The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar
Вставка
- Опубліковано 27 бер 2024
- Stuxnet was a sophisticated cyber attack on an Iranian nuclear plant that may have changed the nature of warfare forever.
This episode of Cyberwar first aired on VICE TV in 2016.
Help keep VICE News’ fearless reporting free for millions by making a one-time or ongoing contribution here. - vice.com/contribute
Subscribe to VICE News here: bit.ly/Subscribe-to-VICE-News
Check out VICE News for more: vicenews.com
Follow VICE News here:
TikTok: www.tiktok.com/@vicenews?lang=en
Facebook: / vicenews
Twitter: / vicenews
Instagram: / vicenews
More videos from the VICE network: www. vicevideo
#VICENews #News
Reminder, this episode was from 2016, 8 years ago.
Edit: Vice news is really wanting us to endure 2016 again
Yes, important reminder
Check out darknet diaries with my boy jack... current hacker ish
Maverick got enough time to push it on big screen.
Thank U. Saved me the watch.
JUST A FRIENDLY REMINDER------ America is in violation of the Symington Amendment by giving aid to Israel when they haven't signed the Nuclear NPT, and promote terrorism on Iran when they seek to develop their own energy program.
Thanks to Vice you can relive 2016 again and again, and again and...
Again?
And again
And again until they get their ad views
Thank you, therefore I won't watch the video and will instead dislike and report!
Yes, but you wouldn't believe how many people don't know or understand Stuxnet. This episode is great for people to understand cybersecurity, politics, etc.
vice if your gonna repost old articles at least include the orginial post date and the tag #repost or something.
The descriptions says it’s a repost
Yeh but they could have atleast put it in the dam title smh@Duckduckobtusegoose
@@kieronluke4657it's not hard to read the description. can you not understand anything that's not hashtagged?
324,185 views Mar 28, 2024 #VICENews #News
Stuxnet was a sophisticated cyber attack on an Iranian nuclear plant that may have changed the nature of warfare forever.
This episode of Cyberwar first aired on VICE TV in 2016.
@@og666 it's not hard, but the issue is that it is hard to know the description is important. Titles have the benefit of being on screen all the time (PC, non-full screen) and hashtags have the bonus benefit of popping out from being a different color.
whats crazy to me, is that my highschool in 2010 didn't allow unauthorized USBs to be plugged in we had to go to the tech room and show the usb to a teacher and he had to scan it and give it a little sticker saying it was ok to use on our laptops, but the Iranians at a nuclear facility didnt do this. wild
edit: Irans
I doubt that’s how it happened… most likely the engineer was paid by intelligence to bug the system
This was not your run-of-the-mill worm. Your teacher's antivirus would not have seen anything, that's whata 0-day attack does. It is called that because 0 days have transcured since the attack has been discovered by security companues and therefore no countermesure to that attack exists yet.
And the method used was to inject this worm in as many normal computers in the world as possible so that everytime a technician would break the air gap to import some code he would have more and more chance to be using a pen drive that would have been previously inserted in an infected computer. I don't remember the exact number but when Stuxnet was first reported on it had infected an astonishing number of computers worldwide, something like 20 percent.
@@Freiheit1232ok, but what dude is saying is Iran should of had something in place to protect itself from just some bad actor plugging in a USB stick into a computer and taking down their entire operation. AMATEURS! Hahaha
You would be surprised to find out in some second / third world countries this thing is still going on in governmental building. Simply because security protocols are overseen by employees, and security awareness is just something from a check list that nobody cares but they all sing the paper because is the norm.
@@sforza209 There would definitely be a way around such a system whether it is a high ranking individual at the plant or someone who just bypassed security protocols
YALL GONNA MAKE PPL FREAK OUT 😂
emotions will be tugged
People that are helpless and don’t have guns lmao
JUST A FRIENDLY REMINDER------ America is in violation of the Symington Amendment by giving aid to Israel when they haven't signed the Nuclear NPT, and promote terrorism on Iran when they seek to develop their own energy program.
@@crackerjack2303Hiroshima’s pistols did nothing
This story is about 10 years old tho lol
The delivery method is incorrect. It had since been revealed that it came in via a part that was infected, not a usb.
Wayyyy more impressive tbh😂😂 them boys at Siemens hooked them up😂
Something stolen: USA did similar to the Soviets back in the day.
Source
According to the dark research that came out 5 years ago, it was attacked through the HVAC system.
Also the threat analyst misdefined zero day as a zero click attack, I guess fact-checking isn’t one of Vice’s strengths
Remember that this episode was from 2016
It's also a bit inaccurate. The first known cyberattack dates to at least 1982 with software that caused specific massive damage being inserted into natural gas equipment destined for the Soviet Union. It triggered.""The result was the most monumental non-nuclear explosion and fire ever seen from space," he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982." (Washington Post).
USA is the main threat
Sure
Episode is from 2016 about an event(s) that happened in 2010. And the details are very watered down.
Interesting how this episode is more relevant today than in 2016.
"We demonstrated the capability that you could have devastating physical impacts by cyber means" That seem like an accidental admission.
Interesting how an IT engineer did not know what a PLC was.
A USB stick in your work machine. That has not "formally" been permitted since early 2000's in most commercial organizations that I have done business with.
Things like that wouldn't ever be a standard educational criteria until there's an issue. 😅😂
@@tonywalker4207 None of them will ever forget what a PLC is now.
Because an security researcher (as you call it "IT engineer") is a software engineer and not an electrical engineer...? Do you think that all electrical engineers can complete a malware analysis because they are an engineer?
@@jjann54321 Valid (excellent) point. In particular for "stick to your lane" type engineers.
But the very best among us, including hackers, tend to be multidisciplinary. Mitnick's M.O. was less about tech and more about social engineering.
As a "security researcher" it is important to be aware about the most basic instruments used in (critical) industry.
@@TriAngles3D Totally unacceptable to have zero clue what a PLC is. A cursory understanding of hardware systems is a must for softdevs.
Vice is killing it. Wait this is not zero days old?
Vice exposing things that can get us all hurt.. like we really want Iran to have nukes? Tf they doing.. like Snowden.. all that for what? To live in effing Russia? Lmfao
4 zero days in one piece of malicious code is beyond insane.
That crazy man
That's probably $10m in value right there...
@@Fatman305 Way way way more. A single zero day exploit that requires zero user input to execute can fetch up to 20 million dollars.
I don’t know about them but I believe you.
@@jiszle697 I was wrong, the other way. It likely cost less than $1m back in 2010. Look for Forbes article from 2012 "Shopping For Zero-Days". And note that even those ~$100k high-end exploits back in 2012 were much cheaper a few years earlier: "This is very different than in 2007, when researcher Charlie Miller wrote about his attempts to sell zero-day exploits; and a 2010 survey implied that there wasn’t much money in selling zero days. The market has matured substantially in the past few years."
0 day means a technology virus we don't currently have a solution for. It literally means day 0, the first day of the existence of a new virus. It has nothing at all to do with the capabilities of the virus.
Yes, zero-click was what they were talking about.
I wish they would date it in the head line instead of using it as click bate. Other wise well done.
Nuclear power plant worker here, if someone was determined enough to attack a power plant and cause radiological sabotage... you're fucked. The NRC requirements aren't high enough to protect against modern threats.
*stares in nuke worker at a plant with 1950 tech that's never heard of the Internet*
I mean, they could crash our email and make it hard to watch UA-cam but, actually a threat to radiologic safety? Nah, we good.
I heard power plants controls are so confusing even the hackers are like wtf lol
@@EyeKnowRaff yes there's plenty of antiquated tech but they're modernizing it with ICS
@@will201084that’s 🧢 they have old ass plc’s anyone can go online with and make edits
The interesting thing is that the guy who likely planted it. Who was a dutch engineer , died in a one sided motor accident a few years later in Dubai. He was likely recruited by Dutch intellegence services. Who handed him over to the israeli and US services. The strange thing is that most of Dutch officers who were actively involved by recruiting him had no idea that this happened. The whole operation was so fractured that people only know about their small part. Which makes it impossible for most people to actually know what was giong on. Which is the power of the organisation. Even high Dutch politicians did not know what the Dutch role was. And it is still is a mystery till today.
One big difference is your HS was very much connected to the WWW whereas Iran though it was "safe" because this nuclear facility was off the grid w/o WWW access, and they apparently overlooked the potential of an internal threat....with a USB with not 1, not 2, but 4 Zero Day exploits. That gives 4 potential completely separate attack surfaces within Stuxnet. I'm impressed that your HS scanned thumb drives back in 2010 before allowing them to be plugged in.
RIght, this guy is a fraud just like VICE itself. Real hard-hitting journalism when Mr. "Hacker Tracker" over here doesn't even understand simple concepts like air-gapping, as if his lie about his USBs being scanned that long ago even matters. Also that would go against the premise of air gapped systems where most likely whatever is scanning the USB was currently or previously network connected (especially to the WORLD WIDE web) LMAO. Stay safe brother and God bless.
This is such an insane story. Cyber security is still such paramount importance in 2024 and I feel like a lot of people are still very unprepared or uneducated about proper security.
Very much so! I'm been in cyber security an other aspects of the industry for many years and I'm still learning.
Its terrifying to think that there are cyber weapons out there that could dictate if we live or not
there aren't. in order to pull something like this off you need years and state resources. like a complicated spy mission. its not like some child can inadvertently do this in a fit of immature rage because the virus is just floating around
its possible that russia or china could do this to some US infrastructure, but only if it was a long term concerted effort with many people involved, as it was for the allies that launched stuxnet
@@HanTheProphet This video was from 2016 8 YEARS AGO PRETTY SURE THEY'VE HAD ENOUGH TIME TO UP THEIR GAME!
@@HanTheProphetever heard of an emp?
@@MommaBear_316Security has had 8 years to evolve as well. It’s a classical arms race. All it takes is for one to get through, yes. But how many are going to face back at you? Techwar has to obey MAD like anything else.
@@HanTheProphetare there, or are there not? You said both lol
0day is just an exploit that has not being disclosed yet.
Yea he didn’t explain what a zero day was lol .
@@inility57722:35
Uncle Sam ain’t gona do that for a while baby 🇺🇸🤠🤩 💪
Pretty wild that the SysAdmins in the nuclear plant didnt block USB drives on their PCs. Pretty big oversight for something that sensitive.
Infected part not a usb stick
James Actin is not an expert on the IAEA. He is incorrect to say that the Fuel Enrichment Plant at Natanz is too small to fuel a nuclear power reactor. In fact, Natanz has a capacity for 50,000 centrifuges, sufficient to provide fuel for a 1000 MWe reactor such as that at Bushehr!
I really like this segment from vice. I wish they would continue it!
Oh man!! When I watched this for the first time by downloading it via a torrent, it was surreal! Now, after 8 years, it is nice to see it available publicly and I can share with everyone. This series was great! Can't wait for the Russia episode.
The more time goes by and information becomes more available new things are becoming apparently more common helping us to understand the complexity of the internet
Very informative. Thanks for the research
Excellent video. Very interesting, informative and worthwhile video.
Symantec security: discovers super weapon attacking bad guys
“We should let everyone know about this”
I prefer a security company to be as neutral as possible...
Agreed. Better than being like Kaspersky and their engineers getting arrested if they don't do what they're supposed to.
Your idea of "bad guys" are not the same as everyone's idea of "bad guys."
it got out of control and spread through numerous other countries.
Symantec security: discovered super weapon that could wipe out lots of people at once and directly cause international wars
"We should let everyone know about this"
Stuxnet was old even in 2016, now its really old, thanks Vice
Now this great journalism !
When he threw the blank pieces of paper, that really hit home.
10:06 Literally shows us it being on the charts
Did he just admit it was the US at the end there? "We demonstrated"
Yepper
they did actually.
😅q7@@ROBLOXGamingDavidthe i8776677u7766😅
U.S. sabatoging something Iranian sounds about right.
You really thought you did something huh
For anyone wanting a more up-to-date insider look at this event, read "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age" by David Sanger.
I work on PLCs occassionally as an electrician and they control everything industrial. Suprised it took this long to realize even if this is from 2016. Not much has changed as far as PLC security thats for sure
Stuxnet was the start of a new era
by then, it is already as dangerous as it can get.
Stuxnet was dangerously used & it came back to hurt us. But it was an incredible Team effort to pull this off.
So its a real life Skynet without an A.I.
Awesome to see Vice bang out great content
As a Power Engineer and PLC user this scares the hell out of me ..
parts of stuxnet is what affected the ship that hit the Baltimore Bridge.
21:37 I consider this statement as an admission of responsibility
Who wants Captain Crunch?
me me meee
Yes
so glad im a cybersecurity major rn
Iran running Windows legally is impossible since Microsoft would never sell them license keys.
It’s called looking up windows keys, Microsoft actually doesn’t stop it because then they have more people on their OS
when the facts do come to light this will be a great movie
Zero-day: if found, it is kept and not reported to the developers by the agencies for precisely this reason (to be used when needed).
Wait when he said ‘normal malware doesn’t go after control systems’ was he referring to malware outside of international cyber-terrorism? I understand that most cyber attacks are most clandestine but surely it’s not unheard of for them to go after control of the particular infrastructure/government facility
Do you think a normal malware could infect an unknown operating system? You know windows,mac and linux. However a nuclear power plant OS does not use any of those. So it can only be of someone that understands how a nuclear power plant operates from the infrastructure/bare level. Look it is easy to figure out if you just think a little for a few mins.
Wait till Ai comes to cyberwars.
The code was inputed so after it was all put out then the ransoms could happen
i remember a boeing engineer was telling me stories about how they'd put code in usb sticks that would get sold to russian nuclear plants and how it would slightly alter their output somehow to make them less efficient which caused massive losses over time.
It was a programmer in Minsk who first discover Stuxnet
Anybody else notice that the interviews were sped up?
Very educative for cybersecurity education
What’s with y’all refurbishing old news that y’all already covered lately?
The thing with sanctioning Iran for so long is that they have learned to develop their own home grown versions of weapons.
This could eventually spell disaster and backfire on the U.S and Israel ... Just saying. 🤔
You made some valid points.
That's a good point you made.
Yup if they did not sanction iran, they could pull more of these stuxnet type attacks. Now everything in iran is anti-stuxnet. 😂
3:04 really? You’re misdefining a crucial term 3 minutes into the entire video? That’s so shobby
It wasn't attacking a nuclear plant, it was looking for a specific configuration of PLCs that operated centrifuges for enriching uranium.
...within a nuclear power plant
Yeah so when the plant pops it will be an "unfortunate accident"
Nuclear *enrichment* plant, not a power plant. Massive difference in intent.
So why would Chen and Symantec broadcast they found Stuxnet, determining it was a weapon and being used against Irans nuclear weapons program? Great they had the skill and fortitude to detect and decode, but why rat out the ‘rat’ being used against a larger rat?
That’s what I was thinking the whole time while watching this
I'm surprised they didn't get a call from Mossad or NSA to keep quiet
Because it was already detected by a Belarussian company. If they kept quiet, that's just a clear indication of something shady.
Exactly it's because they were in help programming this with the United States government to demonstrate what its capable of
Why are there still people that genuinely believe that, in this time and age, causing geopolitical trouble will leave them unharmed?
I worked on Siemens LOGO industrial controllers at the time...this is interesting...
Upvote if you came back from year 2032 to re-watch this.
And here I am in 2232 and thinking 🤔 You made a typo.
They are currently in conflict... Except their parents were able to be vocal
Yeah I seen a video on this a little while back. It was a USB from memory that infected the system.
Genuine question is the interview tripping sack during the interview with the guy from Symantec? Pupils are absolutely massive for being in a lit room
Some people call Stuxnet the opening battle of WW3.
i love this version of Vice, not the political one
If vice stuck to investigation journalism like this they would still be viable today
Explanation of "zero day"..... Having such a "specialist" provoke not only them..
They did that guy super dirty with the thumbnail lmao
I'm guessing there won't be a new season :(
Considering this video is almost 10 years old, nope.
Trojan horses were the first cyber weapon and that's arguable.
Thank you VICE NEWS
More videos about hacking even if its a old video but you guys should make cyber warfare videos
Sounds like someone is setting us up for a “checkmate “
There was an attack on a uk power station two or three months ago in the uk
Excellent reporting.
Well this is just the problem of having cyber and techonlogy can cause alot of problem from computers and such that is upholding the systems in reacters and cause an meltdown which is just crazy and should not be allowed too do and should be supervised.
The explanation in the beginning of what a “zero day” exploit is not really correct. It is a cyberattack that takes advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. The term “Zero day" refers to the fact that the software or device vendor has zero days to fix the flaw because malicious actors can already use it to access vulnerable systems.
Second, kinetic really shouldn’t be applied to missiles bc a “kinetic energy weapon” is one that doesn’t use explosives but rather speed/density to destroy something….
*For example think of a missile* : and how it delivers its payload
Wonder what happened to this insider. He probably was not a systems administrator, network security person but a programmer.
looks like ill have to step in.
Need to keep making content like this.... hopefully
What's interesting, since this aired Iran is one of the leaders in AI research. US firms tried desperately to recruit Iranian engineers but trump refused to allow it. That's why companies in Silicon Valley opened up research facilities in Canada and Europe, so thy could hire these people.
If Iran is one of the leaders in AI research then how come Iran hasent come out with a leading tech company till now just like China?
@@arbaz79You mention two state run economies and question why private corps haven’t upset them in the same breath.
Yep, they are now hacking the states that hacked them back then. Not extraordinarily, but still, they are now advancing.
With amazing reporting like this it's hard to understand why Vice went bankrupt. Who's uploading these?
According to the investigation published by De Volkskrant, Dutch Engineer Erik van Sabben, an agent of the Dutch General Intelligence and Security Service (AIVD) is responsible for introducing Stuxnet to Natanz. He was died in a motorbike crash near his home in Dubai two years after the operation.
After the first few seconds of this I WORM.
Whyfiles Stuxnet episode was really good
Humanity is incapable of ignoring the cat once it's been taken out of the bag.
Uncle Sam is the cat, the bag, and the person holding the bag with the cat in it 🪄 🧙
Gosh the amount of times this has been covered.... is Vice using Microsoft Edge?
Remember that Francis Scott Key Bridge, a cargo ship crashed in Baltimore.
That wasn’t the only bridge that night either
"It was an act of war without there being a war...."
Get real, there is always a war.
Uhhhhhhh didn't Australian Media report on this approximately 15 years ago?
Why did the major company disclose this to Iran?
Full disclaimer I work with mostly competitor products but wow...Siemens: From Concentration Camps to Iranian Nuclear facilities. (According to the Siemens website and this video.) Too bad I can't bring this up in a business meeting without looking like an ass, lol. Sometimes being P.C. blows my mind.
All people talk about is that it is from 2016. Dont you guys see that this topic is worth a repost? I had not heard about this, and think its a very important topic. Nuclear plants really need more security, like being made of really strong reinforced concrete, so a normal missile can not create a much bigger disaster than a nuke. Nuclear waste from power plants last for over 1000 years, while the radiation from nuclear fallout typically last for just a little over 100 days. Sooner or later, a terrorist group with explosives will force their way inside a nuclear power plant, and create a meltdown.
Plc's like siemens, allen bradley, sneider were not built with security in mind. These are in all systems in warehousing, factories and energy grids around the world.
And the more advance the country the more vulnerable they are.
True! Easy to hack! Still 😂
Entering into Cyber Security, I can’t decide whether this is more interesting or more horrifying
Stuxnet is proof of the capabilities of malware. Sure it might have failed but lt was also in a sense a show of force
I just watched this movie with Gerard Butler
It clearly says "This episode of Cyberwar first aired on VICE TV in 2016." Don't panic!
April 8th we must prepare 🙏🏿