The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

a secret facility in Iran renews fears of a nuclear threat the nations of the world must not permit the Iranian regime to gain nuclear weapons a computer virus that has never been seen before this isn't two kids in the basement in Kansas throwing some code together the virus sabotages that secret facility it used very Advanced capabilities to cover itself or obfuscate itself who built it in why is a mystery this was an act of War it was an act of War without there being a war stuck is the world's first known cyber [Music] weapon there are conflicts being waged all around us ones we can't see hackers are poised to dominate the 21st century reshaping geopolitical Landscapes sometimes on behalf of terrorists but often for governments or just because they think it's right as a reporter I've been covering National Security for vice and increasingly my job is to track these digital battles there's one computer virus that really showed how far everything had come in the early 2000s the US began to fear that Iran it's sworn enemy since 1979 was secretly developing its own nuclear weapons the UN responded with San s the US and Israel threatened war and then a mysterious computer virus dub stuck net appeared in June 2010 we're head to sanch yes the same company that's protecting your desktop from malware to talk to an engineer and expert who forensically took apart stuck net and figured out that it wasn't just some run-of-the-mill trojan virus I got in touch with sanch security researcher Eric Chen he did some of the most in-depth analysis of the virus when it first appeared the average threat that we look at can take us 5 to 20 minutes to look at and we know exactly what it does and stet took us months more than three months to look at so it just can give you a sense of how difficult how large and how complicated uh the threat was so why don't you tell me how you discovered stuck net so basically what happened was another security company that was based in b Bru uh found this binary and it had something in it that was called a zero day why don't you tell me what a zero day is a zero day basically is when you have what's called a vulnerability or you have a hole sort of in your computer a bug of some sort that allows someone to execute code on your machine without you knowing it your computer just has to be on and maybe even connected to the internet and that's it you don't have to be logged in you don't have to be browsing the web you don't have to double click on any files and so that means you have no way to protect yourself what about it had you never seen before an average threat doesn't have any sort of exploit inside of it this thing had four zero days inside of it what sets a zero day apart is that it's a security flaw that there's no fix for Zer days are incredibly rare and for that reason incredibly valuable what was the specifics of it that set off an alarm there's these skada strings inside skada basically is technology that's controlling uh robots and and automation or power plants and and things like that and we had never seen a threat that mentioned anything to do with scada this thing could actually be attacked some sort of national critical infrastructure this isn't like two kids in the basement in Kansas throwing some code together this thing had a full-on framework clearly had quality assurance behind it here we're talking about something that is just orders of magnitude greater than we've ever seen before as their investigation deepened Eric and his team realized stuck net was designed to Target computers using Seaman's proprietary software called Step seven what first caught our eye were all these strings like S7 and we began to sort of Google those sorts of strings we saw wicc and we saw step 7 and when we looked those up we determined that this was actually software that would control plc's plcs are programmable logic controllers computer systems used for converting digital code into physical commands that automate everything from Factory Machinery to heating and cooling systems Eric now found himself in unknown territory so we reached out to the International Security Community we were sending out blogs all throughout that summer telling people if you're a PLC expert if you're an expert in critical National infrastructure contact us because we didn't even know what a PLC was at that time Eric and his team learned that plcs are extremely vulnerable to cyber attacks but he still didn't know which machines were the targets this sophisticated malware or malicious code was detected on Industrial Control Systems around the world cyber security analysts were puzzled at the same time Homeland Security was also trying to understand the virus Sean mcer was the director of enck the Cyber branch of the Department of Homeland Security when Stu net was identified what did your team see when they took it apart well the first thing we saw was that it was very sophisticated and its Communications capability so if you think of stuck net like a kinetic device like a a missile you had um the delivery vehicle you know that that which put the payload on target if you will and then the payload itself and they were very unique characteristics to both um Stu Net's ability to do digital reconnaissance without control it was essentially a a digital you know fire and forget type of approach the fact that it used you know four zero day vulnerabilities to gain access to the network is something that you had not seen in code before uh someone willing to risk that many zero days in order to get an on place and then when we saw the payload part which was actually specifically targeting an industrial control environment that's really for us became a a very significant event because Normal malware doesn't go after control systems and this was specifically focused on Control Systems it was non-stop for weeks um this was all we thought about all we worked on and you can imagine it was a really big shift from what we had done before the average threat we would finish in 5 to 20 minutes and here we were sitting on the same threat day after day hour after hour night after night and you know we weren't getting bored every single day every single week we were discovering new little Clues new little breadcrumbs that kept us going and kept us digging and kept us looking um until basically November when we finally figured out that this thing was indeed sabotage uh on the towns in what was basically an accident Eric and his team found themselves embroiled in a real life International Spy Thriller complex militia code had been written specifically to take out Iran's nuclear facilities while its authors remained in the shadows in 2002 the world discovered that aan had been building a secret uranium enrichment facility near the town of nutans the stuck computer virus has a direct link to this controversial plant the fact that Iran never declared the plant made it suspicious that was a breach of Iran's obligations James Acton knows nuclear policy inside out he also keeps tabs in the work of the ie a or the international atomic energy agency the world's nuclear Watchdog can you tell me what the climate was around the discovery of nans you know Iran's a member of the non-proliferation treaty and one of the requirements of that is that uh you're allowed to do pretty much anything you like in the nuclear field short of building a bomb but you have to declare it uh and not declaring nuclear facilities is a violation of your agreement with the Ia it found activities that look very much like what you wanted do if you'd build a nuclear weapon and why were they so interested in in the N like why was it the straw that broke the camels back nans was a controversial plant because um you know firstly any enrichment is inherently sensitive it's inherently dual use you can use it for fuel production or you can use it for nuclear weapons production the size of the plant was suspicious the plant's actually too small for a civilian plant uh military plants don't need to be as large as civilian plant so it was scaled as though it was right for uh making uh enriched uranium for weapons but wasn't the right size for uh enriched uranium for nuclear reactors the the discovery of um um the Iranian program did cause a lot of concern I mean there were a lot of countries who would genuinely and are genuinely very fearful that Iran would get the bomb and fearful of the consequences of it doing so Iran aggressively pursues these weapons and exports Terror States like these and their terrorist allies constitute an AIS of evil arming to threaten the Peace of the world Iran denied that nans was being used to produce nuclear weapons still its government bowed to pressure in 2003 and temporarily suspended uranium enrichment and processing activities at nans then in 2005 newly elected president Mahmud amadin Jad defiantly restarted the program within months the facility at nans was up and running and enriching uranium all over again concerned the UN osed sanctions by 2009 Israeli Prime Minister Benjamin Netanyahu challenged the us to stop Iran's nuclear program the most urgent challenge facing this body today is to prevents the tyrants of Teran from acquiring nuclear weapons Netanyahu was privately considering air strikes on nans it's during this high stakes political standoff that stuck net is detected in June 2010 in in fact stuck net was found in countries around the world but infection rates in Iran were off the charts and at the plant in N tons centrifuges were breaking down at unprecedented rates Stu Net's design is complex but its operation is deceptively simple like a security camera the virus records 30 days of normal center fuge operation while it hides in the system then when stuent attacks the centrifuges it plays back the pre-recorded data so operators on the outside can't see the infection raging within the [Music] centrifuges and those 30 days were not a coincidence that's how long it takes basically for a Cascade of centrifuges they basically get fully loaded with uranium gas so they wanted to basically have their sabotage effects happen right at the peak moment and caus the most damage so the centrifuges in it hands normally will spin at 1,000 Hertz and what the threat did was spin up the centrifuges to either 1400 Herz to be really fast or slow them down to two Herz to be really slow and what would happen is when they spin up really really fast centrifuge would basically vibrate uncontrollably and just shatter and you would have literally shards of aluminum flying across the room maybe a domino effect of centrifuges falling and toppling on each other and uranium gas leaking everywhere eventually they would hit the big red button to cause shutdown stet was smart enough to also hijack that that big red button went through a computer as well and they hijacked that code and basically would ignore it and allow their payload to take effect once it was inside it was Unstoppable they were doomed yeah The Operators were doomed the plant was doomed stuck net was the first digital weapon known to have physically destroyed its targets but the computer systems at nans weren't connected to the internet so how did stuck net get inside the system by 2010 it became evident that someone had decided that measures more drastic than sanctions and less spectacular than air strikes were needed to slow down Iran's nuclear program because out of nowhere a mysterious superv virus named stuck net was sabotaging an Irani nuclear facility but the computers in the facility weren't online so the question remained how the virus got inside the system I went to find darknet J an operational security expert to understand how stuck net could have infected them so how did stuck net jump the air gap and infect niton it jumped the air gap by traveling on a USB stick that was placed into the computer from someone darket J replicated the USB exploit to show me how stuck net infected the computers and N tons all right so what happens is you put in the USB you open up the folder Windows looks for an icon which is a malicious payload that can write to system I have it opening calculator so once the intended target opens the folder with Stu net inside of it what happens next essentially you can have complete control your computer meaning that can write anything to the hard disk it can grab credentials from the internet if you put them in at the time uh it can also propagate itself inside of your local area network wow it's Keys of the Kingdom that meant someone physically walked stuck net into the Iranian facility likely an unwitting engineer with an infected USB inside the virus wreaked havoc Center fuses were destroyed and the Iranians were clueless but then Eric Chen and his team at sanch announced the details of stuck net to the the world in a blog post then naton shut down most assumed Iranian authorities finally understood the mess they were in and we're trying to clean it up after that two Ronan nuclear scientists were targeted by motorcycle riding assailants who slipped a sticky bomb onto one of their cars one was killed the other seriously injured it appeared whoever was behind stuck net went to plan B soon after the Iranian president admitted a virus caused the shutdown in nans he blamed Israel but couldn't back it up with any hard evidence the assassination sent a chill through the cyber security community did it make you a little bit nervous we would look in our River mirrors all the time and you know I would see a motorcycle and watch them closely it definitely wasn't lost on us that we were in the middle of some big geopolitical Affair Iran openly accused Israel in the US of being the masterminds of stuck net I want to talk to someone who was trying to stop the crisis from escalating further beautiful day Jamal Abdi is a foreign policy analyst for the national Iranian American Council and has advised Congressional members on relations with Iran people like myself who were trying to broker a diplomatic solution trying to figure out an off-ramp from these escalatory moves I really thought this is a extremely bad term what was the reception of stuck net in Iran how did people feel about it I I I think the Iranians very credibly belied that Israel was behind this and then there was also just the fact that there were all these other sabotage efforts that they believed Israel was connected to Israel was in many regards the driving force against Iran's nuclear program and then you have a Hardline government like Amad that's essentially inflaming the issue it was how do we slow that down as much as possible because we know we can't stop it but it wasn't until 2 years later that the New York Times published an explosive story revealing the US was behind stuck net unnamed officials told the paper the US created the virus with help from Israel it was part of a covert operation dubbed Olympic Games the allegation set off a political Firestorm so Federal probe was launched to investigate the leak but in 2015 the investigation was put on ice over us fears of what might come out in court for me it always comes down to the leak investigation you don't launch a leak investig for a covert operation you didn't do Kim zeter has been covering the stuck net story for Wired since the virus was first discovered the United States like they did stuck net I don't think that there's a question that the US is behind it I mean it's not even something that I think that we you know have to sort of debate Stu net was a Precision weapon so it would never destroy anything except what matched a very specific configuration and you can see lawyers uh fingerprints are all over Stu net I think that's the first time I've heard someone say that lawyers fingerprints were all over stet you can see that as they were designing this the lawyers would have had very tight uh restrictions uh for controlling this they would have told the developers this can only affect the systems that are targeted you have to write this in such a way it likely blocks out two major nation states that could have done it China and Russia I'm not sure they would have cared too much about the legal implications exactly this was so this was one of the reasons that uh people were so certain it was the us all of the available Clues suggested that stuck net was a joint us Israeli operation but government officials have gone to Great length not to acknowledge it see the evidence is lacking I I think that there is no clear um complete evidence or uh even complete indication that uh it was one country or another to this day the US government will not confirm or deny its role in stuck net stuck Net's Architects might want to stay in the shadows but around the world other governments took notice of the Cyber weapon they' Unleashed when security researchers found stuck Ned and publicized the discovery of the destructive malware they inadvertently brought a covert operation to a premature End by the time we discovered stet it's believed that it already had delivered its payload at least once so I'm sure the attackers would prefer that it wasn't uncovered um because maybe they could have continued or or continued further operations but it at least accomplished its goal at least according to the Ia documents that showed that uh a few thousand centrifuges were were destroyed destroyed um just before 2010 but what effect did it have on the nuclear standoff between Iran Israel and the West you know looking back on this there's no question that it slowed down the program was it a successful attack in that sense it kind of partially depends what you mean by success I think Stu net probably played a role in convincing Israel not to attack Iran and giving diplomacy more of a chance stuck net may have just slowed down Iran's nuclear weapons program by 6 months to 2 years buying time for deploy Acy but it didn't exactly stop Iran from pursuing the bomb do you think it was effective it was you know one step forward two steps back it delayed Iran's program certainly I think by several months maybe a year but it also politically it convinced Iran that they were under siege it made an argument a case for why Iran needed to have capabilities to counter cyber warfare as well as capabilities to defend the country if Iran wants to develop nuclear weapons they can nuclear weapons this is not a technical decision it's a political decision and stuck net was a technical response that maybe on a technical level slowed the program down but on a political level actually helped to accelerate the program so I think in that regard if you're looking at actually preventing Iran from developing nuclear weapons or convincing them to not go down that route stuck net was a failure finally after years of crippling un sanctions Iran agreed to limit their nuclear program in 2015 exchange for partial lifting of sanctions but by deploying stucks net the US and Israel had triggered a different kind of arms race this was an active war and it was an active War without without there being a war if you drop a bomb on someone they know that they've been attacked right but in digital Warfare you may never know that you're under attack the US opened a door um that everyone is going to walk through now in Iran was stuck that scene as an act war in Iran it was it was seen as an act of war and there was sort of a question that was opened up did the United States just declare war on Iran um it's such a gray area though so I think that even now people are still kind of trying to figure out whether this constitutes war or not but technically technically it was and I think inside of Iran it was really viewed that way and I think it really opened a lot of eyes inside the establishment of Iran that they needed to get Savvy in this field to be able to defend as well as attack and so you've got the you know the formation the Cyber Army inside of Iran that was initially really much really aimed at activists inside the country but then after suet it became even more formalized all kinds of money was poured into it because this was now not just an internal threat but an external threat it spurred Iran to be more offensive it spurred everyone to be more offensive that's the thing it's not Iran there are there are other people to be worried about than Iran all of that together has created this arms race of other countries would you agree that it was the dawn of a new chapter in cyber warfare the expected response is that a lot of other countries now are establishing offensive cyber operations they don't want to be left behind stuck net had launched the race to militarize cyberspace and the more the world is connected the more targets there are for attack countries around the world are racing to design new malware for the next generation of warfare do you think it's going to become another tool in the toolbox of War absolutely stuck net to me was the Trinity moment and by that I mean the first Trinity explosion you know demonstration of a of a nuclear detonation in New Mexico we demonstrated a capability that uh you could have devastating physical impacts by cyber means it was a bit like the bomb once the secret was out people started getting it for themselves we started recognizing that there's no putting this back you know the key was turned the lid was opened and everything in Pandora's Box was now out in the open and there was no way to get it back in stuck net was the world's first known cyber weapon it set the stage for a new kind of War one that will play out on a digital Battlefield

Info

Channel: VICE News

Views: 767,223

Rating: undefined out of 5

Keywords: stuxnet, cyberwar, syver weapon, cyberwarfare, computer worm, The first known cyberweapon, code, machinery, war, nuclear plant, Israeli intelligence, Iranian nuclear program, computer systems, zero days, windows, sabotage operation, United States, israel, Operation Olympic Games, Obama, Bush, centrifuge, White House, Israeli Defense Forces, VICE News, VICE News Tonight, VICE on HBO, news, vice video, VICE on SHOWTIME, vice news 2023, uranium, isotopes, PLC, USB stick, internal network

Id: dobTyPKccMA

Channel Id: undefined

Length: 22min 19sec (1339 seconds)

Published: Thu Mar 28 2024