What is Stuxnet?

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Brought to you by the reinvented two thousand twelve Camray.
It's ready. Are you get in touch with technology with
tech Stuff from how stuff works dot com. Hello again, everyone,
and welcome to tech stuff. My name is Chris Polett,
and I am an editor at how stuff works dot com.

(00:22):
Sitting across from me as always a senior writer, Jonathan Strickland. George,
you've heard about this virus? Shall I cough on you? George?
That was a good one. Yeah, that's from a classic film, definitely.
I actually know where that comes Oh yeah, wow, I
can't believe you've seen that one. I haven't. I just
know where it comes from. All right, Well, we're going

(00:42):
to launch directly into a little listener mail. This listener
mail comes from Patrick, who says, Dear text Stuff, I
really think an appropriate topic for discussion would be the
infamous stucks net that has been all over the news
these past few months. Thank you, and I hope to
hear from more from you guys. Well, Patrick, we thought

(01:04):
we'd tackle stucks net to We've talked about a couple
of times in other podcasts, just kind of mentioning it
off hand, and of course we've done podcasts about viruses
and worms before. But the stucks net is it's is
a particularly interesting form of malware. Yes, yes, it is
in fact a worm um and UH one of the

(01:25):
reasons it's so interesting is because it is extremely complex.
It seems to be targeted at a specific purpose, and
if if not a specific purpose, as a specific location.
And uh, no one officially knows where it came from.
Somebody knows, but it's It does also seem to be

(01:46):
a state sponsored um virus, or at least some department
in some country appears to be responsible for it, based
upon the various investigations that have gone on since the
discovery of stocks net. Yeah. Now, it's important to note
that we have to be careful when we talk about
that because we don't know for sure. And as we

(02:08):
have mentioned many times before, probably most notably in our
hacking of Google and China discussions that we've had before, UM,
it is possible to make an attack look like it
came from someone it didn't, and that'll that will come
up later in our discussion too. But UM, you know
it it appears that way, but there's really no way

(02:29):
for UH to tell for sure. And and and we've
had some very dedicated computer security experts looking into this.
So some seriously talented people have been evaluating this the
stucks net worm and have been unable to determine that
for sure. So do you want to uh, should we start?

(02:49):
I guess we This really all started back in two
thousand nine as far as we know, Yes, yes, So
let's let's give a brief overview of what stucks net
is and what it's meant to do. So stocks net
is a worm, is a Windows based worm, so it's
this isn't This is not a you know, that doesn't

(03:10):
target Lenox, it doesn't target mac os, targets machines running
various forms of the Windows operating system. And as far
as we are able to determine it by the time
of this recording, it originally spread through USB sticks or
USB drives. Yes, it is not. It is not propagated

(03:30):
primarily over the Internet, right, And the reason for that
is because the intended target of stocks net that tends
to be disconnected from the Internet, so you can't target
it from the Internet. That that specific target is well.
Stocks net is able to attack factory systems. Yes, it

(03:52):
actually targets a series of vulnerabilities in the Windows operating system,
which I understand have been patched at this time at
the time the ducks net virus was written, or the
original one was written. Um, it was aimed at several
vulnerabilities and use those vulnerabilities to get at industrial control

(04:13):
systems for gas pipelines and power plants right and aimed
as very specific hardware connected to Windows networks. And in
fact the ultimate target for this turned out to be
some centrifuges in Iranian uh nuclear facilities. So these were
centrifugures that were designed to to process uranium, and the

(04:36):
idea here apparently was to infect systems so that an
outside controller could gain access to the systems and overload
them in such a way as to cause possibly irreparable
damage to the facilities. Now, as it turns out, that
does not seem to have happened. It doesn't look like
the damage was was as deva stating as it could

(05:00):
have been, and there's some interesting explanations for why that is.
One of which is that some security experts have said
stucks net is kind of like a double layer worm,
the core of which is incredibly complex. One of the
most sophisticated worms possible, but the outer layer of which

(05:22):
is less complex and that because of the the reduced complexity,
this is the layer that is that's specifically designed to
help hide stucks net from prying eyes and discovery. Because
it was less sophisticated, it was not as difficult to discover,
although it took an entire year before anyone saw it. Um,

(05:44):
it's not it's not so hard to discover that is
impossible to weed it out. So if the outer layer
had been as sophisticated as the inner layer, it may
even be that we still would not know what stucks
net is so infecting, you know. The idea here is
that you you send in some sort of infected USB

(06:04):
uh media, whether that's a USB stick or a an
external drive or some other device that could contain the
stuck net code in it, connected to a computer that's
within this network that's not connected to the Internet necessarily,
or maybe there's like a couple of machines on the
periphery that are connected to the Internet, but the main

(06:25):
machines aren't. You infect the machine within that network, then
the worm spreads within inside that network until it hits
those critical systems that that are connected to the the
factory environment right now. UM I I read an interview
with security expert Ralph Langner who spoke with Eleanor Mills

(06:46):
of c net UM and Langner said a good way
to get this virus in place would be to infect
a one of the contractors who worked with these power
systems um SO a contractor in this case a trusted
business partner. Hey can you come in and fix this machine?

(07:07):
So if you can infect UH somebody else and have
you know their machines or at a USB drive and
have them take the virus in on foot with a
USB stick and put it on a computer inside the
power plant. UM then this person who already had clearance

(07:27):
is you know, you don't have to worry about getting
it into the impregnable. You don't have to do hard
impossible type thing to get in there and plant this stuff.
You can use a lower point of security for that.
And the reason he thinks that, I'm sorry to interrupted
the reason he thinks that, based on on my readings
of his theory, UM there were other UH countries that

(07:51):
were infected to including Indonesia, India and Pakistan who all
used this one same contractor, a Russian contractor who worked
on the the Bush Air nuclear power plant in Iran.
So the same contractor worked at all those places and

(08:11):
Stuck snat surfaced and all those locations. So I think,
based on that you've got you've got yeah, I mean
he's that that's a logical idea. Yeah, So I think
based on on that information, he said, well, you know what,
I bet that's how they did it. And the goal
here is that at least one of those machines within
that network has to have some sort of connection to

(08:35):
the Internet. If it doesn't, then you cannot control from
outside the network. You cannot control what's going on inside
the factory. But but the in general, the the factory
systems themselves are not connected the Internet. There's a gap there,
it's air gap. That's what it's often called um. But
as long as you can get control of the network

(08:55):
that is, in turn connect to the factory systems, you
might you have the oportunity to infect them. And what's
interesting is the original version of Stuck's net required use
auto run to initiate itself, but you can turn auto
run off on your machine. So if you are let's

(09:16):
say you work for a facility where security is a
major concern. You may have a policy that auto run
must be disabled, so that way nothing no malware that
uses auto run would automatically upload itself to your system. Well,
the the next generation of stucks net, which, by the way,
but the first two generations of stuck snet were deployed

(09:36):
before we ever knew that they existed. Well, anyone not
connected to the the the scheme had no idea they existed.
We didn't know they existed until I wasn't July of
two when it first showed up. But they think it
could have been out in the wild and looking for

(09:56):
targets as or I shouldn't say that, because we were
just saying that it doesn't spread of the internet. It
was available and ready to go as uh, possibly even
a year earlier, but they don't know for sure. Well,
essentially a full year had passed since it had been
first deployed and when it was first discovered. That's true. Yeah,
they first spotted it in the summer of two thousand nine. Well,

(10:18):
the later generations used a vulnerability in l n K
which allows the exploit to essentially install itself. Basically, what
happens is you plug your USB stick that happens to
be UM infected with the stuck s net virus into
your computer, and then you decide to use uh explorer

(10:42):
to look at what is on that that memory stick.
Just by using Explorer to open up the memory stick,
you have uh that that's all it takes for stocks
net to then in fact that computer, now your basic computer.
Like you guys out there who are using your computers,
stucks net would not do anything to your machine. You
wouldn't get any you know, you're not you're not being

(11:02):
spied on, You're not being uh, your your computer is
not gonna start acting weird. The whole purpose of stuck
snet is to affect these factory systems, not individual users computers. Yes,
and in fact it's looking specifically for a semen sematic
wind c C step seven uh software. And most of
us don't have that. No, I don't I I don't

(11:23):
have it on my Windows installations. No, it's not even
in Minecraft. So yeah, if you don't have that, then
it's not going to target you. But if you are
running a very large system like a water facility, power facility,
nuclear power facility, which of course that was the main target, UM,

(11:44):
then you'd have to be concerned about this, and the
the other part of this that was really interesting is that,
like Chris said, it targeted several vulnerabilities, not just one. Right,
your typical virus or worm, especially if it's developed by
someone who just you know, knows an enough to get
into trouble, but not like enough to make a really
sophisticated tool. Those tend to target a single vulnerability, but

(12:07):
Stuck's net was much more sophisticated, and it used a
series of vulnerabilities to spread itself. The one of the
other things that that the reasons why it was able
to install itself without checking for a certificate is because
it stole certificates. Yes, And that's that's another interesting point too,
because originally it had used and used an official certificate yes,

(12:31):
that had been stolen and uh, they revoked that certificate,
and it surfaced very shortly thereafter with another yes exactly,
so it appears to be completely legit. And the two
certificates came from two companies that exist within a few
miles of each other in Taiwan. Interesting. Yeah, interesting huh.

(12:53):
So that suggests that someone, maybe another contractor, was specifically
stealing electronic certificates from other from companies in order to
mask this stuff. And that's the thing is that if
you if you've told your computer or your if your
network administrator has told all the computers to trust UH

(13:14):
software that comes from a particular source, and it bears
that certificate, then there's no reason for the computer to say, Hey,
I see you're trying to upload stuck snet. Are you
sure you want to continue? Thanks clippy. UM, you see
you're trying to bring down the system from within. Do
you need help with that? And when I'm trying to

(13:36):
think of something to say, don't sorry now um. And
that's that's funny that you mentioned the Taiwanese connection, because
when stuck snet is in operation, it is it actually
makes tries to make contact with two control servers in
Malaysia in Denmark, and it does use a peer to
peer scheme to compare versions of itself and update to

(13:58):
the most recent version. So it is it is checking.
It may not necessarily have an Internet connection, but if
it's UH, if it can find other versions of itself
on the intra net where it is located, it will try. UM.
The diversions will try to update themselves to the most
current version to take advantage of any vulnerabilities that might

(14:18):
be available to it. UM. And this is I mean,
it's it's really fascinating stuff. UM. I also read another
article uh with security expert Bruce Schneier, who uh some
of you might have heard of. Actually he's a pretty
outspoken guy. UM. You know, information suggests that uh, you

(14:41):
know it uh may have infected as many as a
hundred thousand or even more computers worldwide, but about six
that was in uran UM, which suggests that Iran was
in fact the target, and specifically, Ralph Langer had found
and in his partners at his firm had found data
structures in the netens facility UH in Iran that that

(15:04):
matched that specifically matched the stucks net code. So it
is possible that uh, it was aimed at that particular facility,
and you know, in particular was totally redundant, un repetitive.
But let me reiterate, there was a there were several articles.
The Telegraph, UM and New York Times have published articles

(15:27):
that suggest uh that uh, you know that that that's
facility in particular was the target. And the idea here
is that it would it was an effort to disrupt
Iran's nuclear program, and that, like I said, the idea
was that you would uh make the centrifuges that are
um processing the uranium in these facilities to spend too

(15:52):
fast and to essentially break them UM. And what's really
fascinating to me is that stucks Net didn't just what
wasn't just designed to go there and just immediately ramp
everything up. It actually would analyze the operations of the
facility for several days for two reasons. One to determine

(16:12):
what would be the most disruptive course of action. So,
in other words, if the centrifuges are turning in a
certain number of revolutions per second, how many more does
it need for it to be the perfect amount to
be disastrous without immediately setting off all the alarms. The

(16:32):
second was that the reason it was observing for several
days was to create a kind of partitioned system so
that when people are looking at their monitors and are
trying to upload code to fix the problem, that it
all is um. It's a it's all segregated from those

(16:54):
factory systems. So if you're looking at the screen, if
you're an engineer looking at your screen trying to fix
the problem. What you see looks like the problems fixed,
that the code you've uploaded has gone in and that's
been incorporated and that's taking care of the problem. But
in reality, those centrifutures are still spinning like crazy. And
that was the really clever thing. It's the idea of

(17:15):
like you pull this mask down or that you know,
you you shield what's really happening, and all the the
monitoring systems don't show that anything's going wrong at all.
That that's pretty devious and that was another reason why
security experts call this a very sophisticated attack, because it
wasn't just that it was able to infect systems, you know, efficiently,

(17:38):
it was able to mask that infection somewhat. And there's
also it also involved a root kit, so if you've
listened to our root kit podcast, there was a root
kit element to this as well. And m yeah, I
thought that was a pretty neat idea. The and and
a lot of the the attribution for this. As we said,
we still don't know for sure who did it, no right,

(18:01):
but you'll if you if you do research on it
and you start looking around at articles that were published
this year, you'll see that the there's some common elements
popping up that at least one Western power was involved
in this, and that Israel was involved in it. Yes,
a lot of a lot of fingers initially pointed to

(18:23):
the United States government, UM, and which is still a possibility,
which is you know, yeah, as is the British government. UM.
Bruce Snyer. It's so hard to say. Bruce Schneier said
that he thinks that around eight to ten people spent
about six months, maybe a little longer on creating this
UM and uh, you know, they think that Israel has

(18:50):
mentioned I read one article from Schneier that suggested had
had a number of references in it. UM. There bits
of code that have dates in them that appeared to
be yes, dates important dates in Iranian Israeli relationship, and
in an incredibly negative way. We're talking like dates of

(19:11):
assassinations and things of that and things like that. UM.
Some people have said that they just happened to be
the code that you needed to get that done, the
particular function in the software done, and it just so
happened to end up like that, which is possible, Which
is completely possible if you've ever seen any of those theories,
any numerology theory where they say this number is significant

(19:33):
because blah blah blah. Uh. A lot of that ends
up being confirmation bias, which is that's a logical fallacy.
That's when you look at something and you count all
the hits and you ignore all the misses. So it's
possible that this is another case of that. So we
have to keep that in mind too. Yeah, I don't
suggest ignoring the misses because she's going to get really

(19:54):
angry with you. Well, she's gonna be gone for a week,
so just I can't really pay attention to her anyway. Um.
Joking aside, though, UM, I have a quote from Schneier
who said, quote whoever wrote stuck s net was willing
to spend a lot of money to ensure that whatever
job it was intended to do would be done end quote.
So uh, it's a professional job. It's it's not something

(20:17):
that script kitties, which are you know, hackers who do
this for the fun of hacking and not for a
monetary purpose or for bringing down governments or you know,
the high level hacking people are doing it for fun. Um.
You know, this is not a casual hacking project. This
is something serious the amount of code was something like

(20:38):
one point five megabytes, which is actually huge for a worm. Yeah,
because worms and viruses tend to be very tiny bits
of code, just like just like you can imagine a virus,
you know, and virus that can affect an organism is
very tiny. Well, typically your viruses that affect computers tend
to be tiny too. They might be a tiny part

(20:59):
of a larger program, and the larger programs designed, but
the larger program is just an infection method. It's not
actually part of the virus or worm necessarily. Another article
I saw that may point to Israel as as being
a potential source for this attack, and again we don't
know for sure, was in the New York Times. It
published on January fift and it's called Israeli test on

(21:20):
worm called crucial in Iran nuclear delay. And in this
UH article it the writer's state that m Israel has
this UH nuclear facility in Demona, that UM one of
those facilities is designed to be essentially a copy of

(21:41):
the main target in Iran. Right, I remember that article.
And the idea here is that just because you create
something that can infect a factory system doesn't mean that
you can you know, really rereak havoc because you need
to know how the machines within that that facility work.
So in this case, we're talking about the centrifuges. So
they had a facility using the same centrifuge technology that

(22:05):
the Iranian facility was using, so that in theory, they
could test the stucks net uh worm out to make
sure that it would be effective and that they could
indeed control these centrifugures from a remote location. Now granted,
these are again these are all allegations and and uh theories.
So well, I think if I'm not mistaken, that's the

(22:28):
article by William J. Brod, John Markoff, and David E.
Sanger Um. And yeah, they they added that Siemens, Remember
I said that that was a specific Siemens controller and
software that it targets UH. Siemens had done had cooperated
with the United States government on some research on that

(22:48):
kind of equipment, on on the equipment used in the
Iranian nuclear program. So that just that just adds fuel
to the fire. Now, I mean, again, this could all
be coincidence. These things happen. Semens makes a lot of
different kinds of industrial equipment that's used all over the world.
So you know, you could say that and it it.

(23:11):
You know, I don't think that's anything that UH is
a definitive finger pointing at the United States government involved
in that, and personally, UM, if it were me and
I were trying to do something like this, I wouldn't
want anything that that even revealed this. In fact, I
would want to um obfuscate. I would try to cover

(23:33):
up or maybe point to finger at someone else, which
is why some I agree with the people who say
that those little hints that might be in the code
that seemed to point to Israel, if I were trying
to blame somebody, I would try to blame somebody that
that would be an obvious UH target for that kind
of attention, and Israel would be obviously interested in discontinuing

(23:55):
Iranian's nuclear program. So if I were you know, Antarctica,
I picked that because it's not a government that's likely
to do that, and it's run by penguins. Um. But
penguins are very much anti nuke they are, so yeah.
I mean, if if another country wanted to disable that UH,
and I were running that country, I would say, let's

(24:15):
point to finger someone else, throw some throw some red
herrings in the code to make it look like it's
these guys over here and not me. So I wouldn't
be a bit surprised. I can't imagine that you would
want and something this sophisticated. Why would you want anything
that would attract attention to yourself as as the creator
of this worm, Why would you create a system that could,

(24:38):
in theory reset itself at the year two thousand. Well,
I'm just saying sometimes people aren't as smart as we
give them credit for. So, yeah, there's I totally agree
that your argument is valid. I mean there we cannot
leap to the conclusion that this is necessarily the source
of the attack. Yeah, And I don't mean to h
to sound like I've reached conclusions. I just I it

(25:01):
seems illogical to me to point the finger at yourself.
Um I think that, if anything, that's probably code that
needed to be there in order to make the software work,
rather than hints to that. Um So, I actually think
it's all due to aliens and Roswell. That's that's who
did it, and they got so ticked off. What happened

(25:22):
was they finally got Independence Day and they said, what
taking us down with a virus written on an Apple computer.
No less will show you an Apple computer from the
dark ages of Apple computer to um. So maybe we
should talk about the fact that, um, the you may
have heard on the news about hackers releasing a decrypted

(25:46):
version of stuck snet code. Okay, that happened. Okay, I hadn't.
I hadn't realized that. The only other thing I was
going to add was that stucks neet is designed to
become inactive on June. Yes, actually does have a a
an expiration date, which is kind of funny. So if
you try the stucks net after that point, it may

(26:08):
make you a little sick to your stomach. Right. So
the that you may have heard, again, like I said,
that hackers have released this decrypted code, which, on its surface,
if that's all you hear, you think, wow, that's scary,
because now this incredibly sophisticated weapon that was designed by
people who apparently really knew what they were doing, has

(26:28):
just been distributed around the world for free, and now
we're gonna see chaos rain. Well, there's a couple of
things you need to keep in mind. One is that
a lot of the vulnerabilities that stuck s net initially
targeted have been patched. Since then I read that all
have all of them have been have they? Okay? So yeah,
the latest information I had was a couple of months old,

(26:51):
so and that at the time when it was written,
there was still one remaining to be patched. But I
would imagine by that time that has happened. Well, frankly, UM.
Another indication that UM, this is written by somebody very
sophisticated is as as one of the security researchers point out, UM,
vulnerabilities are something that true hackers prize. Once you have

(27:16):
a hole in the code that you know about and
and hasn't been patched yet, UM, that's your ticket to
generating something a success, a successful attack. UM. And the
fact that they had multiple vulnerabilities UM targeted sort of
suggests that these people were not fooling around. UM. So yeah,

(27:37):
I mean that's you. We're talking several opportunities to uh
to make a dent in the nuclear program of Iran.
So well, getting back to to the hackers just really briefly, UM,
first of all, can you can you take a wild
guess at who at the the name of the group
of hackers that stole this information is the start with

(28:00):
an A it does does it end with it anonymous?
Yes it does, so it's our It's it's the group Anonymous,
the group that UM you know has has has some
connections to other Internet what or websites, things like four chan.
But Anonymous has sort of become like Internet vigilantes and

(28:23):
they banded together and uh, they they enact virtual what
they see as virtual justice on targets that they perceive
as being ah antithetical to what the values they hold. So,
for example, when wiki leaks was under um under fire

(28:43):
and was starting to get uh support yanked out from
under it financial support from from various companies, then Anonymous
began to target those companies and really hit them hard. Well,
in this case, they target targeted a security company called
HB Gary and they stole a decrypted version of the

(29:05):
stuck net virus. Now this means that you could actually
study the stuck s neet virus. It's not it's not
a kind version of the virus where you would be
able to actually infect a computer. It's more so that
you can study it and see how it um it
took advantage of these vulnerabilities, and uh, it was really
meant for academic purposes, and hp Gary actually points out

(29:25):
the company points out that if you want a truly
dangerous version of stuck net, it's already out there. You
don't have to steal it from a security company. You
just have to find a computer infected with it, and
then you reverse engineer it. You get the binary code,
you get the raw code for stuckx net. You don't
get a translated version. So you may have heard about

(29:47):
this anonymous attack. It's definitely a embarrassing story for HP
Gary because that's a you know, it's a computer security
firm and they had their system compromised. So that's that's part.
That's the real, big part of the story is the
fact that something that was on their systems was able
to to you know, Anonymous was able to get access

(30:07):
to it and spread it around the world. Um, but
the actual version of stuck's net that Anonymous distributed was
not the kind that's going to plunge the world into
some sort of virtual warfare. Now we're probably seeing the
end of of stucks nets true effectiveness in the field.
As long as companies realize the dangers of stocks nets

(30:30):
and they update their systems, you know, they make sure
they have the latest security patches that plug those holes
that stucks net took advantage of. So I mean there
is definitely some measures they have to these companies have
to take in order of companies and governments have to
take in order to remain safe. It's not like you
automatically become safe just because this this hole was patched.
You have to install the patch, right. Um, but stucks

(30:54):
net is probably starting to wind down for the most part,
just because everyone's aware of it. However, it probably also
marks the beginning of some serious cyber warfare stuff that
goes beyond the level of a small group of hackers
who share a particular philosophy and they all you know,
aim the aim their efforts at a single target. This

(31:17):
may be the mark of some pretty serious UH warfare tactics,
not out and out warfare either, but you know, subversion
tactics to to really take advantage and UH and cripple
companies are countries, infrastructures. Well, it is interesting too that um,
something that appears to have been so targeted for specific purpose,

(31:40):
it did leak over and damage other systems too. I mean,
there is the possibility I read that India's insight four
B which failed UH in July, may have been due
to a Stuxnet infection UM and you know, it did
spread around the world, so it is possible um that

(32:05):
that it caused a lot of collateral damage in the
process of taking out its original target. And their estimates
do suggest that Iran's nuclear program has been set back
for years as a result of the ducks Net infection.
It's interesting assuming that it was the intended target, which
it seems to have been, right, it all depends on
the source you look at, because I looked at several

(32:25):
where there were some sources that said, yeah, this problem
has really set the Iranian program back by a few years,
but that all seemed to be statements from other governments representatives,
whereas I I also saw claims that said that Iran
managed to produce the same amount of uranium essentially weapons

(32:48):
grade uranium UM by at the end of the year
as it had the year previous. And so it didn't
it didn't ramp up production. Production had not increased year year,
but it hadn't set it back to the point where
it was making less than it had before. So that
suggests that you know, any setbacks that Iran encountered were

(33:11):
temporary in nature. So it all depends on who you
ask and you know who you believe, And it may
be difficult to know because Iran is not known for
being completely transparent with its nuclear program, and other governments
aren't known for um you know, giving shooting straight when
talking about that. It may pay politically to underplay something.

(33:32):
So what's the truth? Difficult to know, but um, it is.
It is a fascinating subject. Yes, I mean, just because
we've talked about viruses and worms and all kinds of
other malware and this is this is a different kind
of malware. Yeah, and we may we may see more
attempts at that hackers try and take two um, to
try and and take advantage of multiple vulnerabilities within the

(33:56):
same operating system environment, just because it's been proven to
be really effective. You know, using that multi pronged attack
means that you're your your attack is gonna be much
more efficient and it's gonna be harder to prevent just
through a single patch. So yeah, that's it's kind of scary. Um. Fortunately,
like I said, the stucks net virus itself is not

(34:18):
going to directly impact you unless the worst should happen.
Let's hope that doesn't come to pass. And again this
is a reminder always to patch your computer with the
later security latest security updates, no matter what what operating
system you're running, and back up your hard drive because
eventually something will come after you. Right, Yeah, like my wife.

(34:41):
See that's what happens when you're in order. Yeah, she'll
come back. I would ignore the misses woman scorned. All right,
So we're gonna wrap this up. Guys. If you have
any other questions about stuck snet, or you have any
topic suggestions you would like to shoot us, let us
know on Twitter and Facebook that handle it is tech
Stuff hs W, or you can email us that emailoge

(35:04):
uses tech stuff at how stuff works dot com and
Chris and I will talk to you again really soon.
For more on this and thousands of other topics. Is
it how stuff works dot com. To learn more about
the podcast, clock on the podcast icon in the upper
right corner of our homepage. The How Stuff Works iPhone
app has arrived. Download it today on iTunes. Brought to

(35:31):
you by the reinvented two thousand twelve camera. It's ready,
are you

All Episodes

Episode Transcript

TechStuff News

Follow Us On

Hosts And Creators

Oz Woloshyn

Karah Preiss

Show Links

Popular Podcasts

Crime Junkie

24/7 News: The Latest

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}What is Stuxnet?