Why Hacking is the Future of War

Use code JOHNNYHARRIS at the link below to get an exclusive 60% off an annual Incogni plan: incogni.com/johnnyharris

As a senior software engineer working in the cyber security space. The castle analogy is one of the best explanations I've heard in a while. I'll be using this to explain these to people in the future

Cyber warfare is cruel. Romanian hospitals recently got attacked via ransomware and many hospitals are unoperable. For instance, my mum suffers from cancer and she had to do her treatment tomorrow, 15th of February, but she can't because the system got hacked...

Back in the 1990s I met a guy who got busted by our university for hacking into the campus computer network. He was given an ultimatum, get expelled or work at the university in the IT department. He took the job but grumbled a lot about the workload. I suspect the USA has hired some hackers in the same way.

I am network engineer and boy believe me there are attacks happening all over the place all the time. Either by bots or on some specific service in our datacenters. Its constant at this point.

Nitpick: 1. Not all vendors have bug bounties anywbere near what google/apple pays out 2. Sometimes google/apple try not to pay out 3. Black hat pays much better (which was covered in the video), like 100x more in some cases 4. Sometimes white/grey hats get flamed or threatened with lawsuits on disclosure, or get the ring around in the pre disclosure period as the company does nothing Sorry to only throw mud but security posture and whistleblower peotection are things i'm passionate about improving

This video is more engaging than most sci fi movies because it’s non fiction and Johnny’s ability to narrate and edit serious topics. Any software engineer/ cyber security student should watch this.

What's not stated clearly enough in the castle metaphor is that essentially everyone uses the same blueprints to build their castle. >90% of people use Windows, and >90% of servers use Linux. In this sense cyberwarfare has this odd symmetry to it: Developing new attack methods often exposes vulnerabilities in your own systems, but in order to patch your own vulnerabilities you must often report them to the developer, for example Microsoft, who will then roll out a fix to *everybody*, including your opponent. Then remember that world powers often sit on exploits like these, rather than reporting them. Evidently, multiple people in power sat down and decided that holding on to an exploit to attack some theoretical future enemy was worth more than protecting their own people, hospitals, and power grids from real, known threats.

dude has changed the title and the thumbnail almost 4 times, was struggling a bit to find the video in my watch later list lol

The castle animation is the sort of thing a movie would have to show the hackers are getting in.

A side note everyone misses: WannaCry and NotPetya used a vulnerability in Windows that had a fix 1/3 months before the initial deployment respectively. The simple variant of this exploit was founded back in 2009 with Microsoft's employee stating in personal blog that they put a duck tape over a hole in Hoover Dam, the "fix" 8 years later just disabled the vulnerable part completely.

i've seen johnny change the title and thumbnail of this video exactly 5 times by now

Johnny! No shoutout to Darknet Diaries / Jack Rhysider? He’s covered all of this years ago. Would highly recommend to anyone that finds this interesting. Episodes that cover what Johnny is talking about (in greater detail): - Zero Day Brokers - Shadow Brokers - NotPetya - Olympic Destroyer - Stuxnet

The analog oscilloscope behind you connected to the microphone is fantastic

Fun fact: Recently, a research by a journalist of De Volkskrant in the Netherlands showed that it was a Dutch/Iranian citizen who brought Stuxnet physically into the factiory and installed onto the computers there. It was a collaboration with the AIVD (Dutch intelligence services).

This is more than we can ask for. Kudos to the production team and researcher. especially to Mr. Johnny!

Very few great infosec folks work for the US government directly. The private sector pays WAAAY more and there's much less regulation. It also gives the public sector plausible deniability. Btw "APT" (advanced persistent threat) is the term for what you're referring to at the end. They're a pretty big signature of a nation-state.

I remember "Petya" virus hits us when I was in university, it caused a lot of panic back there. You mostly was put in a hard choice like "do I turn on my PC to save my files risking getting this virus or do I just wait and hope for the best"

Been in IT for over 20 years. Great video. 2FA can be bypassed very easily. Everything you mentioned is public knowledge but there is so much underground under the table info missing.

Thank you for the video, Johnny. I really appreciate what you do. Each of your videos gives me a new kind of perspective on the world, its connections, functionality, dependencies, and geopolitics. Many people aren't even aware of things like cyber warfare or the hidden files waiting for their time to disrupt the infrastructure, thus making them more vulnerable to these kinds of attacks. You and your team are doing great work!