The Stuxnet Story: What REALLY happened at Natanz
Вставка
- Опубліковано 18 чер 2024
- The story of Stuxnet, the first cyber weapon in history. Focus is on the manipulation of machinery at Natanz, with detailed explanations of machine configuration and operation.
Check out more material on Stuxnet at www.langner.com/stuxnet/
0:00 Intro
0:45 Backstory
4:45 Technical Difficulties
8:58 The First Campaign (2007-2008)
18:19 The Second Campaign (2009-2010)
27:50 Afterstory
35:45 Production Info & Credits - Наука та технологія
One of the best documentaries I've seen. I hope this gets way more views because you deserve it, Mr. Langner
Thankyou.
it's great but don't heed to much to the technical involvement. The US does not and never has used siemens step anything in the US except a few german auto manufacturers and suppliers. This is mossad
Thanks for putting this together. All the other videos are just overviews but this gets deep into the working principles and demonstrates the type of clever thinking the creators of Stuxnet had. This is exactly what I was hoping to find.
This video report was very elaborate, to the point and informative.
Top-notch quality.
Thanks to the everyone involved in this video report
Excellent, You covered the topic very well. Everything was presented clearly, in every detail. Just what I was looking for
Thank you!
@@OTbase Did every single one of those centrifuges contain a PLC? Do we have any pictures of damaged units?
No, and no. You can find details on the automation system, including number of PLCs, in "To kill a centrifuge" (just google it).
@@OTbase I'm gonna have a read, then. Thank You, have a good day
This was a pleasure to watch, thank you Ralph for this thorough analysis, 10 years+ after the fact. It's even more interesting now, as time goes by, to understand the complexities of these issues, from the geo-political perspective all the way to the pure technological one.
I truly hope you could make this type of video into a series, in which you explain the different malware threats that pop up and dissect them in this fashion.
In this day and age ransomware seems to be quite prolific all over the world, that would make for another amazing video, going through what has been happening in the last decade or so...
Thanks Langner for explaining it so well, the details of the 2 stage attack campaign were so perfect.
I have long been intrigued and interested in this topic, can’t have a better source explaining the story than mr langner himself. Thank you!
with some value judgments added.
Excellent. I've always loved your analysis and distillation of what occurred. I like how in Zero Days, you cheekishly knew what you could and couldn't talk about, alluding to it throughout your interview.
"The stealthy cyber weapon had been turned into a prank."
"After that little concert in the cascade hall..."
lol These funny statements actually show the high quality of technical expertise in this video. Seriously, other videos breathlessly report, with mysterious background music, how amazing it was to control the speed. This is the first explanation I've seen that described the resulting sound and how obvious it would be to the Iranians.
Very well done. I've heard of stuxnet and watched vids about it but never seen such an in-depth analysis of what was actually going on before.
This was the best documentary I've seen on UA-cam ever. Thank you so much Sir
Thanks! One of the best write ups on the "weapon" I've ever seen or heard. I knew your group was one of the first to reverse engineer the "weapon" and analyze it. I'm very glad you made this as I did not know there were two campaigns.
Such great breakdown, thorough explanations and I loved the chronicling of the events dating back 1975.
Great video..very in-depth without bogging the viewer down
Very informative, thx. I also enjoyed the swipe at the public press in the end. And of course the (almost) happy ending.
Being a vulnerable researcher myself this I can say was the most complete description of the events.. what a great documentary 👏 👌 👍 🙌 ❤
This documentary is excellent, brilliant. Good work.
That was more enlightening than I was expecting. Great video.
Great work and video... thanks for bring it to public.
Very well done analysis of Stuxnet. Thank you for your very clear explaining.
Messerscharfe Analyse, hochinteressant und wirklich hervorragend dargestellt. Danke!
Excellent work gentlemen. Thank you.
Very well detailed ! Thanks a lot :)
Great video. Very interesting subject presented very clearly, thank you !
excellent video! the level on details is just fantastic. very informative. thanks.
You're very welcome!
amazing and well put together
That's what I was looking for. Thank you very much!
Excellent report. thanks!
Outstanding presentation.
Fantastic video. I'm reading a Cyber Security book that mentions Stuxnet and decided to see what videos or documentaries were available. Great work by the team at Langner.
I wish they used a lot of this info in the zero day documentary. They really needed to provide more info on te centrifuge process. As well as the decisions to do the various updates. I still don’t understand the problems or lack of implementation for manual shutdown. The illustration of the sound helped a lot.
excellent video very well produced and explained
This video is a gold standard template for how to properly present a subject.
Just got this recommended by UA-cam, two years late… great vid! Subbed as well!
Thank you this was really helpful for me to understand the situation
Ausgezeichnetes Video. Danke schön.
i love top level explanation like this, thx a lot
Thank you for the documentary! I'm studying cyber security and this video was really worthy and interesting to watch
>less than 3k subs
>best video on the topic
thanks for making this video. sincerely
This must be one of the more beautifully scripted topic on cyber warfare. Very clear representation
The documentary “Zero Days” by Alex Gibney does a great job of almost naming names and outlining its development. Very interesting watch I’d recommend.
I want to start learning about technical side of cyber security. Where does one start as a beginner? Great video!
Great video
This was honestly a fantastic video for all sorts of viewers. Thanks to The Langner Group for putting this together. I learned a ton and can't praise it enough. I am very interested in how the state of cyber-physical attacks evolve over the ext decade or so and how the end-goals of these attacks change. For example, ransomware like EKANS, etc (I'm no expert here by any means)...will these sets of malware ultimately hold our critical infrastructure for hostage rather than blow things up or cause physical harm?Will cyber-physical attacks ramp up in damage slowly over time? Almost like pushing a glass further and further towards the end of a countertop... It may be just my paranoia but with the amount of funding certain nation states are allocating to cyber defense, it makes me wonder what may be going on in regards to the offensive side of things... Once again though, great video!
Thanks!
Great work
Thanks for sharing. 😉👌🏻
Great video. Some story.
Thanks for this exhaustive explanations... the best I saw yet...
but... I have a small doubt--- since we do not know for sure what was the vector for the first 'infection'---
and the software was binaries for the Siemens PLCs... ?what software was submit to Virustotal???
I am glad i stumbled on this
Some of the most sophisticated and effective sabotage ever committed. Insane.
I just wanted to say this was an outstanding explanation. I can't imagine the amount of brainpower and preparation that must have went into developing Stuxnet. Did the analysis team know much about Iran's nuclear enrichment program before trying to decipher what the binary did? I'm absolutely amazed that you guys were able to discern the specific system that the worm targeted with how little the world knew about Iran's program at the time.
The developers of Stuxnet knew EVERYTHING about the internal systems at Natanz. They may have known it better than the Iranian operators.
@@OTbase Does that mean that spies were involved in the development of Stuxnet? How could they know everything if not more than the Iranian people who worked on it?
@@v19torrent4 it does
lieber Herr Langner, besten Dank für Ihre Darstellung der möglichen Ereignisse, die allerdings einige fundamentale Fragen offen lässt. davon abgesehen, würde ich mich freuen, sie würden den Text gleich auf Deutsch vortragen und die hochproblematische Tonspur reinigen.
What here and on many other occasions is real problem are the standards. M$ Window$ and standard industry PLC. For this kind of highly critical purpose development of custom systems pays off (and that is an understatement).
Fantastic video, really appreciated the information on the additional systems they were forced to build to mitigate the failures they were already dealing with. I wonder how they (the attackers) knew enough about those systems to target them, I understand they intercepted the Libyan shipment to understand the centrifuges, but not their over pressure systems.
You are correct, the attackers could not have known the details of the cascace protection system from the Libyan installation. They must have had an insider at Natanz or one of the contractors.
Good stuff.
Thank you.
who made this its fkn brilliant and deep
Well you've been looking at the person who made this in the video for 30 something minutes ;-)
Mr Langner I had first seen you in the documentary, Zero Days. It seems like your interview was largely overshadowed by those of the NSA analyst and the gentlemen from Symantec. Zero Days was rather melodramatic and so much of the events and facts were smothered by rhetoric and profanity. But your detached, straightforward presentation made you memorable. So of course when i saw this presentation chronicling the events of those three or four years, i clicked. I haven't taken a physics course in years but i followed along as best i could. It was time well spent. You spoke with authority. Your presentation was thorough and clinical ( as much as it could be managed in a fifty minute seminar ). In the most general definition weren't both payloads zero day intrusions? Was it the second one that attacked the Siemens motor controller or the first? Thanks -
William; Hampton, VA U.S.
The only zero day exploits that were used in this attack were in the dropper of the second version. The irony is that zero days are quite unsubstantial for the Stuxnet story -- something I tried to explain to Alex Gibney, but obviously without success.
@@OTbase okay that answers my question. This is all so fascinating. Thank you for the effort that you put into this
Great video! One question that remains : within all the connection between machines that the 4.0 revolution has been bringing to us, will these cyber attacks be more frequent?
So far we have no reason to assume that they will be more frequent. But we must recognize that they can be more severe. More connectivity means more complexity means higher risk that a lot of things go wrong at the same time.
@@OTbase this hasn’t aged well. Definitely more frequent.
What I find weird is that the two domains that were used for updates, SUPPOSEDLY could not be determined to whom they belonged. Like. Every domain in existence is strictly documented. Unless ICANN _itself_ was compromised, it should be dead simple to find who had those two domains.
If Stuxnet can be used to target the dedicated centrifuges used by Iran, then it's just a matter of time that a worm/virus is developed to attack a specific component in any/all electric vehicles.
Question - did stuxnet accelerate and decelerate all centrifuges in a cascade at once? If it was more selective (a few here, a few there), wouldn't the sound difference have been masked by other centrifuges operating at normal rpm?
All centrifuges in six cascades at once. Impossible to miss.
This guy is a G
Can I say the blurry intro was fucking with my head I started looking around and blinking a shit ton just to make sure lol
At 24:40....l experienced ; Unease , dissociation ...and value 6...inconfidance....
The occilations are being disturbed @ 12 %... throughout this video.
( Occilations producing musical note 440- middle C...are now producing b-flat... undoubtedly protocol has been tampered with'''''''')
this guy is the paul harrell of cybersecurity and i love it
cringe.
China is very proactively using its cyber offensive capability against many country.
Please mke a video on that based on your view and reserach.
Anyways it was a very informative video.
ralph du bist der geilste ober eber, bitte mach weiter dein ding
The noise would have been masked by the other running centrifuges. It only targeted a few cascades at a time (164 centrifuges each) and it was over 50 mins. So 164 centrifuges at a time in a room full of 5,000 to 8,000 running.
Wrong. The attack code did not target a few centrifuges at a time. It targets 984 centrifuges at a time. Look at the code.
@@OTbase That is incorrect, the logic targets cascades which house 164 centrifuges each. Nowhere in the code does it target 984 centrifuges because they are controlled as a group and can not be individually targeted.
Interesting. How did the developer know how the systems work in such detail ?
That's the right question to ask. They must have had an insider.
@@OTbase the way you explained it I thought it might have been a vulnerability in the supply chain to the Iranians. After all, i thought that you had indicated that in the beginning at least they were exposed to some industrial espionage.
@@William_sJazzLoft Sure the infiltration came through the supply chain. That's how you jump an air gap.
@@OTbase and it can be certain that the intelligence organizations involved knew that Siemens PLCs were being used.
@@William_sJazzLoft They had full insider knowledge of the automation details
this guy doesnt blink
While it's true there are vendors who gain on exaggerated concerns about industrial cyber warfare, it's also true that funded actors are still launching campaigns designed to prey on weaker links to conduct reconnaissance and potentially pivot into more valuable assets. We are aware of phishing campaigns preying on smaller energy providers exhibiting TTPs not unlike Ukraine, with many of these providers connected to grid providers who control larger 'backbones' of regional grid connectivity. In other words... past performance is no indication of future activity when it comes to cyber warfare, let alone the financial disruption already seen in stories like Go Daddy, Marriott, Sony, Home Depot, Garmin, etc.
I'm aware of this situation and have commented it extensively -- see www.cirsd.org/en/horizons/horizons-autumn-2016--issue-no-8/cyber-power-an-emerging-factor-in-national-and-international-security. That doesn't change the fact that we didn't see successful & substantial cyber-physical attacks in the ten years after Stuxnet.
We haven't seen a big earthquake hit northern California in a while... are we safe, or are we due?
I haven't said that we are safe. I said that we have the means to stay safe.
Thanks. Good doc. Gonna make this get recognized by algo with minecraft relation, viruses, twitch streaming is hot, tiktok 🔥 and pop music
Got any theories for how or why Stuxnet found its way into Virus Total in 2007? Seems odd that the developers with a limitless budget would have used a public tool like that to check for detections and seems weird that they were able to carry on with the operation without Iran catching on for two years if one of its victims thought something was fishy enough to check it out on Virus Total
Israel likely had a mole in Iran to plant the virus. The Mosad are masters at infiltration that is how they won the seven day war, by HUMIT.
@@jascam1 I'm asking how it ended up on Virus Total, not how it got into the lab. Virus Total is basically a giant repository of malware samples scrutinized by the entire netsec industry. Seems unlikely that someone involved in a classified operation would upload it themselves. I'm just curious who did it, was it a mistake made by someone involved in the development or did one of their targets have some passing suspicion about a file on their computer and uploaded it to scan against every AV before moving on? The first sample was uploaded a couple years before the Iranians found out what was going on
It's explained in the Zero Days documentary. A later version of Stuxnet started shutting down PCs, which is how it was discovered initially.
@@cruelolol that doesn't explain how it ended up on virus total a year before its discovery though, that's what I'm curious about
All thanks to the Red White and Blue, thanks to Erik van Sabben!
Best
Great piece! Thank you. It's unfortunate, though, the optimistic closing comments simply don't represent the very real, pretty much unavoidable, potential for significant destruction at some point in the near future. Humans do not have the greatest track record for avoiding self-inflicted disasters. While the tech will undoubtedly advance, humans won't. There will always be a percentage of the population that will only be happy when everyone else isn't, and they are immortalized forever in their version of a heaven.
💯💯
Still StuXnet is is active but with new signature and new tasks
It's difficult to take this guy seriously without him wearing a black hoodie and a Guy Fawke mask.
lol
I can't believe that i found the guy who figured all of this out...
There is one big question remaining though. Why is a German company helping the Iran gaining material to potentialy build nuclear weapons?
Well I think that one is easy: Because it pays well. The deeper question that puzzled me is: Why didn't CIA & Mossad pull the plug when they probably could have?
@@OTbase great question well never know the answer to unfortunately
Just imagine what these great minds could do with their knowledge if they weren't engaged by their nations to build weapons designed to destroy civilized, innocent people and their children, society and traditions..
2:58 that aged like fine milk.
Very good content. Please put subtitles the accent is very hard to understand
Click on the CC button in the lower right corner of the viewer
my dad just put my dumbass on this... voraciously interested!
Les infos d’molina
Pro tip.. increase speed to 1.25 - Ralph speaks VERY slowly..
You know to much…wondering if you and your team was behind all this especially since you also did a Ted talk on this 10+ years ago🤔🤔
It took more than a year to write stuxnet. No way it was completed in 1 year.
Khan!!!!!!
First the target was Irans nuclear facilities, the next target is every man with a phone. We already run such worms and tracking mechanisms on our phone ready to activate the payload when we become an object of interest. A dystopian state with mass surveillance is already a reality. Stuxnet just raised the confidence of these agencies.
People are assuming it was USA and Israel but I’m sure that the Saudis also helped in this project, probably in a financial way. It’s not only USA and Israel that are Irans enemies.
I feel like I should 'unlike' this video asap. However; I can't hit the ; 'Like' button enough!
Hmmmm
Scary ain't it
Stuxnet is/was impressive, but not the first cyber weapon in its class. See for example www.wired.com/2004/03/soviets-burned-by-cia-hackers/
That story could not be corroborated by any other source and a lot of experts say this is false as the equipment used by the USSR in the 80's was entirely mechanical and had no such electrical input/output system for their equipment.
Take it as a ⚠️!!!! You better show the correct map of india
Lmao loved the comment about activists
Great video and content, annoying music.
Thanks for the feedback!
I disagree. I thought it worked well. Maybe it was just a bit too loud in the mix.
Too many nerd words I don’t understand, please explain this to me like I’m 5
I would if I had the time. Plenty of other videos for you on UA-cam though.
@@OTbase🤣🤣🎯that’s right.