Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,360 --> 00:00:16,080 Codes and ciphers have been used to protect secrets 2 00:00:16,160 --> 00:00:18,840 from ancient times to modern day. 3 00:00:19,520 --> 00:00:21,960 Breaking these codes and ciphers 4 00:00:22,040 --> 00:00:25,680 is crucial spycraft for successful espionage. 5 00:00:26,200 --> 00:00:28,560 And it gave us vital information 6 00:00:28,640 --> 00:00:31,400 that we needed, for example, around the D-Day invasions. 7 00:00:32,320 --> 00:00:34,040 As codes are broken, 8 00:00:34,120 --> 00:00:37,320 more complex systems are developed to protect them. 9 00:00:38,400 --> 00:00:43,000 They created 11 models of Colossus, 10 00:00:43,080 --> 00:00:46,440 which was the world's first electronic computer. 11 00:00:47,160 --> 00:00:50,960 Nevertheless, advancements in technology come with risks. 12 00:00:52,240 --> 00:00:54,560 But to go into the ones and zeros 13 00:00:54,640 --> 00:00:57,240 and discover a vulnerability you can exploit. 14 00:00:57,320 --> 00:01:00,480 - That's the next level. - Next level technology 15 00:01:00,560 --> 00:01:04,440 seeks to override the safety measures of cryptography. 16 00:01:08,000 --> 00:01:09,800 Unlike physical attacks, 17 00:01:09,880 --> 00:01:13,960 cyber-related attacks have a immediate impact. 18 00:01:15,640 --> 00:01:17,400 They don't need to send bombs. 19 00:01:21,640 --> 00:01:22,640 How bad can it get? 20 00:01:22,680 --> 00:01:25,600 I've used words catastrophic and existential. 21 00:01:25,680 --> 00:01:28,040 As the threat intensifies, 22 00:01:28,120 --> 00:01:30,880 so does the job of the codebreaker. 23 00:01:31,400 --> 00:01:35,040 They always describe the espionage as a chess match. 24 00:01:35,120 --> 00:01:37,080 It's the same thing with electronics. 25 00:02:09,080 --> 00:02:12,160 Codes and ciphers have played an important role 26 00:02:12,280 --> 00:02:15,040 in keeping information private throughout history. 27 00:02:16,000 --> 00:02:19,320 What began with secret writings to hide information 28 00:02:19,400 --> 00:02:22,560 has progressed to electro-mechanical ciphers 29 00:02:22,640 --> 00:02:27,760 and then computers to send messages, and to decipher and break them. 30 00:02:28,400 --> 00:02:32,480 Today, cyber espionage is used by intelligence agencies 31 00:02:32,560 --> 00:02:34,520 and adversaries alike, 32 00:02:34,600 --> 00:02:39,120 and has proved a useful strategy in the collection or corruption of data, 33 00:02:39,640 --> 00:02:44,640 stealing technology and patents, disrupting critical infrastructures, 34 00:02:44,720 --> 00:02:48,360 and allowing for advanced warning of an enemy's attack. 35 00:02:48,960 --> 00:02:53,800 Every government in history has prized secrecy, 36 00:02:53,880 --> 00:02:57,560 and has understood the importance of being able to communicate 37 00:02:58,400 --> 00:03:02,080 among the leaders, and among their various embassies, 38 00:03:02,160 --> 00:03:05,840 in a way that could not be read by their opponents. 39 00:03:06,560 --> 00:03:09,600 Codes and ciphers can be used to send messages 40 00:03:09,680 --> 00:03:11,880 that can be communicated secretly, 41 00:03:12,480 --> 00:03:14,760 but the two are often confused. 42 00:03:14,840 --> 00:03:17,360 So if you use a code word, Geronimo, 43 00:03:17,440 --> 00:03:23,040 it may mean we successfully assassinated Osama Bin Laden. 44 00:03:24,560 --> 00:03:27,520 One word means many things. 45 00:03:27,600 --> 00:03:34,360 A cipher, in the contrast, is a particular type of code which usually means 46 00:03:34,440 --> 00:03:38,440 that letters had been transposed or interchanged, 47 00:03:39,000 --> 00:03:43,240 so that a message that had 550 characters 48 00:03:43,840 --> 00:03:46,280 may still again have 550 characters, 49 00:03:46,360 --> 00:03:48,560 but they've been arranged in a way 50 00:03:48,640 --> 00:03:51,800 that they're unreadable without the key to the cipher. 51 00:03:52,800 --> 00:03:55,320 Ciphers are a form of codes. 52 00:03:57,880 --> 00:03:59,440 Thomas Jefferson, 53 00:03:59,520 --> 00:04:02,400 one of the founding fathers of the United States, 54 00:04:02,480 --> 00:04:04,400 and a great statesman, 55 00:04:04,480 --> 00:04:07,480 realized the value of secret correspondence. 56 00:04:07,560 --> 00:04:09,240 And in his papers, 57 00:04:09,840 --> 00:04:15,440 were found the plans for a device we call the Jeffersonian cipher wheel. 58 00:04:19,560 --> 00:04:21,280 You had a rod, 59 00:04:21,360 --> 00:04:25,480 and you would assemble the disks in a certain order. 60 00:04:25,560 --> 00:04:26,920 Once they were assembled, 61 00:04:27,000 --> 00:04:30,560 you would adjust each disk when properly aligned, 62 00:04:30,640 --> 00:04:34,320 here were now the characters of your message. 63 00:04:34,400 --> 00:04:38,520 You would then arbitrarily pick a number, let's say ten. 64 00:04:38,600 --> 00:04:42,400 You would then go to the 10th row of letters above that, 65 00:04:42,480 --> 00:04:44,440 which'll just be gobbledygook, 66 00:04:44,520 --> 00:04:46,800 and you would write down those letters, 67 00:04:46,880 --> 00:04:50,520 and that is what you would send as your message. 68 00:04:51,120 --> 00:04:53,560 Now the person with the corresponding piece 69 00:04:53,640 --> 00:04:58,000 had to know the order in which the rotors would be assembled. 70 00:04:58,600 --> 00:05:03,880 And once they did that, they would simply align the letters, 71 00:05:03,960 --> 00:05:06,000 so you would read the gobbledygook, 72 00:05:06,080 --> 00:05:09,400 and then they would back off ten characters, 73 00:05:09,480 --> 00:05:11,520 and there would be the precise message. 74 00:05:14,080 --> 00:05:15,800 In fact, it was so clever 75 00:05:16,200 --> 00:05:19,040 that the U.S. government found this in his files, 76 00:05:19,640 --> 00:05:23,960 and in 1920, began producing these for the U.S. Army, 77 00:05:24,040 --> 00:05:27,840 and it was called the M94 Signal Device. 78 00:05:27,920 --> 00:05:30,560 And it was actively used in the U.S. military 79 00:05:30,640 --> 00:05:34,000 between 1920 and the beginning of World War II. 80 00:05:34,600 --> 00:05:36,400 Back in Jefferson's time, 81 00:05:36,480 --> 00:05:39,400 ciphers and secret writings depended on algorithms 82 00:05:39,480 --> 00:05:41,320 created by the human mind. 83 00:05:42,280 --> 00:05:45,640 But between 1915 and 1924, 84 00:05:45,720 --> 00:05:48,800 things changed with the advent of a device 85 00:05:48,880 --> 00:05:51,480 called the Hebron Electric Rotor Machine. 86 00:05:51,560 --> 00:05:53,400 For the very first time, 87 00:05:53,480 --> 00:05:58,400 it was possible to produce a stream of ciphers 88 00:05:58,480 --> 00:06:01,800 created by an electromechanical rotor system 89 00:06:02,520 --> 00:06:06,520 that could not be solved by human minds alone. 90 00:06:07,080 --> 00:06:10,600 And it was the first of a series of rotor systems 91 00:06:10,680 --> 00:06:14,160 that would be used over the next 50 years 92 00:06:14,240 --> 00:06:16,600 that would change how ciphers were created. 93 00:06:17,560 --> 00:06:20,960 In 1924, a man named Arthur Scherbius 94 00:06:21,040 --> 00:06:24,360 took the same basic concept and created what would be 95 00:06:24,440 --> 00:06:28,720 one of the most important cipher devices of the 20th century, 96 00:06:28,800 --> 00:06:31,360 the German Enigma cipher machine. 97 00:06:33,120 --> 00:06:35,040 And his idea was 98 00:06:35,120 --> 00:06:36,800 that each machine 99 00:06:38,200 --> 00:06:40,360 contained a series of rotors. 100 00:06:40,880 --> 00:06:43,880 Each rotor had 26 settings 101 00:06:44,400 --> 00:06:45,920 that could be changed, 102 00:06:46,520 --> 00:06:49,400 and in the front of the machine 103 00:06:49,480 --> 00:06:52,480 were a series of Stécker or cords 104 00:06:53,080 --> 00:06:55,680 that was a plug board arrangement. 105 00:06:56,320 --> 00:06:58,080 And the idea was, 106 00:06:58,160 --> 00:07:01,080 it would take two people to operate the Enigma. 107 00:07:01,680 --> 00:07:04,840 And the first person would take the clear text message 108 00:07:05,360 --> 00:07:08,040 and he would press the letter A, for example, 109 00:07:08,120 --> 00:07:10,240 if that's the first letter of the message. 110 00:07:11,040 --> 00:07:15,120 And the message would then go from that A, 111 00:07:15,200 --> 00:07:17,400 down to the plug board, and the plug board 112 00:07:17,480 --> 00:07:20,680 would route it to a different number or a different letter. 113 00:07:21,720 --> 00:07:24,360 That letter would in turn go to the first rotor, 114 00:07:24,440 --> 00:07:26,600 into one of 26 permutations. 115 00:07:27,280 --> 00:07:30,360 Then it would go into the second rotor, 26 permutations, 116 00:07:30,440 --> 00:07:34,480 the third rotor, 26 permutations, hit a reflector, 117 00:07:35,040 --> 00:07:38,800 come back times 26, times 26, times 26, 118 00:07:39,320 --> 00:07:40,720 come into the plug board, 119 00:07:41,360 --> 00:07:45,720 and then another light would be lit. 120 00:07:45,800 --> 00:07:51,240 When it had completed its 26 rotations, which was called a jumbo, 121 00:07:51,320 --> 00:07:53,800 then all of the rotors moved. 122 00:07:53,880 --> 00:07:57,560 And the combination of the complexity of this device 123 00:07:58,520 --> 00:08:01,440 was greater than human minds could decipher. 124 00:08:02,040 --> 00:08:04,760 And the advantages of it 125 00:08:04,840 --> 00:08:07,840 quickly were recognized by the German military. 126 00:08:07,920 --> 00:08:10,400 It was adopted in the early 1930s 127 00:08:10,480 --> 00:08:13,080 as the primary communication tool 128 00:08:13,160 --> 00:08:16,560 of the Wehrmacht, the German military, the Luftwaffe. 129 00:08:25,160 --> 00:08:27,320 The Enigma Machine played a crucial part 130 00:08:27,400 --> 00:08:31,680 in the communication among the Nazi forces during World War II. 131 00:08:33,560 --> 00:08:35,520 In the early 1930s, 132 00:08:35,600 --> 00:08:39,680 Polish codebreakers had developed a machine called the Bomba 133 00:08:39,760 --> 00:08:43,520 that had successfully deciphered some of the Enigma messages, 134 00:08:44,680 --> 00:08:48,600 but the Germans kept modifying it to make it more complex. 135 00:08:49,600 --> 00:08:53,200 The British and their allies were determined to break it, 136 00:08:53,280 --> 00:08:55,240 and in 1939, 137 00:08:55,320 --> 00:08:58,360 the British Government set up a code and cipher school 138 00:08:58,440 --> 00:09:02,640 known as Station X at Bletchley Park just outside of London. 139 00:09:06,200 --> 00:09:09,040 And it was built around the Bletchley Park Manor. 140 00:09:09,120 --> 00:09:11,520 That and a large number of huts. 141 00:09:12,120 --> 00:09:14,640 And the huts contained different groups 142 00:09:14,720 --> 00:09:17,400 which were attacking individual. 143 00:09:18,840 --> 00:09:20,080 Enigma ciphers. 144 00:09:21,120 --> 00:09:24,080 Every message transmitted by the Nazis 145 00:09:24,160 --> 00:09:26,480 went through British listening posts, 146 00:09:26,560 --> 00:09:29,320 which were copied down in their code groups 147 00:09:29,400 --> 00:09:33,720 and telegraphed to the secret army of codebreakers at Bletchley Park. 148 00:09:34,400 --> 00:09:39,440 The British described any intelligence gained from Enigma as Ultra 149 00:09:39,520 --> 00:09:41,360 and considered it top secret. 150 00:09:42,040 --> 00:09:46,000 And it gave us vital information that we needed, for example, 151 00:09:46,080 --> 00:09:48,120 around the D-Day invasions. 152 00:09:48,200 --> 00:09:50,400 And it helped us understand 153 00:09:50,480 --> 00:09:53,920 the success of some of our deception operations 154 00:09:54,000 --> 00:09:59,240 and helped us to tweak them to try to confuse the Germans. 155 00:10:03,840 --> 00:10:06,640 But the real game changer was Alan Turing, 156 00:10:06,720 --> 00:10:09,680 a 24-year-old mathematical genius. 157 00:10:14,040 --> 00:10:18,120 Turing, during World War II, worked at Bletchley Park, 158 00:10:18,600 --> 00:10:21,080 the government code and cipher school, 159 00:10:21,160 --> 00:10:25,920 and spent his time attacking the German Enigma cipher. 160 00:10:26,520 --> 00:10:29,800 Turing came up with the idea behind Colossus, 161 00:10:29,880 --> 00:10:33,840 a set of computers developed to help in cryptanalysis. 162 00:10:39,040 --> 00:10:44,480 During World War II, they created 11 models of Colossus, 163 00:10:45,240 --> 00:10:48,800 which was the world's first electronic computer. 164 00:10:48,880 --> 00:10:51,280 It was one of the great accomplishments of the war. 165 00:10:51,360 --> 00:10:56,120 Historians estimate that it shortened World War II 166 00:10:56,200 --> 00:10:58,640 by between two and four years. 167 00:10:58,720 --> 00:11:04,400 Turing, however, as brilliant as he was, had a very troubled personal life. 168 00:11:04,480 --> 00:11:08,480 He was a homosexual at a time that homosexuality 169 00:11:08,560 --> 00:11:11,960 was seen as a disability 170 00:11:12,040 --> 00:11:16,600 and seen as a vulnerability for recruitment by foreign spies. 171 00:11:16,680 --> 00:11:21,680 His security clearances were revoked in the early 1950s, and very sadly, 172 00:11:22,280 --> 00:11:26,760 he committed suicide by biting into a poisoned apple, 173 00:11:26,840 --> 00:11:29,360 and the world lost one of our great minds. 174 00:11:32,640 --> 00:11:37,240 It's very interesting today and probably only a coincidence, 175 00:11:37,960 --> 00:11:41,440 but if you look at the logo of Apple computer, 176 00:11:42,000 --> 00:11:45,760 you'll see an apple with a bite out of it, 177 00:11:46,320 --> 00:11:50,760 and though they disclaim any association with Alan Turing, 178 00:11:52,160 --> 00:11:54,080 it certainly seems, at one level, 179 00:11:54,160 --> 00:11:57,160 someone was paying homage to Turing 180 00:11:57,240 --> 00:12:01,320 and his role in creating the world's first electronic computer. 181 00:12:01,880 --> 00:12:08,040 Enigma's settings offered 158 quintillion possible solutions, 182 00:12:08,120 --> 00:12:12,080 yet the Allies were eventually able to crack its code. 183 00:12:12,840 --> 00:12:17,480 Thanks to the advances made by Alan Turing and other codebreakers today, 184 00:12:17,560 --> 00:12:19,920 mathematicians and scientists 185 00:12:20,000 --> 00:12:23,280 are developing next level quantum computing. 186 00:12:23,360 --> 00:12:25,160 In terms of espionage collection, 187 00:12:25,240 --> 00:12:27,760 quantum computing just basically makes cryptography 188 00:12:28,720 --> 00:12:32,280 potentially more difficult, because now people say, 189 00:12:32,360 --> 00:12:36,600 "Well, you're using algorithms that are known to be breakable." 190 00:12:36,680 --> 00:12:38,520 Yeah, they're known to be breakable, 191 00:12:38,600 --> 00:12:40,880 but it's going to take you a long time to break them. 192 00:12:40,960 --> 00:12:43,760 The information at that point's perishable. 193 00:12:43,840 --> 00:12:47,160 Now we're talking a different game all together. 194 00:12:47,240 --> 00:12:49,840 So if all the encryption algorithms we're using 195 00:12:49,920 --> 00:12:51,680 can be broken by the opposition 196 00:12:51,760 --> 00:12:53,960 at the same speed you're actually using it, 197 00:12:54,040 --> 00:12:55,960 when you're decrypting it with the key 198 00:12:56,040 --> 00:12:58,360 and they're decrypting it with quantum computing, 199 00:12:58,440 --> 00:13:00,720 ugh, that gets a little difficult. 200 00:13:02,360 --> 00:13:04,200 Modern computers, 201 00:13:04,280 --> 00:13:07,560 highly advanced versions of the ones used in Bletchley Park, 202 00:13:07,640 --> 00:13:10,240 now dominate the world of cryptology. 203 00:13:15,120 --> 00:13:19,200 In an age when billions of people, governments, and rogue states 204 00:13:19,280 --> 00:13:21,000 are digitally connected, 205 00:13:21,080 --> 00:13:23,800 today's scientists and hackers 206 00:13:23,880 --> 00:13:26,840 have discovered that it is possible to use malware 207 00:13:26,920 --> 00:13:29,480 to steal data off your digital device 208 00:13:29,560 --> 00:13:34,000 that completely evades the protections built with cryptography. 209 00:13:39,800 --> 00:13:43,520 Spyware is a software that can be planted 210 00:13:43,600 --> 00:13:48,040 by adversarial parties on your system. 211 00:13:48,120 --> 00:13:51,360 They have the ability to collect information. 212 00:13:51,440 --> 00:13:53,840 They can collect your passwords. 213 00:13:53,920 --> 00:13:56,800 They can record your conversations. 214 00:13:56,880 --> 00:14:02,320 If you are making webinar calls or phone calls using your computer, 215 00:14:02,400 --> 00:14:08,720 they can turn on your camera and record anything that you are doing. 216 00:14:08,800 --> 00:14:13,480 All these are part of the spyware activities. 217 00:14:14,200 --> 00:14:18,120 And that can be used against the person or against the government. 218 00:14:20,160 --> 00:14:25,800 Foreign entities can use this information about people 219 00:14:25,880 --> 00:14:31,280 who have clearances, for instance, can go and target those people. 220 00:14:34,280 --> 00:14:37,920 It's not just a normal level of technical sophistication 221 00:14:38,000 --> 00:14:40,080 that gives you this kind of capability, 222 00:14:40,160 --> 00:14:44,200 but to go into the micro-electronics, and go into the ones and zeros 223 00:14:44,280 --> 00:14:48,000 and discover a vulnerability within that system that you can exploit. 224 00:14:48,600 --> 00:14:49,600 That's next level. 225 00:14:57,520 --> 00:15:00,520 There are multiple definitions for cyber warfare, 226 00:15:01,160 --> 00:15:04,120 but they generally all come down to the same thing. 227 00:15:04,920 --> 00:15:07,720 It's using techniques 228 00:15:08,480 --> 00:15:11,000 to attack another country 229 00:15:11,520 --> 00:15:14,400 over an electronic or cyber means, 230 00:15:14,480 --> 00:15:18,480 without resulting to physical warfare, 231 00:15:18,560 --> 00:15:24,400 but you're still causing significant damage and harm to the target. 232 00:15:24,480 --> 00:15:27,120 Between 2000 and 2003, 233 00:15:27,200 --> 00:15:30,880 a series of widespread cyberespionage attacks 234 00:15:30,960 --> 00:15:32,880 code-named Titan Rain 235 00:15:32,960 --> 00:15:36,680 were launched against the American defense infrastructure, 236 00:15:37,280 --> 00:15:43,320 targeting high-level organizations like NASA, Sandia, and Lockheed Martin. 237 00:15:44,040 --> 00:15:46,280 The longest running attack 238 00:15:46,360 --> 00:15:49,200 against the United States has been Titan Rain, 239 00:15:49,960 --> 00:15:53,680 which targeted specifically at our intelligence services. 240 00:15:53,760 --> 00:15:57,240 The cyberattacks extradited vital information, 241 00:15:57,320 --> 00:16:02,360 and left behind virtually undetectable beacons on compromised systems, 242 00:16:02,440 --> 00:16:05,040 allowing them to reenter at will. 243 00:16:05,120 --> 00:16:08,840 They averaged approximately 10-30 minutes per attack 244 00:16:09,440 --> 00:16:15,040 and transmitted to drop zones located in South Korea, Hong Kong, and Taiwan 245 00:16:15,120 --> 00:16:18,320 prior to forwarding the data on to mainland China. 246 00:16:19,640 --> 00:16:25,640 And it happens thousands and thousands of times a day, an hour, 247 00:16:25,720 --> 00:16:28,040 repeated attacks against our systems. 248 00:16:28,920 --> 00:16:30,440 And it's never let up. 249 00:16:31,760 --> 00:16:34,680 Investigators discovered the cyber breaches 250 00:16:34,760 --> 00:16:38,840 were part of state sponsored cyber espionage attacks 251 00:16:38,920 --> 00:16:41,560 conducted by the People's Republic of China. 252 00:16:42,600 --> 00:16:48,080 Some of the information exfiltrated included aerospace documentation, 253 00:16:48,160 --> 00:16:50,160 schematics from the Mars Orbiter, 254 00:16:50,240 --> 00:16:54,760 and flight planning software used by the United States Air Force. 255 00:16:58,840 --> 00:17:03,640 Another dramatic act of espionage was discovered in 2010 256 00:17:03,720 --> 00:17:06,480 and involved a multi-nation cyberattack 257 00:17:06,560 --> 00:17:08,880 against Iran's nuclear program. 258 00:17:08,960 --> 00:17:10,960 It was called Stuxnet. 259 00:17:19,480 --> 00:17:20,880 Stuxnet 260 00:17:21,800 --> 00:17:25,360 exists because it was written 261 00:17:25,880 --> 00:17:31,960 to attack the Siemens 7 operating system 262 00:17:32,040 --> 00:17:37,520 that ran in a Windows environment in the plants in Iran 263 00:17:37,600 --> 00:17:41,800 where they spun the centrifuges to enrich the uranium. 264 00:17:52,320 --> 00:17:55,880 The Stuxnet attack, which allegedly was done by combinations 265 00:17:55,960 --> 00:17:58,640 of Israel, the United States, western Europe, 266 00:17:58,720 --> 00:18:04,000 as time goes by, the population gets larger and larger of who was involved, 267 00:18:04,080 --> 00:18:07,280 attacked Iranian development nuclear production capabilities, 268 00:18:07,360 --> 00:18:09,840 and brought down various systems 269 00:18:09,920 --> 00:18:13,040 basically by being able to infect them with a virus. 270 00:18:13,120 --> 00:18:17,000 Since the Iranian computer systems didn't connect to the internet, 271 00:18:17,080 --> 00:18:21,960 the Stuxnet virus had to be introduced into the operating system 272 00:18:22,040 --> 00:18:24,680 through other more clandestine means. 273 00:18:24,760 --> 00:18:27,480 I've heard remote maintenance access. 274 00:18:27,560 --> 00:18:31,120 I've heard the laptop, they walked in, connected the laptop. 275 00:18:31,200 --> 00:18:36,320 You know, every possible means will be postulated as an attack. 276 00:18:37,800 --> 00:18:39,440 A popular theory 277 00:18:39,520 --> 00:18:43,080 is that the Stuxnet virus was introduced to the system 278 00:18:43,160 --> 00:18:48,320 through infected thumb drives placed around the nuclear facility in Iran. 279 00:18:56,280 --> 00:18:59,440 If you had a very high-grade thumb drive, 280 00:18:59,520 --> 00:19:01,880 and you drop them selectively in parking lots 281 00:19:01,960 --> 00:19:05,440 or you dropped them from the air, or you somehow introduced them, 282 00:19:05,520 --> 00:19:08,680 someone's going to finally take and put that into the machine 283 00:19:08,760 --> 00:19:10,440 to see who it belongs to. 284 00:19:10,520 --> 00:19:14,400 And that's all it takes is one time to basically infect it. 285 00:19:14,480 --> 00:19:18,360 The exact method of how the thumb drives were introduced 286 00:19:18,440 --> 00:19:19,920 has never been revealed, 287 00:19:20,440 --> 00:19:21,840 but the plan worked 288 00:19:21,920 --> 00:19:26,640 and Stuxnet penetrated Iran's operating system and attacked. 289 00:19:26,720 --> 00:19:33,160 What the system did was, it went to the Siemens controller, 290 00:19:34,200 --> 00:19:38,240 and it sent a signal then to the operator 291 00:19:38,320 --> 00:19:42,360 who's manning the speed of the centrifuges that says, 292 00:19:42,880 --> 00:19:45,640 "This centrifuge is slowing down," 293 00:19:46,200 --> 00:19:50,080 which would mean the operator would want to turn up the speed 294 00:19:50,840 --> 00:19:52,280 to increase it working. 295 00:19:52,880 --> 00:19:54,880 But that was a fake signal. 296 00:19:54,960 --> 00:19:59,440 And the more he turned it up, the more it appeared to slow down. 297 00:19:59,520 --> 00:20:03,600 And so the operators kept turning up the speed of the centrifuges, 298 00:20:03,680 --> 00:20:05,280 and in effect, 299 00:20:05,360 --> 00:20:07,440 they tore themselves apart, 300 00:20:07,960 --> 00:20:12,080 and literally it destroyed a significant component 301 00:20:12,160 --> 00:20:15,120 of the Iranian system for enriching uranium. 302 00:20:16,080 --> 00:20:20,840 It was a very, very effective attack, 303 00:20:20,920 --> 00:20:24,840 and the world's probably a bit safer for a while longer because of it. 304 00:20:26,520 --> 00:20:28,880 It's not only big government installations 305 00:20:28,960 --> 00:20:31,800 and organizations that are getting hit. 306 00:20:31,880 --> 00:20:36,280 Cyberattacks happen wherever there are loopholes or open ports 307 00:20:36,360 --> 00:20:38,160 that can be exploited, 308 00:20:38,240 --> 00:20:40,440 like our own personal devices. 309 00:20:41,360 --> 00:20:44,800 Today, every person carries with them a machine 310 00:20:44,880 --> 00:20:47,440 that's more powerful than Enigma, 311 00:20:47,520 --> 00:20:48,520 a cell phone. 312 00:20:51,320 --> 00:20:55,200 So where you're at, you're usually carrying a cell phone with you. 313 00:20:55,280 --> 00:20:59,440 So all your positioning information, where you've been, where you're going, 314 00:20:59,520 --> 00:21:01,760 you know, 'cause you've got things in your calendar, 315 00:21:01,840 --> 00:21:04,440 you've sent messages to people, um… 316 00:21:04,960 --> 00:21:07,800 All that information, I'm not saying is being collected, 317 00:21:07,880 --> 00:21:10,080 but all that information can be collected. 318 00:21:10,160 --> 00:21:14,440 The modern smartphone as we know today, 319 00:21:14,520 --> 00:21:16,760 has evolved over the decade. 320 00:21:17,680 --> 00:21:22,200 The processing power embedded in these systems are immense. 321 00:21:22,280 --> 00:21:26,360 They have the ability to do cryptography on the fly 322 00:21:26,440 --> 00:21:28,080 as a part of the hardware. 323 00:21:28,160 --> 00:21:34,000 This adds significant benefits for individuals but, for adversaries, 324 00:21:34,080 --> 00:21:39,600 it allows them to capture a great deal of private information about you. 325 00:21:40,200 --> 00:21:44,800 Not only are adversaries able to exploit information stolen from you, 326 00:21:45,320 --> 00:21:49,240 they can also benefit from some of the same applications. 327 00:21:52,640 --> 00:21:56,400 In late November 2008, 328 00:21:57,440 --> 00:21:59,640 the Lashkar-e-Taiba, 329 00:22:00,680 --> 00:22:03,360 the Pakistani terrorist group, 330 00:22:03,440 --> 00:22:08,840 launched a sophisticated coordinated attack 331 00:22:09,520 --> 00:22:11,560 against the city of Mumbai. 332 00:22:13,200 --> 00:22:14,760 It was so effective 333 00:22:15,360 --> 00:22:21,120 that it's the first attack that used cell phones 334 00:22:21,920 --> 00:22:24,680 as weapons of mass disruption. 335 00:22:25,200 --> 00:22:29,000 Ten individuals armed only with cell phones, small arms, 336 00:22:29,080 --> 00:22:31,960 and hand grenades were able to paralyze Mumbai, 337 00:22:32,040 --> 00:22:36,400 one of the largest cities in India, and capture the attention of the world. 338 00:22:37,120 --> 00:22:43,080 And it showed how useful cell phones can be 339 00:22:43,680 --> 00:22:47,680 to disrupt communications, to plan an attack. 340 00:22:49,160 --> 00:22:54,000 The Lashkar-e-Taiba layered 16 levels 341 00:22:54,080 --> 00:22:57,240 of commercial off-the-shelf technology, 342 00:22:58,200 --> 00:23:03,120 and enabled the terrorist to communicate secretly, 343 00:23:03,680 --> 00:23:10,240 and to be controlled in real time by their handlers back in Pakistan. 344 00:23:11,080 --> 00:23:15,840 In the same way that our U.S. military has the advanced technology 345 00:23:15,920 --> 00:23:20,720 that we can have cameras on a helmet, or can have an earphone, 346 00:23:20,800 --> 00:23:24,880 and you can talk to your command structure back thousands of miles away 347 00:23:25,600 --> 00:23:28,640 using only commercial technology, 348 00:23:29,440 --> 00:23:31,800 the terrorists were able to do the same thing 349 00:23:31,880 --> 00:23:34,640 from their control points in Pakistan. 350 00:23:35,320 --> 00:23:41,960 By swapping SIM cards, by swapping phones, by taking phones from victims, 351 00:23:42,040 --> 00:23:46,760 they were able to completely confuse, confound, 352 00:23:46,840 --> 00:23:49,080 and befuddle the Mumbai authorities. 353 00:23:49,160 --> 00:23:53,720 They had no idea how many people were attacking them. 354 00:23:53,800 --> 00:23:57,600 Estimates were, it was between one and 200 people. 355 00:23:57,680 --> 00:24:01,720 In reality, it was ten lone individuals. 356 00:24:02,760 --> 00:24:05,440 Seven years after the Mumbai attacks, 357 00:24:05,960 --> 00:24:09,640 terrorist attacks on the cafés, soccer stadium, 358 00:24:09,720 --> 00:24:13,760 and Bataclan theater in Paris showed striking similarities. 359 00:24:16,320 --> 00:24:19,680 It was all coordinated by a cell 360 00:24:20,760 --> 00:24:23,080 that was in Paris and in Brussels. 361 00:24:23,760 --> 00:24:26,240 And they had known each other for years. 362 00:24:27,000 --> 00:24:31,840 There was no advanced chatter detected on the internet, 363 00:24:32,760 --> 00:24:39,640 and they kept their communications point-to-point encryptioned, 364 00:24:39,720 --> 00:24:40,920 using systems 365 00:24:42,120 --> 00:24:44,840 that were encrypted the entire way, 366 00:24:44,920 --> 00:24:49,360 so there was no way to get any advanced warning of it. 367 00:24:49,440 --> 00:24:53,640 And it has to be the harbinger of future terrorist attacks. 368 00:24:54,240 --> 00:24:56,000 And it's frightening 369 00:24:56,880 --> 00:25:01,880 when we don't have the pre-attack chatter to help us be prepared. 370 00:25:07,360 --> 00:25:11,760 As our society becomes more and more dependent on technology, 371 00:25:11,840 --> 00:25:15,360 we also become more vulnerable to potential attacks. 372 00:25:15,440 --> 00:25:18,200 As the cities evolve, they become smarter. 373 00:25:18,280 --> 00:25:23,960 Today, your phone has the ability to emit you are a pedestrian 374 00:25:24,480 --> 00:25:26,400 in a smart city environment. 375 00:25:26,480 --> 00:25:29,640 So when cars come too close to the pedestrians, 376 00:25:29,720 --> 00:25:33,680 the smart cars have the ability to break and avoid the accident. 377 00:25:33,760 --> 00:25:35,520 But at the same time, 378 00:25:35,600 --> 00:25:38,360 that information can reveal your identity. 379 00:25:38,960 --> 00:25:42,240 Adversaries can utilize that information 380 00:25:42,320 --> 00:25:48,320 and turn car into assassination device to attack a person. 381 00:25:48,400 --> 00:25:51,240 Instead of stopping, they can accelerate the car. 382 00:25:54,400 --> 00:25:59,160 With billions of people online and every government sending out signals, 383 00:25:59,240 --> 00:26:03,440 the sheer scale of the codebreakers' job is mind boggling. 384 00:26:10,560 --> 00:26:14,640 As a result, ciphers have become increasingly complex. 385 00:26:15,200 --> 00:26:20,200 Chess… They always describe the espionage as a chess match, right? 386 00:26:20,280 --> 00:26:22,680 You move, we countermove, you move, we countermove. 387 00:26:22,760 --> 00:26:24,600 Same thing with electronics. 388 00:26:26,240 --> 00:26:30,520 A hostile organization having access to detailed information 389 00:26:30,600 --> 00:26:33,760 about a person or government is frightening. 390 00:26:33,840 --> 00:26:37,920 But even more daunting are cyber assaults that have the potential 391 00:26:38,000 --> 00:26:40,800 to shut down a country's infrastructure. 392 00:26:40,880 --> 00:26:44,960 The closest we've ever seen to a country being shut down 393 00:26:45,760 --> 00:26:47,880 was the Russian attack on Estonia. 394 00:26:48,680 --> 00:26:54,080 You have also the hacking community in Russia who are told, 395 00:26:54,880 --> 00:26:56,600 "You can steal as much as you want, 396 00:26:56,680 --> 00:26:59,360 but when the knock comes on the door in the middle of the night, 397 00:26:59,440 --> 00:27:01,640 we ask you to do something, you're gonna do it for us." 398 00:27:03,320 --> 00:27:04,680 By all accounts, 399 00:27:04,760 --> 00:27:08,320 the knock on the door came for The Republic of Estonia, 400 00:27:08,400 --> 00:27:13,840 a tech-savvy nation of 1.3 million, in April of 2007. 401 00:27:18,200 --> 00:27:22,520 The Russians virtually attacked the infrastructure of Estonia. 402 00:27:22,600 --> 00:27:25,920 They shut down the newspapers, the broadcasts. 403 00:27:26,000 --> 00:27:29,120 They shut down Parliament. They shut down the ministries. 404 00:27:29,880 --> 00:27:33,280 ATMs stopped working. The internet didn't work. 405 00:27:33,360 --> 00:27:35,840 Their society was dependent on it. 406 00:27:37,760 --> 00:27:43,560 They basically shut down the e-conomy, electronic-based economy, 407 00:27:43,640 --> 00:27:45,000 for a period of time. 408 00:27:45,080 --> 00:27:50,320 They did not utilize their military or intelligence assets. 409 00:27:50,400 --> 00:27:52,480 They used the criminal underground 410 00:27:53,520 --> 00:27:59,040 as a… in this covert action that was obviously sanctioned by the government. 411 00:28:00,200 --> 00:28:01,920 Cyberattacks on Estonia 412 00:28:02,000 --> 00:28:05,480 targeted websites of Estonian organizations, 413 00:28:05,560 --> 00:28:10,960 including the Parliament, banks, ministries, newspapers, and broadcasters. 414 00:28:11,800 --> 00:28:17,560 They used ping floods and botnets usually used for spam distribution. 415 00:28:18,480 --> 00:28:23,160 Estonia had just rebuilt, coming out of communism, 416 00:28:23,240 --> 00:28:24,920 so everything was relatively new. 417 00:28:25,000 --> 00:28:29,120 They had new infrastructure, but they were dependent on the internet. 418 00:28:29,200 --> 00:28:30,760 Everything was on the internet. 419 00:28:30,840 --> 00:28:37,120 Suddenly that goes down, and they're quickly thrown back decades almost into a, 420 00:28:37,200 --> 00:28:39,000 not the stone age, nothing worked. 421 00:28:39,080 --> 00:28:41,400 You couldn't draw money out. You couldn't get gasoline. 422 00:28:41,480 --> 00:28:42,680 You couldn't get food. 423 00:28:42,760 --> 00:28:44,720 Cities were very vulnerable. They taught that. 424 00:28:44,800 --> 00:28:48,560 The Russians have a very effective cyber warfare capability. 425 00:28:48,640 --> 00:28:52,520 Estonia was one victim of cyber warfare by the Russians. 426 00:28:52,600 --> 00:28:54,960 Then in 2016 Crimea, 427 00:28:55,040 --> 00:28:59,840 a disputed territory under the control of the Russian federation became another. 428 00:28:59,920 --> 00:29:06,320 Then you see the culmination of all of this with the Crimea invasion 429 00:29:06,400 --> 00:29:11,600 in which we see the so-called hybrid warfare, 430 00:29:12,320 --> 00:29:15,280 little green men, electronic attacks. 431 00:29:15,360 --> 00:29:19,680 Some of the first targets of the Spetsnaz, 432 00:29:19,760 --> 00:29:23,480 special forces of the Russians working undercover in Crimea 433 00:29:23,560 --> 00:29:28,760 with a… telephone switching stations because they took over those 434 00:29:28,840 --> 00:29:34,280 and they started sending malware into the broader cell phone networks 435 00:29:34,360 --> 00:29:37,640 of Ukraine, 436 00:29:37,720 --> 00:29:40,640 shutting down the ability of legislatures 437 00:29:40,720 --> 00:29:43,920 to use their cell phones, or government officials. 438 00:29:44,440 --> 00:29:47,320 Many believe Russia's attack on Crimea 439 00:29:47,400 --> 00:29:49,800 is only the beginning of what's to come. 440 00:29:50,440 --> 00:29:53,840 Today, the war that's going on in the Ukraine, 441 00:29:53,920 --> 00:29:57,160 this is the testing ground for electronic warfare, 442 00:29:57,240 --> 00:30:00,400 for information warfare, for hacking. 443 00:30:00,480 --> 00:30:03,800 They've used malware to shut down the electrical systems. 444 00:30:03,880 --> 00:30:05,600 This is a laboratory 445 00:30:06,280 --> 00:30:12,400 that they are using to perfect their science of new, 446 00:30:12,480 --> 00:30:15,760 integrated, or hybrid warfare. 447 00:30:17,840 --> 00:30:20,920 Cyber warfare is a form of asymmetrical warfare, 448 00:30:21,680 --> 00:30:26,000 in that it enables a smaller actor with smart people 449 00:30:26,720 --> 00:30:29,960 to use a bunch of computers and an internet service, 450 00:30:30,040 --> 00:30:34,760 and essentially attack a much larger opponent very effectively. 451 00:30:34,840 --> 00:30:39,040 So at times, depending on the size of your country, 452 00:30:39,160 --> 00:30:42,120 it can be a very good response. 453 00:30:42,200 --> 00:30:46,000 North Korea, Pakistan, China, 454 00:30:46,880 --> 00:30:52,240 they have effective, very effective cyber warfare capabilities. 455 00:30:52,840 --> 00:30:56,440 So, many countries see it as very useful. 456 00:30:57,040 --> 00:31:01,360 Of course, the allies, the U.S., Great Britain, Canada, Australia, 457 00:31:01,440 --> 00:31:05,600 we have very effective cyber warfare capabilities ourselves. 458 00:31:06,600 --> 00:31:10,600 Unlike physical attacks, cyber-related attacks, 459 00:31:10,680 --> 00:31:13,520 because of the interconnected world, 460 00:31:14,440 --> 00:31:19,280 can have immediate impact on the performance of a city. 461 00:31:19,880 --> 00:31:23,120 So with attacks in critical infrastructure, 462 00:31:23,840 --> 00:31:29,960 cities can be disabled in a matter of minutes. 463 00:31:30,560 --> 00:31:32,200 They don't need to send bombs. 464 00:31:36,560 --> 00:31:39,840 A city's critical infrastructure might include 465 00:31:39,920 --> 00:31:45,840 its power grid, water supply, communications, transportation systems, 466 00:31:45,920 --> 00:31:51,560 food supplies, financial services, and nuclear power plants. 467 00:31:51,640 --> 00:31:56,920 A cyberattack on one or more of these systems could render a city helpless, 468 00:31:57,000 --> 00:32:00,680 while a sustained attack could have devastating consequences. 469 00:32:01,280 --> 00:32:04,360 If you stop ATM machines working, 470 00:32:05,000 --> 00:32:07,480 you stop gas going into a city 471 00:32:07,560 --> 00:32:10,720 and deliveries of food in every major city, 472 00:32:10,800 --> 00:32:16,120 within seven days it's expected you'll have full all-on riots. 473 00:32:16,200 --> 00:32:23,080 So the ability to launch a coordinated attack against our infrastructure 474 00:32:23,920 --> 00:32:26,720 could potentially be far worse than Pearl Harbor. 475 00:32:27,920 --> 00:32:30,920 One of the questions that I'm frequently asked is how bad can it get, 476 00:32:31,000 --> 00:32:34,680 and I've mentioned, I've used the words catastrophic and existential 477 00:32:34,760 --> 00:32:38,160 relative to the loss of everything 478 00:32:38,240 --> 00:32:41,800 electrical, computer, power, et cetera. 479 00:32:52,240 --> 00:32:56,280 There's no comms, there's no... Cars are not working, 480 00:32:56,360 --> 00:32:58,280 there's no power to the houses, 481 00:32:58,360 --> 00:33:02,960 that means refrigeration doesn't work, your cooking utensils don't work, 482 00:33:03,040 --> 00:33:04,760 nothing works, and no one knows why. 483 00:33:05,360 --> 00:33:07,960 Most everyone can survive a day or a few days 484 00:33:08,040 --> 00:33:10,800 based upon the supplies they have at home. 485 00:33:10,880 --> 00:33:14,000 When you start getting to a week it starts getting harder, 486 00:33:14,080 --> 00:33:16,800 especially, you know, there's no running water, right? 487 00:33:17,640 --> 00:33:19,920 Very low likelihood that this would happen, 488 00:33:20,000 --> 00:33:23,920 but low likelihood catastrophic impact that's worth thinking about, 489 00:33:24,000 --> 00:33:26,120 so I would recommend that everyone do that. 490 00:33:28,360 --> 00:33:30,960 Anytime now something happens in the world, 491 00:33:31,040 --> 00:33:34,760 you know, an airplane loses power in mid-air, 492 00:33:34,840 --> 00:33:38,600 or something happens to a communications network, 493 00:33:38,680 --> 00:33:42,080 God forbid a local ISP goes down for five seconds, 494 00:33:42,160 --> 00:33:44,760 somebody will be writing, "Oh, this is a potential... 495 00:33:44,840 --> 00:33:47,600 Possibly a hack from Iran." 496 00:33:47,680 --> 00:33:49,440 Well, I don't think so. 497 00:33:49,520 --> 00:33:53,200 You know, these networks are, believe me, are... 498 00:33:53,280 --> 00:33:55,240 They have some degree of reliability, 499 00:33:55,320 --> 00:34:01,720 but they're sensitive to perturbations of their infrastructure, so… 500 00:34:01,800 --> 00:34:04,920 And lots of moving pieces and things do go wrong. 501 00:34:06,160 --> 00:34:09,160 First of all, the future is here. The future is here. 502 00:34:09,240 --> 00:34:12,720 This is going on, and this is a challenge the U.S. has. 503 00:34:12,800 --> 00:34:16,040 We got out of the business years ago 504 00:34:17,960 --> 00:34:19,320 in electronic warfare, 505 00:34:19,400 --> 00:34:22,080 because we did not believe at the end of the Cold War, 506 00:34:22,160 --> 00:34:24,520 that we would face Russia as a… 507 00:34:25,200 --> 00:34:28,560 In a conventional military setting in Europe. 508 00:34:29,440 --> 00:34:32,520 Now, that has all changed. We have to be concerned about that. 509 00:34:35,000 --> 00:34:36,720 You basically have to deter it. 510 00:34:36,800 --> 00:34:39,320 You can't defend against it, so if you're a target, 511 00:34:39,400 --> 00:34:44,000 if you would be a target of interest of Russia today, or China today, they win. 512 00:34:44,080 --> 00:34:45,080 You lose. 513 00:34:46,600 --> 00:34:48,280 It's best not to be their target. 514 00:34:48,920 --> 00:34:55,440 Codes and ciphers are essential for businesses to survive and exist, 515 00:34:55,520 --> 00:34:59,520 for money to be transferred, for our economy to work. 516 00:34:59,600 --> 00:35:01,320 What we're struggling with is, 517 00:35:01,920 --> 00:35:06,600 how do we see that it's available for good use, 518 00:35:07,200 --> 00:35:10,360 but don't have it available so that the bad guys 519 00:35:10,440 --> 00:35:12,760 can exploit it and do bad things? 520 00:35:13,320 --> 00:35:15,920 And we haven't solved that question yet. 42369