TECNOLOGÍA (La Amenaza Cibernética)
En pocas palabras, una amenaza cibernética es cualquier cosa que pueda dañar los sistemas o los datos, y por extensión, las personas y las organizaciones asociadas con ellos, mediante la destrucción, el robo, la alteración, la divulgación o la denegación de acceso/servicio.
Category
😹
FunTranscript
00:001980. Two nations are fighting a secret cyber battle, ignored by the public opinion.
00:20The USSR is building the Trans-Siberian gas pipeline, but it does not have the necessary computer technology to safely control the flow of natural gas, so the KGB decides to deal with it by stealing it.
00:37The CIA takes advantage of the opportunity, and using a double Russian agent, whose key name is Farwell, that is, goodbye, provides the Soviets with malicious software prepared to sabotage the oil pipeline control systems.
00:54The oil pipeline is finished building and the software is installed.
01:06In April 1982, the US Aerospace Defense Command detects a formidable explosion that shakes the Siberian landscape. It is the largest non-nuclear natural explosion ever seen from space. A huge section of the pipeline is destroyed and the natural gas flow is stopped.
01:27The USSR loses billions of dollars in income, as well as the control of European energy markets. The US government does not make any official statement. Three years later, agent Farwell was executed.
01:48Unlike conventional weapons, cyber weapons do not have their remittance written on them. When someone bombs you, you can look at the sky and see what flag the bombers are wearing. And you know who they are? With cyber weapons, it is not like that.
02:01The biggest hurdle we face is that people do not believe that a serious attack may occur, and that means they will wait until it happens.
02:16As someone who enters a silent fog, we have entered the realm of a cyber war, in which our enemies are as close as the closest computer can be. And now the digital networks we have come to depend on have become weapons.
02:32Turning computer programs into weapons is the new offensive strategy. These new armies, with their new missiles, will take on a new type of victim.
02:42If we had to make a list of the most vulnerable countries to a cyber attack, Estonia, a small Baltic nation, would probably occupy one of the top positions.
03:06Estonia was the first country to vote on the Internet. 97% of all banking activity is done on the Internet. In fact, in this country it is considered that access to the Internet at high speed is a basic human right.
03:24Since the beginning of the IT revolution, we have tried to make as many government services as possible accessible on the Internet. And that allowed us to take the lead in countries that one would consider well established and developed, but that are primitive when compared to where we are today.
03:54In 2007, the country faced a cyber attack that threatened to paralyze the government, the bank and the media. The extent of that attack had no precedent, but its roots were in the very history of Estonia.
04:18During World War II, the Soviets entered Estonia, defeating the Nazis and occupying the country.
04:28If they had only expelled the Germans, it would have been fine. But they decided to stay, and it was not a pleasant experience.
04:40The Soviets sent hundreds of thousands of Russians to live in Estonia. Almost immediately, they erected a monument in the capital to commemorate the fallen Russians in the fight against the Nazis.
04:55For the Russians moved to Estonia, the monument was a tribute to patriotism. For the native Estonians, it was nothing more than a symbol of occupation and oppression of their country.
05:08In 1991, the Soviet Union fell, and Estonia was finally free. But hundreds of thousands of Russians still remained in the country.
05:19In 2007, the Estonian government approved a plan to move the Soviet statue from the city center to a nearby military cemetery.
05:30When the decision was made public, the resentment of the local Russians, who were encouraged by infiltrators from Moscow, began to mutiny.
05:45There were hundreds, perhaps thousands of people. The police came, the streets were closed, there were fights, riots, breakdowns.
06:15When the Estonians woke up in the morning of April 27, they found that the bronze soldier was no longer there. In an attempt to appease the violence, the government had moved him during the night.
06:29At 9.42 that same morning, something strange began to happen. Governmental websites began to collapse, and access to the online bank was blocked.
06:43And then the cyber attack took place. People were looking for news on the Internet, but the news pages would have fallen.
06:52You immediately noticed that something was going wrong. Everyone knew in a matter of seconds that something was going wrong. They said, do you know something? Oh my God, what's going on?
07:02Estonia was being victim of a DDoS, or service denial attack. In some place, a network of computer thieves were attacking servers of crucial importance in Estonia, causing them to fail when they were overloaded with an incessant number of requests.
07:22The street discontent had turned the Internet into an enormously destructive cyber attack. It is something that goes much further than the conventional attack of a criminal.
07:36Cyber attacks proliferated exponentially in the course of the next two weeks. Of the 1,000 packets of information per hour, 4 million packets of information per second were received on May 9. Estonia had been unable to communicate with the rest of the world.
07:55There was no news from the country. Banking activity was limited, and there were serious deficiencies in public services. And all this as a result of the withdrawal of a statue.
08:09Everyone knows that the Russians are very impetuous. If the Estonians do something that is very dear to the Russians, we do not sit and watch. For example, if someone pees on my mother's grave, I want to cut his neck. That's the way it is, eye for eye.
08:25If someone pees on my mother's grave, I want to cut his neck. That's the way it is, eye for eye.
08:33We will holistically preserve the memory of this. We will holistically preserve this historical heritage. And those who today try to belittle this priceless experience, who defile the memory of these heroes of the war, insult their own people.
08:51Four years later, it was still unclear who was responsible for the attacks against Estonia. But even if we knew, what could we have done to avoid it? What are the rules of cyber wars?
09:10Until now, all wars had a kinetic nature. Throwing a bomb is a movement. For a tank to shoot a projectile is a movement. If someone throws a bomb at you, you respond by throwing another. But a cyber war does not involve movement.
09:31You do not know who attacked you. You can be very sure of who it was, but you have no proof. Today we do not have any proof of who did that, so how to respond? What would be the right answer to something like that? The rules in this type of conflict and war are different.
09:46In this type of war there are no soldiers, generals or governments. In a sense, we are all soldiers in these wars, because we all come out immediately injured.
10:03The attack on Estonia could be the work of hackers who attacked independently, or more likely, forming part of a disorganized network. They may receive the support of a government, or perhaps not.
10:24What is clear is that this was the first time that the Internet was used as a weapon to disrupt the functioning of an entire nation.
10:34You click on a Viagra ad and your computer is infected. You open a photo that you think someone you know has sent you, and your computer is infected.
10:59You enter a website to help victims of a natural disaster, and your computer is infected. Whenever your computer has a vulnerable point that someone can take advantage of, there will be someone who has already done it, or who is devising some way to do it in the future.
11:19Our computer networks are in a permanent state of war. Hackers use malicious software or malware to steal passwords, access accounts and infect innocent computers.
11:32The line of fire of this battle takes place in rooms full of analysts who move between thousands of lines of programming code, trying to protect users against spam mail, worms, viruses, computer robots and botnets.
11:52Right now we receive about 55,000 samples of malware a day. Six years ago there were about 200 or 300 a day.
12:00In 2010, the number of malicious spams increased enormously. Now they are about 6.4%.
12:10In recent years, computer complexity has increased significantly. There are root keys that have become common start keys. Complexity is increasing.
12:19One of the most pernicious examples of malware capable of infecting millions of computers around the world is the botnet or network of computer robots.
12:30A botnet is like an army. A single bot or computer robot is just a robot soldier that may sit on a victim's computer, doing a repetitive task over and over again.
12:48But those bots are controlled by a bot shepherd or bot master. So I can give my army of bots the order to send information packages to a particular address, and that becomes a service denial attack.
13:02I can order them to send mail or garbage to a specific address, so I can use them for spam.
13:08We have a little farm of bots. It's an infected computer in which we can monitor the activity of some spam bots. And we actually can see when those bots are activated.
13:25A bot downloads another program from the Internet and executes it. It can make your team join what is called a zombie botnet, and so your computer will be used in criminal acts.
13:39And so spam will be sent through your team, using you to deceive your own friends.
13:46The tool used for the 2007 Astonia attack was a botnet.
13:54It was ordered to hundreds of thousands of hacked computers to connect to the web pages of banks, media, and government services in the country.
14:05When the web sites attacked were overwhelmed by the rapid increase in traffic, they simply failed and fell.
14:15Your computer, without your knowledge, may have been one of those who participated in the attack on Estonia.
14:30I think we live in a time in which there are more and more interconnected individuals.
14:42And if they are not well protected, those individuals become very appetizing targets for hackers and other cybercriminals.
14:52Now, perhaps the aim could be to turn people's personal computers into slaves of a robot army, or perhaps a botnet, or perhaps they're looking to cover up terrorist activities.
15:03There's a whole range of possibilities.
15:06So the individual, the situation is not very different to the one that occurred among the American settlers in the 18th century, when individual bots had to provide their own security.
15:19Cyberspace is like a new wild territory. It's man-made. It's constantly growing, but it's a wild territory.
15:27It has great beauty, but it also contains great dangers.
15:30And if we go back to that mentality of those settlers, we'll realize that the individual will be the main responsible for their own security.
15:39A Miami citizen and two unidentified computer hackers have been accused of having stolen the numbers of more than 130 million credit and debit cards.
15:50The Internet has become a vehicle for transmitting malicious programs.
15:55But in a way, it's an even better tool for stealing money.
16:01There have been cases in which organized criminal groups have managed to steal billions of dollars a year through cybercrime.
16:08The Internet is a fascinating space. There are websites where they have to know you to let you in.
16:13And once you access them, you find a whole black market where amazing tools are sold.
16:18Programs that 15 years ago could only have been created by the National Security Agency of the United States.
16:26You go to Google. And let's say I'm interested in information on credit cards, okay?
16:32And it's as simple as looking.
16:36The first thing that appears on the list is a website that sells downloads of credit card data.
16:41Tracks 1 and 2 of information, including the CVV or verification number.
16:46So it's just as easy.
16:47Nowadays, you just have to be a Google ninja and know how to do searches with an ordinary search engine and you'll access the information you're looking for.
16:54You don't need to know how to create a bot or send spam emails.
16:57You just need to know how to search on Google to get information that will take you to the right website.
17:04There are websites that teach you to steal passwords.
17:08There are also websites that do phishing, that is, that deceive you to steal your identity data.
17:13Criminals have so many ways in the cyber world to force you to do what they want, like in the real world.
17:24You know, you've got to give the best credit to those bastards for being so smart as to look at what people are looking for on the Internet or what they're supposed to be looking for to anticipate creating websites.
17:40You know, as soon as there's an earthquake or a fire, they start registering phishing websites.
17:45It's as if they did it automatically.
17:49You can also see that in cases like the TV music awards show a couple of years ago, where the trailer for a movie from the Twilight saga was released.
17:57And the next day, there were already file infections with the name of the movie, because they knew what people were going to look for.
18:05In the 90s, when you had a computer infection, you knew it.
18:08But now that's over.
18:10It's not like that anymore, because now the action takes place between frames.
18:13And unless you have technical knowledge and you know where to look, there's going to be a lot of people who don't know.
18:19It's exactly like a chess game.
18:21If we move a piece, they move a piece.
18:23We take out a new type of technology and they come up with a way to make fun of it.
18:27We improve security and they come up with a way to raffle that new security.
18:38This is an ARPANET map, as it has been recently configured.
18:41As you can see, it has about 25 or 30 nodes.
18:45Created by scientists who worked for the Department of Defense of the United States,
18:50the Internet was conceived as a telecommunications tool that would survive a nuclear war.
18:55And they didn't think about its security or reliability.
19:00And as happens with most of the technologies created for their government use over time, the Internet became public use.
19:08A revolution is taking place in the playgrounds, offices and classrooms around the world.
19:14A revolution in which 15 million young people take part.
19:17Day and night they share scientific data, discuss philosophy,
19:20or they exchange recipes for cooking and daily life through a computer network called the Internet.
19:25Then the great Internet expansion took place,
19:28and the public could access all those networks that had the same type of security, that is, none.
19:36People love the Internet, so they put all kinds of things on the Internet,
19:40reports, data, computer weapons, forecasts, personal information.
19:45They put it all on the Internet because they love it and they don't protect it.
19:50The Internet grew rapidly, opening up many new possibilities.
19:55But security was not a priority.
19:59People are who they are.
20:01First we think about functionality, flexibility, ease of use.
20:08And then the government comes with taxes.
20:12And then there's the issue of security.
20:14Security is the last thing you think about.
20:19They are the very foundations of our society, the plot that holds it together,
20:23which gives us power and prosperity but also puts us in danger.
20:27That's our connectivity in cyberspace.
20:31And if we don't take the necessary measures,
20:33those that we know could give us security,
20:36then I think a possible catastrophe will fall on us.
20:51Everything is vulnerable.
20:52Being alive is supposed to be vulnerable.
20:54If you want to be invulnerable, you have to be dead.
20:56You have to be a stone.
20:59But, you know, so what?
21:00This is the real world.
21:04One of our greatest vulnerabilities could be right in front of our own noses.
21:11We live in an automated world.
21:14Much of what we depend on in our daily lives
21:17is controlled by industrial control systems.
21:21There are small devices called programmable logical controllers,
21:25or by their acronym in English, PLCs,
21:28which are connected to larger networks called SCADA,
21:31acronyms that correspond to data supervision, control and acquisition.
21:36The PLCs and the SCADA networks
21:38control an infinity of things that we tend not to think about,
21:41except when they stop working.
21:43Behind each elevator there is a PLC.
21:46Behind any air conditioning system there is a PLC.
21:51The water treatment plants,
21:53gas products,
21:54traffic light signals,
21:56assembly lines,
21:58and even the electrical networks
22:00have PLC devices and SCADA systems.
22:05So SCADA systems turn on and off valves,
22:07open and close things.
22:10Some of these systems are decades old,
22:12run automatically,
22:14and make our infrastructure work.
22:21And that's when things get really scary.
22:23Let's say that instead of the device opening and closing a circuit,
22:26we force it to always leave it open or closed,
22:29and boom!
22:30The conduit overloads and explodes.
22:33Before we didn't have to worry about this
22:35because the networks worked through some handcrafted programs
22:39created by a couple of guys in a basement in Maryland.
22:42What happens now is that it's cheaper and faster
22:45to stop performing those functions
22:47through old private networks
22:49and run them through the Internet.
22:53And, as usually happens when you have to choose
22:56between something safe and something cheap and fast,
22:59you choose the cheap and fast one.
23:02SCADA systems are less safe
23:04than most of the home computers that go on the network.
23:07Often they have to work with older operating systems,
23:10so they have to use older programs
23:12that can't benefit from the old ones.
23:14And in many cases it's impossible to update them.
23:17It's not like getting a newer version of Windows.
23:20They're embedded hardware systems,
23:22embedded in the circuits.
23:24They can't be changed.
23:26I'm sure the personal computers that people have at home
23:29are, in many cases, better protected.
23:44SCADA
24:01Our electrical networks contain PLCs and SCADA systems.
24:08If an attack managed to sabotage these control systems,
24:11the effect could be devastating.
24:15But to what extent are electrical networks vulnerable?
24:19The U.S. Department of National Security
24:22decided to test it
24:24using what they called the Aurora experiment.
24:27The U.S. Department of National Security
24:29asked some hackers to attack a generator
24:31in an electrical plant.
24:42Using only one laptop
24:44and performing a few operations
24:46caused the generator to self-destruct.
24:54The details of what happened are a matter of reserve,
24:57but apparently the group of hackers,
24:59without direct knowledge of the facility,
25:01managed to infiltrate the security system
25:04and took control of the generator.
25:07The experiment was stopped
25:09before the generator exploded,
25:11but it demonstrated
25:13that they could have over-revolutionized it
25:15to such an extent
25:17that it would have jumped in pieces
25:19throughout the room
25:21and would have been connected to the electrical network.
25:30The Aurora experiment increased the level of alarm
25:33by demonstrating that in the real world
25:35computer weapons could infiltrate
25:37vital infrastructures
25:39and destroy them.
25:42Attacking water supply systems,
25:44electrical networks,
25:46or telephone companies
25:48has been something to be valued militarily
25:50by any nation for more than 60 years,
25:52but now there is another way to do it,
25:54and it is using cyberspace.
25:56It's a difficult task,
25:58not anyone can do it from home,
26:00but with a lot of money and staff,
26:02you can beat all the odds
26:05We know that there may be
26:07half a dozen nations in the world
26:09that have developed cyber weapons
26:11and could use them in case of crisis.
26:16Almost everything we depend on
26:18in our daily lives
26:20has become vulnerable.
26:22Energy,
26:24food,
26:26water, medicine,
26:28all that is controlled by computer networks
26:30that could fail
26:32if attacked,
26:34leaving us submerged in cold and darkness,
26:36hungry and sick.
26:42We have come to a point
26:44where this type of conflict is possible.
26:46Let's think about how wars have developed
26:48throughout history.
26:50The armies advanced on the ground
26:52for weeks, months or years.
26:54Then, with the ballistic missiles,
26:56you could attack from one continent to another
26:58in 30 minutes.
27:02Now you can attack in another continent
27:04in 30 milliseconds.
27:0630 milliseconds.
27:18The idea of cyber terrorism
27:20occurred to us a long time ago,
27:22but we do not talk about it
27:24because it would have been wrong.
27:26It was better
27:28not to talk about it
27:30to the media
27:32because we did not want
27:34bad guys
27:36or much worse people
27:38to have that idea.
27:42That's why I was so surprised
27:44when I saw the movie
27:46The Crystal Four Jungle.
27:56I was shocked.
27:58Half of the movie is simply impossible,
28:00but the other half
28:02is possible.
28:12I was drinking a whiskey
28:14while watching the movie
28:16and at 10 or 15 minutes
28:18from the beginning
28:20I lit a cigarette
28:22and I started to say
28:24what I thought about Hollywood.
28:30I was watching the movie
28:3210, 15, 20 minutes
28:34and I stopped to put another whiskey
28:36and light another cigarette.
28:38I thought, what are you doing?
28:40Are you showing this to the bad guys?
28:42You just encouraged them
28:44to do cyber terrorism.
28:54In the summer of 2010,
28:56researchers from all over the world
28:58learned about the existence
29:00of a new type
29:02of malicious program
29:04called Stuxnet.
29:06It was unknown
29:08what its purpose was
29:10and it was not clear
29:12where it came from.
29:14It was not clear
29:16where it came from.
29:18It was not clear
29:20where it came from.
29:22But when they studied it,
29:24the analysts found
29:26a sophisticated maze
29:28of programming code
29:30that had the potential
29:32to cause great destruction.
29:34I was sitting here
29:36in my office
29:38and one of my engineers came in
29:40and said, Eugene,
29:42we have a very big problem.
29:44We had something here
29:46because I had never seen
29:48this code and we had no idea
29:50so I started to analyze it
29:52and look at how huge
29:54the file is.
29:56It will have like half a megabyte.
29:58It is too much
30:00to be common malware.
30:02In a few days,
30:04the analysts discovered
30:06how Stuxnet managed
30:08to infiltrate a computer
30:10and take control of it.
30:12The code used several
30:14day zero attacks,
30:16which is how the attacks
30:18of the operating system
30:20were previously unknown.
30:22In the black market of cybercrime,
30:24an unknown vulnerability
30:26has great economic value.
30:28From time to time,
30:30there is an attack
30:32that uses one or two
30:34day zero vulnerabilities.
30:36Stuxnet used at least four.
30:38It was clear that its author
30:40was not kidding.
30:42We did not understand anything.
30:44We were facing something
30:46but at the same time
30:48we were safe.
30:56What Stuxnet is trying to do here
30:58is disable only 35...
31:00Meanwhile,
31:02the mystery that Stuxnet was
31:04caught the attention of
31:06researchers all over the planet.
31:08We said, wow, the file is very large
31:10and very dense.
31:12Then we saw that inside
31:14there were programmable technologies
31:16and it was even more interesting.
31:18And when we saw that these PLCs
31:20were used in gas ducts,
31:22in car factories,
31:24in uranium enrichment plants,
31:26things got much more serious.
31:28Through the Internet,
31:30Stuxnet was traveling the planet
31:32looking for specific PLCs
31:34to attack.
31:36And the company Silmantech
31:38provided new data
31:40indicating that most
31:42of the PLCs were already
31:44destroyed.
31:46The Iranian president,
31:48Mahmoud Ahmadinejad,
31:50has reaffirmed his intention
31:52to continue forward
31:54with Iran's nuclear program.
31:56He said that Iran does not need
31:58other powers to complete
32:00its nuclear program.
32:02And the crowd responded
32:04with the usual shouts
32:06of death to America,
32:08death to the United Kingdom
32:10and death to Iran.
32:12At that time,
32:14the International Atomic Energy Organization
32:16met to discuss the issue
32:18of the Iranian nuclear program.
32:20And every morning
32:22I read the latest news about Iran.
32:24Iran has a right to peaceful
32:26nuclear power that meets
32:28the energy needs of its people.
32:30But the size and configuration
32:32of this facility is inconsistent
32:34with a peaceful program.
32:40This video shows
32:42President Ahmadinejad
32:44last Tuesday during his visit
32:46to the uranium enrichment
32:48plant in the center of Iran.
32:50There he announced that Iran
32:52has begun to install 6,000
32:54new centrifuges on the plant
32:56that will add up to the 3,000
32:58that are already producing
33:00enriched uranium.
33:02When analyzing the Stuxnet code,
33:04it was clear that the attack
33:06was aimed at a specific number
33:08a number that coincided
33:10with that of the centrifuges
33:12on the Natanz plant.
33:18Ralf Langner has been
33:20analyzing the vulnerabilities
33:22of industrial control systems
33:24for more than a decade.
33:26He immediately understood
33:28that Stuxnet meant the passage
33:30of conventional armament
33:32to cyber weapons.
33:34Natanz facilities
33:36are strongly protected
33:38with anti-aircraft missiles.
33:40And specifically,
33:42the centrifuges
33:44are buried 23 meters
33:46below the surface.
33:48So the chances of success
33:50of an attack with conventional
33:52explosives would be
33:54less than with cyber weapons
33:56like Stuxnet.
33:58So it made sense
34:00that Stuxnet
34:02would have been designed
34:04to attack Natanz.
34:06But the question was
34:08how the attack worked.
34:10Here I have the software
34:12FSTEP by CIMANTEC
34:14that is used to program PLCS.
34:16We're going to control
34:18this from that laptop.
34:20This is the cable that...
34:22The researchers recreated
34:24the Stuxnet attack
34:26by infecting a programmable
34:28logical controller
34:30with malware,
34:32and the malware
34:34took over the controller
34:36and altered its operation.
34:38We disconnect leaving the line zero
34:40and we have the air pump
34:42connected to that line zero.
34:44In the laboratory environment
34:46it was possible to alter
34:48the speed of an air pump.
34:50Now I'm going to try
34:52to infect the machine.
34:54In Natanz, the program
34:56altered the rotation speed
34:58of the uranium enrichment
35:01A form of attack
35:03would be simply
35:05to accelerate the centrifuges
35:07until they exploded.
35:09But the Stuxnet designers
35:11were smarter.
35:13They designed Stuxnet
35:15so that it accelerated
35:17and decelerated the centrifuges
35:19until it gradually
35:21damaged them
35:23one by one.
35:25The intention of this attack
35:27is not to damage
35:29everything at once.
35:31If they had done so,
35:33the attack would have been
35:35detected much earlier.
35:37And what we see is that
35:39obviously in Natanz,
35:41the responsible Iranians
35:43had no idea
35:45what was happening
35:47for several months.
35:49But after months of seeing
35:51how their centrifuges failed,
35:53the Iranians began to understand
35:55what was happening,
35:57several of the main
35:59Iranian scientists
36:01undertook the task of eliminating
36:03the Stuxnet code of Natanz.
36:05But they could not do it
36:07for a long time.
36:11Assailants riding motorcycles
36:13have placed bombs
36:15on the cars of two Iranian nuclear scientists,
36:17killing one of them
36:19and seriously injuring the other.
36:21An Iranian university professor
36:23has been killed and another
36:25with bombs in the capital, Tehran.
36:27Apparently the two scientists
36:29were in charge of a team
36:31in charge of stopping Stuxnet.
36:33State television immediately blamed
36:35Israel for the attacks.
36:37At least two other Iranian nuclear scientists
36:39have been killed in recent years
36:41and Iran is facing what is part of
36:43an undercover attempt to damage
36:45its nuclear program by the West.
36:47When I learned
36:49about the murder of that Iranian nuclear expert,
36:51I did not feel well at all.
36:53Of course.
36:57Langner was one of the first
36:59analysts who thought that the only
37:01countries that had the resources
37:03and the motivation necessary
37:05to create Stuxnet were Israel
37:07and the United States.
37:09And he feared that having made
37:11his research public, he had accidentally
37:13entered the field of computer battle
37:15and that he could also become
37:17a target to attack.
37:19But I also thought
37:21that if someone had had
37:23reasons to kill me
37:25or kidnap my children
37:27or whatever,
37:29they would have probably
37:31already done it.
37:35Both the United States and Israel
37:37denied having any relationship with Stuxnet.
37:39And given how complex it would be
37:41to attribute it to anyone,
37:43it is possible that the public
37:45will never know for sure
37:47who was behind the attack.
37:52You have spoken of the importance
37:54of stopping the Iranians.
37:56I do not want to get into the subject
37:58of who to attribute it to,
38:00but given that in recent days
38:02people have heard news
38:04that Stuxnet has affected
38:06the centrifuges of Natanz,
38:08has that been beneficial?
38:10Enough with a yes or no.
38:12I am glad to know that they are
38:14having problems with their centrifuges
38:16and I think that the United States
38:18and our allies are doing
38:21it is far beyond
38:23everything we have seen so far.
38:26And what we did not expect
38:28is that Stuxnet
38:30goes up just like this.
38:33It is not based
38:35on any previous experience
38:37of which there is news.
38:39And this also tells us
38:41that we are facing resources
38:43that only a nation state
38:45has.
38:47It is something that is out of the reach
38:49of an ordinary hacker
38:51or a criminal gang.
38:57As interesting as Stuxnet was,
38:59despite the challenge it posed
39:01and how much it absorbed me
39:03when I tried to strip it night and day,
39:05I can say without a doubt
39:07that it is something
39:09that I would not like to see again.
39:11There have been wars
39:13that have started with a single shot
39:15and I do not think we want
39:17nor be those who are at the beginning
39:19of a war.
39:21I do not think
39:23we want to be part
39:25of that kind of activities.
39:35When we think about the armament
39:37use of programming,
39:39we must realize that we are not
39:41talking only about the initial creator
39:43of those programs,
39:45we are talking about a group
39:47that can have that malicious software.
39:49But people will learn from it,
39:51they will be able to use it
39:53as an example to study,
39:55to know how to find vulnerabilities,
39:57how to write malicious programs,
39:59how to make stealth attacks
40:01and use rootkits,
40:03and finally how to get a physical response
40:05when communicating with the PLC.
40:07Stuxnet brings us into a new era.
40:09This time the attack was directed
40:11against a fuel enrichment plant
40:13in Natanz,
40:15but what will be the next objective?
40:17A manufacturing plant in China?
40:19Rail traffic in Europe?
40:21A pharmaceutical industry in Canada?
40:23Food distribution in South America?
40:25The US power grid?
40:27Or our local water supply?
40:39This is Brighton dam
40:41and what we are seeing
40:43is the water supply
40:45of the Pautushek filtration plant.
40:47The reservoir has about
40:494,500 million gallons of water,
40:51we use about 270 million gallons a day.
40:53If we were attacked by a hacker,
40:55it could be through a USB key,
40:57at least in theory.
40:59Someone could put a virus
41:01in a pen drive,
41:03as they did with Stuxnet,
41:05insert the pen drive here
41:07and the virus would then
41:09do something bad
41:11to the process controller.
41:13Once you get on the PLCs network,
41:15you own everything
41:17that's on the network,
41:19whether they have a USB connector or not.
41:21They're meant to be fast,
41:23simple and low-consumption
41:25and not meant to be safe.
41:27They were never designed
41:29with safety in mind
41:31because no one had a safe model
41:33to apply to them.
41:36And there are PLCs like these
41:38everywhere.
41:40In traffic control,
41:42in hospitals, in elevators,
41:44in gas stations, in cleaners,
41:46in irrigation systems,
41:48in food processors
41:50and in the system
41:52that depends on practically everything,
41:54the electrical grid.
41:58If you are able to take down
42:00part of the electrical grid,
42:02practically everything else
42:04will be gone.
42:06You don't go back to the internet
42:08in the 1970s.
42:10You go back to 1870s
42:12when there was no electricity.
42:14It's very hard to imagine
42:16what would happen in those circumstances.
42:22I'll be blunt.
42:24Without electricity,
42:26all that was given up.
42:28In six or 12 hours,
42:30we'd be evacuating the cities.
42:32It wouldn't be nice at all.
42:45The networks we depend on
42:47have shortened the distances
42:49between the possible attacker
42:51and their victim.
42:55The devices that control
42:57practically all aspects
42:59of our daily lives
43:01have become watchtowers
43:03that they can use against us.
43:08And I'm afraid that it's going to be
43:10exactly like the Pandora box.
43:14If you open it,
43:16there's no way to close it.
43:18And I'm afraid
43:20that we're going to see
43:22new types of cyberattacks,
43:24of sabotage.
43:26I don't know when it will be
43:28and I don't have any idea
43:31but I'm afraid that Stuxnet
43:33was a good example
43:35for governments
43:37and anti-government organizations.
43:52In the United States,
43:54it's usual that we don't do anything
43:56until we're hurt.
43:58We react in excess
44:00and it takes a few years
44:02to return to a more reasonable position.
44:06That's how the U.S. does things
44:08and probably that's how it's going to be
44:10with computer security.
44:12There's going to be a big attack,
44:14we're going to react in excess
44:16and a few years later
44:18we're going to wake up
44:20and we're going to adopt
44:22a more pragmatic approach.
44:24I think we're on the edge
44:26and we're now seeing
44:28many countries
44:30arming themselves for a cyberwar.
44:32And I think that in the early years
44:34of the cyber arms race
44:36we have to start thinking
44:38about cyber peace,
44:40about signing treaties,
44:42about finding ways
44:44to appease that enthusiasm
44:46for cyberweapons.
44:48Because every time
44:50there are more and more
44:52non-state agents
44:54when we can say
44:56if an attack is from
44:58a rival country
45:00or a criminal organization
45:02or a terrorist group
45:04or if it has a political motivation
45:06we can mobilize our resources
45:08to fight it.
45:12So,
45:14what will the world look like
45:16after Stuxnet?
45:20Will criminal organizations
45:22with new cyberweapons
45:24based on Stuxnet?
45:32Will the world be subject
45:34to almost constant attacks
45:36thus conditioning
45:38our daily lives?
45:48This truly has been
45:50one of the greatest cyberattacks
45:52that has been made in the world.
45:56Someone decided to do it
45:58going against all prudence
46:00and if all bets are off
46:04we do have to
46:06enter a period
46:08of constant military agitation.
46:20Stuxnet
46:22Stuxnet
46:24Stuxnet
46:26Stuxnet
46:28Stuxnet
46:32Stuxnet
46:34Stuxnet
46:36Stuxnet
46:38Stuxnet
46:40Stuxnet
46:42Stuxnet
46:44Stuxnet
46:46Stuxnet
46:48Stuxnet
46:50Stuxnet
46:52Stuxnet
46:54Stuxnet
46:56Stuxnet
46:58Stuxnet
47:00Stuxnet
47:02Stuxnet
47:04Stuxnet
47:06Stuxnet
47:08Stuxnet
47:10Stuxnet
47:12Stuxnet
47:14Stuxnet