[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:05.29,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:00:10.96,0:00:13.68,Default,,0000,0000,0000,,a small note before we start
Dialogue: 0,0:00:13.68,0:00:15.60,Default,,0000,0000,0000,,as much as this video is meant to be a
Dialogue: 0,0:00:15.60,0:00:17.44,Default,,0000,0000,0000,,storytelling experience
Dialogue: 0,0:00:17.44,0:00:18.96,Default,,0000,0000,0000,,i have also intended it to be
Dialogue: 0,0:00:18.96,0:00:20.64,Default,,0000,0000,0000,,educational
Dialogue: 0,0:00:20.64,0:00:22.48,Default,,0000,0000,0000,,and so i have coupled the story along
Dialogue: 0,0:00:22.48,0:00:23.84,Default,,0000,0000,0000,,with how some of these attacks and
Dialogue: 0,0:00:23.84,0:00:26.00,Default,,0000,0000,0000,,technologies work
Dialogue: 0,0:00:26.00,0:00:28.40,Default,,0000,0000,0000,,this is my first documentary style video
Dialogue: 0,0:00:28.40,0:00:30.80,Default,,0000,0000,0000,,and so i appreciate any and all feedback
Dialogue: 0,0:00:30.80,0:00:33.12,Default,,0000,0000,0000,,in the comments below
Dialogue: 0,0:00:33.12,0:00:35.68,Default,,0000,0000,0000,,i really hope you enjoy and hopefully
Dialogue: 0,0:00:35.68,0:00:38.64,Default,,0000,0000,0000,,learn a few new things
Dialogue: 0,0:00:40.80,0:00:43.44,Default,,0000,0000,0000,,right now a crippling cyber attack has
Dialogue: 0,0:00:43.44,0:00:45.04,Default,,0000,0000,0000,,businesses around the world
Dialogue: 0,0:00:45.04,0:00:47.76,Default,,0000,0000,0000,,on high alert the ransomware known as
Dialogue: 0,0:00:47.76,0:00:48.72,Default,,0000,0000,0000,,wannacry
Dialogue: 0,0:00:48.72,0:00:50.40,Default,,0000,0000,0000,,want to move on to the other developing
Dialogue: 0,0:00:50.40,0:00:51.92,Default,,0000,0000,0000,,story this morning the global cyber
Dialogue: 0,0:00:51.92,0:00:54.24,Default,,0000,0000,0000,,attack the national security agency
Dialogue: 0,0:00:54.24,0:00:56.56,Default,,0000,0000,0000,,developed this software and it's now
Dialogue: 0,0:00:56.56,0:00:57.44,Default,,0000,0000,0000,,being used by
Dialogue: 0,0:00:57.44,0:00:59.44,Default,,0000,0000,0000,,criminals around the world to demand
Dialogue: 0,0:00:59.44,0:01:01.76,Default,,0000,0000,0000,,ransom security experts say this is one
Dialogue: 0,0:01:01.76,0:01:03.28,Default,,0000,0000,0000,,of the worst and most
Dialogue: 0,0:01:03.28,0:01:05.44,Default,,0000,0000,0000,,widespread pieces of malware they've
Dialogue: 0,0:01:05.44,0:01:11.99,Default,,0000,0000,0000,,ever seen
Dialogue: 0,0:01:11.99,0:01:16.55,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:01:20.08,0:01:23.04,Default,,0000,0000,0000,,in may of 2017 a worldwide cyber attack
Dialogue: 0,0:01:23.04,0:01:24.80,Default,,0000,0000,0000,,by the name of wannacry
Dialogue: 0,0:01:24.80,0:01:27.84,Default,,0000,0000,0000,,shot for one a crypter impacted over 150
Dialogue: 0,0:01:27.84,0:01:28.72,Default,,0000,0000,0000,,countries
Dialogue: 0,0:01:28.72,0:01:31.36,Default,,0000,0000,0000,,and hit around 230 000 computers
Dialogue: 0,0:01:31.36,0:01:32.72,Default,,0000,0000,0000,,globally
Dialogue: 0,0:01:32.72,0:01:34.56,Default,,0000,0000,0000,,needless to say it became known as one
Dialogue: 0,0:01:34.56,0:01:36.64,Default,,0000,0000,0000,,of the biggest ransomware attacks in
Dialogue: 0,0:01:36.64,0:01:38.16,Default,,0000,0000,0000,,history
Dialogue: 0,0:01:38.16,0:01:40.80,Default,,0000,0000,0000,,let's start at the very beginning on the
Dialogue: 0,0:01:40.80,0:01:43.12,Default,,0000,0000,0000,,morning of the 12th of may 2017
Dialogue: 0,0:01:43.12,0:01:45.36,Default,,0000,0000,0000,,according to akamai a content delivery
Dialogue: 0,0:01:45.36,0:01:46.24,Default,,0000,0000,0000,,network
Dialogue: 0,0:01:46.24,0:01:48.72,Default,,0000,0000,0000,,this was the timeline reportedly the
Dialogue: 0,0:01:48.72,0:01:51.20,Default,,0000,0000,0000,,first case identified originated from a
Dialogue: 0,0:01:51.20,0:01:53.60,Default,,0000,0000,0000,,southeast asian isp which was detected
Dialogue: 0,0:01:53.60,0:01:55.12,Default,,0000,0000,0000,,at 7 44 am
Dialogue: 0,0:01:55.12,0:01:58.40,Default,,0000,0000,0000,,utc over the next hour there were cases
Dialogue: 0,0:01:58.40,0:02:00.24,Default,,0000,0000,0000,,seen from latin america
Dialogue: 0,0:02:00.24,0:02:02.96,Default,,0000,0000,0000,,then the continental europe and uk then
Dialogue: 0,0:02:02.96,0:02:03.44,Default,,0000,0000,0000,,brazil
Dialogue: 0,0:02:03.44,0:02:06.84,Default,,0000,0000,0000,,and argentinian isps until at 12 39 pm
Dialogue: 0,0:02:06.84,0:02:09.28,Default,,0000,0000,0000,,utc 74
Dialogue: 0,0:02:09.28,0:02:12.72,Default,,0000,0000,0000,,of all isps in asia were affected and by
Dialogue: 0,0:02:12.72,0:02:14.80,Default,,0000,0000,0000,,3 28 pm utc
Dialogue: 0,0:02:14.80,0:02:17.04,Default,,0000,0000,0000,,the ransomware had taken hold of 65
Dialogue: 0,0:02:17.04,0:02:20.64,Default,,0000,0000,0000,,percent of latin american isps
Dialogue: 0,0:02:20.64,0:02:22.88,Default,,0000,0000,0000,,wannacry was spreading and at an
Dialogue: 0,0:02:22.88,0:02:24.64,Default,,0000,0000,0000,,incredible rate
Dialogue: 0,0:02:24.64,0:02:26.16,Default,,0000,0000,0000,,prior to this such a quick and
Dialogue: 0,0:02:26.16,0:02:28.64,Default,,0000,0000,0000,,widespread ransomware was unheard of
Dialogue: 0,0:02:28.64,0:02:31.04,Default,,0000,0000,0000,,a lot of organizations unable to recover
Dialogue: 0,0:02:31.04,0:02:31.84,Default,,0000,0000,0000,,their losses
Dialogue: 0,0:02:31.84,0:02:34.64,Default,,0000,0000,0000,,were forced to permanently shut down
Dialogue: 0,0:02:34.64,0:02:36.16,Default,,0000,0000,0000,,some had to put a pause on their
Dialogue: 0,0:02:36.16,0:02:38.32,Default,,0000,0000,0000,,networks and services and reported huge
Dialogue: 0,0:02:38.32,0:02:39.36,Default,,0000,0000,0000,,losses
Dialogue: 0,0:02:39.36,0:02:42.48,Default,,0000,0000,0000,,some in millions of dollars the attack
Dialogue: 0,0:02:42.48,0:02:44.72,Default,,0000,0000,0000,,did not discriminate small to
Dialogue: 0,0:02:44.72,0:02:46.40,Default,,0000,0000,0000,,medium-sized businesses
Dialogue: 0,0:02:46.40,0:02:48.80,Default,,0000,0000,0000,,large enterprises the private sector the
Dialogue: 0,0:02:48.80,0:02:50.16,Default,,0000,0000,0000,,public sector
Dialogue: 0,0:02:50.16,0:02:52.64,Default,,0000,0000,0000,,railways healthcare banks malls
Dialogue: 0,0:02:52.64,0:02:53.36,Default,,0000,0000,0000,,ministries
Dialogue: 0,0:02:53.36,0:02:56.56,Default,,0000,0000,0000,,police energy companies isps and there
Dialogue: 0,0:02:56.56,0:02:57.44,Default,,0000,0000,0000,,just seemed to be
Dialogue: 0,0:02:57.44,0:03:00.72,Default,,0000,0000,0000,,no end to the victims within few hours
Dialogue: 0,0:03:00.72,0:03:02.72,Default,,0000,0000,0000,,it had spread to over 11 countries
Dialogue: 0,0:03:02.72,0:03:04.32,Default,,0000,0000,0000,,and by the end of the first day of the
Dialogue: 0,0:03:04.32,0:03:06.16,Default,,0000,0000,0000,,attack the ransomware had been
Dialogue: 0,0:03:06.16,0:03:08.48,Default,,0000,0000,0000,,encountered in 74 countries
Dialogue: 0,0:03:08.48,0:03:10.32,Default,,0000,0000,0000,,within thousands and thousands of
Dialogue: 0,0:03:10.32,0:03:12.16,Default,,0000,0000,0000,,organizations
Dialogue: 0,0:03:12.16,0:03:14.88,Default,,0000,0000,0000,,and so it begged the question how much
Dialogue: 0,0:03:14.88,0:03:16.64,Default,,0000,0000,0000,,damage will this really cause over the
Dialogue: 0,0:03:16.64,0:03:17.60,Default,,0000,0000,0000,,next few days
Dialogue: 0,0:03:17.60,0:03:20.16,Default,,0000,0000,0000,,or weeks or months if no solution
Dialogue: 0,0:03:20.16,0:03:23.04,Default,,0000,0000,0000,,presents itself
Dialogue: 0,0:03:23.44,0:03:27.12,Default,,0000,0000,0000,,your surface has been temporarily
Dialogue: 0,0:03:30.84,0:03:33.28,Default,,0000,0000,0000,,disconnected
Dialogue: 0,0:03:33.28,0:03:36.24,Default,,0000,0000,0000,,ransomware works in a very simple manner
Dialogue: 0,0:03:36.24,0:03:38.08,Default,,0000,0000,0000,,it is the type of malware most commonly
Dialogue: 0,0:03:38.08,0:03:39.92,Default,,0000,0000,0000,,spread through phishing attacks
Dialogue: 0,0:03:39.92,0:03:41.84,Default,,0000,0000,0000,,which are essentially emails used to
Dialogue: 0,0:03:41.84,0:03:44.00,Default,,0000,0000,0000,,trick a user into clicking a link that
Dialogue: 0,0:03:44.00,0:03:45.60,Default,,0000,0000,0000,,leads them to a website
Dialogue: 0,0:03:45.60,0:03:47.84,Default,,0000,0000,0000,,where they enter sensitive data or to
Dialogue: 0,0:03:47.84,0:03:50.16,Default,,0000,0000,0000,,download attachments which if executed
Dialogue: 0,0:03:50.16,0:03:52.24,Default,,0000,0000,0000,,will infect the computer
Dialogue: 0,0:03:52.24,0:03:54.40,Default,,0000,0000,0000,,although initially suspected wannacry
Dialogue: 0,0:03:54.40,0:03:56.80,Default,,0000,0000,0000,,did not originate from a phishing attack
Dialogue: 0,0:03:56.80,0:03:59.68,Default,,0000,0000,0000,,but we'll get to that once later
Dialogue: 0,0:03:59.68,0:04:01.28,Default,,0000,0000,0000,,computer is infected
Dialogue: 0,0:04:01.28,0:04:03.04,Default,,0000,0000,0000,,the ransomware runs an encryption
Dialogue: 0,0:04:03.04,0:04:05.28,Default,,0000,0000,0000,,process and usually in less than a
Dialogue: 0,0:04:05.28,0:04:06.24,Default,,0000,0000,0000,,minute
Dialogue: 0,0:04:06.24,0:04:08.80,Default,,0000,0000,0000,,some or all the files depending on what
Dialogue: 0,0:04:08.80,0:04:10.88,Default,,0000,0000,0000,,the ransomware is meant to affect in the
Dialogue: 0,0:04:10.88,0:04:12.40,Default,,0000,0000,0000,,user's computer
Dialogue: 0,0:04:12.40,0:04:14.24,Default,,0000,0000,0000,,is converted from plain text to
Dialogue: 0,0:04:14.24,0:04:15.84,Default,,0000,0000,0000,,ciphertext
Dialogue: 0,0:04:15.84,0:04:18.24,Default,,0000,0000,0000,,plain text is readable or comprehensible
Dialogue: 0,0:04:18.24,0:04:19.12,Default,,0000,0000,0000,,data
Dialogue: 0,0:04:19.12,0:04:21.12,Default,,0000,0000,0000,,and ciphertext is unintelligible
Dialogue: 0,0:04:21.12,0:04:22.72,Default,,0000,0000,0000,,gibberish
Dialogue: 0,0:04:22.72,0:04:24.64,Default,,0000,0000,0000,,in order to turn this back into plain
Dialogue: 0,0:04:24.64,0:04:27.20,Default,,0000,0000,0000,,text the user will need what is known as
Dialogue: 0,0:04:27.20,0:04:28.80,Default,,0000,0000,0000,,a decryption key
Dialogue: 0,0:04:28.80,0:04:30.88,Default,,0000,0000,0000,,which the attacker promises to provide
Dialogue: 0,0:04:30.88,0:04:34.56,Default,,0000,0000,0000,,if the user were to pay the ransom
Dialogue: 0,0:04:34.64,0:04:36.88,Default,,0000,0000,0000,,what makes ransomware so dreadful is
Dialogue: 0,0:04:36.88,0:04:39.36,Default,,0000,0000,0000,,that once your files have been encrypted
Dialogue: 0,0:04:39.36,0:04:41.04,Default,,0000,0000,0000,,you can't exactly decrypt it and
Dialogue: 0,0:04:41.04,0:04:42.96,Default,,0000,0000,0000,,retrieve your data
Dialogue: 0,0:04:42.96,0:04:44.72,Default,,0000,0000,0000,,well you can but with the current
Dialogue: 0,0:04:44.72,0:04:46.64,Default,,0000,0000,0000,,technology we have to break common
Dialogue: 0,0:04:46.64,0:04:48.72,Default,,0000,0000,0000,,encryption algorithms used in ransomware
Dialogue: 0,0:04:48.72,0:04:49.60,Default,,0000,0000,0000,,attacks
Dialogue: 0,0:04:49.60,0:04:52.80,Default,,0000,0000,0000,,such as the rsa it would take millions
Dialogue: 0,0:04:52.80,0:04:57.28,Default,,0000,0000,0000,,to billions to trillions of years
Dialogue: 0,0:04:57.28,0:05:00.41,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:05:03.52,0:05:05.44,Default,,0000,0000,0000,,this is what you'd see if you were to
Dialogue: 0,0:05:05.44,0:05:07.20,Default,,0000,0000,0000,,become infected with the wannacry
Dialogue: 0,0:05:07.20,0:05:08.64,Default,,0000,0000,0000,,ransomware
Dialogue: 0,0:05:08.64,0:05:10.16,Default,,0000,0000,0000,,in addition to this intimidating
Dialogue: 0,0:05:10.16,0:05:12.48,Default,,0000,0000,0000,,wallpaper your documents
Dialogue: 0,0:05:12.48,0:05:16.16,Default,,0000,0000,0000,,spreadsheets images videos
Dialogue: 0,0:05:16.16,0:05:18.64,Default,,0000,0000,0000,,music and most everyday productivity and
Dialogue: 0,0:05:18.64,0:05:21.04,Default,,0000,0000,0000,,multimedia files become encrypted
Dialogue: 0,0:05:21.04,0:05:22.80,Default,,0000,0000,0000,,essentially being held hostage till the
Dialogue: 0,0:05:22.80,0:05:26.24,Default,,0000,0000,0000,,ransom payment has been made
Dialogue: 0,0:05:27.12,0:05:29.20,Default,,0000,0000,0000,,the wanted crypto 2.0 comes with a set
Dialogue: 0,0:05:29.20,0:05:30.24,Default,,0000,0000,0000,,of instructions
Dialogue: 0,0:05:30.24,0:05:31.92,Default,,0000,0000,0000,,and in 28 different languages for
Dialogue: 0,0:05:31.92,0:05:33.68,Default,,0000,0000,0000,,victims to follow in order to recover
Dialogue: 0,0:05:33.68,0:05:35.20,Default,,0000,0000,0000,,their files
Dialogue: 0,0:05:35.20,0:05:37.76,Default,,0000,0000,0000,,the attackers demanded for 300 worth of
Dialogue: 0,0:05:37.76,0:05:38.64,Default,,0000,0000,0000,,bitcoin
Dialogue: 0,0:05:38.64,0:05:40.56,Default,,0000,0000,0000,,and after three days would be updated to
Dialogue: 0,0:05:40.56,0:05:42.48,Default,,0000,0000,0000,,six hundred dollars
Dialogue: 0,0:05:42.48,0:05:44.08,Default,,0000,0000,0000,,if the payment were to be made seven
Dialogue: 0,0:05:44.08,0:05:45.92,Default,,0000,0000,0000,,days after the infection the files would
Dialogue: 0,0:05:45.92,0:05:47.68,Default,,0000,0000,0000,,be recoverable
Dialogue: 0,0:05:47.68,0:05:49.84,Default,,0000,0000,0000,,however despite this they also go on to
Dialogue: 0,0:05:49.84,0:05:51.76,Default,,0000,0000,0000,,state that they will return the files
Dialogue: 0,0:05:51.76,0:05:54.80,Default,,0000,0000,0000,,for free to quote users who are so poor
Dialogue: 0,0:05:54.80,0:05:55.84,Default,,0000,0000,0000,,that they couldn't pay
Dialogue: 0,0:05:55.84,0:05:58.72,Default,,0000,0000,0000,,end quote after six months the method of
Dialogue: 0,0:05:58.72,0:05:59.84,Default,,0000,0000,0000,,payment
Dialogue: 0,0:05:59.84,0:06:02.40,Default,,0000,0000,0000,,bitcoin
Dialogue: 0,0:06:04.16,0:06:06.40,Default,,0000,0000,0000,,the reason that attackers chose bitcoin
Dialogue: 0,0:06:06.40,0:06:07.84,Default,,0000,0000,0000,,was because it is what we know
Dialogue: 0,0:06:07.84,0:06:10.48,Default,,0000,0000,0000,,as a private cryptocurrency this allows
Dialogue: 0,0:06:10.48,0:06:12.08,Default,,0000,0000,0000,,the holder of the currency to remain
Dialogue: 0,0:06:12.08,0:06:13.28,Default,,0000,0000,0000,,anonymous
Dialogue: 0,0:06:13.28,0:06:14.64,Default,,0000,0000,0000,,though the money could be traced to a
Dialogue: 0,0:06:14.64,0:06:16.56,Default,,0000,0000,0000,,cryptocurrency wallet which is where the
Dialogue: 0,0:06:16.56,0:06:18.16,Default,,0000,0000,0000,,currency itself is stored
Dialogue: 0,0:06:18.16,0:06:19.84,Default,,0000,0000,0000,,it would be exponentially difficult to
Dialogue: 0,0:06:19.84,0:06:21.36,Default,,0000,0000,0000,,find the owner of the wallet without
Dialogue: 0,0:06:21.36,0:06:24.32,Default,,0000,0000,0000,,extensive forensic analysis
Dialogue: 0,0:06:24.32,0:06:26.56,Default,,0000,0000,0000,,this is the reason that bitcoin is used
Dialogue: 0,0:06:26.56,0:06:27.84,Default,,0000,0000,0000,,widely in the dark web
Dialogue: 0,0:06:27.84,0:06:30.64,Default,,0000,0000,0000,,to purchase guns drugs and other illegal
Dialogue: 0,0:06:30.64,0:06:32.32,Default,,0000,0000,0000,,goods and services that for obvious
Dialogue: 0,0:06:32.32,0:06:33.20,Default,,0000,0000,0000,,reasons
Dialogue: 0,0:06:33.20,0:06:35.04,Default,,0000,0000,0000,,you would not be able to find on the
Dialogue: 0,0:06:35.04,0:06:48.00,Default,,0000,0000,0000,,surface web
Dialogue: 0,0:06:48.00,0:06:50.08,Default,,0000,0000,0000,,problem with wannacry and what made it
Dialogue: 0,0:06:50.08,0:06:51.92,Default,,0000,0000,0000,,exponentially more dangerous than your
Dialogue: 0,0:06:51.92,0:06:53.28,Default,,0000,0000,0000,,average ransomware
Dialogue: 0,0:06:53.28,0:06:56.32,Default,,0000,0000,0000,,was its propagating capabilities
Dialogue: 0,0:06:56.32,0:06:58.24,Default,,0000,0000,0000,,but to understand this fully we need to
Dialogue: 0,0:06:58.24,0:06:59.84,Default,,0000,0000,0000,,go back in time a little bit
Dialogue: 0,0:06:59.84,0:07:04.00,Default,,0000,0000,0000,,to 2016. in august of 2016 the equation
Dialogue: 0,0:07:04.00,0:07:05.68,Default,,0000,0000,0000,,group suspected to have ties with the
Dialogue: 0,0:07:05.68,0:07:07.52,Default,,0000,0000,0000,,national security agency's tailored
Dialogue: 0,0:07:07.52,0:07:08.80,Default,,0000,0000,0000,,operations unit
Dialogue: 0,0:07:08.80,0:07:10.88,Default,,0000,0000,0000,,and described by kaspersky as one of the
Dialogue: 0,0:07:10.88,0:07:12.88,Default,,0000,0000,0000,,most sophisticated cyber attack groups
Dialogue: 0,0:07:12.88,0:07:14.08,Default,,0000,0000,0000,,in the world
Dialogue: 0,0:07:14.08,0:07:15.76,Default,,0000,0000,0000,,was said to be hacked by a group called
Dialogue: 0,0:07:15.76,0:07:17.68,Default,,0000,0000,0000,,the shadow brokers
Dialogue: 0,0:07:17.68,0:07:19.92,Default,,0000,0000,0000,,in this hack disks full of the nsa
Dialogue: 0,0:07:19.92,0:07:22.80,Default,,0000,0000,0000,,secrets were stolen
Dialogue: 0,0:07:22.80,0:07:25.04,Default,,0000,0000,0000,,this was bad because the nsa houses what
Dialogue: 0,0:07:25.04,0:07:27.52,Default,,0000,0000,0000,,we know as nation state attacks
Dialogue: 0,0:07:27.52,0:07:29.76,Default,,0000,0000,0000,,which are exploits or hacking tools that
Dialogue: 0,0:07:29.76,0:07:31.28,Default,,0000,0000,0000,,are used to carry out a hack for their
Dialogue: 0,0:07:31.28,0:07:32.48,Default,,0000,0000,0000,,home country
Dialogue: 0,0:07:32.48,0:07:35.20,Default,,0000,0000,0000,,against another country the nsa would
Dialogue: 0,0:07:35.20,0:07:37.12,Default,,0000,0000,0000,,essentially recruit a skilled hacker and
Dialogue: 0,0:07:37.12,0:07:39.28,Default,,0000,0000,0000,,give them a license to hack
Dialogue: 0,0:07:39.28,0:07:41.20,Default,,0000,0000,0000,,which means if they did carry it out it
Dialogue: 0,0:07:41.20,0:07:42.56,Default,,0000,0000,0000,,wouldn't be illegal
Dialogue: 0,0:07:42.56,0:07:44.80,Default,,0000,0000,0000,,at least in that country and the hacker
Dialogue: 0,0:07:44.80,0:07:47.76,Default,,0000,0000,0000,,would not be charged
Dialogue: 0,0:07:48.64,0:07:50.64,Default,,0000,0000,0000,,the danger here is that the nation-state
Dialogue: 0,0:07:50.64,0:07:52.40,Default,,0000,0000,0000,,tools in itself are usually pretty
Dialogue: 0,0:07:52.40,0:07:53.44,Default,,0000,0000,0000,,effective
Dialogue: 0,0:07:53.44,0:07:55.12,Default,,0000,0000,0000,,especially considering they are to be
Dialogue: 0,0:07:55.12,0:07:57.28,Default,,0000,0000,0000,,used as weapons against entire states
Dialogue: 0,0:07:57.28,0:07:59.84,Default,,0000,0000,0000,,and countries
Dialogue: 0,0:08:03.60,0:08:05.44,Default,,0000,0000,0000,,the nsa is said to have discovered a
Dialogue: 0,0:08:05.44,0:08:07.20,Default,,0000,0000,0000,,multitude of other vulnerabilities in
Dialogue: 0,0:08:07.20,0:08:08.16,Default,,0000,0000,0000,,the windows os
Dialogue: 0,0:08:08.16,0:08:11.28,Default,,0000,0000,0000,,as early as 2013 but was speculated to
Dialogue: 0,0:08:11.28,0:08:13.28,Default,,0000,0000,0000,,have developed exploits secretly and
Dialogue: 0,0:08:13.28,0:08:14.56,Default,,0000,0000,0000,,stockpile them
Dialogue: 0,0:08:14.56,0:08:16.56,Default,,0000,0000,0000,,rather than reporting it to microsoft or
Dialogue: 0,0:08:16.56,0:08:18.24,Default,,0000,0000,0000,,the infosec community
Dialogue: 0,0:08:18.24,0:08:20.00,Default,,0000,0000,0000,,so that they could weaponize it and
Dialogue: 0,0:08:20.00,0:08:21.92,Default,,0000,0000,0000,,utilize them in their nation state and
Dialogue: 0,0:08:21.92,0:08:24.56,Default,,0000,0000,0000,,other attacks
Dialogue: 0,0:08:25.44,0:08:27.20,Default,,0000,0000,0000,,the shadow brokers would go on to
Dialogue: 0,0:08:27.20,0:08:28.72,Default,,0000,0000,0000,,auction off some of these tools that
Dialogue: 0,0:08:28.72,0:08:30.00,Default,,0000,0000,0000,,were developed
Dialogue: 0,0:08:30.00,0:08:32.08,Default,,0000,0000,0000,,but due to skepticism online on whether
Dialogue: 0,0:08:32.08,0:08:34.08,Default,,0000,0000,0000,,the hackers really did have files as
Dialogue: 0,0:08:34.08,0:08:36.16,Default,,0000,0000,0000,,dangerous as they had claimed
Dialogue: 0,0:08:36.16,0:08:37.92,Default,,0000,0000,0000,,this would essentially go on to become a
Dialogue: 0,0:08:37.92,0:08:40.72,Default,,0000,0000,0000,,catastrophic failure
Dialogue: 0,0:08:40.72,0:08:42.40,Default,,0000,0000,0000,,we can talk quite a bit about the shadow
Dialogue: 0,0:08:42.40,0:08:44.80,Default,,0000,0000,0000,,brokers the story is itself worth
Dialogue: 0,0:08:44.80,0:08:46.72,Default,,0000,0000,0000,,examining individually and maybe even on
Dialogue: 0,0:08:46.72,0:08:48.08,Default,,0000,0000,0000,,a separate video
Dialogue: 0,0:08:48.08,0:08:49.76,Default,,0000,0000,0000,,but let's narrow our focus down to the
Dialogue: 0,0:08:49.76,0:08:51.84,Default,,0000,0000,0000,,leak that made wannacry possible
Dialogue: 0,0:08:51.84,0:08:54.00,Default,,0000,0000,0000,,which at that point was the fifth leak
Dialogue: 0,0:08:54.00,0:08:55.76,Default,,0000,0000,0000,,by the group and was said to be the most
Dialogue: 0,0:08:55.76,0:08:58.64,Default,,0000,0000,0000,,damaging one yet
Dialogue: 0,0:08:59.36,0:09:02.08,Default,,0000,0000,0000,,on april 14 2017 the shadow brokers
Dialogue: 0,0:09:02.08,0:09:03.60,Default,,0000,0000,0000,,would post a tweet that linked to their
Dialogue: 0,0:09:03.60,0:09:05.12,Default,,0000,0000,0000,,steam blockchain
Dialogue: 0,0:09:05.12,0:09:08.88,Default,,0000,0000,0000,,on a post titled lost in translation
Dialogue: 0,0:09:08.88,0:09:10.40,Default,,0000,0000,0000,,this leak contained files from the
Dialogue: 0,0:09:10.40,0:09:12.16,Default,,0000,0000,0000,,initial failed auction which they now
Dialogue: 0,0:09:12.16,0:09:14.16,Default,,0000,0000,0000,,decided to release to the public
Dialogue: 0,0:09:14.16,0:09:18.08,Default,,0000,0000,0000,,for free the description accompanying
Dialogue: 0,0:09:18.08,0:09:19.84,Default,,0000,0000,0000,,the leaked files doesn't really contain
Dialogue: 0,0:09:19.84,0:09:21.28,Default,,0000,0000,0000,,much worth noting
Dialogue: 0,0:09:21.28,0:09:23.12,Default,,0000,0000,0000,,as always the shadow brokers would use
Dialogue: 0,0:09:23.12,0:09:25.04,Default,,0000,0000,0000,,broken but still somewhat comprehensible
Dialogue: 0,0:09:25.04,0:09:26.40,Default,,0000,0000,0000,,english
Dialogue: 0,0:09:26.40,0:09:28.48,Default,,0000,0000,0000,,however this is widely speculated not to
Dialogue: 0,0:09:28.48,0:09:29.84,Default,,0000,0000,0000,,speak to their proficiency in the
Dialogue: 0,0:09:29.84,0:09:30.64,Default,,0000,0000,0000,,language
Dialogue: 0,0:09:30.64,0:09:32.16,Default,,0000,0000,0000,,but rather an attempt to mislead
Dialogue: 0,0:09:32.16,0:09:33.92,Default,,0000,0000,0000,,analysts and prevent them from yielding
Dialogue: 0,0:09:33.92,0:09:36.24,Default,,0000,0000,0000,,any results regarding their identity
Dialogue: 0,0:09:36.24,0:09:39.52,Default,,0000,0000,0000,,characterized by how they type
Dialogue: 0,0:09:39.52,0:09:41.20,Default,,0000,0000,0000,,the link which has now been taken down
Dialogue: 0,0:09:41.20,0:09:42.80,Default,,0000,0000,0000,,takes you to an archive filled with a
Dialogue: 0,0:09:42.80,0:09:44.64,Default,,0000,0000,0000,,number of windows exploits developed by
Dialogue: 0,0:09:44.64,0:09:46.24,Default,,0000,0000,0000,,the nsa
Dialogue: 0,0:09:46.24,0:09:48.16,Default,,0000,0000,0000,,it did contain many other valuable tools
Dialogue: 0,0:09:48.16,0:09:49.44,Default,,0000,0000,0000,,worth examining
Dialogue: 0,0:09:49.44,0:09:51.28,Default,,0000,0000,0000,,but the ones relevant to our story and
Dialogue: 0,0:09:51.28,0:09:53.04,Default,,0000,0000,0000,,what made a regular ransomware so
Dialogue: 0,0:09:53.04,0:09:54.16,Default,,0000,0000,0000,,destructive
Dialogue: 0,0:09:54.16,0:09:56.88,Default,,0000,0000,0000,,were the payload double pulsar and the
Dialogue: 0,0:09:56.88,0:09:58.56,Default,,0000,0000,0000,,now infamous exploit used in the
Dialogue: 0,0:09:58.56,0:09:59.84,Default,,0000,0000,0000,,wannacry attack
Dialogue: 0,0:09:59.84,0:10:05.84,Default,,0000,0000,0000,,eternal blue
Dialogue: 0,0:10:13.12,0:10:15.44,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:10:15.44,0:10:18.80,Default,,0000,0000,0000,,server message block version 1 or smb v1
Dialogue: 0,0:10:18.80,0:10:20.72,Default,,0000,0000,0000,,is a network communication protocol
Dialogue: 0,0:10:20.72,0:10:23.52,Default,,0000,0000,0000,,which was developed in 1983.
Dialogue: 0,0:10:23.52,0:10:25.44,Default,,0000,0000,0000,,the function of this protocol would be
Dialogue: 0,0:10:25.44,0:10:27.20,Default,,0000,0000,0000,,to allow one windows computer to
Dialogue: 0,0:10:27.20,0:10:28.72,Default,,0000,0000,0000,,communicate with another
Dialogue: 0,0:10:28.72,0:10:30.88,Default,,0000,0000,0000,,and share files and printers on a local
Dialogue: 0,0:10:30.88,0:10:32.40,Default,,0000,0000,0000,,network
Dialogue: 0,0:10:32.40,0:10:34.88,Default,,0000,0000,0000,,however smb version 1 had a critical
Dialogue: 0,0:10:34.88,0:10:36.16,Default,,0000,0000,0000,,vulnerability
Dialogue: 0,0:10:36.16,0:10:39.04,Default,,0000,0000,0000,,which allowed for what is known as a
Dialogue: 0,0:10:39.04,0:10:41.76,Default,,0000,0000,0000,,remote arbitrary code execution
Dialogue: 0,0:10:41.76,0:10:43.44,Default,,0000,0000,0000,,in which an attacker would be able to
Dialogue: 0,0:10:43.44,0:10:45.44,Default,,0000,0000,0000,,execute whatever code that they'd like
Dialogue: 0,0:10:45.44,0:10:47.68,Default,,0000,0000,0000,,on their target or victim's computer
Dialogue: 0,0:10:47.68,0:10:48.80,Default,,0000,0000,0000,,over the internet
Dialogue: 0,0:10:48.80,0:10:51.60,Default,,0000,0000,0000,,usually with malicious intent the
Dialogue: 0,0:10:51.60,0:10:53.36,Default,,0000,0000,0000,,function of eternal blue was to take
Dialogue: 0,0:10:53.36,0:10:55.84,Default,,0000,0000,0000,,advantage of this vulnerability
Dialogue: 0,0:10:55.84,0:10:58.00,Default,,0000,0000,0000,,essentially i'm going to try and strip
Dialogue: 0,0:10:58.00,0:10:59.52,Default,,0000,0000,0000,,it down to simplify it as much as
Dialogue: 0,0:10:59.52,0:11:00.80,Default,,0000,0000,0000,,possible
Dialogue: 0,0:11:00.80,0:11:02.64,Default,,0000,0000,0000,,when the shadow brokers first leaked the
Dialogue: 0,0:11:02.64,0:11:03.92,Default,,0000,0000,0000,,nsa tools
Dialogue: 0,0:11:03.92,0:11:05.92,Default,,0000,0000,0000,,hackers took this opportunity to install
Dialogue: 0,0:11:05.92,0:11:07.52,Default,,0000,0000,0000,,double pulsar
Dialogue: 0,0:11:07.52,0:11:09.20,Default,,0000,0000,0000,,which is a tool which opens what we
Dialogue: 0,0:11:09.20,0:11:10.88,Default,,0000,0000,0000,,commonly know in security
Dialogue: 0,0:11:10.88,0:11:14.00,Default,,0000,0000,0000,,as a back door backdoors allows hackers
Dialogue: 0,0:11:14.00,0:11:16.56,Default,,0000,0000,0000,,to create an entry point into the system
Dialogue: 0,0:11:16.56,0:11:18.56,Default,,0000,0000,0000,,or a network of systems and gain easy
Dialogue: 0,0:11:18.56,0:11:20.88,Default,,0000,0000,0000,,access later on
Dialogue: 0,0:11:20.88,0:11:22.88,Default,,0000,0000,0000,,the initial infection of wannacry is not
Dialogue: 0,0:11:22.88,0:11:23.92,Default,,0000,0000,0000,,known
Dialogue: 0,0:11:23.92,0:11:25.68,Default,,0000,0000,0000,,but it is speculated that the attackers
Dialogue: 0,0:11:25.68,0:11:27.12,Default,,0000,0000,0000,,took advantage of the back door to
Dialogue: 0,0:11:27.12,0:11:28.88,Default,,0000,0000,0000,,deliver the payload
Dialogue: 0,0:11:28.88,0:11:30.40,Default,,0000,0000,0000,,the payload in this case is the
Dialogue: 0,0:11:30.40,0:11:32.80,Default,,0000,0000,0000,,ransomware wannacry
Dialogue: 0,0:11:32.80,0:11:34.40,Default,,0000,0000,0000,,when a computer is infected with
Dialogue: 0,0:11:34.40,0:11:36.16,Default,,0000,0000,0000,,wannacry oddly
Dialogue: 0,0:11:36.16,0:11:37.44,Default,,0000,0000,0000,,it then tries to connect to the
Dialogue: 0,0:11:37.44,0:11:39.60,Default,,0000,0000,0000,,following unregistered domain
Dialogue: 0,0:11:39.60,0:11:41.52,Default,,0000,0000,0000,,which is basically a random string of
Dialogue: 0,0:11:41.52,0:11:43.36,Default,,0000,0000,0000,,numbers and letters
Dialogue: 0,0:11:43.36,0:11:45.12,Default,,0000,0000,0000,,if it cannot establish a connection to
Dialogue: 0,0:11:45.12,0:11:48.00,Default,,0000,0000,0000,,this domain then the real damage begins
Dialogue: 0,0:11:48.00,0:11:50.88,Default,,0000,0000,0000,,it scans for port 445 on the network
Dialogue: 0,0:11:50.88,0:11:52.56,Default,,0000,0000,0000,,which is the port that is used to host
Dialogue: 0,0:11:52.56,0:11:54.08,Default,,0000,0000,0000,,smb version 1
Dialogue: 0,0:11:54.08,0:11:56.08,Default,,0000,0000,0000,,and if the port is deemed to be open it
Dialogue: 0,0:11:56.08,0:11:57.60,Default,,0000,0000,0000,,would then proceed to spread to that
Dialogue: 0,0:11:57.60,0:11:59.68,Default,,0000,0000,0000,,computer
Dialogue: 0,0:11:59.68,0:12:01.90,Default,,0000,0000,0000,,this is how it propagated so quickly
Dialogue: 0,0:12:01.90,0:12:03.12,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:12:03.12,0:12:04.80,Default,,0000,0000,0000,,whether the other users in the network
Dialogue: 0,0:12:04.80,0:12:06.56,Default,,0000,0000,0000,,actually downloaded or clicked on
Dialogue: 0,0:12:06.56,0:12:08.00,Default,,0000,0000,0000,,anything malicious
Dialogue: 0,0:12:08.00,0:12:10.40,Default,,0000,0000,0000,,regardless they would be infected and in
Dialogue: 0,0:12:10.40,0:12:12.00,Default,,0000,0000,0000,,seconds all their data would be
Dialogue: 0,0:12:12.00,0:12:13.14,Default,,0000,0000,0000,,encrypted
Dialogue: 0,0:12:13.14,0:12:14.40,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:12:14.40,0:12:17.36,Default,,0000,0000,0000,,so the damage came in two parts the
Dialogue: 0,0:12:17.36,0:12:19.12,Default,,0000,0000,0000,,ransomware that encrypts the data
Dialogue: 0,0:12:19.12,0:12:20.96,Default,,0000,0000,0000,,and the worm-like component that is used
Dialogue: 0,0:12:20.96,0:12:22.48,Default,,0000,0000,0000,,to spread the ransomware to any
Dialogue: 0,0:12:22.48,0:12:23.28,Default,,0000,0000,0000,,connected
Dialogue: 0,0:12:23.28,0:12:25.60,Default,,0000,0000,0000,,vulnerable devices in the network as a
Dialogue: 0,0:12:25.60,0:12:28.88,Default,,0000,0000,0000,,result of eternal blue and double pulsar
Dialogue: 0,0:12:28.88,0:12:31.36,Default,,0000,0000,0000,,the attack only affected windows systems
Dialogue: 0,0:12:31.36,0:12:33.36,Default,,0000,0000,0000,,mainly targeting windows xp
Dialogue: 0,0:12:33.36,0:12:36.32,Default,,0000,0000,0000,,vista windows 7 windows 8 and windows
Dialogue: 0,0:12:36.32,0:12:37.52,Default,,0000,0000,0000,,10.
Dialogue: 0,0:12:37.52,0:12:39.52,Default,,0000,0000,0000,,however a month prior to the leak by the
Dialogue: 0,0:12:39.52,0:12:42.48,Default,,0000,0000,0000,,shadow brokers on march 14 2017
Dialogue: 0,0:12:42.48,0:12:44.08,Default,,0000,0000,0000,,microsoft was made aware of this
Dialogue: 0,0:12:44.08,0:12:45.92,Default,,0000,0000,0000,,vulnerability after it was publicly
Dialogue: 0,0:12:45.92,0:12:46.80,Default,,0000,0000,0000,,reported
Dialogue: 0,0:12:46.80,0:12:50.48,Default,,0000,0000,0000,,almost five years after its discovery
Dialogue: 0,0:12:50.48,0:12:52.32,Default,,0000,0000,0000,,microsoft then released a critical patch
Dialogue: 0,0:12:52.32,0:12:53.70,Default,,0000,0000,0000,,to fix this vulnerability
Dialogue: 0,0:12:53.70,0:12:54.92,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:12:54.92,0:12:57.04,Default,,0000,0000,0000,,ms-17010
Dialogue: 0,0:12:57.04,0:12:59.60,Default,,0000,0000,0000,,however despite the release of the patch
Dialogue: 0,0:12:59.60,0:13:01.52,Default,,0000,0000,0000,,a significant number of organizations
Dialogue: 0,0:13:01.52,0:13:03.36,Default,,0000,0000,0000,,never updated their systems
Dialogue: 0,0:13:03.36,0:13:05.68,Default,,0000,0000,0000,,and unfortunately there were still major
Dialogue: 0,0:13:05.68,0:13:08.00,Default,,0000,0000,0000,,organizations running windows xp
Dialogue: 0,0:13:08.00,0:13:11.68,Default,,0000,0000,0000,,or server 2003 these devices were at end
Dialogue: 0,0:13:11.68,0:13:12.96,Default,,0000,0000,0000,,of support
Dialogue: 0,0:13:12.96,0:13:14.80,Default,,0000,0000,0000,,which means that even if updates were
Dialogue: 0,0:13:14.80,0:13:16.64,Default,,0000,0000,0000,,out they would not receive them
Dialogue: 0,0:13:16.64,0:13:18.84,Default,,0000,0000,0000,,and be completely vulnerable to the
Dialogue: 0,0:13:18.84,0:13:20.80,Default,,0000,0000,0000,,exploit
Dialogue: 0,0:13:20.80,0:13:22.16,Default,,0000,0000,0000,,if you want to know more about the
Dialogue: 0,0:13:22.16,0:13:23.76,Default,,0000,0000,0000,,vulnerability that the eternalblue
Dialogue: 0,0:13:23.76,0:13:24.72,Default,,0000,0000,0000,,exploited
Dialogue: 0,0:13:24.72,0:13:26.16,Default,,0000,0000,0000,,it is now logged in the national
Dialogue: 0,0:13:26.16,0:13:27.76,Default,,0000,0000,0000,,vulnerability database
Dialogue: 0,0:13:27.76,0:13:33.95,Default,,0000,0000,0000,,as cve 20170144
Dialogue: 0,0:13:33.95,0:13:38.20,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:13:47.92,0:13:50.56,Default,,0000,0000,0000,,marcus hutchins also known online by his
Dialogue: 0,0:13:50.56,0:13:52.32,Default,,0000,0000,0000,,alias malwa attack
Dialogue: 0,0:13:52.32,0:13:54.32,Default,,0000,0000,0000,,was a 23 year old british security
Dialogue: 0,0:13:54.32,0:13:56.16,Default,,0000,0000,0000,,researcher at kryptos logic
Dialogue: 0,0:13:56.16,0:13:59.52,Default,,0000,0000,0000,,in la after returning from lunch with a
Dialogue: 0,0:13:59.52,0:14:01.84,Default,,0000,0000,0000,,friend on the afternoon of the attack
Dialogue: 0,0:14:01.84,0:14:03.60,Default,,0000,0000,0000,,he found himself scouring messaging
Dialogue: 0,0:14:03.60,0:14:04.88,Default,,0000,0000,0000,,boards where he came across
Dialogue: 0,0:14:04.88,0:14:07.52,Default,,0000,0000,0000,,news of a ransomware rapidly taking down
Dialogue: 0,0:14:07.52,0:14:09.68,Default,,0000,0000,0000,,systems in the national health service
Dialogue: 0,0:14:09.68,0:14:13.52,Default,,0000,0000,0000,,or nhs all over the uk
Dialogue: 0,0:14:13.52,0:14:14.96,Default,,0000,0000,0000,,hutchins who found it odd that the
Dialogue: 0,0:14:14.96,0:14:17.04,Default,,0000,0000,0000,,ransomware was consistently affecting so
Dialogue: 0,0:14:17.04,0:14:18.40,Default,,0000,0000,0000,,many devices
Dialogue: 0,0:14:18.40,0:14:20.32,Default,,0000,0000,0000,,concluded that the attack was probably a
Dialogue: 0,0:14:20.32,0:14:21.76,Default,,0000,0000,0000,,computer worm and not just
Dialogue: 0,0:14:21.76,0:14:25.12,Default,,0000,0000,0000,,a simple ransomware he quickly requested
Dialogue: 0,0:14:25.12,0:14:27.04,Default,,0000,0000,0000,,one of his friends to pass him a sample
Dialogue: 0,0:14:27.04,0:14:28.16,Default,,0000,0000,0000,,of the malware
Dialogue: 0,0:14:28.16,0:14:30.00,Default,,0000,0000,0000,,so that he could examine it and reverse
Dialogue: 0,0:14:30.00,0:14:32.00,Default,,0000,0000,0000,,engineer it to analyze exactly how it
Dialogue: 0,0:14:32.00,0:14:33.28,Default,,0000,0000,0000,,worked
Dialogue: 0,0:14:33.28,0:14:34.88,Default,,0000,0000,0000,,once he had gotten his hands on the
Dialogue: 0,0:14:34.88,0:14:36.32,Default,,0000,0000,0000,,malware sample
Dialogue: 0,0:14:36.32,0:14:38.08,Default,,0000,0000,0000,,he had run it using a virtual
Dialogue: 0,0:14:38.08,0:14:40.16,Default,,0000,0000,0000,,environment with fake files
Dialogue: 0,0:14:40.16,0:14:41.68,Default,,0000,0000,0000,,and found out that it was trying to
Dialogue: 0,0:14:41.68,0:14:44.48,Default,,0000,0000,0000,,connect to an unregistered domain
Dialogue: 0,0:14:44.48,0:14:48.08,Default,,0000,0000,0000,,which we discussed earlier in chapter 4.
Dialogue: 0,0:14:48.08,0:14:49.84,Default,,0000,0000,0000,,hutchins would go on to register this
Dialogue: 0,0:14:49.84,0:14:51.84,Default,,0000,0000,0000,,domain for only 10
Dialogue: 0,0:14:51.84,0:14:55.12,Default,,0000,0000,0000,,and 69 cents which unbeknownst to him
Dialogue: 0,0:14:55.12,0:14:56.84,Default,,0000,0000,0000,,would actually halt the wannacry
Dialogue: 0,0:14:56.84,0:14:58.56,Default,,0000,0000,0000,,infection
Dialogue: 0,0:14:58.56,0:15:00.24,Default,,0000,0000,0000,,he would later admit in a tweet that
Dialogue: 0,0:15:00.24,0:15:02.56,Default,,0000,0000,0000,,same day that the domain registration
Dialogue: 0,0:15:02.56,0:15:04.08,Default,,0000,0000,0000,,leading to a pause in the rapid
Dialogue: 0,0:15:04.08,0:15:05.12,Default,,0000,0000,0000,,infection
Dialogue: 0,0:15:05.12,0:15:08.40,Default,,0000,0000,0000,,was indeed an accident dubbing marcus
Dialogue: 0,0:15:08.40,0:15:09.12,Default,,0000,0000,0000,,hutchins
Dialogue: 0,0:15:09.12,0:15:13.84,Default,,0000,0000,0000,,as the accidental hero
Dialogue: 0,0:15:23.44,0:15:25.68,Default,,0000,0000,0000,,to hachins taking control of
Dialogue: 0,0:15:25.68,0:15:27.68,Default,,0000,0000,0000,,unregistered domains was just a part of
Dialogue: 0,0:15:27.68,0:15:28.88,Default,,0000,0000,0000,,his workflow
Dialogue: 0,0:15:28.88,0:15:30.48,Default,,0000,0000,0000,,when it came to stopping botnets and
Dialogue: 0,0:15:30.48,0:15:32.32,Default,,0000,0000,0000,,tracking malware
Dialogue: 0,0:15:32.32,0:15:33.84,Default,,0000,0000,0000,,this was so that he could get further
Dialogue: 0,0:15:33.84,0:15:35.84,Default,,0000,0000,0000,,insight into how the malware or botnets
Dialogue: 0,0:15:35.84,0:15:37.44,Default,,0000,0000,0000,,were spreading
Dialogue: 0,0:15:37.44,0:15:38.96,Default,,0000,0000,0000,,for those of you unaware of what a
Dialogue: 0,0:15:38.96,0:15:41.20,Default,,0000,0000,0000,,botnet is it is essentially a group of
Dialogue: 0,0:15:41.20,0:15:42.80,Default,,0000,0000,0000,,computers that have been hijacked by
Dialogue: 0,0:15:42.80,0:15:44.24,Default,,0000,0000,0000,,malicious actors
Dialogue: 0,0:15:44.24,0:15:46.16,Default,,0000,0000,0000,,or hackers in order to be used in their
Dialogue: 0,0:15:46.16,0:15:47.44,Default,,0000,0000,0000,,attacks to drive
Dialogue: 0,0:15:47.44,0:15:50.56,Default,,0000,0000,0000,,excess network traffic or steel data
Dialogue: 0,0:15:50.56,0:15:52.40,Default,,0000,0000,0000,,one computer that has been hijacked is
Dialogue: 0,0:15:52.40,0:15:54.56,Default,,0000,0000,0000,,called a bot and a network of them
Dialogue: 0,0:15:54.56,0:15:57.68,Default,,0000,0000,0000,,is called a botnet however
Dialogue: 0,0:15:57.68,0:16:00.40,Default,,0000,0000,0000,,since as we discussed earlier the attack
Dialogue: 0,0:16:00.40,0:16:02.32,Default,,0000,0000,0000,,only executes if it's unable to reach
Dialogue: 0,0:16:02.32,0:16:04.64,Default,,0000,0000,0000,,the domains that it checks for
Dialogue: 0,0:16:04.64,0:16:06.84,Default,,0000,0000,0000,,think of it as a simple if then
Dialogue: 0,0:16:06.84,0:16:08.16,Default,,0000,0000,0000,,statement
Dialogue: 0,0:16:08.16,0:16:09.92,Default,,0000,0000,0000,,if the infection cannot connect to x
Dialogue: 0,0:16:09.92,0:16:12.64,Default,,0000,0000,0000,,domain then proceed with the infection
Dialogue: 0,0:16:12.64,0:16:16.56,Default,,0000,0000,0000,,if it can reach x domain stop the attack
Dialogue: 0,0:16:16.56,0:16:18.32,Default,,0000,0000,0000,,and so the malware being able to connect
Dialogue: 0,0:16:18.32,0:16:20.16,Default,,0000,0000,0000,,to the domain was known as the kill
Dialogue: 0,0:16:20.16,0:16:21.20,Default,,0000,0000,0000,,switch
Dialogue: 0,0:16:21.20,0:16:23.20,Default,,0000,0000,0000,,the big red button that stops the attack
Dialogue: 0,0:16:23.20,0:16:25.84,Default,,0000,0000,0000,,from spreading any further
Dialogue: 0,0:16:25.84,0:16:28.24,Default,,0000,0000,0000,,but why would the attackers implement a
Dialogue: 0,0:16:28.24,0:16:30.40,Default,,0000,0000,0000,,kill switch at all
Dialogue: 0,0:16:30.40,0:16:32.24,Default,,0000,0000,0000,,the first theory is that the creators of
Dialogue: 0,0:16:32.24,0:16:34.16,Default,,0000,0000,0000,,wannacry wanted a way to stop the attack
Dialogue: 0,0:16:34.16,0:16:36.48,Default,,0000,0000,0000,,if it ever got out of hand or had any
Dialogue: 0,0:16:36.48,0:16:38.56,Default,,0000,0000,0000,,unintentional effects
Dialogue: 0,0:16:38.56,0:16:40.40,Default,,0000,0000,0000,,the second and the most likely theory
Dialogue: 0,0:16:40.40,0:16:42.32,Default,,0000,0000,0000,,proposed by hutchins and other security
Dialogue: 0,0:16:42.32,0:16:43.52,Default,,0000,0000,0000,,researchers
Dialogue: 0,0:16:43.52,0:16:45.36,Default,,0000,0000,0000,,was that the kill switch was present in
Dialogue: 0,0:16:45.36,0:16:46.80,Default,,0000,0000,0000,,order to prevent researchers from
Dialogue: 0,0:16:46.80,0:16:49.28,Default,,0000,0000,0000,,looking into the behavior of monocry
Dialogue: 0,0:16:49.28,0:16:51.12,Default,,0000,0000,0000,,if it was being executed within what is
Dialogue: 0,0:16:51.12,0:16:52.32,Default,,0000,0000,0000,,known in security
Dialogue: 0,0:16:52.32,0:16:55.76,Default,,0000,0000,0000,,as a sandbox a sandbox is usually a
Dialogue: 0,0:16:55.76,0:16:57.52,Default,,0000,0000,0000,,virtual computer that is used to run
Dialogue: 0,0:16:57.52,0:16:58.80,Default,,0000,0000,0000,,malware
Dialogue: 0,0:16:58.80,0:17:00.32,Default,,0000,0000,0000,,it is a contained environment with
Dialogue: 0,0:17:00.32,0:17:02.00,Default,,0000,0000,0000,,measures that have been taken to not
Dialogue: 0,0:17:02.00,0:17:04.56,Default,,0000,0000,0000,,infect any important files or spread to
Dialogue: 0,0:17:04.56,0:17:06.48,Default,,0000,0000,0000,,other networks
Dialogue: 0,0:17:06.48,0:17:08.24,Default,,0000,0000,0000,,much like what i used in chapter 2 to
Dialogue: 0,0:17:08.24,0:17:10.11,Default,,0000,0000,0000,,demonstrate the wannacry ransomware
Dialogue: 0,0:17:10.11,0:17:12.16,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:17:12.16,0:17:14.24,Default,,0000,0000,0000,,researchers used these sandboxes to run
Dialogue: 0,0:17:14.24,0:17:16.24,Default,,0000,0000,0000,,malware and then use tools to determine
Dialogue: 0,0:17:16.24,0:17:18.48,Default,,0000,0000,0000,,the behavior of the attack
Dialogue: 0,0:17:18.48,0:17:20.24,Default,,0000,0000,0000,,this is what hutchins did with fake
Dialogue: 0,0:17:20.24,0:17:22.64,Default,,0000,0000,0000,,files as well
Dialogue: 0,0:17:22.64,0:17:24.56,Default,,0000,0000,0000,,so the intent behind this kill switch
Dialogue: 0,0:17:24.56,0:17:26.24,Default,,0000,0000,0000,,was to destroy the ransomware if it
Dialogue: 0,0:17:26.24,0:17:28.96,Default,,0000,0000,0000,,existed within a sandbox environment
Dialogue: 0,0:17:28.96,0:17:30.72,Default,,0000,0000,0000,,again since they didn't want researchers
Dialogue: 0,0:17:30.72,0:17:32.48,Default,,0000,0000,0000,,to be able to analyze exactly how it
Dialogue: 0,0:17:32.48,0:17:34.00,Default,,0000,0000,0000,,worked
Dialogue: 0,0:17:34.00,0:17:35.92,Default,,0000,0000,0000,,however since the attackers used a
Dialogue: 0,0:17:35.92,0:17:37.28,Default,,0000,0000,0000,,static domain
Dialogue: 0,0:17:37.28,0:17:38.96,Default,,0000,0000,0000,,a domain name that did not change for
Dialogue: 0,0:17:38.96,0:17:41.04,Default,,0000,0000,0000,,each infection instead of using
Dialogue: 0,0:17:41.04,0:17:43.28,Default,,0000,0000,0000,,dynamically generated domain names
Dialogue: 0,0:17:43.28,0:17:45.04,Default,,0000,0000,0000,,like other renditions of this concept
Dialogue: 0,0:17:45.04,0:17:46.48,Default,,0000,0000,0000,,would usually do
Dialogue: 0,0:17:46.48,0:17:48.40,Default,,0000,0000,0000,,the wannacry infections around the world
Dialogue: 0,0:17:48.40,0:17:50.24,Default,,0000,0000,0000,,believed that it was being analyzed in a
Dialogue: 0,0:17:50.24,0:17:51.76,Default,,0000,0000,0000,,sandbox environment
Dialogue: 0,0:17:51.76,0:17:54.16,Default,,0000,0000,0000,,and essentially killed itself since
Dialogue: 0,0:17:54.16,0:17:55.68,Default,,0000,0000,0000,,every single infection was trying to
Dialogue: 0,0:17:55.68,0:17:56.08,Default,,0000,0000,0000,,reach
Dialogue: 0,0:17:56.08,0:17:58.88,Default,,0000,0000,0000,,one single hard-coded domain and now
Dialogue: 0,0:17:58.88,0:18:00.72,Default,,0000,0000,0000,,they could after hutchins had purchased
Dialogue: 0,0:18:00.72,0:18:03.04,Default,,0000,0000,0000,,it and put it online
Dialogue: 0,0:18:03.04,0:18:05.04,Default,,0000,0000,0000,,if it had been a randomly generated
Dialogue: 0,0:18:05.04,0:18:06.16,Default,,0000,0000,0000,,domain name
Dialogue: 0,0:18:06.16,0:18:07.52,Default,,0000,0000,0000,,then the infection would only have
Dialogue: 0,0:18:07.52,0:18:09.52,Default,,0000,0000,0000,,removed itself from hutchins's sandbox
Dialogue: 0,0:18:09.52,0:18:10.88,Default,,0000,0000,0000,,environment
Dialogue: 0,0:18:10.88,0:18:12.40,Default,,0000,0000,0000,,because the domain he registered would
Dialogue: 0,0:18:12.40,0:18:14.00,Default,,0000,0000,0000,,be unique to him and would not
Dialogue: 0,0:18:14.00,0:18:17.20,Default,,0000,0000,0000,,affect anyone else this
Dialogue: 0,0:18:17.20,0:18:20.16,Default,,0000,0000,0000,,seems to be an amateur mistake so
Dialogue: 0,0:18:20.16,0:18:21.84,Default,,0000,0000,0000,,amateur in fact that the researchers
Dialogue: 0,0:18:21.84,0:18:23.76,Default,,0000,0000,0000,,have speculated that maybe the intent of
Dialogue: 0,0:18:23.76,0:18:24.80,Default,,0000,0000,0000,,the attackers
Dialogue: 0,0:18:24.80,0:18:27.68,Default,,0000,0000,0000,,was not monetary gain but rather a more
Dialogue: 0,0:18:27.68,0:18:29.04,Default,,0000,0000,0000,,political intention
Dialogue: 0,0:18:29.04,0:18:31.60,Default,,0000,0000,0000,,such as to bring shame to the nsa
Dialogue: 0,0:18:31.60,0:18:32.48,Default,,0000,0000,0000,,however
Dialogue: 0,0:18:32.48,0:18:34.16,Default,,0000,0000,0000,,to this date there is nothing that
Dialogue: 0,0:18:34.16,0:18:36.00,Default,,0000,0000,0000,,confirms nor denies the motive
Dialogue: 0,0:18:36.00,0:18:43.84,Default,,0000,0000,0000,,of the wannacry attack
Dialogue: 0,0:18:50.72,0:18:53.36,Default,,0000,0000,0000,,the rapid infection had seemed to stop
Dialogue: 0,0:18:53.36,0:18:55.36,Default,,0000,0000,0000,,but for hutchins or malwater and his
Dialogue: 0,0:18:55.36,0:18:58.64,Default,,0000,0000,0000,,team the nightmare had only just begun
Dialogue: 0,0:18:58.64,0:19:00.24,Default,,0000,0000,0000,,less than an hour from when he had
Dialogue: 0,0:19:00.24,0:19:03.12,Default,,0000,0000,0000,,activated the domain it was under attack
Dialogue: 0,0:19:03.12,0:19:04.88,Default,,0000,0000,0000,,the motive of the attackers were to use
Dialogue: 0,0:19:04.88,0:19:07.28,Default,,0000,0000,0000,,the mirai botnet to host a distributed
Dialogue: 0,0:19:07.28,0:19:08.96,Default,,0000,0000,0000,,denial of service attack
Dialogue: 0,0:19:08.96,0:19:11.44,Default,,0000,0000,0000,,also known as ddos to shut down the
Dialogue: 0,0:19:11.44,0:19:13.36,Default,,0000,0000,0000,,domain so that it would be unreachable
Dialogue: 0,0:19:13.36,0:19:16.16,Default,,0000,0000,0000,,once again and all the halted infections
Dialogue: 0,0:19:16.16,0:19:18.00,Default,,0000,0000,0000,,would resume
Dialogue: 0,0:19:18.00,0:19:20.00,Default,,0000,0000,0000,,a ddos attack is usually performed to
Dialogue: 0,0:19:20.00,0:19:21.28,Default,,0000,0000,0000,,flood a domain with
Dialogue: 0,0:19:21.28,0:19:23.12,Default,,0000,0000,0000,,junk traffic till it can't handle
Dialogue: 0,0:19:23.12,0:19:25.84,Default,,0000,0000,0000,,anymore and is driven offline
Dialogue: 0,0:19:25.84,0:19:27.68,Default,,0000,0000,0000,,the mirai botnet that the attackers were
Dialogue: 0,0:19:27.68,0:19:29.68,Default,,0000,0000,0000,,employing was previously used in one of
Dialogue: 0,0:19:29.68,0:19:31.76,Default,,0000,0000,0000,,the largest ever ddos attacks
Dialogue: 0,0:19:31.76,0:19:33.60,Default,,0000,0000,0000,,and was comprised of hundreds and
Dialogue: 0,0:19:33.60,0:19:35.76,Default,,0000,0000,0000,,thousands of devices
Dialogue: 0,0:19:35.76,0:19:37.52,Default,,0000,0000,0000,,the haunting realization that they were
Dialogue: 0,0:19:37.52,0:19:39.36,Default,,0000,0000,0000,,the wall between a flood of infections
Dialogue: 0,0:19:39.36,0:19:41.12,Default,,0000,0000,0000,,that was currently being blocked
Dialogue: 0,0:19:41.12,0:19:43.04,Default,,0000,0000,0000,,slowly dawned on hutchins and the other
Dialogue: 0,0:19:43.04,0:19:46.08,Default,,0000,0000,0000,,researchers working on the case
Dialogue: 0,0:19:46.08,0:19:47.76,Default,,0000,0000,0000,,they eventually dealt with the issue by
Dialogue: 0,0:19:47.76,0:19:50.00,Default,,0000,0000,0000,,taking the site to a cached version
Dialogue: 0,0:19:50.00,0:19:51.76,Default,,0000,0000,0000,,which was capable of handling a much
Dialogue: 0,0:19:51.76,0:19:55.20,Default,,0000,0000,0000,,higher traffic load than a live site
Dialogue: 0,0:19:55.20,0:19:57.28,Default,,0000,0000,0000,,two days after the domain went live the
Dialogue: 0,0:19:57.28,0:19:59.20,Default,,0000,0000,0000,,data showed that two million infections
Dialogue: 0,0:19:59.20,0:20:00.48,Default,,0000,0000,0000,,had been halted
Dialogue: 0,0:20:00.48,0:20:02.16,Default,,0000,0000,0000,,showing us what the extent of the damage
Dialogue: 0,0:20:02.16,0:20:03.76,Default,,0000,0000,0000,,could have been if it was not for the
Dialogue: 0,0:20:03.76,0:20:07.84,Default,,0000,0000,0000,,discovery of the kill switch
Dialogue: 0,0:20:25.36,0:20:28.32,Default,,0000,0000,0000,,marcus hutchins story does not stop here
Dialogue: 0,0:20:28.32,0:20:30.40,Default,,0000,0000,0000,,he would go on to be named as a cyber
Dialogue: 0,0:20:30.40,0:20:31.76,Default,,0000,0000,0000,,crime hero
Dialogue: 0,0:20:31.76,0:20:34.16,Default,,0000,0000,0000,,a title which he didn't enjoy as it
Dialogue: 0,0:20:34.16,0:20:36.88,Default,,0000,0000,0000,,would bring to him unwanted attention
Dialogue: 0,0:20:36.88,0:20:38.32,Default,,0000,0000,0000,,people trying to piece together his
Dialogue: 0,0:20:38.32,0:20:40.48,Default,,0000,0000,0000,,address media camping outside of his
Dialogue: 0,0:20:40.48,0:20:41.36,Default,,0000,0000,0000,,house
Dialogue: 0,0:20:41.36,0:20:43.44,Default,,0000,0000,0000,,and in addition to all of this he was
Dialogue: 0,0:20:43.44,0:20:45.04,Default,,0000,0000,0000,,still under the pressure of the domain
Dialogue: 0,0:20:45.04,0:20:46.84,Default,,0000,0000,0000,,going offline any minute and wreaking
Dialogue: 0,0:20:46.84,0:20:48.40,Default,,0000,0000,0000,,havoc
Dialogue: 0,0:20:48.40,0:20:50.40,Default,,0000,0000,0000,,however he was able to get through these
Dialogue: 0,0:20:50.40,0:20:52.96,Default,,0000,0000,0000,,weary days and sleepless nights
Dialogue: 0,0:20:52.96,0:20:57.04,Default,,0000,0000,0000,,only to be thrown back into chaos
Dialogue: 0,0:20:57.20,0:20:59.44,Default,,0000,0000,0000,,three months after the wannacry attack
Dialogue: 0,0:20:59.44,0:21:01.60,Default,,0000,0000,0000,,in august of 2017
Dialogue: 0,0:21:01.60,0:21:03.92,Default,,0000,0000,0000,,marcus hutchins after partying in vegas
Dialogue: 0,0:21:03.92,0:21:05.28,Default,,0000,0000,0000,,for a week and a half
Dialogue: 0,0:21:05.28,0:21:08.24,Default,,0000,0000,0000,,during defcon a hacker convention was
Dialogue: 0,0:21:08.24,0:21:10.32,Default,,0000,0000,0000,,arrested in the airport by the fbi on
Dialogue: 0,0:21:10.32,0:21:12.08,Default,,0000,0000,0000,,his way back home
Dialogue: 0,0:21:12.08,0:21:13.76,Default,,0000,0000,0000,,it seemed that hutchins in his teenage
Dialogue: 0,0:21:13.76,0:21:15.36,Default,,0000,0000,0000,,years had developed a malware named
Dialogue: 0,0:21:15.36,0:21:16.08,Default,,0000,0000,0000,,kronos
Dialogue: 0,0:21:16.08,0:21:18.72,Default,,0000,0000,0000,,that would steal banking credentials he
Dialogue: 0,0:21:18.72,0:21:20.24,Default,,0000,0000,0000,,would go on to sell this malware to
Dialogue: 0,0:21:20.24,0:21:21.92,Default,,0000,0000,0000,,multiple individuals with the help of
Dialogue: 0,0:21:21.92,0:21:23.44,Default,,0000,0000,0000,,someone he met online
Dialogue: 0,0:21:23.44,0:21:27.36,Default,,0000,0000,0000,,named vinnie k kronos is still an
Dialogue: 0,0:21:27.36,0:21:30.88,Default,,0000,0000,0000,,ongoing threat to banks around the world
Dialogue: 0,0:21:30.88,0:21:32.56,Default,,0000,0000,0000,,hutchins initially battled the charges
Dialogue: 0,0:21:32.56,0:21:34.32,Default,,0000,0000,0000,,with a non-guilty plea
Dialogue: 0,0:21:34.32,0:21:36.40,Default,,0000,0000,0000,,but after a long and exhausting ordeal
Dialogue: 0,0:21:36.40,0:21:38.00,Default,,0000,0000,0000,,that lasted for years
Dialogue: 0,0:21:38.00,0:21:40.88,Default,,0000,0000,0000,,in april 2019 he took a plea deal that
Dialogue: 0,0:21:40.88,0:21:42.08,Default,,0000,0000,0000,,would essentially dismiss
Dialogue: 0,0:21:42.08,0:21:45.12,Default,,0000,0000,0000,,all but two counts set against him
Dialogue: 0,0:21:45.12,0:21:47.68,Default,,0000,0000,0000,,conspiracy to defraud the united states
Dialogue: 0,0:21:47.68,0:21:49.28,Default,,0000,0000,0000,,and actively marketing the kronos
Dialogue: 0,0:21:49.28,0:21:50.80,Default,,0000,0000,0000,,malware
Dialogue: 0,0:21:50.80,0:21:52.72,Default,,0000,0000,0000,,he faced the possibility of a maximum
Dialogue: 0,0:21:52.72,0:21:54.96,Default,,0000,0000,0000,,prison sentence of ten years
Dialogue: 0,0:21:54.96,0:21:56.64,Default,,0000,0000,0000,,but because of his contribution towards
Dialogue: 0,0:21:56.64,0:21:58.88,Default,,0000,0000,0000,,wannacry and as the community had
Dialogue: 0,0:21:58.88,0:22:00.48,Default,,0000,0000,0000,,constantly pointed out
Dialogue: 0,0:22:00.48,0:22:02.24,Default,,0000,0000,0000,,his active involvement in defending the
Dialogue: 0,0:22:02.24,0:22:04.24,Default,,0000,0000,0000,,world against cyber attacks
Dialogue: 0,0:22:04.24,0:22:07.52,Default,,0000,0000,0000,,the judge ruled in his favor he was then
Dialogue: 0,0:22:07.52,0:22:08.16,Default,,0000,0000,0000,,released
Dialogue: 0,0:22:08.16,0:22:10.84,Default,,0000,0000,0000,,with zero jail time and is now a free
Dialogue: 0,0:22:10.84,0:22:13.84,Default,,0000,0000,0000,,man
Dialogue: 0,0:22:26.56,0:22:28.80,Default,,0000,0000,0000,,as stated before wannacry attack
Dialogue: 0,0:22:28.80,0:22:31.20,Default,,0000,0000,0000,,impacted over 150 countries
Dialogue: 0,0:22:31.20,0:22:33.92,Default,,0000,0000,0000,,and approximately 230 000 computers
Dialogue: 0,0:22:33.92,0:22:35.20,Default,,0000,0000,0000,,globally
Dialogue: 0,0:22:35.20,0:22:37.52,Default,,0000,0000,0000,,russia was the most severely infected
Dialogue: 0,0:22:37.52,0:22:40.40,Default,,0000,0000,0000,,with over half the affected computers
Dialogue: 0,0:22:40.40,0:22:43.28,Default,,0000,0000,0000,,india ukraine and taiwan also suffered
Dialogue: 0,0:22:43.28,0:22:46.40,Default,,0000,0000,0000,,significant disruption
Dialogue: 0,0:22:48.56,0:22:50.56,Default,,0000,0000,0000,,the most popular victim to emerge out of
Dialogue: 0,0:22:50.56,0:22:52.16,Default,,0000,0000,0000,,the attacks were the uk's national
Dialogue: 0,0:22:52.16,0:22:53.28,Default,,0000,0000,0000,,health service
Dialogue: 0,0:22:53.28,0:22:57.20,Default,,0000,0000,0000,,or the nhs in the nhs over 70 000
Dialogue: 0,0:22:57.20,0:22:59.04,Default,,0000,0000,0000,,devices such as computers
Dialogue: 0,0:22:59.04,0:23:02.40,Default,,0000,0000,0000,,mri scanners devices used to test blood
Dialogue: 0,0:23:02.40,0:23:04.72,Default,,0000,0000,0000,,theater equipment and over 1200 pieces
Dialogue: 0,0:23:04.72,0:23:09.84,Default,,0000,0000,0000,,of diagnostic equipment were affected
Dialogue: 0,0:23:10.16,0:23:12.40,Default,,0000,0000,0000,,approximately the attack cost the nhs
Dialogue: 0,0:23:12.40,0:23:14.48,Default,,0000,0000,0000,,over 92 million euros
Dialogue: 0,0:23:14.48,0:23:16.08,Default,,0000,0000,0000,,and globally the cost amounted to
Dialogue: 0,0:23:16.08,0:23:17.92,Default,,0000,0000,0000,,somewhere between four and eight billion
Dialogue: 0,0:23:17.92,0:23:19.84,Default,,0000,0000,0000,,dollars
Dialogue: 0,0:23:19.84,0:23:21.20,Default,,0000,0000,0000,,you'd think that the attackers who
Dialogue: 0,0:23:21.20,0:23:22.72,Default,,0000,0000,0000,,launched wannacry would have made a
Dialogue: 0,0:23:22.72,0:23:24.40,Default,,0000,0000,0000,,decent amount considering how many
Dialogue: 0,0:23:24.40,0:23:25.20,Default,,0000,0000,0000,,countries
Dialogue: 0,0:23:25.20,0:23:28.48,Default,,0000,0000,0000,,and devices were affected however as of
Dialogue: 0,0:23:28.48,0:23:30.40,Default,,0000,0000,0000,,june 14 2017
Dialogue: 0,0:23:30.40,0:23:32.64,Default,,0000,0000,0000,,when the attacks had begun to subside
Dialogue: 0,0:23:32.64,0:23:34.56,Default,,0000,0000,0000,,they had only made a hundred and thirty
Dialogue: 0,0:23:34.56,0:23:35.12,Default,,0000,0000,0000,,thousand
Dialogue: 0,0:23:35.12,0:23:36.96,Default,,0000,0000,0000,,six hundred and thirty four dollars and
Dialogue: 0,0:23:36.96,0:23:38.88,Default,,0000,0000,0000,,seventy seven cents
Dialogue: 0,0:23:38.88,0:23:41.12,Default,,0000,0000,0000,,victims were urged not to pay the ransom
Dialogue: 0,0:23:41.12,0:23:42.72,Default,,0000,0000,0000,,since not only did it encourage the
Dialogue: 0,0:23:42.72,0:23:43.52,Default,,0000,0000,0000,,hackers
Dialogue: 0,0:23:43.52,0:23:45.28,Default,,0000,0000,0000,,but it also did not guarantee the return
Dialogue: 0,0:23:45.28,0:23:47.52,Default,,0000,0000,0000,,of their data due to skepticism of
Dialogue: 0,0:23:47.52,0:23:48.88,Default,,0000,0000,0000,,whether the attackers could actually
Dialogue: 0,0:23:48.88,0:23:50.32,Default,,0000,0000,0000,,place the paid ransom
Dialogue: 0,0:23:50.32,0:23:52.88,Default,,0000,0000,0000,,to the correct victim this was clearly
Dialogue: 0,0:23:52.88,0:23:54.40,Default,,0000,0000,0000,,evident from the fact that a large
Dialogue: 0,0:23:54.40,0:23:55.36,Default,,0000,0000,0000,,proportion
Dialogue: 0,0:23:55.36,0:23:57.28,Default,,0000,0000,0000,,almost all of the affected victims who
Dialogue: 0,0:23:57.28,0:23:58.40,Default,,0000,0000,0000,,had paid the ransom
Dialogue: 0,0:23:58.40,0:24:04.11,Default,,0000,0000,0000,,had still not been returned their data
Dialogue: 0,0:24:04.11,0:24:08.91,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:24:13.68,0:24:15.36,Default,,0000,0000,0000,,although initially the prime victims of
Dialogue: 0,0:24:15.36,0:24:17.36,Default,,0000,0000,0000,,wannacry were said to be windows xp
Dialogue: 0,0:24:17.36,0:24:20.08,Default,,0000,0000,0000,,clients over 98 of the victims were
Dialogue: 0,0:24:20.08,0:24:21.92,Default,,0000,0000,0000,,actually running unpatched versions of
Dialogue: 0,0:24:21.92,0:24:23.12,Default,,0000,0000,0000,,windows 7
Dialogue: 0,0:24:23.12,0:24:25.76,Default,,0000,0000,0000,,and less than 0.1 percent of the victims
Dialogue: 0,0:24:25.76,0:24:28.24,Default,,0000,0000,0000,,were using windows xp
Dialogue: 0,0:24:28.24,0:24:29.92,Default,,0000,0000,0000,,in the case of russia they believed
Dialogue: 0,0:24:29.92,0:24:31.76,Default,,0000,0000,0000,,updates did more to break their devices
Dialogue: 0,0:24:31.76,0:24:34.24,Default,,0000,0000,0000,,rather than fix them
Dialogue: 0,0:24:34.24,0:24:35.92,Default,,0000,0000,0000,,partly due to the fact that a majority
Dialogue: 0,0:24:35.92,0:24:37.68,Default,,0000,0000,0000,,of people use cracked or pirated
Dialogue: 0,0:24:37.68,0:24:38.96,Default,,0000,0000,0000,,versions of windows
Dialogue: 0,0:24:38.96,0:24:40.40,Default,,0000,0000,0000,,which means they wouldn't have received
Dialogue: 0,0:24:40.40,0:24:41.76,Default,,0000,0000,0000,,the updates which were released by
Dialogue: 0,0:24:41.76,0:24:45.12,Default,,0000,0000,0000,,microsoft months prior to the attack
Dialogue: 0,0:24:45.12,0:24:46.56,Default,,0000,0000,0000,,microsoft eventually released the
Dialogue: 0,0:24:46.56,0:24:48.32,Default,,0000,0000,0000,,updates for systems that were at end of
Dialogue: 0,0:24:48.32,0:24:49.20,Default,,0000,0000,0000,,support
Dialogue: 0,0:24:49.20,0:24:51.12,Default,,0000,0000,0000,,including windows xp and other older
Dialogue: 0,0:24:51.12,0:24:53.68,Default,,0000,0000,0000,,versions of windows
Dialogue: 0,0:24:53.68,0:24:55.52,Default,,0000,0000,0000,,to this day if the domain that marcus
Dialogue: 0,0:24:55.52,0:24:57.44,Default,,0000,0000,0000,,hutchins acquired were to go down
Dialogue: 0,0:24:57.44,0:24:59.28,Default,,0000,0000,0000,,the millions of infections that it has
Dialogue: 0,0:24:59.28,0:25:01.12,Default,,0000,0000,0000,,at bay would be released
Dialogue: 0,0:25:01.12,0:25:02.96,Default,,0000,0000,0000,,but possibly ineffective if the
Dialogue: 0,0:25:02.96,0:25:04.64,Default,,0000,0000,0000,,computers had already applied the patch
Dialogue: 0,0:25:04.64,0:25:07.60,Default,,0000,0000,0000,,that microsoft released
Dialogue: 0,0:25:07.60,0:25:09.84,Default,,0000,0000,0000,,eternal blue is still in the wild and
Dialogue: 0,0:25:09.84,0:25:11.44,Default,,0000,0000,0000,,variants of wannacry have since then
Dialogue: 0,0:25:11.44,0:25:13.28,Default,,0000,0000,0000,,surfaced like ui wix
Dialogue: 0,0:25:13.28,0:25:15.20,Default,,0000,0000,0000,,which did not come with a kill switch
Dialogue: 0,0:25:15.20,0:25:16.88,Default,,0000,0000,0000,,and addressed the bitcoin payment issue
Dialogue: 0,0:25:16.88,0:25:18.48,Default,,0000,0000,0000,,by assigning a new address for each
Dialogue: 0,0:25:18.48,0:25:20.32,Default,,0000,0000,0000,,victim to collect payment
Dialogue: 0,0:25:20.32,0:25:21.92,Default,,0000,0000,0000,,therefore easily allowing to track the
Dialogue: 0,0:25:21.92,0:25:23.92,Default,,0000,0000,0000,,payment back to the victim
Dialogue: 0,0:25:23.92,0:25:25.84,Default,,0000,0000,0000,,however since it did not have an
Dialogue: 0,0:25:25.84,0:25:27.76,Default,,0000,0000,0000,,automatic worm-like functionality that
Dialogue: 0,0:25:27.76,0:25:29.28,Default,,0000,0000,0000,,wannacry exhibited
Dialogue: 0,0:25:29.28,0:25:32.16,Default,,0000,0000,0000,,it did not pose much of a threat the
Dialogue: 0,0:25:32.16,0:25:34.88,Default,,0000,0000,0000,,impact of wannacry is still seen today
Dialogue: 0,0:25:34.88,0:25:36.72,Default,,0000,0000,0000,,trend micros data clearly indicates that
Dialogue: 0,0:25:36.72,0:25:38.56,Default,,0000,0000,0000,,wannacry was the most detected malware
Dialogue: 0,0:25:38.56,0:25:40.16,Default,,0000,0000,0000,,family in 2020
Dialogue: 0,0:25:40.16,0:25:42.24,Default,,0000,0000,0000,,thanks to its vulnerable nature and
Dialogue: 0,0:25:42.24,0:25:44.16,Default,,0000,0000,0000,,f-secure reports that the most seen type
Dialogue: 0,0:25:44.16,0:25:46.40,Default,,0000,0000,0000,,of exploit is against the smb version 1
Dialogue: 0,0:25:46.40,0:25:47.36,Default,,0000,0000,0000,,vulnerability
Dialogue: 0,0:25:47.36,0:25:49.60,Default,,0000,0000,0000,,using eternal blue the fact that
Dialogue: 0,0:25:49.60,0:25:51.04,Default,,0000,0000,0000,,attackers still continue to try and
Dialogue: 0,0:25:51.04,0:25:52.08,Default,,0000,0000,0000,,exploit this
Dialogue: 0,0:25:52.08,0:25:54.08,Default,,0000,0000,0000,,must mean that there are organizations
Dialogue: 0,0:25:54.08,0:25:55.92,Default,,0000,0000,0000,,out there who have not patched against
Dialogue: 0,0:25:55.92,0:26:11.84,Default,,0000,0000,0000,,this vulnerability
Dialogue: 0,0:26:15.52,0:26:17.84,Default,,0000,0000,0000,,four years after the attack there is
Dialogue: 0,0:26:17.84,0:26:19.60,Default,,0000,0000,0000,,still no confirmed identity of the
Dialogue: 0,0:26:19.60,0:26:21.76,Default,,0000,0000,0000,,creators of the wannacry
Dialogue: 0,0:26:21.76,0:26:23.76,Default,,0000,0000,0000,,there have been accusations towards the
Dialogue: 0,0:26:23.76,0:26:24.88,Default,,0000,0000,0000,,lazarus group
Dialogue: 0,0:26:24.88,0:26:27.44,Default,,0000,0000,0000,,who has strong links to north korea
Dialogue: 0,0:26:27.44,0:26:28.16,Default,,0000,0000,0000,,however
Dialogue: 0,0:26:28.16,0:26:31.68,Default,,0000,0000,0000,,this is nothing more than hearsay so
Dialogue: 0,0:26:31.68,0:26:33.52,Default,,0000,0000,0000,,who is to blame for the catastrophic
Dialogue: 0,0:26:33.52,0:26:35.52,Default,,0000,0000,0000,,damage of wannacry
Dialogue: 0,0:26:35.52,0:26:37.36,Default,,0000,0000,0000,,is it the nsa who should not have
Dialogue: 0,0:26:37.36,0:26:39.28,Default,,0000,0000,0000,,stockpiled exploits without alerting the
Dialogue: 0,0:26:39.28,0:26:40.64,Default,,0000,0000,0000,,necessary entities about the
Dialogue: 0,0:26:40.64,0:26:42.40,Default,,0000,0000,0000,,vulnerabilities
Dialogue: 0,0:26:42.40,0:26:43.92,Default,,0000,0000,0000,,is it the shadow brokers who took
Dialogue: 0,0:26:43.92,0:26:46.32,Default,,0000,0000,0000,,advantage of this stole and released it
Dialogue: 0,0:26:46.32,0:26:48.00,Default,,0000,0000,0000,,into the wild
Dialogue: 0,0:26:48.00,0:26:50.40,Default,,0000,0000,0000,,is it the developers of wannacry or is
Dialogue: 0,0:26:50.40,0:26:52.32,Default,,0000,0000,0000,,it the fault of microsoft who did not
Dialogue: 0,0:26:52.32,0:26:53.76,Default,,0000,0000,0000,,identify this vulnerability
Dialogue: 0,0:26:53.76,0:26:56.64,Default,,0000,0000,0000,,sooner while all of this might be true
Dialogue: 0,0:26:56.64,0:26:58.08,Default,,0000,0000,0000,,to some extent
Dialogue: 0,0:26:58.08,0:26:59.92,Default,,0000,0000,0000,,at the end of the day the actions these
Dialogue: 0,0:26:59.92,0:27:01.92,Default,,0000,0000,0000,,organizations take are largely out of
Dialogue: 0,0:27:01.92,0:27:03.60,Default,,0000,0000,0000,,the control of the public
Dialogue: 0,0:27:03.60,0:27:05.76,Default,,0000,0000,0000,,and business owners who are usually the
Dialogue: 0,0:27:05.76,0:27:07.84,Default,,0000,0000,0000,,victims of the attack
Dialogue: 0,0:27:07.84,0:27:10.24,Default,,0000,0000,0000,,regardless of what we claim the solution
Dialogue: 0,0:27:10.24,0:27:11.76,Default,,0000,0000,0000,,is very simple
Dialogue: 0,0:27:11.76,0:27:13.36,Default,,0000,0000,0000,,make sure we follow the guidelines to
Dialogue: 0,0:27:13.36,0:27:15.44,Default,,0000,0000,0000,,have our data secured
Dialogue: 0,0:27:15.44,0:27:17.12,Default,,0000,0000,0000,,the most crucial of it is to have a
Dialogue: 0,0:27:17.12,0:27:18.96,Default,,0000,0000,0000,,consistent schedule for updating our
Dialogue: 0,0:27:18.96,0:27:20.24,Default,,0000,0000,0000,,devices
Dialogue: 0,0:27:20.24,0:27:23.28,Default,,0000,0000,0000,,and to obviously not use outdated
Dialogue: 0,0:27:23.28,0:27:24.72,Default,,0000,0000,0000,,operating systems that put
Dialogue: 0,0:27:24.72,0:27:26.96,Default,,0000,0000,0000,,employee and customer data and their
Dialogue: 0,0:27:26.96,0:27:29.36,Default,,0000,0000,0000,,privacy at huge risks
Dialogue: 0,0:27:29.36,0:27:31.04,Default,,0000,0000,0000,,when it comes to ransomware the most
Dialogue: 0,0:27:31.04,0:27:32.88,Default,,0000,0000,0000,,crucial form of defense is frequent
Dialogue: 0,0:27:32.88,0:27:35.20,Default,,0000,0000,0000,,backup the more frequent it is
Dialogue: 0,0:27:35.20,0:27:37.76,Default,,0000,0000,0000,,the better less than 50 of ransomware
Dialogue: 0,0:27:37.76,0:27:39.52,Default,,0000,0000,0000,,payments actually result in the data
Dialogue: 0,0:27:39.52,0:27:41.12,Default,,0000,0000,0000,,being returned to the victims
Dialogue: 0,0:27:41.12,0:27:42.96,Default,,0000,0000,0000,,and so needless to say payment should
Dialogue: 0,0:27:42.96,0:27:44.40,Default,,0000,0000,0000,,not be an option
Dialogue: 0,0:27:44.40,0:27:46.16,Default,,0000,0000,0000,,lest your goal is to lose money and your
Dialogue: 0,0:27:46.16,0:27:47.76,Default,,0000,0000,0000,,data as well
Dialogue: 0,0:27:47.76,0:27:49.52,Default,,0000,0000,0000,,the biggest mistake that organizations
Dialogue: 0,0:27:49.52,0:27:51.76,Default,,0000,0000,0000,,tend to make is refusing to believe that
Dialogue: 0,0:27:51.76,0:27:53.52,Default,,0000,0000,0000,,they would be a target
Dialogue: 0,0:27:53.52,0:27:55.36,Default,,0000,0000,0000,,according to a study by cloudwords in
Dialogue: 0,0:27:55.36,0:27:56.64,Default,,0000,0000,0000,,2021
Dialogue: 0,0:27:56.64,0:27:58.56,Default,,0000,0000,0000,,every 11 seconds a company is hit by
Dialogue: 0,0:27:58.56,0:28:00.64,Default,,0000,0000,0000,,ransomware and a large proportion of
Dialogue: 0,0:28:00.64,0:28:02.24,Default,,0000,0000,0000,,organizations are small
Dialogue: 0,0:28:02.24,0:28:03.92,Default,,0000,0000,0000,,to medium-sized businesses that never
Dialogue: 0,0:28:03.92,0:28:06.08,Default,,0000,0000,0000,,see it coming as they're often found to
Dialogue: 0,0:28:06.08,0:28:07.60,Default,,0000,0000,0000,,have less than effective security
Dialogue: 0,0:28:07.60,0:28:08.96,Default,,0000,0000,0000,,strategies in place
Dialogue: 0,0:28:08.96,0:28:10.48,Default,,0000,0000,0000,,making them ideal targets for such
Dialogue: 0,0:28:10.48,0:28:12.08,Default,,0000,0000,0000,,attacks
Dialogue: 0,0:28:12.08,0:28:13.44,Default,,0000,0000,0000,,digital transformation during the
Dialogue: 0,0:28:13.44,0:28:15.36,Default,,0000,0000,0000,,coronavirus pandemic has started to move
Dialogue: 0,0:28:15.36,0:28:16.96,Default,,0000,0000,0000,,businesses to the cloud
Dialogue: 0,0:28:16.96,0:28:18.80,Default,,0000,0000,0000,,and so cyber criminals have now shifted
Dialogue: 0,0:28:18.80,0:28:20.72,Default,,0000,0000,0000,,their focus to the cloud as well
Dialogue: 0,0:28:20.72,0:28:22.32,Default,,0000,0000,0000,,giving them an entirely new attack
Dialogue: 0,0:28:22.32,0:28:24.00,Default,,0000,0000,0000,,surface to work with
Dialogue: 0,0:28:24.00,0:28:26.48,Default,,0000,0000,0000,,the cost of ransomware is said to top 20
Dialogue: 0,0:28:26.48,0:28:29.04,Default,,0000,0000,0000,,billion dollars by the end of 2021
Dialogue: 0,0:28:29.04,0:28:32.16,Default,,0000,0000,0000,,and that is ransomware alone by 2025
Dialogue: 0,0:28:32.16,0:28:33.92,Default,,0000,0000,0000,,cyber security ventures estimates that
Dialogue: 0,0:28:33.92,0:28:35.84,Default,,0000,0000,0000,,cyber crime will cost businesses
Dialogue: 0,0:28:35.84,0:28:39.28,Default,,0000,0000,0000,,10.5 trillion dollars annually
Dialogue: 0,0:28:39.28,0:28:41.28,Default,,0000,0000,0000,,which would amount to just 2 trillion
Dialogue: 0,0:28:41.28,0:28:43.04,Default,,0000,0000,0000,,short of china's economy
Dialogue: 0,0:28:43.04,0:28:46.00,Default,,0000,0000,0000,,the second biggest economy in the world
Dialogue: 0,0:28:46.00,0:28:46.32,Default,,0000,0000,0000,,we
Dialogue: 0,0:28:46.32,0:28:48.32,Default,,0000,0000,0000,,are headed towards bigger and more
Dialogue: 0,0:28:48.32,0:28:50.64,Default,,0000,0000,0000,,destructive attacks than wannacry
Dialogue: 0,0:28:50.64,0:28:53.44,Default,,0000,0000,0000,,and our most reliable defense is our
Dialogue: 0,0:28:53.44,0:28:54.24,Default,,0000,0000,0000,,awareness
Dialogue: 0,0:28:54.24,0:28:56.84,Default,,0000,0000,0000,,and our action to better protect
Dialogue: 0,0:28:56.84,0:29:13.84,Default,,0000,0000,0000,,ourselves thank you for watching
Dialogue: 0,0:29:16.12,0:29:19.31,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:29:24.84,0:29:27.84,Default,,0000,0000,0000,,me
Dialogue: 0,0:29:30.81,0:29:33.38,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:29:33.38,0:29:43.78,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:29:46.77,0:29:51.28,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:29:51.28,0:29:53.36,Default,,0000,0000,0000,,you