How the World’s First CYBERWEAPON destroyed physical objects!
HTML-код
- Опубликовано: 18 май 2024
- Sign up for ESET Home internet security for FREE: www.eset.com/us/protecting-ar...
ESET is sponsoring the STARMUS festival in Bratislava, Slovakia May 12-17, 2024: www.starmus.com/
TALK TO ME on Patreon:
/ arvinash
REFERENCES:
How ChatGPT works: • So How Does ChatGPT re...
CSOonline Stuxnet article: tinyurl.com/yovpvh5m
Anatomy of Stuxnet: tinyurl.com/2xjkpqxe
Medium article on Stuxnet: tinyurl.com/233j7dj8
Avast article on Stuxnet: www.avast.com/c-stuxnet
IEEE article: www.avast.com/c-stuxnet
Significance of Stuxnet: tinyurl.com/267jugyp
News Story about Nanatz attack: tinyurl.com/28kjgoe3
CHAPTERS:
0:00 How Stuxnet started
1:58 Who created Stuxnet & Why
3:54 How Stuxnet worked
6:33 How Stuxnet was detected
9:54 What Stuxnet implies for the future of hacking
11:44 ESET is a way to protect yourself (sponsor)
SUMMARY:
It is thought that a person working at an Iranian nuclear facility inserted a malware-infected USB drive into a computer. This malware is called Stuxnet and was developed by the USA and Israel specifically to damage Iranian centrifuges which were involved in enriching Uranium for development of a nuclear bomb. This set the Iranian nuclear program back by about 2 years.
This was the first known case of physical equipment being damaged by malware. It was the first case of cyber warfare.
The year was about 2005. This particular malware was designed in such a way that it mostly stayed dormant and made such subtle changes over such a long period of time, that no one noticed it for years.
#stuxnet
#virus
It was designed specifically to target PLCs, that is Programmable Logic Controllers. These are industrial computers that control industrial processes. In this case the target was centrifuges.
Iran had gone to great lengths to ensure security. For example the facility’s computers were not physically connected to any computer outside the facility. This is called an air gap. So there was seemingly no way to infiltrate these computers remotely via any kind of internet or extranet.
Stuxnet exploited at least 4 previously unknown Windows vulnerabilities. These are called zero day vulnerabilities - they are security flaws for which the vendor has not yet made a patch. Stuxnet was "discovered" in 2010, but it’s estimated that development on it probably began in 2005 under the George W Bush and Barak Obama administrations.
These administrations believed that if Iran were to develop atomic weapons, Israel would launch airstrikes against them, which could trigger a major conflict and destabilize the region. Developing and unleashing a cyberwarfare software weapon was seen as a nonviolent alternative. The program was labeled Operation Olympic Games.
It was designed to destroy the centrifuges that Iran was using to enrich uranium for its nuclear bomb program. Why is enrichment needed? Because Mined Uranium has only a small fraction of fissile U235 of 0.7%. It has to be at least 90% U235 in order to be used in a nuclear weapon. A centrifuge is used to spin uranium fast enough to separate the lighter U235 isotope from U238. The nature of these centrifuges is such that they tend to have a short lifetime. They get damaged in normal operation. But Stuxnet was able to damage many more than in normal operation.
Stuxnet altered Siemens PLC programming which caused the centrifuges to spin irregularly, damaging or destroying them more often in the process. And even more brilliantly, while this malfunction was happening, the worm used a vulnerability in the Siemens software to change the PLCs programming so that it would tell all the controlling computers that nothing was wrong. So it infected both the computer software and the control software running the PLCs.
How was the Stuxnet worm eventually detected? Only after it unexpectedly spread beyond the air gap of the Iranian nuclear facility. No one knows exactly how it got out.
Kaspersky lab estimates that it took a team of at least 10 developers 3 years to develop the worm.
Neither the US nor Israel have officially admitted to creating Stuxnet, and none of its developers have ever come forward.
Stuxnet showed, for the first time, that malware can actually affect the physical world, not just your PC or digital data. In this case it was destroying centrifuges. But subsequent cyberattacks have targeted other types of machines, for example Industroyer, developed by Russia-sponsored hackers, targeted industrial control systems and disrupted the Ukranian power grid in 2016. Stuxnet showed that almost nothing is off limits to hackers intent on malice. A hacker could conceivably take over and put such devices under the control of a malicious entity. Imagine someone taking over your IV drug dosage remotely while you’re in the hospital, or remotely driving your car. - Наука
A few notable details about Stuxnet not included in the video, that we learned during our research, and also sent to us by an anonymous source:
1) STUXNET was an encrypted virus that remained benign until very particular preconditions were met. It unpacked only what was necessary to achieve the next objective, which allowed it to infect millions of devices globally while only damaging centrifuges in an Iranian nuclear facility.
2) STUXNET was the first known virus to have affected physical objects
3) STUXNET was so precise that it targeted serial numbers of the hardware within the Iranian nuclear enrichment plant.
4) STUXNET evolved and was able to incorporate updates into its base payload. This is believed to have been possible because of the high global infection rate, which allowed newer variants to be released anywhere and eventually update the virus at the target area.
5) DUQU preceded STUXNET and remained undetected for years after STUXNET was discovered. DUQU was a network mapping program and keylogger that relayed exact information back to the source. This information was used to update STUXNET making it very precise, which allowed it to target specific networks, manufacturers, hardware, serial numbers, etc.
6) STUXNET/DUQU were used to target and assassinate specific scientists of the Iranian enrichment program (* NOTE: This is from an anonymous source. We have not confirmed this)
7) STUXNET is about 15 years old! Modern malware is probably an order of magnitude more sophisticated - scary!
Arvin Sir, anti-virus (solutions) creators are actually the first people to create viruses (problems).
Why suddenly this universe content creator talks about computers?!?!?
@@LaltidevuGupta because he's doing an ad for an anti-virus vendor, come on man watch the video. everybody needs to eat, and this is an interesting topic
@@dziban303 and, at least it's about a real practical technical issue about nuclear physics
@@LaltidevuGupta I cover science and tech, not always cosmology.
Y'all would be horrified if you knew just how bad industrial and infrastructure cybersecurity remains to this day
indeed.
10 years ago it was mostly WinCe. Also in hospitals. A French water power plant and a US steel mill had RDP ports open to the world in their computer systems. That water dam/power mill was warned about the fact over dozen times and it still did not make any action.
Most of the companies I inspected prefer to learn it in the hard way. Ransomware criminals are happy with it.
Not really when you read about all the personal data that is exposed almost on a daily basis from every organization from medical insurance to electricity companies. Daily just about.
What you're saying is very obviously true.
@@ThePaulv12 Your name and address being exposed is a personal tragedy. The water treatment plant getting shut down is a collective one (and is sometimes easier to do).
The "right now" at the beginning of each video just always makes me smile. Arvin delivers is with such joy, it's simply contagious.
Much appreciated! Thanks for watching.
"I found this on the ground! I'll just plug it into my computer what could go wrong?!"
* my work computer at a secret nuclear processing facility
these days you can't even trust USB sticks you order from Amazon. Tons of examples of low cost noname brand USB drives and SD cards shipping out with unexpected bonus software included.
@@dziban303 really? I'm not saying you're wrong, not at all, it's just new information for me.
Do you have any specific links? Thanks.
well that was just a made up version of the famous Bruce Schneier story from the late 1990s (not sure if he was the first one, but for sure he made the story famous, paid for a white hack from outside as security check at a finance institute and could not find a way in as anything from outside was just blocked, after 4 weeks of trial and error he dropped 30 usb sticks and 2 hours later more then half were plugged in). Intelligence service agencies haven't really a well known reputation for telling the true story of an attack vector that was used and misleading is their basic business.
The surprising and most interesting part of the story was that Siemens were contacted by the Indian Nuclear facility at Busher too as they had issues with a much higher failure rate of the centrifuges. How could that had happened if Irans Nuclear program was attacked, could it be they worked together even if India always denied that.
It was a Dutchman working for the alphabet bros. Search Operation Olympic Games
The fact that the thumb drive appeared to be in the original packaging was a clever twist. No way I would have picked one up off the ground and used one otherwise.
Exactly. The agents who planted it knew that too.
@ArvinAsh can you not call them agents? They are spies and terrorist
"Oh, yeah, let's install Windows in our nuclear weapons program... What could possibly go wrong?"
Lol. great point.
No, the issue is not windows, any operating system can easily be hacked, whether mac, Linux, android, ios... Look at Pegasis, it targets ios and androids... And it's very successful and pretty scary
Now I know why my 168 centrifuges keep malfunctioning. I'll try 166.
Try 169
This is one of my favorite RUclips channels.
Super fascinating! More pls! :)
Well done!
This gotta be the best sponsor ad on RUclips. I cant decide if I just watched so intently for 14 mins only to be sold on a cyber security product by an ad. Who came first, the sponsor or the idea?
wow, this was really interesting!
Super cool topic…!
Israel has killed key people in nuclear program and has blown up the facilities many times. The Stuxnet case was one of the incidents.
cool
@@PhucNguyen-vf1zt Yes but keeps middle east quite warm and escalated.
@@alisharifian535 in desert, you prefer cool to warm
@@user-pf8hs7nv6z For sure,that is why i am afraid of "warm and escalated"
They are as much terrorists as any other
Good video
What a phenomenal video and a fascinating tale of intrigue. I guess the moral of the story is that if you're working at a top-secret facility, do not plug devices into the computer that you find in the parking lot, or any outside/unauthorized device for that matter.
Often such facilities have measures established to prevent things like that from happening, such as physically disabling the ports, and locking the equipment in hardware and software to use only permitted I/O devices. The Iranians were sloppy with their security processes, but I imagine that's been tightened up.
That was brilliant integration of today's sponsor. Too often a sponsor has little if anything to do with the subject matter, but here that is not the case. Well done.
More tech content! I loved this video
Glad you like it! More to come if there is demand from others like yourself.
+1
Too short! Could have easily been 45-60 minutes.
For every curious mind Mr Arvin is here🙌. Hats off man. Please make a video about the theory of Raikons (the fundamentals of the universe).
It's possible to destroy hardware for a long time now - in the 90s monitors were not as robust, and it was possible to misprogram your video card to output something your monitor couldn't support. Some monitors shut down, while others tried to display it, which overloaded their circuits. At best. the monitor will destroy itself. At worse, it could burn your house down. Then in the late 90s and early 2000s there were viruses that would erase the BIOS in your PC, so rendering it useless and basically impossible to fix back then.
@ArvinAsh, I love your videos, but can make a video on Fermi energy and Fermi levels?
Just pointing out that the graphics shows a mixer not a centrifuge. Centrifuges spins the whole tube in a circle, not mechanically mixing it with a stick.
Despite the dangers such things pose, even after learning only the general idea and not having insight or ability to understand the minutiae, this was/is a fascinating work of art.
04:08
_Uranium 238 is not fissile, ..._
Not in the sense that you're getting a chain reaction. It still can be split by fast neutrons as produced by a hydrogen bomb.
Now THIS is a proper merch LoL
I appreciate the fact that you are branching out and covering other topics. Not necessarily my cup of tea this topic, but watched the video in its entirety to support your channel. Let's get back to physics, please 🤓
I appreciate it, but I'm not branching out. I have always made videos on science and tech. In the past, I have made several video on quantum computing, AI, and some philosophical subjects as well. I cover topics that typically ask big questions, or have profound implications. The Stuxnet story to me is profound because it potentially foreshadows an ominous future where our IOT devices, or any internet-connected object could be susceptible to malicious control.
Did this video turn out to be a 14min long ad?
lol
Haha. no. But I always try to find a smooth segue into our sponsor announcement. And this time, our sponsor happened to be a great match for this content.
The title of this video should have been "The secret cyber attack that prevented WW 3".
Ahhh...good suggestion!
@@ArvinAsh But it didn't prevent world war 3 and we are arguably now involved in the middle east because of the downstream effects of stuxnet... You can make a stronger argument that it FOMENTED WW 3 (or whatever you want to call the current proxy wars going on around the world between NATO and their enemies) rather than preventing it. If nothing else, it was an even that preceded and predicted our current international wars... You should change the title to something less political if you want to be taken seriously.
The title changed lol
Agree but it only prolonged it….
Correct!
Is the picture at 11:04 taken in Antwerp - Belgium, the 4 nuclear power facility in Doel ?
It was fine but it was a bit of a left turn for you channel.
Yeah, well, it's a good way to sell anti-virus software. Just imagine the videos if Nike was the sponsor. 🤔
Oh no that Segway from “informing” to product advertising I can’t co-sign & I like this channel alot
*segue, not segway
@@BillMac1966 Thanks but spellchecking on RUclips is missing that RUclips wants the comments to be a mess, their spellcheck is egregious
The guy realizing he lost the thumb drive: 💀💀💀💀
Shoutout
Please reply !!!! 😭, what is the soundtrack from 6:35 onwards
Why suddenly this universe content creator talks about computers?!?!?
Don't mind me I'm just taking notes 😁😁😁
Just think about what can be done to hospitals, which we already know have a generally bad security against cyber attacks. Imagine being operated at, when there is a failure of the equipment.
When does season 2 of one piece come out?
What is the name of the melodi at the end?
Years before Operation Olympic Games, the Y2K vulnerability had clearly shown the possibility of cyber attacks against complex industrial and infrastructure systems.
almost at a million! 🤩
imagine how many sleeper computer virus exist today
What a coincidence. Just a few hours ago I created a USB-Stick with some tools for testing and ESET Antivirus was among them. :)
seriously? That's quite a coincidence.
I don't think the theory how this got infected makes no sense. If there is a high security nuclear facility, why would a trained personal take a random usb stick from the street (or other place) and put it into a computer on the nuclear facility? One that was deliberately excluded from the internet for security reasons.
Sorry, but I don't believe this story one bit.
Security is only as good as the weakest link. Humans tend to be that link. And the more humans that are present, the weaker that link is likely to be.
@@ArvinAsh Correct.
it is a very common attack vector and it works a surprisingly high amount of the time. Source: I'm a penetration tester.
Don't bother it's intentional.
It is known how they were infected, through a compromised pump and the guy Dutch subcontractor who installed the pump was killed in a freak car accident in Dubai when he wanted to blow the whistle.
You’ve clearly never worked for a government organisation 😂
what is with this resurgence of stuxnet content? you're like the 3 or 4th channel to post something about it in the last couple weeks. new info I assume?
Probably just a coincidence. I have always been fascinated with how a code was able to destroy a physical thing. That is pretty astounding imo.
This software virus destroyed the internet for years once it was unleashed onto the earth. Printers stopped printing paper forms, Wifi routers stopped doing wireless, cash checkout registers still to this day die randomly from stupid zero day exploits like this. The world is finally starting to become more aware of this type of malware
I too was fascinated by this. Especially an air gapped network. I remember reading about this so long ago. Pure genius design. The planning that went into this.... it laying dormant solely for the purpose to maximize damage ! I loved it. It could have destroyed one centrifuge immediately upon infection but it laid dormant to spread , and spread... and I also found it fascinating that it changed the programming on the plcs to report no fault .".".
@@ArvinAsh can't argue with that - thanks for the vid!
It's all about the algorithm and monetisation.
Always scan external drives 😎
Kaspersky works! GO, KASPER, GO!
Stuxnet is/was a worm and not a virus.
Stuxnet had a rootkit allowing the worm to take over computer systems without user intervention.
Seems defending against rootkits is key.
Yeah Snakeoil software is sometimes the malware itself .) I heart about kaspersky is banned from gov computers, because of the russian background. But it has still the highest detection rate, so its needed.
🤘
Has you sub count decreased? You should cover new tech more for sure the physics stuff isn't trendy atm I don't think
If there is enough demand, there are lots of subjects in tech I could cover. But my tech videos so far have tended not to get as many views.
@@ArvinAsh fair enough must just be losing interest in physics, probably definitely just me. I used to watch everything you put out but these days only rarely.
This will look like a small issue, like a particle of dust, in the next few years...moreover beyond
Well, it's better than trying to implement the utopian idea of communism - we've seen where that road takes us, for more than a century now.
This whole thing was an ad.
Yup. What's weird is how most people don't even realize it. I mean, it couldn't be more obvious.
I wonder what kind of collateral damage will occur with use of current AI tech as malware.
In a sense the collateral damage is currently happening.
Great question. I think it could be significant.
Why does everyone seem to fixate on Uranium enrichment when all modern weapons use Plutonium? I understand that it is much easier to get a result using Uranium, but it's the modern era (even NK seems to use Plutonium), and you could probably hide testing of an implosion device (the conventional explosive part) among testing of other conventional weapons. From what I understand, you need a nuclear power plant (that the Iranians have) and ordinary Uranium to produce Plutonium, along with some way of not being detected extracting and processing the plutonium.
Do you know where the Plutonium comes from? In Western countries, it's from Uranium used in nuclear power plants, which has to be enriched. Plutonium is not something that exists in sufficient quantities to be mined, so its created mostly from (enriched) Uranium fission. Enrichment is fundamental to any kind of nuclear bomb production.
@@ArvinAsh You only need to enrich a few percent for a reactor, and Iran has a civilian nuclear programme already; the old agreements were fine with that. That is why I wondered what the fuss about high enrichment was about if plutonium can be extracted from u238 that has been exposed in a reactor (or maybe from fuel re-processing).
There are gonna be a few AB fanboys that’ll be upset that you say Siemens then show a picture of a micrologix1400
If it's the scene I'm thinking of, that scene was to show that Stuxnet targeted Siemens, and infected them and not any others.
Avnesh are you indian bro, becoz your name matches to us
Look a free hard drive am ganna plug it in my computer meanwhile Israel calls the USA and says “gentlemen we have got them”👏
Software destroying a Hardware , oops man !
This is so old, saw it on thoughty2 years ago
Yea and he wasn't the first to report on it either lol. This happened in the 2000s. Who gives a shit if you heard about it. People can make videos on things that have been covered already
Your mom is so old, she still goes to the drugstore looking for ice cream floats.
I wonder who planted the USB stick there?
Some guy.
W.
Probably a lot for numerous people
There are two theories on this. One is that many sticks were dropped over a long period of time until someone picked one up. My guess, if this is the case, would be that it was dropped off by a nearly undetectable small drone. The other theory is that there was a Western spy at the facility that the US/Israel used to insert the virus.
@@uriituw Working for who?
Why aren't you allowed to say it?
this is from 10 years ago !!
No, 16 years ago.
The story as presented in the documentary about Stuxnet called "Zero Days" is that intelligence learned who would be coming for regular inspections and preventative maintenance and they loaded the virus into their machine...they has to bring software updates to load onto the reactors computer...so the virus loaded itself onto the USB drive without the inspector knowing. It was written in such a way it didn't show up as a file on the drive
Why does youtube keep unsubscribing me from arvin ash???
You need to fire your audio guy
What was wrong with the audio?
I suppose that Iranians would say what goes around comes around. The virus was smart but not smart enough to not infect general devices.
Scrolling the comments, I can't see anybody mention that the Palestinians have been wiped from existence
I remember the Obama administration "not knowing nothing about them centri-thingies". I knew it was a brilliant act of espionage but I never knew how brilliant. Much preferable to violence. Thanks for the real story, Arvin!
This is violence. Both the assassinations of scientists in Iran and the stuxnet virus which caused an explosion inside the enrichment facility which lucky for Iranians didnt lead to major contamination of the surrounding area.
Publicity lang yan. Probably from the 1970s retold for the modern times. But cybersecurity is real, huh?
Trump was a fool to pull out of the nuclear agreement we had with Iran that - with regular IAEA inspections - capped enrichment at a level unusable for bombs but still good for power plants.
He also thought it was a good idea to keep a ton of classified docs at his property for no clear reason. So I guess it is just par for the course with him.
The real horror is the AI image at 1:20. I saw another channel use similar AI created images and were sourced through Getty. The real worm all along is the one that funnels money to people who input brief prompts into a 5 second image generator lol.
bro, that's a photo of the actual facility... you are correct that AI is a serious problem, but you are charging at a windmill and calling it a giant...
Yes, AI generated images are definitely the worst threat to mankind 😂😂
They're at best an annoyance to already skint artists who don't understand how AI actually works and need a scapegoat for their failures
I'm glad your pointed this image out, I wonder if Arvin noticed it's AI generated, probably not.
@@kooky45 It sounds like you're thinking Arvin might have accidentally found an AI generated image to use, and you think somehow that's a problem? I'm not sure why him purposely using modern technology would be a problem, much less accidentally using it, lol
what a "good", "stable" and "human-loving" politico-economic system is on the Earth, where its various actors are forced to harm and destroy each other in the struggle for leadership in accessing to resources and capitals that provide prosperity and wealth
Well, it's better than trying to implement the utopian idea of communism - we've seen where that road takes us, for more than a century now.
Well, it's better than trying to implement the utopian idea of communism - we've seen where that road takes us, for more than a century now.
@@Mr-wv1tuI don't see a difference. At all.
Eric van Sabben (and yeah it's a very well kept secret even on wikipedia). No USB flash drives in a parking lot (tho this cautionary tale is a nice teaching moment), that part is less than speculative, it's just plain unrelated to this story.... So yeah, some correction for the story would be nice....
Stuxnet was brilliant!
ESET literally bounces off my superior qubes linux install
That was a fairly interesting 14 minute ad!
Without breaking any laws recently passed in the congress: ask yourself how this act would be perceived if the shoe was on the other foot. Just saying, nothing good about this stuff.
Indeed. Russia is suspected to have sabotaged some US infrastructure. There is a cat and mouse game going on in right now in cyber warfare.
Funny thing is Iran has never intended to develop a nuclear weapon, only nuclear energy production.
uh huh
Riiiiiiiight
Right..... in Make-Believe Land, maybe? You know the place where Iran is a "peaceful" nation, and doesn't kill and torture inocent citizens. There?
True. But they wanted to make sure they could if the Saudis did the same.
.
Usually malware is a bad thing, but in this case you could argue it was actually a good thing.
Cool video, but the AI images/upscaled images are just distracting. Just use real pictures, especially when talking about something as down to earth as this.
There are no real ones.
@@ArvinAsh great video. Not sure why so many people have come here with AI chips on their shoulders. I don't know if you used AI images or not, but don't see why you should feel guilty for using modern technology if you did. I wonder if this guy is a bad artists who needs an easy scapegoat
Arvin Sir, anti-virus (solutions) creators are actually the first people to create viruses (problems).
4:28 - _"A centrifuge is used to spin..."_ WHAT?! *URANIUM* ??! Or was it supposed to be *uranium hexafluoride* - which, at slightly elevated temperatures is a gas? (Vapour, actually, but never mind these small technicalities.)
Yes, yes, I know - a slip of tongue, but still, rather dumb one, innit? Especially in a video by a scientist...
Also, your titles are becoming kinda clickbaity, in a silly way - YOU, yourself have said clearly in the opening minutes of the video that Stuxnet was developed PRECISELY in order to avoid any direct military action (by Israel), WHICH ACTION could could then, in turn, trigger a world war (actually, hardly, but let's assume for argument sake t hat it could) - so, in the title you claim that this cyber attack "almost triggered" ("almost sorta kinda nearly close to a remote possibility" rather),even if you perfectly know it's a load of horse manure.
I'd say "not very unbecoming of a scientist" (aka noblesse oblige), but what do I know...
The dude in the intro has 6 fingers wtf lol
you blind? I counted it and it's only five. Try to use the pause button next time to double check. :)
If US & Israel can do this then imagine what China can do 😁😁😁
I love how Simon did a video about this six days ago! ruclips.net/video/UtFqtA0X_hM/видео.html
First
If Iran thinks the US is the devil then why are they using Microsoft Windows XP? Shouldn't they be using their own heavenly software?!
That was sarc, nothing is better than Windows lol
Developing an operating system is not easy. It is time and money consuming and requires many software and hardware experts staying awake many nights writing codes,alpha testing,beta testing keeping it updated etc... so people usually use whatever they have unless they want to go more secure and more difficult for outsiders figure out how their systems work. Considering the computers were "isolated" they didn't bother using a custom linux distribution or similar.
More likely that it was Siemens requirement for the PLC control facility.
It's funny how often the people screeching loudest about the evils of the Great Satan get driven to their speeches in Fords, and so very many other such hypocrisies.
20 mins 600 views.bro fell off
4 hrs, 4,000+ views
Cmon,click bait!
Haha jk!
Im so tired of manipulative attitude like in this video. Do you really want Iran (terrorist state) to have nuclear weapon? Then why you blame Israel for almost starting WW3? It was a prevention of possible nuclear war. More than that, in this case Israel choose to behave as non-violently as possible. You still draw Israel as a villain here.
Did we watch the same video? I did not get any "pro this" or "anti that" vibe from this video. Can you link the specific timestamp to your concern?
Very cleaver
Why would you recommend antivirus? Show me one computer scientist who would recommend anitivirus software for personal use who isn't getting paid to say it.... 99% of the time antivirus software is worse than any virus!
Not everyone has the same security literacy.