Without a doubt, this is the best video I've seen on Stuxnet for non-computer people. There's no coding shown or any other stuff, and it's step-by-step. Imma put the link wherever I can. Terrific!
Whats up with all the old people looking like they have no clue what this guy is talking about? They look like they broke out of the retirement center and accidentally went to the wrong class and instead of making pottery for the afternoon.
Agreed. Looks like a lot of folks that need to retire and get off the payroll. LOL!! Seriously, old folks like that should go off and live their lives. Let some young folks in...and reduce the unemployment rate. LOL!!
The complexity of this is mind boggling. To have a worm that actually re writes logic and makes it appear as nothing is awry. Wow i have trouble writing basic ladders.lmao
his thing is so advanced that it will probably take decades or more for the world to understand Stuxnet. This is so complex and advanced, I still can't believe this is possible.
Agreed. We already know stuxnet. The key here...is that since the source code is in the wild...others interested in copying and/or converting the code for specific needs can be done. instead of 7 interests...they inject 10 or 12 or etc. ???
people who program not only have a effect on the virtual world but can also impact the physical world since the two are closely met the only way to get rid of the problem altogether is to get rid of technology but i dont foresee that from happening so all we can do is take precautions and actively monitor for new threats and adjust as necessary.
anon mouse The impact on the physical world from desk guys is pretty low, just like the influence from smiths or carpenters on the virtual world is pretty easy to manage ;-) Which job do you earn your living?
So what about those 2 Hertz? Did it do so to damage the motors, keeping them from spinning because of the low frequency, but still putting power thru to damage the motor windings?
Also uranium enrichment centrifuges have to spin fast enough to separate enriched uranium from regular uranium. So when it spins to slow, the two don’t separate and you can’t use the enriched uranium that would go in the bombs. So too fast causes damage, and too slow doesn’t allow you to get the specific type of uranium (enriched) you need to make the bombs
The update feature allows the worm to be easily rendered useless. If the engineers upload a version that is inoperable and specify that it is the latest version then the worm will no longer cause a problem.
They didn’t know they were getting hit with this so there was no strategy to defend against it. Also it’s highly probable that this was created for the sole purpose of attacking this specific network meaning it was built to exploit flaws in its design
Not a lack of, just being cheap. Nobody pays for something they don't need and nobody expects a cyber attack, though they should. I bet the physical security on the place was top notch.
Could you mimic human immune systems, and make a "deactivated" version of stuxnet that could be used to train antivirus software? Or to make it attack other instances of itself?
Absolutely. Once a hacker has the source code they can do with it as they please. Similar programs exist...and they run the virus, malware, worm in a so called isolated Sandbox environment.
So when the code "put the picture in front of the camera" what would the PLC show when an engineer tried increasing or decreasing the frequency of the centrifuges? If an engineer tried increasing it from 800 to 1200, would the PLC show that value while the code was still doing its mission?
I guess the best way to avoid these kinds of break ins is with hard safeties. If all the operating data goes through one source(the PLC)it can be manipulated. All critical operating parameters ie: speed/freq, temp, level, ?? Etc, should have separate safety shutdown hardware that does NOT relay through PLC. Wait till this kind of stuff hits autos who now use similar data collecting/controlling methods Connectivity is sometimes very overrated.
short version: they exploited the fact that they ran mission critical systems on microsoft operating systems. I assume they use duct tape to assemble the plants in place of bolts.
This is pretty cool. I don't understand why computer worms like this are treated as alien technology by the media when the espionage factor is much more exciting anyway.
Problem is, no PLC software is for Linux. The most used PLC's are either from Siemens or Allen-Bradley. Not even virtualizing Windows onto Linux would stop this virus.
Why can't all the imperative systems that drive centrifuges/etc just be 100% offline with no external ports and a properly-encrypted network?(retinal scans instead of a default/ridiculous password) If there is no way to introduce these tools to the system then surely they are safe from attack?
the problem is that as long as there are spies, an offline system is susceptible to attack. Doesn't matter how much you try to secure it if one of your own trusted people is a double agent or being blackmailed or bribed by the CIA or Mossad. Iran arrested some spies after stuxnet happened, those spies were probably executed.
The original name given by VirusBlokAda was "Rootkit.Tmphider"; Symantec however called it "W32.Temphid", later changing to "W32.Stuxnet". Its current name is derived from a combination of some keywords in the software (".stub" and "mrxnet.sys")
While this is mostly true, Stuxnet used Windows as a vehicle to gain access to PLCs. If you replaced Windows with Linux it wouldn't have been able to spread and find it's way into the PLCs and deliver it's payload.
The virus would make the interface believe that everything is running fine, when it secretly makes the centrifuges run at 2Hz or 1410Hz.. I'm not quite sure or it reacts on the interaction of people it just analyses the scheme and then simulates it.
All because if you take a regular Android phone that is a prepaid and you get it from the store you dissected you take out the little sticker with the barcode on it and underneath that you have that little stabbed blood
This thing is so advanced that it will probably take decades or more for the world to understand Stuxnet. This is so complex and advanced, I still can't believe this is possible.
The audience is actually very impressive, critics in the comments have no idea. He’s got Whitfield Diffie in the front row… awkward moment there feeling the need to explain public key crypto.
my fear is that some creepy guy is gonna modify this stuxnet to do something more nasty, not only to the iranian plants, but to everybody. that can become really bad...
Look at the guy at 5:18 and 14:50, conscious of being seen on camera. God I couldn't stand to be in national security. Too much paranoia, not worth it.
the real issue here is it would be just as easy to break into our power systems and screw them up... windows is a toy... unless you built your power station with duct tape to match, it's not appropriate mission critical software. There's actually word processors you CAN'T infect with viruses... wouldn't it make sense to have a secure facility use them? Isn't BG rich enough off his crap by now?
I’m not an expert but I think the old guy with grey hair sitting at the back of the room trying so hard to hide his face might either be an alphabet boi or a schizophrenic.
Although the content is good, his vocal tick of saying ok gets really difficult to listen to after a while. I feel like I'm listening to Mr. Mackey from South Park.
Is the audience for real? Or somebody sliced the video with a home for elderly Sunday morning daily program announcement. I just can't believe my own eyes.
![[Watch Party] RoV Pro League 2024 Winter | with Moowan ( Bacon Time Vs Talon )](http://i.ytimg.com/vi/CCEDhu6dPN8/mqdefault.jpg)
This person definitely deserves better audiance.
saurabh chikate maybe this audience was used to more demanding issues. Ongoing presenting simple matters with "right" doesn't raise any level.. Right?
😂
@@brysonmalakai6769 Nobody cares & nice pitch for your stupid hacking program.
I agree...strongly also to the fact that you beat me to this comment by four years
1:44...... " Killa what, John I don't know what he's saying "
Without a doubt, this is the best video I've seen on Stuxnet for non-computer people. There's no coding shown or any other stuff, and it's step-by-step. Imma put the link wherever I can. Terrific!
Stuxnet demonstrates what is possible when you have access to everything you need.
excellent ! room filled with people waiting for their retirement and devoid of any enthusiasm or interest.
Thank you, Nicholas Cage. Very informative.
Sol Steinbergowitzgreenbaum yeah man I was about to say that guy does everything
Whats up with all the old people looking like they have no clue what this guy is talking about? They look like they broke out of the retirement center and accidentally went to the wrong class and instead of making pottery for the afternoon.
+therockstar17 NSA agents
+weenir that old dude trying to hide his face
LOOL! Oldies from Standford look like they don't quite understand whats all the fuzz about
Agreed. Looks like a lot of folks that need to retire and get off the payroll. LOL!! Seriously, old folks like that should go off and live their lives. Let some young folks in...and reduce the unemployment rate. LOL!!
what a stupid fucking comment, you must be thick as pig shit
14:13, finally hit Level 90 in World of Warcraft.
The complexity of this is mind boggling. To have a worm that actually re writes logic and makes it appear as nothing is awry. Wow i have trouble writing basic ladders.lmao
Comments from the Crowd:
"I hope i don't miss bingo"
"Why does my hip hurt"
"Wheres my heart pills"
Know what you are? A DAMN FUCKING MORON.
@@paulegonkluwe2597 I take it your over the age of 50, It might be nap time for you now....I sense a bit of geriatric anger
@@mlassz009 How about a nice big cup of shut the fuck up, you spastic??!
@@paulegonkluwe2597 Okay boomer
:DDDDDD
"my biggest fear is... spiders...I fucking hate spiders"
Brilliant presentation of a very complex subject...
his thing is so advanced that it will probably take decades or more for the world to understand Stuxnet. This is so complex and advanced, I still can't believe this is possible.
Agreed. We already know stuxnet. The key here...is that since the source code is in the wild...others interested in copying and/or converting the code for specific needs can be done. instead of 7 interests...they inject 10 or 12 or etc. ???
Jordan Manco Ask any electrician, instead of computer nerds.. ;-)
90% of the people listening were just absolutely clueless about everything he said...
people who program not only have a effect on the virtual world but can also impact the physical world since the two are closely met the only way to get rid of the problem altogether is to get rid of technology but i dont foresee that from happening so all we can do is take precautions and actively monitor for new threats and adjust as necessary.
anon mouse The impact on the physical world from desk guys is pretty low, just like the influence from smiths or carpenters on the virtual world is pretty easy to manage ;-)
Which job do you earn your living?
Israel's Unit 8200 and the NSA wrote something the Iranians never saw coming in 20 years lol
Absolutely incredible the abilities of the worm!
This is a really great explanation and the enthusiasm was awesome
This was very intertesting and understandable for regular people (like me).
So what about those 2 Hertz?
Did it do so to damage the motors, keeping them from spinning because of the low frequency, but still putting power thru to damage the motor windings?
Like a spinning top, when it slows to zero it starts to lose balance. The loss of balance created damage
Also uranium enrichment centrifuges have to spin fast enough to separate enriched uranium from regular uranium. So when it spins to slow, the two don’t separate and you can’t use the enriched uranium that would go in the bombs. So too fast causes damage, and too slow doesn’t allow you to get the specific type of uranium (enriched) you need to make the bombs
Half the people in that room thought he was talking about the flu virus.
This should have a million views.
The update feature allows the worm to be easily rendered useless. If the engineers upload a version that is inoperable and specify that it is the latest version then the worm will no longer cause a problem.
They didn’t know they were getting hit with this so there was no strategy to defend against it.
Also it’s highly probable that this was created for the sole purpose of attacking this specific network meaning it was built to exploit flaws in its design
Very informative! Thank you for the information about The Stuxnet computer worm and all the stuxnet threats!!
Stupid camera man - showing the person talking, but not the slides.
Orange Juice Typical intellectuals? Ordinary issues seldom handled to ordinary standards, by products of elitarian circumstances ...?
"It's called a Trojan Horse because it does damage"... ehhh okeee
The guy in in audience hiding his face from the camera. Hilarious. Great video! Thanks!
He must be wanted.
5:17 corner guy: I have no idea what I'm doing here.
This is Proper Noun you are giving as an example, neither of us is wrong.
Not a lack of, just being cheap. Nobody pays for something they don't need and nobody expects a cyber attack, though they should. I bet the physical security on the place was top notch.
Could you mimic human immune systems, and make a "deactivated" version of stuxnet that could be used to train antivirus software? Or to make it attack other instances of itself?
this is actually quite an interesting thought
Alex Kantor Sure that's how antiviruses work already. But this was an entirely new virus, hence the immune system was not trigerred.
Absolutely. Once a hacker has the source code they can do with it as they please. Similar programs exist...and they run the virus, malware, worm in a so called isolated Sandbox environment.
that doesn't make any sense
So when the code "put the picture in front of the camera" what would the PLC show when an engineer tried increasing or decreasing the frequency of the centrifuges? If an engineer tried increasing it from 800 to 1200, would the PLC show that value while the code was still doing its mission?
In the case of the Iranian technicians at Natanz, for the first payload the values displayed were within the normal parameters.
I guess the best way to avoid these kinds of break ins is with hard safeties. If all the operating data goes through one source(the PLC)it can be manipulated. All critical operating parameters ie: speed/freq, temp, level, ?? Etc, should have separate safety shutdown hardware that does NOT relay through PLC. Wait till this kind of stuff hits autos who now use similar data collecting/controlling methods Connectivity is sometimes very overrated.
I know your point, and my counterpoint is that it doesn't matter. A second word is a second word.
now thats one complex virus
I haven't watched TV in 12 years since this. I've been tryna figure it out.
short version: they exploited the fact that they ran mission critical systems on microsoft operating systems. I assume they use duct tape to assemble the plants in place of bolts.
they would of exploited any other OS, no OS is 100% failsafe.
Okay there you're making a benchmark that is traveling
And judging by what I can see and feel since I am clairvoyant I'm pretty much saying he's either a medics a doctor or nurse
This is pretty cool. I don't understand why computer worms like this are treated as alien technology by the media when the espionage factor is much more exciting anyway.
Problem is, no PLC software is for Linux. The most used PLC's are either from Siemens or Allen-Bradley. Not even virtualizing Windows onto Linux would stop this virus.
13:44 He explained NFTs in the simplest way 7-8 years before they were really a thing and like 9-10 before the boom.
NFT's are 1 of 1. He's talking about digitally signing software so that you know it's unmodified.
No he’s not lol
Two paws up and a circle (for the lucid breakdown)! :)
Why can't all the imperative systems that drive centrifuges/etc just be 100% offline with no external ports and a properly-encrypted network?(retinal scans instead of a default/ridiculous password) If there is no way to introduce these tools to the system then surely they are safe from attack?
musashidanmcgrath the system was 100% offline.. with a USB port. even the most remote, offline system still needs to be updated somehow
@@mfascino that, or the system was offline with an internal closed network
the problem is that as long as there are spies, an offline system is susceptible to attack. Doesn't matter how much you try to secure it if one of your own trusted people is a double agent or being blackmailed or bribed by the CIA or Mossad. Iran arrested some spies after stuxnet happened, those spies were probably executed.
then why is prologue spelled prologue?
not feeling so excited for my next roller coaster ride after this...
I ran around the east coast tryna escape while everyone was stuck to a screen. I was so scared.
Anyone know how they know it was named Stuxnet? Or is that just a name given out randomly? I'm not a computer guy.
The original name given by VirusBlokAda was "Rootkit.Tmphider"; Symantec however called it "W32.Temphid", later changing to "W32.Stuxnet". Its current name is derived from a combination of some keywords in the software (".stub" and "mrxnet.sys")
Thanks Benjam901
Both nouns epilogue and epilog are correct.
Engineering systems and automation technology compromised. Valve controllers for the gas centrifuge cascade are duped.
While this is mostly true, Stuxnet used Windows as a vehicle to gain access to PLCs. If you replaced Windows with Linux it wouldn't have been able to spread and find it's way into the PLCs and deliver it's payload.
Then the virus would have been built to exploit Linux instead
Great Explanation ! You definitely deserve better audiences:)
The virus would make the interface believe that everything is running fine, when it secretly makes the centrifuges run at 2Hz or 1410Hz.. I'm not quite sure or it reacts on the interaction of people it just analyses the scheme and then simulates it.
Steve Jobs, Part time CEO of Apple, Parttime Stanford lecturer.
RIP... you will be missed
All because if you take a regular Android phone that is a prepaid and you get it from the store you dissected you take out the little sticker with the barcode on it and underneath that you have that little stabbed blood
Get ready for Stuxnet 2
Whitfield Diffie at 5:52.
This thing is so advanced that it will probably take decades or more for the world to understand Stuxnet. This is so complex and advanced, I still can't believe this is possible.
I don't understand why NIcholas Cage is explaining this to old people, makes no sense. they obviously has no clue of what he's saying...
you're missing my point. prologue is the opposite of epilogue. it doesnt make sense to call it epilog, if you dont spell prolog.
One Giant Leap for Computer Viruses, One
Teeny Tiny Step for
Mankind.
The audience is actually very impressive, critics in the comments have no idea. He’s got Whitfield Diffie in the front row… awkward moment there feeling the need to explain public key crypto.
Fascinating.
Pretty amazing anyway you look at it....
>> There's actually word processors you CAN'T infect with viruses
...or are there?
Choosing the right audience for this topic: You're doing it wrong
Speaker is excited to teach but audience are like "how boring, keeping up with the Kardashians is better".
14:13, I just won my 'Berries & Cream' on Ebay.
that's kinda awesome...i wish i could program and write code..
They said there was going to be pudding. Where is the pudding?
Foiled?
And this is why most tech aware countries are going old fashion way so such thing doesn't happen
Great video
Is he at a nursing home?
Imagine in BadBIOS is real too (about 10 times more complex then Stuxnet) and we just don't know what it dose at the moment.
@nine virus
is he teaching in a retirment home?
Are these viruses catching?
my fear is that some creepy guy is gonna modify this stuxnet to do something more nasty, not only to the iranian plants, but to everybody. that can become really bad...
12:40 OH MY GOD
Look at the guy at 5:18 and 14:50, conscious of being seen on camera. God I couldn't stand to be in national security. Too much paranoia, not worth it.
Becouse again prologue and prolog are correct.
Data files contain the command and control logic
Folks my bad, I let my dog use my computer and she wrote stuxnet. Italian greyhound mixes are shade AF
the grandpa just said Dooouggh
ye, sure...
This is the pretty typical APT attack we see now.
the real issue here is it would be just as easy to break into our power systems and screw them up... windows is a toy... unless you built your power station with duct tape to match, it's not appropriate mission critical software.
There's actually word processors you CAN'T infect with viruses... wouldn't it make sense to have a secure facility use them? Isn't BG rich enough off his crap by now?
Is it wise to post this, shouldn't we leave Iran in the dark?
For people who are actually interested, or want to be, search youtube for Adventures in analyzing Stuxnet [27C3]
Why is he talking to that audience?
Apparently you don’t recognize the cryptographic players in that audience.
His audience must think he’s speaking a different language 😂
the most important part was the epilog
Start with Code Academy.
and why is egg spelled "egg"?
Time to start using OpenBSD.
good talk, m'kay ...but he reminds me of the school counselor from South Park, m'kay ...
But why does the average age of the audience like 92.
I’m not an expert but I think the old guy with grey hair sitting at the back of the room trying so hard to hide his face might either be an alphabet boi or a schizophrenic.
Although the content is good, his vocal tick of saying ok gets really difficult to listen to after a while. I feel like I'm listening to Mr. Mackey from South Park.
okay?
Look at that old woman in pink, what are the chances she understands a single thing?
Is the audience for real? Or somebody sliced the video with a home for elderly Sunday morning daily program announcement. I just can't believe my own eyes.
2018 and I'm agreeing!