68: Triton

Darknet Diaries

Jack Rhysider

True Crime, Technology

4.9 • 8.6K Ratings

🗓️ 23 June 2020

⏱️ 76 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world. A big thanks to Julian Gutmanis, Naser Aldossary, Marina Krotofil, and Robert M. Lee for sharing their stories with us. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Sources https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://dragos.com/wp-content/uploads/TRISIS-01.pdf Video S4 TRITON - Schneider Electric Analysis and Disclosure Video S4 TRITON - Mandiant Analysis at S4x18 Video S4 TRITON - Reverse Engineering the Tricon Controller by Dragos Video S4 TRITON - A Report From The Trenches Video - Safety Orientation video for the Chemical Plant Learn more about your ad choices. Visit podcastchoices.com/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	So at this point, every single one of my listeners has been the victim of some kind of data breach.
0:05.7	Whether that's getting your personal data stolen from the Equifax breach or some other company that had info on you, but that got stolen.
0:12.9	But how impacted are we when this happens?
0:15.8	At the least, you should change your password and tighten up your own personal security and stuff like that.
0:20.9	But there's not much more you can do after that.
0:23.2	So we're kind of stuck waiting for whoever stole our data to see what they do with it.
0:28.4	And sometimes nothing happens, which is not impacted at all.
0:32.3	But I'm willing to bet in the future, will all each be impacted by a different kind of hack?
0:39.2	Something that will certainly impact our daily lives in a major way, like one that might take out our electricity or water,
0:47.6	or a hack that might cause a major disaster.
0:50.4	Like, what if a dam got opened up and let out a bunch of water and flooded the whole city?
0:56.1	That would have a big impact on our lives.
1:03.6	These are true stories from the dark side of the internet.
1:10.4	I'm Jack Recyder.
1:13.1	This is Darknet Diaries.
1:17.6	This episode is brought to you by DRADA.
1:33.3	When do you have insight into your compliance, security, and risk postures?
1:37.7	If it's right before an audit, you're in the same boat as many other organizations.
1:41.7	With DRADA, a G2 leader in cloud compliance software, you'll have continuous monitoring and
1:46.9	visibility into your risk, security controls, and audit readiness for standards like SOC2, ISO 27001,
1:54.8	GDPR, HIPAA, and more. DRADA can streamline compliance for over 14 frameworks and even automate
2:01.1	the custom frameworks and controls that you create to meet your organization's security needs.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Jack Rhysider, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Jack Rhysider and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.