All language subtitles for Zero Days.English

af Afrikaans
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bn Bengali
bs Bosnian
bg Bulgarian
ca Catalan
ceb Cebuano
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
tl Filipino
fi Finnish
fr French
fy Frisian
gl Galician
ka Georgian
de German
el Greek
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
km Khmer
ko Korean
ku Kurdish (Kurmanji)
ky Kyrgyz
lo Lao
la Latin
lv Latvian
lt Lithuanian
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mn Mongolian
my Myanmar (Burmese)
ne Nepali
no Norwegian
ps Pashto
fa Persian
pl Polish
pt Portuguese
pa Punjabi
ro Romanian
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
st Sesotho
sn Shona
sd Sindhi
si Sinhala
sk Slovak
sl Slovenian
so Somali
es Spanish Download
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
te Telugu
th Thai
tr Turkish
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
or Odia (Oriya)
rw Kinyarwanda
tk Turkmen
tt Tatar
ug Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:47,423 --> 00:00:49,551 Through the darkness 2 00:00:49,551 --> 00:00:53,764 of the pathways that we marched, 3 00:00:54,847 --> 00:00:57,893 evil and good lived side by side. 4 00:00:57,893 --> 00:01:00,938 And this is the nature of... Of life. 5 00:01:17,079 --> 00:01:19,373 We are in an unbalanced 6 00:01:19,373 --> 00:01:23,543 and inequivalent confrontation between democracies 7 00:01:23,543 --> 00:01:25,920 who are obliged to play by the rules 8 00:01:26,587 --> 00:01:30,007 and entities who think democracy is a joke. 9 00:01:32,093 --> 00:01:34,471 You can't convince fanatics 10 00:01:34,471 --> 00:01:39,100 by saying, "hey, hatred paralyzes you, 11 00:01:39,100 --> 00:01:40,686 love releases you." 12 00:01:41,770 --> 00:01:46,066 There are different rules that we have to play by. 13 00:02:01,290 --> 00:02:04,293 Female newsreader: Today, two of Iran's top nuclear scientists 14 00:02:04,293 --> 00:02:06,253 were targeted by hit squads. 15 00:02:06,253 --> 00:02:08,296 Female newsreader 2: ...In the capital Tehran. 16 00:02:08,296 --> 00:02:09,923 Male newsreader: ...The latest in a string of attacks. 17 00:02:09,923 --> 00:02:12,175 Female newsreader 3: Today's attack has all the hallmarks 18 00:02:12,175 --> 00:02:14,343 of major strategic sabotage. 19 00:02:14,343 --> 00:02:15,469 Female newsreader 4: Iran immediately accused 20 00:02:15,469 --> 00:02:16,680 the U.S. and Israel 21 00:02:16,680 --> 00:02:18,556 of trying to damage its nuclear program. 22 00:02:18,848 --> 00:02:21,475 Mahmoud ahmadinejad: 23 00:02:28,608 --> 00:02:34,323 I want to categorically deny any United States involvement 24 00:02:34,323 --> 00:02:39,286 in any kind of act of violence inside Iran. 25 00:02:39,286 --> 00:02:42,456 Covert actions can help, 26 00:02:42,456 --> 00:02:44,457 can assist. 27 00:02:45,709 --> 00:02:48,627 They are needed, they are not all the time essential, 28 00:02:48,836 --> 00:02:53,300 and they, in no way, can replace political wisdom. 29 00:02:53,633 --> 00:02:55,885 Alex gibney: Were the assassinations in Iran 30 00:02:55,885 --> 00:02:58,305 related to the stuxnet computer attacks? 31 00:02:59,473 --> 00:03:01,307 Uh, next question, please. 32 00:03:02,893 --> 00:03:04,478 Male newsreader: Iran's infrastructure 33 00:03:04,478 --> 00:03:05,562 is being targeted 34 00:03:05,562 --> 00:03:08,731 by a new and dangerously powerful cyber worm. 35 00:03:08,731 --> 00:03:11,360 The so-called stuxnet worm is specifically designed, 36 00:03:11,360 --> 00:03:13,694 it seems, to infiltrate and sabotage 37 00:03:13,694 --> 00:03:16,823 real-world power plants and factories and refineries. 38 00:03:16,823 --> 00:03:18,240 Male newsreader 2: It's not trying to steal information 39 00:03:18,240 --> 00:03:19,408 or grab your credit card, 40 00:03:19,408 --> 00:03:22,204 they're trying to get into some sort of industrial plant 41 00:03:22,204 --> 00:03:24,830 and wreak havoc trying to blow up an engine or... 42 00:03:24,830 --> 00:03:27,376 Male newsreader 3: 43 00:03:41,055 --> 00:03:42,182 Male newsreader 4: No one knows 44 00:03:42,182 --> 00:03:43,349 who's behind the worm 45 00:03:43,349 --> 00:03:45,018 and the exact nature of its mission, 46 00:03:45,018 --> 00:03:47,853 but there are fears Iran will hold Israel 47 00:03:47,853 --> 00:03:51,233 or America responsible and seek retaliation. 48 00:03:51,233 --> 00:03:52,359 Male newsreader 5: It's not impossible that 49 00:03:52,359 --> 00:03:53,692 some group of hackers did it, 50 00:03:53,692 --> 00:03:55,736 but the security experts that are studying this 51 00:03:55,736 --> 00:03:58,531 really think this required the resource of a nation-state. 52 00:04:04,454 --> 00:04:06,372 Man: Okay, and spinning. 53 00:04:06,372 --> 00:04:07,873 Gibney: Okay, good. Here we go. 54 00:04:09,084 --> 00:04:12,420 What impact, ultimately, did the stuxnet attack have? 55 00:04:12,420 --> 00:04:13,671 Can you say? 56 00:04:14,463 --> 00:04:16,632 I don't want to get into the details. 57 00:04:16,882 --> 00:04:19,386 Gibney: Since the event has already happened, 58 00:04:19,386 --> 00:04:23,098 why can't we talk more openly and publicly about stuxnet? 59 00:04:23,098 --> 00:04:25,975 Yeah, I mean, my answer is because it's classified. 60 00:04:26,435 --> 00:04:29,562 I... I won't knowledge... You know, knowingly 61 00:04:29,562 --> 00:04:31,648 offer up anything I consider classified. 62 00:04:31,648 --> 00:04:33,899 Gibney: I know that you can't talk much about stuxnet, 63 00:04:33,899 --> 00:04:37,278 because stuxnet is officially classified. 64 00:04:37,278 --> 00:04:38,654 You're right on both those counts. 65 00:04:39,113 --> 00:04:40,449 Gibney: But there has been 66 00:04:40,449 --> 00:04:42,576 a lot reported about it in the press. 67 00:04:42,576 --> 00:04:44,786 I don't want to comment on this. 68 00:04:44,786 --> 00:04:49,081 I read it in the newspaper, the media, like you, 69 00:04:49,081 --> 00:04:52,084 but I'm unable to elaborate upon it. 70 00:04:52,293 --> 00:04:54,463 People might find it frustrating 71 00:04:54,463 --> 00:04:57,007 not to be able to talk about it when it's in the public domain, 72 00:04:57,007 --> 00:04:58,425 but... 73 00:04:58,425 --> 00:04:59,925 Gibney: I find it frustrating. 74 00:04:59,925 --> 00:05:01,427 Yeah, I'm sure you do. 75 00:05:01,427 --> 00:05:02,971 I don't answer that question. 76 00:05:02,971 --> 00:05:04,346 Unfortunately, I can't comment. 77 00:05:04,346 --> 00:05:05,973 I do not know how to answer that. 78 00:05:05,973 --> 00:05:08,143 Two answers before you even get started, I don't know, 79 00:05:08,143 --> 00:05:10,978 and if I did, we wouldn't talk about it anyway. 80 00:05:10,978 --> 00:05:12,771 Gibney: How can you have a debate if everything's secret? 81 00:05:12,771 --> 00:05:14,815 I think right now that's just where we are. 82 00:05:15,149 --> 00:05:16,610 No one wants to... 83 00:05:16,610 --> 00:05:18,987 Countries aren't happy about confessing 84 00:05:18,987 --> 00:05:21,781 or owning up to what they did because they're not quite sure 85 00:05:21,781 --> 00:05:23,658 where they want the system to go. 86 00:05:24,283 --> 00:05:26,286 And so whoever was behind stuxnet 87 00:05:26,286 --> 00:05:27,786 hasn't admitted they were behind it. 88 00:05:31,625 --> 00:05:33,502 Gibney: Asking officials about stuxnet 89 00:05:33,502 --> 00:05:35,002 was frustrating and surreal, 90 00:05:35,295 --> 00:05:37,838 like asking the emperor about his new clothes. 91 00:05:38,548 --> 00:05:41,675 Even after the cyber weapon had penetrated computers 92 00:05:41,675 --> 00:05:43,052 all over the world, 93 00:05:43,302 --> 00:05:45,639 no one was willing to admit it was loose 94 00:05:45,639 --> 00:05:48,016 or talk about the dangers it posed. 95 00:05:48,891 --> 00:05:51,144 What was it about the stuxnet operation 96 00:05:51,144 --> 00:05:52,978 that was hiding in plain sight? 97 00:05:54,396 --> 00:05:56,191 Maybe there was a way the computer code 98 00:05:56,191 --> 00:05:57,817 could speak for itself. 99 00:05:58,567 --> 00:06:00,946 Stuxnet first surfaced in Belarus. 100 00:06:01,529 --> 00:06:03,865 I started with a call to the man who discovered it 101 00:06:03,865 --> 00:06:06,867 when his clients in Iran began to panic 102 00:06:06,867 --> 00:06:09,538 over an epidemic of computer shutdowns. 103 00:06:10,372 --> 00:06:13,583 Had you ever seen anything quite so sophisticated before? 104 00:06:13,666 --> 00:06:17,461 I have seen very sophisticated viruses before, 105 00:06:17,670 --> 00:06:21,550 but they didn't have... 106 00:06:24,009 --> 00:06:25,387 this kind of... 107 00:06:26,971 --> 00:06:27,721 zero day. 108 00:06:29,057 --> 00:06:32,560 It was the first time in my practice. 109 00:06:33,353 --> 00:06:36,480 That led me to understand 110 00:06:37,816 --> 00:06:44,822 that I should notify web security companies ASAP 111 00:06:46,533 --> 00:06:51,036 about the fact that such a danger exists. 112 00:07:36,582 --> 00:07:38,459 Eric chien: On a daily basis, basically 113 00:07:38,459 --> 00:07:40,502 we are sifting through 114 00:07:40,502 --> 00:07:44,007 a massive haystack looking for that proverbial needle. 115 00:07:44,882 --> 00:07:47,843 We get millions of pieces of new malicious threats 116 00:07:47,843 --> 00:07:49,721 and there are millions of attacks going on 117 00:07:49,721 --> 00:07:50,930 every single day. 118 00:07:51,096 --> 00:07:53,516 And only way are trying to protect people 119 00:07:53,516 --> 00:07:55,100 and their computers and... And their systems 120 00:07:55,100 --> 00:07:57,812 and countries' infrastructure 121 00:07:57,812 --> 00:07:59,898 from being taken down by those attacks. 122 00:07:59,898 --> 00:08:03,233 But more importantly, we have to find the attacks that matter. 123 00:08:03,233 --> 00:08:04,944 When you're talking about that many, 124 00:08:05,278 --> 00:08:07,529 impact is extremely important. 125 00:08:19,918 --> 00:08:21,627 Eugene kaspersky: Twenty years ago, the antivirus companies, 126 00:08:21,627 --> 00:08:23,338 they were hunting for computer viruses 127 00:08:23,338 --> 00:08:24,588 because there were not so many. 128 00:08:24,588 --> 00:08:27,884 So we had, like, tens of dozens a month, 129 00:08:28,093 --> 00:08:30,678 and there was just little numbers. 130 00:08:30,678 --> 00:08:34,849 Now, we collect millions of unique attacks every month. 131 00:08:36,225 --> 00:08:38,687 Vitaly kamluk: This room we call a woodpecker's room 132 00:08:38,687 --> 00:08:40,020 or a virus lab, 133 00:08:40,230 --> 00:08:42,190 and this is where virus analysts sit. 134 00:08:42,190 --> 00:08:44,149 We call them woodpeckers because they are 135 00:08:44,149 --> 00:08:46,653 pecking the worms, network worms, and viruses. 136 00:08:47,528 --> 00:08:50,740 And we see, like, three different groups of hackers 137 00:08:50,740 --> 00:08:52,325 behind cyber-attacks. 138 00:08:53,076 --> 00:08:54,869 They are traditional cyber criminals. 139 00:08:54,994 --> 00:08:58,831 Those guys are interested only in illegal profit. 140 00:08:58,831 --> 00:09:00,250 And quick and dirty money. 141 00:09:00,250 --> 00:09:02,418 Activists, or hacktivists, 142 00:09:02,418 --> 00:09:04,796 they are hacking for fun or hacking to push 143 00:09:04,796 --> 00:09:06,047 some political message. 144 00:09:06,297 --> 00:09:08,674 And the third group is nation-states. 145 00:09:08,841 --> 00:09:11,760 They're interested in high-quality intelligence 146 00:09:11,760 --> 00:09:13,221 or sabotage activity. 147 00:09:14,471 --> 00:09:16,975 Chien: Security companies not only share information 148 00:09:16,975 --> 00:09:18,726 but we also share binary samples. 149 00:09:18,726 --> 00:09:20,311 So when this threat was found 150 00:09:20,311 --> 00:09:22,147 by a Belarusian security company 151 00:09:22,147 --> 00:09:24,481 on one of their customer's machines in Iran, 152 00:09:24,481 --> 00:09:27,067 the sample was shared amongst the security community. 153 00:09:27,985 --> 00:09:29,571 When we try to name threats, we just try to pick 154 00:09:29,571 --> 00:09:31,614 some sort of string, some sort of words, 155 00:09:31,614 --> 00:09:34,200 that are inside of the binary. 156 00:09:35,368 --> 00:09:37,703 In this case, there was a couple of words in there 157 00:09:37,703 --> 00:09:40,706 and we took pieces of each, and that formed stuxnet. 158 00:09:43,168 --> 00:09:46,379 I got the news about stuxnet from one of my engineers. 159 00:09:46,379 --> 00:09:49,090 He came to my office, opened the door, 160 00:09:49,631 --> 00:09:52,634 and he said, "so, Eugene, of course you know that 161 00:09:52,634 --> 00:09:55,221 we are waiting for something really bad. 162 00:09:55,554 --> 00:09:56,722 Ithappenedf 163 00:10:03,437 --> 00:10:05,606 Gibney: Give me some sense of what it was like 164 00:10:05,606 --> 00:10:06,982 in the lab at that time. 165 00:10:06,982 --> 00:10:08,610 Was there a palpable sense of amazement 166 00:10:08,610 --> 00:10:10,611 that you had something really different there? 167 00:10:10,903 --> 00:10:12,905 Well, I wouldn't call it amazement. 168 00:10:12,905 --> 00:10:14,948 It was a kind of a shock. 169 00:10:15,365 --> 00:10:18,495 It went beyond our worst fears, our worst nightmares, 170 00:10:18,870 --> 00:10:21,873 and this continued the more we analyzed. 171 00:10:21,873 --> 00:10:23,832 The more we researched, 172 00:10:23,832 --> 00:10:26,836 the more bizarre the whole story got. 173 00:10:27,169 --> 00:10:28,837 We look at so much malware every day that 174 00:10:28,837 --> 00:10:30,798 we can just look at the code and straightaway we can say, 175 00:10:30,798 --> 00:10:32,383 "okay, there's something bad going on here, 176 00:10:32,383 --> 00:10:33,842 and I need to investigate that." 177 00:10:33,842 --> 00:10:34,927 And that's the way it was 178 00:10:35,094 --> 00:10:37,054 when we looked at stuxnet for the first time. 179 00:10:37,054 --> 00:10:39,557 We opened it up and there was just bad things everywhere. 180 00:10:39,557 --> 00:10:42,018 Just like, okay, this is bad and that's bad, 181 00:10:42,018 --> 00:10:43,561 and, you know, we need to investigate this. 182 00:10:43,561 --> 00:10:45,020 And just suddenly we had, like, 183 00:10:45,020 --> 00:10:46,480 a hundred questions straightaway. 184 00:10:48,524 --> 00:10:50,943 The most interesting thing that we do is detective work 185 00:10:50,943 --> 00:10:53,613 where we try to track down who's behind a threat, 186 00:10:53,613 --> 00:10:55,197 what are they doing, what's their motivation, 187 00:10:55,197 --> 00:10:56,950 and try to really stop it at the root. 188 00:10:56,950 --> 00:10:59,326 And it is kind of all-consuming. 189 00:10:59,326 --> 00:11:00,953 You get this new puzzle 190 00:11:00,953 --> 00:11:02,621 and it's very difficult to put it down, 191 00:11:02,621 --> 00:11:05,082 you know, work until, like, 4:00 am in the morning 192 00:11:05,082 --> 00:11:06,292 and figure these things out. 193 00:11:06,292 --> 00:11:09,086 And I was in that zone where I was very consumed by this, 194 00:11:09,086 --> 00:11:11,214 very excited about it, very interested to know 195 00:11:11,214 --> 00:11:12,506 what was happening. 196 00:11:12,506 --> 00:11:15,634 And Eric was also in that same sort of zone. 197 00:11:15,634 --> 00:11:18,346 So the two of us were, like, back and forth all the time. 198 00:11:18,346 --> 00:11:21,057 Chien: Liam and I continued to grind at the code, 199 00:11:21,057 --> 00:11:23,142 sharing pieces, comparing notes, 200 00:11:23,142 --> 00:11:25,019 bouncing ideas off of each other. 201 00:11:25,436 --> 00:11:26,895 We realized that we needed to do 202 00:11:26,895 --> 00:11:29,982 what we called deep analysis, pick apart the threat, 203 00:11:29,982 --> 00:11:32,818 every single byte, every single zero, one, 204 00:11:32,818 --> 00:11:34,903 and understand everything that was inside of it. 205 00:11:35,446 --> 00:11:37,240 And just to give you some context, 206 00:11:37,240 --> 00:11:39,283 we can go through and understand every line of code 207 00:11:39,283 --> 00:11:41,076 for the average threat in minutes. 208 00:11:41,702 --> 00:11:43,495 And here we are one month into this threat 209 00:11:43,495 --> 00:11:45,414 and we were just starting to discover what we call 210 00:11:45,414 --> 00:11:47,332 the payload or its whole purpose. 211 00:11:49,668 --> 00:11:51,211 When looking at the stuxnet code, 212 00:11:51,211 --> 00:11:53,755 it's 2O times the size of the average piece of code 213 00:11:54,256 --> 00:11:56,509 but contains almost no bugs inside of it. 214 00:11:56,509 --> 00:11:58,385 And that's extremely rare. 215 00:11:58,385 --> 00:12:00,263 Malicious code always has bugs inside of it. 216 00:12:00,263 --> 00:12:02,056 This wasn't the case with stuxnet. 217 00:12:02,056 --> 00:12:04,893 It's dense and every piece of code does something 218 00:12:04,893 --> 00:12:07,729 and does something right in order to conduct its attack. 219 00:12:08,937 --> 00:12:11,024 One of the things that surprised us 220 00:12:11,024 --> 00:12:13,400 was that stuxnet utilized what's called 221 00:12:13,400 --> 00:12:15,945 a zero-day exploit, or basically, 222 00:12:15,945 --> 00:12:18,280 a piece of code that allows it to spread 223 00:12:18,280 --> 00:12:20,115 without you having to do anything. 224 00:12:20,115 --> 00:12:22,869 You don't have to, for example, download a file and run it. 225 00:12:22,869 --> 00:12:25,078 A zero-day exploit is an exploit that 226 00:12:25,078 --> 00:12:26,748 nobody knows about except the attacker. 227 00:12:26,748 --> 00:12:28,291 So there's no protection against it. 228 00:12:28,291 --> 00:12:29,750 There's been no patch released. 229 00:12:29,750 --> 00:12:32,044 There's been zero days protection, 230 00:12:32,044 --> 00:12:33,629 you know, against it. 231 00:12:34,504 --> 00:12:35,881 That's what attackers value, 232 00:12:35,881 --> 00:12:37,716 because they know 100 percent 233 00:12:37,716 --> 00:12:40,052 if they have this zero-day exploit, 234 00:12:40,052 --> 00:12:41,721 they can get in wherever they want. 235 00:12:41,721 --> 00:12:43,221 They're actually very valuable. 236 00:12:43,221 --> 00:12:44,640 You can sell these on the underground 237 00:12:44,640 --> 00:12:46,142 for hundreds of thousands of dollars. 238 00:12:47,518 --> 00:12:48,561 Chien: Then we became more worried 239 00:12:48,561 --> 00:12:50,647 because immediately we discovered more zero days. 240 00:12:50,647 --> 00:12:53,399 And again, these zero days are extremely rare. 241 00:12:53,399 --> 00:12:55,692 Inside stuxnet we had, you know, four zero days, 242 00:12:55,692 --> 00:12:57,403 and for the entire rest of the year, 243 00:12:57,403 --> 00:12:59,989 we only saw 12 zero days used. 244 00:12:59,989 --> 00:13:01,658 It blows all... everything else out of the water. 245 00:13:01,658 --> 00:13:02,908 We've never seen this before. 246 00:13:02,908 --> 00:13:04,451 Actually, we've never seen it since, either. 247 00:13:04,744 --> 00:13:07,330 Seeing one in a malware you could understand 248 00:13:07,330 --> 00:13:10,249 because, you know, the malware authors are making money, 249 00:13:10,249 --> 00:13:11,833 they're stealing people's credit cards and making money, 250 00:13:11,833 --> 00:13:13,001 so it's worth their while to use it, 251 00:13:13,001 --> 00:13:15,379 but seeing four zero days, could be worth 252 00:13:15,379 --> 00:13:16,588 half a million dollars right there, 253 00:13:16,588 --> 00:13:18,341 used in one piece of malware, 254 00:13:18,591 --> 00:13:21,009 this is not your ordinary criminal gangs doing this. 255 00:13:21,009 --> 00:13:22,636 This is... This is someone bigger. 256 00:13:22,636 --> 00:13:24,514 It's definitely not traditional crime, 257 00:13:24,514 --> 00:13:28,017 not hacktivists. Who else? 258 00:13:28,893 --> 00:13:31,104 It was evident on a very early stage 259 00:13:31,604 --> 00:13:33,855 that just given the sophistication 260 00:13:33,855 --> 00:13:35,357 of this malware... 261 00:13:36,609 --> 00:13:39,403 Suggested that there must have been 262 00:13:39,403 --> 00:13:40,863 a nation-state involved, 263 00:13:40,863 --> 00:13:44,116 at least one nation-state involved in the development. 264 00:13:44,116 --> 00:13:46,159 When we look at code that's coming from 265 00:13:46,159 --> 00:13:47,703 what appears to be a state attacker 266 00:13:47,703 --> 00:13:50,331 or state-sponsored attacker, usually they're scrubbed clean. 267 00:13:50,331 --> 00:13:52,750 They don't... they don't leave little bits behind. 268 00:13:52,750 --> 00:13:54,501 They don't leave little hints behind. 269 00:13:54,751 --> 00:13:56,421 But in stuxnet there were actually 270 00:13:56,421 --> 00:13:57,797 a few hints left behind. 271 00:13:59,048 --> 00:14:02,301 One was that, in order to get low-level access 272 00:14:02,301 --> 00:14:03,802 to Microsoft windows, 273 00:14:04,011 --> 00:14:05,554 stuxnet needed to use a digital certificate, 274 00:14:06,096 --> 00:14:08,515 which certifies that this piece of code 275 00:14:08,515 --> 00:14:11,351 came from a particular company. 276 00:14:12,269 --> 00:14:14,312 Now, those attackers obviously couldn't go to Microsoft 277 00:14:14,312 --> 00:14:15,815 and say, "hey, test our code out for us. 278 00:14:15,815 --> 00:14:17,399 And give us a digital certificate." 279 00:14:18,109 --> 00:14:19,693 So they essentially stole them... 280 00:14:20,945 --> 00:14:23,030 From two companies in Taiwan. 281 00:14:23,030 --> 00:14:24,907 And these two companies have nothing to do with each other 282 00:14:24,907 --> 00:14:26,576 except for their close proximity 283 00:14:26,576 --> 00:14:28,369 in the exact same business park. 284 00:14:30,955 --> 00:14:34,792 Digital certificates are guarded very, very closely 285 00:14:34,792 --> 00:14:36,335 behind multiple doors 286 00:14:36,335 --> 00:14:38,754 and they require multiple people to unlock. 287 00:14:38,754 --> 00:14:40,423 Security: ...To the camera. 288 00:14:40,423 --> 00:14:42,133 Chien: And they need to provide both biometrics 289 00:14:42,133 --> 00:14:44,552 - and, as well, pass phrases. 290 00:14:44,552 --> 00:14:46,011 It wasn't like those certificates were 291 00:14:46,011 --> 00:14:47,721 just sitting on some machine connected to the Internet. 292 00:14:47,929 --> 00:14:50,725 Some human assets had to be involved, spies. 293 00:14:50,975 --> 00:14:52,809 O'murchu: Like a cleaner who comes in at night 294 00:14:52,809 --> 00:14:54,562 and has stolen these certificates 295 00:14:54,562 --> 00:14:55,772 from these companies. 296 00:14:59,192 --> 00:15:01,277 It did feel like walking onto the set 297 00:15:01,277 --> 00:15:03,779 of this James Bond movie and you... 298 00:15:03,779 --> 00:15:05,364 You've been embroiled in this thing that, 299 00:15:05,364 --> 00:15:07,950 you know, you... You never expected. 300 00:15:10,620 --> 00:15:11,745 We continued to search, 301 00:15:11,745 --> 00:15:13,246 and we continued to search in code, 302 00:15:13,246 --> 00:15:16,042 and eventually we found some other bread crumbs left 303 00:15:16,042 --> 00:15:17,460 we were able to follow. 304 00:15:18,168 --> 00:15:19,796 It was doing something with Siemens, 305 00:15:20,087 --> 00:15:22,881 Siemens software, possibly Siemens hardware. 306 00:15:23,173 --> 00:15:24,884 We'd never ever seen that in any malware before, 307 00:15:24,884 --> 00:15:26,219 something targeting Siemens. 308 00:15:26,219 --> 00:15:28,136 We didn't even know why they would be doing that. 309 00:15:29,721 --> 00:15:32,475 But after googling, very quickly we understood 310 00:15:32,475 --> 00:15:34,894 it was targeting Siemens plcs. 311 00:15:35,394 --> 00:15:38,313 Stuxnet was targeting a very specific hardware device, 312 00:15:38,313 --> 00:15:41,734 something called a plc or a programmable logic controller. 313 00:15:42,150 --> 00:15:45,071 Langner: The plc is kind of a very small computer 314 00:15:45,363 --> 00:15:48,073 attached to physical equipment, 315 00:15:48,073 --> 00:15:50,743 like pumps, like valves, like motors. 316 00:15:51,536 --> 00:15:56,081 So this little box is running a digital program 317 00:15:56,081 --> 00:15:58,417 and the actions of this program 318 00:15:58,417 --> 00:16:02,504 turns that motor on, off, or sets a specific speed. 319 00:16:02,504 --> 00:16:04,256 Chien: Those program module controllers 320 00:16:04,256 --> 00:16:06,801 control things like power plants, power grids. 321 00:16:06,801 --> 00:16:08,510 O'murchu: This is used in factories, 322 00:16:08,510 --> 00:16:10,971 it's used in critical infrastructure. 323 00:16:11,681 --> 00:16:14,725 Critical infrastructure, it's everywhere around us, 324 00:16:14,725 --> 00:16:17,311 transportation, telecommunications, 325 00:16:17,311 --> 00:16:19,605 financial services, health care. 326 00:16:20,148 --> 00:16:23,024 So the payload of stuxnet was designed 327 00:16:23,024 --> 00:16:26,195 to attack some very important part 328 00:16:26,195 --> 00:16:27,613 of our world. 329 00:16:27,904 --> 00:16:29,447 The payload is gonna be important. 330 00:16:29,447 --> 00:16:32,201 What happens there could be very dangerous. 331 00:16:34,412 --> 00:16:37,373 Langner: The next very big surprise came 332 00:16:37,373 --> 00:16:39,667 when it infected our lab system. 333 00:16:40,418 --> 00:16:43,421 We figured out that the malware was probing 334 00:16:43,421 --> 00:16:44,797 for controllers. 335 00:16:45,130 --> 00:16:47,216 It was quite picky on its targets. 336 00:16:47,216 --> 00:16:51,553 It didn't try to manipulate any given controller in a network 337 00:16:51,553 --> 00:16:52,889 that it would see. 338 00:16:53,139 --> 00:16:57,350 It went through several checks, and when those checks failed, 339 00:16:57,350 --> 00:16:59,562 it would not implement the attack. 340 00:17:02,315 --> 00:17:06,152 It was obviously probing for a specific target. 341 00:17:07,528 --> 00:17:09,696 You've got to put this in context that, 342 00:17:09,696 --> 00:17:11,490 at the time, we already knew, 343 00:17:11,490 --> 00:17:13,867 well, this is the most sophisticated piece of malware 344 00:17:13,867 --> 00:17:15,411 that we have ever seen. 345 00:17:16,162 --> 00:17:18,163 So it's kind of strange. 346 00:17:18,163 --> 00:17:23,169 Somebody takes that huge effort to hit one specific target? 347 00:17:23,419 --> 00:17:25,378 Well, that must be quite a significant target. 348 00:17:28,965 --> 00:17:31,344 Chien: So at symantec we have probes on networks 349 00:17:31,344 --> 00:17:32,510 all over the world 350 00:17:32,510 --> 00:17:34,931 watching for malicious activity. 351 00:17:35,347 --> 00:17:37,349 O'murchu: We'd actually seen infections of stuxnet 352 00:17:37,349 --> 00:17:39,852 all over the world, in the U.S., Australia, 353 00:17:39,852 --> 00:17:42,520 in the u.K., in France, Germany, all over Europe. 354 00:17:43,021 --> 00:17:45,398 Chien: It spread to any windows machine in the entire world. 355 00:17:45,775 --> 00:17:48,027 You know, we had these organizations 356 00:17:48,027 --> 00:17:50,320 inside the United States who were in charge of 357 00:17:50,320 --> 00:17:52,030 industrial control facilities saying, 358 00:17:52,030 --> 00:17:54,032 "we're infected. What's gonna happen?" 359 00:17:54,407 --> 00:17:57,077 O'murchu: We didn't know if there was a deadline coming up 360 00:17:57,077 --> 00:17:58,621 where this threat would trigger 361 00:17:58,621 --> 00:18:00,957 and suddenly would, like, turn off all, you know, 362 00:18:00,957 --> 00:18:02,540 electricity plants around the world 363 00:18:02,540 --> 00:18:04,292 or it would start shutting things down 364 00:18:04,292 --> 00:18:05,627 or launching some attack. 365 00:18:06,461 --> 00:18:09,507 We knew that stuxnet could have very dire consequences, 366 00:18:09,507 --> 00:18:12,175 and we were very worried about 367 00:18:12,175 --> 00:18:13,635 what the payload contained 368 00:18:13,635 --> 00:18:15,887 and there was an imperative speed 369 00:18:15,887 --> 00:18:17,973 that we had to race and try and, you know, 370 00:18:17,973 --> 00:18:19,392 beat this ticking bomb. 371 00:18:20,518 --> 00:18:23,061 Eventually, we were able to refine the statistics a little 372 00:18:23,061 --> 00:18:24,563 and we saw that Iran was the number one 373 00:18:24,563 --> 00:18:26,147 infected country in the world. 374 00:18:26,147 --> 00:18:28,733 Chien: That immediately raised our eyebrows. 375 00:18:28,733 --> 00:18:30,987 We had never seen a threat before 376 00:18:30,987 --> 00:18:33,114 where it was predominantly in Iran. 377 00:18:34,073 --> 00:18:35,657 And so we began to follow what was going on 378 00:18:35,657 --> 00:18:36,909 in the geopolitical world, 379 00:18:37,076 --> 00:18:38,618 what was happening in the general news. 380 00:18:38,827 --> 00:18:42,080 And at that time, there were actually multiple explosions 381 00:18:42,080 --> 00:18:44,959 of gas pipelines going in and out of Iran. 382 00:18:45,960 --> 00:18:47,336 Unexplained explosions. 383 00:18:48,878 --> 00:18:51,007 O'murchu: And of course, we did notice that at the time 384 00:18:51,007 --> 00:18:53,634 there had been assassinations of nuclear scientists. 385 00:18:54,844 --> 00:18:56,261 So that was worrying. 386 00:18:57,096 --> 00:18:59,265 We knew there was something bad happening. 387 00:18:59,765 --> 00:19:01,599 Gibney: Did you get concerned for yourself? 388 00:19:01,599 --> 00:19:03,519 I mean, did you begin to start looking over your shoulder 389 00:19:03,519 --> 00:19:04,769 from time to time? 390 00:19:04,769 --> 00:19:06,355 Yeah, definitely looking over my shoulder 391 00:19:06,355 --> 00:19:08,941 and... and being careful about what I spoke about on the phone. 392 00:19:09,942 --> 00:19:13,112 I was... pretty confident my conversations on my... 393 00:19:13,112 --> 00:19:14,613 On the phone were being listened to. 394 00:19:14,946 --> 00:19:16,906 We were only half joking 395 00:19:16,906 --> 00:19:18,951 when we would look at each other 396 00:19:18,951 --> 00:19:20,702 and tell each other things like, 397 00:19:20,702 --> 00:19:22,954 "look, I'm not suicidal. 398 00:19:23,288 --> 00:19:26,791 If I show up dead on Monday, you know, it wasn't me." 399 00:19:35,550 --> 00:19:38,011 We'd been publishing information about stuxnet 400 00:19:38,011 --> 00:19:39,387 all through that summer. 401 00:19:40,765 --> 00:19:43,392 And then in November, the industrial control system 402 00:19:43,392 --> 00:19:46,519 sort of expert in Holland contacted us... 403 00:19:47,813 --> 00:19:50,398 And he said all of these devices that would be inside of 404 00:19:50,398 --> 00:19:53,486 an industrial control system hold a unique identifier number 405 00:19:53,486 --> 00:19:56,654 that identified the make and model of that device. 406 00:19:58,449 --> 00:20:02,118 And we actually had a couple of these numbers in the code 407 00:20:02,118 --> 00:20:03,496 that we didn't know what they were. 408 00:20:04,538 --> 00:20:06,414 And so we realized maybe what he was referring to 409 00:20:06,414 --> 00:20:07,875 was the magic numbers we had. 410 00:20:08,416 --> 00:20:09,960 And then when we searched for those magic numbers 411 00:20:09,960 --> 00:20:11,127 in that context, 412 00:20:11,127 --> 00:20:13,547 we saw that what had to be connected 413 00:20:13,547 --> 00:20:15,715 to this industrial control system that was being targeted 414 00:20:15,715 --> 00:20:17,675 were something called frequency converters 415 00:20:18,009 --> 00:20:20,179 from two specific manufacturers, 416 00:20:20,179 --> 00:20:21,931 one of which was in Iran. 417 00:20:22,515 --> 00:20:24,307 And so at this time, we absolutely knew 418 00:20:24,307 --> 00:20:26,644 that the facility that was being targeted 419 00:20:26,644 --> 00:20:28,104 had to be in Iran 420 00:20:28,436 --> 00:20:31,272 and had equipment made from iranian manufacturers. 421 00:20:32,191 --> 00:20:33,983 When we looked up those frequency converters, 422 00:20:33,983 --> 00:20:35,778 we immediately found out that they were actually 423 00:20:35,778 --> 00:20:38,197 export controlled by the nuclear regulatory commission. 424 00:20:38,780 --> 00:20:40,115 And that immediately lead us then 425 00:20:40,115 --> 00:20:42,410 to some nuclear facility. 426 00:21:00,009 --> 00:21:02,137 Gibney: This was more than a computer story, 427 00:21:02,512 --> 00:21:04,932 so I left the world of the antivirus detectives 428 00:21:05,223 --> 00:21:07,183 and sought out journalist, David sanger, 429 00:21:07,183 --> 00:21:09,436 who specialized in the strange intersection 430 00:21:09,436 --> 00:21:12,440 of cyber, nuclear weapons, and espionage. 431 00:21:13,398 --> 00:21:15,483 Sanger: The emergence of the code 432 00:21:15,483 --> 00:21:18,778 is what put me on alert that an attack was under way. 433 00:21:20,239 --> 00:21:23,409 And because of the covert nature of the operation, 434 00:21:23,409 --> 00:21:26,412 not only were official government spokesmen 435 00:21:26,412 --> 00:21:29,289 unable to talk about it, they didn't even know about it. 436 00:21:30,499 --> 00:21:32,585 Eventually, the more I dug into it, 437 00:21:32,585 --> 00:21:37,173 the more I began to find individuals 438 00:21:37,423 --> 00:21:39,592 who had been involved in some piece of it 439 00:21:39,799 --> 00:21:41,844 or who had witnessed some piece of it. 440 00:21:42,470 --> 00:21:44,846 And that meant talking to Americans, 441 00:21:44,846 --> 00:21:47,766 talking to Israelis, talking to Europeans, 442 00:21:47,766 --> 00:21:50,853 because this was obviously the first, biggest, 443 00:21:50,853 --> 00:21:55,441 and most sophisticated example of a state 444 00:21:55,441 --> 00:21:58,067 or two states using a cyber weapon 445 00:21:58,067 --> 00:21:59,612 for offensive purposes. 446 00:22:03,031 --> 00:22:05,951 I came to this with a fair bit of history, 447 00:22:05,951 --> 00:22:08,703 understanding the iranian nuclear program. 448 00:22:09,747 --> 00:22:13,125 How did Iran get its first nuclear reactor? 449 00:22:13,709 --> 00:22:16,836 We gave it to them... Under the shah, 450 00:22:17,171 --> 00:22:20,590 because the shah was considered an American ally. 451 00:22:22,092 --> 00:22:25,721 Thank you again for your warm welcome, Mr. president. 452 00:22:26,055 --> 00:22:27,681 Gary samore: During the Nixon administration, 453 00:22:27,681 --> 00:22:30,934 the U.S. was very enthusiastic about supporting 454 00:22:30,934 --> 00:22:33,019 the shah's nuclear power program. 455 00:22:33,938 --> 00:22:36,272 And at one point, the Nixon administration 456 00:22:36,272 --> 00:22:39,108 was pushing the idea that Pakistan and Iran 457 00:22:39,108 --> 00:22:43,697 should build a joint plant together in Iran. 458 00:22:45,074 --> 00:22:46,784 There's at least some evidence that 459 00:22:46,784 --> 00:22:50,287 the shah was thinking about acquisition of nuclear weapons, 460 00:22:50,287 --> 00:22:53,832 because he saw, and we were encouraging him to see Iran 461 00:22:53,832 --> 00:22:56,125 as the so-called policemen of the persian Gulf. 462 00:22:56,125 --> 00:22:58,295 And the iranians have always viewed themselves 463 00:22:58,295 --> 00:23:01,548 as naturally the dominant power in the middle east. 464 00:23:24,113 --> 00:23:25,698 Samore: But the revolution, 465 00:23:25,698 --> 00:23:27,407 which overthrew the shah in '79, 466 00:23:27,407 --> 00:23:29,201 really curtailed the program 467 00:23:29,201 --> 00:23:31,578 before it ever got any head of steam going. 468 00:23:32,663 --> 00:23:37,250 Part of our policy against Iran after the revolution 469 00:23:37,250 --> 00:23:39,545 was to deny them nuclear technology. 470 00:23:39,545 --> 00:23:42,839 So most of the period when I was involved 471 00:23:42,839 --> 00:23:44,842 in the '80s and the '90s 472 00:23:44,842 --> 00:23:47,260 was the U.S. running around the world 473 00:23:47,260 --> 00:23:50,513 and persuading potential nuclear suppliers 474 00:23:50,513 --> 00:23:53,892 not to provide even peaceful nuclear technology to Iran. 475 00:23:54,143 --> 00:23:57,563 And what we missed was the clandestine transfer 476 00:23:57,563 --> 00:24:00,481 in the mid-1980s from Pakistan to Iran. 477 00:24:04,486 --> 00:24:05,738 Rolf mowatt-larssen: Abdul qadeer Khan 478 00:24:05,738 --> 00:24:07,071 is what we would call 479 00:24:07,071 --> 00:24:09,074 the father of the Pakistan nuclear program. 480 00:24:10,491 --> 00:24:13,077 He had the full authority and confidence 481 00:24:13,077 --> 00:24:15,372 of the Pakistan government from its inception 482 00:24:15,372 --> 00:24:17,458 to the production of nuclear weapons. 483 00:24:19,167 --> 00:24:21,502 I was a CIA officer for... For... 484 00:24:21,502 --> 00:24:24,173 For over two decades, operations officer, 485 00:24:24,173 --> 00:24:25,965 worked overseas most of my career. 486 00:24:26,549 --> 00:24:28,594 The a.Q. Khan network is so notable 487 00:24:28,594 --> 00:24:31,638 because aside from building 488 00:24:31,638 --> 00:24:34,642 the Pakistani program for decades... 489 00:24:35,893 --> 00:24:39,063 It also was the means by which other countries 490 00:24:39,063 --> 00:24:41,690 were able to develop nuclear weapons, 491 00:24:41,690 --> 00:24:42,982 including Iran. 492 00:24:43,608 --> 00:24:45,234 Samore: A.Q. Khan acting on behalf 493 00:24:45,234 --> 00:24:46,319 of the Pakistani government 494 00:24:46,319 --> 00:24:49,405 negotiated with officials in Iran 495 00:24:49,405 --> 00:24:52,451 and then there was a transfer which took place 496 00:24:52,451 --> 00:24:53,493 through Dubai 497 00:24:53,493 --> 00:24:56,747 of blueprints for nuclear weapons design 498 00:24:56,747 --> 00:24:58,332 as well as some hardware. 499 00:24:59,500 --> 00:25:01,501 Throughout the mid-1980s, 500 00:25:01,501 --> 00:25:04,546 the iranian program was not very well-resourced. 501 00:25:04,546 --> 00:25:06,382 It was more of an r & d program. 502 00:25:07,423 --> 00:25:10,635 It wasn't really until the mid-'90s 503 00:25:10,635 --> 00:25:12,887 that it started to take off when they made the decision 504 00:25:12,887 --> 00:25:14,972 to build the nuclear weapons program. 505 00:25:21,646 --> 00:25:23,147 You know, we can speculate what, 506 00:25:23,147 --> 00:25:24,566 in their mind, motivated them. 507 00:25:24,566 --> 00:25:27,736 I think it was the U.S. invasion of Iraq 508 00:25:27,736 --> 00:25:29,320 after Kuwait. 509 00:25:30,655 --> 00:25:32,115 You know, there was an eight-year war 510 00:25:32,115 --> 00:25:33,701 between Iraq and Iran, 511 00:25:33,951 --> 00:25:37,371 we had wiped out Saddam's forces in a matter of weeks. 512 00:25:40,249 --> 00:25:43,000 And I think that was enough to convince the rulers 513 00:25:43,000 --> 00:25:45,170 in Tehran that they needed to pursue 514 00:25:45,170 --> 00:25:46,713 nuclear weapons more seriously. 515 00:25:48,757 --> 00:25:51,676 George Bush: States like these and their terrorist allies 516 00:25:51,676 --> 00:25:54,512 constitute an axis of evil, 517 00:25:54,512 --> 00:25:57,266 arming to threaten the peace of the world. 518 00:25:58,683 --> 00:26:01,310 Samore: From 2003 to 2005 519 00:26:01,310 --> 00:26:04,605 when they feared that the U.S. would invade them, 520 00:26:04,605 --> 00:26:06,942 they accepted limits on their nuclear program. 521 00:26:07,401 --> 00:26:11,028 But by 2006, the iranians had come to the conclusion 522 00:26:11,028 --> 00:26:13,906 that the U.S. was bogged down in Afghanistan and Iraq 523 00:26:13,906 --> 00:26:17,076 and no longer had the capacity to threaten them, 524 00:26:17,452 --> 00:26:21,205 and so they felt it was safe to resume their enrichment program 525 00:26:21,957 --> 00:26:24,625 they started producing low enriched uranium, 526 00:26:24,917 --> 00:26:26,920 producing more centrifuges, installing them 527 00:26:26,920 --> 00:26:30,715 at the large-scale underground enrichment facility at natanz. 528 00:26:42,059 --> 00:26:46,898 Journalist: 529 00:26:58,076 --> 00:27:02,163 Ahmadinejad: 530 00:27:35,197 --> 00:27:37,115 Gibney: How many times have you been to natanz? 531 00:27:37,490 --> 00:27:40,868 Not that many, because I left few years ago, the dia, 532 00:27:40,868 --> 00:27:43,204 but I was there quite... Quite a few times. 533 00:27:46,750 --> 00:27:49,294 Natanz is just in the middle of the desert. 534 00:27:51,255 --> 00:27:53,214 When they were building it in secret, 535 00:27:53,464 --> 00:27:57,510 they were calling it desert irrigation facility. 536 00:27:58,010 --> 00:27:59,555 For the local people, 537 00:27:59,555 --> 00:28:02,140 you want to sell why you are building a big complex. 538 00:28:04,934 --> 00:28:07,645 There is a lot of artillery and air force. 539 00:28:07,645 --> 00:28:12,025 It's better protected against attack from air 540 00:28:12,567 --> 00:28:15,069 than any other nuclear installation I have seen. 541 00:28:17,823 --> 00:28:20,325 So this is deeply underground. 542 00:28:24,913 --> 00:28:28,834 But then inside, natanz is like any other centrifuge facility. 543 00:28:28,834 --> 00:28:33,171 I have been all over the world, from Brazil to Russia, Japan, 544 00:28:33,171 --> 00:28:37,718 so they are all alike with their own features, 545 00:28:37,718 --> 00:28:40,095 their own centrifuges, their own culture, 546 00:28:40,095 --> 00:28:42,681 but basically, the process is the same. 547 00:28:43,765 --> 00:28:46,852 And so are the monitoring activities of the iaea. 548 00:28:46,852 --> 00:28:48,519 There are basic principles. 549 00:28:48,519 --> 00:28:51,230 You want to see what goes in, what goes out, 550 00:28:51,522 --> 00:28:53,692 and then on top of that you make sure that 551 00:28:53,692 --> 00:28:56,153 it produces low enriched uranium 552 00:28:56,153 --> 00:28:58,529 instead of anything to do with the higher enrichments 553 00:28:58,529 --> 00:29:00,740 and nuclear weapon grade uranium. 554 00:29:06,704 --> 00:29:08,080 Emad kiyaei: Iran's nuclear facilities 555 00:29:08,080 --> 00:29:10,291 are under 24-hour watch. 556 00:29:11,000 --> 00:29:13,336 Of the united nations nuclear watchdog, 557 00:29:13,336 --> 00:29:16,632 the iaea, the international atomic energy agency. 558 00:29:18,008 --> 00:29:22,220 Every single gram of iranian fissile material... 559 00:29:23,430 --> 00:29:24,765 ls accounted for. 560 00:29:27,601 --> 00:29:30,061 They have, like, basically seals they put 561 00:29:30,061 --> 00:29:33,606 on fissile materials. There are iaea seals. 562 00:29:33,856 --> 00:29:36,151 You can't break it 563 00:29:36,151 --> 00:29:37,986 without getting noticed. 564 00:29:39,988 --> 00:29:42,240 Heinonen: When you look at the uranium 565 00:29:42,240 --> 00:29:46,118 which was there in natanz, it was a very special uranium. 566 00:29:46,243 --> 00:29:51,666 This is called isotope 236, and that was a puzzle to us, 567 00:29:51,666 --> 00:29:54,126 because you only see this sort of uranium 568 00:29:54,126 --> 00:29:57,255 in states which have had nuclear weapons. 569 00:29:59,090 --> 00:30:01,801 We realized that they had cheated us. 570 00:30:02,510 --> 00:30:05,806 This sort of equipment has been bought 571 00:30:05,806 --> 00:30:07,598 from what they call a black market. 572 00:30:07,598 --> 00:30:10,810 They never pointed out it to a.Q. Khan 573 00:30:11,269 --> 00:30:13,063 at that point of time. 574 00:30:17,942 --> 00:30:21,278 What I was surprised was the sophistication 575 00:30:21,278 --> 00:30:23,115 and the quality control 576 00:30:23,406 --> 00:30:25,409 and the way they have the manufacturing 577 00:30:25,409 --> 00:30:26,785 was really professional. 578 00:30:27,952 --> 00:30:30,538 It was not something, you know, you just create 579 00:30:30,538 --> 00:30:32,082 in a few months' time. 580 00:30:32,082 --> 00:30:34,792 This was a result of a long process. 581 00:30:41,924 --> 00:30:44,720 A centrifuge, you feed uranium gas 582 00:30:44,720 --> 00:30:47,847 in and you have a cascade, thousands of centrifuges, 583 00:30:47,847 --> 00:30:50,851 and from the other end you get enriched uranium out. 584 00:30:51,559 --> 00:30:55,564 It separates uranium based on spinning the rotors. 585 00:30:55,564 --> 00:30:59,358 It spins so fast, 300 meters per second, 586 00:30:59,358 --> 00:31:02,362 the same as the velocity of sound. 587 00:31:03,739 --> 00:31:05,406 These are tremendous forces 588 00:31:05,406 --> 00:31:08,367 and as a result, the rotor, it twists, 589 00:31:08,367 --> 00:31:10,494 looks like a banana at one point of time. 590 00:31:11,913 --> 00:31:13,498 So it has to be balanced 591 00:31:13,498 --> 00:31:16,835 because any small vibration it will blow up. 592 00:31:18,252 --> 00:31:20,172 And here comes another trouble. 593 00:31:20,505 --> 00:31:22,673 You have to raise the temperature 594 00:31:22,673 --> 00:31:25,760 but this very thin rotor was... 595 00:31:25,760 --> 00:31:27,804 They are made from carbon fiber, 596 00:31:27,804 --> 00:31:30,432 and the other pieces, they are made from metal. 597 00:31:31,348 --> 00:31:34,853 When you heat carbon fiber, it shrinks. 598 00:31:35,936 --> 00:31:38,230 When you heat metal, it expands. 599 00:31:38,606 --> 00:31:41,651 So you need to balance not only that they spin, 600 00:31:41,651 --> 00:31:44,779 they twist, but this temperature behavior 601 00:31:44,779 --> 00:31:47,031 in such a way that it doesn't break. 602 00:31:47,031 --> 00:31:49,201 So this has to be very precise. 603 00:31:49,701 --> 00:31:52,203 This is what makes them very difficult to manufacture. 604 00:31:52,203 --> 00:31:54,873 You can model it, you can calculate it, 605 00:31:54,873 --> 00:31:57,334 but at the very end, it's actually based 606 00:31:57,334 --> 00:31:59,961 on practice and experience. 607 00:31:59,961 --> 00:32:03,256 So it's a... It's a piece of art, so to say. 608 00:32:13,767 --> 00:32:19,396 Man: 609 00:32:44,213 --> 00:32:46,549 Heinonen: Iranians are very proud of their centrifuges. 610 00:32:46,549 --> 00:32:49,510 They have a lot of public relations videos 611 00:32:49,510 --> 00:32:53,265 given up always in April when they have what they call 612 00:32:53,265 --> 00:32:54,766 a national nuclear day. 613 00:32:55,767 --> 00:32:59,270 Man: 614 00:33:09,071 --> 00:33:12,450 Kiyaei: Ahmadinejad came into his presidency saying 615 00:33:12,450 --> 00:33:15,036 if the international community wants to derail us 616 00:33:15,036 --> 00:33:16,704 we will stand up to it. 617 00:33:17,788 --> 00:33:20,500 If they want us to sign more inspections 618 00:33:20,500 --> 00:33:23,752 and more additional protocols and other measures, 619 00:33:23,752 --> 00:33:26,463 no, we will not. We will fight for our rights. 620 00:33:27,715 --> 00:33:30,801 Iran is a signature to nuclear non-proliferation treaty, 621 00:33:30,801 --> 00:33:34,388 and under that treaty, Iran has a right to a nuclear program. 622 00:33:34,972 --> 00:33:38,434 We can have enrichment. Who are you, world powers, 623 00:33:38,434 --> 00:33:40,895 to come and tell us that we cannot have enrichment? 624 00:33:41,270 --> 00:33:42,980 This was his mantra, 625 00:33:43,731 --> 00:33:47,109 and it galvanized the public. 626 00:33:50,697 --> 00:33:53,074 Sanger: By 2007, 2008, 627 00:33:53,074 --> 00:33:55,576 the U.S. government was in a very bad place with 628 00:33:55,576 --> 00:33:56,869 the iranian program. 629 00:33:57,871 --> 00:33:59,955 President bush recognized 630 00:33:59,955 --> 00:34:02,584 that he could not even come out in public 631 00:34:02,584 --> 00:34:05,086 and declare that the iranians were building a nuclear weapon, 632 00:34:05,086 --> 00:34:06,922 because by this time, he had gone through 633 00:34:06,922 --> 00:34:10,217 the entire wmd fiasco in Iraq. 634 00:34:10,925 --> 00:34:13,219 He could not really take military action. 635 00:34:13,219 --> 00:34:15,597 Condoleezza rice said to him at one point, 636 00:34:15,597 --> 00:34:19,016 "you know, Mr. president, I think you've invaded 637 00:34:19,016 --> 00:34:22,686 your last Muslim country, even for the best of reasons." 638 00:34:24,521 --> 00:34:26,690 He didn't want to let the Israelis 639 00:34:26,690 --> 00:34:28,568 conduct a military operation. 640 00:34:28,860 --> 00:34:34,615 It's 1938, and Iran is Germany and it's racing... 641 00:34:35,449 --> 00:34:38,077 To arm itself with atomic bombs. 642 00:34:38,661 --> 00:34:42,248 Iran's nuclear ambitions must be stopped. 643 00:34:42,873 --> 00:34:47,628 They have to be stopped. We all have to stop it, now. 644 00:34:47,628 --> 00:34:50,257 That's the one message I have for you today. 645 00:34:50,257 --> 00:34:52,132 - Thank you. 646 00:34:52,132 --> 00:34:55,010 Israel was saying they were gonna bomb Iran. 647 00:34:55,010 --> 00:34:58,222 And the government here in Washington 648 00:34:58,222 --> 00:35:00,599 did all sorts of scenarios about what would happen 649 00:35:00,599 --> 00:35:03,143 if that Israeli attack occurred. 650 00:35:03,561 --> 00:35:05,730 They were all very ugly scenarios. 651 00:35:05,730 --> 00:35:08,733 Our belief was that if they went on their own 652 00:35:08,733 --> 00:35:10,527 knowing the limitations... 653 00:35:10,527 --> 00:35:12,403 No, they're a very good air force, all right? 654 00:35:12,778 --> 00:35:14,822 But it's small and the distances are great 655 00:35:14,822 --> 00:35:17,242 and the target's disbursed and hardened, all right? 656 00:35:18,242 --> 00:35:20,786 If they would have attempted a raid 657 00:35:21,496 --> 00:35:23,248 on a military plane, 658 00:35:23,539 --> 00:35:26,333 we would have been assuming that they were assuming 659 00:35:26,333 --> 00:35:28,920 we would finish that which they started. 660 00:35:28,920 --> 00:35:31,547 In other words, there would be many of us 661 00:35:31,547 --> 00:35:33,590 in government thinking that the purpose of the raid 662 00:35:33,590 --> 00:35:36,135 wasn't to destroy the iranian nuclear system, 663 00:35:36,135 --> 00:35:39,764 but the purpose of the raid was to put us at war with Iran. 664 00:35:40,724 --> 00:35:42,766 Israel is very much concerned about 665 00:35:42,766 --> 00:35:45,436 Iran's nuclear program, more than the United States. 666 00:35:45,436 --> 00:35:48,188 It's only natural because of the size of the country, 667 00:35:48,188 --> 00:35:50,608 because we live in this neighborhood, 668 00:35:50,608 --> 00:35:54,237 America lives thousands and thousands miles away from Iran. 669 00:35:54,237 --> 00:35:57,865 The two countries agreed on the goal. 670 00:35:58,157 --> 00:36:00,909 There is no page between us 671 00:36:00,909 --> 00:36:06,248 that Iran should not have a nuclear military capability. 672 00:36:06,248 --> 00:36:08,251 There are some differences 673 00:36:08,251 --> 00:36:10,628 on how to... How to achieve it 674 00:36:10,628 --> 00:36:12,922 and when action is needed. 675 00:36:22,431 --> 00:36:24,851 Yadlin: We are taking very seriously 676 00:36:24,851 --> 00:36:27,561 leaders of countries who call to the destruction 677 00:36:27,561 --> 00:36:30,190 and annihilation of our people. 678 00:36:30,398 --> 00:36:32,900 If Iran will get nuclear weapons, 679 00:36:32,900 --> 00:36:34,360 now or in the future... 680 00:36:35,320 --> 00:36:38,197 It means that for the first time in human history 681 00:36:38,989 --> 00:36:41,659 islamic zealots, religious zealots, 682 00:36:42,369 --> 00:36:44,661 will get their hand on 683 00:36:44,661 --> 00:36:47,664 the most dangerous, devastating weapons, 684 00:36:47,664 --> 00:36:50,418 and the world should prevent this. 685 00:36:52,586 --> 00:36:56,340 Samore: The Israelis believe that the iranian leadership 686 00:36:56,340 --> 00:36:59,302 has already made the decision to build nuclear weapons 687 00:36:59,302 --> 00:37:01,221 when they think they can get away with it. 688 00:37:01,596 --> 00:37:04,391 The view in the U.S. is that the iranians 689 00:37:04,391 --> 00:37:06,559 haven't made that final decision yet. 690 00:37:07,518 --> 00:37:09,436 To me, that doesn't make any difference. 691 00:37:09,436 --> 00:37:11,188 I mean, it really doesn't make any difference, 692 00:37:11,188 --> 00:37:14,358 and it's probably unknowable, unless you can put, you know, 693 00:37:14,358 --> 00:37:17,737 supreme leader khamenei on the couch and interview him. 694 00:37:17,737 --> 00:37:20,657 I think, you know, from our standpoint, 695 00:37:20,657 --> 00:37:23,284 stopping Iran from getting the threshold capacity 696 00:37:23,284 --> 00:37:26,413 is, you know, the primary policy objective. 697 00:37:27,746 --> 00:37:29,833 Once they have the fissile material, 698 00:37:29,833 --> 00:37:32,210 once they have the capacity to produce nuclear weapons, 699 00:37:32,210 --> 00:37:33,585 then the game is lost. 700 00:37:39,384 --> 00:37:41,219 Hayden: President bush once said to me, he said, 701 00:37:41,219 --> 00:37:44,304 "Mike, I don't want any president ever to be faced 702 00:37:44,304 --> 00:37:48,351 with only two options, bombing or the bomb." 703 00:37:48,351 --> 00:37:49,561 Right? 704 00:37:49,561 --> 00:37:53,148 He... he wanted options that... That made it... 705 00:37:53,356 --> 00:37:56,317 Made it far less likely he or his successor 706 00:37:56,317 --> 00:37:58,862 or successors would ever get to that point 707 00:37:58,862 --> 00:38:00,487 where that's... That's all you've got. 708 00:38:00,822 --> 00:38:04,451 We wanted to be energetic enough in pursuing this problem 709 00:38:04,826 --> 00:38:07,829 that... that the Israelis would certainly believe, 710 00:38:07,829 --> 00:38:09,038 "yeah, we get it." 711 00:38:09,038 --> 00:38:11,166 The intelligence cooperation between Israel 712 00:38:11,166 --> 00:38:14,585 and the United States is very, very good. 713 00:38:15,378 --> 00:38:17,672 And therefore, the Israelis went to the Americans 714 00:38:17,672 --> 00:38:21,300 and said, "okay, guys, you don't want us to bomb Iran. 715 00:38:21,300 --> 00:38:24,471 Okay, let's do it differently." 716 00:38:24,971 --> 00:38:28,516 And then the American intelligence community started 717 00:38:28,516 --> 00:38:30,226 rolling in joint forces 718 00:38:30,226 --> 00:38:32,186 with the Israeli intelligence community. 719 00:38:32,853 --> 00:38:36,858 One day a group of intelligence and military officials showed up 720 00:38:37,567 --> 00:38:39,485 in president bush's office 721 00:38:40,110 --> 00:38:41,612 and said, "sir, we have an idea. 722 00:38:42,780 --> 00:38:44,114 It's a big risk. 723 00:38:44,657 --> 00:38:46,451 It might not work, but here it is." 724 00:38:54,000 --> 00:38:57,628 Langner: Moving forward in my analysis of the codes, 725 00:38:57,628 --> 00:39:01,632 I took a closer look at the photographs 726 00:39:01,632 --> 00:39:03,510 that had been published 727 00:39:03,510 --> 00:39:08,264 by the iranians themselves in a press tour from 2008 728 00:39:08,264 --> 00:39:11,391 of ahmadinejad and the shiny centrifuges. 729 00:39:13,811 --> 00:39:15,688 Sanger: Well, photographs of ahmadinejad 730 00:39:15,688 --> 00:39:18,483 going through the centrifuges at natanz 731 00:39:18,483 --> 00:39:21,902 had provided some very important clues. 732 00:39:22,612 --> 00:39:24,822 There was a huge amount to be learned. 733 00:39:33,121 --> 00:39:35,916 First of all, those photographs showed 734 00:39:35,916 --> 00:39:39,253 many of the individuals who were guiding ahmadinejad 735 00:39:39,253 --> 00:39:40,420 through the program. 736 00:39:40,420 --> 00:39:43,048 And there's one very famous photograph that shows 737 00:39:43,048 --> 00:39:45,009 ahmadinejad being shown something. 738 00:39:45,009 --> 00:39:47,594 You see his face, you can't see what's on the computer. 739 00:39:47,594 --> 00:39:51,056 And one of the scientists who was behind him 740 00:39:51,056 --> 00:39:53,434 was assassinated a few months later. 741 00:39:57,813 --> 00:39:59,523 Langner: In one of those photographs, 742 00:39:59,815 --> 00:40:03,152 you could see parts of a computer screen. 743 00:40:03,152 --> 00:40:05,737 We... we refer to that as a scada screen. 744 00:40:05,737 --> 00:40:08,699 The scada system is basically a piece of software 745 00:40:08,699 --> 00:40:10,284 running on a computer. 746 00:40:10,284 --> 00:40:13,871 It enables the operators to monitor the processes. 747 00:40:14,871 --> 00:40:19,043 What you could see when you look close enough 748 00:40:19,543 --> 00:40:23,880 was a more detailed view of the configuration 749 00:40:24,715 --> 00:40:28,010 there were these six groups of centrifuges 750 00:40:28,010 --> 00:40:31,431 and each group had 164 entries. 751 00:40:32,014 --> 00:40:33,599 And guess what? 752 00:40:33,891 --> 00:40:36,226 That was a perfect match to what we saw 753 00:40:36,226 --> 00:40:37,561 in the attack code. 754 00:40:38,938 --> 00:40:42,317 It was absolutely clear that this piece of code 755 00:40:42,317 --> 00:40:45,902 was attacking an array of six different groups 756 00:40:45,902 --> 00:40:49,740 of, let's just say, thingies, physical objects, 757 00:40:49,740 --> 00:40:55,621 and in those six groups, there were 164 elements. 758 00:40:59,333 --> 00:41:01,668 Gibney: Were you able to do any actual physical tests? 759 00:41:01,668 --> 00:41:03,920 Or it was all just code analysis? 760 00:41:03,920 --> 00:41:05,840 Yeah, so, you know, we obviously 761 00:41:05,840 --> 00:41:08,925 couldn't set up our own sort of nuclear enrichment facility. 762 00:41:09,092 --> 00:41:11,387 So... but what we did was we did obtain some pics 763 00:41:11,387 --> 00:41:12,639 the exact models. 764 00:41:19,771 --> 00:41:22,190 We then ordered an air pump, and that's what we used 765 00:41:22,190 --> 00:41:23,858 sort of as our sort of proof of concept. 766 00:41:24,692 --> 00:41:26,443 O'murchu: We needed a visual demonstration 767 00:41:26,443 --> 00:41:28,612 to show people what we discovered. 768 00:41:28,945 --> 00:41:30,989 So we thought of different things that we could do, 769 00:41:30,989 --> 00:41:33,117 and we... we settled on blowing up a balloon. 770 00:41:37,454 --> 00:41:39,414 We were able to write a program that would inflate a balloon, 771 00:41:39,414 --> 00:41:42,293 and it was set to stop after five seconds. 772 00:41:52,302 --> 00:41:54,054 So it would inflate the balloon to a certain size 773 00:41:54,054 --> 00:41:55,556 but it wouldn't burst the balloon 774 00:41:55,556 --> 00:41:57,016 and it was all safe. 775 00:41:57,016 --> 00:41:59,101 And we showed everybody, this is the code 776 00:41:59,101 --> 00:42:00,311 that's on the plc. 777 00:42:00,769 --> 00:42:02,730 And the timer says, "stop after five seconds." 778 00:42:02,980 --> 00:42:04,481 We know that's what's going to happen. 779 00:42:05,108 --> 00:42:07,360 And then we would infect the computer with stuxnet, 780 00:42:07,902 --> 00:42:10,153 and we would run the test again. 781 00:42:41,351 --> 00:42:42,978 Here is a piece of software 782 00:42:42,978 --> 00:42:45,940 that should only exist in a cyber realm 783 00:42:45,940 --> 00:42:49,068 and it is able to affect physical equipment 784 00:42:49,068 --> 00:42:52,780 in a plant or factory and cause physical damage. 785 00:42:52,780 --> 00:42:54,865 Real-world physical destruction. 786 00:42:59,369 --> 00:43:02,039 At that time, things became very scary to us. 787 00:43:02,039 --> 00:43:04,541 Here you had malware potentially killing people 788 00:43:04,541 --> 00:43:06,835 and that was something that was always Hollywood-esque to us 789 00:43:06,835 --> 00:43:08,003 that we'd always laugh at 790 00:43:08,003 --> 00:43:10,047 when people made that kind of assertion. 791 00:43:15,635 --> 00:43:18,139 Gibney: At this point, you had to have started developing 792 00:43:18,139 --> 00:43:20,891 theories as to who had built stuxnet. 793 00:43:21,851 --> 00:43:23,436 It wasn't lost on us that 794 00:43:23,436 --> 00:43:26,646 there were probably only a few countries 795 00:43:26,646 --> 00:43:28,983 in the world that would want 796 00:43:28,983 --> 00:43:31,860 and have the motivation to sabotage 797 00:43:31,860 --> 00:43:33,987 Iran's nuclear enrichment facility. 798 00:43:33,987 --> 00:43:35,907 The U.S. government would be up there. 799 00:43:35,907 --> 00:43:38,074 Israeli government certainly would be... would be up there. 800 00:43:38,074 --> 00:43:40,161 You know, maybe u.K., France, Germany, 801 00:43:40,161 --> 00:43:41,621 those sorts of countries, 802 00:43:41,621 --> 00:43:43,914 but we never found any information that 803 00:43:43,914 --> 00:43:46,958 would tie it back 100 percent to... to those countries. 804 00:43:46,958 --> 00:43:48,878 There are no telltale signs. 805 00:43:48,878 --> 00:43:51,422 You know, the attackers don't leave a message inside 806 00:43:51,422 --> 00:43:53,590 saying, you know, "it was me." 807 00:43:54,509 --> 00:43:57,762 And even if they did, all of that stuff can be faked. 808 00:43:58,137 --> 00:44:00,806 So it's very, very difficult to do attribution 809 00:44:00,806 --> 00:44:02,516 when looking at computer code. 810 00:44:03,391 --> 00:44:04,936 Gibney: Subsequent work that's been done 811 00:44:04,936 --> 00:44:07,355 leads us to believe that this was the work of 812 00:44:07,355 --> 00:44:08,898 a collaboration between Israel and the United States. 813 00:44:08,898 --> 00:44:09,940 Yeah, yeah. 814 00:44:09,940 --> 00:44:11,108 Gibney: Did you have any evidence 815 00:44:11,108 --> 00:44:12,360 in terms of your analysis 816 00:44:12,360 --> 00:44:14,362 that would lead you to believe that 817 00:44:14,362 --> 00:44:15,695 that's correct also? 818 00:44:15,695 --> 00:44:17,782 Nothing that I could talk about on camera. 819 00:44:19,282 --> 00:44:22,119 Gibney: Well, can I ask why? 820 00:44:22,119 --> 00:44:23,954 No. 821 00:44:23,954 --> 00:44:25,623 Well, you can, but I won't answer. 822 00:44:28,083 --> 00:44:30,378 Gibney: But even in the case of nation-states, 823 00:44:30,378 --> 00:44:31,878 I mean, one of the concerns is... 824 00:44:31,878 --> 00:44:34,005 Gibney: This was beginning to really piss me off. 825 00:44:34,465 --> 00:44:37,802 Even civilians with an interest in telling the stuxnet story 826 00:44:37,802 --> 00:44:40,721 were refusing to address the role of Tel Aviv 827 00:44:40,721 --> 00:44:43,974 and Washington. But luckily for me, 828 00:44:44,224 --> 00:44:46,059 while D.C. is a city of secrets, 829 00:44:46,393 --> 00:44:48,144 it is also a city of leaks. 830 00:44:48,646 --> 00:44:50,356 They're as regular as a heartbeat 831 00:44:50,356 --> 00:44:52,065 and just as hard to stop. 832 00:44:53,067 --> 00:44:54,652 That's what I was counting on. 833 00:44:59,824 --> 00:45:03,369 Finally, after speaking to a number of people on background, 834 00:45:03,369 --> 00:45:05,954 I did find a way of confirming, on the record, 835 00:45:05,954 --> 00:45:07,831 the American role in stuxnet. 836 00:45:08,791 --> 00:45:10,918 In exchange for details of the operation, 837 00:45:10,918 --> 00:45:13,003 I had to agree to find a way 838 00:45:13,003 --> 00:45:15,297 to disguise the source of the information. 839 00:45:15,297 --> 00:45:17,048 - Gibney: We're good? - Man: We're on. 840 00:45:18,634 --> 00:45:20,302 Gibney: So the first question I have to ask you 841 00:45:20,302 --> 00:45:21,679 is about secrecy. 842 00:45:22,179 --> 00:45:25,266 I mean, at this point, everyone knows about stuxnet. 843 00:45:25,266 --> 00:45:26,934 Why can't we talk about it? 844 00:45:27,434 --> 00:45:28,811 It's a covert operation. 845 00:45:28,811 --> 00:45:30,605 Gibney: Not anymore. 846 00:45:30,605 --> 00:45:32,898 I mean, we know what happened, we know who did it. 847 00:45:33,148 --> 00:45:35,860 Well, maybe you don't know as much as you think you know. 848 00:45:36,652 --> 00:45:39,237 Gibney: Well, I'm talking to you because I want to 849 00:45:39,237 --> 00:45:40,614 get the story right. 850 00:45:40,614 --> 00:45:42,365 Well, that's the same reason I'm talking to you. 851 00:45:44,827 --> 00:45:46,621 Gibney: Even though it's a covert operation? 852 00:45:47,663 --> 00:45:51,500 Look, this is not a snowden kind of thing, okay? 853 00:45:51,500 --> 00:45:52,835 I think what he did was wrong. 854 00:45:52,835 --> 00:45:55,963 He went too far. He gave away too much. 855 00:45:56,463 --> 00:45:58,465 Unlike snowden, who was a contractor, 856 00:45:58,465 --> 00:46:00,259 I was in NSA. 857 00:46:00,885 --> 00:46:03,054 I believe in the agency, so what I'm willing to give you 858 00:46:03,054 --> 00:46:04,722 will be limited, but we're talking 859 00:46:04,722 --> 00:46:06,556 because everyone's getting the story wrong 860 00:46:06,556 --> 00:46:08,141 and we have to get it right. 861 00:46:08,141 --> 00:46:09,893 We have to understand these new weapons. 862 00:46:09,893 --> 00:46:11,186 The stakes are too high. 863 00:46:11,186 --> 00:46:12,480 Gibney: What do you mean? 864 00:46:14,606 --> 00:46:16,567 We did stuxnet. 865 00:46:17,777 --> 00:46:18,902 It's a fact. 866 00:46:18,902 --> 00:46:22,657 You know, we came so fucking close to disaster, 867 00:46:22,657 --> 00:46:24,324 and we're still on the edge. 868 00:46:25,867 --> 00:46:30,914 It was a huge multinational, interagency operation. 869 00:46:32,208 --> 00:46:34,918 In the U.S. it was CIA, 870 00:46:35,378 --> 00:46:38,838 NSA, and the military cyber command. 871 00:46:39,340 --> 00:46:43,010 From britain, we used Iran intel out of gchq, 872 00:46:43,594 --> 00:46:45,429 but the main partner was Israel. 873 00:46:45,429 --> 00:46:46,931 Over there, Mossad ran the show, 874 00:46:46,931 --> 00:46:49,684 and the technical work was done by unit 8200. 875 00:46:50,601 --> 00:46:53,603 Israel is really the key to the story. 876 00:46:58,067 --> 00:47:01,112 Melman: Oh, traffic in Israel is so unpredictable. 877 00:47:03,239 --> 00:47:06,282 Gibney: Yossi, how did you get into this whole stuxnet story? 878 00:47:07,451 --> 00:47:10,496 I have been covering the Israeli intelligence 879 00:47:10,496 --> 00:47:12,789 in general, in the Mossad in particular 880 00:47:12,789 --> 00:47:16,168 for nearly 30 years. 881 00:47:16,585 --> 00:47:19,630 In '82, I was a London-based correspondent 882 00:47:19,630 --> 00:47:23,092 and I covered a trial of terrorists, 883 00:47:23,092 --> 00:47:27,387 and I became more familiar with this topic of terrorism, 884 00:47:27,387 --> 00:47:31,559 and slowly but surely, I started covering it as a beat. 885 00:47:34,436 --> 00:47:37,481 Israel, we live in a very rough neighborhood 886 00:47:37,481 --> 00:47:39,858 where the... The Democratic values, 887 00:47:39,858 --> 00:47:43,153 western values, are very rare. 888 00:47:43,570 --> 00:47:47,490 But Israel pretends to be a free, Democratic, 889 00:47:47,490 --> 00:47:49,534 westernized society, 890 00:47:49,994 --> 00:47:53,329 posh neighborhoods, rich people, 891 00:47:53,496 --> 00:47:56,500 youngsters who are having 892 00:47:56,500 --> 00:47:59,503 almost similar mind-set to their American 893 00:47:59,503 --> 00:48:01,755 or western European counterparts. 894 00:48:01,755 --> 00:48:04,507 On the other hand, you see a lot of scenes 895 00:48:04,507 --> 00:48:08,679 and events which resemble the real middle east, 896 00:48:08,679 --> 00:48:14,476 terror attacks, radicals, fanatics, religious zealots. 897 00:48:18,856 --> 00:48:21,942 I knew that Israel is trying to slow down 898 00:48:21,942 --> 00:48:23,610 Iran's nuclear program, 899 00:48:23,610 --> 00:48:26,362 and therefore, I came to the conclusion that 900 00:48:26,362 --> 00:48:29,532 if there was a virus infecting Iran's computers, 901 00:48:29,532 --> 00:48:35,371 it's... it's one more element in... in this larger picture 902 00:48:36,039 --> 00:48:38,501 based on past precedents. 903 00:48:43,088 --> 00:48:46,759 Yadlin: 1981 I was an f-16 pilot, 904 00:48:47,175 --> 00:48:50,679 and we were told that, unlike our dream 905 00:48:50,679 --> 00:48:54,099 to do dogfights and to kill migs, 906 00:48:54,682 --> 00:48:58,311 we have to be prepared for a long-range mission 907 00:48:58,978 --> 00:49:01,606 to destroy a valuable target. 908 00:49:02,398 --> 00:49:04,110 Nobody told us what is 909 00:49:04,110 --> 00:49:06,487 this very valuable strategic target. 910 00:49:07,487 --> 00:49:10,657 It was 600 miles from Israel. 911 00:49:12,034 --> 00:49:15,496 So we train our self to do the job, 912 00:49:15,496 --> 00:49:19,333 which was very difficult. No air refueling at that time. 913 00:49:19,750 --> 00:49:21,793 No satellites for reconnaissance. 914 00:49:23,753 --> 00:49:26,132 Fuel was on the limit. 915 00:49:26,715 --> 00:49:29,009 Pilot: What? Whoa! Whoa! 916 00:49:31,929 --> 00:49:33,347 Yadlin: At the end of the day, 917 00:49:34,097 --> 00:49:35,807 we accomplished the mission. 918 00:49:36,307 --> 00:49:37,601 Gibney: Which was? 919 00:49:38,059 --> 00:49:40,980 Yadlin: To destroy the Iraqi nuclear reactor 920 00:49:40,980 --> 00:49:44,775 near Baghdad, which was called osirak. 921 00:49:45,025 --> 00:49:51,072 And Iraq never was able to accomplish 922 00:49:51,072 --> 00:49:53,659 its ambition to have a nuclear bomb. 923 00:49:55,619 --> 00:49:58,246 Melman: Amos yadlin, general yadlin, 924 00:49:58,246 --> 00:50:01,041 he was the head of the military intelligence. 925 00:50:01,458 --> 00:50:04,920 The biggest unit within that organization 926 00:50:04,920 --> 00:50:06,713 was unit 8200. 927 00:50:07,422 --> 00:50:09,800 They'd block telephones, they'd block faxes, 928 00:50:09,800 --> 00:50:11,969 they're breaking into computers. 929 00:50:14,304 --> 00:50:16,639 A decade ago, when yadlin became 930 00:50:16,639 --> 00:50:18,559 the chief of military intelligence, 931 00:50:19,059 --> 00:50:23,563 there was no cyber warfare unit in 8200. 932 00:50:26,483 --> 00:50:30,278 So they started recruiting very talented people, 933 00:50:30,278 --> 00:50:32,822 hackers either from the military 934 00:50:32,822 --> 00:50:35,409 or outside the military that can contribute 935 00:50:35,409 --> 00:50:38,579 to the project of building a cyber warfare unit. 936 00:50:41,331 --> 00:50:45,835 Yadlin: In the 19th century, there were only army and Navy. 937 00:50:45,835 --> 00:50:49,632 In the 20th century, we got air power 938 00:50:49,632 --> 00:50:51,342 as a third dimension of war. 939 00:50:52,009 --> 00:50:53,969 In the 21st century, 940 00:50:53,969 --> 00:50:57,514 cyber will be the fourth dimension of war. 941 00:50:58,474 --> 00:51:00,016 It's another kind of weapon 942 00:51:00,016 --> 00:51:04,605 and it is for unlimited range in a very high speed 943 00:51:05,021 --> 00:51:07,148 and in a very low signature. 944 00:51:07,148 --> 00:51:09,693 So this give you a huge opportunity... 945 00:51:10,777 --> 00:51:14,030 And the superpowers have to change 946 00:51:14,030 --> 00:51:16,115 the way we think about warfare. 947 00:51:18,369 --> 00:51:20,371 Finally we are transforming our military 948 00:51:20,371 --> 00:51:23,039 for a new kind of war that we're fighting now... 949 00:51:24,541 --> 00:51:25,960 And for wars of tomorrow. 950 00:51:27,293 --> 00:51:29,380 We have made our military better trained, 951 00:51:29,380 --> 00:51:32,298 better equipped, and better prepared 952 00:51:32,298 --> 00:51:35,052 to meet the threats facing America today 953 00:51:35,052 --> 00:51:37,304 and tomorrow and long in the future. 954 00:51:41,099 --> 00:51:43,726 Sanger: Back in the end of the bush administration, 955 00:51:43,726 --> 00:51:45,646 people within the U.S. government 956 00:51:45,646 --> 00:51:48,856 were just beginning to convince president bush 957 00:51:48,856 --> 00:51:51,735 to pour money into offensive cyber weapons. 958 00:51:52,735 --> 00:51:55,739 Stuxnet started off in the defense department. 959 00:51:56,447 --> 00:51:58,742 Then Robert gates, secretary of defense, 960 00:51:59,201 --> 00:52:01,369 reviewed this program and he said, 961 00:52:01,369 --> 00:52:03,579 "this program shouldn't be in the defense department. 962 00:52:03,579 --> 00:52:06,083 This should really be under the covert authorities 963 00:52:06,083 --> 00:52:07,918 over in the intelligence world." 964 00:52:08,876 --> 00:52:12,005 So the CIA was very deeply involved 965 00:52:12,005 --> 00:52:13,465 in this operation, 966 00:52:13,798 --> 00:52:16,427 while much of the coding work was done 967 00:52:16,427 --> 00:52:18,804 by the national security agency 968 00:52:19,012 --> 00:52:22,099 and unit 8200, its Israeli equivalent, 969 00:52:22,099 --> 00:52:25,936 working together with a newly created military position 970 00:52:25,936 --> 00:52:28,271 called U.S. cyber command. 971 00:52:29,063 --> 00:52:33,277 And interestingly, the director of the national security agency 972 00:52:33,277 --> 00:52:35,862 would also have a second role 973 00:52:35,862 --> 00:52:39,615 as the commander of U.S. cyber command. 974 00:52:40,074 --> 00:52:43,746 And U.S. cyber command is located 975 00:52:43,746 --> 00:52:47,623 at fort Meade in the same building as the NSA. 976 00:52:51,836 --> 00:52:53,838 Col. Gary d. Brown: I was deployed for a year 977 00:52:54,130 --> 00:52:57,300 giving advice on air operations in Iraq and Afghanistan, 978 00:52:57,300 --> 00:53:00,137 and when I was returning home after that, 979 00:53:00,137 --> 00:53:02,139 the assignment I was given was to go 980 00:53:02,139 --> 00:53:03,556 to U.S. cyber command. 981 00:53:04,724 --> 00:53:06,309 Cyber command is a... 982 00:53:06,601 --> 00:53:09,980 ls the military command that's responsible for 983 00:53:09,980 --> 00:53:12,983 essentially the conducting of the nation's military affairs 984 00:53:12,983 --> 00:53:14,400 in cyberspace. 985 00:53:14,902 --> 00:53:17,320 The stated reason the United States 986 00:53:17,320 --> 00:53:19,489 decided it needed a cyber command 987 00:53:19,489 --> 00:53:22,659 was because of an event called operation buckshot yankee. 988 00:53:23,159 --> 00:53:24,744 Chris inglis: In the fall of 2008, 989 00:53:24,744 --> 00:53:27,581 we found some adversaries inside 990 00:53:27,581 --> 00:53:29,208 of our classified networks. 991 00:53:30,125 --> 00:53:31,668 While it wasn't completely true 992 00:53:31,668 --> 00:53:34,295 that we always assumed that we were successful 993 00:53:34,295 --> 00:53:36,047 at defending things at the barrier, 994 00:53:36,047 --> 00:53:38,217 at the... at the kind of perimeter that we might have 995 00:53:38,217 --> 00:53:40,219 between our networks and the outside world, 996 00:53:40,219 --> 00:53:42,262 there was a large confidence 997 00:53:42,262 --> 00:53:44,431 that we'd been mostly successful. 998 00:53:44,764 --> 00:53:46,349 But that was a moment in time when we came to 999 00:53:46,349 --> 00:53:49,894 the quick conclusion that it... It's not really ever secure. 1000 00:53:50,771 --> 00:53:53,481 That then accelerated the department of defense's 1001 00:53:53,481 --> 00:53:55,067 progress towards what ultimately 1002 00:53:55,067 --> 00:53:56,193 became cyber command. 1003 00:53:59,487 --> 00:54:00,697 Good morning. 1004 00:54:01,989 --> 00:54:03,199 Good morning. 1005 00:54:03,367 --> 00:54:05,411 Good morning, sir. Cyber has one item for you today. 1006 00:54:05,869 --> 00:54:07,579 Earlier this week, antok analysts 1007 00:54:07,579 --> 00:54:09,873 detected a foreign adversary using known methods 1008 00:54:09,873 --> 00:54:11,708 to access the U.S. military network. 1009 00:54:12,208 --> 00:54:13,793 We identified the malicious activity 1010 00:54:13,793 --> 00:54:15,711 via data collected through our information assurance 1011 00:54:15,711 --> 00:54:17,255 and signals from intelligence authorities 1012 00:54:17,255 --> 00:54:19,382 and confirmed it was a cyber adversary. 1013 00:54:19,382 --> 00:54:22,052 We provided data to our cyber partners within the dod... 1014 00:54:22,052 --> 00:54:24,346 You think of NSA as an institution 1015 00:54:24,346 --> 00:54:27,224 that essentially uses its abilities in cyberspace 1016 00:54:27,599 --> 00:54:29,976 to help defend communications in that space. 1017 00:54:30,309 --> 00:54:32,228 Cyber command extends that capability 1018 00:54:32,228 --> 00:54:35,606 by saying that they will then take responsibility to attack. 1019 00:54:37,108 --> 00:54:40,070 Hayden: NSA has no legal authority to attack. 1020 00:54:40,070 --> 00:54:42,322 It's never had it, I doubt that it ever will. 1021 00:54:42,822 --> 00:54:44,907 It might explain why U.S. cyber command 1022 00:54:44,907 --> 00:54:46,617 is sitting out at fort Meade on top of 1023 00:54:46,617 --> 00:54:48,327 the national security agency, 1024 00:54:48,327 --> 00:54:51,081 because NSA has the abilities to do these things. 1025 00:54:51,414 --> 00:54:54,208 Cyber command has the authority to do these things. 1026 00:54:54,208 --> 00:54:57,420 And "these things" here refer to the cyber-attack. 1027 00:54:57,420 --> 00:54:59,465 This is a huge change 1028 00:55:00,090 --> 00:55:03,760 for the nature of the intelligence agencies. 1029 00:55:04,219 --> 00:55:07,014 The NSA was supposed to be a code-making 1030 00:55:07,014 --> 00:55:09,391 and code-breaking operation 1031 00:55:09,391 --> 00:55:13,561 to monitor the communications of foreign powers 1032 00:55:13,561 --> 00:55:14,980 and American adversaries 1033 00:55:14,980 --> 00:55:17,273 in the defense of the United States. 1034 00:55:17,773 --> 00:55:21,320 But creating a cyber command meant using 1035 00:55:21,320 --> 00:55:24,322 the same technology to do offense. 1036 00:55:26,449 --> 00:55:30,454 Once you get inside an adversary's computer networks, 1037 00:55:30,454 --> 00:55:33,289 you put an implant in that network. 1038 00:55:33,539 --> 00:55:36,168 And we have tens of thousands of foreign computers 1039 00:55:36,168 --> 00:55:38,878 and networks that the United States put implants in. 1040 00:55:39,630 --> 00:55:42,632 You can use it to monitor what's going across 1041 00:55:42,632 --> 00:55:44,675 that network and you can use it 1042 00:55:44,675 --> 00:55:47,887 to insert cyber weapons, malware. 1043 00:55:48,972 --> 00:55:52,184 If you can spy on a network, you can manipulate it. 1044 00:55:52,893 --> 00:55:54,644 It's already included. 1045 00:55:54,811 --> 00:55:57,188 The only thing you need is an act of will. 1046 00:56:01,150 --> 00:56:02,985 NSA source: I played a role in Iraq. 1047 00:56:02,985 --> 00:56:05,322 I can't tell you whether it was military or not, 1048 00:56:05,322 --> 00:56:06,949 but I can tell you 1049 00:56:06,949 --> 00:56:09,284 NSA had combat support teams in country. 1050 00:56:10,827 --> 00:56:13,496 And for the first time, units in the field 1051 00:56:13,496 --> 00:56:15,873 had direct access to NSA intel. 1052 00:56:18,460 --> 00:56:20,336 Over time, we thought more about offense 1053 00:56:20,336 --> 00:56:21,797 than defense, you know, 1054 00:56:21,797 --> 00:56:23,548 more about attacking than intelligence. 1055 00:56:24,840 --> 00:56:27,885 In the old days, sigint units would try to track radios, 1056 00:56:27,885 --> 00:56:30,137 but through NSA in Iraq, 1057 00:56:30,137 --> 00:56:32,181 we had access to all the networks 1058 00:56:32,181 --> 00:56:33,684 going in and out of the country. 1059 00:56:33,684 --> 00:56:35,768 And we hoovered up every text message, 1060 00:56:35,768 --> 00:56:37,271 email, and phone call. 1061 00:56:37,813 --> 00:56:40,190 A complete surveillance state. 1062 00:56:41,108 --> 00:56:45,195 We could find the bad guys, say, a gang making ieds, 1063 00:56:45,195 --> 00:56:48,699 map their networks, and follow them in real time. 1064 00:56:48,699 --> 00:56:50,032 Soldier: Roger. 1065 00:56:50,032 --> 00:56:51,827 NSA source: And we could lock into cell phones 1066 00:56:51,827 --> 00:56:53,869 even when they were off and send a fake text 1067 00:56:53,869 --> 00:56:56,331 from a friend, suggest a meeting place, 1068 00:56:56,331 --> 00:56:58,208 and then capture... 1069 00:56:58,208 --> 00:56:59,543 Soldier: 1A, clear to fire. 1070 00:57:00,043 --> 00:57:01,335 ...or kill. 1071 00:57:01,335 --> 00:57:02,420 Soldier: Good shot. 1072 00:57:05,465 --> 00:57:07,759 Brown: A lot of the people that came to cyber command, 1073 00:57:07,759 --> 00:57:09,552 the military guys, came directly from 1074 00:57:09,552 --> 00:57:11,597 an assignment in Afghanistan or Iraq, 1075 00:57:11,597 --> 00:57:14,141 'cause those are the people with experience 1076 00:57:14,141 --> 00:57:16,059 and expertise in operations, 1077 00:57:16,059 --> 00:57:18,019 and those are the ones you want looking at this 1078 00:57:18,019 --> 00:57:20,063 to see how cyber could facilitate 1079 00:57:20,063 --> 00:57:22,273 traditional military operations. 1080 00:57:33,994 --> 00:57:35,829 NSA source: Fresh from the surge, 1081 00:57:35,829 --> 00:57:40,333 I went to work at NSA in '07 in a supervisory capacity. 1082 00:57:40,333 --> 00:57:42,501 Gibney: Exactly where did you work? 1083 00:57:42,501 --> 00:57:43,836 NSA source: Fort Meade. 1084 00:57:43,836 --> 00:57:45,588 You know, I commuted to that massive complex 1085 00:57:45,588 --> 00:57:47,007 every single day. 1086 00:57:48,342 --> 00:57:52,637 I was in tao-s321, "the roc." 1087 00:57:53,221 --> 00:57:55,264 Gibney: Okay, the tao, the roc? 1088 00:57:55,431 --> 00:57:58,684 Right, sorry. Tao is tailored access operations. 1089 00:57:58,684 --> 00:58:00,728 It's where NSA's hackers work. 1090 00:58:00,728 --> 00:58:02,481 Of course, we didn't call them that. 1091 00:58:02,773 --> 00:58:04,106 Gibney: What did you call them? 1092 00:58:04,273 --> 00:58:05,608 NSA source: On net operators. 1093 00:58:05,942 --> 00:58:08,487 They're the only people at NSA allowed to break in 1094 00:58:08,487 --> 00:58:09,987 or attack on the Internet. 1095 00:58:10,989 --> 00:58:13,074 Inside tao headquarters is the roc, 1096 00:58:13,074 --> 00:58:14,659 remote operations center. 1097 00:58:15,452 --> 00:58:18,664 If the U.S. government wants to get in somewhere, 1098 00:58:19,748 --> 00:58:21,123 it goes to the roc. 1099 00:58:21,291 --> 00:58:24,168 I mean, we were flooded with requests. 1100 00:58:24,920 --> 00:58:27,463 So many that we could only do about, mm, 1101 00:58:27,463 --> 00:58:30,634 30% of the missions that were requested of us at one time, 1102 00:58:30,634 --> 00:58:32,260 through the web 1103 00:58:32,260 --> 00:58:35,137 but also by hijacking shipments of parts. 1104 00:58:35,972 --> 00:58:38,016 You know, sometimes the CIA would assist 1105 00:58:38,016 --> 00:58:40,643 inputting implants in machines, 1106 00:58:41,811 --> 00:58:44,563 so once inside a target network, 1107 00:58:45,440 --> 00:58:46,692 we could just... 1108 00:58:47,650 --> 00:58:48,860 Watch... 1109 00:58:50,612 --> 00:58:52,155 Or we could attack. 1110 00:58:55,992 --> 00:58:59,538 Inside NSA was a strange kind of culture, 1111 00:58:59,538 --> 00:59:01,914 like, two parts macho military 1112 00:59:01,914 --> 00:59:06,001 and two parts cyber geek. I mean, I came from Iraq, 1113 00:59:06,001 --> 00:59:07,920 so I was used to, "yes, sir. No, sir." 1114 00:59:07,920 --> 00:59:10,047 But for the weapons programmers 1115 00:59:10,047 --> 00:59:12,592 we needed more "think outside the box" types. 1116 00:59:13,427 --> 00:59:15,177 From cubicle to cubicle, 1117 00:59:15,177 --> 00:59:18,431 you'd see lightsabers, tribbles, 1118 00:59:18,431 --> 00:59:20,599 those naruto action figures, 1119 00:59:20,599 --> 00:59:22,893 lots of aqua teen hunger force. 1120 00:59:25,646 --> 00:59:29,233 This one guy, they were mostly guys, 1121 00:59:30,193 --> 00:59:32,362 who liked to wear a yellow hooded cape, 1122 00:59:32,820 --> 00:59:36,407 he used a ton of gray Iegos to build a massive death star. 1123 00:59:39,452 --> 00:59:41,621 Gibney: Were they all working on stuxnet? 1124 00:59:42,204 --> 00:59:44,248 NSA source: We never called it stuxnet. 1125 00:59:44,248 --> 00:59:47,001 That was the name invented by the antivirus guys. 1126 00:59:47,001 --> 00:59:49,003 When it hit the papers, 1127 00:59:49,003 --> 00:59:51,005 we're not allowed to read about classified operations, 1128 00:59:51,005 --> 00:59:52,507 even if it's in the New York times. 1129 00:59:52,507 --> 00:59:54,217 We went out of our way to avoid the term. 1130 00:59:54,217 --> 00:59:56,135 I mean, saying "stuxnet" out loud 1131 00:59:56,135 --> 00:59:58,304 was like saying "Voldemort" in Harry Potter. 1132 00:59:58,304 --> 00:59:59,931 The name that shall not be spoken. 1133 01:00:00,222 --> 01:00:01,724 Gibney: What did you call it then? 1134 01:00:10,233 --> 01:00:13,778 The natanz attack, and this is out there already, 1135 01:00:14,653 --> 01:00:18,617 was called olympic games or og. 1136 01:00:22,161 --> 01:00:24,581 There was a huge operation to test the code 1137 01:00:24,581 --> 01:00:26,958 on plcs here are fort Meade 1138 01:00:27,541 --> 01:00:29,960 and in sandia, new Mexico. 1139 01:00:31,755 --> 01:00:33,172 Remember during the bush era 1140 01:00:33,172 --> 01:00:35,592 when Libya turned over all the centrifuges? 1141 01:00:36,050 --> 01:00:38,219 Those were the same models the iranians got 1142 01:00:38,219 --> 01:00:40,514 from a.Q. Khan. P1's. 1143 01:00:41,931 --> 01:00:44,391 We took them to oak Ridge and used them 1144 01:00:44,391 --> 01:00:47,938 to test the code which demolished the insides. 1145 01:00:48,938 --> 01:00:52,818 At dimona, the Israelis also tested on the p1's. 1146 01:00:54,277 --> 01:00:56,862 Then, partly by using our intel on Iran, 1147 01:00:56,862 --> 01:01:00,115 we got the plans for the newer models, the ir-2's. 1148 01:01:00,951 --> 01:01:03,202 We tried out different attack vectors. 1149 01:01:03,202 --> 01:01:07,498 We ended up focusing on ways to destroy the rotor tubes. 1150 01:01:08,416 --> 01:01:11,836 In the tests we ran, we blew them apart. 1151 01:01:13,338 --> 01:01:15,257 They swept up the pieces, 1152 01:01:15,257 --> 01:01:17,967 they put it on an airplane, they flew it to Washington, 1153 01:01:17,967 --> 01:01:19,677 they stuck it in the truck, 1154 01:01:19,677 --> 01:01:21,637 they drove it through the gates of the white house, 1155 01:01:21,637 --> 01:01:25,766 and dumped the shards out on the conference room table 1156 01:01:25,766 --> 01:01:27,476 in the situation room. 1157 01:01:27,476 --> 01:01:28,978 And then they invited president bush 1158 01:01:28,978 --> 01:01:30,563 to come down and take a look. 1159 01:01:30,563 --> 01:01:32,398 And when he could pick up the shard 1160 01:01:32,398 --> 01:01:34,150 of a piece of centrifuge... 1161 01:01:35,150 --> 01:01:37,362 He was convinced this might be worth it, 1162 01:01:37,653 --> 01:01:39,489 and he said, "go ahead and try." 1163 01:01:40,322 --> 01:01:43,242 Gibney: Was there legal concern inside the bush administration 1164 01:01:43,242 --> 01:01:45,661 that this might be an act of undeclared war? 1165 01:01:46,579 --> 01:01:50,333 If there were concerns, I haven't found them. 1166 01:01:51,626 --> 01:01:54,295 That doesn't mean that they didn't exist 1167 01:01:54,295 --> 01:01:56,297 and that some lawyers somewhere 1168 01:01:56,297 --> 01:01:57,840 weren't concerned about it, 1169 01:01:57,840 --> 01:02:01,219 but this was an entirely new territory. 1170 01:02:01,802 --> 01:02:04,306 At the time, there were really very few people 1171 01:02:04,306 --> 01:02:08,434 who had expertise specifically on the law of war and cyber. 1172 01:02:08,851 --> 01:02:11,103 And basically what we did was looking at, okay, 1173 01:02:11,103 --> 01:02:12,563 here's our broad direction. 1174 01:02:13,148 --> 01:02:15,733 Now, let's look... Technically what can we do 1175 01:02:16,150 --> 01:02:18,027 to facilitate this broad direction? 1176 01:02:18,277 --> 01:02:21,155 After that, maybe the... I would come in 1177 01:02:21,155 --> 01:02:23,699 or one of my lawyers would come in and say, 1178 01:02:23,699 --> 01:02:27,704 "okay, this is what we may do." Okay. 1179 01:02:28,788 --> 01:02:29,873 There are many things we can do, 1180 01:02:29,873 --> 01:02:31,916 but we are not allowed to do them. 1181 01:02:31,916 --> 01:02:34,043 And then after that, there's still a final level 1182 01:02:34,043 --> 01:02:35,920 that we look at and that's, what should we do? 1183 01:02:36,338 --> 01:02:38,297 Because there are many things that would be 1184 01:02:38,297 --> 01:02:41,550 technically possible and technically legal 1185 01:02:41,550 --> 01:02:43,094 but a bad idea. 1186 01:02:43,637 --> 01:02:47,349 For natanz, it was a CIA-led operation, 1187 01:02:47,349 --> 01:02:49,768 so we had to have agency sign-off. 1188 01:02:50,059 --> 01:02:51,268 Gibney: Really? 1189 01:02:51,393 --> 01:02:54,230 Someone from the agency 1190 01:02:55,065 --> 01:02:57,233 stood behind the operator and the analyst 1191 01:02:57,233 --> 01:03:00,152 and gave the order to launch every attack. 1192 01:03:07,744 --> 01:03:09,579 Chien: Before they had even started this attack, 1193 01:03:09,579 --> 01:03:11,831 they put inside of the code the kill date, 1194 01:03:12,164 --> 01:03:13,958 a date at which it would stop operating. 1195 01:03:14,501 --> 01:03:16,628 O'murchu: Cutoff dates, we don't normally see that 1196 01:03:16,628 --> 01:03:18,295 in other threats, and you have to think, 1197 01:03:18,295 --> 01:03:20,172 "well, why is there a cutoff date in there?" 1198 01:03:20,590 --> 01:03:23,050 And when you realize that, well, stuxnet was probably 1199 01:03:23,050 --> 01:03:26,262 written by government and that there are laws 1200 01:03:26,262 --> 01:03:29,099 regarding how you can use this sort of software, 1201 01:03:29,099 --> 01:03:31,768 that there may have been a legal team who said, "no, you... 1202 01:03:31,768 --> 01:03:33,978 You need to have a cutoff date in there, 1203 01:03:33,978 --> 01:03:36,063 and you can only do this and you can only go that far 1204 01:03:36,063 --> 01:03:37,690 and we need to check if this is legal or not. 1205 01:03:39,733 --> 01:03:42,987 That date is a few days before Obama's inauguration. 1206 01:03:44,030 --> 01:03:46,907 So the theory was that this was an operation 1207 01:03:46,907 --> 01:03:49,327 that needed to be stopped at a certain time 1208 01:03:49,327 --> 01:03:51,704 because there was gonna be a handover 1209 01:03:51,704 --> 01:03:54,039 and that more approval was needed. 1210 01:03:57,293 --> 01:03:59,128 Are you prepared to take the oath, senator? 1211 01:03:59,128 --> 01:04:00,380 I am. 1212 01:04:00,755 --> 01:04:02,715 I, Barack Hussein Obama... 1213 01:04:02,715 --> 01:04:04,259 - I, Barack... - Do solemnly swear... 1214 01:04:04,259 --> 01:04:06,844 I, Barack Hussein Obama, do solemnly swear... 1215 01:04:07,052 --> 01:04:10,597 Sanger: Olympic games was reauthorized by president Obama 1216 01:04:10,597 --> 01:04:12,391 in his first year in office, 2009. 1217 01:04:16,896 --> 01:04:18,981 It was fascinating because it was the first year of 1218 01:04:18,981 --> 01:04:20,983 the Obama administration and they would talk to you 1219 01:04:20,983 --> 01:04:23,820 endlessly about cyber defense. 1220 01:04:24,570 --> 01:04:25,739 Obama: We count on computer networks 1221 01:04:25,739 --> 01:04:28,867 to deliver our oil and gas, our power, and our water. 1222 01:04:29,159 --> 01:04:32,411 We rely on them for public transportation 1223 01:04:32,411 --> 01:04:33,996 and air traffic control. 1224 01:04:34,329 --> 01:04:36,458 But just as we failed in the past 1225 01:04:36,458 --> 01:04:38,501 to invest in our physical infrastructure, 1226 01:04:38,793 --> 01:04:41,170 our roads, our Bridges, and rails, 1227 01:04:41,503 --> 01:04:43,172 we failed to invest in the security 1228 01:04:43,172 --> 01:04:45,050 of our digital infrastructure. 1229 01:04:45,257 --> 01:04:47,677 Sanger: He was running east room events 1230 01:04:47,844 --> 01:04:50,597 trying to get people to focus on the need to 1231 01:04:50,597 --> 01:04:52,556 defend cyber networks 1232 01:04:52,556 --> 01:04:54,266 and defend American infrastructure. 1233 01:04:54,641 --> 01:04:58,188 But when you asked questions about the use of 1234 01:04:58,188 --> 01:05:01,775 offensive cyber weapons, everything went dead. 1235 01:05:01,775 --> 01:05:03,525 No cooperation. 1236 01:05:03,525 --> 01:05:05,612 White house wouldn't help, Pentagon wouldn't help, 1237 01:05:05,612 --> 01:05:06,780 NSA wouldn't help. 1238 01:05:07,030 --> 01:05:08,447 Nobody would talk to you about it. 1239 01:05:09,364 --> 01:05:10,992 But when you dug into the budget 1240 01:05:10,992 --> 01:05:14,204 for cyber spending during the Obama administration, 1241 01:05:14,204 --> 01:05:16,164 what you discovered was 1242 01:05:16,164 --> 01:05:19,541 much of it was being spent on offensive cyber weapons. 1243 01:05:21,376 --> 01:05:25,882 You see phrases like "title 10 cno." 1244 01:05:26,298 --> 01:05:29,552 Title 10 means operations for the U.S. military, 1245 01:05:29,844 --> 01:05:34,099 and cno means computer network operations. 1246 01:05:34,807 --> 01:05:36,391 This is considerable evidence 1247 01:05:36,391 --> 01:05:38,978 that stuxnet was just the opening wedge 1248 01:05:39,646 --> 01:05:43,440 of what is a much broader U.S. government effort now 1249 01:05:43,900 --> 01:05:46,902 to develop an entire new class of weapons. 1250 01:05:52,492 --> 01:05:55,244 Chien: Stuxnet wasn't just an evolution. 1251 01:05:55,244 --> 01:05:57,914 It was really a revolution in the threat landscape. 1252 01:05:59,706 --> 01:06:02,668 In the past, the vast majority of threats that we saw 1253 01:06:02,668 --> 01:06:04,670 were always controlled by an operator somewhere. 1254 01:06:04,670 --> 01:06:06,380 They would infect your machines, 1255 01:06:06,380 --> 01:06:08,215 but they would have what's called a callback 1256 01:06:08,215 --> 01:06:09,759 or a command-and-control channel. 1257 01:06:09,925 --> 01:06:12,052 The threats would actually contact the operator 1258 01:06:12,052 --> 01:06:13,429 and say, what do you want me to do next? 1259 01:06:13,429 --> 01:06:15,014 And the operator would send down commands 1260 01:06:15,014 --> 01:06:16,932 and say, maybe, search through this directory, 1261 01:06:16,932 --> 01:06:18,893 find these folders, find these files, 1262 01:06:18,893 --> 01:06:20,728 upload these files to me, spread to this other machine, 1263 01:06:20,728 --> 01:06:22,188 things of that nature. 1264 01:06:22,730 --> 01:06:25,775 But stuxnet couldn't have a command-and-control channel 1265 01:06:26,275 --> 01:06:29,027 because once it got inside in natanz 1266 01:06:29,027 --> 01:06:31,780 it would not have been able to reach back out to the attackers. 1267 01:06:31,780 --> 01:06:34,074 The natanz network is completely air gapped 1268 01:06:34,074 --> 01:06:35,284 from the rest of the Internet. 1269 01:06:35,284 --> 01:06:36,619 It's not connected to the Internet. 1270 01:06:36,619 --> 01:06:38,121 It's its own isolated network. 1271 01:06:38,121 --> 01:06:39,873 Generally, getting across an air gap is... 1272 01:06:39,873 --> 01:06:41,498 ls one of the more difficult challenges 1273 01:06:41,498 --> 01:06:43,751 that attackers will face just because of the fact that 1274 01:06:43,751 --> 01:06:46,628 there... everything is in place to prevent that. 1275 01:06:46,628 --> 01:06:49,215 You know, everything, you know, the policies and procedures 1276 01:06:49,215 --> 01:06:51,134 and the physical network that's in place is 1277 01:06:51,134 --> 01:06:54,596 specifically designed to prevent you crossing the air gap. 1278 01:06:54,596 --> 01:06:57,056 But there's no truly air-gapped network 1279 01:06:57,056 --> 01:06:59,309 in these real-world production environments. 1280 01:06:59,309 --> 01:07:01,393 People gotta get new code into natanz. 1281 01:07:01,393 --> 01:07:04,313 People have to get log files off of this network in natanz. 1282 01:07:04,313 --> 01:07:05,773 People have to upgrade equipment. 1283 01:07:05,773 --> 01:07:07,483 People have to upgrade computers. 1284 01:07:07,650 --> 01:07:10,820 This highlights one of the major 1285 01:07:11,320 --> 01:07:14,239 security issues that we have in the field. 1286 01:07:14,239 --> 01:07:17,159 If you think, "well, nobody can attack 1287 01:07:17,159 --> 01:07:19,411 this power plant or this chemical plant 1288 01:07:19,411 --> 01:07:21,164 because it's not connected to the lnternet," 1289 01:07:21,164 --> 01:07:22,998 that's a bizarre illusion. 1290 01:07:26,668 --> 01:07:30,005 NSA source: The first time we introduced the code into natanz 1291 01:07:30,547 --> 01:07:32,342 we used human assets, 1292 01:07:33,217 --> 01:07:36,762 maybe CIA, more likely Mossad, 1293 01:07:36,762 --> 01:07:40,182 but our team was kept in the dark about the trade craft. 1294 01:07:41,099 --> 01:07:43,603 We heard rumors in Moscow, 1295 01:07:43,603 --> 01:07:47,440 an iranian laptop infected by a phony Siemens technician 1296 01:07:47,440 --> 01:07:48,733 with a flash drive... 1297 01:07:50,275 --> 01:07:53,403 A double agent in Iran with access to natanz, 1298 01:07:53,987 --> 01:07:55,697 but I don't really know. 1299 01:07:55,697 --> 01:07:58,409 What we had to focus on was to write the code 1300 01:07:59,034 --> 01:08:02,454 so that, once inside, the worm acted on its own. 1301 01:08:02,664 --> 01:08:05,041 They built in all the code and all the logic 1302 01:08:05,041 --> 01:08:07,835 into the threat to be able to operate all by itself. 1303 01:08:07,835 --> 01:08:10,088 It had the ability to spread by itself. 1304 01:08:10,088 --> 01:08:13,132 It had the ability to figure out, do I have the right pics? 1305 01:08:13,132 --> 01:08:16,051 Have I arrived in natanz? Am I at the target? 1306 01:08:16,051 --> 01:08:17,636 Langner: And when it's on target, 1307 01:08:17,636 --> 01:08:19,805 it executes autonomously. 1308 01:08:20,180 --> 01:08:23,475 That also means you... You cannot call off the attack. 1309 01:08:24,143 --> 01:08:25,895 It was definitely the type of attack 1310 01:08:26,479 --> 01:08:27,980 where someone had decided 1311 01:08:28,689 --> 01:08:30,483 that this is what they wanted to do. 1312 01:08:31,024 --> 01:08:33,819 There was no turning back once stuxnet was released. 1313 01:08:39,033 --> 01:08:41,159 When it began to actually execute its payload, 1314 01:08:41,159 --> 01:08:43,412 you would have a whole bunch of centrifuges 1315 01:08:43,412 --> 01:08:46,541 in a huge array of cascades sitting in a big hall. 1316 01:08:46,541 --> 01:08:48,751 And then just off that hall 1317 01:08:48,751 --> 01:08:50,545 you would have an operators room, 1318 01:08:50,545 --> 01:08:52,421 the control panels in front of them, a big window 1319 01:08:52,421 --> 01:08:53,840 where they could see into the hall. 1320 01:08:54,423 --> 01:08:56,591 Computers monitor the activities 1321 01:08:56,591 --> 01:08:57,969 of all these centrifuges. 1322 01:08:58,845 --> 01:09:02,931 So a centrifuge, it's driven by an electrical motor. 1323 01:09:03,515 --> 01:09:06,435 And the speed of this electrical motor 1324 01:09:06,435 --> 01:09:09,646 is controlled by another plc, 1325 01:09:09,646 --> 01:09:11,315 by another programmable logic controller. 1326 01:09:13,525 --> 01:09:17,238 Chien: Stuxnet would wait for 13 days 1327 01:09:17,238 --> 01:09:18,530 before doing anything, 1328 01:09:18,530 --> 01:09:20,658 because 13 days is about the time it takes 1329 01:09:20,658 --> 01:09:23,618 to actually fill an entire cascade of centrifuges 1330 01:09:23,618 --> 01:09:25,121 with uranium. 1331 01:09:25,454 --> 01:09:28,291 They didn't want to attack when the centrifuges essentially 1332 01:09:28,291 --> 01:09:30,667 were empty or at the beginning of the enrichment process. 1333 01:09:31,918 --> 01:09:34,296 What stuxnet did was it actually would sit there 1334 01:09:34,296 --> 01:09:37,007 during the 13 days and basically record 1335 01:09:37,007 --> 01:09:38,967 all of the normal activities 1336 01:09:38,967 --> 01:09:40,511 that were happening and save it. 1337 01:09:41,304 --> 01:09:43,639 And once they saw them spinning for 13 days, 1338 01:09:43,639 --> 01:09:45,307 then the attack occurred. 1339 01:09:46,059 --> 01:09:48,310 Centrifuges spin at incredible speeds, 1340 01:09:48,310 --> 01:09:50,270 about 1,000 hertz. 1341 01:09:50,270 --> 01:09:52,648 Langner: They have a safe operating speed, 1342 01:09:52,648 --> 01:09:55,484 63,000 revolutions per minute. 1343 01:09:55,777 --> 01:09:58,320 Chien: Stuxnet caused the uranium enrichment centrifuges 1344 01:09:58,320 --> 01:10:00,655 to spin up to 1,400 hertz. 1345 01:10:00,655 --> 01:10:03,368 Langner: Up to 80,000 revolutions per minute. 1346 01:10:06,828 --> 01:10:09,289 What would happen was those centrifuges 1347 01:10:09,289 --> 01:10:11,542 would go through what's called a resonance frequency. 1348 01:10:12,085 --> 01:10:14,337 It would go through a frequency at which the metal would 1349 01:10:14,337 --> 01:10:16,171 basically vibrate uncontrollably 1350 01:10:16,171 --> 01:10:17,506 and essentially shatter. 1351 01:10:17,672 --> 01:10:19,841 There'd be uranium gas everywhere. 1352 01:10:21,010 --> 01:10:22,886 And then the second attack they attempted 1353 01:10:22,886 --> 01:10:25,180 was they actually tried to lower it to two hertz. 1354 01:10:25,180 --> 01:10:28,850 They were slowed down to almost standstill. 1355 01:10:29,644 --> 01:10:32,188 Chien: And at two hertz, sort of an opposite effect occurs. 1356 01:10:32,188 --> 01:10:34,439 You can imagine a toy top that you spin 1357 01:10:34,439 --> 01:10:37,359 and as the top begins to slow down, it begins to wobble. 1358 01:10:37,359 --> 01:10:39,362 That's what would happen to these centrifuges. 1359 01:10:39,362 --> 01:10:41,363 They'd begin to wobble and essentially shatter 1360 01:10:41,363 --> 01:10:42,614 and fall apart. 1361 01:10:46,368 --> 01:10:49,247 And instead of sending back to the computer 1362 01:10:49,247 --> 01:10:50,872 what was really happening, it would send back 1363 01:10:50,872 --> 01:10:52,833 that old data that it had recorded. 1364 01:10:52,833 --> 01:10:54,627 So the computer's sitting there thinking, 1365 01:10:54,627 --> 01:10:56,337 "yep, running at 1,000 hertz, everything is fine. 1366 01:10:56,337 --> 01:10:58,256 Running at 1,000 hertz, everything is fine." 1367 01:10:58,256 --> 01:11:01,050 But those centrifuges are potentially spinning up wildly, 1368 01:11:01,050 --> 01:11:02,885 a huge noise would occur. 1369 01:11:02,885 --> 01:11:04,886 It'd be like, you know, a jet engine. 1370 01:11:08,390 --> 01:11:10,016 So the operators then would know, "whoa, 1371 01:11:10,016 --> 01:11:11,644 something is going wrong here." 1372 01:11:11,644 --> 01:11:13,563 They might look at their monitors and say, "hmm, 1373 01:11:13,563 --> 01:11:16,064 it says it's 1,000 hertz," but they would hear that in the room 1374 01:11:16,064 --> 01:11:17,859 something gravely bad was happening. 1375 01:11:17,859 --> 01:11:21,237 Not only are the operators fooled into thinking 1376 01:11:21,237 --> 01:11:23,029 everything's normal, 1377 01:11:23,029 --> 01:11:27,368 but also any kind of automated protective logic 1378 01:11:27,368 --> 01:11:29,119 is fooled. 1379 01:11:29,996 --> 01:11:31,913 Chien: You can't just turn these centrifuges off. 1380 01:11:32,206 --> 01:11:34,833 They have to be brought down in a very controlled manner. 1381 01:11:34,833 --> 01:11:37,002 And so they would hit, literally, the big red button 1382 01:11:37,002 --> 01:11:38,587 to initiate a graceful shutdown, 1383 01:11:38,921 --> 01:11:41,047 and stuxnet intercepts that code. 1384 01:11:41,047 --> 01:11:42,591 So you would have these operators 1385 01:11:42,591 --> 01:11:44,760 slamming on that button over and over again 1386 01:11:44,760 --> 01:11:45,927 and nothing would happen. 1387 01:11:47,220 --> 01:11:50,807 Yadlin: If your cyber weapon is good enough, 1388 01:11:50,807 --> 01:11:53,519 if your enemy is not aware of it, 1389 01:11:53,769 --> 01:11:57,439 it is an ideal weapon, because the enemy 1390 01:11:57,439 --> 01:11:59,484 even don't understand what is happening to it. 1391 01:12:00,067 --> 01:12:02,028 Gibney: Maybe even better if the enemy begins to doubt 1392 01:12:02,028 --> 01:12:04,322 - their own capability. - Absolutely. 1393 01:12:05,030 --> 01:12:07,908 Certainly one must conclude 1394 01:12:07,908 --> 01:12:10,703 that what happened at natanz 1395 01:12:10,703 --> 01:12:13,122 must have driven the engineers crazy, 1396 01:12:13,122 --> 01:12:15,582 because the worst thing that can happen 1397 01:12:15,582 --> 01:12:19,462 to a maintenance engineer is not being able to figure out 1398 01:12:19,462 --> 01:12:22,297 what the cause of specific trouble is. 1399 01:12:22,297 --> 01:12:25,635 So they must have been analyzing themselves to death. 1400 01:12:28,386 --> 01:12:31,181 Heinonen: You know, you see centrifuges blowing up. 1401 01:12:31,556 --> 01:12:35,353 You look the computer screens, they go with the proper speed. 1402 01:12:35,728 --> 01:12:39,398 There's a proper gas pressure. Everything looks beautiful. 1403 01:12:41,984 --> 01:12:45,154 Sanger: Through 2009 it was going pretty smoothly. 1404 01:12:45,154 --> 01:12:46,988 Centrifuges were blowing up. 1405 01:12:46,988 --> 01:12:49,658 The international atomic energy agency inspectors 1406 01:12:49,658 --> 01:12:52,161 would go in to natanz and they would see that 1407 01:12:52,161 --> 01:12:55,038 whole sections of the centrifuges had been removed. 1408 01:12:56,289 --> 01:12:59,377 The United States knew from its intelligence channels 1409 01:12:59,377 --> 01:13:02,837 that some iranian scientists and engineers 1410 01:13:02,837 --> 01:13:06,634 were being fired because the centrifuges were blowing up 1411 01:13:06,634 --> 01:13:09,761 and the iranians had assumed that this was because 1412 01:13:09,761 --> 01:13:13,265 they had been making errors or manufacturing mistakes. 1413 01:13:13,265 --> 01:13:14,891 Clearly this was somebody's fault. 1414 01:13:16,018 --> 01:13:18,020 So the program was doing 1415 01:13:18,020 --> 01:13:19,854 exactly what it was supposed to be doing, 1416 01:13:20,189 --> 01:13:22,942 which was it was blowing up centrifuges 1417 01:13:23,192 --> 01:13:25,027 and it was leaving no trace 1418 01:13:25,694 --> 01:13:27,779 and leaving the iranians to wonder 1419 01:13:28,238 --> 01:13:29,573 what they got hit by. 1420 01:13:30,032 --> 01:13:32,702 This was the brilliance of olympic games. 1421 01:13:32,993 --> 01:13:34,703 You know, as a former director of a couple of big 1422 01:13:34,703 --> 01:13:35,954 3-letter agencies, 1423 01:13:36,329 --> 01:13:38,748 slowing down 1,000 centrifuges in natanz... 1424 01:13:39,625 --> 01:13:40,960 Abnormally good. 1425 01:13:40,960 --> 01:13:43,587 There was a need for... for... For buying time. 1426 01:13:43,587 --> 01:13:46,215 There was a need for slowing them down. 1427 01:13:46,215 --> 01:13:48,134 There was the need to try to push them 1428 01:13:48,134 --> 01:13:49,510 to the negotiating table. 1429 01:13:49,510 --> 01:13:51,804 I mean, there are a lot of variables at play here. 1430 01:13:56,141 --> 01:13:59,770 Sanger: President Obama would go down into the situation room, 1431 01:14:00,229 --> 01:14:03,481 and he would have laid out in front of him 1432 01:14:03,481 --> 01:14:05,150 what they called the horse blanket, 1433 01:14:05,150 --> 01:14:07,360 which was a giant schematic 1434 01:14:07,360 --> 01:14:10,823 of the natanz nuclear enrichment plan. 1435 01:14:11,407 --> 01:14:14,493 And the designers of olympic games 1436 01:14:14,493 --> 01:14:17,662 would describe to him what kind of progress they made 1437 01:14:17,662 --> 01:14:19,957 and look for him for the authorization 1438 01:14:19,957 --> 01:14:22,167 to move on ahead to the next attack. 1439 01:14:24,002 --> 01:14:26,046 And at one point during those discussions, 1440 01:14:26,046 --> 01:14:27,797 he said to a number of his aides, 1441 01:14:27,797 --> 01:14:29,382 "you know, I have some concerns 1442 01:14:29,382 --> 01:14:31,844 because once word of this gets out," 1443 01:14:31,844 --> 01:14:33,511 and eventually he knew it would get out, 1444 01:14:33,511 --> 01:14:35,514 "the Chinese may use it as an excuse 1445 01:14:35,514 --> 01:14:38,850 for their attacks on us. The Russians might or others." 1446 01:14:39,393 --> 01:14:42,438 So he clearly had some misgivings, 1447 01:14:43,064 --> 01:14:44,856 but they weren't big enough to stop him 1448 01:14:44,856 --> 01:14:46,274 from going ahead with the program. 1449 01:14:47,443 --> 01:14:50,613 And then in 2010, 1450 01:14:50,988 --> 01:14:54,199 a decision was made to change the code. 1451 01:15:00,038 --> 01:15:01,498 Our human assets 1452 01:15:02,123 --> 01:15:05,586 weren't always able to get code updates into natanz 1453 01:15:05,586 --> 01:15:07,712 and we weren't told exactly why, 1454 01:15:08,296 --> 01:15:12,301 but we were told we had to have a cyber solution 1455 01:15:12,301 --> 01:15:13,802 for delivering the code. 1456 01:15:14,261 --> 01:15:16,805 But the delivery systems were tricky. 1457 01:15:17,139 --> 01:15:19,809 If they weren't aggressive enough, they wouldn't get in. 1458 01:15:20,100 --> 01:15:22,478 If they were too aggressive, they could spread 1459 01:15:22,895 --> 01:15:24,145 and be discovered. 1460 01:15:26,148 --> 01:15:27,899 Chien: When we got the first sample, 1461 01:15:27,899 --> 01:15:30,235 there was some configuration information inside of it. 1462 01:15:30,235 --> 01:15:33,447 And one of the pieces in there was a version number, 1.1 1463 01:15:34,489 --> 01:15:35,783 and that made us realize, 1464 01:15:35,783 --> 01:15:37,993 well, look, this likely isn't the only copy. 1465 01:15:37,993 --> 01:15:40,246 We went back through our databases looking for 1466 01:15:40,246 --> 01:15:42,707 anything that looks similar to stuxnet. 1467 01:15:44,457 --> 01:15:46,167 Chien: As we began to collect more samples, 1468 01:15:46,167 --> 01:15:48,045 we found a few earlier versions of stuxnet. 1469 01:15:49,130 --> 01:15:50,840 O'murchu: And when we analyzed that code, 1470 01:15:50,840 --> 01:15:53,509 we saw that versions previous to 1.1 1471 01:15:53,509 --> 01:15:55,176 were a lot less aggressive. 1472 01:15:55,636 --> 01:15:57,470 The earlier version of stuxnet, 1473 01:15:57,470 --> 01:15:59,640 it basically required humans to do a little bit 1474 01:15:59,640 --> 01:16:01,975 of double clicking in order for it to spread 1475 01:16:01,975 --> 01:16:03,519 from one computer to another. 1476 01:16:03,519 --> 01:16:05,770 And, so, what we believe after looking at that code 1477 01:16:05,770 --> 01:16:06,896 is two things, 1478 01:16:07,314 --> 01:16:09,608 one, either they didn't get in to natanz 1479 01:16:09,608 --> 01:16:10,859 with that earlier version, 1480 01:16:10,859 --> 01:16:12,444 because it simply wasn't aggressive enough, 1481 01:16:12,444 --> 01:16:14,195 wasn't able to jump over that air gap, 1482 01:16:15,155 --> 01:16:17,992 and/or two, that payload as well 1483 01:16:17,992 --> 01:16:21,287 didn't work properly, didn't work to their satisfaction, 1484 01:16:21,578 --> 01:16:23,372 maybe was not explosive enough. 1485 01:16:23,956 --> 01:16:26,207 There were slightly different versions 1486 01:16:26,207 --> 01:16:28,543 which were aimed at different parts 1487 01:16:28,543 --> 01:16:30,171 of the centrifuge cascade. 1488 01:16:30,171 --> 01:16:33,173 Gibney: But the guys at symantec figured you changed the code 1489 01:16:33,173 --> 01:16:34,966 because the first variations couldn't get in 1490 01:16:34,966 --> 01:16:36,135 and didn't work right. 1491 01:16:36,426 --> 01:16:37,427 Bullshit. 1492 01:16:38,220 --> 01:16:40,472 We always found a way to get across the air gap. 1493 01:16:40,472 --> 01:16:42,766 At tao, we laughed when people thought they were 1494 01:16:42,766 --> 01:16:44,393 protected by an air gap. 1495 01:16:45,060 --> 01:16:48,104 And for og, the early versions of the payload did work. 1496 01:16:48,564 --> 01:16:50,356 But What NSA did... 1497 01:16:51,984 --> 01:16:54,779 Was always low-key and subtle. 1498 01:16:55,904 --> 01:16:59,158 The problem was that unit 8200, the Israelis, 1499 01:16:59,158 --> 01:17:01,284 kept pushing us to be more aggressive. 1500 01:17:02,912 --> 01:17:05,581 Chien: The later version of stuxnet 1.1, 1501 01:17:05,581 --> 01:17:07,707 that version had multiple ways of spreading. 1502 01:17:07,707 --> 01:17:09,918 Had the four zero days inside of it, for example, 1503 01:17:09,918 --> 01:17:11,712 that allowed it to spread all by itself 1504 01:17:11,712 --> 01:17:12,837 without you doing anything. 1505 01:17:12,837 --> 01:17:14,422 It could spread via network shares. 1506 01:17:14,422 --> 01:17:16,341 It could spread via USB keys. 1507 01:17:16,341 --> 01:17:18,761 It was able to spread via network exploits. 1508 01:17:18,761 --> 01:17:20,261 That's the sample that introduced us 1509 01:17:20,261 --> 01:17:22,305 to stolen digital certificates. 1510 01:17:22,305 --> 01:17:24,725 That is the sample that, all of a sudden, 1511 01:17:24,725 --> 01:17:26,894 became so noisy 1512 01:17:26,894 --> 01:17:29,979 and caught the attention of the antivirus guys. 1513 01:17:30,898 --> 01:17:33,525 In the first sample we don't find that. 1514 01:17:34,859 --> 01:17:40,949 And this is very strange, because it tells us that 1515 01:17:40,949 --> 01:17:43,202 in the process of this development 1516 01:17:43,743 --> 01:17:46,287 the attackers were less concerned 1517 01:17:46,287 --> 01:17:48,122 with operational security. 1518 01:17:53,628 --> 01:17:56,172 Chien: Stuxnet actually kept a log inside of itself 1519 01:17:56,881 --> 01:17:59,301 of all the machines that it infected along the way 1520 01:17:59,301 --> 01:18:01,386 as it jumped from one machine to another 1521 01:18:01,386 --> 01:18:02,555 to another to another. 1522 01:18:02,971 --> 01:18:04,974 And we were able to gather up 1523 01:18:04,974 --> 01:18:06,975 all the samples that we could acquire, 1524 01:18:07,141 --> 01:18:10,436 tens of thousands of samples. We extracted all of those logs. 1525 01:18:10,436 --> 01:18:13,148 O'murchu: We could see the exact path that stuxnet took. 1526 01:18:15,275 --> 01:18:17,319 Chien: Eventually, we were able to trace back 1527 01:18:17,319 --> 01:18:19,488 this version of stuxnet to ground zero, 1528 01:18:19,779 --> 01:18:22,323 to the first five infections in the world. 1529 01:18:23,158 --> 01:18:25,994 The first five infections are all outside a natanz plant, 1530 01:18:26,161 --> 01:18:28,997 all inside of organizations inside of Iran, 1531 01:18:29,747 --> 01:18:32,001 all organizations that are involved in 1532 01:18:32,001 --> 01:18:34,461 industrial control systems and construction 1533 01:18:34,461 --> 01:18:36,087 of industrial control facilities, 1534 01:18:36,337 --> 01:18:39,925 clearly contractors who were working on the natanz facility. 1535 01:18:39,925 --> 01:18:41,676 And the attackers knew that. 1536 01:18:42,261 --> 01:18:45,014 They were electrical companies. They were piping companies. 1537 01:18:45,014 --> 01:18:46,599 They were, you know, these sorts of companies. 1538 01:18:46,806 --> 01:18:48,434 And they knew... They knew the technicians 1539 01:18:48,434 --> 01:18:50,185 from those companies would visit natanz. 1540 01:18:50,185 --> 01:18:51,729 So they would infect these companies 1541 01:18:51,936 --> 01:18:54,981 and then technicians would take their computer 1542 01:18:54,981 --> 01:18:56,274 or their laptop or their USB... 1543 01:18:56,274 --> 01:18:58,068 That operator then goes down to natanz 1544 01:18:58,068 --> 01:19:00,237 and he plugs in his USB key, which has some code 1545 01:19:00,237 --> 01:19:02,113 that he needs to update into natanz, 1546 01:19:02,113 --> 01:19:03,698 into the natanz network, 1547 01:19:03,698 --> 01:19:05,367 and now stuxnet is able to get inside natanz 1548 01:19:05,367 --> 01:19:06,702 and conduct its attack. 1549 01:19:07,953 --> 01:19:10,331 These five companies were specifically targeted 1550 01:19:10,331 --> 01:19:12,207 to spread stuxnet into natanz 1551 01:19:12,373 --> 01:19:15,627 and that it wasn't that... that stuxnet escaped out of natanz 1552 01:19:15,627 --> 01:19:17,128 and then spread all over the world 1553 01:19:17,128 --> 01:19:19,547 and it was this big mistake and "oh, it wasn't meant 1554 01:19:19,547 --> 01:19:21,300 to spread that far but it really did." 1555 01:19:21,300 --> 01:19:23,051 No, that's not the way we see it. 1556 01:19:23,051 --> 01:19:25,970 The way we see it is that they wanted it to spread far 1557 01:19:25,970 --> 01:19:27,640 so that they could get it into natanz. 1558 01:19:27,847 --> 01:19:31,726 Someone decided that we're gonna create something new, 1559 01:19:31,976 --> 01:19:33,061 something evolved, 1560 01:19:33,686 --> 01:19:35,814 that's gonna be far, far, far more aggressive. 1561 01:19:36,481 --> 01:19:39,902 And we're okay, frankly, 1562 01:19:39,902 --> 01:19:42,613 with it spreading all over the world to innocent machines 1563 01:19:42,863 --> 01:19:44,448 in order to go after our target. 1564 01:19:50,162 --> 01:19:55,333 The Mossad had the role, had the... the assignment 1565 01:19:56,042 --> 01:20:01,923 to deliver the virus to make sure that stuxnet 1566 01:20:01,923 --> 01:20:06,804 would be put in place in natanz to affect the centrifuges. 1567 01:20:08,680 --> 01:20:10,890 Meir dagan, the head of Mossad, 1568 01:20:10,890 --> 01:20:14,185 was under growing pressure from the prime minister, 1569 01:20:14,185 --> 01:20:17,064 Benjamin netanyahu, to produce results. 1570 01:20:18,940 --> 01:20:20,109 Inside the roc, 1571 01:20:20,109 --> 01:20:22,194 we were furious. 1572 01:20:23,945 --> 01:20:26,782 The Israelis took our code for the delivery system 1573 01:20:27,365 --> 01:20:28,658 and changed it. 1574 01:20:30,077 --> 01:20:32,578 Then, on their own, without our agreement, 1575 01:20:32,578 --> 01:20:34,372 they just fucking launched it. 1576 01:20:35,039 --> 01:20:36,958 2010 around the same time 1577 01:20:36,958 --> 01:20:38,752 they started killing iranian scientists... 1578 01:20:38,752 --> 01:20:40,462 And they fucked up the code! 1579 01:20:40,921 --> 01:20:42,463 Instead of hiding, 1580 01:20:42,463 --> 01:20:44,925 the code started shutting down computers, 1581 01:20:44,925 --> 01:20:46,676 so naturally, people noticed. 1582 01:20:48,636 --> 01:20:51,640 Because they were in a hurry, they opened pandora's box. 1583 01:20:52,640 --> 01:20:53,766 They let it out 1584 01:20:53,766 --> 01:20:57,061 and it spread all over the world. 1585 01:21:02,234 --> 01:21:04,028 Gibney: The worm spread quickly 1586 01:21:04,319 --> 01:21:06,154 but somehow it remained unseen 1587 01:21:06,154 --> 01:21:08,198 until it was identified in Belarus. 1588 01:21:09,158 --> 01:21:11,743 Soon after, Israeli intelligence confirmed 1589 01:21:11,743 --> 01:21:13,746 that it had made its way into the hands 1590 01:21:13,746 --> 01:21:15,747 of the Russian federal security service, 1591 01:21:15,747 --> 01:21:17,707 a successor to the kgb. 1592 01:21:19,292 --> 01:21:22,671 So it happened that the formula for a secret cyber weapon 1593 01:21:22,671 --> 01:21:24,338 designed by the U.S. and Israel 1594 01:21:24,338 --> 01:21:25,882 fell into the hands of Russia 1595 01:21:26,425 --> 01:21:28,426 and the very country it was meant to attack. 1596 01:21:50,990 --> 01:21:52,533 Kiyaei: In international law, 1597 01:21:52,533 --> 01:21:56,037 when some country or a coalition of countries 1598 01:21:56,287 --> 01:22:00,751 targets a nuclear facility, it's a act of war. 1599 01:22:01,667 --> 01:22:04,587 Please, let's be frank here. 1600 01:22:05,213 --> 01:22:07,925 If it wasn't Iran, 1601 01:22:08,550 --> 01:22:11,261 let's say a nuclear facility in United States... 1602 01:22:12,554 --> 01:22:14,264 Was targeted in the same way... 1603 01:22:16,475 --> 01:22:18,101 The American government 1604 01:22:18,519 --> 01:22:21,229 would not sit by and let this go. 1605 01:22:22,064 --> 01:22:24,649 Gibney: Stuxnet is an attack in peacetime 1606 01:22:24,649 --> 01:22:25,734 on critical infrastructures. 1607 01:22:25,900 --> 01:22:29,029 Yes, it is. I'm... Look, when I read about it, 1608 01:22:29,029 --> 01:22:31,739 I read it, I go, "whoa, this is a big deal." 1609 01:22:31,739 --> 01:22:33,449 Yeah. 1610 01:22:35,159 --> 01:22:37,703 Sanger: The people who were running this program, 1611 01:22:37,703 --> 01:22:39,163 including Leon panetta, 1612 01:22:39,163 --> 01:22:41,166 the director of the CIA at the time, 1613 01:22:41,750 --> 01:22:44,418 had to go down into the situation room 1614 01:22:44,418 --> 01:22:46,587 and face president Obama, 1615 01:22:46,587 --> 01:22:50,134 vice president biden and explain that this program 1616 01:22:50,425 --> 01:22:52,970 was suddenly on the loose. 1617 01:22:54,262 --> 01:22:55,805 Vice president biden, 1618 01:22:55,805 --> 01:22:58,350 at one point during this discussion, 1619 01:22:59,184 --> 01:23:01,895 sort of exploded in biden-esque fashion 1620 01:23:01,895 --> 01:23:03,438 and blamed the Israelis. 1621 01:23:03,438 --> 01:23:05,858 He said, "it must have been the Israelis 1622 01:23:05,858 --> 01:23:07,943 who made a change in the code 1623 01:23:07,943 --> 01:23:10,028 that enabled it to get out." 1624 01:23:11,904 --> 01:23:14,115 Richard Clarke: President Obama said to the senior leadership, 1625 01:23:14,115 --> 01:23:17,118 "you told me it wouldn't get out of the network. It did. 1626 01:23:17,118 --> 01:23:19,287 You told me the iranians would never figure out 1627 01:23:19,287 --> 01:23:21,289 it was the United States. They did. 1628 01:23:21,582 --> 01:23:23,292 You told me it would have a huge affect 1629 01:23:23,292 --> 01:23:26,962 on their nuclear program, and it didn't." 1630 01:23:28,630 --> 01:23:32,134 Sanger: The natanz plant is inspected every couple of weeks 1631 01:23:32,466 --> 01:23:35,636 by the international atomic energy agency inspectors. 1632 01:23:36,095 --> 01:23:38,806 And if you line up what you know about the attacks 1633 01:23:39,056 --> 01:23:41,976 with the inspection reports, you can see the effects. 1634 01:23:43,311 --> 01:23:45,479 Heinonen: If you go to the IAEA reports, 1635 01:23:45,479 --> 01:23:47,774 they really show that all of those centrifuges 1636 01:23:47,774 --> 01:23:50,652 were switched off and they were removed. 1637 01:23:51,278 --> 01:23:54,655 As much as almost couple of thousand got compromised. 1638 01:23:55,823 --> 01:23:57,283 When you put this altogether, 1639 01:23:57,283 --> 01:24:00,078 I wouldn't be surprised if their program got delayed 1640 01:24:00,078 --> 01:24:01,246 by the one year. 1641 01:24:01,622 --> 01:24:05,417 But go then to year 2012-13 1642 01:24:05,417 --> 01:24:08,712 and looking how the centrifuges started to come up again. 1643 01:24:09,003 --> 01:24:10,588 Kiyaei: Iran's number of centrifuges 1644 01:24:10,588 --> 01:24:12,466 went up exponentially, 1645 01:24:12,466 --> 01:24:16,511 to 20,000, with a stockpile of low enriched uranium. 1646 01:24:16,511 --> 01:24:18,846 This isn't... These are high numbers. 1647 01:24:19,680 --> 01:24:22,184 Iran's nuclear facilities expanded 1648 01:24:22,184 --> 01:24:24,770 with the construction of fordow 1649 01:24:24,770 --> 01:24:27,355 and other highly protected facilities. 1650 01:24:29,440 --> 01:24:32,194 So ironically, cyber warfare... 1651 01:24:33,028 --> 01:24:35,613 Assassination of its nuclear scientists, 1652 01:24:36,030 --> 01:24:39,326 economic sanctions, political isolation... 1653 01:24:41,203 --> 01:24:43,704 Iran has gone through "a" to "x" 1654 01:24:43,704 --> 01:24:48,292 of every chorus of policy that the U.S., Israel, 1655 01:24:48,292 --> 01:24:52,421 and those who ally with them have placed on Iran, 1656 01:24:52,965 --> 01:24:55,926 and they have actually made Iran's nuclear program 1657 01:24:55,926 --> 01:24:58,636 more advanced today than it was ever before. 1658 01:25:02,807 --> 01:25:04,559 Mossad operative: This is a very 1659 01:25:04,559 --> 01:25:07,688 very dangerous minefield that we are walking, 1660 01:25:07,688 --> 01:25:10,606 and nations who decide 1661 01:25:10,606 --> 01:25:12,775 to take these covert actions 1662 01:25:13,902 --> 01:25:16,947 should be taking into consideration 1663 01:25:17,572 --> 01:25:22,411 all the effects, including the moral effects. 1664 01:25:23,036 --> 01:25:27,082 I would say that this is the price 1665 01:25:27,082 --> 01:25:31,420 that we have to pay in this... In this war, 1666 01:25:31,752 --> 01:25:34,297 and our blade of righteousness 1667 01:25:34,297 --> 01:25:35,673 shouldn't be so sharp. 1668 01:25:41,512 --> 01:25:43,931 Gibney: In Israel and in the United States, 1669 01:25:43,931 --> 01:25:46,268 the blade of righteousness cut both ways, 1670 01:25:46,768 --> 01:25:49,313 wounding the targets and the attackers. 1671 01:25:50,396 --> 01:25:52,815 When stuxnet infected American computers, 1672 01:25:52,815 --> 01:25:54,859 the department of homeland security, 1673 01:25:55,193 --> 01:25:58,113 unaware of the cyber weapons launch by the NSA, 1674 01:25:58,404 --> 01:26:01,574 devoted enormous resources trying to protect Americans 1675 01:26:01,574 --> 01:26:02,868 from their own government. 1676 01:26:03,368 --> 01:26:05,787 We had met the enemy and it was us. 1677 01:26:11,585 --> 01:26:13,252 Se Paul mcgurk: The purpose of the watch stations that 1678 01:26:13,252 --> 01:26:15,421 you see in front of you is to aggregate the data 1679 01:26:15,421 --> 01:26:16,881 - coming in from multiple feeds 1680 01:26:16,881 --> 01:26:18,632 of what the cyber threats could be, 1681 01:26:18,632 --> 01:26:20,051 so if we see threats 1682 01:26:20,051 --> 01:26:22,636 we can provide real-time recommendations 1683 01:26:22,636 --> 01:26:25,849 for both private companies, as well as federal agencies. 1684 01:26:26,600 --> 01:26:30,061 Male journalist: 1685 01:26:30,479 --> 01:26:32,898 Yep, absolutely. We'd be more than happy to discuss that. 1686 01:26:32,898 --> 01:26:33,981 Female journalist: Se is it... 1687 01:26:33,981 --> 01:26:36,568 Mcgurk: Early July of 2010 we received a call 1688 01:26:36,568 --> 01:26:39,195 that said that this piece of malware was discovered 1689 01:26:39,195 --> 01:26:40,572 and could we take a look at it. 1690 01:26:42,157 --> 01:26:43,658 When we first started the analysis, 1691 01:26:43,658 --> 01:26:46,036 there was that "oh, crap" moment, you know, 1692 01:26:46,036 --> 01:26:47,828 where we sat there and said, this is something 1693 01:26:47,828 --> 01:26:48,997 that's significant. 1694 01:26:48,997 --> 01:26:50,707 It's impacting industrial control. 1695 01:26:50,957 --> 01:26:53,417 It can disrupt it to the point where it could cause harm 1696 01:26:53,417 --> 01:26:55,503 and not only damage to the equipment, 1697 01:26:55,503 --> 01:26:57,546 but potentially harm or loss of life. 1698 01:26:58,340 --> 01:27:00,509 We were very concerned because stuxnet 1699 01:27:00,509 --> 01:27:02,301 was something that we had not seen before. 1700 01:27:02,301 --> 01:27:04,429 So there wasn't a lot of sleep that night. 1701 01:27:04,429 --> 01:27:07,349 Basically, light up the phones, call everybody we know, 1702 01:27:07,349 --> 01:27:10,560 inform the secretary, inform the white house, 1703 01:27:10,769 --> 01:27:12,854 inform the other departments and agencies, 1704 01:27:13,020 --> 01:27:15,689 wake up the world, and figure out what's going on 1705 01:27:15,689 --> 01:27:17,900 with this particular malware. 1706 01:27:19,694 --> 01:27:20,987 Good morning, chairman lieberman, 1707 01:27:20,987 --> 01:27:22,238 ranking member Collins. 1708 01:27:22,823 --> 01:27:24,615 Something as simple and innocuous as this 1709 01:27:24,615 --> 01:27:26,784 becomes a challenge for all of us to maintain 1710 01:27:26,784 --> 01:27:29,746 accountability control of our critical infrastructure systems. 1711 01:27:30,247 --> 01:27:32,373 This actually contains the stuxnet virus. 1712 01:27:32,541 --> 01:27:34,042 I've been asked on a number of occasions, 1713 01:27:34,042 --> 01:27:35,877 "did you ever think this was us?" 1714 01:27:35,877 --> 01:27:39,547 And at... at no point did that ever really cross our mind, 1715 01:27:39,547 --> 01:27:42,384 because we were looking at it from the standpoint of, 1716 01:27:42,716 --> 01:27:44,677 is this something that's coming after the homeland? 1717 01:27:44,677 --> 01:27:47,221 You know, what... what's going to potentially impact, 1718 01:27:47,221 --> 01:27:50,015 you know, our industrial control based here in the United States? 1719 01:27:50,475 --> 01:27:53,395 You know, I liken it to, you know, field of battle. 1720 01:27:53,561 --> 01:27:55,564 You don't think the sniper that's behind you 1721 01:27:55,564 --> 01:27:57,064 is gonna be shooting at you, 1722 01:27:57,231 --> 01:27:58,817 'cause you expect him to be on your side. 1723 01:27:59,359 --> 01:28:03,070 We really don't know who the attacker was 1724 01:28:03,070 --> 01:28:04,448 in the stuxnet case. 1725 01:28:04,655 --> 01:28:06,867 So help us understand a little more 1726 01:28:07,158 --> 01:28:09,327 what this thing is 1727 01:28:10,036 --> 01:28:15,417 whose origin and destination we don't understand. 1728 01:28:16,667 --> 01:28:18,752 Gibney: Did anybody ever give you any indication 1729 01:28:18,752 --> 01:28:20,921 that it was something that they already knew about? 1730 01:28:20,921 --> 01:28:23,675 No, at no time did I get the impression from someone 1731 01:28:23,675 --> 01:28:26,552 that that's okay, you know, get the little pat on the head, 1732 01:28:26,552 --> 01:28:28,012 and... and scooted out the door. 1733 01:28:28,012 --> 01:28:29,890 I never received a stand-down order. 1734 01:28:29,890 --> 01:28:33,518 I never... no one ever asked, "stop looking at this." 1735 01:28:34,101 --> 01:28:37,939 Do we think that this was a nation-state actor 1736 01:28:37,939 --> 01:28:40,358 and that there are a limited number of nation-states 1737 01:28:40,358 --> 01:28:43,737 that have such advanced capacity? 1738 01:28:45,613 --> 01:28:47,865 Gibney: Se mcgurk, the director of cyber 1739 01:28:47,865 --> 01:28:49,618 for the department of homeland security, 1740 01:28:49,618 --> 01:28:52,453 testified before the senate about how he thought 1741 01:28:52,453 --> 01:28:55,539 stuxnet was a terrifying threat to the United States. 1742 01:28:55,789 --> 01:28:57,082 Is that not a problem? 1743 01:28:57,082 --> 01:28:58,960 I don't... and... and how... How do you mean? 1744 01:28:59,252 --> 01:29:01,630 That stuxnet was a bad idea? 1745 01:29:02,046 --> 01:29:04,716 Gibney: No, no, no, just that before he knew what it was 1746 01:29:04,716 --> 01:29:06,551 - and what it attacks... - Oh, I... I get it. 1747 01:29:06,551 --> 01:29:07,969 - Gibney: Yeah... - Yeah, 1748 01:29:07,969 --> 01:29:09,554 he was responding to something that we... 1749 01:29:09,554 --> 01:29:10,555 Gibney: He thought it was a threat 1750 01:29:10,889 --> 01:29:12,765 to critical infrastructure in the United States. 1751 01:29:12,765 --> 01:29:14,475 Yeah. The worm is loose! 1752 01:29:14,475 --> 01:29:16,310 Gibney: The worm is loose. I understand. 1753 01:29:16,310 --> 01:29:19,355 But there's... There's a further theory 1754 01:29:19,355 --> 01:29:20,940 having to do with whether or not, 1755 01:29:20,940 --> 01:29:23,150 following upon David sanger... 1756 01:29:23,150 --> 01:29:25,069 I got the subplot, and who did that? 1757 01:29:25,069 --> 01:29:26,947 Was it the Israelis? And, yeah, I... 1758 01:29:27,572 --> 01:29:30,492 I truly don't know, and even though I don't know, 1759 01:29:30,492 --> 01:29:32,159 I still can't talk about it, all right? 1760 01:29:32,493 --> 01:29:35,997 Stuxnet was somebody's covert action, all right? 1761 01:29:36,247 --> 01:29:37,916 And the definition of covert action 1762 01:29:37,916 --> 01:29:40,835 is an activity in which you want to have the hand 1763 01:29:40,835 --> 01:29:42,837 of the actor forever hidden. 1764 01:29:43,171 --> 01:29:46,341 So by definition, it's gonna end up in this 1765 01:29:46,341 --> 01:29:48,260 "we don't talk about these things" box. 1766 01:29:53,931 --> 01:29:56,810 Sanger: To this day, the United States government 1767 01:29:56,810 --> 01:29:58,936 has never acknowledged 1768 01:29:58,936 --> 01:30:03,399 conducting any offensive cyber attack anywhere in the world. 1769 01:30:05,443 --> 01:30:10,364 But thanks to Mr. snowden, we know that in 2012 1770 01:30:10,364 --> 01:30:12,742 president Obama issued an executive order 1771 01:30:12,951 --> 01:30:15,703 that laid out some of the conditions 1772 01:30:15,703 --> 01:30:18,163 under which cyber weapons can be used. 1773 01:30:18,163 --> 01:30:21,710 And interestingly, every use of a cyber weapon 1774 01:30:21,710 --> 01:30:24,753 requires presidential sign-off. 1775 01:30:26,006 --> 01:30:29,842 That is only true in the physical world 1776 01:30:29,842 --> 01:30:31,720 for nuclear weapons. 1777 01:30:43,023 --> 01:30:45,317 Clarke: Nuclear war and nuclear weapons are vastly different 1778 01:30:45,317 --> 01:30:47,193 from cyber war and cyber weapons. 1779 01:30:47,193 --> 01:30:50,154 Having said that, there are some similarities. 1780 01:30:50,154 --> 01:30:52,573 And in the early 1960s, 1781 01:30:52,990 --> 01:30:54,908 the United States government suddenly realized 1782 01:30:54,908 --> 01:30:56,953 it had thousands of nuclear weapons, 1783 01:30:57,162 --> 01:30:58,829 big ones and little ones, 1784 01:30:58,829 --> 01:31:01,166 weapons on jeeps, weapons on submarines, 1785 01:31:02,042 --> 01:31:04,168 and it really didn't have a doctrine. 1786 01:31:04,168 --> 01:31:06,003 It really didn't have a strategy. 1787 01:31:06,003 --> 01:31:07,756 It really didn't have an understanding 1788 01:31:08,047 --> 01:31:10,175 at the policy level about how he was going to use 1789 01:31:10,175 --> 01:31:11,342 all of these things. 1790 01:31:11,926 --> 01:31:13,927 And so academics 1791 01:31:13,927 --> 01:31:16,765 started publishing unclassified documents 1792 01:31:16,765 --> 01:31:20,601 about nuclear war and nuclear weapons. 1793 01:31:23,104 --> 01:31:24,355 Sanger: And the result was 1794 01:31:24,730 --> 01:31:27,067 more than 2O years, in the United States, 1795 01:31:27,067 --> 01:31:29,778 of very vigorous national debates 1796 01:31:30,278 --> 01:31:33,823 about how we want to go use nuclear weapons. 1797 01:31:37,202 --> 01:31:39,496 And not only did that cause the congress 1798 01:31:39,496 --> 01:31:41,872 and people in the executive branch in Washington 1799 01:31:41,872 --> 01:31:43,625 to think about these things, 1800 01:31:43,625 --> 01:31:46,877 it caused the Russians to think about these things. 1801 01:31:47,837 --> 01:31:51,048 And out of that grew nuclear doctrine, 1802 01:31:51,048 --> 01:31:52,716 mutual assured destruction, 1803 01:31:52,716 --> 01:31:57,846 all of that complicated set of nuclear dynamics. 1804 01:31:58,472 --> 01:32:01,434 Today, on this vital issue at least, 1805 01:32:01,434 --> 01:32:03,478 we have seen what can be accomplished 1806 01:32:03,478 --> 01:32:05,145 when we pull together. 1807 01:32:05,145 --> 01:32:09,317 We can't have that discussion in a sensible way right now 1808 01:32:09,609 --> 01:32:11,653 about cyber war and cyber weapons 1809 01:32:11,653 --> 01:32:13,029 because everything is secret. 1810 01:32:13,988 --> 01:32:17,158 And when you get into a discussion 1811 01:32:17,158 --> 01:32:20,286 with people in the government, people still in the government, 1812 01:32:20,286 --> 01:32:21,829 people who have security clearances, 1813 01:32:22,079 --> 01:32:23,331 you run into a brick wall. 1814 01:32:23,581 --> 01:32:24,916 Trying to stop Iran 1815 01:32:24,916 --> 01:32:28,252 is really the... my number one job, and I think... 1816 01:32:28,252 --> 01:32:29,671 Host: And let me ask you, in that context, 1817 01:32:29,671 --> 01:32:31,672 about the stuxnet computer virus potentially... 1818 01:32:31,672 --> 01:32:33,257 You can ask, but I won't comment. 1819 01:32:34,341 --> 01:32:35,426 Host: Can you tell us anything? 1820 01:32:35,426 --> 01:32:36,594 No. 1821 01:32:36,594 --> 01:32:39,012 What do you think has had the most impact 1822 01:32:39,012 --> 01:32:41,181 on their nuclear decision-making, 1823 01:32:41,181 --> 01:32:42,850 the stuxnet virus? 1824 01:32:42,850 --> 01:32:45,145 I can't talk about stuxnet. 1825 01:32:45,145 --> 01:32:49,524 I can't even talk about the operation of Iran centrifuges. 1826 01:32:49,690 --> 01:32:51,943 Was the U.S. involved in any way 1827 01:32:51,943 --> 01:32:53,528 in the development of stuxnet? 1828 01:32:54,028 --> 01:32:56,698 It's hard to get into any kind of comment on that 1829 01:32:56,698 --> 01:32:58,867 till we've finished any... Our examination. 1830 01:32:59,701 --> 01:33:01,034 But, sir, I'm not asking you 1831 01:33:01,034 --> 01:33:02,996 if you think another country was involved. 1832 01:33:02,996 --> 01:33:04,997 I'm asking you if the U.S. was involved. 1833 01:33:04,997 --> 01:33:07,375 And we're... This is not something 1834 01:33:07,375 --> 01:33:09,252 that we're gonna be able to answer at this point. 1835 01:33:09,668 --> 01:33:12,005 Look, for the longest time, I was in fear that 1836 01:33:12,005 --> 01:33:13,506 I couldn't actually say the phrase 1837 01:33:13,506 --> 01:33:15,175 "computer network attack." 1838 01:33:15,175 --> 01:33:18,051 This stuff is hideously overclassified, 1839 01:33:18,051 --> 01:33:20,180 and it gets into the way of a... 1840 01:33:20,180 --> 01:33:22,974 Of a mature public discussion 1841 01:33:22,974 --> 01:33:25,518 as to what it is we as a democracy 1842 01:33:25,518 --> 01:33:29,689 want our nation to be doing up here in the cyber domain. 1843 01:33:29,689 --> 01:33:32,524 Now, this is a former director of NSA and CIA 1844 01:33:32,524 --> 01:33:34,485 saying this stuff is overclassified. 1845 01:33:34,735 --> 01:33:38,238 One of the reasons this is highly classified as it is 1846 01:33:38,238 --> 01:33:39,823 this is a peculiar weapons system. 1847 01:33:39,823 --> 01:33:41,826 This is a weapons system that's come out of 1848 01:33:41,826 --> 01:33:43,161 the espionage community, 1849 01:33:43,161 --> 01:33:46,456 and... and so those people have a habit of secrecy. 1850 01:33:46,456 --> 01:33:48,750 Secrecy is still justifiable in certain cases 1851 01:33:48,750 --> 01:33:51,920 to protect sources or to protect national security 1852 01:33:51,920 --> 01:33:55,088 but when we deal with secrecy, don't hide behind it 1853 01:33:55,088 --> 01:33:59,051 to use as an excuse to not disclose something properly 1854 01:33:59,051 --> 01:34:01,095 that you know should be 1855 01:34:01,095 --> 01:34:02,346 or that the American people 1856 01:34:02,346 --> 01:34:03,597 need ultimately to see. 1857 01:34:06,266 --> 01:34:08,353 Gibney: While most government officials refused 1858 01:34:08,353 --> 01:34:09,813 to acknowledge the operation, 1859 01:34:10,395 --> 01:34:13,190 at least one key insider did leak parts of the story 1860 01:34:13,190 --> 01:34:14,317 to the press. 1861 01:34:14,317 --> 01:34:18,195 In 2012, David sanger wrote a detailed account 1862 01:34:18,195 --> 01:34:21,533 of olympic games that unmasked the extensive joint operation 1863 01:34:21,533 --> 01:34:23,451 between the U.S. and Israel 1864 01:34:23,451 --> 01:34:25,703 to launch cyber attacks on natanz. 1865 01:34:26,578 --> 01:34:28,456 Sanger: The publication of this story 1866 01:34:28,456 --> 01:34:30,457 coming at a time that turned out that there were 1867 01:34:30,457 --> 01:34:33,293 a number of other unrelated national security stories 1868 01:34:33,293 --> 01:34:35,963 being published, lead to the announcement 1869 01:34:35,963 --> 01:34:39,300 of investigations by the Attorney General. 1870 01:34:39,801 --> 01:34:42,095 Gibney: In... into the press and into the leaks? 1871 01:34:42,095 --> 01:34:43,595 Into the press and into the leaks. 1872 01:34:46,099 --> 01:34:47,266 Gibney: Soon after the article, 1873 01:34:47,266 --> 01:34:49,435 the Obama administration targeted 1874 01:34:49,435 --> 01:34:52,479 general James Cartwright in a criminal investigation 1875 01:34:52,479 --> 01:34:53,730 for allegedly leaking 1876 01:34:53,730 --> 01:34:56,067 classified details about stuxnet. 1877 01:34:57,443 --> 01:34:58,944 Journalist: There are reports of cyber attacks 1878 01:34:58,944 --> 01:35:01,738 on the iranian nuclear program that you ordered. 1879 01:35:01,738 --> 01:35:03,240 What's your reaction to this information getting out? 1880 01:35:03,240 --> 01:35:04,868 Well, first of all, I'm not gonna comment on the... 1881 01:35:04,868 --> 01:35:08,203 The details of... what are... 1882 01:35:10,582 --> 01:35:14,877 Supposed to be classified items. 1883 01:35:15,670 --> 01:35:18,046 Since I've been in office, my attitude has been 1884 01:35:18,297 --> 01:35:21,551 zero tolerance for these kinds of leaks. 1885 01:35:22,176 --> 01:35:23,845 We have mechanisms in place 1886 01:35:24,136 --> 01:35:27,681 where, if we can root out folks who have leaked, 1887 01:35:28,474 --> 01:35:29,893 they will suffer consequences. 1888 01:35:30,268 --> 01:35:32,686 It became a significant issue 1889 01:35:32,686 --> 01:35:34,939 and a very wide-ranging investigation 1890 01:35:34,939 --> 01:35:37,358 in which I think most of the people who were cleared 1891 01:35:37,358 --> 01:35:38,943 for olympic games at some point 1892 01:35:38,943 --> 01:35:40,819 had been, you know, interviewed and so forth. 1893 01:35:40,819 --> 01:35:42,529 When stuxnet hit the media, 1894 01:35:42,529 --> 01:35:44,698 they polygraphed everyone in our office, 1895 01:35:44,698 --> 01:35:46,326 including people who didn't know shit. 1896 01:35:46,326 --> 01:35:48,453 You know, they polyed the interns, for god's sake. 1897 01:35:48,994 --> 01:35:50,371 These are criminal acts 1898 01:35:50,371 --> 01:35:52,039 when they release information like this, 1899 01:35:52,539 --> 01:35:56,377 and we will conduct thorough investigations 1900 01:35:57,002 --> 01:35:58,755 as we have in the past. 1901 01:36:00,797 --> 01:36:03,051 Gibney: The administration never filed charges, 1902 01:36:03,384 --> 01:36:05,177 possibly afraid that a prosecution 1903 01:36:05,177 --> 01:36:08,055 would reveal classified details about stuxnet. 1904 01:36:08,972 --> 01:36:12,393 To this day, no one in the U.S. or Israeli governments 1905 01:36:12,393 --> 01:36:14,479 has officially acknowledged the existence 1906 01:36:14,479 --> 01:36:15,939 of the joint operation. 1907 01:36:17,899 --> 01:36:19,399 I would never compromise 1908 01:36:19,399 --> 01:36:21,152 ongoing operations in the field, 1909 01:36:21,152 --> 01:36:25,238 but we should be able to talk about capability. 1910 01:36:26,573 --> 01:36:28,076 We can talk about our... 1911 01:36:29,243 --> 01:36:31,996 Bunker busters, why not our cyber weapons? 1912 01:36:32,372 --> 01:36:33,456 I mean, the secrecy 1913 01:36:33,456 --> 01:36:35,123 of the operation has been blown. 1914 01:36:36,667 --> 01:36:38,711 Our friends in Israel took a weapon 1915 01:36:38,711 --> 01:36:40,171 that we jointly developed, 1916 01:36:40,171 --> 01:36:42,297 in part to keep Israel from doing something crazy, 1917 01:36:42,756 --> 01:36:44,550 and then used it on their own in a way 1918 01:36:44,550 --> 01:36:45,926 that blew the cover of the operation 1919 01:36:45,926 --> 01:36:47,095 and could have led to war. 1920 01:36:47,095 --> 01:36:48,512 And we can't talk about that? 1921 01:36:53,059 --> 01:36:54,935 Mowatt-larssen: There's a way to talk about stuxnet. 1922 01:36:55,520 --> 01:36:56,895 Ithappened. 1923 01:36:56,895 --> 01:36:59,774 That... to deny that it happened is... is foolish. 1924 01:36:59,774 --> 01:37:01,693 So the fact it happened 1925 01:37:01,693 --> 01:37:03,194 is really what we're talking about here. 1926 01:37:03,194 --> 01:37:05,029 What does... What are the implications 1927 01:37:05,029 --> 01:37:07,864 of the fact that we now are in a post-stuxnet world? 1928 01:37:08,365 --> 01:37:10,827 What I said to David sanger was, 1929 01:37:10,827 --> 01:37:13,496 "I understand the difference in destruction is dramatic, 1930 01:37:13,746 --> 01:37:16,207 but this has the whiff of August 1945." 1931 01:37:17,041 --> 01:37:18,626 Somebody just used a new weapon, 1932 01:37:18,960 --> 01:37:21,712 and this weapon will not be put back into the box. 1933 01:37:22,130 --> 01:37:24,798 I... I know no operational details 1934 01:37:24,798 --> 01:37:27,760 and don't know what anyone did or didn't do 1935 01:37:27,760 --> 01:37:30,387 before someone decided to use the weapon, all right. 1936 01:37:30,721 --> 01:37:31,972 I do know this. 1937 01:37:31,972 --> 01:37:33,850 If we go out and do something, 1938 01:37:34,641 --> 01:37:36,728 most of the rest of the world now thinks 1939 01:37:36,935 --> 01:37:37,936 that's the new standard 1940 01:37:38,479 --> 01:37:41,356 and it's something that they now feel legitimated to do as well. 1941 01:37:42,774 --> 01:37:44,234 But the rules of engagement, 1942 01:37:44,234 --> 01:37:46,820 international norms, treaty standards, 1943 01:37:46,820 --> 01:37:48,655 they don't exist right now. 1944 01:37:52,493 --> 01:37:55,662 Brown: The law of war, because it began to develop so long ago 1945 01:37:55,662 --> 01:37:59,207 is really dependent on thinking of things kinetically 1946 01:37:59,583 --> 01:38:01,085 and the physical realm. 1947 01:38:01,377 --> 01:38:04,756 So for example, we think in terms of attacks. 1948 01:38:05,672 --> 01:38:07,925 You know an attack when it happens in the kinetic world. 1949 01:38:07,925 --> 01:38:09,676 It's not really much of a mystery. 1950 01:38:09,676 --> 01:38:12,596 But in cyberspace it is sort of confusing to think, 1951 01:38:13,180 --> 01:38:14,640 how far do we have to go 1952 01:38:14,640 --> 01:38:16,850 before something is considered an attack? 1953 01:38:16,975 --> 01:38:20,771 So we have to take all the vocabulary 1954 01:38:21,271 --> 01:38:24,108 and the terms that we use in strategy 1955 01:38:24,108 --> 01:38:25,734 and military operations 1956 01:38:25,984 --> 01:38:29,029 and adapt them into the cyber realm. 1957 01:38:30,363 --> 01:38:31,823 Sanger: For nuclear we have these 1958 01:38:31,823 --> 01:38:33,743 extensive inspection regimes. 1959 01:38:34,034 --> 01:38:36,119 The Russians come and look at our silos. 1960 01:38:36,453 --> 01:38:38,038 We go and look at their silos. 1961 01:38:38,538 --> 01:38:40,541 Bad as things get between the two countries, 1962 01:38:40,707 --> 01:38:42,627 those inspection regimes have held up. 1963 01:38:42,627 --> 01:38:45,546 But working that our for... For cyber 1964 01:38:45,546 --> 01:38:47,090 would be virtually impossible. 1965 01:38:47,381 --> 01:38:48,757 Where do you send your inspector? 1966 01:38:49,132 --> 01:38:51,176 Inside the laptop of, you know... 1967 01:38:51,551 --> 01:38:53,805 How many laptops are there in the United States and Russia? 1968 01:38:54,180 --> 01:38:56,390 It's much more difficult in the cyber area 1969 01:38:56,390 --> 01:38:58,725 to construct an international regime 1970 01:38:58,725 --> 01:39:01,729 based on treaty commitments and rules of the road 1971 01:39:01,729 --> 01:39:02,896 and so forth. 1972 01:39:02,896 --> 01:39:06,234 Although, we've tried to have discussions with the Chinese 1973 01:39:06,234 --> 01:39:08,277 and Russians and so forth about that, 1974 01:39:08,277 --> 01:39:09,612 but it's very difficult. 1975 01:39:10,695 --> 01:39:14,242 Brown: Right now, the norm in cyberspace is 1976 01:39:14,242 --> 01:39:15,576 do whatever you can get away with. 1977 01:39:16,577 --> 01:39:18,954 That's not a good norm, but it's the norm that we have. 1978 01:39:19,538 --> 01:39:21,582 That's the norm that's preferred by states 1979 01:39:21,582 --> 01:39:24,252 that are engaging in lots of different kinds of activities 1980 01:39:24,252 --> 01:39:26,295 that they feel are benefitting their national security. 1981 01:39:27,505 --> 01:39:30,091 Yadlin: Those who excel in cyber 1982 01:39:30,091 --> 01:39:32,926 are trying to slow down the process 1983 01:39:32,926 --> 01:39:34,595 of creating regulation. 1984 01:39:35,054 --> 01:39:38,890 Those who are victims we like the regulation 1985 01:39:38,890 --> 01:39:42,603 to be in the open as... As soon as possible. 1986 01:39:44,771 --> 01:39:47,608 Brown: International law in this area is written by custom, 1987 01:39:47,608 --> 01:39:50,735 and customary law requires a nation to say, 1988 01:39:50,735 --> 01:39:52,488 this is what we did and this is why we did it. 1989 01:39:53,280 --> 01:39:56,199 And the U.S. doesn't want to push the law in that direction 1990 01:39:56,199 --> 01:39:58,618 and so it chooses not to disclose its involvement. 1991 01:39:59,203 --> 01:40:01,413 And one of the reasons that I thought it was important 1992 01:40:01,413 --> 01:40:04,292 to tell the story of olympic games 1993 01:40:04,292 --> 01:40:07,086 was not simply because it's a cool spy story, 1994 01:40:07,086 --> 01:40:10,297 it is, but it's because as a nation... 1995 01:40:11,506 --> 01:40:15,051 We need to have a debate about how we want to use cyber weapons 1996 01:40:15,302 --> 01:40:18,805 because we are the most vulnerable nation on earth 1997 01:40:18,972 --> 01:40:20,765 to cyber-attack ourselves. 1998 01:40:24,770 --> 01:40:27,273 Mcgurk: If you get up in the morning and turn off your alarm 1999 01:40:27,273 --> 01:40:31,652 and make coffee and pump gas and use the atm, 2000 01:40:32,153 --> 01:40:33,988 you've touched industrial control systems. 2001 01:40:33,988 --> 01:40:35,655 It's what powers our lives. 2002 01:40:35,989 --> 01:40:38,618 And unfortunately, these systems are connected 2003 01:40:38,618 --> 01:40:42,287 and interconnected in some ways that make them vulnerable. 2004 01:40:42,287 --> 01:40:44,998 Critical infrastructure systems generally were built 2005 01:40:44,998 --> 01:40:47,667 years and years and years ago without security in mind 2006 01:40:47,667 --> 01:40:49,753 and they didn't realize how things were gonna change, 2007 01:40:49,753 --> 01:40:52,006 maybe they weren't even meant to be connected to the Internet. 2008 01:40:52,006 --> 01:40:55,091 And we've seen, through a lot of experimentation 2009 01:40:55,091 --> 01:40:57,720 and through also, unfortunately, a lot of attacks 2010 01:40:58,011 --> 01:41:00,347 that most of these systems are relatively easy 2011 01:41:00,347 --> 01:41:03,016 for a sophisticated hacker to get into. 2012 01:41:05,019 --> 01:41:06,811 Let's say you took over the control system 2013 01:41:06,811 --> 01:41:09,523 of a railway. You could switch tracks. 2014 01:41:10,024 --> 01:41:12,318 You could cause derailments of trains 2015 01:41:12,318 --> 01:41:14,110 carrying explosive materials. 2016 01:41:15,320 --> 01:41:18,532 What if you were in the control system of gas pipelines 2017 01:41:18,865 --> 01:41:21,452 and when a valve was supposed to be open, 2018 01:41:21,452 --> 01:41:24,121 it was closed and the pressure built up 2019 01:41:24,329 --> 01:41:25,872 and the pipeline exploded? 2020 01:41:26,832 --> 01:41:30,752 There are companies that run electric power generation 2021 01:41:31,170 --> 01:41:33,046 or electric power distribution 2022 01:41:33,338 --> 01:41:35,382 that we know have been hacked 2023 01:41:35,716 --> 01:41:38,176 by foreign entities that have the ability 2024 01:41:38,176 --> 01:41:39,804 to shut down the power grid. 2025 01:41:40,345 --> 01:41:42,472 Sanger: Imagine for a moment 2026 01:41:42,472 --> 01:41:45,225 that not only all the power went off on the east coast, 2027 01:41:45,559 --> 01:41:47,560 but the entire Internet came down. 2028 01:41:48,229 --> 01:41:50,773 Imagine what the economic impact of that is 2029 01:41:51,231 --> 01:41:53,400 even if it only lasted for 24 hours. 2030 01:41:55,735 --> 01:41:57,445 Newsreader: According to the officials, 2031 01:41:57,445 --> 01:42:00,658 Iran is the first country ever in the middle east 2032 01:42:00,658 --> 01:42:03,159 to actually be engaged in a cyber war 2033 01:42:03,159 --> 01:42:05,371 with the United States and Israel. 2034 01:42:05,371 --> 01:42:08,748 If anything they said the recent cyber attacks 2035 01:42:08,748 --> 01:42:10,917 were what encouraged them to plan to set up 2036 01:42:10,917 --> 01:42:14,255 the cyber army, which will gather computer scientists, 2037 01:42:14,255 --> 01:42:17,091 programmers, software engineers... 2038 01:42:17,091 --> 01:42:20,011 Kiyaei: If you are a youth and you see assassination 2039 01:42:20,011 --> 01:42:21,636 of a nuclear scientist, 2040 01:42:22,054 --> 01:42:24,515 your nuclear facilities are getting attacked, 2041 01:42:25,224 --> 01:42:28,519 wouldn't you join your national cyber army? 2042 01:42:29,228 --> 01:42:30,520 Well, many did. 2043 01:42:30,770 --> 01:42:33,940 And that's why today, Iran has one of the largest... 2044 01:42:35,109 --> 01:42:37,528 Cyber armies in the world. 2045 01:42:38,029 --> 01:42:40,448 So whoever initiated this 2046 01:42:40,448 --> 01:42:42,949 and was very proud of themselves to see that little dip 2047 01:42:43,451 --> 01:42:47,662 in Iran's centrifuge numbers, should look back now 2048 01:42:48,122 --> 01:42:51,708 and acknowledge that it was a major mistake. 2049 01:42:52,292 --> 01:42:55,546 Very quickly, Iran sent a message 2050 01:42:55,546 --> 01:42:59,257 to the United States, very sophisticated message, 2051 01:42:59,257 --> 01:43:02,052 and they did that with two attacks. 2052 01:43:02,720 --> 01:43:05,514 First, they attacked Saudi aramco, 2053 01:43:05,805 --> 01:43:07,766 the biggest oil company in the world, 2054 01:43:08,141 --> 01:43:10,810 and wiped out every piece of software, 2055 01:43:10,810 --> 01:43:15,231 every line of code, on 30,000 computer devices. 2056 01:43:16,609 --> 01:43:22,155 Then Iran did a surge attack on the American banks. 2057 01:43:22,155 --> 01:43:25,117 The most extensive attack on American banks ever 2058 01:43:25,117 --> 01:43:27,953 launched from the middle east, happening right now. 2059 01:43:27,953 --> 01:43:28,953 Newsreader: Millions of customers 2060 01:43:29,497 --> 01:43:32,832 trying to bank online this week blocked, among the targets, 2061 01:43:33,083 --> 01:43:35,920 bank of America, pnc, and Wells Fargo. 2062 01:43:36,170 --> 01:43:39,590 The U.S. suspects hackers in Iran may be involved. 2063 01:43:41,509 --> 01:43:43,511 NSA source: When Iran hit our banks, 2064 01:43:43,511 --> 01:43:45,930 we could have shut down their botnet, 2065 01:43:45,930 --> 01:43:48,099 but the state department got nervous, 2066 01:43:48,306 --> 01:43:50,975 because the servers weren't actually in Iran. 2067 01:43:51,685 --> 01:43:54,020 So until there was a diplomatic solution, 2068 01:43:54,438 --> 01:43:57,065 Obama let the private sector deal with the problem. 2069 01:43:57,690 --> 01:44:00,610 I imagine that in the white house situation room 2070 01:44:00,944 --> 01:44:03,029 people sat around and said... 2071 01:44:03,655 --> 01:44:06,699 Let me be clear, I don't imagine, I know. 2072 01:44:07,033 --> 01:44:09,619 People sat around in the white house situation room 2073 01:44:09,619 --> 01:44:12,664 and said, "the iranians have sent us a message 2074 01:44:12,664 --> 01:44:16,877 which is essentially, 'stop attacking us in cyberspace 2075 01:44:16,877 --> 01:44:19,421 the way you did at natanz with stuxnet. 2076 01:44:19,880 --> 01:44:21,215 We can do it, too."' 2077 01:44:23,134 --> 01:44:25,719 Melman: There are unintended consequences 2078 01:44:25,719 --> 01:44:27,762 of the stuxnet attack. 2079 01:44:28,221 --> 01:44:31,975 You wanted to cause confusion and damage to the other side, 2080 01:44:31,975 --> 01:44:34,728 but then the other side can do the same to you. 2081 01:44:35,520 --> 01:44:38,399 The monster turned against its creators, 2082 01:44:38,399 --> 01:44:40,818 and now everyone is in this game. 2083 01:44:41,734 --> 01:44:44,195 They did a good job in showing the world, 2084 01:44:44,195 --> 01:44:47,615 including the bad guys, what you would need to do 2085 01:44:47,615 --> 01:44:49,743 in order to cause serious trouble 2086 01:44:49,993 --> 01:44:52,496 that could lead to injuries and death. 2087 01:44:52,746 --> 01:44:55,582 It's inevitable that more countries will acquire 2088 01:44:55,582 --> 01:44:57,877 the capacity to use cyber, 2089 01:44:57,877 --> 01:45:01,337 both for espionage and for destructive activities. 2090 01:45:02,088 --> 01:45:04,466 And we've seen this in some of the recent conflicts 2091 01:45:04,466 --> 01:45:05,926 that Russia's been involved in. 2092 01:45:06,092 --> 01:45:08,761 If there's a war, then somebody will try to knock out 2093 01:45:08,761 --> 01:45:11,181 our communication system or the radar. 2094 01:45:11,181 --> 01:45:13,725 Mcgurk: State-sponsored cyber sleeper cells, 2095 01:45:14,185 --> 01:45:16,020 they're out there everywhere today. 2096 01:45:16,270 --> 01:45:18,605 It could be for communications purposes. 2097 01:45:18,605 --> 01:45:20,774 It could be for data exfiltration. 2098 01:45:21,065 --> 01:45:24,653 It could be to, you know, Shepherd in the next stuxnet. 2099 01:45:25,069 --> 01:45:26,947 I mean, you've been focusing on stuxnet, 2100 01:45:26,947 --> 01:45:28,448 but that was just a small part 2101 01:45:28,448 --> 01:45:30,618 of a much larger iranian mission. 2102 01:45:31,368 --> 01:45:32,994 Gibney: There was a larger iranian mission? 2103 01:45:36,122 --> 01:45:39,376 Nitro Zeus. Nz. 2104 01:45:40,752 --> 01:45:44,965 We spent hundreds of millions, maybe billions on it. 2105 01:45:47,551 --> 01:45:51,137 In the event the Israelis did attack Iran, 2106 01:45:51,137 --> 01:45:53,765 we assumed we would be drawn into the conflict. 2107 01:45:55,141 --> 01:45:58,645 We built in attacks on Iran's command-and-control system 2108 01:45:58,645 --> 01:46:00,980 so the iranians couldn't talk to each other in a fight. 2109 01:46:01,481 --> 01:46:05,027 We infiltrated their iads(lntegrated Air Defense System), military air defense systems, 2110 01:46:05,319 --> 01:46:07,363 so they couldn't shoot down our planes if we flew over. 2111 01:46:08,154 --> 01:46:11,242 We also went after their civilian support systems, 2112 01:46:11,242 --> 01:46:13,786 power grids, transportation, 2113 01:46:14,161 --> 01:46:16,956 communications, financial systems. 2114 01:46:17,581 --> 01:46:20,876 We were inside waiting, watching, 2115 01:46:21,126 --> 01:46:24,171 ready to disrupt, degrade, and destroy those systems 2116 01:46:24,171 --> 01:46:25,506 with cyber-attacks. 2117 01:46:29,134 --> 01:46:30,594 And in comparison, 2118 01:46:30,844 --> 01:46:33,055 stuxnet was a back alley operation. 2119 01:46:34,180 --> 01:46:37,725 Nz was the plan for a full-scale cyber war 2120 01:46:37,725 --> 01:46:39,561 with no attribution. 2121 01:46:40,354 --> 01:46:41,854 The question is, is that the kind of world 2122 01:46:41,854 --> 01:46:42,855 we want to live in? 2123 01:46:43,356 --> 01:46:47,152 And if we don't, as citizens, how do we go about a process 2124 01:46:47,152 --> 01:46:49,154 where we have a more sane discussion? 2125 01:46:49,154 --> 01:46:51,532 We need an entirely new way of thinking about 2126 01:46:51,532 --> 01:46:53,117 how we're gonna solve this problem. 2127 01:46:54,033 --> 01:46:56,203 You're not going to get an entirely new way 2128 01:46:56,203 --> 01:46:57,579 of solving this problem 2129 01:46:57,871 --> 01:47:00,666 until you begin to have an open acknowledgement 2130 01:47:01,166 --> 01:47:03,543 that we have cyber weapons as well, 2131 01:47:04,377 --> 01:47:07,422 and that we may have to agree to some limits on their use 2132 01:47:07,965 --> 01:47:10,301 if we're going to get other nations to limit their use. 2133 01:47:10,301 --> 01:47:11,885 It's not gonna be a one-way street. 2134 01:47:12,051 --> 01:47:14,721 I'm old enough to have worked on nuclear arms control 2135 01:47:15,055 --> 01:47:17,557 and biological weapons arms control 2136 01:47:17,557 --> 01:47:19,726 and chemical weapons arms control. 2137 01:47:20,894 --> 01:47:25,399 And I was told in each of those types of arms control, 2138 01:47:25,399 --> 01:47:26,734 when we were beginning, 2139 01:47:27,025 --> 01:47:29,987 "it's too hard. There are all these problems. 2140 01:47:30,237 --> 01:47:32,363 It's technical. There's engineering. 2141 01:47:32,363 --> 01:47:34,033 There's science involved. 2142 01:47:34,033 --> 01:47:36,368 There are real verification difficulties. 2143 01:47:36,368 --> 01:47:37,911 You'll never get there." 2144 01:47:38,328 --> 01:47:40,706 Well, it took 20, 30 years in some cases, 2145 01:47:41,164 --> 01:47:42,916 but we have a biological weapons treaty 2146 01:47:42,916 --> 01:47:44,335 that's pretty damn good. 2147 01:47:44,335 --> 01:47:45,836 We have a chemical weapons treaty 2148 01:47:45,836 --> 01:47:47,253 that's pretty damn good. 2149 01:47:47,421 --> 01:47:49,756 We've got three or four nuclear weapons treaties. 2150 01:47:50,048 --> 01:47:51,634 Yes, it may be hard, 2151 01:47:51,925 --> 01:47:54,011 and it may take 2O or 3O years, 2152 01:47:54,386 --> 01:47:56,971 but it'll never happen unless you get serious about it, 2153 01:47:57,430 --> 01:47:59,432 and it'll never happen unless you start it. 2154 01:48:05,229 --> 01:48:08,192 Today, after two years of negotiations, 2155 01:48:08,609 --> 01:48:11,944 the United States, together with our international partners, 2156 01:48:12,404 --> 01:48:15,783 has achieved something that decades of animosity has not, 2157 01:48:16,449 --> 01:48:18,327 a comprehensive, long-term deal 2158 01:48:18,786 --> 01:48:22,456 with Iran that will prevent it from obtaining a nuclear weapon. 2159 01:48:22,622 --> 01:48:25,125 It was reached in lausanne, Switzerland, 2160 01:48:25,125 --> 01:48:27,627 by Iran, the U.S., britain, France, 2161 01:48:27,627 --> 01:48:29,546 Germany, Russia, and China. 2162 01:48:29,546 --> 01:48:32,632 It is a deal in which Iran will cut 2163 01:48:32,632 --> 01:48:36,845 its installed centrifuges by more than two thirds. 2164 01:48:37,054 --> 01:48:40,265 Iran will not enrich uranium with its advanced centrifuges 2165 01:48:40,265 --> 01:48:42,309 for at least the next ten years. 2166 01:48:42,309 --> 01:48:44,936 It will make our country, our allies, 2167 01:48:44,936 --> 01:48:46,563 and our world safer. 2168 01:48:47,480 --> 01:48:51,484 Netanyahu: Seventy years after the murder of 6 million Jews 2169 01:48:51,484 --> 01:48:56,532 Iran's rulers promised to destroy my country, 2170 01:48:56,823 --> 01:49:00,577 and the response from nearly every one of the governments 2171 01:49:00,577 --> 01:49:04,664 represented here has been utter silence. 2172 01:49:05,289 --> 01:49:07,083 Deafening silence. 2173 01:49:14,800 --> 01:49:16,844 Perhaps you can now understand 2174 01:49:17,594 --> 01:49:21,097 why Israel is not joining you in celebrating this deal. 2175 01:49:22,265 --> 01:49:24,685 History shows that America must lead, 2176 01:49:24,685 --> 01:49:27,604 not just with our might, but with our principles. 2177 01:49:28,521 --> 01:49:31,692 It shows were are stronger, not when we are alone, 2178 01:49:31,692 --> 01:49:33,860 but when we bring the world together. 2179 01:49:35,028 --> 01:49:37,322 Today's announcement marks one more chapter 2180 01:49:37,322 --> 01:49:41,577 in this pursuit of a safer and more helpful, 2181 01:49:41,952 --> 01:49:45,288 more hopeful world. Thank you. 2182 01:49:45,831 --> 01:49:49,042 God bless you, and god bless the United States of America. 2183 01:49:53,463 --> 01:49:55,215 NSA source: Everyone I know is basically 2184 01:49:55,215 --> 01:49:56,759 thrilled with the Iran deal. 2185 01:49:57,341 --> 01:49:59,219 Sanctions and diplomacy worked. 2186 01:49:59,552 --> 01:50:01,846 But behind that deal was a lot of confidence 2187 01:50:01,846 --> 01:50:03,431 in our cyber capability. 2188 01:50:04,515 --> 01:50:07,394 We were everywhere inside Iran. Still are. 2189 01:50:08,228 --> 01:50:10,480 I'm not gonna tell you the operational details 2190 01:50:10,480 --> 01:50:13,108 of what we can do going forward or where... 2191 01:50:14,650 --> 01:50:18,738 But the science fiction cyber war scenario is here. 2192 01:50:18,738 --> 01:50:20,239 That's nitro Zeus. 2193 01:50:21,658 --> 01:50:24,328 But my concern and the reason I'm talking... 2194 01:50:25,828 --> 01:50:28,748 ls because when you shut down a country's power grid... 2195 01:50:30,082 --> 01:50:33,045 It doesn't just pop back up, you know? 2196 01:50:33,045 --> 01:50:34,837 It's more like humpty-dumpty... 2197 01:50:36,215 --> 01:50:40,092 And if all the king's men can't turn the lights back on 2198 01:50:40,092 --> 01:50:41,970 or filter the water for weeks, 2199 01:50:42,179 --> 01:50:44,055 then lots of people die. 2200 01:50:46,350 --> 01:50:48,268 And something we can do to others, 2201 01:50:48,601 --> 01:50:50,103 they can do to us too. 2202 01:50:51,521 --> 01:50:54,190 Is that something that we should keep quiet? 2203 01:50:55,359 --> 01:50:57,027 Or should we talk about it? 2204 01:50:57,944 --> 01:50:59,863 Gibney: I've gone to many people in this film, 2205 01:50:59,863 --> 01:51:01,657 even friends of mine, who won't talk to me 2206 01:51:01,657 --> 01:51:03,783 about the NSA or stuxnet even off the record 2207 01:51:03,783 --> 01:51:05,077 for fear of going to jail. 2208 01:51:05,452 --> 01:51:07,246 Is that fear protecting us? 2209 01:51:08,454 --> 01:51:11,041 No, but it protects me. 2210 01:51:11,792 --> 01:51:13,210 Or should I say we? 2211 01:51:14,545 --> 01:51:16,296 I'm an actor playing a role 2212 01:51:16,296 --> 01:51:18,422 written from the testimony of a small number of people 2213 01:51:18,422 --> 01:51:19,966 from NSA and CIA, 2214 01:51:20,300 --> 01:51:22,636 all of whom are angry about the secrecy 2215 01:51:22,636 --> 01:51:24,387 but too scared to come forward. 2216 01:51:24,720 --> 01:51:26,139 Now, we're forward. 2217 01:51:27,431 --> 01:51:30,226 Well, forward-leaning. 176098

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.