A Storyville documentary: How the American and Israeli intelligence agencies allegedly unleashed self-replicating computer malware to destroy part of an Iranian nuclear facility.
Browse content similar to Zero Days: Nuclear Cyber Sabotage. Check below for episodes and series from the same categories and more!
This programme contains some strong language.
-DISTORTED MALE VOICE:
-Through the darkness
of the pathways that we march,
evil and good live side by side,
and this is the nature of life.
We are in an unbalanced and un-equivalent confrontation
between democracies who are obliged to play by the rules
and entities who thinks democracy is a joke.
You can't convince fanatics by saying,
"Hey, hatred paralyses you, love releases you."
There are different rules that we have to play by.
-'Today, two of Iran's top nuclear scientists
'were targeted by hit squads...'
'Bomb attacks in the capital, Tehran...'
'The latest in a string of attacks...'
'Today's attack has all the hallmarks
'of major strategic sabotage...'
'Iran immediately accused the US and Israel
'of trying to damage its nuclear programme...'
I want to categorically deny any United States involvement
in any kind of active violence inside Iran.
Covert actions can help, can assist.
They are needed. They are not all the time essentials.
And they in no way can replace political wisdom.
INTERVIEWER: Were the assassinations in Iran
related to the Stuxnet computer attacks?
Er, next question, please.
-'Iran's infrastructure is being targeted
'by a new and dangerously powerful cyber worm.
'The so-called Stuxnet worm is specifically designed, it seems,
'to infiltrate and sabotage real world power plants
'and factories and refineries...'
'It's not trying to steal information
'or grab your credit card,
'it's trying to get into some sort of industrial plant and wreck havoc,
'try to blow up an engine...'
'No-one knows who's behind the worm
'and the exact nature of its mission,
'but there are fears Iran will hold Israel or America responsible
'and seek retaliation.'
'It's not impossible that some group of hackers did it,
'but the security experts that are studying this
'really think this required the resources of a nation state.'
-OK? And speaking.
-OK, good. Here we go.
INTERVIEWER: What impact, ultimately,
did the Stuxnet attack have? Can you say?
Er, I don't want to get into the details.
Since the event has already happened,
why can't we talk more openly and publically about Stuxnet?
Yeah. I mean, my answer's "Because it's classified."
I won't acknowledge...
Knowingly offer up anything I consider classified.
I know that you can't talk much about Stuxnet,
because Stuxnet is officially classified.
You're right on both those counts.
People might find it frustrating not to be able to talk about it
when it's in the public domain, but...
-I find it frustrating.
-Yeah, I'm sure you do.
-I don't answer that question.
-Unfortunately, I can't comment.
I do not know how to answer that.
Two answers before you even get started, I don't know and if I did,
-we wouldn't talk about it anyway.
-How can you have a debate
-if everything's secret?
-I think, right now, that's just where we are.
No-one wants to...
Countries aren't happy about confessing or owning up
to what they did, because they're not quite sure
where they want the system to go.
And so, whoever was behind Stuxnet hasn't admitted they were behind it.
Asking officials about Stuxnet was frustrating and surreal.
Like asking the Emperor about his new clothes.
Even after the cyber weapon had penetrated computers
all over the world, no-one was willing to admit that it was loose
or talk about the dangers it posed.
What was it about the Stuxnet operation
that was hiding in plain sight?
Maybe there was a way the computer code could speak for itself.
Stuxnet first surfaced in Belarus.
I started with a call to the man who discovered it
when his clients in Iran began to panic
over an epidemic of computer shutdowns.
Had you ever seen anything quite so sophisticated before?
On a daily basis, basically,
we are sifting through a massive haystack,
looking for that proverbial needle.
We get millions of pieces of new malicious threats
and there are millions of attacks going on every single day.
And not only are we trying to protect people and their computers,
and their systems, and countries' infrastructure
from being taken down by those attacks,
but, more importantly, we have to find attacks that matter.
When you're talking about that many, impact is extremely important.
20 years ago, the antivirus companies,
they were hunting for computer viruses
because there were not so many.
So, we had, like, tens or dozens a month
and they were just in little numbers.
Now, we collect millions of unique attacks every month.
This room we call a woodpeckers' room, or a virus lab,
and this is where virus analysts sit.
We call them "woodpeckers" because they are pecking the worms,
network worms and viruses.
We see, like, three different groups of actors
behind cyber attacks. They are traditional cybercriminals.
Those guys are interested only in illegal profit -
quick and dirty money.
Activists or hacktivists, they are hacking for fun,
or hacking to push some political message.
And the third group is nation states.
They're interested in high-quality intelligence or sabotage activity.
Security companies not only share information,
but we also share binary samples.
So, when this threat was found by a Belarusian security company
on one of their customer's machines in Iran,
the sample was shared amongst the security community.
When we try to name threats, we just try to pick some sort of string,
some sort of words, that are inside of the binary.
In this case, there was a couple of words in there.
We took pieces of each and that forms "Stuxnet".
I got the news about Stuxnet from one of my engineers.
He came to my office, opened the door,
and he said, "So, Eugene,
"of course, you know what we're waiting for? Something really bad?
Give me some sense of what it was like in the lab at that time.
Was there a palpable sense of amazement
that you had something really different there?
Well, I wouldn't call it amazement.
It was kind of a shock.
It went beyond our worst fears, our worst nightmares.
And this continued the more we analysed,
the more we researched,
the more bizarre the whole story got.
We look at so much malware every day
that we can just look at the code and say,
"OK, there's something bad going on here
"and I need to investigate that."
That's the way it was when we looked at Stuxnet for the first time.
We opened it up, and there was just bad things everywhere.
Like, "OK, this is bad and that's bad, and, you know,
"we need to investigate this."
Suddenly, we had, like, 100 questions straightaway.
The most interesting thing that we do is the detective work
where we try to track down who's behind a threat.
What are they doing? What's their motivation?
And try to really stop it at the root.
It is kind of all-consuming.
You get this new puzzle and it's very difficult to put it down.
You know, work until, like, 4:00am in the morning
and figure these things out.
I was in that zone where I was very consumed by this,
very excited about it,
very interested to know what was happening.
And Eric was also in that same sort of zone.
So, the two of us were, like, back and forth all the time.
Liam and I continued to grind at the code.
Sharing pieces, comparing notes,
bouncing ideas off of each other.
We realised that we needed to do what we call "deep analysis" -
pick apart the threat, every single byte, every single zero-one,
and understand everything that was inside of it.
I'll just give you some context.
We can go through and understand every line of code
for the average threat in minutes.
And here we are one month into this threat
and we're just starting to discover
what we call the "payload", or its whole purpose.
When looking at the Stuxnet code,
it's 20 times the size of the average piece of code
but contains almost no bugs inside of it and that's extremely rare.
Malicious code always has bugs inside of it.
This wasn't the case with Stuxnet.
It's dense and every piece of code does something
and does something right in order to conduct its attack.
One of the things that surprised us was that Stuxnet utilised
what's called a "zero-day exploit".
Or, basically, a piece of code
that allows it to spread without you having to do anything.
You don't have to, for example, download a file and run it.
A zero-day exploit is an exploit
that nobody knows about except the attacker.
So there's no protection against it, there's been no patch released.
There's been zero days' protection, you know, against it.
That's what attackers value
because they know 100%, if they have this zero-day exploit,
they can get in wherever they want.
They're actually very valuable. You can sell these on the underground
for hundreds of thousands of dollars.
Then we became more worried because we discovered more zero-days.
And, again, these zero-days are extremely rare.
Inside Stuxnet we had, you know, four zero-days,
and for the entire rest of the year
we only saw 12 zero-days used.
It blows everything else out of the water.
We've never seen this before. We've never seen it since, either.
We've seen one in a malware you could understand,
because the malware authors are making money,
they're stealing people's credit cards.
They're making money, so it's worth their while to use it.
But seeing four zero-days could be worth 500,000 right there,
used in one piece of malware.
This is not your ordinary criminal gang who's doing this.
This is someone bigger.
It's definitely not traditional crime, not hacktivists.
It was evident at a very early stage that,
just given the sophistication of this malware,
it suggested that there must have been a nation state involved -
at least one nation state involved in the development.
When we look at code that's coming from
what appears to be a state attacker, or state-sponsored attacker,
usually they're scrubbed clean.
They don't leave little bits behind.
They don't leave little hints behind.
But in Stuxnet there were actually a few hints left behind.
One was that in order to get lower level access to Microsoft Windows,
Stuxnet needed to use a digital certificate
which certifies that this piece of code came from a particular company.
Now, those attackers obviously couldn't go to Microsoft and say,
"Hey, test our code out for us and give us a digital certificate."
So they essentially stole them...
..from two companies in Taiwan.
And these two companies have nothing to do with each other except
for their close proximity in the exact same business park.
Digital certificates are guarded very, very closely,
behind multiple doors,
and they require multiple people to unlock.
And they need to provide both biometrics,
and, as well, pass phrases.
It wasn't like those certificates were just sitting on some machine
connected to the internet. Some human assets had to be involved.
-Spies, like a cleaner who comes in at night
and has stolen these certificates from these companies.
It did feel like walking onto the set of this James Bond movie
and you've been embroiled in this thing that,
you know, you'd never expected.
We continued to search, and we continued to search in the code,
and, eventually, we found some other breadcrumbs left
that we were able to follow.
It was doing something with Siemens.
Siemens software, possibly Siemens hardware.
We'd never, ever seen that in any malware before,
something targeting Siemens.
We didn't even know why they would be doing that.
But after googling, very quickly we understood
it was targeting Siemens PLCs.
Stuxnet was targeting a very specific hardware device,
something called a PLC, or a programmable logic controller.
-The PLC is kind of a very small computer
attached to physical equipment,
like pumps, like valves, like motors.
So, this little box is running a digital program
and the actions of this program
turns that motor on, off or sets a specific speed.
Those programmable logic controller
control things like power plants, power grids.
This is used in factories, it's used in critical infrastructure.
Critical infrastructure, it's everywhere around us.
Transportation, telecommunication, financial services, health care...
So, the payload of Stuxnet
was designed to attack some very important part of our world.
The payload is going to be important.
What happens there could be very dangerous.
-The next very big surprise came
when we infected our lab system.
We figured out that the malware was probing the controls.
It was quite picky on its target.
It didn't try to manipulate any given control
in a network that it would see.
It went through several checks
and when those checks failed, it would not implement the attack.
It was obviously probing for a specific target.
You've got to put this in context that, at the time,
we already knew, "Well, this was the most sophisticated piece of malware
"that we have ever seen."
So, it's kind of strange.
Somebody takes that huge effort
to hit that one specific target?
Well, that must be quite a significant target.
-At Symantec, we have probes on networks all over the world
watching for malicious activity.
-We'd seen infections of Stuxnet all over the world.
In the US, in Australia, in the UK,
France, Germany, all over Europe.
It spread to any Windows machine in the entire world.
You know, we had these organisations inside the United States.
They were in charge of industrial control facilities saying,
"We're infected, what's going to happen?"
We didn't know if there was a deadline coming up
where this threat would trigger and suddenly would, like,
turn off all electricity plants around the world
or it would start shutting things down or launching some attack.
We knew that Stuxnet could have very dire consequences.
And we were very worried about what the payload contained
and there was an imperative speed
that we had to race and try and beat this ticking bomb.
Eventually, we were able to refine this a little bit
and we saw that Iran was the number one infected country in the world.
That immediately raised our eyebrows.
We have never seen a threat before
where it was predominantly in Iran.
And so we began to follow what was going on in the geopolitical world.
What was happening in the general news. And, at that time,
there were actually multiple explosions of gas pipelines
going in and out of Iran.
And, of course, we did notice that, at the time,
there have been assassinations of nuclear scientists,
so that was worrying.
We knew there was something bad happening.
Did you get concerned for yourself?
Did you begin start looking over your shoulder from time to time?
Yeah, definitely looking over my shoulder
and being careful about what I spoke about on the phone.
Um... I was...
pretty confident my conversations on the phone were being listened to.
We were only half joking,
when we would look at each other and tell each other things like,
"Look, I'm not suicidal.
"If I drop dead on Monday, it wasn't me."
We'd been publishing information about Stuxnet
all through that summer.
And then, in November,
the industrial control systems expert in Holland contacted us.
And he said, "All of these devices
"that would be inside of an industrial control system
"hold a unique identifier number
"that identified the make and model of that device."
And we actually had a couple of these numbers in the code,
except we didn't know what they were.
And so we realised maybe what he was referring to
was the magic numbers we had.
And when we searched for those magic numbers in that context,
we saw that what had to be connected to this industrial control system
that was being targeted
were something called "frequency converters"
from two specific manufacturers. One of which was in Iran.
And so, at this time, we absolutely knew
that the facility that was being targeted had to be in Iran,
and it had equipment made from Iranian manufacturers.
When we looked up those frequency converters,
we immediately found out that they were actually export controlled
by the Nuclear Regulatory Commission.
And that immediately led us, then, to some nuclear facility.
This was more than a computer story,
so I left the world of the antivirus detectives
and sought out journalist David Sanger,
who specialised in the strange intersection of cyber,
nuclear weapons and espionage.
The emergence of the code is what put me on alert
that an attack was underway.
And because of the covert nature of the operation,
not only were official government spokesmen unable to talk about it,
they didn't even KNOW about it.
Eventually, the more I dug into it,
the more I began to find individuals
who had been involved in some piece of it
or who had witnessed some piece of it.
And that meant talking to Americans,
talking to Israelis, talking to Europeans,
because this was, obviously, the first, biggest
and most sophisticated example
of a state or two states using a cyber weapon for offensive purposes.
I came to this with a fair bit of history -
understanding the Iranian nuclear programme.
How did Iran get its first nuclear reactor?
We gave it to them under the Shah,
because the Shah was considered an American ally.
-But the revolution which overthrew the Shah in '79
really curtailed the programme
before it ever got any head of steam going.
Part of our policy against Iran after the revolution
was to deny them nuclear technology,
so most of the period, when I was involved, in the '80s and the '90s,
was the US running around the world
and persuading potential nuclear suppliers
not to provide even peaceful nuclear technology to Iran.
And what we missed was the clandestine transfer
in the mid-1980s from Pakistan to Iran.
-Abdul Qadeer Khan is what we would call
the father of the Pakistan nuclear programme.
He had the full authority and confidence
of the Pakistan Government from its inception
to the production of nuclear weapons.
The AQ Khan network is so notable
because, aside from
building the Pakistani programme
it also was the means by which other countries
were able to develop nuclear weapons - including Iran.
-By 2006, the Iranians had started producing
low-enriched uranium, producing more centrifuges, installing them
at the large-scale underground enrichment facility at Natanz.
How many times have you visited Natanz?
Not that many, because I left a few years ago already, IAEA,
but I was there quite a few times.
Natanz is in the middle of the desert.
When they were building it in secret,
they were calling it a "desert irrigation facility".
There is a lot of artillery and air force.
It's better protected against attack from the air
than any other nuclear installation I have seen.
And so, all the monitoring activities of the IAEA,
they are basic principle - you want to see what goes in, what goes out,
and then, on top of that,
you make sure that it produces low-enriched uranium.
Is that anything to do with the higher enrichments
and nuclear-weapon-grade uranium?
Iran's nuclear facilities are under 24-hour watch
of the United Nations nuclear watchdog, the IAEA,
the International Atomic Energy Agency.
Every single gram of Iranian fissile material...
..is accounted for.
-When you look at the uranium which was there in Natanz,
it was a very special uranium.
This was called isotope 236.
And that was a puzzle to us,
because you only see this sort of uranium
in states which have nuclear weapons.
We realised that they had cheated us.
This sort of equipment has been bought from
what they call a black market.
They never point it out to...
They were caught at that point in time.
What I was surprised was the sophistication
and the quality control.
The way they have the manufacturing, it was really professional.
It was not something, you know,
you just create in a few months' time.
This was the result of a long process.
The centrifuge. You feed uranium gas
in and you have a cascade, thousands of centrifuges,
and from the other end, you get enriched uranium out.
It separates uranium based on spinning the rotor,
it spins so fast.
300 metres per second.
The same as the velocity of sound.
These are tremendous forces and, as a result,
the rotor, it twists and looks like a banana at one point of time.
So, it has to be in balance,
because any small vibration, it would blow up.
This is what makes them very difficult to manufacture.
You can model it, you can calculate it, but at the very end,
it's actually based on practice and experience,
so it's a piece of art, so to say.
'Ahmadinejad came into his presidency saying that,'
"If international community wants to derail us,
"we will stand up to it.
"If they want us to sign more inspections
"and more additional protocols and other measures, no, we will not.
"We will fight for our right.
"Iran is a signatory to the nuclear Non-Proliferation Treaty.
"And under that treaty, Iran has the right to nuclear programme.
"We can have enrichment.
"Who are you, world powers,
"to come and tell us that we cannot have enrichment?"
This was his mantra.
And it galvanised the public.
By 2007, 2008,
the US Government was in a very bad place with the Iranian programme.
President Bush recognised
that he could not even come out in public and declare
that the Iranians were building a nuclear weapon
because, by this time,
he had gone through the entire WMD fiasco in Iraq.
He could not really take military action.
Condoleezza Rice said to him at one point,
"You know, Mr President,
"I think you've invaded your last Muslim country,
"even for the best of reasons."
He didn't want to let the Israelis conduct the military operation.
and Iran is Germany and it's racing
to arm itself with atomic bombs.
Iran's nuclear ambitions must be stopped and have to be stopped.
We all have to stop it now.
That's the one message I have for you today.
Israel was saying they were going to bomb Iran.
And the government here in Washington
did all sorts of scenarios about what would happen
if that Israeli attack occurred.
They were all very ugly scenarios.
Our belief was that, if they went on their own,
knowing their limitations...
They have a very good air force, all right,
but it's small and the distances are great
and the targets dispersed and hardened.
If they would have attempted a raid on a military plane,
we would have been assuming that they were assuming
we would finish that which they started.
In other words, there would be many of us in government
thinking that the purpose of the raid
wasn't to destroy the Iranian nuclear system,
but the purpose of the raid was to put us at war with Iran.
The two countries agreed on the goal.
There is no... A page between us
that Iran should not have a nuclear military capability.
There are some differences on how to achieve it
and when action is needed.
We are taking very seriously leaders of countries
who call to the destruction and annihilation of our people.
-The Israelis believe that the Iranian leadership
has already made the decision to build nuclear weapons
when they think they can get away with it. The view in the US
is that the Iranians haven't made that final decision yet.
To me, that doesn't make any difference.
I mean, it really doesn't make any difference,
and it's probably unknowable.
Unless you can put Supreme Leader Khomeini on the couch
and interview him, I think, from our standpoint,
stopping Iran from getting the threshold capacity
is the primary policy objective.
Once they had the fissile material,
once they had the capacity to produce nuclear weapons,
then the game is lost.
-President Bush once said to me, he said,
"Mike, I don't want any president ever to be faced
"with only two options - bombing or the bomb." Right?
He wanted options that...
made it far less likely he or his successor, or successors,
would ever get to that point where that's all you've got.
The intelligence cooperation between Israel and the United States
is very, very good.
And, therefore, the Israelis went to the Americans and said,
"OK, guys, you don't want us to bomb Iran.
"OK, let's do it differently."
One day a group of intelligence and military officials showed up
in President Bush's office and said, "Sir, we have an idea.
"It's a big risk, it might not work, but here it is."
-Moving forward in my analysis of the code,
I took a closer look at the photographs
that have been published by the Iranians themselves
in a press tour from 2008
of Ahmadinejad and the shiny centrifuges.
The photographs of Ahmadinejad going through the centrifuges at Natanz
provided some very important clues.
There was a huge amount to be learned.
First of all, those photographs
showed many of the individuals
who were guiding Ahmadinejad through the programme.
And there's one very famous photograph
that shows Ahmadinejad being shown something.
You see his face, you can't see what's on the computer.
And one of the scientists who was behind him
was assassinated a few months later.
In one of those photographs,
you could see parts of a computer screen.
We refer to that as a "stata screen".
The stata system is basically a piece of software
running on a computer.
It enables the operators to monitor the process.
What you could see...
when you look close enough
was a more detailed view of the configuration.
There were these six groups of centrifuges
and each group had 164 entries.
And guess what?
That was a perfect match to what we saw in the attack code.
It was absolutely clear that this piece of code
was attacking an array of six different groups of,
let's just say "thingies", physical objects,
and in those six groups,
there were 164 elements.
Were you able to do any actual physical tests?
Or was it all just code analysis?
So, we couldn't set up our own nuclear enrichment facility.
So, what we did was we did obtain some PLCs, the exact models.
We then ordered an air pump.
And that's what we used sort of as our proof of concept.
-We needed a visual demonstration
to show people what we discovered.
So, we thought of different things that we could do
and we settled on blowing up a balloon.
We were able to write a program that would inflate a balloon
and it was set to stop after five seconds.
So, we would inflate the balloon to a certain size,
but we wouldn't burst the balloon, and it was all safe.
And we showed everybody, "This is the code that's on the PLC."
And the timer says, "Stop after five seconds".
We know that's what's going to happen.
And then we would infect the computer with Stuxnet
and we would run the test again.
Here is a piece of software that should only exist in the cyber realm
and it is able to infect physical equipment in a plant or factory
and cause physical damage.
Real-world physical destruction.
At that time, things became very scary to us.
Here you had malware potentially killing people
and that was something that was always Hollywood-esque to us,
that we would always laugh at, when people make that kind of assertion.
At this point, you had to have started developing theories
as to who had built Stuxnet.
It wasn't lost on us
that there were probably only a few countries in the world
that would want and have the motivation
to sabotage the Iranians' nuclear enrichment facility.
The US Government would be up there.
The Israeli government, certainly, would be up there.
You know, maybe UK, France, Germany, those sorts of countries,
but we never found any information
that would tie it back 100% to those countries.
There are no telltale signs.
The attackers don't leave a message inside saying,
you know, "It was me!"
And even if they did,
all of that stuff can be faked.
So, it's very, very difficult
to do attribution when looking at computer code.
Subsequent work that's been done
leads us to believe that this was the work of a collaboration
between Israel and the United States.
Did you have any evidence
in terms of your analysis that would lead you
to believe that that's correct, also?
Nothing that I could talk about on camera.
-INTERVIEWER CHUCKLES Can I ask why?
Well, you can, but I won't answer.
But even in the case of nation states, one of the concerns...
'This was beginning to really piss me off.
'Even civilians with an interest in telling the Stuxnet story
'were refusing to address the role of Tel Aviv and Washington.
'But, luckily for me,
'whilst DC is a city of secrets,
'it is also a city of leaks.
'They're as regular as a heartbeat and just as hard to stop.
'That's what I was counting on.'
'Finally, after speaking to a number of people on background,
'I did find a way of confirming, on the record,
'the American role in Stuxnet.
'In exchange for details of the operation,
'I had to agree to find a way
'to disguise the source of the information.'
So, the first question I have to ask you is about secrecy.
I mean, at this point, everyone knows about Stuxnet.
Why can't we talk about it?
-DISTORTED WOMAN'S VOICE:
-It's a covert operation.
Not any more. We know what happened, we know who did it.
Well, maybe you don't know as much as we think you know.
I'm talking to you because I want to get the story right.
That's the same reason I'm talking to you.
Even though it's a covert operation?
Well, this is not a Snowden kind of thing.
OK? I think what he did was wrong. He went too far.
He gave away too much.
Unlike Snowden, who was a contractor, I was in the NSA.
I believe in the agency, so what I'm willing to give you will be limited,
but we're talking because everyone's getting the story wrong
and we have to get it right. We have to understand these new weapons.
-The stakes are too high.
-What do you mean?
We did Stuxnet.
It's a fact.
You know, we came so fucking close to disaster,
and we're still on the edge.
It was a huge multinational inter-agency operation.
In the US, it was CIA,
NSA, and the military, Cyber Command.
From Britain, we used Iran intel out of GCHQ.
But the main partner was Israel.
Over there, Mossad ran the show
and the technical work was done by Unit 8200.
Israel is really the key to the story.
Our traffic in Israel is so unpredictable...
Yossi, how did you get into this Stuxnet story?
I have been covering the Israeli intelligence, in general,
and the Mossad in particular
for nearly 30 years.
I knew that Israel is trying to slow down Iran's nuclear programme
and, therefore, I came to the conclusion
that if there was a virus affecting Iran's computers,
it's one more element in this larger picture.
Amos Yadlin, General Yadlin,
he was the head of the military intelligence.
The biggest unit within that organisation is Unit 8200.
They bug telephones, they bug faxes, they break into computers.
A decade ago, when Yadlin became the Chief Of Military Intelligence,
there was no cyber warfare unit in 8200.
So, they started recruiting very talented people, hackers,
either from the military or outside the military
that can contribute to the project of building a cyber warfare unit.
It's another kind of weapon and it's for unlimited range,
in a very high speed and in a very low signature.
So this gives you a huge opportunity,
and the superpowers have to change the way we think about warfare.
Finally, we are transforming our military for a new kind of war
that we're fighting now...
..and for wars of tomorrow.
-Back in the end of the Bush administration,
people in the US Government
were just beginning to convince President Bush to pour money
into offensive cyber weapons.
Stuxnet started off in the Defense Department.
Then Robert Gates, the Secretary of Defense,
reviewed this program and he said,
"This program shouldn't be in the Defense Department.
"This should be under the covert authorities
"over in the intelligence world."
So, the CIA was very deeply involved in this operation,
while much of the coding work
was done by the National Security Agency and Unit 8200 -
its Israeli equivalent - working together
with a newly created military position called US Cyber Command.
And, interestingly, the Director of the National Security Agency
would also have a second role
as the Commander of US Cyber Command.
And US Cyber Command is located at Fort Meade,
in the same building as the NSA.
-NSA has no legal authority to attack.
It's never had it, I doubt that it ever will.
It might explain why US Cyber Command is sitting out of Fort Meade
on top of the National Security Agency.
Because NSA has the abilities to do these things.
Cyber Command has the AUTHORITY to do these things,
and "these things" here refer to the cyber attack.
This is a huge change for the nature of the intelligence agencies.
The NSA is supposed to be a code-making
and code-breaking operation,
to monitor the communications of foreign powers
and American adversaries
in the defence of the United States.
But creating a Cyber Command
meant using the same technology to do offensive work.
Once you get inside an adversary's computer networks,
you put an implant in that network,
and we have tens of thousands of foreign computers and networks
that the United States has put implants in.
You can use it to monitor what's going across that network
and you can use it to insert cyber weapons, malware.
If you can spy on a network, you can manipulate it.
It's already included. The only thing you need is an act of will.
-DISTORTED FEMALE VOICE:
-I played a role in Iraq.
I can't tell you whether it was military or not,
but I can tell you NSA had combat support teams in the country
and, for the first time,
units in the field had direct access to NSA intel.
Over time, we thought more about offence than defence.
More about attacking than intelligence.
In the old days, units would try to track radios,
but through NSA in Iraq,
we had access to all the networks going in and out of the country.
We hoovered up every text message, e-mail and phone call.
The complete surveillance state.
We could find the bad guys.
Say, a gang making IEDs -
map their networks and follow them in real-time.
We could lock into cellphones,
even when they were off, send a fake text message from a friend,
suggest a meeting place and then capture...
-'You're clear to fire.'
I was in TAOS 321, the ROC.
OK, the TAO? The ROC?
Right, sorry, TAO is Tailored Access Operations.
It's where NSA's hackers work. Of course, we didn't call them that.
What did you call them?
On-net operators. They're the only people at NSA
allowed to break in or attack on the internet.
Inside TAO headquarters is the ROC - "Remote Operations Center".
If the US Government wants to get in somewhere,
it goes to the ROC.
I mean, we were flooded with requests.
So many that we could only do about 30% of the missions
that were requested of us at the one time.
Through the web, but also by hijacking shipments of parts.
You know, sometimes the CIA
would assist in putting implants in machines.
So, once inside a target network,
we could just...watch...
..or we could attack.
Inside NSA was a strange kind of culture -
like two parts macho military
and two parts cyber geek.
I mean, I came from Iraq, so I was used to, "Yes, sir!" "No, sir!"
but for the weapons programmers,
we needed more "think outside the box" types.
Were they all working on Stuxnet?
We never called it Stuxnet.
That was the name invented by the anti-virus guys.
When it hit the papers - we're not allowed
to read about classified operations even if it's in the New York Times -
we went out our way to avoid the term.
I mean, saying "Stuxnet" out loud
was like saying "Voldemort" in Harry Potter -
the Name That Shall Not Be Spoken.
What did you call it, then?
The Natanz attack, and this is out there already,
was called Olympic Games or OG.
There was a huge operation to test the code
on PLCs here at Fort Meade,
and in Sandia, New Mexico.
Remember during the Bush era,
when Libya turned over all of its centrifuges?
Those were the same models the Iranians got from AQ Khan, P1s.
We took them to Oak Ridge and used them to test the code,
which demolished the insides.
At Dimona, the Israelis also tested on the P1s.
Then, probably by using our intel on Iran,
we got the plans for the newer models, the IR2s.
We tried out different attack vectors.
We ended up focusing on ways to destroy the rotor tubes.
In the tests we ran, we blew them apart.
They swept up the pieces, they put it on an aeroplane,
they flew to Washington, they stuck it in a truck,
they drove it through the gates of the White House,
and dumped the shards out
on the conference room table in the Situation Room,
and then they invited President Bush to come down and take a look.
And when he could pick up the shard of a piece of centrifuge,
he was convinced this might be worth it,
and he said, "Go ahead and try."
Was there a legal concern inside the Bush administration
that this might be an act of undeclared war?
If there were concerns, I haven't found them.
That doesn't mean that they didn't exist
and that some lawyers somewhere were concerned about it,
but this was an entirely new territory.
At the time, there were only very few people who had expertise
specifically on the law of war and cyber.
And what we did was, looking at,
"OK, here's our broad direction.
"Now let's look, technically,
"what can we do to facilitate this broad direction?"
After that, maybe the...
I would come in, or one of my lawyers would come in and say,
"OK, this is what we may do."
OK? There are many things we CAN do but we are not ALLOWED to do them.
And then, after that, there's still a final level that we look at,
and that's, what should we do?
Because there are many things that would be technically possible
and technically legal, but a bad idea.
For Natanz, it was a CIA-led operation,
so we had to have agency sign-off.
Someone from the agency...
stood behind the operator and the analyst,
and gave the order to launch every attack.
Before they even started this attack,
they put inside of the code the kill date,
a date at which it would stop operating.
Cut-off dates, we don't normally see that in other threats,
and you have to think, "Well, why is there a cut-off date in there?"
When you realise that a section of it
was probably written by Government,
and that there are laws regarding
how you can use this sort of software,
that there may have been a legal team who said,
"No, you need to have a cut-off date in there,
"you can only do this and you can only go that far,
"and we need to check if this is legal or not."
That date is a few days before Obama's inauguration.
So, the theory is that
this was an operation that needed to be stopped at a certain time,
because there was going to be a handover
and that more approval was needed.
-Are you prepared to take the oath, Senator?
I, Barack Hussein Obama...
-..do solemnly swear.
I, Barack Hussein Obama, do solemnly swear...
-Olympic Games was reauthorised by President Obama
in his first year in office, 2009.
It was fascinating because it was the first year
of the Obama administration
and they would talk to you ENDLESSLY about cyber defence.
-We count on computer networks to deliver our oil and gas,
our power and our water.
We rely on them for public transportation
and air-traffic control.
But just as we failed in the past to invest
in our physical infrastructure, our roads,
our bridges and rails, we've failed to invest
in the security of our digital infrastructure.
But when you asked questions
about the use of offensive cyber weapons,
everything went dead.
No cooperation. White House wouldn't help. Pentagon wouldn't help.
NSA wouldn't help. Nobody would talk to you about it.
But when you dug into the budget for cyber spending
during the Obama administration,
what you discovered was
much of it was being spent on offensive cyber weapons.
You'd see phrases like "Title 10 CNO".
"Title 10" means "operations for the US Military",
and "CNO" means "computer network operations".
This is considerable evidence that Stuxnet was just the opening wedge
of what is a much broader US Government effort now
to develop an entire new class of weapons.
-Stuxnet wasn't just an evolution -
it was really a revolution in the threat landscape.
In the past, the vast majority of threats that we saw were always
controlled by an operator somewhere.
They wouldn't infect your machines,
but they would have what's called a "call-back"
or "command and control channel".
The threats would actually contact the operator and say,
"What do you want me to do next?" The operator would send commands
and say, maybe, "Search through this directory, find these folders,
"find these files, upload these files to me.
"Spread to this other machine."
Things of that nature.
But Stuxnet couldn't have a command and control channel,
because once it got inside of Natanz,
it would not have been able to reach back out to the attackers.
The Natanz network is completely air-gapped
from the rest of the internet. It's not connected to the internet.
It's its own isolated network.
Getting across an air gap is one of the more difficult challenges
that attackers will face,
just because of the fact that
everything is in place to prevent that.
You know, everything... You know, the policies and procedures
and the physical network that's in place is specifically designed
to prevent you crossing the air gap.
But there is no truly air-gapped network
in these real-world production environments.
People have got to get new code into Natanz.
People have to get log files off of this network in Natanz.
People have to upgrade equipment. People have to upgrade computers.
This highlights one of the major security issues
that we have in the field.
If you think, "Well, nobody can attack this power plant
"or this chemical plant because it's not connected to the internet,"
that's a bizarre illusion.
-DISTORTED FEMALE VOICE:
-And the first time we introduced the code
into Natanz, we used human assets.
Maybe CIA - more likely, Mossad - but...
our team was kept in the dark about the tradecraft.
We heard rumours in Moscow,
an Iranian laptop infected by a phoney Siemens technician
with a flash drive.
A double agent in Iran with access to Natanz.
But I don't really know.
What we had to focus on was to write the code
so that, once inside, the worm acted on its own.
They built in all the code and all the logic into the threat
to be able to operate all by itself.
It had the ability to spread by itself.
It had the ability to figure out, "Do I have the right PLCs?
"Have I arrived in Natanz?
"Am I at the target?"
-And when it's on target, it executes autonomously.
That also means you... you cannot call off the attack.
It was definitely the type of attack where someone had decided that this
is what they wanted to do. There was no turning back
once Stuxnet was released.
When it began to actually execute its payload,
you would have a whole bunch of centrifuges
in a huge array of cascades,
sitting in a big hall, and then, just off that hall,
you would have an operators' room, the control panels in front of them,
a big window where they could see into the hall.
Computers monitor the activities of all these centrifuges.
So, a centrifuge,
it's driven by an electrical motor,
and the speed of this electrical motor
is controlled by another PLC,
by another programmable logic controller.
Stuxnet would wait for 13 days before doing anything.
These 13 days is about the time it takes to actually fill
an entire cascade of centrifuges with uranium.
They didn't want to attack when the centrifuges were empty
or at the beginning of the enrichment process.
What Stuxnet did
was it actually would sit there during the 13 days
and basically record all of the normal activities
that were happening, and save it.
And once they saw them spinning for 13 days, then the attack occurred.
Centrifuges spin at incredible speeds, at about 1,000 hertz.
They have a safe operating speed -
63,000 revolutions per minute.
Stuxnet caused the uranium enrichment centrifuges
to spin up to 1,400 hertz.
Up to 80,000 revolutions per minute.
What would happen was those centrifuges would go through
what's called a "resonance frequency".
It would go through a frequency
at which the metal would basically vibrate uncontrollably,
and essentially shatter. There'd be uranium gas everywhere.
And then the second attack they attempted
was they actually tried to lower it to two hertz.
They were slowed down...
to almost standstill.
And at two hertz, an opposite effect occurs.
You can imagine a toy top that you spin,
and as the top begins to slow down, it begins to wobble.
That's what happened to these centrifuges -
they would begin to wobble and essentially shatter and fall apart.
And instead of sending back to the computer what was really happening,
it would send back that old data that it had recorded.
So, the computer's sitting there thinking,
"Yup, running at 1,000 hertz, everything's fine.
"Running at 1,000 hertz, everything's fine."
But those centrifuges are spinning up wildly.
A huge noise would occur. It'd be like, you know, a jet engine.
JETS POWERING UP
The operators would know, "Whoa, something is going wrong here."
They might look at their monitors and say, "It says it's 1,000 hertz."
But they would hear that, in the room,
something gravely bad was happening.
Not only are the operators fooled into thinking everything's normal,
but also any kind of automated protective logic is fooled.
You can't just turn these centrifuges off.
They have to be brought down in a very controlled manner.
And so they would hit, literally,
the big red button to initiate a graceful shutdown.
And Stuxnet intercepts that code, so you would have these operators
slamming on that button over and over again,
and nothing would happen.
-If your cyber weapon is good enough,
if your enemy is not aware of it,
it is an ideal weapon,
because the enemy don't understand what is happening to them.
Maybe, even better, the enemy begins to doubt their own capability?
one must conclude that what happened at Natanz
must have driven the engineers crazy.
Because the worst thing that can happen to a maintenance engineer
is not being able to figure out
what the cause of the specific trouble is,
so they must have been analysing themselves to death.
-Through 2009, it was going pretty smoothly.
Centrifuges were blowing up. The International Atomic Energy Agency
inspectors would go into Natanz and they would see
that whole sections of the centrifuges had been removed.
The United States knew from its intelligence channels
that some Iranian scientists and engineers were being fired,
because the centrifuges were blowing up,
and the Iranians had assumed that this was because
they would have been making errors,
there were manufacturing mistakes,
clearly this was somebody's fault.
So, the program was doing exactly what it was supposed to be doing,
which was, it was blowing up centrifuges
and it was leaving no trace,
and leaving the Iranians to wonder what they got hit by.
This was the brilliance of Olympic Games.
You know, as a former director
of a couple of big three-letter agencies,
slowing down 1,000 centrifuges in Natanz?
An unalloyed good.
There was a need for, for buying time.
There was a need for slowing them down.
There was a need to try and push them to the negotiating table.
I mean, there were a lot of variables at play here.
-President Obama would go down into the Situation Room
and he would have laid out in front of him
what they call the horse blanket,
which was a giant schematic
of the Natanz nuclear enrichment plant.
And the designers of Olympic Games
would describe to him what kind of progress they made,
and look for him for the authorisation
to move on ahead to the next attack.
And at one point during those discussions,
he said to a number of his aides,
"You know, I have some concerns,
"because once word of this gets out..."
And he knew it would get out.
"..the Chinese may use it as an excuse for their attacks on us,
"the Russians might, or others."
So, he clearly had some misgivings,
but they weren't big enough to stop him
from going ahead with the programme.
And then, in 2010,
a decision was made to change the code.
Our human assets weren't always able to get code updates into Natanz,
and we weren't told exactly why, but...
we were told we had to have a cyber solution
for delivering the code.
But the delivery systems were tricky.
If they weren't aggressive enough, they wouldn't get in.
If they were too aggressive,
it could spread and be discovered.
-When we got the first sample,
there was some configuration information inside of it,
and one of the pieces in there was a version number, 1.1.
And that made us realise,
"Well, look, this likely isn't the only copy."
We went back to our databases,
looking for anything that looked similar to Stuxnet.
As we began to collect more samples,
we found a few earlier versions of Stuxnet.
And when we analysed that code,
we saw that versions previous to 1.1
were a lot less aggressive.
The earlier version of Stuxnet,
it, basically, required humans to do a little bit of double-clicking
in order for it to spread from one computer to another.
And so, what we believe, after looking at that code, is two things.
One, either they didn't get into Natanz with that earlier version
because it simply wasn't aggressive enough,
wasn't able to jump over that air gap.
And/or two, that payload, as well, didn't work properly.
It didn't work to their satisfaction.
Maybe it was not explosive enough.
There were slightly different versions
which were aimed at different parts of the centrifuge cascade.
But the guys at Symantec figured you changed the code because
the first variations couldn't get in and didn't work right.
Bullshit. We always found a way to get across the air gap.
At TAO, we laughed when people
thought they were protected by an air gap.
And for OG, the early versions of the payload did work.
But what NSA did...
..was always low-key
The problem was that Unit 8200, the Israelis,
kept pushing us to be more aggressive.
The later version of Stuxnet, 1.1 -
that version had multiple ways of spreading.
It had the four zero-days inside of it, for example,
that allowed it to spread all by itself, without you doing anything.
It could spread via network shares. It could spread via USB keys.
It was able to spread via network exploits.
That's the sample that introduces the stolen digital certificates.
That is the sample that, all of a sudden,
became so noisy
and caught the attention of the antivirus guys.
In the first sample, we don't find that.
And this is very strange
because it tells us that,
in the process of this development,
the attackers were less concerned with operational security.
Stuxnet actually kept a log inside of itself
of all the machines that had been infected along the way,
as it jumped from one machine to another to another to another.
And we were able to gather up
all of the samples that we could acquire,
tens of thousands of samples, and we extracted all of those logs.
We can see the exact path that Stuxnet took.
Eventually we were able to trace back this version of Stuxnet
to ground zero - to the first five infections in the world.
The first five infections were all outside of Natanz plant,
all inside of organisations inside of Iran.
All organisations that are involved in industrial control systems,
and construction of industrial control facilities.
Clearly contractors who were working on the Natanz facility,
and the attackers knew that.
They're electrical companies. They're piping companies.
They're, you know, these sorts of companies.
And they knew that technicians from those companies would visit Natanz.
So, they would infect these companies and then technicians
would take their computer or their laptop on their USB...
That operator then goes down to Natanz and he plugs in his USB key
which has some code that he needs to update into Natanz,
into the Natanz network, and now Stuxnet is able
to get inside Natanz and conduct its attack.
These five companies were specifically targeted
to spread Stuxnet into Natanz,
and it wasn't that Stuxnet escaped out of Natanz
and then spread all over the world, and it was this big mistake and,
"Oh, it wasn't meant to spread that far but it really did."
No, that's not the way we see it. The way we see it is that
they wanted it to spread far so that they could get it into Natanz.
Someone decided that we're going to create something new,
something evolved, that's going to be far, far, far more aggressive.
And we're OK, frankly,
with it spreading all over the world to innocent machines,
in order to go after our target.
The Mossad had the role,
had the assignment,
to deliver the virus,
to make sure that Stuxnet
would be put in place in Natanz to affect the centrifuges.
Meir Dagan, the head of Mossad,
was under growing pressure from the Prime Minister, Benjamin Netanyahu,
to produce results.
Inside the ROC, we were furious.
The Israelis took our code for the delivery system and changed it.
Then, on their own, without our agreement,
they just fucking launched it.
2010, around the same time they started killing Iranian scientists.
And they fucked up the code.
Instead of hiding, the code started shutting down computers.
So, naturally, people noticed.
Because they were in a hurry, they opened Pandora's Box,
they let it out, and it spread...
all over the world.
The worm spread quickly,
but somehow it remained unseen until it was identified in Belarus.
Soon after, Israeli intelligence confirmed
that it had made its way into the hands
of the Russian Federal Security Service, the successor to the KGB.
And so it happened that the formula for a secret cyber weapon
designed by the US and Israel
fell into the hands of Russia
and the very country it was meant to attack.
-In international law,
when some country, or a coalition of countries,
targets a nuclear facility,
it's an act of war.
Please, let's be frank here.
If it wasn't Iran,
let's say a nuclear facility in the United States
was targeted in the same way...
..the American Government would not sit by and let this go.
Stuxnet is an attack in peacetime on critical infrastructure.
Yes, it is. Look, when I read about it,
all right, I go,
"Whoa, this is a big deal!" Yeah.
-The people who were running this program,
including Leon Panetta, the director of the CIA at the time,
had to go down into the Situation Room and face President Obama
and Vice President Biden
and explain that this program was suddenly on the loose.
Vice President Biden at one point during this discussion, sort of,
exploded in Biden-esque fashion
and blamed the Israelis. He said, "It must have been the Israelis
"who made a change in the code that enabled it to get out."
President Obama said to the senior leadership,
"You told me it wouldn't get out of the network. It did.
"You told me Iranians would never figure out
"it was the United States. They did.
"You told me it would have a huge effect on their nuclear programme,
"and it didn't."
The Natanz plant is inspected every couple of weeks
by the International Atomic Energy Agency inspectors,
and if you line up what you know about the attacks
with the inspection reports, you can see the effects.
-If you go to the IAEA reports,
we really saw that a lot of centrifuges were switched off,
and they were removed.
As much as almost a couple of thousand got compromised.
When you put this all together,
I wouldn't be surprised if their programme
got delayed by the one year.
But go, then, to year 2012-13, and look, you know,
how the centrifuges started to come up again.
-So, ironically, cyber warfare,
assassination of its nuclear scientists,
Iran has gone through A-X of every coercive policy that the US,
Israel and those who ally with them
have placed on Iran,
and they have actually made Iran's nuclear programme
more advanced today than it was ever before.
CHANTING IN ARABIC
-DISTORTED MALE VOICE:
-This is a very, very dangerous minefield
that we are walking, and the nations who decide
to take these covert actions should be
taking into consideration all the effects,
including the moral effects.
I would say that this is the price that we have to pay in this...
in this world, and our blade of righteousness shouldn't be so sharp.
In Israel and in the United States,
the blade of righteousness cut both ways,
wounding the targets and the attackers.
Once Stuxnet infected American computers,
the Department of Homeland Security,
unaware of the cyber weapons launched by the NSA,
devoted enormous resources trying to protect Americans
from their own government.
We had met the enemy and it was us.
We'll be more than happy to discuss that.
Early July of 2010, I received a call
that said that this piece of malware was discovered,
and could we take a look at it?
When we first started the analysis, there was that, "Oh, crap" moment.
You know, where we sat there and said, "This is something
"that's significant. It's impacting industrial control.
"It can disrupt it to the point where it could cause harm,
"and not only damage to the equipment,
"but potentially harm or loss of life."
We were very concerned,
because Stuxnet was something that we had not seen before,
so there wasn't a lot of sleep at night.
Basically, light up the phones, call everybody we know,
inform the Secretary, inform the White House
inform the other departments and agencies,
wake up the world and figure out what's going on
with this particular malware.
Did anybody ever give you an indication
that it was something that they already knew about?
No, at no time did I get the impression from someone that,
"That's OK," you know,
get a little pat on the head and scooted out the door.
I never received a stand down order.
I never... No-one ever asked, "Stop looking at this."
Sean McGurk, the Director of Cyber
for the Department of Homeland Security,
testified before the Senate
about how he thought Stuxnet was a terrifying threat
-to the United States. Is that not a problem?
How do you mean? That, that, that the Stuxnet thing was a bad idea?
No, no, just that before he knew what it was and what it attacks...
Oh, I get it. That, that...
Yeah, that he was responding to something that...
He thought was a threat to critical infrastructure in the United States.
Yeah. "The worm is loose!"
The worm is loose, I understand.
But there's a...
There is a further theory having to do with whether or not,
-following up on David Sanger's...
-I got the subplot. And who did that?
Was it the Israelis? And, yeah, I...
I truly don't know and, even though I don't know,
I still can't talk about it. All right?
Stuxnet was somebody's covert action, all right?
And the definition of covert action
is an activity in which
you want to have the hand of the actor forever hidden.
So, by definition, it's going to end up
in this "we don't talk about these things" box.
-To this day, the United States Government
has never acknowledged
conducting any offensive cyber attack anywhere in the world.
But, thanks to Mr Snowden, we know that, in 2012,
President Obama issued an Executive Order
that laid out some of the conditions
under which cyber weapons can be used,
and, interestingly, every use of a cyber weapon
requires presidential sign-off.
That is only true, in the physical world, for nuclear weapons.
-Nuclear war and nuclear weapons are vastly different
from cyber war and cyber weapons.
Having said that, there are some similarities.
And in the early 1960s, the United States Government
suddenly realised it had thousands of nuclear weapons,
big ones and little ones, weapons on Jeeps,
weapons on submarines, and it really didn't have a doctrine.
It really didn't have a strategy.
It really didn't have an understanding, at the policy level,
about how it was going to use all of these things.
And so academics started publishing unclassified documents
about nuclear war
and nuclear weapons.
And the result was more than 20 years in the United States
of very vigorous national debates
about how we want to go use nuclear weapons.
And not only did that cause the Congress,
and people in the executive branch in Washington,
to think about these things,
it caused the Russians to think about these things.
And out of that grew nuclear doctrine -
mutual assured destruction,
all of that complicated set of nuclear dynamics.
Today, on this vital issue, at least,
we have seen what can be accomplished when we pull together.
We can't have a discussion, not in a sensible way right now,
about cyber war and cyber weapons, because everything is secret.
And when you get into a discussion
with people in the government, people still in the government,
people who have security clearances, you run into a brick wall.
Trying to stop Iran is really my number-one job, and I think...
Wait, can I ask you, in that context,
about the Stuxnet computer virus, potentially?
You can ask but I won't comment.
-Can you tell us anything?
Look, for the longest time, I was in fear
that I couldn't actually say the phrase "computer network attack".
This stuff is hideously over-classified,
and it gets into the way of a... of a mature, public discussion
as to what it is we, as a democracy,
want our nation to be doing up here in the cyber domain.
Now, this is a former director of NSA and CIA
saying this stuff is over-classified.
One of the reasons this is as highly classified as it is,
this is a peculiar weapons system.
This is the weapons system that's come out of the espionage community,
and so those people have a HABIT of secrecy.
While most government officials refuse to acknowledge the operation,
at least one key insider did leak parts of the story to the press.
In 2012, David Sanger wrote a detailed account of Olympic Games
that unmasked the extensive joint operation
between the US and Israel
to launch cyber attacks on Natanz.
The publication of this story,
coming at a time that there were a number of other unrelated
national security stories being published, led to the announcement
of investigations by the Attorney General.
Into the...? Into the press and into the leaks?
Into the press and into the leaks.
When Stuxnet hit the media, they polygraphed everyone in our office,
including people who didn't know shit.
You know, they poly'd the interns, for God's sake.
These are criminal acts when they release information like this,
and we will conduct thorough investigations,
as we have in the past.
The administration never filed charges,
possibly afraid that a prosecution
would reveal classified details about Stuxnet.
To this day, no-one in the US or Israeli Governments
has officially acknowledged the existence of the joint operation.
I would never compromise ongoing operations in the field,
but we should be able to talk about capability.
We can talk about our...
bunker busters - why not our cyber weapons?
The secrecy of the operation has been blown.
Our friends in Israel took a weapon
that we jointly developed -
in part to keep Israel from doing something crazy -
and then used it on their own in a way that blew the cover
of the operation and could have led to war,
and we can't talk about that?
There is a way to talk about Stuxnet.
It happened. That...
To deny that it happened is foolish,
so the fact it happened is really what we're talking about here.
What are the implications of the fact
that we now are in a post-Stuxnet world?
What I said to David Sanger was,
I understand the difference in destruction is dramatic,
but this has the whiff of August 1945.
Somebody just used a new weapon,
and this weapon will not be put back into the box.
I know no operational details,
and don't know what anyone did or didn't do
before someone decided to use the weapon, all right?
I do know this - if we go out and do something,
most of the rest of the world now thinks that's the new standard
and it's something that they now feel legitimated to do, as well.
But the rules of engagement,
international norms, treaty standards,
they don't exist right now.
-For nuclear, we have these extensive inspection regimes.
The Russians come and look at our silos.
We go and look at their silos.
Bad as things get between the two countries,
those inspection regimes have held up.
But working that out for...for cyber would be virtually impossible.
Where do you send your inspector?
Inside the laptop of, you know...
How many laptops are there in the United States and Russia?
It's much more difficult in the cyber area
to construct an international regime
based on treaty commitments and rules of the road and so forth.
Although we've tried to have discussions
with the Chinese and Russians and so forth about that,
but it's very difficult.
-Right now, the norm in cyberspace is...
do whatever you can get away with.
That's not a good norm, but it's the norm that we have.
That's the norm that is preferred by states
that are engaging in lots of different kinds of activities
that they feel are benefiting their national security.
-Those who excel in cyber
are trying to slow down the process of creating regulation.
Those who are victims
would like the regulation to be in the open as soon as possible.
International law in this area is written by custom,
and customary law requires a nation to say,
"This is what we did this is why we did it."
And the US doesn't want to push the law in that direction,
and so it chooses not to disclose its involvement.
And one of the reasons that I thought it was important
to tell the story of Olympic Games
was not simply because it's a cool spy story - it is -
but it's because, as a nation,
we need to have a debate about how we want to use cyber weapons,
because we are the most vulnerable nation on Earth
to cyber attack ourselves.
Let's say you took over the control system of a railway -
you could switch tracks.
You could cause derailments of trains carrying explosive materials.
What if you were in the control system of gas pipelines
and when a valve was supposed to be open, it was closed,
and the pressure built up and the pipeline exploded?
There are companies that run electric power generation
or electric power distribution -
that we know have been hacked by foreign entities -
that have the ability to shut down the power grid.
-'According to the officials,
'Iran is the first country ever in the Middle East
'to be engaged in a cyber war with the United States and Israel.
'If anything, they said the recent cyber attacks
'were what encouraged them to plan to set up the Cyber Army,
'which will gather computer scientists,
'programmers, software engineers...'
-If you are a youth and you see
assassination of a nuclear scientist,
and your nuclear facilities are getting attacked,
wouldn't you join your national Cyber Army?
Well, many did, and that's why, today,
Iran has one of the largest cyber armies in the world.
So, whoever initiated this,
and was very proud of themselves to see that little dip
in Iran's centrifuge numbers,
should look back now
and acknowledge that it was a major mistake.
Very quickly, Iran sent a message to the United States,
a very sophisticated message,
and they did that with two attacks.
First, they attacked Saudi Aramco,
the biggest oil company in the world,
and wiped out every piece of software, every line of code,
on 30,000 computer devices.
Then Iran did a surge attack on the American banks.
The most extensive attack on American banks ever,
launched from the Middle East, happening right now.
When Iran hit our banks,
we could've shut down their bot net,
but the State Department got nervous,
because the servers weren't actually in Iran,
so until there was a diplomatic solution,
Obama let the private sector deal with the problem.
I imagine that in the White House Situation Room,
people sat around and said...
Let me be clear, I don't imagine I know.
People sat around in the White House Situation Room and said,
"The Iranians have sent us a message, which is essentially -
"stop attacking us in cyberspace the way you did at Natanz with Stuxnet.
"We can do it, too."
There are unintended consequences of the Stuxnet attack.
You wanted to cause confusion and damage to the other side,
but then the other side can do the same to you.
The monster turned against its creator,
and now everyone is in this game.
They did a good job in showing the world, including the bad guys,
what you would need to do in order to cause serious trouble
that could lead to injuries and death.
I mean, you've been focusing on Stuxnet,
but that was just a small part
of the much larger Iranian mission.
There was a larger Iranian mission?
We spent hundreds of millions - maybe billions - on it.
In the event the Israelis did attack Iran,
we assumed we would be drawn into the conflict.
We built in attacks on Iran's command and control system
so the Iranians couldn't talk to each other in a fight.
We infiltrated their IADS, military air defence systems,
so they couldn't shoot down our planes if we flew over.
We also went after their civilian support systems, power grids,
We were inside, waiting, watching,
ready to disrupt, degrade and destroy those systems
with cyber attacks.
In comparison, Stuxnet was a back-alley operation.
NZ was the plan for a full-scale cyber war with no attribution.
We need an entirely new way of thinking
about how we're going to solve this problem.
You're not going to get an entirely new way of solving this problem
until you begin to have an open acknowledgement
that we have cyber weapons, as well,
and that we may have to agree to some limits on their use
if we're going to get other nations to limit their use.
It's not going to be a one-way street.
I'm old enough to have worked on nuclear arms control,
and biological weapons arms control,
and chemical weapons arms control.
And I was told in each of those types of arms control,
when we were beginning, "It's too hard. There are all these problems.
"It's technical. There's engineering.
"There's science involved.
"There are real verification difficulties.
"You'll never get there."
Well, it took 20, 30 years in some cases,
but we have a biological weapons treaty that's pretty damn good.
We have a chemical weapons treaty that's pretty damn good.
We've got three or four nuclear weapons treaties.
Yes, it may be hard and it may take 20 or 30 years,
but it'll never happen unless you get serious about it,
and it'll never happen unless you start it.
Today, after two years of negotiations,
the United States, together with our international partners,
has achieved something that decades of animosity has not -
a comprehensive, long-term deal with Iran
that will prevent it from obtaining a nuclear weapon.
It is a deal in which Iran
will cut its installed centrifuges
by more than two thirds.
Iran will not enrich uranium with its advanced centrifuges
for at least the next ten years.
It will make our country, our allies, and our world safer.
70 years after the murder of 6 million Jews,
promise to destroy my country, and the response
from nearly every one of the governments represented here
has been utter silence.
Perhaps you can now understand
why Israel is not joining you in celebrating this deal.
History shows that America must lead
not just with our might, but with our principles.
It shows we are stronger
not when we are alone but when we bring the world together.
Today's announcement marks one more chapter
in this pursuit of a safer and a more helpful,
more hopeful world.
Thank you. God bless you and God bless the United States of America.
-DISTORTED FEMALE VOICE:
-Everyone I know is thrilled
with the Iran deal. Sanctions and diplomacy worked,
but behind that deal was a lot of confidence in our cyber capability.
We were everywhere inside Iran, still are.
I'm not going to tell you the operational details
of what we can do, going forward, or where...
but the science-fiction cyber war scenario is here,
and that's Nitro Zeus.
But my concern, and the reason I'm talking...
..is because when you shut down a country's power grid...
it doesn't just pop back up.
You know, it's more like Humpty Dumpty,
and if all the king's men can't turn the lights back on
or filter the water for weeks,
then lots of people die.
And something we can do to others, they can do to us, too.
Is that something that we should keep quiet
or should we talk about it?
I've gone to many people on this film, even friends of mine,
who won't talk to me about the NSA and Stuxnet, even off the record,
for fear of going to jail.
Is that fear protecting us?
No. But it protects me.
Or should I say "we"?
-NO VOICE DISTORTION:
-I'm an actor playing a role,
written from the testimony of a small number of people
from NSA and CIA - all of whom are angry about the secrecy,
but too scared to come forward.
Now, we're forward.
Documentary thriller about warfare in a world without rules - the world of cyberwar. It tells the story of Stuxnet, self-replicating computer malware, known as a 'worm' for its ability to burrow from computer to computer on its own. In a covert operation, the American and Israeli intelligence agencies allegedly unleashed Stuxnet to destroy a key part of an Iranian nuclear facility. Ultimately the 'worm' spread beyond its intended target.
Zero Day is the most comprehensive account to date of how a clandestine mission opened forever the Pandora's box of cyber warfare. A cautionary tale of technology, politics, unintended consequences, morality, and the dangers of secrecy.