0:00:02 > 0:00:09This programme contains some strong language.
0:00:19 > 0:00:23- DISTORTED MALE VOICE: - Through the darkness
0:00:23 > 0:00:25of the pathways that we march,
0:00:25 > 0:00:29evil and good live side by side,
0:00:29 > 0:00:31and this is the nature of life.
0:00:46 > 0:00:51We are in an unbalanced and un-equivalent confrontation
0:00:51 > 0:00:55between democracies who are obliged to play by the rules
0:00:55 > 0:00:59and entities who thinks democracy is a joke.
0:01:01 > 0:01:04You can't convince fanatics by saying,
0:01:04 > 0:01:10"Hey, hatred paralyses you, love releases you."
0:01:10 > 0:01:15There are different rules that we have to play by.
0:01:29 > 0:01:32- NEWS REPORT:- 'Today, two of Iran's top nuclear scientists
0:01:32 > 0:01:34'were targeted by hit squads...'
0:01:34 > 0:01:36'Bomb attacks in the capital, Tehran...'
0:01:36 > 0:01:37'The latest in a string of attacks...'
0:01:37 > 0:01:40'Today's attack has all the hallmarks
0:01:40 > 0:01:41'of major strategic sabotage...'
0:01:41 > 0:01:44'Iran immediately accused the US and Israel
0:01:44 > 0:01:46'of trying to damage its nuclear programme...'
0:01:55 > 0:02:01I want to categorically deny any United States involvement
0:02:01 > 0:02:06in any kind of active violence inside Iran.
0:02:06 > 0:02:11Covert actions can help, can assist.
0:02:11 > 0:02:15They are needed. They are not all the time essentials.
0:02:15 > 0:02:19And they in no way can replace political wisdom.
0:02:19 > 0:02:22INTERVIEWER: Were the assassinations in Iran
0:02:22 > 0:02:25related to the Stuxnet computer attacks?
0:02:25 > 0:02:27Er, next question, please.
0:02:27 > 0:02:30- NEWS REPORT:- 'Iran's infrastructure is being targeted
0:02:30 > 0:02:34'by a new and dangerously powerful cyber worm.
0:02:34 > 0:02:37'The so-called Stuxnet worm is specifically designed, it seems,
0:02:37 > 0:02:40'to infiltrate and sabotage real world power plants
0:02:40 > 0:02:41'and factories and refineries...'
0:02:41 > 0:02:43'It's not trying to steal information
0:02:43 > 0:02:44'or grab your credit card,
0:02:44 > 0:02:47'it's trying to get into some sort of industrial plant and wreck havoc,
0:02:47 > 0:02:49'try to blow up an engine...'
0:03:05 > 0:03:07'No-one knows who's behind the worm
0:03:07 > 0:03:08'and the exact nature of its mission,
0:03:08 > 0:03:13'but there are fears Iran will hold Israel or America responsible
0:03:13 > 0:03:14'and seek retaliation.'
0:03:14 > 0:03:17'It's not impossible that some group of hackers did it,
0:03:17 > 0:03:19'but the security experts that are studying this
0:03:19 > 0:03:22'really think this required the resources of a nation state.'
0:03:28 > 0:03:31- OK? And speaking.- OK, ready. - OK, good. Here we go.
0:03:32 > 0:03:34INTERVIEWER: What impact, ultimately,
0:03:34 > 0:03:37did the Stuxnet attack have? Can you say?
0:03:37 > 0:03:39Er, I don't want to get into the details.
0:03:39 > 0:03:41Since the event has already happened,
0:03:41 > 0:03:45why can't we talk more openly and publically about Stuxnet?
0:03:45 > 0:03:49Yeah. I mean, my answer's "Because it's classified."
0:03:49 > 0:03:50I won't acknowledge...
0:03:50 > 0:03:54Knowingly offer up anything I consider classified.
0:03:54 > 0:03:56I know that you can't talk much about Stuxnet,
0:03:56 > 0:03:59because Stuxnet is officially classified.
0:03:59 > 0:04:00You're right on both those counts.
0:04:00 > 0:04:03People might find it frustrating not to be able to talk about it
0:04:03 > 0:04:06when it's in the public domain, but...
0:04:06 > 0:04:09- I find it frustrating. - Yeah, I'm sure you do.
0:04:09 > 0:04:12- I don't answer that question. - Unfortunately, I can't comment.
0:04:12 > 0:04:13I do not know how to answer that.
0:04:13 > 0:04:17Two answers before you even get started, I don't know and if I did,
0:04:17 > 0:04:19- we wouldn't talk about it anyway. - How can you have a debate
0:04:19 > 0:04:22- if everything's secret?- I think, right now, that's just where we are.
0:04:22 > 0:04:23No-one wants to...
0:04:23 > 0:04:27Countries aren't happy about confessing or owning up
0:04:27 > 0:04:29to what they did, because they're not quite sure
0:04:29 > 0:04:31where they want the system to go.
0:04:31 > 0:04:35And so, whoever was behind Stuxnet hasn't admitted they were behind it.
0:04:38 > 0:04:42Asking officials about Stuxnet was frustrating and surreal.
0:04:42 > 0:04:45Like asking the Emperor about his new clothes.
0:04:45 > 0:04:48Even after the cyber weapon had penetrated computers
0:04:48 > 0:04:52all over the world, no-one was willing to admit that it was loose
0:04:52 > 0:04:54or talk about the dangers it posed.
0:04:54 > 0:04:56What was it about the Stuxnet operation
0:04:56 > 0:04:59that was hiding in plain sight?
0:05:00 > 0:05:04Maybe there was a way the computer code could speak for itself.
0:05:04 > 0:05:07Stuxnet first surfaced in Belarus.
0:05:07 > 0:05:10I started with a call to the man who discovered it
0:05:10 > 0:05:12when his clients in Iran began to panic
0:05:12 > 0:05:15over an epidemic of computer shutdowns.
0:05:15 > 0:05:19Had you ever seen anything quite so sophisticated before?
0:06:39 > 0:06:40On a daily basis, basically,
0:06:40 > 0:06:43we are sifting through a massive haystack,
0:06:43 > 0:06:47looking for that proverbial needle.
0:06:47 > 0:06:49We get millions of pieces of new malicious threats
0:06:49 > 0:06:52and there are millions of attacks going on every single day.
0:06:52 > 0:06:55And not only are we trying to protect people and their computers,
0:06:55 > 0:06:58and their systems, and countries' infrastructure
0:06:58 > 0:07:01from being taken down by those attacks,
0:07:01 > 0:07:04but, more importantly, we have to find attacks that matter.
0:07:04 > 0:07:09When you're talking about that many, impact is extremely important.
0:07:20 > 0:07:2120 years ago, the antivirus companies,
0:07:21 > 0:07:23they were hunting for computer viruses
0:07:23 > 0:07:25because there were not so many.
0:07:25 > 0:07:28So, we had, like, tens or dozens a month
0:07:28 > 0:07:31and they were just in little numbers.
0:07:31 > 0:07:34Now, we collect millions of unique attacks every month.
0:07:36 > 0:07:39This room we call a woodpeckers' room, or a virus lab,
0:07:39 > 0:07:41and this is where virus analysts sit.
0:07:41 > 0:07:44We call them "woodpeckers" because they are pecking the worms,
0:07:44 > 0:07:47network worms and viruses.
0:07:47 > 0:07:50We see, like, three different groups of actors
0:07:50 > 0:07:53behind cyber attacks. They are traditional cybercriminals.
0:07:53 > 0:07:57Those guys are interested only in illegal profit -
0:07:57 > 0:07:59quick and dirty money.
0:07:59 > 0:08:02Activists or hacktivists, they are hacking for fun,
0:08:02 > 0:08:04or hacking to push some political message.
0:08:04 > 0:08:07And the third group is nation states.
0:08:07 > 0:08:11They're interested in high-quality intelligence or sabotage activity.
0:08:12 > 0:08:15Security companies not only share information,
0:08:15 > 0:08:16but we also share binary samples.
0:08:16 > 0:08:20So, when this threat was found by a Belarusian security company
0:08:20 > 0:08:22on one of their customer's machines in Iran,
0:08:22 > 0:08:25the sample was shared amongst the security community.
0:08:25 > 0:08:28When we try to name threats, we just try to pick some sort of string,
0:08:28 > 0:08:32some sort of words, that are inside of the binary.
0:08:32 > 0:08:35In this case, there was a couple of words in there.
0:08:35 > 0:08:38We took pieces of each and that forms "Stuxnet".
0:08:40 > 0:08:43I got the news about Stuxnet from one of my engineers.
0:08:43 > 0:08:46He came to my office, opened the door,
0:08:46 > 0:08:47and he said, "So, Eugene,
0:08:47 > 0:08:52"of course, you know what we're waiting for? Something really bad?
0:08:52 > 0:08:54"It happened."
0:08:59 > 0:09:02Give me some sense of what it was like in the lab at that time.
0:09:02 > 0:09:04Was there a palpable sense of amazement
0:09:04 > 0:09:06that you had something really different there?
0:09:06 > 0:09:08Well, I wouldn't call it amazement.
0:09:08 > 0:09:11It was kind of a shock.
0:09:11 > 0:09:14It went beyond our worst fears, our worst nightmares.
0:09:14 > 0:09:17And this continued the more we analysed,
0:09:17 > 0:09:19the more we researched,
0:09:19 > 0:09:22the more bizarre the whole story got.
0:09:22 > 0:09:24We look at so much malware every day
0:09:24 > 0:09:25that we can just look at the code and say,
0:09:25 > 0:09:27"OK, there's something bad going on here
0:09:27 > 0:09:29"and I need to investigate that."
0:09:29 > 0:09:32That's the way it was when we looked at Stuxnet for the first time.
0:09:32 > 0:09:34We opened it up, and there was just bad things everywhere.
0:09:34 > 0:09:37Like, "OK, this is bad and that's bad, and, you know,
0:09:37 > 0:09:38"we need to investigate this."
0:09:38 > 0:09:41Suddenly, we had, like, 100 questions straightaway.
0:09:43 > 0:09:45The most interesting thing that we do is the detective work
0:09:45 > 0:09:47where we try to track down who's behind a threat.
0:09:47 > 0:09:49What are they doing? What's their motivation?
0:09:49 > 0:09:51And try to really stop it at the root.
0:09:51 > 0:09:53It is kind of all-consuming.
0:09:53 > 0:09:56You get this new puzzle and it's very difficult to put it down.
0:09:56 > 0:09:58You know, work until, like, 4:00am in the morning
0:09:58 > 0:10:00and figure these things out.
0:10:00 > 0:10:02I was in that zone where I was very consumed by this,
0:10:02 > 0:10:03very excited about it,
0:10:03 > 0:10:05very interested to know what was happening.
0:10:05 > 0:10:08And Eric was also in that same sort of zone.
0:10:08 > 0:10:11So, the two of us were, like, back and forth all the time.
0:10:11 > 0:10:14Liam and I continued to grind at the code.
0:10:14 > 0:10:16Sharing pieces, comparing notes,
0:10:16 > 0:10:18bouncing ideas off of each other.
0:10:18 > 0:10:21We realised that we needed to do what we call "deep analysis" -
0:10:21 > 0:10:25pick apart the threat, every single byte, every single zero-one,
0:10:25 > 0:10:28and understand everything that was inside of it.
0:10:28 > 0:10:29I'll just give you some context.
0:10:29 > 0:10:31We can go through and understand every line of code
0:10:31 > 0:10:33for the average threat in minutes.
0:10:33 > 0:10:35And here we are one month into this threat
0:10:35 > 0:10:37and we're just starting to discover
0:10:37 > 0:10:39what we call the "payload", or its whole purpose.
0:10:41 > 0:10:43When looking at the Stuxnet code,
0:10:43 > 0:10:46it's 20 times the size of the average piece of code
0:10:46 > 0:10:49but contains almost no bugs inside of it and that's extremely rare.
0:10:49 > 0:10:52Malicious code always has bugs inside of it.
0:10:52 > 0:10:53This wasn't the case with Stuxnet.
0:10:53 > 0:10:56It's dense and every piece of code does something
0:10:56 > 0:10:59and does something right in order to conduct its attack.
0:11:00 > 0:11:03One of the things that surprised us was that Stuxnet utilised
0:11:03 > 0:11:05what's called a "zero-day exploit".
0:11:05 > 0:11:07Or, basically, a piece of code
0:11:07 > 0:11:10that allows it to spread without you having to do anything.
0:11:10 > 0:11:13You don't have to, for example, download a file and run it.
0:11:13 > 0:11:15A zero-day exploit is an exploit
0:11:15 > 0:11:17that nobody knows about except the attacker.
0:11:17 > 0:11:20So there's no protection against it, there's been no patch released.
0:11:20 > 0:11:24There's been zero days' protection, you know, against it.
0:11:24 > 0:11:26That's what attackers value
0:11:26 > 0:11:29because they know 100%, if they have this zero-day exploit,
0:11:29 > 0:11:31they can get in wherever they want.
0:11:31 > 0:11:34They're actually very valuable. You can sell these on the underground
0:11:34 > 0:11:36for hundreds of thousands of dollars.
0:11:36 > 0:11:40Then we became more worried because we discovered more zero-days.
0:11:40 > 0:11:42And, again, these zero-days are extremely rare.
0:11:42 > 0:11:44Inside Stuxnet we had, you know, four zero-days,
0:11:44 > 0:11:47and for the entire rest of the year
0:11:47 > 0:11:48we only saw 12 zero-days used.
0:11:48 > 0:11:50It blows everything else out of the water.
0:11:50 > 0:11:53We've never seen this before. We've never seen it since, either.
0:11:53 > 0:11:56We've seen one in a malware you could understand,
0:11:56 > 0:11:57because the malware authors are making money,
0:11:57 > 0:11:59they're stealing people's credit cards.
0:11:59 > 0:12:02They're making money, so it's worth their while to use it.
0:12:02 > 0:12:05But seeing four zero-days could be worth 500,000 right there,
0:12:05 > 0:12:06used in one piece of malware.
0:12:06 > 0:12:09This is not your ordinary criminal gang who's doing this.
0:12:09 > 0:12:10This is someone bigger.
0:12:10 > 0:12:14It's definitely not traditional crime, not hacktivists.
0:12:14 > 0:12:17Who else?
0:12:17 > 0:12:20It was evident at a very early stage that,
0:12:20 > 0:12:24just given the sophistication of this malware,
0:12:24 > 0:12:28it suggested that there must have been a nation state involved -
0:12:28 > 0:12:31at least one nation state involved in the development.
0:12:31 > 0:12:33When we look at code that's coming from
0:12:33 > 0:12:36what appears to be a state attacker, or state-sponsored attacker,
0:12:36 > 0:12:37usually they're scrubbed clean.
0:12:37 > 0:12:39They don't leave little bits behind.
0:12:39 > 0:12:41They don't leave little hints behind.
0:12:41 > 0:12:44But in Stuxnet there were actually a few hints left behind.
0:12:46 > 0:12:50One was that in order to get lower level access to Microsoft Windows,
0:12:50 > 0:12:52Stuxnet needed to use a digital certificate
0:12:52 > 0:12:57which certifies that this piece of code came from a particular company.
0:12:57 > 0:13:00Now, those attackers obviously couldn't go to Microsoft and say,
0:13:00 > 0:13:04"Hey, test our code out for us and give us a digital certificate."
0:13:04 > 0:13:06So they essentially stole them...
0:13:07 > 0:13:08..from two companies in Taiwan.
0:13:08 > 0:13:11And these two companies have nothing to do with each other except
0:13:11 > 0:13:14for their close proximity in the exact same business park.
0:13:16 > 0:13:19Digital certificates are guarded very, very closely,
0:13:19 > 0:13:21behind multiple doors,
0:13:21 > 0:13:24and they require multiple people to unlock.
0:13:24 > 0:13:26And they need to provide both biometrics,
0:13:26 > 0:13:28and, as well, pass phrases.
0:13:28 > 0:13:31It wasn't like those certificates were just sitting on some machine
0:13:31 > 0:13:34connected to the internet. Some human assets had to be involved.
0:13:34 > 0:13:37- O'MURCHU:- Spies, like a cleaner who comes in at night
0:13:37 > 0:13:40and has stolen these certificates from these companies.
0:13:43 > 0:13:47It did feel like walking onto the set of this James Bond movie
0:13:47 > 0:13:49and you've been embroiled in this thing that,
0:13:49 > 0:13:52you know, you'd never expected.
0:13:54 > 0:13:56We continued to search, and we continued to search in the code,
0:13:56 > 0:13:59and, eventually, we found some other breadcrumbs left
0:13:59 > 0:14:01that we were able to follow.
0:14:01 > 0:14:03It was doing something with Siemens.
0:14:03 > 0:14:05Siemens software, possibly Siemens hardware.
0:14:05 > 0:14:07We'd never, ever seen that in any malware before,
0:14:07 > 0:14:09something targeting Siemens.
0:14:09 > 0:14:11We didn't even know why they would be doing that.
0:14:12 > 0:14:15But after googling, very quickly we understood
0:14:15 > 0:14:17it was targeting Siemens PLCs.
0:14:17 > 0:14:20Stuxnet was targeting a very specific hardware device,
0:14:20 > 0:14:24something called a PLC, or a programmable logic controller.
0:14:24 > 0:14:27- LANGNER:- The PLC is kind of a very small computer
0:14:27 > 0:14:30attached to physical equipment,
0:14:30 > 0:14:33like pumps, like valves, like motors.
0:14:33 > 0:14:38So, this little box is running a digital program
0:14:38 > 0:14:40and the actions of this program
0:14:40 > 0:14:44turns that motor on, off or sets a specific speed.
0:14:44 > 0:14:46Those programmable logic controller
0:14:46 > 0:14:48control things like power plants, power grids.
0:14:48 > 0:14:53This is used in factories, it's used in critical infrastructure.
0:14:53 > 0:14:56Critical infrastructure, it's everywhere around us.
0:14:56 > 0:15:01Transportation, telecommunication, financial services, health care...
0:15:01 > 0:15:02So, the payload of Stuxnet
0:15:02 > 0:15:08was designed to attack some very important part of our world.
0:15:08 > 0:15:10The payload is going to be important.
0:15:10 > 0:15:12What happens there could be very dangerous.
0:15:14 > 0:15:17- LANGNER:- The next very big surprise came
0:15:17 > 0:15:20when we infected our lab system.
0:15:20 > 0:15:24We figured out that the malware was probing the controls.
0:15:24 > 0:15:27It was quite picky on its target.
0:15:27 > 0:15:30It didn't try to manipulate any given control
0:15:30 > 0:15:32in a network that it would see.
0:15:32 > 0:15:34It went through several checks
0:15:34 > 0:15:39and when those checks failed, it would not implement the attack.
0:15:41 > 0:15:44It was obviously probing for a specific target.
0:15:46 > 0:15:48You've got to put this in context that, at the time,
0:15:48 > 0:15:52we already knew, "Well, this was the most sophisticated piece of malware
0:15:52 > 0:15:54"that we have ever seen."
0:15:54 > 0:15:56So, it's kind of strange.
0:15:56 > 0:15:59Somebody takes that huge effort
0:15:59 > 0:16:01to hit that one specific target?
0:16:01 > 0:16:04Well, that must be quite a significant target.
0:16:07 > 0:16:10- CHIEN:- At Symantec, we have probes on networks all over the world
0:16:10 > 0:16:13watching for malicious activity.
0:16:13 > 0:16:15- O'MURCHU:- We'd seen infections of Stuxnet all over the world.
0:16:15 > 0:16:18In the US, in Australia, in the UK,
0:16:18 > 0:16:20France, Germany, all over Europe.
0:16:20 > 0:16:23It spread to any Windows machine in the entire world.
0:16:23 > 0:16:26You know, we had these organisations inside the United States.
0:16:26 > 0:16:29They were in charge of industrial control facilities saying,
0:16:29 > 0:16:31"We're infected, what's going to happen?"
0:16:31 > 0:16:33We didn't know if there was a deadline coming up
0:16:33 > 0:16:36where this threat would trigger and suddenly would, like,
0:16:36 > 0:16:38turn off all electricity plants around the world
0:16:38 > 0:16:42or it would start shutting things down or launching some attack.
0:16:42 > 0:16:46We knew that Stuxnet could have very dire consequences.
0:16:46 > 0:16:49And we were very worried about what the payload contained
0:16:49 > 0:16:52and there was an imperative speed
0:16:52 > 0:16:56that we had to race and try and beat this ticking bomb.
0:16:56 > 0:16:58Eventually, we were able to refine this a little bit
0:16:58 > 0:17:01and we saw that Iran was the number one infected country in the world.
0:17:01 > 0:17:04That immediately raised our eyebrows.
0:17:04 > 0:17:06We have never seen a threat before
0:17:06 > 0:17:08where it was predominantly in Iran.
0:17:08 > 0:17:12And so we began to follow what was going on in the geopolitical world.
0:17:12 > 0:17:15What was happening in the general news. And, at that time,
0:17:15 > 0:17:18there were actually multiple explosions of gas pipelines
0:17:18 > 0:17:20going in and out of Iran.
0:17:20 > 0:17:21Unexplained explosions.
0:17:23 > 0:17:26And, of course, we did notice that, at the time,
0:17:26 > 0:17:28there have been assassinations of nuclear scientists,
0:17:28 > 0:17:30so that was worrying.
0:17:30 > 0:17:33We knew there was something bad happening.
0:17:33 > 0:17:35Did you get concerned for yourself?
0:17:35 > 0:17:38Did you begin start looking over your shoulder from time to time?
0:17:38 > 0:17:40Yeah, definitely looking over my shoulder
0:17:40 > 0:17:43and being careful about what I spoke about on the phone.
0:17:43 > 0:17:45Um... I was...
0:17:45 > 0:17:48pretty confident my conversations on the phone were being listened to.
0:17:48 > 0:17:50We were only half joking,
0:17:50 > 0:17:54when we would look at each other and tell each other things like,
0:17:54 > 0:17:56"Look, I'm not suicidal.
0:17:56 > 0:18:00"If I drop dead on Monday, it wasn't me."
0:18:08 > 0:18:11We'd been publishing information about Stuxnet
0:18:11 > 0:18:13all through that summer.
0:18:13 > 0:18:14And then, in November,
0:18:14 > 0:18:18the industrial control systems expert in Holland contacted us.
0:18:18 > 0:18:21And he said, "All of these devices
0:18:21 > 0:18:23"that would be inside of an industrial control system
0:18:23 > 0:18:26"hold a unique identifier number
0:18:26 > 0:18:28"that identified the make and model of that device."
0:18:30 > 0:18:33And we actually had a couple of these numbers in the code,
0:18:33 > 0:18:36except we didn't know what they were.
0:18:36 > 0:18:38And so we realised maybe what he was referring to
0:18:38 > 0:18:39was the magic numbers we had.
0:18:39 > 0:18:42And when we searched for those magic numbers in that context,
0:18:42 > 0:18:45we saw that what had to be connected to this industrial control system
0:18:45 > 0:18:46that was being targeted
0:18:46 > 0:18:49were something called "frequency converters"
0:18:49 > 0:18:52from two specific manufacturers. One of which was in Iran.
0:18:52 > 0:18:54And so, at this time, we absolutely knew
0:18:54 > 0:18:58that the facility that was being targeted had to be in Iran,
0:18:58 > 0:19:01and it had equipment made from Iranian manufacturers.
0:19:01 > 0:19:04When we looked up those frequency converters,
0:19:04 > 0:19:07we immediately found out that they were actually export controlled
0:19:07 > 0:19:08by the Nuclear Regulatory Commission.
0:19:08 > 0:19:13And that immediately led us, then, to some nuclear facility.
0:19:29 > 0:19:31This was more than a computer story,
0:19:31 > 0:19:34so I left the world of the antivirus detectives
0:19:34 > 0:19:36and sought out journalist David Sanger,
0:19:36 > 0:19:39who specialised in the strange intersection of cyber,
0:19:39 > 0:19:41nuclear weapons and espionage.
0:19:42 > 0:19:45The emergence of the code is what put me on alert
0:19:45 > 0:19:47that an attack was underway.
0:19:48 > 0:19:51And because of the covert nature of the operation,
0:19:51 > 0:19:56not only were official government spokesmen unable to talk about it,
0:19:56 > 0:19:58they didn't even KNOW about it.
0:19:58 > 0:20:01Eventually, the more I dug into it,
0:20:01 > 0:20:04the more I began to find individuals
0:20:04 > 0:20:07who had been involved in some piece of it
0:20:07 > 0:20:10or who had witnessed some piece of it.
0:20:10 > 0:20:12And that meant talking to Americans,
0:20:12 > 0:20:15talking to Israelis, talking to Europeans,
0:20:15 > 0:20:19because this was, obviously, the first, biggest
0:20:19 > 0:20:22and most sophisticated example
0:20:22 > 0:20:26of a state or two states using a cyber weapon for offensive purposes.
0:20:29 > 0:20:32I came to this with a fair bit of history -
0:20:32 > 0:20:36understanding the Iranian nuclear programme.
0:20:36 > 0:20:40How did Iran get its first nuclear reactor?
0:20:40 > 0:20:43We gave it to them under the Shah,
0:20:43 > 0:20:47because the Shah was considered an American ally.
0:20:47 > 0:20:49APPLAUSE
0:20:49 > 0:20:53- SAMORE:- But the revolution which overthrew the Shah in '79
0:20:53 > 0:20:55really curtailed the programme
0:20:55 > 0:20:58before it ever got any head of steam going.
0:20:58 > 0:21:02Part of our policy against Iran after the revolution
0:21:02 > 0:21:05was to deny them nuclear technology,
0:21:05 > 0:21:10so most of the period, when I was involved, in the '80s and the '90s,
0:21:10 > 0:21:13was the US running around the world
0:21:13 > 0:21:16and persuading potential nuclear suppliers
0:21:16 > 0:21:19not to provide even peaceful nuclear technology to Iran.
0:21:19 > 0:21:22And what we missed was the clandestine transfer
0:21:22 > 0:21:26in the mid-1980s from Pakistan to Iran.
0:21:29 > 0:21:32- MOWATT-LARSSEN:- Abdul Qadeer Khan is what we would call
0:21:32 > 0:21:35the father of the Pakistan nuclear programme.
0:21:35 > 0:21:37He had the full authority and confidence
0:21:37 > 0:21:39of the Pakistan Government from its inception
0:21:39 > 0:21:42to the production of nuclear weapons.
0:21:44 > 0:21:46The AQ Khan network is so notable
0:21:46 > 0:21:48because, aside from
0:21:48 > 0:21:50building the Pakistani programme
0:21:50 > 0:21:52for decades,
0:21:52 > 0:21:56it also was the means by which other countries
0:21:56 > 0:21:59were able to develop nuclear weapons - including Iran.
0:21:59 > 0:22:02- SAMORE:- By 2006, the Iranians had started producing
0:22:02 > 0:22:06low-enriched uranium, producing more centrifuges, installing them
0:22:06 > 0:22:09at the large-scale underground enrichment facility at Natanz.
0:23:00 > 0:23:02How many times have you visited Natanz?
0:23:02 > 0:23:05Not that many, because I left a few years ago already, IAEA,
0:23:05 > 0:23:08but I was there quite a few times.
0:23:11 > 0:23:14Natanz is in the middle of the desert.
0:23:16 > 0:23:18When they were building it in secret,
0:23:18 > 0:23:22they were calling it a "desert irrigation facility".
0:23:24 > 0:23:27There is a lot of artillery and air force.
0:23:27 > 0:23:31It's better protected against attack from the air
0:23:31 > 0:23:34than any other nuclear installation I have seen.
0:23:38 > 0:23:41And so, all the monitoring activities of the IAEA,
0:23:41 > 0:23:44they are basic principle - you want to see what goes in, what goes out,
0:23:44 > 0:23:46and then, on top of that,
0:23:46 > 0:23:49you make sure that it produces low-enriched uranium.
0:23:49 > 0:23:52Is that anything to do with the higher enrichments
0:23:52 > 0:23:54and nuclear-weapon-grade uranium?
0:24:00 > 0:24:03Iran's nuclear facilities are under 24-hour watch
0:24:03 > 0:24:07of the United Nations nuclear watchdog, the IAEA,
0:24:07 > 0:24:10the International Atomic Energy Agency.
0:24:10 > 0:24:14Every single gram of Iranian fissile material...
0:24:16 > 0:24:17..is accounted for.
0:24:20 > 0:24:24- HEINONEN:- When you look at the uranium which was there in Natanz,
0:24:24 > 0:24:26it was a very special uranium.
0:24:26 > 0:24:29This was called isotope 236.
0:24:29 > 0:24:31And that was a puzzle to us,
0:24:31 > 0:24:34because you only see this sort of uranium
0:24:34 > 0:24:37in states which have nuclear weapons.
0:24:38 > 0:24:41We realised that they had cheated us.
0:24:41 > 0:24:44This sort of equipment has been bought from
0:24:44 > 0:24:47what they call a black market.
0:24:47 > 0:24:48They never point it out to...
0:24:48 > 0:24:51They were caught at that point in time.
0:24:51 > 0:24:55What I was surprised was the sophistication
0:24:55 > 0:24:56and the quality control.
0:24:56 > 0:25:00The way they have the manufacturing, it was really professional.
0:25:00 > 0:25:01It was not something, you know,
0:25:01 > 0:25:04you just create in a few months' time.
0:25:04 > 0:25:07This was the result of a long process.
0:25:13 > 0:25:16The centrifuge. You feed uranium gas
0:25:16 > 0:25:19in and you have a cascade, thousands of centrifuges,
0:25:19 > 0:25:23and from the other end, you get enriched uranium out.
0:25:23 > 0:25:26It separates uranium based on spinning the rotor,
0:25:26 > 0:25:28it spins so fast.
0:25:28 > 0:25:30300 metres per second.
0:25:30 > 0:25:33The same as the velocity of sound.
0:25:34 > 0:25:37These are tremendous forces and, as a result,
0:25:37 > 0:25:41the rotor, it twists and looks like a banana at one point of time.
0:25:41 > 0:25:44So, it has to be in balance,
0:25:44 > 0:25:47because any small vibration, it would blow up.
0:25:47 > 0:25:49This is what makes them very difficult to manufacture.
0:25:49 > 0:25:53You can model it, you can calculate it, but at the very end,
0:25:53 > 0:25:57it's actually based on practice and experience,
0:25:57 > 0:26:00so it's a piece of art, so to say.
0:26:14 > 0:26:18'Ahmadinejad came into his presidency saying that,'
0:26:18 > 0:26:20"If international community wants to derail us,
0:26:20 > 0:26:22"we will stand up to it.
0:26:22 > 0:26:25"If they want us to sign more inspections
0:26:25 > 0:26:29"and more additional protocols and other measures, no, we will not.
0:26:29 > 0:26:31"We will fight for our right.
0:26:31 > 0:26:35"Iran is a signatory to the nuclear Non-Proliferation Treaty.
0:26:35 > 0:26:39"And under that treaty, Iran has the right to nuclear programme.
0:26:39 > 0:26:40"We can have enrichment.
0:26:40 > 0:26:42"Who are you, world powers,
0:26:42 > 0:26:45"to come and tell us that we cannot have enrichment?"
0:26:45 > 0:26:47This was his mantra.
0:26:47 > 0:26:51And it galvanised the public.
0:26:54 > 0:26:56By 2007, 2008,
0:26:56 > 0:27:00the US Government was in a very bad place with the Iranian programme.
0:27:01 > 0:27:03President Bush recognised
0:27:03 > 0:27:05that he could not even come out in public and declare
0:27:05 > 0:27:07that the Iranians were building a nuclear weapon
0:27:07 > 0:27:09because, by this time,
0:27:09 > 0:27:13he had gone through the entire WMD fiasco in Iraq.
0:27:13 > 0:27:16He could not really take military action.
0:27:16 > 0:27:18Condoleezza Rice said to him at one point,
0:27:18 > 0:27:19"You know, Mr President,
0:27:19 > 0:27:22"I think you've invaded your last Muslim country,
0:27:22 > 0:27:25"even for the best of reasons."
0:27:26 > 0:27:31He didn't want to let the Israelis conduct the military operation.
0:27:31 > 0:27:33'It's 1938,'
0:27:33 > 0:27:37and Iran is Germany and it's racing
0:27:37 > 0:27:40to arm itself with atomic bombs.
0:27:40 > 0:27:46Iran's nuclear ambitions must be stopped and have to be stopped.
0:27:46 > 0:27:48We all have to stop it now.
0:27:48 > 0:27:51That's the one message I have for you today.
0:27:51 > 0:27:53- Thank you. - APPLAUSE
0:27:53 > 0:27:56Israel was saying they were going to bomb Iran.
0:27:56 > 0:27:58And the government here in Washington
0:27:58 > 0:28:01did all sorts of scenarios about what would happen
0:28:01 > 0:28:04if that Israeli attack occurred.
0:28:04 > 0:28:06They were all very ugly scenarios.
0:28:06 > 0:28:09Our belief was that, if they went on their own,
0:28:09 > 0:28:10knowing their limitations...
0:28:10 > 0:28:12They have a very good air force, all right,
0:28:12 > 0:28:15but it's small and the distances are great
0:28:15 > 0:28:17and the targets dispersed and hardened.
0:28:17 > 0:28:23If they would have attempted a raid on a military plane,
0:28:23 > 0:28:26we would have been assuming that they were assuming
0:28:26 > 0:28:28we would finish that which they started.
0:28:28 > 0:28:31In other words, there would be many of us in government
0:28:31 > 0:28:33thinking that the purpose of the raid
0:28:33 > 0:28:35wasn't to destroy the Iranian nuclear system,
0:28:35 > 0:28:38but the purpose of the raid was to put us at war with Iran.
0:28:40 > 0:28:43The two countries agreed on the goal.
0:28:43 > 0:28:46There is no... A page between us
0:28:46 > 0:28:51that Iran should not have a nuclear military capability.
0:28:51 > 0:28:56There are some differences on how to achieve it
0:28:56 > 0:28:58and when action is needed.
0:29:07 > 0:29:10We are taking very seriously leaders of countries
0:29:10 > 0:29:14who call to the destruction and annihilation of our people.
0:29:14 > 0:29:18- SAMORE:- The Israelis believe that the Iranian leadership
0:29:18 > 0:29:21has already made the decision to build nuclear weapons
0:29:21 > 0:29:24when they think they can get away with it. The view in the US
0:29:24 > 0:29:29is that the Iranians haven't made that final decision yet.
0:29:29 > 0:29:31To me, that doesn't make any difference.
0:29:31 > 0:29:33I mean, it really doesn't make any difference,
0:29:33 > 0:29:35and it's probably unknowable.
0:29:35 > 0:29:38Unless you can put Supreme Leader Khomeini on the couch
0:29:38 > 0:29:41and interview him, I think, from our standpoint,
0:29:41 > 0:29:45stopping Iran from getting the threshold capacity
0:29:45 > 0:29:48is the primary policy objective.
0:29:49 > 0:29:50Once they had the fissile material,
0:29:50 > 0:29:53once they had the capacity to produce nuclear weapons,
0:29:53 > 0:29:55then the game is lost.
0:30:00 > 0:30:02- HAYDEN:- President Bush once said to me, he said,
0:30:02 > 0:30:05"Mike, I don't want any president ever to be faced
0:30:05 > 0:30:09"with only two options - bombing or the bomb." Right?
0:30:09 > 0:30:11He wanted options that...
0:30:11 > 0:30:14made it...
0:30:14 > 0:30:18made it far less likely he or his successor, or successors,
0:30:18 > 0:30:20would ever get to that point where that's all you've got.
0:30:20 > 0:30:24The intelligence cooperation between Israel and the United States
0:30:24 > 0:30:26is very, very good.
0:30:26 > 0:30:29And, therefore, the Israelis went to the Americans and said,
0:30:29 > 0:30:32"OK, guys, you don't want us to bomb Iran.
0:30:32 > 0:30:36"OK, let's do it differently."
0:30:36 > 0:30:41One day a group of intelligence and military officials showed up
0:30:41 > 0:30:46in President Bush's office and said, "Sir, we have an idea.
0:30:46 > 0:30:50"It's a big risk, it might not work, but here it is."
0:30:57 > 0:31:00- LANGNER:- Moving forward in my analysis of the code,
0:31:00 > 0:31:03I took a closer look at the photographs
0:31:03 > 0:31:08that have been published by the Iranians themselves
0:31:08 > 0:31:11in a press tour from 2008
0:31:11 > 0:31:14of Ahmadinejad and the shiny centrifuges.
0:31:15 > 0:31:20The photographs of Ahmadinejad going through the centrifuges at Natanz
0:31:20 > 0:31:24provided some very important clues.
0:31:24 > 0:31:26There was a huge amount to be learned.
0:31:34 > 0:31:36First of all, those photographs
0:31:36 > 0:31:38showed many of the individuals
0:31:38 > 0:31:41who were guiding Ahmadinejad through the programme.
0:31:41 > 0:31:43And there's one very famous photograph
0:31:43 > 0:31:46that shows Ahmadinejad being shown something.
0:31:46 > 0:31:48You see his face, you can't see what's on the computer.
0:31:48 > 0:31:52And one of the scientists who was behind him
0:31:52 > 0:31:55was assassinated a few months later.
0:31:58 > 0:32:00In one of those photographs,
0:32:00 > 0:32:03you could see parts of a computer screen.
0:32:03 > 0:32:06We refer to that as a "stata screen".
0:32:06 > 0:32:08The stata system is basically a piece of software
0:32:08 > 0:32:10running on a computer.
0:32:10 > 0:32:13It enables the operators to monitor the process.
0:32:14 > 0:32:16What you could see...
0:32:16 > 0:32:19when you look close enough
0:32:19 > 0:32:23was a more detailed view of the configuration.
0:32:23 > 0:32:27There were these six groups of centrifuges
0:32:27 > 0:32:29and each group had 164 entries.
0:32:31 > 0:32:32And guess what?
0:32:32 > 0:32:36That was a perfect match to what we saw in the attack code.
0:32:37 > 0:32:40It was absolutely clear that this piece of code
0:32:40 > 0:32:44was attacking an array of six different groups of,
0:32:44 > 0:32:48let's just say "thingies", physical objects,
0:32:48 > 0:32:50and in those six groups,
0:32:50 > 0:32:53there were 164 elements.
0:32:57 > 0:32:59Were you able to do any actual physical tests?
0:32:59 > 0:33:01Or was it all just code analysis?
0:33:01 > 0:33:06So, we couldn't set up our own nuclear enrichment facility.
0:33:06 > 0:33:09So, what we did was we did obtain some PLCs, the exact models.
0:33:16 > 0:33:18We then ordered an air pump.
0:33:18 > 0:33:21And that's what we used sort of as our proof of concept.
0:33:21 > 0:33:23- O'MURCHU:- We needed a visual demonstration
0:33:23 > 0:33:25to show people what we discovered.
0:33:25 > 0:33:27So, we thought of different things that we could do
0:33:27 > 0:33:29and we settled on blowing up a balloon.
0:33:33 > 0:33:36We were able to write a program that would inflate a balloon
0:33:36 > 0:33:38and it was set to stop after five seconds.
0:33:47 > 0:33:50So, we would inflate the balloon to a certain size,
0:33:50 > 0:33:52but we wouldn't burst the balloon, and it was all safe.
0:33:52 > 0:33:55And we showed everybody, "This is the code that's on the PLC."
0:33:55 > 0:33:58And the timer says, "Stop after five seconds".
0:33:58 > 0:34:00We know that's what's going to happen.
0:34:00 > 0:34:03And then we would infect the computer with Stuxnet
0:34:03 > 0:34:05and we would run the test again.
0:34:35 > 0:34:39Here is a piece of software that should only exist in the cyber realm
0:34:39 > 0:34:44and it is able to infect physical equipment in a plant or factory
0:34:44 > 0:34:46and cause physical damage.
0:34:46 > 0:34:48Real-world physical destruction.
0:34:51 > 0:34:53At that time, things became very scary to us.
0:34:53 > 0:34:56Here you had malware potentially killing people
0:34:56 > 0:34:59and that was something that was always Hollywood-esque to us,
0:34:59 > 0:35:02that we would always laugh at, when people make that kind of assertion.
0:35:06 > 0:35:10At this point, you had to have started developing theories
0:35:10 > 0:35:14as to who had built Stuxnet.
0:35:14 > 0:35:15It wasn't lost on us
0:35:15 > 0:35:20that there were probably only a few countries in the world
0:35:20 > 0:35:22that would want and have the motivation
0:35:22 > 0:35:25to sabotage the Iranians' nuclear enrichment facility.
0:35:25 > 0:35:27The US Government would be up there.
0:35:27 > 0:35:29The Israeli government, certainly, would be up there.
0:35:29 > 0:35:32You know, maybe UK, France, Germany, those sorts of countries,
0:35:32 > 0:35:35but we never found any information
0:35:35 > 0:35:38that would tie it back 100% to those countries.
0:35:38 > 0:35:40There are no telltale signs.
0:35:40 > 0:35:42The attackers don't leave a message inside saying,
0:35:42 > 0:35:44you know, "It was me!"
0:35:44 > 0:35:46And even if they did,
0:35:46 > 0:35:48all of that stuff can be faked.
0:35:48 > 0:35:50So, it's very, very difficult
0:35:50 > 0:35:53to do attribution when looking at computer code.
0:35:53 > 0:35:55Subsequent work that's been done
0:35:55 > 0:35:58leads us to believe that this was the work of a collaboration
0:35:58 > 0:36:00between Israel and the United States.
0:36:00 > 0:36:01Did you have any evidence
0:36:01 > 0:36:03in terms of your analysis that would lead you
0:36:03 > 0:36:05to believe that that's correct, also?
0:36:05 > 0:36:08Nothing that I could talk about on camera.
0:36:09 > 0:36:12- INTERVIEWER CHUCKLES Can I ask why?- No.
0:36:13 > 0:36:15Well, you can, but I won't answer.
0:36:15 > 0:36:18BOTH LAUGH
0:36:18 > 0:36:20But even in the case of nation states, one of the concerns...
0:36:20 > 0:36:23'This was beginning to really piss me off.
0:36:23 > 0:36:26'Even civilians with an interest in telling the Stuxnet story
0:36:26 > 0:36:31'were refusing to address the role of Tel Aviv and Washington.
0:36:31 > 0:36:32'But, luckily for me,
0:36:32 > 0:36:34'whilst DC is a city of secrets,
0:36:34 > 0:36:37'it is also a city of leaks.
0:36:37 > 0:36:41'They're as regular as a heartbeat and just as hard to stop.
0:36:41 > 0:36:43'That's what I was counting on.'
0:36:47 > 0:36:51'Finally, after speaking to a number of people on background,
0:36:51 > 0:36:53'I did find a way of confirming, on the record,
0:36:53 > 0:36:55'the American role in Stuxnet.
0:36:55 > 0:36:58'In exchange for details of the operation,
0:36:58 > 0:37:00'I had to agree to find a way
0:37:00 > 0:37:03'to disguise the source of the information.'
0:37:03 > 0:37:05- We're good?- We're on.
0:37:05 > 0:37:09So, the first question I have to ask you is about secrecy.
0:37:09 > 0:37:12I mean, at this point, everyone knows about Stuxnet.
0:37:12 > 0:37:14Why can't we talk about it?
0:37:14 > 0:37:16- DISTORTED WOMAN'S VOICE: - It's a covert operation.
0:37:16 > 0:37:19Not any more. We know what happened, we know who did it.
0:37:19 > 0:37:22Well, maybe you don't know as much as we think you know.
0:37:24 > 0:37:26I'm talking to you because I want to get the story right.
0:37:26 > 0:37:28That's the same reason I'm talking to you.
0:37:31 > 0:37:32Even though it's a covert operation?
0:37:34 > 0:37:37Well, this is not a Snowden kind of thing.
0:37:37 > 0:37:40OK? I think what he did was wrong. He went too far.
0:37:40 > 0:37:42He gave away too much.
0:37:42 > 0:37:46Unlike Snowden, who was a contractor, I was in the NSA.
0:37:46 > 0:37:49I believe in the agency, so what I'm willing to give you will be limited,
0:37:49 > 0:37:52but we're talking because everyone's getting the story wrong
0:37:52 > 0:37:55and we have to get it right. We have to understand these new weapons.
0:37:55 > 0:37:57- The stakes are too high. - What do you mean?
0:37:59 > 0:38:02We did Stuxnet.
0:38:02 > 0:38:04It's a fact.
0:38:04 > 0:38:07You know, we came so fucking close to disaster,
0:38:07 > 0:38:10and we're still on the edge.
0:38:10 > 0:38:15It was a huge multinational inter-agency operation.
0:38:16 > 0:38:19In the US, it was CIA,
0:38:19 > 0:38:23NSA, and the military, Cyber Command.
0:38:23 > 0:38:27From Britain, we used Iran intel out of GCHQ.
0:38:27 > 0:38:29But the main partner was Israel.
0:38:29 > 0:38:31Over there, Mossad ran the show
0:38:31 > 0:38:34and the technical work was done by Unit 8200.
0:38:34 > 0:38:37Israel is really the key to the story.
0:38:41 > 0:38:44Our traffic in Israel is so unpredictable...
0:38:46 > 0:38:50Yossi, how did you get into this Stuxnet story?
0:38:50 > 0:38:54I have been covering the Israeli intelligence, in general,
0:38:54 > 0:38:56and the Mossad in particular
0:38:56 > 0:38:59for nearly 30 years.
0:38:59 > 0:39:04I knew that Israel is trying to slow down Iran's nuclear programme
0:39:04 > 0:39:06and, therefore, I came to the conclusion
0:39:06 > 0:39:10that if there was a virus affecting Iran's computers,
0:39:10 > 0:39:15it's one more element in this larger picture.
0:39:16 > 0:39:19Amos Yadlin, General Yadlin,
0:39:19 > 0:39:22he was the head of the military intelligence.
0:39:22 > 0:39:27The biggest unit within that organisation is Unit 8200.
0:39:27 > 0:39:32They bug telephones, they bug faxes, they break into computers.
0:39:34 > 0:39:38A decade ago, when Yadlin became the Chief Of Military Intelligence,
0:39:38 > 0:39:43there was no cyber warfare unit in 8200.
0:39:46 > 0:39:50So, they started recruiting very talented people, hackers,
0:39:50 > 0:39:53either from the military or outside the military
0:39:53 > 0:39:57that can contribute to the project of building a cyber warfare unit.
0:39:59 > 0:40:02It's another kind of weapon and it's for unlimited range,
0:40:02 > 0:40:07in a very high speed and in a very low signature.
0:40:07 > 0:40:10So this gives you a huge opportunity,
0:40:10 > 0:40:15and the superpowers have to change the way we think about warfare.
0:40:17 > 0:40:20Finally, we are transforming our military for a new kind of war
0:40:20 > 0:40:22that we're fighting now...
0:40:23 > 0:40:25..and for wars of tomorrow.
0:40:28 > 0:40:31- SANGER:- Back in the end of the Bush administration,
0:40:31 > 0:40:33people in the US Government
0:40:33 > 0:40:36were just beginning to convince President Bush to pour money
0:40:36 > 0:40:39into offensive cyber weapons.
0:40:39 > 0:40:43Stuxnet started off in the Defense Department.
0:40:43 > 0:40:45Then Robert Gates, the Secretary of Defense,
0:40:45 > 0:40:47reviewed this program and he said,
0:40:47 > 0:40:50"This program shouldn't be in the Defense Department.
0:40:50 > 0:40:52"This should be under the covert authorities
0:40:52 > 0:40:55"over in the intelligence world."
0:40:55 > 0:41:00So, the CIA was very deeply involved in this operation,
0:41:00 > 0:41:01while much of the coding work
0:41:01 > 0:41:06was done by the National Security Agency and Unit 8200 -
0:41:06 > 0:41:09its Israeli equivalent - working together
0:41:09 > 0:41:14with a newly created military position called US Cyber Command.
0:41:14 > 0:41:19And, interestingly, the Director of the National Security Agency
0:41:19 > 0:41:21would also have a second role
0:41:21 > 0:41:25as the Commander of US Cyber Command.
0:41:25 > 0:41:30And US Cyber Command is located at Fort Meade,
0:41:30 > 0:41:33in the same building as the NSA.
0:41:33 > 0:41:35- HAYDEN:- NSA has no legal authority to attack.
0:41:35 > 0:41:38It's never had it, I doubt that it ever will.
0:41:38 > 0:41:41It might explain why US Cyber Command is sitting out of Fort Meade
0:41:41 > 0:41:43on top of the National Security Agency.
0:41:43 > 0:41:46Because NSA has the abilities to do these things.
0:41:46 > 0:41:49Cyber Command has the AUTHORITY to do these things,
0:41:49 > 0:41:52and "these things" here refer to the cyber attack.
0:41:52 > 0:41:58This is a huge change for the nature of the intelligence agencies.
0:41:58 > 0:42:01The NSA is supposed to be a code-making
0:42:01 > 0:42:04and code-breaking operation,
0:42:04 > 0:42:07to monitor the communications of foreign powers
0:42:07 > 0:42:09and American adversaries
0:42:09 > 0:42:11in the defence of the United States.
0:42:11 > 0:42:14But creating a Cyber Command
0:42:14 > 0:42:18meant using the same technology to do offensive work.
0:42:20 > 0:42:24Once you get inside an adversary's computer networks,
0:42:24 > 0:42:27you put an implant in that network,
0:42:27 > 0:42:30and we have tens of thousands of foreign computers and networks
0:42:30 > 0:42:33that the United States has put implants in.
0:42:33 > 0:42:36You can use it to monitor what's going across that network
0:42:36 > 0:42:41and you can use it to insert cyber weapons, malware.
0:42:41 > 0:42:45If you can spy on a network, you can manipulate it.
0:42:45 > 0:42:50It's already included. The only thing you need is an act of will.
0:42:53 > 0:42:56- DISTORTED FEMALE VOICE: - I played a role in Iraq.
0:42:56 > 0:42:58I can't tell you whether it was military or not,
0:42:58 > 0:43:02but I can tell you NSA had combat support teams in the country
0:43:02 > 0:43:04and, for the first time,
0:43:04 > 0:43:07units in the field had direct access to NSA intel.
0:43:10 > 0:43:13Over time, we thought more about offence than defence.
0:43:13 > 0:43:16More about attacking than intelligence.
0:43:16 > 0:43:19In the old days, units would try to track radios,
0:43:19 > 0:43:21but through NSA in Iraq,
0:43:21 > 0:43:25we had access to all the networks going in and out of the country.
0:43:25 > 0:43:29We hoovered up every text message, e-mail and phone call.
0:43:29 > 0:43:31The complete surveillance state.
0:43:31 > 0:43:33We could find the bad guys.
0:43:33 > 0:43:36Say, a gang making IEDs -
0:43:36 > 0:43:40map their networks and follow them in real-time.
0:43:40 > 0:43:41We could lock into cellphones,
0:43:41 > 0:43:45even when they were off, send a fake text message from a friend,
0:43:45 > 0:43:48suggest a meeting place and then capture...
0:43:48 > 0:43:50- SOLDIER:- 'You're clear to fire.'
0:43:50 > 0:43:51..or kill.
0:43:53 > 0:43:57I was in TAOS 321, the ROC.
0:43:57 > 0:44:00OK, the TAO? The ROC?
0:44:00 > 0:44:03Right, sorry, TAO is Tailored Access Operations.
0:44:03 > 0:44:06It's where NSA's hackers work. Of course, we didn't call them that.
0:44:06 > 0:44:08What did you call them?
0:44:08 > 0:44:11On-net operators. They're the only people at NSA
0:44:11 > 0:44:14allowed to break in or attack on the internet.
0:44:14 > 0:44:18Inside TAO headquarters is the ROC - "Remote Operations Center".
0:44:18 > 0:44:23If the US Government wants to get in somewhere,
0:44:23 > 0:44:25it goes to the ROC.
0:44:25 > 0:44:27I mean, we were flooded with requests.
0:44:27 > 0:44:32So many that we could only do about 30% of the missions
0:44:32 > 0:44:33that were requested of us at the one time.
0:44:33 > 0:44:38Through the web, but also by hijacking shipments of parts.
0:44:38 > 0:44:40You know, sometimes the CIA
0:44:40 > 0:44:44would assist in putting implants in machines.
0:44:44 > 0:44:47So, once inside a target network,
0:44:47 > 0:44:51we could just...watch...
0:44:52 > 0:44:54..or we could attack.
0:44:58 > 0:45:01Inside NSA was a strange kind of culture -
0:45:01 > 0:45:03like two parts macho military
0:45:03 > 0:45:06and two parts cyber geek.
0:45:06 > 0:45:09I mean, I came from Iraq, so I was used to, "Yes, sir!" "No, sir!"
0:45:09 > 0:45:11but for the weapons programmers,
0:45:11 > 0:45:14we needed more "think outside the box" types.
0:45:14 > 0:45:17Were they all working on Stuxnet?
0:45:17 > 0:45:19We never called it Stuxnet.
0:45:19 > 0:45:22That was the name invented by the anti-virus guys.
0:45:22 > 0:45:24When it hit the papers - we're not allowed
0:45:24 > 0:45:27to read about classified operations even if it's in the New York Times -
0:45:27 > 0:45:29we went out our way to avoid the term.
0:45:29 > 0:45:30I mean, saying "Stuxnet" out loud
0:45:30 > 0:45:32was like saying "Voldemort" in Harry Potter -
0:45:32 > 0:45:34the Name That Shall Not Be Spoken.
0:45:34 > 0:45:36What did you call it, then?
0:45:43 > 0:45:48The Natanz attack, and this is out there already,
0:45:48 > 0:45:51was called Olympic Games or OG.
0:45:54 > 0:45:58There was a huge operation to test the code
0:45:58 > 0:46:00on PLCs here at Fort Meade,
0:46:00 > 0:46:02and in Sandia, New Mexico.
0:46:04 > 0:46:06Remember during the Bush era,
0:46:06 > 0:46:08when Libya turned over all of its centrifuges?
0:46:08 > 0:46:12Those were the same models the Iranians got from AQ Khan, P1s.
0:46:13 > 0:46:17We took them to Oak Ridge and used them to test the code,
0:46:17 > 0:46:20which demolished the insides.
0:46:20 > 0:46:24At Dimona, the Israelis also tested on the P1s.
0:46:25 > 0:46:28Then, probably by using our intel on Iran,
0:46:28 > 0:46:31we got the plans for the newer models, the IR2s.
0:46:31 > 0:46:34We tried out different attack vectors.
0:46:34 > 0:46:39We ended up focusing on ways to destroy the rotor tubes.
0:46:39 > 0:46:42In the tests we ran, we blew them apart.
0:46:44 > 0:46:46They swept up the pieces, they put it on an aeroplane,
0:46:46 > 0:46:49they flew to Washington, they stuck it in a truck,
0:46:49 > 0:46:52they drove it through the gates of the White House,
0:46:52 > 0:46:53and dumped the shards out
0:46:53 > 0:46:56on the conference room table in the Situation Room,
0:46:56 > 0:47:00and then they invited President Bush to come down and take a look.
0:47:00 > 0:47:04And when he could pick up the shard of a piece of centrifuge,
0:47:04 > 0:47:07he was convinced this might be worth it,
0:47:07 > 0:47:09and he said, "Go ahead and try."
0:47:09 > 0:47:12Was there a legal concern inside the Bush administration
0:47:12 > 0:47:16that this might be an act of undeclared war?
0:47:16 > 0:47:19If there were concerns, I haven't found them.
0:47:20 > 0:47:23That doesn't mean that they didn't exist
0:47:23 > 0:47:27and that some lawyers somewhere were concerned about it,
0:47:27 > 0:47:30but this was an entirely new territory.
0:47:30 > 0:47:34At the time, there were only very few people who had expertise
0:47:34 > 0:47:36specifically on the law of war and cyber.
0:47:36 > 0:47:38And what we did was, looking at,
0:47:38 > 0:47:40"OK, here's our broad direction.
0:47:40 > 0:47:42"Now let's look, technically,
0:47:42 > 0:47:46"what can we do to facilitate this broad direction?"
0:47:46 > 0:47:47After that, maybe the...
0:47:47 > 0:47:51I would come in, or one of my lawyers would come in and say,
0:47:51 > 0:47:54"OK, this is what we may do."
0:47:54 > 0:47:59OK? There are many things we CAN do but we are not ALLOWED to do them.
0:47:59 > 0:48:02And then, after that, there's still a final level that we look at,
0:48:02 > 0:48:03and that's, what should we do?
0:48:03 > 0:48:07Because there are many things that would be technically possible
0:48:07 > 0:48:10and technically legal, but a bad idea.
0:48:10 > 0:48:13For Natanz, it was a CIA-led operation,
0:48:13 > 0:48:16so we had to have agency sign-off.
0:48:16 > 0:48:18Really?
0:48:18 > 0:48:21Someone from the agency...
0:48:21 > 0:48:23stood behind the operator and the analyst,
0:48:23 > 0:48:26and gave the order to launch every attack.
0:48:33 > 0:48:35Before they even started this attack,
0:48:35 > 0:48:37they put inside of the code the kill date,
0:48:37 > 0:48:39a date at which it would stop operating.
0:48:39 > 0:48:42Cut-off dates, we don't normally see that in other threats,
0:48:42 > 0:48:46and you have to think, "Well, why is there a cut-off date in there?"
0:48:46 > 0:48:47When you realise that a section of it
0:48:47 > 0:48:49was probably written by Government,
0:48:49 > 0:48:51and that there are laws regarding
0:48:51 > 0:48:53how you can use this sort of software,
0:48:53 > 0:48:56that there may have been a legal team who said,
0:48:56 > 0:48:58"No, you need to have a cut-off date in there,
0:48:58 > 0:49:00"you can only do this and you can only go that far,
0:49:00 > 0:49:02"and we need to check if this is legal or not."
0:49:04 > 0:49:07That date is a few days before Obama's inauguration.
0:49:07 > 0:49:09So, the theory is that
0:49:09 > 0:49:13this was an operation that needed to be stopped at a certain time,
0:49:13 > 0:49:15because there was going to be a handover
0:49:15 > 0:49:18and that more approval was needed.
0:49:21 > 0:49:24- Are you prepared to take the oath, Senator?- I am.
0:49:24 > 0:49:26I, Barack Hussein Obama...
0:49:26 > 0:49:27- I, Barack...- ..do solemnly swear.
0:49:27 > 0:49:30I, Barack Hussein Obama, do solemnly swear...
0:49:30 > 0:49:33- SANGER:- Olympic Games was reauthorised by President Obama
0:49:33 > 0:49:35in his first year in office, 2009.
0:49:39 > 0:49:42It was fascinating because it was the first year
0:49:42 > 0:49:43of the Obama administration
0:49:43 > 0:49:46and they would talk to you ENDLESSLY about cyber defence.
0:49:46 > 0:49:49- OBAMA:- We count on computer networks to deliver our oil and gas,
0:49:49 > 0:49:51our power and our water.
0:49:51 > 0:49:54We rely on them for public transportation
0:49:54 > 0:49:56and air-traffic control.
0:49:56 > 0:49:58But just as we failed in the past to invest
0:49:58 > 0:50:02in our physical infrastructure, our roads,
0:50:02 > 0:50:04our bridges and rails, we've failed to invest
0:50:04 > 0:50:07in the security of our digital infrastructure.
0:50:07 > 0:50:09But when you asked questions
0:50:09 > 0:50:12about the use of offensive cyber weapons,
0:50:12 > 0:50:14everything went dead.
0:50:14 > 0:50:17No cooperation. White House wouldn't help. Pentagon wouldn't help.
0:50:17 > 0:50:20NSA wouldn't help. Nobody would talk to you about it.
0:50:20 > 0:50:23But when you dug into the budget for cyber spending
0:50:23 > 0:50:26during the Obama administration,
0:50:26 > 0:50:27what you discovered was
0:50:27 > 0:50:31much of it was being spent on offensive cyber weapons.
0:50:32 > 0:50:37You'd see phrases like "Title 10 CNO".
0:50:37 > 0:50:40"Title 10" means "operations for the US Military",
0:50:40 > 0:50:45and "CNO" means "computer network operations".
0:50:45 > 0:50:50This is considerable evidence that Stuxnet was just the opening wedge
0:50:50 > 0:50:53of what is a much broader US Government effort now
0:50:53 > 0:50:57to develop an entire new class of weapons.
0:51:02 > 0:51:05- CHIEN:- Stuxnet wasn't just an evolution -
0:51:05 > 0:51:07it was really a revolution in the threat landscape.
0:51:09 > 0:51:12In the past, the vast majority of threats that we saw were always
0:51:12 > 0:51:13controlled by an operator somewhere.
0:51:13 > 0:51:15They wouldn't infect your machines,
0:51:15 > 0:51:17but they would have what's called a "call-back"
0:51:17 > 0:51:18or "command and control channel".
0:51:18 > 0:51:21The threats would actually contact the operator and say,
0:51:21 > 0:51:23"What do you want me to do next?" The operator would send commands
0:51:23 > 0:51:26and say, maybe, "Search through this directory, find these folders,
0:51:26 > 0:51:28"find these files, upload these files to me.
0:51:28 > 0:51:29"Spread to this other machine."
0:51:29 > 0:51:30Things of that nature.
0:51:30 > 0:51:34But Stuxnet couldn't have a command and control channel,
0:51:34 > 0:51:37because once it got inside of Natanz,
0:51:37 > 0:51:40it would not have been able to reach back out to the attackers.
0:51:40 > 0:51:42The Natanz network is completely air-gapped
0:51:42 > 0:51:45from the rest of the internet. It's not connected to the internet.
0:51:45 > 0:51:46It's its own isolated network.
0:51:46 > 0:51:49Getting across an air gap is one of the more difficult challenges
0:51:49 > 0:51:50that attackers will face,
0:51:50 > 0:51:52just because of the fact that
0:51:52 > 0:51:53everything is in place to prevent that.
0:51:53 > 0:51:56You know, everything... You know, the policies and procedures
0:51:56 > 0:52:00and the physical network that's in place is specifically designed
0:52:00 > 0:52:01to prevent you crossing the air gap.
0:52:01 > 0:52:03But there is no truly air-gapped network
0:52:03 > 0:52:06in these real-world production environments.
0:52:06 > 0:52:08People have got to get new code into Natanz.
0:52:08 > 0:52:11People have to get log files off of this network in Natanz.
0:52:11 > 0:52:14People have to upgrade equipment. People have to upgrade computers.
0:52:14 > 0:52:18This highlights one of the major security issues
0:52:18 > 0:52:20that we have in the field.
0:52:20 > 0:52:23If you think, "Well, nobody can attack this power plant
0:52:23 > 0:52:27"or this chemical plant because it's not connected to the internet,"
0:52:27 > 0:52:29that's a bizarre illusion.
0:52:32 > 0:52:36- DISTORTED FEMALE VOICE:- And the first time we introduced the code
0:52:36 > 0:52:39into Natanz, we used human assets.
0:52:39 > 0:52:43Maybe CIA - more likely, Mossad - but...
0:52:43 > 0:52:45our team was kept in the dark about the tradecraft.
0:52:45 > 0:52:48We heard rumours in Moscow,
0:52:48 > 0:52:52an Iranian laptop infected by a phoney Siemens technician
0:52:52 > 0:52:54with a flash drive.
0:52:55 > 0:52:58A double agent in Iran with access to Natanz.
0:52:58 > 0:53:00But I don't really know.
0:53:00 > 0:53:03What we had to focus on was to write the code
0:53:03 > 0:53:07so that, once inside, the worm acted on its own.
0:53:07 > 0:53:10They built in all the code and all the logic into the threat
0:53:10 > 0:53:12to be able to operate all by itself.
0:53:12 > 0:53:14It had the ability to spread by itself.
0:53:14 > 0:53:17It had the ability to figure out, "Do I have the right PLCs?
0:53:17 > 0:53:19"Have I arrived in Natanz?
0:53:19 > 0:53:20"Am I at the target?"
0:53:20 > 0:53:24- LANGNER:- And when it's on target, it executes autonomously.
0:53:24 > 0:53:28That also means you... you cannot call off the attack.
0:53:28 > 0:53:32It was definitely the type of attack where someone had decided that this
0:53:32 > 0:53:35is what they wanted to do. There was no turning back
0:53:35 > 0:53:37once Stuxnet was released.
0:53:42 > 0:53:44When it began to actually execute its payload,
0:53:44 > 0:53:46you would have a whole bunch of centrifuges
0:53:46 > 0:53:48in a huge array of cascades,
0:53:48 > 0:53:51sitting in a big hall, and then, just off that hall,
0:53:51 > 0:53:53you would have an operators' room, the control panels in front of them,
0:53:53 > 0:53:56a big window where they could see into the hall.
0:53:56 > 0:54:01Computers monitor the activities of all these centrifuges.
0:54:01 > 0:54:02So, a centrifuge,
0:54:02 > 0:54:05it's driven by an electrical motor,
0:54:05 > 0:54:08and the speed of this electrical motor
0:54:08 > 0:54:11is controlled by another PLC,
0:54:11 > 0:54:13by another programmable logic controller.
0:54:15 > 0:54:19Stuxnet would wait for 13 days before doing anything.
0:54:19 > 0:54:23These 13 days is about the time it takes to actually fill
0:54:23 > 0:54:27an entire cascade of centrifuges with uranium.
0:54:27 > 0:54:29They didn't want to attack when the centrifuges were empty
0:54:29 > 0:54:31or at the beginning of the enrichment process.
0:54:31 > 0:54:34What Stuxnet did
0:54:34 > 0:54:36was it actually would sit there during the 13 days
0:54:36 > 0:54:39and basically record all of the normal activities
0:54:39 > 0:54:41that were happening, and save it.
0:54:41 > 0:54:45And once they saw them spinning for 13 days, then the attack occurred.
0:54:46 > 0:54:50Centrifuges spin at incredible speeds, at about 1,000 hertz.
0:54:50 > 0:54:53They have a safe operating speed -
0:54:53 > 0:54:5663,000 revolutions per minute.
0:54:56 > 0:54:58Stuxnet caused the uranium enrichment centrifuges
0:54:58 > 0:55:00to spin up to 1,400 hertz.
0:55:00 > 0:55:02Up to 80,000 revolutions per minute.
0:55:07 > 0:55:09What would happen was those centrifuges would go through
0:55:09 > 0:55:11what's called a "resonance frequency".
0:55:11 > 0:55:12It would go through a frequency
0:55:12 > 0:55:15at which the metal would basically vibrate uncontrollably,
0:55:15 > 0:55:19and essentially shatter. There'd be uranium gas everywhere.
0:55:19 > 0:55:22And then the second attack they attempted
0:55:22 > 0:55:24was they actually tried to lower it to two hertz.
0:55:24 > 0:55:26They were slowed down...
0:55:26 > 0:55:27to almost standstill.
0:55:27 > 0:55:31And at two hertz, an opposite effect occurs.
0:55:31 > 0:55:33You can imagine a toy top that you spin,
0:55:33 > 0:55:35and as the top begins to slow down, it begins to wobble.
0:55:35 > 0:55:37That's what happened to these centrifuges -
0:55:37 > 0:55:40they would begin to wobble and essentially shatter and fall apart.
0:55:44 > 0:55:47And instead of sending back to the computer what was really happening,
0:55:47 > 0:55:50it would send back that old data that it had recorded.
0:55:50 > 0:55:52So, the computer's sitting there thinking,
0:55:52 > 0:55:54"Yup, running at 1,000 hertz, everything's fine.
0:55:54 > 0:55:56"Running at 1,000 hertz, everything's fine."
0:55:56 > 0:55:58But those centrifuges are spinning up wildly.
0:55:58 > 0:56:02A huge noise would occur. It'd be like, you know, a jet engine.
0:56:02 > 0:56:05JETS POWERING UP
0:56:05 > 0:56:08The operators would know, "Whoa, something is going wrong here."
0:56:08 > 0:56:11They might look at their monitors and say, "It says it's 1,000 hertz."
0:56:11 > 0:56:13But they would hear that, in the room,
0:56:13 > 0:56:14something gravely bad was happening.
0:56:14 > 0:56:19Not only are the operators fooled into thinking everything's normal,
0:56:19 > 0:56:25but also any kind of automated protective logic is fooled.
0:56:25 > 0:56:28You can't just turn these centrifuges off.
0:56:28 > 0:56:31They have to be brought down in a very controlled manner.
0:56:31 > 0:56:32And so they would hit, literally,
0:56:32 > 0:56:35the big red button to initiate a graceful shutdown.
0:56:35 > 0:56:38And Stuxnet intercepts that code, so you would have these operators
0:56:38 > 0:56:40slamming on that button over and over again,
0:56:40 > 0:56:42and nothing would happen.
0:56:43 > 0:56:46- YADLIN:- If your cyber weapon is good enough,
0:56:46 > 0:56:49if your enemy is not aware of it,
0:56:49 > 0:56:52it is an ideal weapon,
0:56:52 > 0:56:54because the enemy don't understand what is happening to them.
0:56:54 > 0:56:58Maybe, even better, the enemy begins to doubt their own capability?
0:56:58 > 0:56:59Absolutely.
0:56:59 > 0:57:01Certainly,
0:57:01 > 0:57:04one must conclude that what happened at Natanz
0:57:04 > 0:57:07must have driven the engineers crazy.
0:57:07 > 0:57:11Because the worst thing that can happen to a maintenance engineer
0:57:11 > 0:57:13is not being able to figure out
0:57:13 > 0:57:16what the cause of the specific trouble is,
0:57:16 > 0:57:19so they must have been analysing themselves to death.
0:57:24 > 0:57:27- SANGER:- Through 2009, it was going pretty smoothly.
0:57:27 > 0:57:30Centrifuges were blowing up. The International Atomic Energy Agency
0:57:30 > 0:57:33inspectors would go into Natanz and they would see
0:57:33 > 0:57:36that whole sections of the centrifuges had been removed.
0:57:38 > 0:57:41The United States knew from its intelligence channels
0:57:41 > 0:57:45that some Iranian scientists and engineers were being fired,
0:57:45 > 0:57:47because the centrifuges were blowing up,
0:57:47 > 0:57:50and the Iranians had assumed that this was because
0:57:50 > 0:57:52they would have been making errors,
0:57:52 > 0:57:53there were manufacturing mistakes,
0:57:53 > 0:57:56clearly this was somebody's fault.
0:57:56 > 0:58:00So, the program was doing exactly what it was supposed to be doing,
0:58:00 > 0:58:03which was, it was blowing up centrifuges
0:58:03 > 0:58:06and it was leaving no trace,
0:58:06 > 0:58:10and leaving the Iranians to wonder what they got hit by.
0:58:10 > 0:58:12This was the brilliance of Olympic Games.
0:58:12 > 0:58:14You know, as a former director
0:58:14 > 0:58:16of a couple of big three-letter agencies,
0:58:16 > 0:58:19slowing down 1,000 centrifuges in Natanz?
0:58:19 > 0:58:20An unalloyed good.
0:58:20 > 0:58:23There was a need for, for buying time.
0:58:23 > 0:58:25There was a need for slowing them down.
0:58:25 > 0:58:28There was a need to try and push them to the negotiating table.
0:58:28 > 0:58:31I mean, there were a lot of variables at play here.
0:58:35 > 0:58:39- SANGER:- President Obama would go down into the Situation Room
0:58:39 > 0:58:41and he would have laid out in front of him
0:58:41 > 0:58:43what they call the horse blanket,
0:58:43 > 0:58:46which was a giant schematic
0:58:46 > 0:58:49of the Natanz nuclear enrichment plant.
0:58:49 > 0:58:52And the designers of Olympic Games
0:58:52 > 0:58:55would describe to him what kind of progress they made,
0:58:55 > 0:58:57and look for him for the authorisation
0:58:57 > 0:59:00to move on ahead to the next attack.
0:59:01 > 0:59:04And at one point during those discussions,
0:59:04 > 0:59:05he said to a number of his aides,
0:59:05 > 0:59:07"You know, I have some concerns,
0:59:07 > 0:59:09"because once word of this gets out..."
0:59:09 > 0:59:11And he knew it would get out.
0:59:11 > 0:59:14"..the Chinese may use it as an excuse for their attacks on us,
0:59:14 > 0:59:17"the Russians might, or others."
0:59:17 > 0:59:19So, he clearly had some misgivings,
0:59:19 > 0:59:21but they weren't big enough to stop him
0:59:21 > 0:59:23from going ahead with the programme.
0:59:24 > 0:59:27And then, in 2010,
0:59:27 > 0:59:30a decision was made to change the code.
0:59:36 > 0:59:41Our human assets weren't always able to get code updates into Natanz,
0:59:41 > 0:59:45and we weren't told exactly why, but...
0:59:45 > 0:59:48we were told we had to have a cyber solution
0:59:48 > 0:59:50for delivering the code.
0:59:50 > 0:59:52But the delivery systems were tricky.
0:59:52 > 0:59:55If they weren't aggressive enough, they wouldn't get in.
0:59:55 > 0:59:57If they were too aggressive,
0:59:57 > 0:59:59it could spread and be discovered.
1:00:01 > 1:00:03- CHIEN:- When we got the first sample,
1:00:03 > 1:00:05there was some configuration information inside of it,
1:00:05 > 1:00:09and one of the pieces in there was a version number, 1.1.
1:00:09 > 1:00:10And that made us realise,
1:00:10 > 1:00:12"Well, look, this likely isn't the only copy."
1:00:12 > 1:00:14We went back to our databases,
1:00:14 > 1:00:17looking for anything that looked similar to Stuxnet.
1:00:19 > 1:00:21As we began to collect more samples,
1:00:21 > 1:00:23we found a few earlier versions of Stuxnet.
1:00:23 > 1:00:24And when we analysed that code,
1:00:24 > 1:00:27we saw that versions previous to 1.1
1:00:27 > 1:00:29were a lot less aggressive.
1:00:29 > 1:00:31The earlier version of Stuxnet,
1:00:31 > 1:00:34it, basically, required humans to do a little bit of double-clicking
1:00:34 > 1:00:37in order for it to spread from one computer to another.
1:00:37 > 1:00:40And so, what we believe, after looking at that code, is two things.
1:00:40 > 1:00:44One, either they didn't get into Natanz with that earlier version
1:00:44 > 1:00:46because it simply wasn't aggressive enough,
1:00:46 > 1:00:48wasn't able to jump over that air gap.
1:00:48 > 1:00:52And/or two, that payload, as well, didn't work properly.
1:00:52 > 1:00:54It didn't work to their satisfaction.
1:00:54 > 1:00:57Maybe it was not explosive enough.
1:00:57 > 1:00:59There were slightly different versions
1:00:59 > 1:01:02which were aimed at different parts of the centrifuge cascade.
1:01:02 > 1:01:06But the guys at Symantec figured you changed the code because
1:01:06 > 1:01:08the first variations couldn't get in and didn't work right.
1:01:08 > 1:01:13Bullshit. We always found a way to get across the air gap.
1:01:13 > 1:01:14At TAO, we laughed when people
1:01:14 > 1:01:17thought they were protected by an air gap.
1:01:17 > 1:01:20And for OG, the early versions of the payload did work.
1:01:20 > 1:01:22But what NSA did...
1:01:23 > 1:01:25..was always low-key
1:01:25 > 1:01:27and subtle.
1:01:27 > 1:01:30The problem was that Unit 8200, the Israelis,
1:01:30 > 1:01:33kept pushing us to be more aggressive.
1:01:34 > 1:01:36The later version of Stuxnet, 1.1 -
1:01:36 > 1:01:38that version had multiple ways of spreading.
1:01:38 > 1:01:41It had the four zero-days inside of it, for example,
1:01:41 > 1:01:43that allowed it to spread all by itself, without you doing anything.
1:01:43 > 1:01:47It could spread via network shares. It could spread via USB keys.
1:01:47 > 1:01:49It was able to spread via network exploits.
1:01:49 > 1:01:53That's the sample that introduces the stolen digital certificates.
1:01:53 > 1:01:55That is the sample that, all of a sudden,
1:01:55 > 1:01:57became so noisy
1:01:57 > 1:02:00and caught the attention of the antivirus guys.
1:02:00 > 1:02:03In the first sample, we don't find that.
1:02:05 > 1:02:07And this is very strange
1:02:07 > 1:02:10because it tells us that,
1:02:10 > 1:02:13in the process of this development,
1:02:13 > 1:02:17the attackers were less concerned with operational security.
1:02:23 > 1:02:25Stuxnet actually kept a log inside of itself
1:02:25 > 1:02:28of all the machines that had been infected along the way,
1:02:28 > 1:02:32as it jumped from one machine to another to another to another.
1:02:32 > 1:02:33And we were able to gather up
1:02:33 > 1:02:35all of the samples that we could acquire,
1:02:35 > 1:02:38tens of thousands of samples, and we extracted all of those logs.
1:02:38 > 1:02:42We can see the exact path that Stuxnet took.
1:02:43 > 1:02:46Eventually we were able to trace back this version of Stuxnet
1:02:46 > 1:02:50to ground zero - to the first five infections in the world.
1:02:50 > 1:02:54The first five infections were all outside of Natanz plant,
1:02:54 > 1:02:57all inside of organisations inside of Iran.
1:02:57 > 1:03:00All organisations that are involved in industrial control systems,
1:03:00 > 1:03:03and construction of industrial control facilities.
1:03:03 > 1:03:07Clearly contractors who were working on the Natanz facility,
1:03:07 > 1:03:08and the attackers knew that.
1:03:08 > 1:03:11They're electrical companies. They're piping companies.
1:03:11 > 1:03:13They're, you know, these sorts of companies.
1:03:13 > 1:03:17And they knew that technicians from those companies would visit Natanz.
1:03:17 > 1:03:20So, they would infect these companies and then technicians
1:03:20 > 1:03:23would take their computer or their laptop on their USB...
1:03:23 > 1:03:26That operator then goes down to Natanz and he plugs in his USB key
1:03:26 > 1:03:28which has some code that he needs to update into Natanz,
1:03:28 > 1:03:30into the Natanz network, and now Stuxnet is able
1:03:30 > 1:03:33to get inside Natanz and conduct its attack.
1:03:34 > 1:03:36These five companies were specifically targeted
1:03:36 > 1:03:38to spread Stuxnet into Natanz,
1:03:38 > 1:03:41and it wasn't that Stuxnet escaped out of Natanz
1:03:41 > 1:03:44and then spread all over the world, and it was this big mistake and,
1:03:44 > 1:03:47"Oh, it wasn't meant to spread that far but it really did."
1:03:47 > 1:03:49No, that's not the way we see it. The way we see it is that
1:03:49 > 1:03:53they wanted it to spread far so that they could get it into Natanz.
1:03:53 > 1:03:57Someone decided that we're going to create something new,
1:03:57 > 1:04:02something evolved, that's going to be far, far, far more aggressive.
1:04:02 > 1:04:04And we're OK, frankly,
1:04:04 > 1:04:07with it spreading all over the world to innocent machines,
1:04:07 > 1:04:09in order to go after our target.
1:04:14 > 1:04:17The Mossad had the role,
1:04:17 > 1:04:20had the assignment,
1:04:20 > 1:04:23to deliver the virus,
1:04:23 > 1:04:26to make sure that Stuxnet
1:04:26 > 1:04:31would be put in place in Natanz to affect the centrifuges.
1:04:32 > 1:04:34Meir Dagan, the head of Mossad,
1:04:34 > 1:04:39was under growing pressure from the Prime Minister, Benjamin Netanyahu,
1:04:39 > 1:04:41to produce results.
1:04:42 > 1:04:45Inside the ROC, we were furious.
1:04:47 > 1:04:51The Israelis took our code for the delivery system and changed it.
1:04:52 > 1:04:55Then, on their own, without our agreement,
1:04:55 > 1:04:57they just fucking launched it.
1:04:57 > 1:05:012010, around the same time they started killing Iranian scientists.
1:05:01 > 1:05:03And they fucked up the code.
1:05:03 > 1:05:07Instead of hiding, the code started shutting down computers.
1:05:07 > 1:05:09So, naturally, people noticed.
1:05:11 > 1:05:14Because they were in a hurry, they opened Pandora's Box,
1:05:14 > 1:05:17they let it out, and it spread...
1:05:17 > 1:05:19all over the world.
1:05:24 > 1:05:25The worm spread quickly,
1:05:25 > 1:05:30but somehow it remained unseen until it was identified in Belarus.
1:05:30 > 1:05:32Soon after, Israeli intelligence confirmed
1:05:32 > 1:05:34that it had made its way into the hands
1:05:34 > 1:05:38of the Russian Federal Security Service, the successor to the KGB.
1:05:40 > 1:05:43And so it happened that the formula for a secret cyber weapon
1:05:43 > 1:05:44designed by the US and Israel
1:05:44 > 1:05:46fell into the hands of Russia
1:05:46 > 1:05:49and the very country it was meant to attack.
1:06:09 > 1:06:10ANGRY CHANTING
1:06:10 > 1:06:12- KIYAEI:- In international law,
1:06:12 > 1:06:15when some country, or a coalition of countries,
1:06:15 > 1:06:18targets a nuclear facility,
1:06:18 > 1:06:20it's an act of war.
1:06:20 > 1:06:24Please, let's be frank here.
1:06:24 > 1:06:27If it wasn't Iran,
1:06:27 > 1:06:30let's say a nuclear facility in the United States
1:06:30 > 1:06:33was targeted in the same way...
1:06:34 > 1:06:40..the American Government would not sit by and let this go.
1:06:40 > 1:06:44Stuxnet is an attack in peacetime on critical infrastructure.
1:06:44 > 1:06:47Yes, it is. Look, when I read about it,
1:06:47 > 1:06:48all right, I go,
1:06:48 > 1:06:51"Whoa, this is a big deal!" Yeah.
1:06:52 > 1:06:55- SANGER:- The people who were running this program,
1:06:55 > 1:06:59including Leon Panetta, the director of the CIA at the time,
1:06:59 > 1:07:03had to go down into the Situation Room and face President Obama
1:07:03 > 1:07:05and Vice President Biden
1:07:05 > 1:07:10and explain that this program was suddenly on the loose.
1:07:11 > 1:07:16Vice President Biden at one point during this discussion, sort of,
1:07:16 > 1:07:18exploded in Biden-esque fashion
1:07:18 > 1:07:22and blamed the Israelis. He said, "It must have been the Israelis
1:07:22 > 1:07:26"who made a change in the code that enabled it to get out."
1:07:28 > 1:07:30President Obama said to the senior leadership,
1:07:30 > 1:07:32"You told me it wouldn't get out of the network. It did.
1:07:32 > 1:07:34"You told me Iranians would never figure out
1:07:34 > 1:07:37"it was the United States. They did.
1:07:37 > 1:07:41"You told me it would have a huge effect on their nuclear programme,
1:07:41 > 1:07:43"and it didn't."
1:07:44 > 1:07:47The Natanz plant is inspected every couple of weeks
1:07:47 > 1:07:51by the International Atomic Energy Agency inspectors,
1:07:51 > 1:07:53and if you line up what you know about the attacks
1:07:53 > 1:07:57with the inspection reports, you can see the effects.
1:07:58 > 1:08:00- HEINONEN:- If you go to the IAEA reports,
1:08:00 > 1:08:03we really saw that a lot of centrifuges were switched off,
1:08:03 > 1:08:06and they were removed.
1:08:06 > 1:08:09As much as almost a couple of thousand got compromised.
1:08:09 > 1:08:11When you put this all together,
1:08:11 > 1:08:13I wouldn't be surprised if their programme
1:08:13 > 1:08:15got delayed by the one year.
1:08:15 > 1:08:19But go, then, to year 2012-13, and look, you know,
1:08:19 > 1:08:22how the centrifuges started to come up again.
1:08:25 > 1:08:28- KIYAEI:- So, ironically, cyber warfare,
1:08:28 > 1:08:32assassination of its nuclear scientists,
1:08:32 > 1:08:33economic sanctions,
1:08:33 > 1:08:35political isolation...
1:08:36 > 1:08:42Iran has gone through A-X of every coercive policy that the US,
1:08:42 > 1:08:46Israel and those who ally with them
1:08:46 > 1:08:48have placed on Iran,
1:08:48 > 1:08:51and they have actually made Iran's nuclear programme
1:08:51 > 1:08:54more advanced today than it was ever before.
1:08:54 > 1:08:56CHANTING IN ARABIC
1:08:57 > 1:09:01- DISTORTED MALE VOICE:- This is a very, very dangerous minefield
1:09:01 > 1:09:05that we are walking, and the nations who decide
1:09:05 > 1:09:09to take these covert actions should be
1:09:09 > 1:09:14taking into consideration all the effects,
1:09:14 > 1:09:17including the moral effects.
1:09:17 > 1:09:23I would say that this is the price that we have to pay in this...
1:09:23 > 1:09:29in this world, and our blade of righteousness shouldn't be so sharp.
1:09:34 > 1:09:37In Israel and in the United States,
1:09:37 > 1:09:39the blade of righteousness cut both ways,
1:09:39 > 1:09:42wounding the targets and the attackers.
1:09:42 > 1:09:45Once Stuxnet infected American computers,
1:09:45 > 1:09:47the Department of Homeland Security,
1:09:47 > 1:09:50unaware of the cyber weapons launched by the NSA,
1:09:50 > 1:09:53devoted enormous resources trying to protect Americans
1:09:53 > 1:09:55from their own government.
1:09:55 > 1:09:58We had met the enemy and it was us.
1:10:09 > 1:10:11Yep, absolutely.
1:10:11 > 1:10:13We'll be more than happy to discuss that.
1:10:13 > 1:10:16Early July of 2010, I received a call
1:10:16 > 1:10:19that said that this piece of malware was discovered,
1:10:19 > 1:10:22and could we take a look at it?
1:10:22 > 1:10:25When we first started the analysis, there was that, "Oh, crap" moment.
1:10:25 > 1:10:27You know, where we sat there and said, "This is something
1:10:27 > 1:10:30"that's significant. It's impacting industrial control.
1:10:30 > 1:10:32"It can disrupt it to the point where it could cause harm,
1:10:32 > 1:10:35"and not only damage to the equipment,
1:10:35 > 1:10:36"but potentially harm or loss of life."
1:10:36 > 1:10:38We were very concerned,
1:10:38 > 1:10:41because Stuxnet was something that we had not seen before,
1:10:41 > 1:10:43so there wasn't a lot of sleep at night.
1:10:43 > 1:10:46Basically, light up the phones, call everybody we know,
1:10:46 > 1:10:48inform the Secretary, inform the White House
1:10:48 > 1:10:51inform the other departments and agencies,
1:10:51 > 1:10:54wake up the world and figure out what's going on
1:10:54 > 1:10:55with this particular malware.
1:10:55 > 1:10:58Did anybody ever give you an indication
1:10:58 > 1:11:01that it was something that they already knew about?
1:11:01 > 1:11:04No, at no time did I get the impression from someone that,
1:11:04 > 1:11:05"That's OK," you know,
1:11:05 > 1:11:07get a little pat on the head and scooted out the door.
1:11:07 > 1:11:09I never received a stand down order.
1:11:09 > 1:11:13I never... No-one ever asked, "Stop looking at this."
1:11:13 > 1:11:14Sean McGurk, the Director of Cyber
1:11:14 > 1:11:16for the Department of Homeland Security,
1:11:16 > 1:11:18testified before the Senate
1:11:18 > 1:11:21about how he thought Stuxnet was a terrifying threat
1:11:21 > 1:11:24- to the United States. Is that not a problem?- No, no...
1:11:24 > 1:11:28How do you mean? That, that, that the Stuxnet thing was a bad idea?
1:11:28 > 1:11:32No, no, just that before he knew what it was and what it attacks...
1:11:32 > 1:11:33Oh, I get it. That, that...
1:11:33 > 1:11:36Yeah, that he was responding to something that...
1:11:36 > 1:11:39He thought was a threat to critical infrastructure in the United States.
1:11:39 > 1:11:40Yeah. "The worm is loose!"
1:11:40 > 1:11:42The worm is loose, I understand.
1:11:42 > 1:11:44But there's a...
1:11:44 > 1:11:47There is a further theory having to do with whether or not,
1:11:47 > 1:11:50- following up on David Sanger's... - I got the subplot. And who did that?
1:11:50 > 1:11:53Was it the Israelis? And, yeah, I...
1:11:53 > 1:11:56I truly don't know and, even though I don't know,
1:11:56 > 1:11:58I still can't talk about it. All right?
1:11:58 > 1:12:01Stuxnet was somebody's covert action, all right?
1:12:01 > 1:12:03And the definition of covert action
1:12:03 > 1:12:04is an activity in which
1:12:04 > 1:12:08you want to have the hand of the actor forever hidden.
1:12:08 > 1:12:10So, by definition, it's going to end up
1:12:10 > 1:12:13in this "we don't talk about these things" box.
1:12:18 > 1:12:21- SANGER:- To this day, the United States Government
1:12:21 > 1:12:23has never acknowledged
1:12:23 > 1:12:28conducting any offensive cyber attack anywhere in the world.
1:12:30 > 1:12:34But, thanks to Mr Snowden, we know that, in 2012,
1:12:34 > 1:12:37President Obama issued an Executive Order
1:12:37 > 1:12:39that laid out some of the conditions
1:12:39 > 1:12:42under which cyber weapons can be used,
1:12:42 > 1:12:45and, interestingly, every use of a cyber weapon
1:12:45 > 1:12:48requires presidential sign-off.
1:12:49 > 1:12:55That is only true, in the physical world, for nuclear weapons.
1:13:05 > 1:13:07- CLARKE:- Nuclear war and nuclear weapons are vastly different
1:13:07 > 1:13:10from cyber war and cyber weapons.
1:13:10 > 1:13:13Having said that, there are some similarities.
1:13:13 > 1:13:15And in the early 1960s, the United States Government
1:13:15 > 1:13:19suddenly realised it had thousands of nuclear weapons,
1:13:19 > 1:13:21big ones and little ones, weapons on Jeeps,
1:13:21 > 1:13:25weapons on submarines, and it really didn't have a doctrine.
1:13:25 > 1:13:27It really didn't have a strategy.
1:13:27 > 1:13:30It really didn't have an understanding, at the policy level,
1:13:30 > 1:13:33about how it was going to use all of these things.
1:13:33 > 1:13:38And so academics started publishing unclassified documents
1:13:38 > 1:13:40about nuclear war
1:13:40 > 1:13:42and nuclear weapons.
1:13:44 > 1:13:48And the result was more than 20 years in the United States
1:13:48 > 1:13:51of very vigorous national debates
1:13:51 > 1:13:55about how we want to go use nuclear weapons.
1:13:57 > 1:13:59And not only did that cause the Congress,
1:13:59 > 1:14:02and people in the executive branch in Washington,
1:14:02 > 1:14:04to think about these things,
1:14:04 > 1:14:07it caused the Russians to think about these things.
1:14:07 > 1:14:10And out of that grew nuclear doctrine -
1:14:10 > 1:14:13mutual assured destruction,
1:14:13 > 1:14:18all of that complicated set of nuclear dynamics.
1:14:18 > 1:14:20Today, on this vital issue, at least,
1:14:20 > 1:14:24we have seen what can be accomplished when we pull together.
1:14:24 > 1:14:28We can't have a discussion, not in a sensible way right now,
1:14:28 > 1:14:33about cyber war and cyber weapons, because everything is secret.
1:14:33 > 1:14:35And when you get into a discussion
1:14:35 > 1:14:38with people in the government, people still in the government,
1:14:38 > 1:14:42people who have security clearances, you run into a brick wall.
1:14:42 > 1:14:45Trying to stop Iran is really my number-one job, and I think...
1:14:45 > 1:14:48Wait, can I ask you, in that context,
1:14:48 > 1:14:50about the Stuxnet computer virus, potentially?
1:14:50 > 1:14:52You can ask but I won't comment.
1:14:52 > 1:14:54- Can you tell us anything?- No.
1:14:54 > 1:14:56Look, for the longest time, I was in fear
1:14:56 > 1:15:00that I couldn't actually say the phrase "computer network attack".
1:15:00 > 1:15:02This stuff is hideously over-classified,
1:15:02 > 1:15:07and it gets into the way of a... of a mature, public discussion
1:15:07 > 1:15:09as to what it is we, as a democracy,
1:15:09 > 1:15:13want our nation to be doing up here in the cyber domain.
1:15:13 > 1:15:16Now, this is a former director of NSA and CIA
1:15:16 > 1:15:18saying this stuff is over-classified.
1:15:18 > 1:15:21One of the reasons this is as highly classified as it is,
1:15:21 > 1:15:23this is a peculiar weapons system.
1:15:23 > 1:15:26This is the weapons system that's come out of the espionage community,
1:15:26 > 1:15:29and so those people have a HABIT of secrecy.
1:15:29 > 1:15:33While most government officials refuse to acknowledge the operation,
1:15:33 > 1:15:38at least one key insider did leak parts of the story to the press.
1:15:38 > 1:15:42In 2012, David Sanger wrote a detailed account of Olympic Games
1:15:42 > 1:15:44that unmasked the extensive joint operation
1:15:44 > 1:15:46between the US and Israel
1:15:46 > 1:15:49to launch cyber attacks on Natanz.
1:15:49 > 1:15:51The publication of this story,
1:15:51 > 1:15:54coming at a time that there were a number of other unrelated
1:15:54 > 1:15:58national security stories being published, led to the announcement
1:15:58 > 1:16:01of investigations by the Attorney General.
1:16:01 > 1:16:03Into the...? Into the press and into the leaks?
1:16:03 > 1:16:07Into the press and into the leaks.
1:16:07 > 1:16:10When Stuxnet hit the media, they polygraphed everyone in our office,
1:16:10 > 1:16:12including people who didn't know shit.
1:16:12 > 1:16:14You know, they poly'd the interns, for God's sake.
1:16:14 > 1:16:18These are criminal acts when they release information like this,
1:16:18 > 1:16:21and we will conduct thorough investigations,
1:16:21 > 1:16:24as we have in the past.
1:16:25 > 1:16:28The administration never filed charges,
1:16:28 > 1:16:29possibly afraid that a prosecution
1:16:29 > 1:16:33would reveal classified details about Stuxnet.
1:16:33 > 1:16:36To this day, no-one in the US or Israeli Governments
1:16:36 > 1:16:40has officially acknowledged the existence of the joint operation.
1:16:42 > 1:16:45I would never compromise ongoing operations in the field,
1:16:45 > 1:16:49but we should be able to talk about capability.
1:16:50 > 1:16:53We can talk about our...
1:16:53 > 1:16:56bunker busters - why not our cyber weapons?
1:16:56 > 1:16:58The secrecy of the operation has been blown.
1:17:00 > 1:17:01Our friends in Israel took a weapon
1:17:01 > 1:17:03that we jointly developed -
1:17:03 > 1:17:05in part to keep Israel from doing something crazy -
1:17:05 > 1:17:08and then used it on their own in a way that blew the cover
1:17:08 > 1:17:09of the operation and could have led to war,
1:17:09 > 1:17:11and we can't talk about that?
1:17:15 > 1:17:18There is a way to talk about Stuxnet.
1:17:18 > 1:17:20It happened. That...
1:17:20 > 1:17:23To deny that it happened is foolish,
1:17:23 > 1:17:26so the fact it happened is really what we're talking about here.
1:17:26 > 1:17:27What are the implications of the fact
1:17:27 > 1:17:30that we now are in a post-Stuxnet world?
1:17:30 > 1:17:32What I said to David Sanger was,
1:17:32 > 1:17:35I understand the difference in destruction is dramatic,
1:17:35 > 1:17:38but this has the whiff of August 1945.
1:17:38 > 1:17:41Somebody just used a new weapon,
1:17:41 > 1:17:43and this weapon will not be put back into the box.
1:17:43 > 1:17:46I know no operational details,
1:17:46 > 1:17:48and don't know what anyone did or didn't do
1:17:48 > 1:17:52before someone decided to use the weapon, all right?
1:17:52 > 1:17:55I do know this - if we go out and do something,
1:17:55 > 1:17:59most of the rest of the world now thinks that's the new standard
1:17:59 > 1:18:02and it's something that they now feel legitimated to do, as well.
1:18:02 > 1:18:04But the rules of engagement,
1:18:04 > 1:18:07international norms, treaty standards,
1:18:07 > 1:18:09they don't exist right now.
1:18:12 > 1:18:15- SANGER:- For nuclear, we have these extensive inspection regimes.
1:18:15 > 1:18:17The Russians come and look at our silos.
1:18:17 > 1:18:19We go and look at their silos.
1:18:19 > 1:18:21Bad as things get between the two countries,
1:18:21 > 1:18:24those inspection regimes have held up.
1:18:24 > 1:18:28But working that out for...for cyber would be virtually impossible.
1:18:28 > 1:18:30Where do you send your inspector?
1:18:30 > 1:18:32Inside the laptop of, you know...
1:18:32 > 1:18:35How many laptops are there in the United States and Russia?
1:18:35 > 1:18:37It's much more difficult in the cyber area
1:18:37 > 1:18:39to construct an international regime
1:18:39 > 1:18:43based on treaty commitments and rules of the road and so forth.
1:18:43 > 1:18:45Although we've tried to have discussions
1:18:45 > 1:18:48with the Chinese and Russians and so forth about that,
1:18:48 > 1:18:50but it's very difficult.
1:18:50 > 1:18:54- BROWN:- Right now, the norm in cyberspace is...
1:18:54 > 1:18:56do whatever you can get away with.
1:18:56 > 1:18:59That's not a good norm, but it's the norm that we have.
1:18:59 > 1:19:01That's the norm that is preferred by states
1:19:01 > 1:19:04that are engaging in lots of different kinds of activities
1:19:04 > 1:19:06that they feel are benefiting their national security.
1:19:06 > 1:19:09- YADLIN:- Those who excel in cyber
1:19:09 > 1:19:14are trying to slow down the process of creating regulation.
1:19:14 > 1:19:16Those who are victims
1:19:16 > 1:19:21would like the regulation to be in the open as soon as possible.
1:19:23 > 1:19:26International law in this area is written by custom,
1:19:26 > 1:19:29and customary law requires a nation to say,
1:19:29 > 1:19:31"This is what we did this is why we did it."
1:19:31 > 1:19:34And the US doesn't want to push the law in that direction,
1:19:34 > 1:19:37and so it chooses not to disclose its involvement.
1:19:37 > 1:19:40And one of the reasons that I thought it was important
1:19:40 > 1:19:42to tell the story of Olympic Games
1:19:42 > 1:19:45was not simply because it's a cool spy story - it is -
1:19:45 > 1:19:49but it's because, as a nation,
1:19:49 > 1:19:53we need to have a debate about how we want to use cyber weapons,
1:19:53 > 1:19:56because we are the most vulnerable nation on Earth
1:19:56 > 1:19:58to cyber attack ourselves.
1:20:00 > 1:20:03Let's say you took over the control system of a railway -
1:20:03 > 1:20:05you could switch tracks.
1:20:05 > 1:20:10You could cause derailments of trains carrying explosive materials.
1:20:10 > 1:20:13What if you were in the control system of gas pipelines
1:20:13 > 1:20:17and when a valve was supposed to be open, it was closed,
1:20:17 > 1:20:21and the pressure built up and the pipeline exploded?
1:20:21 > 1:20:25There are companies that run electric power generation
1:20:25 > 1:20:27or electric power distribution -
1:20:27 > 1:20:30that we know have been hacked by foreign entities -
1:20:30 > 1:20:33that have the ability to shut down the power grid.
1:20:35 > 1:20:37- NEWS REPORT: - 'According to the officials,
1:20:37 > 1:20:40'Iran is the first country ever in the Middle East
1:20:40 > 1:20:44'to be engaged in a cyber war with the United States and Israel.
1:20:44 > 1:20:47'If anything, they said the recent cyber attacks
1:20:47 > 1:20:51'were what encouraged them to plan to set up the Cyber Army,
1:20:51 > 1:20:53'which will gather computer scientists,
1:20:53 > 1:20:56'programmers, software engineers...'
1:20:56 > 1:20:58- KIYAEI:- If you are a youth and you see
1:20:58 > 1:21:00assassination of a nuclear scientist,
1:21:00 > 1:21:03and your nuclear facilities are getting attacked,
1:21:03 > 1:21:07wouldn't you join your national Cyber Army?
1:21:07 > 1:21:11Well, many did, and that's why, today,
1:21:11 > 1:21:16Iran has one of the largest cyber armies in the world.
1:21:16 > 1:21:18So, whoever initiated this,
1:21:18 > 1:21:21and was very proud of themselves to see that little dip
1:21:21 > 1:21:24in Iran's centrifuge numbers,
1:21:24 > 1:21:26should look back now
1:21:26 > 1:21:29and acknowledge that it was a major mistake.
1:21:29 > 1:21:34Very quickly, Iran sent a message to the United States,
1:21:34 > 1:21:36a very sophisticated message,
1:21:36 > 1:21:39and they did that with two attacks.
1:21:39 > 1:21:42First, they attacked Saudi Aramco,
1:21:42 > 1:21:45the biggest oil company in the world,
1:21:45 > 1:21:49and wiped out every piece of software, every line of code,
1:21:49 > 1:21:53on 30,000 computer devices.
1:21:53 > 1:21:59Then Iran did a surge attack on the American banks.
1:21:59 > 1:22:01The most extensive attack on American banks ever,
1:22:01 > 1:22:04launched from the Middle East, happening right now.
1:22:06 > 1:22:08When Iran hit our banks,
1:22:08 > 1:22:10we could've shut down their bot net,
1:22:10 > 1:22:12but the State Department got nervous,
1:22:12 > 1:22:15because the servers weren't actually in Iran,
1:22:15 > 1:22:18so until there was a diplomatic solution,
1:22:18 > 1:22:21Obama let the private sector deal with the problem.
1:22:21 > 1:22:24I imagine that in the White House Situation Room,
1:22:24 > 1:22:27people sat around and said...
1:22:27 > 1:22:30Let me be clear, I don't imagine I know.
1:22:30 > 1:22:34People sat around in the White House Situation Room and said,
1:22:34 > 1:22:37"The Iranians have sent us a message, which is essentially -
1:22:37 > 1:22:43"stop attacking us in cyberspace the way you did at Natanz with Stuxnet.
1:22:43 > 1:22:44"We can do it, too."
1:22:46 > 1:22:50There are unintended consequences of the Stuxnet attack.
1:22:50 > 1:22:54You wanted to cause confusion and damage to the other side,
1:22:54 > 1:22:57but then the other side can do the same to you.
1:22:57 > 1:23:00The monster turned against its creator,
1:23:00 > 1:23:03and now everyone is in this game.
1:23:03 > 1:23:08They did a good job in showing the world, including the bad guys,
1:23:08 > 1:23:11what you would need to do in order to cause serious trouble
1:23:11 > 1:23:14that could lead to injuries and death.
1:23:14 > 1:23:16I mean, you've been focusing on Stuxnet,
1:23:16 > 1:23:18but that was just a small part
1:23:18 > 1:23:20of the much larger Iranian mission.
1:23:20 > 1:23:22There was a larger Iranian mission?
1:23:25 > 1:23:27Nitro Zeus,
1:23:27 > 1:23:29NZ.
1:23:30 > 1:23:34We spent hundreds of millions - maybe billions - on it.
1:23:37 > 1:23:40In the event the Israelis did attack Iran,
1:23:40 > 1:23:43we assumed we would be drawn into the conflict.
1:23:44 > 1:23:47We built in attacks on Iran's command and control system
1:23:47 > 1:23:49so the Iranians couldn't talk to each other in a fight.
1:23:49 > 1:23:53We infiltrated their IADS, military air defence systems,
1:23:53 > 1:23:56so they couldn't shoot down our planes if we flew over.
1:23:56 > 1:24:00We also went after their civilian support systems, power grids,
1:24:00 > 1:24:03transportation, communications,
1:24:03 > 1:24:05financial systems...
1:24:05 > 1:24:08We were inside, waiting, watching,
1:24:08 > 1:24:11ready to disrupt, degrade and destroy those systems
1:24:11 > 1:24:13with cyber attacks.
1:24:16 > 1:24:20In comparison, Stuxnet was a back-alley operation.
1:24:21 > 1:24:27NZ was the plan for a full-scale cyber war with no attribution.
1:24:27 > 1:24:29We need an entirely new way of thinking
1:24:29 > 1:24:31about how we're going to solve this problem.
1:24:31 > 1:24:35You're not going to get an entirely new way of solving this problem
1:24:35 > 1:24:38until you begin to have an open acknowledgement
1:24:38 > 1:24:41that we have cyber weapons, as well,
1:24:41 > 1:24:44and that we may have to agree to some limits on their use
1:24:44 > 1:24:47if we're going to get other nations to limit their use.
1:24:47 > 1:24:49It's not going to be a one-way street.
1:24:49 > 1:24:52I'm old enough to have worked on nuclear arms control,
1:24:52 > 1:24:54and biological weapons arms control,
1:24:54 > 1:24:56and chemical weapons arms control.
1:24:57 > 1:25:02And I was told in each of those types of arms control,
1:25:02 > 1:25:06when we were beginning, "It's too hard. There are all these problems.
1:25:06 > 1:25:08"It's technical. There's engineering.
1:25:08 > 1:25:10"There's science involved.
1:25:10 > 1:25:12"There are real verification difficulties.
1:25:12 > 1:25:14"You'll never get there."
1:25:14 > 1:25:17Well, it took 20, 30 years in some cases,
1:25:17 > 1:25:20but we have a biological weapons treaty that's pretty damn good.
1:25:20 > 1:25:23We have a chemical weapons treaty that's pretty damn good.
1:25:23 > 1:25:25We've got three or four nuclear weapons treaties.
1:25:25 > 1:25:29Yes, it may be hard and it may take 20 or 30 years,
1:25:29 > 1:25:32but it'll never happen unless you get serious about it,
1:25:32 > 1:25:35and it'll never happen unless you start it.
1:25:40 > 1:25:43Today, after two years of negotiations,
1:25:43 > 1:25:46the United States, together with our international partners,
1:25:46 > 1:25:51has achieved something that decades of animosity has not -
1:25:51 > 1:25:53a comprehensive, long-term deal with Iran
1:25:53 > 1:25:57that will prevent it from obtaining a nuclear weapon.
1:25:57 > 1:25:59It is a deal in which Iran
1:25:59 > 1:26:02will cut its installed centrifuges
1:26:02 > 1:26:04by more than two thirds.
1:26:04 > 1:26:07Iran will not enrich uranium with its advanced centrifuges
1:26:07 > 1:26:09for at least the next ten years.
1:26:09 > 1:26:14It will make our country, our allies, and our world safer.
1:26:14 > 1:26:1870 years after the murder of 6 million Jews,
1:26:18 > 1:26:20Iran's rulers
1:26:20 > 1:26:24promise to destroy my country, and the response
1:26:24 > 1:26:28from nearly every one of the governments represented here
1:26:28 > 1:26:31has been utter silence.
1:26:31 > 1:26:33Deafening silence.
1:26:40 > 1:26:43Perhaps you can now understand
1:26:43 > 1:26:47why Israel is not joining you in celebrating this deal.
1:26:47 > 1:26:49History shows that America must lead
1:26:49 > 1:26:53not just with our might, but with our principles.
1:26:53 > 1:26:55It shows we are stronger
1:26:55 > 1:27:00not when we are alone but when we bring the world together.
1:27:00 > 1:27:03Today's announcement marks one more chapter
1:27:03 > 1:27:06in this pursuit of a safer and a more helpful,
1:27:06 > 1:27:08more hopeful world.
1:27:08 > 1:27:13Thank you. God bless you and God bless the United States of America.
1:27:18 > 1:27:20- DISTORTED FEMALE VOICE: - Everyone I know is thrilled
1:27:20 > 1:27:24with the Iran deal. Sanctions and diplomacy worked,
1:27:24 > 1:27:27but behind that deal was a lot of confidence in our cyber capability.
1:27:28 > 1:27:32We were everywhere inside Iran, still are.
1:27:32 > 1:27:34I'm not going to tell you the operational details
1:27:34 > 1:27:38of what we can do, going forward, or where...
1:27:38 > 1:27:41but the science-fiction cyber war scenario is here,
1:27:41 > 1:27:43and that's Nitro Zeus.
1:27:45 > 1:27:47But my concern, and the reason I'm talking...
1:27:48 > 1:27:53..is because when you shut down a country's power grid...
1:27:53 > 1:27:55it doesn't just pop back up.
1:27:55 > 1:27:58You know, it's more like Humpty Dumpty,
1:27:58 > 1:28:02and if all the king's men can't turn the lights back on
1:28:02 > 1:28:04or filter the water for weeks,
1:28:04 > 1:28:06then lots of people die.
1:28:08 > 1:28:12And something we can do to others, they can do to us, too.
1:28:14 > 1:28:16Is that something that we should keep quiet
1:28:16 > 1:28:18or should we talk about it?
1:28:18 > 1:28:22I've gone to many people on this film, even friends of mine,
1:28:22 > 1:28:24who won't talk to me about the NSA and Stuxnet, even off the record,
1:28:24 > 1:28:26for fear of going to jail.
1:28:26 > 1:28:29Is that fear protecting us?
1:28:29 > 1:28:32No. But it protects me.
1:28:32 > 1:28:34Or should I say "we"?
1:28:35 > 1:28:37- NO VOICE DISTORTION: - I'm an actor playing a role,
1:28:37 > 1:28:40written from the testimony of a small number of people
1:28:40 > 1:28:43from NSA and CIA - all of whom are angry about the secrecy,
1:28:43 > 1:28:45but too scared to come forward.
1:28:45 > 1:28:47Now, we're forward.
1:28:47 > 1:28:49Well...
1:28:49 > 1:28:51"forward-leaning".