Scribd Carga

filosofa
de
Bertnard Russell
1
00:00:46,912 --> 00:00:49,013
Through the darkness
2
00:00:49,015 --> 00:00:53,250
of the pathways that we marched,
3
00:00:54,319 --> 00:00:57,354
evil and good lived side by side.
4
00:00:57,356 --> 00:01:00,424
And this is the nature of... of life.
5
00:01:16,541 --> 00:01:18,842
We are in an unbalanced
6
00:01:18,844 --> 00:01:23,047
and inequivalent confrontation between democracies
7
00:01:23,049 --> 00:01:25,416
who are obliged to play by the rules
8
00:01:26,051 --> 00:01:29,486
and entities who think democracy is a joke.
9
00:01:31,590 --> 00:01:33,958
You can't convince fanatics
10
00:01:33,960 --> 00:01:38,562
by saying, "hey, hatred paralyzes you,
11
00:01:38,564 --> 00:01:40,164
love releases you."
12
00:01:41,266 --> 00:01:45,536
There are different rules that we have to play by.
13
00:02:01,119 --> 00:02:03,787
Female newsreader: Today, two of Iran's top nuclear scientists
14
00:02:03,789 --> 00:02:05,756
were targeted by hit squads.
15
00:02:05,758 --> 00:02:07,791
Female newsreader 2: ...In the capital Tehran.
16
00:02:07,793 --> 00:02:09,426
Male newsreader: ...The latest in a string of attacks.
17
00:02:09,428 --> 00:02:11,662
Female newsreader 3: Today's attack has all the hallmarks
18
00:02:11,664 --> 00:02:13,831
of major strategic sabotage.
19
00:02:13,833 --> 00:02:14,932
Female newsreader 4: Iran immediately accused
20
00:02:14,934 --> 00:02:16,166
the U.S. and Israel
21
00:02:16,168 --> 00:02:18,035
of trying to damage its nuclear program.
22
00:02:18,336 --> 00:02:19,700
Mahmoud Ahmadinejad:
23
00:02:19,700 --> 00:02:20,889
Unfortunately, and without any doubt,
24
00:02:21,140 --> 00:02:23,600
in the assassinations
which took place today
25
00:02:23,934 --> 00:02:27,774
Western countries and the
Zionist regime were involved.
26
00:02:28,080 --> 00:02:33,817
I want to categorically deny any United States involvement
27
00:02:33,819 --> 00:02:38,756
in any kind of act of violence inside Iran.
28
00:02:38,758 --> 00:02:41,925
Covert actions can help,
29
00:02:41,927 --> 00:02:43,927
can assist.
30
00:02:45,196 --> 00:02:48,098
They are needed, they are not all the time essential,
31
00:02:48,333 --> 00:02:52,770
and they, in no way, can replace political wisdom.
32
00:02:53,138 --> 00:02:55,372
Alex Gibney: Were the assassinations in Iran
33
00:02:55,374 --> 00:02:57,775
related to the STUXnet computer attacks?
34
00:02:58,943 --> 00:03:00,778
Uh, next question, please.
35
00:03:02,380 --> 00:03:03,947
Male newsreader: Iran's infrastructure
36
00:03:03,949 --> 00:03:05,049
is being targeted
37
00:03:05,051 --> 00:03:08,218
by a new and dangerously powerful cyber worm.
38
00:03:08,220 --> 00:03:10,854
The so-called STUXnet worm is specifically designed,
39
00:03:10,856 --> 00:03:13,190
it seems, to infiltrate and sabotage
40
00:03:13,192 --> 00:03:16,326
real-world power plants and factories and refineries.
41
00:03:16,328 --> 00:03:17,728
Male newsreader 2: It's not trying to steal information
42
00:03:17,730 --> 00:03:18,896
or grab your credit card,
43
00:03:18,898 --> 00:03:21,699
they're trying to get into some sort of industrial plant
44
00:03:21,701 --> 00:03:24,085
and wreak havoc trying to blow up an engine or...
45
00:03:24,085 --> 00:03:25,376
The Stuxnet virus
has made attacks worldwide.
46
00:03:25,376 --> 00:03:26,788
Male newsreader 3:
47
00:03:26,788 --> 00:03:31,585
In Iran alone it was identified
30 thousand times.
48
00:03:32,336 --> 00:03:37,336
A super computer virus has put on alert
several countries' secret services.
49
00:03:37,591 --> 00:03:40,551
The information could be
in the reach of terrorists.
50
00:03:40,552 --> 00:03:41,652
Male newsreader 4: No one knows
51
00:03:41,654 --> 00:03:42,820
who's behind the worm
52
00:03:42,822 --> 00:03:44,488
and the exact nature of its mission,
53
00:03:44,490 --> 00:03:47,357
but there are fears Iran will hold Israel
54
00:03:47,359 --> 00:03:50,728
or America responsible and seek retaliation.
55
00:03:50,730 --> 00:03:51,829
Male newsreader 5: It's not impossible that
56
00:03:51,831 --> 00:03:53,163
some group of hackers did it,
57
00:03:53,165 --> 00:03:55,232
but the security experts that are studying this
58
00:03:55,234 --> 00:03:58,001
really think this required the resource of a nation-state.
59
00:04:03,942 --> 00:04:05,876
Man: Okay, and spinning.
60
00:04:05,878 --> 00:04:07,344
Gibney: Okay, good. Here we go.
61
00:04:08,580 --> 00:04:11,882
What impact, ultimately, did the STUXnet attack have?
62
00:04:11,884 --> 00:04:13,150
Can you say?
63
00:04:13,952 --> 00:04:16,120
I don't want to get into the details.
64
00:04:16,354 --> 00:04:18,856
Gibney: Since the event has already happened,
65
00:04:18,858 --> 00:04:22,559
why can't we talk more openly and publicly about STUXnet?
66
00:04:22,561 --> 00:04:25,462
Yeah, I mean, my answer is because it's classified.
67
00:04:25,930 --> 00:04:29,032
I... I won't knowledge... you know, knowingly
68
00:04:29,034 --> 00:04:31,135
offer up anything I consider classified.
69
00:04:31,137 --> 00:04:33,370
Gibney: I know that you can't talk much about STUXnet,
70
00:04:33,372 --> 00:04:36,774
because STUXnet is officially classified.
71
00:04:36,776 --> 00:04:38,142
You're right on both those counts.
72
00:04:38,610 --> 00:04:39,943
Gibney: But there has been
73
00:04:39,945 --> 00:04:42,045
a lot reported about it in the press.
74
00:04:42,047 --> 00:04:44,281
I don't want to comment on this.
75
00:04:44,283 --> 00:04:48,552
I read it in the newspaper, the media, like you,
76
00:04:48,554 --> 00:04:51,555
but I'm unable to elaborate upon it.
77
00:04:51,790 --> 00:04:53,957
People might find it frustrating
78
00:04:53,959 --> 00:04:56,493
not to be able to talk about it when it's in the public domain,
79
00:04:56,495 --> 00:04:57,895
but...
80
00:04:57,897 --> 00:04:59,396
Gibney: I find it frustrating.
81
00:04:59,398 --> 00:05:00,898
Yeah, I'm sure you do.
82
00:05:00,900 --> 00:05:02,466
I don't answer that question.
83
00:05:02,468 --> 00:05:03,834
Unfortunately, I can't comment.
84
00:05:03,836 --> 00:05:05,469
I do not know how to answer that.
85
00:05:05,471 --> 00:05:07,638
Two answers before you even get started, I don't know,
86
00:05:07,640 --> 00:05:10,440
and if I did, we wouldn't talk about it anyway.
87
00:05:10,442 --> 00:05:12,276
Gibney: How can you have a debate if everything's secret?
88
00:05:12,278 --> 00:05:14,311
I think right now that's just where we are.
89
00:05:14,612 --> 00:05:16,079
No one wants to...
90
00:05:16,081 --> 00:05:18,482
Countries aren't happy about confessing
91
00:05:18,484 --> 00:05:21,285
or owning up to what they did because they're not quite sure
92
00:05:21,287 --> 00:05:23,153
where they want the system to go.
93
00:05:23,788 --> 00:05:25,756
And so whoever was behind STUXnet
94
00:05:25,758 --> 00:05:27,257
hasn't admitted they were behind it.
95
00:05:31,095 --> 00:05:32,963
Gibney: Asking officials about STUXnet
96
00:05:32,965 --> 00:05:34,498
was frustrating and surreal,
97
00:05:34,799 --> 00:05:37,334
like asking the emperor about his new clothes.
98
00:05:38,036 --> 00:05:41,138
Even after the cyber weapon had penetrated computers
99
00:05:41,140 --> 00:05:42,539
all over the world,
100
00:05:42,807 --> 00:05:45,108
no one was willing to admit it was loose
101
00:05:45,110 --> 00:05:47,511
or talk about the dangers it posed.
102
00:05:48,379 --> 00:05:50,647
What was it about the STUXnet operation
103
00:05:50,649 --> 00:05:52,449
that was hiding in plain sight?
104
00:05:53,885 --> 00:05:55,652
Maybe there was a way the computer code
105
00:05:55,654 --> 00:05:57,287
could speak for itself.
106
00:05:58,056 --> 00:06:00,424
STUXnet first surfaced in Belarus.
107
00:06:00,992 --> 00:06:03,360
I started with a call to the man who discovered it
108
00:06:03,362 --> 00:06:06,363
when his clients in Iran began to panic
109
00:06:06,365 --> 00:06:09,032
over an epidemic of computer shutdowns.
110
00:06:09,834 --> 00:06:13,070
Had you ever seen anything quite so sophisticated before?
111
00:06:13,664 --> 00:06:17,424
I have seen very sophisticated
viruses before,
112
00:06:17,668 --> 00:06:21,548
but they didn't have...
113
00:06:24,008 --> 00:06:25,378
this kind of...
114
00:06:26,969 --> 00:06:27,719
zero day.
115
00:06:29,054 --> 00:06:32,524
It was the first time in my practice.
116
00:06:33,350 --> 00:06:36,440
That led me to understand
117
00:06:37,813 --> 00:06:44,783
that I should notify
web security companies ASAP
118
00:06:46,530 --> 00:06:51,030
about the fact that such a danger exists.
119
00:07:36,487 --> 00:07:38,322
Eric Chien: On a daily basis, basically
120
00:07:38,324 --> 00:07:40,390
we are sifting through
121
00:07:40,392 --> 00:07:43,894
a massive haystack looking for that proverbial needle.
122
00:07:44,762 --> 00:07:47,731
We get millions of pieces of new malicious threats
123
00:07:47,733 --> 00:07:49,599
and there are millions of attacks going on
124
00:07:49,601 --> 00:07:50,801
every single day.
125
00:07:50,969 --> 00:07:53,403
And only way are trying to protect people
126
00:07:53,405 --> 00:07:55,005
and their computers and... and their systems
127
00:07:55,007 --> 00:07:57,674
and countries' infrastructure
128
00:07:57,676 --> 00:07:59,776
from being taken down by those attacks.
129
00:07:59,778 --> 00:08:03,113
But more importantly, we have to find the attacks that matter.
130
00:08:03,115 --> 00:08:04,848
When you're talking about that many,
131
00:08:05,149 --> 00:08:07,417
impact is extremely important.
132
00:08:19,797 --> 00:08:21,498
Eugene Kaspersky: Twenty years ago, the antivirus companies,
133
00:08:21,500 --> 00:08:23,200
they were hunting for computer viruses
134
00:08:23,202 --> 00:08:24,468
because there were not so many.
135
00:08:24,470 --> 00:08:27,771
So we had, like, tens of dozens a month,
136
00:08:27,972 --> 00:08:30,540
and there was just little numbers.
137
00:08:30,542 --> 00:08:34,745
Now, we collect millions of unique attacks every month.
138
00:08:36,114 --> 00:08:38,548
Vitaly Kamluk: This room we call a woodpecker's room
139
00:08:38,550 --> 00:08:39,883
or a virus lab,
140
00:08:40,118 --> 00:08:42,052
and this is where virus analysts sit.
141
00:08:42,054 --> 00:08:44,021
We call them woodpeckers because they are
142
00:08:44,023 --> 00:08:46,523
pecking the worms, network worms, and viruses.
143
00:08:47,392 --> 00:08:50,627
And we see, like, three different groups of hackers
144
00:08:50,629 --> 00:08:52,195
behind cyber-attacks.
145
00:08:52,964 --> 00:08:54,731
They are traditional cyber criminals.
146
00:08:54,899 --> 00:08:58,735
Those guys are interested only in illegal profit.
147
00:08:58,737 --> 00:09:00,137
And quick and dirty money.
148
00:09:00,139 --> 00:09:02,305
Activists, or hacktivists,
149
00:09:02,307 --> 00:09:04,674
they are hacking for fun or hacking to push
150
00:09:04,676 --> 00:09:05,942
some political message.
151
00:09:06,177 --> 00:09:08,545
And the third group is nation-states.
152
00:09:08,746 --> 00:09:11,648
They're interested in high-quality intelligence
153
00:09:11,650 --> 00:09:13,083
or sabotage activity.
154
00:09:14,352 --> 00:09:16,853
Chien: Security companies not only share information
155
00:09:16,855 --> 00:09:18,588
but we also share binary samples.
156
00:09:18,590 --> 00:09:20,190
So when this threat was found
157
00:09:20,192 --> 00:09:22,025
by a Belarusian security company
158
00:09:22,027 --> 00:09:24,361
on one of their customer's machines in Iran,
159
00:09:24,363 --> 00:09:26,963
the sample was shared amongst the security community.
160
00:09:27,865 --> 00:09:29,433
When we try to name threats, we just try to pick
161
00:09:29,435 --> 00:09:31,501
some sort of string, some sort of words,
162
00:09:31,503 --> 00:09:34,071
that are inside of the binary.
163
00:09:35,239 --> 00:09:37,607
In this case, there was a couple of words in there
164
00:09:37,609 --> 00:09:40,577
and we took pieces of each, and that formed STUXnet.
165
00:09:43,047 --> 00:09:46,249
I got the news about STUXnet from one of my engineers.
166
00:09:46,251 --> 00:09:48,952
He came to my office, opened the door,
167
00:09:49,520 --> 00:09:52,522
and he said, "so, Eugene, of course you know that
168
00:09:52,524 --> 00:09:55,125
we are waiting for something really bad.
169
00:09:55,426 --> 00:09:56,593
It happened."
170
00:10:03,301 --> 00:10:05,469
Gibney: Give me some sense of what it was like
171
00:10:05,471 --> 00:10:06,870
in the lab at that time.
172
00:10:06,872 --> 00:10:08,472
Was there a palpable sense of amazement
173
00:10:08,474 --> 00:10:10,474
that you had something really different there?
174
00:10:10,775 --> 00:10:12,776
Well, I wouldn't call it amazement.
175
00:10:12,778 --> 00:10:14,845
It was a kind of a shock.
176
00:10:15,246 --> 00:10:18,381
It went beyond our worst fears, our worst nightmares,
177
00:10:18,749 --> 00:10:21,751
and this continued the more we analyzed.
178
00:10:21,753 --> 00:10:23,720
The more we researched,
179
00:10:23,722 --> 00:10:26,723
the more bizarre the whole story got.
180
00:10:27,058 --> 00:10:28,725
We look at so much malware every day that
181
00:10:28,727 --> 00:10:30,660
we can just look at the code and straightaway we can say,
182
00:10:30,662 --> 00:10:32,262
"okay, there's something bad going on here,
183
00:10:32,264 --> 00:10:33,730
and I need to investigate that."
184
00:10:33,732 --> 00:10:34,798
And that's the way it was
185
00:10:34,999 --> 00:10:36,933
when we looked at STUXnet for the first time.
186
00:10:36,935 --> 00:10:39,436
We opened it up and there was just bad things everywhere.
187
00:10:39,438 --> 00:10:41,905
Just like, okay, this is bad and that's bad,
188
00:10:41,907 --> 00:10:43,440
and, you know, we need to investigate this.
189
00:10:43,442 --> 00:10:44,908
And just suddenly we had, like,
190
00:10:44,910 --> 00:10:46,376
a hundred questions straightaway.
191
00:10:48,412 --> 00:10:50,847
The most interesting thing that we do is detective work
192
00:10:50,849 --> 00:10:53,517
where we try to track down who's behind a threat,
193
00:10:53,519 --> 00:10:55,085
what are they doing, what's their motivation,
194
00:10:55,087 --> 00:10:56,820
and try to really stop it at the root.
195
00:10:56,822 --> 00:10:59,189
And it is kind of all-consuming.
196
00:10:59,191 --> 00:11:00,824
You get this new puzzle
197
00:11:00,826 --> 00:11:02,526
and it's very difficult to put it down,
198
00:11:02,528 --> 00:11:04,961
you know, work until, like, 4:00 am in the morning
199
00:11:04,963 --> 00:11:06,163
and figure these things out.
200
00:11:06,165 --> 00:11:08,965
And I was in that zone where I was very consumed by this,
201
00:11:08,967 --> 00:11:11,101
very excited about it, very interested to know
202
00:11:11,103 --> 00:11:12,369
what was happening.
203
00:11:12,371 --> 00:11:15,505
And Eric was also in that same sort of zone.
204
00:11:15,507 --> 00:11:18,208
So the two of us were, like, back and forth all the time.
205
00:11:18,210 --> 00:11:20,944
Chien: Liam and I continued to grind at the code,
206
00:11:20,946 --> 00:11:23,046
sharing pieces, comparing notes,
207
00:11:23,048 --> 00:11:24,881
bouncing ideas off of each other.
208
00:11:25,316 --> 00:11:26,783
We realized that we needed to do
209
00:11:26,785 --> 00:11:29,853
what we called deep analysis, pick apart the threat,
210
00:11:29,855 --> 00:11:32,689
every single byte, every single zero, one,
211
00:11:32,691 --> 00:11:34,791
and understand everything that was inside of it.
212
00:11:35,326 --> 00:11:37,127
And just to give you some context,
213
00:11:37,129 --> 00:11:39,162
we can go through and understand every line of code
214
00:11:39,164 --> 00:11:40,964
for the average threat in minutes.
215
00:11:41,566 --> 00:11:43,366
And here we are one month into this threat
216
00:11:43,368 --> 00:11:45,302
and we were just starting to discover what we call
217
00:11:45,304 --> 00:11:47,204
the payload or its whole purpose.
218
00:11:49,540 --> 00:11:51,074
When looking at the STUXnet code,
219
00:11:51,076 --> 00:11:53,643
it's 20 times the size of the average piece of code
220
00:11:54,145 --> 00:11:56,379
but contains almost no bugs inside of it.
221
00:11:56,381 --> 00:11:58,248
And that's extremely rare.
222
00:11:58,250 --> 00:12:00,150
Malicious code always has bugs inside of it.
223
00:12:00,152 --> 00:12:01,918
This wasn't the case with STUXnet.
224
00:12:01,920 --> 00:12:04,754
It's dense and every piece of code does something
225
00:12:04,756 --> 00:12:07,591
and does something right in order to conduct its attack.
226
00:12:08,826 --> 00:12:10,894
One of the things that surprised us
227
00:12:10,896 --> 00:12:13,263
was that STUXnet utilized what's called
228
00:12:13,265 --> 00:12:15,832
a zero-day exploit, or basically,
229
00:12:15,834 --> 00:12:18,168
a piece of code that allows it to spread
230
00:12:18,170 --> 00:12:20,003
without you having to do anything.
231
00:12:20,005 --> 00:12:22,739
You don't have to, for example, download a file and run it.
232
00:12:22,741 --> 00:12:24,941
A zero-day exploit is an exploit that
233
00:12:24,943 --> 00:12:26,610
nobody knows about except the attacker.
234
00:12:26,612 --> 00:12:28,178
So there's no protection against it.
235
00:12:28,180 --> 00:12:29,613
There's been no patch released.
236
00:12:29,615 --> 00:12:31,915
There's been zero days protection,
237
00:12:31,917 --> 00:12:33,516
you know, against it.
238
00:12:34,385 --> 00:12:35,785
That's what attackers value,
239
00:12:35,787 --> 00:12:37,587
because they know 100 percent
240
00:12:37,589 --> 00:12:39,923
if they have this zero-day exploit,
241
00:12:39,925 --> 00:12:41,625
they can get in wherever they want.
242
00:12:41,627 --> 00:12:43,126
They're actually very valuable.
243
00:12:43,128 --> 00:12:44,527
You can sell these on the underground
244
00:12:44,529 --> 00:12:46,049
for hundreds of thousands of dollars.
245
00:12:47,398 --> 00:12:48,465
Chien: Then we became more worried
246
00:12:48,467 --> 00:12:50,533
because immediately we discovered more zero days.
247
00:12:50,535 --> 00:12:53,270
And again, these zero days are extremely rare.
248
00:12:53,272 --> 00:12:55,572
Inside STUXnet we had, you know, four zero days,
249
00:12:55,574 --> 00:12:57,307
and for the entire rest of the year,
250
00:12:57,309 --> 00:12:59,876
we only saw 12 zero days used.
251
00:12:59,878 --> 00:13:01,544
It blows all... everything else out of the water.
252
00:13:01,546 --> 00:13:02,779
We've never seen this before.
253
00:13:02,781 --> 00:13:04,541
Actually, we've never seen it since, either.
254
00:13:04,615 --> 00:13:07,217
Seeing one in a malware you could understand
255
00:13:07,219 --> 00:13:10,120
because, you know, the malware authors are making money,
256
00:13:10,122 --> 00:13:11,721
they're stealing people's credit cards and making money,
257
00:13:11,723 --> 00:13:12,889
so it's worth their while to use it,
258
00:13:12,891 --> 00:13:15,258
but seeing four zero days, could be worth
259
00:13:15,260 --> 00:13:16,459
half a million dollars right there,
260
00:13:16,461 --> 00:13:18,228
used in one piece of malware,
261
00:13:18,496 --> 00:13:20,897
this is not your ordinary criminal gangs doing this.
262
00:13:20,899 --> 00:13:22,499
This is... this is someone bigger.
263
00:13:22,501 --> 00:13:24,401
It's definitely not traditional crime,
264
00:13:24,403 --> 00:13:27,904
not hacktivists. Who else?
265
00:13:28,773 --> 00:13:31,007
It was evident on a very early stage
266
00:13:31,509 --> 00:13:33,743
that just given the sophistication
267
00:13:33,745 --> 00:13:35,245
of this malware...
268
00:13:36,480 --> 00:13:39,282
Suggested that there must have been
269
00:13:39,284 --> 00:13:40,750
a nation-state involved,
270
00:13:40,752 --> 00:13:43,987
at least one nation-state involved in the development.
271
00:13:43,989 --> 00:13:46,022
When we look at code that's coming from
272
00:13:46,024 --> 00:13:47,590
what appears to be a state attacker
273
00:13:47,592 --> 00:13:50,193
or state-sponsored attacker, usually they're scrubbed clean.
274
00:13:50,195 --> 00:13:52,629
They don't... they don't leave little bits behind.
275
00:13:52,631 --> 00:13:54,364
They don't leave little hints behind.
276
00:13:54,632 --> 00:13:56,299
But in STUXnet there were actually
277
00:13:56,301 --> 00:13:57,667
a few hints left behind.
278
00:13:58,936 --> 00:14:02,205
One was that, in order to get low-level access
279
00:14:02,207 --> 00:14:03,673
to Microsoft Windows,
280
00:14:03,874 --> 00:14:05,674
STUXnet needed to use a digital certificate,
281
00:14:05,976 --> 00:14:08,378
which certifies that this piece of code
282
00:14:08,380 --> 00:14:11,247
came from a particular company.
283
00:14:12,149 --> 00:14:14,217
Now, those attackers obviously couldn't go to Microsoft
284
00:14:14,219 --> 00:14:15,685
and say, "hey, test our code out for us.
285
00:14:15,687 --> 00:14:17,287
And give us a digital certificate."
286
00:14:17,988 --> 00:14:19,589
So they essentially stole them...
287
00:14:20,825 --> 00:14:22,892
From two companies in Taiwan.
288
00:14:22,894 --> 00:14:24,794
And these two companies have nothing to do with each other
289
00:14:24,796 --> 00:14:26,463
except for their close proximity
290
00:14:26,465 --> 00:14:28,264
in the exact same business park.
291
00:14:30,835 --> 00:14:34,671
Digital certificates are guarded very, very closely
292
00:14:34,673 --> 00:14:36,206
behind multiple doors
293
00:14:36,208 --> 00:14:38,641
and they require multiple people to unlock.
294
00:14:38,643 --> 00:14:40,310
Security: ...To the camera.
295
00:14:40,312 --> 00:14:42,011
Chien: And they need to provide both biometrics
296
00:14:42,013 --> 00:14:44,414
- and, as well, pass phrases.
297
00:14:44,416 --> 00:14:45,882
It wasn't like those certificates were
298
00:14:45,884 --> 00:14:47,584
just sitting on some machine connected to the Internet.
299
00:14:47,818 --> 00:14:50,620
Some human assets had to be involved, spies.
300
00:14:50,855 --> 00:14:52,689
O'Murchu: Like a cleaner who comes in at night
301
00:14:52,691 --> 00:14:54,424
and has stolen these certificates
302
00:14:54,426 --> 00:14:55,658
from these companies.
303
00:14:59,063 --> 00:15:01,164
It did feel like walking onto the set
304
00:15:01,166 --> 00:15:03,666
of this James Bond movie and you...
305
00:15:03,668 --> 00:15:05,235
You've been embroiled in this thing that,
306
00:15:05,237 --> 00:15:07,837
you know, you... you never expected.
307
00:15:10,508 --> 00:15:11,608
We continued to search,
308
00:15:11,610 --> 00:15:13,109
and we continued to search in code,
309
00:15:13,111 --> 00:15:15,945
and eventually we found some other bread crumbs left
310
00:15:15,947 --> 00:15:17,347
we were able to follow.
311
00:15:18,048 --> 00:15:19,682
It was doing something with Siemens,
312
00:15:19,950 --> 00:15:22,752
Siemens software, possibly Siemens hardware.
313
00:15:23,053 --> 00:15:24,754
We'd never ever seen that in any malware before,
314
00:15:24,756 --> 00:15:26,089
something targeting Siemens.
315
00:15:26,091 --> 00:15:28,051
We didn't even know why they would be doing that.
316
00:15:29,627 --> 00:15:32,362
But after googling, very quickly we understood
317
00:15:32,364 --> 00:15:34,798
it was targeting Siemens PLCs.
318
00:15:35,266 --> 00:15:38,201
STUXnet was targeting a very specific hardware device,
319
00:15:38,203 --> 00:15:41,604
something called a PLC or a programmable logic controller.
320
00:15:42,039 --> 00:15:44,941
Langner: The PLC is kind of a very small computer
321
00:15:45,242 --> 00:15:47,977
attached to physical equipment,
322
00:15:47,979 --> 00:15:50,613
like pumps, like valves, like motors.
323
00:15:51,415 --> 00:15:55,985
So this little box is running a digital program
324
00:15:55,987 --> 00:15:58,288
and the actions of this program
325
00:15:58,290 --> 00:16:02,392
turns that motor on, off, or sets a specific speed.
326
00:16:02,394 --> 00:16:04,127
Chien: Those program module controllers
327
00:16:04,129 --> 00:16:06,663
control things like power plants, power grids.
328
00:16:06,665 --> 00:16:08,398
O'Murchu: This is used in factories,
329
00:16:08,400 --> 00:16:10,867
it's used in critical infrastructure.
330
00:16:11,569 --> 00:16:14,604
Critical infrastructure, it's everywhere around us,
331
00:16:14,606 --> 00:16:17,173
transportation, telecommunications,
332
00:16:17,175 --> 00:16:19,476
financial services, health care.
333
00:16:20,010 --> 00:16:22,912
So the payload of STUXnet was designed
334
00:16:22,914 --> 00:16:26,082
to attack some very important part
335
00:16:26,084 --> 00:16:27,517
of our world.
336
00:16:27,785 --> 00:16:29,319
The payload is gonna be important.
337
00:16:29,321 --> 00:16:32,088
What happens there could be very dangerous.
338
00:16:34,292 --> 00:16:37,260
Langner: The next very big surprise came
339
00:16:37,262 --> 00:16:39,562
when it infected our lab system.
340
00:16:40,297 --> 00:16:43,299
We figured out that the malware was probing
341
00:16:43,301 --> 00:16:44,667
for controllers.
342
00:16:45,035 --> 00:16:47,103
It was quite picky on its targets.
343
00:16:47,105 --> 00:16:51,441
It didn't try to manipulate any given controller in a network
344
00:16:51,443 --> 00:16:52,775
that it would see.
345
00:16:53,010 --> 00:16:57,213
It went through several checks, and when those checks failed,
346
00:16:57,215 --> 00:16:59,449
it would not implement the attack.
347
00:17:02,186 --> 00:17:06,055
It was obviously probing for a specific target.
348
00:17:07,391 --> 00:17:09,559
You've got to put this in context that,
349
00:17:09,561 --> 00:17:11,361
at the time, we already knew,
350
00:17:11,363 --> 00:17:13,730
well, this is the most sophisticated piece of malware
351
00:17:13,732 --> 00:17:15,298
that we have ever seen.
352
00:17:16,066 --> 00:17:18,034
So it's kind of strange.
353
00:17:18,036 --> 00:17:23,039
Somebody takes that huge effort to hit one specific target?
354
00:17:23,307 --> 00:17:25,241
Well, that must be quite a significant target.
355
00:17:28,846 --> 00:17:31,247
Chien: So at Symantec we have probes on networks
356
00:17:31,249 --> 00:17:32,415
all over the world
357
00:17:32,417 --> 00:17:34,817
watching for malicious activity.
358
00:17:35,219 --> 00:17:37,220
O'Murchu: We'd actually seen infections of STUXnet
359
00:17:37,222 --> 00:17:39,756
all over the world, in the U.S., Australia,
360
00:17:39,758 --> 00:17:42,392
in the U.K., in France, Germany, all over Europe.
361
00:17:42,893 --> 00:17:45,293
Chien: It spread to any Windows machine in the entire world.
362
00:17:45,663 --> 00:17:47,897
You know, we had these organizations
363
00:17:47,899 --> 00:17:50,199
inside the United States who were in charge of
364
00:17:50,201 --> 00:17:51,901
industrial control facilities saying,
365
00:17:51,903 --> 00:17:53,903
"we're infected. What's gonna happen?"
366
00:17:54,271 --> 00:17:56,940
O'Murchu: We didn't know if there was a deadline coming up
367
00:17:56,942 --> 00:17:58,508
where this threat would trigger
368
00:17:58,510 --> 00:18:00,843
and suddenly would, like, turn off all, you know,
369
00:18:00,845 --> 00:18:02,412
electricity plants around the world
370
00:18:02,414 --> 00:18:04,180
or it would start shutting things down
371
00:18:04,182 --> 00:18:05,515
or launching some attack.
372
00:18:06,350 --> 00:18:09,385
We knew that STUXnet could have very dire consequences,
373
00:18:09,387 --> 00:18:12,055
and we were very worried about
374
00:18:12,057 --> 00:18:13,523
what the payload contained
375
00:18:13,525 --> 00:18:15,758
and there was an imperative speed
376
00:18:15,760 --> 00:18:17,860
that we had to race and try and, you know,
377
00:18:17,862 --> 00:18:19,262
beat this ticking bomb.
378
00:18:20,397 --> 00:18:22,932
Eventually, we were able to refine the statistics a little
379
00:18:22,934 --> 00:18:24,434
and we saw that Iran was the number one
380
00:18:24,436 --> 00:18:26,035
infected country in the world.
381
00:18:26,037 --> 00:18:28,605
Chien: That immediately raised our eyebrows.
382
00:18:28,607 --> 00:18:30,873
We had never seen a threat before
383
00:18:30,875 --> 00:18:33,009
where it was predominantly in Iran.
384
00:18:33,944 --> 00:18:35,545
And so we began to follow what was going on
385
00:18:35,547 --> 00:18:36,779
in the geopolitical world,
386
00:18:36,947 --> 00:18:38,547
what was happening in the general news.
387
00:18:38,716 --> 00:18:41,951
And at that time, there were actually multiple explosions
388
00:18:41,953 --> 00:18:44,854
of gas pipelines going in and out of Iran.
389
00:18:45,823 --> 00:18:47,223
Unexplained explosions.
390
00:18:48,759 --> 00:18:50,893
O'Murchu: And of course, we did notice that at the time
391
00:18:50,895 --> 00:18:53,529
there had been assassinations of nuclear scientists.
392
00:18:54,732 --> 00:18:56,165
So that was worrying.
393
00:18:56,967 --> 00:18:59,168
We knew there was something bad happening.
394
00:18:59,637 --> 00:19:01,471
Gibney: Did you get concerned for yourself?
395
00:19:01,473 --> 00:19:03,406
I mean, did you begin to start looking over your shoulder
396
00:19:03,408 --> 00:19:04,641
from time to time?
397
00:19:04,643 --> 00:19:06,242
Yeah, definitely looking over my shoulder
398
00:19:06,244 --> 00:19:08,811
and... and being careful about what I spoke about on the phone.
399
00:19:09,813 --> 00:19:13,016
I was... pretty confident my conversations on my...
400
00:19:13,018 --> 00:19:14,484
On the phone were being listened to.
401
00:19:14,818 --> 00:19:16,786
We were only half joking
402
00:19:16,788 --> 00:19:18,821
when we would look at each other
403
00:19:18,823 --> 00:19:20,590
and tell each other things like,
404
00:19:20,592 --> 00:19:22,825
"look, I'm not suicidal.
405
00:19:23,160 --> 00:19:26,663
If I show up dead on Monday, you know, it wasn't me."
406
00:19:35,439 --> 00:19:37,874
We'd been publishing information about STUXnet
407
00:19:37,876 --> 00:19:39,275
all through that summer.
408
00:19:40,644 --> 00:19:43,279
And then in November, the industrial control system
409
00:19:43,281 --> 00:19:46,416
sort of expert in Holland contacted us...
410
00:19:47,685 --> 00:19:50,286
And he said all of these devices that would be inside of
411
00:19:50,288 --> 00:19:53,356
an industrial control system hold a unique identifier number
412
00:19:53,358 --> 00:19:56,559
that identified the make and model of that device.
413
00:19:58,328 --> 00:20:01,998
And we actually had a couple of these numbers in the code
414
00:20:02,000 --> 00:20:03,440
that we didn't know what they were.
415
00:20:04,401 --> 00:20:06,302
And so we realized maybe what he was referring to
416
00:20:06,304 --> 00:20:07,770
was the magic numbers we had.
417
00:20:08,305 --> 00:20:09,839
And then when we searched for those magic numbers
418
00:20:09,841 --> 00:20:11,007
in that context,
419
00:20:11,009 --> 00:20:13,409
we saw that what had to be connected
420
00:20:13,411 --> 00:20:15,578
to this industrial control system that was being targeted
421
00:20:15,580 --> 00:20:17,547
were something called frequency converters
422
00:20:17,881 --> 00:20:20,049
from two specific manufacturers,
423
00:20:20,051 --> 00:20:21,818
one of which was in Iran.
424
00:20:22,419 --> 00:20:24,187
And so at this time, we absolutely knew
425
00:20:24,189 --> 00:20:26,522
that the facility that was being targeted
426
00:20:26,524 --> 00:20:27,990
had to be in Iran
427
00:20:28,325 --> 00:20:31,160
and had equipment made from Iranian manufacturers.
428
00:20:32,096 --> 00:20:33,863
When we looked up those frequency converters,
429
00:20:33,865 --> 00:20:35,665
we immediately found out that they were actually
430
00:20:35,667 --> 00:20:38,067
export controlled by the nuclear regulatory commission.
431
00:20:38,669 --> 00:20:40,002
And that immediately lead us then
432
00:20:40,004 --> 00:20:42,271
to some nuclear facility.
433
00:20:59,890 --> 00:21:02,024
Gibney: This was more than a computer story,
434
00:21:02,392 --> 00:21:04,827
so I left the world of the antivirus detectives
435
00:21:05,129 --> 00:21:07,063
and sought out journalist, David Sanger,
436
00:21:07,065 --> 00:21:09,298
who specialized in the strange intersection
437
00:21:09,300 --> 00:21:12,301
of cyber, nuclear weapons, and espionage.
438
00:21:13,270 --> 00:21:15,371
Sanger: The emergence of the code
439
00:21:15,373 --> 00:21:18,674
is what put me on alert that an attack was under way.
440
00:21:20,110 --> 00:21:23,279
And because of the covert nature of the operation,
441
00:21:23,281 --> 00:21:26,282
not only were official government spokesmen
442
00:21:26,284 --> 00:21:29,185
unable to talk about it, they didn't even know about it.
443
00:21:30,387 --> 00:21:32,455
Eventually, the more I dug into it,
444
00:21:32,457 --> 00:21:37,059
the more I began to find individuals
445
00:21:37,294 --> 00:21:39,495
who had been involved in some piece of it
446
00:21:39,663 --> 00:21:41,731
or who had witnessed some piece of it.
447
00:21:42,332 --> 00:21:44,734
And that meant talking to Americans,
448
00:21:44,736 --> 00:21:47,637
talking to Israelis, talking to Europeans,
449
00:21:47,639 --> 00:21:50,740
because this was obviously the first, biggest,
450
00:21:50,742 --> 00:21:55,311
and most sophisticated example of a state
451
00:21:55,313 --> 00:21:57,947
or two states using a cyber weapon
452
00:21:57,949 --> 00:21:59,482
for offensive purposes.
453
00:22:02,920 --> 00:22:05,822
I came to this with a fair bit of history,
454
00:22:05,824 --> 00:22:08,591
understanding the Iranian nuclear program.
455
00:22:09,626 --> 00:22:13,029
How did Iran get its first nuclear reactor?
456
00:22:13,597 --> 00:22:16,732
We gave it to them... under the Shah,
457
00:22:17,034 --> 00:22:20,469
because the Shah was considered an American ally.
458
00:22:21,973 --> 00:22:25,608
Thank you again for your warm welcome, Mr. President.
459
00:22:25,943 --> 00:22:27,543
Gary Samore: During the Nixon administration,
460
00:22:27,545 --> 00:22:30,813
the U.S. was very enthusiastic about supporting
461
00:22:30,815 --> 00:22:32,915
the Shah's nuclear power program.
462
00:22:33,817 --> 00:22:36,152
And at one point, the Nixon administration
463
00:22:36,154 --> 00:22:38,988
was pushing the idea that Pakistan and Iran
464
00:22:38,990 --> 00:22:43,593
should build a joint plant together in Iran.
465
00:22:44,962 --> 00:22:46,662
There's at least some evidence that
466
00:22:46,664 --> 00:22:50,166
the Shah was thinking about acquisition of nuclear weapons,
467
00:22:50,168 --> 00:22:53,703
because he saw, and we were encouraging him to see Iran
468
00:22:53,705 --> 00:22:56,005
as the so-called policemen of the Persian Gulf.
469
00:22:56,007 --> 00:22:58,174
And the Iranians have always viewed themselves
470
00:22:58,176 --> 00:23:01,410
as naturally the dominant power in the Middle East.
471
00:23:02,214 --> 00:23:07,594
Why is it normal for you,
the Germans and the British,
472
00:23:07,845 --> 00:23:09,435
to have...
473
00:23:10,764 --> 00:23:14,484
atomic and hydrogen weapons, and for Iran,
474
00:23:15,102 --> 00:23:17,102
the simple principle of self-defense
475
00:23:17,396 --> 00:23:20,106
the defense of its interests, a problem,
476
00:23:20,357 --> 00:23:22,357
while for others it is totally normal?
477
00:23:24,001 --> 00:23:25,568
Samore: But the revolution,
478
00:23:25,570 --> 00:23:27,270
which overthrew the Shah in '79,
479
00:23:27,272 --> 00:23:29,071
really curtailed the program
480
00:23:29,073 --> 00:23:31,440
before it ever got any head of steam going.
481
00:23:32,542 --> 00:23:37,113
Part of our policy against Iran after the revolution
482
00:23:37,115 --> 00:23:39,415
was to deny them nuclear technology.
483
00:23:39,417 --> 00:23:42,718
So most of the period when I was involved
484
00:23:42,720 --> 00:23:44,720
in the '80s and the '90s
485
00:23:44,722 --> 00:23:47,123
was the U.S. running around the world
486
00:23:47,125 --> 00:23:50,393
and persuading potential nuclear suppliers
487
00:23:50,395 --> 00:23:53,796
not to provide even peaceful nuclear technology to Iran.
488
00:23:54,031 --> 00:23:57,466
And what we missed was the clandestine transfer
489
00:23:57,468 --> 00:24:00,369
in the mid-1980s from Pakistan to Iran.
490
00:24:04,375 --> 00:24:05,608
Rolf Mowatt-Larssen: Abdul Qadeer Khan
491
00:24:05,610 --> 00:24:06,943
is what we would call
492
00:24:06,945 --> 00:24:08,945
the father of the Pakistan nuclear program.
493
00:24:10,380 --> 00:24:12,949
He had the full authority and confidence
494
00:24:12,951 --> 00:24:15,251
of the Pakistan government from its inception
495
00:24:15,253 --> 00:24:17,320
to the production of nuclear weapons.
496
00:24:19,056 --> 00:24:21,390
I was a CIA officer for... for...
497
00:24:21,392 --> 00:24:24,060
For over two decades, operations officer,
498
00:24:24,062 --> 00:24:25,861
worked overseas most of my career.
499
00:24:26,430 --> 00:24:28,497
The A.Q. Khan network is so notable
500
00:24:28,499 --> 00:24:31,500
because aside from building
501
00:24:31,502 --> 00:24:34,537
the Pakistani program for decades...
502
00:24:35,772 --> 00:24:38,941
It also was the means by which other countries
503
00:24:38,943 --> 00:24:41,577
were able to develop nuclear weapons,
504
00:24:41,579 --> 00:24:42,878
including Iran.
505
00:24:43,480 --> 00:24:45,114
Samore: A.Q. Khan acting on behalf
506
00:24:45,116 --> 00:24:46,182
of the Pakistani government
507
00:24:46,184 --> 00:24:49,285
negotiated with officials in Iran
508
00:24:49,287 --> 00:24:52,321
and then there was a transfer which took place
509
00:24:52,323 --> 00:24:53,389
through Dubai
510
00:24:53,391 --> 00:24:56,625
of blueprints for nuclear weapons design
511
00:24:56,627 --> 00:24:58,227
as well as some hardware.
512
00:24:59,363 --> 00:25:01,364
Throughout the mid-1980s,
513
00:25:01,366 --> 00:25:04,433
the Iranian program was not very well-resourced.
514
00:25:04,435 --> 00:25:06,268
It was more of an R & D program.
515
00:25:07,304 --> 00:25:10,506
It wasn't really until the mid-'90s
516
00:25:10,508 --> 00:25:12,775
that it started to take off when they made the decision
517
00:25:12,777 --> 00:25:14,844
to build the nuclear weapons program.
518
00:25:21,518 --> 00:25:23,019
You know, we can speculate what,
519
00:25:23,021 --> 00:25:24,453
in their mind, motivated them.
520
00:25:24,455 --> 00:25:27,623
I think it was the U.S. invasion of Iraq
521
00:25:27,625 --> 00:25:29,225
after Kuwait.
522
00:25:30,527 --> 00:25:31,994
You know, there was an eight-year war
523
00:25:31,996 --> 00:25:33,562
between Iraq and Iran,
524
00:25:33,830 --> 00:25:37,233
we had wiped out Saddam's forces in a matter of weeks.
525
00:25:40,138 --> 00:25:42,872
And I think that was enough to convince the rulers
526
00:25:42,874 --> 00:25:45,041
in Tehran that they needed to pursue
527
00:25:45,043 --> 00:25:46,609
nuclear weapons more seriously.
528
00:25:48,645 --> 00:25:51,547
George Bush: States like these and their terrorist allies
529
00:25:51,549 --> 00:25:54,383
constitute an axis of evil,
530
00:25:54,385 --> 00:25:57,153
arming to threaten the peace of the world.
531
00:25:58,555 --> 00:26:01,190
Samore: From 2003 to 2005
532
00:26:01,192 --> 00:26:04,493
when they feared that the U.S. would invade them,
533
00:26:04,495 --> 00:26:06,829
they accepted limits on their nuclear program.
534
00:26:07,264 --> 00:26:10,900
But by 2006, the Iranians had come to the conclusion
535
00:26:10,902 --> 00:26:13,769
that the U.S. was bogged down in Afghanistan and Iraq
536
00:26:13,771 --> 00:26:16,972
and no longer had the capacity to threaten them,
537
00:26:17,340 --> 00:26:21,077
and so they felt it was safe to resume their enrichment program
538
00:26:21,845 --> 00:26:24,513
they started producing low enriched uranium,
539
00:26:24,781 --> 00:26:26,782
producing more centrifuges, installing them
540
00:26:26,784 --> 00:26:30,619
at the large-scale underground enrichment facility at Natanz.
541
00:26:41,965 --> 00:26:44,414
Journalist:
542
00:26:44,414 --> 00:26:46,809
For a journalist, passing through
these underground tunnels
543
00:26:47,022 --> 00:26:50,982
and visiting the beating heart of
Iran's nuclear plant is quite an event.
544
00:26:51,193 --> 00:26:56,873
The president's visit to the plant today
had made this event possible for us.
545
00:26:57,825 --> 00:27:00,017
The West tells us that we have to
negotiate with them for like ten years
546
00:27:00,017 --> 00:27:02,051
Ahmadinejad:
547
00:27:02,371 --> 00:27:06,461
and then they will decide whether Iran
may have 20 centrifuges or not.
548
00:27:06,709 --> 00:27:08,669
Of course the Iranian nation
says no to them.
549
00:27:09,253 --> 00:27:11,003
Today, about 7,000 of these machines
550
00:27:11,296 --> 00:27:14,756
are working under
the ground right over there.
551
00:27:35,085 --> 00:27:37,019
Gibney: How many times have you been to Natanz?
552
00:27:37,354 --> 00:27:40,756
Not that many, because I left few years ago, the CIA,
553
00:27:40,758 --> 00:27:43,092
but I was there quite... quite a few times.
554
00:27:46,630 --> 00:27:49,198
Natanz is just in the middle of the desert.
555
00:27:51,134 --> 00:27:53,102
When they were building it in secret,
556
00:27:53,336 --> 00:27:57,373
they were calling it desert irrigation facility.
557
00:27:57,874 --> 00:27:59,441
For the local people,
558
00:27:59,443 --> 00:28:02,011
you want to sell why you are building a big complex.
559
00:28:04,814 --> 00:28:07,516
There is a lot of artillery and air force.
560
00:28:07,518 --> 00:28:11,921
It's better protected against attack from air
561
00:28:12,455 --> 00:28:14,957
than any other nuclear installation I have seen.
562
00:28:17,727 --> 00:28:20,196
So this is deeply underground.
563
00:28:24,801 --> 00:28:28,704
But then inside, Natanz is like any other centrifuge facility.
564
00:28:28,706 --> 00:28:33,042
I have been all over the world, from Brazil to Russia, Japan,
565
00:28:33,044 --> 00:28:37,580
so they are all alike with their own features,
566
00:28:37,582 --> 00:28:39,982
their own centrifuges, their own culture,
567
00:28:39,984 --> 00:28:42,585
but basically, the process is the same.
568
00:28:43,653 --> 00:28:46,722
And so are the monitoring activities of the IAEA.
569
00:28:46,724 --> 00:28:48,390
There are basic principles.
570
00:28:48,392 --> 00:28:51,126
You want to see what goes in, what goes out,
571
00:28:51,394 --> 00:28:53,562
and then on top of that you make sure that
572
00:28:53,564 --> 00:28:56,031
it produces low enriched uranium
573
00:28:56,033 --> 00:28:58,434
instead of anything to do with the higher enrichments
574
00:28:58,436 --> 00:29:00,603
and nuclear weapon grade uranium.
575
00:29:06,576 --> 00:29:07,943
Emad Kiyaei: Iran's nuclear facilities
576
00:29:07,945 --> 00:29:10,179
are under 24-hour watch.
577
00:29:10,880 --> 00:29:13,215
Of the United Nations nuclear watchdog,
578
00:29:13,217 --> 00:29:16,518
the IAEA, the International Atomic Energy Agency.
579
00:29:17,887 --> 00:29:22,091
Every single gram of Iranian fissile material...
580
00:29:23,293 --> 00:29:24,660
Is accounted for.
581
00:29:27,464 --> 00:29:29,932
They have, like, basically seals they put
582
00:29:29,934 --> 00:29:33,502
on fissile materials. There are IAEA seals.
583
00:29:33,737 --> 00:29:36,038
You can't break it
584
00:29:36,040 --> 00:29:37,873
without getting noticed.
585
00:29:39,876 --> 00:29:42,111
Heinonen: When you look at the uranium
586
00:29:42,113 --> 00:29:45,981
which was there in Natanz, it was a very special uranium.
587
00:29:46,149 --> 00:29:51,553
This is called Isotope 236, and that was a puzzle to us,
588
00:29:51,555 --> 00:29:53,989
because you only see this sort of uranium
589
00:29:53,991 --> 00:29:57,126
in states which have had nuclear weapons.
590
00:29:58,995 --> 00:30:01,697
We realized that they had cheated us.
591
00:30:02,399 --> 00:30:05,668
This sort of equipment has been bought
592
00:30:05,670 --> 00:30:07,469
from what they call a black market.
593
00:30:07,471 --> 00:30:10,706
They never pointed out it to A.Q. Khan
594
00:30:11,141 --> 00:30:12,941
at that point of time.
595
00:30:17,814 --> 00:30:21,150
What I was surprised was the sophistication
596
00:30:21,152 --> 00:30:22,985
and the quality control
597
00:30:23,286 --> 00:30:25,287
and the way they have the manufacturing
598
00:30:25,289 --> 00:30:26,689
was really professional.
599
00:30:27,824 --> 00:30:30,426
It was not something, you know, you just create
600
00:30:30,428 --> 00:30:31,960
in a few months' time.
601
00:30:31,962 --> 00:30:34,697
This was a result of a long process.
602
00:30:41,805 --> 00:30:44,606
A centrifuge, you feed uranium gas
603
00:30:44,608 --> 00:30:47,710
in and you have a cascade, thousands of centrifuges,
604
00:30:47,712 --> 00:30:50,713
and from the other end you get enriched uranium out.
605
00:30:51,448 --> 00:30:55,451
It separates uranium based on spinning the rotors.
606
00:30:55,453 --> 00:30:59,221
It spins so fast, 300 meters per second,
607
00:30:59,223 --> 00:31:02,257
the same as the velocity of sound.
608
00:31:03,626 --> 00:31:05,294
These are tremendous forces
609
00:31:05,296 --> 00:31:08,230
and as a result, the rotor, it twists,
610
00:31:08,232 --> 00:31:10,399
looks like a banana at one point of time.
611
00:31:11,801 --> 00:31:13,369
So it has to be balanced
612
00:31:13,371 --> 00:31:16,739
because any small vibration it will blow up.
613
00:31:18,141 --> 00:31:20,075
And here comes another trouble.
614
00:31:20,377 --> 00:31:22,544
You have to raise the temperature
615
00:31:22,546 --> 00:31:25,647
but this very thin rotor was...
616
00:31:25,649 --> 00:31:27,683
They are made from carbon fiber,
617
00:31:27,685 --> 00:31:30,319
and the other pieces, they are made from metal.
618
00:31:31,221 --> 00:31:34,723
When you heat carbon fiber, it shrinks.
619
00:31:35,825 --> 00:31:38,127
When you heat metal, it expands.
620
00:31:38,495 --> 00:31:41,530
So you need to balance not only that they spin,
621
00:31:41,532 --> 00:31:44,666
they twist, but this temperature behavior
622
00:31:44,668 --> 00:31:46,902
in such a way that it doesn't break.
623
00:31:46,904 --> 00:31:49,104
So this has to be very precise.
624
00:31:49,606 --> 00:31:52,074
This is what makes them very difficult to manufacture.
625
00:31:52,076 --> 00:31:54,743
You can model it, you can calculate it,
626
00:31:54,745 --> 00:31:57,212
but at the very end, it's actually based
627
00:31:57,214 --> 00:31:59,848
on practice and experience.
628
00:31:59,850 --> 00:32:03,152
So it's a... it's a piece of art, so to say.
629
00:32:13,631 --> 00:32:16,454
Man:
630
00:32:16,454 --> 00:32:19,690
Because of the strength of our nation,
our army and our revolutionary guard
631
00:32:20,939 --> 00:32:26,569
Our dawn became eternal
by the glow of success
632
00:32:28,113 --> 00:32:31,993
Morning of dreams rises from the shores
633
00:32:32,242 --> 00:32:36,162
The branches of life have sprouted
634
00:32:36,497 --> 00:32:42,127
May this victory be Blessed
635
00:32:44,093 --> 00:32:46,428
Heinonen: Iranians are very proud of their centrifuges.
636
00:32:46,430 --> 00:32:49,398
They have a lot of public relations videos
637
00:32:49,400 --> 00:32:53,135
given up always in April when they have what they call
638
00:32:53,137 --> 00:32:54,636
a national nuclear day.
639
00:32:55,057 --> 00:32:57,347
Blessed be this holy spring
640
00:32:57,347 --> 00:32:59,141
Man:
641
00:32:59,311 --> 00:33:02,151
Blessed be the gardener
642
00:33:02,439 --> 00:33:05,069
I proudly announce that from today on,
643
00:33:05,442 --> 00:33:08,952
Iran is among the countries
that can produce nuclear fuel.
644
00:33:08,953 --> 00:33:12,321
Kiyaei: Ahmadinejad came into his presidency saying
645
00:33:12,323 --> 00:33:14,923
if the international community wants to derail us
646
00:33:14,925 --> 00:33:16,592
we will stand up to it.
647
00:33:17,660 --> 00:33:20,362
If they want us to sign more inspections
648
00:33:20,364 --> 00:33:23,632
and more additional protocols and other measures,
649
00:33:23,634 --> 00:33:26,368
no, we will not. We will fight for our rights.
650
00:33:27,605 --> 00:33:30,672
Iran is a signature to nuclear non-proliferation treaty,
651
00:33:30,674 --> 00:33:34,276
and under that treaty, Iran has a right to a nuclear program.
652
00:33:34,844 --> 00:33:38,313
We can have enrichment. Who are you, world powers,
653
00:33:38,315 --> 00:33:40,782
to come and tell us that we cannot have enrichment?
654
00:33:41,150 --> 00:33:42,885
This was his mantra,
655
00:33:43,620 --> 00:33:46,989
and it galvanized the public.
656
00:33:50,560 --> 00:33:52,961
Sanger: By 2007, 2008,
657
00:33:52,963 --> 00:33:55,464
the U.S. government was in a very bad place with
658
00:33:55,466 --> 00:33:56,765
the Iranian program.
659
00:33:57,734 --> 00:33:59,835
President Bush recognized
660
00:33:59,837 --> 00:34:02,471
that he could not even come out in public
661
00:34:02,473 --> 00:34:04,973
and declare that the Iranians were building a nuclear weapon,
662
00:34:04,975 --> 00:34:06,808
because by this time, he had gone through
663
00:34:06,810 --> 00:34:10,112
the entire WMD fiasco in Iraq.
664
00:34:10,813 --> 00:34:13,081
He could not really take military action.
665
00:34:13,083 --> 00:34:15,484
Condoleezza Rice said to him at one point,
666
00:34:15,486 --> 00:34:18,887
"you know, Mr. President, I think you've invaded
667
00:34:18,889 --> 00:34:22,558
your last Muslim country, even for the best of reasons."
668
00:34:24,394 --> 00:34:26,595
He didn't want to let the Israelis
669
00:34:26,597 --> 00:34:28,430
conduct a military operation.
670
00:34:28,765 --> 00:34:34,503
It's 1938, and Iran is Germany and it's racing...
671
00:34:35,338 --> 00:34:37,940
To arm itself with atomic bombs.
672
00:34:38,541 --> 00:34:42,110
Iran's nuclear ambitions must be stopped.
673
00:34:42,779 --> 00:34:47,516
They have to be stopped. We all have to stop it, now.
674
00:34:47,518 --> 00:34:50,118
That's the one message I have for you today.
675
00:34:50,120 --> 00:34:52,020
- Thank you.
676
00:34:52,022 --> 00:34:54,890
Israel was saying they were gonna bomb Iran.
677
00:34:54,892 --> 00:34:58,093
And the government here in Washington
678
00:34:58,095 --> 00:35:00,462
did all sorts of scenarios about what would happen
679
00:35:00,464 --> 00:35:03,031
if that Israeli attack occurred.
680
00:35:03,433 --> 00:35:05,601
They were all very ugly scenarios.
681
00:35:05,603 --> 00:35:08,604
Our belief was that if they went on their own
682
00:35:08,606 --> 00:35:10,405
knowing the limitations...
683
00:35:10,407 --> 00:35:12,307
No, they're a very good air force, all right?
684
00:35:12,642 --> 00:35:14,710
But it's small and the distances are great
685
00:35:14,712 --> 00:35:17,112
and the target's disbursed and hardened, all right?
686
00:35:18,114 --> 00:35:20,682
If they would have attempted a raid
687
00:35:21,384 --> 00:35:23,118
on a military plane,
688
00:35:23,419 --> 00:35:26,221
we would have been assuming that they were assuming
689
00:35:26,223 --> 00:35:28,790
we would finish that which they started.
690
00:35:28,792 --> 00:35:31,426
In other words, there would be many of us
691
00:35:31,428 --> 00:35:33,462
in government thinking that the purpose of the raid
692
00:35:33,464 --> 00:35:35,998
wasn't to destroy the Iranian nuclear system,
693
00:35:36,000 --> 00:35:39,668
but the purpose of the raid was to put us at war with Iran.
694
00:35:40,603 --> 00:35:42,638
Israel is very much concerned about
695
00:35:42,640 --> 00:35:45,307
Iran's nuclear program, more than the United States.
696
00:35:45,309 --> 00:35:48,076
It's only natural because of the size of the country,
697
00:35:48,078 --> 00:35:50,479
because we live in this neighborhood,
698
00:35:50,481 --> 00:35:54,116
America lives thousands and thousands miles away from Iran.
699
00:35:54,118 --> 00:35:57,753
The two countries agreed on the goal.
700
00:35:58,021 --> 00:36:00,789
There is no page between us
701
00:36:00,791 --> 00:36:06,128
that Iran should not have a nuclear military capability.
702
00:36:06,130 --> 00:36:08,130
There are some differences
703
00:36:08,132 --> 00:36:10,499
on how to... how to achieve it
704
00:36:10,501 --> 00:36:12,801
and when action is needed.
705
00:36:15,424 --> 00:36:21,054
The origin of corruption (Israel)
will be wiped off the face of the Earth.
706
00:36:22,311 --> 00:36:24,713
Yadlin: We are taking very seriously
707
00:36:24,715 --> 00:36:27,449
leaders of countries who call to the destruction
708
00:36:27,451 --> 00:36:30,085
and annihilation of our people.
709
00:36:30,286 --> 00:36:32,788
If Iran will get nuclear weapons,
710
00:36:32,790 --> 00:36:34,256
now or in the future...
711
00:36:35,224 --> 00:36:38,060
It means that for the first time in human history
712
00:36:38,861 --> 00:36:41,563
Islamic zealots, religious zealots,
713
00:36:42,231 --> 00:36:44,566
will get their hand on
714
00:36:44,568 --> 00:36:47,536
the most dangerous, devastating weapons,
715
00:36:47,538 --> 00:36:50,305
and the world should prevent this.
716
00:36:52,475 --> 00:36:56,244
Samore: The Israelis believe that the Iranian leadership
717
00:36:56,246 --> 00:36:59,181
has already made the decision to build nuclear weapons
718
00:36:59,183 --> 00:37:01,083
when they think they can get away with it.
719
00:37:01,484 --> 00:37:04,252
The view in the U.S. is that the Iranians
720
00:37:04,254 --> 00:37:06,421
haven't made that final decision yet.
721
00:37:07,390 --> 00:37:09,324
To me, that doesn't make any difference.
722
00:37:09,326 --> 00:37:11,059
I mean, it really doesn't make any difference,
723
00:37:11,061 --> 00:37:14,229
and it's probably unknowable, unless you can put, you know,
724
00:37:14,231 --> 00:37:17,599
Supreme Leader Khamenei on the couch and interview him.
725
00:37:17,601 --> 00:37:20,535
I think, you know, from our standpoint,
726
00:37:20,537 --> 00:37:23,171
stopping Iran from getting the threshold capacity
727
00:37:23,173 --> 00:37:26,308
is, you know, the primary policy objective.
728
00:37:27,610 --> 00:37:29,711
Once they have the fissile material,
729
00:37:29,713 --> 00:37:32,114
once they have the capacity to produce nuclear weapons,
730
00:37:32,116 --> 00:37:33,482
then the game is lost.
731
00:37:39,288 --> 00:37:41,089
Hayden: President Bush once said to me, he said,
732
00:37:41,091 --> 00:37:44,192
"Mike, I don't want any president ever to be faced
733
00:37:44,194 --> 00:37:48,230
with only two options, bombing or the bomb."
734
00:37:48,232 --> 00:37:49,464
Right?
735
00:37:49,466 --> 00:37:53,034
He... he wanted options that... that made it...
736
00:37:53,236 --> 00:37:56,204
Made it far less likely he or his successor
737
00:37:56,206 --> 00:37:58,740
or successors would ever get to that point
738
00:37:58,742 --> 00:38:00,375
where that's... that's all you've got.
739
00:38:00,710 --> 00:38:04,346
We wanted to be energetic enough in pursuing this problem
740
00:38:04,714 --> 00:38:07,716
that... that the Israelis would certainly believe,
741
00:38:07,718 --> 00:38:08,917
"yeah, we get it."
742
00:38:08,919 --> 00:38:11,052
The intelligence cooperation between Israel
743
00:38:11,054 --> 00:38:14,489
and the United States is very, very good.
744
00:38:15,258 --> 00:38:17,559
And therefore, the Israelis went to the Americans
745
00:38:17,561 --> 00:38:21,163
and said, "okay, guys, you don't want us to bomb Iran.
746
00:38:21,165 --> 00:38:24,332
Okay, let's do it differently."
747
00:38:24,834 --> 00:38:28,403
And then the American intelligence community started
748
00:38:28,405 --> 00:38:30,105
rolling in joint forces
749
00:38:30,107 --> 00:38:32,073
with the Israeli intelligence community.
750
00:38:32,742 --> 00:38:36,745
One day a group of intelligence and military officials showed up
751
00:38:37,446 --> 00:38:39,381
in President Bush's office
752
00:38:39,982 --> 00:38:41,516
and said, "sir, we have an idea.
753
00:38:42,652 --> 00:38:43,985
It's a big risk.
754
00:38:44,520 --> 00:38:46,321
It might not work, but here it is."
755
00:38:53,863 --> 00:38:57,499
Langner: Moving forward in my analysis of the codes,
756
00:38:57,501 --> 00:39:01,536
I took a closer look at the photographs
757
00:39:01,538 --> 00:39:03,371
that had been published
758
00:39:03,373 --> 00:39:08,143
by the Iranians themselves in a press tour from 2008
759
00:39:08,145 --> 00:39:11,279
of Ahmadinejad and the shiny centrifuges.
760
00:39:13,683 --> 00:39:15,550
Sanger: Well, photographs of Ahmadinejad
761
00:39:15,552 --> 00:39:18,353
going through the centrifuges at Natanz
762
00:39:18,355 --> 00:39:21,790
had provided some very important clues.
763
00:39:22,491 --> 00:39:24,693
There was a huge amount to be learned.
764
00:39:33,002 --> 00:39:35,804
First of all, those photographs showed
765
00:39:35,806 --> 00:39:39,140
many of the individuals who were guiding Ahmadinejad
766
00:39:39,142 --> 00:39:40,308
through the program.
767
00:39:40,310 --> 00:39:42,911
And there's one very famous photograph that shows
768
00:39:42,913 --> 00:39:44,913
Ahmadinejad being shown something.
769
00:39:44,915 --> 00:39:47,482
You see his face, you can't see what's on the computer.
770
00:39:47,484 --> 00:39:50,919
And one of the scientists who was behind him
771
00:39:50,921 --> 00:39:53,321
was assassinated a few months later.
772
00:39:57,693 --> 00:39:59,427
Langner: In one of those photographs,
773
00:39:59,695 --> 00:40:03,031
you could see parts of a computer screen.
774
00:40:03,033 --> 00:40:05,600
We... we refer to that as a SCADA screen.
775
00:40:05,602 --> 00:40:08,570
The SCADA system is basically a piece of software
776
00:40:08,572 --> 00:40:10,171
running on a computer.
777
00:40:10,173 --> 00:40:13,775
It enables the operators to monitor the processes.
778
00:40:14,777 --> 00:40:18,914
What you could see when you look close enough
779
00:40:19,448 --> 00:40:23,785
was a more detailed view of the configuration
780
00:40:24,587 --> 00:40:27,889
there were these six groups of centrifuges
781
00:40:27,891 --> 00:40:31,326
and each group had 164 entries.
782
00:40:31,894 --> 00:40:33,461
And guess what?
783
00:40:33,763 --> 00:40:36,097
That was a perfect match to what we saw
784
00:40:36,099 --> 00:40:37,465
in the attack code.
785
00:40:38,801 --> 00:40:42,203
It was absolutely clear that this piece of code
786
00:40:42,205 --> 00:40:45,774
was attacking an array of six different groups
787
00:40:45,776 --> 00:40:49,611
of, let's just say, thingies, physical objects,
788
00:40:49,613 --> 00:40:55,517
and in those six groups, there were 164 elements.
789
00:40:59,221 --> 00:41:01,556
Gibney: Were you able to do any actual physical tests?
790
00:41:01,558 --> 00:41:03,792
Or it was all just code analysis?
791
00:41:03,794 --> 00:41:05,727
Yeah, so, you know, we obviously
792
00:41:05,729 --> 00:41:08,797
couldn't set up our own sort of nuclear enrichment facility.
793
00:41:08,965 --> 00:41:11,266
So... but what we did was we did obtain some PLCs,
794
00:41:11,268 --> 00:41:12,500
the exact models.
795
00:41:19,675 --> 00:41:22,077
We then ordered an air pump, and that's what we used
796
00:41:22,079 --> 00:41:23,745
sort of as our sort of proof of concept.
797
00:41:24,580 --> 00:41:26,314
O'Murchu: We needed a visual demonstration
798
00:41:26,316 --> 00:41:28,516
to show people what we discovered.
799
00:41:28,818 --> 00:41:30,852
So we thought of different things that we could do,
800
00:41:30,854 --> 00:41:32,988
and we... we settled on blowing up a balloon.
801
00:41:37,326 --> 00:41:39,294
We were able to write a program that would inflate a balloon,
802
00:41:39,296 --> 00:41:42,197
and it was set to stop after five seconds.
803
00:41:52,174 --> 00:41:53,942
So it would inflate the balloon to a certain size
804
00:41:53,944 --> 00:41:55,443
but it wouldn't burst the balloon
805
00:41:55,445 --> 00:41:56,878
and it was all safe.
806
00:41:56,880 --> 00:41:58,980
And we showed everybody, this is the code
807
00:41:58,982 --> 00:42:00,215
that's on the PLC.
808
00:42:00,649 --> 00:42:02,617
And the timer says, "stop after five seconds."
809
00:42:02,852 --> 00:42:04,412
We know that's what's going to happen.
810
00:42:04,987 --> 00:42:07,255
And then we would infect the computer with STUXnet,
811
00:42:07,790 --> 00:42:10,058
and we would run the test again.
812
00:42:41,257 --> 00:42:42,857
Here is a piece of software
813
00:42:42,859 --> 00:42:45,827
that should only exist in a cyber realm
814
00:42:45,829 --> 00:42:48,930
and it is able to affect physical equipment
815
00:42:48,932 --> 00:42:52,667
in a plant or factory and cause physical damage.
816
00:42:52,669 --> 00:42:54,736
Real-world physical destruction.
817
00:42:59,241 --> 00:43:01,910
At that time, things became very scary to us.
818
00:43:01,912 --> 00:43:04,412
Here you had malware potentially killing people
819
00:43:04,414 --> 00:43:06,714
and that was something that was always Hollywood-esque to us
820
00:43:06,716 --> 00:43:07,882
that we'd always laugh at
821
00:43:07,884 --> 00:43:09,918
when people made that kind of assertion.
822
00:43:15,524 --> 00:43:18,026
Gibney: At this point, you had to have started developing
823
00:43:18,028 --> 00:43:20,795
theories as to who had built STUXnet.
824
00:43:21,730 --> 00:43:23,298
It wasn't lost on us that
825
00:43:23,300 --> 00:43:26,534
there were probably only a few countries
826
00:43:26,536 --> 00:43:28,870
in the world that would want
827
00:43:28,872 --> 00:43:31,739
and have the motivation to sabotage
828
00:43:31,741 --> 00:43:33,875
Iran's nuclear enrichment facility.
829
00:43:33,877 --> 00:43:35,777
The U.S. government would be up there.
830
00:43:35,779 --> 00:43:37,946
Israeli government certainly would be... would be up there.
831
00:43:37,948 --> 00:43:40,048
You know, maybe U.K., France, Germany,
832
00:43:40,050 --> 00:43:41,483
those sorts of countries,
833
00:43:41,485 --> 00:43:43,785
but we never found any information that
834
00:43:43,787 --> 00:43:46,821
would tie it back 100 percent to... to those countries.
835
00:43:46,823 --> 00:43:48,756
There are no telltale signs.
836
00:43:48,758 --> 00:43:51,326
You know, the attackers don't leave a message inside
837
00:43:51,328 --> 00:43:53,495
saying, you know, "it was me."
838
00:43:54,396 --> 00:43:57,665
And even if they did, all of that stuff can be faked.
839
00:43:58,000 --> 00:44:00,668
So it's very, very difficult to do attribution
840
00:44:00,670 --> 00:44:02,403
when looking at computer code.
841
00:44:03,272 --> 00:44:04,806
Gibney: Subsequent work that's been done
842
00:44:04,808 --> 00:44:07,242
leads us to believe that this was the work of
843
00:44:07,244 --> 00:44:08,776
a collaboration between Israel and the United States.
844
00:44:08,778 --> 00:44:09,844
Yeah, yeah.
845
00:44:09,846 --> 00:44:10,979
Gibney: Did you have any evidence
846
00:44:10,981 --> 00:44:12,247
in terms of your analysis
847
00:44:12,249 --> 00:44:14,249
that would lead you to believe that
848
00:44:14,251 --> 00:44:15,583
that's correct also?
849
00:44:15,585 --> 00:44:17,685
Nothing that I could talk about on camera.
850
00:44:19,188 --> 00:44:21,990
Gibney: Well, can I ask why?
851
00:44:21,992 --> 00:44:23,825
No.
852
00:44:23,827 --> 00:44:25,527
Well, you can, but I won't answer.
853
00:44:27,964 --> 00:44:30,265
Gibney: But even in the case of nation-states,
854
00:44:30,267 --> 00:44:31,766
I mean, one of the concerns is...
855
00:44:31,768 --> 00:44:33,902
Gibney: This was beginning to really piss me off.
856
00:44:34,336 --> 00:44:37,672
Even civilians with an interest in telling the STUXnet story
857
00:44:37,674 --> 00:44:40,608
were refusing to address the role of Tel Aviv
858
00:44:40,610 --> 00:44:43,845
and Washington. But luckily for me,
859
00:44:44,113 --> 00:44:45,947
while D.C. is a city of secrets,
860
00:44:46,282 --> 00:44:48,049
it is also a city of leaks.
861
00:44:48,517 --> 00:44:50,218
They're as regular as a heartbeat
862
00:44:50,220 --> 00:44:51,953
and just as hard to stop.
863
00:44:52,955 --> 00:44:54,522
That's what I was counting on.
864
00:44:59,696 --> 00:45:03,231
Finally, after speaking to a number of people on background,
865
00:45:03,233 --> 00:45:05,833
I did find a way of confirming, on the record,
866
00:45:05,835 --> 00:45:07,702
the American role in STUXnet.
867
00:45:08,671 --> 00:45:10,805
In exchange for details of the operation,
868
00:45:10,807 --> 00:45:12,874
I had to agree to find a way
869
00:45:12,876 --> 00:45:15,176
to disguise the source of the information.
870
00:45:15,178 --> 00:45:16,945
- Gibney: We're good?
- Man: We're on.
871
00:45:18,514 --> 00:45:20,181
Gibney: So the first question I have to ask you
872
00:45:20,183 --> 00:45:21,583
is about secrecy.
873
00:45:22,084 --> 00:45:25,153
I mean, at this point, everyone knows about STUXnet.
874
00:45:25,155 --> 00:45:26,821
Why can't we talk about it?
875
00:45:27,323 --> 00:45:28,690
It's a covert operation.
876
00:45:28,692 --> 00:45:30,491
Gibney: Not anymore.
877
00:45:30,493 --> 00:45:32,794
I mean, we know what happened, we know who did it.
878
00:45:33,028 --> 00:45:35,730
Well, maybe you don't know as much as you think you know.
879
00:45:36,532 --> 00:45:39,100
Gibney: Well, I'm talking to you because I want to
880
00:45:39,102 --> 00:45:40,501
get the story right.
881
00:45:40,503 --> 00:45:42,463
Well, that's the same reason I'm talking to you.
882
00:45:44,707 --> 00:45:46,507
Gibney: Even though it's a covert operation?
883
00:45:47,543 --> 00:45:51,379
Look, this is not a Snowden kind of thing, okay?
884
00:45:51,381 --> 00:45:52,714
I think what he did was wrong.
885
00:45:52,716 --> 00:45:55,850
He went too far. He gave away too much.
886
00:45:56,352 --> 00:45:58,353
Unlike Snowden, who was a contractor,
887
00:45:58,355 --> 00:46:00,121
I was in NSA.
888
00:46:00,756 --> 00:46:02,957
I believe in the agency, so what I'm willing to give you
889
00:46:02,959 --> 00:46:04,592
will be limited, but we're talking
890
00:46:04,594 --> 00:46:06,427
because everyone's getting the story wrong
891
00:46:06,429 --> 00:46:08,029
and we have to get it right.
892
00:46:08,031 --> 00:46:09,797
We have to understand these new weapons.
893
00:46:09,799 --> 00:46:11,065
The stakes are too high.
894
00:46:11,067 --> 00:46:12,367
Gibney: What do you mean?
895
00:46:14,470 --> 00:46:16,437
We did STUXnet.
896
00:46:17,640 --> 00:46:18,806
It's a fact.
897
00:46:18,808 --> 00:46:22,543
You know, we came so fucking close to disaster,
898
00:46:22,545 --> 00:46:24,212
and we're still on the edge.
899
00:46:25,748 --> 00:46:30,818
It was a huge multinational, interagency operation.
900
00:46:32,087 --> 00:46:34,789
In the U.S. it was CIA,
901
00:46:35,257 --> 00:46:38,726
NSA, and the military Cyber Command.
902
00:46:39,228 --> 00:46:42,897
From Britain, we used Iran intel out of GCHQ,
903
00:46:43,499 --> 00:46:45,333
but the main partner was Israel.
904
00:46:45,335 --> 00:46:46,834
Over there, Mossad ran the show,
905
00:46:46,836 --> 00:46:49,570
and the technical work was done by Unit 8200.
906
00:46:50,506 --> 00:46:53,508
Israel is really the key to the story.
907
00:46:57,946 --> 00:47:01,015
Melman: Oh, traffic in Israel is so unpredictable.
908
00:47:03,118 --> 00:47:06,187
Gibney: Yossi, how did you get into this whole STUXnet story?
909
00:47:07,356 --> 00:47:10,358
I have been covering the Israeli intelligence
910
00:47:10,360 --> 00:47:12,660
in general, in the Mossad in particular
911
00:47:12,662 --> 00:47:16,064
for nearly 30 years.
912
00:47:16,465 --> 00:47:19,534
In '82, I was a London-based correspondent
913
00:47:19,536 --> 00:47:22,970
and I covered a trial of terrorists,
914
00:47:22,972 --> 00:47:27,275
and I became more familiar with this topic of terrorism,
915
00:47:27,277 --> 00:47:31,446
and slowly but surely, I started covering it as a beat.
916
00:47:34,316 --> 00:47:37,352
Israel, we live in a very rough neighborhood
917
00:47:37,354 --> 00:47:39,721
where the... the Democratic values,
918
00:47:39,723 --> 00:47:43,024
western values, are very rare.
919
00:47:43,459 --> 00:47:47,362
But Israel pretends to be a free, Democratic,
920
00:47:47,364 --> 00:47:49,430
westernized society,
921
00:47:49,898 --> 00:47:53,201
posh neighborhoods, rich people,
922
00:47:53,369 --> 00:47:56,371
youngsters who are having
923
00:47:56,373 --> 00:47:59,407
almost similar mind-set to their American
924
00:47:59,409 --> 00:48:01,642
or western European counterparts.
925
00:48:01,644 --> 00:48:04,379
On the other hand, you see a lot of scenes
926
00:48:04,381 --> 00:48:08,583
and events which resemble the real Middle East,
927
00:48:08,585 --> 00:48:14,355
terror attacks, radicals, fanatics, religious zealots.
928
00:48:18,728 --> 00:48:21,829
I knew that Israel is trying to slow down
929
00:48:21,831 --> 00:48:23,498
Iran's nuclear program,
930
00:48:23,500 --> 00:48:26,267
and therefore, I came to the conclusion that
931
00:48:26,269 --> 00:48:29,437
if there was a virus infecting Iran's computers,
932
00:48:29,439 --> 00:48:35,243
it's... it's one more element in... in this larger picture
933
00:48:35,944 --> 00:48:38,379
based on past precedents.
934
00:48:42,952 --> 00:48:46,621
Yadlin: 1981 I was an F-16 pilot,
935
00:48:47,055 --> 00:48:50,558
and we were told that, unlike our dream
936
00:48:50,560 --> 00:48:53,995
to do dogfights and to kill MIGs,
937
00:48:54,563 --> 00:48:58,199
we have to be prepared for a long-range mission
938
00:48:58,867 --> 00:49:01,502
to destroy a valuable target.
939
00:49:02,271 --> 00:49:03,971
Nobody told us what is
940
00:49:03,973 --> 00:49:06,374
this very valuable strategic target.
941
00:49:07,376 --> 00:49:10,545
It was 600 miles from Israel.
942
00:49:11,914 --> 00:49:15,383
So we train our self to do the job,
943
00:49:15,385 --> 00:49:19,220
which was very difficult. No air refueling at that time.
944
00:49:19,621 --> 00:49:21,689
No satellites for reconnaissance.
945
00:49:23,625 --> 00:49:26,027
Fuel was on the limit.
946
00:49:26,595 --> 00:49:28,896
Pilot: What? Whoa! Whoa!
947
00:49:31,834 --> 00:49:33,234
Yadlin: At the end of the day,
948
00:49:33,969 --> 00:49:35,703
we accomplished the mission.
949
00:49:36,171 --> 00:49:37,472
Gibney: Which was?
950
00:49:37,940 --> 00:49:40,842
Yadlin: To destroy the Iraqi nuclear reactor
951
00:49:40,844 --> 00:49:44,679
near Baghdad, which was called Osirak.
952
00:49:44,913 --> 00:49:50,952
And Iraq never was able to accomplish
953
00:49:50,954 --> 00:49:53,521
its ambition to have a nuclear bomb.
954
00:49:55,524 --> 00:49:58,125
Melman: Amos Yadlin, General Yadlin,
955
00:49:58,127 --> 00:50:00,928
he was the head of the military intelligence.
956
00:50:01,330 --> 00:50:04,799
The biggest unit within that organization
957
00:50:04,801 --> 00:50:06,601
was Unit 8200.
958
00:50:07,302 --> 00:50:09,704
They'd block telephones, they'd block faxes,
959
00:50:09,706 --> 00:50:11,873
they're breaking into computers.
960
00:50:14,209 --> 00:50:16,511
A decade ago, when Yadlin became
961
00:50:16,513 --> 00:50:18,446
the chief of military intelligence,
962
00:50:18,947 --> 00:50:23,451
there was no cyber warfare unit in 8200.
963
00:50:26,388 --> 00:50:30,157
So they started recruiting very talented people,
964
00:50:30,159 --> 00:50:32,727
hackers either from the military
965
00:50:32,729 --> 00:50:35,296
or outside the military that can contribute
966
00:50:35,298 --> 00:50:38,466
to the project of building a cyber warfare unit.
967
00:50:41,203 --> 00:50:45,706
Yadlin: In the 19th century, there were only Army and Navy.
968
00:50:45,708 --> 00:50:49,510
In the 20th century, we got air power
969
00:50:49,512 --> 00:50:51,245
as a third dimension of war.
970
00:50:51,880 --> 00:50:53,848
In the 21st century,
971
00:50:53,850 --> 00:50:57,385
cyber will be the fourth dimension of war.
972
00:50:58,353 --> 00:50:59,887
It's another kind of weapon
973
00:50:59,889 --> 00:51:04,492
and it is for unlimited range in a very high speed
974
00:51:04,893 --> 00:51:07,028
and in a very low signature.
975
00:51:07,030 --> 00:51:09,564
So this give you a huge opportunity...
976
00:51:10,666 --> 00:51:13,935
And the superpowers have to change
977
00:51:13,937 --> 00:51:16,003
the way we think about warfare.
978
00:51:18,241 --> 00:51:20,274
Finally we are transforming our military
979
00:51:20,276 --> 00:51:22,944
for a new kind of war that we're fighting now...
980
00:51:24,413 --> 00:51:25,846
And for wars of tomorrow.
981
00:51:27,182 --> 00:51:29,283
We have made our military better trained,
982
00:51:29,285 --> 00:51:32,186
better equipped, and better prepared
983
00:51:32,188 --> 00:51:34,956
to meet the threats facing America today
984
00:51:34,958 --> 00:51:37,191
and tomorrow and long in the future.
985
00:51:40,963 --> 00:51:43,598
Sanger: Back in the end of the Bush Administration,
986
00:51:43,600 --> 00:51:45,533
people within the U.S. government
987
00:51:45,535 --> 00:51:48,736
were just beginning to convince President Bush
988
00:51:48,738 --> 00:51:51,639
to pour money into offensive cyber weapons.
989
00:51:52,608 --> 00:51:55,643
STUXnet started off in the defense department.
990
00:51:56,311 --> 00:51:58,613
Then Robert Gates, Secretary of Defense,
991
00:51:59,081 --> 00:52:01,248
reviewed this program and he said,
992
00:52:01,250 --> 00:52:03,451
"this program shouldn't be in the defense department.
993
00:52:03,453 --> 00:52:05,953
This should really be under the covert authorities
994
00:52:05,955 --> 00:52:07,788
over in the intelligence world."
995
00:52:08,757 --> 00:52:11,892
So the CIA was very deeply involved
996
00:52:11,894 --> 00:52:13,361
in this operation,
997
00:52:13,662 --> 00:52:16,297
while much of the coding work was done
998
00:52:16,299 --> 00:52:18,699
by The National Security Agency
999
00:52:18,900 --> 00:52:21,969
and Unit 8200, its Israeli equivalent,
1000
00:52:21,971 --> 00:52:25,806
working together with a newly created military position
1001
00:52:25,808 --> 00:52:28,142
called U.S. Cyber Command.
1002
00:52:28,944 --> 00:52:33,147
And interestingly, the director of The National Security Agency
1003
00:52:33,149 --> 00:52:35,750
would also have a second role
1004
00:52:35,752 --> 00:52:39,487
as the commander of U.S. Cyber Command.
1005
00:52:39,955 --> 00:52:43,624
And U.S. Cyber Command is located
1006
00:52:43,626 --> 00:52:47,495
at Fort Meade in the same building as the NSA.
1007
00:52:51,700 --> 00:52:53,734
Col. Gary D. Brown: I was deployed for a year
1008
00:52:54,002 --> 00:52:57,171
giving advice on air operations in Iraq and Afghanistan,
1009
00:52:57,173 --> 00:53:00,007
and when I was returning home after that,
1010
00:53:00,009 --> 00:53:02,009
the assignment I was given was to go
1011
00:53:02,011 --> 00:53:03,444
to U.S. Cyber Command.
1012
00:53:04,613 --> 00:53:06,180
Cyber Command is a...
1013
00:53:06,481 --> 00:53:09,850
Is the military command that's responsible for
1014
00:53:09,852 --> 00:53:12,887
essentially the conducting of the nation's military affairs
1015
00:53:12,889 --> 00:53:14,288
in cyberspace.
1016
00:53:14,790 --> 00:53:17,191
The stated reason the United States
1017
00:53:17,193 --> 00:53:19,360
decided it needed a Cyber Command
1018
00:53:19,362 --> 00:53:22,563
was because of an event called Operation Buckshot Yankee.
1019
00:53:23,031 --> 00:53:24,632
Chris Inglis: In the fall of 2008,
1020
00:53:24,634 --> 00:53:27,468
we found some adversaries inside
1021
00:53:27,470 --> 00:53:29,070
of our classified networks.
1022
00:53:30,005 --> 00:53:31,572
While it wasn't completely true
1023
00:53:31,574 --> 00:53:34,175
that we always assumed that we were successful
1024
00:53:34,177 --> 00:53:35,910
at defending things at the barrier,
1025
00:53:35,912 --> 00:53:38,079
at the... at the kind of perimeter that we might have
1026
00:53:38,081 --> 00:53:40,081
between our networks and the outside world,
1027
00:53:40,083 --> 00:53:42,149
there was a large confidence
1028
00:53:42,151 --> 00:53:44,318
that we'd been mostly successful.
1029
00:53:44,653 --> 00:53:46,220
But that was a moment in time when we came to
1030
00:53:46,222 --> 00:53:49,790
the quick conclusion that it... it's not really ever secure.
1031
00:53:50,659 --> 00:53:53,360
That then accelerated The Department of Defense's
1032
00:53:53,362 --> 00:53:54,929
progress towards what ultimately
1033
00:53:54,931 --> 00:53:56,063
became Cyber Command.
1034
00:53:59,367 --> 00:54:00,568
Good morning.
1035
00:54:01,870 --> 00:54:03,070
Good morning.
1036
00:54:03,238 --> 00:54:05,318
Good morning, sir. Cyber has one item for you today.
1037
00:54:05,774 --> 00:54:07,441
Earlier this week, Antok analysts
1038
00:54:07,443 --> 00:54:09,777
detected a foreign adversary using known methods
1039
00:54:09,779 --> 00:54:11,612
to access the U.S. military network.
1040
00:54:12,080 --> 00:54:13,681
We identified the malicious activity
1041
00:54:13,683 --> 00:54:15,616
via data collected through our information assurance
1042
00:54:15,618 --> 00:54:17,118
and signals from intelligence authorities
1043
00:54:17,120 --> 00:54:19,286
and confirmed it was a cyber adversary.
1044
00:54:19,288 --> 00:54:21,956
We provided data to our cyber partners within the DOD...
1045
00:54:21,958 --> 00:54:24,225
You think of NSA as an institution
1046
00:54:24,227 --> 00:54:27,094
that essentially uses its abilities in cyberspace
1047
00:54:27,462 --> 00:54:29,864
to help defend communications in that space.
1048
00:54:30,198 --> 00:54:32,133
Cyber Command extends that capability
1049
00:54:32,135 --> 00:54:35,503
by saying that they will then take responsibility to attack.
1050
00:54:36,972 --> 00:54:39,974
Hayden: NSA has no legal authority to attack.
1051
00:54:39,976 --> 00:54:42,209
It's never had it, I doubt that it ever will.
1052
00:54:42,711 --> 00:54:44,779
It might explain why U.S. Cyber Command
1053
00:54:44,781 --> 00:54:46,480
is sitting out at Fort Meade on top of
1054
00:54:46,482 --> 00:54:48,215
The National Security Agency,
1055
00:54:48,217 --> 00:54:50,985
because NSA has the abilities to do these things.
1056
00:54:51,286 --> 00:54:54,088
Cyber Command has the authority to do these things.
1057
00:54:54,090 --> 00:54:57,324
And "these things" here refer to the cyber-attack.
1058
00:54:57,326 --> 00:54:59,360
This is a huge change
1059
00:54:59,995 --> 00:55:03,664
for the nature of the intelligence agencies.
1060
00:55:04,099 --> 00:55:06,901
The NSA was supposed to be a code-making
1061
00:55:06,903 --> 00:55:09,270
and code-breaking operation
1062
00:55:09,272 --> 00:55:13,440
to monitor the communications of foreign powers
1063
00:55:13,442 --> 00:55:14,842
and American adversaries
1064
00:55:14,844 --> 00:55:17,178
in the defense of the United States.
1065
00:55:17,679 --> 00:55:21,182
But creating a Cyber Command meant using
1066
00:55:21,184 --> 00:55:24,218
the same technology to do offense.
1067
00:55:26,354 --> 00:55:30,357
Once you get inside an adversary's computer networks,
1068
00:55:30,359 --> 00:55:33,194
you put an implant in that network.
1069
00:55:33,428 --> 00:55:36,030
And we have tens of thousands of foreign computers
1070
00:55:36,032 --> 00:55:38,766
and networks that the United States put implants in.
1071
00:55:39,534 --> 00:55:42,536
You can use it to monitor what's going across
1072
00:55:42,538 --> 00:55:44,538
that network and you can use it
1073
00:55:44,540 --> 00:55:47,775
to insert cyber weapons, malware.
1074
00:55:48,877 --> 00:55:52,079
If you can spy on a network, you can manipulate it.
1075
00:55:52,781 --> 00:55:54,515
It's already included.
1076
00:55:54,716 --> 00:55:57,051
The only thing you need is an act of will.
1077
00:56:01,057 --> 00:56:02,857
NSA source: I played a role in Iraq.
1078
00:56:02,859 --> 00:56:05,226
I can't tell you whether it was military or not,
1079
00:56:05,228 --> 00:56:06,827
but I can tell you
1080
00:56:06,829 --> 00:56:09,163
NSA had combat support teams in country.
1081
00:56:10,700 --> 00:56:13,367
And for the first time, units in the field
1082
00:56:13,369 --> 00:56:15,769
had direct access to NSA intel.
1083
00:56:18,341 --> 00:56:20,207
Over time, we thought more about offense
1084
00:56:20,209 --> 00:56:21,675
than defense, you know,
1085
00:56:21,677 --> 00:56:23,410
more about attacking than intelligence.
1086
00:56:24,713 --> 00:56:27,748
In the old days, sigint units would try to track radios,
1087
00:56:27,750 --> 00:56:30,017
but through NSA in Iraq,
1088
00:56:30,019 --> 00:56:32,052
we had access to all the networks
1089
00:56:32,054 --> 00:56:33,587
going in and out of the country.
1090
00:56:33,589 --> 00:56:35,656
And we hoovered up every text message,
1091
00:56:35,658 --> 00:56:37,157
email, and phone call.
1092
00:56:37,692 --> 00:56:40,094
A complete surveillance state.
1093
00:56:40,996 --> 00:56:45,065
We could find the bad guys, say, a gang making IEDs,
1094
00:56:45,067 --> 00:56:48,602
map their networks, and follow them in real time.
1095
00:56:48,604 --> 00:56:49,904
Soldier: Roger.
1096
00:56:49,906 --> 00:56:51,705
NSA source: And we could lock into cell phones
1097
00:56:51,707 --> 00:56:53,774
even when they were off and send a fake text
1098
00:56:53,776 --> 00:56:56,210
from a friend, suggest a meeting place,
1099
00:56:56,212 --> 00:56:58,078
and then capture...
1100
00:56:58,080 --> 00:56:59,446
Soldier: 1A, clear to fire.
1101
00:56:59,915 --> 00:57:01,215
...or kill.
1102
00:57:01,217 --> 00:57:02,316
Soldier: Good shot.
1103
00:57:05,353 --> 00:57:07,621
Brown: A lot of the people that came to Cyber Command,
1104
00:57:07,623 --> 00:57:09,456
the military guys, came directly from
1105
00:57:09,458 --> 00:57:11,458
an assignment in Afghanistan or Iraq,
1106
00:57:11,460 --> 00:57:14,028
'cause those are the people with experience
1107
00:57:14,030 --> 00:57:15,963
and expertise in operations,
1108
00:57:15,965 --> 00:57:17,898
and those are the ones you want looking at this
1109
00:57:17,900 --> 00:57:19,934
to see how cyber could facilitate
1110
00:57:19,936 --> 00:57:22,169
traditional military operations.
1111
00:57:33,882 --> 00:57:35,716
NSA source: Fresh from the surge,
1112
00:57:35,718 --> 00:57:40,220
I went to work at NSA in '07 in a supervisory capacity.
1113
00:57:40,222 --> 00:57:42,389
Gibney: Exactly where did you work?
1114
00:57:42,391 --> 00:57:43,724
NSA source: Fort Meade.
1115
00:57:43,726 --> 00:57:45,459
You know, I commuted to that massive complex
1116
00:57:45,461 --> 00:57:46,894
every single day.
1117
00:57:48,229 --> 00:57:52,533
I was in TAO-S321, "The Roc."
1118
00:57:53,101 --> 00:57:55,169
Gibney: Okay, the TAO, The Roc?
1119
00:57:55,337 --> 00:57:58,572
Right, sorry. TAO is tailored access operations.
1120
00:57:58,574 --> 00:58:00,607
It's where NSA's hackers work.
1121
00:58:00,609 --> 00:58:02,376
Of course, we didn't call them that.
1122
00:58:02,644 --> 00:58:03,978
Gibney: What did you call them?
1123
00:58:04,145 --> 00:58:05,512
NSA source: On net operators.
1124
00:58:05,814 --> 00:58:08,349
They're the only people at NSA allowed to break in
1125
00:58:08,351 --> 00:58:09,850
or attack on the Internet.
1126
00:58:10,852 --> 00:58:12,953
Inside TAO headquarters is The Roc,
1127
00:58:12,955 --> 00:58:14,555
remote operations center.
1128
00:58:15,357 --> 00:58:18,559
If the U.S. government wants to get in somewhere,
1129
00:58:19,627 --> 00:58:21,028
it goes to The Roc.
1130
00:58:21,196 --> 00:58:24,064
I mean, we were flooded with requests.
1131
00:58:24,799 --> 00:58:27,334
So many that we could only do about, mm,
1132
00:58:27,336 --> 00:58:30,504
30% of the missions that were requested of us at one time,
1133
00:58:30,506 --> 00:58:32,139
through the web
1134
00:58:32,141 --> 00:58:35,009
but also by hijacking shipments of parts.
1135
00:58:35,877 --> 00:58:37,878
You know, sometimes the CIA would assist
1136
00:58:37,880 --> 00:58:40,514
inputting implants in machines,
1137
00:58:41,716 --> 00:58:44,451
so once inside a target network,
1138
00:58:45,320 --> 00:58:46,587
we could just...
1139
00:58:47,555 --> 00:58:48,756
Watch...
1140
00:58:50,492 --> 00:58:52,059
Or we could attack.
1141
00:58:55,864 --> 00:58:59,400
Inside NSA was a strange kind of culture,
1142
00:58:59,402 --> 00:59:01,802
like, two parts macho military
1143
00:59:01,804 --> 00:59:05,906
and two parts cyber geek. I mean, I came from Iraq,
1144
00:59:05,908 --> 00:59:07,808
so I was used to, "Yes, sir. No, sir."
1145
00:59:07,810 --> 00:59:09,910
But for the weapons programmers
1146
00:59:09,912 --> 00:59:12,479
we needed more "think outside the box" types.
1147
00:59:13,314 --> 00:59:15,049
From cubicle to cubicle,
1148
00:59:15,051 --> 00:59:18,318
you'd see lightsabers, Tribbles,
1149
00:59:18,320 --> 00:59:20,487
those Naruto action figures,
1150
00:59:20,489 --> 00:59:22,790
lots of Aqua Teen Hunger Force.
1151
00:59:25,527 --> 00:59:29,129
This one guy, they were mostly guys,
1152
00:59:30,098 --> 00:59:32,232
who liked to wear a yellow hooded cape,
1153
00:59:32,700 --> 00:59:36,303
he used a ton of gray Legos to build a massive Death Star.
1154
00:59:39,340 --> 00:59:41,508
Gibney: Were they all working on STUXnet?
1155
00:59:42,077 --> 00:59:44,111
NSA source: We never called it STUXnet.
1156
00:59:44,113 --> 00:59:46,880
That was the name invented by the antivirus guys.
1157
00:59:46,882 --> 00:59:48,882
When it hit the papers,
1158
00:59:48,884 --> 00:59:50,884
we're not allowed to read about classified operations,
1159
00:59:50,886 --> 00:59:52,386
even if it's in The New York Times.
1160
00:59:52,388 --> 00:59:54,088
We went out of our way to avoid the term.
1161
00:59:54,090 --> 00:59:56,023
I mean, saying "STUXnet" out loud
1162
00:59:56,025 --> 00:59:58,192
was like saying "Voldemort" in Harry Potter.
1163
00:59:58,194 --> 00:59:59,827
The name that shall not be spoken.
1164
01:00:00,128 --> 01:00:01,628
Gibney: What did you call it then?
1165
01:00:10,105 --> 01:00:13,640
The Natanz attack, and this is out there already,
1166
01:00:14,542 --> 01:00:18,512
was called Olympic Games or OG.
1167
01:00:22,050 --> 01:00:24,485
There was a huge operation to test the code
1168
01:00:24,487 --> 01:00:26,854
on PLCs here are Fort Meade
1169
01:00:27,422 --> 01:00:29,857
and in Sandia, New Mexico.
1170
01:00:31,626 --> 01:00:33,060
Remember during the Bush era
1171
01:00:33,062 --> 01:00:35,496
when Libya turned over all the centrifuges?
1172
01:00:35,930 --> 01:00:38,098
Those were the same models the Iranians got
1173
01:00:38,100 --> 01:00:40,400
from A.Q. Khan. P1s.
1174
01:00:41,803 --> 01:00:44,271
We took them to Oak Ridge and used them
1175
01:00:44,273 --> 01:00:47,808
to test the code which demolished the insides.
1176
01:00:48,843 --> 01:00:52,713
At Dimona, the Israelis also tested on the P1s.
1177
01:00:54,149 --> 01:00:56,750
Then, partly by using our intel on Iran,
1178
01:00:56,752 --> 01:00:59,987
we got the plans for the newer models, the IR-2s.
1179
01:01:00,855 --> 01:01:03,090
We tried out different attack vectors.
1180
01:01:03,092 --> 01:01:07,394
We ended up focusing on ways to destroy the rotor tubes.
1181
01:01:08,296 --> 01:01:11,732
In the tests we ran, we blew them apart.
1182
01:01:13,201 --> 01:01:15,135
They swept up the pieces,
1183
01:01:15,137 --> 01:01:17,838
they put it on an airplane, they flew it to Washington,
1184
01:01:17,840 --> 01:01:19,540
they stuck it in the truck,
1185
01:01:19,542 --> 01:01:21,508
they drove it through the gates of the White House,
1186
01:01:21,510 --> 01:01:25,646
and dumped the shards out on the conference room table
1187
01:01:25,648 --> 01:01:27,347
in the Situation Room.
1188
01:01:27,349 --> 01:01:28,882
And then they invited President Bush
1189
01:01:28,884 --> 01:01:30,450
to come down and take a look.
1190
01:01:30,452 --> 01:01:32,286
And when he could pick up the shard
1191
01:01:32,288 --> 01:01:34,054
of a piece of centrifuge...
1192
01:01:35,023 --> 01:01:37,257
He was convinced this might be worth it,
1193
01:01:37,559 --> 01:01:39,359
and he said, "go ahead and try."
1194
01:01:40,195 --> 01:01:43,130
Gibney: Was there legal concern inside the Bush Administration
1195
01:01:43,132 --> 01:01:45,532
that this might be an act of undeclared war?
1196
01:01:46,467 --> 01:01:50,237
If there were concerns, I haven't found them.
1197
01:01:51,506 --> 01:01:54,174
That doesn't mean that they didn't exist
1198
01:01:54,176 --> 01:01:56,176
and that some lawyers somewhere
1199
01:01:56,178 --> 01:01:57,744
weren't concerned about it,
1200
01:01:57,746 --> 01:02:01,081
but this was an entirely new territory.
1201
01:02:01,683 --> 01:02:04,184
At the time, there were really very few people
1202
01:02:04,186 --> 01:02:08,322
who had expertise specifically on the law of war and cyber.
1203
01:02:08,723 --> 01:02:10,991
And basically what we did was looking at, okay,
1204
01:02:10,993 --> 01:02:12,459
here's our broad direction.
1205
01:02:13,027 --> 01:02:15,629
Now, let's look... technically what can we do
1206
01:02:16,030 --> 01:02:17,898
to facilitate this broad direction?
1207
01:02:18,166 --> 01:02:21,034
After that, maybe the... I would come in
1208
01:02:21,036 --> 01:02:23,604
or one of my lawyers would come in and say,
1209
01:02:23,606 --> 01:02:27,574
"okay, this is what we may do." Okay.
1210
01:02:28,677 --> 01:02:29,776
There are many things we can do,
1211
01:02:29,778 --> 01:02:31,778
but we are not allowed to do them.
1212
01:02:31,780 --> 01:02:33,914
And then after that, there's still a final level
1213
01:02:33,916 --> 01:02:35,816
that we look at and that's, what should we do?
1214
01:02:36,217 --> 01:02:38,185
Because there are many things that would be
1215
01:02:38,187 --> 01:02:41,455
technically possible and technically legal
1216
01:02:41,457 --> 01:02:42,990
but a bad idea.
1217
01:02:43,524 --> 01:02:47,227
For Natanz, it was a CIA-led operation,
1218
01:02:47,229 --> 01:02:49,663
so we had to have agency sign-off.
1219
01:02:49,964 --> 01:02:51,131
Gibney: Really?
1220
01:02:51,299 --> 01:02:54,134
Someone from the agency
1221
01:02:54,969 --> 01:02:57,104
stood behind the operator and the analyst
1222
01:02:57,106 --> 01:03:00,040
and gave the order to launch every attack.
1223
01:03:07,649 --> 01:03:09,483
Chien: Before they had even started this attack,
1224
01:03:09,485 --> 01:03:11,718
they put inside of the code the kill date,
1225
01:03:12,053 --> 01:03:13,820
a date at which it would stop operating.
1226
01:03:14,389 --> 01:03:16,490
O'Murchu: Cutoff dates, we don't normally see that
1227
01:03:16,492 --> 01:03:18,158
in other threats, and you have to think,
1228
01:03:18,160 --> 01:03:20,060
"well, why is there a cutoff date in there?"
1229
01:03:20,495 --> 01:03:22,929
And when you realize that, well, STUXnet was probably
1230
01:03:22,931 --> 01:03:26,133
written by government and that there are laws
1231
01:03:26,135 --> 01:03:29,002
regarding how you can use this sort of software,
1232
01:03:29,004 --> 01:03:31,638
that there may have been a legal team who said, "no, you...
1233
01:03:31,640 --> 01:03:33,840
You need to have a cutoff date in there,
1234
01:03:33,842 --> 01:03:35,942
and you can only do this and you can only go that far
1235
01:03:35,944 --> 01:03:37,744
and we need to check if this is legal or not.
1236
01:03:39,614 --> 01:03:42,883
That date is a few days before Obama's inauguration.
1237
01:03:43,918 --> 01:03:46,787
So the theory was that this was an operation
1238
01:03:46,789 --> 01:03:49,189
that needed to be stopped at a certain time
1239
01:03:49,191 --> 01:03:51,591
because there was gonna be a handover
1240
01:03:51,593 --> 01:03:53,927
and that more approval was needed.
1241
01:03:57,166 --> 01:03:59,032
Are you prepared to take the oath, senator?
1242
01:03:59,034 --> 01:04:00,267
I am.
1243
01:04:00,635 --> 01:04:02,602
I, Barack Hussein Obama...
1244
01:04:02,604 --> 01:04:04,137
- I, Barack...
- Do solemnly swear...
1245
01:04:04,139 --> 01:04:06,740
I, Barack Hussein Obama, do solemnly swear...
1246
01:04:06,941 --> 01:04:10,477
Sanger: Olympic Games was reauthorized by President Obama
1247
01:04:10,479 --> 01:04:12,279
in his first year in office, 2009.
1248
01:04:16,784 --> 01:04:18,885
It was fascinating because it was the first year of
1249
01:04:18,887 --> 01:04:20,887
the Obama administration and they would talk to you
1250
01:04:20,889 --> 01:04:23,690
endlessly about cyber defense.
1251
01:04:24,459 --> 01:04:25,625
Obama: We count on computer networks
1252
01:04:25,627 --> 01:04:28,762
to deliver our oil and gas, our power, and our water.
1253
01:04:29,063 --> 01:04:32,299
We rely on them for public transportation
1254
01:04:32,301 --> 01:04:33,867
and air traffic control.
1255
01:04:34,235 --> 01:04:36,336
But just as we failed in the past
1256
01:04:36,338 --> 01:04:38,372
to invest in our physical infrastructure,
1257
01:04:38,673 --> 01:04:41,041
our roads, our Bridges, and rails,
1258
01:04:41,376 --> 01:04:43,076
we failed to invest in the security
1259
01:04:43,078 --> 01:04:44,945
of our digital infrastructure.
1260
01:04:45,146 --> 01:04:47,547
Sanger: He was running East Room events
1261
01:04:47,749 --> 01:04:50,484
trying to get people to focus on the need to
1262
01:04:50,486 --> 01:04:52,419
defend cyber networks
1263
01:04:52,421 --> 01:04:54,154
and defend American infrastructure.
1264
01:04:54,522 --> 01:04:58,058
But when you asked questions about the use of
1265
01:04:58,060 --> 01:05:01,661
offensive cyber weapons, everything went dead.
1266
01:05:01,663 --> 01:05:03,397
No cooperation.
1267
01:05:03,399 --> 01:05:05,499
White House wouldn't help, Pentagon wouldn't help,
1268
01:05:05,501 --> 01:05:06,666
NSA wouldn't help.
1269
01:05:06,901 --> 01:05:08,335
Nobody would talk to you about it.
1270
01:05:09,237 --> 01:05:10,871
But when you dug into the budget
1271
01:05:10,873 --> 01:05:14,107
for cyber spending during the Obama administration,
1272
01:05:14,109 --> 01:05:16,042
what you discovered was
1273
01:05:16,044 --> 01:05:19,446
much of it was being spent on offensive cyber weapons.
1274
01:05:21,249 --> 01:05:25,752
You see phrases like "Title 10 CNO."
1275
01:05:26,187 --> 01:05:29,456
Title 10 means operations for the U.S. military,
1276
01:05:29,724 --> 01:05:33,994
and CNO means computer network operations.
1277
01:05:34,695 --> 01:05:36,263
This is considerable evidence
1278
01:05:36,265 --> 01:05:38,865
that STUXnet was just the opening wedge
1279
01:05:39,534 --> 01:05:43,336
of what is a much broader U.S. government effort now
1280
01:05:43,771 --> 01:05:46,807
to develop an entire new class of weapons.
1281
01:05:52,380 --> 01:05:55,115
Chien: STUXnet wasn't just an evolution.
1282
01:05:55,117 --> 01:05:57,784
It was really a revolution in the threat landscape.
1283
01:05:59,587 --> 01:06:02,556
In the past, the vast majority of threats that we saw
1284
01:06:02,558 --> 01:06:04,558
were always controlled by an operator somewhere.
1285
01:06:04,560 --> 01:06:06,259
They would infect your machines,
1286
01:06:06,261 --> 01:06:08,094
but they would have what's called a callback
1287
01:06:08,096 --> 01:06:09,629
or a command-and-control channel.
1288
01:06:09,797 --> 01:06:11,932
The threats would actually contact the operator
1289
01:06:11,934 --> 01:06:13,333
and say, what do you want me to do next?
1290
01:06:13,335 --> 01:06:14,901
And the operator would send down commands
1291
01:06:14,903 --> 01:06:16,837
and say, maybe, search through this directory,
1292
01:06:16,839 --> 01:06:18,772
find these folders, find these files,
1293
01:06:18,774 --> 01:06:20,607
upload these files to me, spread to this other machine,
1294
01:06:20,609 --> 01:06:22,075
things of that nature.
1295
01:06:22,610 --> 01:06:25,679
But STUXnet couldn't have a command-and-control channel
1296
01:06:26,147 --> 01:06:28,915
because once it got inside in Natanz
1297
01:06:28,917 --> 01:06:31,651
it would not have been able to reach back out to the attackers.
1298
01:06:31,653 --> 01:06:33,954
The Natanz network is completely air gapped
1299
01:06:33,956 --> 01:06:35,155
from the rest of the Internet.
1300
01:06:35,157 --> 01:06:36,523
It's not connected to the Internet.
1301
01:06:36,525 --> 01:06:37,991
It's its own isolated network.
1302
01:06:37,993 --> 01:06:39,759
Generally, getting across an air gap is...
1303
01:06:39,761 --> 01:06:41,361
Is one of the more difficult challenges
1304
01:06:41,363 --> 01:06:43,630
that attackers will face just because of the fact that
1305
01:06:43,632 --> 01:06:46,533
there... everything is in place to prevent that.
1306
01:06:46,535 --> 01:06:49,102
You know, everything, you know, the policies and procedures
1307
01:06:49,104 --> 01:06:51,004
and the physical network that's in place is
1308
01:06:51,006 --> 01:06:54,474
specifically designed to prevent you crossing the air gap.
1309
01:06:54,476 --> 01:06:56,943
But there's no truly air-gapped network
1310
01:06:56,945 --> 01:06:59,212
in these real-world production environments.
1311
01:06:59,214 --> 01:07:01,281
People gotta get new code into Natanz.
1312
01:07:01,283 --> 01:07:04,184
People have to get log files off of this network in Natanz.
1313
01:07:04,186 --> 01:07:05,652
People have to upgrade equipment.
1314
01:07:05,654 --> 01:07:07,354
People have to upgrade computers.
1315
01:07:07,555 --> 01:07:10,690
This highlights one of the major
1316
01:07:11,192 --> 01:07:14,127
security issues that we have in the field.
1317
01:07:14,129 --> 01:07:17,030
If you think, "well, nobody can attack
1318
01:07:17,032 --> 01:07:19,299
this power plant or this chemical plant
1319
01:07:19,301 --> 01:07:21,034
because it's not connected to the Internet,"
1320
01:07:21,036 --> 01:07:22,903
that's a bizarre illusion.
1321
01:07:26,541 --> 01:07:29,876
NSA source: The first time we introduced the code into Natanz
1322
01:07:30,411 --> 01:07:32,212
we used human assets,
1323
01:07:33,080 --> 01:07:36,650
maybe CIA, more likely Mossad,
1324
01:07:36,652 --> 01:07:40,053
but our team was kept in the dark about the trade craft.
1325
01:07:40,988 --> 01:07:43,490
We heard rumors in Moscow,
1326
01:07:43,492 --> 01:07:47,327
an Iranian laptop infected by a phony Siemens technician
1327
01:07:47,329 --> 01:07:48,628
with a flash drive...
1328
01:07:50,164 --> 01:07:53,300
A double agent in Iran with access to Natanz,
1329
01:07:53,868 --> 01:07:55,602
but I don't really know.
1330
01:07:55,604 --> 01:07:58,305
What we had to focus on was to write the code
1331
01:07:58,906 --> 01:08:02,342
so that, once inside, the worm acted on its own.
1332
01:08:02,543 --> 01:08:04,911
They built in all the code and all the logic
1333
01:08:04,913 --> 01:08:07,714
into the threat to be able to operate all by itself.
1334
01:08:07,716 --> 01:08:09,950
It had the ability to spread by itself.
1335
01:08:09,952 --> 01:08:13,019
It had the ability to figure out, do I have the right PLCs?
1336
01:08:13,021 --> 01:08:15,956
Have I arrived in Natanz? Am I at the target?
1337
01:08:15,958 --> 01:08:17,524
Langner: And when it's on target,
1338
01:08:17,526 --> 01:08:19,693
it executes autonomously.
1339
01:08:20,061 --> 01:08:23,363
That also means you... you cannot call off the attack.
1340
01:08:24,031 --> 01:08:25,765
It was definitely the type of attack
1341
01:08:26,367 --> 01:08:27,867
where someone had decided
1342
01:08:28,569 --> 01:08:30,370
that this is what they wanted to do.
1343
01:08:30,905 --> 01:08:33,707
There was no turning back once STUXnet was released.
1344
01:08:38,913 --> 01:08:41,047
When it began to actually execute its payload,
1345
01:08:41,049 --> 01:08:43,316
you would have a whole bunch of centrifuges
1346
01:08:43,318 --> 01:08:46,419
in a huge array of cascades sitting in a big hall.
1347
01:08:46,421 --> 01:08:48,622
And then just off that hall
1348
01:08:48,624 --> 01:08:50,423
you would have an operators room,
1349
01:08:50,425 --> 01:08:52,292
the control panels in front of them, a big window
1350
01:08:52,294 --> 01:08:53,734
where they could see into the hall.
1351
01:08:54,295 --> 01:08:56,496
Computers monitor the activities
1352
01:08:56,498 --> 01:08:57,864
of all these centrifuges.
1353
01:08:58,733 --> 01:09:02,802
So a centrifuge, it's driven by an electrical motor.
1354
01:09:03,404 --> 01:09:06,306
And the speed of this electrical motor
1355
01:09:06,308 --> 01:09:09,509
is controlled by another PLC,
1356
01:09:09,511 --> 01:09:11,211
by another programmable logic controller.
1357
01:09:13,414 --> 01:09:17,117
Chien: STUXnet would wait for 13 days
1358
01:09:17,119 --> 01:09:18,418
before doing anything,
1359
01:09:18,420 --> 01:09:20,520
because 13 days is about the time it takes
1360
01:09:20,522 --> 01:09:23,490
to actually fill an entire cascade of centrifuges
1361
01:09:23,492 --> 01:09:25,025
with uranium.
1362
01:09:25,326 --> 01:09:28,161
They didn't want to attack when the centrifuges essentially
1363
01:09:28,163 --> 01:09:30,530
were empty or at the beginning of the enrichment process.
1364
01:09:31,799 --> 01:09:34,167
What STUXnet did was it actually would sit there
1365
01:09:34,169 --> 01:09:36,870
during the 13 days and basically record
1366
01:09:36,872 --> 01:09:38,872
all of the normal activities
1367
01:09:38,874 --> 01:09:40,407
that were happening and save it.
1368
01:09:41,208 --> 01:09:43,543
And once they saw them spinning for 13 days,
1369
01:09:43,545 --> 01:09:45,178
then the attack occurred.
1370
01:09:45,946 --> 01:09:48,214
Centrifuges spin at incredible speeds,
1371
01:09:48,216 --> 01:09:50,150
about 1,000 hertz.
1372
01:09:50,152 --> 01:09:52,519
Langner: They have a safe operating speed,
1373
01:09:52,521 --> 01:09:55,355
63,000 revolutions per minute.
1374
01:09:55,656 --> 01:09:58,224
Chien: STUXnet caused the uranium enrichment centrifuges
1375
01:09:58,226 --> 01:10:00,527
to spin up to 1,400 hertz.
1376
01:10:00,529 --> 01:10:03,263
Langner: Up to 80,000 revolutions per minute.
1377
01:10:06,734 --> 01:10:09,169
What would happen was those centrifuges
1378
01:10:09,171 --> 01:10:11,438
would go through what's called a resonance frequency.
1379
01:10:11,972 --> 01:10:14,207
It would go through a frequency at which the metal would
1380
01:10:14,209 --> 01:10:16,076
basically vibrate uncontrollably
1381
01:10:16,078 --> 01:10:17,377
and essentially shatter.
1382
01:10:17,545 --> 01:10:19,746
There'd be uranium gas everywhere.
1383
01:10:20,881 --> 01:10:22,749
And then the second attack they attempted
1384
01:10:22,751 --> 01:10:25,051
was they actually tried to lower it to two hertz.
1385
01:10:25,053 --> 01:10:28,755
They were slowed down to almost standstill.
1386
01:10:29,523 --> 01:10:32,058
Chien: And at two hertz, sort of an opposite effect occurs.
1387
01:10:32,060 --> 01:10:34,327
You can imagine a toy top that you spin
1388
01:10:34,329 --> 01:10:37,230
and as the top begins to slow down, it begins to wobble.
1389
01:10:37,232 --> 01:10:39,232
That's what would happen to these centrifuges.
1390
01:10:39,234 --> 01:10:41,267
They'd begin to wobble and essentially shatter
1391
01:10:41,269 --> 01:10:42,502
and fall apart.
1392
01:10:46,274 --> 01:10:49,109
And instead of sending back to the computer
1393
01:10:49,111 --> 01:10:50,744
what was really happening, it would send back
1394
01:10:50,746 --> 01:10:52,712
that old data that it had recorded.
1395
01:10:52,714 --> 01:10:54,514
So the computer's sitting there thinking,
1396
01:10:54,516 --> 01:10:56,216
"yep, running at 1,000 hertz, everything is fine.
1397
01:10:56,218 --> 01:10:58,118
Running at 1,000 hertz, everything is fine."
1398
01:10:58,120 --> 01:11:00,954
But those centrifuges are potentially spinning up wildly,
1399
01:11:00,956 --> 01:11:02,756
a huge noise would occur.
1400
01:11:02,758 --> 01:11:04,758
It'd be like, you know, a jet engine.
1401
01:11:08,296 --> 01:11:09,896
So the operators then would know, "whoa,
1402
01:11:09,898 --> 01:11:11,531
something is going wrong here."
1403
01:11:11,533 --> 01:11:13,466
They might look at their monitors and say, "hmm,
1404
01:11:13,468 --> 01:11:15,935
it says it's 1,000 hertz," but they would hear that in the room
1405
01:11:15,937 --> 01:11:17,737
something gravely bad was happening.
1406
01:11:17,739 --> 01:11:21,107
Not only are the operators fooled into thinking
1407
01:11:21,109 --> 01:11:22,909
everything's normal,
1408
01:11:22,911 --> 01:11:27,247
but also any kind of automated protective logic
1409
01:11:27,249 --> 01:11:29,015
is fooled.
1410
01:11:29,884 --> 01:11:31,844
Chien: You can't just turn these centrifuges off.
1411
01:11:32,086 --> 01:11:34,721
They have to be brought down in a very controlled manner.
1412
01:11:34,723 --> 01:11:36,890
And so they would hit, literally, the big red button
1413
01:11:36,892 --> 01:11:38,491
to initiate a graceful shutdown,
1414
01:11:38,826 --> 01:11:40,927
and STUXnet intercepts that code.
1415
01:11:40,929 --> 01:11:42,495
So you would have these operators
1416
01:11:42,497 --> 01:11:44,631
slamming on that button over and over again
1417
01:11:44,633 --> 01:11:45,799
and nothing would happen.
1418
01:11:47,101 --> 01:11:50,670
Yadlin: If your cyber weapon is good enough,
1419
01:11:50,672 --> 01:11:53,406
if your enemy is not aware of it,
1420
01:11:53,674 --> 01:11:57,310
it is an ideal weapon, because the enemy
1421
01:11:57,312 --> 01:11:59,379
even don't understand what is happening to it.
1422
01:11:59,947 --> 01:12:01,915
Gibney: Maybe even better if the enemy begins to doubt
1423
01:12:01,917 --> 01:12:04,217
- their own capability.
- Absolutely.
1424
01:12:04,919 --> 01:12:07,787
Certainly one must conclude
1425
01:12:07,789 --> 01:12:10,590
that what happened at Natanz
1426
01:12:10,592 --> 01:12:12,992
must have driven the engineers crazy,
1427
01:12:12,994 --> 01:12:15,461
because the worst thing that can happen
1428
01:12:15,463 --> 01:12:19,365
to a maintenance engineer is not being able to figure out
1429
01:12:19,367 --> 01:12:22,168
what the cause of specific trouble is.
1430
01:12:22,170 --> 01:12:25,538
So they must have been analyzing themselves to death.
1431
01:12:28,275 --> 01:12:31,077
Heinonen: You know, you see centrifuges blowing up.
1432
01:12:31,445 --> 01:12:35,248
You look the computer screens, they go with the proper speed.
1433
01:12:35,616 --> 01:12:39,285
There's a proper gas pressure. Everything looks beautiful.
1434
01:12:41,889 --> 01:12:45,024
Sanger: Through 2009 it was going pretty smoothly.
1435
01:12:45,026 --> 01:12:46,860
Centrifuges were blowing up.
1436
01:12:46,862 --> 01:12:49,529
The International Atomic Energy Agency inspectors
1437
01:12:49,531 --> 01:12:52,031
would go in to Natanz and they would see that
1438
01:12:52,033 --> 01:12:54,934
whole sections of the centrifuges had been removed.
1439
01:12:56,170 --> 01:12:59,239
The United States knew from its intelligence channels
1440
01:12:59,241 --> 01:13:02,742
that some Iranian scientists and engineers
1441
01:13:02,744 --> 01:13:06,512
were being fired because the centrifuges were blowing up
1442
01:13:06,514 --> 01:13:09,649
and the Iranians had assumed that this was because
1443
01:13:09,651 --> 01:13:13,152
they had been making errors or manufacturing mistakes.
1444
01:13:13,154 --> 01:13:14,787
Clearly this was somebody's fault.
1445
01:13:15,890 --> 01:13:17,924
So the program was doing
1446
01:13:17,926 --> 01:13:19,759
exactly what it was supposed to be doing,
1447
01:13:20,060 --> 01:13:22,829
which was it was blowing up centrifuges
1448
01:13:23,063 --> 01:13:24,898
and it was leaving no trace
1449
01:13:25,566 --> 01:13:27,667
and leaving the Iranians to wonder
1450
01:13:28,102 --> 01:13:29,469
what they got hit by.
1451
01:13:29,937 --> 01:13:32,572
This was the brilliance of Olympic Games.
1452
01:13:32,873 --> 01:13:34,574
You know, as a former director of a couple of big
1453
01:13:34,576 --> 01:13:35,842
3-letter agencies,
1454
01:13:36,210 --> 01:13:38,645
slowing down 1,000 centrifuges in Natanz...
1455
01:13:39,513 --> 01:13:40,847
Abnormally good.
1456
01:13:40,849 --> 01:13:43,449
There was a need for... for... for buying time.
1457
01:13:43,451 --> 01:13:46,085
There was a need for slowing them down.
1458
01:13:46,087 --> 01:13:48,021
There was the need to try to push them
1459
01:13:48,023 --> 01:13:49,389
to the negotiating table.
1460
01:13:49,391 --> 01:13:51,691
I mean, there are a lot of variables at play here.
1461
01:13:56,030 --> 01:13:59,666
Sanger: President Obama would go down into the Situation Room,
1462
01:14:00,100 --> 01:14:03,369
and he would have laid out in front of him
1463
01:14:03,371 --> 01:14:05,038
what they called the horse blanket,
1464
01:14:05,040 --> 01:14:07,240
which was a giant schematic
1465
01:14:07,242 --> 01:14:10,710
of the Natanz nuclear enrichment plan.
1466
01:14:11,278 --> 01:14:14,380
And the designers of Olympic Games
1467
01:14:14,382 --> 01:14:17,550
would describe to him what kind of progress they made
1468
01:14:17,552 --> 01:14:19,819
and look for him for the authorization
1469
01:14:19,821 --> 01:14:22,055
to move on ahead to the next attack.
1470
01:14:23,891 --> 01:14:25,925
And at one point during those discussions,
1471
01:14:25,927 --> 01:14:27,660
he said to a number of his aides,
1472
01:14:27,662 --> 01:14:29,262
"you know, I have some concerns
1473
01:14:29,264 --> 01:14:31,731
because once word of this gets out,"
1474
01:14:31,733 --> 01:14:33,399
and eventually he knew it would get out,
1475
01:14:33,401 --> 01:14:35,401
"the Chinese may use it as an excuse
1476
01:14:35,403 --> 01:14:38,738
for their attacks on us. The Russians might or others."
1477
01:14:39,273 --> 01:14:42,308
So he clearly had some misgivings,
1478
01:14:42,943 --> 01:14:44,744
but they weren't big enough to stop him
1479
01:14:44,746 --> 01:14:46,145
from going ahead with the program.
1480
01:14:47,348 --> 01:14:50,516
And then in 2010,
1481
01:14:50,851 --> 01:14:54,087
a decision was made to change the code.
1482
01:14:59,927 --> 01:15:01,361
Our human assets
1483
01:15:01,996 --> 01:15:05,465
weren't always able to get code updates into Natanz
1484
01:15:05,467 --> 01:15:07,600
and we weren't told exactly why,
1485
01:15:08,168 --> 01:15:12,205
but we were told we had to have a cyber solution
1486
01:15:12,207 --> 01:15:13,706
for delivering the code.
1487
01:15:14,141 --> 01:15:16,709
But the delivery systems were tricky.
1488
01:15:17,011 --> 01:15:19,679
If they weren't aggressive enough, they wouldn't get in.
1489
01:15:19,980 --> 01:15:22,348
If they were too aggressive, they could spread
1490
01:15:22,783 --> 01:15:24,017
and be discovered.
1491
01:15:26,020 --> 01:15:27,787
Chien: When we got the first sample,
1492
01:15:27,789 --> 01:15:30,123
there was some configuration information inside of it.
1493
01:15:30,125 --> 01:15:33,359
And one of the pieces in there was a version number, 1.1
1494
01:15:34,361 --> 01:15:35,661
and that made us realize,
1495
01:15:35,663 --> 01:15:37,897
well, look, this likely isn't the only copy.
1496
01:15:37,899 --> 01:15:40,133
We went back through our databases looking for
1497
01:15:40,135 --> 01:15:42,602
anything that looks similar to STUXnet.
1498
01:15:44,338 --> 01:15:46,039
Chien: As we began to collect more samples,
1499
01:15:46,041 --> 01:15:47,940
we found a few earlier versions of STUXnet.
1500
01:15:49,009 --> 01:15:50,710
O'Murchu: And when we analyzed that code,
1501
01:15:50,712 --> 01:15:53,379
we saw that versions previous to 1.1
1502
01:15:53,381 --> 01:15:55,048
were a lot less aggressive.
1503
01:15:55,516 --> 01:15:57,350
The earlier version of STUXnet,
1504
01:15:57,352 --> 01:15:59,519
it basically required humans to do a little bit
1505
01:15:59,521 --> 01:16:01,854
of double clicking in order for it to spread
1506
01:16:01,856 --> 01:16:03,389
from one computer to another.
1507
01:16:03,391 --> 01:16:05,658
And, so, what we believe after looking at that code
1508
01:16:05,660 --> 01:16:06,793
is two things,
1509
01:16:07,194 --> 01:16:09,495
one, either they didn't get in to Natanz
1510
01:16:09,497 --> 01:16:10,730
with that earlier version,
1511
01:16:10,732 --> 01:16:12,331
because it simply wasn't aggressive enough,
1512
01:16:12,333 --> 01:16:14,067
wasn't able to jump over that air gap,
1513
01:16:15,035 --> 01:16:17,870
and/or two, that payload as well
1514
01:16:17,872 --> 01:16:21,174
didn't work properly, didn't work to their satisfaction,
1515
01:16:21,442 --> 01:16:23,276
maybe was not explosive enough.
1516
01:16:23,844 --> 01:16:26,079
There were slightly different versions
1517
01:16:26,081 --> 01:16:28,414
which were aimed at different parts
1518
01:16:28,416 --> 01:16:30,049
of the centrifuge cascade.
1519
01:16:30,051 --> 01:16:33,052
Gibney: But the guys at Symantec figured you changed the code
1520
01:16:33,054 --> 01:16:34,854
because the first variations couldn't get in
1521
01:16:34,856 --> 01:16:36,022
and didn't work right.
1522
01:16:36,290 --> 01:16:37,290
Bullshit.
1523
01:16:38,092 --> 01:16:40,359
We always found a way to get across the air gap.
1524
01:16:40,361 --> 01:16:42,628
At TAO, we laughed when people thought they were
1525
01:16:42,630 --> 01:16:44,297
protected by an air gap.
1526
01:16:44,965 --> 01:16:48,000
And for OG, the early versions of the payload did work.
1527
01:16:48,469 --> 01:16:50,269
But what NSA did...
1528
01:16:51,872 --> 01:16:54,674
Was always low-key and subtle.
1529
01:16:55,776 --> 01:16:59,045
The problem was that Unit 8200, the Israelis,
1530
01:16:59,047 --> 01:17:01,180
kept pushing us to be more aggressive.
1531
01:17:02,816 --> 01:17:05,451
Chien: The later version of STUXnet 1.1,
1532
01:17:05,453 --> 01:17:07,587
that version had multiple ways of spreading.
1533
01:17:07,589 --> 01:17:09,789
Had the four zero days inside of it, for example,
1534
01:17:09,791 --> 01:17:11,591
that allowed it to spread all by itself
1535
01:17:11,593 --> 01:17:12,725
without you doing anything.
1536
01:17:12,727 --> 01:17:14,327
It could spread via network shares.
1537
01:17:14,329 --> 01:17:16,229
It could spread via USB keys.
1538
01:17:16,231 --> 01:17:18,631
It was able to spread via network exploits.
1539
01:17:18,633 --> 01:17:20,166
That's the sample that introduced us
1540
01:17:20,168 --> 01:17:22,168
to stolen digital certificates.
1541
01:17:22,170 --> 01:17:24,604
That is the sample that, all of a sudden,
1542
01:17:24,606 --> 01:17:26,772
became so noisy
1543
01:17:26,774 --> 01:17:29,876
and caught the attention of the antivirus guys.
1544
01:17:30,777 --> 01:17:33,412
In the first sample we don't find that.
1545
01:17:34,748 --> 01:17:40,820
And this is very strange, because it tells us that
1546
01:17:40,822 --> 01:17:43,089
in the process of this development
1547
01:17:43,624 --> 01:17:46,192
the attackers were less concerned
1548
01:17:46,194 --> 01:17:48,027
with operational security.
1549
01:17:53,500 --> 01:17:56,068
Chien: STUXnet actually kept a log inside of itself
1550
01:17:56,770 --> 01:17:59,205
of all the machines that it infected along the way
1551
01:17:59,207 --> 01:18:01,274
as it jumped from one machine to another
1552
01:18:01,276 --> 01:18:02,441
to another to another.
1553
01:18:02,876 --> 01:18:04,844
And we were able to gather up
1554
01:18:04,846 --> 01:18:06,879
all the samples that we could acquire,
1555
01:18:07,047 --> 01:18:10,316
tens of thousands of samples. We extracted all of those logs.
1556
01:18:10,318 --> 01:18:13,019
O'Murchu: We could see the exact path that STUXnet took.
1557
01:18:15,155 --> 01:18:17,190
Chien: Eventually, we were able to trace back
1558
01:18:17,192 --> 01:18:19,358
this version of STUXnet to ground zero,
1559
01:18:19,660 --> 01:18:22,195
to the first five infections in the world.
1560
01:18:23,030 --> 01:18:25,865
The first five infections are all outside a Natanz plant,
1561
01:18:26,033 --> 01:18:28,868
all inside of organizations inside of Iran,
1562
01:18:29,636 --> 01:18:31,904
all organizations that are involved in
1563
01:18:31,906 --> 01:18:34,340
industrial control systems and construction
1564
01:18:34,342 --> 01:18:35,975
of industrial control facilities,
1565
01:18:36,243 --> 01:18:39,812
clearly contractors who were working on the Natanz facility.
1566
01:18:39,814 --> 01:18:41,547
And the attackers knew that.
1567
01:18:42,149 --> 01:18:44,884
They were electrical companies. They were piping companies.
1568
01:18:44,886 --> 01:18:46,485
They were, you know, these sorts of companies.
1569
01:18:46,687 --> 01:18:48,321
And they knew... they knew the technicians
1570
01:18:48,323 --> 01:18:50,056
from those companies would visit Natanz.
1571
01:18:50,058 --> 01:18:51,624
So they would infect these companies
1572
01:18:51,825 --> 01:18:54,860
and then technicians would take their computer
1573
01:18:54,862 --> 01:18:56,162
or their laptop or their USB...
1574
01:18:56,164 --> 01:18:57,930
That operator then goes down to Natanz
1575
01:18:57,932 --> 01:19:00,099
and he plugs in his USB key, which has some code
1576
01:19:00,101 --> 01:19:02,001
that he needs to update into Natanz,
1577
01:19:02,003 --> 01:19:03,569
into the Natanz network,
1578
01:19:03,571 --> 01:19:05,238
and now STUXnet is able to get inside Natanz
1579
01:19:05,240 --> 01:19:06,606
and conduct its attack.
1580
01:19:07,841 --> 01:19:10,209
These five companies were specifically targeted
1581
01:19:10,211 --> 01:19:12,078
to spread STUXnet into Natanz
1582
01:19:12,279 --> 01:19:15,514
and that it wasn't that... that STUXnet escaped out of Natanz
1583
01:19:15,516 --> 01:19:17,016
and then spread all over the world
1584
01:19:17,018 --> 01:19:19,452
and it was this big mistake and "oh, it wasn't meant
1585
01:19:19,454 --> 01:19:21,187
to spread that far but it really did."
1586
01:19:21,189 --> 01:19:22,922
No, that's not the way we see it.
1587
01:19:22,924 --> 01:19:25,858
The way we see it is that they wanted it to spread far
1588
01:19:25,860 --> 01:19:27,526
so that they could get it into Natanz.
1589
01:19:27,728 --> 01:19:31,631
Someone decided that we're gonna create something new,
1590
01:19:31,865 --> 01:19:32,932
something evolved,
1591
01:19:33,567 --> 01:19:35,701
that's gonna be far, far, far more aggressive.
1592
01:19:36,370 --> 01:19:39,805
And we're okay, frankly,
1593
01:19:39,807 --> 01:19:42,508
with it spreading all over the world to innocent machines
1594
01:19:42,743 --> 01:19:44,310
in order to go after our target.
1595
01:19:50,051 --> 01:19:55,221
The Mossad had the role, had the... the assignment
1596
01:19:55,922 --> 01:20:01,827
to deliver the virus to make sure that STUXnet
1597
01:20:01,829 --> 01:20:06,699
would be put in place in Natanz to affect the centrifuges.
1598
01:20:08,568 --> 01:20:10,770
Meir Dagan, the head of Mossad,
1599
01:20:10,772 --> 01:20:14,073
was under growing pressure from the prime minister,
1600
01:20:14,075 --> 01:20:16,942
Benjamin Netanyahu, to produce results.
1601
01:20:18,846 --> 01:20:20,012
Inside The Roc,
1602
01:20:20,014 --> 01:20:22,081
we were furious.
1603
01:20:23,817 --> 01:20:26,652
The Israelis took our code for the delivery system
1604
01:20:27,254 --> 01:20:28,554
and changed it.
1605
01:20:29,956 --> 01:20:32,458
Then, on their own, without our agreement,
1606
01:20:32,460 --> 01:20:34,260
they just fucking launched it.
1607
01:20:34,928 --> 01:20:36,829
2010 around the same time
1608
01:20:36,831 --> 01:20:38,631
they started killing Iranian scientists...
1609
01:20:38,633 --> 01:20:40,366
And they fucked up the code!
1610
01:20:40,801 --> 01:20:42,335
Instead of hiding,
1611
01:20:42,337 --> 01:20:44,804
the code started shutting down computers,
1612
01:20:44,806 --> 01:20:46,572
so naturally, people noticed.
1613
01:20:48,508 --> 01:20:51,510
Because they were in a hurry, they opened Pandora's Box.
1614
01:20:52,546 --> 01:20:53,646
They let it out
1615
01:20:53,648 --> 01:20:56,949
and it spread all over the world.
1616
01:21:02,122 --> 01:21:03,923
Gibney: The worm spread quickly
1617
01:21:04,191 --> 01:21:06,025
but somehow it remained unseen
1618
01:21:06,027 --> 01:21:08,060
until it was identified in Belarus.
1619
01:21:09,062 --> 01:21:11,630
Soon after, Israeli intelligence confirmed
1620
01:21:11,632 --> 01:21:13,632
that it had made its way into the hands
1621
01:21:13,634 --> 01:21:15,634
of the Russian federal security service,
1622
01:21:15,636 --> 01:21:17,603
a successor to the KGB.
1623
01:21:19,172 --> 01:21:22,575
So it happened that the formula for a secret cyber weapon
1624
01:21:22,577 --> 01:21:24,243
designed by the U.S. and Israel
1625
01:21:24,245 --> 01:21:25,778
fell into the hands of Russia
1626
01:21:26,313 --> 01:21:28,314
and the very country it was meant to attack.
1627
01:21:31,056 --> 01:21:35,266
They managed to create minor
problems for a few of our centrifuges
1628
01:21:35,644 --> 01:21:39,774
through the software that they
had installed on electronic parts.
1629
01:21:40,733 --> 01:21:43,113
It was a naughty and immoral move by them
1630
01:21:43,318 --> 01:21:45,988
but fortunately our experts discovered it
1631
01:21:46,280 --> 01:21:48,910
and today they are not capable
of ever doing it again.
1632
01:21:50,872 --> 01:21:52,405
Kiyaei: In international law,
1633
01:21:52,407 --> 01:21:55,941
when some country or a coalition of countries
1634
01:21:56,176 --> 01:22:00,646
targets a nuclear facility, it's a act of war.
1635
01:22:01,548 --> 01:22:04,450
Please, let's be frank here.
1636
01:22:05,118 --> 01:22:07,820
If it wasn't Iran,
1637
01:22:08,455 --> 01:22:11,157
let's say a nuclear facility in United States...
1638
01:22:12,426 --> 01:22:14,160
Was targeted in the same way...
1639
01:22:16,363 --> 01:22:17,997
The American government
1640
01:22:18,398 --> 01:22:21,133
would not sit by and let this go.
1641
01:22:21,968 --> 01:22:24,537
Gibney: STUXnet is an attack in peacetime
1642
01:22:24,539 --> 01:22:25,659
on critical infrastructures.
1643
01:22:25,806 --> 01:22:28,908
Yes, it is. I'm... look, when I read about it,
1644
01:22:28,910 --> 01:22:31,610
I read it, I go, "whoa, this is a big deal."
1645
01:22:31,612 --> 01:22:33,345
Yeah.
1646
01:22:35,048 --> 01:22:37,583
Sanger: The people who were running this program,
1647
01:22:37,585 --> 01:22:39,051
including Leon Panetta,
1648
01:22:39,053 --> 01:22:41,053
the Director of the CIA at the time,
1649
01:22:41,655 --> 01:22:44,290
had to go down into the Situation Room
1650
01:22:44,292 --> 01:22:46,492
and face President Obama,
1651
01:22:46,494 --> 01:22:50,029
Vice President Biden and explain that this program
1652
01:22:50,297 --> 01:22:52,865
was suddenly on the loose.
1653
01:22:54,167 --> 01:22:55,668
Vice President Biden,
1654
01:22:55,670 --> 01:22:58,237
at one point during this discussion,
1655
01:22:59,072 --> 01:23:01,774
sort of exploded in Biden-esque fashion
1656
01:23:01,776 --> 01:23:03,342
and blamed the Israelis.
1657
01:23:03,344 --> 01:23:05,744
He said, "it must have been the Israelis
1658
01:23:05,746 --> 01:23:07,813
who made a change in the code
1659
01:23:07,815 --> 01:23:09,915
that enabled it to get out."
1660
01:23:11,785 --> 01:23:13,986
Richard Clarke: President Obama said to the senior leadership,
1661
01:23:13,988 --> 01:23:17,022
"you told me it wouldn't get out of the network. It did.
1662
01:23:17,024 --> 01:23:19,191
You told me the Iranians would never figure out
1663
01:23:19,193 --> 01:23:21,160
it was the United States. They did.
1664
01:23:21,461 --> 01:23:23,162
You told me it would have a huge affect
1665
01:23:23,164 --> 01:23:26,832
on their nuclear program, and it didn't."
1666
01:23:28,535 --> 01:23:32,037
Sanger: The Natanz plant is inspected every couple of weeks
1667
01:23:32,339 --> 01:23:35,541
by the International Atomic Energy Agency inspectors.
1668
01:23:35,976 --> 01:23:38,677
And if you line up what you know about the attacks
1669
01:23:38,945 --> 01:23:41,847
with the inspection reports, you can see the effects.
1670
01:23:43,183 --> 01:23:45,384
Heinonen: If you go to the IAEA reports,
1671
01:23:45,386 --> 01:23:47,653
they really show that all of those centrifuges
1672
01:23:47,655 --> 01:23:50,556
were switched off and they were removed.
1673
01:23:51,157 --> 01:23:54,527
As much as almost couple of thousand got compromised.
1674
01:23:55,695 --> 01:23:57,162
When you put this altogether,
1675
01:23:57,164 --> 01:23:59,965
I wouldn't be surprised if their program got delayed
1676
01:23:59,967 --> 01:24:01,133
by the one year.
1677
01:24:01,501 --> 01:24:05,304
But go then to year 2012-13
1678
01:24:05,306 --> 01:24:08,607
and looking how the centrifuges started to come up again.
1679
01:24:08,875 --> 01:24:10,476
Kiyaei: Iran's number of centrifuges
1680
01:24:10,478 --> 01:24:12,344
went up exponentially,
1681
01:24:12,346 --> 01:24:16,415
to 20,000, with a stockpile of low enriched uranium.
1682
01:24:16,417 --> 01:24:18,717
This isn't... these are high numbers.
1683
01:24:19,586 --> 01:24:22,054
Iran's nuclear facilities expanded
1684
01:24:22,056 --> 01:24:24,657
with the construction of Fordow
1685
01:24:24,659 --> 01:24:27,259
and other highly protected facilities.
1686
01:24:29,329 --> 01:24:32,097
So ironically, cyber warfare...
1687
01:24:32,899 --> 01:24:35,501
Assassination of its nuclear scientists,
1688
01:24:35,936 --> 01:24:39,204
economic sanctions, political isolation...
1689
01:24:41,075 --> 01:24:43,576
Iran has gone through "a" to "x"
1690
01:24:43,578 --> 01:24:48,180
of every chorus of policy that the U.S., Israel,
1691
01:24:48,182 --> 01:24:52,318
and those who ally with them have placed on Iran,
1692
01:24:52,852 --> 01:24:55,788
and they have actually made Iran's nuclear program
1693
01:24:55,790 --> 01:24:58,524
more advanced today than it was ever before.
1694
01:25:02,697 --> 01:25:04,430
Mossad Operative: This is a very
1695
01:25:04,432 --> 01:25:07,566
very dangerous minefield that we are walking,
1696
01:25:07,568 --> 01:25:10,469
and nations who decide
1697
01:25:10,471 --> 01:25:12,671
to take these covert actions
1698
01:25:13,807 --> 01:25:16,842
should be taking into consideration
1699
01:25:17,477 --> 01:25:22,281
all the effects, including the moral effects.
1700
01:25:22,916 --> 01:25:26,952
I would say that this is the price
1701
01:25:26,954 --> 01:25:31,290
that we have to pay in this... in this war,
1702
01:25:31,625 --> 01:25:34,159
and our blade of righteousness
1703
01:25:34,161 --> 01:25:35,561
shouldn't be so sharp.
1704
01:25:41,401 --> 01:25:43,802
Gibney: In Israel and in the United States,
1705
01:25:43,804 --> 01:25:46,138
the blade of righteousness cut both ways,
1706
01:25:46,673 --> 01:25:49,208
wounding the targets and the attackers.
1707
01:25:50,276 --> 01:25:52,678
When STUXnet infected American computers,
1708
01:25:52,680 --> 01:25:54,747
the Department of Homeland Security,
1709
01:25:55,081 --> 01:25:58,017
unaware of the cyber weapons launch by the NSA,
1710
01:25:58,284 --> 01:26:01,453
devoted enormous resources trying to protect Americans
1711
01:26:01,455 --> 01:26:02,755
from their own government.
1712
01:26:03,256 --> 01:26:05,691
We had met the enemy and it was us.
1713
01:26:11,464 --> 01:26:13,132
Sen Paul McGurk: The purpose of the watch stations that
1714
01:26:13,134 --> 01:26:15,300
you see in front of you is to aggregate the data
1715
01:26:15,302 --> 01:26:16,769
- coming in from multiple feeds
1716
01:26:16,771 --> 01:26:18,504
of what the cyber threats could be,
1717
01:26:18,506 --> 01:26:19,938
so if we see threats
1718
01:26:19,940 --> 01:26:22,508
we can provide real-time recommendations
1719
01:26:22,510 --> 01:26:25,744
for both private companies, as well as federal agencies.
1720
01:26:26,479 --> 01:26:28,233
Male journalist:
1721
01:26:28,233 --> 01:26:30,108
Can you give us a readout
on this Stuxnet virus?
1722
01:26:30,350 --> 01:26:32,785
Yep, absolutely. We'd be more than happy to discuss that.
1723
01:26:32,787 --> 01:26:33,852
Female journalist: Sen, is it...
1724
01:26:33,854 --> 01:26:36,455
McGurk: Early July of 2010 we received a call
1725
01:26:36,457 --> 01:26:39,058
that said that this piece of malware was discovered
1726
01:26:39,060 --> 01:26:40,459
and could we take a look at it.
1727
01:26:42,063 --> 01:26:43,562
When we first started the analysis,
1728
01:26:43,564 --> 01:26:45,898
there was that "oh, crap" moment, you know,
1729
01:26:45,900 --> 01:26:47,733
where we sat there and said, this is something
1730
01:26:47,735 --> 01:26:48,867
that's significant.
1731
01:26:48,869 --> 01:26:50,602
It's impacting industrial control.
1732
01:26:50,837 --> 01:26:53,305
It can disrupt it to the point where it could cause harm
1733
01:26:53,307 --> 01:26:55,374
and not only damage to the equipment,
1734
01:26:55,376 --> 01:26:57,443
but potentially harm or loss of life.
1735
01:26:58,211 --> 01:27:00,412
We were very concerned because STUXnet
1736
01:27:00,414 --> 01:27:02,181
was something that we had not seen before.
1737
01:27:02,183 --> 01:27:04,316
So there wasn't a lot of sleep that night.
1738
01:27:04,318 --> 01:27:07,219
Basically, light up the phones, call everybody we know,
1739
01:27:07,221 --> 01:27:10,456
inform the secretary, inform the White House,
1740
01:27:10,657 --> 01:27:12,725
inform the other departments and agencies,
1741
01:27:12,892 --> 01:27:15,594
wake up the world, and figure out what's going on
1742
01:27:15,596 --> 01:27:17,796
with this particular malware.
1743
01:27:19,599 --> 01:27:20,866
Good morning, Chairman Lieberman,
1744
01:27:20,868 --> 01:27:22,134
ranking member Collins.
1745
01:27:22,702 --> 01:27:24,503
Something as simple and innocuous as this
1746
01:27:24,505 --> 01:27:26,672
becomes a challenge for all of us to maintain
1747
01:27:26,674 --> 01:27:29,641
accountability control of our critical infrastructure systems.
1748
01:27:30,110 --> 01:27:32,244
This actually contains the STUXnet virus.
1749
01:27:32,445 --> 01:27:33,912
I've been asked on a number of occasions,
1750
01:27:33,914 --> 01:27:35,748
"did you ever think this was us?"
1751
01:27:35,750 --> 01:27:39,451
And at... at no point did that ever really cross our mind,
1752
01:27:39,453 --> 01:27:42,254
because we were looking at it from the standpoint of,
1753
01:27:42,589 --> 01:27:44,556
is this something that's coming after the homeland?
1754
01:27:44,558 --> 01:27:47,126
You know, what... what's going to potentially impact,
1755
01:27:47,128 --> 01:27:49,928
you know, our industrial control
based here in the United States?
1756
01:27:50,363 --> 01:27:53,298
You know, I liken it to, you know, field of battle.
1757
01:27:53,466 --> 01:27:55,434
You don't think the sniper that's behind you
1758
01:27:55,436 --> 01:27:56,935
is gonna be shooting at you,
1759
01:27:57,103 --> 01:27:58,743
'cause you expect him to be on your side.
1760
01:27:59,239 --> 01:28:02,941
We really don't know who the attacker was
1761
01:28:02,943 --> 01:28:04,343
in the STUXnet case.
1762
01:28:04,544 --> 01:28:06,779
So help us understand a little more
1763
01:28:07,046 --> 01:28:09,214
what this thing is
1764
01:28:09,916 --> 01:28:15,320
whose origin and destination we don't understand.
1765
01:28:16,556 --> 01:28:18,657
Gibney: Did anybody ever give you any indication
1766
01:28:18,659 --> 01:28:20,826
that it was something that they already knew about?
1767
01:28:20,828 --> 01:28:23,562
No, at no time did I get the impression from someone
1768
01:28:23,564 --> 01:28:26,431
that that's okay, you know, get the little pat on the head,
1769
01:28:26,433 --> 01:28:27,900
and... and scooted out the door.
1770
01:28:27,902 --> 01:28:29,768
I never received a stand-down order.
1771
01:28:29,770 --> 01:28:33,405
I never... no one ever asked, "stop looking at this."
1772
01:28:34,007 --> 01:28:37,810
Do we think that this was a nation-state actor
1773
01:28:37,812 --> 01:28:40,245
and that there are a limited number of nation-states
1774
01:28:40,247 --> 01:28:43,649
that have such advanced capacity?
1775
01:28:45,485 --> 01:28:47,753
Gibney: Sen McGurk, the Director of Cyber
1776
01:28:47,755 --> 01:28:49,488
for the Department of Homeland Security,
1777
01:28:49,490 --> 01:28:52,324
testified before the Senate about how he thought
1778
01:28:52,326 --> 01:28:55,427
STUXnet was a terrifying threat to the United States.
1779
01:28:55,695 --> 01:28:56,962
Is that not a problem?
1780
01:28:56,964 --> 01:28:58,864
I don't... and... and how... how do you mean?
1781
01:28:59,132 --> 01:29:01,533
That STUXnet was a bad idea?
1782
01:29:01,935 --> 01:29:04,603
Gibney: No, no, no, just that before he knew what it was
1783
01:29:04,605 --> 01:29:06,438
- and what it attacks...
- Oh, I... I get it.
1784
01:29:06,440 --> 01:29:07,840
- Gibney: Yeah...
- Yeah,
1785
01:29:07,842 --> 01:29:09,441
he was responding to something that we...
1786
01:29:09,443 --> 01:29:09,943
Gibney: He thought it was a threat
1787
01:29:10,777 --> 01:29:12,644
to critical infrastructure in the United States.
1788
01:29:12,646 --> 01:29:14,346
Yeah. The worm is loose!
1789
01:29:14,348 --> 01:29:16,215
Gibney: The worm is loose. I understand.
1790
01:29:16,217 --> 01:29:19,218
But there's... there's a further theory
1791
01:29:19,220 --> 01:29:20,819
having to do with whether or not,
1792
01:29:20,821 --> 01:29:23,055
following upon David Sanger...
1793
01:29:23,057 --> 01:29:24,957
I got the subplot, and who did that?
1794
01:29:24,959 --> 01:29:26,859
Was it the Israelis? And, yeah, I...
1795
01:29:27,460 --> 01:29:30,362
I truly don't know, and even though I don't know,
1796
01:29:30,364 --> 01:29:32,064
I still can't talk about it, all right?
1797
01:29:32,365 --> 01:29:35,901
STUXnet was somebody's covert action, all right?
1798
01:29:36,135 --> 01:29:37,803
And the definition of covert action
1799
01:29:37,805 --> 01:29:40,706
is an activity in which you want to have the hand
1800
01:29:40,708 --> 01:29:42,708
of the actor forever hidden.
1801
01:29:43,076 --> 01:29:46,245
So by definition, it's gonna end up in this
1802
01:29:46,247 --> 01:29:48,146
"we don't talk about these things" box.
1803
01:29:53,820 --> 01:29:56,688
Sanger: To this day, the United States government
1804
01:29:56,690 --> 01:29:58,824
has never acknowledged
1805
01:29:58,826 --> 01:30:03,295
conducting any offensive cyber attack anywhere in the world.
1806
01:30:05,331 --> 01:30:10,235
But thanks to Mr. Snowden, we know that in 2012
1807
01:30:10,237 --> 01:30:12,638
President Obama issued an Executive Order
1808
01:30:12,839 --> 01:30:15,574
that laid out some of the conditions
1809
01:30:15,576 --> 01:30:18,043
under which cyber weapons can be used.
1810
01:30:18,045 --> 01:30:21,613
And interestingly, every use of a cyber weapon
1811
01:30:21,615 --> 01:30:24,650
requires presidential sign-off.
1812
01:30:25,885 --> 01:30:29,721
That is only true in the physical world
1813
01:30:29,723 --> 01:30:31,590
for nuclear weapons.
1814
01:30:42,902 --> 01:30:45,203
Clarke: Nuclear war and nuclear weapons are vastly different
1815
01:30:45,205 --> 01:30:47,072
from cyber war and cyber weapons.
1816
01:30:47,074 --> 01:30:50,042
Having said that, there are some similarities.
1817
01:30:50,044 --> 01:30:52,444
And in the early 1960s,
1818
01:30:52,879 --> 01:30:54,780
the United States government suddenly realized
1819
01:30:54,782 --> 01:30:56,848
it had thousands of nuclear weapons,
1820
01:30:57,050 --> 01:30:58,717
big ones and little ones,
1821
01:30:58,719 --> 01:31:01,053
weapons on jeeps, weapons on submarines,
1822
01:31:01,921 --> 01:31:04,056
and it really didn't have a doctrine.
1823
01:31:04,058 --> 01:31:05,891
It really didn't have a strategy.
1824
01:31:05,893 --> 01:31:07,659
It really didn't have an understanding
1825
01:31:07,927 --> 01:31:10,062
at the policy level about how he was going to use
1826
01:31:10,064 --> 01:31:11,229
all of these things.
1827
01:31:11,798 --> 01:31:13,799
And so academics
1828
01:31:13,801 --> 01:31:16,635
started publishing unclassified documents
1829
01:31:16,637 --> 01:31:20,505
about nuclear war and nuclear weapons.
1830
01:31:22,977 --> 01:31:24,242
Sanger: And the result was
1831
01:31:24,610 --> 01:31:26,945
more than 20 years, in the United States,
1832
01:31:26,947 --> 01:31:29,648
of very vigorous national debates
1833
01:31:30,183 --> 01:31:33,719
about how we want to go use nuclear weapons.
1834
01:31:37,091 --> 01:31:39,358
And not only did that cause the Congress
1835
01:31:39,360 --> 01:31:41,760
and people in the executive branch in Washington
1836
01:31:41,762 --> 01:31:43,495
to think about these things,
1837
01:31:43,497 --> 01:31:46,765
it caused the Russians to think about these things.
1838
01:31:47,700 --> 01:31:50,936
And out of that grew nuclear doctrine,
1839
01:31:50,938 --> 01:31:52,604
mutual assured destruction,
1840
01:31:52,606 --> 01:31:57,743
all of that complicated set of nuclear dynamics.
1841
01:31:58,344 --> 01:32:01,313
Today, on this vital issue at least,
1842
01:32:01,315 --> 01:32:03,382
we have seen what can be accomplished
1843
01:32:03,384 --> 01:32:05,050
when we pull together.
1844
01:32:05,052 --> 01:32:09,221
We can't have that discussion in a sensible way right now
1845
01:32:09,489 --> 01:32:11,556
about cyber war and cyber weapons
1846
01:32:11,558 --> 01:32:12,924
because everything is secret.
1847
01:32:13,860 --> 01:32:17,062
And when you get into a discussion
1848
01:32:17,064 --> 01:32:20,165
with people in the government, people still in the government,
1849
01:32:20,167 --> 01:32:21,700
people who have security clearances,
1850
01:32:21,968 --> 01:32:23,201
you run into a brick wall.
1851
01:32:23,469 --> 01:32:24,803
Trying to stop Iran
1852
01:32:24,805 --> 01:32:28,140
is really the... my number one job, and I think...
1853
01:32:28,142 --> 01:32:29,541
Host: And let me ask you, in that context,
1854
01:32:29,543 --> 01:32:31,576
about the STUXnet computer virus potentially...
1855
01:32:31,578 --> 01:32:33,145
You can ask, but I won't comment.
1856
01:32:34,214 --> 01:32:35,313
Host: Can you tell us anything?
1857
01:32:35,315 --> 01:32:36,481
No.
1858
01:32:36,483 --> 01:32:38,917
What do you think has had the most impact
1859
01:32:38,919 --> 01:32:41,053
on their nuclear decision-making,
1860
01:32:41,055 --> 01:32:42,754
the STUXnet virus?
1861
01:32:42,756 --> 01:32:45,023
I can't talk about STUXnet.
1862
01:32:45,025 --> 01:32:49,428
I can't even talk about the operation of Iran centrifuges.
1863
01:32:49,595 --> 01:32:51,830
Was the U.S. involved in any way
1864
01:32:51,832 --> 01:32:53,432
in the development of STUXnet?
1865
01:32:53,900 --> 01:32:56,601
It's hard to get into any kind of comment on that
1866
01:32:56,603 --> 01:32:58,737
till we've finished any... our examination.
1867
01:32:59,572 --> 01:33:00,906
But, sir, I'm not asking you
1868
01:33:00,908 --> 01:33:02,874
if you think another country was involved.
1869
01:33:02,876 --> 01:33:04,876
I'm asking you if the U.S. was involved.
1870
01:33:04,878 --> 01:33:07,245
And we're... this is not something
1871
01:33:07,247 --> 01:33:09,207
that we're gonna be able to answer at this point.
1872
01:33:09,549 --> 01:33:11,883
Look, for the longest time, I was in fear that
1873
01:33:11,885 --> 01:33:13,385
I couldn't actually say the phrase
1874
01:33:13,387 --> 01:33:15,053
"computer network attack."
1875
01:33:15,055 --> 01:33:17,923
This stuff is hideously overclassified,
1876
01:33:17,925 --> 01:33:20,058
and it gets into the way of a...
1877
01:33:20,060 --> 01:33:22,861
Of a mature public discussion
1878
01:33:22,863 --> 01:33:25,397
as to what it is we as a democracy
1879
01:33:25,399 --> 01:33:29,568
want our nation to be doing up here in the cyber domain.
1880
01:33:29,570 --> 01:33:32,404
Now, this is a former director of NSA and CIA
1881
01:33:32,406 --> 01:33:34,372
saying this stuff is overclassified.
1882
01:33:34,607 --> 01:33:38,110
One of the reasons this is highly classified as it is
1883
01:33:38,112 --> 01:33:39,711
this is a peculiar weapons system.
1884
01:33:39,713 --> 01:33:41,713
This is a weapons system that's come out of
1885
01:33:41,715 --> 01:33:43,048
the espionage community,
1886
01:33:43,050 --> 01:33:46,318
and... and so those people have a habit of secrecy.
1887
01:33:46,320 --> 01:33:48,620
Secrecy is still justifiable in certain cases
1888
01:33:48,622 --> 01:33:51,823
to protect sources or to protect national security
1889
01:33:51,825 --> 01:33:54,993
but when we deal with secrecy, don't hide behind it
1890
01:33:54,995 --> 01:33:58,930
to use as an excuse to not disclose something properly
1891
01:33:58,932 --> 01:34:00,966
that you know should be
1892
01:34:00,968 --> 01:34:02,234
or that the American people
1893
01:34:02,236 --> 01:34:03,502
need ultimately to see.
1894
01:34:06,172 --> 01:34:08,240
Gibney: While most government officials refused
1895
01:34:08,242 --> 01:34:09,708
to acknowledge the operation,
1896
01:34:10,309 --> 01:34:13,078
at least one key insider did leak parts of the story
1897
01:34:13,080 --> 01:34:14,179
to the press.
1898
01:34:14,181 --> 01:34:18,083
In 2012, David Sanger wrote a detailed account
1899
01:34:18,085 --> 01:34:21,419
of Olympic Games that unmasked the extensive joint operation
1900
01:34:21,421 --> 01:34:23,355
between the U.S. and Israel
1901
01:34:23,357 --> 01:34:25,590
to launch cyber attacks on Natanz.
1902
01:34:26,459 --> 01:34:28,326
Sanger: The publication of this story
1903
01:34:28,328 --> 01:34:30,362
coming at a time that turned out that there were
1904
01:34:30,364 --> 01:34:33,165
a number of other unrelated national security stories
1905
01:34:33,167 --> 01:34:35,834
being published, lead to the announcement
1906
01:34:35,836 --> 01:34:39,204
of investigations by the Attorney General.
1907
01:34:39,672 --> 01:34:41,973
Gibney: In... into the press and into the leaks?
1908
01:34:41,975 --> 01:34:43,508
Into the press and into the leaks.
1909
01:34:45,978 --> 01:34:47,145
Gibney: Soon after the article,
1910
01:34:47,147 --> 01:34:49,314
the Obama administration targeted
1911
01:34:49,316 --> 01:34:52,350
General James Cartwright in a criminal investigation
1912
01:34:52,352 --> 01:34:53,618
for allegedly leaking
1913
01:34:53,620 --> 01:34:55,954
classified details about STUXnet.
1914
01:34:57,323 --> 01:34:58,823
Journalist: There are reports of cyber attacks
1915
01:34:58,825 --> 01:35:01,626
on the Iranian nuclear program that you ordered.
1916
01:35:01,628 --> 01:35:03,128
What's your reaction to this information getting out?
1917
01:35:03,130 --> 01:35:04,729
Well, first of all, I'm not gonna comment on the...
1918
01:35:04,731 --> 01:35:08,099
The details of... what are...
1919
01:35:10,469 --> 01:35:14,773
Supposed to be classified items.
1920
01:35:15,575 --> 01:35:17,943
Since I've been in office, my attitude has been
1921
01:35:18,177 --> 01:35:21,446
zero tolerance for these kinds of leaks.
1922
01:35:22,048 --> 01:35:23,715
We have mechanisms in place
1923
01:35:24,016 --> 01:35:27,552
where, if we can root out folks who have leaked,
1924
01:35:28,354 --> 01:35:29,788
they will suffer consequences.
1925
01:35:30,156 --> 01:35:32,557
It became a significant issue
1926
01:35:32,559 --> 01:35:34,826
and a very wide-ranging investigation
1927
01:35:34,828 --> 01:35:37,262
in which I think most of the people who were cleared
1928
01:35:37,264 --> 01:35:38,830
for Olympic Games at some point
1929
01:35:38,832 --> 01:35:40,699
had been, you know, interviewed and so forth.
1930
01:35:40,701 --> 01:35:42,400
When STUXnet hit the media,
1931
01:35:42,402 --> 01:35:44,603
they polygraphed everyone in our office,
1932
01:35:44,605 --> 01:35:46,204
including people who didn't know shit.
1933
01:35:46,206 --> 01:35:48,340
You know, they polyed the interns, for God's sake.
1934
01:35:48,874 --> 01:35:50,275
These are criminal acts
1935
01:35:50,277 --> 01:35:51,910
when they release information like this,
1936
01:35:52,445 --> 01:35:56,281
and we will conduct thorough investigations
1937
01:35:56,882 --> 01:35:58,650
as we have in the past.
1938
01:36:00,686 --> 01:36:02,921
Gibney: The administration never filed charges,
1939
01:36:03,256 --> 01:36:05,056
possibly afraid that a prosecution
1940
01:36:05,058 --> 01:36:07,926
would reveal classified details about STUXnet.
1941
01:36:08,861 --> 01:36:12,297
To this day, no one in the U.S. or Israeli governments
1942
01:36:12,299 --> 01:36:14,366
has officially acknowledged the existence
1943
01:36:14,368 --> 01:36:15,834
of the joint operation.
1944
01:36:17,803 --> 01:36:19,271
I would never compromise
1945
01:36:19,273 --> 01:36:21,039
ongoing operations in the field,
1946
01:36:21,041 --> 01:36:25,110
but we should be able to talk about capability.
1947
01:36:26,479 --> 01:36:27,979
We can talk about our...
1948
01:36:29,115 --> 01:36:31,883
Bunker busters, why not our cyber weapons?
1949
01:36:32,251 --> 01:36:33,318
I mean, the secrecy
1950
01:36:33,320 --> 01:36:35,020
of the operation has been blown.
1951
01:36:36,555 --> 01:36:38,590
Our friends in Israel took a weapon
1952
01:36:38,592 --> 01:36:40,058
that we jointly developed,
1953
01:36:40,060 --> 01:36:42,193
in part to keep Israel from doing something crazy,
1954
01:36:42,628 --> 01:36:44,429
and then used it on their own in a way
1955
01:36:44,431 --> 01:36:45,797
that blew the cover of the operation
1956
01:36:45,799 --> 01:36:46,965
and could have led to war.
1957
01:36:46,967 --> 01:36:48,400
And we can't talk about that?
1958
01:36:52,938 --> 01:36:55,018
Mowatt-Larssen: There's a way to talk about STUXnet.
1959
01:36:55,408 --> 01:36:56,775
It happened.
1960
01:36:56,777 --> 01:36:59,644
That... to deny that it happened is... is foolish.
1961
01:36:59,646 --> 01:37:01,579
So the fact it happened
1962
01:37:01,581 --> 01:37:03,081
is really what we're talking about here.
1963
01:37:03,083 --> 01:37:04,916
What does... what are the implications
1964
01:37:04,918 --> 01:37:07,752
of the fact that we now are in a post-STUXnet world?
1965
01:37:08,254 --> 01:37:10,689
What I said to David Sanger was,
1966
01:37:10,691 --> 01:37:13,391
"I understand the difference in destruction is dramatic,
1967
01:37:13,626 --> 01:37:16,094
but this has the whiff of August 1945."
1968
01:37:16,929 --> 01:37:18,496
Somebody just used a new weapon,
1969
01:37:18,864 --> 01:37:21,599
and this weapon will not be put back into the box.
1970
01:37:22,034 --> 01:37:24,703
I... I know no operational details
1971
01:37:24,705 --> 01:37:27,639
and don't know what anyone did or didn't do
1972
01:37:27,641 --> 01:37:30,275
before someone decided to use the weapon, all right.
1973
01:37:30,609 --> 01:37:31,843
I do know this.
1974
01:37:31,845 --> 01:37:33,745
If we go out and do something,
1975
01:37:34,513 --> 01:37:36,614
most of the rest of the world now thinks
1976
01:37:36,816 --> 01:37:38,196
that's the new standard
1977
01:37:38,384 --> 01:37:41,252
and it's something that they now feel legitimated to do as well.
1978
01:37:42,655 --> 01:37:44,122
But the rules of engagement,
1979
01:37:44,124 --> 01:37:46,691
international norms, treaty standards,
1980
01:37:46,693 --> 01:37:48,526
they don't exist right now.
1981
01:37:52,365 --> 01:37:55,533
Brown: The law of war, because it began to develop so long ago
1982
01:37:55,535 --> 01:37:59,104
is really dependent on thinking of things kinetically
1983
01:37:59,472 --> 01:38:00,972
and the physical realm.
1984
01:38:01,240 --> 01:38:04,642
So for example, we think in terms of attacks.
1985
01:38:05,578 --> 01:38:07,812
You know an attack when it happens in the kinetic world.
1986
01:38:07,814 --> 01:38:09,547
It's not really much of a mystery.
1987
01:38:09,549 --> 01:38:12,484
But in cyberspace it is sort of confusing to think,
1988
01:38:13,052 --> 01:38:14,519
how far do we have to go
1989
01:38:14,521 --> 01:38:16,721
before something is considered an attack?
1990
01:38:16,889 --> 01:38:20,658
So we have to take all the vocabulary
1991
01:38:21,160 --> 01:38:23,995
and the terms that we use in strategy
1992
01:38:23,997 --> 01:38:25,630
and military operations
1993
01:38:25,865 --> 01:38:28,933
and adapt them into the cyber realm.
1994
01:38:30,269 --> 01:38:31,703
Sanger: For nuclear we have these
1995
01:38:31,705 --> 01:38:33,638
extensive inspection regimes.
1996
01:38:33,939 --> 01:38:36,007
The Russians come and look at our silos.
1997
01:38:36,342 --> 01:38:37,942
We go and look at their silos.
1998
01:38:38,411 --> 01:38:40,412
Bad as things get between the two countries,
1999
01:38:40,613 --> 01:38:42,514
those inspection regimes have held up.
2000
01:38:42,516 --> 01:38:45,417
But working that our for... for cyber
2001
01:38:45,419 --> 01:38:46,985
would be virtually impossible.
2002
01:38:47,286 --> 01:38:48,653
Where do you send your inspector?
2003
01:38:49,021 --> 01:38:51,089
Inside the laptop of, you know...
2004
01:38:51,424 --> 01:38:53,784
How many laptops are there in the United States and Russia?
2005
01:38:54,059 --> 01:38:56,261
It's much more difficult in the cyber area
2006
01:38:56,263 --> 01:38:58,596
to construct an international regime
2007
01:38:58,598 --> 01:39:01,633
based on treaty commitments and rules of the road
2008
01:39:01,635 --> 01:39:02,801
and so forth.
2009
01:39:02,803 --> 01:39:06,104
Although, we've tried to have discussions with the Chinese
2010
01:39:06,106 --> 01:39:08,139
and Russians and so forth about that,
2011
01:39:08,141 --> 01:39:09,507
but it's very difficult.
2012
01:39:10,609 --> 01:39:14,112
Brown: Right now, the norm in cyberspace is
2013
01:39:14,114 --> 01:39:15,474
do whatever you can get away with.
2014
01:39:16,449 --> 01:39:18,850
That's not a good norm, but it's the norm that we have.
2015
01:39:19,418 --> 01:39:21,486
That's the norm that's preferred by states
2016
01:39:21,488 --> 01:39:24,122
that are engaging in lots of different kinds of activities
2017
01:39:24,124 --> 01:39:26,364
that they feel are benefitting their national security.
2018
01:39:27,393 --> 01:39:29,994
Yadlin: Those who excel in cyber
2019
01:39:29,996 --> 01:39:32,797
are trying to slow down the process
2020
01:39:32,799 --> 01:39:34,466
of creating regulation.
2021
01:39:34,934 --> 01:39:38,770
Those who are victims we like the regulation
2022
01:39:38,772 --> 01:39:42,507
to be in the open as... as soon as possible.
2023
01:39:44,677 --> 01:39:47,512
Brown: International law in this area is written by custom,
2024
01:39:47,514 --> 01:39:50,615
and customary law requires a nation to say,
2025
01:39:50,617 --> 01:39:52,497
this is what we did and this is why we did it.
2026
01:39:53,152 --> 01:39:56,087
And the U.S. doesn't want to push the law in that direction
2027
01:39:56,089 --> 01:39:58,523
and so it chooses not to disclose its involvement.
2028
01:39:59,091 --> 01:40:01,292
And one of the reasons that I thought it was important
2029
01:40:01,294 --> 01:40:04,162
to tell the story of Olympic Games
2030
01:40:04,164 --> 01:40:06,965
was not simply because it's a cool spy story,
2031
01:40:06,967 --> 01:40:10,201
it is, but it's because as a nation...
2032
01:40:11,370 --> 01:40:14,939
We need to have a debate about how we want to use cyber weapons
2033
01:40:15,174 --> 01:40:18,676
because we are the most vulnerable nation on earth
2034
01:40:18,844 --> 01:40:20,678
to cyber-attack ourselves.
2035
01:40:24,650 --> 01:40:27,151
McGurk: If you get up in the morning and turn off your alarm
2036
01:40:27,153 --> 01:40:31,523
and make coffee and pump gas and use the ATM,
2037
01:40:32,057 --> 01:40:33,858
you've touched industrial control systems.
2038
01:40:33,860 --> 01:40:35,527
It's what powers our lives.
2039
01:40:35,861 --> 01:40:38,496
And unfortunately, these systems are connected
2040
01:40:38,498 --> 01:40:42,166
and interconnected in some ways that make them vulnerable.
2041
01:40:42,168 --> 01:40:44,903
Critical infrastructure systems generally were built
2042
01:40:44,905 --> 01:40:47,539
years and years and years ago without security in mind
2043
01:40:47,541 --> 01:40:49,641
and they didn't realize how things were gonna change,
2044
01:40:49,643 --> 01:40:51,876
maybe they weren't even meant to be connected to the Internet.
2045
01:40:51,878 --> 01:40:54,979
And we've seen, through a lot of experimentation
2046
01:40:54,981 --> 01:40:57,615
and through also, unfortunately, a lot of attacks
2047
01:40:57,917 --> 01:41:00,251
that most of these systems are relatively easy
2048
01:41:00,253 --> 01:41:02,921
for a sophisticated hacker to get into.
2049
01:41:04,891 --> 01:41:06,691
Let's say you took over the control system
2050
01:41:06,693 --> 01:41:09,427
of a railway. You could switch tracks.
2051
01:41:09,895 --> 01:41:12,196
You could cause derailments of trains
2052
01:41:12,198 --> 01:41:13,998
carrying explosive materials.
2053
01:41:15,200 --> 01:41:18,436
What if you were in the control system of gas pipelines
2054
01:41:18,771 --> 01:41:21,339
and when a valve was supposed to be open,
2055
01:41:21,341 --> 01:41:24,008
it was closed and the pressure built up
2056
01:41:24,209 --> 01:41:25,743
and the pipeline exploded?
2057
01:41:26,712 --> 01:41:30,648
There are companies that run electric power generation
2058
01:41:31,050 --> 01:41:32,951
or electric power distribution
2059
01:41:33,218 --> 01:41:35,253
that we know have been hacked
2060
01:41:35,621 --> 01:41:38,056
by foreign entities that have the ability
2061
01:41:38,058 --> 01:41:39,691
to shut down the power grid.
2062
01:41:40,259 --> 01:41:42,360
Sanger: Imagine for a moment
2063
01:41:42,362 --> 01:41:45,129
that not only all the power went off on the east coast,
2064
01:41:45,431 --> 01:41:47,465
but the entire Internet came down.
2065
01:41:48,133 --> 01:41:50,668
Imagine what the economic impact of that is
2066
01:41:51,136 --> 01:41:53,271
even if it only lasted for 24 hours.
2067
01:41:55,641 --> 01:41:57,308
Newsreader: According to the officials,
2068
01:41:57,310 --> 01:42:00,545
Iran is the first country ever in the Middle East
2069
01:42:00,547 --> 01:42:03,047
to actually be engaged in a cyber war
2070
01:42:03,049 --> 01:42:05,249
with the United States and Israel.
2071
01:42:05,251 --> 01:42:08,620
If anything they said the recent cyber attacks
2072
01:42:08,622 --> 01:42:10,788
were what encouraged them to plan to set up
2073
01:42:10,790 --> 01:42:14,125
the cyber Army, which will gather computer scientists,
2074
01:42:14,127 --> 01:42:16,961
programmers, software engineers...
2075
01:42:16,963 --> 01:42:19,897
Kiyaei: If you are a youth and you see assassination
2076
01:42:19,899 --> 01:42:21,532
of a nuclear scientist,
2077
01:42:21,934 --> 01:42:24,402
your nuclear facilities are getting attacked,
2078
01:42:25,104 --> 01:42:28,406
wouldn't you join your national cyber Army?
2079
01:42:29,108 --> 01:42:30,408
Well, many did.
2080
01:42:30,676 --> 01:42:33,845
And that's why today, Iran has one of the largest...
2081
01:42:35,014 --> 01:42:37,415
Cyber armies in the world.
2082
01:42:37,916 --> 01:42:40,318
So whoever initiated this
2083
01:42:40,320 --> 01:42:42,820
and was very proud of themselves to see that little dip
2084
01:42:43,322 --> 01:42:47,558
in Iran's centrifuge numbers, should look back now
2085
01:42:48,027 --> 01:42:51,596
and acknowledge that it was a major mistake.
2086
01:42:52,197 --> 01:42:55,433
Very quickly, Iran sent a message
2087
01:42:55,435 --> 01:42:59,137
to the United States, very sophisticated message,
2088
01:42:59,139 --> 01:43:01,939
and they did that with two attacks.
2089
01:43:02,608 --> 01:43:05,410
First, they attacked Saudi Aramco,
2090
01:43:05,711 --> 01:43:07,679
the biggest oil company in the world,
2091
01:43:08,013 --> 01:43:10,715
and wiped out every piece of software,
2092
01:43:10,717 --> 01:43:15,119
every line of code, on 30,000 computer devices.
2093
01:43:16,488 --> 01:43:22,060
Then Iran did a surge attack on the American banks.
2094
01:43:22,062 --> 01:43:24,996
The most extensive attack on American banks ever
2095
01:43:24,998 --> 01:43:27,832
launched from the Middle East, happening right now.
2096
01:43:27,834 --> 01:43:29,154
Newsreader: Millions of customers
2097
01:43:29,368 --> 01:43:32,737
trying to bank online this week blocked, among the targets,
2098
01:43:32,971 --> 01:43:35,807
Bank of America, PNC, and Wells Fargo.
2099
01:43:36,075 --> 01:43:39,477
The U.S. suspects hackers in Iran may be involved.
2100
01:43:41,380 --> 01:43:43,414
NSA source: When Iran hit our banks,
2101
01:43:43,416 --> 01:43:45,817
we could have shut down their botnet,
2102
01:43:45,819 --> 01:43:47,985
but the state department got nervous,
2103
01:43:48,187 --> 01:43:50,888
because the servers weren't actually in Iran.
2104
01:43:51,557 --> 01:43:53,891
So until there was a diplomatic solution,
2105
01:43:54,326 --> 01:43:56,961
Obama let the private sector deal with the problem.
2106
01:43:57,563 --> 01:44:00,498
I imagine that in the White House Situation Room
2107
01:44:00,833 --> 01:44:02,900
people sat around and said...
2108
01:44:03,569 --> 01:44:06,604
Let me be clear, I don't imagine, I know.
2109
01:44:06,939 --> 01:44:09,507
People sat around in the White House Situation Room
2110
01:44:09,509 --> 01:44:12,543
and said, "the Iranians have sent us a message
2111
01:44:12,545 --> 01:44:16,781
which is essentially, 'stop attacking us in cyberspace
2112
01:44:16,783 --> 01:44:19,317
the way you did at Natanz with STUXnet.
2113
01:44:19,752 --> 01:44:21,119
We can do it, too.'"
2114
01:44:23,021 --> 01:44:25,590
Melman: There are unintended consequences
2115
01:44:25,592 --> 01:44:27,658
of the STUXnet attack.
2116
01:44:28,093 --> 01:44:31,863
You wanted to cause confusion and damage to the other side,
2117
01:44:31,865 --> 01:44:34,632
but then the other side can do the same to you.
2118
01:44:35,400 --> 01:44:38,302
The monster turned against its creators,
2119
01:44:38,304 --> 01:44:40,705
and now everyone is in this game.
2120
01:44:41,607 --> 01:44:44,075
They did a good job in showing the world,
2121
01:44:44,077 --> 01:44:47,478
including the bad guys, what you would need to do
2122
01:44:47,480 --> 01:44:49,614
in order to cause serious trouble
2123
01:44:49,882 --> 01:44:52,383
that could lead to injuries and death.
2124
01:44:52,651 --> 01:44:55,453
It's inevitable that more countries will acquire
2125
01:44:55,455 --> 01:44:57,755
the capacity to use cyber,
2126
01:44:57,757 --> 01:45:01,225
both for espionage and for destructive activities.
2127
01:45:01,994 --> 01:45:04,328
And we've seen this in some of the recent conflicts
2128
01:45:04,330 --> 01:45:05,797
that Russia's been involved in.
2129
01:45:05,998 --> 01:45:08,666
If there's a war, then somebody will try to knock out
2130
01:45:08,668 --> 01:45:11,068
our communication system or the radar.
2131
01:45:11,070 --> 01:45:13,638
McGurk: State-sponsored cyber sleeper cells,
2132
01:45:14,072 --> 01:45:15,907
they're out there everywhere today.
2133
01:45:16,141 --> 01:45:18,476
It could be for communications purposes.
2134
01:45:18,478 --> 01:45:20,678
It could be for data exfiltration.
2135
01:45:20,946 --> 01:45:24,549
It could be to, you know, Shepherd in the next STUXnet.
2136
01:45:24,950 --> 01:45:26,818
I mean, you've been focusing on STUXnet,
2137
01:45:26,820 --> 01:45:28,352
but that was just a small part
2138
01:45:28,354 --> 01:45:30,521
of a much larger Iranian mission.
2139
01:45:31,256 --> 01:45:32,976
Gibney: There was a larger Iranian mission?
2140
01:45:36,028 --> 01:45:39,263
Nitro Zeus. NZ.
2141
01:45:40,632 --> 01:45:44,836
We spent hundreds of millions, maybe billions on it.
2142
01:45:47,439 --> 01:45:51,008
In the event the Israelis did attack Iran,
2143
01:45:51,010 --> 01:45:53,678
we assumed we would be drawn into the conflict.
2144
01:45:55,047 --> 01:45:58,516
We built in attacks on Iran's command-and-control system
2145
01:45:58,518 --> 01:46:00,885
so the Iranians couldn't talk to each other in a fight.
2146
01:46:01,386 --> 01:46:04,922
We infiltrated their iads, military air defense systems,
2147
01:46:05,224 --> 01:46:07,464
so they couldn't shoot down our planes if we flew over.
2148
01:46:08,026 --> 01:46:11,128
We also went after their civilian support systems,
2149
01:46:11,130 --> 01:46:13,698
power grids, transportation,
2150
01:46:14,066 --> 01:46:16,868
communications, financial systems.
2151
01:46:17,469 --> 01:46:20,771
We were inside waiting, watching,
2152
01:46:21,039 --> 01:46:24,041
ready to disrupt, degrade, and destroy those systems
2153
01:46:24,043 --> 01:46:25,376
with cyber-attacks.
2154
01:46:29,014 --> 01:46:30,481
And in comparison,
2155
01:46:30,716 --> 01:46:32,950
STUXnet was a back alley operation.
2156
01:46:34,086 --> 01:46:37,588
NZ was the plan for a full-scale cyber war
2157
01:46:37,590 --> 01:46:39,457
with no attribution.
2158
01:46:40,225 --> 01:46:41,726
The question is, is that the kind of world
2159
01:46:41,728 --> 01:46:42,868
we want to live in?
2160
01:46:43,262 --> 01:46:47,031
And if we don't, as citizens, how do we go about a process
2161
01:46:47,033 --> 01:46:49,033
where we have a more sane discussion?
2162
01:46:49,035 --> 01:46:51,435
We need an entirely new way of thinking about
2163
01:46:51,437 --> 01:46:53,004
how we're gonna solve this problem.
2164
01:46:53,939 --> 01:46:56,073
You're not going to get an entirely new way
2165
01:46:56,075 --> 01:46:57,475
of solving this problem
2166
01:46:57,776 --> 01:47:00,578
until you begin to have an open acknowledgement
2167
01:47:01,079 --> 01:47:03,414
that we have cyber weapons as well,
2168
01:47:04,283 --> 01:47:07,318
and that we may have to agree to some limits on their use
2169
01:47:07,853 --> 01:47:10,187
if we're going to get other nations to limit their use.
2170
01:47:10,189 --> 01:47:11,756
It's not gonna be a one-way street.
2171
01:47:11,957 --> 01:47:14,625
I'm old enough to have worked on nuclear arms control
2172
01:47:14,960 --> 01:47:17,461
and biological weapons arms control
2173
01:47:17,463 --> 01:47:19,630
and chemical weapons arms control.
2174
01:47:20,799 --> 01:47:25,269
And I was told in each of those types of arms control,
2175
01:47:25,271 --> 01:47:26,604
when we were beginning,
2176
01:47:26,905 --> 01:47:29,874
"it's too hard. There are all these problems.
2177
01:47:30,142 --> 01:47:32,243
It's technical. There's engineering.
2178
01:47:32,245 --> 01:47:33,911
There's science involved.
2179
01:47:33,913 --> 01:47:36,247
There are real verification difficulties.
2180
01:47:36,249 --> 01:47:37,782
You'll never get there."
2181
01:47:38,216 --> 01:47:40,618
Well, it took 20, 30 years in some cases,
2182
01:47:41,053 --> 01:47:42,820
but we have a biological weapons treaty
2183
01:47:42,822 --> 01:47:44,221
that's pretty damn good.
2184
01:47:44,223 --> 01:47:45,723
We have a chemical weapons treaty
2185
01:47:45,725 --> 01:47:47,124
that's pretty damn good.
2186
01:47:47,292 --> 01:47:49,627
We've got three or four nuclear weapons treaties.
2187
01:47:49,928 --> 01:47:51,529
Yes, it may be hard,
2188
01:47:51,797 --> 01:47:53,898
and it may take 20 or 30 years,
2189
01:47:54,299 --> 01:47:56,867
but it'll never happen unless you get serious about it,
2190
01:47:57,336 --> 01:47:59,303
and it'll never happen unless you start it.
2191
01:48:05,110 --> 01:48:08,079
Today, after two years of negotiations,
2192
01:48:08,513 --> 01:48:11,816
the United States, together with our international partners,
2193
01:48:12,284 --> 01:48:15,686
has achieved something that decades of animosity has not,
2194
01:48:16,321 --> 01:48:18,222
a comprehensive, long-term deal
2195
01:48:18,657 --> 01:48:22,326
with Iran that will prevent it from obtaining a nuclear weapon.
2196
01:48:22,527 --> 01:48:24,996
It was reached in Lausanne, Switzerland,
2197
01:48:24,998 --> 01:48:27,498
by Iran, the U.S., Britain, France,
2198
01:48:27,500 --> 01:48:29,433
Germany, Russia, and China.
2199
01:48:29,435 --> 01:48:32,536
It is a deal in which Iran will cut
2200
01:48:32,538 --> 01:48:36,741
its installed centrifuges by more than two thirds.
2201
01:48:36,942 --> 01:48:40,177
Iran will not enrich uranium with its advanced centrifuges
2202
01:48:40,179 --> 01:48:42,179
for at least the next ten years.
2203
01:48:42,181 --> 01:48:44,815
It will make our country, our allies,
2204
01:48:44,817 --> 01:48:46,450
and our world safer.
2205
01:48:47,352 --> 01:48:51,355
Netanyahu: Seventy years after the murder of 6 million Jews
2206
01:48:51,357 --> 01:48:56,427
Iran's rulers promised to destroy my country,
2207
01:48:56,728 --> 01:49:00,464
and the response from nearly every one of the governments
2208
01:49:00,466 --> 01:49:04,535
represented here has been utter silence.
2209
01:49:05,170 --> 01:49:06,971
Deafening silence.
2210
01:49:14,679 --> 01:49:16,747
Perhaps you can now understand
2211
01:49:17,482 --> 01:49:20,985
why Israel is not joining you in celebrating this deal.
2212
01:49:22,154 --> 01:49:24,555
History shows that America must lead,
2213
01:49:24,557 --> 01:49:27,491
not just with our might, but with our principles.
2214
01:49:28,427 --> 01:49:31,595
It shows we're are stronger, not when we are alone,
2215
01:49:31,597 --> 01:49:33,764
but when we bring the world together.
2216
01:49:34,933 --> 01:49:37,201
Today's announcement marks one more chapter
2217
01:49:37,203 --> 01:49:41,472
in this pursuit of a safer and more helpful,
2218
01:49:41,840 --> 01:49:45,176
more hopeful world. Thank you.
2219
01:49:45,710 --> 01:49:48,946
God bless you, and God bless the United States of America.
2220
01:49:53,351 --> 01:49:55,119
NSA source: Everyone I know is basically
2221
01:49:55,121 --> 01:49:56,654
thrilled with the Iran deal.
2222
01:49:57,222 --> 01:49:59,090
Sanctions and diplomacy worked.
2223
01:49:59,458 --> 01:50:01,725
But behind that deal was a lot of confidence
2224
01:50:01,727 --> 01:50:03,327
in our cyber capability.
2225
01:50:04,396 --> 01:50:07,264
We were everywhere inside Iran. Still are.
2226
01:50:08,133 --> 01:50:10,367
I'm not gonna tell you the operational details
2227
01:50:10,369 --> 01:50:13,003
of what we can do going forward or where...
2228
01:50:14,539 --> 01:50:18,642
But the science fiction cyber war scenario is here.
2229
01:50:18,644 --> 01:50:20,111
That's Nitro Zeus.
2230
01:50:21,546 --> 01:50:24,215
But my concern and the reason I'm talking...
2231
01:50:25,717 --> 01:50:28,652
Is because when you shut down a country's power grid...
2232
01:50:29,955 --> 01:50:32,923
It doesn't just pop back up, you know?
2233
01:50:32,925 --> 01:50:34,725
It's more like humpty-dumpty...
2234
01:50:36,094 --> 01:50:39,964
And if all the king's men can't turn the lights back on
2235
01:50:39,966 --> 01:50:41,866
or filter the water for weeks,
2236
01:50:42,067 --> 01:50:43,968
then lots of people die.
2237
01:50:46,238 --> 01:50:48,172
And something we can do to others,
2238
01:50:48,473 --> 01:50:50,007
they can do to us too.
2239
01:50:51,409 --> 01:50:54,078
Is that something that we should keep quiet?
2240
01:50:55,247 --> 01:50:56,914
Or should we talk about it?
2241
01:50:57,849 --> 01:50:59,750
Gibney: I've gone to many people in this film,
2242
01:50:59,752 --> 01:51:01,519
even friends of mine, who won't talk to me
2243
01:51:01,521 --> 01:51:03,687
about the NSA or STUXnet even off the record
2244
01:51:03,689 --> 01:51:04,989
for fear of going to jail.
2245
01:51:05,357 --> 01:51:07,158
Is that fear protecting us?
2246
01:51:08,326 --> 01:51:10,928
No, but it protects me.
2247
01:51:11,696 --> 01:51:13,097
Or should I say we?
2248
01:51:14,432 --> 01:51:16,167
I'm an actor playing a role
2249
01:51:16,169 --> 01:51:18,302
written from the testimony of a small number of people
2250
01:51:18,304 --> 01:51:19,837
from NSA and CIA,
2251
01:51:20,172 --> 01:51:22,540
all of whom are angry about the secrecy
2252
01:51:22,542 --> 01:51:24,275
but too scared to come forward.
2253
01:51:24,609 --> 01:51:26,043
Now, we're forward.
2254
01:51:27,312 --> 01:51:30,114
Well, forward-leaning.

Scribd Carga

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Scribd Carga

Загружено:

Авторское право:

Доступные форматы

filosofa

Вам также может понравиться