The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar
2024 ж. 27 Нау.
686 781 Рет қаралды
Stuxnet was a sophisticated cyber attack on an Iranian nuclear plant that may have changed the nature of warfare forever.
This episode of Cyberwar first aired on VICE TV in 2016.
Help keep VICE News’ fearless reporting free for millions by making a one-time or ongoing contribution here. - vice.com/contribute
Subscribe to VICE News here: bit.ly/Subscribe-to-VICE-News
Check out VICE News for more: vicenews.com
Follow VICE News here:
TikTok: www.tiktok.com/@vicenews?lang=en
Facebook: / vicenews
Twitter: / vicenews
Instagram: / vicenews
More videos from the VICE network: www.fb.com/vicevideo
#VICENews #News
Thanks to Vice you can relive 2016 again and again, and again and...
Again?
And again
And again until they get their ad views
Thank you, therefore I won't watch the video and will instead dislike and report!
Yes, but you wouldn't believe how many people don't know or understand Stuxnet. This episode is great for people to understand cybersecurity, politics, etc.
Reminder, this episode was from 2016, 8 years ago. Edit: Vice news is really wanting us to endure 2016 again
Yes, important reminder
Check out darknet diaries with my boy jack... current hacker ish
Maverick got enough time to push it on big screen.
Thank U. Saved me the watch.
JUST A FRIENDLY REMINDER------ America is in violation of the Symington Amendment by giving aid to Israel when they haven't signed the Nuclear NPT, and promote terrorism on Iran when they seek to develop their own energy program.
vice if your gonna repost old articles at least include the orginial post date and the tag #repost or something.
The descriptions says it’s a repost
Yeh but they could have atleast put it in the dam title smh@Duckduckobtusegoose
@@kieronluke4657it's not hard to read the description. can you not understand anything that's not hashtagged?
324,185 views Mar 28, 2024 #VICENews #News Stuxnet was a sophisticated cyber attack on an Iranian nuclear plant that may have changed the nature of warfare forever. This episode of Cyberwar first aired on VICE TV in 2016.
@@og666 it's not hard, but the issue is that it is hard to know the description is important. Titles have the benefit of being on screen all the time (PC, non-full screen) and hashtags have the bonus benefit of popping out from being a different color.
whats crazy to me, is that my highschool in 2010 didn't allow unauthorized USBs to be plugged in we had to go to the tech room and show the usb to a teacher and he had to scan it and give it a little sticker saying it was ok to use on our laptops, but the Iranians at a nuclear facility didnt do this. wild edit: Irans
I doubt that’s how it happened… most likely the engineer was paid by intelligence to bug the system
This was not your run-of-the-mill worm. Your teacher's antivirus would not have seen anything, that's whata 0-day attack does. It is called that because 0 days have transcured since the attack has been discovered by security companues and therefore no countermesure to that attack exists yet. And the method used was to inject this worm in as many normal computers in the world as possible so that everytime a technician would break the air gap to import some code he would have more and more chance to be using a pen drive that would have been previously inserted in an infected computer. I don't remember the exact number but when Stuxnet was first reported on it had infected an astonishing number of computers worldwide, something like 20 percent.
@@Freiheit1232ok, but what dude is saying is Iran should of had something in place to protect itself from just some bad actor plugging in a USB stick into a computer and taking down their entire operation. AMATEURS! Hahaha
You would be surprised to find out in some second / third world countries this thing is still going on in governmental building. Simply because security protocols are overseen by employees, and security awareness is just something from a check list that nobody cares but they all sing the paper because is the norm.
@@sforza209 There would definitely be a way around such a system whether it is a high ranking individual at the plant or someone who just bypassed security protocols
YALL GONNA MAKE PPL FREAK OUT 😂
emotions will be tugged
People that are helpless and don’t have guns lmao
JUST A FRIENDLY REMINDER------ America is in violation of the Symington Amendment by giving aid to Israel when they haven't signed the Nuclear NPT, and promote terrorism on Iran when they seek to develop their own energy program.
@@crackerjack2303Hiroshima’s pistols did nothing
This story is about 10 years old tho lol
Remember that this episode was from 2016
It's also a bit inaccurate. The first known cyberattack dates to at least 1982 with software that caused specific massive damage being inserted into natural gas equipment destined for the Soviet Union. It triggered.""The result was the most monumental non-nuclear explosion and fire ever seen from space," he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982." (Washington Post).
USA is the main threat
Sure
Episode is from 2016 about an event(s) that happened in 2010. And the details are very watered down.
Interesting how this episode is more relevant today than in 2016.
The delivery method is incorrect. It had since been revealed that it came in via a part that was infected, not a usb.
Wayyyy more impressive tbh😂😂 them boys at Siemens hooked them up😂
Something stolen: USA did similar to the Soviets back in the day.
Source
According to the dark research that came out 5 years ago, it was attacked through the HVAC system.
Also the threat analyst misdefined zero day as a zero click attack, I guess fact-checking isn’t one of Vice’s strengths
"We demonstrated the capability that you could have devastating physical impacts by cyber means" That seem like an accidental admission.
4 zero days in one piece of malicious code is beyond insane.
That crazy man
That's probably $10m in value right there...
@@Fatman305 Way way way more. A single zero day exploit that requires zero user input to execute can fetch up to 20 million dollars.
I don’t know about them but I believe you.
@@jiszle697 I was wrong, the other way. It likely cost less than $1m back in 2010. Look for Forbes article from 2012 "Shopping For Zero-Days". And note that even those ~$100k high-end exploits back in 2012 were much cheaper a few years earlier: "This is very different than in 2007, when researcher Charlie Miller wrote about his attempts to sell zero-day exploits; and a 2010 survey implied that there wasn’t much money in selling zero days. The market has matured substantially in the past few years."
This is such an insane story. Cyber security is still such paramount importance in 2024 and I feel like a lot of people are still very unprepared or uneducated about proper security.
Very much so! I'm been in cyber security an other aspects of the industry for many years and I'm still learning.
0 day means a technology virus we don't currently have a solution for. It literally means day 0, the first day of the existence of a new virus. It has nothing at all to do with the capabilities of the virus.
Yes, zero-click was what they were talking about.
Interesting how an IT engineer did not know what a PLC was. A USB stick in your work machine. That has not "formally" been permitted since early 2000's in most commercial organizations that I have done business with.
Things like that wouldn't ever be a standard educational criteria until there's an issue. 😅😂
@@tonywalker4207 None of them will ever forget what a PLC is now.
Because an security researcher (as you call it "IT engineer") is a software engineer and not an electrical engineer...? Do you think that all electrical engineers can complete a malware analysis because they are an engineer?
@@jjann54321 Valid (excellent) point. In particular for "stick to your lane" type engineers. But the very best among us, including hackers, tend to be multidisciplinary. Mitnick's M.O. was less about tech and more about social engineering. As a "security researcher" it is important to be aware about the most basic instruments used in (critical) industry.
@@TriAngles3D Totally unacceptable to have zero clue what a PLC is. A cursory understanding of hardware systems is a must for softdevs.
Nuclear power plant worker here, if someone was determined enough to attack a power plant and cause radiological sabotage... you're fucked. The NRC requirements aren't high enough to protect against modern threats.
*stares in nuke worker at a plant with 1950 tech that's never heard of the Internet* I mean, they could crash our email and make it hard to watch KZhead but, actually a threat to radiologic safety? Nah, we good.
I heard power plants controls are so confusing even the hackers are like wtf lol
@@EyeKnowRaff yes there's plenty of antiquated tech but they're modernizing it with ICS
@@will201084that’s 🧢 they have old ass plc’s anyone can go online with and make edits
0day is just an exploit that has not being disclosed yet.
Yea he didn’t explain what a zero day was lol .
@@inility57722:35
Uncle Sam ain’t gona do that for a while baby 🇺🇸🤠🤩 💪
I wish they would date it in the head line instead of using it as click bate. Other wise well done.
Vice is killing it. Wait this is not zero days old?
Vice exposing things that can get us all hurt.. like we really want Iran to have nukes? Tf they doing.. like Snowden.. all that for what? To live in effing Russia? Lmfao
The interesting thing is that the guy who likely planted it. Who was a dutch engineer , died in a one sided motor accident a few years later in Dubai. He was likely recruited by Dutch intellegence services. Who handed him over to the israeli and US services. The strange thing is that most of Dutch officers who were actively involved by recruiting him had no idea that this happened. The whole operation was so fractured that people only know about their small part. Which makes it impossible for most people to actually know what was giong on. Which is the power of the organisation. Even high Dutch politicians did not know what the Dutch role was. And it is still is a mystery till today.
Its terrifying to think that there are cyber weapons out there that could dictate if we live or not
there aren't. in order to pull something like this off you need years and state resources. like a complicated spy mission. its not like some child can inadvertently do this in a fit of immature rage because the virus is just floating around its possible that russia or china could do this to some US infrastructure, but only if it was a long term concerted effort with many people involved, as it was for the allies that launched stuxnet
@@HanTheProphet This video was from 2016 8 YEARS AGO PRETTY SURE THEY'VE HAD ENOUGH TIME TO UP THEIR GAME!
@@HanTheProphetever heard of an emp?
@@MommaBear_316Security has had 8 years to evolve as well. It’s a classical arms race. All it takes is for one to get through, yes. But how many are going to face back at you? Techwar has to obey MAD like anything else.
@@HanTheProphetare there, or are there not? You said both lol
James Actin is not an expert on the IAEA. He is incorrect to say that the Fuel Enrichment Plant at Natanz is too small to fuel a nuclear power reactor. In fact, Natanz has a capacity for 50,000 centrifuges, sufficient to provide fuel for a 1000 MWe reactor such as that at Bushehr!
The more time goes by and information becomes more available new things are becoming apparently more common helping us to understand the complexity of the internet
One big difference is your HS was very much connected to the WWW whereas Iran though it was "safe" because this nuclear facility was off the grid w/o WWW access, and they apparently overlooked the potential of an internal threat....with a USB with not 1, not 2, but 4 Zero Day exploits. That gives 4 potential completely separate attack surfaces within Stuxnet. I'm impressed that your HS scanned thumb drives back in 2010 before allowing them to be plugged in.
RIght, this guy is a fraud just like VICE itself. Real hard-hitting journalism when Mr. "Hacker Tracker" over here doesn't even understand simple concepts like air-gapping, as if his lie about his USBs being scanned that long ago even matters. Also that would go against the premise of air gapped systems where most likely whatever is scanning the USB was currently or previously network connected (especially to the WORLD WIDE web) LMAO. Stay safe brother and God bless.
Pretty wild that the SysAdmins in the nuclear plant didnt block USB drives on their PCs. Pretty big oversight for something that sensitive.
Infected part not a usb stick
Did he just admit it was the US at the end there? "We demonstrated"
Yepper
they did actually.
😅q7@@ROBLOXGamingDavidthe i8776677u7766😅
U.S. sabatoging something Iranian sounds about right.
You really thought you did something huh
Very informative. Thanks for the research
I really like this segment from vice. I wish they would continue it!
Symantec security: discovers super weapon attacking bad guys “We should let everyone know about this”
I prefer a security company to be as neutral as possible...
Agreed. Better than being like Kaspersky and their engineers getting arrested if they don't do what they're supposed to.
Your idea of "bad guys" are not the same as everyone's idea of "bad guys."
it got out of control and spread through numerous other countries.
Symantec security: discovered super weapon that could wipe out lots of people at once and directly cause international wars "We should let everyone know about this"
Excellent video. Very interesting, informative and worthwhile video.
For anyone wanting a more up-to-date insider look at this event, read "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age" by David Sanger.
Now this great journalism !
So why would Chen and Symantec broadcast they found Stuxnet, determining it was a weapon and being used against Irans nuclear weapons program? Great they had the skill and fortitude to detect and decode, but why rat out the ‘rat’ being used against a larger rat?
That’s what I was thinking the whole time while watching this
I'm surprised they didn't get a call from Mossad or NSA to keep quiet
Because it was already detected by a Belarussian company. If they kept quiet, that's just a clear indication of something shady.
Exactly it's because they were in help programming this with the United States government to demonstrate what its capable of
Why are there still people that genuinely believe that, in this time and age, causing geopolitical trouble will leave them unharmed?
10:06 Literally shows us it being on the charts
Iran running Windows legally is impossible since Microsoft would never sell them license keys.
It’s called looking up windows keys, Microsoft actually doesn’t stop it because then they have more people on their OS
3:04 really? You’re misdefining a crucial term 3 minutes into the entire video? That’s so shobby
What's interesting, since this aired Iran is one of the leaders in AI research. US firms tried desperately to recruit Iranian engineers but trump refused to allow it. That's why companies in Silicon Valley opened up research facilities in Canada and Europe, so thy could hire these people.
If Iran is one of the leaders in AI research then how come Iran hasent come out with a leading tech company till now just like China?
@@arbaz79You mention two state run economies and question why private corps haven’t upset them in the same breath.
Yep, they are now hacking the states that hacked them back then. Not extraordinarily, but still, they are now advancing.
What’s with y’all refurbishing old news that y’all already covered lately?
I work on PLCs occassionally as an electrician and they control everything industrial. Suprised it took this long to realize even if this is from 2016. Not much has changed as far as PLC security thats for sure
Awesome to see Vice bang out great content
Oh man!! When I watched this for the first time by downloading it via a torrent, it was surreal! Now, after 8 years, it is nice to see it available publicly and I can share with everyone. This series was great! Can't wait for the Russia episode.
So its a real life Skynet without an A.I.
When he threw the blank pieces of paper, that really hit home.
Wait when he said ‘normal malware doesn’t go after control systems’ was he referring to malware outside of international cyber-terrorism? I understand that most cyber attacks are most clandestine but surely it’s not unheard of for them to go after control of the particular infrastructure/government facility
Do you think a normal malware could infect an unknown operating system? You know windows,mac and linux. However a nuclear power plant OS does not use any of those. So it can only be of someone that understands how a nuclear power plant operates from the infrastructure/bare level. Look it is easy to figure out if you just think a little for a few mins.
Stuxnet was the start of a new era
by then, it is already as dangerous as it can get.
Stuxnet was dangerously used & it came back to hurt us. But it was an incredible Team effort to pull this off.
Upvote if you came back from year 2032 to re-watch this.
And here I am in 2232 and thinking 🤔 You made a typo.
parts of stuxnet is what affected the ship that hit the Baltimore Bridge.
Zero-day: if found, it is kept and not reported to the developers by the agencies for precisely this reason (to be used when needed).
Excellent reporting.
Anybody else notice that the interviews were sped up?
As a Power Engineer and PLC user this scares the hell out of me ..
Who wants Captain Crunch?
me me meee
Yes
The code was inputed so after it was all put out then the ransoms could happen
The explanation in the beginning of what a “zero day” exploit is not really correct. It is a cyberattack that takes advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. The term “Zero day" refers to the fact that the software or device vendor has zero days to fix the flaw because malicious actors can already use it to access vulnerable systems. Second, kinetic really shouldn’t be applied to missiles bc a “kinetic energy weapon” is one that doesn’t use explosives but rather speed/density to destroy something….
Few people know that during one week in 2023: 1. The FAA's Air Traffic Control System went offline in the U.S. 2. Within hours Canada's Air Traffic Control System also went offline. They are completely separate systems. 3. A month earlier the Philippines own Air Traffic Control System went down. That was a test run. 4. For those living in reality, three separate incredible events in three separate countries is called a hack/ransom ware attack. The media reported them as just a catastrophic system failure...that was reversed within hours. 5. The value of Bitcoin jumped dramatically right after the U.S. and Canadian events = the ransoms were paid.
Get a life
Whole lotta yappin
That's a pretty interesting claim, I've looked up and verified all the other stuff and the price of bitcoin does seem to increase dramatically over the days afterward. Love the level of replies from the two idiots above me tho
@@ifxthenwhy6202your post read my mind, top to bottom. This whole thing makes Jason Lowery's book Softwar all the more interesting.
@@ifxthenwhy6202exactly, even microsoft pays ransoms, what the two above you on?
It was a programmer in Minsk who first discover Stuxnet
i remember a boeing engineer was telling me stories about how they'd put code in usb sticks that would get sold to russian nuclear plants and how it would slightly alter their output somehow to make them less efficient which caused massive losses over time.
I worked on Siemens LOGO industrial controllers at the time...this is interesting...
21:37 I consider this statement as an admission of responsibility
Wait till Ai comes to cyberwars.
Nuclear *enrichment* plant, not a power plant. Massive difference in intent.
Yeah I seen a video on this a little while back. It was a USB from memory that infected the system.
I'm guessing there won't be a new season :(
Considering this video is almost 10 years old, nope.
Well this is just the problem of having cyber and techonlogy can cause alot of problem from computers and such that is upholding the systems in reacters and cause an meltdown which is just crazy and should not be allowed too do and should be supervised.
Full disclaimer I work with mostly competitor products but wow...Siemens: From Concentration Camps to Iranian Nuclear facilities. (According to the Siemens website and this video.) Too bad I can't bring this up in a business meeting without looking like an ass, lol. Sometimes being P.C. blows my mind.
Some people call Stuxnet the opening battle of WW3.
so glad im a cybersecurity major rn
Wonder what happened to this insider. He probably was not a systems administrator, network security person but a programmer.
According to the investigation published by De Volkskrant, Dutch Engineer Erik van Sabben, an agent of the Dutch General Intelligence and Security Service (AIVD) is responsible for introducing Stuxnet to Natanz. He was died in a motorbike crash near his home in Dubai two years after the operation.
They are currently in conflict... Except their parents were able to be vocal
Genuine question is the interview tripping sack during the interview with the guy from Symantec? Pupils are absolutely massive for being in a lit room
Very educative for cybersecurity education
It wasn't attacking a nuclear plant, it was looking for a specific configuration of PLCs that operated centrifuges for enriching uranium.
...within a nuclear power plant
Yeah so when the plant pops it will be an "unfortunate accident"
Explanation of "zero day"..... Having such a "specialist" provoke not only them..
when the facts do come to light this will be a great movie
maybe reasons why on lower attrition type weapons manufacturing as well
“The US opened a door that everyone will walk through now”
No Vice and NY Times let our enemies now in detail what's up lol
There was an attack on a uk power station two or three months ago in the uk
Thank you VICE NEWS
They did that guy super dirty with the thumbnail lmao
That crazy
lol what’s crazy it came out 4 minutes ago. Confuzzed!
@@Rynam happened 2016 bro. things are twice as worse in the shadows rn
@@Akac3shnot in 2016, 2009 i think
@rafayahmed6259 dam bro that’s crazy !!
Great video.
The thing with sanctioning Iran for so long is that they have learned to develop their own home grown versions of weapons. This could eventually spell disaster and backfire on the U.S and Israel ... Just saying. 🤔
You made some valid points.
That's a good point you made.
Yup if they did not sanction iran, they could pull more of these stuxnet type attacks. Now everything in iran is anti-stuxnet. 😂
Why did the major company disclose this to Iran?
"It was an act of war without there being a war...." Get real, there is always a war.
More videos about hacking even if its a old video but you guys should make cyber warfare videos
i love this version of Vice, not the political one
Plc's like siemens, allen bradley, sneider were not built with security in mind. These are in all systems in warehousing, factories and energy grids around the world. And the more advance the country the more vulnerable they are.
True! Easy to hack! Still 😂
Seán McGurk, former director of NCCIC, US Dept. of Homeland Security: "I think that there is no clear... complete evidence or even complete indication that it was one country or another." Also Seán McGurk: "Stuxnet to me was a Trinity moment... we demonstrated a capability that you could have devastating physical impacts by cyber means." Hold on, what do you mean by, "we?"
bro youre overthinking it, he means the employees of HLS, and anyone involved (not israel)
Trojan horses were the first cyber weapon and that's arguable.
The crazy thing is to think Iran will slow down their program by diplomatic negotiations. They will say yes and be ready to get all that money relieved by sanctions but it’s already been proves they did not stop enriching Uranium.
What?! Where the hell did u get that?! After the that was reached with Obama they did reduce enrichment and they only resumed when Trump existed the deal.
If vice stuck to investigation journalism like this they would still be viable today
Uhhhhhhh didn't Australian Media report on this approximately 15 years ago?
looks like ill have to step in.
*For example think of a missile* : and how it delivers its payload
With amazing reporting like this it's hard to understand why Vice went bankrupt. Who's uploading these?
Gosh the amount of times this has been covered.... is Vice using Microsoft Edge?
Remember that Francis Scott Key Bridge, a cargo ship crashed in Baltimore.
That wasn’t the only bridge that night either
Sounds like someone is setting us up for a “checkmate “
Maybe one day all wars will be cyber-wars.
PLC easy to program
To all those who are complaining that it's from 2016... Don't. The point is this is happening and has been happening for a while and vice has taught more of us just how fragile our predicament is.