Zero Days Page #8

they put inside of the code

the kill date,

a date at which it would stop

operating.

O'murchu:
Cutoff dates,

we don't normally see that

in other threats,

and you have to think,

"well, why is there

a cutoff date in there?"

And when you realize that,

well, stuxnet was probably

written by government

and that there are laws

regarding how you can use

this sort of software,

that there may have been a legal

team who said, "no, you...

You need to have

a cutoff date in there,

and you can only do this

and you can only go that far

and we need to check

if this is legal or not.

That date is a few days before

Obama's inauguration.

So the theory was that

this was an operation

that needed to be stopped

at a certain time

because there was

gonna be a handover

and that more approval

was needed.

Are you prepared to take

the oath, senator?

I am.

I,

Barack Hussein Obama...

- I, Barack...

- Do solemnly swear...

I, Barack Hussein Obama,

do solemnly swear...

Sanger:
Olympic games was

reauthorized by president Obama

in his first year in office,

2009.

It was fascinating because it

was the first year of

the Obama administration and

they would talk to you

endlessly about cyber defense.

Obama:
We count on

computer networks

to deliver our oil and gas,

our power, and our water.

We rely on them for

public transportation

and air traffic control.

But just as we failed

in the past

to invest in

our physical infrastructure,

our roads,

our Bridges, and rails,

we failed to invest

in the security

of our digital infrastructure.

Sanger:
He was running

east room events

trying to get people to focus

on the need to

defend cyber networks

and defend

American infrastructure.

But when you asked questions

about the use of

offensive cyber weapons,

everything went dead.

No cooperation.

White house wouldn't help,

Pentagon wouldn't help,

NSA wouldn't help.

Nobody would talk to you

about it.

But when you dug into

the budget

for cyber spending during

the Obama administration,

what you discovered was

much of it was being spent

on offensive cyber weapons.

You see phrases like

"title 10 cno."

Title 10 means operations

for the U.S. military,

and cno means

computer network operations.

This is considerable evidence

that stuxnet was just

the opening wedge

of what is a much broader

U.S. government effort now

to develop an entire new class

of weapons.

Chien:
Stuxnet wasn't just

an evolution.

It was really a revolution

in the threat landscape.

In the past, the vast majority

of threats that we saw

were always controlled by

an operator somewhere.

They would infect

your machines,

but they would have what's

called a callback

or a command-and-control

channel.

The threats would actually

contact the operator

and say, what do you want me

to do next?

And the operator would

send down commands

and say, maybe, search through

this directory,

find these folders,

find these files,

upload these files to me,

spread to this other machine,

things of that nature.

But stuxnet couldn't have

a command-and-control channel

because once it got

inside in natanz

it would not have been able to

reach back out to the attackers.

The natanz network

is completely air gapped

from the rest of the Internet.

It's not connected to

the Internet.

It's its own isolated network.

Generally, getting across

an air gap is...

Is one of the more difficult

challenges

that attackers will face

just because of the fact that

there... everything is in place

to prevent that.

You know, everything, you know,

the policies and procedures

and the physical network

that's in place is

specifically designed to prevent

you crossing the air gap.

But there's no

truly air-gapped network

in these real-world production

environments.

People gotta get new code

into natanz.

People have to get log files off

of this network in natanz.

People have to upgrade

equipment.

People have to upgrade

computers.

This highlights

one of the major

security issues

that we have in the field.

If you think,

"well, nobody can attack

this power plant

or this chemical plant

because it's not connected

to the Internet,"

that's a bizarre illusion.

NSA source:
The first time we

introduced the code into natanz

we used human assets,

maybe CIA,

more likely Mossad,

but our team was kept in

the dark about the trade craft.

We heard rumors in Moscow,

an iranian laptop infected

by a phony Siemens technician

with a flash drive...

A double agent in Iran

with access to natanz,

but I don't really know.

What we had to focus on

was to write the code

so that, once inside,

the worm acted on its own.

They built in all the code

and all the logic

into the threat to be able

to operate all by itself.

It had the ability

to spread by itself.

It had the ability to figure

out, do I have the right plcs?

Have I arrived in natanz?

Am I at the target?

Langner:

And when it's on target,

it executes autonomously.

That also means you...

You cannot call off the attack.

It was definitely

the type of attack

where someone had decided

that this is

what they wanted to do.

There was no turning back

once stuxnet was released.

When it began to actually

execute its payload,

you would have a whole bunch

of centrifuges

in a huge array of cascades

sitting in a big hall.

And then just off that hall

you would have

an operators room,

the control panels in

front of them, a big window

where they could

see into the hall.

Computers monitor

the activities

of all these centrifuges.

So a centrifuge, it's driven

by an electrical motor.

And the speed of

this electrical motor

is controlled by another plc,

by another

programmable logic controller.

Chien:
Stuxnet would wait

for 13 days

before doing anything,

because 13 days is

about the time it takes

to actually fill an entire

cascade of centrifuges

with uranium.

They didn't want to attack when

the centrifuges essentially

were empty or at the beginning

of the enrichment process.

What stuxnet did

was it actually would sit there

during the 13 days

and basically record

all of the normal activities

that were happening

and save it.

And once they saw

them spinning for 13 days,

then the attack occurred.

Centrifuges spin

at incredible speeds,

about 1,000 hertz.

Langner:
They have

a safe operating speed,

63,000 revolutions per minute.

Chien:
Stuxnet caused the

uranium enrichment centrifuges

to spin up to 1,400 hertz.

Langner:
Up to 80,000

revolutions per minute.

What would happen

was those centrifuges

would go through what's called

a resonance frequency.

It would go through a frequency

at which the metal would

basically vibrate

uncontrollably

and essentially shatter.

There'd be uranium gas

everywhere.

And then the second attack

they attempted

was they actually tried

to lower it to two hertz.

They were slowed down

to almost standstill.

Chien:
And at two hertz, sort of

Rate this script:0.0 / 0 votes