Hackad (2021–…): Season 1, Episode 6 - Hotet från främmande makt - full transcript
Hey. Marcus.
You have to register
with both name and ID.
You're not allowed to film anymore.
For my part, it would be okay,
but it must be approved by my boss.
We have reached the end
of our experiment where four hackers–
- attacks people and companies
to show how vulnerable we are.
We know that foreign powers have stolen
information from Swedish authorities.
In this episode the
security will be tested at Telenor.
It's a critical infrastructure that
foreign power wants control over.
There's a large flow of information.
It will be the largest company
we attack. A huge challenge.
Can the hackers navigate past
advanced security systems -
- and a large team that only
exist to catch them?
This is one of our crisis rooms.
This is where we will have the exercise.
-What computers will we get?
-These are our client computers.
The hackers will act as agents
from foreign power.
Telenor has advanced monitoring -
-And conduct regular simulated
attacks to find weaknesses.
The hackers have received an office computer -
- which corresponds to the ones
used by company employees.
They need to navigate as quietly as possible
through the huge network -
-To find a path to servers
with sensitive information.
A major challenge with the assignment is
that the company’s own security team
-Which is called Blue team, constantly
scans the network for attackers.
That is what we have against us
during these hours.
The idea is that security
should be as normal as possible.
My primary responsibility is
to ensure that the technology works.
Also make sure
that they don't break anything.
Whatever we poke at
there are sensors there?
Yes.
It's not easy.
It will be a challenge.
It will be difficult,
I think so.
We have many limitations
and little time.
We have two days, maybe
30 hours if we don't sleep.
Very bad conditions
for us to succeed.
There has been a lot of preparation,
many meetings–
-Where we've discussed both the exercise
and all legislation.
We have signed agreements,
at least two.
There are so many rules.
If they don't follow them,
we'll kick them out.
All offensive decisions
we must take together.
They have to go through the exercise leaders.
To sit there
on a system that is incredibly large–
- with many limitations,
computers that are not even your own
- and a process that makes you have to
get everything approved by a dungeon master ...
Do you feel ready,
and have everything you need?
-I think so.
-Perfect, then we'll start the exercise.
Let's take these off.
So should I look at
storage space on the network?
Including databases.
- You'll go for accounts.
-Everything with AD, at a slow pace.
–Webb.
-Everything like that.
To avoid making noise -
it'll be good if we can look for things
which can give us more.
Now we need to figure out
how the network looks like-
- without showing the Blue team
that we're here–
And find the networks that aren't
forbidden, and attack them.
Tele companies are equally important
as bridges, roads, harbors.
An attack on a large tele company
can seriously disrupt–
society's ability to function.
Customer information, calls ...
Everything - text messages and stuff.
All that information is very sensitive -
-And is fantastic for us
as a foreign power to access.
Just that people use SMS
to log in to accounts ...
If we can then take over arbitrary
phone numbers, we can access
-Many people's accounts.
We've got these hackers here,
who are among the better in Sweden.
How do they think? What tactics
and what tools do they use?
And how do they do it? It's most interesting.
They don't know that our plan
is to suck out their knowledge.
Ulf Andersson works as
information security manager–
-But has its background in the
intelligence service and Säpo.
He brings with him his experiences
into the job of IT security.
In my team we have hackers–
-But if you add intelligence-
background, to really understand
- what intelligence is all about, how
you work to get information ...
To translate it into this
field, I think gives a great advantage.
Because everything is about
obtaining information.
The one who has most information
will win, history has proven.
Stig Wennerström,
one of Sweden's most famous spies–
- is arrested and brought to justice in 1963,
after 20 years of reconnaissance work.
In his home there's photographic equipment
and microfilms with documents
- which Wennerström photographed
and sent to the Soviet Union.
But today the spies are sitting
in front of the computer.
The cyber attacks from foreign powers
are so frequent and intense–
- that they are on the border between
espionage and low-intensity warfare.
The US president warned this spring
for the consequences of the development.
The threat to Sweden in the form of
cyber attacks from foreign powers
- are real.
We see how the threats have expanded
and deepened over a number of years.
The consequences are serious. It's for
real - they're real people.
It takes place daily against Sweden
from a variety of countries.
We see how foreign power comes in
and steals research, development -
-blueprints - entire production environments,
to bring home to their countries.
The countries that pose the greatest threat
are Russia, China and Iran.
Today it's an uneven match. Those who
attack us have a head start.
Not much resources are invested
in security, which would be needed
- considering the threat.
There are great values at stake.
It's not just computer stuff,
the consequences can be serious.
They can affect the financial
foundations of Sweden's democracy.
-How's it going?
- The technology is up and running.
So they will probably have
a lot to do. Absolutely.
I talked to the Blue team,
they got the starting signal at the same time.
Okay.
Then they'll soon be discovered.
Yes. We'll see,
it hasn't been that long.
10 62.
Is it also forbidden?
Everything is forbidden.
We had a list of systems
which we weren't allowed to touch.
On that list, they added more and more.
The more we found, the more they
realized: "No, by the way, don't touch it."
We suggested several attacks.
Each attack must be approved,
so we had to wait a lot.
It's so frustrating!
Our core network has all the info.
This is where our secret databases are
located, with all customer data.
That's where you want to go
when talking telecommunications.
They were not allowed to go there. We had
limits on what they were allowed to do.
We knew that if they go there-
- functions could break down,
and we would have a lot of problems.
It became messy. Everyone tried to be
creative and come up with good ideas.
This is half joke, half serious.
Let's buy a botnet.
Nuke some service from the outside...
No, but listen. Hear me out!
Basically three kids in a candy store.
Normally when we do this, it's
"free for all", just to pick and attack.
You lost me when you said:
"Buy a botnet."
In the end, we ignored the alarms
and just rolled with it.
"We're getting nowhere," because everything was
forbidden. We did everything we could.
To navigate the huge network
they need to do a scan -
-On over 4,000 IP addresses.
The problem is that it generates
a lot of traffic. They risk detection.
We'll ignore the Blue team.
We're hoping they look at China.
If they don't detect us now, they're
real losers. We'll assume they will.
Three ... two ... one ...
Blue team
- now they'll stop drinking coffee.
There was a lot of traffic
which was pushed through. Very obvious.
All their logs lit up
like a Christmas tree, probably.
-Hello.
-Hey.
-How's it going?
-To hell.
A cat and rat game. You should never
accept that a foreign power is inside.
No other technical problems
which we need to sort out?
No.
I have contact
with the Blue team internally.
They get no info what is happening on
the other side. I'll look up what they find.
Yes....
Yes?
I checked with the Blue team.
It was actually very comical ...
They said it sounded like a tank
drove around the infrastructure.
They are THAT noisy?
In a realistic scenario,
we would have stopped them immediately.
After a few minutes or so.
But then there wont be an exercise.
What do you learn from stopping it?
It's better to open the door
and see what they'll do.
Give me five minutes.
-Should I run a hydra from our C2?
-Yes. Take one at a time.
Check.
We asked Marcus: "May we look
at other parts of the network? "
We got to look at some other systems.
On them, Jinny found
an encrypted password.
Actually, we found
26 encrypted passwords.
But one of them we managed to crack
with a simple dictionary.
We have found a machine
which we can access.
It had a folder that we can read.
Tt looks like there are folders
which appears to belong to users.
Maybe all users, even. We
can read them and watch the content.
If an administrator has saved
their password in their profile.
Then we have it and maybe can
jump to other machines.
Take over machines, quite simply. Jump
on to the more sensitive resources.
What Linus is doing now
is to copy over all content–
-To a USB stick, so that we get
access to all that information.
Even if the Blue team sees this ...
We don't care. We just want to get the
info as fast as possible.
We'll barricade that door,
so that they can't break in.
That's what we're doing right now. It's
the first really interesting finding.
It could be a gold mine.
I think...
There has been a shift.
Private companies,
especially the telco companies -
-Have realized that they
are socially critical infrastructure.
They are the key for society to work.
Everything is based on communication.
That awakening has probably happened
since x number of years back.
If the communication stops working,
society is likely to collapse.
Then we can't communicate. We are so
used to the phone constantly working.
That's the big
awakening among telecom companies.
To realize that we are
so important to society.
Many cyber attacks
have been linked to foreign power.
This applies to attacks on waterworks,
food manufacturers -
-Fuel companies and authorities.
The US administration
accuses Russia
-To allow hacker groups to
act freely, without intervening.
Biden has proposed an agreement
which protects critical infrastructure.
We are used to battles
between countries being conducted militarily.
But thanks to technological development
and development of cyber tools -
- much of the struggle has been moved to
the cyber domains or the cyber world.
That's where it takes place
a struggle between countries.
It's not as visible.
You may not always know
who fires the digital shots.
Which makes the security environment
has become more difficult to understand.
You have to take security seriously.
One must take the ability of a foreign power
to conduct such business seriously.
These are people in other countries
who have a salary–
-To conduct that type of
activities - government officials.
There are companies that have been unaware
that they have had an IT intrusion.
They have become aware of it
only when we contacted them–
-Or when they see a copy
of their product in another country.
That's because those countries have big
resources and are technically proficient.
If they meet a Swedish company
who do not have a high level of protection
- it will be an easy prey.
IT security will become
even more important.
In the future, we will be more connected.
Launch of 5G, which is coming, means
that we become even more connected.
The cars will be connected.
Everything from refrigerators to whatever
you can imagine, will be connected.
There will always be vulnerabilities,
so people need to be more prepared–
-And test themselves.
It is about who finds the vulnerabilities
first, we or the opponent?
Then it's better to try to
find the vulnerabilities yourself.
Get help from anyone who can help.
Continue
to find your own vulnerabilities.
I have found a lot of systems that
are super interesting - old stuff.
We can always get in there.
Blue team seems to have seen that you
made weird connections to the Internet.
That they want an explanation for.
- Against the internet?
-Yes, some port 22.
It was against your address.
We're downloading a "wordlist"
to crack hashes.
Yes.
- Did you talk to a colleague?
- We haven't spoken to anyone on the phone.
-So you got no help?
No.
We found quite a lot
of interesting stuff.
27 minutes left,
and we've cracked a hash.
We have a hash.
We have that password.
That was interesting. Really good.
Yes, Jinny is
testing if she can login with it.
I feel that Marcus became quite
nervous when he saw the account.
We asked for a "ticket".
Then we cracked it.
But how did you find the service?
- We asked ...
-You ran that ... what's it called?
Get-SPN.
We've found a lot of fun. stuff.
We are now decrypting this.
These are saved passwords
in a Chrome session.
We've got a lot of Chrome files
from these profiles.
In the vhd files, someone has
saved passwords in the browser.
Username "Admin",
to all of these addresses.
We don't have the password yet,
but looking at it.
We've also gotten in here.
It's a Wiki ... Maybe shouldn't
film it before he says okay.
I created an account.
I was allowed to create an account -
-And I've read a lot of interesting stuff.
-It's interesting.
-Yes it is.
The wiki server contained information -
-Which can be seen as a kind of map
over parts of the network.
We haven't had time
to analyze the material.
It seems to be username and
passwords to other parts of the network -
- which isn't good at all.
That is the risk we must address.
We found an account ...
You seem to want to do something.
Now we have a hash we have to crack.
If it works, we can decrypt them ...
- Where did you get that hash from?
-Magic.
I searched for the password, and then
I read. Do you have to kill me now?
Yes.
No, so ... Is the camera off?
-What has happened now?
- They have discovered ...
... that they could retrieve passwords
from internal services.
-Food!
- Wonderful!
The next directive is that as soon
as the Blue team thinks that this-
-Can risk our services,
then we cancel.
We went from practice mode to
incident mode where all teams are activated.
You may notify the hackers
to stop.
Hi. Could you pause everything
and come with me?
We'll have an incident meeting.
It's important that we do it now.
-Come, we need to fix this.
-You look so serious.
Can we turn off the camera
and tell us what we aren't allowed to do?
It is "no go zone".
Shall we gather?
Good. - Thank you, Marcus.
We had to take a short break
and stop the exercise a bit.
You were supposed to find things.
That's why we joined
this game. And now you have done it.
It's really fantastic. But what
you have found, must be fixed.
And it's pretty urgent.
We have started the incident process.
Because what you found ... I can't
say where you would have ended up–
-But we value it
as a major vulnerability.
So I find it difficult to
continue the exercise.
But at the same time I'm
incredibly grateful –
- that you have found it.
Somehow I'm glad that
we could do this together.
I'm trying to convey a joy here.
But also a concern,
because we have to fix it.
If a real opponent found it,
it would have major consequences.
Shall we continue the exercise
or fix the vulnerability?
The choice was pretty easy for me.
I quickly realized:
"Now it's serious, now we can't
discuss viewer numbers. "
Thanks! Totally fantastic
that you found the vulnerability.
A bit frustrating. I guess this
is how to end an exercise-
-When you find something really juicy,
which makes us even better.
So super-thank you.
The hackers were discovered early and
did not reach the sensitive servers.
However, they found vulnerabilities that
got Telenor to cancel the exercise -
-To initiate incident management.
It turned out that the information
didn't lead to critical data.
The risk is still greater
if you don't do this.
"If we don't do this, we'll still get
greater risks, because then we know nothing. "
Knowing nothing is the biggest risk.
We live in a digital society–
- where our assets online
are as real as the physical ones.
The hackers have shown how easy it is
to gain access to individuals and companies.
It's time
to take your digital life seriously.
I think we will be able to
handle information like we've always done.
It takes time,
and things will happen.
But they had the same discussion
about the telegraph - it was dangerous.
The radio was dangerous.
We're not even going to talk about TV.
I see a bright future.
In 20-30 years, I think we'll
have adapted to digitalisation.
To be afraid of such activities
is not something you gain on.
We advocate sound vigilance.
To have the radar up
and keep track of your surroundings.
This competence must be taught
as early as possible - in preschool -
-In primary school, in high school
and also in higher education.
Because this is important to learn.
Subtitles: Johan Johansson
Swedish Media Text for SVT
You have to register
with both name and ID.
You're not allowed to film anymore.
For my part, it would be okay,
but it must be approved by my boss.
We have reached the end
of our experiment where four hackers–
- attacks people and companies
to show how vulnerable we are.
We know that foreign powers have stolen
information from Swedish authorities.
In this episode the
security will be tested at Telenor.
It's a critical infrastructure that
foreign power wants control over.
There's a large flow of information.
It will be the largest company
we attack. A huge challenge.
Can the hackers navigate past
advanced security systems -
- and a large team that only
exist to catch them?
This is one of our crisis rooms.
This is where we will have the exercise.
-What computers will we get?
-These are our client computers.
The hackers will act as agents
from foreign power.
Telenor has advanced monitoring -
-And conduct regular simulated
attacks to find weaknesses.
The hackers have received an office computer -
- which corresponds to the ones
used by company employees.
They need to navigate as quietly as possible
through the huge network -
-To find a path to servers
with sensitive information.
A major challenge with the assignment is
that the company’s own security team
-Which is called Blue team, constantly
scans the network for attackers.
That is what we have against us
during these hours.
The idea is that security
should be as normal as possible.
My primary responsibility is
to ensure that the technology works.
Also make sure
that they don't break anything.
Whatever we poke at
there are sensors there?
Yes.
It's not easy.
It will be a challenge.
It will be difficult,
I think so.
We have many limitations
and little time.
We have two days, maybe
30 hours if we don't sleep.
Very bad conditions
for us to succeed.
There has been a lot of preparation,
many meetings–
-Where we've discussed both the exercise
and all legislation.
We have signed agreements,
at least two.
There are so many rules.
If they don't follow them,
we'll kick them out.
All offensive decisions
we must take together.
They have to go through the exercise leaders.
To sit there
on a system that is incredibly large–
- with many limitations,
computers that are not even your own
- and a process that makes you have to
get everything approved by a dungeon master ...
Do you feel ready,
and have everything you need?
-I think so.
-Perfect, then we'll start the exercise.
Let's take these off.
So should I look at
storage space on the network?
Including databases.
- You'll go for accounts.
-Everything with AD, at a slow pace.
–Webb.
-Everything like that.
To avoid making noise -
it'll be good if we can look for things
which can give us more.
Now we need to figure out
how the network looks like-
- without showing the Blue team
that we're here–
And find the networks that aren't
forbidden, and attack them.
Tele companies are equally important
as bridges, roads, harbors.
An attack on a large tele company
can seriously disrupt–
society's ability to function.
Customer information, calls ...
Everything - text messages and stuff.
All that information is very sensitive -
-And is fantastic for us
as a foreign power to access.
Just that people use SMS
to log in to accounts ...
If we can then take over arbitrary
phone numbers, we can access
-Many people's accounts.
We've got these hackers here,
who are among the better in Sweden.
How do they think? What tactics
and what tools do they use?
And how do they do it? It's most interesting.
They don't know that our plan
is to suck out their knowledge.
Ulf Andersson works as
information security manager–
-But has its background in the
intelligence service and Säpo.
He brings with him his experiences
into the job of IT security.
In my team we have hackers–
-But if you add intelligence-
background, to really understand
- what intelligence is all about, how
you work to get information ...
To translate it into this
field, I think gives a great advantage.
Because everything is about
obtaining information.
The one who has most information
will win, history has proven.
Stig Wennerström,
one of Sweden's most famous spies–
- is arrested and brought to justice in 1963,
after 20 years of reconnaissance work.
In his home there's photographic equipment
and microfilms with documents
- which Wennerström photographed
and sent to the Soviet Union.
But today the spies are sitting
in front of the computer.
The cyber attacks from foreign powers
are so frequent and intense–
- that they are on the border between
espionage and low-intensity warfare.
The US president warned this spring
for the consequences of the development.
The threat to Sweden in the form of
cyber attacks from foreign powers
- are real.
We see how the threats have expanded
and deepened over a number of years.
The consequences are serious. It's for
real - they're real people.
It takes place daily against Sweden
from a variety of countries.
We see how foreign power comes in
and steals research, development -
-blueprints - entire production environments,
to bring home to their countries.
The countries that pose the greatest threat
are Russia, China and Iran.
Today it's an uneven match. Those who
attack us have a head start.
Not much resources are invested
in security, which would be needed
- considering the threat.
There are great values at stake.
It's not just computer stuff,
the consequences can be serious.
They can affect the financial
foundations of Sweden's democracy.
-How's it going?
- The technology is up and running.
So they will probably have
a lot to do. Absolutely.
I talked to the Blue team,
they got the starting signal at the same time.
Okay.
Then they'll soon be discovered.
Yes. We'll see,
it hasn't been that long.
10 62.
Is it also forbidden?
Everything is forbidden.
We had a list of systems
which we weren't allowed to touch.
On that list, they added more and more.
The more we found, the more they
realized: "No, by the way, don't touch it."
We suggested several attacks.
Each attack must be approved,
so we had to wait a lot.
It's so frustrating!
Our core network has all the info.
This is where our secret databases are
located, with all customer data.
That's where you want to go
when talking telecommunications.
They were not allowed to go there. We had
limits on what they were allowed to do.
We knew that if they go there-
- functions could break down,
and we would have a lot of problems.
It became messy. Everyone tried to be
creative and come up with good ideas.
This is half joke, half serious.
Let's buy a botnet.
Nuke some service from the outside...
No, but listen. Hear me out!
Basically three kids in a candy store.
Normally when we do this, it's
"free for all", just to pick and attack.
You lost me when you said:
"Buy a botnet."
In the end, we ignored the alarms
and just rolled with it.
"We're getting nowhere," because everything was
forbidden. We did everything we could.
To navigate the huge network
they need to do a scan -
-On over 4,000 IP addresses.
The problem is that it generates
a lot of traffic. They risk detection.
We'll ignore the Blue team.
We're hoping they look at China.
If they don't detect us now, they're
real losers. We'll assume they will.
Three ... two ... one ...
Blue team
- now they'll stop drinking coffee.
There was a lot of traffic
which was pushed through. Very obvious.
All their logs lit up
like a Christmas tree, probably.
-Hello.
-Hey.
-How's it going?
-To hell.
A cat and rat game. You should never
accept that a foreign power is inside.
No other technical problems
which we need to sort out?
No.
I have contact
with the Blue team internally.
They get no info what is happening on
the other side. I'll look up what they find.
Yes....
Yes?
I checked with the Blue team.
It was actually very comical ...
They said it sounded like a tank
drove around the infrastructure.
They are THAT noisy?
In a realistic scenario,
we would have stopped them immediately.
After a few minutes or so.
But then there wont be an exercise.
What do you learn from stopping it?
It's better to open the door
and see what they'll do.
Give me five minutes.
-Should I run a hydra from our C2?
-Yes. Take one at a time.
Check.
We asked Marcus: "May we look
at other parts of the network? "
We got to look at some other systems.
On them, Jinny found
an encrypted password.
Actually, we found
26 encrypted passwords.
But one of them we managed to crack
with a simple dictionary.
We have found a machine
which we can access.
It had a folder that we can read.
Tt looks like there are folders
which appears to belong to users.
Maybe all users, even. We
can read them and watch the content.
If an administrator has saved
their password in their profile.
Then we have it and maybe can
jump to other machines.
Take over machines, quite simply. Jump
on to the more sensitive resources.
What Linus is doing now
is to copy over all content–
-To a USB stick, so that we get
access to all that information.
Even if the Blue team sees this ...
We don't care. We just want to get the
info as fast as possible.
We'll barricade that door,
so that they can't break in.
That's what we're doing right now. It's
the first really interesting finding.
It could be a gold mine.
I think...
There has been a shift.
Private companies,
especially the telco companies -
-Have realized that they
are socially critical infrastructure.
They are the key for society to work.
Everything is based on communication.
That awakening has probably happened
since x number of years back.
If the communication stops working,
society is likely to collapse.
Then we can't communicate. We are so
used to the phone constantly working.
That's the big
awakening among telecom companies.
To realize that we are
so important to society.
Many cyber attacks
have been linked to foreign power.
This applies to attacks on waterworks,
food manufacturers -
-Fuel companies and authorities.
The US administration
accuses Russia
-To allow hacker groups to
act freely, without intervening.
Biden has proposed an agreement
which protects critical infrastructure.
We are used to battles
between countries being conducted militarily.
But thanks to technological development
and development of cyber tools -
- much of the struggle has been moved to
the cyber domains or the cyber world.
That's where it takes place
a struggle between countries.
It's not as visible.
You may not always know
who fires the digital shots.
Which makes the security environment
has become more difficult to understand.
You have to take security seriously.
One must take the ability of a foreign power
to conduct such business seriously.
These are people in other countries
who have a salary–
-To conduct that type of
activities - government officials.
There are companies that have been unaware
that they have had an IT intrusion.
They have become aware of it
only when we contacted them–
-Or when they see a copy
of their product in another country.
That's because those countries have big
resources and are technically proficient.
If they meet a Swedish company
who do not have a high level of protection
- it will be an easy prey.
IT security will become
even more important.
In the future, we will be more connected.
Launch of 5G, which is coming, means
that we become even more connected.
The cars will be connected.
Everything from refrigerators to whatever
you can imagine, will be connected.
There will always be vulnerabilities,
so people need to be more prepared–
-And test themselves.
It is about who finds the vulnerabilities
first, we or the opponent?
Then it's better to try to
find the vulnerabilities yourself.
Get help from anyone who can help.
Continue
to find your own vulnerabilities.
I have found a lot of systems that
are super interesting - old stuff.
We can always get in there.
Blue team seems to have seen that you
made weird connections to the Internet.
That they want an explanation for.
- Against the internet?
-Yes, some port 22.
It was against your address.
We're downloading a "wordlist"
to crack hashes.
Yes.
- Did you talk to a colleague?
- We haven't spoken to anyone on the phone.
-So you got no help?
No.
We found quite a lot
of interesting stuff.
27 minutes left,
and we've cracked a hash.
We have a hash.
We have that password.
That was interesting. Really good.
Yes, Jinny is
testing if she can login with it.
I feel that Marcus became quite
nervous when he saw the account.
We asked for a "ticket".
Then we cracked it.
But how did you find the service?
- We asked ...
-You ran that ... what's it called?
Get-SPN.
We've found a lot of fun. stuff.
We are now decrypting this.
These are saved passwords
in a Chrome session.
We've got a lot of Chrome files
from these profiles.
In the vhd files, someone has
saved passwords in the browser.
Username "Admin",
to all of these addresses.
We don't have the password yet,
but looking at it.
We've also gotten in here.
It's a Wiki ... Maybe shouldn't
film it before he says okay.
I created an account.
I was allowed to create an account -
-And I've read a lot of interesting stuff.
-It's interesting.
-Yes it is.
The wiki server contained information -
-Which can be seen as a kind of map
over parts of the network.
We haven't had time
to analyze the material.
It seems to be username and
passwords to other parts of the network -
- which isn't good at all.
That is the risk we must address.
We found an account ...
You seem to want to do something.
Now we have a hash we have to crack.
If it works, we can decrypt them ...
- Where did you get that hash from?
-Magic.
I searched for the password, and then
I read. Do you have to kill me now?
Yes.
No, so ... Is the camera off?
-What has happened now?
- They have discovered ...
... that they could retrieve passwords
from internal services.
-Food!
- Wonderful!
The next directive is that as soon
as the Blue team thinks that this-
-Can risk our services,
then we cancel.
We went from practice mode to
incident mode where all teams are activated.
You may notify the hackers
to stop.
Hi. Could you pause everything
and come with me?
We'll have an incident meeting.
It's important that we do it now.
-Come, we need to fix this.
-You look so serious.
Can we turn off the camera
and tell us what we aren't allowed to do?
It is "no go zone".
Shall we gather?
Good. - Thank you, Marcus.
We had to take a short break
and stop the exercise a bit.
You were supposed to find things.
That's why we joined
this game. And now you have done it.
It's really fantastic. But what
you have found, must be fixed.
And it's pretty urgent.
We have started the incident process.
Because what you found ... I can't
say where you would have ended up–
-But we value it
as a major vulnerability.
So I find it difficult to
continue the exercise.
But at the same time I'm
incredibly grateful –
- that you have found it.
Somehow I'm glad that
we could do this together.
I'm trying to convey a joy here.
But also a concern,
because we have to fix it.
If a real opponent found it,
it would have major consequences.
Shall we continue the exercise
or fix the vulnerability?
The choice was pretty easy for me.
I quickly realized:
"Now it's serious, now we can't
discuss viewer numbers. "
Thanks! Totally fantastic
that you found the vulnerability.
A bit frustrating. I guess this
is how to end an exercise-
-When you find something really juicy,
which makes us even better.
So super-thank you.
The hackers were discovered early and
did not reach the sensitive servers.
However, they found vulnerabilities that
got Telenor to cancel the exercise -
-To initiate incident management.
It turned out that the information
didn't lead to critical data.
The risk is still greater
if you don't do this.
"If we don't do this, we'll still get
greater risks, because then we know nothing. "
Knowing nothing is the biggest risk.
We live in a digital society–
- where our assets online
are as real as the physical ones.
The hackers have shown how easy it is
to gain access to individuals and companies.
It's time
to take your digital life seriously.
I think we will be able to
handle information like we've always done.
It takes time,
and things will happen.
But they had the same discussion
about the telegraph - it was dangerous.
The radio was dangerous.
We're not even going to talk about TV.
I see a bright future.
In 20-30 years, I think we'll
have adapted to digitalisation.
To be afraid of such activities
is not something you gain on.
We advocate sound vigilance.
To have the radar up
and keep track of your surroundings.
This competence must be taught
as early as possible - in preschool -
-In primary school, in high school
and also in higher education.
Because this is important to learn.
Subtitles: Johan Johansson
Swedish Media Text for SVT