Video summary
ВЕСЬ МИР УЖЕ ВЗЛОМАН: Самое страшное расследование Интернета
Main summary
Key takeaways
Core premise / “whole world hacked” claim
The speaker argues that large parts of the internet—especially public-sector/CIS infrastructure—are effectively exposed due to:
- Neglected security updates
- Accumulated technological debt (e.g., old components and unpatched CVEs)
Project described: CVE Global (predictive cyber intelligence)
The video presents “CVE Global” as an AI-driven predictive technology analysis system. It is claimed to:
- Perform infrastructure analysis (not a simple “scanning/handshake” interaction)
- Build a map/layout of infrastructure, including:
- IPs/subnets
- subdomains
- DNS records
- organizations/providers
- Identify likely vulnerable components, relevant CVEs, and attack paths/actions if administrators don’t patch
- Produce predicted attacker steps, including remediation prioritization
“Analysis vs scanning” analogy
The speaker contrasts:
- Scanning: likened to a basic network handshake
- Analysis: described as passively inferring details about an “object” by observing the technology it uses
A demo is described where analysis is reportedly completed quickly (e.g., ~7 seconds).
Demo methodology and outputs
The speaker uses an example from a list of suspicious/illegal-related resources reportedly published by the Bank of Russia, focusing on one resource with negative reviews. The system is said to identify:
- Vulnerabilities (example mentions DoS-related issues)
- Insecure connections
- A structure of subdomains and related DNS/org/provider data
- Severity ratings and the age of vulnerabilities
Large-scale findings (CIS public sector)
The speaker claims that using the system they identified:
- 904 CIS public-sector infrastructures
- about 5,000 potential vulnerabilities across these targets
Examples cited
- Kyrgyzstan government infrastructure
- A server is said to include 55 vulnerabilities with a max rating around ~9.8
- Includes DoS/process-corruption-type risk examples
- Repeated compromise findings
- Claims repeated encounters of database exposure (e.g., MariaDB on public IPs)
- Mentions very old severe issues (example framed like an OpenSSH package tampering-type vulnerability from 2008)
- E-visa-related infrastructure
- Mentions a case with 118 CVEs
- Describes long-standing “tailing” deployment debt (old components persisting)
DevOps negligence / operational risk framing
A repeated narrative claims DevOps and developers:
- fail to update components
- accidentally expose:
- test infrastructure inside production
- open directories/files
- leftover admin/test tools
- API keys / “handles” (credentials/identifiers)
- insecure DNS/service setups
The speaker frames this as creating a “powder keg” that eventually leads to compromise and data theft.
Infrastructure “suspicious co-location” and geopolitical/provenance claims
The speaker investigates public IP associations where multiple services appear together, arguing this may indicate cross-border hosting/control issues.
Repeated infrastructure elements
- Mentions provider/hosting references including Aza International / PTR Network / Enginex
- References an ASN context described as AEA International and ties it to international networks
Examples
- Telegram appearing on IP addresses alongside infrastructure associated with gov.ru / tax-service
- Claims that Roskomnadzor-style blocking could have side effects if government domains and Telegram share infrastructure (e.g., blocking one could affect both)
- Mentions “disguised sites” / domain redirections (e.g., a domain that leads to core.telegram.org)
These claims are presented as “questions without answers”, implying possible influence, reuse of hosting architecture, or deliberate placement.
Neighbor/graph analysis feature (“environment analysis marker”)
The video describes an additional capability to map a target’s neighbors in one click.
Telegram environment example
- ~101,500 IP addresses across 556 subnets
- Analysis speed claimed: ~65 IP/s
The speaker claims the neighbor graph reveals correlations with:
- casinos/mixers/betting/money-laundering services
- dark-web connections
- darknet-adjacent correlations and shared traces on servers
Mass footprint contrast (Max.ru vs Telegram)
The speaker compares infrastructure footprints:
- Max.ru: ~9,208 IP addresses
- Telegram (comparison): ~622 IP addresses
They question why a “national messenger” has such a large distributed footprint, implying conflict-of-interest concerns.
Automated “regulator” / integrity verification idea
The speaker proposes an automated regulator to verify developer integrity and security hygiene in critical systems (e.g., databases and public infrastructure), using techniques described as patented-like.
The emphasis is on:
- preventing incidents
- rather than reacting after exploitation
Security training / future threat model
The video claims vulnerabilities and attack automation will increasingly impact:
- industrial control systems (power plants)
- medical systems
- drones and detection systems
- remote government workstations and “open paths” for brute force/RCE-type issues
It advocates studying:
- proxy/VPN usage patterns
- attacker methods for bypassing restrictions
- sector-specific safety testing (industry/medicine/government)
Book/fiction framing
The speaker uses a “science fiction stories by a hacker” book as a thematic wrapper, connecting the fictional premise to claimed real-world developments in:
- predictive cyber intelligence
- future automated cyberwarfare
Call to action / monetization
The video mentions a giveaway involving:
- three monthly “Global Audit” subscriptions
It asks viewers to comment on:
- why they need the subscription
- gratitude to the channel
For partners:
- a feedback form plus an email address in the description is referenced.
Main speakers / sources (as presented)
- Primary speaker: the channel’s host/hacker (first-person narrator; no name given in subtitles)
Referenced third-party authorities/sources
- Dr. Ray Kurzweil (singularity/AI advocate; mentioned)
- Bank of Russia (cited as a source of lists/resources used for examples)
- US Treasury & UK sanctions lists (referenced regarding AEA International ties)
- Roskomnadzor (discussed in the context of Telegram blocking)