Відео

What I find weird is that the two domains that were used for updates, SUPPOSEDLY could not be determined to whom they belonged. Like. Every domain in existence is strictly documented. Unless ICANN _itself_ was compromised, it should be dead simple to find who had those two domains.

Can you share the dataset link

Fantastic video, really appreciated the information on the additional systems they were forced to build to mitigate the failures they were already dealing with. I wonder how they (the attackers) knew enough about those systems to target them, I understand they intercepted the Libyan shipment to understand the centrifuges, but not their over pressure systems.

I don't understand. What is the purpose if the zones then?

We've diagnosed your centrifuges with bipolar disorder.

I honestly wonder whats changed in their program since all this happened.

>less than 3k subs >best video on the topic thanks for making this video. sincerely

I think Adobe products should be forbidden not only in OT environments, lol!

The noise would have been masked by the other running centrifuges. It only targeted a few cascades at a time (164 centrifuges each) and it was over 50 mins. So 164 centrifuges at a time in a room full of 5,000 to 8,000 running.

The Iranian mentality is anchored to an archaic narrative which dictates that their "Religious duty" is to usher in the "Prophesied" genocidal annihilation of all Societies that don't subscribe to their Religions dogmas and to avenge in perpetuity, alleged transgressions purportedly perpetrated in Antiquity, on behalf of the insane ranting zealotry of an Iron Age Schizophrenic Pedophile, who is recorded as, having had s*xual intercourse with a nine year old girl, that she did not consent shouldn't even be a question. Mere Religious tribalism is always a potential source of intolerance and violence, but it is much worse when there are specific doctrines that advocate intolerance and violence, eventually Muslim societies will need to understand that their Religious beliefs, specifically around the doctrines of Jihad and Martyrdom, puts their faith in perpetual conflict with the modern World, Martyrdom in particular is a truly appalling spectre when ultimately, they don't care about their own survival and are willing to Martyr their fellow Muslims in accordance with the dictates of those beliefs, any response from those who they target with this outrageously ignorant zealotry, is on them, it is their fault and it will remain their fault no matter how many people die in Gaza or anywhere else where they vent their insanities and hatred. NUCLEAR WEAPONS IN THE HANDS OF JIHADISTS AND ANY OTHER FORM OF ISLAMIC EXTREMISM OBSESSED WITH FULFILLING THEIR RELIGIOUS DUTY TO ANNIHILATE ALL THOSE WHO DON'T SUBSCRIBE TO THEIR RELIGIONS DOGMAS, CANNOT AND NEVER WILL BE TOLERATED !!!

2:58 that aged like fine milk.

lieber Herr Langner, besten Dank für Ihre Darstellung der möglichen Ereignisse, die allerdings einige fundamentale Fragen offen lässt. davon abgesehen, würde ich mich freuen, sie würden den Text gleich auf Deutsch vortragen und die hochproblematische Tonspur reinigen.

"The stealthy cyber weapon had been turned into a prank." "After that little concert in the cascade hall..." lol These funny statements actually show the high quality of technical expertise in this video. Seriously, other videos breathlessly report, with mysterious background music, how amazing it was to control the speed. This is the first explanation I've seen that described the resulting sound and how obvious it would be to the Iranians.

This is pretty freaking awesome! Thanks for sharing!

Fabulous!

*Abstract* This video analyzes new footage from the Natanz fuel enrichment plant and reveals insights into the Stuxnet attack, particularly the second version. The analysis focuses on the audible differences in centrifuge rotor speed caused by the attack, suggesting that the attackers were not concerned with remaining undetected. The video also highlights the differences between IT-based cyber forensics and the cyber-physical forensics used in this case. *Summary* *Introduction* - 0:00 Ralph Langner introduces the video and references his previous analysis of Stuxnet, "To Kill A Centrifuge." He mentions the importance of video footage in understanding the attack. *Previous Analysis* - 0:18 Langner discusses how previous video footage analysis led to breakthroughs in understanding Stuxnet, such as identifying the pressure controller used at Natanz. *New Analysis* - 1:16 The video focuses on new footage found online, showcasing the Natanz facility, including the centrifuge hall and control room. - 2:00 Observations include potential maintenance issues (e.g., hanging signal cable) and the presence of numerous vibration sensors. - 2:54 The control room is described as "the coolest control room you have ever seen," with an unusual layout and blurred screens. - 3:58 Langner emphasizes the importance of the audible aspects of the attack, which were not fully understood in the previous analysis. *Can you hear it?* - 5:28 The video plays audio of centrifuges spinning at normal operating speed (59,000 RPM) and compares it to the sound of centrifuges at 83,000 RPM (1,400 Hertz) as manipulated by the first Stuxnet attack. The difference in sound is significant. - 6:26 The second attack iteration involved slowing down the centrifuges to 120 RPM (2 Hertz), below the audible range but still representing a drastic change detectable by engineers. - 7:57 Langner addresses the concern that the sound of one affected centrifuge would be masked by others, explaining that the attack impacted at least one whole cascade (164 centrifuges) and possibly up to six cascades (almost 1,000 centrifuges). - 8:30 The attackers synchronized the affected cascades using WinCC, further highlighting their intention to make the attack noticeable. *Conclusion* - 9:03 Langner concludes that the attackers behind the second Stuxnet version were not concerned with stealth and that detection by Iranian engineers was inevitable. He suggests that this lack of operational security would have prompted a closer examination of the controllers. i used gemini 1.5 pro

Ralph, thank you for the enlightening and useful discussion. Much appreciated.

Great video that emphasis the importance of criticality in defining OT Security measures! Same concepts can apply across DR methods and exercises as well

Zoning and Conduit as per 62443, instead of purdue thinking. Zone the Control Systems for network Segmentation.

👀 P R O M O S M

powerful

Great Presentation of Vulnerability report using Power BI. If you can make a detailed step by step video on Power Bi for Vulnerability Management that will really help to learn and Implement.

I'm in full support of this clarification

Aa consistent theme in recent history (say the last 70 years) has been the marketability of fear. Look at the emergence of 24/7 news cycles which often prioritise sensationalism to capture attention and instill fear. Unfortunately, it seems challenging to go back to a time when OT or "cyber" Security were solely an engineering principle.

Love this - Ralph, you are totally on point on this one!

Thank you for the documentary! I'm studying cyber security and this video was really worthy and interesting to watch

Ground reality

obama was a lot more vicious than bush, eh?

Best

Thanks for putting this together. All the other videos are just overviews but this gets deep into the working principles and demonstrates the type of clever thinking the creators of Stuxnet had. This is exactly what I was hoping to find.

Lmao loved the comment about activists

Very Informative and usefull..

i love top level explanation like this, thx a lot

As someone who helped design the original discovery methods (proprietary) used in a very a famous dpi product/retailer who sells to ISP’s and transit providers, I beg to differ… Netmp can help, and views into TLS meta data and other tidbits are definitely effective and time consuming (on cpu resources), but they aren’t everything. This is for certain…

There has recently been a development in the stuxnet case. Newspaper "de Volkskrant" reported that the spy who placed the infected usb stick was a Dutch national, and had been killed in 2009 in Dubai. It seems like they sabotaged his motorcycle, and an anonymous intelligence officer from the MIVD (military intelligence & safety department) was quoted as saying the spy "paid a heavy price".

All thanks to the Red White and Blue, thanks to Erik van Sabben!

I am glad i stumbled on this

It's really very useful software for ICS protocols TCP port analysis

I still find it hard to believe that Stuxnet was a first, if it truly was, that means that mankind created an extremely sophisticated product that worked perfectly right out of the box… it clearly must be Alien. ;)

Ok, then explain for it guy even what the PLC or profinet is. I think you also didn’t ever work in factory SO your knowlege is very limited to the IT side of security problems and I see that from your videos…

Oh my. After all this optimism - energy sector protocols not covered very well. Sheeeet.

Your work and prior talks, including one with NATO, led up to this enormous opportunity you landed and delivered on so well - even if it took some time for open source to connect the dots to confirm your assertions and, since then, gain additional big-picture perspective. The payload-related risk persists, as you point out, and the threat landscape continues to advance even with distracting theater, making sure the defensive capabilities starting with basics to address risk matters very much!

The gloves are off

Thanks! One of the best write ups on the "weapon" I've ever seen or heard. I knew your group was one of the first to reverse engineer the "weapon" and analyze it. I'm very glad you made this as I did not know there were two campaigns.

what kind of expert are you claiming to be? the objective of risk management is to minimize the risk of lost revenue. simplifying that to say its to minimize cost does not alter that definition. Is this guy a politician, he minces words like one.

Well said Ralph

Thing is, someone(s) orchestrated the leak of the technology to Iran, pakistan, NK and so on to allow this weapon to be installed. This was planned a head of time. They sold their enemies their defeat. Along with Britain, the US and Israel you have Germany. Siemens. This is just a massive web of pyramids.

First the target was Irans nuclear facilities, the next target is every man with a phone. We already run such worms and tracking mechanisms on our phone ready to activate the payload when we become an object of interest. A dystopian state with mass surveillance is already a reality. Stuxnet just raised the confidence of these agencies.

Hmmmm

If you believe that Pakistani government (which is essentially the Military Establishment) was unaware of , and didn't directly control AQ Khan's network which supplied nuclear enrichment tech to NoKo and Iran, in exchange for ballistic missile tech and spares, I have a 100 storey skyscraper to sell in the middle of Islamabad.