Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,702 --> 00:00:03,402
BEN: A secret facility in Iran renews fears
2
00:00:03,437 --> 00:00:05,003
of a nuclear threat.
3
00:00:05,039 --> 00:00:08,373
The nations of the world must
not permit the Iranian regime
4
00:00:08,409 --> 00:00:10,075
to gain nuclear weapons.
5
00:00:10,110 --> 00:00:12,511
A computer virus that has never been seen before.
6
00:00:12,546 --> 00:00:14,213
This isn't two kids
in a basement in Kansas
7
00:00:14,248 --> 00:00:15,514
throwing some code together.
8
00:00:15,549 --> 00:00:18,317
The virus sabotages that secret facility.
9
00:00:18,352 --> 00:00:21,486
It used very advanced
capabilities to cover itself
10
00:00:21,522 --> 00:00:23,255
or obfuscate itself.
11
00:00:23,290 --> 00:00:25,524
Who built it and why is a mystery.
12
00:00:25,559 --> 00:00:27,259
This was an act of war.
13
00:00:27,294 --> 00:00:29,461
It was an act of war
without there being a war.
14
00:00:29,496 --> 00:00:32,497
Stuxnet is the world's first known cyberweapon.
15
00:00:34,602 --> 00:00:44,610
♪
16
00:00:53,954 --> 00:00:56,355
There are conflicts being waged all around us,
17
00:00:56,390 --> 00:00:58,190
ones we can't see.
18
00:00:58,225 --> 00:01:00,892
Hackers are poised to dominate the 21st century,
19
00:01:00,928 --> 00:01:03,595
reshaping geopolitical landscapes.
20
00:01:03,631 --> 00:01:05,697
Sometimes on behalf of terrorists, but often
21
00:01:05,733 --> 00:01:08,233
for governments, or just because they think it's right.
22
00:01:10,337 --> 00:01:12,237
As a reporter, I've been covering national security for
23
00:01:12,273 --> 00:01:15,741
VICE, and increasingly my job isto track these digital battles.
24
00:01:17,077 --> 00:01:18,877
There's one computer virus that really showed how far
25
00:01:18,912 --> 00:01:20,712
everything had come.
26
00:01:20,748 --> 00:01:23,382
In the early 2000s, the US began to fear that Iran,
27
00:01:23,417 --> 00:01:26,985
its sworn enemy since 1979, was secretly developing
28
00:01:27,021 --> 00:01:29,087
its own nuclear weapons.
29
00:01:29,123 --> 00:01:31,089
The UN responded with sanctions.
30
00:01:31,125 --> 00:01:33,158
The US and Israel threatened war.
31
00:01:33,193 --> 00:01:36,128
And then a mysterious computer virus dubbed Stuxnet
32
00:01:36,163 --> 00:01:38,563
appeared in June 2010.
33
00:01:41,468 --> 00:01:44,670
We're headed to Symantec -
yes, the same company that's
34
00:01:44,705 --> 00:01:48,407
protecting your desktop from
malware - to talk to an engineer
35
00:01:48,442 --> 00:01:51,710
and expert who forensically took
apart Stuxnet and figured out
36
00:01:51,745 --> 00:01:54,846
that it wasn't just some
run-of-the-mill Trojan virus.
37
00:01:58,886 --> 00:02:01,920
I got in touch with Symantecsecurity researcher Eric Chien.
38
00:02:01,955 --> 00:02:04,122
He did some of the most in-depth analysis of the virus
39
00:02:04,158 --> 00:02:05,757
when it first appeared.
40
00:02:05,793 --> 00:02:08,527
The average threat that we look
at can take us 5 to 20 minutes
41
00:02:08,562 --> 00:02:11,663
to look at, and we know
exactly what it does.
42
00:02:11,699 --> 00:02:16,335
And Stuxnet took us months,
more than 3 months to look at.
43
00:02:16,370 --> 00:02:19,938
So just-- can give you
a sense of how difficult,
44
00:02:19,973 --> 00:02:23,342
how large and how
complicated the threat was.
45
00:02:23,377 --> 00:02:26,111
So why don't you tell me
how you discovered Stuxnet.
46
00:02:26,146 --> 00:02:29,047
So basically what happened was
another security company
47
00:02:29,083 --> 00:02:32,517
that was based in Belarus
found this binary,
48
00:02:32,553 --> 00:02:34,519
and it had something in it
that was called a zero-day.
49
00:02:34,555 --> 00:02:36,121
Why don't you tell me
what a zero-day is.
50
00:02:36,156 --> 00:02:39,358
A zero-day basically is
when you have what's called
51
00:02:39,393 --> 00:02:41,960
a vulnerability, or you have a
hole sort of in your computer,
52
00:02:41,995 --> 00:02:44,496
a bug of some sort
that allows someone to
53
00:02:44,531 --> 00:02:46,965
execute code on your machine
without you knowing it.
54
00:02:47,000 --> 00:02:49,468
Your computer just has to
be on and maybe even connected
55
00:02:49,503 --> 00:02:51,069
to the internet, and that's it.
56
00:02:51,105 --> 00:02:53,138
You don't have to be logged in,
you don't have to be browsing
57
00:02:53,173 --> 00:02:55,073
the web, you don't have to
double click on any files,
58
00:02:55,109 --> 00:02:57,242
and so that means you have
no way to protect yourself.
59
00:02:57,277 --> 00:02:58,744
What about it had
you never seen before?
60
00:02:58,779 --> 00:03:00,178
An average threat doesn't have
61
00:03:00,214 --> 00:03:01,713
any sort of exploit
inside of it.
62
00:03:01,749 --> 00:03:04,149
This thing had four
zero-days inside of it.
63
00:03:04,184 --> 00:03:05,884
What sets a zero-day apart
64
00:03:05,919 --> 00:03:08,653
is that it's a security flaw that there's no fix for.
65
00:03:08,689 --> 00:03:10,922
Zero-days are incredibly rare, and for that reason,
66
00:03:10,958 --> 00:03:13,024
incredibly valuable.
67
00:03:13,060 --> 00:03:16,094
What was the specifics of it
that set off an alarm?
68
00:03:16,130 --> 00:03:18,163
ERIC: There was these
SCADA strings inside.
69
00:03:18,198 --> 00:03:21,833
SCADA basically is technology
that's controlling robots
70
00:03:21,869 --> 00:03:25,370
and automation, or power
plants and things like that.
71
00:03:25,406 --> 00:03:26,938
And we had never seen a threat
72
00:03:26,974 --> 00:03:29,107
that mentioned anything
to do with SCADA.
73
00:03:29,143 --> 00:03:31,443
This thing could actually be
attacking some sort of
74
00:03:31,478 --> 00:03:32,844
national critical
infrastructure.
75
00:03:32,880 --> 00:03:34,613
This isn't like two kids
in a basement in Kansas
76
00:03:34,648 --> 00:03:36,014
throwing some code together.
77
00:03:36,049 --> 00:03:37,682
This thing had a
full-on framework,
78
00:03:37,718 --> 00:03:39,684
clearly had quality
assurance behind it.
79
00:03:39,720 --> 00:03:41,420
We're talking about
something that is just
80
00:03:41,455 --> 00:03:44,022
orders of magnitude greater
than we've ever seen before.
81
00:03:45,793 --> 00:03:48,360
As their investigation deepened, Eric and his team realized
82
00:03:48,395 --> 00:03:50,695
Stuxnet was designed to target computers
83
00:03:50,731 --> 00:03:54,433
using Siemens' proprietary software called STEP 7.
84
00:03:54,468 --> 00:03:59,137
What first caught our eye
were all these strings like S7,
85
00:03:59,173 --> 00:04:02,040
and we began to sort of
google those sorts of strings.
86
00:04:02,075 --> 00:04:04,876
We saw "WinCC" and
we saw "STEP 7".
87
00:04:04,912 --> 00:04:07,412
And when we looked those up,
we determined that this
88
00:04:07,448 --> 00:04:10,782
was actually software
that would control PLCs.
89
00:04:10,818 --> 00:04:14,052
PLCs are Programmable Logic Controllers, computer systems
90
00:04:14,087 --> 00:04:17,122
used for converting digital code into physical commands
91
00:04:17,157 --> 00:04:19,991
that automate everything from factory machinery
92
00:04:20,027 --> 00:04:21,560
to heating and cooling systems.
93
00:04:24,097 --> 00:04:25,330
Eric now found himself
94
00:04:25,365 --> 00:04:27,165
in unknown territory, so he reached out to
95
00:04:27,201 --> 00:04:29,100
the international security community.
96
00:04:29,136 --> 00:04:32,103
We were sending out blogs all
throughout that summer
97
00:04:32,139 --> 00:04:35,140
telling people if you are a PLC
expert, if you're an expert
98
00:04:35,175 --> 00:04:37,742
in critical national
infrastructure, contact us.
99
00:04:37,778 --> 00:04:40,512
Because we didn't even know
what a PLC was at that time.
100
00:04:40,547 --> 00:04:42,013
Eric and his team learned that
101
00:04:42,049 --> 00:04:44,983
PLCs are extremely vulnerable to cyber attacks,
102
00:04:45,018 --> 00:04:48,153
but he still didn't know which machines were the targets.
103
00:04:48,188 --> 00:04:51,423
This sophisticated malware, or malicious code, was detected
104
00:04:51,458 --> 00:04:55,293
on industrial control systems around the world.
105
00:04:55,329 --> 00:04:56,995
Cybersecurity analysts were puzzled.
106
00:04:59,466 --> 00:05:01,700
At the same time, Homeland Security was also trying
107
00:05:01,735 --> 00:05:03,802
to understand the virus.
108
00:05:03,837 --> 00:05:05,871
Sean McGurk was the director of NCCIC,
109
00:05:05,906 --> 00:05:08,607
the cyber branch of theDepartment of Homeland Security,
110
00:05:08,642 --> 00:05:10,475
when Stuxnet was identified.
111
00:05:10,511 --> 00:05:13,612
What did your team see
when they took it apart?
112
00:05:13,647 --> 00:05:16,314
Well, the first thing we saw was
that it was very sophisticated
113
00:05:16,350 --> 00:05:17,949
in its communications
capability.
114
00:05:17,985 --> 00:05:20,719
So if you think of
Stuxnet like a kinetic device,
115
00:05:20,754 --> 00:05:24,523
like a missile, you had
the delivery vehicle,
116
00:05:24,558 --> 00:05:27,859
that which put the payload
on target if you will,
117
00:05:27,895 --> 00:05:29,494
and then the payload itself.
118
00:05:29,530 --> 00:05:31,663
And there were very unique
characteristics to both.
119
00:05:32,933 --> 00:05:36,401
Stuxnet's ability to do digital
reconnaissance without control,
120
00:05:36,436 --> 00:05:39,471
it was essentially
a digital, you know,
121
00:05:39,506 --> 00:05:41,673
fire and forget
type of approach.
122
00:05:41,708 --> 00:05:44,743
The fact that it used four
zero-day vulnerabilities
123
00:05:44,778 --> 00:05:47,646
to gain access to the
network is something that
124
00:05:47,681 --> 00:05:51,483
you had not seen in code before,
someone willing to risk
125
00:05:51,518 --> 00:05:55,053
that many zero-days
in order to get it on place.
126
00:05:55,088 --> 00:05:57,989
And then when we saw the payload
part, which was actually
127
00:05:58,025 --> 00:06:01,259
specifically targeting an
industrial control environment,
128
00:06:01,295 --> 00:06:05,931
that really for us became
a very significant event.
129
00:06:05,966 --> 00:06:09,234
Because normal malware doesn't
go after control systems,
130
00:06:09,269 --> 00:06:11,770
and this was specifically
focused on control systems.
131
00:06:13,540 --> 00:06:15,340
ERIC: It was non-stop for weeks.
132
00:06:15,375 --> 00:06:17,842
This was all we thought
about, all we worked on.
133
00:06:17,878 --> 00:06:20,612
And you can imagine,
it was a really big shift
134
00:06:20,647 --> 00:06:22,881
from what we had done before.
135
00:06:22,916 --> 00:06:25,050
The average threat we would
finish in 5 to 20 minutes.
136
00:06:25,085 --> 00:06:27,085
And here we were,
sitting on the same threat,
137
00:06:27,120 --> 00:06:29,621
day after day, hour after
hour, night after night.
138
00:06:29,656 --> 00:06:32,223
And, you know, we
weren't getting bored.
139
00:06:32,259 --> 00:06:34,893
Every single day,
every single week,
140
00:06:34,928 --> 00:06:36,761
we were discovering
new little clues,
141
00:06:36,797 --> 00:06:39,064
new little breadcrumbs
that kept us going,
142
00:06:39,099 --> 00:06:42,801
and kept us digging, and kept us
looking until basically November
143
00:06:42,836 --> 00:06:45,370
when we finally figured out
that this thing was indeed
144
00:06:45,405 --> 00:06:47,606
sabotage on Natanz.
145
00:06:49,076 --> 00:06:50,609
In what was basically an accident,
146
00:06:50,644 --> 00:06:52,310
Eric and his team found themselves embroiled
147
00:06:52,346 --> 00:06:54,879
in a real life international spy thriller.
148
00:06:54,915 --> 00:06:57,816
Complex malicious code had been written specifically
149
00:06:57,851 --> 00:07:00,552
to take out Iran's nuclear facilities,
150
00:07:00,587 --> 00:07:02,954
while its authors remained in the shadows.
151
00:07:08,795 --> 00:07:10,695
BEN: In 2002, the world discovered that Iran
152
00:07:10,731 --> 00:07:12,931
had been building a secret uranium enrichment facility
153
00:07:12,966 --> 00:07:14,666
near the town of Natanz.
154
00:07:16,703 --> 00:07:18,036
The Stuxnet computer virus
155
00:07:18,071 --> 00:07:20,005
has a direct link to this controversial plant.
156
00:07:20,040 --> 00:07:22,807
The fact that Iran
never declared the plant
157
00:07:22,843 --> 00:07:24,275
made it suspicious.
158
00:07:24,311 --> 00:07:26,811
That was a breach of
Iran's obligations.
159
00:07:26,847 --> 00:07:29,714
James Acton knows nuclear policy inside out.
160
00:07:29,750 --> 00:07:32,784
He also keeps tabs on the work of the IAEA,
161
00:07:32,819 --> 00:07:35,220
or the International Atomic Energy Agency,
162
00:07:35,255 --> 00:07:36,721
the world's nuclear watchdog.
163
00:07:36,757 --> 00:07:39,491
Can you tell me
what the climate was
164
00:07:39,526 --> 00:07:41,626
around the discovery of Natanz?
165
00:07:41,662 --> 00:07:44,396
You know, Iran's a member of
the Non-Proliferation Treaty.
166
00:07:44,431 --> 00:07:47,666
And one of the requirements of
that is that you're allowed to
167
00:07:47,701 --> 00:07:50,468
do pretty much anything you'd
like in the nuclear field
168
00:07:50,504 --> 00:07:53,471
short of building a bomb,
but you have to declare it.
169
00:07:53,507 --> 00:07:56,675
And not declaring
nuclear facilities
170
00:07:56,710 --> 00:07:59,811
is a violation of your
agreement with the IAEA.
171
00:07:59,846 --> 00:08:01,713
They found activities
that looked very much like
172
00:08:01,748 --> 00:08:03,682
what you want to do if
you build a nuclear weapon.
173
00:08:03,717 --> 00:08:06,317
And why were they so
interested in Natanz?
174
00:08:06,353 --> 00:08:08,486
Like why was it the straw
that broke the camel's back?
175
00:08:08,522 --> 00:08:12,490
Natanz was a controversial
plant because... you know,
176
00:08:12,526 --> 00:08:15,226
firstly, any enrichment
is inherently sensitive.
177
00:08:15,262 --> 00:08:16,828
It's inherently dual use.
178
00:08:16,863 --> 00:08:19,497
You can use it for
fuel production,
179
00:08:19,533 --> 00:08:21,866
or you can use it for
nuclear weapons production.
180
00:08:21,902 --> 00:08:23,902
The size of the
plant was suspicious.
181
00:08:23,937 --> 00:08:26,905
The plant's actually too small
for a civilian plant.
182
00:08:26,940 --> 00:08:30,208
Military plants don't need to
be as large as civilian plants.
183
00:08:30,243 --> 00:08:34,446
So it was scaled as though
it was right for making
184
00:08:34,481 --> 00:08:37,115
enriched uranium for weapons,
but wasn't the right size
185
00:08:37,150 --> 00:08:40,652
for enriched uranium
for nuclear reactors.
186
00:08:40,687 --> 00:08:45,390
The discovery of
the uranium program
187
00:08:45,425 --> 00:08:47,358
did cause a lot of concern.
188
00:08:47,394 --> 00:08:49,694
I mean, there were a lot of
countries who were genuinely
189
00:08:49,730 --> 00:08:52,864
and are genuinely very fearful
that Iran would get the bomb,
190
00:08:52,899 --> 00:08:55,300
and fearful of the
consequences of it doing so.
191
00:08:55,335 --> 00:08:59,537
Iran aggressively pursues these
weapons and exports terror.
192
00:08:59,573 --> 00:09:03,641
States like these and their
terrorist allies constitute
193
00:09:03,677 --> 00:09:07,879
an axis of evil, arming to
threaten the peace of the world.
194
00:09:07,914 --> 00:09:09,981
Iran denied that Natanz was being used
195
00:09:10,016 --> 00:09:11,916
to produce nuclear weapons.
196
00:09:11,952 --> 00:09:14,919
Still, its government bowed topressure in 2003 and temporarily
197
00:09:14,955 --> 00:09:19,390
suspended uranium enrichment andprocessing activities at Natanz.
198
00:09:19,426 --> 00:09:23,561
Then in 2005, newly elected president Mahmoud Ahmadinejad
199
00:09:23,597 --> 00:09:26,064
defiantly restarted the program.
200
00:09:26,099 --> 00:09:28,266
Within months, the facility at Natanz was up and running,
201
00:09:28,301 --> 00:09:30,635
and enriching uranium all over again.
202
00:09:30,670 --> 00:09:33,772
Concerned, the UN imposed sanctions.
203
00:09:33,807 --> 00:09:37,275
By 2009, Israeli Prime Minister Benjamin Netanyahu
204
00:09:37,310 --> 00:09:39,911
challenged the US to stop Iran's nuclear program.
205
00:09:41,515 --> 00:09:46,584
The most urgent challenge facing
this body today is to prevent
206
00:09:46,620 --> 00:09:50,855
the tyrants of Tehran from
acquiring nuclear weapons.
207
00:09:50,891 --> 00:09:53,291
Netanyahu was privately considering air strikes
208
00:09:53,326 --> 00:09:54,859
on Natanz.
209
00:09:56,863 --> 00:09:58,797
It's during this high-stakes political stand-off
210
00:09:58,832 --> 00:10:02,100
that Stuxnet is detected in June 2010.
211
00:10:02,135 --> 00:10:05,470
In fact, Stuxnet was found in countries around the world,
212
00:10:05,505 --> 00:10:09,007
but infection rates in Iran were off the charts.
213
00:10:09,042 --> 00:10:11,810
And at the plant at Natanz, centrifuges were breaking down
214
00:10:11,845 --> 00:10:14,112
at unprecedented rates.
215
00:10:14,147 --> 00:10:16,447
Stuxnet's design is complex,
216
00:10:16,483 --> 00:10:19,150
but its operation is deceptively simple.
217
00:10:19,186 --> 00:10:22,020
Like a security camera, the virus records 30 days
218
00:10:22,055 --> 00:10:25,857
of normal centrifuge operation while it hides in the system.
219
00:10:25,892 --> 00:10:28,493
Then, when Stuxnet attacks the centrifuges,
220
00:10:28,528 --> 00:10:32,096
it plays back the pre-recordeddata so operators on the outside
221
00:10:32,132 --> 00:10:34,833
can't see the infection raging within the centrifuges.
222
00:10:37,337 --> 00:10:39,537
ERIC: And those 30 days
were not a coincidence.
223
00:10:39,573 --> 00:10:41,673
That's how long it takes
basically for a cascade
224
00:10:41,708 --> 00:10:44,976
of centrifuges to basically get
fully loaded with uranium gas.
225
00:10:45,011 --> 00:10:47,478
So they wanted to basically have
their sabotage effects happen
226
00:10:47,514 --> 00:10:50,381
right at the peak moment
and causing the most damage.
227
00:10:50,417 --> 00:10:54,152
So the centrifuges at Natanz
normally will spin at 1,000 Hz,
228
00:10:54,187 --> 00:10:57,488
and what the threat did
was spin up the centrifuges
229
00:10:57,524 --> 00:11:00,491
to either 1,400 Hz,
to be really fast,
230
00:11:00,527 --> 00:11:03,428
or slow them down to 2 Hz,
to be really slow.
231
00:11:03,463 --> 00:11:05,697
And what would happen
is when they spin up
232
00:11:05,732 --> 00:11:07,832
really, really fast, the
centrifuge will basically
233
00:11:07,868 --> 00:11:10,235
vibrate uncontrollably
and just shatter.
234
00:11:10,270 --> 00:11:12,503
And you would have literally
shards of aluminum flying
235
00:11:12,539 --> 00:11:14,939
across the room, maybe a domino
effect of centrifuges falling
236
00:11:14,975 --> 00:11:18,109
and toppling on each other, and
uranium gas leaking everywhere.
237
00:11:19,713 --> 00:11:21,112
Eventually they would
hit the big red button
238
00:11:21,147 --> 00:11:22,447
to cause shutdown.
239
00:11:22,482 --> 00:11:24,782
Stuxnet was smart enough
to also hijack that.
240
00:11:24,818 --> 00:11:27,218
That big red button went
through a computer as well.
241
00:11:27,254 --> 00:11:30,355
And they hijacked that code,
and basically would ignore it
242
00:11:30,390 --> 00:11:32,257
and allow their
payload to take effect.
243
00:11:32,292 --> 00:11:33,958
Once it was inside,
it was unstoppable.
244
00:11:33,994 --> 00:11:35,393
They were doomed, yeah.
245
00:11:35,428 --> 00:11:37,128
The operators were doomed,
the plant was doomed.
246
00:11:38,798 --> 00:11:40,531
Stuxnet was the first digital weapon known
247
00:11:40,567 --> 00:11:43,468
to have physically destroyed its targets.
248
00:11:43,503 --> 00:11:45,703
But the computer systems at Natanz
249
00:11:45,739 --> 00:11:48,006
weren't connected to the internet.
250
00:11:48,041 --> 00:11:50,275
So how did Stuxnet get inside the system?
251
00:11:54,514 --> 00:11:56,948
BEN: By 2010, it became evident that someone had decided
252
00:11:56,983 --> 00:11:59,584
that measures more drastic than sanctions
253
00:11:59,619 --> 00:12:01,886
- and less spectacular than air strikes -
254
00:12:01,922 --> 00:12:04,889
were needed to slow down Iran's nuclear program.
255
00:12:04,925 --> 00:12:07,258
Because out of nowhere, a mysterious super virus named
256
00:12:07,294 --> 00:12:11,062
Stuxnet was sabotaging an Iranian nuclear facility.
257
00:12:11,097 --> 00:12:13,564
But the computers in the facility weren't online,
258
00:12:13,600 --> 00:12:16,267
so the question remained howthe virus got inside the system.
259
00:12:18,138 --> 00:12:21,139
I went to find Darknet J,an operational security expert,
260
00:12:21,174 --> 00:12:24,142
to understand how Stuxnet could've infected them.
261
00:12:24,177 --> 00:12:29,414
So how did Stuxnet jump
the air gap and infect Natanz?
262
00:12:29,449 --> 00:12:32,917
It jumped the air gap by
traveling on a USB stick
263
00:12:32,953 --> 00:12:35,687
that was placed into
the computer from someone.
264
00:12:37,023 --> 00:12:39,190
Darknet J replicated the USB exploit to show me
265
00:12:39,225 --> 00:12:42,160
how Stuxnet infected the computers at Natanz.
266
00:12:42,195 --> 00:12:45,363
Alright, so what happens
is you put in the USB.
267
00:12:47,701 --> 00:12:49,300
You open up the folder.
268
00:12:49,336 --> 00:12:51,669
Windows looks for an icon,
which is a malicious payload
269
00:12:51,705 --> 00:12:53,438
that can write to system.
270
00:12:53,473 --> 00:12:55,273
I have it opening Calculator.
271
00:12:55,308 --> 00:12:59,310
So once the intended target
opens the folder with Stuxnet
272
00:12:59,346 --> 00:13:01,612
inside of it, what happens next?
273
00:13:01,648 --> 00:13:03,481
Essentially it can have complete
control over your computer,
274
00:13:03,516 --> 00:13:06,217
meaning that it can write
anything to the hard disk,
275
00:13:06,252 --> 00:13:08,353
it can grab credentials
from the internet
276
00:13:08,388 --> 00:13:09,620
if you put them in at the time.
277
00:13:09,656 --> 00:13:11,189
It can also propagate itself
278
00:13:11,224 --> 00:13:12,790
inside of your
local area network.
279
00:13:12,826 --> 00:13:13,992
Wow.
(Laughing)
280
00:13:14,027 --> 00:13:15,526
It's keys to the kingdom.
281
00:13:17,163 --> 00:13:19,163
That meant someone physicallywalked Stuxnet into the Iranian
282
00:13:19,199 --> 00:13:23,968
facility, likely an unwitting engineer with an infected USB.
283
00:13:24,004 --> 00:13:26,804
Inside, the virus wreaked havoc.
284
00:13:26,840 --> 00:13:30,074
Centrifuges were destroyed,and the Iranians were clueless.
285
00:13:30,110 --> 00:13:32,543
But then Eric Chien and his team at Symantec
286
00:13:32,579 --> 00:13:36,414
announced the details of Stuxnet to the world in a blog post.
287
00:13:36,449 --> 00:13:38,750
Then Natanz shut down.
288
00:13:38,785 --> 00:13:41,552
Most assumed Iranian authorities finally understood the mess
289
00:13:41,588 --> 00:13:43,554
they were in, and were trying to clean it up.
290
00:13:44,524 --> 00:13:46,891
After that, two Iranian nuclear scientists were targeted
291
00:13:46,926 --> 00:13:48,860
by motorcycle-riding assailants,
292
00:13:48,895 --> 00:13:51,729
who slipped a sticky bomb onto one of their cars.
293
00:13:51,765 --> 00:13:55,033
One was killed, the other seriously injured.
294
00:13:55,068 --> 00:13:58,736
It appeared whoever was behind Stuxnet went to Plan B.
295
00:13:58,772 --> 00:14:00,738
Soon after, the Iranian President admitted a virus
296
00:14:00,774 --> 00:14:02,440
caused the shutdown at Natanz.
297
00:14:07,113 --> 00:14:08,946
He blamed Israel, but couldn't back it up
298
00:14:08,982 --> 00:14:10,214
with any hard evidence.
299
00:14:10,250 --> 00:14:12,116
The assassination sent a chill through
300
00:14:12,152 --> 00:14:13,885
the cybersecurity community.
301
00:14:13,920 --> 00:14:15,453
Did it make you a
little bit nervous?
302
00:14:15,488 --> 00:14:16,954
We would look in our
rearview mirrors all the time.
303
00:14:16,990 --> 00:14:18,689
And you know, I would
see a motorcycle
304
00:14:18,725 --> 00:14:20,191
and watch them closely.
305
00:14:20,226 --> 00:14:22,794
It definitely wasn't lost on us
that we were in the middle
306
00:14:22,829 --> 00:14:25,563
of some big geopolitical affair.
307
00:14:25,598 --> 00:14:28,099
Iran openly accused Israel and the US of being
308
00:14:28,134 --> 00:14:30,301
the masterminds of Stuxnet.
309
00:14:30,336 --> 00:14:32,904
(Thundering)
310
00:14:34,808 --> 00:14:36,741
I went to talk to someone who was trying to stop the crisis
311
00:14:36,776 --> 00:14:38,109
from escalating further.
312
00:14:39,846 --> 00:14:41,079
BEN: Beautiful day.
313
00:14:41,114 --> 00:14:42,447
(Chattering)
314
00:14:42,482 --> 00:14:44,816
Jamal Abdi is a foreign policy analyst
315
00:14:44,851 --> 00:14:47,151
for the National Iranian American Council,
316
00:14:47,187 --> 00:14:50,321
and has advised congressionalmembers on relations with Iran.
317
00:14:50,356 --> 00:14:52,723
People like myself who
were trying to broker
318
00:14:52,759 --> 00:14:54,625
a diplomatic solution,
trying to figure out
319
00:14:54,661 --> 00:14:56,961
an off-ramp from
these escalatory moves,
320
00:14:56,996 --> 00:15:00,131
I really thought this is
an extremely bad turn.
321
00:15:00,166 --> 00:15:02,333
What was the reception
of Stuxnet in Iran?
322
00:15:02,368 --> 00:15:03,968
How did people feel about it?
323
00:15:04,003 --> 00:15:06,637
I think the Iranians
very credibly believed
324
00:15:06,673 --> 00:15:08,106
that Israel was behind this.
325
00:15:08,141 --> 00:15:10,341
And then there was
also just the fact that
326
00:15:10,376 --> 00:15:12,243
there were all these
other sabotage efforts
327
00:15:12,278 --> 00:15:14,479
that they believed
Israel was connected to.
328
00:15:15,482 --> 00:15:18,249
Israel was in many regards
329
00:15:18,284 --> 00:15:22,153
the driving force against
Iran's nuclear program.
330
00:15:22,188 --> 00:15:24,989
And then you have a hardline
government like Ahmadinejad
331
00:15:25,024 --> 00:15:27,258
that's essentially
enflaming the issue.
332
00:15:27,293 --> 00:15:30,828
It was: How do we slow that
down as much as possible?
333
00:15:30,864 --> 00:15:32,930
Because we know
we can't stop it.
334
00:15:34,234 --> 00:15:35,700
But it wasn't until two years later
335
00:15:35,735 --> 00:15:38,302
that The New York Times published an explosive story,
336
00:15:38,338 --> 00:15:40,805
revealing the US was behind Stuxnet.
337
00:15:40,840 --> 00:15:42,707
Unnamed officials told the paper
338
00:15:42,742 --> 00:15:45,276
the US created the virus with help from Israel.
339
00:15:45,311 --> 00:15:49,380
It was part of a covertoperation dubbed Olympic Games.
340
00:15:49,415 --> 00:15:52,350
The allegations set off a political firestorm,
341
00:15:52,385 --> 00:15:55,520
so a federal probe was launched to investigate the leak.
342
00:15:55,555 --> 00:15:58,789
But in 2015, the investigation was put on ice over US fears
343
00:15:58,825 --> 00:16:01,325
of what might come out in court.
344
00:16:01,361 --> 00:16:02,894
For me, it always comes down
to the leak investigation.
345
00:16:02,929 --> 00:16:04,529
You don't launch a
leak investigation
346
00:16:04,564 --> 00:16:06,130
for a covert operation
you didn't do.
347
00:16:06,166 --> 00:16:08,566
Kim Zetter has been covering the Stuxnet story for Wired
348
00:16:08,601 --> 00:16:11,169
since the virus was first discovered.
349
00:16:11,204 --> 00:16:13,571
The United States
likely did Stuxnet.
350
00:16:13,606 --> 00:16:14,872
I don't think that
there's a question that
351
00:16:14,908 --> 00:16:16,307
the US is behind it.
352
00:16:16,342 --> 00:16:17,475
I mean, it's not even
something that I think that we,
353
00:16:17,510 --> 00:16:19,510
you know, have to
sort of debate.
354
00:16:19,546 --> 00:16:21,045
Stuxnet was a precision weapon,
355
00:16:21,080 --> 00:16:22,914
so it would never
destroy anything except
356
00:16:22,949 --> 00:16:25,483
what matched this very
specific configuration.
357
00:16:25,518 --> 00:16:28,219
And you can see
lawyers' fingerprints
358
00:16:28,254 --> 00:16:29,654
are all over Stuxnet.
359
00:16:29,689 --> 00:16:31,355
I think that's the first time
I've heard someone say
360
00:16:31,391 --> 00:16:33,057
that lawyers' fingerprints
were all over Stuxnet.
361
00:16:33,092 --> 00:16:36,160
Yeah, you can see that as
they were designing this,
362
00:16:36,196 --> 00:16:38,362
the lawyers would've had
very tight restrictions
363
00:16:38,398 --> 00:16:40,031
for controlling this.
364
00:16:40,066 --> 00:16:41,866
They would've
told the developers,
365
00:16:41,901 --> 00:16:43,834
"This can only affect the
systems that are targeted.
366
00:16:43,870 --> 00:16:45,736
You have to write
this in such a way."
367
00:16:45,772 --> 00:16:48,105
It likely blocks out
two major nation states
368
00:16:48,141 --> 00:16:50,107
that could've done it,
China and Russia.
369
00:16:50,143 --> 00:16:51,242
I'm not sure they
were scared too much
370
00:16:51,277 --> 00:16:52,376
about the legal implications!
371
00:16:52,412 --> 00:16:54,178
Exactly, so this was
one of the reasons
372
00:16:54,214 --> 00:16:56,547
that people were so
certain it was the US.
373
00:16:57,717 --> 00:16:59,917
All of the available clues suggested that Stuxnet was
374
00:16:59,953 --> 00:17:03,254
a joint US/Israeli operation, but government officials
375
00:17:03,289 --> 00:17:05,256
have gone to great lengths not to acknowledge it.
376
00:17:06,626 --> 00:17:07,892
So the evidence is lacking?
377
00:17:07,927 --> 00:17:12,930
I think that there is no
clear, complete evidence
378
00:17:12,966 --> 00:17:15,733
or even complete indication
379
00:17:15,768 --> 00:17:18,536
that it was one
country or another.
380
00:17:19,739 --> 00:17:21,939
To this day, the US government will not confirm or deny
381
00:17:21,975 --> 00:17:23,474
its role in Stuxnet.
382
00:17:25,144 --> 00:17:27,311
Stuxnet's architects might want to stay in the shadows,
383
00:17:27,347 --> 00:17:29,447
but around the world other governments took notice
384
00:17:29,482 --> 00:17:31,582
of the cyberweapon they'd unleashed.
385
00:17:36,489 --> 00:17:38,122
BEN: When security researchers found Stuxnet
386
00:17:38,157 --> 00:17:41,092
and publicized the discovery of the destructive malware,
387
00:17:41,127 --> 00:17:43,027
they inadvertently brought a covert operation
388
00:17:43,062 --> 00:17:44,328
to a premature end.
389
00:17:46,165 --> 00:17:48,633
By the time we discovered
Stuxnet, it's believed that
390
00:17:48,668 --> 00:17:50,768
it already had delivered
its payload at least once.
391
00:17:50,803 --> 00:17:53,904
So I'm sure the attackers would
prefer that it wasn't uncovered,
392
00:17:53,940 --> 00:17:57,508
because maybe they could've
continued or continued further
393
00:17:57,543 --> 00:18:00,311
operations, but it at least
accomplished its goal.
394
00:18:00,346 --> 00:18:02,913
At least according to the
IEA documents that showed that
395
00:18:02,949 --> 00:18:07,518
a few thousand centrifuges were
destroyed just before 2010.
396
00:18:09,355 --> 00:18:11,322
But what effect did it have on its nuclear standoff
397
00:18:11,357 --> 00:18:13,991
between Iran, Israel and the West?
398
00:18:14,027 --> 00:18:15,359
You know, looking back on this,
399
00:18:15,395 --> 00:18:18,029
there's no question that
it slowed down the program.
400
00:18:18,064 --> 00:18:19,964
Was it a successful
attack in that sense?
401
00:18:19,999 --> 00:18:22,366
It kind of partially depends
what you mean by "success".
402
00:18:22,402 --> 00:18:24,969
I think Stuxnet probably played
a role in convincing Israel
403
00:18:25,004 --> 00:18:27,838
not to attack Iran and giving
diplomacy more of a chance.
404
00:18:29,375 --> 00:18:31,676
Stuxnet may have just slowed down Iran's nuclear weapons
405
00:18:31,711 --> 00:18:35,980
program by 6 months to 2 years, buying time for diplomacy,
406
00:18:36,015 --> 00:18:39,317
but it didn't exactly stop Iran from pursuing the bomb.
407
00:18:39,352 --> 00:18:41,185
Do you think it was effective?
408
00:18:41,220 --> 00:18:44,121
It was, you know, one step
forward, two steps back.
409
00:18:44,157 --> 00:18:46,390
It delayed Iran's
program certainly, I think,
410
00:18:46,426 --> 00:18:50,461
by several months, maybe a year,
but it also politically...
411
00:18:50,496 --> 00:18:53,631
it convinced Iran that
they were under siege.
412
00:18:53,666 --> 00:18:57,668
It made an argument, a case
for why Iran needed to have
413
00:18:57,704 --> 00:19:00,671
capabilities to counter
cyberwarfare as well as
414
00:19:00,707 --> 00:19:02,506
capabilities to
defend the country.
415
00:19:02,542 --> 00:19:04,675
If Iran wants to
develop nuclear weapons,
416
00:19:04,711 --> 00:19:06,510
they can develop
nuclear weapons.
417
00:19:06,546 --> 00:19:08,245
This is not a
technical decision,
418
00:19:08,281 --> 00:19:10,047
it's a political decision.
419
00:19:10,083 --> 00:19:13,217
And Stuxnet was a technical
response that maybe on a
420
00:19:13,252 --> 00:19:15,853
technical level slowed
the program down, but on a
421
00:19:15,888 --> 00:19:18,923
political level actually helped
to accelerate the program.
422
00:19:18,958 --> 00:19:21,325
So I think in that regard,
if you're looking at actually
423
00:19:21,361 --> 00:19:23,694
preventing Iran from developing
nuclear weapons or convincing
424
00:19:23,730 --> 00:19:26,597
them to not go down that
route, Stuxnet was a failure.
425
00:19:28,634 --> 00:19:31,702
Finally, after years of crippling UN sanctions,
426
00:19:31,738 --> 00:19:34,505
Iran agreed to limit their nuclear program in 2015
427
00:19:34,540 --> 00:19:37,174
in exchange for a partial lifting of sanctions.
428
00:19:38,811 --> 00:19:41,045
But by deploying Stuxnet,the US and Israel had triggered
429
00:19:41,080 --> 00:19:42,713
a different kind of arms race.
430
00:19:44,884 --> 00:19:47,451
This was an act of war,
and it was an act of war
431
00:19:47,487 --> 00:19:49,687
without... without
there being a war.
432
00:19:49,722 --> 00:19:51,088
If you drop a bomb on someone,
433
00:19:51,124 --> 00:19:53,057
they know that they've
been attacked, right?
434
00:19:53,092 --> 00:19:54,392
But in digital warfare,
435
00:19:54,427 --> 00:19:56,360
you may never know that
you're under attack.
436
00:19:56,396 --> 00:19:58,396
The US opened a door
437
00:19:58,431 --> 00:19:59,897
that everyone is going
to walk through now.
438
00:20:02,602 --> 00:20:05,903
In Iran, was Stuxnet
seen as an act of war?
439
00:20:05,938 --> 00:20:07,938
In Iran it was, it was
seen as an act of war.
440
00:20:07,974 --> 00:20:10,241
And there was sort of a
question that was opened up:
441
00:20:10,276 --> 00:20:13,444
did the United States
just declare war on Iran?
442
00:20:13,479 --> 00:20:15,312
It's such a grey area though.
443
00:20:15,348 --> 00:20:18,149
So I think that even now people
are still kind of trying to
444
00:20:18,184 --> 00:20:20,785
figure out whether this
constitutes war or not,
445
00:20:20,820 --> 00:20:22,653
but technically...
technically it was.
446
00:20:22,688 --> 00:20:25,089
And I think inside of Iran
it was really viewed that way.
447
00:20:25,124 --> 00:20:26,891
And I think it really
opened a lot of eyes inside
448
00:20:26,926 --> 00:20:29,560
the establishment of Iran
that they needed to get savvy
449
00:20:29,595 --> 00:20:32,730
in this field to be able to
defend as well as attack.
450
00:20:32,765 --> 00:20:36,066
And so you've got, you know,
the formation of the cyber army
451
00:20:36,102 --> 00:20:38,436
inside of Iran that
was initially really...
452
00:20:38,471 --> 00:20:40,604
really aimed at activists
inside the country.
453
00:20:40,640 --> 00:20:43,407
But then after Stuxnet, it
became even more formalized,
454
00:20:43,443 --> 00:20:46,177
all kinds of money was poured
into it because this was now
455
00:20:46,212 --> 00:20:48,145
not just an internal threat
but an external threat.
456
00:20:49,315 --> 00:20:51,615
BEN: It spurred Iran
to be more offensive?
457
00:20:51,651 --> 00:20:53,250
It spurred everyone
to be more offensive.
458
00:20:53,286 --> 00:20:54,685
That's the thing, it's not Iran.
459
00:20:54,720 --> 00:20:57,855
There are other people to
be worried about than Iran.
460
00:20:57,890 --> 00:21:00,691
All of that together has
created this arms race
461
00:21:00,726 --> 00:21:02,159
of other countries.
462
00:21:02,195 --> 00:21:05,196
Would you agree that it was
the dawn of a new chapter
463
00:21:05,231 --> 00:21:07,097
in cyberwarfare?
464
00:21:07,133 --> 00:21:09,767
The expected response is that
a lot of other countries now
465
00:21:09,802 --> 00:21:13,137
are establishing
offensive cyber operations.
466
00:21:13,172 --> 00:21:14,972
They don't wanna be left behind.
467
00:21:16,309 --> 00:21:19,777
Stuxnet had launched the race to militarize cyberspace.
468
00:21:19,812 --> 00:21:21,946
And the more the world is connected,
469
00:21:21,981 --> 00:21:23,647
the more targets there are for attack.
470
00:21:25,718 --> 00:21:27,785
Countries around the world are racing to design new malware
471
00:21:27,820 --> 00:21:29,954
for the next generation of warfare.
472
00:21:29,989 --> 00:21:32,890
Do you think it's going
to become another tool
473
00:21:32,925 --> 00:21:34,492
in the toolbox of war?
474
00:21:34,527 --> 00:21:35,559
Absolutely.
475
00:21:35,595 --> 00:21:37,194
Stuxnet to me was
a Trinity moment,
476
00:21:37,230 --> 00:21:39,363
and by that I mean the
first Trinity explosion,
477
00:21:39,398 --> 00:21:43,501
demonstration of a nuclear
detonation in New Mexico.
478
00:21:43,536 --> 00:21:46,504
We demonstrated a capability
that you could have
479
00:21:46,539 --> 00:21:50,007
devastating physical
impacts by cyber means.
480
00:21:50,042 --> 00:21:51,509
It was a bit like the bomb.
481
00:21:51,544 --> 00:21:54,178
Once the secret was
out, people started
482
00:21:54,213 --> 00:21:56,013
getting it for themselves.
483
00:21:56,048 --> 00:21:58,415
We started recognizing that
there's no putting this back.
484
00:21:58,451 --> 00:22:00,684
You know, the key was
turned, the lid was opened,
485
00:22:00,720 --> 00:22:03,153
and everything in Pandora's
Box was now out in the open,
486
00:22:03,189 --> 00:22:05,189
and there was no way
to get it back in.
487
00:22:08,561 --> 00:22:11,829
Stuxnet was the world's first known cyberweapon.
488
00:22:11,864 --> 00:22:13,998
It set the stage for a new kind of war,
489
00:22:14,033 --> 00:22:16,200
one that will play out on a digital battlefield.
47328
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.