1
00:00:45,412 --> 00:00:47,513
Through the darkness

2
00:00:47,515 --> 00:00:51,750
of the pathways that we marched,

3
00:00:52,819 --> 00:00:55,854
evil and good lived
side by side.

4
00:00:55,856 --> 00:00:58,924
And this is the nature of...
Of life.

5
00:01:15,041 --> 00:01:17,342
<i> We are in an unbalanced</i>

6
00:01:17,344 --> 00:01:21,547
<i> and inequivalent confrontation</i>
<i> between democracies</i>

7
00:01:21,549 --> 00:01:23,916
<i> who are obliged</i>
<i> to play by the rules</i>

8
00:01:24,551 --> 00:01:27,986
<i> and entities who think</i>
<i> democracy is a joke.</i>

9
00:01:30,090 --> 00:01:32,458
You can't convince fanatics

10
00:01:32,460 --> 00:01:37,062
by saying,
"hey, hatred paralyzes you,

11
00:01:37,064 --> 00:01:38,664
love releases you."

12
00:01:39,766 --> 00:01:44,036
There are different rules that
we have to play by.

13
00:01:59,619 --> 00:02:02,287
Female newsreader:<i> Today, two of</i>
<i> Iran's top nuclear scientists</i>

14
00:02:02,289 --> 00:02:04,256
<i> were targeted by hit squads.</i>

15
00:02:04,258 --> 00:02:06,291
Female newsreader 2:
<i> ...In the capital Tehran.</i>

16
00:02:06,293 --> 00:02:07,926
Male newsreader:<i> ...The latest</i>
<i> in a string of attacks.</i>

17
00:02:07,928 --> 00:02:10,162
Female newsreader 3:<i> Today's</i>
<i> attack has all the hallmarks</i>

18
00:02:10,164 --> 00:02:12,331
<i> of major strategic sabotage.</i>

19
00:02:12,333 --> 00:02:13,432
Female newsreader 4:
<i> Iran immediately accused</i>

20
00:02:13,434 --> 00:02:14,666
<i> the U.S. and Israel</i>

21
00:02:14,668 --> 00:02:16,535
<i> of trying to damage</i>
<i> its nuclear program.</i>

22
00:02:16,836 --> 00:02:19,471
Mahmoud ahmadinejad:

23
00:02:26,580 --> 00:02:32,317
I want to categorically deny
any United States involvement

24
00:02:32,319 --> 00:02:37,256
in any kind of act of violence
inside Iran.

25
00:02:37,258 --> 00:02:40,425
Covert actions can help,

26
00:02:40,427 --> 00:02:42,427
can assist.

27
00:02:43,696 --> 00:02:46,598
They are needed, they are not
all the time essential,

28
00:02:46,833 --> 00:02:51,270
and they, in no way,
can replace political wisdom.

29
00:02:51,638 --> 00:02:53,872
Alex gibney:
Were the assassinations in Iran

30
00:02:53,874 --> 00:02:56,275
related to
the stuxnet computer attacks?

31
00:02:57,443 --> 00:02:59,278
Uh, next question, please.

32
00:03:00,880 --> 00:03:02,447
Male newsreader:
<i> Iran's infrastructure</i>

33
00:03:02,449 --> 00:03:03,549
<i> is being targeted</i>

34
00:03:03,551 --> 00:03:06,718
<i> by a new and dangerously</i>
<i> powerful cyber worm.</i>

35
00:03:06,720 --> 00:03:09,354
The so-called stuxnet worm
is specifically designed,

36
00:03:09,356 --> 00:03:11,690
it seems,
to infiltrate and sabotage

37
00:03:11,692 --> 00:03:14,826
<i> real-world power plants</i>
<i> and factories and refineries.</i>

38
00:03:14,828 --> 00:03:16,228
Male newsreader 2:<i> It's not</i>
<i> trying to steal information</i>

39
00:03:16,230 --> 00:03:17,396
<i> or grab your credit card,</i>

40
00:03:17,398 --> 00:03:20,199
<i> they're trying to get into</i>
<i> some sort of industrial plant</i>

41
00:03:20,201 --> 00:03:22,801
<i> and wreak havoc trying</i>
<i> to blow up an engine or...</i>

42
00:03:22,803 --> 00:03:25,370
Male newsreader 3:

43
00:03:39,052 --> 00:03:40,152
Male newsreader 4:
<i> No one knows</i>

44
00:03:40,154 --> 00:03:41,320
<i> who's behind the worm</i>

45
00:03:41,322 --> 00:03:42,988
<i> and the exact nature</i>
<i> of its mission,</i>

46
00:03:42,990 --> 00:03:45,857
<i> but there are fears Iran</i>
<i> will hold Israel</i>

47
00:03:45,859 --> 00:03:49,228
<i> or America responsible</i>
<i> and seek retaliation.</i>

48
00:03:49,230 --> 00:03:50,329
Male newsreader 5:
<i> It's not impossible that</i>

49
00:03:50,331 --> 00:03:51,663
<i> some group of hackers did it,</i>

50
00:03:51,665 --> 00:03:53,732
<i> but the security experts</i>
<i> that are studying this</i>

51
00:03:53,734 --> 00:03:56,501
<i> really think this required</i>
<i>the resource of a nation-state.</i>

52
00:04:02,442 --> 00:04:04,376
Man: Okay, and spinning.

53
00:04:04,378 --> 00:04:05,844
Gibney: Okay, good.
Here we go.

54
00:04:07,080 --> 00:04:10,382
What impact, ultimately,
did the stuxnet attack have?

55
00:04:10,384 --> 00:04:11,650
Can you say?

56
00:04:12,452 --> 00:04:14,620
I don't want to
get into the details.

57
00:04:14,854 --> 00:04:17,356
Gibney: Since the event
has already happened,

58
00:04:17,358 --> 00:04:21,059
why can't we talk more openly
and publicly about stuxnet?

59
00:04:21,061 --> 00:04:23,962
Yeah, I mean, my answer
is because it's classified.

60
00:04:24,430 --> 00:04:27,532
I... I won't knowledge...
You know, knowingly

61
00:04:27,534 --> 00:04:29,635
offer up anything
i consider classified.

62
00:04:29,637 --> 00:04:31,870
Gibney: I know that you
can't talk much about stuxnet,

63
00:04:31,872 --> 00:04:35,274
because stuxnet
is officially classified.

64
00:04:35,276 --> 00:04:36,642
You're right on
both those counts.

65
00:04:37,110 --> 00:04:38,443
Gibney:
But there has been

66
00:04:38,445 --> 00:04:40,545
a lot reported
about it in the press.

67
00:04:40,547 --> 00:04:42,781
I don't want
to comment on this.

68
00:04:42,783 --> 00:04:47,052
I read it in the newspaper,
the media, like you,

69
00:04:47,054 --> 00:04:50,055
but I'm unable
to elaborate upon it.

70
00:04:50,290 --> 00:04:52,457
People might find it frustrating

71
00:04:52,459 --> 00:04:54,993
not to be able to talk about it
when it's in the public domain,

72
00:04:54,995 --> 00:04:56,395
but...

73
00:04:56,397 --> 00:04:57,896
Gibney:
I find it frustrating.

74
00:04:57,898 --> 00:04:59,398
Yeah, I'm sure you do.

75
00:04:59,400 --> 00:05:00,966
I don't answer that question.

76
00:05:00,968 --> 00:05:02,334
Unfortunately,
i can't comment.

77
00:05:02,336 --> 00:05:03,969
I do not know
how to answer that.

78
00:05:03,971 --> 00:05:06,138
Two answers before you even
get started, I don't know,

79
00:05:06,140 --> 00:05:08,940
and if I did, we wouldn't talk
about it anyway.

80
00:05:08,942 --> 00:05:10,776
Gibney: How can you have
a debate if everything's secret?

81
00:05:10,778 --> 00:05:12,811
I think right now
that's just where we are.

82
00:05:13,112 --> 00:05:14,579
No one wants to...

83
00:05:14,581 --> 00:05:16,982
Countries aren't happy
about confessing

84
00:05:16,984 --> 00:05:19,785
or owning up to what they did
because they're not quite sure

85
00:05:19,787 --> 00:05:21,653
where they want
the system to go.

86
00:05:22,288 --> 00:05:24,256
<i> And so whoever</i>
<i> was behind stuxnet</i>

87
00:05:24,258 --> 00:05:25,757
<i> hasn't admitted</i>
<i> they were behind it.</i>

88
00:05:29,595 --> 00:05:31,463
Gibney:
<i> Asking officials about stuxnet</i>

89
00:05:31,465 --> 00:05:32,998
<i> was frustrating and surreal,</i>

90
00:05:33,299 --> 00:05:35,834
<i> like asking the emperor</i>
<i> about his new clothes.</i>

91
00:05:36,536 --> 00:05:39,638
<i> Even after the cyber weapon</i>
<i> had penetrated computers</i>

92
00:05:39,640 --> 00:05:41,039
<i> all over the world,</i>

93
00:05:41,307 --> 00:05:43,608
<i> no one was willing</i>
<i> to admit it was loose</i>

94
00:05:43,610 --> 00:05:46,011
<i> or talk about</i>
<i> the dangers it posed.</i>

95
00:05:46,879 --> 00:05:49,147
<i> What was it about</i>
<i> the stuxnet operation</i>

96
00:05:49,149 --> 00:05:50,949
<i>that was hiding in plain sight?</i>

97
00:05:52,385 --> 00:05:54,152
<i> Maybe there was a way</i>
<i> the computer code</i>

98
00:05:54,154 --> 00:05:55,787
<i> could speak for itself.</i>

99
00:05:56,556 --> 00:05:58,924
<i> Stuxnet first surfaced</i>
<i> in Belarus.</i>

100
00:05:59,492 --> 00:06:01,860
<i> I started with a call</i>
<i> to the man who discovered it</i>

101
00:06:01,862 --> 00:06:04,863
<i> when his clients in Iran</i>
<i> began to panic</i>

102
00:06:04,865 --> 00:06:07,532
<i> over an epidemic</i>
<i> of computer shutdowns.</i>

103
00:06:08,334 --> 00:06:11,570
Had you ever seen anything
quite so sophisticated before?

104
00:07:34,987 --> 00:07:36,822
Eric chien:
<i> On a daily basis, basically</i>

105
00:07:36,824 --> 00:07:38,890
<i> we are sifting through</i>

106
00:07:38,892 --> 00:07:42,394
<i> a massive haystack looking for</i>
<i> that proverbial needle.</i>

107
00:07:43,262 --> 00:07:46,231
We get millions of pieces
of new malicious threats

108
00:07:46,233 --> 00:07:48,099
and there are millions of
attacks going on

109
00:07:48,101 --> 00:07:49,301
every single day.

110
00:07:49,469 --> 00:07:51,903
And only way are trying to
protect people

111
00:07:51,905 --> 00:07:53,505
and their computers and...
And their systems

112
00:07:53,507 --> 00:07:56,174
and countries' infrastructure

113
00:07:56,176 --> 00:07:58,276
from being taken down
by those attacks.

114
00:07:58,278 --> 00:08:01,613
But more importantly, we have
to find the attacks that matter.

115
00:08:01,615 --> 00:08:03,348
When you're talking about
that many,

116
00:08:03,649 --> 00:08:05,917
impact is extremely important.

117
00:08:18,297 --> 00:08:19,998
Eugene kaspersky:<i> Twenty years</i>
<i> ago, the antivirus companies,</i>

118
00:08:20,000 --> 00:08:21,700
they were hunting
for computer viruses

119
00:08:21,702 --> 00:08:22,968
because there were not so many.

120
00:08:22,970 --> 00:08:26,271
So we had, like,
tens of dozens a month,

121
00:08:26,472 --> 00:08:29,040
and there was just
little numbers.

122
00:08:29,042 --> 00:08:33,245
Now, we collect millions
of unique attacks every month.

123
00:08:34,614 --> 00:08:37,048
Vitaly kamluk:<i> This room we call</i>
<i> a woodpecker's room</i>

124
00:08:37,050 --> 00:08:38,383
<i> or a virus lab,</i>

125
00:08:38,618 --> 00:08:40,552
and this is where
<i> virus analysts sit.</i>

126
00:08:40,554 --> 00:08:42,521
<i> We call them woodpeckers</i>
<i> because they are</i>

127
00:08:42,523 --> 00:08:45,023
<i> pecking the worms,</i>
<i> network worms, and viruses.</i>

128
00:08:45,892 --> 00:08:49,127
<i> And we see, like, three</i>
<i> different groups of hackers</i>

129
00:08:49,129 --> 00:08:50,695
behind cyber-attacks.

130
00:08:51,464 --> 00:08:53,231
They are traditional
cyber criminals.

131
00:08:53,399 --> 00:08:57,235
Those guys are interested
only in illegal profit.

132
00:08:57,237 --> 00:08:58,637
And quick and dirty money.

133
00:08:58,639 --> 00:09:00,805
<i> Activists, or hacktivists,</i>

134
00:09:00,807 --> 00:09:03,174
<i> they are hacking for fun</i>
<i> or hacking to push</i>

135
00:09:03,176 --> 00:09:04,442
<i> some political message.</i>

136
00:09:04,677 --> 00:09:07,045
<i> And the third group</i>
<i> is nation-states.</i>

137
00:09:07,246 --> 00:09:10,148
<i> They're interested in</i>
<i> high-quality intelligence</i>

138
00:09:10,150 --> 00:09:11,583
<i> or sabotage activity.</i>

139
00:09:12,852 --> 00:09:15,353
Chien:<i> Security companies</i>
<i> not only share information</i>

140
00:09:15,355 --> 00:09:17,088
<i> but we also share</i>
<i> binary samples.</i>

141
00:09:17,090 --> 00:09:18,690
<i> So when</i>
<i> this threat was found</i>

142
00:09:18,692 --> 00:09:20,525
<i> by a Belarusian</i>
<i> security company</i>

143
00:09:20,527 --> 00:09:22,861
<i> on one of their customer's</i>
<i> machines in Iran,</i>

144
00:09:22,863 --> 00:09:25,463
<i> the sample was shared amongst</i>
<i> the security community.</i>

145
00:09:26,365 --> 00:09:27,933
When we try to name threats,
we just try to pick

146
00:09:27,935 --> 00:09:30,001
some sort of string,
some sort of words,

147
00:09:30,003 --> 00:09:32,571
<i> that are inside</i>
<i> of the binary.</i>

148
00:09:33,739 --> 00:09:36,107
<i> In this case, there was</i>
<i> a couple of words in there</i>

149
00:09:36,109 --> 00:09:39,077
<i> and we took pieces of each,</i>
<i> and that formed stuxnet.</i>

150
00:09:41,547 --> 00:09:44,749
I got the news about stuxnet
from one of my engineers.

151
00:09:44,751 --> 00:09:47,452
He came to my office,
opened the door,

152
00:09:48,020 --> 00:09:51,022
and he said, "so, Eugene,
of course you know that

153
00:09:51,024 --> 00:09:53,625
we are waiting
for something really bad.

154
00:09:53,926 --> 00:09:55,093
It happened."

155
00:10:01,801 --> 00:10:03,969
Gibney:<i> Give me some</i>
<i> sense of what it was like</i>

156
00:10:03,971 --> 00:10:05,370
in the lab at that time.

157
00:10:05,372 --> 00:10:06,972
Was there a palpable
sense of amazement

158
00:10:06,974 --> 00:10:08,974
that you had something
really different there?

159
00:10:09,275 --> 00:10:11,276
Well, I wouldn't call it
amazement.

160
00:10:11,278 --> 00:10:13,345
It was a kind of a shock.

161
00:10:13,746 --> 00:10:16,881
It went beyond our worst fears,
our worst nightmares,

162
00:10:17,249 --> 00:10:20,251
and this continued
the more we analyzed.

163
00:10:20,253 --> 00:10:22,220
The more we researched,

164
00:10:22,222 --> 00:10:25,223
the more bizarre
the whole story got.

165
00:10:25,558 --> 00:10:27,225
We look at so much malware
every day that

166
00:10:27,227 --> 00:10:29,160
we can just look at the code
and straightaway we can say,

167
00:10:29,162 --> 00:10:30,762
"okay, there's something bad
going on here,

168
00:10:30,764 --> 00:10:32,230
and I need to
investigate that."

169
00:10:32,232 --> 00:10:33,298
And that's the way it was

170
00:10:33,499 --> 00:10:35,433
when we looked at stuxnet
for the first time.

171
00:10:35,435 --> 00:10:37,936
We opened it up and there was
just bad things everywhere.

172
00:10:37,938 --> 00:10:40,405
Just like, okay, this is bad
and that's bad,

173
00:10:40,407 --> 00:10:41,940
and, you know,
we need to investigate this.

174
00:10:41,942 --> 00:10:43,408
And just suddenly
we had, like,

175
00:10:43,410 --> 00:10:44,876
a hundred questions
straightaway.

176
00:10:46,912 --> 00:10:49,347
<i> The most interesting thing</i>
<i> that we do is detective work</i>

177
00:10:49,349 --> 00:10:52,017
<i> where we try to track down</i>
<i> who's behind a threat,</i>

178
00:10:52,019 --> 00:10:53,585
<i> what are they doing,</i>
<i> what's their motivation,</i>

179
00:10:53,587 --> 00:10:55,320
<i> and try to really stop it</i>
<i> at the root.</i>

180
00:10:55,322 --> 00:10:57,689
<i> And it is kind of</i>
<i> all-consuming.</i>

181
00:10:57,691 --> 00:10:59,324
<i> You get this new puzzle</i>

182
00:10:59,326 --> 00:11:01,026
<i> and it's very difficult</i>
<i> to put it down,</i>

183
00:11:01,028 --> 00:11:03,461
<i> you know, work until, like,</i>
<i> 4:00 am in the morning</i>

184
00:11:03,463 --> 00:11:04,663
<i> and figure these things out.</i>

185
00:11:04,665 --> 00:11:07,465
<i> And I was in that zone where</i>
<i> I was very consumed by this,</i>

186
00:11:07,467 --> 00:11:09,601
<i> very excited about it,</i>
<i> very interested to know</i>

187
00:11:09,603 --> 00:11:10,869
<i> what was happening.</i>

188
00:11:10,871 --> 00:11:14,005
<i> And Eric was also</i>
<i> in that same sort of zone.</i>

189
00:11:14,007 --> 00:11:16,708
<i> So the two of us were, like,</i>
<i> back and forth all the time.</i>

190
00:11:16,710 --> 00:11:19,444
Chien:<i> Liam and I continued</i>
<i> to grind at the code,</i>

191
00:11:19,446 --> 00:11:21,546
<i> sharing pieces,</i>
<i> comparing notes,</i>

192
00:11:21,548 --> 00:11:23,381
<i> bouncing ideas</i>
<i> off of each other.</i>

193
00:11:23,816 --> 00:11:25,283
<i> We realized that</i>
<i> we needed to do</i>

194
00:11:25,285 --> 00:11:28,353
<i> what we called deep analysis,</i>
<i> pick apart the threat,</i>

195
00:11:28,355 --> 00:11:31,189
<i> every single byte,</i>
<i> every single zero, one,</i>

196
00:11:31,191 --> 00:11:33,291
<i> and understand everything</i>
<i> that was inside of it.</i>

197
00:11:33,826 --> 00:11:35,627
<i> And just to give you</i>
<i> some context,</i>

198
00:11:35,629 --> 00:11:37,662
we can go through and understand
every line of code

199
00:11:37,664 --> 00:11:39,464
for the average threat
in minutes.

200
00:11:40,066 --> 00:11:41,866
And here we are
one month into this threat

201
00:11:41,868 --> 00:11:43,802
and we were just starting
to discover what we call

202
00:11:43,804 --> 00:11:45,704
the payload
or its whole purpose.

203
00:11:48,040 --> 00:11:49,574
<i> When looking at</i>
<i> the stuxnet code,</i>

204
00:11:49,576 --> 00:11:52,143
<i> it's 20 times the size</i>
<i> of the average piece of code</i>

205
00:11:52,645 --> 00:11:54,879
<i> but contains almost</i>
<i> no bugs inside of it.</i>

206
00:11:54,881 --> 00:11:56,748
<i> And that's extremely rare.</i>

207
00:11:56,750 --> 00:11:58,650
<i> Malicious code always has</i>
<i> bugs inside of it.</i>

208
00:11:58,652 --> 00:12:00,418
<i> This wasn't the case</i>
<i> with stuxnet.</i>

209
00:12:00,420 --> 00:12:03,254
<i> It's dense and every piece</i>
<i> of code does something</i>

210
00:12:03,256 --> 00:12:06,091
<i> and does something right</i>
<i>in order to conduct its attack.</i>

211
00:12:07,326 --> 00:12:09,394
<i> One of the things that</i>
<i> surprised us</i>

212
00:12:09,396 --> 00:12:11,763
<i> was that stuxnet</i>
<i> utilized what's called</i>

213
00:12:11,765 --> 00:12:14,332
a zero-day exploit,
or basically,

214
00:12:14,334 --> 00:12:16,668
a piece of code
that allows it to spread

215
00:12:16,670 --> 00:12:18,503
without you having
to do anything.

216
00:12:18,505 --> 00:12:21,239
You don't have to, for example,
download a file and run it.

217
00:12:21,241 --> 00:12:23,441
A zero-day exploit
is an exploit that

218
00:12:23,443 --> 00:12:25,110
nobody knows about
except the attacker.

219
00:12:25,112 --> 00:12:26,678
So there's no protection
against it.

220
00:12:26,680 --> 00:12:28,113
There's been
no patch released.

221
00:12:28,115 --> 00:12:30,415
There's been zero days
protection,

222
00:12:30,417 --> 00:12:32,016
you know, against it.

223
00:12:32,885 --> 00:12:34,285
<i> That's what attackers value,</i>

224
00:12:34,287 --> 00:12:36,087
<i> because they know 100 percent</i>

225
00:12:36,089 --> 00:12:38,423
<i> if they have</i>
<i> this zero-day exploit,</i>

226
00:12:38,425 --> 00:12:40,125
<i> they can get in</i>
<i> wherever they want.</i>

227
00:12:40,127 --> 00:12:41,626
<i> They're actually</i>
<i> very valuable.</i>

228
00:12:41,628 --> 00:12:43,027
<i> You can sell these</i>
<i> on the underground</i>

229
00:12:43,029 --> 00:12:44,529
<i> for hundreds</i>
<i> of thousands of dollars.</i>

230
00:12:45,898 --> 00:12:46,965
Chien:
<i> Then we became more worried</i>

231
00:12:46,967 --> 00:12:49,033
<i> because immediately we</i>
<i> discovered more zero days.</i>

232
00:12:49,035 --> 00:12:51,770
And again, these zero days
are extremely rare.

233
00:12:51,772 --> 00:12:54,072
Inside stuxnet we had,
you know, four zero days,

234
00:12:54,074 --> 00:12:55,807
and for the entire rest
of the year,

235
00:12:55,809 --> 00:12:58,376
we only saw
12 zero days used.

236
00:12:58,378 --> 00:13:00,044
It blows all... everything else
out of the water.

237
00:13:00,046 --> 00:13:01,279
We've never seen this before.

238
00:13:01,281 --> 00:13:02,814
Actually, we've never seen it
since, either.

239
00:13:03,115 --> 00:13:05,717
Seeing one in a malware
you could understand

240
00:13:05,719 --> 00:13:08,620
because, you know, the malware
authors are making money,

241
00:13:08,622 --> 00:13:10,221
they're stealing people's credit
cards and making money,

242
00:13:10,223 --> 00:13:11,389
so it's worth their while
to use it,

243
00:13:11,391 --> 00:13:13,758
but seeing four zero days,
could be worth

244
00:13:13,760 --> 00:13:14,959
half a million dollars
right there,

245
00:13:14,961 --> 00:13:16,728
used in one piece
of malware,

246
00:13:16,996 --> 00:13:19,397
this is not your ordinary
criminal gangs doing this.

247
00:13:19,399 --> 00:13:20,999
This is...
This is someone bigger.

248
00:13:21,001 --> 00:13:22,901
It's definitely
not traditional crime,

249
00:13:22,903 --> 00:13:26,404
not hacktivists.
Who else?

250
00:13:27,273 --> 00:13:29,507
It was evident
on a very early stage

251
00:13:30,009 --> 00:13:32,243
that just given
the sophistication

252
00:13:32,245 --> 00:13:33,745
of this malware...

253
00:13:34,980 --> 00:13:37,782
Suggested that
there must have been

254
00:13:37,784 --> 00:13:39,250
a nation-state involved,

255
00:13:39,252 --> 00:13:42,487
at least one nation-state
involved in the development.

256
00:13:42,489 --> 00:13:44,522
When we look at code
that's coming from

257
00:13:44,524 --> 00:13:46,090
what appears to be
a state attacker

258
00:13:46,092 --> 00:13:48,693
or state-sponsored attacker,
usually they're scrubbed clean.

259
00:13:48,695 --> 00:13:51,129
They don't... they don't leave
little bits behind.

260
00:13:51,131 --> 00:13:52,864
They don't leave
little hints behind.

261
00:13:53,132 --> 00:13:54,799
<i> But in stuxnet</i>
<i> there were actually</i>

262
00:13:54,801 --> 00:13:56,167
<i> a few hints left behind.</i>

263
00:13:57,436 --> 00:14:00,705
<i> One was that, in order to</i>
<i> get low-level access</i>

264
00:14:00,707 --> 00:14:02,173
<i> to Microsoft windows,</i>

265
00:14:02,374 --> 00:14:03,942
<i> stuxnet needed to use</i>
<i> a digital certificate,</i>

266
00:14:04,476 --> 00:14:06,878
<i> which certifies that</i>
<i> this piece of code</i>

267
00:14:06,880 --> 00:14:09,747
<i> came from</i>
<i> a particular company.</i>

268
00:14:10,649 --> 00:14:12,717
Now, those attackers obviously
couldn't go to Microsoft

269
00:14:12,719 --> 00:14:14,185
and say,
"hey, test our code out for us.

270
00:14:14,187 --> 00:14:15,787
And give us
a digital certificate."

271
00:14:16,488 --> 00:14:18,089
So they essentially
stole them...

272
00:14:19,325 --> 00:14:21,392
<i> From two companies</i>
<i> in Taiwan.</i>

273
00:14:21,394 --> 00:14:23,294
<i> And these two companies have</i>
<i> nothing to do with each other</i>

274
00:14:23,296 --> 00:14:24,963
<i> except for</i>
<i> their close proximity</i>

275
00:14:24,965 --> 00:14:26,764
<i> in the exact same</i>
<i> business park.</i>

276
00:14:29,335 --> 00:14:33,171
<i> Digital certificates</i>
<i> are guarded very, very closely</i>

277
00:14:33,173 --> 00:14:34,706
<i> behind multiple doors</i>

278
00:14:34,708 --> 00:14:37,141
<i> and they require multiple</i>
<i> people to unlock.</i>

279
00:14:37,143 --> 00:14:38,810
Security:<i> ...To the camera.</i>

280
00:14:38,812 --> 00:14:40,511
Chien:<i> And they need to provide</i>
<i> both biometrics</i>

281
00:14:40,513 --> 00:14:42,914
<i> - and, as well, pass phrases.</i>

282
00:14:42,916 --> 00:14:44,382
<i> It wasn't like</i>
<i> those certificates were</i>

283
00:14:44,384 --> 00:14:46,084
<i> just sitting on some machine</i>
<i> connected to the Internet.</i>

284
00:14:46,318 --> 00:14:49,120
<i> Some human assets</i>
<i> had to be involved, spies.</i>

285
00:14:49,355 --> 00:14:51,189
O'murchu:<i> Like a cleaner who</i>
<i> comes in at night</i>

286
00:14:51,191 --> 00:14:52,924
<i> and has stolen</i>
<i> these certificates</i>

287
00:14:52,926 --> 00:14:54,158
<i> from these companies.</i>

288
00:14:57,563 --> 00:14:59,664
It did feel like walking
onto the set

289
00:14:59,666 --> 00:15:02,166
of this James Bond movie
and you...

290
00:15:02,168 --> 00:15:03,735
You've been embroiled
in this thing that,

291
00:15:03,737 --> 00:15:06,337
you know, you...
You never expected.

292
00:15:09,008 --> 00:15:10,108
<i> We continued to search,</i>

293
00:15:10,110 --> 00:15:11,609
<i> and we continued</i>
<i> to search in code,</i>

294
00:15:11,611 --> 00:15:14,445
<i> and eventually we found some</i>
<i> other bread crumbs left</i>

295
00:15:14,447 --> 00:15:15,847
<i> we were able to follow.</i>

296
00:15:16,548 --> 00:15:18,182
<i> It was doing something</i>
<i> with Siemens,</i>

297
00:15:18,450 --> 00:15:21,252
<i> Siemens software,</i>
<i> possibly Siemens hardware.</i>

298
00:15:21,553 --> 00:15:23,254
We'd never ever seen that
in any malware before,

299
00:15:23,256 --> 00:15:24,589
something targeting Siemens.

300
00:15:24,591 --> 00:15:26,524
We didn't even know why
they would be doing that.

301
00:15:28,127 --> 00:15:30,862
<i> But after googling,</i>
<i> very quickly we understood</i>

302
00:15:30,864 --> 00:15:33,298
<i> it was targeting</i>
<i> Siemens plcs.</i>

303
00:15:33,766 --> 00:15:36,701
Stuxnet was targeting
a very specific hardware device,

304
00:15:36,703 --> 00:15:40,104
something called a plc or
a programmable logic controller.

305
00:15:40,539 --> 00:15:43,441
Langner:<i> The plc is kind of</i>
<i> a very small computer</i>

306
00:15:43,742 --> 00:15:46,477
attached to
physical equipment,

307
00:15:46,479 --> 00:15:49,113
like pumps,
like valves, like motors.

308
00:15:49,915 --> 00:15:54,485
<i> So this little box is</i>
<i> running a digital program</i>

309
00:15:54,487 --> 00:15:56,788
<i> and the actions</i>
<i> of this program</i>

310
00:15:56,790 --> 00:16:00,892
<i> turns that motor on, off,</i>
<i> or sets a specific speed.</i>

311
00:16:00,894 --> 00:16:02,627
Chien:<i> Those program</i>
<i> module controllers</i>

312
00:16:02,629 --> 00:16:05,163
<i> control things like</i>
<i> power plants, power grids.</i>

313
00:16:05,165 --> 00:16:06,898
O'murchu:
<i> This is used in factories,</i>

314
00:16:06,900 --> 00:16:09,367
<i> it's used in</i>
<i> critical infrastructure.</i>

315
00:16:10,069 --> 00:16:13,104
Critical infrastructure,
it's everywhere around us,

316
00:16:13,106 --> 00:16:15,673
<i> transportation,</i>
<i> telecommunications,</i>

317
00:16:15,675 --> 00:16:17,976
<i> financial services,</i>
<i> health care.</i>

318
00:16:18,510 --> 00:16:21,412
<i> So the payload of stuxnet</i>
<i> was designed</i>

319
00:16:21,414 --> 00:16:24,582
to attack some
very important part

320
00:16:24,584 --> 00:16:26,017
of our world.

321
00:16:26,285 --> 00:16:27,819
The payload is gonna be
important.

322
00:16:27,821 --> 00:16:30,588
What happens there could be
very dangerous.

323
00:16:32,792 --> 00:16:35,760
Langner:<i> The next</i>
<i> very big surprise came</i>

324
00:16:35,762 --> 00:16:38,062
<i> when it infected</i>
<i> our lab system.</i>

325
00:16:38,797 --> 00:16:41,799
<i> We figured out that</i>
<i> the malware was probing</i>

326
00:16:41,801 --> 00:16:43,167
<i> for controllers.</i>

327
00:16:43,535 --> 00:16:45,603
<i> It was quite picky</i>
<i> on its targets.</i>

328
00:16:45,605 --> 00:16:49,941
<i>It didn't try to manipulate any</i>
<i> given controller in a network</i>

329
00:16:49,943 --> 00:16:51,275
<i> that it would see.</i>

330
00:16:51,510 --> 00:16:55,713
<i>It went through several checks,</i>
<i> and when those checks failed,</i>

331
00:16:55,715 --> 00:16:57,949
<i> it would not implement</i>
<i> the attack.</i>

332
00:17:00,686 --> 00:17:04,555
<i> It was obviously probing</i>
<i> for a specific target.</i>

333
00:17:05,891 --> 00:17:08,059
You've got to put this
in context that,

334
00:17:08,061 --> 00:17:09,861
at the time,
we already knew,

335
00:17:09,863 --> 00:17:12,230
well, this is the most
sophisticated piece of malware

336
00:17:12,232 --> 00:17:13,798
that we have ever seen.

337
00:17:14,566 --> 00:17:16,534
So it's kind of strange.

338
00:17:16,536 --> 00:17:21,539
Somebody takes that huge effort
to hit one specific target?

339
00:17:21,807 --> 00:17:23,741
Well, that must be
quite a significant target.

340
00:17:27,346 --> 00:17:29,747
Chien:<i> So at symantec we have</i>
<i> probes on networks</i>

341
00:17:29,749 --> 00:17:30,915
<i> all over the world</i>

342
00:17:30,917 --> 00:17:33,317
<i> watching for</i>
<i> malicious activity.</i>

343
00:17:33,719 --> 00:17:35,720
O'murchu:<i> We'd actually seen</i>
<i> infections of stuxnet</i>

344
00:17:35,722 --> 00:17:38,256
<i> all over the world,</i>
<i> in the U.S., Australia,</i>

345
00:17:38,258 --> 00:17:40,892
<i> in the u.K., in France,</i>
<i> Germany, all over Europe.</i>

346
00:17:41,393 --> 00:17:43,761
Chien:<i> It spread to any windows</i>
<i> machine in the entire world.</i>

347
00:17:44,163 --> 00:17:46,397
You know,
we had these organizations

348
00:17:46,399 --> 00:17:48,699
inside the United States
who were in charge of

349
00:17:48,701 --> 00:17:50,401
<i> industrial control</i>
<i> facilities saying,</i>

350
00:17:50,403 --> 00:17:52,403
<i> "we're infected.</i>
<i> What's gonna happen?"</i>

351
00:17:52,771 --> 00:17:55,440
O'murchu:<i> We didn't know if</i>
<i> there was a deadline coming up</i>

352
00:17:55,442 --> 00:17:57,008
<i> where this threat</i>
<i> would trigger</i>

353
00:17:57,010 --> 00:17:59,343
<i> and suddenly would,</i>
<i> like, turn off all, you know,</i>

354
00:17:59,345 --> 00:18:00,912
electricity plants
around the world

355
00:18:00,914 --> 00:18:02,680
or it would start
shutting things down

356
00:18:02,682 --> 00:18:04,015
or launching some attack.

357
00:18:04,850 --> 00:18:07,885
<i>We knew that stuxnet could have</i>
<i> very dire consequences,</i>

358
00:18:07,887 --> 00:18:10,555
<i> and we were</i>
<i> very worried about</i>

359
00:18:10,557 --> 00:18:12,023
<i> what the payload</i>
<i> contained</i>

360
00:18:12,025 --> 00:18:14,258
<i> and there was</i>
<i> an imperative speed</i>

361
00:18:14,260 --> 00:18:16,360
<i> that we had to race</i>
<i> and try and, you know,</i>

362
00:18:16,362 --> 00:18:17,762
<i> beat this ticking bomb.</i>

363
00:18:18,897 --> 00:18:21,432
<i> Eventually, we were able to</i>
<i> refine the statistics a little</i>

364
00:18:21,434 --> 00:18:22,934
<i> and we saw that</i>
<i> Iran was the number one</i>

365
00:18:22,936 --> 00:18:24,535
<i> infected country in the world.</i>

366
00:18:24,537 --> 00:18:27,105
Chien:<i> That immediately raised</i>
<i> our eyebrows.</i>

367
00:18:27,107 --> 00:18:29,373
We had never
seen a threat before

368
00:18:29,375 --> 00:18:31,509
where it was
predominantly in Iran.

369
00:18:32,444 --> 00:18:34,045
<i> And so we began to follow</i>
<i> what was going on</i>

370
00:18:34,047 --> 00:18:35,279
<i> in the geopolitical world,</i>

371
00:18:35,447 --> 00:18:37,014
<i> what was happening</i>
<i> in the general news.</i>

372
00:18:37,216 --> 00:18:40,451
<i> And at that time, there were</i>
<i> actually multiple explosions</i>

373
00:18:40,453 --> 00:18:43,354
<i> of gas pipelines</i>
<i> going in and out of Iran.</i>

374
00:18:44,323 --> 00:18:45,723
<i> Unexplained explosions.</i>

375
00:18:47,259 --> 00:18:49,393
O'murchu:<i> And of course,</i>
<i> we did notice that at the time</i>

376
00:18:49,395 --> 00:18:52,029
<i> there had been assassinations</i>
<i> of nuclear scientists.</i>

377
00:18:53,232 --> 00:18:54,665
<i> So that was worrying.</i>

378
00:18:55,467 --> 00:18:57,668
<i> We knew there was</i>
<i> something bad happening.</i>

379
00:18:58,137 --> 00:18:59,971
Gibney: Did you get concerned
for yourself?

380
00:18:59,973 --> 00:19:01,906
I mean, did you begin to start
looking over your shoulder

381
00:19:01,908 --> 00:19:03,141
from time to time?

382
00:19:03,143 --> 00:19:04,742
Yeah, definitely
looking over my shoulder

383
00:19:04,744 --> 00:19:07,311
and... and being careful about
what I spoke about on the phone.

384
00:19:08,313 --> 00:19:11,516
I was... pretty confident
my conversations on my...

385
00:19:11,518 --> 00:19:12,984
On the phone were
being listened to.

386
00:19:13,318 --> 00:19:15,286
We were only half joking

387
00:19:15,288 --> 00:19:17,321
when we would
look at each other

388
00:19:17,323 --> 00:19:19,090
and tell each other
things like,

389
00:19:19,092 --> 00:19:21,325
"look, I'm not suicidal.

390
00:19:21,660 --> 00:19:25,163
If I show up dead on Monday,
you know, it wasn't me."

391
00:19:33,939 --> 00:19:36,374
<i> We'd been publishing</i>
<i> information about stuxnet</i>

392
00:19:36,376 --> 00:19:37,775
<i> all through that summer.</i>

393
00:19:39,144 --> 00:19:41,779
<i> And then in November,</i>
<i> the industrial control system</i>

394
00:19:41,781 --> 00:19:44,916
<i> sort of expert</i>
<i> in Holland contacted us...</i>

395
00:19:46,185 --> 00:19:48,786
<i> And he said all of these</i>
<i>devices that would be inside of</i>

396
00:19:48,788 --> 00:19:51,856
<i> an industrial control system</i>
<i>hold a unique identifier number</i>

397
00:19:51,858 --> 00:19:55,059
that identified the make
and model of that device.

398
00:19:56,828 --> 00:20:00,498
<i> And we actually had a couple</i>
<i> of these numbers in the code</i>

399
00:20:00,500 --> 00:20:01,866
<i> that we didn't know</i>
<i> what they were.</i>

400
00:20:02,901 --> 00:20:04,802
And so we realized
maybe what he was referring to

401
00:20:04,804 --> 00:20:06,270
was the magic numbers we had.

402
00:20:06,805 --> 00:20:08,339
And then when we searched
for those magic numbers

403
00:20:08,341 --> 00:20:09,507
in that context,

404
00:20:09,509 --> 00:20:11,909
<i> we saw that what</i>
<i> had to be connected</i>

405
00:20:11,911 --> 00:20:14,078
<i> to this industrial control</i>
<i> system that was being targeted</i>

406
00:20:14,080 --> 00:20:16,047
<i> were something called</i>
<i> frequency converters</i>

407
00:20:16,381 --> 00:20:18,549
<i> from two</i>
<i> specific manufacturers,</i>

408
00:20:18,551 --> 00:20:20,318
<i> one of which was in Iran.</i>

409
00:20:20,919 --> 00:20:22,687
And so at this time,
we absolutely knew

410
00:20:22,689 --> 00:20:25,022
that the facility
that was being targeted

411
00:20:25,024 --> 00:20:26,490
had to be in Iran

412
00:20:26,825 --> 00:20:29,660
and had equipment made
from iranian manufacturers.

413
00:20:30,596 --> 00:20:32,363
When we looked up
those frequency converters,

414
00:20:32,365 --> 00:20:34,165
<i> we immediately found out</i>
<i> that they were actually</i>

415
00:20:34,167 --> 00:20:36,567
<i> export controlled by the</i>
<i> nuclear regulatory commission.</i>

416
00:20:37,169 --> 00:20:38,502
<i> And that immediately</i>
<i> lead us then</i>

417
00:20:38,504 --> 00:20:40,771
to some nuclear facility.

418
00:20:58,390 --> 00:21:00,524
Gibney:<i> This was more than</i>
<i> a computer story,</i>

419
00:21:00,892 --> 00:21:03,327
<i> so I left the world</i>
<i> of the antivirus detectives</i>

420
00:21:03,629 --> 00:21:05,563
<i> and sought out journalist,</i>
<i> David sanger,</i>

421
00:21:05,565 --> 00:21:07,798
<i> who specialized in</i>
<i> the strange intersection</i>

422
00:21:07,800 --> 00:21:10,801
<i> of cyber, nuclear weapons,</i>
<i> and espionage.</i>

423
00:21:11,770 --> 00:21:13,871
Sanger:
<i> The emergence of the code</i>

424
00:21:13,873 --> 00:21:17,174
<i> is what put me on alert</i>
<i> that an attack was under way.</i>

425
00:21:18,610 --> 00:21:21,779
<i> And because of the</i>
<i>covert nature of the operation,</i>

426
00:21:21,781 --> 00:21:24,782
<i> not only were official</i>
<i> government spokesmen</i>

427
00:21:24,784 --> 00:21:27,685
<i> unable to talk about it,</i>
<i>they didn't even know about it.</i>

428
00:21:28,887 --> 00:21:30,955
<i> Eventually,</i>
<i> the more I dug into it,</i>

429
00:21:30,957 --> 00:21:35,559
the more I began to find
individuals

430
00:21:35,794 --> 00:21:37,995
who had been involved
in some piece of it

431
00:21:38,163 --> 00:21:40,231
or who had witnessed
some piece of it.

432
00:21:40,832 --> 00:21:43,234
And that meant
talking to Americans,

433
00:21:43,236 --> 00:21:46,137
talking to Israelis,
talking to Europeans,

434
00:21:46,139 --> 00:21:49,240
because this was obviously
the first, biggest,

435
00:21:49,242 --> 00:21:53,811
and most sophisticated
example of a state

436
00:21:53,813 --> 00:21:56,447
or two states
using a cyber weapon

437
00:21:56,449 --> 00:21:57,982
for offensive purposes.

438
00:22:01,420 --> 00:22:04,322
<i> I came to this with</i>
<i> a fair bit of history,</i>

439
00:22:04,324 --> 00:22:07,091
<i> understanding the iranian</i>
<i> nuclear program.</i>

440
00:22:08,126 --> 00:22:11,529
<i>How did Iran get its first</i>
<i> nuclear reactor?</i>

441
00:22:12,097 --> 00:22:15,232
We gave it to them...
Under the shah,

442
00:22:15,534 --> 00:22:18,969
<i>because the shah was considered</i>
<i> an American ally.</i>

443
00:22:20,473 --> 00:22:24,108
<i> Thank you again for your</i>
<i> warm welcome, Mr. president.</i>

444
00:22:24,443 --> 00:22:26,043
Gary samore:<i> During</i>
<i> the Nixon administration,</i>

445
00:22:26,045 --> 00:22:29,313
<i> the U.S. was very enthusiastic</i>
<i> about supporting</i>

446
00:22:29,315 --> 00:22:31,415
<i> the shah's</i>
<i> nuclear power program.</i>

447
00:22:32,317 --> 00:22:34,652
And at one point,
the Nixon administration

448
00:22:34,654 --> 00:22:37,488
was pushing the idea
that Pakistan and Iran

449
00:22:37,490 --> 00:22:42,093
should build a joint plant
together in Iran.

450
00:22:43,462 --> 00:22:45,162
<i> There's at least</i>
<i> some evidence that</i>

451
00:22:45,164 --> 00:22:48,666
<i> the shah was thinking about</i>
<i>acquisition of nuclear weapons,</i>

452
00:22:48,668 --> 00:22:52,203
<i> because he saw, and we were</i>
<i> encouraging him to see Iran</i>

453
00:22:52,205 --> 00:22:54,505
<i> as the so-called policemen</i>
<i> of the persian Gulf.</i>

454
00:22:54,507 --> 00:22:56,674
<i> And the iranians have always</i>
<i> viewed themselves</i>

455
00:22:56,676 --> 00:22:59,910
<i>as naturally the dominant power</i>
<i> in the middle east.</i>

456
00:23:22,501 --> 00:23:24,068
Samore:<i> But the revolution,</i>

457
00:23:24,070 --> 00:23:25,770
<i> which overthrew</i>
<i> the shah in '79,</i>

458
00:23:25,772 --> 00:23:27,571
<i> really curtailed the program</i>

459
00:23:27,573 --> 00:23:29,940
<i> before it ever got any</i>
<i> head of steam going.</i>

460
00:23:31,042 --> 00:23:35,613
<i>Part of our policy against Iran</i>
<i> after the revolution</i>

461
00:23:35,615 --> 00:23:37,915
was to deny them
nuclear technology.

462
00:23:37,917 --> 00:23:41,218
So most of the period
when I was involved

463
00:23:41,220 --> 00:23:43,220
in the '80s and the '90s

464
00:23:43,222 --> 00:23:45,623
was the U.S. running
around the world

465
00:23:45,625 --> 00:23:48,893
and persuading potential
nuclear suppliers

466
00:23:48,895 --> 00:23:52,296
not to provide even peaceful
nuclear technology to Iran.

467
00:23:52,531 --> 00:23:55,966
And what we missed
was the clandestine transfer

468
00:23:55,968 --> 00:23:58,869
in the mid-1980s
from Pakistan to Iran.

469
00:24:02,875 --> 00:24:04,108
Rolf mowatt-larssen:
<i> Abdul qadeer Khan</i>

470
00:24:04,110 --> 00:24:05,443
<i> is what we would call</i>

471
00:24:05,445 --> 00:24:07,445
<i> the father of</i>
<i> the Pakistan nuclear program.</i>

472
00:24:08,880 --> 00:24:11,449
<i> He had the full authority</i>
<i> and confidence</i>

473
00:24:11,451 --> 00:24:13,751
<i> of the Pakistan government</i>
<i> from its inception</i>

474
00:24:13,753 --> 00:24:15,820
<i> to the production</i>
<i> of nuclear weapons.</i>

475
00:24:17,556 --> 00:24:19,890
I was a CIA officer for...
For...

476
00:24:19,892 --> 00:24:22,560
For over two decades,
operations officer,

477
00:24:22,562 --> 00:24:24,361
worked overseas
most of my career.

478
00:24:24,930 --> 00:24:26,997
The a.Q. Khan network
is so notable

479
00:24:26,999 --> 00:24:30,000
because aside from building

480
00:24:30,002 --> 00:24:33,037
the Pakistani program
for decades...

481
00:24:34,272 --> 00:24:37,441
It also was the means
by which other countries

482
00:24:37,443 --> 00:24:40,077
<i> were able to develop</i>
<i> nuclear weapons,</i>

483
00:24:40,079 --> 00:24:41,378
<i> including Iran.</i>

484
00:24:41,980 --> 00:24:43,614
Samore:
<i> A.Q. Khan acting on behalf</i>

485
00:24:43,616 --> 00:24:44,682
<i> of the Pakistani government</i>

486
00:24:44,684 --> 00:24:47,785
negotiated
with officials in Iran

487
00:24:47,787 --> 00:24:50,821
and then there was a transfer
which took place

488
00:24:50,823 --> 00:24:51,889
through Dubai

489
00:24:51,891 --> 00:24:55,125
<i> of blueprints for</i>
<i> nuclear weapons design</i>

490
00:24:55,127 --> 00:24:56,727
<i> as well as some hardware.</i>

491
00:24:57,863 --> 00:24:59,864
<i> Throughout the mid-1980s,</i>

492
00:24:59,866 --> 00:25:02,933
<i> the iranian program</i>
<i> was not very well-resourced.</i>

493
00:25:02,935 --> 00:25:04,768
<i> It was more of</i>
<i> an r & d program.</i>

494
00:25:05,804 --> 00:25:09,006
<i> It wasn't really</i>
<i> until the mid-'90s</i>

495
00:25:09,008 --> 00:25:11,275
<i> that it started to take off</i>
<i> when they made the decision</i>

496
00:25:11,277 --> 00:25:13,344
<i> to build the nuclear weapons</i>
<i> program.</i>

497
00:25:20,018 --> 00:25:21,519
<i> You know,</i>
<i> we can speculate what,</i>

498
00:25:21,521 --> 00:25:22,953
in their mind,
motivated them.

499
00:25:22,955 --> 00:25:26,123
I think it was
the U.S. invasion of Iraq

500
00:25:26,125 --> 00:25:27,725
after Kuwait.

501
00:25:29,027 --> 00:25:30,494
<i> You know, there was an</i>
<i> eight-year war</i>

502
00:25:30,496 --> 00:25:32,062
<i> between Iraq and Iran,</i>

503
00:25:32,330 --> 00:25:35,733
<i> we had wiped out Saddam's</i>
<i> forces in a matter of weeks.</i>

504
00:25:38,638 --> 00:25:41,372
<i> And I think that was enough</i>
<i> to convince the rulers</i>

505
00:25:41,374 --> 00:25:43,541
<i> in Tehran</i>
<i> that they needed to pursue</i>

506
00:25:43,543 --> 00:25:45,109
<i>nuclear weapons more seriously.</i>

507
00:25:47,145 --> 00:25:50,047
George Bush: States like these
and their terrorist allies

508
00:25:50,049 --> 00:25:52,883
constitute an axis of evil,

509
00:25:52,885 --> 00:25:55,653
arming to threaten
the peace of the world.

510
00:25:57,055 --> 00:25:59,690
Samore:<i> From 2003 to 2005</i>

511
00:25:59,692 --> 00:26:02,993
<i> when they feared that</i>
<i> the U.S. would invade them,</i>

512
00:26:02,995 --> 00:26:05,329
<i> they accepted limits</i>
<i> on their nuclear program.</i>

513
00:26:05,764 --> 00:26:09,400
<i> But by 2006, the iranians</i>
<i> had come to the conclusion</i>

514
00:26:09,402 --> 00:26:12,269
<i> that the U.S. was bogged down</i>
<i> in Afghanistan and Iraq</i>

515
00:26:12,271 --> 00:26:15,472
<i> and no longer had the capacity</i>
<i> to threaten them,</i>

516
00:26:15,840 --> 00:26:19,577
<i>and so they felt it was safe to</i>
<i>resume their enrichment program</i>

517
00:26:20,345 --> 00:26:23,013
<i> they started producing</i>
<i> low enriched uranium,</i>

518
00:26:23,281 --> 00:26:25,282
<i> producing more centrifuges,</i>
<i> installing them</i>

519
00:26:25,284 --> 00:26:29,119
<i> at the large-scale underground</i>
<i> enrichment facility at natanz.</i>

520
00:26:40,465 --> 00:26:45,269
Journalist:

521
00:26:56,448 --> 00:27:00,551
Ahmadinejad:

522
00:27:33,585 --> 00:27:35,519
Gibney: How many times
have you been to natanz?

523
00:27:35,854 --> 00:27:39,256
Not that many, because I left
few years ago, the dia,

524
00:27:39,258 --> 00:27:41,592
but I was there quite...
Quite a few times.

525
00:27:45,130 --> 00:27:47,698
<i> Natanz is just in the middle</i>
<i> of the desert.</i>

526
00:27:49,634 --> 00:27:51,602
<i> When they were building it</i>
<i> in secret,</i>

527
00:27:51,836 --> 00:27:55,873
<i> they were calling it</i>
<i> desert irrigation facility.</i>

528
00:27:56,374 --> 00:27:57,941
For the local people,

529
00:27:57,943 --> 00:28:00,511
you want to sell why you
are building a big complex.

530
00:28:03,314 --> 00:28:06,016
<i> There is a lot of artillery</i>
<i> and air force.</i>

531
00:28:06,018 --> 00:28:10,421
<i> It's better protected</i>
<i> against attack from air</i>

532
00:28:10,955 --> 00:28:13,457
<i> than any other nuclear</i>
<i> installation I have seen.</i>

533
00:28:16,227 --> 00:28:18,696
<i> So this is</i>
<i> deeply underground.</i>

534
00:28:23,301 --> 00:28:27,204
But then inside, natanz is like
any other centrifuge facility.

535
00:28:27,206 --> 00:28:31,542
I have been all over the world,
from Brazil to Russia, Japan,

536
00:28:31,544 --> 00:28:36,080
so they are all alike
with their own features,

537
00:28:36,082 --> 00:28:38,482
their own centrifuges,
their own culture,

538
00:28:38,484 --> 00:28:41,085
but basically,
the process is the same.

539
00:28:42,153 --> 00:28:45,222
<i> And so are the monitoring</i>
<i> activities of the iaea.</i>

540
00:28:45,224 --> 00:28:46,890
<i> There are basic principles.</i>

541
00:28:46,892 --> 00:28:49,626
<i> You want to see what goes in,</i>
<i> what goes out,</i>

542
00:28:49,894 --> 00:28:52,062
<i> and then on top of that</i>
<i> you make sure that</i>

543
00:28:52,064 --> 00:28:54,531
<i> it produces</i>
<i> low enriched uranium</i>

544
00:28:54,533 --> 00:28:56,934
<i> instead of anything to do with</i>
<i> the higher enrichments</i>

545
00:28:56,936 --> 00:28:59,103
<i> and nuclear weapon</i>
<i> grade uranium.</i>

546
00:29:05,076 --> 00:29:06,443
Emad kiyaei:
<i> Iran's nuclear facilities</i>

547
00:29:06,445 --> 00:29:08,679
<i> are under 24-hour watch.</i>

548
00:29:09,380 --> 00:29:11,715
<i> Of the united nations</i>
<i> nuclear watchdog,</i>

549
00:29:11,717 --> 00:29:15,018
<i> the iaea, the international</i>
<i> atomic energy agency.</i>

550
00:29:16,387 --> 00:29:20,591
Every single gram of iranian
fissile material...

551
00:29:21,793 --> 00:29:23,160
Is accounted for.

552
00:29:25,964 --> 00:29:28,432
<i> They have, like, basically</i>
<i> seals they put</i>

553
00:29:28,434 --> 00:29:32,002
<i> on fissile materials.</i>
<i> There are iaea seals.</i>

554
00:29:32,237 --> 00:29:34,538
You can't break it

555
00:29:34,540 --> 00:29:36,373
without getting noticed.

556
00:29:38,376 --> 00:29:40,611
Heinonen:<i> When you look</i>
<i> at the uranium</i>

557
00:29:40,613 --> 00:29:44,481
<i> which was there in natanz,</i>
<i> it was a very special uranium.</i>

558
00:29:44,649 --> 00:29:50,053
This is called isotope 236,
and that was a puzzle to us,

559
00:29:50,055 --> 00:29:52,489
because you only see
this sort of uranium

560
00:29:52,491 --> 00:29:55,626
in states which
have had nuclear weapons.

561
00:29:57,495 --> 00:30:00,197
<i> We realized that</i>
<i> they had cheated us.</i>

562
00:30:00,899 --> 00:30:04,168
<i> This sort of equipment</i>
<i> has been bought</i>

563
00:30:04,170 --> 00:30:05,969
from what they call
a black market.

564
00:30:05,971 --> 00:30:09,206
They never pointed out
it to a.Q. Khan

565
00:30:09,641 --> 00:30:11,441
at that point of time.

566
00:30:16,314 --> 00:30:19,650
<i> What I was surprised</i>
<i> was the sophistication</i>

567
00:30:19,652 --> 00:30:21,485
<i> and the quality control</i>

568
00:30:21,786 --> 00:30:23,787
<i> and the way they have</i>
<i> the manufacturing</i>

569
00:30:23,789 --> 00:30:25,189
<i> was really professional.</i>

570
00:30:26,324 --> 00:30:28,926
It was not something,
you know, you just create

571
00:30:28,928 --> 00:30:30,460
in a few months' time.

572
00:30:30,462 --> 00:30:33,197
This was a result
of a long process.

573
00:30:40,305 --> 00:30:43,106
<i> A centrifuge,</i>
<i> you feed uranium gas</i>

574
00:30:43,108 --> 00:30:46,210
<i> in and you have a cascade,</i>
<i> thousands of centrifuges,</i>

575
00:30:46,212 --> 00:30:49,213
<i> and from the other end</i>
<i> you get enriched uranium out.</i>

576
00:30:49,948 --> 00:30:53,951
<i> It separates uranium based on</i>
<i> spinning the rotors.</i>

577
00:30:53,953 --> 00:30:57,721
<i> It spins so fast,</i>
<i> 300 meters per second,</i>

578
00:30:57,723 --> 00:31:00,757
<i> the same as</i>
<i> the velocity of sound.</i>

579
00:31:02,126 --> 00:31:03,794
<i> These are tremendous forces</i>

580
00:31:03,796 --> 00:31:06,730
<i> and as a result,</i>
<i> the rotor, it twists,</i>

581
00:31:06,732 --> 00:31:08,899
<i> looks like a banana</i>
<i> at one point of time.</i>

582
00:31:10,301 --> 00:31:11,869
So it has to be balanced

583
00:31:11,871 --> 00:31:15,239
because any small vibration
it will blow up.

584
00:31:16,641 --> 00:31:18,575
<i>And here comes another trouble.</i>

585
00:31:18,877 --> 00:31:21,044
<i> You have to raise</i>
<i> the temperature</i>

586
00:31:21,046 --> 00:31:24,147
<i> but this very thin</i>
<i> rotor was...</i>

587
00:31:24,149 --> 00:31:26,183
<i> They are made from</i>
<i> carbon fiber,</i>

588
00:31:26,185 --> 00:31:28,819
<i> and the other pieces,</i>
<i> they are made from metal.</i>

589
00:31:29,721 --> 00:31:33,223
When you heat
carbon fiber, it shrinks.

590
00:31:34,325 --> 00:31:36,627
When you heat metal,
it expands.

591
00:31:36,995 --> 00:31:40,030
So you need to balance not only
that they spin,

592
00:31:40,032 --> 00:31:43,166
they twist,
but this temperature behavior

593
00:31:43,168 --> 00:31:45,402
<i> in such a way that</i>
<i> it doesn't break.</i>

594
00:31:45,404 --> 00:31:47,604
<i> So this has to be</i>
<i> very precise.</i>

595
00:31:48,106 --> 00:31:50,574
<i> This is what makes them</i>
<i> very difficult to manufacture.</i>

596
00:31:50,576 --> 00:31:53,243
You can model it,
you can calculate it,

597
00:31:53,245 --> 00:31:55,712
but at the very end,
it's actually based

598
00:31:55,714 --> 00:31:58,348
on practice and experience.

599
00:31:58,350 --> 00:32:01,652
So it's a...
It's a piece of art, so to say.

600
00:32:12,131 --> 00:32:17,768
Man:

601
00:32:42,593 --> 00:32:44,928
Heinonen:<i> Iranians are very</i>
<i> proud of their centrifuges.</i>

602
00:32:44,930 --> 00:32:47,898
<i> They have a lot of</i>
<i> public relations videos</i>

603
00:32:47,900 --> 00:32:51,635
<i> given up always in April</i>
<i> when they have what they call</i>

604
00:32:51,637 --> 00:32:53,136
<i> a national nuclear day.</i>

605
00:32:54,138 --> 00:32:57,641
Man:

606
00:33:07,453 --> 00:33:10,821
Kiyaei:<i> Ahmadinejad came into</i>
<i> his presidency saying</i>

607
00:33:10,823 --> 00:33:13,423
if the international community
wants to derail us

608
00:33:13,425 --> 00:33:15,092
we will stand up to it.

609
00:33:16,160 --> 00:33:18,862
If they want us to sign more
inspections

610
00:33:18,864 --> 00:33:22,132
and more additional protocols
and other measures,

611
00:33:22,134 --> 00:33:24,868
no, we will not.
We will fight for our rights.

612
00:33:26,105 --> 00:33:29,172
<i> Iran is a signature to nuclear</i>
<i> non-proliferation treaty,</i>

613
00:33:29,174 --> 00:33:32,776
<i>and under that treaty, Iran has</i>
<i> a right to a nuclear program.</i>

614
00:33:33,344 --> 00:33:36,813
<i> We can have enrichment.</i>
<i>Who are you, world powers,</i>

615
00:33:36,815 --> 00:33:39,282
<i> to come and tell us that we</i>
<i> cannot have enrichment?</i>

616
00:33:39,650 --> 00:33:41,385
This was his mantra,

617
00:33:42,120 --> 00:33:45,489
and it galvanized
the public.

618
00:33:49,060 --> 00:33:51,461
Sanger:<i> By 2007, 2008,</i>

619
00:33:51,463 --> 00:33:53,964
<i> the U.S. government</i>
<i> was in a very bad place with</i>

620
00:33:53,966 --> 00:33:55,265
<i> the iranian program.</i>

621
00:33:56,234 --> 00:33:58,335
<i> President bush recognized</i>

622
00:33:58,337 --> 00:34:00,971
<i> that he could not even</i>
<i> come out in public</i>

623
00:34:00,973 --> 00:34:03,473
<i> and declare that the iranians</i>
<i>were building a nuclear weapon,</i>

624
00:34:03,475 --> 00:34:05,308
<i> because by this time,</i>
<i> he had gone through</i>

625
00:34:05,310 --> 00:34:08,612
<i> the entire wmd fiasco in Iraq.</i>

626
00:34:09,313 --> 00:34:11,581
He could not really take
military action.

627
00:34:11,583 --> 00:34:13,984
<i> Condoleezza rice said to him</i>
<i> at one point,</i>

628
00:34:13,986 --> 00:34:17,387
<i> "you know, Mr. president,</i>
<i> I think you've invaded</i>

629
00:34:17,389 --> 00:34:21,058
<i> your last Muslim country,</i>
<i> even for the best of reasons."</i>

630
00:34:22,894 --> 00:34:25,095
<i> He didn't want to let</i>
<i> the Israelis</i>

631
00:34:25,097 --> 00:34:26,930
<i> conduct a military operation.</i>

632
00:34:27,265 --> 00:34:33,003
It's 1938, and Iran is Germany
and it's racing...

633
00:34:33,838 --> 00:34:36,440
To arm itself
with atomic bombs.

634
00:34:37,041 --> 00:34:40,610
Iran's nuclear ambitions
must be stopped.

635
00:34:41,279 --> 00:34:46,016
They have to be stopped.
We all have to stop it, now.

636
00:34:46,018 --> 00:34:48,618
That's the one message
i have for you today.

637
00:34:48,620 --> 00:34:50,520
- Thank you.

638
00:34:50,522 --> 00:34:53,390
Israel was saying
they were gonna bomb Iran.

639
00:34:53,392 --> 00:34:56,593
And the government here
in Washington

640
00:34:56,595 --> 00:34:58,962
did all sorts of scenarios
about what would happen

641
00:34:58,964 --> 00:35:01,531
if that Israeli attack occurred.

642
00:35:01,933 --> 00:35:04,101
They were all
very ugly scenarios.

643
00:35:04,103 --> 00:35:07,104
Our belief was that if
they went on their own

644
00:35:07,106 --> 00:35:08,905
knowing the limitations...

645
00:35:08,907 --> 00:35:10,807
No, they're a very good
air force, all right?

646
00:35:11,142 --> 00:35:13,210
But it's small
and the distances are great

647
00:35:13,212 --> 00:35:15,612
and the target's disbursed
and hardened, all right?

648
00:35:16,614 --> 00:35:19,182
If they would have
attempted a raid

649
00:35:19,884 --> 00:35:21,618
on a military plane,

650
00:35:21,919 --> 00:35:24,721
we would have been assuming that
they were assuming

651
00:35:24,723 --> 00:35:27,290
we would finish
that which they started.

652
00:35:27,292 --> 00:35:29,926
In other words,
there would be many of us

653
00:35:29,928 --> 00:35:31,962
in government thinking that
the purpose of the raid

654
00:35:31,964 --> 00:35:34,498
wasn't to destroy
the iranian nuclear system,

655
00:35:34,500 --> 00:35:38,168
but the purpose of the raid
was to put us at war with Iran.

656
00:35:39,103 --> 00:35:41,138
Israel is very much
concerned about

657
00:35:41,140 --> 00:35:43,807
Iran's nuclear program,
more than the United States.

658
00:35:43,809 --> 00:35:46,576
It's only natural because
of the size of the country,

659
00:35:46,578 --> 00:35:48,979
because we live in this
neighborhood,

660
00:35:48,981 --> 00:35:52,616
America lives thousands and
thousands miles away from Iran.

661
00:35:52,618 --> 00:35:56,253
The two countries agreed on
the goal.

662
00:35:56,521 --> 00:35:59,289
There is no page between us

663
00:35:59,291 --> 00:36:04,628
that Iran should not have
a nuclear military capability.

664
00:36:04,630 --> 00:36:06,630
There are some differences

665
00:36:06,632 --> 00:36:08,999
on how to...
How to achieve it

666
00:36:09,001 --> 00:36:11,301
and when action is needed.

667
00:36:20,811 --> 00:36:23,213
Yadlin:<i> We are taking</i>
<i> very seriously</i>

668
00:36:23,215 --> 00:36:25,949
leaders of countries who call to
the destruction

669
00:36:25,951 --> 00:36:28,585
and annihilation of our people.

670
00:36:28,786 --> 00:36:31,288
If Iran will get
nuclear weapons,

671
00:36:31,290 --> 00:36:32,756
now or in the future...

672
00:36:33,724 --> 00:36:36,560
It means that for the first time
in human history

673
00:36:37,361 --> 00:36:40,063
islamic zealots,
religious zealots,

674
00:36:40,731 --> 00:36:43,066
will get their hand on

675
00:36:43,068 --> 00:36:46,036
the most dangerous,
devastating weapons,

676
00:36:46,038 --> 00:36:48,805
and the world should
prevent this.

677
00:36:50,975 --> 00:36:54,744
Samore:<i> The Israelis believe</i>
<i> that the iranian leadership</i>

678
00:36:54,746 --> 00:36:57,681
<i> has already made the decision</i>
<i> to build nuclear weapons</i>

679
00:36:57,683 --> 00:36:59,583
<i> when they think</i>
<i> they can get away with it.</i>

680
00:36:59,984 --> 00:37:02,752
<i> The view in the U.S.</i>
<i> is that the iranians</i>

681
00:37:02,754 --> 00:37:04,921
<i> haven't made that</i>
<i> final decision yet.</i>

682
00:37:05,890 --> 00:37:07,824
To me, that doesn't make
any difference.

683
00:37:07,826 --> 00:37:09,559
I mean, it really doesn't make
any difference,

684
00:37:09,561 --> 00:37:12,729
and it's probably unknowable,
unless you can put, you know,

685
00:37:12,731 --> 00:37:16,099
supreme leader khamenei
on the couch and interview him.

686
00:37:16,101 --> 00:37:19,035
<i> I think, you know,</i>
<i> from our standpoint,</i>

687
00:37:19,037 --> 00:37:21,671
<i> stopping Iran from getting</i>
<i> the threshold capacity</i>

688
00:37:21,673 --> 00:37:24,808
<i> is, you know,</i>
<i> the primary policy objective.</i>

689
00:37:26,110 --> 00:37:28,211
<i> Once they have</i>
<i> the fissile material,</i>

690
00:37:28,213 --> 00:37:30,614
<i> once they have the capacity to</i>
<i> produce nuclear weapons,</i>

691
00:37:30,616 --> 00:37:31,982
<i> then the game is lost.</i>

692
00:37:37,788 --> 00:37:39,589
Hayden:<i> President bush once said</i>
<i> to me, he said,</i>

693
00:37:39,591 --> 00:37:42,692
<i> "Mike, I don't want any</i>
<i> president ever to be faced</i>

694
00:37:42,694 --> 00:37:46,730
with only two options,
bombing or the bomb."

695
00:37:46,732 --> 00:37:47,964
Right?

696
00:37:47,966 --> 00:37:51,534
He... he wanted options that...
That made it...

697
00:37:51,736 --> 00:37:54,704
Made it far less likely
he or his successor

698
00:37:54,706 --> 00:37:57,240
or successors
would ever get to that point

699
00:37:57,242 --> 00:37:58,875
where that's...
That's all you've got.

700
00:37:59,210 --> 00:38:02,846
We wanted to be energetic enough
in pursuing this problem

701
00:38:03,214 --> 00:38:06,216
that... that the Israelis would
certainly believe,

702
00:38:06,218 --> 00:38:07,417
"yeah, we get it."

703
00:38:07,419 --> 00:38:09,552
The intelligence cooperation
between Israel

704
00:38:09,554 --> 00:38:12,989
and the United States
is very, very good.

705
00:38:13,758 --> 00:38:16,059
<i> And therefore, the Israelis</i>
<i> went to the Americans</i>

706
00:38:16,061 --> 00:38:19,663
<i> and said, "okay, guys,</i>
<i>you don't want us to bomb Iran.</i>

707
00:38:19,665 --> 00:38:22,832
<i>Okay, let's do it differently."</i>

708
00:38:23,334 --> 00:38:26,903
<i> And then the American</i>
<i> intelligence community started</i>

709
00:38:26,905 --> 00:38:28,605
<i> rolling in joint forces</i>

710
00:38:28,607 --> 00:38:30,573
<i> with the Israeli</i>
<i> intelligence community.</i>

711
00:38:31,242 --> 00:38:35,245
One day a group of intelligence
and military officials showed up

712
00:38:35,946 --> 00:38:37,881
in president bush's office

713
00:38:38,482 --> 00:38:40,016
and said,
"sir, we have an idea.

714
00:38:41,152 --> 00:38:42,485
It's a big risk.

715
00:38:43,020 --> 00:38:44,821
It might not work,
but here it is."

716
00:38:52,363 --> 00:38:55,999
Langner:<i> Moving forward in</i>
<i> my analysis of the codes,</i>

717
00:38:56,001 --> 00:39:00,036
<i> I took a closer look</i>
<i> at the photographs</i>

718
00:39:00,038 --> 00:39:01,871
<i> that had been published</i>

719
00:39:01,873 --> 00:39:06,643
by the iranians themselves
in a press tour from 2008

720
00:39:06,645 --> 00:39:09,779
<i> of ahmadinejad</i>
<i> and the shiny centrifuges.</i>

721
00:39:12,183 --> 00:39:14,050
Sanger:<i> Well, photographs</i>
<i> of ahmadinejad</i>

722
00:39:14,052 --> 00:39:16,853
<i> going through</i>
<i> the centrifuges at natanz</i>

723
00:39:16,855 --> 00:39:20,290
<i> had provided some</i>
<i> very important clues.</i>

724
00:39:20,991 --> 00:39:23,193
There was a huge amount
to be learned.

725
00:39:31,502 --> 00:39:34,304
<i> First of all,</i>
<i> those photographs showed</i>

726
00:39:34,306 --> 00:39:37,640
<i> many of the individuals</i>
<i> who were guiding ahmadinejad</i>

727
00:39:37,642 --> 00:39:38,808
<i> through the program.</i>

728
00:39:38,810 --> 00:39:41,411
<i> And there's one very famous</i>
<i> photograph that shows</i>

729
00:39:41,413 --> 00:39:43,413
<i> ahmadinejad being shown</i>
<i> something.</i>

730
00:39:43,415 --> 00:39:45,982
<i>You see his face, you can't see</i>
<i> what's on the computer.</i>

731
00:39:45,984 --> 00:39:49,419
<i> And one of the scientists</i>
<i> who was behind him</i>

732
00:39:49,421 --> 00:39:51,821
<i> was assassinated</i>
<i> a few months later.</i>

733
00:39:56,193 --> 00:39:57,927
Langner:<i> In one of</i>
<i> those photographs,</i>

734
00:39:58,195 --> 00:40:01,531
you could see parts
of a computer screen.

735
00:40:01,533 --> 00:40:04,100
We... we refer to that
as a scada screen.

736
00:40:04,102 --> 00:40:07,070
<i> The scada system is basically</i>
<i> a piece of software</i>

737
00:40:07,072 --> 00:40:08,671
<i> running on a computer.</i>

738
00:40:08,673 --> 00:40:12,275
<i> It enables the operators</i>
<i> to monitor the processes.</i>

739
00:40:13,277 --> 00:40:17,414
What you could see
when you look close enough

740
00:40:17,948 --> 00:40:22,285
<i> was a more detailed view</i>
<i> of the configuration</i>

741
00:40:23,087 --> 00:40:26,389
<i> there were these six groups</i>
<i> of centrifuges</i>

742
00:40:26,391 --> 00:40:29,826
<i> and each group</i>
<i> had 164 entries.</i>

743
00:40:30,394 --> 00:40:31,961
And guess what?

744
00:40:32,263 --> 00:40:34,597
That was a perfect match
to what we saw

745
00:40:34,599 --> 00:40:35,965
in the attack code.

746
00:40:37,301 --> 00:40:40,703
<i> It was absolutely clear</i>
<i> that this piece of code</i>

747
00:40:40,705 --> 00:40:44,274
<i> was attacking an array</i>
<i> of six different groups</i>

748
00:40:44,276 --> 00:40:48,111
<i> of, let's just say,</i>
<i> thingies, physical objects,</i>

749
00:40:48,113 --> 00:40:54,017
<i> and in those six groups,</i>
<i> there were 164 elements.</i>

750
00:40:57,721 --> 00:41:00,056
Gibney: Were you able to do
any actual physical tests?

751
00:41:00,058 --> 00:41:02,292
Or it was all just
code analysis?

752
00:41:02,294 --> 00:41:04,227
Yeah, so, you know,
we obviously

753
00:41:04,229 --> 00:41:07,297
couldn't set up our own sort
of nuclear enrichment facility.

754
00:41:07,465 --> 00:41:09,766
So... but what we did was
we did obtain some plcs,

755
00:41:09,768 --> 00:41:11,000
the exact models.

756
00:41:18,175 --> 00:41:20,577
<i> We then ordered an air pump,</i>
<i> and that's what we used</i>

757
00:41:20,579 --> 00:41:22,245
<i> sort of as our sort of</i>
<i> proof of concept.</i>

758
00:41:23,080 --> 00:41:24,814
O'murchu:<i> We needed</i>
<i> a visual demonstration</i>

759
00:41:24,816 --> 00:41:27,016
<i> to show people</i>
<i> what we discovered.</i>

760
00:41:27,318 --> 00:41:29,352
So we thought of different
things that we could do,

761
00:41:29,354 --> 00:41:31,488
and we... we settled
on blowing up a balloon.

762
00:41:35,826 --> 00:41:37,794
<i>We were able to write a program</i>
<i> that would inflate a balloon,</i>

763
00:41:37,796 --> 00:41:40,697
<i> and it was set to stop</i>
<i> after five seconds.</i>

764
00:41:50,674 --> 00:41:52,442
<i>So it would inflate the balloon</i>
<i> to a certain size</i>

765
00:41:52,444 --> 00:41:53,943
<i> but it wouldn't</i>
<i> burst the balloon</i>

766
00:41:53,945 --> 00:41:55,378
<i> and it was all safe.</i>

767
00:41:55,380 --> 00:41:57,480
And we showed everybody,
this is the code

768
00:41:57,482 --> 00:41:58,715
that's on the plc.

769
00:41:59,149 --> 00:42:01,117
<i> And the timer says,</i>
<i> "stop after five seconds."</i>

770
00:42:01,352 --> 00:42:02,886
<i> We know that's</i>
<i> what's going to happen.</i>

771
00:42:03,487 --> 00:42:05,755
And then we would infect
the computer with stuxnet,

772
00:42:06,290 --> 00:42:08,558
<i> and we would</i>
<i> run the test again.</i>

773
00:42:39,757 --> 00:42:41,357
Here is
a piece of software

774
00:42:41,359 --> 00:42:44,327
that should only exist
in a cyber realm

775
00:42:44,329 --> 00:42:47,430
and it is able to affect
physical equipment

776
00:42:47,432 --> 00:42:51,167
in a plant or factory
and cause physical damage.

777
00:42:51,169 --> 00:42:53,236
Real-world
physical destruction.

778
00:42:57,741 --> 00:43:00,410
<i> At that time, things became</i>
<i> very scary to us.</i>

779
00:43:00,412 --> 00:43:02,912
<i> Here you had malware</i>
<i> potentially killing people</i>

780
00:43:02,914 --> 00:43:05,214
and that was something that was
always Hollywood-esque to us

781
00:43:05,216 --> 00:43:06,382
that we'd always laugh at

782
00:43:06,384 --> 00:43:08,418
when people made
that kind of assertion.

783
00:43:14,024 --> 00:43:16,526
Gibney:<i> At this point, you had</i>
<i> to have started developing</i>

784
00:43:16,528 --> 00:43:19,295
<i> theories as to</i>
<i> who had built stuxnet.</i>

785
00:43:20,230 --> 00:43:21,798
It wasn't
lost on us that

786
00:43:21,800 --> 00:43:25,034
there were probably
only a few countries

787
00:43:25,036 --> 00:43:27,370
in the world that would want

788
00:43:27,372 --> 00:43:30,239
and have the motivation
to sabotage

789
00:43:30,241 --> 00:43:32,375
Iran's nuclear enrichment
facility.

790
00:43:32,377 --> 00:43:34,277
The U.S. government
would be up there.

791
00:43:34,279 --> 00:43:36,446
Israeli government certainly
would be... would be up there.

792
00:43:36,448 --> 00:43:38,548
You know, maybe u.K.,
France, Germany,

793
00:43:38,550 --> 00:43:39,983
those sorts of countries,

794
00:43:39,985 --> 00:43:42,285
but we never found any
information that

795
00:43:42,287 --> 00:43:45,321
would tie it back 100 percent
to... to those countries.

796
00:43:45,323 --> 00:43:47,256
There are no telltale signs.

797
00:43:47,258 --> 00:43:49,826
You know, the attackers don't
leave a message inside

798
00:43:49,828 --> 00:43:51,995
saying, you know,
"it was me."

799
00:43:52,896 --> 00:43:56,165
And even if they did,
all of that stuff can be faked.

800
00:43:56,500 --> 00:43:59,168
So it's very, very difficult
to do attribution

801
00:43:59,170 --> 00:44:00,903
when looking at
computer code.

802
00:44:01,772 --> 00:44:03,306
Gibney: Subsequent work
that's been done

803
00:44:03,308 --> 00:44:05,742
leads us to believe that
this was the work of

804
00:44:05,744 --> 00:44:07,276
a collaboration between Israel
and the United States.

805
00:44:07,278 --> 00:44:08,344
Yeah, yeah.

806
00:44:08,346 --> 00:44:09,479
Gibney: Did you have
any evidence

807
00:44:09,481 --> 00:44:10,747
in terms of your analysis

808
00:44:10,749 --> 00:44:12,749
that would lead you
to believe that

809
00:44:12,751 --> 00:44:14,083
that's correct also?

810
00:44:14,085 --> 00:44:16,185
Nothing that I could
talk about on camera.

811
00:44:17,688 --> 00:44:20,490
Gibney:
Well, can I ask why?

812
00:44:20,492 --> 00:44:22,325
No.

813
00:44:22,327 --> 00:44:24,027
Well, you can,
but I won't answer.

814
00:44:26,464 --> 00:44:28,765
Gibney: But even in the case
of nation-states,

815
00:44:28,767 --> 00:44:30,266
I mean, one of
the concerns is...

816
00:44:30,268 --> 00:44:32,402
Gibney:<i> This was beginning</i>
<i> to really piss me off.</i>

817
00:44:32,836 --> 00:44:36,172
<i>Even civilians with an interest</i>
<i> in telling the stuxnet story</i>

818
00:44:36,174 --> 00:44:39,108
<i> were refusing to address</i>
<i> the role of Tel Aviv</i>

819
00:44:39,110 --> 00:44:42,345
<i> and Washington.</i>
<i> But luckily for me,</i>

820
00:44:42,613 --> 00:44:44,447
<i> while D.C.</i>
<i> is a city of secrets,</i>

821
00:44:44,782 --> 00:44:46,549
<i> it is also a city of leaks.</i>

822
00:44:47,017 --> 00:44:48,718
<i> They're as regular as</i>
<i> a heartbeat</i>

823
00:44:48,720 --> 00:44:50,453
<i> and just as hard to stop.</i>

824
00:44:51,455 --> 00:44:53,022
<i> That's what I was counting on.</i>

825
00:44:58,196 --> 00:45:01,731
<i> Finally, after speaking to a</i>
<i>number of people on background,</i>

826
00:45:01,733 --> 00:45:04,333
<i>I did find a way of confirming,</i>
<i> on the record,</i>

827
00:45:04,335 --> 00:45:06,202
<i> the American role in stuxnet.</i>

828
00:45:07,171 --> 00:45:09,305
<i> In exchange for details</i>
<i> of the operation,</i>

829
00:45:09,307 --> 00:45:11,374
<i> I had to agree to find a way</i>

830
00:45:11,376 --> 00:45:13,676
<i> to disguise the source</i>
<i> of the information.</i>

831
00:45:13,678 --> 00:45:15,445
- Gibney:<i> We're good?</i>
- Man:<i> We're on.</i>

832
00:45:17,014 --> 00:45:18,681
Gibney:<i> So the first question</i>
<i> I have to ask you</i>

833
00:45:18,683 --> 00:45:20,083
<i> is about secrecy.</i>

834
00:45:20,584 --> 00:45:23,653
<i> I mean, at this point,</i>
<i> everyone knows about stuxnet.</i>

835
00:45:23,655 --> 00:45:25,321
<i> Why can't we talk about it?</i>

836
00:45:25,823 --> 00:45:27,190
<i> It's a covert operation.</i>

837
00:45:27,192 --> 00:45:28,991
Gibney:<i> Not anymore.</i>

838
00:45:28,993 --> 00:45:31,294
<i> I mean, we know what happened,</i>
<i> we know who did it.</i>

839
00:45:31,528 --> 00:45:34,230
<i> Well, maybe you don't know</i>
<i> as much as you think you know.</i>

840
00:45:35,032 --> 00:45:37,600
Gibney:<i> Well, I'm talking to you</i>
<i> because I want to</i>

841
00:45:37,602 --> 00:45:39,001
<i> get the story right.</i>

842
00:45:39,003 --> 00:45:40,737
<i> Well, that's the same reason</i>
<i> I'm talking to you.</i>

843
00:45:43,207 --> 00:45:45,007
Gibney:<i> Even though it's</i>
<i> a covert operation?</i>

844
00:45:46,043 --> 00:45:49,879
<i> Look, this is not</i>
<i> a snowden kind of thing, okay?</i>

845
00:45:49,881 --> 00:45:51,214
<i> I think what he did</i>
<i> was wrong.</i>

846
00:45:51,216 --> 00:45:54,350
<i> He went too far.</i>
<i> He gave away too much.</i>

847
00:45:54,852 --> 00:45:56,853
<i> Unlike snowden,</i>
<i> who was a contractor,</i>

848
00:45:56,855 --> 00:45:58,621
<i> I was in NSA.</i>

849
00:45:59,256 --> 00:46:01,457
<i> I believe in the agency,</i>
<i>so what I'm willing to give you</i>

850
00:46:01,459 --> 00:46:03,092
<i> will be limited,</i>
<i> but we're talking</i>

851
00:46:03,094 --> 00:46:04,927
<i> because everyone's getting</i>
<i> the story wrong</i>

852
00:46:04,929 --> 00:46:06,529
<i> and we have to get it right.</i>

853
00:46:06,531 --> 00:46:08,297
<i> We have to understand</i>
<i> these new weapons.</i>

854
00:46:08,299 --> 00:46:09,565
<i> The stakes are too high.</i>

855
00:46:09,567 --> 00:46:10,867
Gibney:<i> What do you mean?</i>

856
00:46:12,970 --> 00:46:14,937
<i> We did stuxnet.</i>

857
00:46:16,140 --> 00:46:17,306
<i> It's a fact.</i>

858
00:46:17,308 --> 00:46:21,043
<i> You know, we came</i>
<i> so fucking close to disaster,</i>

859
00:46:21,045 --> 00:46:22,712
<i> and we're still on the edge.</i>

860
00:46:24,248 --> 00:46:29,318
<i> It was a huge multinational,</i>
<i> interagency operation.</i>

861
00:46:30,587 --> 00:46:33,289
<i> In the U.S. it was CIA,</i>

862
00:46:33,757 --> 00:46:37,226
<i> NSA, and the military</i>
<i> cyber command.</i>

863
00:46:37,728 --> 00:46:41,397
<i> From britain, we used</i>
<i> Iran intel out of gchq,</i>

864
00:46:41,999 --> 00:46:43,833
<i> but the main partner</i>
<i> was Israel.</i>

865
00:46:43,835 --> 00:46:45,334
<i> Over there,</i>
<i> Mossad ran the show,</i>

866
00:46:45,336 --> 00:46:48,070
<i> and the technical work</i>
<i> was done by unit 8200.</i>

867
00:46:49,006 --> 00:46:52,008
<i> Israel is really the key</i>
<i> to the story.</i>

868
00:46:56,446 --> 00:46:59,515
Melman: Oh, traffic in Israel
is so unpredictable.

869
00:47:01,618 --> 00:47:04,687
Gibney: Yossi, how did you get
into this whole stuxnet story?

870
00:47:05,856 --> 00:47:08,858
I have been covering
the Israeli intelligence

871
00:47:08,860 --> 00:47:11,160
in general, in the Mossad
in particular

872
00:47:11,162 --> 00:47:14,564
<i> for nearly 30 years.</i>

873
00:47:14,965 --> 00:47:18,034
<i> In '82, I was a London-based</i>
<i> correspondent</i>

874
00:47:18,036 --> 00:47:21,470
<i> and I covered a trial</i>
<i> of terrorists,</i>

875
00:47:21,472 --> 00:47:25,775
<i> and I became more familiar</i>
<i> with this topic of terrorism,</i>

876
00:47:25,777 --> 00:47:29,946
<i> and slowly but surely, I</i>
<i> started covering it as a beat.</i>

877
00:47:32,816 --> 00:47:35,852
Israel, we live in
a very rough neighborhood

878
00:47:35,854 --> 00:47:38,221
where the...
The Democratic values,

879
00:47:38,223 --> 00:47:41,524
western values, are very rare.

880
00:47:41,959 --> 00:47:45,862
But Israel pretends
to be a free, Democratic,

881
00:47:45,864 --> 00:47:47,930
westernized society,

882
00:47:48,398 --> 00:47:51,701
<i> posh neighborhoods,</i>
<i> rich people,</i>

883
00:47:51,869 --> 00:47:54,871
<i> youngsters who are having</i>

884
00:47:54,873 --> 00:47:57,907
<i> almost similar mind-set</i>
<i> to their American</i>

885
00:47:57,909 --> 00:48:00,142
<i> or western European</i>
<i> counterparts.</i>

886
00:48:00,144 --> 00:48:02,879
<i> On the other hand,</i>
<i> you see a lot of scenes</i>

887
00:48:02,881 --> 00:48:07,083
<i> and events which resemble</i>
<i> the real middle east,</i>

888
00:48:07,085 --> 00:48:12,855
<i> terror attacks, radicals,</i>
<i> fanatics, religious zealots.</i>

889
00:48:17,228 --> 00:48:20,329
I knew that Israel
is trying to slow down

890
00:48:20,331 --> 00:48:21,998
Iran's nuclear program,

891
00:48:22,000 --> 00:48:24,767
and therefore,
i came to the conclusion that

892
00:48:24,769 --> 00:48:27,937
if there was a virus
infecting Iran's computers,

893
00:48:27,939 --> 00:48:33,743
it's... it's one more element
in... in this larger picture

894
00:48:34,444 --> 00:48:36,879
<i> based on past precedents.</i>

895
00:48:41,452 --> 00:48:45,121
Yadlin:
<i> 1981 I was an f-16 pilot,</i>

896
00:48:45,555 --> 00:48:49,058
<i> and we were told that,</i>
<i> unlike our dream</i>

897
00:48:49,060 --> 00:48:52,495
<i> to do dogfights</i>
<i> and to kill migs,</i>

898
00:48:53,063 --> 00:48:56,699
<i> we have to be prepared</i>
<i> for a long-range mission</i>

899
00:48:57,367 --> 00:49:00,002
<i>to destroy a valuable target.</i>

900
00:49:00,771 --> 00:49:02,471
<i> Nobody told us what is</i>

901
00:49:02,473 --> 00:49:04,874
<i> this very valuable</i>
<i> strategic target.</i>

902
00:49:05,876 --> 00:49:09,045
<i> It was 600 miles from Israel.</i>

903
00:49:10,414 --> 00:49:13,883
So we train our self
to do the job,

904
00:49:13,885 --> 00:49:17,720
which was very difficult.
No air refueling at that time.

905
00:49:18,121 --> 00:49:20,189
No satellites
for reconnaissance.

906
00:49:22,125 --> 00:49:24,527
Fuel was on the limit.

907
00:49:25,095 --> 00:49:27,396
Pilot:<i> What?</i>
<i> Whoa! Whoa!</i>

908
00:49:30,334 --> 00:49:31,734
Yadlin:<i> At the end of the day,</i>

909
00:49:32,469 --> 00:49:34,203
<i> we accomplished</i>
<i> the mission.</i>

910
00:49:34,671 --> 00:49:35,972
Gibney:<i> Which was?</i>

911
00:49:36,440 --> 00:49:39,342
Yadlin:<i> To destroy</i>
<i> the Iraqi nuclear reactor</i>

912
00:49:39,344 --> 00:49:43,179
<i> near Baghdad,</i>
<i> which was called osirak.</i>

913
00:49:43,413 --> 00:49:49,452
And Iraq never was able
to accomplish

914
00:49:49,454 --> 00:49:52,021
its ambition to have
a nuclear bomb.

915
00:49:54,024 --> 00:49:56,625
Melman:<i> Amos yadlin,</i>
<i> general yadlin,</i>

916
00:49:56,627 --> 00:49:59,428
<i> he was the head</i>
<i> of the military intelligence.</i>

917
00:49:59,830 --> 00:50:03,299
<i> The biggest unit</i>
<i> within that organization</i>

918
00:50:03,301 --> 00:50:05,101
<i> was unit 8200.</i>

919
00:50:05,802 --> 00:50:08,204
<i> They'd block telephones,</i>
<i> they'd block faxes,</i>

920
00:50:08,206 --> 00:50:10,373
<i> they're breaking</i>
<i> into computers.</i>

921
00:50:12,709 --> 00:50:15,011
<i> A decade ago,</i>
<i> when yadlin became</i>

922
00:50:15,013 --> 00:50:16,946
<i> the chief of</i>
<i> military intelligence,</i>

923
00:50:17,447 --> 00:50:21,951
<i> there was no</i>
<i> cyber warfare unit in 8200.</i>

924
00:50:24,888 --> 00:50:28,657
<i> So they started recruiting</i>
<i> very talented people,</i>

925
00:50:28,659 --> 00:50:31,227
<i> hackers either</i>
<i> from the military</i>

926
00:50:31,229 --> 00:50:33,796
or outside the military
that can contribute

927
00:50:33,798 --> 00:50:36,966
to the project of building
a cyber warfare unit.

928
00:50:39,703 --> 00:50:44,206
Yadlin:<i> In the 19th century,</i>
<i> there were only army and Navy.</i>

929
00:50:44,208 --> 00:50:48,010
<i> In the 20th century,</i>
<i> we got air power</i>

930
00:50:48,012 --> 00:50:49,745
<i> as a third dimension of war.</i>

931
00:50:50,380 --> 00:50:52,348
<i> In the 21st century,</i>

932
00:50:52,350 --> 00:50:55,885
<i> cyber will be</i>
<i> the fourth dimension of war.</i>

933
00:50:56,853 --> 00:50:58,387
<i> It's another kind of weapon</i>

934
00:50:58,389 --> 00:51:02,992
and it is for unlimited range
in a very high speed

935
00:51:03,393 --> 00:51:05,528
and in
a very low signature.

936
00:51:05,530 --> 00:51:08,064
So this give you
a huge opportunity...

937
00:51:09,166 --> 00:51:12,435
<i> And the superpowers</i>
<i> have to change</i>

938
00:51:12,437 --> 00:51:14,503
<i> the way we think</i>
<i> about warfare.</i>

939
00:51:16,741 --> 00:51:18,774
Finally we are transforming
our military

940
00:51:18,776 --> 00:51:21,444
for a new kind of war
that we're fighting now...

941
00:51:22,913 --> 00:51:24,346
And for wars of tomorrow.

942
00:51:25,682 --> 00:51:27,783
<i> We have made our military</i>
<i> better trained,</i>

943
00:51:27,785 --> 00:51:30,686
<i> better equipped,</i>
<i> and better prepared</i>

944
00:51:30,688 --> 00:51:33,456
<i> to meet the threats</i>
<i> facing America today</i>

945
00:51:33,458 --> 00:51:35,691
<i> and tomorrow</i>
<i> and long in the future.</i>

946
00:51:39,463 --> 00:51:42,098
Sanger:<i> Back in the end</i>
<i> of the bush administration,</i>

947
00:51:42,100 --> 00:51:44,033
<i> people within</i>
<i> the U.S. government</i>

948
00:51:44,035 --> 00:51:47,236
<i> were just beginning</i>
<i> to convince president bush</i>

949
00:51:47,238 --> 00:51:50,139
to pour money into
offensive cyber weapons.

950
00:51:51,108 --> 00:51:54,143
<i> Stuxnet started off</i>
<i> in the defense department.</i>

951
00:51:54,811 --> 00:51:57,113
<i> Then Robert gates,</i>
<i> secretary of defense,</i>

952
00:51:57,581 --> 00:51:59,748
<i> reviewed this program</i>
<i> and he said,</i>

953
00:51:59,750 --> 00:52:01,951
<i> "this program shouldn't be</i>
<i> in the defense department.</i>

954
00:52:01,953 --> 00:52:04,453
<i> This should really be under</i>
<i> the covert authorities</i>

955
00:52:04,455 --> 00:52:06,288
<i> over in</i>
<i> the intelligence world."</i>

956
00:52:07,257 --> 00:52:10,392
<i> So the CIA was</i>
<i> very deeply involved</i>

957
00:52:10,394 --> 00:52:11,861
<i> in this operation,</i>

958
00:52:12,162 --> 00:52:14,797
<i> while much of</i>
<i> the coding work was done</i>

959
00:52:14,799 --> 00:52:17,199
<i> by the</i>
<i> national security agency</i>

960
00:52:17,400 --> 00:52:20,469
<i> and unit 8200,</i>
<i> its Israeli equivalent,</i>

961
00:52:20,471 --> 00:52:24,306
<i> working together with a newly</i>
<i> created military position</i>

962
00:52:24,308 --> 00:52:26,642
<i> called U.S. cyber command.</i>

963
00:52:27,444 --> 00:52:31,647
<i>And interestingly, the director</i>
<i>of the national security agency</i>

964
00:52:31,649 --> 00:52:34,250
would also have
a second role

965
00:52:34,252 --> 00:52:37,987
as the commander
of U.S. cyber command.

966
00:52:38,455 --> 00:52:42,124
<i> And U.S. cyber command</i>
<i> is located</i>

967
00:52:42,126 --> 00:52:45,995
<i> at fort Meade in the</i>
<i> same building as the NSA.</i>

968
00:52:50,200 --> 00:52:52,234
Col. Gary d. Brown:
<i> I was deployed for a year</i>

969
00:52:52,502 --> 00:52:55,671
<i>giving advice on air operations</i>
<i> in Iraq and Afghanistan,</i>

970
00:52:55,673 --> 00:52:58,507
<i> and when I was returning home</i>
<i> after that,</i>

971
00:52:58,509 --> 00:53:00,509
<i> the assignment I was given</i>
<i> was to go</i>

972
00:53:00,511 --> 00:53:01,944
<i> to U.S. cyber command.</i>

973
00:53:03,113 --> 00:53:04,680
Cyber command is a...

974
00:53:04,981 --> 00:53:08,350
Is the military command
that's responsible for

975
00:53:08,352 --> 00:53:11,387
essentially the conducting
of the nation's military affairs

976
00:53:11,389 --> 00:53:12,788
in cyberspace.

977
00:53:13,290 --> 00:53:15,691
<i> The stated reason</i>
<i> the United States</i>

978
00:53:15,693 --> 00:53:17,860
<i> decided it needed</i>
<i> a cyber command</i>

979
00:53:17,862 --> 00:53:21,063
<i> was because of an event called</i>
<i> operation buckshot yankee.</i>

980
00:53:21,531 --> 00:53:23,132
Chris inglis:
<i> In the fall of 2008,</i>

981
00:53:23,134 --> 00:53:25,968
<i> we found some</i>
<i> adversaries inside</i>

982
00:53:25,970 --> 00:53:27,570
<i> of our classified networks.</i>

983
00:53:28,505 --> 00:53:30,072
While it wasn't completely true

984
00:53:30,074 --> 00:53:32,675
that we always assumed that
we were successful

985
00:53:32,677 --> 00:53:34,410
at defending things
at the barrier,

986
00:53:34,412 --> 00:53:36,579
at the... at the kind of
perimeter that we might have

987
00:53:36,581 --> 00:53:38,581
between our networks
and the outside world,

988
00:53:38,583 --> 00:53:40,649
there was a large confidence

989
00:53:40,651 --> 00:53:42,818
that we'd been
mostly successful.

990
00:53:43,153 --> 00:53:44,720
But that was a moment in time
when we came to

991
00:53:44,722 --> 00:53:48,290
the quick conclusion that it...
It's not really ever secure.

992
00:53:49,159 --> 00:53:51,860
<i> That then accelerated</i>
<i> the department of defense's</i>

993
00:53:51,862 --> 00:53:53,429
<i> progress towards</i>
<i> what ultimately</i>

994
00:53:53,431 --> 00:53:54,563
<i> became cyber command.</i>

995
00:53:57,867 --> 00:53:59,068
Good morning.

996
00:54:00,370 --> 00:54:01,570
Good morning.

997
00:54:01,738 --> 00:54:03,806
Good morning, sir. Cyber has
one item for you today.

998
00:54:04,274 --> 00:54:05,941
Earlier this week,
antok analysts

999
00:54:05,943 --> 00:54:08,277
detected a foreign adversary
using known methods

1000
00:54:08,279 --> 00:54:10,112
to access the U.S.
military network.

1001
00:54:10,580 --> 00:54:12,181
We identified
the malicious activity

1002
00:54:12,183 --> 00:54:14,116
via data collected through
our information assurance

1003
00:54:14,118 --> 00:54:15,618
and signals from
intelligence authorities

1004
00:54:15,620 --> 00:54:17,786
and confirmed
it was a cyber adversary.

1005
00:54:17,788 --> 00:54:20,456
We provided data to our
cyber partners within the dod...

1006
00:54:20,458 --> 00:54:22,725
You think of NSA
as an institution

1007
00:54:22,727 --> 00:54:25,594
that essentially uses
its abilities in cyberspace

1008
00:54:25,962 --> 00:54:28,364
to help defend communications
in that space.

1009
00:54:28,698 --> 00:54:30,633
<i> Cyber command extends</i>
<i> that capability</i>

1010
00:54:30,635 --> 00:54:34,003
<i> by saying that they will then</i>
<i> take responsibility to attack.</i>

1011
00:54:35,472 --> 00:54:38,474
Hayden:<i> NSA has no</i>
<i> legal authority to attack.</i>

1012
00:54:38,476 --> 00:54:40,709
<i> It's never had it,</i>
<i> I doubt that it ever will.</i>

1013
00:54:41,211 --> 00:54:43,279
It might explain why
U.S. cyber command

1014
00:54:43,281 --> 00:54:44,980
is sitting out at
fort Meade on top of

1015
00:54:44,982 --> 00:54:46,715
the national security agency,

1016
00:54:46,717 --> 00:54:49,485
because NSA has the abilities
to do these things.

1017
00:54:49,786 --> 00:54:52,588
Cyber command has the authority
to do these things.

1018
00:54:52,590 --> 00:54:55,824
And "these things" here
refer to the cyber-attack.

1019
00:54:55,826 --> 00:54:57,860
This is a huge change

1020
00:54:58,495 --> 00:55:02,164
for the nature of
the intelligence agencies.

1021
00:55:02,599 --> 00:55:05,401
<i> The NSA was supposed</i>
<i> to be a code-making</i>

1022
00:55:05,403 --> 00:55:07,770
<i> and code-breaking operation</i>

1023
00:55:07,772 --> 00:55:11,940
<i> to monitor the communications</i>
<i> of foreign powers</i>

1024
00:55:11,942 --> 00:55:13,342
<i> and American adversaries</i>

1025
00:55:13,344 --> 00:55:15,678
<i> in the defense</i>
<i> of the United States.</i>

1026
00:55:16,179 --> 00:55:19,682
<i> But creating a cyber command</i>
<i> meant using</i>

1027
00:55:19,684 --> 00:55:22,718
<i> the same technology</i>
<i> to do offense.</i>

1028
00:55:24,854 --> 00:55:28,857
<i> Once you get inside an</i>
<i> adversary's computer networks,</i>

1029
00:55:28,859 --> 00:55:31,694
<i> you put an implant</i>
<i> in that network.</i>

1030
00:55:31,928 --> 00:55:34,530
<i> And we have tens of thousands</i>
<i> of foreign computers</i>

1031
00:55:34,532 --> 00:55:37,266
<i> and networks that the</i>
<i> United States put implants in.</i>

1032
00:55:38,034 --> 00:55:41,036
<i> You can use it to monitor</i>
<i> what's going across</i>

1033
00:55:41,038 --> 00:55:43,038
<i>that network and you can use it</i>

1034
00:55:43,040 --> 00:55:46,275
<i> to insert cyber weapons,</i>
<i> malware.</i>

1035
00:55:47,377 --> 00:55:50,579
If you can spy on a network,
you can manipulate it.

1036
00:55:51,281 --> 00:55:53,015
It's already included.

1037
00:55:53,216 --> 00:55:55,551
The only thing you need
is an act of will.

1038
00:55:59,557 --> 00:56:01,357
NSA source:
<i> I played a role in Iraq.</i>

1039
00:56:01,359 --> 00:56:03,726
<i> I can't tell you</i>
<i>whether it was military or not,</i>

1040
00:56:03,728 --> 00:56:05,327
<i> but I can tell you</i>

1041
00:56:05,329 --> 00:56:07,663
<i> NSA had combat support teams</i>
<i> in country.</i>

1042
00:56:09,200 --> 00:56:11,867
<i> And for the first time,</i>
<i> units in the field</i>

1043
00:56:11,869 --> 00:56:14,269
<i>had direct access to NSA intel.</i>

1044
00:56:16,841 --> 00:56:18,707
<i> Over time, we thought</i>
<i> more about offense</i>

1045
00:56:18,709 --> 00:56:20,175
<i> than defense, you know,</i>

1046
00:56:20,177 --> 00:56:21,910
<i> more about attacking</i>
<i> than intelligence.</i>

1047
00:56:23,213 --> 00:56:26,248
<i> In the old days, sigint units</i>
<i> would try to track radios,</i>

1048
00:56:26,250 --> 00:56:28,517
<i> but through NSA in Iraq,</i>

1049
00:56:28,519 --> 00:56:30,552
<i> we had access</i>
<i> to all the networks</i>

1050
00:56:30,554 --> 00:56:32,087
<i> going in and out</i>
<i> of the country.</i>

1051
00:56:32,089 --> 00:56:34,156
<i> And we hoovered up</i>
<i> every text message,</i>

1052
00:56:34,158 --> 00:56:35,657
<i> email, and phone call.</i>

1053
00:56:36,192 --> 00:56:38,594
<i> A complete surveillance state.</i>

1054
00:56:39,496 --> 00:56:43,565
<i> We could find the bad guys,</i>
<i> say, a gang making ieds,</i>

1055
00:56:43,567 --> 00:56:47,102
<i> map their networks,</i>
<i> and follow them in real time.</i>

1056
00:56:47,104 --> 00:56:48,404
Soldier:<i> Roger.</i>

1057
00:56:48,406 --> 00:56:50,205
NSA source:<i> And we could</i>
<i> lock into cell phones</i>

1058
00:56:50,207 --> 00:56:52,274
<i> even when they were off</i>
<i> and send a fake text</i>

1059
00:56:52,276 --> 00:56:54,710
<i> from a friend,</i>
<i> suggest a meeting place,</i>

1060
00:56:54,712 --> 00:56:56,578
<i> and then capture...</i>

1061
00:56:56,580 --> 00:56:57,946
Soldier:<i> 1A, clear to fire.</i>

1062
00:56:58,415 --> 00:56:59,715
<i> ...or kill.</i>

1063
00:56:59,717 --> 00:57:00,816
Soldier:<i> Good shot.</i>

1064
00:57:03,853 --> 00:57:06,121
Brown:<i> A lot of the people</i>
<i> that came to cyber command,</i>

1065
00:57:06,123 --> 00:57:07,956
<i> the military guys,</i>
<i> came directly from</i>

1066
00:57:07,958 --> 00:57:09,958
<i> an assignment</i>
<i> in Afghanistan or Iraq,</i>

1067
00:57:09,960 --> 00:57:12,528
<i> 'cause those are the people</i>
<i> with experience</i>

1068
00:57:12,530 --> 00:57:14,463
<i> and expertise in operations,</i>

1069
00:57:14,465 --> 00:57:16,398
and those are the ones you want
looking at this

1070
00:57:16,400 --> 00:57:18,434
to see how
cyber could facilitate

1071
00:57:18,436 --> 00:57:20,669
traditional military operations.

1072
00:57:32,382 --> 00:57:34,216
NSA source:
<i> Fresh from the surge,</i>

1073
00:57:34,218 --> 00:57:38,720
<i> I went to work at NSA in '07</i>
<i> in a supervisory capacity.</i>

1074
00:57:38,722 --> 00:57:40,889
Gibney:<i> Exactly where</i>
<i> did you work?</i>

1075
00:57:40,891 --> 00:57:42,224
NSA source:<i> Fort Meade.</i>

1076
00:57:42,226 --> 00:57:43,959
<i> You know, I commuted</i>
<i> to that massive complex</i>

1077
00:57:43,961 --> 00:57:45,394
<i> every single day.</i>

1078
00:57:46,729 --> 00:57:51,033
<i> I was in tao-s321,</i>
<i> "the roc."</i>

1079
00:57:51,601 --> 00:57:53,669
Gibney:<i> Okay, the tao,</i>
<i> the roc?</i>

1080
00:57:53,837 --> 00:57:57,072
<i> Right, sorry. Tao is</i>
<i> tailored access operations.</i>

1081
00:57:57,074 --> 00:57:59,107
<i> It's where</i>
<i> NSA's hackers work.</i>

1082
00:57:59,109 --> 00:58:00,876
<i> Of course,</i>
<i> we didn't call them that.</i>

1083
00:58:01,144 --> 00:58:02,478
Gibney:<i> What did you call them?</i>

1084
00:58:02,645 --> 00:58:04,012
NSA source:<i> On net operators.</i>

1085
00:58:04,314 --> 00:58:06,849
<i> They're the only people at NSA</i>
<i> allowed to break in</i>

1086
00:58:06,851 --> 00:58:08,350
<i> or attack on the Internet.</i>

1087
00:58:09,352 --> 00:58:11,453
<i> Inside tao headquarters</i>
<i> is the roc,</i>

1088
00:58:11,455 --> 00:58:13,055
<i> remote operations center.</i>

1089
00:58:13,857 --> 00:58:17,059
<i> If the U.S. government</i>
<i> wants to get in somewhere,</i>

1090
00:58:18,127 --> 00:58:19,528
<i> it goes to the roc.</i>

1091
00:58:19,696 --> 00:58:22,564
<i> I mean, we were flooded</i>
<i> with requests.</i>

1092
00:58:23,299 --> 00:58:25,834
<i> So many that we could</i>
<i> only do about, mm,</i>

1093
00:58:25,836 --> 00:58:29,004
<i> 30% of the missions that were</i>
<i> requested of us at one time,</i>

1094
00:58:29,006 --> 00:58:30,639
<i> through the web</i>

1095
00:58:30,641 --> 00:58:33,509
<i> but also by hijacking</i>
<i> shipments of parts.</i>

1096
00:58:34,377 --> 00:58:36,378
<i> You know, sometimes the CIA</i>
<i> would assist</i>

1097
00:58:36,380 --> 00:58:39,014
<i> inputting implants</i>
<i> in machines,</i>

1098
00:58:40,216 --> 00:58:42,951
<i> so once inside</i>
<i> a target network,</i>

1099
00:58:43,820 --> 00:58:45,087
<i> we could just...</i>

1100
00:58:46,055 --> 00:58:47,256
<i> Watch...</i>

1101
00:58:48,992 --> 00:58:50,559
<i> Or we could attack.</i>

1102
00:58:54,364 --> 00:58:57,900
<i> Inside NSA was a strange</i>
<i> kind of culture,</i>

1103
00:58:57,902 --> 00:59:00,302
<i> like,</i>
<i> two parts macho military</i>

1104
00:59:00,304 --> 00:59:04,406
<i> and two parts cyber geek.</i>
<i> I mean, I came from Iraq,</i>

1105
00:59:04,408 --> 00:59:06,308
<i> so I was used to,</i>
<i> "yes, sir. No, sir."</i>

1106
00:59:06,310 --> 00:59:08,410
<i> But for the weapons</i>
<i> programmers</i>

1107
00:59:08,412 --> 00:59:10,979
<i> we needed more</i>
<i> "think outside the box" types.</i>

1108
00:59:11,814 --> 00:59:13,549
<i> From cubicle to cubicle,</i>

1109
00:59:13,551 --> 00:59:16,818
<i> you'd see lightsabers,</i>
<i> tribbles,</i>

1110
00:59:16,820 --> 00:59:18,987
<i> those</i> naruto<i> action figures,</i>

1111
00:59:18,989 --> 00:59:21,290
<i> lots of</i>
aqua teen hunger force.

1112
00:59:24,027 --> 00:59:27,629
<i> This one guy,</i>
<i> they were mostly guys,</i>

1113
00:59:28,598 --> 00:59:30,732
<i> who liked to wear</i>
<i> a yellow hooded cape,</i>

1114
00:59:31,200 --> 00:59:34,803
<i> he used a ton of gray legos</i>
<i> to build a massive death star.</i>

1115
00:59:37,840 --> 00:59:40,008
Gibney:<i> Were they all working</i>
<i> on stuxnet?</i>

1116
00:59:40,577 --> 00:59:42,611
NSA source:
<i> We never called it stuxnet.</i>

1117
00:59:42,613 --> 00:59:45,380
<i> That was the name invented</i>
<i> by the antivirus guys.</i>

1118
00:59:45,382 --> 00:59:47,382
<i> When it hit the papers,</i>

1119
00:59:47,384 --> 00:59:49,384
<i>we're not allowed to read about</i>
<i> classified operations,</i>

1120
00:59:49,386 --> 00:59:50,886
<i> even if it's in</i>
the New York times.

1121
00:59:50,888 --> 00:59:52,588
<i> We went out of our way</i>
<i> to avoid the term.</i>

1122
00:59:52,590 --> 00:59:54,523
<i> I mean,</i>
<i> saying "stuxnet" out loud</i>

1123
00:59:54,525 --> 00:59:56,692
<i> was like saying "Voldemort"</i>
<i> in</i> Harry Potter.

1124
00:59:56,694 --> 00:59:58,327
<i> The name that</i>
<i> shall not be spoken.</i>

1125
00:59:58,628 --> 01:00:00,128
Gibney:<i> What did</i>
<i> you call it then?</i>

1126
01:00:08,605 --> 01:00:12,140
<i> The natanz attack,</i>
<i> and this is out there already,</i>

1127
01:00:13,042 --> 01:00:17,012
<i> was called</i>
<i> olympic games or og.</i>

1128
01:00:20,550 --> 01:00:22,985
<i> There was a huge operation</i>
<i> to test the code</i>

1129
01:00:22,987 --> 01:00:25,354
<i> on plcs</i>
<i> here are fort Meade</i>

1130
01:00:25,922 --> 01:00:28,357
<i>and in sandia, new Mexico.</i>

1131
01:00:30,126 --> 01:00:31,560
<i> Remember during the bush era</i>

1132
01:00:31,562 --> 01:00:33,996
<i> when Libya turned over</i>
<i> all the centrifuges?</i>

1133
01:00:34,430 --> 01:00:36,598
<i> Those were the same models</i>
<i> the iranians got</i>

1134
01:00:36,600 --> 01:00:38,900
<i> from a.Q. Khan.</i>
<i> P1's.</i>

1135
01:00:40,303 --> 01:00:42,771
<i> We took them to oak Ridge</i>
<i> and used them</i>

1136
01:00:42,773 --> 01:00:46,308
<i> to test the code</i>
<i> which demolished the insides.</i>

1137
01:00:47,343 --> 01:00:51,213
<i> At dimona, the Israelis also</i>
<i> tested on the p1's.</i>

1138
01:00:52,649 --> 01:00:55,250
<i> Then, partly by using</i>
<i> our intel on Iran,</i>

1139
01:00:55,252 --> 01:00:58,487
<i> we got the plans for</i>
<i> the newer models, the ir-2's.</i>

1140
01:00:59,355 --> 01:01:01,590
<i> We tried out different</i>
<i> attack vectors.</i>

1141
01:01:01,592 --> 01:01:05,894
<i>We ended up focusing on ways to</i>
<i> destroy the rotor tubes.</i>

1142
01:01:06,796 --> 01:01:10,232
<i> In the tests we ran,</i>
<i> we blew them apart.</i>

1143
01:01:11,701 --> 01:01:13,635
They swept up the pieces,

1144
01:01:13,637 --> 01:01:16,338
they put it on an airplane,
they flew it to Washington,

1145
01:01:16,340 --> 01:01:18,040
they stuck it in the truck,

1146
01:01:18,042 --> 01:01:20,008
they drove it through the gates
of the white house,

1147
01:01:20,010 --> 01:01:24,146
and dumped the shards out
on the conference room table

1148
01:01:24,148 --> 01:01:25,847
in the situation room.

1149
01:01:25,849 --> 01:01:27,382
And then they invited
president bush

1150
01:01:27,384 --> 01:01:28,950
to come down
and take a look.

1151
01:01:28,952 --> 01:01:30,786
And when he could pick up
the shard

1152
01:01:30,788 --> 01:01:32,554
of a piece of centrifuge...

1153
01:01:33,523 --> 01:01:35,757
He was convinced
this might be worth it,

1154
01:01:36,059 --> 01:01:37,859
and he said,
"go ahead and try."

1155
01:01:38,695 --> 01:01:41,630
Gibney: Was there legal concern
inside the bush administration

1156
01:01:41,632 --> 01:01:44,032
that this might be
an act of undeclared war?

1157
01:01:44,967 --> 01:01:48,737
If there were concerns,
i haven't found them.

1158
01:01:50,006 --> 01:01:52,674
That doesn't mean that
they didn't exist

1159
01:01:52,676 --> 01:01:54,676
and that some lawyers
somewhere

1160
01:01:54,678 --> 01:01:56,244
weren't concerned about it,

1161
01:01:56,246 --> 01:01:59,581
but this was
an entirely new territory.

1162
01:02:00,183 --> 01:02:02,684
At the time, there were really
very few people

1163
01:02:02,686 --> 01:02:06,822
who had expertise specifically
on the law of war and cyber.

1164
01:02:07,223 --> 01:02:09,491
And basically what we did was
looking at, okay,

1165
01:02:09,493 --> 01:02:10,959
here's our broad direction.

1166
01:02:11,527 --> 01:02:14,129
Now, let's look...
Technically what can we do

1167
01:02:14,530 --> 01:02:16,398
to facilitate
this broad direction?

1168
01:02:16,666 --> 01:02:19,534
After that, maybe the...
I would come in

1169
01:02:19,536 --> 01:02:22,104
or one of my lawyers
would come in and say,

1170
01:02:22,106 --> 01:02:26,074
"okay, this is what we may do."
Okay.

1171
01:02:27,177 --> 01:02:28,276
There are many things
we can do,

1172
01:02:28,278 --> 01:02:30,278
but we are not allowed
to do them.

1173
01:02:30,280 --> 01:02:32,414
And then after that,
there's still a final level

1174
01:02:32,416 --> 01:02:34,316
that we look at and that's,
what should we do?

1175
01:02:34,717 --> 01:02:36,685
Because there are many things
that would be

1176
01:02:36,687 --> 01:02:39,955
technically possible
and technically legal

1177
01:02:39,957 --> 01:02:41,490
but a bad idea.

1178
01:02:42,024 --> 01:02:45,727
<i> For natanz,</i>
<i> it was a CIA-led operation,</i>

1179
01:02:45,729 --> 01:02:48,163
<i> so we had to have</i>
<i> agency sign-off.</i>

1180
01:02:48,464 --> 01:02:49,631
Gibney:<i> Really?</i>

1181
01:02:49,799 --> 01:02:52,634
<i> Someone from the agency</i>

1182
01:02:53,469 --> 01:02:55,604
<i> stood behind the operator</i>
<i> and the analyst</i>

1183
01:02:55,606 --> 01:02:58,540
<i> and gave the order to launch</i>
<i> every attack.</i>

1184
01:03:06,149 --> 01:03:07,983
Chien:<i> Before they had</i>
<i> even started this attack,</i>

1185
01:03:07,985 --> 01:03:10,218
<i> they put inside of the code</i>
<i> the kill date,</i>

1186
01:03:10,553 --> 01:03:12,320
<i> a date at which it would stop</i>
<i> operating.</i>

1187
01:03:12,889 --> 01:03:14,990
O'murchu:<i> Cutoff dates,</i>
<i>we don't normally see that</i>

1188
01:03:14,992 --> 01:03:16,658
<i> in other threats,</i>
<i> and you have to think,</i>

1189
01:03:16,660 --> 01:03:18,560
<i> "well, why is there</i>
<i> a cutoff date in there?"</i>

1190
01:03:18,995 --> 01:03:21,429
And when you realize that,
well, stuxnet was probably

1191
01:03:21,431 --> 01:03:24,633
written by government
and that there are laws

1192
01:03:24,635 --> 01:03:27,502
regarding how you can use
this sort of software,

1193
01:03:27,504 --> 01:03:30,138
that there may have been a legal
team who said, "no, you...

1194
01:03:30,140 --> 01:03:32,340
You need to have
a cutoff date in there,

1195
01:03:32,342 --> 01:03:34,442
and you can only do this
and you can only go that far

1196
01:03:34,444 --> 01:03:36,077
and we need to check
if this is legal or not.

1197
01:03:38,114 --> 01:03:41,383
<i> That date is a few days before</i>
<i> Obama's inauguration.</i>

1198
01:03:42,418 --> 01:03:45,287
<i> So the theory was that</i>
<i> this was an operation</i>

1199
01:03:45,289 --> 01:03:47,689
<i> that needed to be stopped</i>
<i> at a certain time</i>

1200
01:03:47,691 --> 01:03:50,091
<i> because there was</i>
<i> gonna be a handover</i>

1201
01:03:50,093 --> 01:03:52,427
<i> and that more approval</i>
<i> was needed.</i>

1202
01:03:55,666 --> 01:03:57,532
Are you prepared to take
the oath, senator?

1203
01:03:57,534 --> 01:03:58,767
I am.

1204
01:03:59,135 --> 01:04:01,102
I,
Barack Hussein Obama...

1205
01:04:01,104 --> 01:04:02,637
- I, Barack...
- Do solemnly swear...

1206
01:04:02,639 --> 01:04:05,240
I, Barack Hussein Obama,
do solemnly swear...

1207
01:04:05,441 --> 01:04:08,977
Sanger:<i> Olympic games was</i>
<i>reauthorized by president Obama</i>

1208
01:04:08,979 --> 01:04:10,779
<i> in his first year in office,</i>
<i> 2009.</i>

1209
01:04:15,284 --> 01:04:17,385
<i> It was fascinating because it</i>
<i> was the first year of</i>

1210
01:04:17,387 --> 01:04:19,387
<i> the Obama administration and</i>
<i> they would talk to you</i>

1211
01:04:19,389 --> 01:04:22,190
<i> endlessly about cyber defense.</i>

1212
01:04:22,959 --> 01:04:24,125
Obama:<i> We count on</i>
<i> computer networks</i>

1213
01:04:24,127 --> 01:04:27,262
<i> to deliver our oil and gas,</i>
<i> our power, and our water.</i>

1214
01:04:27,563 --> 01:04:30,799
<i> We rely on them for</i>
<i> public transportation</i>

1215
01:04:30,801 --> 01:04:32,367
<i> and air traffic control.</i>

1216
01:04:32,735 --> 01:04:34,836
But just as we failed
in the past

1217
01:04:34,838 --> 01:04:36,872
to invest in
our physical infrastructure,

1218
01:04:37,173 --> 01:04:39,541
our roads,
our Bridges, and rails,

1219
01:04:39,876 --> 01:04:41,576
we failed to invest
in the security

1220
01:04:41,578 --> 01:04:43,445
of our digital infrastructure.

1221
01:04:43,646 --> 01:04:46,047
Sanger:<i> He was running</i>
<i> east room events</i>

1222
01:04:46,249 --> 01:04:48,984
<i> trying to get people to focus</i>
<i> on the need to</i>

1223
01:04:48,986 --> 01:04:50,919
<i> defend cyber networks</i>

1224
01:04:50,921 --> 01:04:52,654
and defend
American infrastructure.

1225
01:04:53,022 --> 01:04:56,558
But when you asked questions
about the use of

1226
01:04:56,560 --> 01:05:00,161
offensive cyber weapons,
everything went dead.

1227
01:05:00,163 --> 01:05:01,897
No cooperation.

1228
01:05:01,899 --> 01:05:03,999
White house wouldn't help,
Pentagon wouldn't help,

1229
01:05:04,001 --> 01:05:05,166
NSA wouldn't help.

1230
01:05:05,401 --> 01:05:06,835
Nobody would talk to you
about it.

1231
01:05:07,737 --> 01:05:09,371
<i> But when you dug into</i>
<i> the budget</i>

1232
01:05:09,373 --> 01:05:12,607
<i> for cyber spending during</i>
<i> the Obama administration,</i>

1233
01:05:12,609 --> 01:05:14,542
<i> what you discovered was</i>

1234
01:05:14,544 --> 01:05:17,946
<i> much of it was being spent</i>
<i> on offensive cyber weapons.</i>

1235
01:05:19,749 --> 01:05:24,252
<i> You see phrases like</i>
<i> "title 10 cno."</i>

1236
01:05:24,687 --> 01:05:27,956
<i> Title 10 means operations</i>
<i> for the U.S. military,</i>

1237
01:05:28,224 --> 01:05:32,494
<i> and cno means</i>
<i> computer network operations.</i>

1238
01:05:33,195 --> 01:05:34,763
<i> This is considerable evidence</i>

1239
01:05:34,765 --> 01:05:37,365
that stuxnet was just
the opening wedge

1240
01:05:38,034 --> 01:05:41,836
of what is a much broader
U.S. government effort now

1241
01:05:42,271 --> 01:05:45,307
to develop an entire new class
of weapons.

1242
01:05:50,880 --> 01:05:53,615
Chien:<i> Stuxnet wasn't just</i>
<i> an evolution.</i>

1243
01:05:53,617 --> 01:05:56,284
<i> It was really a revolution</i>
<i> in the threat landscape.</i>

1244
01:05:58,087 --> 01:06:01,056
<i> In the past, the vast majority</i>
<i> of threats that we saw</i>

1245
01:06:01,058 --> 01:06:03,058
<i> were always controlled by</i>
<i> an operator somewhere.</i>

1246
01:06:03,060 --> 01:06:04,759
They would infect
your machines,

1247
01:06:04,761 --> 01:06:06,594
but they would have what's
called a callback

1248
01:06:06,596 --> 01:06:08,129
or a command-and-control
channel.

1249
01:06:08,297 --> 01:06:10,432
The threats would actually
contact the operator

1250
01:06:10,434 --> 01:06:11,833
and say, what do you want me
to do next?

1251
01:06:11,835 --> 01:06:13,401
And the operator would
send down commands

1252
01:06:13,403 --> 01:06:15,337
<i> and say, maybe, search through</i>
<i> this directory,</i>

1253
01:06:15,339 --> 01:06:17,272
<i> find these folders,</i>
<i> find these files,</i>

1254
01:06:17,274 --> 01:06:19,107
<i> upload these files to me,</i>
<i> spread to this other machine,</i>

1255
01:06:19,109 --> 01:06:20,575
<i> things of that nature.</i>

1256
01:06:21,110 --> 01:06:24,179
<i> But stuxnet couldn't have</i>
<i> a command-and-control channel</i>

1257
01:06:24,647 --> 01:06:27,415
because once it got
inside in natanz

1258
01:06:27,417 --> 01:06:30,151
it would not have been able to
reach back out to the attackers.

1259
01:06:30,153 --> 01:06:32,454
The natanz network
is completely air gapped

1260
01:06:32,456 --> 01:06:33,655
from the rest of the Internet.

1261
01:06:33,657 --> 01:06:35,023
It's not connected to
the Internet.

1262
01:06:35,025 --> 01:06:36,491
It's its own isolated network.

1263
01:06:36,493 --> 01:06:38,259
Generally, getting across
an air gap is...

1264
01:06:38,261 --> 01:06:39,861
Is one of the more difficult
challenges

1265
01:06:39,863 --> 01:06:42,130
that attackers will face
just because of the fact that

1266
01:06:42,132 --> 01:06:45,033
there... everything is in place
to prevent that.

1267
01:06:45,035 --> 01:06:47,602
You know, everything, you know,
the policies and procedures

1268
01:06:47,604 --> 01:06:49,504
and the physical network
that's in place is

1269
01:06:49,506 --> 01:06:52,974
specifically designed to prevent
you crossing the air gap.

1270
01:06:52,976 --> 01:06:55,443
But there's no
truly air-gapped network

1271
01:06:55,445 --> 01:06:57,712
in these real-world production
environments.

1272
01:06:57,714 --> 01:06:59,781
People gotta get new code
into natanz.

1273
01:06:59,783 --> 01:07:02,684
People have to get log files off
of this network in natanz.

1274
01:07:02,686 --> 01:07:04,152
People have to upgrade
equipment.

1275
01:07:04,154 --> 01:07:05,854
People have to upgrade
computers.

1276
01:07:06,055 --> 01:07:09,190
This highlights
one of the major

1277
01:07:09,692 --> 01:07:12,627
security issues
that we have in the field.

1278
01:07:12,629 --> 01:07:15,530
If you think,
"well, nobody can attack

1279
01:07:15,532 --> 01:07:17,799
this power plant
or this chemical plant

1280
01:07:17,801 --> 01:07:19,534
because it's not connected
to the Internet,"

1281
01:07:19,536 --> 01:07:21,403
that's a bizarre illusion.

1282
01:07:25,041 --> 01:07:28,376
NSA source:<i> The first time we</i>
<i>introduced the code into natanz</i>

1283
01:07:28,911 --> 01:07:30,712
<i> we used human assets,</i>

1284
01:07:31,580 --> 01:07:35,150
<i> maybe CIA,</i>
<i> more likely Mossad,</i>

1285
01:07:35,152 --> 01:07:38,553
<i> but our team was kept in</i>
<i>the dark about the trade craft.</i>

1286
01:07:39,488 --> 01:07:41,990
<i> We heard rumors in Moscow,</i>

1287
01:07:41,992 --> 01:07:45,827
<i> an iranian laptop infected</i>
<i> by a phony Siemens technician</i>

1288
01:07:45,829 --> 01:07:47,128
<i> with a flash drive...</i>

1289
01:07:48,664 --> 01:07:51,800
<i> A double agent in Iran</i>
<i> with access to natanz,</i>

1290
01:07:52,368 --> 01:07:54,102
<i> but I don't really know.</i>

1291
01:07:54,104 --> 01:07:56,805
<i> What we had to focus on</i>
<i> was to write the code</i>

1292
01:07:57,406 --> 01:08:00,842
<i> so that, once inside,</i>
<i> the worm acted on its own.</i>

1293
01:08:01,043 --> 01:08:03,411
They built in all the code
and all the logic

1294
01:08:03,413 --> 01:08:06,214
into the threat to be able
to operate all by itself.

1295
01:08:06,216 --> 01:08:08,450
<i> It had the ability</i>
<i> to spread by itself.</i>

1296
01:08:08,452 --> 01:08:11,519
<i> It had the ability to figure</i>
<i> out, do I have the right plcs?</i>

1297
01:08:11,521 --> 01:08:14,456
<i> Have I arrived in natanz?</i>
<i> Am I at the target?</i>

1298
01:08:14,458 --> 01:08:16,024
Langner:
<i> And when it's on target,</i>

1299
01:08:16,026 --> 01:08:18,193
<i> it executes autonomously.</i>

1300
01:08:18,561 --> 01:08:21,863
That also means you...
You cannot call off the attack.

1301
01:08:22,531 --> 01:08:24,265
It was definitely
the type of attack

1302
01:08:24,867 --> 01:08:26,367
where someone had decided

1303
01:08:27,069 --> 01:08:28,870
that this is
what they wanted to do.

1304
01:08:29,405 --> 01:08:32,207
There was no turning back
once stuxnet was released.

1305
01:08:37,413 --> 01:08:39,547
<i> When it began to actually</i>
<i> execute its payload,</i>

1306
01:08:39,549 --> 01:08:41,816
<i> you would have a whole bunch</i>
<i> of centrifuges</i>

1307
01:08:41,818 --> 01:08:44,919
<i> in a huge array of cascades</i>
<i> sitting in a big hall.</i>

1308
01:08:44,921 --> 01:08:47,122
<i> And then just off that hall</i>

1309
01:08:47,124 --> 01:08:48,923
<i> you would have</i>
<i> an operators room,</i>

1310
01:08:48,925 --> 01:08:50,792
<i> the control panels in</i>
<i> front of them, a big window</i>

1311
01:08:50,794 --> 01:08:52,227
<i> where they could</i>
<i> see into the hall.</i>

1312
01:08:52,795 --> 01:08:54,996
<i> Computers monitor</i>
<i> the activities</i>

1313
01:08:54,998 --> 01:08:56,364
<i> of all these centrifuges.</i>

1314
01:08:57,233 --> 01:09:01,302
So a centrifuge, it's driven
by an electrical motor.

1315
01:09:01,904 --> 01:09:04,806
And the speed of
this electrical motor

1316
01:09:04,808 --> 01:09:08,009
is controlled by another plc,

1317
01:09:08,011 --> 01:09:09,711
by another
programmable logic controller.

1318
01:09:11,914 --> 01:09:15,617
Chien:<i> Stuxnet would wait</i>
<i> for 13 days</i>

1319
01:09:15,619 --> 01:09:16,918
<i> before doing anything,</i>

1320
01:09:16,920 --> 01:09:19,020
<i> because 13 days is</i>
<i> about the time it takes</i>

1321
01:09:19,022 --> 01:09:21,990
<i> to actually fill an entire</i>
<i> cascade of centrifuges</i>

1322
01:09:21,992 --> 01:09:23,525
<i> with uranium.</i>

1323
01:09:23,826 --> 01:09:26,661
They didn't want to attack when
the centrifuges essentially

1324
01:09:26,663 --> 01:09:29,030
were empty or at the beginning
of the enrichment process.

1325
01:09:30,299 --> 01:09:32,667
<i> What stuxnet did</i>
<i>was it actually would sit there</i>

1326
01:09:32,669 --> 01:09:35,370
<i> during the 13 days</i>
<i> and basically record</i>

1327
01:09:35,372 --> 01:09:37,372
<i> all of the normal activities</i>

1328
01:09:37,374 --> 01:09:38,907
<i> that were happening</i>
<i> and save it.</i>

1329
01:09:39,708 --> 01:09:42,043
<i> And once they saw</i>
<i> them spinning for 13 days,</i>

1330
01:09:42,045 --> 01:09:43,678
<i> then the attack occurred.</i>

1331
01:09:44,446 --> 01:09:46,714
<i> Centrifuges spin</i>
<i> at incredible speeds,</i>

1332
01:09:46,716 --> 01:09:48,650
<i> about 1,000 hertz.</i>

1333
01:09:48,652 --> 01:09:51,019
Langner:<i> They have</i>
<i> a safe operating speed,</i>

1334
01:09:51,021 --> 01:09:53,855
<i> 63,000 revolutions per minute.</i>

1335
01:09:54,156 --> 01:09:56,724
Chien:<i> Stuxnet caused the</i>
<i> uranium enrichment centrifuges</i>

1336
01:09:56,726 --> 01:09:59,027
<i> to spin up to 1,400 hertz.</i>

1337
01:09:59,029 --> 01:10:01,763
Langner:<i> Up to 80,000</i>
<i> revolutions per minute.</i>

1338
01:10:05,234 --> 01:10:07,669
What would happen
was those centrifuges

1339
01:10:07,671 --> 01:10:09,938
would go through what's called
a resonance frequency.

1340
01:10:10,472 --> 01:10:12,707
<i>It would go through a frequency</i>
<i> at which the metal would</i>

1341
01:10:12,709 --> 01:10:14,576
<i> basically vibrate</i>
<i> uncontrollably</i>

1342
01:10:14,578 --> 01:10:15,877
<i> and essentially shatter.</i>

1343
01:10:16,045 --> 01:10:18,246
<i> There'd be uranium gas</i>
<i> everywhere.</i>

1344
01:10:19,381 --> 01:10:21,249
And then the second attack
they attempted

1345
01:10:21,251 --> 01:10:23,551
was they actually tried
to lower it to two hertz.

1346
01:10:23,553 --> 01:10:27,255
They were slowed down
to almost standstill.

1347
01:10:28,023 --> 01:10:30,558
Chien:<i> And at two hertz, sort of</i>
<i> an opposite effect occurs.</i>

1348
01:10:30,560 --> 01:10:32,827
<i> You can imagine a toy top</i>
<i> that you spin</i>

1349
01:10:32,829 --> 01:10:35,730
<i> and as the top begins to</i>
<i>slow down, it begins to wobble.</i>

1350
01:10:35,732 --> 01:10:37,732
<i> That's what would happen</i>
<i> to these centrifuges.</i>

1351
01:10:37,734 --> 01:10:39,767
<i> They'd begin to wobble</i>
<i> and essentially shatter</i>

1352
01:10:39,769 --> 01:10:41,002
<i> and fall apart.</i>

1353
01:10:44,774 --> 01:10:47,609
And instead of sending back
to the computer

1354
01:10:47,611 --> 01:10:49,244
what was really happening,
it would send back

1355
01:10:49,246 --> 01:10:51,212
that old data
that it had recorded.

1356
01:10:51,214 --> 01:10:53,014
<i> So the computer's sitting</i>
<i> there thinking,</i>

1357
01:10:53,016 --> 01:10:54,716
<i> "yep, running at 1,000 hertz,</i>
<i> everything is fine.</i>

1358
01:10:54,718 --> 01:10:56,618
<i> Running at 1,000 hertz,</i>
<i> everything is fine."</i>

1359
01:10:56,620 --> 01:10:59,454
<i> But those centrifuges are</i>
<i>potentially spinning up wildly,</i>

1360
01:10:59,456 --> 01:11:01,256
<i> a huge noise would occur.</i>

1361
01:11:01,258 --> 01:11:03,258
<i> It'd be like, you know,</i>
<i> a jet engine.</i>

1362
01:11:06,796 --> 01:11:08,396
So the operators
then would know, "whoa,

1363
01:11:08,398 --> 01:11:10,031
something is
going wrong here."

1364
01:11:10,033 --> 01:11:11,966
They might look at their
monitors and say, "hmm,

1365
01:11:11,968 --> 01:11:14,435
it says it's 1,000 hertz," but
they would hear that in the room

1366
01:11:14,437 --> 01:11:16,237
something gravely bad
was happening.

1367
01:11:16,239 --> 01:11:19,607
Not only are the operators
fooled into thinking

1368
01:11:19,609 --> 01:11:21,409
everything's normal,

1369
01:11:21,411 --> 01:11:25,747
but also any kind of automated
protective logic

1370
01:11:25,749 --> 01:11:27,515
is fooled.

1371
01:11:28,384 --> 01:11:30,285
Chien:<i> You can't just turn</i>
<i> these centrifuges off.</i>

1372
01:11:30,586 --> 01:11:33,221
<i> They have to be brought down</i>
<i> in a very controlled manner.</i>

1373
01:11:33,223 --> 01:11:35,390
<i> And so they would hit,</i>
<i> literally, the big red button</i>

1374
01:11:35,392 --> 01:11:36,991
<i> to initiate</i>
<i> a graceful shutdown,</i>

1375
01:11:37,326 --> 01:11:39,427
<i> and stuxnet intercepts</i>
<i> that code.</i>

1376
01:11:39,429 --> 01:11:40,995
<i> So you would have</i>
<i> these operators</i>

1377
01:11:40,997 --> 01:11:43,131
<i> slamming on that button</i>
<i> over and over again</i>

1378
01:11:43,133 --> 01:11:44,299
<i> and nothing would happen.</i>

1379
01:11:45,601 --> 01:11:49,170
Yadlin:<i> If your cyber weapon</i>
<i> is good enough,</i>

1380
01:11:49,172 --> 01:11:51,906
<i> if your enemy is not</i>
<i> aware of it,</i>

1381
01:11:52,174 --> 01:11:55,810
it is an ideal weapon,
because the enemy

1382
01:11:55,812 --> 01:11:57,879
even don't understand
what is happening to it.

1383
01:11:58,447 --> 01:12:00,415
Gibney: Maybe even better if
the enemy begins to doubt

1384
01:12:00,417 --> 01:12:02,717
- their own capability.
- Absolutely.

1385
01:12:03,419 --> 01:12:06,287
Certainly one must conclude

1386
01:12:06,289 --> 01:12:09,090
that what happened
at natanz

1387
01:12:09,092 --> 01:12:11,492
must have driven
the engineers crazy,

1388
01:12:11,494 --> 01:12:13,961
<i> because the worst thing</i>
<i> that can happen</i>

1389
01:12:13,963 --> 01:12:17,865
<i> to a maintenance engineer</i>
<i>is not being able to figure out</i>

1390
01:12:17,867 --> 01:12:20,668
<i> what the cause</i>
<i> of specific trouble is.</i>

1391
01:12:20,670 --> 01:12:24,038
<i> So they must have been</i>
<i> analyzing themselves to death.</i>

1392
01:12:26,775 --> 01:12:29,577
Heinonen:<i> You know, you see</i>
<i> centrifuges blowing up.</i>

1393
01:12:29,945 --> 01:12:33,748
<i> You look the computer screens,</i>
<i> they go with the proper speed.</i>

1394
01:12:34,116 --> 01:12:37,785
There's a proper gas pressure.
Everything looks beautiful.

1395
01:12:40,389 --> 01:12:43,524
Sanger:<i> Through 2009</i>
<i> it was going pretty smoothly.</i>

1396
01:12:43,526 --> 01:12:45,360
<i> Centrifuges were blowing up.</i>

1397
01:12:45,362 --> 01:12:48,029
<i>The international atomic energy</i>
<i> agency inspectors</i>

1398
01:12:48,031 --> 01:12:50,531
<i> would go in to natanz</i>
<i> and they would see that</i>

1399
01:12:50,533 --> 01:12:53,434
<i> whole sections of the</i>
<i> centrifuges had been removed.</i>

1400
01:12:54,670 --> 01:12:57,739
The United States knew
from its intelligence channels

1401
01:12:57,741 --> 01:13:01,242
that some iranian scientists
and engineers

1402
01:13:01,244 --> 01:13:05,012
were being fired because
the centrifuges were blowing up

1403
01:13:05,014 --> 01:13:08,149
and the iranians had assumed
that this was because

1404
01:13:08,151 --> 01:13:11,652
they had been making errors
or manufacturing mistakes.

1405
01:13:11,654 --> 01:13:13,287
Clearly this was
somebody's fault.

1406
01:13:14,390 --> 01:13:16,424
So the program was doing

1407
01:13:16,426 --> 01:13:18,259
exactly what it was supposed
to be doing,

1408
01:13:18,560 --> 01:13:21,329
which was it was
blowing up centrifuges

1409
01:13:21,563 --> 01:13:23,398
and it was leaving no trace

1410
01:13:24,066 --> 01:13:26,167
and leaving the iranians
to wonder

1411
01:13:26,602 --> 01:13:27,969
what they got hit by.

1412
01:13:28,437 --> 01:13:31,072
This was the brilliance
of olympic games.

1413
01:13:31,373 --> 01:13:33,074
You know, as a former director
of a couple of big

1414
01:13:33,076 --> 01:13:34,342
3-letter agencies,

1415
01:13:34,710 --> 01:13:37,145
slowing down 1,000 centrifuges
in natanz...

1416
01:13:38,013 --> 01:13:39,347
Abnormally good.

1417
01:13:39,349 --> 01:13:41,949
There was a need for... for...
For buying time.

1418
01:13:41,951 --> 01:13:44,585
There was a need for
slowing them down.

1419
01:13:44,587 --> 01:13:46,521
There was the need to try
to push them

1420
01:13:46,523 --> 01:13:47,889
to the negotiating table.

1421
01:13:47,891 --> 01:13:50,191
I mean, there are a lot
of variables at play here.

1422
01:13:54,530 --> 01:13:58,166
Sanger:<i> President Obama would go</i>
<i> down into the situation room,</i>

1423
01:13:58,600 --> 01:14:01,869
<i> and he would have laid out</i>
<i> in front of him</i>

1424
01:14:01,871 --> 01:14:03,538
<i> what they called</i>
<i> the horse blanket,</i>

1425
01:14:03,540 --> 01:14:05,740
<i> which was a giant schematic</i>

1426
01:14:05,742 --> 01:14:09,210
<i> of the natanz</i>
<i> nuclear enrichment plan.</i>

1427
01:14:09,778 --> 01:14:12,880
<i> And the designers</i>
<i> of olympic games</i>

1428
01:14:12,882 --> 01:14:16,050
<i> would describe to him</i>
<i>what kind of progress they made</i>

1429
01:14:16,052 --> 01:14:18,319
<i> and look for him</i>
<i> for the authorization</i>

1430
01:14:18,321 --> 01:14:20,555
<i> to move on ahead</i>
<i> to the next attack.</i>

1431
01:14:22,391 --> 01:14:24,425
<i> And at one point</i>
<i> during those discussions,</i>

1432
01:14:24,427 --> 01:14:26,160
<i> he said to a number</i>
<i> of his aides,</i>

1433
01:14:26,162 --> 01:14:27,762
<i> "you know,</i>
<i> I have some concerns</i>

1434
01:14:27,764 --> 01:14:30,231
<i> because once word of this</i>
<i> gets out,"</i>

1435
01:14:30,233 --> 01:14:31,899
<i> and eventually he knew</i>
<i> it would get out,</i>

1436
01:14:31,901 --> 01:14:33,901
<i> "the Chinese may use it</i>
<i> as an excuse</i>

1437
01:14:33,903 --> 01:14:37,238
<i> for their attacks on us.</i>
<i> The Russians might or others."</i>

1438
01:14:37,773 --> 01:14:40,808
So he clearly
had some misgivings,

1439
01:14:41,443 --> 01:14:43,244
but they weren't big enough
to stop him

1440
01:14:43,246 --> 01:14:44,645
from going ahead with
the program.

1441
01:14:45,848 --> 01:14:49,016
<i> And then in 2010,</i>

1442
01:14:49,351 --> 01:14:52,587
<i> a decision was made</i>
<i> to change the code.</i>

1443
01:14:58,427 --> 01:14:59,861
<i> Our human assets</i>

1444
01:15:00,496 --> 01:15:03,965
<i> weren't always able to get</i>
<i> code updates into natanz</i>

1445
01:15:03,967 --> 01:15:06,100
<i> and we weren't told</i>
<i> exactly why,</i>

1446
01:15:06,668 --> 01:15:10,705
<i>but we were told we had to have</i>
<i> a cyber solution</i>

1447
01:15:10,707 --> 01:15:12,206
<i> for delivering the code.</i>

1448
01:15:12,641 --> 01:15:15,209
<i> But the delivery systems</i>
<i> were tricky.</i>

1449
01:15:15,511 --> 01:15:18,179
<i> If they weren't aggressive</i>
<i> enough, they wouldn't get in.</i>

1450
01:15:18,480 --> 01:15:20,848
<i> If they were too aggressive,</i>
<i> they could spread</i>

1451
01:15:21,283 --> 01:15:22,517
<i> and be discovered.</i>

1452
01:15:24,520 --> 01:15:26,287
Chien:<i> When we got</i>
<i> the first sample,</i>

1453
01:15:26,289 --> 01:15:28,623
<i> there was some configuration</i>
<i> information inside of it.</i>

1454
01:15:28,625 --> 01:15:31,859
<i> And one of the pieces in there</i>
<i> was a version number, 1.1</i>

1455
01:15:32,861 --> 01:15:34,161
and that made us realize,

1456
01:15:34,163 --> 01:15:36,397
well, look, this likely isn't
the only copy.

1457
01:15:36,399 --> 01:15:38,633
We went back through
our databases looking for

1458
01:15:38,635 --> 01:15:41,102
anything that
looks similar to stuxnet.

1459
01:15:42,838 --> 01:15:44,539
Chien:<i> As we began to collect</i>
<i> more samples,</i>

1460
01:15:44,541 --> 01:15:46,440
<i>we found a few earlier versions</i>
<i> of stuxnet.</i>

1461
01:15:47,509 --> 01:15:49,210
O'murchu:<i> And when we</i>
<i> analyzed that code,</i>

1462
01:15:49,212 --> 01:15:51,879
<i> we saw that versions</i>
<i> previous to 1.1</i>

1463
01:15:51,881 --> 01:15:53,548
<i> were a lot less aggressive.</i>

1464
01:15:54,016 --> 01:15:55,850
The earlier version
of stuxnet,

1465
01:15:55,852 --> 01:15:58,019
it basically required
humans to do a little bit

1466
01:15:58,021 --> 01:16:00,354
of double clicking
in order for it to spread

1467
01:16:00,356 --> 01:16:01,889
from one computer
to another.

1468
01:16:01,891 --> 01:16:04,158
And, so, what we believe
after looking at that code

1469
01:16:04,160 --> 01:16:05,293
is two things,

1470
01:16:05,694 --> 01:16:07,995
one, either they didn't
get in to natanz

1471
01:16:07,997 --> 01:16:09,230
with that earlier version,

1472
01:16:09,232 --> 01:16:10,831
because it simply wasn't
aggressive enough,

1473
01:16:10,833 --> 01:16:12,567
wasn't able to jump over
that air gap,

1474
01:16:13,535 --> 01:16:16,370
and/or two,
that payload as well

1475
01:16:16,372 --> 01:16:19,674
didn't work properly, didn't
work to their satisfaction,

1476
01:16:19,942 --> 01:16:21,776
maybe was not
explosive enough.

1477
01:16:22,344 --> 01:16:24,579
<i> There were</i>
<i> slightly different versions</i>

1478
01:16:24,581 --> 01:16:26,914
<i> which were aimed</i>
<i> at different parts</i>

1479
01:16:26,916 --> 01:16:28,549
<i> of the centrifuge cascade.</i>

1480
01:16:28,551 --> 01:16:31,552
Gibney:<i> But the guys at symantec</i>
<i> figured you changed the code</i>

1481
01:16:31,554 --> 01:16:33,354
<i> because the first variations</i>
<i> couldn't get in</i>

1482
01:16:33,356 --> 01:16:34,522
<i> and didn't work right.</i>

1483
01:16:36,592 --> 01:16:38,859
<i> We always found a way</i>
<i> to get across the air gap.</i>

1484
01:16:38,861 --> 01:16:41,128
<i> At tao, we laughed</i>
<i> when people thought they were</i>

1485
01:16:41,130 --> 01:16:42,797
<i> protected by an air gap.</i>

1486
01:16:43,465 --> 01:16:46,500
<i> And for og, the early versions</i>
<i> of the payload did work.</i>

1487
01:16:46,969 --> 01:16:48,769
<i> But what NSA did...</i>

1488
01:16:50,372 --> 01:16:53,174
<i> Was always low-key</i>
<i> and subtle.</i>

1489
01:16:54,276 --> 01:16:57,545
<i> The problem was that</i>
<i> unit 8200, the Israelis,</i>

1490
01:16:57,547 --> 01:16:59,680
<i> kept pushing us</i>
<i> to be more aggressive.</i>

1491
01:17:01,316 --> 01:17:03,951
Chien:<i> The later version</i>
<i> of stuxnet 1.1,</i>

1492
01:17:03,953 --> 01:17:06,087
<i> that version had multiple ways</i>
<i> of spreading.</i>

1493
01:17:06,089 --> 01:17:08,289
Had the four zero days inside
of it, for example,

1494
01:17:08,291 --> 01:17:10,091
that allowed it to spread
all by itself

1495
01:17:10,093 --> 01:17:11,225
without you doing anything.

1496
01:17:11,227 --> 01:17:12,827
It could spread via
network shares.

1497
01:17:12,829 --> 01:17:14,729
It could spread via USB keys.

1498
01:17:14,731 --> 01:17:17,131
It was able to spread via
network exploits.

1499
01:17:17,133 --> 01:17:18,666
That's the sample that
introduced us

1500
01:17:18,668 --> 01:17:20,668
to stolen digital certificates.

1501
01:17:20,670 --> 01:17:23,104
That is the sample that,
all of a sudden,

1502
01:17:23,106 --> 01:17:25,272
became so noisy

1503
01:17:25,274 --> 01:17:28,376
and caught the attention
of the antivirus guys.

1504
01:17:29,277 --> 01:17:31,912
In the first sample
we don't find that.

1505
01:17:33,248 --> 01:17:39,320
And this is very strange,
because it tells us that

1506
01:17:39,322 --> 01:17:41,589
in the process
of this development

1507
01:17:42,124 --> 01:17:44,692
the attackers
were less concerned

1508
01:17:44,694 --> 01:17:46,527
with operational security.

1509
01:17:52,000 --> 01:17:54,568
Chien:<i> Stuxnet actually kept</i>
<i> a log inside of itself</i>

1510
01:17:55,270 --> 01:17:57,705
<i> of all the machines that</i>
<i> it infected along the way</i>

1511
01:17:57,707 --> 01:17:59,774
<i> as it jumped from one machine</i>
<i> to another</i>

1512
01:17:59,776 --> 01:18:00,941
<i> to another to another.</i>

1513
01:18:01,376 --> 01:18:03,344
<i> And we were able to gather up</i>

1514
01:18:03,346 --> 01:18:05,379
<i> all the samples</i>
<i> that we could acquire,</i>

1515
01:18:05,547 --> 01:18:08,816
<i> tens of thousands of samples.</i>
<i>We extracted all of those logs.</i>

1516
01:18:08,818 --> 01:18:11,519
O'murchu:<i> We could see the</i>
<i> exact path that stuxnet took.</i>

1517
01:18:13,655 --> 01:18:15,690
Chien:<i> Eventually, we were able</i>
<i> to trace back</i>

1518
01:18:15,692 --> 01:18:17,858
<i> this version of stuxnet</i>
<i> to ground zero,</i>

1519
01:18:18,160 --> 01:18:20,695
to the first five infections
in the world.

1520
01:18:21,530 --> 01:18:24,365
<i> The first five infections</i>
<i>are all outside a natanz plant,</i>

1521
01:18:24,533 --> 01:18:27,368
<i> all inside of organizations</i>
<i> inside of Iran,</i>

1522
01:18:28,136 --> 01:18:30,404
<i> all organizations</i>
<i> that are involved in</i>

1523
01:18:30,406 --> 01:18:32,840
<i> industrial control systems</i>
<i> and construction</i>

1524
01:18:32,842 --> 01:18:34,475
<i> of industrial control</i>
<i> facilities,</i>

1525
01:18:34,743 --> 01:18:38,312
<i> clearly contractors who were</i>
<i>working on the natanz facility.</i>

1526
01:18:38,314 --> 01:18:40,047
<i> And the attackers knew that.</i>

1527
01:18:40,649 --> 01:18:43,384
They were electrical companies.
They were piping companies.

1528
01:18:43,386 --> 01:18:44,985
They were, you know,
these sorts of companies.

1529
01:18:45,187 --> 01:18:46,821
And they knew...
They knew the technicians

1530
01:18:46,823 --> 01:18:48,556
from those companies
would visit natanz.

1531
01:18:48,558 --> 01:18:50,124
So they would infect
these companies

1532
01:18:50,325 --> 01:18:53,360
and then technicians
would take their computer

1533
01:18:53,362 --> 01:18:54,662
or their laptop or their USB...

1534
01:18:54,664 --> 01:18:56,430
That operator then goes down
to natanz

1535
01:18:56,432 --> 01:18:58,599
and he plugs in his USB key,
which has some code

1536
01:18:58,601 --> 01:19:00,501
<i> that he needs to update</i>
<i> into natanz,</i>

1537
01:19:00,503 --> 01:19:02,069
<i> into the natanz network,</i>

1538
01:19:02,071 --> 01:19:03,738
<i> and now stuxnet</i>
<i> is able to get inside natanz</i>

1539
01:19:03,740 --> 01:19:05,106
<i> and conduct its attack.</i>

1540
01:19:06,341 --> 01:19:08,709
These five companies
were specifically targeted

1541
01:19:08,711 --> 01:19:10,578
to spread stuxnet into natanz

1542
01:19:10,779 --> 01:19:14,014
and that it wasn't that... that
stuxnet escaped out of natanz

1543
01:19:14,016 --> 01:19:15,516
and then spread
all over the world

1544
01:19:15,518 --> 01:19:17,952
and it was this big mistake
and "oh, it wasn't meant

1545
01:19:17,954 --> 01:19:19,687
to spread that far
but it really did."

1546
01:19:19,689 --> 01:19:21,422
No, that's not the way
we see it.

1547
01:19:21,424 --> 01:19:24,358
The way we see it is that they
wanted it to spread far

1548
01:19:24,360 --> 01:19:26,026
so that they could get it
into natanz.

1549
01:19:26,228 --> 01:19:30,131
Someone decided that we're
gonna create something new,

1550
01:19:30,365 --> 01:19:31,432
something evolved,

1551
01:19:32,067 --> 01:19:34,201
that's gonna be
far, far, far more aggressive.

1552
01:19:34,870 --> 01:19:38,305
And we're okay, frankly,

1553
01:19:38,307 --> 01:19:41,008
with it spreading all over
the world to innocent machines

1554
01:19:41,243 --> 01:19:42,810
in order to go after
our target.

1555
01:19:48,551 --> 01:19:53,721
The Mossad had the role,
had the... the assignment

1556
01:19:54,422 --> 01:20:00,327
to deliver the virus
to make sure that stuxnet

1557
01:20:00,329 --> 01:20:05,199
<i>would be put in place in natanz</i>
<i> to affect the centrifuges.</i>

1558
01:20:07,068 --> 01:20:09,270
<i> Meir dagan,</i>
<i> the head of Mossad,</i>

1559
01:20:09,272 --> 01:20:12,573
<i> was under growing pressure</i>
<i> from the prime minister,</i>

1560
01:20:12,575 --> 01:20:15,442
<i> Benjamin netanyahu,</i>
<i> to produce results.</i>

1561
01:20:17,346 --> 01:20:18,512
<i> Inside the roc,</i>

1562
01:20:18,514 --> 01:20:20,581
<i> we were furious.</i>

1563
01:20:22,317 --> 01:20:25,152
<i> The Israelis took our code for</i>
<i> the delivery system</i>

1564
01:20:25,754 --> 01:20:27,054
<i> and changed it.</i>

1565
01:20:28,456 --> 01:20:30,958
<i> Then, on their own,</i>
<i> without our agreement,</i>

1566
01:20:30,960 --> 01:20:32,760
<i> they just fucking launched it.</i>

1567
01:20:33,428 --> 01:20:35,329
<i> 2010 around the same time</i>

1568
01:20:35,331 --> 01:20:37,131
<i> they started killing</i>
<i> iranian scientists...</i>

1569
01:20:37,133 --> 01:20:38,866
<i> And they fucked up</i>
<i> the code!</i>

1570
01:20:39,301 --> 01:20:40,835
<i> Instead of hiding,</i>

1571
01:20:40,837 --> 01:20:43,304
<i> the code started shutting down</i>
<i> computers,</i>

1572
01:20:43,306 --> 01:20:45,072
<i> so naturally, people noticed.</i>

1573
01:20:47,008 --> 01:20:50,010
<i> Because they were in a hurry,</i>
<i> they opened pandora's box.</i>

1574
01:20:51,046 --> 01:20:52,146
<i> They let it out</i>

1575
01:20:52,148 --> 01:20:55,449
<i> and it spread</i>
<i> all over the world.</i>

1576
01:21:00,622 --> 01:21:02,423
Gibney:
<i> The worm spread quickly</i>

1577
01:21:02,691 --> 01:21:04,525
<i> but somehow</i>
<i> it remained unseen</i>

1578
01:21:04,527 --> 01:21:06,560
<i> until it was identified</i>
<i> in Belarus.</i>

1579
01:21:07,562 --> 01:21:10,130
<i> Soon after,</i>
<i> Israeli intelligence confirmed</i>

1580
01:21:10,132 --> 01:21:12,132
<i> that it had made its way into</i>
<i> the hands</i>

1581
01:21:12,134 --> 01:21:14,134
<i> of the Russian</i>
<i> federal security service,</i>

1582
01:21:14,136 --> 01:21:16,103
<i> a successor to the kgb.</i>

1583
01:21:17,672 --> 01:21:21,075
<i>So it happened that the formula</i>
<i> for a secret cyber weapon</i>

1584
01:21:21,077 --> 01:21:22,743
<i> designed by</i>
<i> the U.S. and Israel</i>

1585
01:21:22,745 --> 01:21:24,278
<i> fell into the hands</i>
<i> of Russia</i>

1586
01:21:24,813 --> 01:21:26,814
<i> and the very country</i>
<i> it was meant to attack.</i>

1587
01:21:49,372 --> 01:21:50,905
Kiyaei:<i> In international law,</i>

1588
01:21:50,907 --> 01:21:54,441
<i> when some country</i>
<i> or a coalition of countries</i>

1589
01:21:54,676 --> 01:21:59,146
targets a nuclear facility,
it's a act of war.

1590
01:22:00,048 --> 01:22:02,950
Please, let's be frank here.

1591
01:22:03,618 --> 01:22:06,320
If it wasn't Iran,

1592
01:22:06,955 --> 01:22:09,657
let's say a nuclear facility
in United States...

1593
01:22:10,926 --> 01:22:12,660
Was targeted in the same way...

1594
01:22:14,863 --> 01:22:16,497
The American government

1595
01:22:16,898 --> 01:22:19,633
would not
sit by and let this go.

1596
01:22:20,468 --> 01:22:23,037
Gibney: Stuxnet is an attack
in peacetime

1597
01:22:23,039 --> 01:22:24,104
on critical infrastructures.

1598
01:22:24,306 --> 01:22:27,408
Yes, it is. I'm...
Look, when I read about it,

1599
01:22:27,410 --> 01:22:30,110
I read it, I go,
"whoa, this is a big deal."

1600
01:22:30,112 --> 01:22:31,845
Yeah.

1601
01:22:33,548 --> 01:22:36,083
Sanger:<i> The people who were</i>
<i> running this program,</i>

1602
01:22:36,085 --> 01:22:37,551
<i> including Leon panetta,</i>

1603
01:22:37,553 --> 01:22:39,553
<i> the director of the CIA</i>
<i> at the time,</i>

1604
01:22:40,155 --> 01:22:42,790
<i> had to go down</i>
<i> into the situation room</i>

1605
01:22:42,792 --> 01:22:44,992
<i> and face president Obama,</i>

1606
01:22:44,994 --> 01:22:48,529
<i> vice president biden</i>
<i> and explain that this program</i>

1607
01:22:48,797 --> 01:22:51,365
<i> was suddenly on the loose.</i>

1608
01:22:52,667 --> 01:22:54,168
Vice president biden,

1609
01:22:54,170 --> 01:22:56,737
at one point
during this discussion,

1610
01:22:57,572 --> 01:23:00,274
sort of exploded
in biden-esque fashion

1611
01:23:00,276 --> 01:23:01,842
<i> and blamed the Israelis.</i>

1612
01:23:01,844 --> 01:23:04,244
<i> He said, "it must have been</i>
<i> the Israelis</i>

1613
01:23:04,246 --> 01:23:06,313
<i> who made a change</i>
<i> in the code</i>

1614
01:23:06,315 --> 01:23:08,415
<i> that enabled it to get out."</i>

1615
01:23:10,285 --> 01:23:12,486
Richard Clarke:<i> President Obama</i>
<i> said to the senior leadership,</i>

1616
01:23:12,488 --> 01:23:15,522
<i> "you told me it wouldn't</i>
<i>get out of the network. It did.</i>

1617
01:23:15,524 --> 01:23:17,691
You told me the iranians would
never figure out

1618
01:23:17,693 --> 01:23:19,660
it was the United States.
They did.

1619
01:23:19,961 --> 01:23:21,662
You told me it would have
a huge affect

1620
01:23:21,664 --> 01:23:25,332
on their nuclear program,
and it didn't."

1621
01:23:27,035 --> 01:23:30,537
Sanger:<i> The natanz plant is</i>
<i>inspected every couple of weeks</i>

1622
01:23:30,839 --> 01:23:34,041
<i> by the international atomic</i>
<i> energy agency inspectors.</i>

1623
01:23:34,476 --> 01:23:37,177
<i> And if you line up what</i>
<i> you know about the attacks</i>

1624
01:23:37,445 --> 01:23:40,347
<i> with the inspection reports,</i>
<i> you can see the effects.</i>

1625
01:23:41,683 --> 01:23:43,884
Heinonen:<i> If you go to</i>
<i> the iaea reports,</i>

1626
01:23:43,886 --> 01:23:46,153
<i> they really show that all</i>
<i> of those centrifuges</i>

1627
01:23:46,155 --> 01:23:49,056
<i> were switched off</i>
<i> and they were removed.</i>

1628
01:23:49,657 --> 01:23:53,027
<i> As much as almost couple</i>
<i>of thousand got compromised.</i>

1629
01:23:54,195 --> 01:23:55,662
When you put this
altogether,

1630
01:23:55,664 --> 01:23:58,465
I wouldn't be surprised
if their program got delayed

1631
01:23:58,467 --> 01:23:59,633
by the one year.

1632
01:24:00,001 --> 01:24:03,804
<i> But go then to year 2012-13</i>

1633
01:24:03,806 --> 01:24:07,107
<i>and looking how the centrifuges</i>
<i> started to come up again.</i>

1634
01:24:07,375 --> 01:24:08,976
Kiyaei:
<i> Iran's number of centrifuges</i>

1635
01:24:08,978 --> 01:24:10,844
<i> went up exponentially,</i>

1636
01:24:10,846 --> 01:24:14,915
to 20,000, with a stockpile
of low enriched uranium.

1637
01:24:14,917 --> 01:24:17,217
This isn't...
These are high numbers.

1638
01:24:18,086 --> 01:24:20,554
<i> Iran's nuclear facilities</i>
<i> expanded</i>

1639
01:24:20,556 --> 01:24:23,157
<i> with the construction</i>
<i> of fordow</i>

1640
01:24:23,159 --> 01:24:25,759
<i> and other highly protected</i>
<i> facilities.</i>

1641
01:24:27,829 --> 01:24:30,597
So ironically, cyber warfare...

1642
01:24:31,399 --> 01:24:34,001
Assassination of
its nuclear scientists,

1643
01:24:34,436 --> 01:24:37,704
economic sanctions,
political isolation...

1644
01:24:39,575 --> 01:24:42,076
<i> Iran has gone through</i>
<i> "a" to "x"</i>

1645
01:24:42,078 --> 01:24:46,680
<i> of every chorus of policy</i>
<i> that the U.S., Israel,</i>

1646
01:24:46,682 --> 01:24:50,818
<i> and those who ally with them</i>
<i> have placed on Iran,</i>

1647
01:24:51,352 --> 01:24:54,288
and they have actually made
Iran's nuclear program

1648
01:24:54,290 --> 01:24:57,024
more advanced today
than it was ever before.

1649
01:25:01,197 --> 01:25:02,930
Mossad operative:
<i> This is a very</i>

1650
01:25:02,932 --> 01:25:06,066
<i> very dangerous</i>
<i> minefield that we are walking,</i>

1651
01:25:06,068 --> 01:25:08,969
and nations who decide

1652
01:25:08,971 --> 01:25:11,171
to take these covert actions

1653
01:25:12,307 --> 01:25:15,342
should be taking
into consideration

1654
01:25:15,977 --> 01:25:20,781
all the effects,
including the moral effects.

1655
01:25:21,416 --> 01:25:25,452
I would say
that this is the price

1656
01:25:25,454 --> 01:25:29,790
that we have to pay in this...
In this war,

1657
01:25:30,125 --> 01:25:32,659
and our blade
of righteousness

1658
01:25:32,661 --> 01:25:34,061
shouldn't be so sharp.

1659
01:25:39,901 --> 01:25:42,302
Gibney:<i> In Israel</i>
<i> and in the United States,</i>

1660
01:25:42,304 --> 01:25:44,638
<i> the blade of righteousness</i>
<i> cut both ways,</i>

1661
01:25:45,173 --> 01:25:47,708
<i> wounding the targets</i>
<i> and the attackers.</i>

1662
01:25:48,776 --> 01:25:51,178
<i> When stuxnet infected</i>
<i> American computers,</i>

1663
01:25:51,180 --> 01:25:53,247
<i> the department</i>
<i> of homeland security,</i>

1664
01:25:53,581 --> 01:25:56,517
<i> unaware of the cyber weapons</i>
<i> launch by the NSA,</i>

1665
01:25:56,784 --> 01:25:59,953
<i> devoted enormous resources</i>
<i> trying to protect Americans</i>

1666
01:25:59,955 --> 01:26:01,255
<i> from their own government.</i>

1667
01:26:01,756 --> 01:26:04,191
<i> We had met the enemy</i>
<i> and it was us.</i>

1668
01:26:09,964 --> 01:26:11,632
Seán Paul mcgurk:<i> The purpose of</i>
<i> the watch stations that</i>

1669
01:26:11,634 --> 01:26:13,800
<i> you see in front of you</i>
<i> is to aggregate the data</i>

1670
01:26:13,802 --> 01:26:15,269
- <i> coming in from multiple feeds</i>

1671
01:26:15,271 --> 01:26:17,004
<i> of what the cyber threats</i>
<i> could be,</i>

1672
01:26:17,006 --> 01:26:18,438
so if we see threats

1673
01:26:18,440 --> 01:26:21,008
we can provide
real-time recommendations

1674
01:26:21,010 --> 01:26:24,244
<i> for both private companies,</i>
<i> as well as federal agencies.</i>

1675
01:26:24,979 --> 01:26:28,448
Male journalist:

1676
01:26:28,850 --> 01:26:31,285
Yep, absolutely. We'd be
more than happy to discuss that.

1677
01:26:31,287 --> 01:26:32,352
Female journalist:
Seán, is it...

1678
01:26:32,354 --> 01:26:34,955
Mcgurk:<i> Early July of 2010</i>
<i> we received a call</i>

1679
01:26:34,957 --> 01:26:37,558
<i> that said that this piece</i>
<i> of malware was discovered</i>

1680
01:26:37,560 --> 01:26:38,959
<i>and could we take a look at it.</i>

1681
01:26:40,563 --> 01:26:42,062
When we first started
the analysis,

1682
01:26:42,064 --> 01:26:44,398
there was that
"oh, crap" moment, you know,

1683
01:26:44,400 --> 01:26:46,233
where we sat there and said,
this is something

1684
01:26:46,235 --> 01:26:47,367
that's significant.

1685
01:26:47,369 --> 01:26:49,102
It's impacting
industrial control.

1686
01:26:49,337 --> 01:26:51,805
It can disrupt it to the point
where it could cause harm

1687
01:26:51,807 --> 01:26:53,874
and not only damage
to the equipment,

1688
01:26:53,876 --> 01:26:55,943
but potentially harm
or loss of life.

1689
01:26:56,711 --> 01:26:58,912
<i> We were very concerned</i>
<i> because stuxnet</i>

1690
01:26:58,914 --> 01:27:00,681
<i> was something that</i>
<i> we had not seen before.</i>

1691
01:27:00,683 --> 01:27:02,816
<i> So there wasn't a lot of sleep</i>
<i> that night.</i>

1692
01:27:02,818 --> 01:27:05,719
<i>Basically, light up the phones,</i>
<i> call everybody we know,</i>

1693
01:27:05,721 --> 01:27:08,956
<i> inform the secretary,</i>
<i> inform the white house,</i>

1694
01:27:09,157 --> 01:27:11,225
<i> inform the other departments</i>
<i> and agencies,</i>

1695
01:27:11,392 --> 01:27:14,094
<i> wake up the world,</i>
<i> and figure out what's going on</i>

1696
01:27:14,096 --> 01:27:16,296
<i> with this particular malware.</i>

1697
01:27:18,099 --> 01:27:19,366
Good morning,
chairman lieberman,

1698
01:27:19,368 --> 01:27:20,634
ranking member Collins.

1699
01:27:21,202 --> 01:27:23,003
Something as simple
and innocuous as this

1700
01:27:23,005 --> 01:27:25,172
becomes a challenge
for all of us to maintain

1701
01:27:25,174 --> 01:27:28,141
accountability control of our
critical infrastructure systems.

1702
01:27:28,610 --> 01:27:30,744
This actually contains
the stuxnet virus.

1703
01:27:30,945 --> 01:27:32,412
I've been asked on
a number of occasions,

1704
01:27:32,414 --> 01:27:34,248
"did you ever think
this was us?"

1705
01:27:34,250 --> 01:27:37,951
And at... at no point did that
ever really cross our mind,

1706
01:27:37,953 --> 01:27:40,754
because we were looking at it
from the standpoint of,

1707
01:27:41,089 --> 01:27:43,056
is this something that's coming
after the homeland?

1708
01:27:43,058 --> 01:27:45,626
You know, what... what's going
to potentially impact,

1709
01:27:45,628 --> 01:27:48,428
you know, our industrial control
based here in the United States?

1710
01:27:48,863 --> 01:27:51,798
You know, I liken it to,
you know, field of battle.

1711
01:27:51,966 --> 01:27:53,934
You don't think the sniper
that's behind you

1712
01:27:53,936 --> 01:27:55,435
is gonna be shooting at you,

1713
01:27:55,603 --> 01:27:57,204
'cause you expect him to be
on your side.

1714
01:27:57,739 --> 01:28:01,441
We really don't know
who the attacker was

1715
01:28:01,443 --> 01:28:02,843
in the stuxnet case.

1716
01:28:03,044 --> 01:28:05,279
So help us understand
a little more

1717
01:28:05,546 --> 01:28:07,714
what this thing is

1718
01:28:08,416 --> 01:28:13,820
whose origin and destination
we don't understand.

1719
01:28:15,056 --> 01:28:17,157
Gibney: Did anybody
ever give you any indication

1720
01:28:17,159 --> 01:28:19,326
that it was something
that they already knew about?

1721
01:28:19,328 --> 01:28:22,062
No, at no time did I get
the impression from someone

1722
01:28:22,064 --> 01:28:24,931
that that's okay, you know,
get the little pat on the head,

1723
01:28:24,933 --> 01:28:26,400
and... and scooted
out the door.

1724
01:28:26,402 --> 01:28:28,268
I never received
a stand-down order.

1725
01:28:28,270 --> 01:28:31,905
I never... no one ever asked,
"stop looking at this."

1726
01:28:32,507 --> 01:28:36,310
Do we think that this
was a nation-state actor

1727
01:28:36,312 --> 01:28:38,745
and that there are a limited
number of nation-states

1728
01:28:38,747 --> 01:28:42,149
that have such
advanced capacity?

1729
01:28:43,985 --> 01:28:46,253
Gibney: Seán mcgurk,
the director of cyber

1730
01:28:46,255 --> 01:28:47,988
for the department
of homeland security,

1731
01:28:47,990 --> 01:28:50,824
testified before the senate
about how he thought

1732
01:28:50,826 --> 01:28:53,927
stuxnet was a terrifying threat
to the United States.

1733
01:28:54,195 --> 01:28:55,462
Is that not a problem?

1734
01:28:55,464 --> 01:28:57,364
I don't... and... and how...
How do you mean?

1735
01:28:57,632 --> 01:29:00,033
That stuxnet was a bad idea?

1736
01:29:00,435 --> 01:29:03,103
Gibney: No, no, no, just that
before he knew what it was

1737
01:29:03,105 --> 01:29:04,938
- and what it attacks...
- Oh, I... I get it.

1738
01:29:04,940 --> 01:29:06,340
- Gibney: Yeah...
- Yeah,

1739
01:29:06,342 --> 01:29:07,941
he was responding
to something that we...

1740
01:29:09,277 --> 01:29:11,144
to critical infrastructure
in the United States.

1741
01:29:11,146 --> 01:29:12,846
Yeah.
The worm is loose!

1742
01:29:12,848 --> 01:29:14,715
Gibney: The worm is loose.
I understand.

1743
01:29:14,717 --> 01:29:17,718
But there's...
There's a further theory

1744
01:29:17,720 --> 01:29:19,319
having to do with
whether or not,

1745
01:29:19,321 --> 01:29:21,555
following upon David sanger...

1746
01:29:21,557 --> 01:29:23,457
I got the subplot,
and who did that?

1747
01:29:23,459 --> 01:29:25,359
Was it the Israelis?
And, yeah, I...

1748
01:29:25,960 --> 01:29:28,862
I truly don't know,
and even though I don't know,

1749
01:29:28,864 --> 01:29:30,564
I still can't talk about it,
all right?

1750
01:29:30,865 --> 01:29:34,401
Stuxnet was somebody's
covert action, all right?

1751
01:29:34,635 --> 01:29:36,303
And the definition
of covert action

1752
01:29:36,305 --> 01:29:39,206
is an activity in which you want
to have the hand

1753
01:29:39,208 --> 01:29:41,208
of the actor forever hidden.

1754
01:29:41,576 --> 01:29:44,745
So by definition,
it's gonna end up in this

1755
01:29:44,747 --> 01:29:46,646
"we don't talk about
these things" box.

1756
01:29:52,320 --> 01:29:55,188
Sanger:<i> To this day,</i>
<i> the United States government</i>

1757
01:29:55,190 --> 01:29:57,324
<i> has never acknowledged</i>

1758
01:29:57,326 --> 01:30:01,795
<i> conducting any offensive cyber</i>
<i> attack anywhere in the world.</i>

1759
01:30:03,831 --> 01:30:08,735
<i> But thanks to Mr. snowden,</i>
<i> we know that in 2012</i>

1760
01:30:08,737 --> 01:30:11,138
<i> president Obama issued</i>
<i> an executive order</i>

1761
01:30:11,339 --> 01:30:14,074
<i> that laid out</i>
<i> some of the conditions</i>

1762
01:30:14,076 --> 01:30:16,543
<i> under which cyber weapons</i>
<i> can be used.</i>

1763
01:30:16,545 --> 01:30:20,113
<i> And interestingly,</i>
<i> every use of a cyber weapon</i>

1764
01:30:20,115 --> 01:30:23,150
<i> requires presidential</i>
<i> sign-off.</i>

1765
01:30:24,385 --> 01:30:28,221
That is only true
in the physical world

1766
01:30:28,223 --> 01:30:30,090
for nuclear weapons.

1767
01:30:41,402 --> 01:30:43,703
Clarke:<i> Nuclear war and nuclear</i>
<i> weapons are vastly different</i>

1768
01:30:43,705 --> 01:30:45,572
<i> from cyber war</i>
<i> and cyber weapons.</i>

1769
01:30:45,574 --> 01:30:48,542
<i> Having said that,</i>
<i> there are some similarities.</i>

1770
01:30:48,544 --> 01:30:50,944
<i> And in the early 1960s,</i>

1771
01:30:51,379 --> 01:30:53,280
<i> the United States government</i>
<i> suddenly realized</i>

1772
01:30:53,282 --> 01:30:55,348
<i> it had thousands</i>
<i> of nuclear weapons,</i>

1773
01:30:55,550 --> 01:30:57,217
<i> big ones and little ones,</i>

1774
01:30:57,219 --> 01:30:59,553
<i> weapons on jeeps,</i>
<i> weapons on submarines,</i>

1775
01:31:00,421 --> 01:31:02,556
and it really didn't have
a doctrine.

1776
01:31:02,558 --> 01:31:04,391
It really didn't have
a strategy.

1777
01:31:04,393 --> 01:31:06,159
It really didn't have
an understanding

1778
01:31:06,427 --> 01:31:08,562
at the policy level about
how he was going to use

1779
01:31:08,564 --> 01:31:09,729
all of these things.

1780
01:31:10,298 --> 01:31:12,299
And so academics

1781
01:31:12,301 --> 01:31:15,135
started publishing
unclassified documents

1782
01:31:15,137 --> 01:31:19,005
about nuclear war
and nuclear weapons.

1783
01:31:21,477 --> 01:31:22,742
Sanger:<i> And the result was</i>

1784
01:31:23,110 --> 01:31:25,445
<i> more than 20 years,</i>
<i> in the United States,</i>

1785
01:31:25,447 --> 01:31:28,148
of very vigorous
national debates

1786
01:31:28,683 --> 01:31:32,219
<i> about how we want to go use</i>
<i> nuclear weapons.</i>

1787
01:31:35,591 --> 01:31:37,858
And not only did that cause
the congress

1788
01:31:37,860 --> 01:31:40,260
and people in the executive
branch in Washington

1789
01:31:40,262 --> 01:31:41,995
to think about these things,

1790
01:31:41,997 --> 01:31:45,265
it caused the Russians
to think about these things.

1791
01:31:46,200 --> 01:31:49,436
<i> And out of that</i>
<i> grew nuclear doctrine,</i>

1792
01:31:49,438 --> 01:31:51,104
<i> mutual assured destruction,</i>

1793
01:31:51,106 --> 01:31:56,243
<i> all of that complicated set</i>
<i> of nuclear dynamics.</i>

1794
01:31:56,844 --> 01:31:59,813
Today, on this vital issue
at least,

1795
01:31:59,815 --> 01:32:01,882
we have seen what can be
accomplished

1796
01:32:01,884 --> 01:32:03,550
when we pull together.

1797
01:32:03,552 --> 01:32:07,721
We can't have that discussion
in a sensible way right now

1798
01:32:07,989 --> 01:32:10,056
about cyber war
and cyber weapons

1799
01:32:10,058 --> 01:32:11,424
because everything is secret.

1800
01:32:12,360 --> 01:32:15,562
And when you get
into a discussion

1801
01:32:15,564 --> 01:32:18,665
with people in the government,
people still in the government,

1802
01:32:18,667 --> 01:32:20,200
people who have
security clearances,

1803
01:32:20,468 --> 01:32:21,701
you run into a brick wall.

1804
01:32:21,969 --> 01:32:23,303
Trying to stop Iran

1805
01:32:23,305 --> 01:32:26,640
is really the... my number
one job, and I think...

1806
01:32:26,642 --> 01:32:28,041
Host: And let me ask you,
in that context,

1807
01:32:28,043 --> 01:32:30,076
about the stuxnet
computer virus potentially...

1808
01:32:30,078 --> 01:32:31,645
You can ask,
but I won't comment.

1809
01:32:32,714 --> 01:32:33,813
Host: Can you tell us anything?

1810
01:32:33,815 --> 01:32:34,981
No.

1811
01:32:34,983 --> 01:32:37,417
What do you think
has had the most impact

1812
01:32:37,419 --> 01:32:39,553
on their nuclear
decision-making,

1813
01:32:39,555 --> 01:32:41,254
the stuxnet virus?

1814
01:32:41,256 --> 01:32:43,523
I can't talk about stuxnet.

1815
01:32:43,525 --> 01:32:47,928
I can't even talk about the
operation of Iran centrifuges.

1816
01:32:48,095 --> 01:32:50,330
Was the U.S. involved
in any way

1817
01:32:50,332 --> 01:32:51,932
in the development
of stuxnet?

1818
01:32:52,400 --> 01:32:55,101
It's hard to get into any kind
of comment on that

1819
01:32:55,103 --> 01:32:57,237
till we've finished any...
Our examination.

1820
01:32:58,072 --> 01:32:59,406
But, sir,
I'm not asking you

1821
01:32:59,408 --> 01:33:01,374
if you think another
country was involved.

1822
01:33:01,376 --> 01:33:03,376
I'm asking you if
the U.S. was involved.

1823
01:33:03,378 --> 01:33:05,745
And we're...
This is not something

1824
01:33:05,747 --> 01:33:07,647
that we're gonna be able
to answer at this point.

1825
01:33:08,049 --> 01:33:10,383
Look, for the longest time,
i was in fear that

1826
01:33:10,385 --> 01:33:11,885
I couldn't actually say
the phrase

1827
01:33:11,887 --> 01:33:13,553
"computer network attack."

1828
01:33:13,555 --> 01:33:16,423
This stuff is hideously
overclassified,

1829
01:33:16,425 --> 01:33:18,558
and it gets into the way
of a...

1830
01:33:18,560 --> 01:33:21,361
Of a mature
public discussion

1831
01:33:21,363 --> 01:33:23,897
as to what it is
we as a democracy

1832
01:33:23,899 --> 01:33:28,068
want our nation to be doing
up here in the cyber domain.

1833
01:33:28,070 --> 01:33:30,904
Now, this is a former director
of NSA and CIA

1834
01:33:30,906 --> 01:33:32,872
saying this stuff is
overclassified.

1835
01:33:33,107 --> 01:33:36,610
One of the reasons this
is highly classified as it is

1836
01:33:36,612 --> 01:33:38,211
this is a peculiar
weapons system.

1837
01:33:38,213 --> 01:33:40,213
This is a weapons system
that's come out of

1838
01:33:40,215 --> 01:33:41,548
the espionage community,

1839
01:33:41,550 --> 01:33:44,818
and... and so those people
have a habit of secrecy.

1840
01:33:44,820 --> 01:33:47,120
Secrecy is still justifiable
in certain cases

1841
01:33:47,122 --> 01:33:50,323
to protect sources or to protect
national security

1842
01:33:50,325 --> 01:33:53,493
but when we deal with secrecy,
don't hide behind it

1843
01:33:53,495 --> 01:33:57,430
to use as an excuse to not
disclose something properly

1844
01:33:57,432 --> 01:33:59,466
that you know should be

1845
01:33:59,468 --> 01:34:00,734
<i> or that the American people</i>

1846
01:34:00,736 --> 01:34:02,002
<i> need ultimately to see.</i>

1847
01:34:04,672 --> 01:34:06,740
Gibney:<i> While most government</i>
<i> officials refused</i>

1848
01:34:06,742 --> 01:34:08,208
<i> to acknowledge the operation,</i>

1849
01:34:08,809 --> 01:34:11,578
<i> at least one key insider did</i>
<i> leak parts of the story</i>

1850
01:34:11,580 --> 01:34:12,679
<i> to the press.</i>

1851
01:34:12,681 --> 01:34:16,583
<i> In 2012, David sanger wrote</i>
<i> a detailed account</i>

1852
01:34:16,585 --> 01:34:19,919
<i> of olympic games that unmasked</i>
<i> the extensive joint operation</i>

1853
01:34:19,921 --> 01:34:21,855
<i> between the U.S. and Israel</i>

1854
01:34:21,857 --> 01:34:24,090
<i> to launch cyber attacks</i>
<i> on natanz.</i>

1855
01:34:24,959 --> 01:34:26,826
Sanger:
<i> The publication of this story</i>

1856
01:34:26,828 --> 01:34:28,862
coming at a time that turned out
that there were

1857
01:34:28,864 --> 01:34:31,665
a number of other unrelated
national security stories

1858
01:34:31,667 --> 01:34:34,334
being published,
lead to the announcement

1859
01:34:34,336 --> 01:34:37,704
of investigations
by the Attorney General.

1860
01:34:38,172 --> 01:34:40,473
Gibney: In... into the press
and into the leaks?

1861
01:34:40,475 --> 01:34:42,008
Into the press
and into the leaks.

1862
01:34:44,478 --> 01:34:45,645
Gibney:
<i> Soon after the article,</i>

1863
01:34:45,647 --> 01:34:47,814
<i> the Obama administration</i>
<i> targeted</i>

1864
01:34:47,816 --> 01:34:50,850
<i> general James Cartwright</i>
<i> in a criminal investigation</i>

1865
01:34:50,852 --> 01:34:52,118
<i> for allegedly leaking</i>

1866
01:34:52,120 --> 01:34:54,454
<i> classified details</i>
<i> about stuxnet.</i>

1867
01:34:55,823 --> 01:34:57,323
Journalist: There are reports
of cyber attacks

1868
01:34:57,325 --> 01:35:00,126
on the iranian nuclear program
that you ordered.

1869
01:35:00,128 --> 01:35:01,628
What's your reaction to this
information getting out?

1870
01:35:01,630 --> 01:35:03,229
Well, first of all, I'm not
gonna comment on the...

1871
01:35:03,231 --> 01:35:06,599
The details of... what are...

1872
01:35:08,969 --> 01:35:13,273
Supposed to be
classified items.

1873
01:35:14,075 --> 01:35:16,443
<i> Since I've been in office,</i>
<i> my attitude has been</i>

1874
01:35:16,677 --> 01:35:19,946
<i> zero tolerance for</i>
<i> these kinds of leaks.</i>

1875
01:35:20,548 --> 01:35:22,215
We have mechanisms
in place

1876
01:35:22,516 --> 01:35:26,052
where, if we can root out folks
who have leaked,

1877
01:35:26,854 --> 01:35:28,288
they will suffer
consequences.

1878
01:35:28,656 --> 01:35:31,057
It became
a significant issue

1879
01:35:31,059 --> 01:35:33,326
and a very wide-ranging
investigation

1880
01:35:33,328 --> 01:35:35,762
in which I think most of
the people who were cleared

1881
01:35:35,764 --> 01:35:37,330
for olympic games
at some point

1882
01:35:37,332 --> 01:35:39,199
had been, you know, interviewed
and so forth.

1883
01:35:39,201 --> 01:35:40,900
<i> When stuxnet hit the media,</i>

1884
01:35:40,902 --> 01:35:43,103
<i> they polygraphed everyone</i>
<i> in our office,</i>

1885
01:35:43,105 --> 01:35:44,704
<i> including people</i>
<i> who didn't know shit.</i>

1886
01:35:44,706 --> 01:35:46,840
<i> You know, they polyed</i>
<i> the interns, for god's sake.</i>

1887
01:35:47,374 --> 01:35:48,775
These are criminal acts

1888
01:35:48,777 --> 01:35:50,410
when they release
information like this,

1889
01:35:50,945 --> 01:35:54,781
and we will conduct
thorough investigations

1890
01:35:55,382 --> 01:35:57,150
as we have in the past.

1891
01:35:59,186 --> 01:36:01,421
Gibney:<i> The administration</i>
<i> never filed charges,</i>

1892
01:36:01,756 --> 01:36:03,556
<i> possibly afraid that</i>
<i> a prosecution</i>

1893
01:36:03,558 --> 01:36:06,426
<i>would reveal classified details</i>
<i> about stuxnet.</i>

1894
01:36:07,361 --> 01:36:10,797
<i>To this day, no one in the U.S.</i>
<i> or Israeli governments</i>

1895
01:36:10,799 --> 01:36:12,866
<i> has officially acknowledged</i>
<i> the existence</i>

1896
01:36:12,868 --> 01:36:14,334
<i> of the joint operation.</i>

1897
01:36:16,303 --> 01:36:17,771
<i> I would never compromise</i>

1898
01:36:17,773 --> 01:36:19,539
<i> ongoing operations</i>
<i> in the field,</i>

1899
01:36:19,541 --> 01:36:23,610
<i> but we should be able to talk</i>
<i> about capability.</i>

1900
01:36:24,979 --> 01:36:26,479
<i> We can talk about our...</i>

1901
01:36:27,615 --> 01:36:30,383
<i> Bunker busters,</i>
<i> why not our cyber weapons?</i>

1902
01:36:30,751 --> 01:36:31,818
<i> I mean, the secrecy</i>

1903
01:36:31,820 --> 01:36:33,520
<i> of the operation</i>
<i> has been blown.</i>

1904
01:36:35,055 --> 01:36:37,090
<i> Our friends in Israel</i>
<i> took a weapon</i>

1905
01:36:37,092 --> 01:36:38,558
<i> that we jointly developed,</i>

1906
01:36:38,560 --> 01:36:40,693
<i> in part to keep Israel</i>
<i> from doing something crazy,</i>

1907
01:36:41,128 --> 01:36:42,929
<i> and then used it</i>
<i> on their own in a way</i>

1908
01:36:42,931 --> 01:36:44,297
<i> that blew the cover</i>
<i> of the operation</i>

1909
01:36:44,299 --> 01:36:45,465
<i> and could have led to war.</i>

1910
01:36:45,467 --> 01:36:46,900
<i> And we can't talk about that?</i>

1911
01:36:51,438 --> 01:36:53,339
Mowatt-larssen:<i> There's a way</i>
<i> to talk about stuxnet.</i>

1912
01:36:53,908 --> 01:36:55,275
It happened.

1913
01:36:55,277 --> 01:36:58,144
That... to deny that it happened
is... is foolish.

1914
01:36:58,146 --> 01:37:00,079
So the fact it happened

1915
01:37:00,081 --> 01:37:01,581
is really what we're talking
about here.

1916
01:37:01,583 --> 01:37:03,416
What does...
What are the implications

1917
01:37:03,418 --> 01:37:06,252
of the fact that we now are in
a post-stuxnet world?

1918
01:37:06,754 --> 01:37:09,189
What I said
to David sanger was,

1919
01:37:09,191 --> 01:37:11,891
"i understand the difference
in destruction is dramatic,

1920
01:37:12,126 --> 01:37:14,594
but this has the whiff
of August 1945."

1921
01:37:15,429 --> 01:37:16,996
Somebody just used
a new weapon,

1922
01:37:17,364 --> 01:37:20,099
and this weapon will not
be put back into the box.

1923
01:37:20,534 --> 01:37:23,203
I... I know
no operational details

1924
01:37:23,205 --> 01:37:26,139
and don't know what anyone did
or didn't do

1925
01:37:26,141 --> 01:37:28,775
before someone decided to use
the weapon, all right.

1926
01:37:29,109 --> 01:37:30,343
I do know this.

1927
01:37:30,345 --> 01:37:32,245
If we go out and do something,

1928
01:37:33,013 --> 01:37:35,114
most of the rest of the world
now thinks

1929
01:37:36,884 --> 01:37:39,752
and it's something that they now
feel legitimated to do as well.

1930
01:37:41,155 --> 01:37:42,622
<i> But the rules of engagement,</i>

1931
01:37:42,624 --> 01:37:45,191
<i> international norms,</i>
<i> treaty standards,</i>

1932
01:37:45,193 --> 01:37:47,026
<i> they don't exist right now.</i>

1933
01:37:50,865 --> 01:37:54,033
Brown:<i> The law of war, because</i>
<i>it began to develop so long ago</i>

1934
01:37:54,035 --> 01:37:57,604
<i>is really dependent on thinking</i>
<i> of things kinetically</i>

1935
01:37:57,972 --> 01:37:59,472
<i> and the physical realm.</i>

1936
01:37:59,740 --> 01:38:03,142
<i> So for example,</i>
<i> we think in terms of attacks.</i>

1937
01:38:04,078 --> 01:38:06,312
You know an attack when it
happens in the kinetic world.

1938
01:38:06,314 --> 01:38:08,047
<i> It's not really</i>
<i> much of a mystery.</i>

1939
01:38:08,049 --> 01:38:10,984
But in cyberspace it is
sort of confusing to think,

1940
01:38:11,552 --> 01:38:13,019
how far do we have to go

1941
01:38:13,021 --> 01:38:15,221
before something
is considered an attack?

1942
01:38:15,389 --> 01:38:19,158
So we have to take
all the vocabulary

1943
01:38:19,660 --> 01:38:22,495
and the terms that we use
in strategy

1944
01:38:22,497 --> 01:38:24,130
and military operations

1945
01:38:24,365 --> 01:38:27,433
and adapt them
into the cyber realm.

1946
01:38:28,769 --> 01:38:30,203
Sanger:
<i> For nuclear we have these</i>

1947
01:38:30,205 --> 01:38:32,138
<i> extensive inspection regimes.</i>

1948
01:38:32,439 --> 01:38:34,507
<i> The Russians come</i>
<i> and look at our silos.</i>

1949
01:38:34,842 --> 01:38:36,442
<i> We go and look at their silos.</i>

1950
01:38:36,911 --> 01:38:38,912
<i> Bad as things get between</i>
<i> the two countries,</i>

1951
01:38:39,113 --> 01:38:41,014
those inspection regimes
have held up.

1952
01:38:41,016 --> 01:38:43,917
But working that our for...
For cyber

1953
01:38:43,919 --> 01:38:45,485
would be virtually impossible.

1954
01:38:45,786 --> 01:38:47,153
Where do you
send your inspector?

1955
01:38:47,521 --> 01:38:49,589
Inside the laptop of,
you know...

1956
01:38:49,924 --> 01:38:52,191
How many laptops are there
in the United States and Russia?

1957
01:38:52,559 --> 01:38:54,761
It's much more difficult
in the cyber area

1958
01:38:54,763 --> 01:38:57,096
to construct
an international regime

1959
01:38:57,098 --> 01:39:00,133
<i> based on treaty commitments</i>
<i> and rules of the road</i>

1960
01:39:00,135 --> 01:39:01,301
<i> and so forth.</i>

1961
01:39:01,303 --> 01:39:04,604
<i> Although, we've tried to have</i>
<i> discussions with the Chinese</i>

1962
01:39:04,606 --> 01:39:06,639
<i> and Russians</i>
<i> and so forth about that,</i>

1963
01:39:06,641 --> 01:39:08,007
<i> but it's very difficult.</i>

1964
01:39:09,109 --> 01:39:12,612
Brown:<i> Right now,</i>
<i> the norm in cyberspace is</i>

1965
01:39:12,614 --> 01:39:13,947
do whatever you can
get away with.

1966
01:39:14,949 --> 01:39:17,350
That's not a good norm,
but it's the norm that we have.

1967
01:39:17,918 --> 01:39:19,986
<i> That's the norm</i>
<i>that's preferred by states</i>

1968
01:39:19,988 --> 01:39:22,622
<i> that are engaging in lots of</i>
<i> different kinds of activities</i>

1969
01:39:22,624 --> 01:39:24,691
<i> that they feel are benefitting</i>
<i> their national security.</i>

1970
01:39:25,893 --> 01:39:28,494
Yadlin:<i> Those who excel in cyber</i>

1971
01:39:28,496 --> 01:39:31,297
are trying to slow down
the process

1972
01:39:31,299 --> 01:39:32,966
of creating regulation.

1973
01:39:33,434 --> 01:39:37,270
Those who are victims
we like the regulation

1974
01:39:37,272 --> 01:39:41,007
to be in the open as...
As soon as possible.

1975
01:39:43,177 --> 01:39:46,012
Brown:<i> International law in this</i>
<i> area is written by custom,</i>

1976
01:39:46,014 --> 01:39:49,115
<i> and customary law</i>
<i> requires a nation to say,</i>

1977
01:39:49,117 --> 01:39:50,883
<i> this is what we did</i>
<i> and this is why we did it.</i>

1978
01:39:51,652 --> 01:39:54,587
And the U.S. doesn't want to
push the law in that direction

1979
01:39:54,589 --> 01:39:57,023
and so it chooses not
to disclose its involvement.

1980
01:39:57,591 --> 01:39:59,792
And one of the reasons
that I thought it was important

1981
01:39:59,794 --> 01:40:02,662
to tell the story
of olympic games

1982
01:40:02,664 --> 01:40:05,465
was not simply because
it's a cool spy story,

1983
01:40:05,467 --> 01:40:08,701
it is, but it's because
as a nation...

1984
01:40:09,870 --> 01:40:13,439
We need to have a debate about
how we want to use cyber weapons

1985
01:40:13,674 --> 01:40:17,176
because we are the most
vulnerable nation on earth

1986
01:40:17,344 --> 01:40:19,178
to cyber-attack ourselves.

1987
01:40:23,150 --> 01:40:25,651
Mcgurk:<i> If you get up in the</i>
<i>morning and turn off your alarm</i>

1988
01:40:25,653 --> 01:40:30,023
<i> and make coffee and pump gas</i>
<i> and use the atm,</i>

1989
01:40:30,557 --> 01:40:32,358
<i> you've touched</i>
<i> industrial control systems.</i>

1990
01:40:32,360 --> 01:40:34,027
<i> It's what powers our lives.</i>

1991
01:40:34,361 --> 01:40:36,996
And unfortunately,
these systems are connected

1992
01:40:36,998 --> 01:40:40,666
and interconnected in some ways
that make them vulnerable.

1993
01:40:40,668 --> 01:40:43,403
Critical infrastructure
systems generally were built

1994
01:40:43,405 --> 01:40:46,039
years and years and years ago
without security in mind

1995
01:40:46,041 --> 01:40:48,141
and they didn't realize
how things were gonna change,

1996
01:40:48,143 --> 01:40:50,376
maybe they weren't even meant to
be connected to the Internet.

1997
01:40:50,378 --> 01:40:53,479
And we've seen,
through a lot of experimentation

1998
01:40:53,481 --> 01:40:56,115
and through also,
unfortunately, a lot of attacks

1999
01:40:56,417 --> 01:40:58,751
that most of these systems
are relatively easy

2000
01:40:58,753 --> 01:41:01,421
for a sophisticated hacker
to get into.

2001
01:41:03,391 --> 01:41:05,191
<i> Let's say you took over</i>
<i> the control system</i>

2002
01:41:05,193 --> 01:41:07,927
<i> of a railway.</i>
<i> You could switch tracks.</i>

2003
01:41:08,395 --> 01:41:10,696
<i> You could cause</i>
<i> derailments of trains</i>

2004
01:41:10,698 --> 01:41:12,498
<i> carrying explosive materials.</i>

2005
01:41:13,700 --> 01:41:16,936
<i>What if you were in the control</i>
<i> system of gas pipelines</i>

2006
01:41:17,271 --> 01:41:19,839
<i> and when a valve was</i>
<i> supposed to be open,</i>

2007
01:41:19,841 --> 01:41:22,508
<i> it was closed</i>
<i> and the pressure built up</i>

2008
01:41:22,709 --> 01:41:24,243
<i> and the pipeline exploded?</i>

2009
01:41:25,212 --> 01:41:29,148
There are companies that run
electric power generation

2010
01:41:29,550 --> 01:41:31,451
or electric power distribution

2011
01:41:31,718 --> 01:41:33,753
<i> that we know have been hacked</i>

2012
01:41:34,121 --> 01:41:36,556
<i> by foreign entities</i>
<i> that have the ability</i>

2013
01:41:36,558 --> 01:41:38,191
<i> to shut down the power grid.</i>

2014
01:41:38,759 --> 01:41:40,860
Sanger:<i> Imagine for a moment</i>

2015
01:41:40,862 --> 01:41:43,629
<i> that not only all the power</i>
<i> went off on the east coast,</i>

2016
01:41:43,931 --> 01:41:45,965
<i> but the entire Internet</i>
<i> came down.</i>

2017
01:41:46,633 --> 01:41:49,168
Imagine what the economic
impact of that is

2018
01:41:49,636 --> 01:41:51,771
even if it only lasted
for 24 hours.

2019
01:41:54,141 --> 01:41:55,808
Newsreader:
<i> According to the officials,</i>

2020
01:41:55,810 --> 01:41:59,045
<i> Iran is the first country ever</i>
<i> in the middle east</i>

2021
01:41:59,047 --> 01:42:01,547
<i> to actually be engaged</i>
<i> in a cyber war</i>

2022
01:42:01,549 --> 01:42:03,749
<i> with the United States</i>
<i> and Israel.</i>

2023
01:42:03,751 --> 01:42:07,120
<i> If anything they said</i>
<i> the recent cyber attacks</i>

2024
01:42:07,122 --> 01:42:09,288
<i> were what encouraged</i>
<i> them to plan to set up</i>

2025
01:42:09,290 --> 01:42:12,625
<i> the cyber army, which will</i>
<i> gather computer scientists,</i>

2026
01:42:12,627 --> 01:42:15,461
<i> programmers,</i>
<i> software engineers...</i>

2027
01:42:15,463 --> 01:42:18,397
Kiyaei:<i> If you are a youth</i>
<i> and you see assassination</i>

2028
01:42:18,399 --> 01:42:20,032
<i> of a nuclear scientist,</i>

2029
01:42:20,434 --> 01:42:22,902
your nuclear facilities
are getting attacked,

2030
01:42:23,604 --> 01:42:26,906
wouldn't you join
your national cyber army?

2031
01:42:27,608 --> 01:42:28,908
Well, many did.

2032
01:42:29,176 --> 01:42:32,345
And that's why today,
Iran has one of the largest...

2033
01:42:33,514 --> 01:42:35,915
Cyber armies in the world.

2034
01:42:36,416 --> 01:42:38,818
So whoever initiated this

2035
01:42:38,820 --> 01:42:41,320
and was very proud of themselves
to see that little dip

2036
01:42:41,822 --> 01:42:46,058
in Iran's centrifuge numbers,
should look back now

2037
01:42:46,527 --> 01:42:50,096
and acknowledge
that it was a major mistake.

2038
01:42:50,697 --> 01:42:53,933
Very quickly,
Iran sent a message

2039
01:42:53,935 --> 01:42:57,637
to the United States,
very sophisticated message,

2040
01:42:57,639 --> 01:43:00,439
and they did that
with two attacks.

2041
01:43:01,108 --> 01:43:03,910
<i> First, they attacked</i>
<i> Saudi aramco,</i>

2042
01:43:04,211 --> 01:43:06,179
<i> the biggest oil company</i>
<i> in the world,</i>

2043
01:43:06,513 --> 01:43:09,215
<i> and wiped out every piece</i>
<i> of software,</i>

2044
01:43:09,217 --> 01:43:13,619
<i> every line of code,</i>
<i> on 30,000 computer devices.</i>

2045
01:43:14,988 --> 01:43:20,560
Then Iran did a surge attack
on the American banks.

2046
01:43:20,562 --> 01:43:23,496
The most extensive attack on
American banks ever

2047
01:43:23,498 --> 01:43:26,332
launched from the middle east,
happening right now.

2048
01:43:27,868 --> 01:43:31,237
<i>trying to bank online this week</i>
<i> blocked, among the targets,</i>

2049
01:43:31,471 --> 01:43:34,307
<i> bank of America,</i>
<i> pnc, and Wells Fargo.</i>

2050
01:43:34,575 --> 01:43:37,977
<i> The U.S. suspects hackers</i>
<i> in Iran may be involved.</i>

2051
01:43:39,880 --> 01:43:41,914
NSA source:
<i> When Iran hit our banks,</i>

2052
01:43:41,916 --> 01:43:44,317
<i> we could have shut down</i>
<i> their botnet,</i>

2053
01:43:44,319 --> 01:43:46,485
<i> but the state department</i>
<i> got nervous,</i>

2054
01:43:46,687 --> 01:43:49,388
<i> because the servers weren't</i>
<i> actually in Iran.</i>

2055
01:43:50,057 --> 01:43:52,391
<i> So until there was</i>
<i> a diplomatic solution,</i>

2056
01:43:52,826 --> 01:43:55,461
<i> Obama let the private sector</i>
<i> deal with the problem.</i>

2057
01:43:56,063 --> 01:43:58,998
I imagine that in
the white house situation room

2058
01:43:59,333 --> 01:44:01,400
people sat around and said...

2059
01:44:02,069 --> 01:44:05,104
Let me be clear,
i don't imagine, I know.

2060
01:44:05,439 --> 01:44:08,007
People sat around in
the white house situation room

2061
01:44:08,009 --> 01:44:11,043
and said, "the iranians have
sent us a message

2062
01:44:11,045 --> 01:44:15,281
which is essentially,
'stop attacking us in cyberspace

2063
01:44:15,283 --> 01:44:17,817
the way you did at natanz
with stuxnet.

2064
01:44:18,252 --> 01:44:19,619
We can do it, too.'"

2065
01:44:21,521 --> 01:44:24,090
Melman:<i> There are unintended</i>
<i> consequences</i>

2066
01:44:24,092 --> 01:44:26,158
<i> of the stuxnet attack.</i>

2067
01:44:26,593 --> 01:44:30,363
You wanted to cause confusion
and damage to the other side,

2068
01:44:30,365 --> 01:44:33,132
but then the other side
can do the same to you.

2069
01:44:33,900 --> 01:44:36,802
<i> The monster turned against</i>
<i> its creators,</i>

2070
01:44:36,804 --> 01:44:39,205
<i> and now everyone is</i>
<i> in this game.</i>

2071
01:44:40,107 --> 01:44:42,575
They did a good job
in showing the world,

2072
01:44:42,577 --> 01:44:45,978
including the bad guys,
what you would need to do

2073
01:44:45,980 --> 01:44:48,114
in order to cause
serious trouble

2074
01:44:48,382 --> 01:44:50,883
that could lead
to injuries and death.

2075
01:44:51,151 --> 01:44:53,953
It's inevitable that more
countries will acquire

2076
01:44:53,955 --> 01:44:56,255
the capacity to use cyber,

2077
01:44:56,257 --> 01:44:59,725
<i> both for espionage</i>
<i>and for destructive activities.</i>

2078
01:45:00,494 --> 01:45:02,828
<i> And we've seen this in some of</i>
<i> the recent conflicts</i>

2079
01:45:02,830 --> 01:45:04,297
<i>that Russia's been involved in.</i>

2080
01:45:04,498 --> 01:45:07,166
<i>If there's a war, then somebody</i>
<i> will try to knock out</i>

2081
01:45:07,168 --> 01:45:09,568
<i> our communication system</i>
<i> or the radar.</i>

2082
01:45:09,570 --> 01:45:12,138
Mcgurk:<i> State-sponsored</i>
<i> cyber sleeper cells,</i>

2083
01:45:12,572 --> 01:45:14,407
<i> they're out there</i>
<i> everywhere today.</i>

2084
01:45:14,641 --> 01:45:16,976
<i> It could be for</i>
<i> communications purposes.</i>

2085
01:45:16,978 --> 01:45:19,178
<i> It could be for</i>
<i> data exfiltration.</i>

2086
01:45:19,446 --> 01:45:23,049
It could be to, you know,
Shepherd in the next stuxnet.

2087
01:45:23,450 --> 01:45:25,318
<i> I mean, you've been focusing</i>
<i> on stuxnet,</i>

2088
01:45:25,320 --> 01:45:26,852
<i> but that was just a small part</i>

2089
01:45:26,854 --> 01:45:29,021
<i> of a much larger</i>
<i> iranian mission.</i>

2090
01:45:29,756 --> 01:45:31,390
Gibney:<i> There was a larger</i>
<i> iranian mission?</i>

2091
01:45:34,528 --> 01:45:37,763
<i> Nitro Zeus. Nz.</i>

2092
01:45:39,132 --> 01:45:43,336
<i> We spent hundreds of millions,</i>
<i> maybe billions on it.</i>

2093
01:45:45,939 --> 01:45:49,508
<i> In the event the Israelis</i>
<i> did attack Iran,</i>

2094
01:45:49,510 --> 01:45:52,178
<i> we assumed we would be drawn</i>
<i> into the conflict.</i>

2095
01:45:53,547 --> 01:45:57,016
<i> We built in attacks on Iran's</i>
<i> command-and-control system</i>

2096
01:45:57,018 --> 01:45:59,385
<i> so the iranians couldn't</i>
<i> talk to each other in a fight.</i>

2097
01:45:59,886 --> 01:46:03,422
<i> We infiltrated their iads,</i>
<i> military air defense systems,</i>

2098
01:46:03,724 --> 01:46:05,758
<i> so they couldn't shoot down</i>
<i> our planes if we flew over.</i>

2099
01:46:06,526 --> 01:46:09,628
<i> We also went after</i>
<i>their civilian support systems,</i>

2100
01:46:09,630 --> 01:46:12,198
<i> power grids, transportation,</i>

2101
01:46:12,566 --> 01:46:15,368
<i> communications,</i>
<i> financial systems.</i>

2102
01:46:15,969 --> 01:46:19,271
<i> We were inside waiting,</i>
<i> watching,</i>

2103
01:46:19,539 --> 01:46:22,541
<i> ready to disrupt, degrade,</i>
<i> and destroy those systems</i>

2104
01:46:22,543 --> 01:46:23,876
<i> with cyber-attacks.</i>

2105
01:46:27,514 --> 01:46:28,981
<i> And in comparison,</i>

2106
01:46:29,216 --> 01:46:31,450
<i> stuxnet was a back alley</i>
<i> operation.</i>

2107
01:46:32,586 --> 01:46:36,088
<i> Nz was the plan</i>
<i> for a full-scale cyber war</i>

2108
01:46:36,090 --> 01:46:37,957
<i> with no attribution.</i>

2109
01:46:38,725 --> 01:46:40,226
The question is,
is that the kind of world

2110
01:46:41,762 --> 01:46:45,531
And if we don't, as citizens,
how do we go about a process

2111
01:46:45,533 --> 01:46:47,533
where we have
a more sane discussion?

2112
01:46:47,535 --> 01:46:49,935
We need an entirely new way
of thinking about

2113
01:46:49,937 --> 01:46:51,504
how we're gonna solve
this problem.

2114
01:46:52,439 --> 01:46:54,573
You're not going to get
an entirely new way

2115
01:46:54,575 --> 01:46:55,975
of solving this problem

2116
01:46:56,276 --> 01:46:59,078
until you begin to have
an open acknowledgement

2117
01:46:59,579 --> 01:47:01,914
that we have cyber weapons
as well,

2118
01:47:02,783 --> 01:47:05,818
and that we may have to agree
to some limits on their use

2119
01:47:06,353 --> 01:47:08,687
if we're going to get other
nations to limit their use.

2120
01:47:08,689 --> 01:47:10,256
It's not gonna be
a one-way street.

2121
01:47:10,457 --> 01:47:13,125
I'm old enough to have worked
on nuclear arms control

2122
01:47:13,460 --> 01:47:15,961
and biological weapons
arms control

2123
01:47:15,963 --> 01:47:18,130
and chemical weapons
arms control.

2124
01:47:19,299 --> 01:47:23,769
And I was told in each of those
types of arms control,

2125
01:47:23,771 --> 01:47:25,104
when we were beginning,

2126
01:47:25,405 --> 01:47:28,374
"it's too hard.
There are all these problems.

2127
01:47:28,642 --> 01:47:30,743
It's technical.
There's engineering.

2128
01:47:30,745 --> 01:47:32,411
There's science involved.

2129
01:47:32,413 --> 01:47:34,747
There are real verification
difficulties.

2130
01:47:34,749 --> 01:47:36,282
You'll never get there."

2131
01:47:36,716 --> 01:47:39,118
Well, it took 20,
30 years in some cases,

2132
01:47:39,553 --> 01:47:41,320
but we have
a biological weapons treaty

2133
01:47:41,322 --> 01:47:42,721
that's pretty damn good.

2134
01:47:42,723 --> 01:47:44,223
We have
a chemical weapons treaty

2135
01:47:44,225 --> 01:47:45,624
that's pretty damn good.

2136
01:47:45,792 --> 01:47:48,127
We've got three or four
nuclear weapons treaties.

2137
01:47:48,428 --> 01:47:50,029
Yes, it may be hard,

2138
01:47:50,297 --> 01:47:52,398
and it may take
20 or 30 years,

2139
01:47:52,799 --> 01:47:55,367
but it'll never happen
unless you get serious about it,

2140
01:47:55,836 --> 01:47:57,803
and it'll never happen
unless you start it.

2141
01:48:03,610 --> 01:48:06,579
Today, after two years
of negotiations,

2142
01:48:07,013 --> 01:48:10,316
the United States, together with
our international partners,

2143
01:48:10,784 --> 01:48:14,186
has achieved something that
decades of animosity has not,

2144
01:48:14,821 --> 01:48:16,722
a comprehensive,
long-term deal

2145
01:48:17,157 --> 01:48:20,826
with Iran that will prevent it
from obtaining a nuclear weapon.

2146
01:48:21,027 --> 01:48:23,496
It was reached in
lausanne, Switzerland,

2147
01:48:23,498 --> 01:48:25,998
by Iran, the U.S.,
britain, France,

2148
01:48:26,000 --> 01:48:27,933
Germany, Russia,
and China.

2149
01:48:27,935 --> 01:48:31,036
It is a deal in which Iran
will cut

2150
01:48:31,038 --> 01:48:35,241
its installed centrifuges
by more than two thirds.

2151
01:48:35,442 --> 01:48:38,677
Iran will not enrich uranium
with its advanced centrifuges

2152
01:48:38,679 --> 01:48:40,679
for at least
the next ten years.

2153
01:48:40,681 --> 01:48:43,315
It will make our country,
our allies,

2154
01:48:43,317 --> 01:48:44,950
and our world safer.

2155
01:48:45,852 --> 01:48:49,855
Netanyahu: Seventy years after
the murder of 6 million Jews

2156
01:48:49,857 --> 01:48:54,927
Iran's rulers promised
to destroy my country,

2157
01:48:55,228 --> 01:48:58,964
and the response from nearly
every one of the governments

2158
01:48:58,966 --> 01:49:03,035
represented here
has been utter silence.

2159
01:49:03,670 --> 01:49:05,471
Deafening silence.

2160
01:49:13,179 --> 01:49:15,247
Perhaps you can
now understand

2161
01:49:15,982 --> 01:49:19,485
why Israel is not joining you
in celebrating this deal.

2162
01:49:20,654 --> 01:49:23,055
History shows
that America must lead,

2163
01:49:23,057 --> 01:49:25,991
not just with our might,
but with our principles.

2164
01:49:26,927 --> 01:49:30,095
It shows were are stronger,
not when we are alone,

2165
01:49:30,097 --> 01:49:32,264
but when we bring
the world together.

2166
01:49:33,433 --> 01:49:35,701
Today's announcement marks
one more chapter

2167
01:49:35,703 --> 01:49:39,972
in this pursuit
of a safer and more helpful,

2168
01:49:40,340 --> 01:49:43,676
more hopeful world.
Thank you.

2169
01:49:44,210 --> 01:49:47,446
God bless you, and god bless
the United States of America.

2170
01:49:51,851 --> 01:49:53,619
NSA source:
<i> Everyone I know is basically</i>

2171
01:49:53,621 --> 01:49:55,154
<i> thrilled with the Iran deal.</i>

2172
01:49:55,722 --> 01:49:57,590
<i>Sanctions and diplomacy worked.</i>

2173
01:49:57,958 --> 01:50:00,225
<i> But behind that deal</i>
<i> was a lot of confidence</i>

2174
01:50:00,227 --> 01:50:01,827
<i> in our cyber capability.</i>

2175
01:50:02,896 --> 01:50:05,764
<i>We were everywhere inside Iran.</i>
<i> Still are.</i>

2176
01:50:06,633 --> 01:50:08,867
<i> I'm not gonna tell you</i>
<i> the operational details</i>

2177
01:50:08,869 --> 01:50:11,503
<i>of what we can do going forward</i>
<i> or where...</i>

2178
01:50:13,039 --> 01:50:17,142
<i> But the science fiction</i>
<i> cyber war scenario is here.</i>

2179
01:50:17,144 --> 01:50:18,611
<i> That's nitro Zeus.</i>

2180
01:50:20,046 --> 01:50:22,715
<i> But my concern</i>
<i> and the reason I'm talking...</i>

2181
01:50:24,217 --> 01:50:27,152
<i> Is because when you shut down</i>
<i> a country's power grid...</i>

2182
01:50:28,455 --> 01:50:31,423
<i> It doesn't just</i>
<i> pop back up, you know?</i>

2183
01:50:31,425 --> 01:50:33,225
<i>It's more like humpty-dumpty...</i>

2184
01:50:34,594 --> 01:50:38,464
<i> And if all the king's men</i>
<i> can't turn the lights back on</i>

2185
01:50:38,466 --> 01:50:40,366
<i> or filter the water</i>
<i> for weeks,</i>

2186
01:50:40,567 --> 01:50:42,468
<i> then lots of people die.</i>

2187
01:50:44,738 --> 01:50:46,672
<i> And something</i>
<i> we can do to others,</i>

2188
01:50:46,973 --> 01:50:48,507
<i> they can do to us too.</i>

2189
01:50:49,909 --> 01:50:52,578
<i> Is that something</i>
<i> that we should keep quiet?</i>

2190
01:50:53,747 --> 01:50:55,414
<i> Or should we talk about it?</i>

2191
01:50:56,349 --> 01:50:58,250
Gibney:<i> I've gone to many people</i>
<i> in this film,</i>

2192
01:50:58,252 --> 01:51:00,019
<i> even friends of mine,</i>
<i> who won't talk to me</i>

2193
01:51:00,021 --> 01:51:02,187
<i> about the NSA or stuxnet</i>
<i> even off the record</i>

2194
01:51:02,189 --> 01:51:03,489
<i> for fear of going to jail.</i>

2195
01:51:03,857 --> 01:51:05,658
<i> Is that fear protecting us?</i>

2196
01:51:06,826 --> 01:51:09,428
<i> No, but it protects me.</i>

2197
01:51:10,196 --> 01:51:11,597
<i> Or should I say we?</i>

2198
01:51:12,932 --> 01:51:14,667
I'm an actor playing a role

2199
01:51:14,669 --> 01:51:16,802
written from the testimony
of a small number of people

2200
01:51:16,804 --> 01:51:18,337
from NSA and CIA,

2201
01:51:18,672 --> 01:51:21,040
all of whom are angry about
the secrecy

2202
01:51:21,042 --> 01:51:22,775
but too scared
to come forward.

2203
01:51:23,109 --> 01:51:24,543
Now, we're forward.

2204
01:51:25,812 --> 01:51:28,614
Well, forward-leaning.