Hey, Thoughty2 here Kevin Mitnick is an American computer hacker, who served five years in prison. Some of that time was spent in solitary confinement. Mitnick was not violent. So why, you ask, was a humble computer geek forced into solitary confinement? Because law enforcement told the judge that Kevin Mitnick could start a nuclear war by whittling into a payphone. It was thought that he could use a prison payphone to hack into the modem at NORAD and launch nuclear missiles. Nine hundred years ago, Genghis Khan and his army formed the largest empire in history, by shooting arrows from the back of horses Five hundred years ago, the House of Lancaster beat the House of York in the War of the Roses, using swords, armor, and wooden siege weapons. One hundred and fifty years ago, the North won the American Civil War using cannons, rifles, revolvers and sabres. One hundred years ago, the Allies won World War I using rifles, machine guns, flamethrowers, mortar strikes, tanks, aircraft, and chemical weapons. And, of course, seventy years ago, Germany and Japan were defeated in World War II By a variety of opposing nations and, in the end, nuclear weapons. But something was different this time. World War II wasn't won primarily through brute force and superior physical weaponry like each and every war before it - it was, in part, won through intelligence and computers. Whilst mathematician Alan Turing was working at the top secret Bletchley Park, he broke the Enigma code and allowed the British to instantaneously decode all secret German communications. Turing created a very early mechanical computer he called the Bombe which allowed him and his team of codebreakers to crack the Enigma machine. Once cracked, the codebreakers knew the location of every German U Boot attack before it actually happened It is often said that Alan Turing's genius innovation played a pivotal role in winning the War. Winston Churchill himself said that Turing made the single biggest contribution to the Allies' victory. But this marked the start of future warfare. The face of global conflict had been altered for good. Long gone are the days of men on horseback, with bows, swords and rifles. For the wars of the future will be fought online. This means, of course, that the Genghis Khan of the future could be a fourteen year old boy in his mother's basement building his empire through computer code. That doesn't sound quite as epic as thousands of Mongols riding through the mountains, I have to say. Today, combat based warfare is far too great a political risk so more and more world governments are turning to cyber warfare instead. Cyber warfare has one incredible advantage over troops on the ground and drone strikes - and that is anonymity. Using internet smoke and mirrors, such as VPNs, TOR, and encryption, governments, and non state entities such as Anonymous can launch huge online attacks on enemy nations without ever revealing their identity - and if the enemy doesn't know who exactly is attacking them, then they can't exactly retaliate, can they? So, the pros of cyber warfare vastly outweigh the cons But can hacking really cause as much damage as guns, drone strikes, and even nuclear weapons? Yes. Yes it can. And the results could be far more devastating. Full scale cyber warfare isn't a dystopian vision of the future; it's happening right now. And one could even say that we have already been playing at cyber war for the past ten years In 2010, a computer virus almost started World War III. Stuxnet is a computer worm meaning it can self-replicate and transmit itself to other host devices in perpetuity. But this isn't any ordinary malware designed to steal your online banking details created by some teenage kid in a basement... or a crazy Russian hacker. Stuxnet is far more complex, far more impressive, and so unimaginably more dangerous than any piece of malware before it. Stuxnet is the world's first digital weapon designed for international warfare. Experts have called it the greatest malware ever created. Within just a few days, security companies, analysts and researchers all over the world were becoming concerned about a new threat that was infecting millions of computers worldwide It was first identified in Belarus but in a matter of days it had infected computers in almost every country in the world. But one country in particular - Iran. The vast majority of computers infected by Stuxnet happened to be in Iran. This can't be an accident; this was by design. This meant it had a target. A normal computer worm has one method of transmitting itself to another machine - two at most - maybe through email, or file sharing. But Stuxnet had seven. This is unprecedented. Stuxnet could spread via USB without any user interaction - the second the USB would be plugged into the computer, it is infected. It could be spread over email, file sharing, or it could simply spread itself wirelessly, over the local user network, without any interaction whatsoever. A typical malware created by a criminal gang which is designed to steal sensitive data, or keep your personal files ransom in exchange for Bitcoin usually contains something called a Zero Day. A Zero Day is simply an exploit, a weakness in an operating system or piece of software that allows a virus to insert itself into a machine and control it, completely undetected. It's called a Zero Day because the author of the software doesn't yet know of the security hole within their own software But the hacker does - so when the hacker uses the exploit the software developer has spent zero days attempting to fix the security flaw A Zero Day is a hacker's dream weapon. A security hole that they know about, but nobody else does - not even the software's creator. Now, Zero Day exploits for major operating systems such as Windows are so rare that they only appear around ten times each year. So, if you have a Zero Day, you can sell it on the black market for hundreds of thousands of pounds. It is usually worth it for the criminal hacking groups to purchase one Zero Day exploit from the Dark Web, because before that Zero Day gets found out about and fixed, the gang can use it to infect millions of machines and make a nice profit on their investment through techniques such as ransomware and phishing. But due to the rarity and great expense, it is completely unheard of for a single virus to contain more than one Zero Day Stuxnet contained four different Zero Days. Probably over a million pounds' worth. But why four? Simple. Redundancy. If one Zero Day fails, or gets patched, there are three more to fall back on so not one single software update can stop this virus from spreading. The amount of money and time invested into Stuxnet means it could only have been created by a nation state - and a powerful one at that - probably several nation states, in fact. After examining the incredibly complex Stuxnet code for over a month, security researchers across the world soon realised that Stuxnet had a very specific target. It was spreading to millions of devices worldwide, and doing absolutely nothing. Like a patient assassin, Stuxnet was waiting until it had spread to, and infected one specific location before it would deliver its deadly payload. We now know that that target location was Natanz Uranium Enrichment Plant in Iran. The plant contained roughly six thousand centrifuges that were enriching uranium so that it could be used to develop nuclear weapons. The goal of Stuxnet was to infest the Siemens PLC Unit at Natanz These are little black boxes with on-board computer chips that control the spin speed of the centrifuges and monitor them to ensure that they are all spinning at the intended safe RPM at all times - about 6,300 rotations per minute. Whoever developed the logic behind Stuxnet had to know exactly how these PLC Units and centrifuges work This is literally as hard as rocket science, not something your usual hacker would know anything about. When Stuxnet had cleverly determined that it was on the correct hardware, it did... nothing. It would just lay dormant on the PLC for thirteen days - staying completely silent, just waiting. But - it was doing one crucial thing during these thirteen days - it was recording all the data from the centrifuges saving every log that every single centrifuge outputted for thirteen days straight Then, after patiently waiting for two weeks, Stuxnet sprung into action It increased the spin speed of all the centrifuges by several times - way beyond their safe operating range It did this for just fifteen minutes and then it slowed down the centrifuges to just 2 RPM for another fifteen minutes This massive variance in the spin speed of what is a finely tuned machine caused the centrifuge to develop cracks, warp, bend, and eventually break apart, or even blow up. But the most genius part of all this is that while Stuxnet was increasing and decreasing the RPM of the centrifuges way beyond their safety limits, it pulled off a trick from an old spy film You know when the spy is sneaking into the enemy's secret lair and they replace the feed to the CCTV camera with prerecorded footage, so that it looks like nothing is actually happening? Well, Stuxnet did exactly that Remember how Stuxnet did nothing for thirteen days upon arrival ...except record data? Well, whilst it was doing damage to the centrifuges, it played back that recorded data to the PLC so that all the maintenance engineers in the control room who were monitoring the status of the centrifuges would think that everything was working as normal - the machines would be reporting a completely normal spin speed Nothing to see here! This, then, isn't just a virus; this is a piece of expertly choreographed espionage. Stuxnet even contained code that would disable the big red off switch that the engineers would usually press, if, say, a foreign nation had inserted a rogue virus into your PLC units to blow up all your centrifuges...! ...yeah. While Stuxnet was doing its thing, it completely disabled the emergency off switch Stuxnet would repeat this same thirty minute routine just once every 27 days - as not to arouse too much suspicion from the engineers Over the following months, Stuxnet successfully destroyed well over 1,000 uranium enriching centrifuges at the Iranian Natanz plant - significantly slowing down Iran's nuclear weapons program. To this day, nobody has claimed responsibility for the attack but it's pretty darn obvious that Stuxnet was created by the US Government. Anonymous NSA sources have confirmed this, adding that Stuxnet, which was actually codenamed "Olympic Games" by the NSA, was a multi million dollar joint effort between the NSA, GCHQ in the UK, and Israel's elite government hacking agency, UNIT 8200. But Iran didn't take Stuxnet lightly. They retaliated hard. Iran immediately recruited thousands of hackers from around the country to their new cyber warfare unit - and then they struck back. Iran wiped out every piece of software from every computer at the world's largest oil company, Saudi Aramco. They then hit America's banks, taking down the online banking capabilities of America's largest banks: Bank of America, PNC, and Wells Fargo. Although Iran didn't claim direct responsibility, this was obviously a slap in the face to America, to say "You can't attack us in cyberspace and get away with it." And so what happened back in 2010 was the world's first cyber war between two countries. But the scariest part of all this is that by targeting critical infrastructure, enemy nations can affect physical devices destructing our lives and even causing mass harm to people through no more than lines of computer code Hackers could literally derail trains, make planes fall from the sky, and blow up gas pipelines and dams If that's not science fiction, then I don't know what is. We are living in a new age of war but according to NSA insiders Stuxnet was just the beginning - a small time operation You see, the NSA have been working on a huge, multinational multi agency, and multi billion dollar top secret operation codenamed Nitro Zeus. Nitro Zeus was a backup plan - in case Iran refused to agree to the Iran nuclear deal that prohibited them from producing nuclear weapons The Obama administration wanted a second option - a way to stop their nuclear capabilities for good if the peaceful negotiations went sour. That backup plan was Nitro Zeus and, quite frankly, it's the most terrifying cyber weapon ever created. We know very little about Nitro Zeus, but, from what we can gather from anonymous NSA employee testimonies, it is basically Stuxnet on steroids - many times more complex and intelligent Nitro Zeus had the capability to infect almost every computer inside Iran - both civilian and military - and control them at the attacker's will. It could attack Iran's command and control systems so, in the event of a war, Iran's military could not communicate with one another It could hack into, and disable, Iran's air defence system so that US and Israeli planes could attack Iran with complete inpunity - Iran would be unable to shoot them down. But that's not all - Nitro Zeus could also shut down Iran's entire power grid leaving the whole country with no electricity. It could even destroy all domestic communications and transportation systems and take down Iran's financial systems and banks - all in a few minutes - at the click of a mouse by some NSA employee, 7,000 miles away. In the event of a war with Iran, Nitro Zeus ensured that they would be completely defenceless right from the start. According to some sources, Nitro Zeus is still inside Iran today and can be activateed at any moment... laying dormant... waiting. Just in case. You may not think that cyber warfare could affect you personally - but the scary reality is that cyber weapons, whether created by a criminal gang, terrorist group, or even a nation state, could easily be far more damaging to you than traditional warfare. Critical infrastructure is everywhere, we don't see it, but it powers our daily lives from the filtered water we drink to the electricity that powers our homes and devices But that's just the tip of the iceberg Communications, manufacturing, water filtration, waste, gas, energy, emergency services, agriculture, logistics, finance, healthcare, transportation and defence all rely on critical infrastructure to function and do their jobs for society. And that means that every single one of these systems can be hacked And, to be honest, the vast majority of this infrastructure has pathetic levels of cyber security because they were likely designed and built before the internet existed Using anonymous computer code, this spiderweb of hardware and software that runs every country can be disabled, corrupted, overridden, and destroyed, The results could be utterly devastating When you destroy water filtration systems when you shut down a national power grid, they don't just turn themselves back on It would take weeks, even months, and billions of pounds to return everything back to normal In that time, millions of people would likely die due to hunger, the cold, and the lack of clean water. Modern wars have been mostly fought in the Middle East, and so most of the effects of these wars have not actually been felt by citizens of western countries. Cyber warfare changes that completely - and, in fact, it reverses it Which countries do you think have the most critical infrastructure? Wealthy, developed countries Places like the US, UK, Canada, Japan, Western Europe have the greatest amount of critical infrastructure per person than anywhere else in the world and that means that they are far more susceptible to hacking and cyber weapons. Ironically, one of the most well defended countries against cyber weapons is North Korea because the entire country is not connected to the public internet It is surrounded by what hackers call an Air Gap - i.e. it isn't connected by physical wires. Air gaps are the hardest obstacle that a hacker can face when spreading a virus Every year, the US Government publishes a document called the Worldwide Threat Assessment, which analyses and predicts what the greatest threat is to our nations. In the 2007 report, there was no mention whatsoever of cyber warfare. In 2011, cyber warfare did make an appearance but it was right at the bottom - suggesting it was an incredibly insignificant threat It was even below West African drug trafficking. But - from 2013 onwards, the report listed cyber warfare as the top threat facing our world today. But it's not all doom and gloom. We can all take some solace in this fact, which reminds us that behind all these cyber weapons and anonymous hackers, are, at the end of the day, just... humans. In 2012, the FBI caught the world's most wanted hacker because he was hacked himself due to the fact that he used his cat's name as his password, followed by "123". The password was "Chewy123". Thanks for watching. If you enjoyed this video, then please click here to support me on Patreon which really helps out the channel, and you can get some pretty cool rewards. Click here to watch another video, and if you haven't already, don't forget to subscribe!
