September 25, 2012 • 28 mins
There's a secret war going on around us, and it's happening on a daily basis. The Air Force recently launched a new unit specifically designed to carry out and defend against cyberwar. Go deep into this new and alarming type of war with Josh and Chuck.
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Brought to you by the reinvented two thousand twelve Camray.
It's ready. Are you welcome to you? Stuff you should
know from House Stuff Works dot com. Hey, welcome to
the podcast. I'm Josh Clark with me is always a
child to be Chuck Bryant. We call him an authority
(00:23):
on cyber security, the Internet, everything about it. An expert,
you would say, it's right. Hey, should we say hello
to our our latest celebrity fan who we just learned
today that miss Kristen Bell, the lovely and enchanting and
nerdy Kristen Bell. Is she nerdy, very nerdy, like prides
(00:46):
herself on. I mean, it doesn't surprise me that she
listens to the show. Yeah, because she's on record as
being a big nerd, which is one reason I like
her a lot. And she's curating um a newsweek page right, Yeah,
like things she likes her kind of one of those
deals that they do the magazines now and she listed us.
That's pretty how about that? Thank you very much for that.
(01:07):
I'm a huge fan of a party down when she
was in and other stuff that she's been in forgetting
Sarah Marshall, how's he going? And her you gotta see
her sloth video online that she dode the Ellen Show.
It's pretty funny, highly recommended. Okay, so that's all I got.
That's all the sucking up I'm gonna do. Should we
say hi to another fan, slightly less famous but pretty cool? Yes? Sam?
(01:30):
Do you want to give a little a little backstory
story here? Sure? We um. We had a live Um
tribute event here in Atlanta a couple of years ago,
and at the event was a little, uh teenage fan
named Sam teenage you mean, like just post tween. Yeah,
and his mom brought him and he's a big fan.
He's just like really sweet kid. Mom was very sweet sweet. Yeah,
(01:53):
very flash forward a couple of years we got to
south By Southwest there Sam again apparently mom drove him
to Austin to come see our life podcast. Yeah, they
weren't there to see I've spoke to mom afterwards and
was like, so, what else are you guys gonna see?
She's like nothing, We're going back crazy. I was like,
what else did you see? She's like nothing. They came
to see us. So then we were like, all right,
(02:13):
we gotta think of something for Sam to do, because
he's proved his metal and Sam wrote in and and
sent his resume and like all the reasons we should
put them to work, and it's just like, dude, if
the future is secure, if kids are like Sam, for sure,
I'm not worried about a thing anymore. Yeah, so we
we racked our brains and we found out there's like
a surprising amount of adult only tasks that we do
(02:34):
like at any given time, and we're like, all right,
we have to we have to figure out something that's
age appropriate for Sam. That's right. So, long story short,
I was getting kind of thin on podcast topics. I
put Sam on the case and he sent me like
a stellar, stellar list with reasons why we should do these,
and uh, this is the first one. And he had
a lot of overlap on once we had already recorded
(02:56):
that aren't out yet. So that just goes to show
you that Sam is like he gets the show right.
And uh so, as Sam's picking these out, we're gonna
let you know if this is a Sam one. But
this is going down in the summer, We're gonna call
this the Summer of Sam. That's right, Sam's choice. Alright,
So that's the longest intro ever that wasn't even the
intro man. Well, let's get to cyber worse than well,
let's bossy. Well you know, Chuck, have you ever been
(03:21):
to Bellingham, Washington? No? Okay, I have not. Have you
been to Washington? Been Seattle? Isn't that where um Van
Nostrin lives? Or is it Oregon? Now he's he's Washington.
Um so uh in Bellingham, Washington on June at the
Olympic Pipeline Company a system's control and data acquisition system.
(03:46):
There's systems twice in there. UM, but a scatta or
skata system UM, which is basically like a computer program
that like can make a valve turn or turn something
off for just a mechanic right from from Digital binary
instructions right. UM. This Olympic Pipeline Company system was operating
(04:08):
on this this type of program, and UM, something went
wrong and one of their pipes started leaking a lot
like millions of gallons of gasoline UM, and part of
it erupted into a fireball and killed three people injured
many others. UM. And they went back and looked at it.
(04:29):
They think it was just a system malfunction. But the
fact that this came along, this happened because of this
system control, and it happened as the dot com bubble
was starting to grow and like the Internet was really
becoming a huge thing. UM. People who are into cybersecurity
now point to this as evidence of exactly what somebody
(04:54):
could do during a cyber attack, even though they think
this was just an accident, right, irrelevant, But they're they're
they weren't like pointing to that as well. Okay, no,
they don't think that had anything, but they were saying,
this is what it would look like if somebody had
wanted to attack, Like, this is what a cyber attack
would look like. That makes sense because it's not just
(05:16):
the Olympic pipeline company that's using these systems UM all
over the United States, companies, law enforcement agencies, military, thanks, UM,
public works. All of these things are all running on
what amounts to Windows. It's as simple as that. Yeah,
(05:38):
Microsoft systems many of them, and UM. As Jonathan Strickland
wrote this from tech Stuff the article, and as Strickland
points out, UM a couple of things. Microsoft has been
uh kind of chastise over the years for their security
or lack of security in some of their programs and UM.
(05:58):
The other thing he points out is internets grew so
fast and everyone got on board so quickly that it
kind of outpaced what we could even do security wise.
It was all of a sudden. Government agencies and power
grids and emergency services and weapons systems, water and fuel pipelines,
all this stuff is running on on computers and a
(06:21):
lot of it through the Internet, and we don't quite
know how to guard against a cyber attack. No, And
apparently even as far as like the knowledge of how
to guard against cyber attacks goes to the United States,
is is lacking, uh, compared to like China and Russia. Um,
so we're kind of in this really weird position right
(06:43):
now where we've realized that all of the ponies are
hooked to a single basket of eggs, and all it's
gonna take is a couple of black Cat firecrackers to
scare all the horses off. That's the best analogy I
can come up with. Did you just into that or
did you I just thought my imagination is back. I
(07:04):
can tell you where I time traveled to. Awesome where
I can't think. Okay, um, all right, let's go back
a little bit in time. I don't think we need
the way back machine for this because we're just going
to we can just like walk outside. Yeah, they'd be
a waste of time for the way back machine. Um.
Some pretty smart people caught on early that hey, we
(07:25):
could be vulnerable to something like a cyber attack. So
let's look into this. Let's put a red team on it.
Red team is a our friends that act as enemies
to try and you know how they hire these people
to like break into your home. Yeah, those are red
teams basically like um from Star Wars exactly. So let's
get a red team. Let's let's uh name it this
(07:47):
mission something really cool out of a football playbook. Let's
name it Project Eligible Receiver. Do you know how many
times I had to look at that before I finally
sunk in what words I was looking at? Really it is.
It does look kind of funny. It looks like eleanor
Rigby when you glance at it. At least I think, so, yeah,
it doesn't to me. I was thinking more of like
(08:09):
a radio receiver or something like. I think it just
means about football. No, it's totally just saying like I
read this many times before I was saying, oh, okay,
so a lot of this is still classified, so we
don't know everything. But basically they hired some hackers, which
is what you do to test your security, they being
the Department of Defense. Yeah, yeah, Department Defense saying hey,
can you nerds hack into the Pentagon system and afterwards
(08:33):
we won't assassinate exactly, And the nerds were like, just
watch this. And it took three days before the Pentagon
even knew that they were being cyber attacked by the
Red Team. Like pretty successful and very sobering. Yeah, so
um they they it was I guess kind of an
eye opener for the d O D and they I'm
(08:56):
sure you used it to step up security. Not fast
enough though, as after this Red Team attack UM operation
Knowledgeable Receiver an actual attack which they later came to
call what was at Moonlight Maze. Yeah, this is one
year after that the tests. A year after UM, somebody
launched an attack and it was a I guess, what's
(09:18):
probably the most typical kind of cyber attack where you
insert some sort of software to basically spy and get
files and gather data and download sensitive materials. Right, And
apparently took two years before NASA, the Pentagon, UM and
other agencies in the US government noticed that UM accidentally
(09:43):
noticed that this that they were being spied on cyber wise. Yeah,
they got data like strategic maps, troop assignments, and positions.
Not good, right, very scary. And they traced it back
to Russia. Doesn't necessarily mean that it came from Russia
and in its origin, but at least that's where they
traced it to. Uh. And this is cyber warfare, like
(10:06):
it's happening. It's been going on since the nineties pretty much. Yeah,
it's not is a cyber war coming. It's like, how
do we prevent like a cyber war from bringing us
all down? Pretty much? And it's apparently from looking into this,
there's like two camps. There's like a gloom and doom
camp where it's like, yeah, somebody really wants to mess
things up, they're gonna be able to it's gonna be
(10:27):
pretty easy. And the sunny optimistic camp is kind of like, no,
you know, we know we're looking for now, like sure
they could launch an attack, but we'll we'll be able
to stop it in time for before we can do
like a lot of damage. So we'll see, we'll lay
out everything for you can decide who's right, that's right. Uh.
(10:47):
So we've already mentioned that on the defensive side of things,
the US is sorely lacking UM. But on the offensive
side of things, we've actually done this ourselves more than once.
UM during the Coast of a Wars Clint points out
we used computer attacks to compromise Serbian air defenses, basically
kind of scrambling their information so they had bad I
(11:10):
guess coordinates, wasn't wasn't apt okay or appropriate? Did you
see that one? So we did this, We launched it
and it and it worked. So, uh that's a good thing,
but it's also a bad thing if you're like, was
(11:31):
it Bush the first or Clinton? In Bush the second?
Bush the second in the rock and Clinton, Well, they
were both like, we don't think we should be doing
much of this because a couple of reasons. A basically
opens us up. It's like, hey, they did this, so
we can do it right back and be I think
they could have drained some banks of terrorist cells. And
(11:54):
they said, we kind of depend on the integrity of
the banking system worldwide, like we don't want to start
messing aroun with us. So apparently with with UM cyber warfare.
It's very much like UM. When you build that virus,
it's out there and it can be captured and studied
and redeployed against you. Yeah. So what they were saying
(12:16):
with Clinton and Bush who were saying like, no, we're
not going to use a virus to UM to drain
those bank accounts because they could be it will eventually
come back on us, and our banking industry is not
secure enough to withstand something that we ourselves make, because
apparently the US is pretty good at making viruses. I'm
sure should we talk about some of the different ways
(12:39):
that this can go down? Yeah, the Pearl Harbor attack, Yes,
I had the feeling strictly might A name this one himself,
but it's not true. He went to a lot of
trouble to explain why it's called the Pearl Harbor strategy,
and I think he could have just left at that.
The idea here is that it's it's pretty much in
your face. It's a massive cyber attack where they infiltrate
(12:59):
and then they sabotage systems. UM much like Pearl Harbor
was a big surprise and a big attack, wasn't I mean,
it was sneaky, but it wasn't quiet by any means,
right or stealthy. I guess the word um. The other
ones are pretty much stealthy. Part of a Pearl Harbor attack.
I believe UM could be a distributed denial of service attack,
(13:22):
which is basically, you know, like when you UM try
to get onto a website or whatever, you're sending a
request to the server to let you on ping right now.
If you assault that one server with millions of pings
and it's trying to accommodate everybody as is appropriate an
act um, it'll basically they crash. Is the point you
(13:45):
can crash a server by hitting it with millions of
pings all at once, just slows it down to the
point either where it doesn't work or it crashes. Yeah,
and that's that's what Anonymous likes to do with like
master Card during the whole wiki leaks thing when they
was a master Card Vista crash. Cannot remember, um, I
remember when that happened. Though. It's basically just launching a
bunch of server requests at a specific server in the
service like no, no, and this falls over? Is that
(14:08):
why people say ping by the way, say let him? Yeah,
I hate that it's better than java storm. I don't
even know what that is, drinking coffee while you're having
a brainstorm, Like, let's go get coffee and brainstorm something
javas to people say that, Yeah, I don't say it.
(14:29):
I've never heard of that. That ping and meta or
the three things that I will never say maybe the
worst to call something epic. I don't mind epic. Oh man,
I hate epics. At least it's a real word, especially
epic fail. Well yeah, sure, okay, back to it. Viruses uh, code, red, Slammer, NIMDA.
(14:53):
These are viruses that Strickland has mentioned that spread very
quickly across the Internet. And there's a up low ways
this can go down. You can either um, you can
set up you can do it immediately and release a virus.
You can have all these other computers deliver the virus.
You can put sort of like a delay timer on
(15:15):
your virus for it to go off in two years
automatically or manually whenever you want to. It can be
waiting for you to hit the button and then launch
the virus that way, or I think, um for the
user of that computer to do like say control all delete,
well we'll trigger it or something. Yeah, that's pretty scary. Yeah,
(15:36):
I don't don't press those three puts all the time.
I'm my PC. Oh my god, chuck. I think we
should talk about right about here is I think we're stucks.
That fits in. Who stucks net? Say it stucks? I
don't know what that is. You know it's stuck in. Yeah,
it's the Iranian um. It's the virus that the US
(15:59):
and Israel leashed on Iran. It's a perfect example of
this it is. You're right, So let's talk about stuck
s net. Stuck snet. It's a great name. It was offensive,
a cyber attack. Offensive in two thousand and ten, they
thinking maybe it was the first one ever, the US
launched like a strictly for sabotage attack. Basically, they wanted
(16:20):
to disable Iran uh Iran's UH centrifuges so they could
not enrich uranium. And they did this through the UH
the new Air Force based out of Texas, right, Texas
and Georgia. Yeah, what's the Warner Robbins Robin's Air Force space. Yeah,
(16:41):
Robin's Air Force Space. Yeah. Those two places are where
the twenty four station. Yeah, and this is the first
all cyber unit. Pretty much pretty cool, right. Their whole is,
their whole task is to wage cyber warfare, and I
imagined to be defensive against cyber attacks, but I don't.
(17:01):
I don't know if they had to do with stuck stent,
but they probably would have. Um. I think it was
being developed before was ordained in two thousand nine. I
think it went back to two thousand seven when it
was started. But basically, the they the CIA got their
hands on centrifuges that they knew Iran was using, and
(17:24):
they had just as many as Iran did of the
same kind, and they studied it and they built this
virus based on this configuration of centrifuges running windows and
semens switches right, and then they built a virus to
go infiltrate it. I thought it was called Operation Olympic Games.
(17:44):
It was, but the malware, the virus itself. Okay, that's
what I couldn't but you're right. It was called Operation
Olympic Games. And this whole operation was this huge, sweeping, awesome,
massive secretive but basically imagine like the CIA. Do you
remember uncommon valor? Oh yeah, okay, do you remember when
(18:06):
like they're training at that replica of the camp. Yeah, okay,
the CIA did that with Iran's centrifuges in the nuclear program,
and they figured out exactly how it worked, and then
they figured out the best way to break it. Was
Gene Hackman bank rolling the whole thing. Oh yeah, he
was there to get his son out. He he was
just staring at this menu of guns and silhouette that
he wanted to order. Remember that. Oh yeah, dude that
(18:28):
I thought that was so bad. That. Yeah, but that
was a huge, huge movie for like dudes, our age. No,
I'm saying bad isn't like good? Okay, Yeah, gotcha. UM
so stucks and at Olympic Games happened, and like you said,
it was the first offensive cyber attack. Most of the
other ones have come in the form of UM sneaking
(18:48):
in and lying around and watching and waiting and spying. Well,
stuck and had that too. That the initial There was
a companion program called Flame that somehow. This is the
part that's the biggest mystery. The m Iran's nuclear program
is not connected to the Internet, so somebody got that
in on thumb drive, infected their local system. UM and
(19:11):
Flames set there and basically just studied everything, told the
US how the configuration was set up, and then they
built it, and then they inserted stucks net and basically
it made all of their data look like everything was
operating normally, but it was telling their centrifuges to spin
out of control and basically break themselves, like Oceans eleven
(19:34):
when they built the replica Bault exactly the replica video.
There's nothing going on. So basically the Pentagon has been
watching a lot of movies. But this is a hugely
successful attack um, if not at the very least for
American cyber warfare UM because it's supposedly set Iran's nuclear
program back by at least a year, if not more.
(19:56):
That hopes that this would let us continue talks and
if think it said one of the aims was to
make them feel stupid, and they said it worked like
they that they've done something wrong and that's why this
these systems were failing. It's pretty scary, man. But the
point is now is Okay, that's out there. Stuck Snut
is out there for anybody who can get their hands
(20:17):
on it. And that's the name of it. It's a
great name, alright, stuck Snut within with an X with
the new Gutas Center. But it's out there and the
US is now basically just the the computer equivalent of
Hiroshima was just launched by the United States. Yeah, and
(20:41):
nice little set up there. A lot of people are
comparing these days of the early days of cyber warring
to the early days of of nuclear bombs, and that
there's not a ton of defense. Not anyone really knows
what they're doing. It's sort of a chaotic mess that
everyone's trying to get their finger in the pie though. Yeah,
and the other countries like China believe Russia, who are
(21:04):
apparently better equipped to defend against a cyber attack than
the US. So basically the US is really playing with fire. Well,
and that's why Clinton and Bush we're declining to use
these is one of the reasons where like, you know,
this opens us up to counterattacks and just may not
be the smartest way to like we wouldn't go out
(21:25):
and just drop a nuclear bomb on a country, right,
Oh did all? Right? Oops? Twice? What else you got?
Let's see, yuh. We talked about the system controls and
um that acquisition systems. Yeah, that was um. Basically that
is the Achilles Heel of Infrastructure and the United States.
(21:47):
One of the reasons why we're not set up to
defend against um a cyber attack is because we are
so connected to the internet. Everything is Iran North Korea. Yeah,
not quite as bot because a lot of their stuff
is off the grid just by default because they don't
(22:08):
have the infrastructure that we have. So just the robustness
of our own infrastructure is one of the one of
its vulnerabilities as well. Yeah, that's a good point as
far as defense goes to I forgot about this stuff.
Um Strickland says that, like the first step is education,
as far as educating consumers over you know, antivirus software
(22:32):
and how they search the Internet and stuff like that.
So I give that a medium. But uh, this guy
Richard Clarke, he's a security expert. He blames things on
companies like Microsoft too. He feels like rushes through programs
before they are fully security tested because they want to
(22:52):
make you know, they want a few coins to rub
together by selling this stuff, and the consumer doesn't want
to wait, and the stockholder don't want lots of testing
because they want those new products on the market. So
it's a bit of a rough position, and um, you know,
private companies run most of the net, you know, it's
not like this big government thing. So he contends Clark
(23:15):
does that it's up to these private companies who own
the Internet's infrastructure to really make it more robust in
a defensive sense, right, Which is good in one sense,
because then you have a dollar amount in the form
of lost profits attached to UM a security breach, right,
so company is going to try to protect it UM,
(23:36):
which is good. Yeah, But at the same time, it's like, yeah,
if you're putting out products though, and you have competition,
and your competitors products are safer UM, and you're just
rushing stuff to market, then you're gonna lose out ultimately
the same economic forces. And Jonathan also points out to that,
(23:57):
you know, a scary way that can be implemented is
a a one two punch with a physical attack. So,
I mean, this is the one that wakes me up
in the middle of the night. Is a cyber attack
is launched and the electric power grid is shut down,
and gas lines and waterlines start going haywire, and then
all of a sudden incomes the Red Dawn team parachuting
(24:19):
in well that's what we did to a rock in
two thou three. We sent a cyber attack that messed
with their UM I guess their air defense systems, and
then we invaded. So that's happened before we've done it,
doesn't surprise me. Yeah, cyber war, we're in the midst
of it. We're in the midst of it. Pretty crazy stuff.
Get your to what Norton anti virus. That'll just solve everything. Yeah. Education, education,
(24:47):
that's all. That's the only thing. That's all we can
do to prevent cyber war. Um. If you want to
learn more about cyber war and read this article by
Jonathan Strickland, you can type cyber war one word in
the search bar stuff works dot com and will bring
it up. I said Jonathan strick clam which means it's
time for a listener. Mayo, he's started for a lot
(25:09):
more than that. Uh, I'm gonna call this beer and fire. Hi, guys.
I'm a professor of history and a long time act
of your show. I use a podcast in my college
classes to talk about how we use history and entertainment.
I'm writing about the Great Chicago Fire podcast, especially as
it relates to my research. See I study the history
(25:29):
of alcohol, and I teach a class on the history
of beer. Uh, that's pretty cool. We study the economic, social,
and cultural history of beer, and we make beer in
class into weekly beer tastings. What anyway, Aside from the
stuff you mentioned the show, the Chicago fire is important
because it wiped out about three quarters Chicago's breweries. Uh.
(25:50):
Something like eighteen breweries were destroyed by the fire. Of course,
people still want a beer, uh, Chicago and Upper Midwest,
as was pot wait about a lot of Germans at
the time. This gave birth to the beer industry in Milwaukee.
Before the Great Fire, Milwaukee was a beer town, but
not a major supply center. Schlitz, especially as a good
example of called the Milwaukee beer industry, reacted to the fire.
(26:14):
Joseph Schlitz, the founder it, first, donated thousands of barrels
of beer to Chicagoans and the weeks after the fire.
Been Sensing an opportunity, he then opened a distribution point
in the city. After all, there were still hundreds of
thousands of thirsty Chicagoans. He opened Schlitz Tiede Saloons. By
the eighteen eighties he was selling about fifty thousand barrels
(26:36):
of beer in Chicago alone, which is about seventeen percent
of their total. And the slogan, yeah, the slogan for Schlitz,
the beer that made Milwaukee famous, came out of this period,
and it is because of the beer sold after the fire,
So that's where they got the name. By nineteen o two,
Schlitz was the largest brew in the world, a title
(26:57):
it would trade back and forth with Budweiser until the
nineteen fifties. And he goes on to point out that
blats and passed while with similar trajectories, stucks that stuck
to that, and uh, the Chicago brewing industry sadly never
recovered from the fire, although beer drinking remains steady. And
I don't have Professor Beer's name, so we'll just call
(27:22):
him Professor Beer. Oh, I'm sure he'd appreciate that. Yeah,
I'm sure that's what the students call him. Thanks, Professor Beer. Yeah,
And if you want to write it, I'll say your
name on one a later show. Okay. Um. And if
you teach, especially something interesting or you stuff you should
know to help you teach, We're always interested in hearing that.
(27:42):
We want to know about it. Okay, You can tweet
it to us at s y s K podcast and
put it on Facebook dot com slash stuff you Should Know,
or you can send us an email like Professor Beer
did to Stuff podcast at Discovery dot com. For more
(28:04):
on this and thousands of other topics, visit how stuff
works dot com. MHM brought to you by the reinvented
two thousand twelve camera. It's ready, are you
Brought to you by the reinvented two thousand twelve Camray.
It's ready. Are you welcome to you? Stuff you should
know from House Stuff Works dot com. Hey, welcome to
the podcast. I'm Josh Clark with me is always a
child to be Chuck Bryant. We call him an authority
(00:23):
on cyber security, the Internet, everything about it. An expert,
you would say, it's right. Hey, should we say hello
to our our latest celebrity fan who we just learned
today that miss Kristen Bell, the lovely and enchanting and
nerdy Kristen Bell. Is she nerdy, very nerdy, like prides
(00:46):
herself on. I mean, it doesn't surprise me that she
listens to the show. Yeah, because she's on record as
being a big nerd, which is one reason I like
her a lot. And she's curating um a newsweek page right, Yeah,
like things she likes her kind of one of those
deals that they do the magazines now and she listed us.
That's pretty how about that? Thank you very much for that.
(01:07):
I'm a huge fan of a party down when she
was in and other stuff that she's been in forgetting
Sarah Marshall, how's he going? And her you gotta see
her sloth video online that she dode the Ellen Show.
It's pretty funny, highly recommended. Okay, so that's all I got.
That's all the sucking up I'm gonna do. Should we
say hi to another fan, slightly less famous but pretty cool? Yes? Sam?
(01:30):
Do you want to give a little a little backstory
story here? Sure? We um. We had a live Um
tribute event here in Atlanta a couple of years ago,
and at the event was a little, uh teenage fan
named Sam teenage you mean, like just post tween. Yeah,
and his mom brought him and he's a big fan.
He's just like really sweet kid. Mom was very sweet sweet. Yeah,
(01:53):
very flash forward a couple of years we got to
south By Southwest there Sam again apparently mom drove him
to Austin to come see our life podcast. Yeah, they
weren't there to see I've spoke to mom afterwards and
was like, so, what else are you guys gonna see?
She's like nothing, We're going back crazy. I was like,
what else did you see? She's like nothing. They came
to see us. So then we were like, all right,
(02:13):
we gotta think of something for Sam to do, because
he's proved his metal and Sam wrote in and and
sent his resume and like all the reasons we should
put them to work, and it's just like, dude, if
the future is secure, if kids are like Sam, for sure,
I'm not worried about a thing anymore. Yeah, so we
we racked our brains and we found out there's like
a surprising amount of adult only tasks that we do
(02:34):
like at any given time, and we're like, all right,
we have to we have to figure out something that's
age appropriate for Sam. That's right. So, long story short,
I was getting kind of thin on podcast topics. I
put Sam on the case and he sent me like
a stellar, stellar list with reasons why we should do these,
and uh, this is the first one. And he had
a lot of overlap on once we had already recorded
(02:56):
that aren't out yet. So that just goes to show
you that Sam is like he gets the show right.
And uh so, as Sam's picking these out, we're gonna
let you know if this is a Sam one. But
this is going down in the summer, We're gonna call
this the Summer of Sam. That's right, Sam's choice. Alright,
So that's the longest intro ever that wasn't even the
intro man. Well, let's get to cyber worse than well,
let's bossy. Well you know, Chuck, have you ever been
(03:21):
to Bellingham, Washington? No? Okay, I have not. Have you
been to Washington? Been Seattle? Isn't that where um Van
Nostrin lives? Or is it Oregon? Now he's he's Washington.
Um so uh in Bellingham, Washington on June at the
Olympic Pipeline Company a system's control and data acquisition system.
(03:46):
There's systems twice in there. UM, but a scatta or
skata system UM, which is basically like a computer program
that like can make a valve turn or turn something
off for just a mechanic right from from Digital binary
instructions right. UM. This Olympic Pipeline Company system was operating
(04:08):
on this this type of program, and UM, something went
wrong and one of their pipes started leaking a lot
like millions of gallons of gasoline UM, and part of
it erupted into a fireball and killed three people injured
many others. UM. And they went back and looked at it.
(04:29):
They think it was just a system malfunction. But the
fact that this came along, this happened because of this
system control, and it happened as the dot com bubble
was starting to grow and like the Internet was really
becoming a huge thing. UM. People who are into cybersecurity
now point to this as evidence of exactly what somebody
(04:54):
could do during a cyber attack, even though they think
this was just an accident, right, irrelevant, But they're they're
they weren't like pointing to that as well. Okay, no,
they don't think that had anything, but they were saying,
this is what it would look like if somebody had
wanted to attack, Like, this is what a cyber attack
would look like. That makes sense because it's not just
(05:16):
the Olympic pipeline company that's using these systems UM all
over the United States, companies, law enforcement agencies, military, thanks, UM,
public works. All of these things are all running on
what amounts to Windows. It's as simple as that. Yeah,
(05:38):
Microsoft systems many of them, and UM. As Jonathan Strickland
wrote this from tech Stuff the article, and as Strickland
points out, UM a couple of things. Microsoft has been
uh kind of chastise over the years for their security
or lack of security in some of their programs and UM.
(05:58):
The other thing he points out is internets grew so
fast and everyone got on board so quickly that it
kind of outpaced what we could even do security wise.
It was all of a sudden. Government agencies and power
grids and emergency services and weapons systems, water and fuel pipelines,
all this stuff is running on on computers and a
(06:21):
lot of it through the Internet, and we don't quite
know how to guard against a cyber attack. No, And
apparently even as far as like the knowledge of how
to guard against cyber attacks goes to the United States,
is is lacking, uh, compared to like China and Russia. Um,
so we're kind of in this really weird position right
(06:43):
now where we've realized that all of the ponies are
hooked to a single basket of eggs, and all it's
gonna take is a couple of black Cat firecrackers to
scare all the horses off. That's the best analogy I
can come up with. Did you just into that or
did you I just thought my imagination is back. I
(07:04):
can tell you where I time traveled to. Awesome where
I can't think. Okay, um, all right, let's go back
a little bit in time. I don't think we need
the way back machine for this because we're just going
to we can just like walk outside. Yeah, they'd be
a waste of time for the way back machine. Um.
Some pretty smart people caught on early that hey, we
(07:25):
could be vulnerable to something like a cyber attack. So
let's look into this. Let's put a red team on it.
Red team is a our friends that act as enemies
to try and you know how they hire these people
to like break into your home. Yeah, those are red
teams basically like um from Star Wars exactly. So let's
get a red team. Let's let's uh name it this
(07:47):
mission something really cool out of a football playbook. Let's
name it Project Eligible Receiver. Do you know how many
times I had to look at that before I finally
sunk in what words I was looking at? Really it is.
It does look kind of funny. It looks like eleanor
Rigby when you glance at it. At least I think, so, yeah,
it doesn't to me. I was thinking more of like
(08:09):
a radio receiver or something like. I think it just
means about football. No, it's totally just saying like I
read this many times before I was saying, oh, okay,
so a lot of this is still classified, so we
don't know everything. But basically they hired some hackers, which
is what you do to test your security, they being
the Department of Defense. Yeah, yeah, Department Defense saying hey,
can you nerds hack into the Pentagon system and afterwards
(08:33):
we won't assassinate exactly, And the nerds were like, just
watch this. And it took three days before the Pentagon
even knew that they were being cyber attacked by the
Red Team. Like pretty successful and very sobering. Yeah, so
um they they it was I guess kind of an
eye opener for the d O D and they I'm
(08:56):
sure you used it to step up security. Not fast
enough though, as after this Red Team attack UM operation
Knowledgeable Receiver an actual attack which they later came to
call what was at Moonlight Maze. Yeah, this is one
year after that the tests. A year after UM, somebody
launched an attack and it was a I guess, what's
(09:18):
probably the most typical kind of cyber attack where you
insert some sort of software to basically spy and get
files and gather data and download sensitive materials. Right, And
apparently took two years before NASA, the Pentagon, UM and
other agencies in the US government noticed that UM accidentally
(09:43):
noticed that this that they were being spied on cyber wise. Yeah,
they got data like strategic maps, troop assignments, and positions.
Not good, right, very scary. And they traced it back
to Russia. Doesn't necessarily mean that it came from Russia
and in its origin, but at least that's where they
traced it to. Uh. And this is cyber warfare, like
(10:06):
it's happening. It's been going on since the nineties pretty much. Yeah,
it's not is a cyber war coming. It's like, how
do we prevent like a cyber war from bringing us
all down? Pretty much? And it's apparently from looking into this,
there's like two camps. There's like a gloom and doom
camp where it's like, yeah, somebody really wants to mess
things up, they're gonna be able to it's gonna be
(10:27):
pretty easy. And the sunny optimistic camp is kind of like, no,
you know, we know we're looking for now, like sure
they could launch an attack, but we'll we'll be able
to stop it in time for before we can do
like a lot of damage. So we'll see, we'll lay
out everything for you can decide who's right, that's right. Uh.
(10:47):
So we've already mentioned that on the defensive side of things,
the US is sorely lacking UM. But on the offensive
side of things, we've actually done this ourselves more than once.
UM during the Coast of a Wars Clint points out
we used computer attacks to compromise Serbian air defenses, basically
kind of scrambling their information so they had bad I
(11:10):
guess coordinates, wasn't wasn't apt okay or appropriate? Did you
see that one? So we did this, We launched it
and it and it worked. So, uh that's a good thing,
but it's also a bad thing if you're like, was
(11:31):
it Bush the first or Clinton? In Bush the second?
Bush the second in the rock and Clinton, Well, they
were both like, we don't think we should be doing
much of this because a couple of reasons. A basically
opens us up. It's like, hey, they did this, so
we can do it right back and be I think
they could have drained some banks of terrorist cells. And
(11:54):
they said, we kind of depend on the integrity of
the banking system worldwide, like we don't want to start
messing aroun with us. So apparently with with UM cyber warfare.
It's very much like UM. When you build that virus,
it's out there and it can be captured and studied
and redeployed against you. Yeah. So what they were saying
(12:16):
with Clinton and Bush who were saying like, no, we're
not going to use a virus to UM to drain
those bank accounts because they could be it will eventually
come back on us, and our banking industry is not
secure enough to withstand something that we ourselves make, because
apparently the US is pretty good at making viruses. I'm
sure should we talk about some of the different ways
(12:39):
that this can go down? Yeah, the Pearl Harbor attack, Yes,
I had the feeling strictly might A name this one himself,
but it's not true. He went to a lot of
trouble to explain why it's called the Pearl Harbor strategy,
and I think he could have just left at that.
The idea here is that it's it's pretty much in
your face. It's a massive cyber attack where they infiltrate
(12:59):
and then they sabotage systems. UM much like Pearl Harbor
was a big surprise and a big attack, wasn't I mean,
it was sneaky, but it wasn't quiet by any means,
right or stealthy. I guess the word um. The other
ones are pretty much stealthy. Part of a Pearl Harbor attack.
I believe UM could be a distributed denial of service attack,
(13:22):
which is basically, you know, like when you UM try
to get onto a website or whatever, you're sending a
request to the server to let you on ping right now.
If you assault that one server with millions of pings
and it's trying to accommodate everybody as is appropriate an
act um, it'll basically they crash. Is the point you
(13:45):
can crash a server by hitting it with millions of
pings all at once, just slows it down to the
point either where it doesn't work or it crashes. Yeah,
and that's that's what Anonymous likes to do with like
master Card during the whole wiki leaks thing when they
was a master Card Vista crash. Cannot remember, um, I
remember when that happened. Though. It's basically just launching a
bunch of server requests at a specific server in the
service like no, no, and this falls over? Is that
(14:08):
why people say ping by the way, say let him? Yeah,
I hate that it's better than java storm. I don't
even know what that is, drinking coffee while you're having
a brainstorm, Like, let's go get coffee and brainstorm something
javas to people say that, Yeah, I don't say it.
(14:29):
I've never heard of that. That ping and meta or
the three things that I will never say maybe the
worst to call something epic. I don't mind epic. Oh man,
I hate epics. At least it's a real word, especially
epic fail. Well yeah, sure, okay, back to it. Viruses uh, code, red, Slammer, NIMDA.
(14:53):
These are viruses that Strickland has mentioned that spread very
quickly across the Internet. And there's a up low ways
this can go down. You can either um, you can
set up you can do it immediately and release a virus.
You can have all these other computers deliver the virus.
You can put sort of like a delay timer on
(15:15):
your virus for it to go off in two years
automatically or manually whenever you want to. It can be
waiting for you to hit the button and then launch
the virus that way, or I think, um for the
user of that computer to do like say control all delete,
well we'll trigger it or something. Yeah, that's pretty scary. Yeah,
(15:36):
I don't don't press those three puts all the time.
I'm my PC. Oh my god, chuck. I think we
should talk about right about here is I think we're stucks.
That fits in. Who stucks net? Say it stucks? I
don't know what that is. You know it's stuck in. Yeah,
it's the Iranian um. It's the virus that the US
(15:59):
and Israel leashed on Iran. It's a perfect example of
this it is. You're right, So let's talk about stuck
s net. Stuck snet. It's a great name. It was offensive,
a cyber attack. Offensive in two thousand and ten, they
thinking maybe it was the first one ever, the US
launched like a strictly for sabotage attack. Basically, they wanted
(16:20):
to disable Iran uh Iran's UH centrifuges so they could
not enrich uranium. And they did this through the UH
the new Air Force based out of Texas, right, Texas
and Georgia. Yeah, what's the Warner Robbins Robin's Air Force space. Yeah,
(16:41):
Robin's Air Force Space. Yeah. Those two places are where
the twenty four station. Yeah, and this is the first
all cyber unit. Pretty much pretty cool, right. Their whole is,
their whole task is to wage cyber warfare, and I
imagined to be defensive against cyber attacks, but I don't.
(17:01):
I don't know if they had to do with stuck stent,
but they probably would have. Um. I think it was
being developed before was ordained in two thousand nine. I
think it went back to two thousand seven when it
was started. But basically, the they the CIA got their
hands on centrifuges that they knew Iran was using, and
(17:24):
they had just as many as Iran did of the
same kind, and they studied it and they built this
virus based on this configuration of centrifuges running windows and
semens switches right, and then they built a virus to
go infiltrate it. I thought it was called Operation Olympic Games.
(17:44):
It was, but the malware, the virus itself. Okay, that's
what I couldn't but you're right. It was called Operation
Olympic Games. And this whole operation was this huge, sweeping, awesome,
massive secretive but basically imagine like the CIA. Do you
remember uncommon valor? Oh yeah, okay, do you remember when
(18:06):
like they're training at that replica of the camp. Yeah, okay,
the CIA did that with Iran's centrifuges in the nuclear program,
and they figured out exactly how it worked, and then
they figured out the best way to break it. Was
Gene Hackman bank rolling the whole thing. Oh yeah, he
was there to get his son out. He he was
just staring at this menu of guns and silhouette that
he wanted to order. Remember that. Oh yeah, dude that
(18:28):
I thought that was so bad. That. Yeah, but that
was a huge, huge movie for like dudes, our age. No,
I'm saying bad isn't like good? Okay, Yeah, gotcha. UM
so stucks and at Olympic Games happened, and like you said,
it was the first offensive cyber attack. Most of the
other ones have come in the form of UM sneaking
(18:48):
in and lying around and watching and waiting and spying. Well,
stuck and had that too. That the initial There was
a companion program called Flame that somehow. This is the
part that's the biggest mystery. The m Iran's nuclear program
is not connected to the Internet, so somebody got that
in on thumb drive, infected their local system. UM and
(19:11):
Flames set there and basically just studied everything, told the
US how the configuration was set up, and then they
built it, and then they inserted stucks net and basically
it made all of their data look like everything was
operating normally, but it was telling their centrifuges to spin
out of control and basically break themselves, like Oceans eleven
(19:34):
when they built the replica Bault exactly the replica video.
There's nothing going on. So basically the Pentagon has been
watching a lot of movies. But this is a hugely
successful attack um, if not at the very least for
American cyber warfare UM because it's supposedly set Iran's nuclear
program back by at least a year, if not more.
(19:56):
That hopes that this would let us continue talks and
if think it said one of the aims was to
make them feel stupid, and they said it worked like
they that they've done something wrong and that's why this
these systems were failing. It's pretty scary, man. But the
point is now is Okay, that's out there. Stuck Snut
is out there for anybody who can get their hands
(20:17):
on it. And that's the name of it. It's a
great name, alright, stuck Snut within with an X with
the new Gutas Center. But it's out there and the
US is now basically just the the computer equivalent of
Hiroshima was just launched by the United States. Yeah, and
(20:41):
nice little set up there. A lot of people are
comparing these days of the early days of cyber warring
to the early days of of nuclear bombs, and that
there's not a ton of defense. Not anyone really knows
what they're doing. It's sort of a chaotic mess that
everyone's trying to get their finger in the pie though. Yeah,
and the other countries like China believe Russia, who are
(21:04):
apparently better equipped to defend against a cyber attack than
the US. So basically the US is really playing with fire. Well,
and that's why Clinton and Bush we're declining to use
these is one of the reasons where like, you know,
this opens us up to counterattacks and just may not
be the smartest way to like we wouldn't go out
(21:25):
and just drop a nuclear bomb on a country, right,
Oh did all? Right? Oops? Twice? What else you got?
Let's see, yuh. We talked about the system controls and
um that acquisition systems. Yeah, that was um. Basically that
is the Achilles Heel of Infrastructure and the United States.
(21:47):
One of the reasons why we're not set up to
defend against um a cyber attack is because we are
so connected to the internet. Everything is Iran North Korea. Yeah,
not quite as bot because a lot of their stuff
is off the grid just by default because they don't
(22:08):
have the infrastructure that we have. So just the robustness
of our own infrastructure is one of the one of
its vulnerabilities as well. Yeah, that's a good point as
far as defense goes to I forgot about this stuff.
Um Strickland says that, like the first step is education,
as far as educating consumers over you know, antivirus software
(22:32):
and how they search the Internet and stuff like that.
So I give that a medium. But uh, this guy
Richard Clarke, he's a security expert. He blames things on
companies like Microsoft too. He feels like rushes through programs
before they are fully security tested because they want to
(22:52):
make you know, they want a few coins to rub
together by selling this stuff, and the consumer doesn't want
to wait, and the stockholder don't want lots of testing
because they want those new products on the market. So
it's a bit of a rough position, and um, you know,
private companies run most of the net, you know, it's
not like this big government thing. So he contends Clark
(23:15):
does that it's up to these private companies who own
the Internet's infrastructure to really make it more robust in
a defensive sense, right, Which is good in one sense,
because then you have a dollar amount in the form
of lost profits attached to UM a security breach, right,
so company is going to try to protect it UM,
(23:36):
which is good. Yeah, But at the same time, it's like, yeah,
if you're putting out products though, and you have competition,
and your competitors products are safer UM, and you're just
rushing stuff to market, then you're gonna lose out ultimately
the same economic forces. And Jonathan also points out to that,
(23:57):
you know, a scary way that can be implemented is
a a one two punch with a physical attack. So,
I mean, this is the one that wakes me up
in the middle of the night. Is a cyber attack
is launched and the electric power grid is shut down,
and gas lines and waterlines start going haywire, and then
all of a sudden incomes the Red Dawn team parachuting
(24:19):
in well that's what we did to a rock in
two thou three. We sent a cyber attack that messed
with their UM I guess their air defense systems, and
then we invaded. So that's happened before we've done it,
doesn't surprise me. Yeah, cyber war, we're in the midst
of it. We're in the midst of it. Pretty crazy stuff.
Get your to what Norton anti virus. That'll just solve everything. Yeah. Education, education,
(24:47):
that's all. That's the only thing. That's all we can
do to prevent cyber war. Um. If you want to
learn more about cyber war and read this article by
Jonathan Strickland, you can type cyber war one word in
the search bar stuff works dot com and will bring
it up. I said Jonathan strick clam which means it's
time for a listener. Mayo, he's started for a lot
(25:09):
more than that. Uh, I'm gonna call this beer and fire. Hi, guys.
I'm a professor of history and a long time act
of your show. I use a podcast in my college
classes to talk about how we use history and entertainment.
I'm writing about the Great Chicago Fire podcast, especially as
it relates to my research. See I study the history
(25:29):
of alcohol, and I teach a class on the history
of beer. Uh, that's pretty cool. We study the economic, social,
and cultural history of beer, and we make beer in
class into weekly beer tastings. What anyway, Aside from the
stuff you mentioned the show, the Chicago fire is important
because it wiped out about three quarters Chicago's breweries. Uh.
(25:50):
Something like eighteen breweries were destroyed by the fire. Of course,
people still want a beer, uh, Chicago and Upper Midwest,
as was pot wait about a lot of Germans at
the time. This gave birth to the beer industry in Milwaukee.
Before the Great Fire, Milwaukee was a beer town, but
not a major supply center. Schlitz, especially as a good
example of called the Milwaukee beer industry, reacted to the fire.
(26:14):
Joseph Schlitz, the founder it, first, donated thousands of barrels
of beer to Chicagoans and the weeks after the fire.
Been Sensing an opportunity, he then opened a distribution point
in the city. After all, there were still hundreds of
thousands of thirsty Chicagoans. He opened Schlitz Tiede Saloons. By
the eighteen eighties he was selling about fifty thousand barrels
(26:36):
of beer in Chicago alone, which is about seventeen percent
of their total. And the slogan, yeah, the slogan for Schlitz,
the beer that made Milwaukee famous, came out of this period,
and it is because of the beer sold after the fire,
So that's where they got the name. By nineteen o two,
Schlitz was the largest brew in the world, a title
(26:57):
it would trade back and forth with Budweiser until the
nineteen fifties. And he goes on to point out that
blats and passed while with similar trajectories, stucks that stuck
to that, and uh, the Chicago brewing industry sadly never
recovered from the fire, although beer drinking remains steady. And
I don't have Professor Beer's name, so we'll just call
(27:22):
him Professor Beer. Oh, I'm sure he'd appreciate that. Yeah,
I'm sure that's what the students call him. Thanks, Professor Beer. Yeah,
And if you want to write it, I'll say your
name on one a later show. Okay. Um. And if
you teach, especially something interesting or you stuff you should
know to help you teach, We're always interested in hearing that.
(27:42):
We want to know about it. Okay, You can tweet
it to us at s y s K podcast and
put it on Facebook dot com slash stuff you Should Know,
or you can send us an email like Professor Beer
did to Stuff podcast at Discovery dot com. For more
(28:04):
on this and thousands of other topics, visit how stuff
works dot com. MHM brought to you by the reinvented
two thousand twelve camera. It's ready, are you
Stuff You Should Know News
Hosts And Creators
Chuck Bryant
Josh Clark
Show Links
AboutOrder Our BookStoreSYSK ArmyRSSPopular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.