Cyber Terror: Who Sabotaged This Saudi Chemical Plant?🎙Darknet Diaries Ep. 68: Triton
Ғылым және технология
A mysterious mechanical failure in Saudi Arabian chemical plant leads a cast of tech researchers down a strange path towards an uncommon, but grave, threat.
Visit darknetdiaries.com/episode/68/ for a list of sources, full transcripts, and to listen to all episodes.
Пікірлер: 264
When you work in plants like this, they teach you to fight your instinct to help someone if you see them go down for no reason, most of the deadly gasses are odorless, colorless, and instant death and the last thing the rescue team needs is to retrieve 2 dead bodies from a dangerous area.
@fedordedov783
Жыл бұрын
Yep. Its like "confined spaces" on a ship.
@ericjohnson9468
Жыл бұрын
That’s true…. ‘no exaggeration… & I would never rush forward to aid someone collapsed … even outside. I worked in a large refinery for many years, & always wearing ‘canaries’…. personal air-monitoring devices I sported on my safety vest @ all times. Once one went off as I was taking a shortcut across campus via a below-grade passageway…. which induced me to IMMEDIATELY retreat, even though I smelled nothing.
@hughgrection7246
Жыл бұрын
@@ericjohnson9468 How does one know which direction to retreat in though ?
@silverekpenyong6449
Жыл бұрын
@@hughgrection7246up wind or cross wind if you have any kind of indication where the air is blowing.
@snorttroll4379
9 ай бұрын
Back where the alarm was not sounding
For those wondering, the company is Sabic.
You’re a great storyteller, and the production really helps to immerse you into it. Really enjoy the pod!
Episode 68: "Where Jack discusses SCADA without ever actually saying SCADA."
The only hack I've ever been a victim of (to my knowledge, at least) was my OG Roblox account got stolen from me in 2010. That shit turned my little heart cold.
@thewhitefalcon8539
Жыл бұрын
That's the only one that DIRECTLY affected you
@clairecordell2461
9 ай бұрын
Brutal !
@Tinera420
Ай бұрын
I was hacked on the big sony's hack back in like 2011 Lost my prestige 10 account on mw2
This channel is awesome!! I stumbled on it and immediately hooked!! I am a cyber security professional and love the stories
@Optable
Жыл бұрын
I have been a senior front end ui/ux designer at an agency for 6 years and a professional for 12 years. There's nothing more I want other than to get into cyber security, blue team, red, incident response, threat analysis, devsec, etc. as i've been extremely eager for years now. I've heard constantly by those I've spoken to in the industry I don't need to be a great programmer, though it will limit my reach. But that they know of many coworkers and professionals that aren't writing constant code as much as they just need to understand it. I'm an expert in js, css, and an intermediate level in python and c. I've been running nginx/evilginx, kali, burpsuite, various bug bounty tools, owasp, and more for a few years now. Where do I start? What positions could I find a foot in the door or jump into?
Excellent episode. One thing that didn’t quite get hit on but is important: they talked about the decision to start the plant up without a safety system versus leaving it down. Depending upon the specific system, leaving it down can carry its own risks. Some facilities are multistage and pressure can build up in cases of down or partial down states, particularly if it’s a partial down state that has not been planned for. The risk is not entirely one-sided, and I can definitely give the managers the benefit of the doubt regarding the safety of being partially down versus being up. (My husband worked as a safety officer at a chemical research facility.)
@sabre22b
Жыл бұрын
Bloody dangerous. Oops, did I say that outloud? Lived down wind from Grangemouth and Rosyth...
I feel so stupid when I listen to/watch your channel but I pretty much have had you on for 8 hours while working and loving it man, new subscriber for sure, good job dude.
Always looking forward to new episodes! Thanks for all the work you put into this content, Jack. I just went through all your bonus episodes. Really loved the one with your dad. I'm always doing similar things with my son lol
This one obviously falls into the category of cyber-warfare , especially given that human lives where at stake for the only purpose of sabotaging a competitive faction.
@michaellevi8905
7 ай бұрын
NSO Group md ISRAEL.
Awesome episode man, I’m a new follower and have been diving in. Love your story telling style and homework sharing approach.
I've worked with similar systems, I'm still trying to figure out if they just messed up because by shutting the safety system down made it obvious it was compromised. And, the safety system still interacts with the overall plc/dcs. These are fail-safe as demonstrated by when the safety controller was shut down, the whole system went offline. So why not just force valves open/closed instead of shutting it down if they wanted to damage physical infrastructure/cause causalities? They did say that they changed the inputs/outputs in the program.
Omg! Finally!! I love your channel…thank you for posting!!!❤
Who would target Saudi industrial systems? Let me count the ways...
@TTTorpedOOO
Жыл бұрын
Iran
@Calzone407
Жыл бұрын
@@TTTorpedOOO my man, literally any country XD There's so much political turmoil over those lands that literally anyone could have done it
@michael30000
Жыл бұрын
Lol you seriously don’t know who? Take a few guesses
@mattnsac
Жыл бұрын
@@Calzone407 Guess sarcasm isnt your strong suit?
@cristianespinal9917
Жыл бұрын
@@TTTorpedOOO that was my immediate guess as well.
Good Ep Jack, thanks. Keep them coming.
I am addicted to this podcast
@JackRhysider
Жыл бұрын
Glad you like it.
@jonathanalestam
Жыл бұрын
Makes 2 of us for sure
I love this storys and mindgames. Keep on the good work mate!
Keep them coming, idk if u clip parts out but more details better
I just love this type of solo event explanations
When Jack posts -'' surely we live in the best of all possible worlds.''
@markrix
Жыл бұрын
🟫👃
@snarevox
Жыл бұрын
nigga youz a rhysider dickrider
@ItsAllMoot-sd7nj
Жыл бұрын
If I'd like lip from you I'd take if off my Zipper Mark. You can SMD later. Quit acting out in public.
Keep them coming Jack. 🤙
Damn! This is a great episode.
I really love these videos but I wish there was something to look at as you describe these scenes. It would really add so much
@JackRhysider
Жыл бұрын
Nothing beats the theater that's in your mind...
Thank you for another great episode
Hi Jack just wanna say this is best cyber channel i ever heard! keep up with this best content brother💯🔥
Got something to watch at work today
Killer episode per usual bro
We need to start going back to simple hardware which is not remotely programmable for safety controllers. Someone should have to be right there to program them and have to physically plug into it. Make the systems as simple as possible and run the software as close to bare metal as possible. And make them so they are read-only back to any required monitoring hardware.
Written at 45:50 in the video. If you want to find out who did an attack like this, you should use the old saying "Cui bono" "who benefits" in English. How different nations, companies or organizations could benefit from such an attack is not that hard to grasp. If you're in the same business as them, you will benefit from much higher prices while they rebuild the plant. If the plant you destroy is one of the biggest in the world, the prices will rise and you will make a large sum of money. Benefitting from such an attack could also be calculated as an attack in a war. Currently Shi'ite Islam, represented by Iran and Sunni Islam, represented by Saudi Arabia have been at war with each other for almost 1400 years. This war is not a Cold War and has never been. In general they hate each other more than they hate their mutual enemies.
@20chocsaday
11 ай бұрын
And they have the example of Stuxnet on their centrifuges. Could be, or they asked for help.
When are the new episodes on Spotify are going to be released? Great ep btw
@JackRhysider
Жыл бұрын
On break til april
Can you please reduce the background 'music'? It is very distracting, does not add much, and for people with hearing issues an annoyance.
very awesome content
Speaking of data breaches. Today I was in forever 21 with my girl and they were unable to use forever 21 store cards that had money on them... the cashier said they'd been hacked This was today March 28th 2023. Me being me I looked everywhere online. Nothing. I called forever 21 costumer support the guy asked me how I knew I told em And he proceeded to tell me they weren't hacked lots of suspicious activity tho. And the dude on the phone wasn't re assuring with his answers to me nore his tone Just something to keep an eye out for. The cashier also told me it wasn't only forever 21 that was hacked but every company they own as well.
Ah, Triconex, my old company. Only worked there for about three years back around 2010.
I did some IT work for a chemical plant. They made stuff for NASA. Anyway they made me go through a safety class to even work in there. My main contact said if I hear emergency announcements and see him running I should run the opposite direction.
@sebastiank1714
Жыл бұрын
Was he the self sacrificing hero or the sarcastic humor asshole type? What's your guess? --> He'd have a tall story to tell: The emergency alarm went off, everybody was heading for the exit, but the young specialist IT-Nerd went running straight for the boiler, right before it blew him to bits.
@jumpingman6612
Жыл бұрын
@@JohnDoe-ws4iu this
I don't understand how someone accused of developing & deploying such a high-level attack fails to cover the basics i.e. masking their ip address? It's probably even more likely that it's like that on purpose
@sixsixsix9289
10 ай бұрын
Siemens /scada is scum
It is believed several years ago hackers broke into the web interface of the Fumel hydroelectric dam and caused flooding of a small village on more than one occasion.
I wonder which nation state actor might have.done this...mystery. Great show Jack
@sismofytter
8 ай бұрын
Maybe a private company 😉
@yuglesstube
8 ай бұрын
@sismofytter Unlikely. The capability required implied a Nation State Actor, in my personal view. Seymour Hersh has written quite extensively on the question. I find his analysis to be seemingly credible. It is interesting that the official enquiry seems to have stalled. Hmm.
Why aren’t the episodes on Apple Podcasts app the same as youtube? Love the podcast!
@JackRhysider
Жыл бұрын
yep they are, this is episode 68 which is there
Wouldn't they have a complete backup of the system configuration and a SOP of how to do a complete factory restore of everything. Factory restore everything offline, reload the configuration files and presto. I know its a bit more complicated but does it has to be?
You're telling me OT means operation technology? So O.T. Genesis the rapper who wrote "IM IN LOVE WITH THE COCO!" is really Operation Technology Genesis?
i love that i can just listen to this
We've been trying to reach you about your vehicle's extended warranty. JK! Awesome pod! Love the channel!
The sound effects being played in the video at 16:08 are so distractingly loud, I also watch this on my tv at night😭
It’s always a good morning when I wake up to another DND episode!
@yarbabez
Жыл бұрын
This episode is 2 years old
@bickyboo7789
Жыл бұрын
He's reuploading his old episodes to this KZread account. You can find a lot more episodes on his website and some podcast platforms.
@J_CtheEngineer
Жыл бұрын
@@bickyboo7789 I haven’t come across this episode on the podcast. Nice surprise for me.
Younger part of my career was petro/chem. You don't step foot on site without a gas monitor on your collar, no matter where in the world you go. Facility wide monitoring is a super helpful and super necessary thing, but not end of the world. Hyped drama saying "Is this air safe to breathe?!" Come TFO. These computer techs had monitors on their collar as well, I'd bet $100
Anyone have suggestions on how I can work in OT incidence response? How do I get the skills? I have done CEH and I know basics of network, cloud and web app security but how do I learn this skill?
When you walk around plants like this you should always have a personal h2s monitor also.
Out of curiosity, How come these latest ones aren’t on Spotify?
@JackRhysider
Жыл бұрын
this is episode 68, which is on spotify
Do you have a Spotify account for podcasts? Does he have , top KZreadrs don't actually reply to us 😮
1:09:58 "I would be never comfortable to conduct one operation that may impact human... life of civilians". creepy
Love These Storys. they make me paranoid , about everything around me, haha. Even gets worse, knowing what a Flipper can do, If someone know how to use it proper. Not looking the Other Tools, that are really good at one area. That price i Pay For the enjoyment.
yes controllers are important but there's always mitigations in place. And you can't electrically stop gravity or natural physics from occurring.
My cousin was killed in 2017 from hydrogen sulfide gas. This stuff is pure evil. My cousin was in a pit in a confined space working in a power plant. The pipe was supposed to be non-pressurized & contain only water. It contained pressurized hydrogen sulfide INSTEAD. When my cousin cracked the last bolt on the 12 inch wide elbow joint, hydrogen sulfide solids & gas burst out of that pipe. Hydrogen sulfide after 1 breath kills your sense of smell & after another breath you pass out & are incapacitated. My cousin passed out & the solids started to eat his skin as the pit filled up with hydrogen sulfide sludge & gas. His foreman that was above him took one breath & fell head first into the pit. The foreman's brother seen him fall into the pit & tried to run over to help but passed out on a catwalk. Another man in the gang seen that all happen & tried to help & he passed out. Another man seen that all & tried to help & he became incapacitated himself. All 5 men laid there breathing HORRIBLY toxic fumes until hazmat arrived, assessed the situation & then acted upon it. My cousin died. His foreman died. The foreman's brother received HORRIBLE lung & eye damage & the last I knew he'll NEVER work again & will NEVER breathe or see normally again. The other 3 had serious lung burns but nothing on the level of the others. The plant denied all liability & it's STILL being fought over in court. If a plant that contains hydrogen sulfide were to explode, what I've described would happen en masse to EVERYBODY who breathed the death of hydrogen sulfide. RIP Kevin. I can't believe this happened to him. He had a 1 year old & 3 year old kid.
@ClickClack_Bam
Жыл бұрын
Oh & it was a Friday & the shift was over. The foreman was telling my cousin to get out of the pit & leave it to the next shift. My cousin not wanting to be lazy wanted to finish taking the bolts off when he was killed.
That attack happened in the first half of 2017. Towards the end of year (Nov) Saudi Arabia opened dialogue with Israel.
Checklist for GTFO: 1. You're called as part of an ERT for IT/OT to a Petro-Chem, Munitions, Bio or Nuclear facility 2. Said facility has major relevance for the country it is in, I mean MAJOR 3. Said country is part of the usual love-circle of Russia/USA/China/Any of their proxies 4. You encounter EXTREMELY specific code you've NEVER heard or read about In 9 out of 10 cases, you'll 'vanish' afterwards, no matter the outcome of your work. Both parties involved in such things have a clear interest in you never be able to do it again/tell anything about it.
@20chocsaday
11 ай бұрын
Good reason to publish. You found it, you are 90% damned.
@sixsixsix9289
10 ай бұрын
ScadaHacking ...old trick...
Thanks for NOT mentioning the plant/company name. Seems super relevant in the first 5 minutes. So of us are driving and don't use or trust voice assistants. So yeah, quite stupid, a first for you jack.
of cource its the suidas . they left thier refinery connected to the net.
Operators don't operate the triconex, that's a separate discipline that handles the functions of the control systems
@xdsone
Жыл бұрын
Most triconex systems are air gapped from the internet.
>saudi government spends millions of dollars trying to figure out who did this >meanwhile, I read the video title and immediately knew seriously, who else would it be.
42:02 what about stuxnet? That was not save for the workers. And i guess there are other hacks that did cost life’s, just not on such a high level
Nice a new video
Those this project that minus cybercriminals we might soon be having cyberterrorist?
The USCSB has some great analyses on big tragic incidents and accidents in industrial processes. Love this kind of stuff. It’s like true crime but even more unsettling
This ep is over two years old
@JackRhysider
Жыл бұрын
👀
We can hope they will be detoured from this behavior, however I feel that the malice within the heart of the original coder is not something easily dismissed. Time will tell... L8R G8R.
I hope they educated their on site engineers to do basic Observability and investigations.
what a dark episode
Can you lower the volume of the background music just a little bit? Please
@JackRhysider
Жыл бұрын
noted
It was government intrusion into the working of the company and why engineering left the computers open for investigation over the weekend.
Just a guess work-- Could it be Iran + Russia. Easy to keep pressure on Europe and also prep-up oil prices? KSA can afford low oil prices but not other countries?
I get the feeling that if it was not done for financial gain or better control of the petroleum market, it might be done because it was possible. Imagine a suitably qualified professional worked at the plant. He left after a while and went to a post in an academic place where he talked freely to his fellows about the plant. Some people can leave a chemical plant able to draw it out as a Process. Computing students need to learn about Process and Systems. Bit by bit the plant is described. Location possiblity. But how the computer controls the plant is not given out. Yet a bright couple of students infer it in the canteen. From there and very gradually information is allowed to be learned, from students if they see others who are bright enough. Eventually there amasses more knowledge than anyone who ever worked there has. And it is all 'below the surface'. Let's try. Let's see if this is right.
@thewhitefalcon8539
Жыл бұрын
it's very unlikely. To find the zero-day and develop the malware, someone had to be alone in a lab with one of these systems in a lab for a long time. ("Alone" as in not with anyone who would find it suspicious)
I had my tax info stolen at some point and a false return filed in my name after my legitimate one was processed.
I am sitting here listening to this on a site similar to the Saudi plant. Lol
Is Fireside hiring?
18:22 H2S, shitter gas on the ship, or something like that, we all knew as gunnersmates it just too an engineer fucking up to kill us all lmao
Who? Risk management maybe? Pressure makes diamonds!
“our nations leaders don’t understand don’t understand technology” Is the most elegant way I have ever heard someone say “Ok Boomer”. But in all seriousness, this is why we need term limits for politicians. After enough time in office, you start representing your age group instead of the people overall.
How come he doesn't mention the name of the company.?
@M7_Saffar
Жыл бұрын
If you went back to the news, they also didn't say I remember it made some fuss about it at that time, and it was top secret that no one of the employees knew what was going around and said the shutdown was some problems with electricity it was a mess
How he change Voltage electricity, I understand but I don't sleap 12 years, with me, I haven't kidneys, You haven't Space. By the way Swift Key,?
Can someone tell me what is the name of the company?
@M7_Saffar
Жыл бұрын
If I remember correctly, it was SABIC I'm not sure, but the profile fit
really cool
Is Xenotime an actual group
يمكن لازم يصير نفس الشيء في بندر عباس وموسكو.
A tenth of the subs viewed this in a day.
Why wouldn't you say the name of the company? Strange.
@mrmotofy
Жыл бұрын
Can cause all kinds of complications
Says episode 68 on bottom left screen
@bickyboo7789
Жыл бұрын
He's re-uploading old episodes on this channel. This is like 2 years old.
Did anyone figure out the name of the company?
@goblingrim
Жыл бұрын
Saudi Aramco
What scare me as a cardiac patient is when will pacemakers get hacked
@sfm4748
Жыл бұрын
they already can be.
@citricguy
Жыл бұрын
That's already been done. I forget which episode Jack covered that in though.
@kenosabi
Жыл бұрын
My wife's cousin has had one his whole life and last Christmas he was telling me about it and how his doctor had called him to warn him. Scary stuff.
@lc3853
Жыл бұрын
You should be more fearful that the pacemaker manufacturer will implement a subscription service. "Please enter your banking information to access more heart tokens."
Jack, you’ve skipped like 30 episodes haha… good work nonetheless
@JackRhysider
Жыл бұрын
hah! good catch. fixing it.
Does anyone else think Julian sounds like Elon Musk
@bearb1asting
Жыл бұрын
Yeah
"It's just a prank" The prank:
Whoooohoooo!!!
36:55 If you know what Saudi Arabia is doing in Yemen you wouldn't say this...
@Yazeed_Slami
Жыл бұрын
You speak as if Saudi Arabia woke up one day and decided to bomb Yemen for no reason. It is a militia that took control of the government. In short, it is a civil war. There is an actual war taking place now between the Yemenis. Yemen is not even a one country, but two, and they returned to fight. Saudi Arabia has nothing to do with what is happening there
obviusly create a hosting
Black Hat vs White Hat who's side are you on?
@luvmechanix
Жыл бұрын
One man's black hat is another man's freedom fighter?
@DursunX
Жыл бұрын
@@luvmechanix all hats look the same colour in the dark(net) 😉
@YTInnovativeSolution
Жыл бұрын
I'm for translucent hat.
Nope my data hadn't been in any hacks also I barely have any data online anyway (if somebody/something did get my data that I have on the internet currently I probably wouldn't care much)
It 100% was the NSA and they know it..
I just had my info stolen again. 4th time I think.
Dude just never plugs this on his Podcast. Genius.