The Hack That Made China a Superpower: Operation Shady Rat
Vložit
- čas přidán 20. 06. 2024
- Operation Shady Rat - the hacking operation that changed the world forever. It all began in 2006, when an employee of a construction company in South Korea received an email with an attachment.
🎯 Subscribe to @cybernews for more AI news and cybersecurity updates: cnews.link/subscribe/
🎪 Looking for entertainment and interesting stories? Check out our playlists filled with captivating content that will keep you entertained for hours:
• Infamous Hacks
• Cyber Tops
• Cyber Crime
📰 Stay up-to-date with the latest cybersecurity news and trends by checking out our curated news playlist. We cover the latest threats, trends, and insights from the world of cybersecurity:
• Latest NEWS
💬 Stay connected with us on social media for the latest news, insights, and discussions around cybersecurity: linktr.ee/Cybernews
💌 Stay up-to-date on the latest cybersecurity trends and news by subscribing to our Cybernews: • Latest NEWS
📷 Thinking of purchasing a camera? Check out what is the best camera for you - cnews.link/best-cameras/y27B-...
00:00 Intro
01:54 How Operation Shady Rat Started
05:06 Unit 61398
07:56 Why Shady Rat Happened?
10:19 The New Rats
🥷 Secure your online activities - Check out a VPN with the best discount - cnews.link/get-nordvpn/y27B-s...
🔑 Keep your accounts safe - Get THE BEST password manager offer - cnews.link/get-nordpass/y27B-...
🦠 Protect your devices - Grab an EXCLUSIVE Antivirus deal - cnews.link/get-bitdefender/y2...
Image Credits: drive.google.com/file/d/1OzQ6...
ℹ️ About us
We are an independent news outlet with a CZcams channel that posts cybersecurity & tech news videos daily. Our foremost concern is the safety and security of our viewers around the world. We remain vigilant on the issue of hacking and will provide updates as they become available. A number of our investigations and reports have been featured by industry-related publications and global news leaders like Forbes, PC mag, and Techradar. - Věda a technologie
Let us know if you would like to see more explainers like this!
Why isn't Joe hosting this?
now this is an explainer that i wanted to see
Yep. I love to watch explainers like these lengthy video > 20 min as movie 🍿😊😊
always
I love it!
Lockheed Martin billion dollar technology and yet bought an ebay network security.
Greed breeds stupidity
the biggest vulnerability in a system is humans
@@isenewotheophilus6485 And money. Once money is involved, a lot of things become clearer for people who want to investigate these strange “anomalies” in national security.
@@isenewotheophilus6485stupid humans not humans in general
If the us doesn't force a security standard, companies wont enforce it.
Moral of the story, never ever use Windows OS for the work!
It would have still happened... Why? Because people still clicked on the emails.
Linux is not 100% immune. But it is way better than Windows. I've seen even some ATM machines running on Windows XP.
@@ashenabeysinghe4767 most ATM machines run on windows XP. In fact, a grand majority of similar systems run on windows XP
if your computer has access to internet and ability to run background job, it doesn't matter what OS you are on.
You mean to tell me that NSA, PRISM and all the other hackers didn't catch that. The US budget is over 50 billion for US hackers. Other countries are better?
Well, this empire is very good in a few thing, namely writing story, telling it convincingly and make believe for their tax payer to support more money spent on new projects in the name of National Security, right.
@@clearheaded5696huhh an American who knows truth
you cant buy talent, the US has been trying to do so for long.
dont take it seriously, reasoning with these people makes no sense, people only believe what they want to believe and content creator only wants money out of it.
Did u not watch the video? They specifically said that they knew about it when the Snowden leaks came out.
Please post more content like this weekly.
Wonderful video
Work 24/7 😂😂
100% agree, thiis one of the best videos i've seen in a long time
@@Andreas_linden serve the hive mind, right? Not a chance, I say. Ridiculous
Regarding F35 design theft: When I worked for Defence companies, it was standard for all classified data and software to be stored on locked-down air-gapped systems. Avoiding those DOD mandates could get you free room and board at a federal facility for several years (IF you didn't have the right contacts, see case of Sandy Burger). Have the security rules been relaxed? Have we gotten that stupid? If this was willful stupidity on the part of Lockheed Martin staff, they should VERY PUBLICLY be convicted and sent to the Big House. I font
Continued - edit session was aborted somehow. I don't care if the top responsible person was the CEO of LM.
I believe it's usually mistakes. Temporary systems set up for testing purposes and forgetting to remove them.
Files copied from air gaped server for research but forget to remove them from the connected server etc.
That said I don't know what happened in this case.
Simple, you don't go after Lockheed you go after their part vendors. China realized that if you go after the small businesses that have a DoD connection you can effectively unveil all the parts and pieces that go into it. Don't try to steal the schematics for the radar system find the business that manufactures them for both Military and Civilian. Can't crack those guys? go for the ones that lost the contract to the other guys they're probably worse but it beats expending the billions in research that goes into it.
Software is the biggest kicker and most likely the most secure, that's developed in house however with AI you can now supercharge it.
China can copy American design and manufacturing but they're just cheating. They won't actually learn anything or why we developed or how which ironically makes them rely on the U.S.
China is quite literally leeching off the money of the American tax payer
This all happened pre-Snowden before 2007 back when sub-contractors kept kicking the bucket in regards to security. When the F35 incident happened the DoD lost it's collective shit and cracked down.
yes makes me sick
China became smarter when they started using local technology companies. The US still has higher access to other countries as they can inject any RAT along with Windows OS which the majority of countries do use in their critical infrastructures.
yeah the west doesnt work like that operationally. state and business isnt connected the way it is in say China, russia, North Korea etc. They dont have access to OS development at all, They have tried to have backdoor access for law inforcement but its just not a good business plan and customer confidence is king, so only an idiot would grant the government that kind of access! Just ask any Hong Kong citizen.. lmao..
@@douglascampbell4993 Maybe not, but it's arguable. China does use some western cloud solutions like Azure but only hosted in Chinese data centers managed my Chinese companies.
Heard of Linux? "Critical" infrastructures nowadays don't use good old Windows anymore
You might be talking abou the west, I have worked in many emergent countries and most services do run on Windows even airports. FYI there are ATM machines running Windows XP still, many countries have stopped in the stone age.@@aaraviii
@@aaraviiiThat would be good if people acted smart. And if there's something you cannot underestimate is human capacity to make stupid decision in key infrastructure
Every single one of these companies could have avoided all this trouble by spending more money on security rather than just 'hoping' that the measures they had in place would be good enough.
Or simply cut off China from the internet, and block all access from China to the US
Very ignorant comment. The age old adage rings true, if you build it, they will come.
This isn't ancient China with Mongols on horseback. The threat, as was just explained to you, is persistent, and ever evolving.
Cold war never ended mate.
@@EB-73- Excuses excuses.
Being proactive costs money so there's a cut off point where companies know that they need security but it's cheaper to just cross your fingers, hope for the best, and pay off individuals who _do_ get screwed over.
Or, if you like, you can just pretend that doesn't happen.
Very ignorant comment 😂
@@wavydavy9816 Point being is that security itself is an illusion. As you so kindly point out, no amount of money is ever enough. At some point you HAVE to cross your fingers and call it good.
If you want the gods honest truth, the best security would have been not to go digital in the first place. Or maintain a closed loop system. Both of which cost next to nothing by comparison.
Once you open yourself up to attack it's impossible to ever say with certainty that it won't come.
Perhaps that concept is a bit difficult for you to reconcile.
@@EB-73- I own a nice motorbike which I have to park on the street.
I have done everything possible to make sure that nobody can steal my motorbike and get away with it.
It has taken a lot of money and effort to get to that stage, some might even say that I've gone too far with my security (which, admittedly, makes it slightly inconvenient to use my motorbike).
A team of people who specifically set out to steal _my_ motorbike and circumvent the various devices fitted would indeed be able to steal it, given an unrealistic amount of time, then they'd have to store it underground to stop the tracker working to avoid recovery
I can confidently say that I'm not worried about my bike being stolen, because I've taken those measures myself, and that's being pro-active. I can measure the amount of hassle potential bike thieves face compared to how much profit they are likely to make, seee the cut off point and act accordingly.
Banks and other financial institiutions definitely don't care about their customer's investments as much as I care about my motorbike, and THAT'S the difference.
If they _really_ wanted to they could do it no problem 🤷♂
This is exactly what US has done to Iran by developing Stuxnet worm. It was one of the most sophisticated attacks to the control system of an industrial plant.
Boy sheer havoc. Darknet diaries episode was crazy.
Iranian nuclear development is hardly a positive and beneficial organization as U.S. industries.
NSA: focus on hacking others, too busy to take care of the domestic cybersecurity🐶😎
@@kentlu4781 In fairness to NSA employees, this isn't really their fault.
The NSA is structured as a surveillance and code-breaking agency. That's *all* they do.
The NSA works with US Cyber Command to engage in Offensive Security practices (as well as conduct Cyber Warfare Operations, but... shh, they aren't supposed to do that).
CISA (CyberSecurity & Infrastructure Security Agency) is the agency responsible for US Federal Cyber Security and infrastructure.
This seems far worse. One factory in Iran vs thousands of stolen industrial secrets...
TL;DR they aren’t that smart, we’re just that stupid.
That Lockheed Martin employees face when he found out what happened must have been… *chefs kiss*
i was thinking that too, he just gave the chinese the plans for their most advanced fighter jet. i'm sure he left that accomplishment out of his CV
@@neanda reminds me of the NASA intern who dropped a wrench six stories down onto the Shuttle heat shield, causing millions in damages and weeks in repairs. Guy was fired before he got off the elevator.
I'm guessing the person who clicked the mail wasn't the only one at fault. Someone left the plans in a place that was easily accessible as well. It's nearly always a series of mistakes.
@@smallpeople172 Those two don't compare well. One could be interpreted as a civil mistake for civil penalties, and the other can be interpreted as being traitorous.
@@twavee interpretation depends on intent
Got my sub on the first vid. The visuals, even the simple ones, were really insightful
Roman proverb: "Opportunity makes the thief.". As long as America continues to blame other countries for it's own shortcomings progress won't come. Face facts: You're responsible for your own vulnerabilities.
Wow. Wumao's getting all agro!
Who had the "brilliant" idea of hooking up the controls of the most important infrastructure in the world to the internet?
Well it’s mostly engineering portals for remote access and monitoring of systems. But security is often light or non existent in these areas.
Bill gates
@@realmemegalacticand the Bush republican government.
the IT departments that get paid by American companies i feel like to put everything into the cloud :)
Remote monitoring is needed to catch problems before they start impacting public health.
We do not have to put our infrastructure on the net to begin with. Seems to be a security risk easily explored. Why risk National Security for convenience?!?
Exactly! I saw somebody say, well it stifles innovation. Maybe, but I would rather it take an extra year or two then have our enemies also be able to use the same weapons technology we do. You cant have it both ways.
That screensaver sound laughable, but I worked for a company who had a corporate screensaver.
It's baffling how many "advanced" and highly educated users fall for the most basic social engineering. People can be absolutely brilliant and yet completely naive and ignorant.
@@Dwigt_Rortugal yeah. I think a lot of people are in „get it done mode“ and mindlessly click m-on and react-to every email.
@@Dwigt_Rortugal CuteCatVideo.exe just install...Uhm, I mean just open a watch 🤨😅 Yup, there's no shortage of naiv people so hackers or scammers don't need much of a brain at all. They just hammer out the same bs by the millions, and they know they will have positive hits even how foolish it is.
It's like a website cypher
10:51 hilarious that this is presented as a logical fallacy in the context of geopolitics. If you're a global power, you should be hacking, and hacking well
@@albertkirilov6921 what is there more to say? Nations that matter on the world stage are doing hacking regardless of any laws, either domestic or international. Just because some official document states they aren't means nothing. I mean, maybe it does to the gullible public but not to the people who are in the know.
Logical fallacies were originally designed by Aristotle cuz he was essentially a Destiny debate-lord. He’d go to public squares to debate people and put both their social reputation on the line, and you can imagine who won the most. their purpose is not to prove anything or make any sort of meaningful point, it is to discredit the opposing sides point without actually attacking it, just the logical structure of it; which is different than saying something is illogical. Way too many people equate logical fallacies with illogical. Illogical means that there are missing steps, claims of logical fallacies attack the steps you are taking instead of the destination. Claiming that something is a logical fallacy might win over the majority of people, but in any sort of competition you want to be doing as much if not more than your opponent. Good fear mongering though keep it up 🎉
@@nodaxxingSocrates was the original annoying debate lord. He was so hated he got killed for it
@@nodaxxingall that typing for a fallacy fallacy 😂😂😂
@@nodaxxingdo you not agree with his statement tho
I didn't get the fallacy part? Why is the argument wrong? " If the US conducts them, why shouldn't we " 10:53
It is not.
It is a fallacy on an individual moral level. Assuming that an action is immoral, other people being immoral does not change that fact. This is true for criminals, for example. Other criminals existing does not absolve any person of their crimes.
It is a fair argument on a social level. The argument distilled is that one party is being unequally held accountable for an action that everyone does. Typically these actions are wrong on an individual level, but necessary evils on country level. All countries kill people. If you only ever target one country for killing people, that is not a fair criticism, but just a social attack.
3:30 - RuneScape Dragon Scimitar haha.. brings back memories
Haha screw doing Monkey Madness to wield that thing
love the dragon scimmy as the cursor lmao. reminds me of the old hack videos on YT back in 2010ish era :P
China has a point there. If someone else does it why cant they.
As long as you are a nuclear threat then you can do what ever you want
@@rallinrallen8040 Actually true
“This is CEO open file” is the Chinese equivalent of “show bobs” lol
😭😭lmao i can't 😂😂😂bro comon
Don't have to Do our indian broa like that
@@GTFO_0 💀 OP is dumb af and he knows it look at his pfn , but the broken English part is legit tho
*shows boobs*
Why would anyone be dumb enough to ask the e-mail sender if the file attachment is legit?
There is (or was) plenty of troians that used to spread themselves by running through yous email contacts and sending copies of itself to them.
But they obviously weren't able to properly reply to a question like a human would.
Those poor guys thougth the person on the other side was one of their collegues and asked if they were the ones that sent the mail and not some software, when they found that they were talking to an actual human everything suddenly seemed fine to them.
This is the Art of War!
love the storytelling and the narration
Thank you for the kind words!
@@cybernews 7:00 "Their attacks were brazen and aggressive. Relying more on poor cybersecurity of victims..."
So, it was just a marketing stunt for antivirus software companies?
Western nations using it for manufacturing made it a super power.
Thank you much greatful 👍👍🙌🙌👏👏
Treat research sounds like a sweet gig
I'd be willing to be that most of these companies/organizations that were victims of Shady Rat had at least one employee raise concerns about their poor infosec to a superior, and were promptly ignored. The people in charge often don't understand anything about this kind of stuff, and don't like it when someone below them knows more than they do. Thankfully that's been slowly changing over the last decade, but it's always going to be a problem to some extent.
It's the Dunning-Kruger effect. Which will never go away, unless we let AI run the show.
@@eskileriksson4457 they will just use quantum computer boosted AI to override the other AI
At the same time there was a purge of all CIA human assets in the Chinese mainland, Hong Kong and Macau. The US has never recovered since again.
Based
A great little documentary! A++
Great video brother 🔥 Been trying to tell people about this for years , the Chinese are also hyper focused on a quantum computer, pouring more resources and money into the project than anyone else. You could probably speculate the implications of that more than I could but it’s not great 😁
It would be analogous to the cracking of the Enigma and JN25 codes.
they already have it, it's called Jiuzhang1 & Jiuzhang2.
their quantum computer is different than ours, they use lasers & mirrors, it's a double slit delayed choice setup on steroids
@@kylorenkardashian79 omg i'll have to find out more about this. i like that analogy
@kylorenkardashian79 nobody has a quantum computer lol it would take another 20 years to have one
@@shashankdixit8949literally every major player has quantum computers. U can even get access online 😂
3:30 with the RuneScape dragon scimitar 😂😂😂
back again, always like these type of vids.
Thank you!
At this point it must ironically be safer to just store the most important and most classified information solely in a seriously sealed chamber, that almost nobody knows about, underground with meters thick concrete walls. No copy on any computer at all.
It's probably how some of those things are already being handled.
B21 bomber schematics and nuclear secrets I reckon
even the electric cable one day will be used to hack machines so it would have to be off the grid too lol
But doing so makes it impossible for our own scientists to learn and improve upon those designs. Science progress depends on collaboration. So there is no easy way
I mean the leak benefits everyone. The Chinese get their blueprints and the DoD and MIC gets to bang their drums to the tunes of trillions
@@dzungtran314I mean, it depends. Scientists didn’t seem to have a problem innovating a literal bombshell in the Manhattan Project. That isn’t the issue though, I think you missed it.
The issue is if you have any classified information, one that is a cognito hazard to the public at large, then you by definition trying to hide information. Scientists or not. Even politicians or not. You have to be either high up with the DOD, the FBI/CIA or the Armed Forces if it were a serious piece of information.
The most secure location if you can’t encrypt your own data and protect it is ironically what OP said. A locked cabinet no one knows about. Data sanitation and security is still hard for the average person, it is why security researchers and scientists often raise the alarm when breaches in any network, private or public is made especially with Malware and Phishing.
10:23 Phew 😮💨 that’s reassuring.
All infrastructure should have analog redundancy if not be entirely non-network
Awesome narration and video content! Subscribed!
Great video!
I enjoy watching your videos great job.
“There is no honour among thieves”.
@mugbeer9440 already there - next stage is making it profitable and building brands .
That was awesome. Really enjoyed it
Omg that dscim 07 scape cursor brought me back to my childhood 😢😢😢😢 custom moparscape clients makes me wanna cry a bit
Great content. More please....
I'm sure we never spy on any body ....
😂 i am thinking the same ....
The US is only sour because someone else did it better .
Or they are playing the moral card , because no one has caught them yet 😅 .
😂
Oh it's a given, we absolutely haven't spied on anyone.....😈👿🫅👿😈
@@Ahoooooooo lol.. Yeah we definitely should have just left the Japanese to keep doing their thing back in world war two.. 🤣😅
I mean china just caught spies of cia just a couple of days back 😂
This could be solved by just making external hack attacks that do crypto mining but no damage or info theft are civil matters, not criminal, and any company that is hacked must report the intrusion or face huge fines. A free for all that forces everyone to tighten security overnight
This video is great! If at all possible, please include source material for this/future informational videos. Sounds like it'd be a great read. After doing some searching it's proving rather difficult to find the source material
it is, because it is baseless, just storytelling, have fun watching!
Awesome Content. More like this.
Please more of this! If possible even a bit technical (imo)
agreed
How exactly is "The US is doing it, so why shouldn't we?" a logical fallacy?
Very interesting video ❤ love from China
Why don’t they just disconnect from internet?? Can’t get hacked if there is no connection to outside.
Fantastic video, very informative, thanks for sharing.
great intro. now i'm excited
Dragon scimitar, a man of culture I see...
me: why are you avoiding my messages?
her: I am taking counter measurements against Chinese spies.
😂 I always thought that there was some high level shit going on with Lockheed but now I laugh looking at this
Definitely.
Extremely Brilliant.
Subscribed!
That's how we became a super power also!
USA 🇺🇸 USA 🇺🇸
As a Shanghaiese I'm quite surprised to see they're actually doing such big things in that building.
The US is after Linux distros now. Since people have stopped using for critical infra, as the US introduces vulnerabilities in windows.
Bill Gate is a SELLOUT Commie CCP Agent 🇨🇳
This will be on textbooks! I hope you get credited.
Awesome Explainer video. 👍👍👍
Interesting honeypot story
Amazing.
Great content
If you enjoyed this you ahould read 'this is how they tell me the world ends'. It covers this an a whole lot more about the cyber arms race
USA: I never spy to anyone 😂
is this what Mr.Robot was trying to show ?
Man, you sure know how to tell a story. That intro was perfect: tells its own short story, grabs your attention, piques your curiosity then abruptly ends just as it reveals an answer that only raises more questions and increases the mystique...first video of yours I've watched but I was just blown away immediately. Not my typical content but you've got a new subscriber here!
How do you make such clip? the edit is perfect. Great video.
Thank you so much for the feedback!
i hope this video and your channel gets to millions as it's info people and companies definately need to know.
what an amazing video, best i've seen in a long time in terms of the insights and high production quality. this was quite an adveture. please do more like this, i'm gonna spend some time binging on your channel as I just discovered it today (and i'm in the tech iindustry as it's defo my kind of thing)
i love this channel
That last comment was scary. Really engaging video. Thanks, you just got a new sub. 😊
To sum it up
“Thanks for giving me the keys to your house and now your system is mine”
DOES ANYONE REALISE HOW CHINA MAPLOOKS SO MUCH LIKE AMERICAN MAP
This is a fantastic video. Well done.
Its very easy nowadays to get info on new tech, half of them are startups and people were advertizing their stuff everywhere
The f35 being stolen is such a massive L considering the whole point is how computerized and it is. Why didnt we listen to Battlestar Galactica😭
Battlestar? What do you mean?
I don't think so. You can steal the hardware blueprints but getting the software and getting it working on copied hardware is much harder, not to mention you won't get any updates. Which why is Tesla vetting on fast innovation. By the time someone else copies their hardware and software it's already obsolete. And they certainly won't copy the massive servers for training and collecting data using another custom architecture.
@@jan.tichavsky they did get the software at the time too
Such is the meaning of cold and ruthless pragmatism.
6:53 What music is this? The background music sounds stylish to the topic
dragon scimmy cursor 🔥
Cant spell China without CIA
Ok and you can't spell "homeowner" without "meow" what's your point
There are always holes in the infrastructure created by people. It is a difficult problem. The only way is reduce the attack surface, isolate data within a secure network and make convenience non existent. Only allow downstream traffic. Encryption at rest and transit between internal services. These are the things i can think about.
Great video
My first video on this channel, amazing !
Nobody does this better than US gov. through its big tech companies.
takes one to know one 😂
4:38 Okay, this is more pathetic negligence than genius of the attacker
Considering America is the leader in hacking, I don't understand the storyline... whoever rules technology rules the world.....
the rats are in Palo Alto, CA as homeless people living in all saints church opposite chase bank near the city hall .
Its why critical infrastructure and military assets should always be on a air gapped network, additionally having a fake network that lets you track your would be attackers and in turn hack them back is an ideal strategy
Nobody really cares.
If i receive anything with a link, I never hit it . I call who ever it is to verify first.
This video should get more views
You should learn spelling
Loved it
CIA does this all the time
4:49 Anyone knows the soundtrack around this part of the documentary?
0:44 HOLY SHIT!!!!! EVEN BRAZIL!!!!! "I apologize... i wasnt really familiar with your game"
all of Chinese military and officials have their original physical bodies in Titing a village in the sub division of Moutourwa in Cameroon