Previous: Vidcon: Thoughts from Places
Next: Understanding America's Debt Problem



View count:383,562
Last sync:2023-01-19 09:00
In which Hank talks briefly about the fundamental shift in espionage, warfare, crime, and activism that may re-define our age.

More about Stuxnet here:

with a pretty in depth article here:

Hackers have been mounting increasingly sophisticated attacks. Billions of dollars have been stolen, and even more has been lost in the form of stolen intellectual property and infrastructure damage. Stuxnet proved that a computer hack can do real-world damage, and if it can be done once, I doubt we will be able to stop it from being done again.

Unlike traditional warfare, we frequently don't know where cyber attacks come from. And with the right team of people, an attack could be pulled off that could destabilize the entire world. It's pretty scary stuff.

On a lighter note...I've started up my gaming channel again:



Hacker - a person who can manipulate computers and technology, but more usually a person who breaks into computers that they should not be inside of. 

Vulnerability - a problem in software that can grant access to data and processes that should be kept secret, like passwords or credit cards or the controls to a nuclear power plant. 

Exploit - Software or procedures that allow people to take advantage of vulnerabilities. This will often come in the form of a simple script that anyone with even basic computer knowledge can run.

0-Day Exploit - An exploit that has not been released into the wild. Only the hacker, and possibly his or her close associates, know about the security hole at this point. A 0-Day exploit for an operating system can be sold for hundreds of thousands of dollars.

White Hat -  A hacker who uses his skills for good, informing organizations of security holes in their software, often these people are just referred to as security experts.

as ooposed to: 

Black Hat - The sort of hackers that we generally call to mind when we hear the word Hacker.

Patch - Software update that fixes the vulnerability. Often patches are not applied and exploits remain in-use for years.

Script Kiddies - Armies of unskilled, usually young people who just run scripts that hack targets for hackers above them in an organization. Occasionally they also operate on their own.

Cyber - A prefix that I hate, but am unwillingly using because it has become the standard because old people who read newspapers and watch cable news feel comfortable with it. I love William Gibson though!

Own: To take control of. An owned computer or server (or zombie) is controlled by hackers. This is where pwn comes from, by the way.

Anonymous: A loosely organized group of individuals identifying with a certain weird bunch of values like anarchy and "don't mess with us." They hack things that piss them off.

Stuxnet: The most advanced piece of malware ever created which caused the shut-down of Iran's nuclear refinement program.

42: HHG2G reference, which are common in hacker culture.


Shirts and Stuff:
Hank's Music:
John's Books:


Hank's Twitter:
Hank's Facebook:
Hank's tumblr:

John's Twitter:
John's Facebook:
John's tumblr:


Other Channels
Crash Course:
Hank's Channel:
Truth or Fail:



A Bunny
( - -)
((') (')
Good morning, John. Ever since Your Pants got hacked, I have been thinking a lot about the apocalypse. [music] Now you might think that there's a big difference between a bunch of script kiddies in Kamchatka bringing down Your Pants and the end of the world as we know it, but it turns out— some surprising similarities. But before we get into that... let me explain to you the anatomy of the attack on Your Pants. If you want any of the terms in the following description explained, just pause the video. There will be definitions on the screen. Let's start out, for those who are very confused right now, with "Your Pants." Okay, so first, a hacker discovered a vulnerability in the vBulletin software that runs Your Pants. That hacker then created an exploit for that vulnerability — at that point, a zero-day exploit — that he or she could use to exploit this vulnerability. The hacker released this exploit, probably in the form of a very simple script, that would allow anyone with even moderate computer knowledge the ability to hack Your Pants! These scripts were run by an army of underlings known as "script kiddies." The script would attempt to "own" the servers, pull off passwords that could be sold on the black market, use the servers for sending out spam, and stuff like that. Our white hat security expert, Sam Rudge, stopped the infiltration before any user data was compromised. So everything is safe, except the data that, uh, made up Your Pants. A big hunk of it, unfortunately, has been lost. So if you understood all of that without having to press "pause" and read definitions, then you're good. If you didn't, go back and watch it, read and understand all those definitions, because you're going to need to! Because we are on the cusp of a fundamental shift in the way that crime and war happens. So you're gonna need at least a basic knowledge of cyber-warfare and cyber-crime. Last night, for example, someone — or a group of someones — identifying themselves with the hacker group Anonymous totally hacked the Syrian Ministry of Defense website and put up, like, a message of solidarity for the people of Syria. This isn't really cyber-crime; this is more of a "hacktivist" thing. So, yeah, what Anonymous does is high-profile; yeah, it's kinda— like, sort of weirdly cool that they can do these things. But that's not what keeps me up at night, and let me tell you: This stuff does keep me up at night. The Russian mafia has a hacking team so sophisticated that it has revenues in the billions of dollars. They have collected so many credit cards that they can no longer sell them, because criminals are, like, "We have too many credit card numbers! I don't know what to do with these!" Chinese hackers, who may be sponsored by their own government, have been hacking governments and private corporations for years and have stolen billions of dollars of intellectual property. And what I find scariest of all is a piece of malware called Stuxnet. No computer virus has ever used more than one Windows zero-day exploit. Stuxnet had four. Stuxnet infected thousands of computers running industrial equipment all over the world, but it only activated in one place: The centrifuges refining uranium in Iran. While all of the readouts remained calm and everything looked completely normal, those centrifuges spun out of control and exploded! Who built Stuxnet? That's one of the things about cyber-warfare: No one knows where these things come from. Almost certainly, it was a multinational project spearheaded by the United States' government, but no one took credit for it. Another problem is that this is kind of like dropping a new kind of bomb on your enemy along with the plans for how your built the bomb. You don't wanna do this! Because now the code for Stuxnet is freely available on the Internet, and with the right knowledge, it could be modified to break down oil pipelines, shut down power plants, or open the floodgates of a dam. Now I am not generally an alarmist. I don't usually worry about these types of things, but this is pretty scary! So yes, I'm glad that Iran's nuclear weapons program has been set back significantly, but I don't know if it was worth creating an entirely new type of warfare to do it. Because I worry about the attacks themselves, but I also worry about the legislation that will be created to "protect us." One: Because the legislation will probably ruin a lot of what's great about the Internet, and two: Because the legislation will never be effective! There's no way that the professional arguers in Congress will ever be less than 42 steps behind the hackers. I wanted to talk about this because I want more people to know about it, but unfortunately, I don't have any, like, solutions. We've just gotta cross our fingers. Hackers are smart people— hopefully smart enough to know that destroying the world is a freakin' bad idea! John, I'll see you on Wednesday.