1 00:00:00,280 --> 00:00:02,960 Speaker 1: Brought to you by the reinvented two thousand twelve Camray. 2 00:00:03,160 --> 00:00:08,920 Speaker 1: It's ready. Are you get in touch with technology with 3 00:00:09,039 --> 00:00:17,840 Speaker 1: tech Stuff from how stuff works dot com. Hello again, everyone, 4 00:00:17,880 --> 00:00:20,200 Speaker 1: and welcome to tech stuff. My name is Chris Polett, 5 00:00:20,239 --> 00:00:22,400 Speaker 1: and I am an editor at how stuff works dot com. 6 00:00:22,400 --> 00:00:25,759 Speaker 1: Sitting across from me as always a senior writer, Jonathan Strickland. George, 7 00:00:26,079 --> 00:00:29,480 Speaker 1: you've heard about this virus? Shall I cough on you? George? 8 00:00:32,440 --> 00:00:35,720 Speaker 1: That was a good one. Yeah, that's from a classic film, definitely. 9 00:00:36,120 --> 00:00:38,040 Speaker 1: I actually know where that comes Oh yeah, wow, I 10 00:00:38,040 --> 00:00:40,120 Speaker 1: can't believe you've seen that one. I haven't. I just 11 00:00:40,159 --> 00:00:42,440 Speaker 1: know where it comes from. All right, Well, we're going 12 00:00:42,479 --> 00:00:51,320 Speaker 1: to launch directly into a little listener mail. This listener 13 00:00:51,320 --> 00:00:53,840 Speaker 1: mail comes from Patrick, who says, Dear text Stuff, I 14 00:00:53,920 --> 00:00:56,400 Speaker 1: really think an appropriate topic for discussion would be the 15 00:00:56,440 --> 00:00:59,120 Speaker 1: infamous stucks net that has been all over the news 16 00:00:59,200 --> 00:01:01,000 Speaker 1: these past few months. Thank you, and I hope to 17 00:01:01,000 --> 00:01:04,440 Speaker 1: hear from more from you guys. Well, Patrick, we thought 18 00:01:04,480 --> 00:01:07,240 Speaker 1: we'd tackle stucks net to We've talked about a couple 19 00:01:07,240 --> 00:01:09,640 Speaker 1: of times in other podcasts, just kind of mentioning it 20 00:01:09,680 --> 00:01:12,840 Speaker 1: off hand, and of course we've done podcasts about viruses 21 00:01:12,880 --> 00:01:16,360 Speaker 1: and worms before. But the stucks net is it's is 22 00:01:16,400 --> 00:01:21,560 Speaker 1: a particularly interesting form of malware. Yes, yes, it is 23 00:01:21,600 --> 00:01:25,360 Speaker 1: in fact a worm um and UH one of the 24 00:01:25,400 --> 00:01:29,440 Speaker 1: reasons it's so interesting is because it is extremely complex. 25 00:01:30,440 --> 00:01:34,840 Speaker 1: It seems to be targeted at a specific purpose, and 26 00:01:34,880 --> 00:01:37,480 Speaker 1: if if not a specific purpose, as a specific location. 27 00:01:38,440 --> 00:01:43,080 Speaker 1: And uh, no one officially knows where it came from. 28 00:01:43,560 --> 00:01:46,720 Speaker 1: Somebody knows, but it's It does also seem to be 29 00:01:46,920 --> 00:01:51,640 Speaker 1: a state sponsored um virus, or at least some department 30 00:01:51,720 --> 00:01:55,440 Speaker 1: in some country appears to be responsible for it, based 31 00:01:55,520 --> 00:01:59,800 Speaker 1: upon the various investigations that have gone on since the 32 00:02:00,040 --> 00:02:03,120 Speaker 1: discovery of stocks net. Yeah. Now, it's important to note 33 00:02:03,560 --> 00:02:05,600 Speaker 1: that we have to be careful when we talk about 34 00:02:05,640 --> 00:02:08,600 Speaker 1: that because we don't know for sure. And as we 35 00:02:08,639 --> 00:02:12,560 Speaker 1: have mentioned many times before, probably most notably in our 36 00:02:13,560 --> 00:02:17,880 Speaker 1: hacking of Google and China discussions that we've had before, UM, 37 00:02:17,919 --> 00:02:20,200 Speaker 1: it is possible to make an attack look like it 38 00:02:20,280 --> 00:02:23,280 Speaker 1: came from someone it didn't, and that'll that will come 39 00:02:23,360 --> 00:02:26,080 Speaker 1: up later in our discussion too. But UM, you know 40 00:02:26,160 --> 00:02:28,840 Speaker 1: it it appears that way, but there's really no way 41 00:02:29,320 --> 00:02:32,040 Speaker 1: for UH to tell for sure. And and and we've 42 00:02:32,040 --> 00:02:37,160 Speaker 1: had some very dedicated computer security experts looking into this. 43 00:02:37,840 --> 00:02:42,720 Speaker 1: So some seriously talented people have been evaluating this the 44 00:02:42,800 --> 00:02:46,359 Speaker 1: stucks net worm and have been unable to determine that 45 00:02:46,680 --> 00:02:49,680 Speaker 1: for sure. So do you want to uh, should we start? 46 00:02:49,720 --> 00:02:52,000 Speaker 1: I guess we This really all started back in two 47 00:02:52,000 --> 00:02:54,919 Speaker 1: thousand nine as far as we know, Yes, yes, So 48 00:02:55,600 --> 00:02:58,760 Speaker 1: let's let's give a brief overview of what stucks net 49 00:02:59,040 --> 00:03:02,440 Speaker 1: is and what it's meant to do. So stocks net 50 00:03:02,560 --> 00:03:06,359 Speaker 1: is a worm, is a Windows based worm, so it's 51 00:03:06,440 --> 00:03:10,080 Speaker 1: this isn't This is not a you know, that doesn't 52 00:03:10,120 --> 00:03:13,480 Speaker 1: target Lenox, it doesn't target mac os, targets machines running 53 00:03:13,560 --> 00:03:17,760 Speaker 1: various forms of the Windows operating system. And as far 54 00:03:17,919 --> 00:03:19,880 Speaker 1: as we are able to determine it by the time 55 00:03:19,880 --> 00:03:25,840 Speaker 1: of this recording, it originally spread through USB sticks or 56 00:03:25,960 --> 00:03:30,520 Speaker 1: USB drives. Yes, it is not. It is not propagated 57 00:03:30,720 --> 00:03:33,680 Speaker 1: primarily over the Internet, right, And the reason for that 58 00:03:33,880 --> 00:03:38,720 Speaker 1: is because the intended target of stocks net that tends 59 00:03:38,760 --> 00:03:42,480 Speaker 1: to be disconnected from the Internet, so you can't target 60 00:03:42,520 --> 00:03:45,960 Speaker 1: it from the Internet. That that specific target is well. 61 00:03:46,440 --> 00:03:52,120 Speaker 1: Stocks net is able to attack factory systems. Yes, it 62 00:03:52,200 --> 00:03:56,960 Speaker 1: actually targets a series of vulnerabilities in the Windows operating system, 63 00:03:57,000 --> 00:04:00,680 Speaker 1: which I understand have been patched at this time at 64 00:04:00,680 --> 00:04:04,200 Speaker 1: the time the ducks net virus was written, or the 65 00:04:04,200 --> 00:04:07,880 Speaker 1: original one was written. Um, it was aimed at several 66 00:04:07,920 --> 00:04:12,960 Speaker 1: vulnerabilities and use those vulnerabilities to get at industrial control 67 00:04:13,000 --> 00:04:18,920 Speaker 1: systems for gas pipelines and power plants right and aimed 68 00:04:18,960 --> 00:04:22,200 Speaker 1: as very specific hardware connected to Windows networks. And in 69 00:04:22,240 --> 00:04:25,400 Speaker 1: fact the ultimate target for this turned out to be 70 00:04:25,480 --> 00:04:32,320 Speaker 1: some centrifuges in Iranian uh nuclear facilities. So these were 71 00:04:32,320 --> 00:04:36,920 Speaker 1: centrifugures that were designed to to process uranium, and the 72 00:04:36,960 --> 00:04:42,039 Speaker 1: idea here apparently was to infect systems so that an 73 00:04:42,040 --> 00:04:47,440 Speaker 1: outside controller could gain access to the systems and overload 74 00:04:47,480 --> 00:04:51,680 Speaker 1: them in such a way as to cause possibly irreparable 75 00:04:51,760 --> 00:04:54,599 Speaker 1: damage to the facilities. Now, as it turns out, that 76 00:04:54,640 --> 00:04:56,840 Speaker 1: does not seem to have happened. It doesn't look like 77 00:04:56,880 --> 00:05:00,839 Speaker 1: the damage was was as deva stating as it could 78 00:05:00,880 --> 00:05:04,440 Speaker 1: have been, and there's some interesting explanations for why that is. 79 00:05:04,839 --> 00:05:09,320 Speaker 1: One of which is that some security experts have said 80 00:05:09,640 --> 00:05:13,279 Speaker 1: stucks net is kind of like a double layer worm, 81 00:05:14,360 --> 00:05:17,600 Speaker 1: the core of which is incredibly complex. One of the 82 00:05:17,640 --> 00:05:21,719 Speaker 1: most sophisticated worms possible, but the outer layer of which 83 00:05:22,160 --> 00:05:26,960 Speaker 1: is less complex and that because of the the reduced complexity, 84 00:05:27,000 --> 00:05:29,359 Speaker 1: this is the layer that is that's specifically designed to 85 00:05:29,360 --> 00:05:34,679 Speaker 1: help hide stucks net from prying eyes and discovery. Because 86 00:05:34,800 --> 00:05:38,960 Speaker 1: it was less sophisticated, it was not as difficult to discover, 87 00:05:39,240 --> 00:05:44,000 Speaker 1: although it took an entire year before anyone saw it. Um, 88 00:05:44,000 --> 00:05:46,760 Speaker 1: it's not it's not so hard to discover that is 89 00:05:46,839 --> 00:05:51,000 Speaker 1: impossible to weed it out. So if the outer layer 90 00:05:51,040 --> 00:05:53,040 Speaker 1: had been as sophisticated as the inner layer, it may 91 00:05:53,080 --> 00:05:55,680 Speaker 1: even be that we still would not know what stucks 92 00:05:55,680 --> 00:06:00,560 Speaker 1: net is so infecting, you know. The idea here is 93 00:06:00,560 --> 00:06:03,120 Speaker 1: that you you send in some sort of infected USB 94 00:06:04,120 --> 00:06:08,960 Speaker 1: uh media, whether that's a USB stick or a an 95 00:06:08,960 --> 00:06:13,039 Speaker 1: external drive or some other device that could contain the 96 00:06:13,160 --> 00:06:16,320 Speaker 1: stuck net code in it, connected to a computer that's 97 00:06:16,360 --> 00:06:20,479 Speaker 1: within this network that's not connected to the Internet necessarily, 98 00:06:20,839 --> 00:06:22,600 Speaker 1: or maybe there's like a couple of machines on the 99 00:06:22,640 --> 00:06:24,760 Speaker 1: periphery that are connected to the Internet, but the main 100 00:06:25,080 --> 00:06:28,960 Speaker 1: machines aren't. You infect the machine within that network, then 101 00:06:29,080 --> 00:06:32,880 Speaker 1: the worm spreads within inside that network until it hits 102 00:06:32,920 --> 00:06:37,040 Speaker 1: those critical systems that that are connected to the the 103 00:06:37,080 --> 00:06:41,440 Speaker 1: factory environment right now. UM I I read an interview 104 00:06:41,680 --> 00:06:46,000 Speaker 1: with security expert Ralph Langner who spoke with Eleanor Mills 105 00:06:46,120 --> 00:06:50,679 Speaker 1: of c net UM and Langner said a good way 106 00:06:50,720 --> 00:06:54,640 Speaker 1: to get this virus in place would be to infect 107 00:06:55,040 --> 00:06:58,720 Speaker 1: a one of the contractors who worked with these power 108 00:06:58,800 --> 00:07:02,960 Speaker 1: systems um SO a contractor in this case a trusted 109 00:07:03,240 --> 00:07:06,760 Speaker 1: business partner. Hey can you come in and fix this machine? 110 00:07:07,200 --> 00:07:12,080 Speaker 1: So if you can infect UH somebody else and have 111 00:07:12,440 --> 00:07:14,960 Speaker 1: you know their machines or at a USB drive and 112 00:07:15,040 --> 00:07:17,840 Speaker 1: have them take the virus in on foot with a 113 00:07:17,920 --> 00:07:22,120 Speaker 1: USB stick and put it on a computer inside the 114 00:07:22,160 --> 00:07:26,480 Speaker 1: power plant. UM then this person who already had clearance 115 00:07:27,240 --> 00:07:29,000 Speaker 1: is you know, you don't have to worry about getting 116 00:07:29,000 --> 00:07:32,600 Speaker 1: it into the impregnable. You don't have to do hard 117 00:07:32,880 --> 00:07:36,640 Speaker 1: impossible type thing to get in there and plant this stuff. 118 00:07:36,840 --> 00:07:39,320 Speaker 1: You can use a lower point of security for that. 119 00:07:40,000 --> 00:07:42,040 Speaker 1: And the reason he thinks that, I'm sorry to interrupted 120 00:07:42,760 --> 00:07:46,840 Speaker 1: the reason he thinks that, based on on my readings 121 00:07:46,880 --> 00:07:51,240 Speaker 1: of his theory, UM there were other UH countries that 122 00:07:51,280 --> 00:07:56,400 Speaker 1: were infected to including Indonesia, India and Pakistan who all 123 00:07:56,560 --> 00:08:01,360 Speaker 1: used this one same contractor, a Russian contractor who worked 124 00:08:01,440 --> 00:08:06,400 Speaker 1: on the the Bush Air nuclear power plant in Iran. 125 00:08:07,520 --> 00:08:10,720 Speaker 1: So the same contractor worked at all those places and 126 00:08:11,840 --> 00:08:15,320 Speaker 1: Stuck snat surfaced and all those locations. So I think, 127 00:08:15,360 --> 00:08:19,080 Speaker 1: based on that you've got you've got yeah, I mean 128 00:08:19,120 --> 00:08:23,160 Speaker 1: he's that that's a logical idea. Yeah, So I think 129 00:08:23,200 --> 00:08:25,440 Speaker 1: based on on that information, he said, well, you know what, 130 00:08:25,480 --> 00:08:29,040 Speaker 1: I bet that's how they did it. And the goal 131 00:08:29,120 --> 00:08:31,680 Speaker 1: here is that at least one of those machines within 132 00:08:31,720 --> 00:08:35,000 Speaker 1: that network has to have some sort of connection to 133 00:08:35,040 --> 00:08:38,080 Speaker 1: the Internet. If it doesn't, then you cannot control from 134 00:08:38,160 --> 00:08:42,040 Speaker 1: outside the network. You cannot control what's going on inside 135 00:08:42,040 --> 00:08:46,200 Speaker 1: the factory. But but the in general, the the factory 136 00:08:46,240 --> 00:08:49,480 Speaker 1: systems themselves are not connected the Internet. There's a gap there, 137 00:08:49,559 --> 00:08:52,679 Speaker 1: it's air gap. That's what it's often called um. But 138 00:08:52,840 --> 00:08:55,920 Speaker 1: as long as you can get control of the network 139 00:08:55,960 --> 00:08:58,640 Speaker 1: that is, in turn connect to the factory systems, you 140 00:08:58,720 --> 00:09:02,840 Speaker 1: might you have the oportunity to infect them. And what's 141 00:09:02,840 --> 00:09:07,400 Speaker 1: interesting is the original version of Stuck's net required use 142 00:09:07,559 --> 00:09:11,640 Speaker 1: auto run to initiate itself, but you can turn auto 143 00:09:11,720 --> 00:09:16,040 Speaker 1: run off on your machine. So if you are let's 144 00:09:16,040 --> 00:09:18,840 Speaker 1: say you work for a facility where security is a 145 00:09:18,840 --> 00:09:21,480 Speaker 1: major concern. You may have a policy that auto run 146 00:09:21,559 --> 00:09:25,560 Speaker 1: must be disabled, so that way nothing no malware that 147 00:09:25,760 --> 00:09:30,120 Speaker 1: uses auto run would automatically upload itself to your system. Well, 148 00:09:30,160 --> 00:09:33,640 Speaker 1: the the next generation of stucks net, which, by the way, 149 00:09:33,679 --> 00:09:36,240 Speaker 1: but the first two generations of stuck snet were deployed 150 00:09:36,280 --> 00:09:39,440 Speaker 1: before we ever knew that they existed. Well, anyone not 151 00:09:39,559 --> 00:09:44,680 Speaker 1: connected to the the the scheme had no idea they existed. 152 00:09:45,080 --> 00:09:47,680 Speaker 1: We didn't know they existed until I wasn't July of 153 00:09:47,720 --> 00:09:53,480 Speaker 1: two when it first showed up. But they think it 154 00:09:53,520 --> 00:09:56,640 Speaker 1: could have been out in the wild and looking for 155 00:09:56,840 --> 00:10:01,000 Speaker 1: targets as or I shouldn't say that, because we were 156 00:10:01,040 --> 00:10:02,840 Speaker 1: just saying that it doesn't spread of the internet. It 157 00:10:02,880 --> 00:10:06,760 Speaker 1: was available and ready to go as uh, possibly even 158 00:10:06,800 --> 00:10:10,079 Speaker 1: a year earlier, but they don't know for sure. Well, 159 00:10:10,160 --> 00:10:12,160 Speaker 1: essentially a full year had passed since it had been 160 00:10:12,200 --> 00:10:15,439 Speaker 1: first deployed and when it was first discovered. That's true. Yeah, 161 00:10:15,480 --> 00:10:18,200 Speaker 1: they first spotted it in the summer of two thousand nine. Well, 162 00:10:18,240 --> 00:10:22,400 Speaker 1: the later generations used a vulnerability in l n K 163 00:10:22,960 --> 00:10:29,240 Speaker 1: which allows the exploit to essentially install itself. Basically, what 164 00:10:29,280 --> 00:10:33,640 Speaker 1: happens is you plug your USB stick that happens to 165 00:10:33,720 --> 00:10:36,360 Speaker 1: be UM infected with the stuck s net virus into 166 00:10:36,440 --> 00:10:41,920 Speaker 1: your computer, and then you decide to use uh explorer 167 00:10:42,240 --> 00:10:45,080 Speaker 1: to look at what is on that that memory stick. 168 00:10:45,200 --> 00:10:47,640 Speaker 1: Just by using Explorer to open up the memory stick, 169 00:10:47,800 --> 00:10:50,880 Speaker 1: you have uh that that's all it takes for stocks 170 00:10:50,920 --> 00:10:54,480 Speaker 1: net to then in fact that computer, now your basic computer. 171 00:10:54,600 --> 00:10:56,839 Speaker 1: Like you guys out there who are using your computers, 172 00:10:57,240 --> 00:11:00,079 Speaker 1: stucks net would not do anything to your machine. You 173 00:11:00,080 --> 00:11:02,640 Speaker 1: wouldn't get any you know, you're not you're not being 174 00:11:02,640 --> 00:11:06,440 Speaker 1: spied on, You're not being uh, your your computer is 175 00:11:06,440 --> 00:11:09,240 Speaker 1: not gonna start acting weird. The whole purpose of stuck 176 00:11:09,280 --> 00:11:14,000 Speaker 1: snet is to affect these factory systems, not individual users computers. Yes, 177 00:11:14,040 --> 00:11:17,359 Speaker 1: and in fact it's looking specifically for a semen sematic 178 00:11:17,440 --> 00:11:21,200 Speaker 1: wind c C step seven uh software. And most of 179 00:11:21,240 --> 00:11:23,680 Speaker 1: us don't have that. No, I don't I I don't 180 00:11:23,679 --> 00:11:25,720 Speaker 1: have it on my Windows installations. No, it's not even 181 00:11:25,720 --> 00:11:30,960 Speaker 1: in Minecraft. So yeah, if you don't have that, then 182 00:11:31,000 --> 00:11:32,920 Speaker 1: it's not going to target you. But if you are 183 00:11:33,559 --> 00:11:38,959 Speaker 1: running a very large system like a water facility, power facility, 184 00:11:39,160 --> 00:11:44,240 Speaker 1: nuclear power facility, which of course that was the main target, UM, 185 00:11:44,360 --> 00:11:46,559 Speaker 1: then you'd have to be concerned about this, and the 186 00:11:46,800 --> 00:11:49,640 Speaker 1: the other part of this that was really interesting is that, 187 00:11:50,559 --> 00:11:54,439 Speaker 1: like Chris said, it targeted several vulnerabilities, not just one. Right, 188 00:11:54,480 --> 00:11:57,640 Speaker 1: your typical virus or worm, especially if it's developed by 189 00:11:57,640 --> 00:12:00,719 Speaker 1: someone who just you know, knows an enough to get 190 00:12:00,760 --> 00:12:03,040 Speaker 1: into trouble, but not like enough to make a really 191 00:12:03,040 --> 00:12:07,520 Speaker 1: sophisticated tool. Those tend to target a single vulnerability, but 192 00:12:07,640 --> 00:12:10,280 Speaker 1: Stuck's net was much more sophisticated, and it used a 193 00:12:10,320 --> 00:12:13,800 Speaker 1: series of vulnerabilities to spread itself. The one of the 194 00:12:13,800 --> 00:12:16,080 Speaker 1: other things that that the reasons why it was able 195 00:12:16,120 --> 00:12:19,760 Speaker 1: to install itself without checking for a certificate is because 196 00:12:19,800 --> 00:12:25,080 Speaker 1: it stole certificates. Yes, And that's that's another interesting point too, 197 00:12:25,160 --> 00:12:30,520 Speaker 1: because originally it had used and used an official certificate yes, 198 00:12:31,160 --> 00:12:35,520 Speaker 1: that had been stolen and uh, they revoked that certificate, 199 00:12:36,200 --> 00:12:42,520 Speaker 1: and it surfaced very shortly thereafter with another yes exactly, 200 00:12:42,559 --> 00:12:45,160 Speaker 1: so it appears to be completely legit. And the two 201 00:12:45,200 --> 00:12:49,000 Speaker 1: certificates came from two companies that exist within a few 202 00:12:49,080 --> 00:12:53,120 Speaker 1: miles of each other in Taiwan. Interesting. Yeah, interesting huh. 203 00:12:53,320 --> 00:12:58,840 Speaker 1: So that suggests that someone, maybe another contractor, was specifically 204 00:12:59,240 --> 00:13:04,160 Speaker 1: stealing electronic certificates from other from companies in order to 205 00:13:04,360 --> 00:13:06,720 Speaker 1: mask this stuff. And that's the thing is that if 206 00:13:06,760 --> 00:13:09,160 Speaker 1: you if you've told your computer or your if your 207 00:13:09,200 --> 00:13:13,840 Speaker 1: network administrator has told all the computers to trust UH 208 00:13:14,000 --> 00:13:18,680 Speaker 1: software that comes from a particular source, and it bears 209 00:13:18,720 --> 00:13:23,280 Speaker 1: that certificate, then there's no reason for the computer to say, Hey, 210 00:13:23,480 --> 00:13:26,120 Speaker 1: I see you're trying to upload stuck snet. Are you 211 00:13:26,160 --> 00:13:30,120 Speaker 1: sure you want to continue? Thanks clippy. UM, you see 212 00:13:30,160 --> 00:13:32,360 Speaker 1: you're trying to bring down the system from within. Do 213 00:13:32,400 --> 00:13:36,640 Speaker 1: you need help with that? And when I'm trying to 214 00:13:36,679 --> 00:13:40,040 Speaker 1: think of something to say, don't sorry now um. And 215 00:13:40,080 --> 00:13:44,720 Speaker 1: that's that's funny that you mentioned the Taiwanese connection, because 216 00:13:45,200 --> 00:13:47,960 Speaker 1: when stuck snet is in operation, it is it actually 217 00:13:48,080 --> 00:13:50,680 Speaker 1: makes tries to make contact with two control servers in 218 00:13:50,720 --> 00:13:54,120 Speaker 1: Malaysia in Denmark, and it does use a peer to 219 00:13:54,240 --> 00:13:58,080 Speaker 1: peer scheme to compare versions of itself and update to 220 00:13:58,120 --> 00:14:01,720 Speaker 1: the most recent version. So it is it is checking. 221 00:14:02,400 --> 00:14:04,920 Speaker 1: It may not necessarily have an Internet connection, but if 222 00:14:04,960 --> 00:14:07,920 Speaker 1: it's UH, if it can find other versions of itself 223 00:14:07,960 --> 00:14:11,280 Speaker 1: on the intra net where it is located, it will try. UM. 224 00:14:11,360 --> 00:14:13,800 Speaker 1: The diversions will try to update themselves to the most 225 00:14:14,320 --> 00:14:18,240 Speaker 1: current version to take advantage of any vulnerabilities that might 226 00:14:18,280 --> 00:14:22,640 Speaker 1: be available to it. UM. And this is I mean, 227 00:14:22,680 --> 00:14:27,280 Speaker 1: it's it's really fascinating stuff. UM. I also read another 228 00:14:27,400 --> 00:14:32,920 Speaker 1: article uh with security expert Bruce Schneier, who uh some 229 00:14:32,960 --> 00:14:35,160 Speaker 1: of you might have heard of. Actually he's a pretty 230 00:14:35,160 --> 00:14:41,080 Speaker 1: outspoken guy. UM. You know, information suggests that uh, you 231 00:14:41,120 --> 00:14:44,640 Speaker 1: know it uh may have infected as many as a 232 00:14:44,720 --> 00:14:49,200 Speaker 1: hundred thousand or even more computers worldwide, but about six 233 00:14:49,840 --> 00:14:53,600 Speaker 1: that was in uran UM, which suggests that Iran was 234 00:14:53,680 --> 00:14:58,080 Speaker 1: in fact the target, and specifically, Ralph Langer had found 235 00:14:58,160 --> 00:15:00,560 Speaker 1: and in his partners at his firm had found data 236 00:15:00,600 --> 00:15:04,760 Speaker 1: structures in the netens facility UH in Iran that that 237 00:15:04,920 --> 00:15:07,600 Speaker 1: matched that specifically matched the stucks net code. So it 238 00:15:07,680 --> 00:15:14,280 Speaker 1: is possible that uh, it was aimed at that particular facility, 239 00:15:14,440 --> 00:15:18,640 Speaker 1: and you know, in particular was totally redundant, un repetitive. 240 00:15:19,320 --> 00:15:23,680 Speaker 1: But let me reiterate, there was a there were several articles. 241 00:15:23,720 --> 00:15:27,880 Speaker 1: The Telegraph, UM and New York Times have published articles 242 00:15:27,880 --> 00:15:32,680 Speaker 1: that suggest uh that uh, you know that that that's 243 00:15:32,840 --> 00:15:36,400 Speaker 1: facility in particular was the target. And the idea here 244 00:15:36,520 --> 00:15:39,640 Speaker 1: is that it would it was an effort to disrupt 245 00:15:40,120 --> 00:15:43,760 Speaker 1: Iran's nuclear program, and that, like I said, the idea 246 00:15:43,840 --> 00:15:46,720 Speaker 1: was that you would uh make the centrifuges that are 247 00:15:47,240 --> 00:15:52,000 Speaker 1: um processing the uranium in these facilities to spend too 248 00:15:52,040 --> 00:15:58,600 Speaker 1: fast and to essentially break them UM. And what's really 249 00:15:58,640 --> 00:16:01,120 Speaker 1: fascinating to me is that stucks Net didn't just what 250 00:16:01,360 --> 00:16:03,560 Speaker 1: wasn't just designed to go there and just immediately ramp 251 00:16:03,600 --> 00:16:08,640 Speaker 1: everything up. It actually would analyze the operations of the 252 00:16:08,680 --> 00:16:12,600 Speaker 1: facility for several days for two reasons. One to determine 253 00:16:12,600 --> 00:16:17,120 Speaker 1: what would be the most disruptive course of action. So, 254 00:16:17,160 --> 00:16:19,400 Speaker 1: in other words, if the centrifuges are turning in a 255 00:16:19,400 --> 00:16:24,720 Speaker 1: certain number of revolutions per second, how many more does 256 00:16:24,760 --> 00:16:27,400 Speaker 1: it need for it to be the perfect amount to 257 00:16:27,440 --> 00:16:32,800 Speaker 1: be disastrous without immediately setting off all the alarms. The 258 00:16:32,840 --> 00:16:37,200 Speaker 1: second was that the reason it was observing for several 259 00:16:37,280 --> 00:16:43,600 Speaker 1: days was to create a kind of partitioned system so 260 00:16:43,640 --> 00:16:46,120 Speaker 1: that when people are looking at their monitors and are 261 00:16:46,120 --> 00:16:49,560 Speaker 1: trying to upload code to fix the problem, that it 262 00:16:49,640 --> 00:16:54,600 Speaker 1: all is um. It's a it's all segregated from those 263 00:16:54,640 --> 00:16:57,240 Speaker 1: factory systems. So if you're looking at the screen, if 264 00:16:57,240 --> 00:16:59,920 Speaker 1: you're an engineer looking at your screen trying to fix 265 00:17:00,040 --> 00:17:03,920 Speaker 1: the problem. What you see looks like the problems fixed, 266 00:17:04,359 --> 00:17:07,080 Speaker 1: that the code you've uploaded has gone in and that's 267 00:17:07,119 --> 00:17:09,639 Speaker 1: been incorporated and that's taking care of the problem. But 268 00:17:09,720 --> 00:17:13,680 Speaker 1: in reality, those centrifutures are still spinning like crazy. And 269 00:17:13,800 --> 00:17:15,760 Speaker 1: that was the really clever thing. It's the idea of 270 00:17:15,800 --> 00:17:18,840 Speaker 1: like you pull this mask down or that you know, 271 00:17:18,880 --> 00:17:22,760 Speaker 1: you you shield what's really happening, and all the the 272 00:17:22,880 --> 00:17:25,680 Speaker 1: monitoring systems don't show that anything's going wrong at all. 273 00:17:25,720 --> 00:17:30,720 Speaker 1: That that's pretty devious and that was another reason why 274 00:17:31,160 --> 00:17:34,159 Speaker 1: security experts call this a very sophisticated attack, because it 275 00:17:34,200 --> 00:17:38,280 Speaker 1: wasn't just that it was able to infect systems, you know, efficiently, 276 00:17:38,600 --> 00:17:41,760 Speaker 1: it was able to mask that infection somewhat. And there's 277 00:17:41,880 --> 00:17:43,840 Speaker 1: also it also involved a root kit, so if you've 278 00:17:43,880 --> 00:17:46,240 Speaker 1: listened to our root kit podcast, there was a root 279 00:17:46,320 --> 00:17:49,800 Speaker 1: kit element to this as well. And m yeah, I 280 00:17:49,840 --> 00:17:53,560 Speaker 1: thought that was a pretty neat idea. The and and 281 00:17:53,760 --> 00:17:58,320 Speaker 1: a lot of the the attribution for this. As we said, 282 00:17:58,480 --> 00:18:00,480 Speaker 1: we still don't know for sure who did it, no right, 283 00:18:01,359 --> 00:18:04,080 Speaker 1: but you'll if you if you do research on it 284 00:18:04,720 --> 00:18:07,360 Speaker 1: and you start looking around at articles that were published 285 00:18:07,640 --> 00:18:13,240 Speaker 1: this year, you'll see that the there's some common elements 286 00:18:13,280 --> 00:18:16,760 Speaker 1: popping up that at least one Western power was involved 287 00:18:16,800 --> 00:18:20,359 Speaker 1: in this, and that Israel was involved in it. Yes, 288 00:18:20,560 --> 00:18:23,399 Speaker 1: a lot of a lot of fingers initially pointed to 289 00:18:23,400 --> 00:18:27,919 Speaker 1: the United States government, UM, and which is still a possibility, 290 00:18:27,960 --> 00:18:31,160 Speaker 1: which is you know, yeah, as is the British government. UM. 291 00:18:31,200 --> 00:18:34,600 Speaker 1: Bruce Snyer. It's so hard to say. Bruce Schneier said 292 00:18:34,640 --> 00:18:37,800 Speaker 1: that he thinks that around eight to ten people spent 293 00:18:37,920 --> 00:18:42,040 Speaker 1: about six months, maybe a little longer on creating this 294 00:18:43,040 --> 00:18:49,520 Speaker 1: UM and uh, you know, they think that Israel has 295 00:18:50,040 --> 00:18:53,840 Speaker 1: mentioned I read one article from Schneier that suggested had 296 00:18:53,960 --> 00:18:57,240 Speaker 1: had a number of references in it. UM. There bits 297 00:18:57,280 --> 00:19:01,240 Speaker 1: of code that have dates in them that appeared to 298 00:19:01,280 --> 00:19:08,719 Speaker 1: be yes, dates important dates in Iranian Israeli relationship, and 299 00:19:08,800 --> 00:19:11,720 Speaker 1: in an incredibly negative way. We're talking like dates of 300 00:19:11,760 --> 00:19:15,480 Speaker 1: assassinations and things of that and things like that. UM. 301 00:19:15,520 --> 00:19:17,719 Speaker 1: Some people have said that they just happened to be 302 00:19:17,800 --> 00:19:20,280 Speaker 1: the code that you needed to get that done, the 303 00:19:20,320 --> 00:19:23,160 Speaker 1: particular function in the software done, and it just so 304 00:19:23,280 --> 00:19:25,920 Speaker 1: happened to end up like that, which is possible, Which 305 00:19:25,960 --> 00:19:28,840 Speaker 1: is completely possible if you've ever seen any of those theories, 306 00:19:29,080 --> 00:19:33,600 Speaker 1: any numerology theory where they say this number is significant 307 00:19:33,640 --> 00:19:36,960 Speaker 1: because blah blah blah. Uh. A lot of that ends 308 00:19:37,000 --> 00:19:40,320 Speaker 1: up being confirmation bias, which is that's a logical fallacy. 309 00:19:40,400 --> 00:19:43,440 Speaker 1: That's when you look at something and you count all 310 00:19:43,480 --> 00:19:46,440 Speaker 1: the hits and you ignore all the misses. So it's 311 00:19:46,480 --> 00:19:50,119 Speaker 1: possible that this is another case of that. So we 312 00:19:50,200 --> 00:19:52,400 Speaker 1: have to keep that in mind too. Yeah, I don't 313 00:19:52,440 --> 00:19:54,600 Speaker 1: suggest ignoring the misses because she's going to get really 314 00:19:54,600 --> 00:19:56,520 Speaker 1: angry with you. Well, she's gonna be gone for a week, 315 00:19:56,600 --> 00:20:00,960 Speaker 1: so just I can't really pay attention to her anyway. Um. 316 00:20:01,080 --> 00:20:04,440 Speaker 1: Joking aside, though, UM, I have a quote from Schneier 317 00:20:04,480 --> 00:20:07,879 Speaker 1: who said, quote whoever wrote stuck s net was willing 318 00:20:07,920 --> 00:20:09,919 Speaker 1: to spend a lot of money to ensure that whatever 319 00:20:10,000 --> 00:20:13,240 Speaker 1: job it was intended to do would be done end quote. 320 00:20:13,880 --> 00:20:17,639 Speaker 1: So uh, it's a professional job. It's it's not something 321 00:20:17,680 --> 00:20:21,040 Speaker 1: that script kitties, which are you know, hackers who do 322 00:20:21,119 --> 00:20:23,720 Speaker 1: this for the fun of hacking and not for a 323 00:20:23,760 --> 00:20:28,040 Speaker 1: monetary purpose or for bringing down governments or you know, 324 00:20:28,400 --> 00:20:32,720 Speaker 1: the high level hacking people are doing it for fun. Um. 325 00:20:32,840 --> 00:20:35,439 Speaker 1: You know, this is not a casual hacking project. This 326 00:20:35,560 --> 00:20:38,840 Speaker 1: is something serious the amount of code was something like 327 00:20:38,880 --> 00:20:43,480 Speaker 1: one point five megabytes, which is actually huge for a worm. Yeah, 328 00:20:44,000 --> 00:20:46,600 Speaker 1: because worms and viruses tend to be very tiny bits 329 00:20:46,600 --> 00:20:49,600 Speaker 1: of code, just like just like you can imagine a virus, 330 00:20:50,119 --> 00:20:52,879 Speaker 1: you know, and virus that can affect an organism is 331 00:20:52,960 --> 00:20:56,560 Speaker 1: very tiny. Well, typically your viruses that affect computers tend 332 00:20:56,600 --> 00:20:59,000 Speaker 1: to be tiny too. They might be a tiny part 333 00:20:59,040 --> 00:21:01,639 Speaker 1: of a larger program, and the larger programs designed, but 334 00:21:01,640 --> 00:21:04,560 Speaker 1: the larger program is just an infection method. It's not 335 00:21:04,640 --> 00:21:08,439 Speaker 1: actually part of the virus or worm necessarily. Another article 336 00:21:08,480 --> 00:21:12,080 Speaker 1: I saw that may point to Israel as as being 337 00:21:12,359 --> 00:21:15,000 Speaker 1: a potential source for this attack, and again we don't 338 00:21:15,000 --> 00:21:17,200 Speaker 1: know for sure, was in the New York Times. It 339 00:21:17,280 --> 00:21:20,239 Speaker 1: published on January fift and it's called Israeli test on 340 00:21:20,359 --> 00:21:25,600 Speaker 1: worm called crucial in Iran nuclear delay. And in this 341 00:21:26,240 --> 00:21:31,320 Speaker 1: UH article it the writer's state that m Israel has 342 00:21:31,359 --> 00:21:37,040 Speaker 1: this UH nuclear facility in Demona, that UM one of 343 00:21:37,080 --> 00:21:41,520 Speaker 1: those facilities is designed to be essentially a copy of 344 00:21:41,640 --> 00:21:44,920 Speaker 1: the main target in Iran. Right, I remember that article. 345 00:21:44,960 --> 00:21:47,760 Speaker 1: And the idea here is that just because you create 346 00:21:47,840 --> 00:21:50,399 Speaker 1: something that can infect a factory system doesn't mean that 347 00:21:50,480 --> 00:21:53,480 Speaker 1: you can you know, really rereak havoc because you need 348 00:21:53,520 --> 00:21:56,800 Speaker 1: to know how the machines within that that facility work. 349 00:21:57,640 --> 00:22:00,119 Speaker 1: So in this case, we're talking about the centrifuges. So 350 00:22:00,600 --> 00:22:05,000 Speaker 1: they had a facility using the same centrifuge technology that 351 00:22:05,480 --> 00:22:09,080 Speaker 1: the Iranian facility was using, so that in theory, they 352 00:22:09,080 --> 00:22:13,000 Speaker 1: could test the stucks net uh worm out to make 353 00:22:13,040 --> 00:22:15,560 Speaker 1: sure that it would be effective and that they could 354 00:22:15,560 --> 00:22:20,760 Speaker 1: indeed control these centrifugures from a remote location. Now granted, 355 00:22:20,800 --> 00:22:25,200 Speaker 1: these are again these are all allegations and and uh theories. 356 00:22:25,440 --> 00:22:28,119 Speaker 1: So well, I think if I'm not mistaken, that's the 357 00:22:28,200 --> 00:22:31,000 Speaker 1: article by William J. Brod, John Markoff, and David E. 358 00:22:31,160 --> 00:22:36,959 Speaker 1: Sanger Um. And yeah, they they added that Siemens, Remember 359 00:22:36,960 --> 00:22:39,520 Speaker 1: I said that that was a specific Siemens controller and 360 00:22:39,600 --> 00:22:44,040 Speaker 1: software that it targets UH. Siemens had done had cooperated 361 00:22:44,040 --> 00:22:48,320 Speaker 1: with the United States government on some research on that 362 00:22:48,440 --> 00:22:53,000 Speaker 1: kind of equipment, on on the equipment used in the 363 00:22:53,040 --> 00:22:57,600 Speaker 1: Iranian nuclear program. So that just that just adds fuel 364 00:22:57,640 --> 00:23:00,400 Speaker 1: to the fire. Now, I mean, again, this could all 365 00:23:00,400 --> 00:23:04,240 Speaker 1: be coincidence. These things happen. Semens makes a lot of 366 00:23:04,240 --> 00:23:07,840 Speaker 1: different kinds of industrial equipment that's used all over the world. 367 00:23:08,400 --> 00:23:11,040 Speaker 1: So you know, you could say that and it it. 368 00:23:11,640 --> 00:23:16,720 Speaker 1: You know, I don't think that's anything that UH is 369 00:23:16,840 --> 00:23:21,000 Speaker 1: a definitive finger pointing at the United States government involved 370 00:23:21,000 --> 00:23:23,919 Speaker 1: in that, and personally, UM, if it were me and 371 00:23:24,000 --> 00:23:26,120 Speaker 1: I were trying to do something like this, I wouldn't 372 00:23:26,160 --> 00:23:29,800 Speaker 1: want anything that that even revealed this. In fact, I 373 00:23:29,840 --> 00:23:33,240 Speaker 1: would want to um obfuscate. I would try to cover 374 00:23:33,359 --> 00:23:35,440 Speaker 1: up or maybe point to finger at someone else, which 375 00:23:35,520 --> 00:23:38,640 Speaker 1: is why some I agree with the people who say 376 00:23:38,640 --> 00:23:41,159 Speaker 1: that those little hints that might be in the code 377 00:23:41,160 --> 00:23:44,040 Speaker 1: that seemed to point to Israel, if I were trying 378 00:23:44,040 --> 00:23:46,320 Speaker 1: to blame somebody, I would try to blame somebody that 379 00:23:46,320 --> 00:23:50,680 Speaker 1: that would be an obvious UH target for that kind 380 00:23:50,720 --> 00:23:55,000 Speaker 1: of attention, and Israel would be obviously interested in discontinuing 381 00:23:55,040 --> 00:23:58,560 Speaker 1: Iranian's nuclear program. So if I were you know, Antarctica, 382 00:23:59,200 --> 00:24:01,280 Speaker 1: I picked that because it's not a government that's likely 383 00:24:01,320 --> 00:24:04,400 Speaker 1: to do that, and it's run by penguins. Um. But 384 00:24:04,640 --> 00:24:09,280 Speaker 1: penguins are very much anti nuke they are, so yeah. 385 00:24:09,359 --> 00:24:13,520 Speaker 1: I mean, if if another country wanted to disable that UH, 386 00:24:13,560 --> 00:24:15,440 Speaker 1: and I were running that country, I would say, let's 387 00:24:15,440 --> 00:24:18,320 Speaker 1: point to finger someone else, throw some throw some red 388 00:24:18,359 --> 00:24:20,720 Speaker 1: herrings in the code to make it look like it's 389 00:24:20,760 --> 00:24:24,600 Speaker 1: these guys over here and not me. So I wouldn't 390 00:24:24,600 --> 00:24:26,720 Speaker 1: be a bit surprised. I can't imagine that you would 391 00:24:26,760 --> 00:24:30,119 Speaker 1: want and something this sophisticated. Why would you want anything 392 00:24:30,160 --> 00:24:33,520 Speaker 1: that would attract attention to yourself as as the creator 393 00:24:33,560 --> 00:24:37,840 Speaker 1: of this worm, Why would you create a system that could, 394 00:24:38,240 --> 00:24:42,520 Speaker 1: in theory reset itself at the year two thousand. Well, 395 00:24:42,600 --> 00:24:45,080 Speaker 1: I'm just saying sometimes people aren't as smart as we 396 00:24:45,119 --> 00:24:48,959 Speaker 1: give them credit for. So, yeah, there's I totally agree 397 00:24:49,000 --> 00:24:51,600 Speaker 1: that your argument is valid. I mean there we cannot 398 00:24:51,760 --> 00:24:55,360 Speaker 1: leap to the conclusion that this is necessarily the source 399 00:24:55,480 --> 00:24:57,920 Speaker 1: of the attack. Yeah, And I don't mean to h 400 00:24:58,000 --> 00:25:01,199 Speaker 1: to sound like I've reached conclusions. I just I it 401 00:25:01,240 --> 00:25:04,240 Speaker 1: seems illogical to me to point the finger at yourself. 402 00:25:04,920 --> 00:25:08,919 Speaker 1: Um I think that, if anything, that's probably code that 403 00:25:08,960 --> 00:25:11,000 Speaker 1: needed to be there in order to make the software work, 404 00:25:11,080 --> 00:25:15,640 Speaker 1: rather than hints to that. Um So, I actually think 405 00:25:15,960 --> 00:25:20,520 Speaker 1: it's all due to aliens and Roswell. That's that's who 406 00:25:20,600 --> 00:25:22,800 Speaker 1: did it, and they got so ticked off. What happened 407 00:25:22,880 --> 00:25:26,320 Speaker 1: was they finally got Independence Day and they said, what 408 00:25:26,880 --> 00:25:31,280 Speaker 1: taking us down with a virus written on an Apple computer. 409 00:25:31,600 --> 00:25:36,000 Speaker 1: No less will show you an Apple computer from the 410 00:25:36,080 --> 00:25:39,199 Speaker 1: dark ages of Apple computer to um. So maybe we 411 00:25:39,200 --> 00:25:42,040 Speaker 1: should talk about the fact that, um, the you may 412 00:25:42,080 --> 00:25:46,040 Speaker 1: have heard on the news about hackers releasing a decrypted 413 00:25:46,119 --> 00:25:52,160 Speaker 1: version of stuck snet code. Okay, that happened. Okay, I hadn't. 414 00:25:52,200 --> 00:25:54,040 Speaker 1: I hadn't realized that. The only other thing I was 415 00:25:54,080 --> 00:25:56,679 Speaker 1: going to add was that stucks neet is designed to 416 00:25:56,720 --> 00:26:01,880 Speaker 1: become inactive on June. Yes, actually does have a a 417 00:26:01,880 --> 00:26:04,879 Speaker 1: an expiration date, which is kind of funny. So if 418 00:26:04,920 --> 00:26:08,119 Speaker 1: you try the stucks net after that point, it may 419 00:26:08,160 --> 00:26:10,920 Speaker 1: make you a little sick to your stomach. Right. So 420 00:26:11,920 --> 00:26:14,720 Speaker 1: the that you may have heard, again, like I said, 421 00:26:14,720 --> 00:26:18,840 Speaker 1: that hackers have released this decrypted code, which, on its surface, 422 00:26:18,880 --> 00:26:20,879 Speaker 1: if that's all you hear, you think, wow, that's scary, 423 00:26:20,960 --> 00:26:24,840 Speaker 1: because now this incredibly sophisticated weapon that was designed by 424 00:26:25,000 --> 00:26:28,760 Speaker 1: people who apparently really knew what they were doing, has 425 00:26:28,920 --> 00:26:33,960 Speaker 1: just been distributed around the world for free, and now 426 00:26:34,400 --> 00:26:37,480 Speaker 1: we're gonna see chaos rain. Well, there's a couple of 427 00:26:37,520 --> 00:26:39,040 Speaker 1: things you need to keep in mind. One is that 428 00:26:39,040 --> 00:26:41,879 Speaker 1: a lot of the vulnerabilities that stuck s net initially 429 00:26:41,920 --> 00:26:44,840 Speaker 1: targeted have been patched. Since then I read that all 430 00:26:44,880 --> 00:26:47,840 Speaker 1: have all of them have been have they? Okay? So yeah, 431 00:26:48,080 --> 00:26:51,359 Speaker 1: the latest information I had was a couple of months old, 432 00:26:51,400 --> 00:26:54,000 Speaker 1: so and that at the time when it was written, 433 00:26:54,240 --> 00:26:56,399 Speaker 1: there was still one remaining to be patched. But I 434 00:26:56,440 --> 00:27:00,920 Speaker 1: would imagine by that time that has happened. Well, frankly, UM. 435 00:27:00,960 --> 00:27:06,320 Speaker 1: Another indication that UM, this is written by somebody very 436 00:27:06,320 --> 00:27:10,440 Speaker 1: sophisticated is as as one of the security researchers point out, UM, 437 00:27:10,680 --> 00:27:16,119 Speaker 1: vulnerabilities are something that true hackers prize. Once you have 438 00:27:16,160 --> 00:27:18,760 Speaker 1: a hole in the code that you know about and 439 00:27:18,760 --> 00:27:21,800 Speaker 1: and hasn't been patched yet, UM, that's your ticket to 440 00:27:22,000 --> 00:27:27,000 Speaker 1: generating something a success, a successful attack. UM. And the 441 00:27:27,040 --> 00:27:32,280 Speaker 1: fact that they had multiple vulnerabilities UM targeted sort of 442 00:27:32,320 --> 00:27:37,200 Speaker 1: suggests that these people were not fooling around. UM. So yeah, 443 00:27:37,240 --> 00:27:42,439 Speaker 1: I mean that's you. We're talking several opportunities to uh 444 00:27:42,680 --> 00:27:45,919 Speaker 1: to make a dent in the nuclear program of Iran. 445 00:27:46,080 --> 00:27:51,040 Speaker 1: So well, getting back to to the hackers just really briefly, UM, 446 00:27:51,080 --> 00:27:53,480 Speaker 1: first of all, can you can you take a wild 447 00:27:53,600 --> 00:27:57,080 Speaker 1: guess at who at the the name of the group 448 00:27:57,119 --> 00:28:00,280 Speaker 1: of hackers that stole this information is the start with 449 00:28:00,320 --> 00:28:03,760 Speaker 1: an A it does does it end with it anonymous? 450 00:28:03,840 --> 00:28:09,400 Speaker 1: Yes it does, so it's our It's it's the group Anonymous, 451 00:28:09,440 --> 00:28:13,320 Speaker 1: the group that UM you know has has has some 452 00:28:13,840 --> 00:28:18,600 Speaker 1: connections to other Internet what or websites, things like four chan. 453 00:28:19,320 --> 00:28:23,000 Speaker 1: But Anonymous has sort of become like Internet vigilantes and 454 00:28:23,080 --> 00:28:28,560 Speaker 1: they banded together and uh, they they enact virtual what 455 00:28:28,600 --> 00:28:31,720 Speaker 1: they see as virtual justice on targets that they perceive 456 00:28:31,840 --> 00:28:38,360 Speaker 1: as being ah antithetical to what the values they hold. So, 457 00:28:38,760 --> 00:28:43,040 Speaker 1: for example, when wiki leaks was under um under fire 458 00:28:43,160 --> 00:28:47,000 Speaker 1: and was starting to get uh support yanked out from 459 00:28:47,120 --> 00:28:51,240 Speaker 1: under it financial support from from various companies, then Anonymous 460 00:28:51,320 --> 00:28:54,800 Speaker 1: began to target those companies and really hit them hard. Well, 461 00:28:54,800 --> 00:28:59,200 Speaker 1: in this case, they target targeted a security company called 462 00:28:59,320 --> 00:29:05,080 Speaker 1: HB Gary and they stole a decrypted version of the 463 00:29:05,080 --> 00:29:08,600 Speaker 1: stuck net virus. Now this means that you could actually 464 00:29:08,600 --> 00:29:11,120 Speaker 1: study the stuck s neet virus. It's not it's not 465 00:29:11,200 --> 00:29:12,960 Speaker 1: a kind version of the virus where you would be 466 00:29:13,000 --> 00:29:15,720 Speaker 1: able to actually infect a computer. It's more so that 467 00:29:15,760 --> 00:29:18,400 Speaker 1: you can study it and see how it um it 468 00:29:18,480 --> 00:29:22,080 Speaker 1: took advantage of these vulnerabilities, and uh, it was really 469 00:29:22,120 --> 00:29:25,720 Speaker 1: meant for academic purposes, and hp Gary actually points out 470 00:29:25,720 --> 00:29:29,480 Speaker 1: the company points out that if you want a truly 471 00:29:29,600 --> 00:29:32,440 Speaker 1: dangerous version of stuck net, it's already out there. You 472 00:29:32,480 --> 00:29:35,960 Speaker 1: don't have to steal it from a security company. You 473 00:29:36,000 --> 00:29:38,040 Speaker 1: just have to find a computer infected with it, and 474 00:29:38,080 --> 00:29:40,680 Speaker 1: then you reverse engineer it. You get the binary code, 475 00:29:40,720 --> 00:29:43,360 Speaker 1: you get the raw code for stuckx net. You don't 476 00:29:43,360 --> 00:29:47,200 Speaker 1: get a translated version. So you may have heard about 477 00:29:47,200 --> 00:29:52,680 Speaker 1: this anonymous attack. It's definitely a embarrassing story for HP 478 00:29:52,760 --> 00:29:55,160 Speaker 1: Gary because that's a you know, it's a computer security 479 00:29:55,160 --> 00:29:59,600 Speaker 1: firm and they had their system compromised. So that's that's part. 480 00:29:59,680 --> 00:30:01,720 Speaker 1: That's the real, big part of the story is the 481 00:30:01,720 --> 00:30:04,200 Speaker 1: fact that something that was on their systems was able 482 00:30:04,240 --> 00:30:07,320 Speaker 1: to to you know, Anonymous was able to get access 483 00:30:07,360 --> 00:30:10,520 Speaker 1: to it and spread it around the world. Um, but 484 00:30:10,600 --> 00:30:14,280 Speaker 1: the actual version of stuck's net that Anonymous distributed was 485 00:30:14,400 --> 00:30:17,120 Speaker 1: not the kind that's going to plunge the world into 486 00:30:17,160 --> 00:30:21,520 Speaker 1: some sort of virtual warfare. Now we're probably seeing the 487 00:30:21,640 --> 00:30:26,480 Speaker 1: end of of stucks nets true effectiveness in the field. 488 00:30:26,520 --> 00:30:30,920 Speaker 1: As long as companies realize the dangers of stocks nets 489 00:30:30,920 --> 00:30:33,800 Speaker 1: and they update their systems, you know, they make sure 490 00:30:33,840 --> 00:30:37,120 Speaker 1: they have the latest security patches that plug those holes 491 00:30:37,160 --> 00:30:39,520 Speaker 1: that stucks net took advantage of. So I mean there 492 00:30:39,600 --> 00:30:42,960 Speaker 1: is definitely some measures they have to these companies have 493 00:30:43,000 --> 00:30:44,960 Speaker 1: to take in order of companies and governments have to 494 00:30:44,960 --> 00:30:47,120 Speaker 1: take in order to remain safe. It's not like you 495 00:30:47,160 --> 00:30:50,000 Speaker 1: automatically become safe just because this this hole was patched. 496 00:30:50,040 --> 00:30:54,000 Speaker 1: You have to install the patch, right. Um, but stucks 497 00:30:54,040 --> 00:30:56,680 Speaker 1: net is probably starting to wind down for the most part, 498 00:30:56,800 --> 00:31:00,440 Speaker 1: just because everyone's aware of it. However, it probably also 499 00:31:00,720 --> 00:31:04,720 Speaker 1: marks the beginning of some serious cyber warfare stuff that 500 00:31:04,760 --> 00:31:09,120 Speaker 1: goes beyond the level of a small group of hackers 501 00:31:09,200 --> 00:31:13,840 Speaker 1: who share a particular philosophy and they all you know, 502 00:31:13,920 --> 00:31:17,560 Speaker 1: aim the aim their efforts at a single target. This 503 00:31:17,640 --> 00:31:22,560 Speaker 1: may be the mark of some pretty serious UH warfare tactics, 504 00:31:23,480 --> 00:31:26,040 Speaker 1: not out and out warfare either, but you know, subversion 505 00:31:26,080 --> 00:31:30,200 Speaker 1: tactics to to really take advantage and UH and cripple 506 00:31:30,400 --> 00:31:35,800 Speaker 1: companies are countries, infrastructures. Well, it is interesting too that um, 507 00:31:35,960 --> 00:31:39,600 Speaker 1: something that appears to have been so targeted for specific purpose, 508 00:31:40,200 --> 00:31:44,400 Speaker 1: it did leak over and damage other systems too. I mean, 509 00:31:45,040 --> 00:31:48,880 Speaker 1: there is the possibility I read that India's insight four 510 00:31:48,960 --> 00:31:54,520 Speaker 1: B which failed UH in July, may have been due 511 00:31:54,520 --> 00:31:59,000 Speaker 1: to a Stuxnet infection UM and you know, it did 512 00:31:59,040 --> 00:32:05,480 Speaker 1: spread around the world, so it is possible um that 513 00:32:05,480 --> 00:32:07,600 Speaker 1: that it caused a lot of collateral damage in the 514 00:32:07,680 --> 00:32:11,120 Speaker 1: process of taking out its original target. And their estimates 515 00:32:11,200 --> 00:32:14,720 Speaker 1: do suggest that Iran's nuclear program has been set back 516 00:32:14,760 --> 00:32:18,080 Speaker 1: for years as a result of the ducks Net infection. 517 00:32:18,200 --> 00:32:21,240 Speaker 1: It's interesting assuming that it was the intended target, which 518 00:32:21,240 --> 00:32:23,320 Speaker 1: it seems to have been, right, it all depends on 519 00:32:23,360 --> 00:32:25,840 Speaker 1: the source you look at, because I looked at several 520 00:32:25,840 --> 00:32:29,120 Speaker 1: where there were some sources that said, yeah, this problem 521 00:32:29,160 --> 00:32:32,680 Speaker 1: has really set the Iranian program back by a few years, 522 00:32:32,680 --> 00:32:39,640 Speaker 1: but that all seemed to be statements from other governments representatives, 523 00:32:39,640 --> 00:32:43,680 Speaker 1: whereas I I also saw claims that said that Iran 524 00:32:43,800 --> 00:32:48,680 Speaker 1: managed to produce the same amount of uranium essentially weapons 525 00:32:48,680 --> 00:32:52,240 Speaker 1: grade uranium UM by at the end of the year 526 00:32:52,320 --> 00:32:56,040 Speaker 1: as it had the year previous. And so it didn't 527 00:32:56,240 --> 00:33:00,360 Speaker 1: it didn't ramp up production. Production had not increased year year, 528 00:33:00,440 --> 00:33:02,520 Speaker 1: but it hadn't set it back to the point where 529 00:33:02,560 --> 00:33:06,200 Speaker 1: it was making less than it had before. So that 530 00:33:06,320 --> 00:33:10,320 Speaker 1: suggests that you know, any setbacks that Iran encountered were 531 00:33:11,160 --> 00:33:14,400 Speaker 1: temporary in nature. So it all depends on who you 532 00:33:14,440 --> 00:33:17,680 Speaker 1: ask and you know who you believe, And it may 533 00:33:17,680 --> 00:33:20,160 Speaker 1: be difficult to know because Iran is not known for 534 00:33:20,200 --> 00:33:24,160 Speaker 1: being completely transparent with its nuclear program, and other governments 535 00:33:24,200 --> 00:33:28,680 Speaker 1: aren't known for um you know, giving shooting straight when 536 00:33:28,720 --> 00:33:32,520 Speaker 1: talking about that. It may pay politically to underplay something. 537 00:33:32,960 --> 00:33:37,959 Speaker 1: So what's the truth? Difficult to know, but um, it is. 538 00:33:38,040 --> 00:33:40,960 Speaker 1: It is a fascinating subject. Yes, I mean, just because 539 00:33:41,000 --> 00:33:43,040 Speaker 1: we've talked about viruses and worms and all kinds of 540 00:33:43,040 --> 00:33:46,040 Speaker 1: other malware and this is this is a different kind 541 00:33:46,240 --> 00:33:49,000 Speaker 1: of malware. Yeah, and we may we may see more 542 00:33:49,040 --> 00:33:52,760 Speaker 1: attempts at that hackers try and take two um, to 543 00:33:52,880 --> 00:33:56,080 Speaker 1: try and and take advantage of multiple vulnerabilities within the 544 00:33:56,120 --> 00:34:01,120 Speaker 1: same operating system environment, just because it's been proven to 545 00:34:01,160 --> 00:34:04,120 Speaker 1: be really effective. You know, using that multi pronged attack 546 00:34:04,240 --> 00:34:07,160 Speaker 1: means that you're your your attack is gonna be much 547 00:34:07,200 --> 00:34:10,359 Speaker 1: more efficient and it's gonna be harder to prevent just 548 00:34:10,440 --> 00:34:16,040 Speaker 1: through a single patch. So yeah, that's it's kind of scary. Um. Fortunately, 549 00:34:16,080 --> 00:34:18,440 Speaker 1: like I said, the stucks net virus itself is not 550 00:34:18,480 --> 00:34:23,600 Speaker 1: going to directly impact you unless the worst should happen. 551 00:34:24,440 --> 00:34:27,600 Speaker 1: Let's hope that doesn't come to pass. And again this 552 00:34:27,680 --> 00:34:30,600 Speaker 1: is a reminder always to patch your computer with the 553 00:34:30,680 --> 00:34:33,800 Speaker 1: later security latest security updates, no matter what what operating 554 00:34:33,840 --> 00:34:36,160 Speaker 1: system you're running, and back up your hard drive because 555 00:34:36,920 --> 00:34:41,320 Speaker 1: eventually something will come after you. Right, Yeah, like my wife. 556 00:34:41,600 --> 00:34:44,320 Speaker 1: See that's what happens when you're in order. Yeah, she'll 557 00:34:44,400 --> 00:34:49,080 Speaker 1: come back. I would ignore the misses woman scorned. All right, 558 00:34:49,160 --> 00:34:52,000 Speaker 1: So we're gonna wrap this up. Guys. If you have 559 00:34:52,040 --> 00:34:54,520 Speaker 1: any other questions about stuck snet, or you have any 560 00:34:54,600 --> 00:34:57,759 Speaker 1: topic suggestions you would like to shoot us, let us 561 00:34:57,800 --> 00:35:00,439 Speaker 1: know on Twitter and Facebook that handle it is tech 562 00:35:00,520 --> 00:35:04,400 Speaker 1: Stuff hs W, or you can email us that emailoge 563 00:35:04,440 --> 00:35:07,200 Speaker 1: uses tech stuff at how stuff works dot com and 564 00:35:07,280 --> 00:35:09,520 Speaker 1: Chris and I will talk to you again really soon. 565 00:35:11,840 --> 00:35:14,160 Speaker 1: For more on this and thousands of other topics. Is 566 00:35:14,200 --> 00:35:16,439 Speaker 1: it how stuff works dot com. To learn more about 567 00:35:16,480 --> 00:35:19,319 Speaker 1: the podcast, clock on the podcast icon in the upper 568 00:35:19,360 --> 00:35:23,080 Speaker 1: right corner of our homepage. The How Stuff Works iPhone 569 00:35:23,080 --> 00:35:31,000 Speaker 1: app has arrived. Download it today on iTunes. Brought to 570 00:35:31,040 --> 00:35:34,120 Speaker 1: you by the reinvented two thousand twelve camera. It's ready, 571 00:35:34,320 --> 00:35:34,759 Speaker 1: are you