 Hey guys, welcome back to my YouTube channel. This is Daniel Rosel here bringing you today's video from my home office in Jerusalem same location a couple of new touches you guys might see the on-air sign there in the background I've actually had it for a few months now, but just got around to putting it up I want to talk today about something a little bit slightly off-topic even within the realm of the Techno technical stuff I talked about on this YouTube Which tends to be clustered around a couple of very unique subjects like home networking and Back up and disaster recovery. That's something related to cyber security actually and cyber security is a field I've been interested in for a number of years through the work that I do or slightly different work nowadays, but for the past five six seven years in Israel been working as As a marketer with technology companies and I've had a number of cyber sec clients. It's a very hot space I also had and this is I'm going to talk about air gapping in just a little bit because that's where I first came across the term Air gapping was my first job here in Israel was working at a industrial IOT company And what we were doing the company was manufacturing these gateways that would connect into IOT industrial IOT devices So what's an industrial IOT device just as you have? You know smart fridges and smart toaster ovens and smart air conditioners in the industrial setting when people are trying to create smart cities They push they connect sensors like chlorine sensors and electricity sensors and power quality sensors and They would deploy those in their water networks and smart grids and stuff like that now This is a whole area of technology that a lot of people haven't heard about called OT or operational technology everyone's heard about IT informational technology the stuff that's revolutionized our lives, but there's also something called OT and Very closely related to the world of OT is something called skater Now skater and it's actually been so long since I was working with this company that I've forgotten what it actually stands for Here we go supervisory control and data acquisition is a computer-based system for gathering and analyzing real-time data to monitor and control Equipment that deals with critical and time-sensitive materials for events. Let me try explain that in more simple terms If you have a smart city with a smart water network all these sensors integrate into some if you imagine Homer Simpson in in the Simpsons and You remember he was in that nuclear power control room. That was like a skater room. It's a control technology software in which all these real-time inputs are integrated and Commonly these systems are air-gapped now. What is air-gapping? So If you take your average home network, right? I am recording this video into a desktop computer Here in my room the room. I'm always doing these videos in my wife Might be sitting in a different room have her laptop and we could actually create an internet That we have some kind of a chat program and we talk to one another and we might have a writer But we may not have a modem let's say and that means there's no way any computer on this network can do anything except for Communicate and exchange files between other clients on the network. There's a physical disconnection between the hardware we need to get to use the internet and the network right so to use the internet we need a modem and To just send packets across the local network all we need is a router and maybe switches as well So again in the terms of sort of computer networking This is what's called the me and another computer on the network is what's called a LAN Local area network and the internet is the wide area network or the one so who uses air-gapping? Well typically very secure stuff So I mentioned skater systems for this reason think about what would happen if a city went smart and deployed a smart water Network and deployed a smart electric smart grid and everything was everything had IOT Sensors and it was all wired into these skater systems, right if someone were to hack into my computer here they might Get a few files. They might be able to extract my passport from my computer and stuff like that What would happen if an adversary were to hack the smart grid and by running a command on that computer? They could take down the power for the whole city, right? And perhaps there might be patients in hospital hooks up to dialysis machines who God forbid well, they probably have generators But you know the point I'm trying to make is it's much much more potentially dangerous hence These type of secure networks tend to be air-gapped for that reason these secure networks, so That's a little bit about air-gapping and how I got interested in a little bit about cyber sec and air-gapping now I remember reading in the news a number of years ago some article About this these crazy experiments in Israel now. I live in Israel for those who weren't aware I remember reading about you know these wild experiments where like some guy was able to Transmit data off an air-gap network by turning on and off the LEDs on a rider They basically kind of like Morse code, right and they had the writer They injected malware into the air-gap network So typically the only way is commonly assumed that you can hack an air-gap network Hacking anything connected to the internet most clients are connected are protected by firewalls that you know Web application firewalls or WAFs and their job is kind of to you know say well This is legitimate traffic. This traffic looks illegitimate. We're gonna block down access for this traffic But what if the server is not connected to the internet at all, right? So in that case is really not much you can do as a potential hacker So the vulnerability of these networks tends to be some much more Code and dagger stuff, you know Some guy comes in disguised as a cleaner if you watched fouda or a Tehran think more along these lines, right? and sticks the USB into the air-gap network USB stick in order to inject malware and compromise that network now Once a network is compromised people might want to get out data But what happens if you only get access you only get to put in that USB stick in five seconds. You got to run So there's something called data exfiltration and I sent these this page to a few of my geekier more computer oriented friends and They loved it but trying to explain it to people less interested in tech I think when people hear air-gapped and exfiltration they stopped listening so exfiltration means getting data out So if you were for whatever reason determined to hack and extract Ultrasensitive data from an air-gap network, you'd have to figure out a way to not only Compromise the system you'd have to figure out some way if you wanted to maintain that capability of Constantly getting out info of exfiltrating data while that air while that network remains air-gapped So this is what these are the wild cyber security exploits demonstrated here So I was browsing YouTube this morning and hadn't thought about these this article I read number years ago couldn't remember the University couldn't remember the academics name And it was recommended as a video. I should watch and I was like wow So here it is. I'm gonna just jump over to my screen if I can figure out how to do that. It's called Let me just put the URL up here my old school notepad way for a second. It's called Cyber coders comm. It's not actually a standalone website. It's actually just a like forwarding URL and it'll forward you to this page It's and the domain that you can see because it's cut off in my screen is cyber.bgu.ac.il It's Ben Gurion University in Israel, which is one of the universities here in Israel located in the desert the negative deserts You know not not maybe the place where you might expect the greatest minds of Israeli technology to be working on some pretty wacky Projects, but there you go. And the guy running this is a man called Mordechai Gore computer scientist at this university He's you know, this is a kind of a classic computer scientist website. They always put out these old school HTML and CSS bait sites I love it. It's called the advanced cyber security research lab And I just want to wanted to show for those interested a couple of cool things So this is where they list out all their experiments. So now that I've given the context I hope this might be a bit more understandable if you just click into this network for This video for some weird reason, right? These are all the Exploits they've figured out and they give links here to YouTube videos and their YouTube channel, which I will get to presently I already had it. Whoops Don't know don't get a copyright thing for for grabbing their video. This is it truly truly incredible Starting with this one seita seita is the the data cable is connecting One of them anyway connecting hard drives to the motherboard on a computer. So in this attack I'll just go into the video and these are all different Vulnerabilities or methodologies they've proven are viable for exfiltrating data from air gott systems to this one for instance seita and air gap exfiltration attack via radio signals from seita cable. So this stuff is wild I mean, I use that I use that advisedly. They basically inject malware They find a way to turn the seita cable into an antenna Transmitting data from the air gap computer and then all they need is some kind of a monitor Somewhere someone off-site that they can pick up those encrypted ones now That's not that's far from the coolest one But if you want to go to through this website, they list as well not just the videos. They also list papers like some of these I'm just gonna Show a few of my favorite ones just give you a feel for the material here power supply Leaking data from air gap systems by turning the power supplies into speakers. That's wild Power supplies or ps use what power computer is and they find some way. There's other Hacks that use acoustic properties. One of them is actually using the physical vibrations from a hard drive a HDD The point the video is I just wanted to explain a little bit about context of what this is Here's the one I was fast another one. I fascinating covert data exfiltration via router LEDs so, you know, you probably Have a writer in your home that looks a little bit like this TP link writer and it's got these LED lights Well, what if the malware could control those LED lights on the router and that was conveying an encrypted signal a coded signal and Someone sitting outside the building again was able to had the cipher and could decrypt decrypt The encoded messages transmitted as LED combinations this so it's it's like I would describe so you can see Those aren't regular lighting patterns. You see on a writer. This is actually an encoded message That's about it so This stuff is so Advanced that it is really I can't believe this is really a thing stuff It's almost like kind of science fiction, but this is real life You know real life can be more interesting than these Hollywood movies about espionage now I don't know for sure that these were used in Stuxnet or Those attacks, but it's safe to say that if this is the capability of Computer scientists that's in the public domain That's this already a 2017 video. I'm the writer LED one so five years later Who knows what kind of incredible technology exists for a day in the hands of intelligence agencies and signals intelligence agencies For exfiltrating data from these supposedly secure air gap networks I guess the take-home message of this video and I've seen some Thought this a few times from some of the amazing cyber security answers on quora is if you think there's no way That you've I smarted the people watching you if you're doing something very malicious like running a Elicit nuclear weapons program if you think you've outsmarted the guys following you they have all sorts of ways to To win the game so really interesting stuff if you're interested in air gapping and cyber security I'll pop a link in this video description to Cyber coders and one going directly to this YouTube channel because it's really worth looking at these different experiments Thank you guys for watching. I hope this Quick detour into cyber security was interesting more videos along these lines coming soon to my YouTube channel Thank you for watching