"How The United States Used Cyberwarfare To Destroy Nukes."
Zero Days
Documentary Trailer, May 23, 2016
"The malware worm Stuxnet, famously used against Iranian centrifuges, has been claimed by many to have originated as a joint effort between America and Israel." From filmmaker Alex Gibney.- YouTube
"In 2006, then-President George W. Bush was increasingly worried about Iranian efforts at enriching uranium, and ultimately, its hopes to build an atomic bomb.
But he was mired in the Iraq war, and had few options beyond air strikes or another full-scale war in the Middle East, which Israel was pushing for. So, his military leaders gave him a third option: a weapon that could potentially set back Iran's nuclear ambitions, while leaving no trace of the attacker.
It was the world's first cyber weapon, code-named 'Olympic Games' and later called 'Stuxnet' by computer security researchers.
A fascinating new documentary film by Alex Gibney called 'Zero Days' that premieres on Friday, [July 8, 2016], tells the story of Stuxnet, along with the frightening takeaway that, while this was the first cyber weapon, it will certainly not be the last.
'We've Never Seen This Before.'
Bits and pieces of the Stuxnet story are well-known by now. First authorized by President Bush and then re-authorized by President Obama, the top secret computer worm was designed by the U.S. and Israel to infect an Iranian nuclear enrichment facility at Natanz.
And it did. Too well.
The code made its way into the facility and infected the specific industrial control systems the Iranians were using. Once it turned itself on about 13 days after infection, it sped up or slowed down the centrifuges until they destroyed themselves — all while the operators' computer screens showed everything was working as normal.
But at some point, the powerful computer code escaped and made its way out. It had an unheard number of zero-day exploits (four, to be precise), which are software vulnerabilities unknown to the target that has 'zero days' to protect themselves. Making matters worse, its self-replicating behavior ended up infecting computers around the world.
Though Iran initially had no idea it was attacked by a cyber weapon, believing its scientists and engineers were incompetent due to the failures, eventually the code escaped and worldwide infections led computer researchers to study it, and the idea of leaving 'no trace' of the attacker was gone.
'We've never seen this before,' Liam O'Murchu, a director at Symantec, says in the film. 'We've actually never seen this since, either.'
'Real world physical destruction,' says his colleague at Symantec, engineer Eric Chien.
Just the fact that director Alex Gibney could get people to give on-camera interviews providing minimal insight into Stuxnet is an achievement in itself.
But even these interviews always end up at a wall, colorfully demonstrated by former CIA and NSA Director Michael Hayden, who tells him: 'I don't know, and if I did, we wouldn't talk about it anyway.'
That's because even today, despite Stuxnet's well-known legacy in the computer security community and in-depth reporting on the subject, it remains highly-classified.
Though Gibney is stonewalled by just about every Israeli and U.S. official he encounters, he is able to score a major source from the NSA*. And that's where the story of 'Zero Days' really takes off.
Gibney's NSA source talks about the NSA's Tailored Access Operations (TAO) unit, explaining how the secretive elite hacker unit and its counterpart in Israel coded a massive piece of malware designed for this one specific task. She goes on to explain how it was tested, saying, 'in the tests we ran, we blew [the centrifuges] apart.'
Those tests proved accurate, with some estimates saying Stuxnet malware destroyed roughly one-fifth of Iran's centrifuges in 2009.
It's not just interviews with cyber security experts and government officials, however. Gibney weaves together documentary footage of the Iranian president touring Natanz — which U.S. intelligence used to figure out the exact computers and equipment there — along with compelling graphics of the actual Stuxnet code as Symantec researchers explain its use.
'There wasn’t any code in there that served no purpose,' Chien told Tech Insider in a phone interview. 'Every piece of code in there served to get inside Iran’s nuclear facility.'
"There is new gold to be found on the internet, and possibly in your own computer. Secret backdoors, that do not have a digital lock yet, are being traded at astronomical amounts.
In the cyber world trade, where there are no rules, you are in luck with 'white-hat' hackers, who guard your online security. But their opponents, the 'black-hat' hackers, have an interest in an unsecure internet, and sell security leaks to the highest bidder. They are the preferred suppliers of security services and cyber defense. Who are these black and white wizards, who fight for the holy grail of hackers: zero days?" - Video Source, July 2014
The most incredible revelation from the film comes from Gibney's NSA source, who talks about a much larger operation than Stuxnet. It's a news-breaking claim that The New York Times has since corroborated: The U.S. had an in-depth cyber attack plan that was much larger than Natanz.
'We were inside, waiting, watching,' the source says. 'Ready to disrupt, degrade, and destroy those systems with cyber attacks. In comparison, Stuxnet was a back alley operation. NZ was the plan for a full scale cyber war with no attribution.'
NZ is the acronym for a separate operation called Nitro Zeus, which gave the U.S. access into Iran's air defense systems so it could not shoot down planes, its command-and-control systems so communications would go dead, and infrastructure like the power grid, transportation, and financial systems.
'The science fiction cyber war scenario is here. That’s Nitro Zeus,' the source says.
The Aftermath
What happened after the world's first cyber weapon launched?
A large portion of Iran's centrifuges were taken offline, but it was only a temporary measure. It quickly recovered and secured its systems. The country also launched it's own 'cyber army' — no doubt inspired by its hacker counterparts in the U.S. and Israel.
But for the U.S. and Israel, the cyber weapon's launch is likened to August 1945, when the first atomic bomb was dropped. Though the physical destruction of Stuxnet pales in comparison to bombs dropped on Hiroshima and Nagasaki, its first use by the West has given others license to look into it for themselves.
'So whoever initiated this — and was very proud of themselves to see that little dip in Iran’s centrifuge numbers — should look back now and acknowledge it was a major mistake,' Emad Kiyaei, executive director American Iranian Council, says in the film.
Perhaps that may be the most frightening revelation of all to come from 'Zero Days.'
Now there is a new weapon that can do a better job at destruction than bombs. But the difference between highly-controlled nuclear materials and computer code, is that anyone — and any state — can develop it.
'It seems pretty reasonable to think that there are things out there today that we haven’t seen that are much more advanced,' O'Murchu told TI in a phone interview.
We'll just have to wait and see who uses it next.
*The NSA source is later revealed to be an actor reciting lines based on testimony from from CIA and NSA officials who spoke with Gibney and his team.
Zero Days (2016) story is about 'A documentary focused on Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target.- YouTube
Video Source: Zero Days (Stuxnet) 2016 (NOTE: On Screen Translation: Türkçe Altyazılı izle) - CMD Video Productions
(If movie doesn't play, you can download by clicking here.)
NSA Out Of Control: It Has Happened AGAIN!- PCWorld
Thank you for considering to pass along these e-mails.
Did you miss one of our e-mails?Check out the link below.