WEBVTT

1
00:00:00.080 --> 00:00:02.160
<v Speaker 1>So you wake up, right, you pour your coffee, you

2
00:00:02.160 --> 00:00:04.719
<v Speaker 1>sit down on your couch, and you flip open your

3
00:00:04.799 --> 00:00:05.919
<v Speaker 1>laptop to check your email.

4
00:00:06.360 --> 00:00:09.439
<v Speaker 2>Sounds like a totally normal, peaceful morning, exactly.

5
00:00:09.480 --> 00:00:13.320
<v Speaker 1>It feels peaceful, but the reality is actually quite a

6
00:00:13.359 --> 00:00:16.519
<v Speaker 1>bit darker because the second you connect to the Internet,

7
00:00:16.600 --> 00:00:20.120
<v Speaker 1>you're essentially walking at your front door and stepping straight

8
00:00:20.160 --> 00:00:22.559
<v Speaker 1>onto an active, hostile battlefield.

9
00:00:22.679 --> 00:00:25.920
<v Speaker 2>Yeah you just you know, you can't see the artillery.

10
00:00:25.600 --> 00:00:28.719
<v Speaker 1>Right, And that is exactly the core premise we're exploring

11
00:00:28.760 --> 00:00:31.879
<v Speaker 1>in today's deep dive. We are looking at this incredibly

12
00:00:31.920 --> 00:00:36.039
<v Speaker 1>revealing book called Advance Persistent Threat Hacking, The Art and

13
00:00:36.159 --> 00:00:38.840
<v Speaker 1>Science of Hacking Any Organization.

14
00:00:38.560 --> 00:00:40.000
<v Speaker 2>Bye Tyler Wrightson, Yeah.

15
00:00:39.799 --> 00:00:42.799
<v Speaker 1>By Tyler Wrightson. And our mission today is basically to

16
00:00:42.840 --> 00:00:45.719
<v Speaker 1>completely dismantle this myth that any organization out there is

17
00:00:45.719 --> 00:00:47.119
<v Speaker 1>one hundred percent secure.

18
00:00:46.880 --> 00:00:49.159
<v Speaker 2>Right, because none of them are, exactly And.

19
00:00:49.119 --> 00:00:51.679
<v Speaker 1>We want to redefine what a modern threat actually looks

20
00:00:51.759 --> 00:00:55.159
<v Speaker 1>like and dig into the mechanics of some truly mind

21
00:00:55.159 --> 00:00:56.520
<v Speaker 1>blowing historical breaches.

22
00:00:56.799 --> 00:00:58.840
<v Speaker 2>I think what's so great about Rightson's book is that

23
00:00:58.880 --> 00:01:02.880
<v Speaker 2>he brings this very analytical, almost clinical perspective to a

24
00:01:02.960 --> 00:01:06.239
<v Speaker 2>subject that, well, you know, it usually just generates a

25
00:01:06.239 --> 00:01:07.120
<v Speaker 2>ton of anxiety.

26
00:01:07.200 --> 00:01:09.319
<v Speaker 1>For sure. It's terrifying stuff it is.

27
00:01:09.840 --> 00:01:12.840
<v Speaker 2>But he makes this really compelling case that while our

28
00:01:12.920 --> 00:01:16.239
<v Speaker 2>digital world relies on all this complex cryptography and like

29
00:01:16.560 --> 00:01:21.959
<v Speaker 2>intricate firewalls, the true vulnerabilities, the actual reasons these networks

30
00:01:22.000 --> 00:01:24.760
<v Speaker 2>get compromised, they're almost always rooted in human nature.

31
00:01:24.920 --> 00:01:28.480
<v Speaker 1>Human nature and like basic economic imbalances. Icly, yeah, so

32
00:01:28.719 --> 00:01:30.959
<v Speaker 1>before we get into the actual mechanics of how these

33
00:01:30.959 --> 00:01:33.599
<v Speaker 1>networks fall apart, I think we really need to establish

34
00:01:33.599 --> 00:01:36.719
<v Speaker 1>who is breaking them down. The text lays out this

35
00:01:36.840 --> 00:01:39.280
<v Speaker 1>framework called the threat pyramid.

36
00:01:39.480 --> 00:01:41.920
<v Speaker 2>Right, the threat pyramid, so the author uses a very

37
00:01:41.959 --> 00:01:46.280
<v Speaker 2>specific equation to categorize these actors. It's motives plus capabilities

38
00:01:46.319 --> 00:01:47.439
<v Speaker 2>equals threat class.

39
00:01:47.480 --> 00:01:48.200
<v Speaker 1>Okay, got it.

40
00:01:48.200 --> 00:01:50.239
<v Speaker 2>And then you take that threat class and add history

41
00:01:50.719 --> 00:01:53.159
<v Speaker 2>and that gives you your threat. So at the very

42
00:01:53.159 --> 00:01:56.519
<v Speaker 2>bottom foundation of this pyramid you have the unsophisticated threats,

43
00:01:56.640 --> 00:01:59.439
<v Speaker 2>the ut exactly, these are just individuals with you know,

44
00:01:59.680 --> 00:02:02.959
<v Speaker 2>minimum technical expertise. And then you move up through smart

45
00:02:02.959 --> 00:02:05.000
<v Speaker 2>threats all the way to the very top, which is

46
00:02:05.000 --> 00:02:06.519
<v Speaker 2>the advanced persistent threat or.

47
00:02:06.480 --> 00:02:09.800
<v Speaker 1>APT, which for a long time the security industry basically

48
00:02:09.840 --> 00:02:15.680
<v Speaker 1>reserve that APT term strictly for massive state sponsored intelligence agencies.

49
00:02:15.280 --> 00:02:18.560
<v Speaker 2>Right, Yeah, the ones with bottomless budgets and huge teams.

50
00:02:18.680 --> 00:02:21.360
<v Speaker 1>Right. But I really want to challenge our cultural perception

51
00:02:21.400 --> 00:02:25.159
<v Speaker 1>of hacking here because the book fundamentally redefines what an

52
00:02:25.240 --> 00:02:26.879
<v Speaker 1>APT is for the modern era.

53
00:02:27.000 --> 00:02:28.240
<v Speaker 2>It totally does.

54
00:02:28.120 --> 00:02:31.400
<v Speaker 1>Because I mean, we are all conditioned by Hollywood to

55
00:02:31.439 --> 00:02:34.400
<v Speaker 1>picture a hacker as you know, some guy sitting in

56
00:02:34.439 --> 00:02:37.599
<v Speaker 1>a dark room by hoodie, right, the hoodie is furiously

57
00:02:37.639 --> 00:02:41.240
<v Speaker 1>typing custom green code to like smash through a firewall.

58
00:02:41.879 --> 00:02:44.719
<v Speaker 1>But the text argues that an APT can actually just

59
00:02:44.759 --> 00:02:47.439
<v Speaker 1>be a single, isolated individual.

60
00:02:47.520 --> 00:02:49.520
<v Speaker 2>Yeah, they might have a microscopic budget, but what they

61
00:02:49.520 --> 00:02:53.800
<v Speaker 2>have is a highly refined skill set and just relentless patients.

62
00:02:53.800 --> 00:02:55.280
<v Speaker 1>Relentless, that is the word.

63
00:02:55.400 --> 00:03:00.319
<v Speaker 2>It's the defining characteristic. A true APT will literally study

64
00:03:00.360 --> 00:03:03.960
<v Speaker 2>a specific target for months. I mean they'll map out

65
00:03:03.960 --> 00:03:08.120
<v Speaker 2>the organizational chart, observe the technology stack, and just wait.

66
00:03:08.360 --> 00:03:11.319
<v Speaker 1>Just waiting for one employee to make a slight misstep.

67
00:03:11.520 --> 00:03:14.520
<v Speaker 2>Exactly, And to your earlier point about the custom code

68
00:03:14.560 --> 00:03:17.159
<v Speaker 2>from the movies, they increasingly rely on what the author

69
00:03:17.199 --> 00:03:19.319
<v Speaker 2>calls exploitless.

70
00:03:18.439 --> 00:03:21.159
<v Speaker 1>Exploits, Right, I was hoping we touch on that, because

71
00:03:21.199 --> 00:03:24.560
<v Speaker 1>exploitless exploit sounds like a total contradiction. But the book

72
00:03:24.639 --> 00:03:27.520
<v Speaker 1>uses this crowbar analogy that I think explains it perfectly.

73
00:03:27.599 --> 00:03:29.240
<v Speaker 2>Oh, the crowbar is a great way to look at it.

74
00:03:29.319 --> 00:03:31.360
<v Speaker 1>Yeah, because a crowbar is just a piece of metal, right.

75
00:03:31.680 --> 00:03:34.560
<v Speaker 1>A carpenter uses it to remove nails, which is helpful,

76
00:03:34.879 --> 00:03:37.479
<v Speaker 1>while a burglar uses it to force open a window.

77
00:03:37.680 --> 00:03:40.719
<v Speaker 2>The tool itself is completely neutral. It's the intent that's

78
00:03:40.759 --> 00:03:41.919
<v Speaker 2>malicious exactly.

79
00:03:42.319 --> 00:03:44.960
<v Speaker 1>So in a network environment, an attacker doesn't need to

80
00:03:44.960 --> 00:03:48.439
<v Speaker 1>write some super complex custom virus if they can just

81
00:03:48.599 --> 00:03:53.159
<v Speaker 1>use the company's own perfectly legitimate file transfer software to

82
00:03:53.360 --> 00:03:55.520
<v Speaker 1>quietly export sensitive data.

83
00:03:55.560 --> 00:03:59.080
<v Speaker 2>Because to a firewall, that data exultration just looks like,

84
00:03:59.199 --> 00:04:02.080
<v Speaker 2>you know, an author user backing up files over a

85
00:04:02.120 --> 00:04:03.520
<v Speaker 2>completely standard protocol.

86
00:04:04.080 --> 00:04:06.639
<v Speaker 1>Wow, So the security systems don't trigger it all.

87
00:04:06.639 --> 00:04:09.719
<v Speaker 2>Nope, because the software is behaving exactly as it was

88
00:04:09.759 --> 00:04:11.039
<v Speaker 2>designed to see.

89
00:04:11.039 --> 00:04:14.960
<v Speaker 1>That exposes a massive structural flaw in how we defend networks.

90
00:04:15.520 --> 00:04:19.519
<v Speaker 1>I mean, if a single individual using built in administrative

91
00:04:19.519 --> 00:04:22.879
<v Speaker 1>tools is that potent, it raises a really frustrating question.

92
00:04:23.079 --> 00:04:26.040
<v Speaker 2>Why do massive corporations fail to keep them out?

93
00:04:26.240 --> 00:04:29.399
<v Speaker 1>Yes, they spend millions of dollars every year on dedicated

94
00:04:29.439 --> 00:04:32.600
<v Speaker 1>to IT security teams. Why does they consistently fail?

95
00:04:33.000 --> 00:04:36.839
<v Speaker 2>Well, right away, the text points to this brutal economic reality.

96
00:04:36.920 --> 00:04:40.079
<v Speaker 2>The ROI, the return on investment for cybercrime is just

97
00:04:40.560 --> 00:04:41.639
<v Speaker 2>completely skewed.

98
00:04:41.639 --> 00:04:44.040
<v Speaker 1>Oh the bank robbery stat Yeah, there's a statistic in

99
00:04:44.079 --> 00:04:47.040
<v Speaker 1>the book from twenty eleven that says the average physical

100
00:04:47.079 --> 00:04:50.040
<v Speaker 1>bank robbery netted the criminal about eight thousand dollars.

101
00:04:50.199 --> 00:04:52.319
<v Speaker 2>Just think about the logistics of that. For eight grand,

102
00:04:52.399 --> 00:04:55.240
<v Speaker 2>you need a weapon, a disguise, maybe a getaway vehicle.

103
00:04:55.319 --> 00:04:57.279
<v Speaker 1>You're risking a shootout right, an.

104
00:04:57.279 --> 00:05:01.279
<v Speaker 2>Armed confrontation, high speed evasion, and and potentially decades in

105
00:05:01.319 --> 00:05:04.759
<v Speaker 2>a federal penitentiary, all for a payout that barely covers

106
00:05:04.759 --> 00:05:05.680
<v Speaker 2>a couple months of rent.

107
00:05:05.759 --> 00:05:06.839
<v Speaker 1>It's insane, but.

108
00:05:06.800 --> 00:05:10.600
<v Speaker 2>Cybercrime flips that entire risk reward ratio on its head

109
00:05:11.040 --> 00:05:15.319
<v Speaker 2>and attacker faces practically zero physical risk, none at all.

110
00:05:15.399 --> 00:05:18.000
<v Speaker 2>They can operate from a country with no extradition treaties,

111
00:05:18.120 --> 00:05:21.759
<v Speaker 2>stay completely anonymous, and siphon six or seven figures from

112
00:05:21.759 --> 00:05:23.199
<v Speaker 2>a database from their couch.

113
00:05:23.040 --> 00:05:25.959
<v Speaker 1>In a matter of hours. So the financial incentive is

114
00:05:26.000 --> 00:05:29.879
<v Speaker 1>just overwhelmingly in their favor, but the defenders are also

115
00:05:30.000 --> 00:05:34.000
<v Speaker 1>fighting this mathematically unwinnable battle right The book calls it

116
00:05:34.040 --> 00:05:35.120
<v Speaker 1>the numbers game.

117
00:05:35.399 --> 00:05:38.000
<v Speaker 2>The numbers game is brutal for defenders.

118
00:05:37.519 --> 00:05:41.120
<v Speaker 1>Because a corporate security engineer has to flawlessly manage the

119
00:05:41.199 --> 00:05:45.639
<v Speaker 1>staggering amount of variables they're configuring, hundreds of servers, patching apps,

120
00:05:45.879 --> 00:05:47.959
<v Speaker 1>managing user permissions, training.

121
00:05:47.639 --> 00:05:50.639
<v Speaker 2>Staff, and the attacker only needs that engineer to overlook

122
00:05:50.720 --> 00:05:54.040
<v Speaker 2>one single detail, one tiny mistake.

123
00:05:53.759 --> 00:05:56.439
<v Speaker 1>And that asymmetry is compounded by just how complex our

124
00:05:56.439 --> 00:05:59.560
<v Speaker 1>software is. Now. The text uses Windows seven as an example,

125
00:06:00.000 --> 00:06:02.279
<v Speaker 1>as it contains roughly fifty million lines of code.

126
00:06:02.439 --> 00:06:07.240
<v Speaker 2>Fifty million. No human or even a massive team of humans,

127
00:06:07.279 --> 00:06:10.000
<v Speaker 2>can hold the entirety of that architecture in their heads.

128
00:06:10.279 --> 00:06:13.319
<v Speaker 2>It's impossible even if the developers achieved a near miraculous

129
00:06:13.519 --> 00:06:16.920
<v Speaker 2>error rate, say just one percent of one percent of

130
00:06:16.920 --> 00:06:20.199
<v Speaker 2>that code contained an exploitable logical flaw.

131
00:06:20.240 --> 00:06:22.279
<v Speaker 1>Which is an incredibly generous.

132
00:06:22.000 --> 00:06:25.680
<v Speaker 2>Error, very generous, But even then, that still leaves five

133
00:06:25.759 --> 00:06:30.000
<v Speaker 2>hundred latent vulnerabilities baked right into the system, just waiting

134
00:06:30.040 --> 00:06:30.839
<v Speaker 2>to be discovered.

135
00:06:31.040 --> 00:06:34.600
<v Speaker 1>And when a researcher or a malicious actor actually finds

136
00:06:34.600 --> 00:06:37.480
<v Speaker 1>one of those flaws, we enter what the industry calls

137
00:06:37.519 --> 00:06:38.399
<v Speaker 1>the patch gap.

138
00:06:38.680 --> 00:06:40.160
<v Speaker 2>Ah, the patch gap.

139
00:06:40.319 --> 00:06:43.759
<v Speaker 1>Yes, from my understanding, it's basically this perilous window of

140
00:06:43.800 --> 00:06:47.439
<v Speaker 1>time between a software vendor publicly acknowledging a vulnerability and

141
00:06:47.480 --> 00:06:50.000
<v Speaker 1>the end user actually installing the security update.

142
00:06:50.160 --> 00:06:52.439
<v Speaker 2>Yeah, and that gap is structural. It's built into the

143
00:06:52.480 --> 00:06:55.199
<v Speaker 2>system because a software company has to write the patch,

144
00:06:55.560 --> 00:06:57.839
<v Speaker 2>then test it rigorously because you don't want the patch

145
00:06:57.879 --> 00:07:02.120
<v Speaker 2>to accidentally crash other business apps, then distribute it.

146
00:07:02.240 --> 00:07:04.879
<v Speaker 1>And then you have to rely on network administrators to

147
00:07:04.959 --> 00:07:07.720
<v Speaker 1>actually schedule the downtime to apply it exactly.

148
00:07:07.839 --> 00:07:12.000
<v Speaker 2>And that whole process can take weeks, sometimes months. Meanwhile,

149
00:07:12.040 --> 00:07:15.639
<v Speaker 2>attackers are actively monitoring those vulnerability announcements.

150
00:07:15.720 --> 00:07:18.120
<v Speaker 1>They see the announcement and just pounce immediately.

151
00:07:18.480 --> 00:07:21.920
<v Speaker 2>They deploy attacks targeting all those unpatched systems. They basically

152
00:07:21.959 --> 00:07:22.839
<v Speaker 2>live in that gap.

153
00:07:23.079 --> 00:07:25.399
<v Speaker 1>But I'd argue the problem is even deeper than just

154
00:07:25.439 --> 00:07:29.160
<v Speaker 1>the logistics of software updates, because the text delves into

155
00:07:29.240 --> 00:07:30.879
<v Speaker 1>the psychology of insecurity.

156
00:07:31.279 --> 00:07:33.319
<v Speaker 2>Right. The psychological aspect is huge.

157
00:07:33.360 --> 00:07:39.720
<v Speaker 1>It introduces this concept of ambiguous causality. Basically, human evolution

158
00:07:39.920 --> 00:07:44.079
<v Speaker 1>wired us to learn from immediate physical feedback. The book

159
00:07:44.120 --> 00:07:46.160
<v Speaker 1>has this brilliant analogy about a car radio.

160
00:07:46.319 --> 00:07:47.759
<v Speaker 2>I love the car radio analogy.

161
00:07:47.879 --> 00:07:50.040
<v Speaker 1>Right. If you park in a dangerous neighborhood and leave

162
00:07:50.040 --> 00:07:53.199
<v Speaker 1>your doors unlocked and someone steals your radio, you come

163
00:07:53.240 --> 00:07:56.399
<v Speaker 1>back and see the shattered glass, the emotional sting is immediate.

164
00:07:56.519 --> 00:07:58.720
<v Speaker 2>You feel the loss right then and there, exactly.

165
00:07:58.959 --> 00:08:02.519
<v Speaker 1>Your brain instantly hardwire as a lesson, lock the doors.

166
00:08:02.279 --> 00:08:05.439
<v Speaker 2>Next time, because our brains are fantastic at processing immediate

167
00:08:05.439 --> 00:08:09.160
<v Speaker 2>physical consequences. But the digital realm totally strips.

168
00:08:08.800 --> 00:08:11.079
<v Speaker 1>That away, totally. I mean, if you click remind me

169
00:08:11.160 --> 00:08:14.160
<v Speaker 1>later on a critical security update for your laptop, nothing

170
00:08:14.199 --> 00:08:15.399
<v Speaker 1>physical happens.

171
00:08:15.079 --> 00:08:17.000
<v Speaker 2>Your computer keeps running perfectly fine.

172
00:08:17.199 --> 00:08:20.839
<v Speaker 1>Yeah, But then three months later, your credit card data

173
00:08:20.879 --> 00:08:24.480
<v Speaker 1>is sold on some dark web forum, and maybe another

174
00:08:24.519 --> 00:08:27.920
<v Speaker 1>two months pass before you even notice the fraudulent charges

175
00:08:27.920 --> 00:08:28.720
<v Speaker 1>on your bank statement.

176
00:08:28.800 --> 00:08:30.800
<v Speaker 2>The causality is entirely severed at that.

177
00:08:30.800 --> 00:08:34.279
<v Speaker 1>Point, completely. Your brain fails to connect the pain of

178
00:08:34.320 --> 00:08:38.039
<v Speaker 1>the stolen money with the decision to ignore that one

179
00:08:38.120 --> 00:08:40.879
<v Speaker 1>specific software update five months prior.

180
00:08:41.240 --> 00:08:45.080
<v Speaker 2>And because that feedback loop is broken, users continually engage

181
00:08:45.120 --> 00:08:48.320
<v Speaker 2>in high risk digital behaviors, which brings us to a

182
00:08:48.360 --> 00:08:49.840
<v Speaker 2>pretty sobering realization.

183
00:08:50.080 --> 00:08:52.919
<v Speaker 1>Yeah, that the defense is so inherently fragile and the

184
00:08:52.960 --> 00:08:55.639
<v Speaker 1>attack surface is so vast that the actors at the

185
00:08:55.759 --> 00:08:58.559
<v Speaker 1>very bottom of the threat payer maide. Those unsophisticated threats

186
00:08:58.919 --> 00:09:00.679
<v Speaker 1>can inflict catastros damage.

187
00:09:00.759 --> 00:09:02.679
<v Speaker 2>Yeah, let's talk about those load tier threats. The text

188
00:09:02.799 --> 00:09:06.000
<v Speaker 2>highlights physical skimmers as a prime example of this evolution.

189
00:09:06.240 --> 00:09:07.120
<v Speaker 1>Oh the skimmers.

190
00:09:07.200 --> 00:09:11.559
<v Speaker 2>Right. Initially, these started out as like crude, bulky machines

191
00:09:11.639 --> 00:09:14.679
<v Speaker 2>that a corrupt cashier might secretly swipe your card through.

192
00:09:14.960 --> 00:09:17.039
<v Speaker 1>But the hardware kept shrinking drastically.

193
00:09:17.519 --> 00:09:22.120
<v Speaker 2>Criminals started cannibalizing cheap MP three players, using the tiny

194
00:09:22.200 --> 00:09:26.200
<v Speaker 2>microscopic memory chips to build these razor thin overlays that

195
00:09:26.279 --> 00:09:29.360
<v Speaker 2>sit perfectly flush inside an ATM card slot.

196
00:09:29.519 --> 00:09:31.320
<v Speaker 1>That's terrifying. They just slide it right in.

197
00:09:31.519 --> 00:09:33.639
<v Speaker 2>Yeah, and then they pair that with a tiny pinhole

198
00:09:33.679 --> 00:09:36.639
<v Speaker 2>camera pointed at the keypad, and suddenly they are capturing

199
00:09:36.639 --> 00:09:39.759
<v Speaker 2>both the magnetic strap data and your PN and they

200
00:09:39.799 --> 00:09:42.679
<v Speaker 2>didn't have to alter a single line of banking code.

201
00:09:42.720 --> 00:09:46.960
<v Speaker 1>Wow. And we see that same low tech approach successfully

202
00:09:46.960 --> 00:09:51.039
<v Speaker 1>attacking major critical infrastructure too. The book outlines this massive

203
00:09:51.080 --> 00:09:53.840
<v Speaker 1>fraud campaign that targeted the power grid in Puerto Rico.

204
00:09:53.960 --> 00:09:55.639
<v Speaker 2>Oh that's a fascinating case.

205
00:09:55.759 --> 00:09:59.240
<v Speaker 1>Yeah, people realized they could trick their residential smart electricity

206
00:09:59.279 --> 00:10:03.480
<v Speaker 1>meters to drastically under reporting their power consumption. And they

207
00:10:03.480 --> 00:10:07.159
<v Speaker 1>didn't do this by like hacking the utility central servers.

208
00:10:07.360 --> 00:10:08.519
<v Speaker 2>No, nothing that complex.

209
00:10:08.600 --> 00:10:12.879
<v Speaker 1>They simply place high powered neodymium magnets right on the exterior.

210
00:10:12.399 --> 00:10:14.840
<v Speaker 2>Of the meters, which is brilliant in its simplicity.

211
00:10:15.080 --> 00:10:16.799
<v Speaker 1>I was actually trying to wrap my head around the

212
00:10:16.799 --> 00:10:20.720
<v Speaker 1>physics of that. From what I gather, those smart meters

213
00:10:20.840 --> 00:10:24.679
<v Speaker 1>use internal current transformers to measure the flow of electricity.

214
00:10:25.360 --> 00:10:29.919
<v Speaker 1>So a strong external magnetic field basically saturates the magnetic

215
00:10:29.960 --> 00:10:33.320
<v Speaker 1>core inside the meter, totally blinding it so it can't

216
00:10:33.320 --> 00:10:34.799
<v Speaker 1>register the power passing through.

217
00:10:34.960 --> 00:10:38.080
<v Speaker 2>That is a perfect explanation of the physical mechanism. Yeah,

218
00:10:38.200 --> 00:10:41.559
<v Speaker 2>exact or the book mentions they would use a cheap

219
00:10:41.759 --> 00:10:44.879
<v Speaker 2>three hundred dollars optical probe purchased.

220
00:10:44.440 --> 00:10:46.320
<v Speaker 1>Online, just off the internet.

221
00:10:45.960 --> 00:10:49.000
<v Speaker 2>Right, they'd interface with the meter's diagnostic port and just

222
00:10:49.080 --> 00:10:53.879
<v Speaker 2>alter the reporting software. That complete lack of sophistication costs

223
00:10:53.879 --> 00:10:56.960
<v Speaker 2>the utility company and estimated four hundred million dollars in

224
00:10:57.000 --> 00:10:57.840
<v Speaker 2>a single year.

225
00:10:58.039 --> 00:11:01.440
<v Speaker 1>Four hundred million dollars yeah, just from magnets and cheap probes. Yea.

226
00:11:01.679 --> 00:11:03.879
<v Speaker 1>Then there was the social engineering angle, which is perfectly

227
00:11:03.919 --> 00:11:06.039
<v Speaker 1>illustrated by the Hollywood hacker Chris Cheney.

228
00:11:06.120 --> 00:11:08.559
<v Speaker 2>Oh, Chris Cheney. This really highlights the human element.

229
00:11:08.879 --> 00:11:12.320
<v Speaker 1>He gained access to the private email accounts of major celebrities,

230
00:11:12.559 --> 00:11:17.879
<v Speaker 1>including Scarlett Johansson, which resulted in those highly publicized photo weeks. Now,

231
00:11:17.960 --> 00:11:20.799
<v Speaker 1>you would assume a breach of that magnitude required, I

232
00:11:20.799 --> 00:11:24.320
<v Speaker 1>don't know, an advanced decryption or a zero day exploit.

233
00:11:24.440 --> 00:11:25.960
<v Speaker 2>Right, you'd think he was a mastermind.

234
00:11:26.480 --> 00:11:29.600
<v Speaker 1>But the man was a self admitted novice. He didn't

235
00:11:29.600 --> 00:11:30.440
<v Speaker 1>write malware.

236
00:11:30.759 --> 00:11:35.000
<v Speaker 2>No, he bypassed the technical perimeter entirely. He just attacked

237
00:11:35.039 --> 00:11:36.360
<v Speaker 2>the account recovery process.

238
00:11:36.440 --> 00:11:39.480
<v Speaker 1>Yeah. He simply typed their email addresses and clicked forgot

239
00:11:39.559 --> 00:11:42.720
<v Speaker 1>password mm and the systems prompted him with those standard

240
00:11:42.759 --> 00:11:45.320
<v Speaker 1>security questions things like what was the name of your

241
00:11:45.320 --> 00:11:48.159
<v Speaker 1>first pet or what high school did you attend.

242
00:11:47.840 --> 00:11:50.919
<v Speaker 2>Which is a huge flaw when your targets are public figures.

243
00:11:51.080 --> 00:11:54.559
<v Speaker 1>Exactly because of their public figures, he just opened a second

244
00:11:54.559 --> 00:11:57.720
<v Speaker 1>browser tab, read through their Wikipedia pages or some old

245
00:11:57.759 --> 00:11:59.360
<v Speaker 1>magazine interviews.

246
00:11:59.200 --> 00:12:01.480
<v Speaker 2>And typed in the an it's almost too easy.

247
00:12:01.559 --> 00:12:03.879
<v Speaker 1>And once he was in the account, he accessed the

248
00:12:03.879 --> 00:12:08.000
<v Speaker 1>settings and created a hidden forwarding rule, so every single

249
00:12:08.039 --> 00:12:12.039
<v Speaker 1>future email they received was silently copied directly to his

250
00:12:12.080 --> 00:12:12.799
<v Speaker 1>own inbox.

251
00:12:13.240 --> 00:12:18.519
<v Speaker 2>It perfectly demonstrates how a static verification system relying on

252
00:12:18.799 --> 00:12:23.200
<v Speaker 2>biographical trivia as a security credential, it just fails completely.

253
00:12:23.240 --> 00:12:25.360
<v Speaker 2>In the era of search engines, it totally fails.

254
00:12:25.480 --> 00:12:28.399
<v Speaker 1>It also highlights with the book calls the weaponization of software.

255
00:12:29.000 --> 00:12:31.799
<v Speaker 1>Take the case of Barry Ardolf, the quote unquote neighbor

256
00:12:31.799 --> 00:12:32.240
<v Speaker 1>from Hell.

257
00:12:32.519 --> 00:12:34.240
<v Speaker 2>Oh, this story is wild.

258
00:12:34.320 --> 00:12:37.679
<v Speaker 1>He gets into this petty suburban dispute and decides to

259
00:12:37.720 --> 00:12:41.399
<v Speaker 1>frame his neighbor for federal crimes. So he breaches the

260
00:12:41.440 --> 00:12:45.799
<v Speaker 1>neighbor's home wireless network, which was using this outdated protocol

261
00:12:45.840 --> 00:12:50.559
<v Speaker 1>called WP, and he routes horrific emails, including bomb threats

262
00:12:50.600 --> 00:12:53.120
<v Speaker 1>to the Vice President through the neighbor's IP address.

263
00:12:53.159 --> 00:12:55.080
<v Speaker 2>Well just to trigger a secret service rate on the

264
00:12:55.080 --> 00:12:56.159
<v Speaker 2>poor guy's house.

265
00:12:56.120 --> 00:13:00.080
<v Speaker 1>Which worked. But okay, WP or wired equivalent privacy i'

266
00:13:00.120 --> 00:13:02.480
<v Speaker 1>voice heard WP was weak. But what actually makes it

267
00:13:02.559 --> 00:13:03.440
<v Speaker 1>so easy to break?

268
00:13:03.799 --> 00:13:06.159
<v Speaker 2>Basically, it comes down to how it handles the encryption

269
00:13:06.320 --> 00:13:09.399
<v Speaker 2>keys WEP uses a very short string of data called

270
00:13:09.399 --> 00:13:11.879
<v Speaker 2>an initialization vector to scramble the signal.

271
00:13:12.000 --> 00:13:15.679
<v Speaker 3>Okay, an initialization vector, right, But because that vector is

272
00:13:15.720 --> 00:13:19.200
<v Speaker 3>so short, the router ends up reusing the exact same

273
00:13:19.240 --> 00:13:22.519
<v Speaker 3>mathematical values repeatedly as it transmits data packets.

274
00:13:22.639 --> 00:13:23.320
<v Speaker 1>Oh icee.

275
00:13:23.399 --> 00:13:25.840
<v Speaker 2>So if an attacker just sits outside your house with

276
00:13:25.879 --> 00:13:29.600
<v Speaker 2>an antenna and simply captures enough of those overlapping packets,

277
00:13:29.840 --> 00:13:32.159
<v Speaker 2>they can use a basic software tool to analyze the

278
00:13:32.200 --> 00:13:33.120
<v Speaker 2>patterns and.

279
00:13:33.080 --> 00:13:34.600
<v Speaker 1>Just reverse engineer the master.

280
00:13:34.399 --> 00:13:36.480
<v Speaker 2>Passwords exactly in a matter of minutes.

281
00:13:36.559 --> 00:13:40.639
<v Speaker 1>Wow. And that's the crucial point about Ardolf. When federal

282
00:13:40.679 --> 00:13:44.879
<v Speaker 1>agents finally analyzed his hard drive, they didn't find sophisticated

283
00:13:44.919 --> 00:13:49.120
<v Speaker 1>custom code. They found step by step pdf tutorials downloaded

284
00:13:49.120 --> 00:13:49.799
<v Speaker 1>from the internet.

285
00:13:49.879 --> 00:13:51.440
<v Speaker 2>He was just following instructions.

286
00:13:51.519 --> 00:13:55.480
<v Speaker 1>Yeah, he didn't understand the cryptographic failures of WEP. He

287
00:13:55.600 --> 00:13:57.759
<v Speaker 1>was just following a recipe and using port and click

288
00:13:57.799 --> 00:13:59.159
<v Speaker 1>software built by someone else.

289
00:13:59.240 --> 00:14:01.919
<v Speaker 2>And that encapsulate it's the whole concept of the weaponization

290
00:14:02.000 --> 00:14:05.639
<v Speaker 2>of software. Historically, to execute a cyber attack, you needed

291
00:14:05.679 --> 00:14:09.720
<v Speaker 2>a deep understanding of networking protocols and memory allocation. But

292
00:14:09.840 --> 00:14:13.960
<v Speaker 2>today these highly complex attack vectors are packaged into really

293
00:14:14.159 --> 00:14:19.360
<v Speaker 2>user friendly interfaces. The barrier to entry has completely evaporated.

294
00:14:18.879 --> 00:14:23.240
<v Speaker 1>Which empowers individuals with zero technical background to execute sophisticated

295
00:14:23.279 --> 00:14:26.759
<v Speaker 1>attacks exactly which leads us to a pretty daunting pivot.

296
00:14:27.320 --> 00:14:29.799
<v Speaker 1>If point and click tools in the hands of some

297
00:14:30.000 --> 00:14:35.080
<v Speaker 1>angry neighbor can trigger a secret service investigation, what is

298
00:14:35.159 --> 00:14:36.000
<v Speaker 1>the ceiling here?

299
00:14:36.080 --> 00:14:37.320
<v Speaker 2>That's the terrifying question.

300
00:14:37.559 --> 00:14:41.159
<v Speaker 1>What happens when the entities building these tools possess limitless funding,

301
00:14:41.720 --> 00:14:45.039
<v Speaker 1>teams of elite mathematicians, and a geopolitical mandate.

302
00:14:45.080 --> 00:14:47.000
<v Speaker 2>Well, that brings us right back to the apex of

303
00:14:47.039 --> 00:14:51.960
<v Speaker 2>the threat pyramid. The true advanced persistent threats typically nation states,

304
00:14:52.519 --> 00:14:55.559
<v Speaker 2>and the clearest manifestation of that capability discussed in the

305
00:14:55.600 --> 00:14:56.679
<v Speaker 2>text is Stucksnet.

306
00:14:56.879 --> 00:14:59.159
<v Speaker 1>Okay, so before we dive into the architecture of stuxnet,

307
00:14:59.240 --> 00:15:01.559
<v Speaker 1>I need to set an necessary guardrail for you listening.

308
00:15:02.159 --> 00:15:05.360
<v Speaker 1>The book attributes the creation of stucksnet and its variants

309
00:15:05.440 --> 00:15:09.840
<v Speaker 1>to specific nations, namely the United States and Israel operating

310
00:15:09.879 --> 00:15:13.279
<v Speaker 1>against the Iranian nuclear program. We are strictly examining the

311
00:15:13.320 --> 00:15:17.159
<v Speaker 1>technical analyzes and historical claims exactly as they are presented

312
00:15:17.200 --> 00:15:19.440
<v Speaker 1>by the author and the source XT We are not

313
00:15:19.639 --> 00:15:23.080
<v Speaker 1>endorsing these geopolitical attributions, and we aren't taking a position

314
00:15:23.120 --> 00:15:26.440
<v Speaker 1>on the underlying conflicts. We are just reporting on the

315
00:15:26.480 --> 00:15:28.639
<v Speaker 1>technological milestones the book describes.

316
00:15:28.759 --> 00:15:31.000
<v Speaker 2>And it's a vital distinction to make. But from a

317
00:15:31.000 --> 00:15:36.919
<v Speaker 2>pure engineering perspective, stucksnet fundamentally altered the entire security landscape.

318
00:15:37.000 --> 00:15:40.799
<v Speaker 2>How so well in the security community, discovering a single

319
00:15:41.080 --> 00:15:45.120
<v Speaker 2>zero day exploit, meaning a software vulnerability that is completely

320
00:15:45.200 --> 00:15:48.639
<v Speaker 2>unknown to the vendor so no patch exists, that is

321
00:15:48.679 --> 00:15:50.120
<v Speaker 2>considered a massive.

322
00:15:49.799 --> 00:15:51.679
<v Speaker 1>Win, right, A zero days the holy grail.

323
00:15:51.799 --> 00:15:56.960
<v Speaker 2>Yeah, but stucksnet suxnet deployed four distinct Windows zero day

324
00:15:57.039 --> 00:15:59.240
<v Speaker 2>exploits simultaneously, four of them.

325
00:15:59.320 --> 00:16:02.600
<v Speaker 1>Yeah, just put that in perspective. Possessing four zero days

326
00:16:02.639 --> 00:16:04.720
<v Speaker 1>is like walking up to the world's most secure facility

327
00:16:04.960 --> 00:16:08.120
<v Speaker 1>and realizing you secretly hold master keys to the front gate,

328
00:16:08.159 --> 00:16:11.120
<v Speaker 1>the elevator, the vault door, and the safety deposit boxes.

329
00:16:11.320 --> 00:16:14.519
<v Speaker 2>That's exactly what it's like. Furthermore, the nature of these

330
00:16:14.519 --> 00:16:18.919
<v Speaker 2>specific exports was totally unprecedented. The text highlights that none

331
00:16:18.919 --> 00:16:20.320
<v Speaker 2>of them relied on memory corruption.

332
00:16:20.639 --> 00:16:23.360
<v Speaker 1>Okay, let me see if I grasp the significance of that.

333
00:16:24.559 --> 00:16:28.240
<v Speaker 1>My understanding of memory corruption like a buffer overflow, is

334
00:16:28.240 --> 00:16:30.799
<v Speaker 1>that you try to force a computer to store more

335
00:16:30.919 --> 00:16:34.080
<v Speaker 1>data in a specific block of memory than it was

336
00:16:34.080 --> 00:16:34.840
<v Speaker 1>designed to hold.

337
00:16:35.000 --> 00:16:37.120
<v Speaker 2>Yes, exactly, It's like trying to pour.

338
00:16:36.960 --> 00:16:39.840
<v Speaker 1>A gallon of water into a tank glass. Great visual

339
00:16:40.200 --> 00:16:44.080
<v Speaker 1>The excess spills over overwriting adjacent memory spaces where the

340
00:16:44.080 --> 00:16:48.240
<v Speaker 1>computer actually keeps its operating instructions, and the attacker hopes

341
00:16:48.279 --> 00:16:51.039
<v Speaker 1>to overwrite those instructions with their own malicious code.

342
00:16:51.120 --> 00:16:55.159
<v Speaker 2>That is a highly accurate visualization. The problem for an attacker, though,

343
00:16:55.200 --> 00:16:58.679
<v Speaker 2>is that buffer overflows are inherently unstable. Often the program

344
00:16:58.759 --> 00:17:02.279
<v Speaker 2>simply crashes, the user notices the application froze, and it

345
00:17:02.679 --> 00:17:03.399
<v Speaker 2>gets notified.

346
00:17:03.519 --> 00:17:07.160
<v Speaker 1>Ah So, by avoiding memory corruption entirely, the creators of

347
00:17:07.240 --> 00:17:12.319
<v Speaker 1>Stuxnet ensured their exploits relied on perfectly reliable, quiet logic flaws.

348
00:17:12.400 --> 00:17:15.680
<v Speaker 2>Yes, the system never crashed, It just seamlessly executed the

349
00:17:15.759 --> 00:17:16.839
<v Speaker 2>unauthorized commands.

350
00:17:17.359 --> 00:17:21.079
<v Speaker 1>And to further mask its presence, the worm signed its

351
00:17:21.119 --> 00:17:25.480
<v Speaker 1>own code using legitimate digital certificates stolen from major hardware

352
00:17:25.519 --> 00:17:29.599
<v Speaker 1>manufacturers in Taiwan. So the operating system just trusted it

353
00:17:29.640 --> 00:17:30.559
<v Speaker 1>implicitly it.

354
00:17:30.599 --> 00:17:33.920
<v Speaker 2>Did, But the truly groundbreaking element of stux Net was

355
00:17:34.000 --> 00:17:37.160
<v Speaker 2>its final payload, the PLC rootkit.

356
00:17:37.400 --> 00:17:40.839
<v Speaker 1>I found the concept of a PLC fascinating because, well,

357
00:17:40.960 --> 00:17:44.440
<v Speaker 1>my laptop doesn't have one. Why is a programmable logic

358
00:17:44.480 --> 00:17:47.480
<v Speaker 1>controller so vital to an industrial facility?

359
00:17:47.599 --> 00:17:50.400
<v Speaker 2>So a PLC is the critical junction between the digital

360
00:17:50.440 --> 00:17:52.319
<v Speaker 2>instructions and kinetic reality.

361
00:17:52.359 --> 00:17:53.200
<v Speaker 1>Ginetic reality.

362
00:17:53.279 --> 00:17:55.519
<v Speaker 2>Yeah, it's the physical piece of hardware that receives a

363
00:17:55.559 --> 00:17:59.400
<v Speaker 2>command from a computer, like increase pressure, and it physically

364
00:17:59.440 --> 00:18:01.319
<v Speaker 2>opens a vow, accelerates a motor.

365
00:18:01.440 --> 00:18:01.920
<v Speaker 1>Oh wow.

366
00:18:02.000 --> 00:18:05.039
<v Speaker 2>So stucks neet infected the windows baked monitoring computers in

367
00:18:05.079 --> 00:18:07.839
<v Speaker 2>the control room. Sure, but its ultimate objective was to

368
00:18:07.839 --> 00:18:10.720
<v Speaker 2>rewrite the logic residing on the PLCs that were connected

369
00:18:10.720 --> 00:18:12.640
<v Speaker 2>to the uranium enrichmentd centrifuges.

370
00:18:12.920 --> 00:18:15.480
<v Speaker 1>The book uses an analogy here that I think perfectly

371
00:18:15.480 --> 00:18:19.599
<v Speaker 1>distills the horror of a PLC rootkit. Imagine you're driving

372
00:18:19.599 --> 00:18:24.640
<v Speaker 1>a modern car. Stucksnet infects the car's central computer. It

373
00:18:24.720 --> 00:18:28.440
<v Speaker 1>maliciously commands the engine control unit to accelerate to one

374
00:18:28.480 --> 00:18:31.519
<v Speaker 1>hundred miles per hour, pushing the engine way past its

375
00:18:31.559 --> 00:18:35.400
<v Speaker 1>red line until it physically destroys itself. Right, However, and

376
00:18:35.440 --> 00:18:38.480
<v Speaker 1>this is the insidious part it intercepts the data flowing

377
00:18:38.519 --> 00:18:41.240
<v Speaker 1>back to your dashboard, so your speedometer is locked at

378
00:18:41.240 --> 00:18:43.319
<v Speaker 1>a reassuring thirty five miles per hour.

379
00:18:43.480 --> 00:18:47.640
<v Speaker 2>It's chilling. Stucks net manipulated the PLCs to force the

380
00:18:47.680 --> 00:18:53.160
<v Speaker 2>physical centrifuges to spin at destructive erratic frequencies, but simultaneously

381
00:18:53.279 --> 00:18:57.880
<v Speaker 2>it fed pre recorded, completely normal operational data back to

382
00:18:57.920 --> 00:19:00.200
<v Speaker 2>the human operators staring at their monitors, so.

383
00:19:00.160 --> 00:19:03.039
<v Speaker 1>The engineers had no indication anything was wrong, none at all.

384
00:19:02.960 --> 00:19:05.319
<v Speaker 2>Not until the hardware literally tore itself apart in the

385
00:19:05.359 --> 00:19:05.960
<v Speaker 2>physical world.

386
00:19:06.079 --> 00:19:09.160
<v Speaker 1>It totally bridges the gap between digital sabotage and physical destruction,

387
00:19:09.400 --> 00:19:12.039
<v Speaker 1>and the text details how STUCKSNT was really merely the

388
00:19:12.079 --> 00:19:15.759
<v Speaker 1>opening salvo. It was followed by these incredibly sophisticated descendants

389
00:19:15.920 --> 00:19:17.000
<v Speaker 1>like Duqua and Flame.

390
00:19:17.319 --> 00:19:22.440
<v Speaker 2>Right Degree was repurposed primarily for reconnaissance rather than destroying hardware.

391
00:19:22.799 --> 00:19:27.279
<v Speaker 2>Its objective was to silently infiltrate networks and gather intelligence.

392
00:19:26.839 --> 00:19:30.640
<v Speaker 1>And it achieved this via a highly targeted fishing campaign

393
00:19:30.720 --> 00:19:32.799
<v Speaker 1>carrying a word document right Yes.

394
00:19:33.119 --> 00:19:36.119
<v Speaker 2>The exploit triggered of vulnerability in the way the Windows

395
00:19:36.119 --> 00:19:39.480
<v Speaker 2>operating system rendered a specific true type font.

396
00:19:39.720 --> 00:19:43.039
<v Speaker 1>Which sounds completely bizarre. On the surface, we think of

397
00:19:43.039 --> 00:19:45.480
<v Speaker 1>a font as just a collection of visual shapes, like

398
00:19:45.519 --> 00:19:47.480
<v Speaker 1>the curve of an S or the stem of a T.

399
00:19:48.400 --> 00:19:50.839
<v Speaker 1>How does a shape compromise an operating system?

400
00:19:51.039 --> 00:19:54.200
<v Speaker 2>Well, it's because fonts are not just static images. They

401
00:19:54.200 --> 00:19:59.200
<v Speaker 2>are complex mathematical instructions. The fond file actually contains executable

402
00:19:59.240 --> 00:20:02.759
<v Speaker 2>code that tells the operating system's rendering engine exactly how

403
00:20:02.799 --> 00:20:05.319
<v Speaker 2>to draw those shapes on the screen at different sizes.

404
00:20:05.359 --> 00:20:06.559
<v Speaker 1>Well, I had no idea.

405
00:20:06.759 --> 00:20:10.200
<v Speaker 2>Yeah, so the attackers crafted a malformed font file. When

406
00:20:10.200 --> 00:20:13.559
<v Speaker 2>the rendering engine tried to process those malicious drawing instructions,

407
00:20:13.720 --> 00:20:16.559
<v Speaker 2>it triggered a vulnerability that allowed the attackers to execute

408
00:20:16.680 --> 00:20:18.960
<v Speaker 2>arbitrary code with the deepest system privileges.

409
00:20:19.279 --> 00:20:21.279
<v Speaker 1>So you literally just open a document to read it,

410
00:20:21.319 --> 00:20:23.480
<v Speaker 1>the computer tries to draw the text, and the machine

411
00:20:23.519 --> 00:20:26.240
<v Speaker 1>is yours. It's that simple that leads us to Flame,

412
00:20:26.640 --> 00:20:31.079
<v Speaker 1>which the book describes as a twenty megabyte espionage behemoth,

413
00:20:31.359 --> 00:20:35.279
<v Speaker 1>which is massive compared to Stuxnet's half megabyte size. Massive

414
00:20:35.839 --> 00:20:39.839
<v Speaker 1>it could activate microphones to record ambient room audio, scrape

415
00:20:39.880 --> 00:20:43.880
<v Speaker 1>data from nearby Bluetooth devices, But the most staggering technical

416
00:20:43.920 --> 00:20:47.480
<v Speaker 1>achievement was its use of an MD five collision attack

417
00:20:47.599 --> 00:20:49.960
<v Speaker 1>to forge a Microsoft certificate.

418
00:20:49.559 --> 00:20:51.799
<v Speaker 2>And to understand the gravity of that, we really have

419
00:20:51.839 --> 00:20:53.319
<v Speaker 2>to look at cryptographic hashing.

420
00:20:53.440 --> 00:20:54.440
<v Speaker 1>Okay, lay it on me.

421
00:20:54.559 --> 00:20:57.079
<v Speaker 2>A hash function takes any amount of digital data and

422
00:20:57.160 --> 00:20:59.799
<v Speaker 2>runs it through an algorithm to produce a fixed length

423
00:21:00.000 --> 00:21:03.039
<v Speaker 2>string of characters. It basically acts as a unique digital

424
00:21:03.079 --> 00:21:04.319
<v Speaker 2>fingerprint for that file.

425
00:21:04.519 --> 00:21:07.680
<v Speaker 1>So if I change even one comma in a massive

426
00:21:07.720 --> 00:21:11.200
<v Speaker 1>software update, the resulting hash fingerprint will look completely different.

427
00:21:11.319 --> 00:21:14.680
<v Speaker 2>Precisely. Operating systems use these hashes to verify that an

428
00:21:14.720 --> 00:21:17.960
<v Speaker 2>update is legitimately from Microsoft and hasn't been tampered with

429
00:21:18.119 --> 00:21:21.039
<v Speaker 2>in transit. An MT five collision occurs when you manage

430
00:21:21.079 --> 00:21:25.279
<v Speaker 2>to find two completely different files that mathematically produce the

431
00:21:25.359 --> 00:21:26.960
<v Speaker 2>exact same hash fingerprint.

432
00:21:27.079 --> 00:21:27.480
<v Speaker 1>Wow.

433
00:21:28.039 --> 00:21:31.759
<v Speaker 2>The creators of Flame possessed enough computing power and mathematical

434
00:21:31.799 --> 00:21:35.640
<v Speaker 2>insight to engineer their malicious malware file so that it

435
00:21:35.720 --> 00:21:39.920
<v Speaker 2>generated the identical MT five fingerprint as a legitimate Microsoft update.

436
00:21:40.160 --> 00:21:42.559
<v Speaker 1>So they forged the cryptographic.

437
00:21:41.920 --> 00:21:46.759
<v Speaker 2>Seal perfectly perfectly bypassing the operating system's core defense mechanism.

438
00:21:46.920 --> 00:21:50.279
<v Speaker 1>The sheer mathematical horsepower required to calculate that collision at

439
00:21:50.279 --> 00:21:53.400
<v Speaker 1>the time is just staggering, it really is. The book

440
00:21:53.400 --> 00:21:57.079
<v Speaker 1>also details how apts compromise trust on a corporate level,

441
00:21:57.440 --> 00:22:02.000
<v Speaker 1>specifically highlighting the twenty eleven brooch of RSA. Now, anyone

442
00:22:02.000 --> 00:22:04.599
<v Speaker 1>who has worked in corporate security is probably familiar with

443
00:22:04.720 --> 00:22:08.240
<v Speaker 1>RSA's secure tokens. You know, the small devices that generate

444
00:22:08.279 --> 00:22:10.960
<v Speaker 1>a new six digit pass code every sixty seconds for

445
00:22:11.000 --> 00:22:12.079
<v Speaker 1>two factor authentication.

446
00:22:12.240 --> 00:22:15.440
<v Speaker 2>Yeah, the attackers recognize that trying to broot force a

447
00:22:15.480 --> 00:22:19.480
<v Speaker 2>defense contractor's network directly was just too difficult. Instead, they

448
00:22:19.480 --> 00:22:22.480
<v Speaker 2>executed a supply chain attack. They targeted the company that

449
00:22:22.559 --> 00:22:26.240
<v Speaker 2>manufactured the digital locks exactly. It began with a phishing

450
00:22:26.279 --> 00:22:30.039
<v Speaker 2>email sent to a small subset of RSA employees. The

451
00:22:30.079 --> 00:22:34.960
<v Speaker 2>attached Excel spreadsheet contained a zero day exploit targeting Adobe Flash.

452
00:22:35.079 --> 00:22:38.920
<v Speaker 1>So an employee opens a spreadsheet, the hidden flash object executes,

453
00:22:39.440 --> 00:22:43.480
<v Speaker 1>and it drops a remote access trojan. The text identifies

454
00:22:43.480 --> 00:22:45.200
<v Speaker 1>it as poison ivy onto the mission.

455
00:22:45.000 --> 00:22:48.799
<v Speaker 2>YEP, and from that initial foothold they moved laterally through

456
00:22:49.039 --> 00:22:52.599
<v Speaker 2>RSA's internal network because they were hunting for a very

457
00:22:52.599 --> 00:22:56.119
<v Speaker 2>specific database containing the seed data for the secure dokens.

458
00:22:56.160 --> 00:22:59.319
<v Speaker 1>And the seed data is essentially the foundational cryptographic formula

459
00:22:59.359 --> 00:23:03.160
<v Speaker 1>assigned to every individual token. Right, if an attacker possesses

460
00:23:03.200 --> 00:23:05.880
<v Speaker 1>the seed data and knows the current time, they can

461
00:23:05.960 --> 00:23:08.960
<v Speaker 1>perfectly calculate what those six digits will be without ever

462
00:23:09.039 --> 00:23:10.960
<v Speaker 1>needing physical possession of the hardware token.

463
00:23:11.039 --> 00:23:14.680
<v Speaker 2>So by expiltrating that database, the attackers effectively cloned the

464
00:23:14.720 --> 00:23:18.279
<v Speaker 2>master keys. They subsequently use that compromise seed data to

465
00:23:18.279 --> 00:23:21.799
<v Speaker 2>bypass the two factor authentication systems. A massive defense contractors

466
00:23:21.799 --> 00:23:22.640
<v Speaker 2>like Lockheed Martin.

467
00:23:22.720 --> 00:23:25.119
<v Speaker 1>It's brilliant in the worst way. And we see that

468
00:23:25.160 --> 00:23:31.200
<v Speaker 1>same strategy of undermining fundamental trust mechanisms in the Digitotar incident. Ah. Digitotar, Yeah,

469
00:23:31.200 --> 00:23:34.680
<v Speaker 1>they were a Dutch certificate authority. Their entire business model

470
00:23:34.720 --> 00:23:38.079
<v Speaker 1>was acting as a trusted third party verifying the identity

471
00:23:38.079 --> 00:23:43.519
<v Speaker 1>of websites. Hackers breached their infrastructure and generated fraudulent security

472
00:23:43.559 --> 00:23:45.359
<v Speaker 1>certificates for domains like.

473
00:23:45.319 --> 00:23:48.759
<v Speaker 2>Google, and armed with those fraudulent certificates, the attackers could

474
00:23:48.759 --> 00:23:51.000
<v Speaker 2>execute massive man in the middle.

475
00:23:50.759 --> 00:23:53.039
<v Speaker 1>Attacks, basically intercepting the connection.

476
00:23:53.279 --> 00:23:56.640
<v Speaker 2>Exactly when a user in a targeted region attempted to

477
00:23:56.680 --> 00:24:00.920
<v Speaker 2>log into Gmail, the attacker intercepted the connection, presented the

478
00:24:01.160 --> 00:24:06.240
<v Speaker 2>fake but mathematically valid certificate, and silently decrypted the supposedly

479
00:24:06.279 --> 00:24:11.839
<v Speaker 2>secure communications of roughly three hundred thousand individuals prenominantly located

480
00:24:11.920 --> 00:24:12.480
<v Speaker 2>in Iran.

481
00:24:13.799 --> 00:24:16.240
<v Speaker 1>So looking at this entire landscape, I think a listener

482
00:24:16.319 --> 00:24:19.279
<v Speaker 1>might naturally think, well, I don't design nuclear centrifuges, and

483
00:24:19.319 --> 00:24:21.839
<v Speaker 1>I'm not a federal defense contractor. Why does this matter

484
00:24:21.880 --> 00:24:23.240
<v Speaker 1>to my personal digital life.

485
00:24:23.319 --> 00:24:24.640
<v Speaker 2>It's a common reaction.

486
00:24:24.640 --> 00:24:28.079
<v Speaker 1>But the text argues forcefully that in a hyper connected environment,

487
00:24:28.400 --> 00:24:32.079
<v Speaker 1>your lack of classified data is irrelevant. Your hardware possesses

488
00:24:32.160 --> 00:24:35.480
<v Speaker 1>processing power that can be hijacked to mind cryptocurrency or

489
00:24:35.599 --> 00:24:39.039
<v Speaker 1>launch denial of service attacks. Your identity carries a credit

490
00:24:39.119 --> 00:24:43.200
<v Speaker 1>history that can be monetized. We are all deeply entangled

491
00:24:43.240 --> 00:24:47.319
<v Speaker 1>in a network where the structural advantage heavily favors the aggressor.

492
00:24:47.480 --> 00:24:51.039
<v Speaker 2>It really does. The cybersecurity industry operates in this constant

493
00:24:51.079 --> 00:24:54.839
<v Speaker 2>cycle of patching and building pollar walls, but the underlying

494
00:24:54.920 --> 00:25:00.400
<v Speaker 2>architecture is inherently porous. The apt methodology leveraging infinite pa patients,

495
00:25:00.839 --> 00:25:06.599
<v Speaker 2>exploiting human psychology, weaponizing software complexity. It ensures the offensive

496
00:25:06.640 --> 00:25:09.519
<v Speaker 2>side maintains the high ground for a long time.

497
00:25:09.519 --> 00:25:12.519
<v Speaker 1>Which leaves us with a deeply provocative concept to consider

498
00:25:12.559 --> 00:25:15.480
<v Speaker 1>As we close. The author returns frequently to the idea

499
00:25:15.480 --> 00:25:19.000
<v Speaker 1>of the weaponization of software. We've seen how prepackaged exploit

500
00:25:19.079 --> 00:25:22.559
<v Speaker 1>kits and PDF tutorials allow someone with zero technical knowledge

501
00:25:22.599 --> 00:25:25.319
<v Speaker 1>to terrorize a neighbor or disrupt critical systems.

502
00:25:25.440 --> 00:25:27.680
<v Speaker 2>We are already living in a reality where the tools

503
00:25:27.720 --> 00:25:28.480
<v Speaker 2>do the heavy.

504
00:25:28.240 --> 00:25:31.880
<v Speaker 1>Lifting, right, So if we extrapolate that trend, we have

505
00:25:31.920 --> 00:25:34.960
<v Speaker 1>to ask what happens when advanced artificial intelligence is fully

506
00:25:35.000 --> 00:25:37.160
<v Speaker 1>integrated into offensive cyber operations?

507
00:25:37.240 --> 00:25:37.319
<v Speaker 2>Oh?

508
00:25:37.400 --> 00:25:40.240
<v Speaker 1>Wow, if a point and click interface makes a novice

509
00:25:40.319 --> 00:25:45.359
<v Speaker 1>dangerous today, will AI become the ultimate iteration of weaponized software?

510
00:25:45.920 --> 00:25:50.240
<v Speaker 1>Imagine a system that automates the entire apt methodology, An

511
00:25:50.279 --> 00:25:53.519
<v Speaker 1>AI that can independently scan fifty million lines of legacy

512
00:25:53.519 --> 00:25:58.400
<v Speaker 1>code and seconds discover novel zero day vulnerabilities, mathematically calculate

513
00:25:58.440 --> 00:26:02.759
<v Speaker 1>hash collisions, and draft perfectly personalized phishing emails based on

514
00:26:02.799 --> 00:26:04.240
<v Speaker 1>a target's social media profile.

515
00:26:04.440 --> 00:26:07.079
<v Speaker 2>That is a terrifying shift in the threat landscape.

516
00:26:07.119 --> 00:26:09.319
<v Speaker 1>Will we reach a point where anyone with a credit

517
00:26:09.400 --> 00:26:12.720
<v Speaker 1>card to rent server space can deploy a fully automated

518
00:26:12.839 --> 00:26:15.920
<v Speaker 1>nation state level cyber repon right from their living room.

519
00:26:16.039 --> 00:26:19.000
<v Speaker 2>It forces us to ask how traditional human speed defense

520
00:26:19.039 --> 00:26:23.240
<v Speaker 2>mechanisms could possibly secure a network against an automated adversary

521
00:26:23.279 --> 00:26:27.480
<v Speaker 2>that learns exponentially, operates continuously, and requires zero sleep.

522
00:26:27.599 --> 00:26:30.519
<v Speaker 1>It fundamentally changes the equation of trust. Keep that in

523
00:26:30.599 --> 00:26:32.759
<v Speaker 1>mind the next time you dismiss a software update or

524
00:26:32.759 --> 00:26:35.160
<v Speaker 1>connect to a public network. You aren't just logging on.

525
00:26:35.640 --> 00:26:39.440
<v Speaker 1>You are stepping onto a constantly evolving battlefield. Keep questioning

526
00:26:39.480 --> 00:26:41.960
<v Speaker 1>the systems you rely on, and keep learning. Thanks for

527
00:26:42.000 --> 00:26:43.119
<v Speaker 1>diving deep with us today