Cyber Terror: Who Sabotaged This Saudi Chemical Plant?🎙Darknet Diaries Ep. 68: Triton

Excellent episode.
One thing that didn’t quite get hit on but is important: they talked about the decision to start the plant up without a safety system versus leaving it down. Depending upon the specific system, leaving it down can carry its own risks. Some facilities are multistage and pressure can build up in cases of down or partial down states, particularly if it’s a partial down state that has not been planned for. The risk is not entirely one-sided, and I can definitely give the managers the benefit of the doubt regarding the safety of being partially down versus being up.
(My husband worked as a safety officer at a chemical research facility.)

You’re a great storyteller, and the production really helps to immerse you into it. Really enjoy the pod!

When you work in plants like this, they teach you to fight your instinct to help someone if you see them go down for no reason, most of the deadly gasses are odorless, colorless, and instant death and the last thing the rescue team needs is to retrieve 2 dead bodies from a dangerous area.

This channel is awesome!! I stumbled on it and immediately hooked!! I am a cyber security professional and love the stories

For those wondering, the company is Sabic.

The only hack I've ever been a victim of (to my knowledge, at least) was my OG Roblox account got stolen from me in 2010. That shit turned my little heart cold.

I feel so stupid when I listen to/watch your channel but I pretty much have had you on for 8 hours while working and loving it man, new subscriber for sure, good job dude.

Episode 68: "Where Jack discusses SCADA without ever actually saying SCADA."

Who would target Saudi industrial systems? Let me count the ways...

I've worked with similar systems, I'm still trying to figure out if they just messed up because by shutting the safety system down made it obvious it was compromised. And, the safety system still interacts with the overall plc/dcs. These are fail-safe as demonstrated by when the safety controller was shut down, the whole system went offline. So why not just force valves open/closed instead of shutting it down if they wanted to damage physical infrastructure/cause causalities? They did say that they changed the inputs/outputs in the program.

I am addicted to this podcast

This one obviously falls into the category of cyber-warfare , especially given that human lives where at stake for the only purpose of sabotaging a competitive faction.

Always looking forward to new episodes! Thanks for all the work you put into this content, Jack. I just went through all your bonus episodes. Really loved the one with your dad. I'm always doing similar things with my son lol

The emotion you hear in his voice at the end is the sound of hurt that no one else other than those who have a lost a mother will know.

I really love these videos but I wish there was something to look at as you describe these scenes. It would really add so much

Omg! Finally!! I love your channel…thank you for posting!!!❤

When Jack posts -'' surely we live in the best of all possible worlds.''

Awesome episode man, I’m a new follower and have been diving in. Love your story telling style and homework sharing approach.

Written at 45:50 in the video. If you want to find out who did an attack like this, you should use the old saying "Cui bono" "who benefits" in English. How different nations, companies or organizations could benefit from such an attack is not that hard to grasp. If you're in the same business as them, you will benefit from much higher prices while they rebuild the plant. If the plant you destroy is one of the biggest in the world, the prices will rise and you will make a large sum of money.
Benefitting from such an attack could also be calculated as an attack in a war. Currently Shi'ite Islam, represented by Iran and Sunni Islam, represented by Saudi Arabia have been at war with each other for almost 1400 years. This war is not a Cold War and has never been. In general they hate each other more than they hate their mutual enemies.

We need to start going back to simple hardware which is not remotely programmable for safety controllers. Someone should have to be right there to program them and have to physically plug into it. Make the systems as simple as possible and run the software as close to bare metal as possible. And make them so they are read-only back to any required monitoring hardware.

I just love this type of solo event explanations

Keep them coming, idk if u clip parts out but more details better

I wonder which nation state actor might have.done this...mystery.
Great show Jack

Speaking of data breaches. Today I was in forever 21 with my girl and they were unable to use forever 21 store cards that had money on them... the cashier said they'd been hacked
This was today March 28th 2023. Me being me I looked everywhere online. Nothing. I called forever 21 costumer support the guy asked me how I knew I told em
And he proceeded to tell me they weren't hacked lots of suspicious activity tho. And the dude on the phone wasn't re assuring with his answers to me nore his tone
Just something to keep an eye out for. The cashier also told me it wasn't only forever 21 that was hacked but every company they own as well.

Good Ep Jack, thanks. Keep them coming.

I don't understand how someone accused of developing & deploying such a high-level attack fails to cover the basics i.e. masking their ip address?
It's probably even more likely that it's like that on purpose

Can you please reduce the background 'music'? It is very distracting, does not add much, and for people with hearing issues an annoyance.

You're telling me OT means operation technology? So O.T. Genesis the rapper who wrote "IM IN LOVE WITH THE COCO!" is really Operation Technology Genesis?

When are the new episodes on Spotify are going to be released? Great ep btw

I did some IT work for a chemical plant. They made stuff for NASA. Anyway they made me go through a safety class to even work in there. My main contact said if I hear emergency announcements and see him running I should run the opposite direction.

I love this storys and mindgames.
Keep on the good work mate!

Keep them coming Jack. 🤙

Hi Jack just wanna say this is best cyber channel i ever heard! keep up with this best content brother💯🔥

It is believed several years ago hackers broke into the web interface of the Fumel hydroelectric dam and caused flooding of a small village on more than one occasion.

Wouldn't they have a complete backup of the system configuration and a SOP of how to do a complete factory restore of everything. Factory restore everything offline, reload the configuration files and presto.
I know its a bit more complicated but does it has to be?

It’s always a good morning when I wake up to another DND episode!

Checklist for GTFO:
1. You're called as part of an ERT for IT/OT to a Petro-Chem, Munitions, Bio or Nuclear facility
2. Said facility has major relevance for the country it is in, I mean MAJOR
3. Said country is part of the usual love-circle of Russia/USA/China/Any of their proxies
4. You encounter EXTREMELY specific code you've NEVER heard or read about
In 9 out of 10 cases, you'll 'vanish' afterwards, no matter the outcome of your work. Both parties involved in such things have a clear interest in you never be able to do it again/tell anything about it.

Younger part of my career was petro/chem. You don't step foot on site without a gas monitor on your collar, no matter where in the world you go. Facility wide monitoring is a super helpful and super necessary thing, but not end of the world. Hyped drama saying "Is this air safe to breathe?!" Come TFO. These computer techs had monitors on their collar as well, I'd bet $100

Damn! This is a great episode.

Got something to watch at work today

The sound effects being played in the video at 16:08 are so distractingly loud, I also watch this on my tv at night😭

Ah, Triconex, my old company. Only worked there for about three years back around 2010.

My cousin was killed in 2017 from hydrogen sulfide gas.
This stuff is pure evil.
My cousin was in a pit in a confined space working in a power plant.
The pipe was supposed to be non-pressurized & contain only water.
It contained pressurized hydrogen sulfide INSTEAD. When my cousin cracked the last bolt on the 12 inch wide elbow joint, hydrogen sulfide solids & gas burst out of that pipe.
Hydrogen sulfide after 1 breath kills your sense of smell & after another breath you pass out & are incapacitated.
My cousin passed out & the solids started to eat his skin as the pit filled up with hydrogen sulfide sludge & gas.
His foreman that was above him took one breath & fell head first into the pit.
The foreman's brother seen him fall into the pit & tried to run over to help but passed out on a catwalk.
Another man in the gang seen that all happen & tried to help & he passed out.
Another man seen that all & tried to help & he became incapacitated himself.
All 5 men laid there breathing HORRIBLY toxic fumes until hazmat arrived, assessed the situation & then acted upon it.
My cousin died.
His foreman died.
The foreman's brother received HORRIBLE lung & eye damage & the last I knew he'll NEVER work again & will NEVER breathe or see normally again.
The other 3 had serious lung burns but nothing on the level of the others.
The plant denied all liability & it's STILL being fought over in court.
If a plant that contains hydrogen sulfide were to explode, what I've described would happen en masse to EVERYBODY who breathed the death of hydrogen sulfide.
RIP Kevin.
I can't believe this happened to him. He had a 1 year old & 3 year old kid.

>saudi government spends millions of dollars trying to figure out who did this
>meanwhile, I read the video title and immediately knew
seriously, who else would it be.

Killer episode per usual bro

Thank you for another great episode

yes controllers are important but there's always mitigations in place. And you can't electrically stop gravity or natural physics from occurring.

This ep is over two years old

Thanks for NOT mentioning the plant/company name. Seems super relevant in the first 5 minutes. So of us are driving and don't use or trust voice assistants. So yeah, quite stupid, a first for you jack.

We've been trying to reach you about your vehicle's extended warranty.
JK! Awesome pod! Love the channel!

Why aren’t the episodes on Apple Podcasts app the same as youtube? Love the podcast!

When you walk around plants like this you should always have a personal h2s monitor also.

The USCSB has some great analyses on big tragic incidents and accidents in industrial processes.
Love this kind of stuff. It’s like true crime but even more unsettling

Operators don't operate the triconex, that's a separate discipline that handles the functions of the control systems

18:22 H2S, shitter gas on the ship, or something like that, we all knew as gunnersmates it just too an engineer fucking up to kill us all lmao

That attack happened in the first half of 2017. Towards the end of year (Nov) Saudi Arabia opened dialogue with Israel.

i love that i can just listen to this

How come he doesn't mention the name of the company.?

Just a guess work-- Could it be Iran + Russia.
Easy to keep pressure on Europe and also prep-up oil prices? KSA can afford low oil prices but not other countries?

1:09:58 "I would be never comfortable to conduct one operation that may impact human... life of civilians". creepy

I get the feeling that if it was not done for financial gain or better control of the petroleum market, it might be done because it was possible.
Imagine a suitably qualified professional worked at the plant. He left after a while and went to a post in an academic place where he talked freely to his fellows about the plant.
Some people can leave a chemical plant able to draw it out as a Process.
Computing students need to learn about Process and Systems. Bit by bit the plant is described. Location possiblity.
But how the computer controls the plant is not given out. Yet a bright couple of students infer it in the canteen.
From there and very gradually information is allowed to be learned, from students if they see others who are bright enough. Eventually there amasses more knowledge than anyone who ever worked there has. And it is all 'below the surface'.
Let's try. Let's see if this is right.

Anyone have suggestions on how I can work in OT incidence response? How do I get the skills? I have done CEH and I know basics of network, cloud and web app security but how do I learn this skill?

The US Government did it..

Do you have a Spotify account for podcasts?
Does he have , top TH-camrs don't actually reply to us 😮

Out of curiosity, How come these latest ones aren’t on Spotify?

“our nations leaders don’t understand don’t understand technology” Is the most elegant way I have ever heard someone say “Ok Boomer”.
But in all seriousness, this is why we need term limits for politicians. After enough time in office, you start representing your age group instead of the people overall.

Love These Storys. they make me paranoid , about everything around me, haha.
Even gets worse, knowing what a Flipper can do, If someone know how to use it proper. Not looking the Other Tools, that are really good at one area.
That price i Pay For the enjoyment.

Can you lower the volume of the background music just a little bit? Please

very awesome content

I had my tax info stolen at some point and a false return filed in my name after my legitimate one was processed.

How he change Voltage electricity, I understand but I don't sleap 12 years, with me, I haven't kidneys, You haven't Space.
By the way Swift Key,?

of cource its the suidas . they left thier refinery connected to the net.

It was government intrusion into the working of the company and why engineering left the computers open for investigation over the weekend.

42:02 what about stuxnet? That was not save for the workers.
And i guess there are other hacks that did cost life’s, just not on such a high level

I hope they educated their on site engineers to do basic Observability and investigations.

Does anyone else think Julian sounds like Elon Musk

Jack, you’ve skipped like 30 episodes haha… good work nonetheless

Why wouldn't you say the name of the company? Strange.

what a dark episode

We can hope they will be detoured from this behavior, however I feel that the malice within the heart of the original coder is not something easily dismissed.
Time will tell... L8R G8R.

Those this project that minus cybercriminals we might soon be having cyberterrorist?

Who? Risk management maybe? Pressure makes diamonds!

This guy sounds exactly like Elon Musk 😂

Did anyone figure out the name of the company?

"It's just a prank"
The prank:

36:55 If you know what Saudi Arabia is doing in Yemen you wouldn't say this...

Is Xenotime an actual group

Can someone tell me what is the name of the company?

I am sitting here listening to this on a site similar to the Saudi plant. Lol

Black Hat vs White Hat
who's side are you on?

The background noises throw me off sometimes, I may be a small minority who dislikes it but why do we need a beat going in the background of a guest speaking? seems like it would be better audio without this background noise.

How naive can you be? You ask who would create such a thing, who would kill civilians etc. Do you think the people who created the atomic bomb were monsters or didnt understand what they were doing? If the goal is important enough to you you will do whatever it takes.
And maybe we should insist on always having independant non-digital safety systems - that would also help against non intentional failures like bugs or bad data.

Jack Rhysider is probably the type of guy to think Windows Vista was actually good... Lmao 😂😂😂

Says episode 68 on bottom left screen

What scare me as a cardiac patient is when will pacemakers get hacked

It 100% was the NSA and they know it..

Or it wasn’t a human that wrote that “Xeno” code . . . . . . . . .

Typo in title 68 not 98.
How does the youtube relate to Spotify? I see then here a free spoftiy.

I am a retired blackhat programmer that hasn't ever shared his story public.

Whoooohoooo!!!