Hey, Thoughty2 here
Kevin Mitnick
is an American computer hacker,
who served five years in prison.
Some of that time was spent in solitary confinement.
Mitnick was not violent.
So why, you ask, was a humble computer geek
forced into solitary confinement?
Because law enforcement told the judge
that Kevin Mitnick could start a nuclear war
by whittling into a payphone.
It was thought that he could use a prison payphone
to hack into the modem at NORAD
and launch nuclear missiles.
Nine hundred years ago,
Genghis Khan and his army formed the largest empire
in history, by shooting arrows from the back of horses
Five hundred years ago, the House of Lancaster
beat the House of York
in the War of the Roses, using swords, armor, and wooden siege weapons.
One hundred and fifty years ago,
the North won the American Civil War
using cannons, rifles, revolvers and sabres.
One hundred years ago,
the Allies won World War I
using rifles, machine guns,
flamethrowers, mortar strikes, tanks,
aircraft, and chemical weapons.
And, of course, seventy years ago,
Germany and Japan were defeated
in World War II
By a variety of opposing nations and, in the end, nuclear weapons.
But something was different this time.
World War II wasn't won primarily through brute force
and superior physical weaponry
like each and every war before it -
it was, in part, won
through intelligence
and computers.
Whilst mathematician Alan Turing
was working at the top secret Bletchley Park,
he broke the Enigma code
and allowed the British to instantaneously decode
all secret German communications.
Turing created a very early mechanical computer
he called the Bombe
which allowed him and his team of codebreakers
to crack the Enigma machine.
Once cracked, the codebreakers knew the location of
every German U Boot attack
before it actually happened
It is often said
that Alan Turing's genius innovation played a pivotal role
in winning the War.
Winston Churchill himself said that Turing made
the single biggest contribution to the Allies' victory.
But this marked the start of future warfare.
The face of global conflict had been altered for good.
Long gone are the days of men on horseback,
with bows, swords and rifles.
For the wars of the future will be fought online.
This means, of course, that the Genghis Khan of the future
could be a fourteen year old boy in his mother's basement
building his empire through computer code.
That doesn't sound quite as epic as thousands of Mongols riding through the mountains, I have to say.
Today, combat based warfare is far too great a political risk
so more and more world governments are turning to cyber warfare instead.
Cyber warfare has one incredible advantage over troops on the ground and drone strikes -
and that is anonymity.
Using internet smoke and mirrors,
such as VPNs,
TOR,
and encryption,
governments, and non state entities
such as Anonymous
can launch huge online attacks on enemy nations
without ever revealing their identity
- and if the enemy doesn't know who exactly is attacking them,
then they can't exactly retaliate, can they?
So, the pros of cyber warfare vastly outweigh the cons
But can hacking really cause as much damage
as guns, drone strikes, and even nuclear weapons?
Yes.
Yes it can.
And the results could be far more devastating.
Full scale cyber warfare
isn't a dystopian vision of the future;
it's happening right now.
And one could even say that we have already been playing at cyber war for the past ten years
In 2010,
a computer virus almost started World War III.
Stuxnet is a computer worm
meaning it can self-replicate and transmit itself to other host devices
in perpetuity.
But this isn't any ordinary malware
designed to steal your online banking details
created by some teenage kid in a basement... or a crazy Russian hacker.
Stuxnet is far more complex,
far more impressive,
and so unimaginably more dangerous
than any piece of malware before it.
Stuxnet is the world's first digital weapon
designed for international warfare.
Experts have called it the greatest malware ever created.
Within just a few days, security companies, analysts and researchers
all over the world were becoming concerned
about a new threat that was infecting
millions of computers worldwide
It was first identified in Belarus
but in a matter of days it had infected computers in almost every country in the world.
But one country in particular -
Iran.
The vast majority of computers infected by Stuxnet
happened to be in Iran.
This can't be an accident;
this was by design.
This meant it had a target.
A normal computer worm has one method of transmitting itself to another machine
- two at most
- maybe through email, or file sharing.
But Stuxnet had seven.
This is unprecedented.
Stuxnet could spread via USB without any user interaction
- the second the USB would be plugged into the computer, it is infected.
It could be spread over email, file sharing, or it could simply spread itself
wirelessly, over the local user network, without any interaction
whatsoever.
A typical malware created by a criminal gang
which is designed to steal sensitive data, or
keep your personal files ransom in exchange for Bitcoin
usually contains something called a Zero Day.
A Zero Day is simply an exploit,
a weakness in an operating system or piece of software
that allows a virus to insert itself into a machine
and control it,
completely undetected.
It's called a Zero Day because the author of the software
doesn't yet know of the security hole
within their own software
But the hacker does - so when the hacker uses the exploit
the software developer has spent zero days
attempting to fix the security flaw
A Zero Day is a hacker's dream weapon.
A security hole that they know about, but nobody else does
- not even the software's creator.
Now, Zero Day exploits for major operating systems
such as Windows are so rare
that they only appear around ten times each year.
So, if you have a Zero Day,
you can sell it on the black market for hundreds of thousands of pounds.
It is usually worth it for the criminal hacking groups to purchase one Zero Day exploit
from the Dark Web, because before that Zero Day gets found out about and fixed,
the gang can use it to infect millions of machines and make a nice profit on their investment
through techniques such as ransomware and phishing.
But due to the rarity and great expense, it is completely unheard of
for a single virus to contain more than one Zero Day
Stuxnet contained
four different Zero Days.
Probably over a million pounds' worth.
But why four?
Simple.
Redundancy.
If one Zero Day fails, or gets patched,
there are three more to fall back on
so not one single software update
can stop this virus from spreading.
The amount of money and time invested into Stuxnet
means it could only have been created
by a nation state - and a powerful one at that
- probably several nation states, in fact.
After examining the incredibly complex Stuxnet code for over a month,
security researchers across the world soon realised that Stuxnet
had a very specific target.
It was spreading to millions of devices worldwide, and doing
absolutely nothing.
Like a patient assassin, Stuxnet was waiting
until it had spread to, and infected
one specific location
before it would deliver its deadly payload.
We now know that that target location
was Natanz Uranium Enrichment Plant in Iran.
The plant contained roughly six thousand centrifuges
that were enriching uranium
so that it could be used to develop nuclear weapons.
The goal of Stuxnet was to infest the Siemens PLC Unit
at Natanz
These are little black boxes with on-board computer chips
that control the spin speed of the centrifuges
and monitor them to ensure that they are all spinning at the intended
safe RPM at all times
- about 6,300 rotations per minute.
Whoever developed the logic behind Stuxnet
had to know exactly how these PLC Units and centrifuges work
This is literally as hard as rocket science,
not something your usual hacker would know anything about.
When Stuxnet had cleverly determined that it was on the correct hardware,
it did...
nothing.
It would just lay dormant on the PLC
for thirteen days
- staying completely silent, just waiting.
But -
it was doing one crucial thing
during these thirteen days
- it was recording all the data from the centrifuges
saving every log that every single centrifuge outputted
for thirteen days straight
Then, after patiently waiting for two weeks,
Stuxnet sprung into action
It increased the spin speed of all the centrifuges by several times
- way beyond their safe operating range
It did this for just fifteen minutes
and then it slowed down the centrifuges to just 2 RPM for another fifteen minutes
This massive variance in the spin speed of what is
a finely tuned machine
caused the centrifuge to develop cracks,
warp, bend, and eventually break apart, or even blow up.
But the most genius part of all this is that while Stuxnet was increasing and decreasing the RPM of the centrifuges
way beyond their safety limits,
it pulled off a trick from an old spy film
You know when the spy is sneaking into the enemy's secret lair
and they replace the feed to the CCTV camera
with prerecorded footage, so that it looks like nothing is actually happening?
Well, Stuxnet did exactly that
Remember how Stuxnet did nothing for thirteen days upon arrival
...except record data?
Well, whilst it was doing damage to the centrifuges,
it played back that recorded data to the PLC
so that all the maintenance engineers in the control room who were monitoring the status of the centrifuges
would think that everything was working as normal
- the machines would be reporting a completely normal spin speed
Nothing to see here!
This, then, isn't just a virus; this is a piece of expertly choreographed espionage.
Stuxnet even contained code that would disable the big red off switch
that the engineers would usually press, if, say,
a foreign nation had inserted a rogue virus into your PLC units to blow up all your centrifuges...!
...yeah.
While Stuxnet was doing its thing,
it completely disabled the emergency off switch
Stuxnet would repeat this same thirty minute routine
just once every 27 days
- as not to arouse too much suspicion from the engineers
Over the following months, Stuxnet successfully destroyed
well over 1,000 uranium enriching centrifuges at the Iranian Natanz plant
- significantly slowing down Iran's nuclear weapons program.
To this day, nobody has claimed responsibility for the attack
but it's pretty darn obvious that Stuxnet was created
by the US Government.
Anonymous NSA sources have confirmed this,
adding that Stuxnet, which was actually codenamed "Olympic Games" by the NSA,
was a multi million dollar joint effort
between the NSA,
GCHQ in the UK,
and Israel's elite government hacking agency, UNIT 8200.
But Iran didn't take Stuxnet lightly.
They retaliated hard.
Iran immediately recruited thousands of hackers from around the country to their new cyber warfare unit
- and then
they struck back.
Iran wiped out every piece of software
from every computer at the world's largest oil company,
Saudi Aramco.
They then hit America's banks,
taking down the online banking capabilities
of America's largest banks:
Bank of America, PNC, and Wells Fargo.
Although Iran didn't claim direct responsibility,
this was obviously a slap in the face to America, to say
"You can't attack us in cyberspace and get away with it."
And so what happened back in 2010
was the world's first cyber war
between two countries.
But the scariest part of all this is that
by targeting critical infrastructure,
enemy nations can affect physical devices
destructing our lives and even causing mass harm to people
through no more than lines of computer code
Hackers could literally
derail trains,
make planes fall from the sky, and
blow up gas pipelines and dams
If that's not science fiction, then
I don't know what is.
We are living in a new age of war
but according to NSA insiders
Stuxnet was just the beginning
- a small time operation
You see, the NSA
have been working on a huge, multinational
multi agency, and multi billion dollar top secret operation
codenamed Nitro Zeus.
Nitro Zeus was a backup plan -
in case Iran refused to agree to the Iran nuclear deal
that prohibited them from producing nuclear weapons
The Obama administration wanted a second option
- a way to stop their nuclear capabilities for good
if the peaceful negotiations went sour.
That backup plan was Nitro Zeus
and, quite frankly, it's the most terrifying cyber weapon ever created.
We know very little about Nitro Zeus,
but, from what we can gather from anonymous NSA employee testimonies,
it is basically Stuxnet on steroids -
many times more complex and intelligent
Nitro Zeus had the capability to infect almost every computer inside Iran -
both civilian and military -
and control them at the attacker's will.
It could attack Iran's command and control systems so, in the event of a war,
Iran's military could not communicate with one another
It could hack into, and disable, Iran's air defence system
so that US and Israeli planes could attack Iran
with complete inpunity
- Iran would be unable to shoot them down.
But that's not all -
Nitro Zeus could also shut down Iran's entire power grid
leaving the whole country with no electricity.
It could even destroy all domestic communications and transportation systems
and take down Iran's financial systems and banks
- all in a few minutes -
at the click of a mouse by some NSA employee, 7,000 miles away.
In the event of a war with Iran, Nitro Zeus ensured
that they would be completely defenceless
right from the start.
According to some sources,
Nitro Zeus is still inside Iran today
and can be activateed
at any moment... laying dormant... waiting. Just in case.
You may not think that cyber warfare could affect you personally
- but the scary reality is that cyber weapons, whether created by a criminal gang, terrorist group,
or even a nation state, could easily be far more damaging to you
than traditional warfare.
Critical infrastructure is everywhere,
we don't see it, but it powers our daily lives
from the filtered water we drink to the electricity that powers our homes and devices
But that's just the tip of the iceberg
Communications,
manufacturing,
water filtration,
waste,
gas,
energy,
emergency services,
agriculture,
logistics,
finance,
healthcare,
transportation
and defence
all rely on critical infrastructure to function and do their jobs for society.
And that means that every single one of these systems can be hacked
And, to be honest, the vast majority of this infrastructure has pathetic levels of cyber security
because they were likely designed and built before the internet existed
Using anonymous computer code,
this spiderweb of hardware and software that runs every country
can be disabled,
corrupted,
overridden,
and destroyed,
The results could be utterly devastating
When you destroy water filtration systems
when you shut down a national power grid,
they don't just turn themselves back on
It would take weeks, even months, and billions of pounds
to return everything back to normal
In that time, millions of people
would likely die due to hunger, the cold, and the lack of clean water.
Modern wars have been mostly fought in the Middle East,
and so most of the effects of these wars have not actually been felt by citizens of western countries.
Cyber warfare changes that completely
- and, in fact, it reverses it
Which countries do you think have the most critical infrastructure?
Wealthy, developed countries
Places like the US, UK, Canada, Japan, Western Europe
have the greatest amount of critical infrastructure per person
than anywhere else in the world
and that means that they are far more susceptible to hacking
and cyber weapons.
Ironically, one of the most well defended countries against cyber weapons
is North Korea
because the entire country is not connected to the public internet
It is surrounded by what hackers call an Air Gap
- i.e. it isn't connected by physical wires.
Air gaps are the hardest obstacle that a hacker can face when spreading a virus
Every year, the US Government publishes a document called the Worldwide Threat Assessment,
which analyses and predicts
what the greatest threat is to our nations.
In the 2007 report,
there was no mention whatsoever of cyber warfare.
In 2011,
cyber warfare did make an appearance
but it was right at the bottom -
suggesting it was an incredibly insignificant threat
It was even below West African drug trafficking.
But -
from 2013 onwards,
the report listed cyber warfare
as the top threat facing our world today.
But it's not all doom and gloom.
We can all take some solace in this fact, which reminds us
that behind all these cyber weapons and anonymous hackers,
are, at the end of the day, just... humans.
In 2012, the FBI caught the world's most wanted hacker
because he was hacked himself
due to the fact that he used his cat's name as his password,
followed by "123".
The password was "Chewy123".
Thanks for watching.
If you enjoyed this video, then please click here to support me on Patreon
which really helps out the channel, and you can get some pretty cool rewards.
Click here to watch another video,
and if you haven't already, don't forget to subscribe!
