Hey everyone, and welcome back to My Weird Prompts. We are coming to you as always from our home here in Jerusalem. I am Corn Poppleberry, and today we are doing something a little bit different. Usually, we have our housemate Daniel send us an audio prompt to kick things off, but this week, we actually decided to pick the topic ourselves. There has been so much noise in the news lately about the ongoing cyber friction between Iran and Israel, especially following everything that happened last year during the height of the regional tensions, and we realized that most of the coverage is just incredibly surface level. People talk about cyber warfare like it is some kind of magic spell or a guy in a hoodie typing really fast in a dark basement, and we wanted to pull the curtain back on what is actually happening at the physical layer.
I am Herman Poppleberry, and I have been chomping at the bit to talk about this. When people hear the term cyberattack, they think about their email getting hacked, a credit card number being stolen, or maybe a government website going down for a few hours. But when we are talking about state level actors targeting critical infrastructure like power grids, water treatment plants, or nuclear enrichment facilities, we are talking about a completely different animal. We are talking about industrial sabotage. The reality of how you actually penetrate a system that is supposed to be air gapped and hardened is much more fascinating and, frankly, much more terrifying than what you see in the movies. We are moving away from the myth of the digital fortress and into a reality where air gapping is more of a state of mind than a physical certainty.
It really is. I think a good place to start, Herman, is just defining the battlefield. Because when we talk about a power plant or a desalination facility here in the Middle East, we are not just talking about a bunch of Windows computers connected to the internet. There is a whole stack of technology there that most people never interact with, and that is where the real war is being fought.
Right. You have to distinguish between Information Technology, or IT, and Operational Technology, which we call OT. IT is what we are all used to. It is servers, laptops, databases, and email clients. The priority in IT is usually confidentiality. But OT is the world of Industrial Control Systems and SCADA, which stands for Supervisory Control and Data Acquisition. These systems are what actually move the physical world. They use Programmable Logic Controllers, or PLCs, which are these ruggedized, specialized computers that tell a valve to open, a circuit breaker to trip, or a turbine to spin at a specific number of revolutions per minute. In the OT world, the priority is not confidentiality; it is availability and safety. If a web server goes down, you lose money. If a PLC controlling a cooling pump goes down, the hardware can literally melt.
And the big assumption that the public makes, and even some policy makers make, is that these OT systems are safe because they are air gapped. For anyone who is not familiar, an air gap just means the network is physically separated from the public internet. There is no wire, no fiber optic cable, and no wireless bridge connecting the power plant control room to the outside world. So, the common logic is, if there is no connection, there is no way in. But as we have seen, especially in the last few years leading into twenty twenty six, that air gap is often more of a polite suggestion than a real barrier.
It is a total myth, Corn. Or at least, it is a dangerous security through obscurity fallacy. According to the Infrastructure Security Report that came out in January of twenty twenty six, the air gap is statistically breached in eighty five percent of cases through third party vendor access. Think about it. Even if a system is air gapped, it still needs maintenance. It needs firmware updates. It needs diagnostics. A technician from the company that manufactured the turbines or the specialized valves has to come in with a laptop, plug into the maintenance port of the system, and run their software. That laptop is your bridge. That technician is your carrier. If that technician’s laptop was compromised three weeks ago while they were at a hotel or working from home, the malware just waits. It hitches a ride across the air gap on a USB drive or a serial cable.
That is the human in the loop vulnerability. It is much easier to compromise the laptop of a field engineer who travels to ten different sensitive sites than it is to try and hack a hardened bunker from across the ocean. But it goes even deeper than that, right? We are seeing state actors moving way upstream into the supply chain. This is not just about waiting for a technician to make a mistake; it is about poisoning the well before the water even reaches the plant.
This is where it gets really sophisticated, and it is what we call supply chain interdiction. Instead of trying to break into a facility that is guarded by soldiers and biometric scanners, a state intelligence agency might intercept the hardware while it is still in the factory or while it is being shipped. They can swap out a single chip on a motherboard or modify the firmware on a router before it ever even reaches the target. By the time the technicians in Israel or Iran plug that device into their air gapped network, the Trojan horse is already inside the gates. It is not just about software anymore. It is about the very silicon the system is built on. We have seen reports of specialized implants that are smaller than a grain of rice being soldered onto motherboards during the shipping process. These implants can listen to data or even inject commands directly into the system bus.
It reminds me of what we discussed back in episode six hundred ninety four when we talked about the GBU fifty seven Massive Ordnance Penetrator. We were looking at how you physically crack a mountain to get to a bunker. But what we are talking about today is the digital version of that. Instead of a thirty thousand pound bomb, you are using a compromised firmware update to bypass every physical lock and key. It is the same goal, which is neutralizing a strategic asset, but the method is invisible. You do not need to fly a stealth bomber over a target if you can just make the target destroy itself from the inside.
That is a great connection, Corn. And honestly, the digital approach is often more effective because you can achieve the same kinetic result without necessarily signaling that an attack has even occurred. If you drop a GBU fifty seven, everyone knows what happened. But if you subtly manipulate the cooling system in a nuclear facility so that the hardware slowly degrades over six months, you might achieve the same goal without ever triggering a formal declaration of war. This brings us to the concept of Sneakernet attacks. If you cannot get in through the wire, you get in through the feet of the people walking in and out. We are talking about malicious USB drives left in parking lots, or even more subtly, compromised charging cables. There was a case recently where an intelligence agency distributed free high quality charging cables at a trade show attended by industrial engineers. Those cables had integrated wireless chips that could exfiltrate data from any laptop they were plugged into.
So let us get into the mechanics of how they actually stay hidden once they are in. You mentioned PLCs earlier. One of the things that surprised me in the research for today is how many of these systems are still running on legacy protocols. We are talking about systems that were built to last thirty years, which means they are running tech from the nineties or even the eighties.
It is a massive problem. As of March twenty twenty six, over seventy percent of critical infrastructure in the Middle East is still relying on legacy PLC protocols like Modbus or early versions of Profinet that completely lack native encryption or even basic authentication. These systems were designed thirty or forty years ago when the idea of someone hacking a water pump seemed like science fiction. They were built for reliability and longevity, not security. So once an attacker gets onto that local network, they do not even need to crack passwords in many cases. They can just send raw commands to the hardware because the hardware assumes that any command coming from the internal network is legitimate. If the command says open the valve, the valve opens. It does not ask for a digital signature.
And they are using what you called Living off the Land techniques, right? They are not necessarily uploading a big, obvious virus that an antivirus program would catch. They are using the tools that are already there.
Signature based detection is almost useless against a top tier state actor. Instead, they use native system tools. They use PowerShell, Windows Management Instrumentation, or specific diagnostic commands that are already built into the industrial software. This is often called LOLBAS, or Living off the Land Binaries and Scripts. If an attacker uses a legitimate maintenance tool to change the pressure settings on a gas pipeline, the system does not see that as an attack. It sees it as a routine adjustment. This is why these actors can stay persistent in a network for years without being detected. They look like the system itself. They are not breaking the door down; they are using the master key that the janitor left under the mat.
I want to talk about the Golden Ticket. We hear that term in the context of Windows Active Directory, but how does that apply to an industrial environment?
In a modern industrial facility, the OT network is often integrated with a local version of Active Directory for user management. If an attacker can compromise the domain controller, they can generate a Golden Ticket. This is essentially a forged Kerberos ticket that gives them permanent, high level access to everything on the network. They can impersonate any user, including the lead engineer. In an OT environment, a Golden Ticket is the ultimate prize because it allows the attacker to move laterally from the business side of the plant directly into the control systems without ever triggering an alarm. They can literally walk through the digital front door and start changing the logic on the PLCs.
It makes me think about the Twelve Day War in twenty twenty five. We covered the sabotage aspect of that in episode seven hundred thirty eight, focusing on how Mossad allegedly blinded Iranian air defenses. At the time, there were reports that it was not just a jammer or a missile. It was a pre positioned bit of code that had been sitting in their radar systems for years, just waiting for the right signal to tell the system to report clear skies while the jets were actually overhead.
That is the ultimate goal of persistence. You want to be the ghost in the machine. And to do that, you have to go deeper than the Operating System. We are seeing more and more attacks targeting the UEFI or the BIOS level. For the listeners who might not know, that is the very first piece of software that runs when a computer turns on, even before Windows or Linux starts up. If you can hide your malicious code there, you can wipe the hard drive, reinstall the operating system, and you are still there. You have a permanent foothold that survives a complete system rebuild. In twenty twenty six, we are seeing state actors use what we call flash wear, which is malware that resides in the flash memory of peripheral devices like network cards or even hard drive controllers. You can replace the whole computer, but if you keep that one specialized network card, the infection remains.
That is a terrifying level of access. But I want to push on the kinetic side of this. We hear the term cyber kinetic all the time now. What does a successful attack actually look like in practice when it moves from the digital world to the physical world? Because it is not just about stealing data; it is about breaking things.
It is all about physics, Corn. Let us take a power grid as an example. You have these massive turbines spinning to generate electricity. They have to spin at a very precise frequency, usually fifty or sixty hertz, to keep the grid stable. If an attacker gains control of the frequency converters, they can induce what we call physical resonance. Every physical object has a natural frequency at which it likes to vibrate. If you can force the hardware to vibrate at its natural resonant frequency, the vibrations amplify. If you do that long enough, the metal literally starts to fatigue. You can cause a multi million dollar turbine to shake itself to pieces from the inside out. It is like the classic example of a singer breaking a wine glass with their voice, but on an industrial scale.
So it is not just turning the lights off. It is destroying the ability to turn them back on.
Precisely. If you just turn off a switch, someone can turn it back on. But if you cause a physical failure in a custom built transformer or a specialized turbine, you are looking at lead times of months or even years to replace that equipment. These are not items you can just pick up at a hardware store. They are often custom ordered and take a year to manufacture. That is how you take a nation state out of the fight. You do not just disrupt their service, you destroy their industrial capacity. We saw hints of this with Stuxnet back in the day when it destroyed centrifuges by varying their speeds, but the tools we are seeing in twenty twenty six are infinitely more precise. They can target specific bearings or valves with surgical accuracy.
Another example that really stuck with me was the idea of manipulating chemical dosing in water treatment. If you change the amount of lye or chlorine being added to a city's water supply by just a few percentage points, you can make the water toxic or corrosive enough to destroy the city's pipe infrastructure.
And the scariest part is that you can do it slowly. You do not have to poison everyone overnight. You can just change the PH levels slightly so that the lead in the old pipes starts leaching into the water. By the time the health department realizes there is a problem, the damage to the population and the infrastructure is already done. This is the essence of cyber kinetic convergence. The digital command becomes a physical consequence.
It really changes the math of deterrence, doesn't it? In a traditional sense, you have a big army and big missiles to show strength. But in this invisible front, the more you show your hand, the less effective your weapon becomes. Once you use a zero day exploit or a supply chain backdoor, the enemy finds it, they patch it, and that weapon is gone forever.
That is the paradox of cyber warfare. It is a one time use weapon in many cases. That is why state actors are so hesitant to use their best stuff unless it is a full scale conflict. They spend years developing an exploit for a specific model of PLC, and if they use it to turn off a single building's lights, they have wasted a multi million dollar asset. But what we are seeing now between Israel and Iran is this constant low level probing. They are constantly testing the fences, looking for that one overlooked maintenance laptop or that one unencrypted PLC. They are mapping the networks, identifying the hardware versions, and pre positioning their tools so that if a real war breaks out, they can pull the trigger on everything at once.
You know, it is interesting you mention the maintenance laptops. I think people underestimate how much of this comes down to basic operational security, or OPSEC. We talked about this in episode seven hundred seventy eight, how the line between civilian and soldier is blurring. If you are a technician working at a desalination plant or a high voltage substation, you are a high value target for intelligence agencies. They might not hack the plant directly; they might hack your home router, your smart fridge, or your phone just to see when you are scheduled for maintenance so they can try to intercept your devices.
Or they use social engineering. They find out you are a fan of a specific hobby, like model trains or rare coins, and they send you a spear phishing email with a malicious attachment related to that hobby. Once they have your credentials, they wait. They might wait six months until the next time you plug your work laptop into the facility network. The patience of these state actors is incredible. They are playing a game that spans decades, not just days. They are looking for the human who is tired, the human who is distracted, or the human who thinks, it is just a quick update, I do not need to follow the full security protocol this one time.
Let us talk about the defense side for a minute. If the air gap is a myth and legacy protocols are everywhere, what does actual security look like in twenty twenty six? I know there has been a lot of talk about Zero Trust Architecture.
Zero Trust is the big shift we are seeing in the industry. The old model was the castle and moat. You build a big wall around your network and assume everything inside the wall is safe. But as we have discussed, the attackers are already inside the wall. They came in on the technician’s laptop or the manufacturer’s firmware. Zero Trust says, I do not care if you are inside the network, I do not care if you have been a technician here for twenty years, I am going to verify every single request, every single time. It is about micro segmentation. You do not let the water pump talk to the billing system. You isolate every single component so that even if an attacker gets into one PLC, they cannot move laterally to the rest of the plant. You treat every single device as if it is sitting on the public internet.
But that sounds incredibly difficult to implement in an old facility. If you have a plant built in the nineteen nineties, how do you even start to move toward Zero Trust without shutting the whole thing down for a year?
It is a nightmare, honestly. It often requires adding a layer of security hardware on top of the old stuff. We call them industrial firewalls or deep packet inspection tools for OT. These devices sit in front of the old PLCs and look at the actual commands being sent. They understand the industrial protocols. If they see a command that says, spin the turbine at ten thousand RPM when the safe limit is five thousand, the firewall blocks it, even if the command looks like it came from the head engineer’s console. But the real long term solution is what we call a Hardware Root of Trust.
Explain that a bit. Is that like a physical key that you have to turn?
Sort of, but at the chip level. It is a dedicated security chip inside the hardware, like a TPM or a Titan chip, that is immutable. It cannot be changed by software. This chip verifies that every piece of code being run is signed by a trusted authority. If the firmware has been tampered with, even by a tiny bit, the chip refuses to let the system boot. This is how we fight back against supply chain interdiction. You make the hardware itself the ultimate judge of what is allowed to run. If the chip detects that the motherboard has been modified, it bricks the device. It is a scorched earth policy for security.
It seems like we are in this arms race where the defenders are finally starting to catch up to the reality that the physical and digital worlds are the same thing now. But I wonder about the role of Artificial Intelligence in all of this. We are seeing AI being used to find vulnerabilities at a speed that humans just cannot match.
That is the big wild card for twenty twenty six. We are moving into the era of autonomous cyber weapons. Imagine a piece of malware that does not need to call back to a command and control server. It has an on board AI model that can scan the network, identify the specific model of PLC being used, and then generate a custom exploit on the fly based on the specific configuration of that plant. It can adapt to the environment in real time. That is where we are headed. The speed of the attack will eventually outpace the speed of human response. We will need AI defenders just to keep up with the AI attackers.
Which brings us back to the idea of the invisible war being the primary war. If you can paralyze an enemy's infrastructure before a single soldier crosses the border, you have already won. And for us living here in Jerusalem, this isn't just a theoretical discussion. We have seen the headlines about water systems being targeted and the power grid facing constant pressure. It makes you realize how fragile the modern world really is. We rely on these invisible systems for everything from our morning coffee to our hospital ventilators.
It really does. But I also think it is important not to be purely alarmist. Awareness is the first step toward better security. The reason we are seeing more of these attacks being reported is because we are getting better at detecting them. Ten years ago, a pump might have failed and everyone would have just assumed it was old age or poor maintenance. Today, we have the forensic tools to look at the logs and say, wait a minute, someone manipulated the pressure settings at three in the morning from a terminal that should have been logged off.
That is a great point. The transparency is actually a sign of progress in a weird way. But it also means that the stakes for the people running these systems have never been higher. If you are in charge of a city's power or water, you are now on the front lines of a global conflict, whether you like it or not. You are a combatant in the eyes of state level cyber units.
And that leads us to some of the practical takeaways from all of this. For anyone listening who works in any kind of infrastructure, manufacturing, or even just a large corporate environment, the first thing is to kill the idea of the perimeter. You have to assume the breach. If you start from the assumption that an attacker is already on your network, your entire security posture changes. You start looking at internal traffic, you start enforcing multi factor authentication for every single internal move, and you stop trusting those maintenance laptops just because they belong to a known vendor.
And for the general public, I think the takeaway is understanding that cyber warfare is not bloodless. When a hospital's backup generators are compromised or a water treatment plant's chemical dosing is manipulated, people can die. We need to treat infrastructure security with the same level of seriousness and funding that we treat physical border security or missile defense. A firewall is just as important as an Iron Dome battery in twenty twenty six.
We also need to move away from security through obscurity. Just because you use a proprietary protocol that no one has heard of does not mean you are safe. In the age of AI and state level reverse engineering, obscurity is just a speed bump. It might slow them down for an afternoon, but it won't stop them. You need real, cryptographic security at every layer of the stack, from the user interface down to the individual sensor on the factory floor.
I think one of the most interesting things we have seen lately is the push for immutable logging. The idea that you have a record of every command sent to a machine that cannot be deleted or altered, even by an administrator. It is like the black box on an airplane. If something goes wrong, you need to know exactly what happened, and you need to know that the evidence hasn't been tampered with by the attacker to hide their tracks.
That is crucial for attribution. One of the biggest challenges in cyber warfare is proving who did it. If an attacker can delete their tracks and manipulate the logs, they can maintain plausible deniability. Immutable logs, often backed by distributed ledger technology, take that away. They allow a nation to say, we have the digital fingerprints, we know this command came from this specific unit in this specific country. That is how you build a case for a kinetic response or international sanctions.
It really feels like we are living through a fundamental shift in how human conflict works. We are moving from the era of big, loud explosions to the era of quiet, subtle malfunctions that can be just as devastating. It is a lot to process, but I think it is the defining challenge of the twenty twenties. We are learning that the most dangerous weapons are the ones we cannot see, and the most important battles are being fought inside the silicon of our power plants.
I agree. And it is something we are going to keep tracking here on the show. The technology is moving so fast that what is true today might be obsolete by next month. But the underlying principles of physics and logic remain the same. If you want to protect the physical world, you have to master the digital one. You have to understand how the code translates into the spinning of a turbine or the flow of water.
Well said, Herman. I think we have covered a lot of ground today, from the myth of the air gap to the terrifying reality of physical resonance and supply chain interdiction. It is a complex topic, but I hope this has given everyone a better sense of what is actually happening behind those headlines about cyber warfare between Israel and Iran. It is not magic; it is just very, very sophisticated engineering used for destruction.
Yeah, it has been great to dive deep into this. And honestly, it makes me appreciate the work of the people who are out there every day trying to keep these systems secure. It is a thankless job until something goes wrong, but it is more important than ever. They are the unsung heroes of the modern age, standing between us and a total infrastructure collapse.
Before we wrap up, I want to mention that if you found this discussion interesting, you should definitely check out some of our past episodes. We mentioned episode six hundred ninety four on the GBU fifty seven and episode seven hundred thirty eight on the sabotage of Iran, but we also have a great one, episode eight hundred ninety five, that looks at the human element of real time spying in high tech war. You can find all of those and the rest of our archive at myweirdprompts.com.
And hey, if you have been enjoying the show and you find these deep dives valuable, we would really appreciate it if you could leave us a review on your podcast app or on Spotify. It genuinely helps other people find the show and it lets us know that we are on the right track with these technical topics. We love seeing your feedback and hearing your own theories about where this tech is headed.
Yeah, a quick rating or review makes a huge difference. We also want to thank everyone for sticking with us as we hit this milestone. This is actually episode nine hundred fifty of My Weird Prompts, which is just wild to think about. We have come a long way since episode one, and it is all thanks to you guys for listening and engaging with these ideas. We never thought we would still be doing this nine hundred fifty episodes later, but the world just keeps getting weirder.
Nine hundred fifty episodes. That is a lot of talking, Corn. But as long as there are weird prompts and strange technology to talk about, there is always more to explore.
Always. Alright, I think that is a good place to leave it for today. We will be back next time with another prompt, hopefully one from Daniel if he has recovered from his latest research project into autonomous drone swarms.
We will see what he comes up with. Until then, stay curious and stay secure. Watch your USB drives and maybe change your passwords one more time.
This has been My Weird Prompts. You can find us on Spotify and at our website, myweirdprompts.com. Thanks for listening, and we will talk to you soon.
See you next time.
