Why Hacking is the Future of War

[Music] it's November 10th 2008 Barack Obama just won an election and he travels to the White House to meet with the outgoing President George Bush in that meeting Bush told Obama about a top secret weapon that the US military had been developing with Israel since 2005 code named project Olympic Games this weapon was intended to hit one of Iran's most fortified nuclear facilities buried deep underground found where centrifuges spin uranium to enrich it for use as energy or with enough spinning to be used in a nuclear weapon but this secret weapon wasn't a missile they

weren't planning an air strike instead it was a computer file less than a megabyte in size 150,000 lines of pristine code this is the weapon that the president had to tell Obama about this little file had been planted in Iran where it spread throughout the whole country but it didn't do anything it laid dormant until it found its way onto a flash drive that was then plugged in at this underground nuclear facility and then it spread finding its way to its final Target this one machine and then the weapon started working quietly reprogramming the software

to very subtly sabotage these delicate spinning centrifuges opening a valve to change the pressure telling the centrifuge to spin a bit faster or a bit slower all while telling the technicians that everything was working properly over time these subtle manipulations destroyed these centrifuges this was one of several weapons that the US had planted in Iran using sophisticated computer code now if a war broke out with Iran the us could turn turn off their power could turn off their military defense systems making it so they couldn't shoot down planes they could turn off their command and

control systems so they couldn't talk to each other during the fight this was a real war plan executed by thousands of American military personnel hundreds of millions of dollars in a cyber operation that would quote prepare the battlefield by weakening Iran's ability to fight all of it using Code the code that sabotaged the nuclear facility was eventually discovered and named after of the elements that were inside of these many lines of code stub or MRX net they called it Stu net now this weapon did slow down Iran's progress at first but it didn't stop them

but what this did do was showcase a new style of war the use of quiet weapons in the form of a tiny text file that could self-replicate and wreak actual physical damage on an enemy we call this cyber warfare and it has become a fixture of modern conflict let me show you how it works we're moving into a new era people were actually getting dismantle our communication system the click of a button you can bring down patients to their knees before stuck net most cyber warfare was pretty basic like in the80s you had this situation

where an East German hacker broke into some military computers in the US looking for secrets for the FSB which was like the Soviet spy agency or more recently like in 2007 where Russian hackers attacked a bunch of Estonian websites in the financial government and media sectors shutting them down as retaliation against Estonia deciding to relocate a Soviet Monument these were cyber attacks but they were pretty weak and unsophisticated especially compared to what was soon to come so we live in a weird time our information is less secure than ever and now my phone and my

email and my physical mailbox are inundated with stuff I don't want to see I feel like my information is just leaked out to anyone and everyone who wants it and this of course is a part of today's video but it also has to do with the sponsor of today's video which is incog incog is a platform that allows you to get yourself off of the lists that data Brokers use to get your information it's really cumbersome and timec consuming to go through the process to be taken off these lists the companies make it intentionally hard

at times so what you do is you sign up for incog and you give them permission to act on your behalf to go out and request that you be taken off of these data broker lists there's a link in my description it is incog docomo Harris when you click the link it helps support the channel you get 60% off when you sign up for the annual plan the annual plan allows incog to month after month go and strip you off of these lists so that you can retain your privacy over time so thank you in

cogy for sponsoring today's video with that let's dive into this deep complicated intense wild story of cyber warfare the true power of the internet empowering the internet generation I got on the internet we have to remember that in the early 2000s most of the world wasn't built off of the internet yet internet speeds were getting good software was getting sophisticated and Compu computers and their software were becoming the foundation to many big invisible Industries like shipping finance and energy and crucially hackers who had grown up on the Internet were getting really good at finding vulnerabilities

in these systems breaking into them learning to exploit them now how those hackers ended up selling their secrets to the US government in the name of making cyber weapons is the next part of the story but first a quick word on software this thing that runs our Modern Life that is mostly invisible but that is endlessly important that ensures that you have electricity and that you can access your bank account and do your job all of this is made possible because of something that looks very simple lines and lines of code they're just basically lists

of instructions on how a system should run what it should do in every circumstance and who has access to what but because more and more of the world is run on software and software contains sensitive information like your social security number or bank account number whatever developers build their software like a castle so this is our software Castle it has walls and locked doors that only authorized users are allowed to get into but inevitably because it's a big complex Castle the Builders of this Castle on accident left little holes little vulnerabilities weak spots secret doors

that if an intruder could find would allow them to get in where they can steal things or even take control of parts of the castle that can lock the owner out and only give them access in exchange for money or they could just leave little time bombs that will blow up later almost all software has some kind of vulnerability that would allow a hacker to get in and control things but the worst kind arguably and the nightmare scenario for software developers is the zero day it's called a zero day exploit Because by the time the

Intruder gets into the software Castle the developers had known about this for zero days meaning they didn't know they were unaware they were blindsided by this attack it was a hole in their cast castle that somebody found and now they're screwed now once a hacker gets in developers often know that there was a vulnerability they can work on patching it but that takes time and then of course they have to get the users to update their software in order for that patch to actually work and we all know how kind of annoying that is a

zero day exploit is a software developers nightmare which in turn makes it a hacker's dream some hackers will spend their time looking for zero day exploits in really powerful software like the software that runs your iPhone or Google Chrome or Windows operating systems or a million other pieces of software that run our world some are interested in doing this so that they can get money or passwords that's the criminals or others are interested in gaining control of underground nuclear facilities and electricity grids that would be the government okay so let's say that you're a really

sophisticated hacker and you have somehow found a zero day exploit for an Apple iPhone IOS you can get into someone's iPhone and control it that's a really valuable thing you now have a few choices on what to do with that information number one you could go right to Apple and you could give it to them and they will pay you handsomely right now they will pay you $1 million in exchange for a zero day exploit that allows you to hack into their iPhone every big software company does this like Google will give you $150,000 if

you can find a way to take over one of their Chromebooks via a website software companies offer these bug bounties because they want to know where the holes in their Castle are they want to patch them they want to avoid the nightmare of being hacked into and compromising the security and privacy of their users so yeah that's one of your options sell it to Apple get a million bucks Totally Above board we'll call this the White Market but you could also sell it on the black market to criminals who want to use these exploits to

make money which happens like in 2016 there was this case where hackers that may or may not have been linked to North Korea were able to hack into the Central Bank of the country of Bangladesh they were able to make all these fraudulent requests and like hijack the Swift system that transfers all the money and in the end they were able to get $81 million transferred to their bank account in the Philippines their end goal was to get closer to a billion dollars but because of a typo in one of their fraudulent requests they got

caught and it got shut down but the point is that there's a black market for zero days because there's a lot of money to be made if you can hack into a financial system but you also have a third option here if you have a zero day exploit you can sell it to a government or a military they tend to have pretty big budgets and more and more they're interested in developing cyber weapons hacking tools that they can use against their enemies we'll call this the gray market and the money here is pretty big so

there's all these middlemen Brokers for zero days like dealers there's one Russian zero day dealer who a few months ago tweeted out that due to high demand their clients are now willing to pay $20 million1 times more for a hacking tool that uses zero day exploits that allows them to fully hack an iPhone or Android device and then they specified that their client is a non-n country which experts basically say them saying like this is Russia like our client is Russia these three markets for zero days show us just how valuable these little bits of

code have become because they aren't just little bits of code they are now weapons they are access to very valuable castles of software criminals want them software companies want them but more and more governments want them and this is how the US and Israel built stuck net their big weapon against Iran using zero days not just one zero day exploit but four and what Iranian officials describe as an act of nuclear terrorism and this is the reason why experts and the ex director of the CIA call stuck net a GameChanger for Warfare because whenever a

country uses a big new weapon all of the other countries especially the rivals realize that they have to match that capability and ideally one up it that's how arms race works that's how nuclear weapons have worked and that explains the concern of the ex director of the CIA this has the whiff of August 1945 1945 being the year that a nuclear weapon was used in war thus changing the world and the balance of power between countries forever somebody just use a new weapon and this weapon will not be put back into the box so by

the end of the early 2000s after stuck net it truly was the beginning of a new era a new era of cyber warfare in 2012 chinese-backed hackers broke into the computer systems of over a dozen oil and gas companies there was an investigation and the FBI and Homeland Security concluded that the attack wasn't to steal anything or even to sabotage the infrastructure but rather to quote gain strategic access for future operations meaning to gain leverage over the United States investigators said that this was the first time that they had seen anything like this that same

year an Iranian hacker group attacked Saudi Arabia Iran's enemy using a cyber weapon that is kind of like a digital bomb it was a virus called shamon and it got into the computers of Saudi Arabia's State Oil Company wiping their hard drives clean this thing spread across the company's networks ultimately wiping data from tens of thousands of computers and rendering them totally inoperable a huge blow to the company in 2015 a huge Cyber attack occurred when the Russian hacking group sandworm shut off the power to a quarter Million ukrainians by gaining control of the computers

that ran the power stations this is actual footage of them remotely controlling these stations computers they used a piece of automated malware to do that which is a sign that they will probably want to use that again that looked like a kind of practice rounds to develop a capability that they want to have to use globally this set a new precedent people theoretically knew that cyber weapons could be used against electricity grids which is like the lifeblood of our economy and Society but it hadn't actually happened until this 2015 attack these are just a few

examples but they examples that show how cyber weapons became employed in a war context between countries wasn't just hackers trying to steal money it was countries trying to hurt their enemy trying to demonstrate their cap capabilities to deter their enemy to let them know that they have power over them a tool of War of National Power and indeed in 2010 the US acknowledged this very overtly by adding the US cyber command as a new Department to the military cyber war was here and it was here to stay today we Face threats that have increased in

sophistication magnitude intensity volume and velocity but here's what's crazy is that these aren't weapons these aren't like missiles where a country has a monopoly over buying and using them cyber weapons are just bits of code they're text files that are really small and easy to transfer around so what happens when a cyber weapon developed by a military gets into the hands of everyone and they can use it however they want well that's exactly what happened in 2016 the DNC has called the FBI after a deleting attempt to hack into voter databases during the 2016 presidential

election the US was hit with a barrage of cyber attacks this included the hacking of emails of the democratic party a misinformation campaign on social media and even an attempted hack of voter registration databases in several States American intelligence agencies came together they investigated and they concluded that this was Russia it was Russian hackers that were supported and directed by the Russian government itself and the goal was to sabotage the American electoral system the Russians were responsible for hacking the DNC this was like a frenzy here in the United States like everyone was talking about

it was a huge deal but in the middle of all of this a post quietly appears on GitHub from a user by the name of the Shadow Brokers this was a few months before the election it was a tense time for a lot of reasons they claimed that they had super powerful cyber weapons from the American government's most elite cyber War group the ones who created stuck net and that they would sell these hacking weapons to the highest bidder they would take their bids in Bitcoin they released a few pretty impressive samples that actually looked

pretty legitimate they released an encrypted file that said contained more hacking weapons but you needed the password for it but they held on to it posting every once in a while with a trickle of more information and honestly a lot of like bizarre rants on American hypocrisy and broken English that felt kind of intentional and caricatured they didn't end up getting very much money and it all looked fairly ridiculous but then out of nowhere came this post last week the shadow Brokers be trying to help peoples this week the shadow Brokers be thinking peoples they

were getting pretty spicy and indeed they released this password this weird weird password that they said was the password to that encrypted file that they had posted earlier and when you put that password in the encrypted file you discover that it is exactly what the shadow Brokers said it was 67 files that comprised some of the most sophisticated and dangerous cyber weapons that the NSA had ever created and among them the most powerful of the bunch a tool called Eternal blue which allowed hackers to break into and control the Windows operating system which is what

most computers in this world use a etal blue was like an Open Door back to our Castle analogy this was like a door into millions of castles and the power to spy inside of the castle to unlock any door to steal the contents of the castle to disrupt and break and Destroy whatever you wanted inside of the castle to lock people out of their own castle Yeah I mean this was like a sophisticated military weapon that had just been duplicated and sent to anyone who had an internet connection and what it meant was that the

shadow Brokers and all of their like caricatured broken English were actually legit they had hacked in to our National Security Agency our secret spy agency and stolen the Cyber weapons and sent them out to the entire world not just to other governments but to anyone so who are these shadow Brokers and how did they do this the answer and the kind of scary thing about cyber is that we don't totally know experts think that Russia did this to send a very clear signal to the NSA and to the United States at large that hey we

can do this we have the power to break into your biggest secrets and we will release them if we want to so now after 2016 we enter a new era of cyber warfare stuck net was a big Turning Point the shadow Brokers and eternal blue is our next Turning Point from here on you see a new genre of more sophisticated more powerful cyber attacks barely a month after the nsa's secret weapons leak out by the shadow Brokers a North Korean linked hacking group uses them to deploy a virus that spreads to nearly every country on

Earth within hours locking up hundreds of thousands of computers making them unusable which halted Hospital equipment police departments governments and Railways in over 150 countries you're sitting there on your computer and this pops up saying that your files are locked and that you can get them back but quote you have not so enough time close quote and that quote you need to pay $300 worth of bitcoin to do so militia software has been taking computers hostage in an unprecedented worldwide outbreak this is called ransomware basically you Ransom the computer files and you have to pay

thisen happened in a matter of hours it was only stopped because a 22-year-old researcher accidentally activated a kill switch baked into the code so the bigger crisis was kind of diverted but even still in just that few hours as W cry was spreading to 150 countries it caused hundreds of millions of dollars maybe even billions of dollars of damage and economic loss this showed us how powerful these NSA weapons could be in the hands of Bad actors and we learned this lesson once again when these same weapons were used by the masters of cyber warfare

Russia the single biggest attack on record it was June of 2017 the night before Ukraine's Constitution Day when the Russian hacking group sandworm deployed an attack that was similar to their 2015 electrical grid attack but this time they had the NSA weapons in their hands so it was a whole new level this one was called not Peta this thing was potent it spread very quickly and soon ukrainians were seeing this scary screen on their computer that literally started with quote oops your important files are encrypted perhaps you are busy looking for ways to recover your

files but don't waste your time nobody can recover your files without our decryption service it looked like another ransomware attack saying that you have to pay $300 worth of bitcoin in order to get your files released but meanwhile it was spreading super fast and wiping everything out in its path it took down K's mass transit system airports hospitals and it rapidly spread through government agencies gas stations and power grids went down credit cards stopped working and it shut down almost every ATM machine in the capital one person who was caught in the middle of the

Cyber attack described it as life went very fast from what's new on Facebook to do I have enough money to buy food for tomorrow and it's a moment like this that we can really grab grasp just how fundamental this infrastructure is to our lives and in this case there was no kill switch it was so viral that it spread Beyond its Target of Ukraine into other parts of the region hitting the systems of a bunch of companies like FedEx or the shipping company MK and soon tens of thousands of trucks were stuck for days with

no computers to guide them I mean that's a lot of trucks and many many others it affected tons of companies and agencies and systems all because of this one virus unlike a missile or an invasion cyber can hide behind this hackery looking screen this doesn't look like a state entity this looks like a hacker doing a ransomware attack so they can make some money in Bitcoin but that's not what this was this was a coordinated sophisticated attack by the Russian government using an American cyber weapon to make it more viral that caused an estimated $1

billion in economic loss and damages and and in the process really blurring the lines of the rules of War where usually like you know what a country did to you and you know how you're supposed to respond and all of that creates this nice balance of like deterrence that's kind of the lifeblood of stability in our Global Order when you've got these like shadowy like deniable attacks it makes it way harder to know how to respond to whom to respond and like what's proportional it just changes our view of conflict which is why regimes like

North Korea or Russia have leaned very heavily on this type of Engagement because as they become more isolated and as their military becomes less effective this is a way for them to stay relevant for their enemies to continue to fear them because cyber is an actual weapon of War now but let me just say something that is probably not obvious and might be surprising to you here at the end of the the video which is that the biggest threat in the future the thing that's going to be the biggest part of cyber warfare isn't going

to be these big splashy like shut down the electrical grid doomsday scenario situations those might happen those are real threats we need to prepare for them but like any weapon of War cyber is turning into a weapon that is being deployed subtly that countries will use to get into the minds of their enemies like right now we could be pretty certain that Russia and China have quietly infiltrated parts of our infrastructure systems they haven't done anything with that but they're probably there at least that's what a lot of analysts and experts think and that we

have probably done the same to them and that we're all just sitting there with our little time bombs put into our enemy's Castle in case we need to use them and we want our enemy to kind of know that were there there's this list that I've been looking at of all of the cyber attacks CSI as the thing tank that I used to work out documents these and I was surprised that I hadn't heard of almost any of them because they're small but they're frequent to me this is the future of cyber warfare it's not

stuck net and want to cry it's these death by a thousand pokes psychological warfare revealing to your enemy that you have capabilities to infiltrate their systems and in that sense cyber warfare starts to look a lot like nuclear deterrence like a shadowy hidden submarine with nuclear weapons floating through the ocean somewhere capable of hitting your enemy and your enemy knows that they don't know where it is but they know that it's there and any calculation that they make on conflict takes into account that that weapon is there and could be used at any point this

is the weird Paradox of War and Peace and deterrence that one of the forces that has kept our world stable and rid of great Powers conflict since 1945 has been the fact that we have very powerful weapons all pointed at each other and therefore we don't use them cyber weapons are going the way of that kind of deterrence hopefully they'll never be used in the way that we fear that the sort of Doomsday scenario of like they shut down the electrical grid and they do a full scale attack yes there will continue to be these

moments where viruses spread and to avoid those just update your damn software I hate it as much as you do but like two Factor authentification we got to do it all this stuff it's there for a reason because we live in a new world and we should be prepared for that world as for the war and the geopolitics of it all I'm going to keep an eye on it because one thing in all of this is certain cyber is here to stay it is something we have to think about and understand if we're going to

understand the the future of [Music] [Music] War you guys notice uh that uh this thing is here Nick the studio manager who's right over there brought this in and made it amazing and every time I talk it moves and that is just freaking cool good job Nick also Alex good job to Alex as well who is the visual producer I want to say a giant thank you for all of those who are here and especially those who are a part of The Newsroom which is our patreon community we're doing this thing called independent journalism on

YouTube and it is exciting and fun and it's a lot of work and it is a lot of meticulous effort so I am very grateful for all of those who support monthly over on patreon for those who do support over on patreon you get access to my scripts you get this behind the scenes Vlog where you get to meet the team you get to see some behind thes scenes action of like what we're up to including like setting up this set we like film some of this and like you get to see sort of how

it works you get to meet all of the like creative people who are a part of it if you're looking for other ways to support the channel we have a poster that has a bunch of maps on it I don't know if by the time you're watching this it is still in print it could be sold out because we're only doing like a thousand I think so go click on the link in the description and see if it's still there if that's interesting to you we also have lots and presets which is what we use

to color our videos and our photos and oh I don't know if you know this Tom Fox who composes all of our music is now offering all of his music for free for you to use in your videos that is the thing you can now use all of the music that you heard in this video which is like sick synth music music that we developed just for this video this is Tom Fox's synth you can download it for free you can use it for free the caveat is if you use it and you monetize your

videos we will split the revenue 50/50 and if you want to license it for like one of your projects or something like you're making a documentary reach out to music at Johnny harris. and we license music for your projects so that's cool a lot of you don't know but we launched a new channel it is called search party it is with my old Vox colleague Sam Ellis who's leading out on building this amazing new like news brand that explains geopolitics as well as Global Sports which strangely intersect in more and more ways in our modern

world that is search party it is live now there's loads of videos you can go check out they're similar to what I do hear but Sam has his own style his own approach very good concise journalism so go check that out go subscribe support that channel and I think that's it so yeah that's it for me I guess I should say the thing that is strange subscribe to my channel there's some real psychology around say if I say like if you're not subscribed to the channel let me tell you that here it matters like the

subscriber number really matters and it means that the video has a better chance of doing well which is the lifeblood of everything we do here is like getting this journalism out to as large of an audience as possible so if you're not subscribed click the button and yeah that's it that's all I have to say say thank you all for being here thanks for watching we've got a lot more videos coming up and I will see you in the next moment I