August 17, 2019 • 29 mins
There's a secret war going on around us, and it's happening on a daily basis. The Air Force has a unit specifically designed to carry out and defend against cyberwar. Go deep into this alarming type of war in this classic episode.
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hey there everyone, it's me Josh, and for this week's
s Y s K Selects, I've chosen a classic episode
on cyber war It's almost certainly hopelessly out of date
by now, but it is an interesting intro to cyber warfare,
and we learned that Chuck hates the words stucks net.
So listen out for that kick back and enjoy this
(00:21):
classic episode of Stuff You Should Know. Welcome to Stuff
You Should Know, a production of five Heart Radios How
Stuff Works. Hey, welcome to the podcast. I'm Josh Clark
with me is always a child to be Chuck Bryant.
(00:43):
We call him an authority on UM, cyber security, the
Internet and everything about it. An expert. You would say,
that's right. Hey, should we say hello to our our
latest celebrity fan who we just learned today that miss
Kristen Bell, the lovely and enchanting and nerdy Kristen Bell.
(01:06):
Is she nerdy, very nerdy, like prides herself on. I mean,
it doesn't surprise me that she listens to the show. Yeah,
because she's on record as being a big nerd, which
is one reason I like her a lot. And she's
curating UM a newsweek page right, Yeah, like things she
likes or kind of one of those deals that they
do in magazines now and she listed us. That's pretty awesome.
(01:27):
How about that? Thank you very much for that. I'm
a huge fan of a party down which she was
in and other stuff that she's been in forgetting Sarah Marshall,
how's it going? And her You gotta see her sloth
video online that she did on the Ellen Show. It's
pretty funny, highly recommended. Okay, so that's all I got.
That's all the sucking up I'm gonna do. Should we
say hi to another fan, slightly less famous but pretty cool? Yes? Sam?
(01:53):
Do you want to give a little a little backstory?
Giving some backstory here? Sure? We um. We had a
live Um tribute event here in Atlanta a couple of
years ago, and at the event was a little, uh
teenage fan named Sam teenage you mean like just post tween. Yeah, like,
and his mom brought him and he's a big fan.
He's just like really sweet kid. Mom was very sweet, sweet,
(02:15):
very nice family. Flash forward a couple of years we
got to south By, Southwest there Sam again, apparently mom
drove him to Austin to come see our life podcast. Yeah,
they weren't there to see. I've spoke to mom afterwards
and was like, so, what else are you guys gonna see?
She's like nothing. We're going back crazy. I was like,
what else did you see? She's like nothing. They came
to see us. So then we were like, all right,
(02:35):
we gotta think of something for Samy because he's proved
his metal And Sam wrote in and and sent his
resume and like all the reasons we should put him
to work, and it's just like, dude, if the future
is secure, if kids are like Sam, for I'm not
worried about a thing anymore. Yeah, So we we racked
our brains and we found out there's like a surprising
amount of adult only tasks that we do, like at
(02:57):
any given time, and we're like, all right, we have
to we have to figure out something that's age appropriate
for Sam. That's right. So long story short, I was
getting kind of thin on podcast topics. I put Sam
on the case and he sent me like a stellar,
stellar list with reasons why we should do these and uh,
this is the first one. This is one, and he
had a lot of overlap on once we had already
(03:18):
recorded it aren't out yet, so that just goes to
show you that Sam is like he gets the show right.
And uh so, as Sam's picking these out, we're gonna
let you know if this is a Sam one. But
this is going on in the summer, we're gonna call
this the Summer of Sam. That's right, Sam's choice. All right.
So that's the longest intro ever. That wasn't even the intro. Man, Well,
let's get to cyber worse. Then, let's bossy. Well, you know, Chuck,
(03:42):
have you ever been to Bellingham, Washington? No? Okay, I
have not. Have you been to Washington? Been in Seattle?
Isn't that where um Van Nostrin lives? Yeah? Or is
it Oregon? Now he sees Washington? Ok um? So, uh
in Bellingham, wash Ington on June at the Olympic Pipeline
(04:03):
Company a systems control and data acquisition system. There's systems
twice in there. Um, but a SCATA or SKATA system um,
which is basically like a computer program that like can
make a valve turn or turn something off for mechanical
right from from digital binary instructions right. Um, This Olympic
(04:28):
Pipeline Company system was operating on this this type of
program and UM something went wrong and one of their
pipes started leaking a lot, like millions of gallons of
gasoline UM and part of it erupted into a fireball
and killed three people injured many others. UM and they
(04:51):
went back and looked at it. They think it was
just a system malfunction. But the fact that this came along,
this happened because of this system can troll, and it
happened in as the dot com bubble was starting to
grow and like the Internet was really becoming a huge thing.
UM people who are into cybersecurity now point to this
(05:12):
as evidence of exactly what somebody could do during a
cyber attack, even though they think this was just an accident, right, irrelevant,
But they're they're they weren't like pointing to that as well. No,
they don't think that had anything to do, but they
were saying, this is what it would look like if
somebody had wanted to attack, Like, this is what a
(05:34):
cyber attack would look like. Because it's not just the
Olympic Pipeline company that's using these systems UM. All over
the United States, companies, law enforcement agencies, military banks, UM,
public works, all of these things are all running on
(05:55):
what amounts to Windows. It's a simple that. Yeah, Microsoft
systems many of them, and um. As Jonathan Strickland wrote
this from tech Stuff the article, and as Strickland points out, um,
a couple of things Microsoft has been uh kind of
chastise over the years for their security or lack of
(06:16):
security in some of their programs, and um. The other
thing he points out is the internets grew so fast
and everyone got on board so quickly that it kind
of outpaced what we could even do security wise. It
was all of a sudden, Government agencies and power grids
and emergency services and weapons systems, water and fuel pipelines,
(06:40):
all the stuff is running on on computers and a
lot of it through the Internet. And we don't quite
know how to guard against a cyber attack. No, And
apparently even as far as like the knowledge of how
to guard against cyber attacks goes, the United States is
is lacking, Yeah, compared to like China and Russia. UM,
(07:01):
so we're kind of in this really weird position right
now where we've realized that all of the ponies are
hooked to a single basket of eggs and all it's
gonna take is a couple of black cat firecrackers to
scare all the horses off. That's the best analogy I
can come up with. Did you just think of that?
(07:22):
Or did you I just thought it that. My imagination
is back. I can tell you where time traveled to
awesome where I can't think. Okay, um, all right, let's
go back a little bit in time. I don't think
we need the way Back machine for this, because we're
just going to We can just like walk outside. Yeah,
they'd be the waste of time for the way Back machine. Umn.
(07:44):
Some pretty smart people caught on early that hey, we
could be vulnerable to something like a cyber attack. So
let's look into this. Let's put a red team on it.
Red team is a our friends that act as enemies
to try and you know how they hire these people
to like break into your home. Yeah, those are red
teams basically, right, like um from Star Wars. Yeah, exactly.
(08:06):
So let's get a red team. Let's let's uh name
it this mission something really cool out of a football playbook.
Let's name it Project Eligible Receiver. Do you know how
many times I had to look at that before it
finally sunk in what words I was looking at? Really
it is? It does look kind of funny. It looks
like eleanor Rigby when you glance at it, at least
(08:27):
I think, so, yeah, it doesn't to me. I was
thinking more of like a radio receiver or something like,
I think it just means about football. No, it totally
just saying like I read this many times before, I
was like, oh, okay, so a lot of this is
still classified, so we don't know everything. But basically they
hired some hackers, which is what you do to test
your security, they being the Department of Defense. Yeah, yeah,
(08:49):
depart of Defense saying hey, can you nerds hack into
the Pentagon system and afterwards we won't assassinate exactly, And
the nerds were like, just watched this and it took
three days before the Pentagon even knew that they were
being cyber attacked by the Red Team, Like pretty successful
(09:09):
and very sobering. Yeah, so um, they they h it
was I guess kind of an eye opener for the
d O D and they I'm sure used it to
step up security. Not fast enough though, because after this
Red Team attack, um Operation Eligible Receiver, an actual attack
which they later came to call what was at Moonlight Maze. Yeah,
(09:32):
this is one year after that the tests. A year
after UM, somebody launched an attack and it was a
I guess what's probably the most typical kind of cyber attack,
where you insert some sort of software to basically spy
and get files and gather data and download sensitive materials. Right,
(09:53):
And apparently took two years before NASA, the Pentagon, UM
and other agencies in the US government noticed that UM
accidentally noticed that this that they were being spied on.
Cyber wise, Yeah, they got data like strategic maps, troop assignments,
and positions. Not good, right, very scary. And they trace
(10:17):
it back to Russia. Doesn't necessarily mean that it came
from Russia in its origin, but at least that's where
they traced it to. Uh. And this is cyber warfare,
like it's happening. It's been going on since the nineties
pretty much. Yeah, I mean it's not is a cyber
war coming, it's like, how do we prevent like a
cyber war from bringing us all down? Yeah, pretty much.
(10:41):
And it's apparently from looking into this, there's like two camps.
There's like a gloom and doom camp where it's like, yeah,
somebody really wants to mess things up. They're going to
be able to it's gonna be pretty easy. And the
sunny optimistic camp is kind of like, no, you know,
we know we're looking for now, Like, sure they could
launch an attack, but will we'll be able to stop
(11:01):
it in time for before we can do like a
lot of damage. Yeah, so we'll see, we'll lay out
everything for you can decide who's right, that's rights w
(11:27):
s K you should. So we've already mentioned that on
the defensive side of things, the US is sorely lacking, um.
But on the offensive side of things, we've actually done
this ourselves more than once. Um during the coast of
(11:47):
a war. Strickland points out, we used computer attacks to
compromise Serbian air defenses, basically kind of scrambling their information
so they had bad I guess coordinates. Well, just on
the race our screen wasn't wasn't apt? Was okay? Or appropriate?
(12:07):
Did you see that one? So we did this, We
launched it and it and it worked. So, uh, that's
a good thing, but it's also a bad thing if
you're like, was it Bush the first or Clinton in
Bush the second? Bush the second in two thou three
in a rock and Clinton? Well, they were both like,
we don't think we should be doing much of this
(12:28):
because a couple of reasons. A. It basically opens us up.
It's like, hey, they did this, so we can do
it right back and be I think they could have
drained some banks of terrorist cells. And they said, we
kind of depend on the integrity of the banking system worldwide,
like we don't want to start messing around with us.
So apparently with with UM cyber warfare, it's very much
(12:52):
like UM. When you build that virus, it's out there
and it can be captured and studied and re deployed
against you. Yeah, so what they were saying with Clinton
and Bush who were saying like, no, we're not going
to use a virus to UM to drain those bank
accounts because they could be it will eventually come back
(13:13):
on us, and our banking industry is not secure enough
to withstand something that we ourselves make. Because apparently the
US is pretty good at making viruses. I'm sure should
we talk about some of the different ways that this
can go down. Yeah, the Pearl Harbor attack, Yes, I
had the feeling strictly might A name this one himself,
(13:34):
but it's not true. He went to a lot of
trouble to explain why it's called the Pearl Harbor strategy,
and I think he could have just left at that.
The idea here is that it's it's pretty much in
your face. It's a massive cyber attack where they infiltrate
and then they sabotage systems. UM much like Pearl Harbor
was a big surprise and a big attack, wasn't I mean,
(13:54):
it was sneaky, but it wasn't quiet by any means,
right or stealthy. I guess the word UM. The other
ones are pretty much stealthy. Part of a Pearl Harbor attack.
I believe UM could be a distributed denial of service attack,
which is basically, you know, like when you UM try
to get onto a website or whatever, you're sending a
(14:15):
request to the server to let you on right now.
If you assault that one server with millions of pings
and it's trying to accommodate everybody as is appropriate and
apt UM, it'll basically they crash. Is the point you
can crash a server by hitting it with millions of
pings all at once, just slows it down to the
(14:37):
point either where it doesn't work or it crashes. Yeah,
and that's that's what anonymous likes to do with like
MasterCard during the whole wiki leaks thing when they was
a master Card or Visa crash. I cannot remember, um
remember when that happened. Though. It's basically just launching a
bunch of server requests at a specific server in the service,
like no, no, and this falls over? Is that why
people say ping? By the way, the ping um? Yeah,
(15:02):
I hate that. It's better than javastorm. I don't even
know what that is, drinking coffee while you're having a brainstorm,
like let's go get coffee and brainstorm something javas to
people say that, Yeah, I don't say it. I've never
heard of that. That ping and meta or the three
things that I will never say. Epic maybe the worst
(15:25):
to call something epic. I don't mind epic. Oh man,
I hate epics. At least it's a real word, especially
epic fail. Well yeah, sure, okay, back to it. Viruses, uh,
code red, slammer, nimda. These are viruses that Strickland has
mentioned that it spread very quickly across the Internet, and
(15:47):
there's a couple of ways this can go down. You
can either, um, you can set a you can do
it immediately and release a virus. You can have all
these other computers deliver the virus. You can put sort
of like a delay timer on your virus for it
to go off in two years, automatically or manually whenever
(16:09):
you want to. It can be waiting for you to
hit the button and then latch the virus that way,
or I think, um for the user of that computer
to do, like say control all delete, Well we'll trigger
it or something. Yeah, that's pretty scary. Yeah, I don't
don't press those three buttons all the time on my PC.
Oh my god, Chuck. I think we should talk about
(16:32):
right about here is I think we're stucks net fits
in who stucks net? Say it? When we're stucks net?
I don't know what that is. You know it's stucks net?
Is that in this? Yeah? It's the Iranian Um, it's
the virus that the US and Israel unleashed on Iran.
It's a perfect example of this. It is. You're right,
(16:52):
So let's talk about stucks net. Stucks net. It's a
great name. It was offensive a cyber attack. Offensive been
two thousand and ten. They thinking maybe it was the
first one ever, the US launched like a strictly for
sabotage attack. Basically, they wanted to disable Iran UH Iran's
UH centrifuges so they could not enrich uranium. And they
(17:16):
did this through the UH, the new Air Force based
out of Texas, right, Texas in Georgia. Yeah, what's the
Warner Robbins Robin's Air Force Space, Yeah, Robin's Air Force Base. Yeah,
those two places are where they station. Yeah. And this
is the first all cyber unit. Pretty much pretty cool, right,
(17:38):
Their whole is it, Their whole task is to wage
cyber warfare, and I imagine to be defensive against cyber attacks.
But um, I don't I don't know if they had
to do with stuck stent, but they probably would have.
Um I think it was being developed before was ordained
(17:59):
in two thousand nine. Think it went back to two
thousand seven when it was started. But basically, the they
the CIA got their hands on centrifuges that they knew
Iran was using, and they had just as many as
Iran did of the same kind, and they studied it
and they built this virus based on this configuration of
(18:22):
centrifuges running Windows and Siemens switches, right, yeah, and then
they build a virus to go infiltrate it. I thought
it was called Operation Olympic Games. It was, but the malware,
the virus itself is called Okay that's what I couldn't
figure it out, but you're right. It was called Operation
Olympic Games. And this whole operation was this huge, sweeping, awesome,
(18:45):
massive secretive basically imagine like the CIA. Do you remember
Uncommon Valor? Oh yeah, okay, do you remember when like
they're training at that replica of the camp? Okay, the
CIA did that with Iran centrifuges in the nuclear program,
and they figured out exactly how he worked, and then
they figured out the best way to break it. Was
(19:06):
Gene Hackman bank rolling the whole thing. Oh yeah, he
was there to get his son out. He he was
just staring at this menu of guns and silhouette that
he wanted to order. Remember that? Oh yeah, dude, that
I thought that was so bad. That yeah, but that
was a huge, huge movie for like dude's our age. No,
I'm saying bad isn't like good? Okay, yeah, gotcha? Um
so stucks and net Olympic Games happened, and like you said,
(19:28):
it was the first offensive cyber attack. Most of the
other ones have come in the form of UM sneaking
in and lying around and watching and waiting and spying. Well,
stuck that had that too, was that the initial There
was a companion program called Flame that somehow. This is
the part that's the biggest mystery. The m Iran's nuclear
(19:50):
program is not connected to the Internet, so somebody got
that in on thumb drive, infected their local system. UM
and Flames sat there and basically just studied everything, told
the US how the configuration was set up, and then
they built it, and then they inserted stucks net and
basically it made all of their data looked like everything
(20:14):
was operating normally, but it was telling their centrifuges to
spin out of control and basically break themselves. It's like
Oceans eleven when they built the Replica vault exactly showed
the Replica video. There's nothing going on. So basically, the
Pentagon has been watching a lot of movies pretty much
(20:44):
as skuld. But this is a hugely successful attack UM,
if not at the very least for American cyber warfare UM,
because it's supposedly set Iran's nuclear program back by at
(21:06):
least a year, if not more, and that this would
let us continue talk. Yeah, and I think it said
one of the aims was to make them feel stupid,
and then they said it worked like they that they
done something wrong and that's why this these systems were failing.
It's pretty scary, man. But the point is now is Okay,
that's out there. Stuck Snut is out there for anybody
(21:28):
who can get their hands on it. And that's the
name of it. It's a great name, alright, stuck Snut
within with an X with a new guetas center. But
it's out there, and the US is now basically just
the the computer equivalent of Hiroshima was just launched by
(21:49):
the United States. Yeah, and nice little set up there.
A lot of people are comparing these days of the
early days of cyber warring to the early days of
of nuclear bombs, and that there's not a ton of defense.
Not anyone really knows what they're doing. It's sort of
a chaotic mess that everyone's trying to get their finger
(22:10):
in the bie though. Yeah, and the other countries like China,
believe Russia, who are apparently better equipped to defend against
a cyber attech than the US. So basically the US
is really playing with fire. Well, and that's why Clinton
and Bush we're declining to use these is one of
the reasons where like, you know, this opens us up
(22:30):
to counterattacks and just may not be the smartest way
to Like we wouldn't go out and just drop a
nuclear bomb on a country. Right, Oh wait did all? Right? Oops? Twice?
What else you got? Let's see, Uh we talked about
the system controls and UM data acquisition systems. Yeah, that
(22:51):
was UM. Basically that is the achilles heel of infrastructure
and the United States. One of the reasons why we're
not set up to defend against UM a cyber attack
is because we are so connected to the internet. Yeah
everything is. Yeah. Iran North Korea, Yeah, not quite as
(23:14):
much because a lot of their stuff is off the
grid just by default because they don't have the infrastructure
that we have. So just the robustness of our own
infrastructure is one of the one of its vulnerabilities as well. Yeah,
that's a good point as far as defense goes to
I forgot about this stuff. Um. Strickland says that like
(23:35):
the first step is education as far as educating consumers
over you know, antivirus software and how they search the
Internet and stuff like that. So I give that a medium.
But uh, this guy, Richard Clarke, he's a security expert.
He blames things on companies like Microsoft too. He feels
(23:56):
like rushes through programs UM but for their fully security
tested because they want to make you know, they want
a few coins rub together by selling this stuff, and
the consumer doesn't want to wait, and the stockholders don't
want lots of testing because they want those new products
on the market. So it's a bit of a rough position.
(24:17):
And um, you know, private companies run most of the net,
you know, it's not like this big government thing. So
he contends, Clark does that it's up to these private
companies who own the Internet's infrastructure to really make it
more robust in a defensive sense, right, which is good
in one sense, because then you have a dollar amount
(24:38):
in the form of lost profits attached to UM a
security breach, right, so company is going to try to
protect it UM, which is good. Yeah, But at the
same time it's like, yeah, if you're putting out products though,
and you have competition and your competitors products are safer, UM,
and you're just rushing stuff to market and you're gonna
(25:01):
lose out ultimately pretty bit the same economic forces. And
Jonathan also points out to that, you know, a scary
way this can be implemented is as a one two
punch with a physical attack. Yeah. So, I mean, this
is the one that wakes me up in the middle
of the night is a cyber attack is launched and
the electric power grid is shut down, and gas lines
(25:24):
and waterlines start going haywire, and then all of a
sudden incomes the Red Dawn team parachuting in. Well, that's
what we did to a Rock in two thousand three.
We sent a cyber attack that messed with their UM
I guess their air defense systems, and then we invaded.
So that's happened before we've done it, doesn't surprise me. Yeah,
(25:46):
cyber war, we're in the midst of it. We're in
the midst of it. Pretty crazy stuff. Get your what
Norton anti virus that'll just solve everything. Yeah. Education, education,
that's all. That's the only thing, that's all we can
do to prevent cyber war. UM. If you want to
learn more about cyber War and read this article by
(26:06):
Jonathan Strickland. You can type cyber war one word in
the search bar how stuff works dot com and will
bring it up, I said Jonathan Strickland, which means it's
time for a listener. May all, it's time for a
lot more than that. Uh. I'm gonna call this beer
and Fire. Hi, guys, I'm a professor of history and
(26:29):
a long time act of your show. I use a
podcast in my college classes to talk about how we
use history and entertainment. I'm writing about the Great Chicago
Fire podcast, especially as it relates to my research. See.
I study the history of alcohol, and I teach a
class on the history of beer. Uh. Pretty cool. We
study the economic, social, and cultural history of beer, and
we make beer in class into weekly beer tastings. What anyway,
(26:55):
Aside from the stuff you mentioned the show, the Chicago
fire is important because it wiped out about three quarters
Chicago's breweries. Something like eighteen breweries were destroyed by the fire.
Of course, people still wanted beer. Uh. Chicago and the
Upper Midwest has was populated about a lot of Germans
at the time. This gave birth to the beer industry
in Milwaukee before the Great Fire. Milwaukee was a beer town,
(27:18):
but not a major supply center. Schlitz especially as a
good example of how the Milwaukee beer industry reacted to
the fire. Joseph Schlitz, the founder it, first donated thousands
of barrels of beer to Chicagoans and the weeks after
the fire. Been Sensing an opportunity, he then opened a
distribution point in the city. After all, there were still
(27:39):
hundreds of thousands of thirsty Chicagoans, he opened Schlitz Tide saloons.
By the eighteen eighties, he was selling about fifty thousand
barrels of beer in Chicago alone, which is about seventeen
percent of their total. And the slogan, the slogan for Schlitz,
the beer that made Milwaukee famous, came out of this period,
(28:00):
and it's because of the beer sold after the fire,
so that's where they got the name. By nineteen two,
Schlitz was the largest brew in the world, a title
it would trade back and forth with Budweiser until the
nineteen fifties. And he goes on to point out that
Blats and perhapsed followed similar trajectories stucks net, stucks net,
(28:21):
and UH. The Chicago brewing industry sadly never recovered from
the fire, although beer drinking remained steady. And I don't
have Professor Beer's name, so we'll just call him Professor Beer. Oh,
I'm sure he'd appreciate that. Yeah, I'm sure that's what
the students call him. Thanks, Professor Beer. Yeah. And if
(28:42):
you want to write in, I'll say your name on
a later show. Okay. Um. And if you teach, especially
something interesting or you stuff you should Know? To hell.
If you teach, we're always interested in hearing that. We
want to know about it. Okay. You can tweet it
to us at s y s K podcast, put it
on Facebook dot com slash Stuff you Should Know, or
(29:03):
you can send us an email. The Stuff podcast at
how Stuff Works dot com and has always joined us
at our home on the web Stuff you Should Know
dot Com. Stuff you Should Know is a production of
iHeart Radio's How Stuff Works. For more podcasts for my
heart Radio, visit the iHeart Radio app, Apple Podcasts, or
wherever you listen to your favorite shows. H
Hey there everyone, it's me Josh, and for this week's
s Y s K Selects, I've chosen a classic episode
on cyber war It's almost certainly hopelessly out of date
by now, but it is an interesting intro to cyber warfare,
and we learned that Chuck hates the words stucks net.
So listen out for that kick back and enjoy this
(00:21):
classic episode of Stuff You Should Know. Welcome to Stuff
You Should Know, a production of five Heart Radios How
Stuff Works. Hey, welcome to the podcast. I'm Josh Clark
with me is always a child to be Chuck Bryant.
(00:43):
We call him an authority on UM, cyber security, the
Internet and everything about it. An expert. You would say,
that's right. Hey, should we say hello to our our
latest celebrity fan who we just learned today that miss
Kristen Bell, the lovely and enchanting and nerdy Kristen Bell.
(01:06):
Is she nerdy, very nerdy, like prides herself on. I mean,
it doesn't surprise me that she listens to the show. Yeah,
because she's on record as being a big nerd, which
is one reason I like her a lot. And she's
curating UM a newsweek page right, Yeah, like things she
likes or kind of one of those deals that they
do in magazines now and she listed us. That's pretty awesome.
(01:27):
How about that? Thank you very much for that. I'm
a huge fan of a party down which she was
in and other stuff that she's been in forgetting Sarah Marshall,
how's it going? And her You gotta see her sloth
video online that she did on the Ellen Show. It's
pretty funny, highly recommended. Okay, so that's all I got.
That's all the sucking up I'm gonna do. Should we
say hi to another fan, slightly less famous but pretty cool? Yes? Sam?
(01:53):
Do you want to give a little a little backstory?
Giving some backstory here? Sure? We um. We had a
live Um tribute event here in Atlanta a couple of
years ago, and at the event was a little, uh
teenage fan named Sam teenage you mean like just post tween. Yeah, like,
and his mom brought him and he's a big fan.
He's just like really sweet kid. Mom was very sweet, sweet,
(02:15):
very nice family. Flash forward a couple of years we
got to south By, Southwest there Sam again, apparently mom
drove him to Austin to come see our life podcast. Yeah,
they weren't there to see. I've spoke to mom afterwards
and was like, so, what else are you guys gonna see?
She's like nothing. We're going back crazy. I was like,
what else did you see? She's like nothing. They came
to see us. So then we were like, all right,
(02:35):
we gotta think of something for Samy because he's proved
his metal And Sam wrote in and and sent his
resume and like all the reasons we should put him
to work, and it's just like, dude, if the future
is secure, if kids are like Sam, for I'm not
worried about a thing anymore. Yeah, So we we racked
our brains and we found out there's like a surprising
amount of adult only tasks that we do, like at
(02:57):
any given time, and we're like, all right, we have
to we have to figure out something that's age appropriate
for Sam. That's right. So long story short, I was
getting kind of thin on podcast topics. I put Sam
on the case and he sent me like a stellar,
stellar list with reasons why we should do these and uh,
this is the first one. This is one, and he
had a lot of overlap on once we had already
(03:18):
recorded it aren't out yet, so that just goes to
show you that Sam is like he gets the show right.
And uh so, as Sam's picking these out, we're gonna
let you know if this is a Sam one. But
this is going on in the summer, we're gonna call
this the Summer of Sam. That's right, Sam's choice. All right.
So that's the longest intro ever. That wasn't even the intro. Man, Well,
let's get to cyber worse. Then, let's bossy. Well, you know, Chuck,
(03:42):
have you ever been to Bellingham, Washington? No? Okay, I
have not. Have you been to Washington? Been in Seattle?
Isn't that where um Van Nostrin lives? Yeah? Or is
it Oregon? Now he sees Washington? Ok um? So, uh
in Bellingham, wash Ington on June at the Olympic Pipeline
(04:03):
Company a systems control and data acquisition system. There's systems
twice in there. Um, but a SCATA or SKATA system um,
which is basically like a computer program that like can
make a valve turn or turn something off for mechanical
right from from digital binary instructions right. Um, This Olympic
(04:28):
Pipeline Company system was operating on this this type of
program and UM something went wrong and one of their
pipes started leaking a lot, like millions of gallons of
gasoline UM and part of it erupted into a fireball
and killed three people injured many others. UM and they
(04:51):
went back and looked at it. They think it was
just a system malfunction. But the fact that this came along,
this happened because of this system can troll, and it
happened in as the dot com bubble was starting to
grow and like the Internet was really becoming a huge thing.
UM people who are into cybersecurity now point to this
(05:12):
as evidence of exactly what somebody could do during a
cyber attack, even though they think this was just an accident, right, irrelevant,
But they're they're they weren't like pointing to that as well. No,
they don't think that had anything to do, but they
were saying, this is what it would look like if
somebody had wanted to attack, Like, this is what a
(05:34):
cyber attack would look like. Because it's not just the
Olympic Pipeline company that's using these systems UM. All over
the United States, companies, law enforcement agencies, military banks, UM,
public works, all of these things are all running on
(05:55):
what amounts to Windows. It's a simple that. Yeah, Microsoft
systems many of them, and um. As Jonathan Strickland wrote
this from tech Stuff the article, and as Strickland points out, um,
a couple of things Microsoft has been uh kind of
chastise over the years for their security or lack of
(06:16):
security in some of their programs, and um. The other
thing he points out is the internets grew so fast
and everyone got on board so quickly that it kind
of outpaced what we could even do security wise. It
was all of a sudden, Government agencies and power grids
and emergency services and weapons systems, water and fuel pipelines,
(06:40):
all the stuff is running on on computers and a
lot of it through the Internet. And we don't quite
know how to guard against a cyber attack. No, And
apparently even as far as like the knowledge of how
to guard against cyber attacks goes, the United States is
is lacking, Yeah, compared to like China and Russia. UM,
(07:01):
so we're kind of in this really weird position right
now where we've realized that all of the ponies are
hooked to a single basket of eggs and all it's
gonna take is a couple of black cat firecrackers to
scare all the horses off. That's the best analogy I
can come up with. Did you just think of that?
(07:22):
Or did you I just thought it that. My imagination
is back. I can tell you where time traveled to
awesome where I can't think. Okay, um, all right, let's
go back a little bit in time. I don't think
we need the way Back machine for this, because we're
just going to We can just like walk outside. Yeah,
they'd be the waste of time for the way Back machine. Umn.
(07:44):
Some pretty smart people caught on early that hey, we
could be vulnerable to something like a cyber attack. So
let's look into this. Let's put a red team on it.
Red team is a our friends that act as enemies
to try and you know how they hire these people
to like break into your home. Yeah, those are red
teams basically, right, like um from Star Wars. Yeah, exactly.
(08:06):
So let's get a red team. Let's let's uh name
it this mission something really cool out of a football playbook.
Let's name it Project Eligible Receiver. Do you know how
many times I had to look at that before it
finally sunk in what words I was looking at? Really
it is? It does look kind of funny. It looks
like eleanor Rigby when you glance at it, at least
(08:27):
I think, so, yeah, it doesn't to me. I was
thinking more of like a radio receiver or something like,
I think it just means about football. No, it totally
just saying like I read this many times before, I
was like, oh, okay, so a lot of this is
still classified, so we don't know everything. But basically they
hired some hackers, which is what you do to test
your security, they being the Department of Defense. Yeah, yeah,
(08:49):
depart of Defense saying hey, can you nerds hack into
the Pentagon system and afterwards we won't assassinate exactly, And
the nerds were like, just watched this and it took
three days before the Pentagon even knew that they were
being cyber attacked by the Red Team, Like pretty successful
(09:09):
and very sobering. Yeah, so um, they they h it
was I guess kind of an eye opener for the
d O D and they I'm sure used it to
step up security. Not fast enough though, because after this
Red Team attack, um Operation Eligible Receiver, an actual attack
which they later came to call what was at Moonlight Maze. Yeah,
(09:32):
this is one year after that the tests. A year
after UM, somebody launched an attack and it was a
I guess what's probably the most typical kind of cyber attack,
where you insert some sort of software to basically spy
and get files and gather data and download sensitive materials. Right,
(09:53):
And apparently took two years before NASA, the Pentagon, UM
and other agencies in the US government noticed that UM
accidentally noticed that this that they were being spied on.
Cyber wise, Yeah, they got data like strategic maps, troop assignments,
and positions. Not good, right, very scary. And they trace
(10:17):
it back to Russia. Doesn't necessarily mean that it came
from Russia in its origin, but at least that's where
they traced it to. Uh. And this is cyber warfare,
like it's happening. It's been going on since the nineties
pretty much. Yeah, I mean it's not is a cyber
war coming, it's like, how do we prevent like a
cyber war from bringing us all down? Yeah, pretty much.
(10:41):
And it's apparently from looking into this, there's like two camps.
There's like a gloom and doom camp where it's like, yeah,
somebody really wants to mess things up. They're going to
be able to it's gonna be pretty easy. And the
sunny optimistic camp is kind of like, no, you know,
we know we're looking for now, Like, sure they could
launch an attack, but will we'll be able to stop
(11:01):
it in time for before we can do like a
lot of damage. Yeah, so we'll see, we'll lay out
everything for you can decide who's right, that's rights w
(11:27):
s K you should. So we've already mentioned that on
the defensive side of things, the US is sorely lacking, um.
But on the offensive side of things, we've actually done
this ourselves more than once. Um during the coast of
(11:47):
a war. Strickland points out, we used computer attacks to
compromise Serbian air defenses, basically kind of scrambling their information
so they had bad I guess coordinates. Well, just on
the race our screen wasn't wasn't apt? Was okay? Or appropriate?
(12:07):
Did you see that one? So we did this, We
launched it and it and it worked. So, uh, that's
a good thing, but it's also a bad thing if
you're like, was it Bush the first or Clinton in
Bush the second? Bush the second in two thou three
in a rock and Clinton? Well, they were both like,
we don't think we should be doing much of this
(12:28):
because a couple of reasons. A. It basically opens us up.
It's like, hey, they did this, so we can do
it right back and be I think they could have
drained some banks of terrorist cells. And they said, we
kind of depend on the integrity of the banking system worldwide,
like we don't want to start messing around with us.
So apparently with with UM cyber warfare, it's very much
(12:52):
like UM. When you build that virus, it's out there
and it can be captured and studied and re deployed
against you. Yeah, so what they were saying with Clinton
and Bush who were saying like, no, we're not going
to use a virus to UM to drain those bank
accounts because they could be it will eventually come back
(13:13):
on us, and our banking industry is not secure enough
to withstand something that we ourselves make. Because apparently the
US is pretty good at making viruses. I'm sure should
we talk about some of the different ways that this
can go down. Yeah, the Pearl Harbor attack, Yes, I
had the feeling strictly might A name this one himself,
(13:34):
but it's not true. He went to a lot of
trouble to explain why it's called the Pearl Harbor strategy,
and I think he could have just left at that.
The idea here is that it's it's pretty much in
your face. It's a massive cyber attack where they infiltrate
and then they sabotage systems. UM much like Pearl Harbor
was a big surprise and a big attack, wasn't I mean,
(13:54):
it was sneaky, but it wasn't quiet by any means,
right or stealthy. I guess the word UM. The other
ones are pretty much stealthy. Part of a Pearl Harbor attack.
I believe UM could be a distributed denial of service attack,
which is basically, you know, like when you UM try
to get onto a website or whatever, you're sending a
(14:15):
request to the server to let you on right now.
If you assault that one server with millions of pings
and it's trying to accommodate everybody as is appropriate and
apt UM, it'll basically they crash. Is the point you
can crash a server by hitting it with millions of
pings all at once, just slows it down to the
(14:37):
point either where it doesn't work or it crashes. Yeah,
and that's that's what anonymous likes to do with like
MasterCard during the whole wiki leaks thing when they was
a master Card or Visa crash. I cannot remember, um
remember when that happened. Though. It's basically just launching a
bunch of server requests at a specific server in the service,
like no, no, and this falls over? Is that why
people say ping? By the way, the ping um? Yeah,
(15:02):
I hate that. It's better than javastorm. I don't even
know what that is, drinking coffee while you're having a brainstorm,
like let's go get coffee and brainstorm something javas to
people say that, Yeah, I don't say it. I've never
heard of that. That ping and meta or the three
things that I will never say. Epic maybe the worst
(15:25):
to call something epic. I don't mind epic. Oh man,
I hate epics. At least it's a real word, especially
epic fail. Well yeah, sure, okay, back to it. Viruses, uh,
code red, slammer, nimda. These are viruses that Strickland has
mentioned that it spread very quickly across the Internet, and
(15:47):
there's a couple of ways this can go down. You
can either, um, you can set a you can do
it immediately and release a virus. You can have all
these other computers deliver the virus. You can put sort
of like a delay timer on your virus for it
to go off in two years, automatically or manually whenever
(16:09):
you want to. It can be waiting for you to
hit the button and then latch the virus that way,
or I think, um for the user of that computer
to do, like say control all delete, Well we'll trigger
it or something. Yeah, that's pretty scary. Yeah, I don't
don't press those three buttons all the time on my PC.
Oh my god, Chuck. I think we should talk about
(16:32):
right about here is I think we're stucks net fits
in who stucks net? Say it? When we're stucks net?
I don't know what that is. You know it's stucks net?
Is that in this? Yeah? It's the Iranian Um, it's
the virus that the US and Israel unleashed on Iran.
It's a perfect example of this. It is. You're right,
(16:52):
So let's talk about stucks net. Stucks net. It's a
great name. It was offensive a cyber attack. Offensive been
two thousand and ten. They thinking maybe it was the
first one ever, the US launched like a strictly for
sabotage attack. Basically, they wanted to disable Iran UH Iran's
UH centrifuges so they could not enrich uranium. And they
(17:16):
did this through the UH, the new Air Force based
out of Texas, right, Texas in Georgia. Yeah, what's the
Warner Robbins Robin's Air Force Space, Yeah, Robin's Air Force Base. Yeah,
those two places are where they station. Yeah. And this
is the first all cyber unit. Pretty much pretty cool, right,
(17:38):
Their whole is it, Their whole task is to wage
cyber warfare, and I imagine to be defensive against cyber attacks.
But um, I don't I don't know if they had
to do with stuck stent, but they probably would have.
Um I think it was being developed before was ordained
(17:59):
in two thousand nine. Think it went back to two
thousand seven when it was started. But basically, the they
the CIA got their hands on centrifuges that they knew
Iran was using, and they had just as many as
Iran did of the same kind, and they studied it
and they built this virus based on this configuration of
(18:22):
centrifuges running Windows and Siemens switches, right, yeah, and then
they build a virus to go infiltrate it. I thought
it was called Operation Olympic Games. It was, but the malware,
the virus itself is called Okay that's what I couldn't
figure it out, but you're right. It was called Operation
Olympic Games. And this whole operation was this huge, sweeping, awesome,
(18:45):
massive secretive basically imagine like the CIA. Do you remember
Uncommon Valor? Oh yeah, okay, do you remember when like
they're training at that replica of the camp? Okay, the
CIA did that with Iran centrifuges in the nuclear program,
and they figured out exactly how he worked, and then
they figured out the best way to break it. Was
(19:06):
Gene Hackman bank rolling the whole thing. Oh yeah, he
was there to get his son out. He he was
just staring at this menu of guns and silhouette that
he wanted to order. Remember that? Oh yeah, dude, that
I thought that was so bad. That yeah, but that
was a huge, huge movie for like dude's our age. No,
I'm saying bad isn't like good? Okay, yeah, gotcha? Um
so stucks and net Olympic Games happened, and like you said,
(19:28):
it was the first offensive cyber attack. Most of the
other ones have come in the form of UM sneaking
in and lying around and watching and waiting and spying. Well,
stuck that had that too, was that the initial There
was a companion program called Flame that somehow. This is
the part that's the biggest mystery. The m Iran's nuclear
(19:50):
program is not connected to the Internet, so somebody got
that in on thumb drive, infected their local system. UM
and Flames sat there and basically just studied everything, told
the US how the configuration was set up, and then
they built it, and then they inserted stucks net and
basically it made all of their data looked like everything
(20:14):
was operating normally, but it was telling their centrifuges to
spin out of control and basically break themselves. It's like
Oceans eleven when they built the Replica vault exactly showed
the Replica video. There's nothing going on. So basically, the
Pentagon has been watching a lot of movies pretty much
(20:44):
as skuld. But this is a hugely successful attack UM,
if not at the very least for American cyber warfare UM,
because it's supposedly set Iran's nuclear program back by at
(21:06):
least a year, if not more, and that this would
let us continue talk. Yeah, and I think it said
one of the aims was to make them feel stupid,
and then they said it worked like they that they
done something wrong and that's why this these systems were failing.
It's pretty scary, man. But the point is now is Okay,
that's out there. Stuck Snut is out there for anybody
(21:28):
who can get their hands on it. And that's the
name of it. It's a great name, alright, stuck Snut
within with an X with a new guetas center. But
it's out there, and the US is now basically just
the the computer equivalent of Hiroshima was just launched by
(21:49):
the United States. Yeah, and nice little set up there.
A lot of people are comparing these days of the
early days of cyber warring to the early days of
of nuclear bombs, and that there's not a ton of defense.
Not anyone really knows what they're doing. It's sort of
a chaotic mess that everyone's trying to get their finger
(22:10):
in the bie though. Yeah, and the other countries like China,
believe Russia, who are apparently better equipped to defend against
a cyber attech than the US. So basically the US
is really playing with fire. Well, and that's why Clinton
and Bush we're declining to use these is one of
the reasons where like, you know, this opens us up
(22:30):
to counterattacks and just may not be the smartest way
to Like we wouldn't go out and just drop a
nuclear bomb on a country. Right, Oh wait did all? Right? Oops? Twice?
What else you got? Let's see, Uh we talked about
the system controls and UM data acquisition systems. Yeah, that
(22:51):
was UM. Basically that is the achilles heel of infrastructure
and the United States. One of the reasons why we're
not set up to defend against UM a cyber attack
is because we are so connected to the internet. Yeah
everything is. Yeah. Iran North Korea, Yeah, not quite as
(23:14):
much because a lot of their stuff is off the
grid just by default because they don't have the infrastructure
that we have. So just the robustness of our own
infrastructure is one of the one of its vulnerabilities as well. Yeah,
that's a good point as far as defense goes to
I forgot about this stuff. Um. Strickland says that like
(23:35):
the first step is education as far as educating consumers
over you know, antivirus software and how they search the
Internet and stuff like that. So I give that a medium.
But uh, this guy, Richard Clarke, he's a security expert.
He blames things on companies like Microsoft too. He feels
(23:56):
like rushes through programs UM but for their fully security
tested because they want to make you know, they want
a few coins rub together by selling this stuff, and
the consumer doesn't want to wait, and the stockholders don't
want lots of testing because they want those new products
on the market. So it's a bit of a rough position.
(24:17):
And um, you know, private companies run most of the net,
you know, it's not like this big government thing. So
he contends, Clark does that it's up to these private
companies who own the Internet's infrastructure to really make it
more robust in a defensive sense, right, which is good
in one sense, because then you have a dollar amount
(24:38):
in the form of lost profits attached to UM a
security breach, right, so company is going to try to
protect it UM, which is good. Yeah, But at the
same time it's like, yeah, if you're putting out products though,
and you have competition and your competitors products are safer, UM,
and you're just rushing stuff to market and you're gonna
(25:01):
lose out ultimately pretty bit the same economic forces. And
Jonathan also points out to that, you know, a scary
way this can be implemented is as a one two
punch with a physical attack. Yeah. So, I mean, this
is the one that wakes me up in the middle
of the night is a cyber attack is launched and
the electric power grid is shut down, and gas lines
(25:24):
and waterlines start going haywire, and then all of a
sudden incomes the Red Dawn team parachuting in. Well, that's
what we did to a Rock in two thousand three.
We sent a cyber attack that messed with their UM
I guess their air defense systems, and then we invaded.
So that's happened before we've done it, doesn't surprise me. Yeah,
(25:46):
cyber war, we're in the midst of it. We're in
the midst of it. Pretty crazy stuff. Get your what
Norton anti virus that'll just solve everything. Yeah. Education, education,
that's all. That's the only thing, that's all we can
do to prevent cyber war. UM. If you want to
learn more about cyber War and read this article by
(26:06):
Jonathan Strickland. You can type cyber war one word in
the search bar how stuff works dot com and will
bring it up, I said Jonathan Strickland, which means it's
time for a listener. May all, it's time for a
lot more than that. Uh. I'm gonna call this beer
and Fire. Hi, guys, I'm a professor of history and
(26:29):
a long time act of your show. I use a
podcast in my college classes to talk about how we
use history and entertainment. I'm writing about the Great Chicago
Fire podcast, especially as it relates to my research. See.
I study the history of alcohol, and I teach a
class on the history of beer. Uh. Pretty cool. We
study the economic, social, and cultural history of beer, and
we make beer in class into weekly beer tastings. What anyway,
(26:55):
Aside from the stuff you mentioned the show, the Chicago
fire is important because it wiped out about three quarters
Chicago's breweries. Something like eighteen breweries were destroyed by the fire.
Of course, people still wanted beer. Uh. Chicago and the
Upper Midwest has was populated about a lot of Germans
at the time. This gave birth to the beer industry
in Milwaukee before the Great Fire. Milwaukee was a beer town,
(27:18):
but not a major supply center. Schlitz especially as a
good example of how the Milwaukee beer industry reacted to
the fire. Joseph Schlitz, the founder it, first donated thousands
of barrels of beer to Chicagoans and the weeks after
the fire. Been Sensing an opportunity, he then opened a
distribution point in the city. After all, there were still
(27:39):
hundreds of thousands of thirsty Chicagoans, he opened Schlitz Tide saloons.
By the eighteen eighties, he was selling about fifty thousand
barrels of beer in Chicago alone, which is about seventeen
percent of their total. And the slogan, the slogan for Schlitz,
the beer that made Milwaukee famous, came out of this period,
(28:00):
and it's because of the beer sold after the fire,
so that's where they got the name. By nineteen two,
Schlitz was the largest brew in the world, a title
it would trade back and forth with Budweiser until the
nineteen fifties. And he goes on to point out that
Blats and perhapsed followed similar trajectories stucks net, stucks net,
(28:21):
and UH. The Chicago brewing industry sadly never recovered from
the fire, although beer drinking remained steady. And I don't
have Professor Beer's name, so we'll just call him Professor Beer. Oh,
I'm sure he'd appreciate that. Yeah, I'm sure that's what
the students call him. Thanks, Professor Beer. Yeah. And if
(28:42):
you want to write in, I'll say your name on
a later show. Okay. Um. And if you teach, especially
something interesting or you stuff you should Know? To hell.
If you teach, we're always interested in hearing that. We
want to know about it. Okay. You can tweet it
to us at s y s K podcast, put it
on Facebook dot com slash Stuff you Should Know, or
(29:03):
you can send us an email. The Stuff podcast at
how Stuff Works dot com and has always joined us
at our home on the web Stuff you Should Know
dot Com. Stuff you Should Know is a production of
iHeart Radio's How Stuff Works. For more podcasts for my
heart Radio, visit the iHeart Radio app, Apple Podcasts, or
wherever you listen to your favorite shows. H
Stuff You Should Know News
Hosts And Creators
Chuck Bryant
Josh Clark
Show Links
AboutOrder Our BookStoreSYSK ArmyRSSPopular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.