All right. All right, here we go. It is that time of the week. For the global Bob Show. Globalbob show, we are the crossroad of technology and politics. This podcast episode number 13. is about STUXnet, Stuxnet, trading bombs and bullets for bits and bytes. As always, thank you, for everybody that tunes in every week. If you liked this podcast, and you get something out of it, feel free to share it on social media, or tell your friends about it. You can reach me Globalbob show@gmail.com, Twitter at Globalbob Show or through the Facebook page, the Globalbob show. Now this talk was one that I've been waiting to do for a while. But I needed to put it all together and figure out exactly how I was going to deliver the message. There's just so much that goes into the story of STUXnet. And at the highest level, whenever I'm asked, Why was Stuxnet so significant, I draw a parallel between the dropping of the bomb the atom bomb on Hiroshima and Nagasaki, as the same as deploying Stuxnet against the Iranian nuclear enrichment facility. And not just because both have nucular subjects involved. But because when we dropped the two bombs, fat boy and little man on Hiroshima and Nagasaki, that instantly propelled us into the Atomic Age, and when STUXnet was deployed against the Iranian facility, then that, to me instantly propelled us into the cyber war age. So before we go too much further, please just keep in mind that all of this information I'm bestowing upon you is generalized information. If you would like to go deeper into this, please do your own research. And Please also keep in mind that the nation or nations behind Stuxnet, have never admitted to it publicly. So as you listen to this podcast, you'll probably draw your own conclusion of who's behind it. But please just understand that unless they actually come out and admit to being behind Stuxnet, then this is all just speculation. So how did we get to the point where we needed a capability to stop the Iranian enrichment process? Well, it all kind of stems from the 1950s, when President Eisenhower talked about Atoms for Peace. So during that speech that he gave to the United Nations, the Atoms for Peace, basically, he offered to give nuclear material and nucular technology to countries for them to develop their own peaceful nuclear program. And I say peaceful, it was supposed to be used for energy. And then kind of the thought behind his speech was, is that instead of all of these nations going out, to enrich uranium, then if we would just give them what they need for generating nuclear power, then that would keep them from having their own program that was in the 1950s. And you have to also keep in mind in the 50s, and into the 60s 70s, even the 80s, Iran and the United States were on pretty good terms. And then once the Shah was overthrown, then that's when our relationship with them kind of turned sour. The Shah of Iran, who was somewhat of a US ally, was overthrown. And the new regime made it very public that they did not like the United States, and they did not like Israel. To this day, there are still some derogatory comments that get made on social media, from the various Iranian news outlets. But that's something that's important to remember is, is that they don't believe in Israel's right to exist, they did not like what the Israelis are doing to the Palestinians. So you can see why it would not be a good idea for Iran to possess such a weapon. So that's kind of the backstory with the relationship between the US and Iranians. Now, in the late 1990s, around 1998, I believe it was, there's a new player on the nucular front, and that is Pakistan, Pakistan had a scientist named a que con. And that is probably for another podcast, we could talk a lot about AQ Khan. But he is the one that secretly helped Pakistan detonate their first nuclear weapon. Now, AQ Khan was not content enough, I guess, just by helping Pakistan. So he had a network that he put together. And this is where a lot of these other nations get their knowledge. So AQ Khan is believed to help the North Koreans and their efforts, he's also believed to have helped Iran and Libya. So in summary, AQ Khan was open for business to whoever wanted to pay him to gain access to this technology. So in the early 2000s, Iran was ramping up its nuclear enrichment. And one of the key components and this is important to know also, is these centrifuges. Now, the way this uranium needed to be enriched, was using very specialized centrifuges. And a centrifuge. If you've seen them before, either on TV or maybe in your doctor's office, basically, you put something into a centrifuge, and it spins around in circles very, very fast. And it's the spinning action that separates various weights of liquid. Well, this can also be used to separate isotopes, which are part of the atoms. And so these centrifuges were really special, these aren't the ones that you would just go buy from a medical supply store. The centrifuges they were, they would spin at about 100,000 rpms. So this is supersonic. The centrifuges were probably about 10 foot tall, and maybe eight to 10 inches wide. And what you had to do is put a gas inside the centrifuge, and the centrifuge would spin this gas, and the gas contained uranium 238. And uranium 235. Uranium 238, is what can be used for the production of power by having a nuclear core that heats up water. And that's basically how a nuclear power plant works. It works like a big tea kettle, but it's that uranium 235 that you need to have for a fission bomb. Now the uranium 235 is naturally occurring, and mostly occurs along with the uranium 238. But it's in very, very small doses. So if you take the percentage of the gas going in, let's say maybe 98% of it is the uranium 238. And about 2% or so is uranium 235. So the gas which is the hydrofluoric gas goes into the top, the centrifuges very precisely spin at supersonic speeds, and the heavier isotopes, the 238 goes to the outside walls of the centrifuge, then the 235 can be extracted through the bottom, and this process repeats itself over and over and over again, until they get to what they need for a nuclear bomb, which is uranium 235 at about a 90% cost centration now, when they set up this nuclear facility, it wasn't like they just needed one centrifuge, they needed 1000s of centrifuges to be spinning. And so the facility is a pretty good size. Now, when they put all of these centrifuges together, one leads to the next until finally, at the end of it, you have the material that you need for a nuclear bomb. So Western intelligence agencies, and Israel started to become alarmed that AQ Khan was not only teaching the Iranians how to enrich uranium, but also he was selling them these special centrifuges. Now, Israel knows that Iran, even to this day, has publicly said that they don't agree with their right to exist, and has said basically, in the past that they would like to wipe Israel off the face of the earth, during all this time is we have a president in office named George Bush. So the Iranians, you would have to assume are getting increasingly nervous and wanting to do some kind of military operation to take out this facility before they can get access to this material to create a bomb. At this time, I think it's around 2005 ish, you got to remember the US we're in deep into Afghanistan, we're in deep into Iraq. And you can imagine that opening up a another war front and Iran would probably overstretch us. But Israel knows that they have to do something. So putting increased pressure for a military option on the table is something that the President Bush had to deal with. Now, the Israelis are no stranger to war. The Israelis found out back in the 90s, I believe it was that Iraq was also trying to enrich uranium. And so they went into Iraq and bombed that facility. Now, you got to imagine the cards that are on the table in front of President Bush, he's got the Israelis that are pressuring him, or basically asking him if they can go in and bomb this facility, and us being allies with Israel would put us on to a third front of a war, or what can he do? So we started putting sanctions on Iran, and basically trying to monitor them, monitor them through the IA E A. Now, before Stuxnet, then really you only had a couple of options. And most of those options were kinetic. But there was some very smart people understanding what cyber war capable of, but they needed to sell this to a president and actually, to the US military, that has never been done before. I mean, they could pontificate that they could put together something to cert petition, Slee enter the Natanz nuclear facility in Iran, and destroy it. But it's like, come back to the atom bomb. It's like it all makes sense on paper, but what it really work. Now, what you can find out through research is that Western intelligence agencies intercepted a shipment from AQ Khan going to Libya. And they intercepted the shipment so they could see exactly how the centrifuges work, and what all it takes to run these centrifuges. Now, I've been involved with lots of physical cyber simulations. And so I can kind of tell you probably the way this worked, because I've done this kind of thing before where we've simulated SCADA control systems or supervisory control and data acquisition systems, which is kind of the name that's given to these types of computer systems that control machinery. So what I would envision is, is that once the Western intelligence agencies intercepted the shipment, they were able to catalogue exactly the controls that were used the types of computers that were used to control this, and they found that the centrifuges used a SCADA module or SCADA system from a company called Siemens, and they use the Siemens step seven SCADA system, and they used a Windows based computer to interact with those SCADA modules. So then the shipment can go on to its final destination. And back in this us, they could replicate the Natanz nuclear facility. So they could start to vies different tactics, techniques and procedures to possibly sabotage this through a cyber capability. And allegedly, that's what they did, they were able to figure out a couple different ways that they could destroy the centrifuges. And when they found one, that they could close off the valve at the exit of the centrifuge, that pressure would build up. And if the pressure built up in the centrifuge, then the gas would start to solidify. Now, you all know that if you hit a bump in the road on your car, and it knocks your will weight off, that tire starts to wobble, well, when the centrifuges are spinning at supersonic speeds at 100,000 revolutions per minute, if they could build up a little bit of pressure in there, that gas would start to solidify. And the solidification on the of the gas on the centrifuge fins would be enough to make the centrifuge start to wobble. And that's exactly what it did. And it actually happened pretty quickly. The centrifuge is starting to wobble, and it totally destroys itself. From research that I've done that it became a like a heap of metal and on the floor. So to prove to the US military and to the president, they took this metal from their top secret lab, they put it in a box. And the story that I heard was is that they flew it to Washington, DC, and dumped it on the desk of the Situation Room. And that's where we instantly knew that this was a possibility of using bits and bytes, instead of bombs and bullets, to have a kinetic effect on infrastructure. Now, this is the same, there's so many parallels between this and developing the atom bomb one, this would have been a highly technical, very advanced never before capability. And also the people working on this would probably be at the utmost security clearance level. Not everybody would know about this, much like the Manhattan Project. There was also another means they found to mess up the centrifuges or destroy it. And that was varying the speed at which the centrifuge spun, it had to spin at a very precise speed. And so they also figured out that they could increase and decrease the speed of the centrifuges just enough to cause damage to them. And like I said, the centrifuges you just don't go buy from a medical supply. These are very special built, custom built. So any of them that they destroyed, would be detrimental. Also, not only were you destroying centrifuges, but you're also wasting the gas, that gas that goes into the centrifuges. So this can be a one two punch, and could delay the Iranians research and exploration and ultimately developing of a nuclear weapon. So by that time, they had signed off on it, supposedly, and STUXnet was developed and ready to be launched. Now, you know the back story, what led us up to the development of STUXnet. And now we understand that there are now cyber capabilities to destroy centrifuges, however, that we still get a major problem. As you can imagine, the Natanz nuclear facility was probably one of the most heavily guarded facilities. And you're just not going to put on a rubber nose and sunglasses and have one of our Western intelligence assets get in there and put Stuxnet on the network. Moreover, the network was a special network and a lot of companies use this The type of network militaries use in research facilities use it, it's called an air gapped network. Now, air gap networks mean that you don't have the network connected to the internet. So we couldn't sit over here in the States and try to Spearfish, someone to click on something that then puts Stuxnet on the network. We're not going to hand somebody a thumb drive and say, Hey, go inside the facility and put this on there. Now, but what we do know that devices, go on air gapped networks and off. So this could be scientist with laptops that they go home, and they get on the internet, or they go to, you know, maybe their office and they get on the internet. Then when they go inside the secured facilities, they plug that same laptop in. And also, they have thumb drives. So there could be a thumb drive that gets inserted into the home computer or computer that's on the internet. And then it gets inserted into this air gap network at the Natanz facility was Stuxnet, it was a very, very long game, this did not happen in a couple of days, or even a couple years. Now, what had to happen was is that Western intelligence needed to know what computers are on those networks. And so they started targeting folks that they thought would be going in and out of the facility taken their equipment in and out of the facility. And so a special virus was written that was designed to get on to air gapped networks. And so essentially, the way these air gapped viruses work or air gap worms work is is that it lands on a computer, so it knows that it's on a device that could be connected to the internet, and then it checks to see if it's connected to the internet. Then, when that device or laptop is taken into another network, it's plugged in, and the virus tries to get out to the internet. If the virus can't get out to the internet, it may assume that it's on an air gapped network. Now, the first phase of this was collecting reconnaissance. And so as the folks went in and out of the facility, then it would scan the internal network and then take and send all of its information back when it had a way to the internet. So that was kind of the first recon phase. Once they confirmed that they were had some kind of device that was being plugged into the Internet and then back into the air gap network, then it was time to unleash Stuxnet. Now, around the same time, there was something that happened here in the United States, and it happens every four years. And that is a new president comes in. So George Bush was on his way out, Barack Obama comes in. And so this program had to be reauthorized. As you could imagine. Given all the backstory and the capabilities, it was probably a no brainer for Obama to say yes, let's proceed on. Now, what we didn't have is a capability to understand if this was working. But there were inspections going on by the I AE A, which is the agency that was doing inspections to make sure that the Iranians and other nuclear nations are compliant with international law. They would go in do their inspection, they would view video cameras, because part of the the agreement was is that anything coming in and out of this facility had to be photographed. Now, there was a report that was written talking about how 1000s of centrifuges were being taken out of the Natanz facility. And so the inspectors would write up the report and send it back to their headquarters in Vienna so it can be reviewed. And that's when we knew that this was working. Now, the way Stuxnet worked was is that it couldn't just get on to the network and destroy all the centrifuges because that would be kind of tipping the hat where people would know hey, there's something fishy going on here. But STUXnet was very, very clever. It took and lay dormant inside the network and recorded what this normal network traffic back and forth between the centrifuges And the computers and the SCADA system looked like. And it did that. So when it got time to launch its attack, then the folks that are monitoring the centrifuges will not be tipped off, you have to understand that, you know, this neat killer technology, there's a lot of controls and safety features around it. So let's say the centrifuges are supposed to spin at 100,000 rpms. Well, if someone noticed that it jumped to 115,000, or decreased to 90,000, then that would tip them off, hey, there's something going on. Let's stop everything. But what would happen is, is that STUXnet had the legitimate traffic recorded. And so when it would request these centrifuges to spin faster and slower, the folks that are monitoring it never knew, because on their monitors, everything looked like it was right. And so it was when the increase of the centrifuges being replaced, that they thought something was on. Now, let's go back to what happened in current times. So the Stuxnet is in the Iranian facilities, the Iranians think they have bad centrifuges or something. But everything checks out. The US and Western intelligence agencies are monitoring the IAEA reports. And they know there's an increase in the centrifuges being decommissioned. While at the same time, computers in Iran started to randomly reboot. And you got to understand that in anti virus, there's a couple of big companies out there, one of which being Symantec, which is a US company. So you could imagine the Iranians don't want the US security companies monitoring their security. So they had a company called virus block Qaeda, which was from Bella ruse. So this folks and Bella ruse had complaints that, hey, computers are randomly rebooting, we don't know why this is happening. And their antivirus software, it wasn't flagging anything. So what they did was they took a remote image of the computers and started to look through it. And they are the ones that found that there's some kind of virus that's a zero day virus that's not being detected, and something's going on. Now, Symantec at the time, also was on to this Stuxnet virus, but they didn't know it as Stuxnet. At the time, this research at the time was being performed by some of the most brilliant people at Symantec. And they quickly realize that, hey, we're not dealing with your run of the mill, zero day virus. For all intents and purposes, usually, these viruses are very small, just a, you know, a few kilobytes. But Symantec researchers understood that, wow, this is like 500 kilobytes, this is a monster in size. And then looking under the hood of it, it really didn't do anything unless certain parameters were met. And those parameters included looking at computers that had access to SCADA networks. More over, they started to look at the other aspects of this virus and realize, hey, this did not contain just one zero day exploit this contained for zero day exploits, which is really kind of unheard of unpacking the virus, the researchers quickly knew that they were probably dealing with some kind of state sponsored activity, but they didn't quite know who the target was or what the target was. And there was other reporting starting to happen on this. Now they had an obligation to report their findings. And so once the findings got reported, the Iranians came out and said, Hey, we realized that the some Western intelligence agencies tried to infiltrate our network, we caught them, we've erased everything and it really did not affect us. Now, looking at the reports, and from what experts have gathered that this really was detriment. Mental to the Iranians that this set back there nucular capabilities of developing a bomb many years. And so with this was really the first time that there were two options on the table, we could either go in or the Israelis could go in and bombed the Natanz nuclear facility, or for the first time, we could actually trade bombs and bullets for bits and bytes, and essentially get the same outcome. That's why I draw so many parallels between the development of the nuclear bomb that we dropped on Japan, with the development of Stuxnet, just an amazing capability, an amazing demonstration of Western intelligence, and the ingenuity and engineering that we can accomplish. Symantec researchers would go even farther after this, to figure out that, hey, there was previous versions of the Stuxnet. And that what we had found was basically like version four. And really, there were three other versions before this. So what we kind of did is trip into the cyber age, and Symantec would later go on to figure out that these earlier versions could have been as early as 2005. Now, like I said, everything I give you here is just the general story. And please, if you do want to quote any of this, make sure you go out you find the actual sources of this information are right, well, we're at the end of the half hour. As always, thank you so much for those that listen and tune in each week. As you know, I do all of this for you all. And without your support, then we would not have the global show. So thank you so much for sailing the Digital Ocean and cruising the highways and byways of cyberspace as we explore the crossroads of politics and technology. All right, everybody. I will see you next week as we unpack our next topic. Until then,