Minecraft's Deadliest Hack

- Hello and welcome to the first ever Let's Play on this series. (ominous boom) (typing sounds) That's weird. Anyways.

Hello and welcome to the first ever Let's Play - (Microsoft error sound) - [Robotic Voice] You are watching disrupt[tv]. - [Narrator] Across the world hundreds of millions of devices all rely on Java, iCloud, Amazon, Steam. This programming language acts as the backbone to our 21st century cyber infrastructure.

And when these apps are using that language, they're simultaneously sending what they're doing to a log. The log gives developers an overview of anything from software errors to simple processes. And in the case of JavaScript, a popular log type is called LOG 4 J.

The message is from an employee of the Alibaba Cloud Security Team. He's describing an exploit him and his colleagues has recently discovered. An exploit that has been hiding in plain insight since 2013.

For every picture that is taken of this forest. There's one snake. And it just so happens that on this snakes scales is a specific string code.

This code can be placed anywhere is written. In email, a username or a Minecraft chat message. - That's weird.

- [Narrator] And since the bad actor in this case is constantly sending messages through chat, whatever he types is also sent to the log. In this case, the expression (indistinct) Hooking in to the victim's IP address, forcing him to run the code and subsequently run the malicious program. (TV error sound) (faint voices) (chatter on TV) (creepy music playing) - Chaos erupts in the headquarters of the US Department of Defense.

(upbeat music starts playing) - When suddenly (upbeat music plays) - A strange message appears. A mother dresses up her son for school, and he inquires about the discovery of planets. She hesitates to respond and instead pushes his questions aside, tells him to hurry up.

He's running late. He's aware. He's going to a place he loathes.

(mysterious music plays) Gary is not among the brightest of children according to the stereotypical definition of - [Robotic Voice] Society. - [Narrator] He struggles at school. He's barely able to keep with the inflow of information that he considers useless.

He understands nothing in class and he has no friends. He gets bullied. (children mocking and laughing) He's a textbook definition introvert, and he spends his time reading books on astronomy.

Contemplates the stars. (violin plays) And by the age of 10, it becomes impossible for him to commute on the bus and his anxiety skyrockets causing him to lose consciousness and faint. And for the next 10 years, he develops an interest in music.

Starts learning Beethoven's Moonlight Sonata, along with a few Beatles songs. It's become his routine to sit alone, surrounded by his books and his music uninterrupted by the world outside. But when the world outside begins creeping in he takes these books, shuts himself in his closet.

And by the time he's 14, his mother has married new man. And with this change in family comes change in interest. (violin fades) (crickets chirping) He spends most of his time surfing the internet.

Reading up on space. Soon gets interested in UFOs. The more he reads about them, the more obsessed he becomes.

He spends hours in his room, listening to music and learning about the strange objects in the sky. To materialize his obsession. He teaches himself how to code and he soon becomes completely invested in the dreams of finding hard evidence.

By 17 he's got himself a girlfriend, dropped out of school, becomes a hairdresser. Simultaneously, he joins the British UFO Research Association, listening to lectures, reading their magazines. - [Man] A belief that there is more to existence than birth death and an up and down life in between.

- [Narrator] He comes across a book published in the mid eighties on hacking. Until that point, he knew that the US Defense knows more about UFOs than anyone else. And it's this last puzzle piece that reveals to him just how to go about getting that information.

(creepy music plays) (cars honking) (up tempo music plays) (eerie music plays) - After receiving the email, the Apache Software Foundation begins immediate work. They're trying to fix the exploit before it becomes known to all. (upbeat music plays) But it was too late.

Like a match in a dry forest, the LOG 4 J exploit now referred to as LOG4SHELL is beginning its spread. The severity of this exploit is raised from a 3. 7 to a 9.

0. What makes this fire so spreadable is its simplicity. A relatively unskilled human AKA, a script kitty can now in theory, set a spark by sending a hidden threat.

A threat like ransomware. (music fading) (error sound) - [Woman] You've got to be kidding me. - [Narrator] Companies with large infrastructures immediately begin reinforcing their defenses.

Steam is secured. Apple is secured, but for the smaller guys (slow music playing) Apache releases patch 2. 15.

0, but soon after the release an exploit within this new one is found. If the standard LOG 4 J is vanilla, a non-default configuration is vanilla with sprinkles on top. A bad actor can use what's called a non-default pattern layout to look up the following symbols.

This creates a denial of service attack. Apache releases 2. 16, which removes the message look up and switches the JNDI function so that it no longer defaults to on.

The turbulence begin stabilizing. - [Robotic Voice] 3,700,001 - [Narrator] Is the total number of exploit attempts throughout the month. About half of corporate networks.

It's unclear how many of these attempts were successful and it's likely we'll continue to see these arrows being shot for some time to come. But opposing these attackers with swords and shields made up of ones and zeros, lay an equally powerful adversary, working day and night from country to country securing the infrastructure that acts as the backbone to the interconnected daily life, here on planet earth. (explosion) (drums playing) (indistinct chatter) - [Black Jacket Man] Good day friends, neighbors, and opponents.

- [Gray Polo Man] He's a hacker, but kind of a gray hacker. Hacker, hacker hacker. (indistinct chatter) - [Narrator] The man sitting in the corner is watching.

(upbeat music plays) - [Black Jacket Man] I would say from the get go, I don't feel that I'm the opponent of anybody in this crowd. You may feel differently. And I respect your right to do so.

(intro sound plays) - [Narrator] Gary executes his obsession and applies everything he knows to infiltrate the US Army, Navy and Air Force database systems. He looks for any clue or trace of information that unveils - [Robotic Voice] How deep the rabbit hole goes. - [Narrator] He learns to download a software known as Remotely Anywhere.

This allows him to access and control computers remotely with no physical association. Transfers files as a he likes and his journey down this path begins with a name Solo. To balance the reality of his nightlife, Gary starts working as a computer administrator by day.

His obsession amplifies with time causing his life as Gary to decay, but his life as Solo to blossom. He struggles to isolate time for his family and friends because one trail leads to another and soon he accidentally brings down the US Army's entire Washington DC Network, 2000 computers. They're out of service for three days.

(suspenseful music plays) In a small apartment buried deep in London, sits Solo who is now a quiet 36 year old Scott. It's a bizarre night for the world out there but inside victory awaits, he's still busy surfing through encrypted US servers, copying files and passwords. When an alert, imbues him of an another set of networks he can hack into.

A network he suspects has more information on not only UFOs but free energy. (marching music plays) Solo deploys his weaponry as codes painted on a blank canvas but the Earl Naval Weapons Station is fortified. After a few attempts, he finally finds his way in and explores the network.

It's labeled as the biggest military computer hack of all time. This chaotic catastrophe forces the US Military to deploy its teams to control the situation as quick as they can. The lack of protection and strong passwords in vital military networks lures Solo into continuing his quest for - [Robotic Voice] Alien anti-gravity devices and followed close behind is the Fed.

- The United Kingdom's National High-tech Crime Unit traces Solo to a flat in London. (upbeat music plays) (cartoony music plays) - [Solo] I wrote a tiny Pearl script, the Pearl language that tied together other people's programs that searched for blank password, so you could scan 65,000 machines in just over a minute. So using the remote control program, I turned the color down to four bit color and the screen resolution really, really low.

And even then this picture was still, you know, judging and coming onto the screen. But what came onto the screen was amazing. It was a culmination of all my efforts.

It was a picture of something that definitely wasn't manmade. It was above the Earth's hemisphere, it was - [Robotic Voice] Warning. Warning.

Position compromised. Position Compromised. - [Narrator] He understands what's happening and runs up a full memory wipe.

Suddenly. (knocking on door) - [Police Man] London Police. Open up.

(knocking on door) - [Narrator] The hacking spree that lasted 13 months from February 2001 to March 2002 comes to an end. - [Man On TV] ♪ This is a song that I used ♪ to hear the old folks sing a long time ago. ♪ And I used to hear him tell me these words, ♪ You better mind, mind, mind.

- [Narrator] They take him to the Scotland Yard Prison where his case is officially filed. - [Man On TV] ♪ You know my God ♪ - [Narrator] And the shocking revelation shatters Gary's world. - [Man On TV] ♪ If this, what he doing ♪ - When he learns that the US government is involved in his arrest.

- [Man On TV] ♪ And you better mind. ♪ - [Narrator] He's facing a life sentence, - [Man On TV] ♪ And you better mind. ♪ - [Narrator] His mother organizes a campaign to spread awareness.

Becomes a sort of icon. - [News Reporter] Alleged defenses are not in doubt, accused of hacking into the Pentagons Computer Network in 2002 causing damage estimated to be more than $700,000. But the 44 year old suffers from a Asperger's Syndrome and claims to have been looking for evidence of UFOs.

- [Narrator] After multiple failed appeals. - [Theresa May] Since I came into office, the sole issue on which I have been required to make a decision is where MrMcKinnons extradition to the United States would breach his human rights. - [Man In Glasses] We are unusual in this country, in that we are prepared to extradite our own citizens.

Many other countries will not extradite their own citizens. They say that they will be tried in their own country or not at all. - [Theresa May] As the house would expect, I have very carefully considered the representations made on MrMcKinnon's behalf, including from a number of clinicians.

I have obtained my own medical advice from practitioners recommended to me by the Chief Medical Officer. And I have taken extensive legal advice. After careful consideration of all of the relevant material.

I have concluded that MrMcKinnon's extradition would give rise to such a high risk of him ending his life. - [Crowd] Yeah. - [Theresa May] It will now be for the Director of Public Prosecutions to decide whether MrMcKinnon has a case to answer in a UK court.

- [Narrator] The ultimate statement comes from the Director of Public Prosecutions, who elucidates that Gary would not be facing any charges in the UK. And the 10 year case comes to an end. (eerie sounds) - [Interviewer] Is it possible this is an artist's impression?

- [Gary] I don't know. No. For me, it was too co.

. it was more than coincidence. I mean this woman has said this is what happens in this building in this Space Center.

I went into that building in that Space Center and saw exactly that. And the folders were even called unprocessed and processed or raw and filtered or something, so. - [Interviewer] Do you have a copy of this?

It came down to your machine? - [Gary] No, it came. .

. the graphical remote viewer works frame by frame. It's a Java application.

So it's not. . .

nothing is saved hard drive or at least if it is only, you know, one frame at a time might be. - [Interviewer] So did you get the one frame? - [Gary] Nope.

- [Interviewer] What happened? - [Gary] Well, once I was cut off and my picture disappeared I was, - [Interviewer] You actually cut off? - [Gary] Oh yeah.

- [Interviewer] The time you were downloading the picture. - [Gary] Yeah. I saw the guy's hand move across.