been used in an attack and researchers have noticed and named it, "zero day" has come to mean "new attack pattern that just made its debut." This better suits the etymological origin anyway. "It has been 0 days since [disastrous thing happened]."

    • GoldenPantaloons
      GoldenPantaloons 6 months ago

      More accurately it's "any vulnerability which is unknown to the developers" - the idea being that once the vulnerability is known, its value starts to diminish over time ('n'-day vulnerabilities).
      A 1-day vulnerability might still be missing an official patch, widely unknown, and as such invaluable in the right hands.
      A 7-day vulnerability's probably patched, worthless vs. security-conscious targets, but valuable for other uses. Depending on the software in question there could be a vast quantity of old installations runninng.
      A 500-day vulnerability is pretty much worthless. (Well... I say that, but if I recall correctly the ransomware attacks that devastated some public health systems a few years back were using ancient exploits... the hackers had made it on the cheap, and were just kinda shotgunning it around hoping to hit something. Turned out a bunch of hospitals still had their entire networks running Windows XP hahaha)

  • Will Mungas
    Will Mungas 7 months ago +8

    A zero-day isn’t just a bug, it’s specifically an exploit that has yet been undiscovered (eg “it’s been zero days since our staff was made aware of etc”). This is usually a monumental discovery, because it means this exploit may have been around for a long time undetected, and none of the programmers have any idea how much damage has been done in that time. Not every bug is a zero day, because not every bug is an exploitable issue unknown to developers.

  • NoMoN
    NoMoN 7 months ago

    Fantastic job on explaining Stuxnet!!
    Love it!

  • synistree
    synistree 7 months ago

    Great video and coverage of a complex and engrossing topic. The 2016 documentary zero days is also a very interesting watch on the stuxnet.

  • Dave F
    Dave F Month ago

    "This Is How They Tell Me the World Ends" by Nicole Perlroth is a fascinating book and I highly recommend it

  • ʂɋuïrŁỾ ŵҺÍƦƪƴ

    Incredibly well written script, both yours, Wendover and the one used in stuxnet, ok sure technically it was a compiled payload, but you get what i mean.

  • Shantanu Tonde
    Shantanu Tonde 7 months ago

    One of the most intriguing, alarming, and entertaining infotainment videos I have ever seen!

  • Roman Bartocci
    Roman Bartocci 7 months ago

    dude! been a fan of your work since you began ... and this is one of your best (and im in IT/cyber) nice work!

  • Sabiki Kasukō
    Sabiki Kasukō 7 months ago

    Ok but like this is something I hadn't realized until Sam said it outright: a weapon that cannot be revealed before it becomes useless, is a weapon we cannot shield against. The idea, the prospect of our there being a weapon so destructive, so devastating, so catastrophically armageddon that's just laying dormant, truly is something chilling. We're exposed, there could be a sniper looking at us right now, aligning their crosshair to our frown 24/7 and we have literally, *literally* no way of knowing if that sniper even exists, let alone which is his rifle, what's their ammunition, or his position.
    This is a war of warnings, a war that will only end the very second a country calls a bluff to another country that was not bluffing.

  • ody vinty*
    ody vinty* 7 months ago +30

    Stuxnet is an engineering masterpiece.

  • Alexander Herzog
    Alexander Herzog 6 months ago

    If you find any of this interesting I completely recommend the podcast Darknet Diaries, it has a whole sub series about stuxnet, as well as attacks such as notPetya and others. It's a very well produced show made by someone who is very very good at research and knows the industry in and out. Jack Rhysider is a beast

  • ytrew
    ytrew 6 months ago +2

    Why is it called zero days?
    The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw - which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day.

  • Mark Keith
    Mark Keith 7 months ago +5

    Wow! That was depressing....and informative at the same time!

  • John Daniel Esguerra
    John Daniel Esguerra 7 months ago +1

    I just graduated IT in 2020, and CS specializing in Internet Networks, and Databases in 2016.
    I have heard all these things while I was in the middle of my college, man my field changed alot in cyber security in that time frame.
    I also have a laptop with alot of old virus codes from the centuries, including the infamous I-LOVE-YOU virus. The wifi card for that laptop is removed and Ethernet port disabled permanently hardware wise, and its running Win 10 20H1 natively, with vms for DOS.
    I usually use those codes as learning materials, and sometimes algorithms within it I use for code I make.

  • Camilo Guzman
    Camilo Guzman 7 months ago +1

    Is definitive, Sam has a jornalist training, the way he narrates any topic is very engaging.

  • Christopher Ward
    Christopher Ward 7 months ago +4

    Stuxnet was signed with private keys that could only have been stolen by some very sophisticated hackers.

  • Zei33
    Zei33 7 months ago +2

    I don’t think you’re giving developers enough credit. It’s not so easy to develop such widespread devastating viruses as you’re saying at the end there. Not with modern security practices. Finding 4 zero days that can work together in the modern day is basically impossible.

  • Name Redacted
    Name Redacted 6 months ago

    I like this video, but the Shadow Brokers only released a very small part of the tools they had access to, but was only able to release a handful out of 100's.

  • Grant Trotter
    Grant Trotter 7 months ago +2

    2:18 "This new era [of cyberwarfare] was made possible, and perhaps more importantly, made profitable by-" I really thought that was gonna be the most unlikely ad transition I've ever heard.

  • harter864
    harter864 7 months ago +6

    You have a major error at 1:35. The correct statement is, "60% of all computers with Stuxnet were located in Iran", NOT "60% of all of Iran's computers were infected".

    • R K
      R K 7 months ago

      This. 👍

  • Logan L
    Logan L 7 months ago +17

    Humans for 10,000 years:
    Step 1: develop something to bring man kind forward in its development and to improve the lives and welfare of the whole world.
    Step 2: develop a way to defend against it as someone has turned it into a weapon.
    Why be an innovator when you can be a parasite who destroys well-meaning things, right?

    • TaxPile
      TaxPile 7 months ago +1

      Strategy-counterstrategy human dynamics.

    • Logan L
      Logan L 7 months ago +1

      @monkeyboy600 yes, most nuclear power plants run on enriched uranium.

    • monkeyboy600
      monkeyboy600 7 months ago

      Do you think a Uranium enrichment plant is well-meaning?

  • thePuppyShy
    thePuppyShy 7 months ago +1

    I learned about stuxnet 5 hours ago from a podcast recorded over a month ago. I clicked the thumbnail to this video curious how some cyberwarfare happens so that I could maybe understand more about stuxnet. But I was not prepared. Thanks for double breaking my brain, good work.

  • Mammal
    Mammal 7 months ago +22

    What stopped white hat hackers from selling the exploit, and then immediately delivering them to the software developer to be fixed?
    Why hasn't this business model changed to some sort of subscription, where security companies would buy an exploit, and then pay some daily/weekly/monthly fee until the bug was patched by the developer (this way, encouraging the bug to be kept low profile)?

    • Mammal
      Mammal 7 months ago +1

      @SaintJezebel unfortunately it makes a lot of sense. :/

    • SaintJezebel
      SaintJezebel 7 months ago +17

      White hats are not nearly as common as you might notice, because of a combination of things, but here's something pertinent:
      When a bug gets reported, it usually comes after the reporter has abused it for a while and got bored or feels bad about it. So most of the time, reporting bugs can get you extreme suspicion and or bans/punishment. This alone demotivates a majority of regular (ie. non corporate employed) white hats.
      But other than this, generally, cybersecurity firms are hired in the process of creating new infrastructure. The problem is software devs LOVE to reuse old shit, so basically unless you're making a whole new internet, bugs from a billion other places will be incorporated. The internet is a lot like building a house and your house building tech only gets better the further in you've gotten. By the time you're installing solar panels, people are starting to realize the foundation is made of packed dirt.

  • lisa eve
    lisa eve 7 months ago

    I enjoyed the difference in content, this should somehow be extended into multiple related videos

  • Arvind Raghavan
    Arvind Raghavan 3 months ago

    I find your videos FASCINATING. This one, no less. Thank you!
    One humble point of feedback: it's E-RAHN not EYE-RAN.

  • Sean Brazell
    Sean Brazell 7 months ago +1

    Fantastic work. Terrifying, but not unexpected.

  • Arman
    Arman 7 months ago +6

    Walked into this video thinking "My country (Iran) has been in a cyberwar for years now, I wonder if this video will mention anything about it" and found out that at least one of my two computers is infected because of it.

    • the gamer
      the gamer 7 months ago

      Hmm, I /wonder/ who could be behind this

  • MX Racing Unlimited Ltd

    Ahh PLC's.. I use to have a job making programs for automated asembly lines, like a bottle cleaning line used at coca-cola. I also built the control panels from scratch too after making the CAD Layout diagram and a CAD type wiring digram program. We would number every wire because all the wires were the same color for most things and in the same wiring routing "trays". I'd have to install everything from the circuit breakers, to the Solenoids, power wires, control wires, VFD's, Input & Output Blocks, PLC, and power supplies.. plus a bunch more cool types of sensors outside the control box and control touch panel..
    It was a fun job. The popular PLC's had a pretty nice program for making the software and building the Animation and Data Value Pages with Accurate Active diagrams for the Color Control Panels on the Outside door, was fun for me and my favorite part besides starting to build it with the crew lol...
    I also did a bunch of smaller ones by myself. We did it all i learned later as far as using different PLC's and not making the customer start over.. Rockwell, Seimens, ABB and a bunch of other brands i cant think of right now.. IF THIS, THEN THAT. OR IF THIS AND THAT THEN THIS BUT NOT THAT. So yea you would have failsafes built into the program to make certain things happen in correct order and Temps/Speeds, etc..