Zero Days

1

Through the darkness

of the pathways that we marched,

evil and good lived

side by side.

And this is the nature of...

Of life.

We are in an unbalanced

and inequivalent confrontation

between democracies

who are obliged

to play by the rules

and entities who think

democracy is a joke.

You can't convince fanatics

by saying,

"hey, hatred paralyzes you,

love releases you."

There are different rules that

we have to play by.

Female newsreader: Today, two of

Iran's top nuclear scientists

were targeted by hit squads.

Female newsreader 2:

...In the capital Tehran.

Male newsreader:
...The latest

in a string of attacks.

Female newsreader 3: Today's

attack has all the hallmarks

of major strategic sabotage.

Female newsreader 4:

Iran immediately accused

the U.S. and Israel

of trying to damage

its nuclear program.

Mahmoud ahmadinejad:

I want to categorically deny

any United States involvement

in any kind of act of violence

inside Iran.

Covert actions can help,

can assist.

They are needed, they are not

all the time essential,

and they, in no way,

can replace political wisdom.

Alex gibney:

Were the assassinations in Iran

related to

the stuxnet computer attacks?

Uh, next question, please.

Male newsreader:

Iran's infrastructure

is being targeted

by a new and dangerously

powerful cyber worm.

The so-called stuxnet worm

is specifically designed,

it seems,

to infiltrate and sabotage

real-world power plants

and factories and refineries.

Male newsreader 2: It's not

trying to steal information

or grab your credit card,

they're trying to get into

some sort of industrial plant

and wreak havoc trying

to blow up an engine or...

Male newsreader 3:

Male newsreader 4:

No one knows

who's behind the worm

and the exact nature

of its mission,

but there are fears Iran

will hold Israel

or America responsible

and seek retaliation.

Male newsreader 5:

It's not impossible that

some group of hackers did it,

but the security experts

that are studying this

really think this required

the resource of a nation-state.

Man:
Okay, and spinning.

Gibney:
Okay, good.

Here we go.

What impact, ultimately,

did the stuxnet attack have?

Can you say?

I don't want to

get into the details.

Gibney:
Since the event

has already happened,

why can't we talk more openly

and publicly about stuxnet?

Yeah, I mean, my answer

is because it's classified.

I... I won't knowledge...

You know, knowingly

offer up anything

i consider classified.

Gibney:
I know that you

can't talk much about stuxnet,

because stuxnet

is officially classified.

You're right on

both those counts.

Gibney:

But there has been

a lot reported

about it in the press.

I don't want

to comment on this.

I read it in the newspaper,

the media, like you,

but I'm unable

to elaborate upon it.

People might find it frustrating

not to be able to talk about it

when it's in the public domain,

but...

Gibney:

I find it frustrating.

Yeah, I'm sure you do.

I don't answer that question.

Unfortunately,

i can't comment.

I do not know

how to answer that.

Two answers before you even

get started, I don't know,

and if I did, we wouldn't talk

about it anyway.

Gibney:
How can you have

a debate if everything's secret?

I think right now

that's just where we are.

No one wants to...

Countries aren't happy

about confessing

or owning up to what they did

because they're not quite sure

where they want

the system to go.

And so whoever

was behind stuxnet

hasn't admitted

they were behind it.

Gibney:

Asking officials about stuxnet

was frustrating and surreal,

like asking the emperor

about his new clothes.

Even after the cyber weapon

had penetrated computers

all over the world,

no one was willing

to admit it was loose

or talk about

the dangers it posed.

What was it about

the stuxnet operation

that was hiding in plain sight?

Maybe there was a way

the computer code

could speak for itself.

Stuxnet first surfaced

in Belarus.

I started with a call

to the man who discovered it

when his clients in Iran

began to panic

over an epidemic

of computer shutdowns.

Had you ever seen anything

quite so sophisticated before?

Eric chien:

On a daily basis, basically

we are sifting through

a massive haystack looking for

that proverbial needle.

We get millions of pieces

of new malicious threats

and there are millions of

attacks going on

every single day.

And only way are trying to

protect people

and their computers and...

And their systems

and countries' infrastructure

from being taken down

by those attacks.

But more importantly, we have

to find the attacks that matter.

When you're talking about

that many,

impact is extremely important.

Eugene kaspersky: Twenty years

ago, the antivirus companies,

they were hunting

for computer viruses

because there were not so many.

So we had, like,

tens of dozens a month,

and there was just

little numbers.

Now, we collect millions

of unique attacks every month.

Vitaly kamluk:
This room we call

a woodpecker's room

or a virus lab,

and this is where

virus analysts sit.

We call them woodpeckers

because they are

pecking the worms,

network worms, and viruses.

And we see, like, three

different groups of hackers

behind cyber-attacks.

They are traditional

cyber criminals.

Those guys are interested

only in illegal profit.

And quick and dirty money.

Activists, or hacktivists,

they are hacking for fun

or hacking to push

some political message.

And the third group

is nation-states.

They're interested in

high-quality intelligence

or sabotage activity.

Chien:
Security companies

not only share information

but we also share

binary samples.

So when

this threat was found

by a Belarusian

security company

on one of their customer's

machines in Iran,

the sample was shared amongst

the security community.

When we try to name threats,

we just try to pick

some sort of string,

some sort of words,

that are inside

of the binary.

In this case, there was

a couple of words in there

and we took pieces of each,

and that formed stuxnet.

I got the news about stuxnet

from one of my engineers.

He came to my office,

opened the door,

and he said, "so, Eugene,

of course you know that

we are waiting

for something really bad.

It happened."

Gibney:
Give me some

sense of what it was like

in the lab at that time.

Was there a palpable

sense of amazement

that you had something

really different there?

Well, I wouldn't call it

amazement.

It was a kind of a shock.

It went beyond our worst fears,

our worst nightmares,

and this continued

the more we analyzed.

The more we researched,

the more bizarre

the whole story got.

We look at so much malware

every day that

we can just look at the code

and straightaway we can say,

"okay, there's something bad

going on here,

and I need to

investigate that."

And that's the way it was

when we looked at stuxnet

for the first time.

We opened it up and there was

Rate this script:0.0 / 0 votes