1
00:00:47,112 --> 00:00:49,213
Through the darkness

2
00:00:49,215 --> 00:00:53,450
of the pathways
that we marched,

3
00:00:54,519 --> 00:00:57,554
evil and good lived side by side.

4
00:00:57,556 --> 00:01:00,624
And this is the nature of life.

5
00:01:16,741 --> 00:01:19,042
We are in an unbalanced

6
00:01:19,044 --> 00:01:23,247
and inequivalent confrontation
between democracies

7
00:01:23,249 --> 00:01:25,616
who are obliged to
play by the rules

8
00:01:26,251 --> 00:01:29,686
and entities who think
democracy is a joke.

9
00:01:31,790 --> 00:01:34,158
You can't convince fanatics

10
00:01:34,160 --> 00:01:38,762
by saying, hey,
hatred paralyzes you,

11
00:01:38,764 --> 00:01:40,364
love releases you.

12
00:01:41,466 --> 00:01:45,736
There are different rules
that we have to play by.

13
00:02:01,319 --> 00:02:03,987
Today, two of Iran's
top nuclear scientists

14
00:02:03,989 --> 00:02:05,956
were targeted by hit squads.

15
00:02:05,958 --> 00:02:07,991
In the capital Tehran.

16
00:02:07,993 --> 00:02:09,626
The latest in a string of attacks.

17
00:02:09,628 --> 00:02:11,862
Today's attack has
all the hallmarks

18
00:02:11,864 --> 00:02:14,031
of major strategic sabotage.

19
00:02:14,033 --> 00:02:15,132
Iran immediately accused

20
00:02:15,134 --> 00:02:16,366
the U.S. and Israel

21
00:02:16,368 --> 00:02:18,235
of trying to damage
its nuclear program.

22
00:02:19,900 --> 00:02:21,089
Unfortunately,
and without any doubt,

23
00:02:21,340 --> 00:02:23,800
in the assassinations
which took place today

24
00:02:24,134 --> 00:02:27,974
Western countries and the
Zionist regime were involved.

25
00:02:28,280 --> 00:02:34,017
I want to categorically deny
any United States involvement

26
00:02:34,019 --> 00:02:38,956
in any kind of act of
violence inside Iran.

27
00:02:38,958 --> 00:02:42,125
Covert actions can help,

28
00:02:42,127 --> 00:02:44,127
can assist.

29
00:02:45,396 --> 00:02:48,298
They are needed, they are
not all the time essential,

30
00:02:48,533 --> 00:02:52,970
and they, in no way,
can replace political wisdom.

31
00:02:53,338 --> 00:02:55,572
Were the assassinations in Iran

32
00:02:55,574 --> 00:02:57,975
related to the STUXnet
computer attacks?

33
00:02:59,143 --> 00:03:00,978
Uh, next question, please.

34
00:03:02,580 --> 00:03:04,147
Iran's infrastructure

35
00:03:04,149 --> 00:03:05,249
is being targeted

36
00:03:05,251 --> 00:03:08,418
by a new and dangerously
powerful cyber worm.

37
00:03:08,420 --> 00:03:11,054
The so-called STUXnet
worm is specifically designed,

38
00:03:11,056 --> 00:03:13,390
it seems,
to infiltrate and sabotage

39
00:03:13,392 --> 00:03:16,526
real-world power plants
and factories and refineries.

40
00:03:16,528 --> 00:03:17,928
It's not trying to steal information

41
00:03:17,930 --> 00:03:19,096
or grab your credit card,

42
00:03:19,098 --> 00:03:21,899
they're trying to get into
some sort of industrial plant

43
00:03:21,901 --> 00:03:24,285
and wreak havoc trying
to blow up an engine or...

44
00:03:24,285 --> 00:03:25,576
The Stuxnet virus has
made attacks worldwide.

45
00:03:26,988 --> 00:03:31,785
In Iran alone it was
identified 30 thousand times.

46
00:03:32,536 --> 00:03:37,536
A super computer virus has put on
alert several countries' secret services.

47
00:03:37,791 --> 00:03:40,751
The information could be
in the reach of terrorists.

48
00:03:40,752 --> 00:03:41,852
No one knows

49
00:03:41,854 --> 00:03:43,020
who's behind the worm

50
00:03:43,022 --> 00:03:44,688
and the exact
nature of its mission,

51
00:03:44,690 --> 00:03:47,557
but there are fears
Iran will hold Israel

52
00:03:47,559 --> 00:03:50,928
or America responsible
and seek retaliation.

53
00:03:50,930 --> 00:03:52,029
It's not impossible that

54
00:03:52,031 --> 00:03:53,363
some group of hackers did it,

55
00:03:53,365 --> 00:03:55,432
but the security experts
that are studying this

56
00:03:55,434 --> 00:03:58,201
really think this required the
resource of a nation-state.

57
00:04:04,142 --> 00:04:06,076
Okay, and spinning.

58
00:04:06,078 --> 00:04:07,544
Okay, good. Here we go.

59
00:04:08,780 --> 00:04:12,082
What impact, ultimately,
did the STUXnet attack have?

60
00:04:12,084 --> 00:04:13,350
Can you say?

61
00:04:14,152 --> 00:04:16,320
I don't want to get
into the details.

62
00:04:16,554 --> 00:04:19,056
Since the event has
already happened,

63
00:04:19,058 --> 00:04:22,759
why can't we talk more openly
and publicly about STUXnet?

64
00:04:22,761 --> 00:04:25,662
Yeah, I mean, my answer
is because it's classified.

65
00:04:26,130 --> 00:04:29,232
I won't knowledge...
you know, knowingly

66
00:04:29,234 --> 00:04:31,335
offer up anything I
consider classified.

67
00:04:31,337 --> 00:04:33,570
I know that you can't
talk much about STUXnet,

68
00:04:33,572 --> 00:04:36,974
because STUXnet is
officially classified.

69
00:04:36,976 --> 00:04:38,342
You're right on both those counts.

70
00:04:38,810 --> 00:04:40,143
But there has been

71
00:04:40,145 --> 00:04:42,245
a lot reported
about it in the press.

72
00:04:42,247 --> 00:04:44,481
I don't want to comment on this.

73
00:04:44,483 --> 00:04:48,752
I read it in the newspaper,
the media, like you,

74
00:04:48,754 --> 00:04:51,755
but I'm unable to
elaborate upon it.

75
00:04:51,990 --> 00:04:54,157
People might find it frustrating

76
00:04:54,159 --> 00:04:56,693
not to be able to talk about it
when it's in the public domain,

77
00:04:56,695 --> 00:04:58,095
but...

78
00:04:58,097 --> 00:04:59,596
I find it frustrating.

79
00:04:59,598 --> 00:05:01,098
Yeah, I'm sure you do.

80
00:05:01,100 --> 00:05:02,666
I don't answer that question.

81
00:05:02,668 --> 00:05:04,034
Unfortunately, I can't comment.

82
00:05:04,036 --> 00:05:05,669
I do not know how
to answer that.

83
00:05:05,671 --> 00:05:07,838
Two answers before you
even get started, I don't know,

84
00:05:07,840 --> 00:05:10,640
and if I did, we wouldn't
talk about it anyway.

85
00:05:10,642 --> 00:05:12,476
How can you have a
debate if everything's secret?

86
00:05:12,478 --> 00:05:14,511
I think right now that's
just where we are.

87
00:05:14,812 --> 00:05:16,279
No one wants to...

88
00:05:16,281 --> 00:05:18,682
Countries aren't
happy about confessing

89
00:05:18,684 --> 00:05:21,485
or owning up to what they did
because they're not quite sure

90
00:05:21,487 --> 00:05:23,353
where they want
the system to go.

91
00:05:23,988 --> 00:05:25,956
And so whoever
was behind STUXnet

92
00:05:25,958 --> 00:05:27,457
hasn't admitted
they were behind it.

93
00:05:31,295 --> 00:05:33,163
Asking officials about STUXnet

94
00:05:33,165 --> 00:05:34,698
was frustrating and surreal,

95
00:05:34,999 --> 00:05:37,534
like asking the emperor
about his new clothes.

96
00:05:38,236 --> 00:05:41,338
Even after the cyber weapon
had penetrated computers

97
00:05:41,340 --> 00:05:42,739
all over the world,

98
00:05:43,007 --> 00:05:45,308
no one was willing
to admit it was loose

99
00:05:45,310 --> 00:05:47,711
or talk about the
dangers it posed.

100
00:05:48,579 --> 00:05:50,847
What was it about
the STUXnet operation

101
00:05:50,849 --> 00:05:52,649
that was hiding in plain sight?

102
00:05:54,085 --> 00:05:55,852
Maybe there was a
way the computer code

103
00:05:55,854 --> 00:05:57,487
could speak for itself.

104
00:05:58,256 --> 00:06:00,624
STUXnet first surfaced in Belarus.

105
00:06:01,192 --> 00:06:03,560
I started with a call to
the man who discovered it

106
00:06:03,562 --> 00:06:06,563
when his clients in
Iran began to panic

107
00:06:06,565 --> 00:06:09,232
over an epidemic of
computer shutdowns.

108
00:06:10,034 --> 00:06:13,270
Had you ever seen anything
quite so sophisticated before?

109
00:06:13,864 --> 00:06:17,624
I have seen very
sophisticated viruses before,

110
00:06:17,868 --> 00:06:21,748
but they didn't have...

111
00:06:24,208 --> 00:06:25,578
this kind of...

112
00:06:27,169 --> 00:06:27,919
zero day.

113
00:06:29,254 --> 00:06:32,724
It was the first
time in my practice.

114
00:06:33,550 --> 00:06:36,640
That led me to understand

115
00:06:38,013 --> 00:06:44,983
that I should notify web
security companies ASAP

116
00:06:46,730 --> 00:06:51,230
about the fact that
such a danger exists.

117
00:07:36,687 --> 00:07:38,522
On a daily basis, basically

118
00:07:38,524 --> 00:07:40,590
we are sifting through

119
00:07:40,592 --> 00:07:44,094
a massive haystack looking
for that proverbial needle.

120
00:07:44,962 --> 00:07:47,931
We get millions of pieces
of new malicious threats

121
00:07:47,933 --> 00:07:49,799
and there are millions
of attacks going on

122
00:07:49,801 --> 00:07:51,001
every single day.

123
00:07:51,169 --> 00:07:53,603
And only way are
trying to protect people

124
00:07:53,605 --> 00:07:55,205
and their computers
and their systems

125
00:07:55,207 --> 00:07:57,874
and countries' infrastructure

126
00:07:57,876 --> 00:07:59,976
from being taken
down by those attacks.

127
00:07:59,978 --> 00:08:03,313
But more importantly, we have
to find the attacks that matter.

128
00:08:03,315 --> 00:08:05,048
When you're talking
about that many,

129
00:08:05,349 --> 00:08:07,617
impact is extremely important.

130
00:08:19,997 --> 00:08:21,698
Twenty years ago,
the antivirus companies,

131
00:08:21,700 --> 00:08:23,400
they were hunting
for computer viruses

132
00:08:23,402 --> 00:08:24,668
because there were not so many.

133
00:08:24,670 --> 00:08:27,971
So we had, like,
tens of dozens a month,

134
00:08:28,172 --> 00:08:30,740
and there was just little numbers.

135
00:08:30,742 --> 00:08:34,945
Now, we collect millions of
unique attacks every month.

136
00:08:36,314 --> 00:08:38,748
This room we call a
woodpecker's room

137
00:08:38,750 --> 00:08:40,083
or a virus lab,

138
00:08:40,318 --> 00:08:42,252
and this is where
virus analysts sit.

139
00:08:42,254 --> 00:08:44,221
We call them woodpeckers
because they are

140
00:08:44,223 --> 00:08:46,723
pecking the worms,
network worms, and viruses.

141
00:08:47,592 --> 00:08:50,827
And we see, like, three
different groups of hackers

142
00:08:50,829 --> 00:08:52,395
behind cyber-attacks.

143
00:08:53,164 --> 00:08:54,931
They are traditional
cyber criminals.

144
00:08:55,099 --> 00:08:58,935
Those guys are interested
only in illegal profit.

145
00:08:58,937 --> 00:09:00,337
And quick and dirty money.

146
00:09:00,339 --> 00:09:02,505
Activists, or hacktivists,

147
00:09:02,507 --> 00:09:04,874
they are hacking for
fun or hacking to push

148
00:09:04,876 --> 00:09:06,142
some political message.

149
00:09:06,377 --> 00:09:08,745
And the third group
is nation-states.

150
00:09:08,946 --> 00:09:11,848
They're interested in
high-quality intelligence

151
00:09:11,850 --> 00:09:13,283
or sabotage activity.

152
00:09:14,552 --> 00:09:17,053
Security companies not
only share information

153
00:09:17,055 --> 00:09:18,788
but we also share
binary samples.

154
00:09:18,790 --> 00:09:20,390
So when this threat was found

155
00:09:20,392 --> 00:09:22,225
by a Belarusian
security company

156
00:09:22,227 --> 00:09:24,561
on one of their
customer's machines in Iran,

157
00:09:24,563 --> 00:09:27,163
the sample was shared
amongst the security community.

158
00:09:28,065 --> 00:09:29,633
When we try to name
threats, we just try to pick

159
00:09:29,635 --> 00:09:31,701
some sort of string,
some sort of words,

160
00:09:31,703 --> 00:09:34,271
that are inside of the binary.

161
00:09:35,439 --> 00:09:37,807
In this case, there was a
couple of words in there

162
00:09:37,809 --> 00:09:40,777
and we took pieces of each,
and that formed STUXnet.

163
00:09:43,247 --> 00:09:46,449
I got the news about STUXnet
from one of my engineers.

164
00:09:46,451 --> 00:09:49,152
He came to my office,
opened the door,

165
00:09:49,720 --> 00:09:52,722
and he said, so, Eugene,
of course you know that

166
00:09:52,724 --> 00:09:55,325
we are waiting for
something really bad.

167
00:09:55,626 --> 00:09:56,793
It happened.

168
00:10:03,501 --> 00:10:05,669
Give me some sense
of what it was like

169
00:10:05,671 --> 00:10:07,070
in the lab at that time.

170
00:10:07,072 --> 00:10:08,672
Was there a palpable
sense of amazement

171
00:10:08,674 --> 00:10:10,674
that you had something
really different there?

172
00:10:10,975 --> 00:10:12,976
Well, I wouldn't
call it amazement.

173
00:10:12,978 --> 00:10:15,045
It was a kind of a shock.

174
00:10:15,446 --> 00:10:18,581
It went beyond our worst
fears, our worst nightmares,

175
00:10:18,949 --> 00:10:21,951
and this continued
the more we analyzed.

176
00:10:21,953 --> 00:10:23,920
The more we researched,

177
00:10:23,922 --> 00:10:26,923
the more bizarre
the whole story got.

178
00:10:27,258 --> 00:10:28,925
We look at so much
malware every day that

179
00:10:28,927 --> 00:10:30,860
we can just look at the code
and straightaway we can say,

180
00:10:30,862 --> 00:10:32,462
okay, there's something
bad going on here,

181
00:10:32,464 --> 00:10:33,930
and I need to investigate that.

182
00:10:33,932 --> 00:10:34,998
And that's the way it was

183
00:10:35,199 --> 00:10:37,133
when we looked at
STUXnet for the first time.

184
00:10:37,135 --> 00:10:39,636
We opened it up and there was
just bad things everywhere.

185
00:10:39,638 --> 00:10:42,105
Just like, okay,
this is bad and that's bad,

186
00:10:42,107 --> 00:10:43,640
and, you know,
we need to investigate this.

187
00:10:43,642 --> 00:10:45,108
And just suddenly we had, like,

188
00:10:45,110 --> 00:10:46,576
a hundred questions
straightaway.

189
00:10:48,612 --> 00:10:51,047
The most interesting thing
that we do is detective work

190
00:10:51,049 --> 00:10:53,717
where we try to track
down who's behind a threat,

191
00:10:53,719 --> 00:10:55,285
what are they doing,
what's their motivation,

192
00:10:55,287 --> 00:10:57,020
and try to really
stop it at the root.

193
00:10:57,022 --> 00:10:59,389
And it is kind of all-consuming.

194
00:10:59,391 --> 00:11:01,024
You get this new puzzle

195
00:11:01,026 --> 00:11:02,726
and it's very
difficult to put it down,

196
00:11:02,728 --> 00:11:05,161
you know, work until, like,
4:00 a.m. in the morning

197
00:11:05,163 --> 00:11:06,363
and figure these things out.

198
00:11:06,365 --> 00:11:09,165
And I was in that zone where
I was very consumed by this,

199
00:11:09,167 --> 00:11:11,301
very excited about it,
very interested to know

200
00:11:11,303 --> 00:11:12,569
what was happening.

201
00:11:12,571 --> 00:11:15,705
And Eric was also in
that same sort of zone.

202
00:11:15,707 --> 00:11:18,408
So the two of us were, like,
back and forth all the time.

203
00:11:18,410 --> 00:11:21,144
Liam and I continued
to grind at the code,

204
00:11:21,146 --> 00:11:23,246
sharing pieces, comparing notes,

205
00:11:23,248 --> 00:11:25,081
bouncing ideas off of each other.

206
00:11:25,516 --> 00:11:26,983
We realized that we needed to do

207
00:11:26,985 --> 00:11:30,053
what we called deep analysis,
pick apart the threat,

208
00:11:30,055 --> 00:11:32,889
every single byte,
every single zero, one,

209
00:11:32,891 --> 00:11:34,991
and understand everything
that was inside of it.

210
00:11:35,526 --> 00:11:37,327
And just to give
you some context,

211
00:11:37,329 --> 00:11:39,362
we can go through and
understand every line of code

212
00:11:39,364 --> 00:11:41,164
for the average threat in minutes.

213
00:11:41,766 --> 00:11:43,566
And here we are one
month into this threat

214
00:11:43,568 --> 00:11:45,502
and we were just starting
to discover what we call

215
00:11:45,504 --> 00:11:47,404
the payload or its whole purpose.

216
00:11:49,740 --> 00:11:51,274
When looking at
the STUXnet code,

217
00:11:51,276 --> 00:11:53,843
it's 20 times the size of
the average piece of code

218
00:11:54,345 --> 00:11:56,579
but contains almost
no bugs inside of it.

219
00:11:56,581 --> 00:11:58,448
And that's extremely rare.

220
00:11:58,450 --> 00:12:00,350
Malicious code always
has bugs inside of it.

221
00:12:00,352 --> 00:12:02,118
This wasn't the
case with STUXnet.

222
00:12:02,120 --> 00:12:04,954
It's dense and every piece
of code does something

223
00:12:04,956 --> 00:12:07,791
and does something right in
order to conduct its attack.

224
00:12:09,026 --> 00:12:11,094
One of the things
that surprised us

225
00:12:11,096 --> 00:12:13,463
was that STUXnet
utilized what's called

226
00:12:13,465 --> 00:12:16,032
a zero-day exploit, or basically,

227
00:12:16,034 --> 00:12:18,368
a piece of code that
allows it to spread

228
00:12:18,370 --> 00:12:20,203
without you having
to do anything.

229
00:12:20,205 --> 00:12:22,939
You don't have to, for example,
download a file and run it.

230
00:12:22,941 --> 00:12:25,141
A zero-day exploit
is an exploit that

231
00:12:25,143 --> 00:12:26,810
nobody knows about
except the attacker.

232
00:12:26,812 --> 00:12:28,378
So there's no
protection against it.

233
00:12:28,380 --> 00:12:29,813
There's been no patch released.

234
00:12:29,815 --> 00:12:32,115
There's been zero
days protection,

235
00:12:32,117 --> 00:12:33,716
you know, against it.

236
00:12:34,585 --> 00:12:35,985
That's what attackers value,

237
00:12:35,987 --> 00:12:37,787
because they know 100 percent

238
00:12:37,789 --> 00:12:40,123
if they have this zero-day exploit,

239
00:12:40,125 --> 00:12:41,825
they can get in
wherever they want.

240
00:12:41,827 --> 00:12:43,326
They're actually very valuable.

241
00:12:43,328 --> 00:12:44,727
You can sell these
on the underground

242
00:12:44,729 --> 00:12:46,249
for hundreds of
thousands of dollars.

243
00:12:47,598 --> 00:12:48,665
Then we became more worried

244
00:12:48,667 --> 00:12:50,733
because immediately we
discovered more zero days.

245
00:12:50,735 --> 00:12:53,470
And again, these zero
days are extremely rare.

246
00:12:53,472 --> 00:12:55,772
Inside STUXnet we had,
you know, four zero days,

247
00:12:55,774 --> 00:12:57,507
and for the entire
rest of the year,

248
00:12:57,509 --> 00:13:00,076
we only saw 12 zero days used.

249
00:13:00,078 --> 00:13:01,744
It blows all... everything
else out of the water.

250
00:13:01,746 --> 00:13:02,979
We've never seen this before.

251
00:13:02,981 --> 00:13:04,741
Actually, we've never
seen it since, either.

252
00:13:04,815 --> 00:13:07,417
Seeing one in a malware
you could understand

253
00:13:07,419 --> 00:13:10,320
because, you know, the malware
authors are making money,

254
00:13:10,322 --> 00:13:11,921
they're stealing people's
credit cards and making money,

255
00:13:11,923 --> 00:13:13,089
so it's worth their while to use it,

256
00:13:13,091 --> 00:13:15,458
but seeing four zero
days, could be worth

257
00:13:15,460 --> 00:13:16,659
half a million dollars right there,

258
00:13:16,661 --> 00:13:18,428
used in one piece of malware,

259
00:13:18,696 --> 00:13:21,097
this is not your ordinary
criminal gangs doing this.

260
00:13:21,099 --> 00:13:22,699
This is someone bigger.

261
00:13:22,701 --> 00:13:24,601
It's definitely not
traditional crime,

262
00:13:24,603 --> 00:13:28,104
not hacktivists. Who else?

263
00:13:28,973 --> 00:13:31,207
It was evident on
a very early stage

264
00:13:31,709 --> 00:13:33,943
that just given the sophistication

265
00:13:33,945 --> 00:13:35,445
of this malware...

266
00:13:36,680 --> 00:13:39,482
Suggested that
there must have been

267
00:13:39,484 --> 00:13:40,950
a nation-state involved,

268
00:13:40,952 --> 00:13:44,187
at least one nation-state
involved in the development.

269
00:13:44,189 --> 00:13:46,222
When we look at code
that's coming from

270
00:13:46,224 --> 00:13:47,790
what appears to
be a state attacker

271
00:13:47,792 --> 00:13:50,393
or state-sponsored attacker,
usually they're scrubbed clean.

272
00:13:50,395 --> 00:13:52,829
They don't leave
little bits behind.

273
00:13:52,831 --> 00:13:54,564
They don't leave
little hints behind.

274
00:13:54,832 --> 00:13:56,499
But in STUXnet
there were actually

275
00:13:56,501 --> 00:13:57,867
a few hints left behind.

276
00:13:59,136 --> 00:14:02,405
One was that, in order
to get low-level access

277
00:14:02,407 --> 00:14:03,873
to Microsoft Windows,

278
00:14:04,074 --> 00:14:05,874
STUXnet needed to
use a digital certificate,

279
00:14:06,176 --> 00:14:08,578
which certifies that
this piece of code

280
00:14:08,580 --> 00:14:11,447
came from a particular company.

281
00:14:12,349 --> 00:14:14,417
Now, those attackers
obviously couldn't go to Microsoft

282
00:14:14,419 --> 00:14:15,885
and say, hey,
test our code out for us.

283
00:14:15,887 --> 00:14:17,487
And give us a digital certificate.

284
00:14:18,188 --> 00:14:19,789
So they essentially stole them...

285
00:14:21,025 --> 00:14:23,092
From two companies in Taiwan.

286
00:14:23,094 --> 00:14:24,994
And these two companies have
nothing to do with each other

287
00:14:24,996 --> 00:14:26,663
except for their close proximity

288
00:14:26,665 --> 00:14:28,464
in the exact same business park.

289
00:14:31,035 --> 00:14:34,871
Digital certificates are
guarded very, very closely

290
00:14:34,873 --> 00:14:36,406
behind multiple doors

291
00:14:36,408 --> 00:14:38,841
and they require
multiple people to unlock.

292
00:14:38,843 --> 00:14:40,510
To the camera.

293
00:14:40,512 --> 00:14:42,211
And they need to
provide both biometrics

294
00:14:42,213 --> 00:14:44,614
and, as well, pass phrases.

295
00:14:44,616 --> 00:14:46,082
It wasn't like those
certificates were

296
00:14:46,084 --> 00:14:47,784
just sitting on some machine
connected to the Internet.

297
00:14:48,018 --> 00:14:50,820
Some human assets
had to be involved, spies.

298
00:14:51,055 --> 00:14:52,889
Like a cleaner who
comes in at night

299
00:14:52,891 --> 00:14:54,624
and has stolen these certificates

300
00:14:54,626 --> 00:14:55,858
from these companies.

301
00:14:59,263 --> 00:15:01,364
It did feel like
walking onto the set

302
00:15:01,366 --> 00:15:03,866
of this James Bond
movie and you...

303
00:15:03,868 --> 00:15:05,435
You've been embroiled
in this thing that,

304
00:15:05,437 --> 00:15:08,037
you know, you...
you never expected.

305
00:15:10,708 --> 00:15:11,808
We continued to search,

306
00:15:11,810 --> 00:15:13,309
and we continued
to search in code,

307
00:15:13,311 --> 00:15:16,145
and eventually we found
some other bread crumbs left

308
00:15:16,147 --> 00:15:17,547
we were able to follow.

309
00:15:18,248 --> 00:15:19,882
It was doing
something with Siemens,

310
00:15:20,150 --> 00:15:22,952
Siemens software,
possibly Siemens hardware.

311
00:15:23,253 --> 00:15:24,954
We'd never ever seen that
in any malware before,

312
00:15:24,956 --> 00:15:26,289
something targeting Siemens.

313
00:15:26,291 --> 00:15:28,251
We didn't even know why
they would be doing that.

314
00:15:29,827 --> 00:15:32,562
But after googling,
very quickly we understood

315
00:15:32,564 --> 00:15:34,998
it was targeting Siemens PLCs.

316
00:15:35,466 --> 00:15:38,401
STUXnet was targeting a
very specific hardware device,

317
00:15:38,403 --> 00:15:41,804
something called a PLC or a
programmable logic controller.

318
00:15:42,239 --> 00:15:45,141
The PLC is kind of a
very small computer

319
00:15:45,442 --> 00:15:48,177
attached to physical equipment,

320
00:15:48,179 --> 00:15:50,813
like pumps,
like valves, like motors.

321
00:15:51,615 --> 00:15:56,185
So this little box is
running a digital program

322
00:15:56,187 --> 00:15:58,488
and the actions of this program

323
00:15:58,490 --> 00:16:02,592
turns that motor on, off,
or sets a specific speed.

324
00:16:02,594 --> 00:16:04,327
Those program
module controllers

325
00:16:04,329 --> 00:16:06,863
control things like
power plants, power grids.

326
00:16:06,865 --> 00:16:08,598
This is used in factories,

327
00:16:08,600 --> 00:16:11,067
it's used in critical infrastructure.

328
00:16:11,769 --> 00:16:14,804
Critical infrastructure,
it's everywhere around us,

329
00:16:14,806 --> 00:16:17,373
transportation,
telecommunications,

330
00:16:17,375 --> 00:16:19,676
financial services, health care.

331
00:16:20,210 --> 00:16:23,112
So the payload of
STUXnet was designed

332
00:16:23,114 --> 00:16:26,282
to attack some
very important part

333
00:16:26,284 --> 00:16:27,717
of our world.

334
00:16:27,985 --> 00:16:29,519
The payload is
gonna be important.

335
00:16:29,521 --> 00:16:32,288
What happens there
could be very dangerous.

336
00:16:34,492 --> 00:16:37,460
The next very big surprise came

337
00:16:37,462 --> 00:16:39,762
when it infected our lab system.

338
00:16:40,497 --> 00:16:43,499
We figured out that the
malware was probing

339
00:16:43,501 --> 00:16:44,867
for controllers.

340
00:16:45,235 --> 00:16:47,303
It was quite picky on its targets.

341
00:16:47,305 --> 00:16:51,641
It didn't try to manipulate any
given controller in a network

342
00:16:51,643 --> 00:16:52,975
that it would see.

343
00:16:53,210 --> 00:16:57,413
It went through several checks,
and when those checks failed,

344
00:16:57,415 --> 00:16:59,649
it would not
implement the attack.

345
00:17:02,386 --> 00:17:06,255
It was obviously probing
for a specific target.

346
00:17:07,591 --> 00:17:09,759
You've got to put
this in context that,

347
00:17:09,761 --> 00:17:11,561
at the time, we already knew,

348
00:17:11,563 --> 00:17:13,930
well, this is the most
sophisticated piece of malware

349
00:17:13,932 --> 00:17:15,498
that we have ever seen.

350
00:17:16,266 --> 00:17:18,234
So it's kind of strange.

351
00:17:18,236 --> 00:17:23,239
Somebody takes that huge
effort to hit one specific target?

352
00:17:23,507 --> 00:17:25,441
Well, that must be
quite a significant target.

353
00:17:29,046 --> 00:17:31,447
So at Symantec we
have probes on networks

354
00:17:31,449 --> 00:17:32,615
all over the world

355
00:17:32,617 --> 00:17:35,017
watching for malicious activity.

356
00:17:35,419 --> 00:17:37,420
We'd actually seen
infections of STUXnet

357
00:17:37,422 --> 00:17:39,956
all over the world,
in the U.S., Australia,

358
00:17:39,958 --> 00:17:42,592
in the U.K., in France,
Germany, all over Europe.

359
00:17:43,093 --> 00:17:45,493
It spread to any Windows
machine in the entire world.

360
00:17:45,863 --> 00:17:48,097
You know, we had
these organizations

361
00:17:48,099 --> 00:17:50,399
inside the United States
who were in charge of

362
00:17:50,401 --> 00:17:52,101
industrial control
facilities saying,

363
00:17:52,103 --> 00:17:54,103
we're infected.
What's gonna happen?

364
00:17:54,471 --> 00:17:57,140
We didn't know if there
was a deadline coming up

365
00:17:57,142 --> 00:17:58,708
where this threat would trigger

366
00:17:58,710 --> 00:18:01,043
and suddenly would,
like, turn off all, you know,

367
00:18:01,045 --> 00:18:02,612
electricity plants
around the world

368
00:18:02,614 --> 00:18:04,380
or it would start
shutting things down

369
00:18:04,382 --> 00:18:05,715
or launching some attack.

370
00:18:06,550 --> 00:18:09,585
We knew that STUXnet could
have very dire consequences,

371
00:18:09,587 --> 00:18:12,255
and we were very worried about

372
00:18:12,257 --> 00:18:13,723
what the payload contained

373
00:18:13,725 --> 00:18:15,958
and there was an
imperative speed

374
00:18:15,960 --> 00:18:18,060
that we had to race
and try and, you know,

375
00:18:18,062 --> 00:18:19,462
beat this ticking bomb.

376
00:18:20,597 --> 00:18:23,132
Eventually, we were able to
refine the statistics a little

377
00:18:23,134 --> 00:18:24,634
and we saw that Iran
was the number one

378
00:18:24,636 --> 00:18:26,235
infected country in the world.

379
00:18:26,237 --> 00:18:28,805
That immediately
raised our eyebrows.

380
00:18:28,807 --> 00:18:31,073
We had never
seen a threat before

381
00:18:31,075 --> 00:18:33,209
where it was
predominantly in Iran.

382
00:18:34,144 --> 00:18:35,745
And so we began to
follow what was going on

383
00:18:35,747 --> 00:18:36,979
in the geopolitical world,

384
00:18:37,147 --> 00:18:38,747
what was happening
in the general news.

385
00:18:38,916 --> 00:18:42,151
And at that time, there were
actually multiple explosions

386
00:18:42,153 --> 00:18:45,054
of gas pipelines going
in and out of Iran.

387
00:18:46,023 --> 00:18:47,423
Unexplained explosions.

388
00:18:48,959 --> 00:18:51,093
And of course, we did
notice that at the time

389
00:18:51,095 --> 00:18:53,729
there had been assassinations
of nuclear scientists.

390
00:18:54,932 --> 00:18:56,365
So that was worrying.

391
00:18:57,167 --> 00:18:59,368
We knew there was
something bad happening.

392
00:18:59,837 --> 00:19:01,671
Did you get
concerned for yourself?

393
00:19:01,673 --> 00:19:03,606
I mean, did you begin to start
looking over your shoulder

394
00:19:03,608 --> 00:19:04,841
from time to time?

395
00:19:04,843 --> 00:19:06,442
Yeah, definitely looking
over my shoulder

396
00:19:06,444 --> 00:19:09,011
and being careful about
what I spoke about on the phone.

397
00:19:10,013 --> 00:19:13,216
I was... pretty confident
my conversations on my...

398
00:19:13,218 --> 00:19:14,684
On the phone were
being listened to.

399
00:19:15,018 --> 00:19:16,986
We were only half joking

400
00:19:16,988 --> 00:19:19,021
when we would
look at each other

401
00:19:19,023 --> 00:19:20,790
and tell each other things like,

402
00:19:20,792 --> 00:19:23,025
look, I'm not suicidal.

403
00:19:23,360 --> 00:19:26,863
If I show up dead on Monday,
you know, it wasn't me.

404
00:19:35,639 --> 00:19:38,074
We'd been publishing
information about STUXnet

405
00:19:38,076 --> 00:19:39,475
all through that summer.

406
00:19:40,844 --> 00:19:43,479
And then in November,
the industrial control system

407
00:19:43,481 --> 00:19:46,616
sort of expert in
Holland contacted us...

408
00:19:47,885 --> 00:19:50,486
And he said all of these
devices that would be inside of

409
00:19:50,488 --> 00:19:53,556
an industrial control system
hold a unique identifier number

410
00:19:53,558 --> 00:19:56,759
that identified the make
and model of that device.

411
00:19:58,528 --> 00:20:02,198
And we actually had a couple
of these numbers in the code

412
00:20:02,200 --> 00:20:03,640
that we didn't know
what they were.

413
00:20:04,601 --> 00:20:06,502
And so we realized maybe
what he was referring to

414
00:20:06,504 --> 00:20:07,970
was the magic numbers we had.

415
00:20:08,505 --> 00:20:10,039
And then when we searched
for those magic numbers

416
00:20:10,041 --> 00:20:11,207
in that context,

417
00:20:11,209 --> 00:20:13,609
we saw that what
had to be connected

418
00:20:13,611 --> 00:20:15,778
to this industrial control
system that was being targeted

419
00:20:15,780 --> 00:20:17,747
were something called
frequency converters

420
00:20:18,081 --> 00:20:20,249
from two specific manufacturers,

421
00:20:20,251 --> 00:20:22,018
one of which was in Iran.

422
00:20:22,619 --> 00:20:24,387
And so at this time,
we absolutely knew

423
00:20:24,389 --> 00:20:26,722
that the facility that
was being targeted

424
00:20:26,724 --> 00:20:28,190
had to be in Iran

425
00:20:28,525 --> 00:20:31,360
and had equipment made
from Iranian manufacturers.

426
00:20:32,296 --> 00:20:34,063
When we looked up those
frequency converters,

427
00:20:34,065 --> 00:20:35,865
we immediately found
out that they were actually

428
00:20:35,867 --> 00:20:38,267
export controlled by the
nuclear regulatory commission.

429
00:20:38,869 --> 00:20:40,202
And that immediately
lead us then

430
00:20:40,204 --> 00:20:42,471
to some nuclear facility.

431
00:21:00,090 --> 00:21:02,224
This was more than
a computer story,

432
00:21:02,592 --> 00:21:05,027
so I left the world of
the antivirus detectives

433
00:21:05,329 --> 00:21:07,263
and sought out
journalist, David Sanger,

434
00:21:07,265 --> 00:21:09,498
who specialized in the
strange intersection

435
00:21:09,500 --> 00:21:12,501
of cyber, nuclear
weapons, and espionage.

436
00:21:13,470 --> 00:21:15,571
The emergence of the code

437
00:21:15,573 --> 00:21:18,874
is what put me on alert that
an attack was under way.

438
00:21:20,310 --> 00:21:23,479
And because of the covert
nature of the operation,

439
00:21:23,481 --> 00:21:26,482
not only were official
government spokesmen

440
00:21:26,484 --> 00:21:29,385
unable to talk about it,
they didn't even know about it.

441
00:21:30,587 --> 00:21:32,655
Eventually, the more I dug into it,

442
00:21:32,657 --> 00:21:37,259
the more I began
to find individuals

443
00:21:37,494 --> 00:21:39,695
who had been involved
in some piece of it

444
00:21:39,863 --> 00:21:41,931
or who had witnessed
some piece of it.

445
00:21:42,532 --> 00:21:44,934
And that meant
talking to Americans,

446
00:21:44,936 --> 00:21:47,837
talking to Israelis,
talking to Europeans,

447
00:21:47,839 --> 00:21:50,940
because this was
obviously the first, biggest,

448
00:21:50,942 --> 00:21:55,511
and most sophisticated
example of a state

449
00:21:55,513 --> 00:21:58,147
or two states using
a cyber weapon

450
00:21:58,149 --> 00:21:59,682
for offensive purposes.

451
00:22:03,120 --> 00:22:06,022
I came to this with
a fair bit of history,

452
00:22:06,024 --> 00:22:08,791
understanding the
Iranian nuclear program.

453
00:22:09,826 --> 00:22:13,229
How did Iran get its
first nuclear reactor?

454
00:22:13,797 --> 00:22:16,932
We gave it to them...
under the Shah,

455
00:22:17,234 --> 00:22:20,669
because the Shah was
considered an American ally.

456
00:22:22,173 --> 00:22:25,808
Thank you again for your
warm welcome, Mr. President.

457
00:22:26,143 --> 00:22:27,743
During the Nixon administration,

458
00:22:27,745 --> 00:22:31,013
the U.S. was very
enthusiastic about supporting

459
00:22:31,015 --> 00:22:33,115
the Shah's nuclear
power program.

460
00:22:34,017 --> 00:22:36,352
And at one point,
the Nixon administration

461
00:22:36,354 --> 00:22:39,188
was pushing the idea
that Pakistan and Iran

462
00:22:39,190 --> 00:22:43,793
should build a joint
plant together in Iran.

463
00:22:45,162 --> 00:22:46,862
There's at least
some evidence that

464
00:22:46,864 --> 00:22:50,366
the Shah was thinking about
acquisition of nuclear weapons,

465
00:22:50,368 --> 00:22:53,903
because he saw, and we were
encouraging him to see Iran

466
00:22:53,905 --> 00:22:56,205
as the so-called policemen
of the Persian Gulf.

467
00:22:56,207 --> 00:22:58,374
And the Iranians have
always viewed themselves

468
00:22:58,376 --> 00:23:01,610
as naturally the dominant
power in the Middle East.

469
00:23:02,414 --> 00:23:07,794
Why is it normal for you,
the Germans and the British,

470
00:23:08,045 --> 00:23:09,635
to have...

471
00:23:10,964 --> 00:23:14,684
atomic and hydrogen
weapons, and for Iran,

472
00:23:15,302 --> 00:23:17,302
the simple principle
of self-defense

473
00:23:17,596 --> 00:23:20,306
the defense of its
interests, a problem,

474
00:23:20,557 --> 00:23:22,557
while for others it
is totally normal?

475
00:23:24,201 --> 00:23:25,768
But the revolution,

476
00:23:25,770 --> 00:23:27,470
which overthrew the Shah in '79,

477
00:23:27,472 --> 00:23:29,271
really curtailed the program

478
00:23:29,273 --> 00:23:31,640
before it ever got any
head of steam going.

479
00:23:32,742 --> 00:23:37,313
Part of our policy against
Iran after the revolution

480
00:23:37,315 --> 00:23:39,615
was to deny them
nuclear technology.

481
00:23:39,617 --> 00:23:42,918
So most of the period
when I was involved

482
00:23:42,920 --> 00:23:44,920
in the '80s and the '90s

483
00:23:44,922 --> 00:23:47,323
was the U.S. running
around the world

484
00:23:47,325 --> 00:23:50,593
and persuading
potential nuclear suppliers

485
00:23:50,595 --> 00:23:53,996
not to provide even peaceful
nuclear technology to Iran.

486
00:23:54,231 --> 00:23:57,666
And what we missed was
the clandestine transfer

487
00:23:57,668 --> 00:24:00,569
in the mid-1980s
from Pakistan to Iran.

488
00:24:04,575 --> 00:24:05,808
Abdul Qadeer Khan

489
00:24:05,810 --> 00:24:07,143
is what we would call

490
00:24:07,145 --> 00:24:09,145
the father of the
Pakistan nuclear program.

491
00:24:10,580 --> 00:24:13,149
He had the full
authority and confidence

492
00:24:13,151 --> 00:24:15,451
of the Pakistan
government from its inception

493
00:24:15,453 --> 00:24:17,520
to the production
of nuclear weapons.

494
00:24:19,256 --> 00:24:21,590
I was a CIA officer for...

495
00:24:21,592 --> 00:24:24,260
For over two decades,
operations officer,

496
00:24:24,262 --> 00:24:26,061
worked overseas
most of my career.

497
00:24:26,630 --> 00:24:28,697
The A.Q. Khan
network is so notable

498
00:24:28,699 --> 00:24:31,700
because aside from building

499
00:24:31,702 --> 00:24:34,737
the Pakistani
program for decades...

500
00:24:35,972 --> 00:24:39,141
It also was the means
by which other countries

501
00:24:39,143 --> 00:24:41,777
were able to develop
nuclear weapons,

502
00:24:41,779 --> 00:24:43,078
including Iran.

503
00:24:43,680 --> 00:24:45,314
A.Q. Khan acting on behalf

504
00:24:45,316 --> 00:24:46,382
of the Pakistani government

505
00:24:46,384 --> 00:24:49,485
negotiated with officials in Iran

506
00:24:49,487 --> 00:24:52,521
and then there was a
transfer which took place

507
00:24:52,523 --> 00:24:53,589
through Dubai

508
00:24:53,591 --> 00:24:56,825
of blueprints for
nuclear weapons design

509
00:24:56,827 --> 00:24:58,427
as well as some hardware.

510
00:24:59,563 --> 00:25:01,564
Throughout the mid-1980s,

511
00:25:01,566 --> 00:25:04,633
the Iranian program was
not very well-resourced.

512
00:25:04,635 --> 00:25:06,468
It was more of an R&D program.

513
00:25:07,504 --> 00:25:10,706
It wasn't really until the mid-'90s

514
00:25:10,708 --> 00:25:12,975
that it started to take off
when they made the decision

515
00:25:12,977 --> 00:25:15,044
to build the nuclear
weapons program.

516
00:25:21,718 --> 00:25:23,219
You know,
we can speculate what,

517
00:25:23,221 --> 00:25:24,653
in their mind, motivated them.

518
00:25:24,655 --> 00:25:27,823
I think it was the
U.S. invasion of Iraq

519
00:25:27,825 --> 00:25:29,425
after Kuwait.

520
00:25:30,727 --> 00:25:32,194
You know, there was
an eight-year war

521
00:25:32,196 --> 00:25:33,762
between Iraq and Iran,

522
00:25:34,030 --> 00:25:37,433
we had wiped out Saddam's
forces in a matter of weeks.

523
00:25:40,338 --> 00:25:43,072
And I think that was
enough to convince the rulers

524
00:25:43,074 --> 00:25:45,241
in Tehran that they
needed to pursue

525
00:25:45,243 --> 00:25:46,809
nuclear weapons more seriously.

526
00:25:48,845 --> 00:25:51,747
States like these and
their terrorist allies

527
00:25:51,749 --> 00:25:54,583
constitute an axis of evil,

528
00:25:54,585 --> 00:25:57,353
arming to threaten
the peace of the world.

529
00:25:58,755 --> 00:26:01,390
From 2003 to 2005

530
00:26:01,392 --> 00:26:04,693
when they feared that the
U.S. would invade them,

531
00:26:04,695 --> 00:26:07,029
they accepted limits on
their nuclear program.

532
00:26:07,464 --> 00:26:11,100
But by 2006, the Iranians
had come to the conclusion

533
00:26:11,102 --> 00:26:13,969
that the U.S. was bogged
down in Afghanistan and Iraq

534
00:26:13,971 --> 00:26:17,172
and no longer had the
capacity to threaten them,

535
00:26:17,540 --> 00:26:21,277
and so they felt it was safe to
resume their enrichment program

536
00:26:22,045 --> 00:26:24,713
they started producing
low enriched uranium,

537
00:26:24,981 --> 00:26:26,982
producing more
centrifuges, installing them

538
00:26:26,984 --> 00:26:30,819
at the large-scale underground
enrichment facility at Natanz.

539
00:26:42,165 --> 00:26:47,009
For a journalist, passing through
these underground tunnels

540
00:26:47,222 --> 00:26:51,182
and visiting the beating heart of
Iran's nuclear plant is quite an event.

541
00:26:51,393 --> 00:26:57,073
The president's visit to the plant today
had made this event possible for us.

542
00:26:58,025 --> 00:27:01,217
The West tells us that we have to
negotiate with them for like ten years

543
00:27:01,250 --> 00:27:06,661
and then they will decide whether
Iran may have 20 centrifuges or not.

544
00:27:06,909 --> 00:27:08,869
Of course the Iranian
nation says no to them.

545
00:27:09,453 --> 00:27:11,203
Today, about 7,000 of
these machines

546
00:27:11,496 --> 00:27:14,956
are working under the
ground right over there.

547
00:27:35,285 --> 00:27:37,219
How many times have
you been to Natanz?

548
00:27:37,554 --> 00:27:40,956
Not that many, because I
left few years ago, the CIA,

549
00:27:40,958 --> 00:27:43,292
but I was there quite a few times.

550
00:27:46,830 --> 00:27:49,398
Natanz is just in the
middle of the desert.

551
00:27:51,334 --> 00:27:53,302
When they were
building it in secret,

552
00:27:53,536 --> 00:27:57,573
they were calling it
desert irrigation facility.

553
00:27:58,074 --> 00:27:59,641
For the local people,

554
00:27:59,643 --> 00:28:02,211
you want to sell why you
are building a big complex.

555
00:28:05,014 --> 00:28:07,716
There is a lot of
artillery and air force.

556
00:28:07,718 --> 00:28:12,121
It's better protected
against attack from air

557
00:28:12,655 --> 00:28:15,157
than any other nuclear
installation I have seen.

558
00:28:17,927 --> 00:28:20,396
So this is deeply underground.

559
00:28:25,001 --> 00:28:28,904
But then inside, Natanz is like
any other centrifuge facility.

560
00:28:28,906 --> 00:28:33,242
I have been all over the world,
from Brazil to Russia, Japan,

561
00:28:33,244 --> 00:28:37,780
so they are all alike
with their own features,

562
00:28:37,782 --> 00:28:40,182
their own centrifuges,
their own culture,

563
00:28:40,184 --> 00:28:42,785
but basically,
the process is the same.

564
00:28:43,853 --> 00:28:46,922
And so are the monitoring
activities of the IAEA.

565
00:28:46,924 --> 00:28:48,590
There are basic principles.

566
00:28:48,592 --> 00:28:51,326
You want to see what
goes in, what goes out,

567
00:28:51,594 --> 00:28:53,762
and then on top of
that you make sure that

568
00:28:53,764 --> 00:28:56,231
it produces low enriched uranium

569
00:28:56,233 --> 00:28:58,634
instead of anything to do
with the higher enrichments

570
00:28:58,636 --> 00:29:00,803
and nuclear weapon
grade uranium.

571
00:29:06,776 --> 00:29:08,143
Iran's nuclear facilities

572
00:29:08,145 --> 00:29:10,379
are under 24-hour watch

573
00:29:11,080 --> 00:29:13,415
of the United Nations
nuclear watchdog,

574
00:29:13,417 --> 00:29:16,718
the IAEA, the International
Atomic Energy Agency.

575
00:29:18,087 --> 00:29:22,291
Every single gram of
Iranian fissile material...

576
00:29:23,493 --> 00:29:24,860
Is accounted for.

577
00:29:27,664 --> 00:29:30,132
They have, like,
basically seals they put

578
00:29:30,134 --> 00:29:33,702
on fissile materials.
There are IAEA seals.

579
00:29:33,937 --> 00:29:36,238
You can't break it

580
00:29:36,240 --> 00:29:38,073
without getting noticed.

581
00:29:40,076 --> 00:29:42,311
When you look at the uranium

582
00:29:42,313 --> 00:29:46,181
which was there in Natanz,
it was a very special uranium.

583
00:29:46,349 --> 00:29:51,753
This is called Isotope 236,
and that was a puzzle to us,

584
00:29:51,755 --> 00:29:54,189
because you only see
this sort of uranium

585
00:29:54,191 --> 00:29:57,326
in states which have
had nuclear weapons.

586
00:29:59,195 --> 00:30:01,897
We realized that
they had cheated us.

587
00:30:02,599 --> 00:30:05,868
This sort of equipment
has been bought

588
00:30:05,870 --> 00:30:07,669
from what they
call a black market.

589
00:30:07,671 --> 00:30:10,906
They never pointed
out it to A.Q. Khan

590
00:30:11,341 --> 00:30:13,141
at that point of time.

591
00:30:18,014 --> 00:30:21,350
What I was surprised
was the sophistication

592
00:30:21,352 --> 00:30:23,185
and the quality control

593
00:30:23,486 --> 00:30:25,487
and the way they
have the manufacturing

594
00:30:25,489 --> 00:30:26,889
was really professional.

595
00:30:28,024 --> 00:30:30,626
It was not something,
you know, you just create

596
00:30:30,628 --> 00:30:32,160
in a few months' time.

597
00:30:32,162 --> 00:30:34,897
This was a result
of a long process.

598
00:30:42,005 --> 00:30:44,806
A centrifuge,
you feed uranium gas

599
00:30:44,808 --> 00:30:47,910
in and you have a cascade,
thousands of centrifuges,

600
00:30:47,912 --> 00:30:50,913
and from the other end you
get enriched uranium out.

601
00:30:51,648 --> 00:30:55,651
It separates uranium
based on spinning the rotors.

602
00:30:55,653 --> 00:30:59,421
It spins so fast,
300 meters per second,

603
00:30:59,423 --> 00:31:02,457
the same as the
velocity of sound.

604
00:31:03,826 --> 00:31:05,494
These are tremendous forces

605
00:31:05,496 --> 00:31:08,430
and as a result,
the rotor, it twists,

606
00:31:08,432 --> 00:31:10,599
looks like a banana
at one point of time.

607
00:31:12,001 --> 00:31:13,569
So it has to be balanced

608
00:31:13,571 --> 00:31:16,939
because any small
vibration it will blow up.

609
00:31:18,341 --> 00:31:20,275
And here comes another trouble.

610
00:31:20,577 --> 00:31:22,744
You have to raise
the temperature

611
00:31:22,746 --> 00:31:25,847
but this very thin rotor was...

612
00:31:25,849 --> 00:31:27,883
They are made from carbon fiber,

613
00:31:27,885 --> 00:31:30,519
and the other pieces,
they are made from metal.

614
00:31:31,421 --> 00:31:34,923
When you heat
carbon fiber, it shrinks.

615
00:31:36,025 --> 00:31:38,327
When you heat metal, it expands.

616
00:31:38,695 --> 00:31:41,730
So you need to balance
not only that they spin,

617
00:31:41,732 --> 00:31:44,866
they twist, but this
temperature behavior

618
00:31:44,868 --> 00:31:47,102
in such a way that
it doesn't break.

619
00:31:47,104 --> 00:31:49,304
So this has to be very precise.

620
00:31:49,806 --> 00:31:52,274
This is what makes them
very difficult to manufacture.

621
00:31:52,276 --> 00:31:54,943
You can model it,
you can calculate it,

622
00:31:54,945 --> 00:31:57,412
but at the very end,
it's actually based

623
00:31:57,414 --> 00:32:00,048
on practice and experience.

624
00:32:00,050 --> 00:32:03,352
So it's a piece of art, so to say.

625
00:32:13,831 --> 00:32:19,890
<i>Because of the strength of our nation,
our army and our revolutionary guard</i>

626
00:32:21,139 --> 00:32:26,769
<i>Our dawn became eternal
by the glow of success</i>

627
00:32:28,313 --> 00:32:32,193
<i>Morning of dreams
rises from the shores</i>

628
00:32:32,442 --> 00:32:36,362
<i>The branches of
life have sprouted</i>

629
00:32:36,697 --> 00:32:42,327
<i>May this victory be blessed</i>

630
00:32:44,293 --> 00:32:46,628
Iranians are very proud
of their centrifuges.

631
00:32:46,630 --> 00:32:49,598
They have a lot of
public relations videos

632
00:32:49,600 --> 00:32:53,335
given up always in April
when they have what they call

633
00:32:53,337 --> 00:32:54,836
a national nuclear day.

634
00:32:55,257 --> 00:32:58,547
<i>Blessed be this holy spring</i>

635
00:32:58,570 --> 00:33:02,351
<i>Blessed be the gardener</i>

636
00:33:02,639 --> 00:33:05,269
I proudly announce
that from today on,

637
00:33:05,642 --> 00:33:09,152
Iran is among the countries
that can produce nuclear fuel.

638
00:33:09,153 --> 00:33:12,521
Ahmadinejad came into
his presidency saying

639
00:33:12,523 --> 00:33:15,123
if the international
community wants to derail us

640
00:33:15,125 --> 00:33:16,792
we will stand up to it.

641
00:33:17,860 --> 00:33:20,562
If they want us to
sign more inspections

642
00:33:20,564 --> 00:33:23,832
and more additional
protocols and other measures,

643
00:33:23,834 --> 00:33:26,568
no, we will not.
We will fight for our rights.

644
00:33:27,805 --> 00:33:30,872
Iran is a signature to nuclear
non-proliferation treaty,

645
00:33:30,874 --> 00:33:34,476
and under that treaty, Iran has
a right to a nuclear program.

646
00:33:35,044 --> 00:33:38,513
We can have enrichment.
Who are you, world powers,

647
00:33:38,515 --> 00:33:40,982
to come and tell us that we
cannot have enrichment?

648
00:33:41,350 --> 00:33:43,085
This was his mantra,

649
00:33:43,820 --> 00:33:47,189
and it galvanized the public.

650
00:33:50,760 --> 00:33:53,161
By 2007, 2008,

651
00:33:53,163 --> 00:33:55,664
the U.S. government was
in a very bad place with

652
00:33:55,666 --> 00:33:56,965
the Iranian program.

653
00:33:57,934 --> 00:34:00,035
President Bush recognized

654
00:34:00,037 --> 00:34:02,671
that he could not even
come out in public

655
00:34:02,673 --> 00:34:05,173
and declare that the Iranians
were building a nuclear weapon,

656
00:34:05,175 --> 00:34:07,008
because by this time,
he had gone through

657
00:34:07,010 --> 00:34:10,312
the entire WMD fiasco in Iraq.

658
00:34:11,013 --> 00:34:13,281
He could not really
take military action.

659
00:34:13,283 --> 00:34:15,684
Condoleezza Rice said
to him at one point,

660
00:34:15,686 --> 00:34:19,087
you know, Mr. President,
I think you've invaded

661
00:34:19,089 --> 00:34:22,758
your last Muslim country,
even for the best of reasons.

662
00:34:24,594 --> 00:34:26,795
He didn't want to let the Israelis

663
00:34:26,797 --> 00:34:28,630
conduct a military operation.

664
00:34:28,965 --> 00:34:34,703
It's 1938, and Iran is
Germany and it's racing...

665
00:34:35,538 --> 00:34:38,140
to arm itself with atomic bombs.

666
00:34:38,741 --> 00:34:42,310
Iran's nuclear ambitions
must be stopped.

667
00:34:42,979 --> 00:34:47,716
They have to be stopped.
We all have to stop it, now.

668
00:34:47,718 --> 00:34:50,318
That's the one message
I have for you today.

669
00:34:50,320 --> 00:34:52,220
Thank you.

670
00:34:52,222 --> 00:34:55,090
Israel was saying they
were gonna bomb Iran.

671
00:34:55,092 --> 00:34:58,293
And the government
here in Washington

672
00:34:58,295 --> 00:35:00,662
did all sorts of scenarios
about what would happen

673
00:35:00,664 --> 00:35:03,231
if that Israeli attack occurred.

674
00:35:03,633 --> 00:35:05,801
They were all very
ugly scenarios.

675
00:35:05,803 --> 00:35:08,804
Our belief was that if
they went on their own

676
00:35:08,806 --> 00:35:10,605
knowing the limitations...

677
00:35:10,607 --> 00:35:12,507
No, they're a very
good air force, all right?

678
00:35:12,842 --> 00:35:14,910
But it's small and the
distances are great

679
00:35:14,912 --> 00:35:17,312
and the target's disbursed
and hardened, all right?

680
00:35:18,314 --> 00:35:20,882
If they would have
attempted a raid

681
00:35:21,584 --> 00:35:23,318
on a military plane,

682
00:35:23,619 --> 00:35:26,421
we would have been assuming
that they were assuming

683
00:35:26,423 --> 00:35:28,990
we would finish that
which they started.

684
00:35:28,992 --> 00:35:31,626
In other words,
there would be many of us

685
00:35:31,628 --> 00:35:33,662
in government thinking
that the purpose of the raid

686
00:35:33,664 --> 00:35:36,198
wasn't to destroy the
Iranian nuclear system,

687
00:35:36,200 --> 00:35:39,868
but the purpose of the raid
was to put us at war with Iran.

688
00:35:40,803 --> 00:35:42,838
Israel is very much
concerned about

689
00:35:42,840 --> 00:35:45,507
Iran's nuclear program,
more than the United States.

690
00:35:45,509 --> 00:35:48,276
It's only natural because
of the size of the country,

691
00:35:48,278 --> 00:35:50,679
because we live in
this neighborhood,

692
00:35:50,681 --> 00:35:54,316
America lives thousands and
thousands miles away from Iran.

693
00:35:54,318 --> 00:35:57,953
The two countries
agreed on the goal.

694
00:35:58,221 --> 00:36:00,989
There is no page between us

695
00:36:00,991 --> 00:36:06,328
that Iran should not have a
nuclear military capability.

696
00:36:06,330 --> 00:36:08,330
There are some differences

697
00:36:08,332 --> 00:36:10,699
on how to achieve it

698
00:36:10,701 --> 00:36:13,001
and when action is needed.

699
00:36:15,624 --> 00:36:21,254
The origin of corruption will be
wiped off the face of the Earth.

700
00:36:22,511 --> 00:36:24,913
We are taking very seriously

701
00:36:24,915 --> 00:36:27,649
leaders of countries who
call to the destruction

702
00:36:27,651 --> 00:36:30,285
and annihilation of our people.

703
00:36:30,486 --> 00:36:32,988
If Iran will get nuclear weapons,

704
00:36:32,990 --> 00:36:34,456
now or in the future...

705
00:36:35,424 --> 00:36:38,260
It means that for the first
time in human history

706
00:36:39,061 --> 00:36:41,763
Islamic zealots, religious zealots,

707
00:36:42,431 --> 00:36:44,766
will get their hand on

708
00:36:44,768 --> 00:36:47,736
the most dangerous,
devastating weapons,

709
00:36:47,738 --> 00:36:50,505
and the world
should prevent this.

710
00:36:52,675 --> 00:36:56,444
The Israelis believe that
the Iranian leadership

711
00:36:56,446 --> 00:36:59,381
has already made the decision
to build nuclear weapons

712
00:36:59,383 --> 00:37:01,283
when they think they
can get away with it.

713
00:37:01,684 --> 00:37:04,452
The view in the U.S.
is that the Iranians

714
00:37:04,454 --> 00:37:06,621
haven't made that
final decision yet.

715
00:37:07,590 --> 00:37:09,524
To me, that doesn't
make any difference.

716
00:37:09,526 --> 00:37:11,259
I mean, it really doesn't
make any difference,

717
00:37:11,261 --> 00:37:14,429
and it's probably unknowable,
unless you can put, you know,

718
00:37:14,431 --> 00:37:17,799
Supreme Leader Khamenei on
the couch and interview him.

719
00:37:17,801 --> 00:37:20,735
I think, you know,
from our standpoint,

720
00:37:20,737 --> 00:37:23,371
stopping Iran from getting
the threshold capacity

721
00:37:23,373 --> 00:37:26,508
is, you know,
the primary policy objective.

722
00:37:27,810 --> 00:37:29,911
Once they have
the fissile material,

723
00:37:29,913 --> 00:37:32,314
once they have the capacity
to produce nuclear weapons,

724
00:37:32,316 --> 00:37:33,682
then the game is lost.

725
00:37:39,488 --> 00:37:41,289
President Bush once
said to me, he said,

726
00:37:41,291 --> 00:37:44,392
Mike, I don't want any
president ever to be faced

727
00:37:44,394 --> 00:37:48,430
with only two options,
bombing or the bomb.

728
00:37:48,432 --> 00:37:49,664
Right?

729
00:37:49,666 --> 00:37:53,234
He wanted options
that made it...

730
00:37:53,436 --> 00:37:56,404
Made it far less likely
he or his successor

731
00:37:56,406 --> 00:37:58,940
or successors would
ever get to that point

732
00:37:58,942 --> 00:38:00,575
where that's all you've got.

733
00:38:00,910 --> 00:38:04,546
We wanted to be energetic
enough in pursuing this problem

734
00:38:04,914 --> 00:38:07,916
that the Israelis
would certainly believe,

735
00:38:07,918 --> 00:38:09,117
yeah, we get it.

736
00:38:09,119 --> 00:38:11,252
The intelligence
cooperation between Israel

737
00:38:11,254 --> 00:38:14,689
and the United States
is very, very good.

738
00:38:15,458 --> 00:38:17,759
And therefore, the Israelis
went to the Americans

739
00:38:17,761 --> 00:38:21,363
and said, okay, guys,
you don't want us to bomb Iran.

740
00:38:21,365 --> 00:38:24,532
Okay, let's do it differently.

741
00:38:25,034 --> 00:38:28,603
And then the American
intelligence community started

742
00:38:28,605 --> 00:38:30,305
rolling in joint forces

743
00:38:30,307 --> 00:38:32,273
with the Israeli
intelligence community.

744
00:38:32,942 --> 00:38:36,945
One day a group of intelligence
and military officials showed up

745
00:38:37,646 --> 00:38:39,581
in President Bush's office

746
00:38:40,182 --> 00:38:41,716
and said, sir, we have an idea.

747
00:38:42,852 --> 00:38:44,185
It's a big risk.

748
00:38:44,720 --> 00:38:46,521
It might not work, but here it is.

749
00:38:54,063 --> 00:38:57,699
Moving forward in my
analysis of the codes,

750
00:38:57,701 --> 00:39:01,736
I took a closer look
at the photographs

751
00:39:01,738 --> 00:39:03,571
that had been published

752
00:39:03,573 --> 00:39:08,343
by the Iranians themselves
in a press tour from 2008

753
00:39:08,345 --> 00:39:11,479
of Ahmadinejad and
the shiny centrifuges.

754
00:39:13,883 --> 00:39:15,750
Well, photographs
of Ahmadinejad

755
00:39:15,752 --> 00:39:18,553
going through the
centrifuges at Natanz

756
00:39:18,555 --> 00:39:21,990
had provided some
very important clues.

757
00:39:22,691 --> 00:39:24,893
There was a huge
amount to be learned.

758
00:39:33,202 --> 00:39:36,004
First of all, those
photographs showed

759
00:39:36,006 --> 00:39:39,340
many of the individuals who
were guiding Ahmadinejad

760
00:39:39,342 --> 00:39:40,508
through the program.

761
00:39:40,510 --> 00:39:43,111
And there's one very
famous photograph that shows

762
00:39:43,113 --> 00:39:45,113
Ahmadinejad being
shown something.

763
00:39:45,115 --> 00:39:47,682
You see his face, you can't
see what's on the computer.

764
00:39:47,684 --> 00:39:51,119
And one of the scientists
who was behind him

765
00:39:51,121 --> 00:39:53,521
was assassinated
a few months later.

766
00:39:57,893 --> 00:39:59,627
In one of those photographs,

767
00:39:59,895 --> 00:40:03,231
you could see parts
of a computer screen.

768
00:40:03,233 --> 00:40:05,800
We refer to that
as a SCADA screen.

769
00:40:05,802 --> 00:40:08,770
The SCADA system is
basically a piece of software

770
00:40:08,772 --> 00:40:10,371
running on a computer.

771
00:40:10,373 --> 00:40:13,975
It enables the operators
to monitor the processes.

772
00:40:14,977 --> 00:40:19,114
What you could see when
you look close enough

773
00:40:19,648 --> 00:40:23,985
was a more detailed
view of the configuration

774
00:40:24,787 --> 00:40:28,089
there were these six
groups of centrifuges

775
00:40:28,091 --> 00:40:31,526
and each group had 164 entries.

776
00:40:32,094 --> 00:40:33,661
And guess what?

777
00:40:33,963 --> 00:40:36,297
That was a perfect
match to what we saw

778
00:40:36,299 --> 00:40:37,665
in the attack code.

779
00:40:39,001 --> 00:40:42,403
It was absolutely clear
that this piece of code

780
00:40:42,405 --> 00:40:45,974
was attacking an array
of six different groups

781
00:40:45,976 --> 00:40:49,811
of, let's just say,
thingies, physical objects,

782
00:40:49,813 --> 00:40:55,717
and in those six groups,
there were 164 elements.

783
00:40:59,421 --> 00:41:01,756
Were you able to do any
actual physical tests?

784
00:41:01,758 --> 00:41:03,992
Or it was all just code analysis?

785
00:41:03,994 --> 00:41:05,927
Yeah, so, you know, we obviously

786
00:41:05,929 --> 00:41:08,997
couldn't set up our own sort
of nuclear enrichment facility.

787
00:41:09,165 --> 00:41:11,466
So... but what we did was
we did obtain some PLCs,

788
00:41:11,468 --> 00:41:12,700
the exact models.

789
00:41:19,875 --> 00:41:22,277
We then ordered an air pump,
and that's what we used

790
00:41:22,279 --> 00:41:23,945
sort of as our sort
of proof of concept.

791
00:41:24,780 --> 00:41:26,514
We needed a
visual demonstration

792
00:41:26,516 --> 00:41:28,716
to show people
what we discovered.

793
00:41:29,018 --> 00:41:31,052
So we thought of different
things that we could do,

794
00:41:31,054 --> 00:41:33,188
and we settled on
blowing up a balloon.

795
00:41:37,526 --> 00:41:39,494
We were able to write a program
that would inflate a balloon,

796
00:41:39,496 --> 00:41:42,397
and it was set to stop
after five seconds.

797
00:41:52,374 --> 00:41:54,142
So it would inflate the
balloon to a certain size

798
00:41:54,144 --> 00:41:55,643
but it wouldn't burst the balloon

799
00:41:55,645 --> 00:41:57,078
and it was all safe.

800
00:41:57,080 --> 00:41:59,180
And we showed
everybody, this is the code

801
00:41:59,182 --> 00:42:00,415
that's on the PLC.

802
00:42:00,849 --> 00:42:02,817
And the timer says,
stop after five seconds.

803
00:42:03,052 --> 00:42:04,612
We know that's
what's going to happen.

804
00:42:05,187 --> 00:42:07,455
And then we would infect
the computer with STUXnet,

805
00:42:07,990 --> 00:42:10,258
and we would run the test again.

806
00:42:41,457 --> 00:42:43,057
Here is a piece of software

807
00:42:43,059 --> 00:42:46,027
that should only
exist in a cyber realm

808
00:42:46,029 --> 00:42:49,130
and it is able to affect
physical equipment

809
00:42:49,132 --> 00:42:52,867
in a plant or factory and
cause physical damage.

810
00:42:52,869 --> 00:42:54,936
Real-world physical destruction.

811
00:42:59,441 --> 00:43:02,110
At that time, things
became very scary to us.

812
00:43:02,112 --> 00:43:04,612
Here you had malware
potentially killing people

813
00:43:04,614 --> 00:43:06,914
and that was something that was
always Hollywood-esque to us

814
00:43:06,916 --> 00:43:08,082
that we'd always laugh at

815
00:43:08,084 --> 00:43:10,118
when people made
that kind of assertion.

816
00:43:15,724 --> 00:43:18,226
At this point, you had to
have started developing

817
00:43:18,228 --> 00:43:20,995
theories as to who
had built STUXnet.

818
00:43:21,930 --> 00:43:23,498
It wasn't lost on us that

819
00:43:23,500 --> 00:43:26,734
there were probably
only a few countries

820
00:43:26,736 --> 00:43:29,070
in the world that would want

821
00:43:29,072 --> 00:43:31,939
and have the
motivation to sabotage

822
00:43:31,941 --> 00:43:34,075
Iran's nuclear enrichment facility.

823
00:43:34,077 --> 00:43:35,977
The U.S. government
would be up there.

824
00:43:35,979 --> 00:43:38,146
Israeli government certainly
would be up there.

825
00:43:38,148 --> 00:43:40,248
You know, maybe U.K.,
France, Germany,

826
00:43:40,250 --> 00:43:41,683
those sorts of countries,

827
00:43:41,685 --> 00:43:43,985
but we never found
any information that

828
00:43:43,987 --> 00:43:47,021
would tie it back 100
percent to those countries.

829
00:43:47,023 --> 00:43:48,956
There are no telltale signs.

830
00:43:48,958 --> 00:43:51,526
You know, the attackers
don't leave a message inside

831
00:43:51,528 --> 00:43:53,695
saying, you know, it was me.

832
00:43:54,596 --> 00:43:57,865
And even if they did,
all of that stuff can be faked.

833
00:43:58,200 --> 00:44:00,868
So it's very, very
difficult to do attribution

834
00:44:00,870 --> 00:44:02,603
when looking at computer code.

835
00:44:03,472 --> 00:44:05,006
Subsequent work
that's been done

836
00:44:05,008 --> 00:44:07,442
leads us to believe that
this was the work of

837
00:44:07,444 --> 00:44:08,976
a collaboration between
Israel and the United States.

838
00:44:08,978 --> 00:44:10,044
Yeah, yeah.

839
00:44:10,046 --> 00:44:11,179
Did you have any evidence

840
00:44:11,181 --> 00:44:12,447
in terms of your analysis

841
00:44:12,449 --> 00:44:14,449
that would lead
you to believe that

842
00:44:14,451 --> 00:44:15,783
that's correct also?

843
00:44:15,785 --> 00:44:17,885
Nothing that I could
talk about on camera.

844
00:44:19,388 --> 00:44:22,190
Well, can I ask why?

845
00:44:22,192 --> 00:44:24,025
No.

846
00:44:24,027 --> 00:44:25,727
Well, you can, but I won't answer.

847
00:44:28,164 --> 00:44:30,465
But even in the
case of nation-states,

848
00:44:30,467 --> 00:44:31,966
I mean, one of the concerns is...

849
00:44:31,968 --> 00:44:34,102
This was beginning
to really piss me off.

850
00:44:34,536 --> 00:44:37,872
Even civilians with an interest
in telling the STUXnet story

851
00:44:37,874 --> 00:44:40,808
were refusing to address
the role of Tel Aviv

852
00:44:40,810 --> 00:44:44,045
and Washington.
But luckily for me,

853
00:44:44,313 --> 00:44:46,147
while D.C. is a city of secrets,

854
00:44:46,482 --> 00:44:48,249
it is also a city of leaks.

855
00:44:48,717 --> 00:44:50,418
They're as regular as a heartbeat

856
00:44:50,420 --> 00:44:52,153
and just as hard to stop.

857
00:44:53,155 --> 00:44:54,722
That's what I was counting on.

858
00:44:59,896 --> 00:45:03,431
Finally, after speaking to a
number of people on background,

859
00:45:03,433 --> 00:45:06,033
I did find a way of
confirming, on the record,

860
00:45:06,035 --> 00:45:07,902
the American role in STUXnet.

861
00:45:08,871 --> 00:45:11,005
In exchange for
details of the operation,

862
00:45:11,007 --> 00:45:13,074
I had to agree to find a way

863
00:45:13,076 --> 00:45:15,376
to disguise the source
of the information.

864
00:45:15,378 --> 00:45:17,145
- We're good?
- We're on.

865
00:45:18,714 --> 00:45:20,381
So the first question
I have to ask you

866
00:45:20,383 --> 00:45:21,783
is about secrecy.

867
00:45:22,284 --> 00:45:25,353
I mean, at this point,
everyone knows about STUXnet.

868
00:45:25,355 --> 00:45:27,021
Why can't we talk about it?

869
00:45:27,523 --> 00:45:28,890
It's a covert operation.

870
00:45:28,892 --> 00:45:30,691
Not anymore.

871
00:45:30,693 --> 00:45:32,994
I mean, we know what
happened, we know who did it.

872
00:45:33,228 --> 00:45:35,930
Well, maybe you don't know
as much as you think you know.

873
00:45:36,732 --> 00:45:39,300
Well, I'm talking to
you because I want to

874
00:45:39,302 --> 00:45:40,701
get the story right.

875
00:45:40,703 --> 00:45:42,663
Well, that's the same
reason I'm talking to you.

876
00:45:44,907 --> 00:45:46,707
Even though it's a
covert operation?

877
00:45:47,743 --> 00:45:51,579
Look, this is not a
Snowden kind of thing, okay?

878
00:45:51,581 --> 00:45:52,914
I think what he did was wrong.

879
00:45:52,916 --> 00:45:56,050
He went too far.
He gave away too much.

880
00:45:56,552 --> 00:45:58,553
Unlike Snowden,
who was a contractor,

881
00:45:58,555 --> 00:46:00,321
I was in NSA.

882
00:46:00,956 --> 00:46:03,157
I believe in the agency,
so what I'm willing to give you

883
00:46:03,159 --> 00:46:04,792
will be limited, but we're talking

884
00:46:04,794 --> 00:46:06,627
because everyone's
getting the story wrong

885
00:46:06,629 --> 00:46:08,229
and we have to get it right.

886
00:46:08,231 --> 00:46:09,997
We have to understand
these new weapons.

887
00:46:09,999 --> 00:46:11,265
The stakes are too high.

888
00:46:11,267 --> 00:46:12,567
What do you mean?

889
00:46:14,670 --> 00:46:16,637
We did STUXnet.

890
00:46:17,840 --> 00:46:19,006
It's a fact.

891
00:46:19,008 --> 00:46:22,743
You know, we came so
fucking close to disaster,

892
00:46:22,745 --> 00:46:24,412
and we're still on the edge.

893
00:46:25,948 --> 00:46:31,018
It was a huge multinational,
interagency operation.

894
00:46:32,287 --> 00:46:34,989
In the U.S. it was CIA,

895
00:46:35,457 --> 00:46:38,926
NSA, and the military
Cyber Command.

896
00:46:39,428 --> 00:46:43,097
From Britain, we used
Iran intel out of GCHQ,

897
00:46:43,699 --> 00:46:45,533
but the main partner was Israel.

898
00:46:45,535 --> 00:46:47,034
Over there, Mossad ran the show,

899
00:46:47,036 --> 00:46:49,770
and the technical work
was done by Unit 8200.

900
00:46:50,706 --> 00:46:53,708
Israel is really the
key to the story.

901
00:46:58,146 --> 00:47:01,215
Oh, traffic in Israel
is so unpredictable.

902
00:47:03,318 --> 00:47:06,387
Yossi, how did you get into
this whole STUXnet story?

903
00:47:07,556 --> 00:47:10,558
I have been covering
the Israeli intelligence

904
00:47:10,560 --> 00:47:12,860
in general, in the
Mossad in particular

905
00:47:12,862 --> 00:47:16,264
for nearly 30 years.

906
00:47:16,665 --> 00:47:19,734
In '82, I was a
London-based correspondent

907
00:47:19,736 --> 00:47:23,170
and I covered a trial of terrorists,

908
00:47:23,172 --> 00:47:27,475
and I became more familiar
with this topic of terrorism,

909
00:47:27,477 --> 00:47:31,646
and slowly but surely,
I started covering it as a beat.

910
00:47:34,516 --> 00:47:37,552
Israel, we live in a very
rough neighborhood

911
00:47:37,554 --> 00:47:39,921
where the Democratic values,

912
00:47:39,923 --> 00:47:43,224
western values, are very rare.

913
00:47:43,659 --> 00:47:47,562
But Israel pretends to
be a free, Democratic,

914
00:47:47,564 --> 00:47:49,630
westernized society,

915
00:47:50,098 --> 00:47:53,401
posh neighborhoods, rich people,

916
00:47:53,569 --> 00:47:56,571
youngsters who are having

917
00:47:56,573 --> 00:47:59,607
almost similar mind-set
to their American

918
00:47:59,609 --> 00:48:01,842
or western
European counterparts.

919
00:48:01,844 --> 00:48:04,579
On the other hand,
you see a lot of scenes

920
00:48:04,581 --> 00:48:08,783
and events which resemble
the real Middle East,

921
00:48:08,785 --> 00:48:14,555
terror attacks, radicals,
fanatics, religious zealots.

922
00:48:18,928 --> 00:48:22,029
I knew that Israel is
trying to slow down

923
00:48:22,031 --> 00:48:23,698
Iran's nuclear program,

924
00:48:23,700 --> 00:48:26,467
and therefore,
I came to the conclusion that

925
00:48:26,469 --> 00:48:29,637
if there was a virus
infecting Iran's computers,

926
00:48:29,639 --> 00:48:35,443
it's one more element
in this larger picture

927
00:48:36,144 --> 00:48:38,579
based on past precedents.

928
00:48:43,152 --> 00:48:46,821
1981 I was an F-16 pilot,

929
00:48:47,255 --> 00:48:50,758
and we were told that,
unlike our dream

930
00:48:50,760 --> 00:48:54,195
to do dogfights and to kill MIGs,

931
00:48:54,763 --> 00:48:58,399
we have to be prepared
for a long-range mission

932
00:48:59,067 --> 00:49:01,702
to destroy a valuable target.

933
00:49:02,471 --> 00:49:04,171
Nobody told us what is

934
00:49:04,173 --> 00:49:06,574
this very valuable
strategic target.

935
00:49:07,576 --> 00:49:10,745
It was 600 miles from Israel.

936
00:49:12,114 --> 00:49:15,583
So we train our self to do the job,

937
00:49:15,585 --> 00:49:19,420
which was very difficult.
No air refueling at that time.

938
00:49:19,821 --> 00:49:21,889
No satellites for reconnaissance.

939
00:49:23,825 --> 00:49:26,227
Fuel was on the limit.

940
00:49:26,795 --> 00:49:29,096
What? Whoa! Whoa!

941
00:49:32,034 --> 00:49:33,434
At the end of the day,

942
00:49:34,169 --> 00:49:35,903
we accomplished the mission.

943
00:49:36,371 --> 00:49:37,672
Which was?

944
00:49:38,140 --> 00:49:41,042
To destroy the
Iraqi nuclear reactor

945
00:49:41,044 --> 00:49:44,879
near Baghdad,
which was called Osirak.

946
00:49:45,113 --> 00:49:51,152
And Iraq never was
able to accomplish

947
00:49:51,154 --> 00:49:53,721
its ambition to have
a nuclear bomb.

948
00:49:55,724 --> 00:49:58,325
Amos Yadlin, General Yadlin,

949
00:49:58,327 --> 00:50:01,128
he was the head of the
military intelligence.

950
00:50:01,530 --> 00:50:04,999
The biggest unit
within that organization

951
00:50:05,001 --> 00:50:06,801
was Unit 8200.

952
00:50:07,502 --> 00:50:09,904
They'd block telephones,
they'd block faxes,

953
00:50:09,906 --> 00:50:12,073
they're breaking into computers.

954
00:50:14,409 --> 00:50:16,711
A decade ago,
when Yadlin became

955
00:50:16,713 --> 00:50:18,646
the chief of military intelligence,

956
00:50:19,147 --> 00:50:23,651
there was no cyber
warfare unit in 8200.

957
00:50:26,588 --> 00:50:30,357
So they started recruiting
very talented people,

958
00:50:30,359 --> 00:50:32,927
hackers either from the military

959
00:50:32,929 --> 00:50:35,496
or outside the military
that can contribute

960
00:50:35,498 --> 00:50:38,666
to the project of building
a cyber warfare unit.

961
00:50:41,403 --> 00:50:45,906
In the 19th century,
there were only Army and Navy.

962
00:50:45,908 --> 00:50:49,710
In the 20th century,
we got air power

963
00:50:49,712 --> 00:50:51,445
as a third dimension of war.

964
00:50:52,080 --> 00:50:54,048
In the 21st century,

965
00:50:54,050 --> 00:50:57,585
cyber will be the
fourth dimension of war.

966
00:50:58,553 --> 00:51:00,087
It's another kind of weapon

967
00:51:00,089 --> 00:51:04,692
and it is for unlimited
range in a very high speed

968
00:51:05,093 --> 00:51:07,228
and in a very low signature.

969
00:51:07,230 --> 00:51:09,764
So this give you a
huge opportunity...

970
00:51:10,866 --> 00:51:14,135
And the superpowers
have to change

971
00:51:14,137 --> 00:51:16,203
the way we think about warfare.

972
00:51:18,441 --> 00:51:20,474
Finally we are
transforming our military

973
00:51:20,476 --> 00:51:23,144
for a new kind of war
that we're fighting now...

974
00:51:24,613 --> 00:51:26,046
And for wars of tomorrow.

975
00:51:27,382 --> 00:51:29,483
We have made our
military better trained,

976
00:51:29,485 --> 00:51:32,386
better equipped,
and better prepared

977
00:51:32,388 --> 00:51:35,156
to meet the threats
facing America today

978
00:51:35,158 --> 00:51:37,391
and tomorrow and
long in the future.

979
00:51:41,163 --> 00:51:43,798
Back in the end of the
Bush Administration,

980
00:51:43,800 --> 00:51:45,733
people within the
U.S. government

981
00:51:45,735 --> 00:51:48,936
were just beginning to
convince President Bush

982
00:51:48,938 --> 00:51:51,839
to pour money into
offensive cyber weapons.

983
00:51:52,808 --> 00:51:55,843
STUXnet started off in
the defense department.

984
00:51:56,511 --> 00:51:58,813
Then Robert Gates,
Secretary of Defense,

985
00:51:59,281 --> 00:52:01,448
reviewed this
program and he said,

986
00:52:01,450 --> 00:52:03,651
this program shouldn't be
in the defense department.

987
00:52:03,653 --> 00:52:06,153
This should really be
under the covert authorities

988
00:52:06,155 --> 00:52:07,988
over in the intelligence world.

989
00:52:08,957 --> 00:52:12,092
So the CIA was
very deeply involved

990
00:52:12,094 --> 00:52:13,561
in this operation,

991
00:52:13,862 --> 00:52:16,497
while much of the
coding work was done

992
00:52:16,499 --> 00:52:18,899
by The National Security Agency

993
00:52:19,100 --> 00:52:22,169
and Unit 8200,
its Israeli equivalent,

994
00:52:22,171 --> 00:52:26,006
working together with a
newly created military position

995
00:52:26,008 --> 00:52:28,342
called U.S. Cyber Command.

996
00:52:29,144 --> 00:52:33,347
And interestingly, the director
of The National Security Agency

997
00:52:33,349 --> 00:52:35,950
would also have a second role

998
00:52:35,952 --> 00:52:39,687
as the commander of
U.S. Cyber Command.

999
00:52:40,155 --> 00:52:43,824
And U.S. Cyber
Command is located

1000
00:52:43,826 --> 00:52:47,695
at Fort Meade in the
same building as the NSA.

1001
00:52:51,900 --> 00:52:53,934
I was deployed for a year

1002
00:52:54,202 --> 00:52:57,371
giving advice on air operations
in Iraq and Afghanistan,

1003
00:52:57,373 --> 00:53:00,207
and when I was
returning home after that,

1004
00:53:00,209 --> 00:53:02,209
the assignment I
was given was to go

1005
00:53:02,211 --> 00:53:03,644
to U.S. Cyber Command.

1006
00:53:04,813 --> 00:53:06,380
Cyber Command is a...

1007
00:53:06,681 --> 00:53:10,050
Is the military command
that's responsible for

1008
00:53:10,052 --> 00:53:13,087
essentially the conducting of
the nation's military affairs

1009
00:53:13,089 --> 00:53:14,488
in cyberspace.

1010
00:53:14,990 --> 00:53:17,391
The stated reason
the United States

1011
00:53:17,393 --> 00:53:19,560
decided it needed
a Cyber Command

1012
00:53:19,562 --> 00:53:22,763
was because of an event called
Operation Buckshot Yankee.

1013
00:53:23,231 --> 00:53:24,832
In the fall of 2008,

1014
00:53:24,834 --> 00:53:27,668
we found some
adversaries inside

1015
00:53:27,670 --> 00:53:29,270
of our classified networks.

1016
00:53:30,205 --> 00:53:31,772
While it wasn't completely true

1017
00:53:31,774 --> 00:53:34,375
that we always assumed
that we were successful

1018
00:53:34,377 --> 00:53:36,110
at defending things at the barrier,

1019
00:53:36,112 --> 00:53:38,279
at the... at the kind of
perimeter that we might have

1020
00:53:38,281 --> 00:53:40,281
between our networks
and the outside world,

1021
00:53:40,283 --> 00:53:42,349
there was a large confidence

1022
00:53:42,351 --> 00:53:44,518
that we'd been
mostly successful.

1023
00:53:44,853 --> 00:53:46,420
But that was a moment
in time when we came to

1024
00:53:46,422 --> 00:53:49,990
the quick conclusion that it...
it's not really ever secure.

1025
00:53:50,859 --> 00:53:53,560
That then accelerated The
Department of Defense's

1026
00:53:53,562 --> 00:53:55,129
progress towards what ultimately

1027
00:53:55,131 --> 00:53:56,263
became Cyber Command.

1028
00:53:59,567 --> 00:54:00,768
Good morning.

1029
00:54:02,070 --> 00:54:03,270
Good morning.

1030
00:54:03,438 --> 00:54:05,518
Good morning, sir.
Cyber has one item for you today.

1031
00:54:05,974 --> 00:54:07,641
Earlier this week, Antok analysts

1032
00:54:07,643 --> 00:54:09,977
detected a foreign adversary
using known methods

1033
00:54:09,979 --> 00:54:11,812
to access the U.S.
military network.

1034
00:54:12,280 --> 00:54:13,881
We identified the
malicious activity

1035
00:54:13,883 --> 00:54:15,816
via data collected through
our information assurance

1036
00:54:15,818 --> 00:54:17,318
and signals from
intelligence authorities

1037
00:54:17,320 --> 00:54:19,486
and confirmed it was
a cyber adversary.

1038
00:54:19,488 --> 00:54:22,156
We provided data to our cyber
partners within the DOD...

1039
00:54:22,158 --> 00:54:24,425
You think of NSA as an institution

1040
00:54:24,427 --> 00:54:27,294
that essentially uses its
abilities in cyberspace

1041
00:54:27,662 --> 00:54:30,064
to help defend
communications in that space.

1042
00:54:30,398 --> 00:54:32,333
Cyber Command
extends that capability

1043
00:54:32,335 --> 00:54:35,703
by saying that they will then
take responsibility to attack.

1044
00:54:37,172 --> 00:54:40,174
NSA has no legal
authority to attack.

1045
00:54:40,176 --> 00:54:42,409
It's never had it,
I doubt that it ever will.

1046
00:54:42,911 --> 00:54:44,979
It might explain why
U.S. Cyber Command

1047
00:54:44,981 --> 00:54:46,680
is sitting out at
Fort Meade on top of

1048
00:54:46,682 --> 00:54:48,415
The National Security Agency,

1049
00:54:48,417 --> 00:54:51,185
because NSA has the
abilities to do these things.

1050
00:54:51,486 --> 00:54:54,288
Cyber Command has the
authority to do these things.

1051
00:54:54,290 --> 00:54:57,524
And "these things" here
refer to the cyber-attack.

1052
00:54:57,526 --> 00:54:59,560
This is a huge change

1053
00:55:00,195 --> 00:55:03,864
for the nature of the
intelligence agencies.

1054
00:55:04,299 --> 00:55:07,101
The NSA was supposed
to be a code-making

1055
00:55:07,103 --> 00:55:09,470
and code-breaking operation

1056
00:55:09,472 --> 00:55:13,640
to monitor the communications
of foreign powers

1057
00:55:13,642 --> 00:55:15,042
and American adversaries

1058
00:55:15,044 --> 00:55:17,378
in the defense of
the United States.

1059
00:55:17,879 --> 00:55:21,382
But creating a Cyber
Command meant using

1060
00:55:21,384 --> 00:55:24,418
the same technology
to do offense.

1061
00:55:26,554 --> 00:55:30,557
Once you get inside an
adversary's computer networks,

1062
00:55:30,559 --> 00:55:33,394
you put an implant
in that network.

1063
00:55:33,628 --> 00:55:36,230
And we have tens of
thousands of foreign computers

1064
00:55:36,232 --> 00:55:38,966
and networks that the
United States put implants in.

1065
00:55:39,734 --> 00:55:42,736
You can use it to monitor
what's going across

1066
00:55:42,738 --> 00:55:44,738
that network and you can use it

1067
00:55:44,740 --> 00:55:47,975
to insert cyber
weapons, malware.

1068
00:55:49,077 --> 00:55:52,279
If you can spy on a network,
you can manipulate it.

1069
00:55:52,981 --> 00:55:54,715
It's already included.

1070
00:55:54,916 --> 00:55:57,251
The only thing you
need is an act of will.

1071
00:56:01,257 --> 00:56:03,057
I played a role in Iraq.

1072
00:56:03,059 --> 00:56:05,426
I can't tell you whether
it was military or not,

1073
00:56:05,428 --> 00:56:07,027
but I can tell you

1074
00:56:07,029 --> 00:56:09,363
NSA had combat
support teams in country.

1075
00:56:10,900 --> 00:56:13,567
And for the first time,
units in the field

1076
00:56:13,569 --> 00:56:15,969
had direct access to NSA intel.

1077
00:56:18,541 --> 00:56:20,407
Over time, we thought
more about offense

1078
00:56:20,409 --> 00:56:21,875
than defense, you know,

1079
00:56:21,877 --> 00:56:23,610
more about attacking
than intelligence.

1080
00:56:24,913 --> 00:56:27,948
In the old days, sigint units
would try to track radios,

1081
00:56:27,950 --> 00:56:30,217
but through NSA in Iraq,

1082
00:56:30,219 --> 00:56:32,252
we had access to
all the networks

1083
00:56:32,254 --> 00:56:33,787
going in and out of the country.

1084
00:56:33,789 --> 00:56:35,856
And we hoovered up
every text message,

1085
00:56:35,858 --> 00:56:37,357
email, and phone call.

1086
00:56:37,892 --> 00:56:40,294
A complete surveillance state.

1087
00:56:41,196 --> 00:56:45,265
We could find the bad guys,
say, a gang making IEDs,

1088
00:56:45,267 --> 00:56:48,802
map their networks,
and follow them in real time.

1089
00:56:48,804 --> 00:56:50,104
Roger.

1090
00:56:50,106 --> 00:56:51,905
And we could lock
into cell phones

1091
00:56:51,907 --> 00:56:53,974
even when they were
off and send a fake text

1092
00:56:53,976 --> 00:56:56,410
from a friend,
suggest a meeting place,

1093
00:56:56,412 --> 00:56:58,278
and then capture...

1094
00:56:58,280 --> 00:56:59,646
1A, clear to fire.

1095
00:57:00,115 --> 00:57:01,415
...or kill.

1096
00:57:01,417 --> 00:57:02,516
Good shot.

1097
00:57:05,553 --> 00:57:07,821
A lot of the people that
came to Cyber Command,

1098
00:57:07,823 --> 00:57:09,656
the military guys,
came directly from

1099
00:57:09,658 --> 00:57:11,658
an assignment in
Afghanistan or Iraq,

1100
00:57:11,660 --> 00:57:14,228
'cause those are the
people with experience

1101
00:57:14,230 --> 00:57:16,163
and expertise in operations,

1102
00:57:16,165 --> 00:57:18,098
and those are the ones
you want looking at this

1103
00:57:18,100 --> 00:57:20,134
to see how cyber could facilitate

1104
00:57:20,136 --> 00:57:22,369
traditional military operations.

1105
00:57:34,082 --> 00:57:35,916
Fresh from the surge,

1106
00:57:35,918 --> 00:57:40,420
I went to work at NSA in
'07 in a supervisory capacity.

1107
00:57:40,422 --> 00:57:42,589
Exactly where did you work?

1108
00:57:42,591 --> 00:57:43,924
Fort Meade.

1109
00:57:43,926 --> 00:57:45,659
You know, I commuted
to that massive complex

1110
00:57:45,661 --> 00:57:47,094
every single day.

1111
00:57:48,429 --> 00:57:52,733
I was in TAO-S321, "The Roc".

1112
00:57:53,301 --> 00:57:55,369
Okay, the TAO, The Roc?

1113
00:57:55,537 --> 00:57:58,772
Right, sorry.
TAO is tailored access operations.

1114
00:57:58,774 --> 00:58:00,807
It's where NSA's hackers work.

1115
00:58:00,809 --> 00:58:02,576
Of course,
we didn't call them that.

1116
00:58:02,844 --> 00:58:04,178
What did you call them?

1117
00:58:04,345 --> 00:58:05,712
On net operators.

1118
00:58:06,014 --> 00:58:08,549
They're the only people
at NSA allowed to break in

1119
00:58:08,551 --> 00:58:10,050
or attack on the Internet.

1120
00:58:11,052 --> 00:58:13,153
Inside TAO
headquarters is The Roc,

1121
00:58:13,155 --> 00:58:14,755
remote operations center.

1122
00:58:15,557 --> 00:58:18,759
If the U.S. government
wants to get in somewhere,

1123
00:58:19,827 --> 00:58:21,228
it goes to The Roc.

1124
00:58:21,396 --> 00:58:24,264
I mean, we were
flooded with requests.

1125
00:58:24,999 --> 00:58:27,534
So many that we could
only do about,

1126
00:58:27,536 --> 00:58:30,704
30% of the missions that were
requested of us at one time,

1127
00:58:30,706 --> 00:58:32,339
through the web

1128
00:58:32,341 --> 00:58:35,209
but also by hijacking
shipments of parts.

1129
00:58:36,077 --> 00:58:38,078
You know, sometimes
the CIA would assist

1130
00:58:38,080 --> 00:58:40,714
inputting implants in machines,

1131
00:58:41,916 --> 00:58:44,651
so once inside a target network,

1132
00:58:45,520 --> 00:58:46,787
we could just...

1133
00:58:47,755 --> 00:58:48,956
Watch...

1134
00:58:50,692 --> 00:58:52,259
Or we could attack.

1135
00:58:56,064 --> 00:58:59,600
Inside NSA was a
strange kind of culture,

1136
00:58:59,602 --> 00:59:02,002
like, two parts macho military

1137
00:59:02,004 --> 00:59:06,106
and two parts cyber geek.
I mean, I came from Iraq,

1138
00:59:06,108 --> 00:59:08,008
so I was used to,
"Yes, sir. No, sir."

1139
00:59:08,010 --> 00:59:10,110
But for the weapons
programmers

1140
00:59:10,112 --> 00:59:12,679
we needed more "think
outside the box" types.

1141
00:59:13,514 --> 00:59:15,249
From cubicle to cubicle,

1142
00:59:15,251 --> 00:59:18,518
you'd see lightsabers, Tribbles,

1143
00:59:18,520 --> 00:59:20,687
those Naruto action figures,

1144
00:59:20,689 --> 00:59:22,990
lots of Aqua Teen Hunger Force.

1145
00:59:25,727 --> 00:59:29,329
This one guy,
they were mostly guys,

1146
00:59:30,298 --> 00:59:32,432
who liked to wear a
yellow hooded cape,

1147
00:59:32,900 --> 00:59:36,503
he used a ton of gray Legos
to build a massive Death Star.

1148
00:59:39,540 --> 00:59:41,708
Were they all
working on STUXnet?

1149
00:59:42,277 --> 00:59:44,311
We never called it STUXnet.

1150
00:59:44,313 --> 00:59:47,080
That was the name
invented by the antivirus guys.

1151
00:59:47,082 --> 00:59:49,082
When it hit the papers,

1152
00:59:49,084 --> 00:59:51,084
we're not allowed to read
about classified operations,

1153
00:59:51,086 --> 00:59:52,586
even if it's in The
New York Times.

1154
00:59:52,588 --> 00:59:54,288
We went out of our
way to avoid the term.

1155
00:59:54,290 --> 00:59:56,223
I mean, saying
"STUXnet" out loud

1156
00:59:56,225 --> 00:59:58,392
was like saying
"Voldemort" in Harry Potter.

1157
00:59:58,394 --> 01:00:00,027
The name that
shall not be spoken.

1158
01:00:00,328 --> 01:00:01,828
What did you call it then?

1159
01:00:10,305 --> 01:00:13,840
The Natanz attack,
and this is out there already,

1160
01:00:14,742 --> 01:00:18,712
was called Olympic
Games or OG.

1161
01:00:22,250 --> 01:00:24,685
There was a huge
operation to test the code

1162
01:00:24,687 --> 01:00:27,054
on PLCs here are Fort Meade

1163
01:00:27,622 --> 01:00:30,057
and in Sandia, New Mexico.

1164
01:00:31,826 --> 01:00:33,260
Remember during the Bush era

1165
01:00:33,262 --> 01:00:35,696
when Libya turned
over all the centrifuges?

1166
01:00:36,130 --> 01:00:38,298
Those were the same
models the Iranians got

1167
01:00:38,300 --> 01:00:40,600
from A.Q. Khan. P1s.

1168
01:00:42,003 --> 01:00:44,471
We took them to Oak
Ridge and used them

1169
01:00:44,473 --> 01:00:48,008
to test the code which
demolished the insides.

1170
01:00:49,043 --> 01:00:52,913
At Dimona, the Israelis
also tested on the P1s.

1171
01:00:54,349 --> 01:00:56,950
Then, partly by
using our intel on Iran,

1172
01:00:56,952 --> 01:01:00,187
we got the plans for the
newer models, the IR-2s.

1173
01:01:01,055 --> 01:01:03,290
We tried out different
attack vectors.

1174
01:01:03,292 --> 01:01:07,594
We ended up focusing on
ways to destroy the rotor tubes.

1175
01:01:08,496 --> 01:01:11,932
In the tests we ran,
we blew them apart.

1176
01:01:13,401 --> 01:01:15,335
They swept up the pieces,

1177
01:01:15,337 --> 01:01:18,038
they put it on an airplane,
they flew it to Washington,

1178
01:01:18,040 --> 01:01:19,740
they stuck it in the truck,

1179
01:01:19,742 --> 01:01:21,708
they drove it through the
gates of the White House,

1180
01:01:21,710 --> 01:01:25,846
and dumped the shards out
on the conference room table

1181
01:01:25,848 --> 01:01:27,547
in the Situation Room.

1182
01:01:27,549 --> 01:01:29,082
And then they
invited President Bush

1183
01:01:29,084 --> 01:01:30,650
to come down and take a look.

1184
01:01:30,652 --> 01:01:32,486
And when he could
pick up the shard

1185
01:01:32,488 --> 01:01:34,254
of a piece of centrifuge...

1186
01:01:35,223 --> 01:01:37,457
He was convinced
this might be worth it,

1187
01:01:37,759 --> 01:01:39,559
and he said, "go ahead and try".

1188
01:01:40,395 --> 01:01:43,330
Was there legal concern
inside the Bush Administration

1189
01:01:43,332 --> 01:01:45,732
that this might be an
act of undeclared war?

1190
01:01:46,667 --> 01:01:50,437
If there were concerns,
I haven't found them.

1191
01:01:51,706 --> 01:01:54,374
That doesn't mean
that they didn't exist

1192
01:01:54,376 --> 01:01:56,376
and that some
lawyers somewhere

1193
01:01:56,378 --> 01:01:57,944
weren't concerned about it,

1194
01:01:57,946 --> 01:02:01,281
but this was an
entirely new territory.

1195
01:02:01,883 --> 01:02:04,384
At the time, there were
really very few people

1196
01:02:04,386 --> 01:02:08,522
who had expertise specifically
on the law of war and cyber.

1197
01:02:08,923 --> 01:02:11,191
And basically what we
did was looking at, okay,

1198
01:02:11,193 --> 01:02:12,659
here's our broad direction.

1199
01:02:13,227 --> 01:02:15,829
Now, let's look...
technically what can we do

1200
01:02:16,230 --> 01:02:18,098
to facilitate this broad direction?

1201
01:02:18,366 --> 01:02:21,234
After that, maybe
the... I would come in

1202
01:02:21,236 --> 01:02:23,804
or one of my lawyers
would come in and say,

1203
01:02:23,806 --> 01:02:27,774
okay, this is what
we may do. Okay.

1204
01:02:28,877 --> 01:02:29,976
There are many
things we can do,

1205
01:02:29,978 --> 01:02:31,978
but we are not
allowed to do them.

1206
01:02:31,980 --> 01:02:34,114
And then after that,
there's still a final level

1207
01:02:34,116 --> 01:02:36,016
that we look at and that's,
what should we do?

1208
01:02:36,417 --> 01:02:38,385
Because there are many
things that would be

1209
01:02:38,387 --> 01:02:41,655
technically possible
and technically legal

1210
01:02:41,657 --> 01:02:43,190
but a bad idea.

1211
01:02:43,724 --> 01:02:47,427
For Natanz,
it was a CIA-led operation,

1212
01:02:47,429 --> 01:02:49,863
so we had to have
agency sign-off.

1213
01:02:50,164 --> 01:02:51,331
Really?

1214
01:02:51,499 --> 01:02:54,334
Someone from the agency

1215
01:02:55,169 --> 01:02:57,304
stood behind the
operator and the analyst

1216
01:02:57,306 --> 01:03:00,240
and gave the order to
launch every attack.

1217
01:03:07,849 --> 01:03:09,683
Before they had even
started this attack,

1218
01:03:09,685 --> 01:03:11,918
they put inside of
the code the kill date,

1219
01:03:12,253 --> 01:03:14,020
a date at which it
would stop operating.

1220
01:03:14,589 --> 01:03:16,690
Cutoff dates,
we don't normally see that

1221
01:03:16,692 --> 01:03:18,358
in other threats,
and you have to think,

1222
01:03:18,360 --> 01:03:20,260
well, why is there a
cutoff date in there?

1223
01:03:20,695 --> 01:03:23,129
And when you realize that,
well, STUXnet was probably

1224
01:03:23,131 --> 01:03:26,333
written by government
and that there are laws

1225
01:03:26,335 --> 01:03:29,202
regarding how you can
use this sort of software,

1226
01:03:29,204 --> 01:03:31,838
that there may have been a
legal team who said, no, you...

1227
01:03:31,840 --> 01:03:34,040
You need to have a
cutoff date in there,

1228
01:03:34,042 --> 01:03:36,142
and you can only do this
and you can only go that far

1229
01:03:36,144 --> 01:03:37,944
and we need to check
if this is legal or not.

1230
01:03:39,814 --> 01:03:43,083
That date is a few days
before Obama's inauguration.

1231
01:03:44,118 --> 01:03:46,987
So the theory was that
this was an operation

1232
01:03:46,989 --> 01:03:49,389
that needed to be
stopped at a certain time

1233
01:03:49,391 --> 01:03:51,791
because there was
gonna be a handover

1234
01:03:51,793 --> 01:03:54,127
and that more
approval was needed.

1235
01:03:57,366 --> 01:03:59,232
Are you prepared to
take the oath, senator?

1236
01:03:59,234 --> 01:04:00,467
I am.

1237
01:04:00,835 --> 01:04:02,802
I, Barack Hussein Obama...

1238
01:04:02,804 --> 01:04:04,337
- I, Barack...
- do solemnly swear...

1239
01:04:04,339 --> 01:04:06,940
I, Barack Hussein Obama,
do solemnly swear...

1240
01:04:07,141 --> 01:04:10,677
Olympic Games was
reauthorized by President Obama

1241
01:04:10,679 --> 01:04:12,479
in his first year in office, 2009.

1242
01:04:16,984 --> 01:04:19,085
It was fascinating because
it was the first year of

1243
01:04:19,087 --> 01:04:21,087
the Obama administration
and they would talk to you

1244
01:04:21,089 --> 01:04:23,890
endlessly about cyber defense.

1245
01:04:24,659 --> 01:04:25,825
We count on computer networks

1246
01:04:25,827 --> 01:04:28,962
to deliver our oil and gas,
our power, and our water.

1247
01:04:29,263 --> 01:04:32,499
We rely on them for
public transportation

1248
01:04:32,501 --> 01:04:34,067
and air traffic control.

1249
01:04:34,435 --> 01:04:36,536
But just as we failed in the past

1250
01:04:36,538 --> 01:04:38,572
to invest in our
physical infrastructure,

1251
01:04:38,873 --> 01:04:41,241
our roads, our bridges, and rails,

1252
01:04:41,576 --> 01:04:43,276
we failed to invest in the security

1253
01:04:43,278 --> 01:04:45,145
of our digital infrastructure.

1254
01:04:45,346 --> 01:04:47,747
He was running
East Room events

1255
01:04:47,949 --> 01:04:50,684
trying to get people to
focus on the need to

1256
01:04:50,686 --> 01:04:52,619
defend cyber networks

1257
01:04:52,621 --> 01:04:54,354
and defend American
infrastructure.

1258
01:04:54,722 --> 01:04:58,258
But when you asked
questions about the use of

1259
01:04:58,260 --> 01:05:01,861
offensive cyber weapons,
everything went dead.

1260
01:05:01,863 --> 01:05:03,597
No cooperation.

1261
01:05:03,599 --> 01:05:05,699
White House wouldn't help,
Pentagon wouldn't help,

1262
01:05:05,701 --> 01:05:06,866
NSA wouldn't help.

1263
01:05:07,101 --> 01:05:08,535
Nobody would
talk to you about it.

1264
01:05:09,437 --> 01:05:11,071
But when you dug into the budget

1265
01:05:11,073 --> 01:05:14,307
for cyber spending during
the Obama administration,

1266
01:05:14,309 --> 01:05:16,242
what you discovered was

1267
01:05:16,244 --> 01:05:19,646
much of it was being spent
on offensive cyber weapons.

1268
01:05:21,449 --> 01:05:25,952
You see phrases
like "Title 10 CNO".

1269
01:05:26,387 --> 01:05:29,656
Title 10 means operations
for the U.S. military,

1270
01:05:29,924 --> 01:05:34,194
and CNO means Computer
Network Operations.

1271
01:05:34,895 --> 01:05:36,463
This is considerable evidence

1272
01:05:36,465 --> 01:05:39,065
that STUXnet was just
the opening wedge

1273
01:05:39,734 --> 01:05:43,536
of what is a much broader
U.S. government effort now

1274
01:05:43,971 --> 01:05:47,007
to develop an entire
new class of weapons.

1275
01:05:52,580 --> 01:05:55,315
STUXnet wasn't just an evolution.

1276
01:05:55,317 --> 01:05:57,984
It was really a revolution
in the threat landscape.

1277
01:05:59,787 --> 01:06:02,756
In the past, the vast majority
of threats that we saw

1278
01:06:02,758 --> 01:06:04,758
were always controlled by
an operator somewhere.

1279
01:06:04,760 --> 01:06:06,459
They would infect your machines,

1280
01:06:06,461 --> 01:06:08,294
but they would have
what's called a callback

1281
01:06:08,296 --> 01:06:09,829
or a
command-and-control channel.

1282
01:06:09,997 --> 01:06:12,132
The threats would
actually contact the operator

1283
01:06:12,134 --> 01:06:13,533
and say, what do you
want me to do next?

1284
01:06:13,535 --> 01:06:15,101
And the operator would
send down commands

1285
01:06:15,103 --> 01:06:17,037
and say, maybe,
search through this directory,

1286
01:06:17,039 --> 01:06:18,972
find these folders, find these files,

1287
01:06:18,974 --> 01:06:20,807
upload these files to me,
spread to this other machine,

1288
01:06:20,809 --> 01:06:22,275
things of that nature.

1289
01:06:22,810 --> 01:06:25,879
But STUXnet couldn't have a
command-and-control channel

1290
01:06:26,347 --> 01:06:29,115
because once it
got inside in Natanz

1291
01:06:29,117 --> 01:06:31,851
it would not have been able to
reach back out to the attackers.

1292
01:06:31,853 --> 01:06:34,154
The Natanz network is
completely air gapped

1293
01:06:34,156 --> 01:06:35,355
from the rest of the Internet.

1294
01:06:35,357 --> 01:06:36,723
It's not connected to the Internet.

1295
01:06:36,725 --> 01:06:38,191
It's its own isolated network.

1296
01:06:38,193 --> 01:06:39,959
Generally, getting
across an air gap is...

1297
01:06:39,961 --> 01:06:41,561
Is one of the more
difficult challenges

1298
01:06:41,563 --> 01:06:43,830
that attackers will face
just because of the fact that

1299
01:06:43,832 --> 01:06:46,733
there... everything is in
place to prevent that.

1300
01:06:46,735 --> 01:06:49,302
You know, everything, you know,
the policies and procedures

1301
01:06:49,304 --> 01:06:51,204
and the physical
network that's in place is

1302
01:06:51,206 --> 01:06:54,674
specifically designed to
prevent you crossing the air gap.

1303
01:06:54,676 --> 01:06:57,143
But there's no truly
air-gapped network

1304
01:06:57,145 --> 01:06:59,412
in these real-world
production environments.

1305
01:06:59,414 --> 01:07:01,481
People gotta get
new code into Natanz.

1306
01:07:01,483 --> 01:07:04,384
People have to get log files
off of this network in Natanz.

1307
01:07:04,386 --> 01:07:05,852
People have to
upgrade equipment.

1308
01:07:05,854 --> 01:07:07,554
People have to
upgrade computers.

1309
01:07:07,755 --> 01:07:10,890
This highlights one of the major

1310
01:07:11,392 --> 01:07:14,327
security issues that
we have in the field.

1311
01:07:14,329 --> 01:07:17,230
If you think, well,
nobody can attack

1312
01:07:17,232 --> 01:07:19,499
this power plant or
this chemical plant

1313
01:07:19,501 --> 01:07:21,234
because it's not
connected to the Internet,

1314
01:07:21,236 --> 01:07:23,103
that's a bizarre illusion.

1315
01:07:26,741 --> 01:07:30,076
The first time we introduced
the code into Natanz

1316
01:07:30,611 --> 01:07:32,412
we used human assets,

1317
01:07:33,280 --> 01:07:36,850
maybe CIA, more likely Mossad,

1318
01:07:36,852 --> 01:07:40,253
but our team was kept in the
dark about the trade craft.

1319
01:07:41,188 --> 01:07:43,690
We heard rumors in Moscow,

1320
01:07:43,692 --> 01:07:47,527
an Iranian laptop infected by
a phony Siemens technician

1321
01:07:47,529 --> 01:07:48,828
with a flash drive...

1322
01:07:50,364 --> 01:07:53,500
A double agent in Iran
with access to Natanz,

1323
01:07:54,068 --> 01:07:55,802
but I don't really know.

1324
01:07:55,804 --> 01:07:58,505
What we had to focus
on was to write the code

1325
01:07:59,106 --> 01:08:02,542
so that, once inside,
the worm acted on its own.

1326
01:08:02,743 --> 01:08:05,111
They built in all the
code and all the logic

1327
01:08:05,113 --> 01:08:07,914
into the threat to be able
to operate all by itself.

1328
01:08:07,916 --> 01:08:10,150
It had the ability
to spread by itself.

1329
01:08:10,152 --> 01:08:13,219
It had the ability to figure out,
do I have the right PLCs?

1330
01:08:13,221 --> 01:08:16,156
Have I arrived in Natanz?
Am I at the target?

1331
01:08:16,158 --> 01:08:17,724
And when it's on target,

1332
01:08:17,726 --> 01:08:19,893
it executes autonomously.

1333
01:08:20,261 --> 01:08:23,563
That also means you...
cannot call off the attack.

1334
01:08:24,231 --> 01:08:25,965
It was definitely
the type of attack

1335
01:08:26,567 --> 01:08:28,067
where someone had decided

1336
01:08:28,769 --> 01:08:30,570
that this is what
they wanted to do.

1337
01:08:31,105 --> 01:08:33,907
There was no turning back
once STUXnet was released.

1338
01:08:39,113 --> 01:08:41,247
When it began to actually
execute its payload,

1339
01:08:41,249 --> 01:08:43,516
you would have a whole
bunch of centrifuges

1340
01:08:43,518 --> 01:08:46,619
in a huge array of
cascades sitting in a big hall.

1341
01:08:46,621 --> 01:08:48,822
And then just off that hall

1342
01:08:48,824 --> 01:08:50,623
you would have
an operators room,

1343
01:08:50,625 --> 01:08:52,492
the control panels in front
of them, a big window

1344
01:08:52,494 --> 01:08:53,934
where they could
see into the hall.

1345
01:08:54,495 --> 01:08:56,696
Computers monitor the activities

1346
01:08:56,698 --> 01:08:58,064
of all these centrifuges.

1347
01:08:58,933 --> 01:09:03,002
So a centrifuge, it's driven
by an electrical motor.

1348
01:09:03,604 --> 01:09:06,506
And the speed of
this electrical motor

1349
01:09:06,508 --> 01:09:09,709
is controlled by another PLC,

1350
01:09:09,711 --> 01:09:11,411
by another programmable
logic controller.

1351
01:09:13,614 --> 01:09:17,317
STUXnet would wait for 13 days

1352
01:09:17,319 --> 01:09:18,618
before doing anything,

1353
01:09:18,620 --> 01:09:20,720
because 13 days is
about the time it takes

1354
01:09:20,722 --> 01:09:23,690
to actually fill an entire
cascade of centrifuges

1355
01:09:23,692 --> 01:09:25,225
with uranium.

1356
01:09:25,526 --> 01:09:28,361
They didn't want to attack
when the centrifuges essentially

1357
01:09:28,363 --> 01:09:30,730
were empty or at the beginning
of the enrichment process.

1358
01:09:31,999 --> 01:09:34,367
What STUXnet did was it
actually would sit there

1359
01:09:34,369 --> 01:09:37,070
during the 13 days
and basically record

1360
01:09:37,072 --> 01:09:39,072
all of the normal activities

1361
01:09:39,074 --> 01:09:40,607
that were happening and save it.

1362
01:09:41,408 --> 01:09:43,743
And once they saw them
spinning for 13 days,

1363
01:09:43,745 --> 01:09:45,378
then the attack occurred.

1364
01:09:46,146 --> 01:09:48,414
Centrifuges spin at
incredible speeds,

1365
01:09:48,416 --> 01:09:50,350
about 1,000 hertz.

1366
01:09:50,352 --> 01:09:52,719
They have a safe
operating speed,

1367
01:09:52,721 --> 01:09:55,555
63,000 revolutions per minute.

1368
01:09:55,856 --> 01:09:58,424
STUXnet caused the uranium
enrichment centrifuges

1369
01:09:58,426 --> 01:10:00,727
to spin up to 1,400 hertz.

1370
01:10:00,729 --> 01:10:03,463
Up to 80,000
revolutions per minute.

1371
01:10:06,934 --> 01:10:09,369
What would happen
was those centrifuges

1372
01:10:09,371 --> 01:10:11,638
would go through what's
called a resonance frequency.

1373
01:10:12,172 --> 01:10:14,407
It would go through a frequency
at which the metal would

1374
01:10:14,409 --> 01:10:16,276
basically vibrate uncontrollably

1375
01:10:16,278 --> 01:10:17,577
and essentially shatter.

1376
01:10:17,745 --> 01:10:19,946
There'd be uranium
gas everywhere.

1377
01:10:21,081 --> 01:10:22,949
And then the second
attack they attempted

1378
01:10:22,951 --> 01:10:25,251
was they actually tried
to lower it to two hertz.

1379
01:10:25,253 --> 01:10:28,955
They were slowed down
to almost standstill.

1380
01:10:29,723 --> 01:10:32,258
And at two hertz, sort of
an opposite effect occurs.

1381
01:10:32,260 --> 01:10:34,527
You can imagine a
toy top that you spin

1382
01:10:34,529 --> 01:10:37,430
and as the top begins to slow
down, it begins to wobble.

1383
01:10:37,432 --> 01:10:39,432
That's what would happen
to these centrifuges.

1384
01:10:39,434 --> 01:10:41,467
They'd begin to wobble
and essentially shatter

1385
01:10:41,469 --> 01:10:42,702
and fall apart.

1386
01:10:46,474 --> 01:10:49,309
And instead of sending
back to the computer

1387
01:10:49,311 --> 01:10:50,944
what was really happening,
it would send back

1388
01:10:50,946 --> 01:10:52,912
that old data that it had recorded.

1389
01:10:52,914 --> 01:10:54,714
So the computer's
sitting there thinking,

1390
01:10:54,716 --> 01:10:56,416
yep, running at 1,000
hertz, everything is fine.

1391
01:10:56,418 --> 01:10:58,318
Running at 1,000 hertz,
everything is fine.

1392
01:10:58,320 --> 01:11:01,154
But those centrifuges are
potentially spinning up wildly,

1393
01:11:01,156 --> 01:11:02,956
a huge noise would occur.

1394
01:11:02,958 --> 01:11:04,958
It'd be like,
you know, a jet engine.

1395
01:11:08,496 --> 01:11:10,096
So the operators then
would know, whoa,

1396
01:11:10,098 --> 01:11:11,731
something is going wrong here.

1397
01:11:11,733 --> 01:11:13,666
They might look at their
monitors and say, hmm,

1398
01:11:13,668 --> 01:11:16,135
it says it's 1,000 hertz, but
they would hear that in the room

1399
01:11:16,137 --> 01:11:17,937
something gravely
bad was happening.

1400
01:11:17,939 --> 01:11:21,307
Not only are the operators
fooled into thinking

1401
01:11:21,309 --> 01:11:23,109
everything's normal,

1402
01:11:23,111 --> 01:11:27,447
but also any kind of
automated protective logic

1403
01:11:27,449 --> 01:11:29,215
is fooled.

1404
01:11:30,084 --> 01:11:32,044
You can't just turn
these centrifuges off.

1405
01:11:32,286 --> 01:11:34,921
They have to be brought down
in a very controlled manner.

1406
01:11:34,923 --> 01:11:37,090
And so they would hit,
literally, the big red button

1407
01:11:37,092 --> 01:11:38,691
to initiate a graceful shutdown,

1408
01:11:39,026 --> 01:11:41,127
and STUXnet
intercepts that code.

1409
01:11:41,129 --> 01:11:42,695
So you would have
these operators

1410
01:11:42,697 --> 01:11:44,831
slamming on that button
over and over again

1411
01:11:44,833 --> 01:11:45,999
and nothing would happen.

1412
01:11:47,301 --> 01:11:50,870
If your cyber weapon
is good enough,

1413
01:11:50,872 --> 01:11:53,606
if your enemy is not aware of it,

1414
01:11:53,874 --> 01:11:57,510
it is an ideal weapon,
because the enemy

1415
01:11:57,512 --> 01:11:59,579
even don't understand
what is happening to it.

1416
01:12:00,147 --> 01:12:02,115
Maybe even better if the
enemy begins to doubt

1417
01:12:02,117 --> 01:12:04,417
- their own capability.
- Absolutely.

1418
01:12:05,119 --> 01:12:07,987
Certainly one must conclude

1419
01:12:07,989 --> 01:12:10,790
that what happened at Natanz

1420
01:12:10,792 --> 01:12:13,192
must have driven
the engineers crazy,

1421
01:12:13,194 --> 01:12:15,661
because the worst
thing that can happen

1422
01:12:15,663 --> 01:12:19,565
to a maintenance engineer
is not being able to figure out

1423
01:12:19,567 --> 01:12:22,368
what the cause of
specific trouble is.

1424
01:12:22,370 --> 01:12:25,738
So they must have been
analyzing themselves to death.

1425
01:12:28,475 --> 01:12:31,277
You know, you see
centrifuges blowing up.

1426
01:12:31,645 --> 01:12:35,448
You look the computer screens,
they go with the proper speed.

1427
01:12:35,816 --> 01:12:39,485
There's a proper gas pressure.
Everything looks beautiful.

1428
01:12:42,089 --> 01:12:45,224
Through 2009 it was
going pretty smoothly.

1429
01:12:45,226 --> 01:12:47,060
Centrifuges were blowing up.

1430
01:12:47,062 --> 01:12:49,729
The International Atomic
Energy Agency inspectors

1431
01:12:49,731 --> 01:12:52,231
would go in to Natanz
and they would see that

1432
01:12:52,233 --> 01:12:55,134
whole sections of the
centrifuges had been removed.

1433
01:12:56,370 --> 01:12:59,439
The United States knew
from its intelligence channels

1434
01:12:59,441 --> 01:13:02,942
that some Iranian
scientists and engineers

1435
01:13:02,944 --> 01:13:06,712
were being fired because the
centrifuges were blowing up

1436
01:13:06,714 --> 01:13:09,849
and the Iranians had
assumed that this was because

1437
01:13:09,851 --> 01:13:13,352
they had been making errors
or manufacturing mistakes.

1438
01:13:13,354 --> 01:13:14,987
Clearly this was
somebody's fault.

1439
01:13:16,090 --> 01:13:18,124
So the program was doing

1440
01:13:18,126 --> 01:13:19,959
exactly what it was
supposed to be doing,

1441
01:13:20,260 --> 01:13:23,029
which was it was
blowing up centrifuges

1442
01:13:23,263 --> 01:13:25,098
and it was leaving no trace

1443
01:13:25,766 --> 01:13:27,867
and leaving the
Iranians to wonder

1444
01:13:28,302 --> 01:13:29,669
what they got hit by.

1445
01:13:30,137 --> 01:13:32,772
This was the brilliance
of Olympic Games.

1446
01:13:33,073 --> 01:13:34,774
You know, as a former
director of a couple of big

1447
01:13:34,776 --> 01:13:36,042
3-letter agencies,

1448
01:13:36,410 --> 01:13:38,845
slowing down 1,000
centrifuges in Natanz...

1449
01:13:39,713 --> 01:13:41,047
Abnormally good.

1450
01:13:41,049 --> 01:13:43,649
There was a need for...
buying time.

1451
01:13:43,651 --> 01:13:46,285
There was a need for
slowing them down.

1452
01:13:46,287 --> 01:13:48,221
There was the need
to try to push them

1453
01:13:48,223 --> 01:13:49,589
to the negotiating table.

1454
01:13:49,591 --> 01:13:51,891
I mean, there are a lot
of variables at play here.

1455
01:13:56,230 --> 01:13:59,866
President Obama would go
down into the Situation Room,

1456
01:14:00,300 --> 01:14:03,569
and he would have
laid out in front of him

1457
01:14:03,571 --> 01:14:05,238
what they called
the horse blanket,

1458
01:14:05,240 --> 01:14:07,440
which was a giant schematic

1459
01:14:07,442 --> 01:14:10,910
of the Natanz nuclear
enrichment plan.

1460
01:14:11,478 --> 01:14:14,580
And the designers
of Olympic Games

1461
01:14:14,582 --> 01:14:17,750
would describe to him what
kind of progress they made

1462
01:14:17,752 --> 01:14:20,019
and look for him
for the authorization

1463
01:14:20,021 --> 01:14:22,255
to move on ahead
to the next attack.

1464
01:14:24,091 --> 01:14:26,125
And at one point
during those discussions,

1465
01:14:26,127 --> 01:14:27,860
he said to a number of his aides,

1466
01:14:27,862 --> 01:14:29,462
you know, I have some concerns

1467
01:14:29,464 --> 01:14:31,931
because once word
of this gets out,

1468
01:14:31,933 --> 01:14:33,599
and eventually he
knew it would get out,

1469
01:14:33,601 --> 01:14:35,601
the Chinese may
use it as an excuse

1470
01:14:35,603 --> 01:14:38,938
for their attacks on us.
The Russians might or others.

1471
01:14:39,473 --> 01:14:42,508
So he clearly had
some misgivings,

1472
01:14:43,143 --> 01:14:44,944
but they weren't big
enough to stop him

1473
01:14:44,946 --> 01:14:46,345
from going ahead
with the program.

1474
01:14:47,548 --> 01:14:50,716
And then in 2010,

1475
01:14:51,051 --> 01:14:54,287
a decision was made
to change the code.

1476
01:15:00,127 --> 01:15:01,561
Our human assets

1477
01:15:02,196 --> 01:15:05,665
weren't always able to get
code updates into Natanz

1478
01:15:05,667 --> 01:15:07,800
and we weren't told exactly why,

1479
01:15:08,368 --> 01:15:12,405
but we were told we had
to have a cyber solution

1480
01:15:12,407 --> 01:15:13,906
for delivering the code.

1481
01:15:14,341 --> 01:15:16,909
But the delivery
systems were tricky.

1482
01:15:17,211 --> 01:15:19,879
If they weren't aggressive
enough, they wouldn't get in.

1483
01:15:20,180 --> 01:15:22,548
If they were too aggressive,
they could spread

1484
01:15:22,983 --> 01:15:24,217
and be discovered.

1485
01:15:26,220 --> 01:15:27,987
When we got the first sample,

1486
01:15:27,989 --> 01:15:30,323
there was some configuration
information inside of it.

1487
01:15:30,325 --> 01:15:33,559
And one of the pieces in there
was a version number, 1.1

1488
01:15:34,561 --> 01:15:35,861
and that made us realize,

1489
01:15:35,863 --> 01:15:38,097
well, look, this likely
isn't the only copy.

1490
01:15:38,099 --> 01:15:40,333
We went back through
our databases looking for

1491
01:15:40,335 --> 01:15:42,802
anything that looks
similar to STUXnet.

1492
01:15:44,538 --> 01:15:46,239
As we began to
collect more samples,

1493
01:15:46,241 --> 01:15:48,140
we found a few earlier
versions of STUXnet.

1494
01:15:49,209 --> 01:15:50,910
And when we analyzed that code,

1495
01:15:50,912 --> 01:15:53,579
we saw that versions
previous to 1.1

1496
01:15:53,581 --> 01:15:55,248
were a lot less aggressive.

1497
01:15:55,716 --> 01:15:57,550
The earlier version of STUXnet,

1498
01:15:57,552 --> 01:15:59,719
it basically required
humans to do a little bit

1499
01:15:59,721 --> 01:16:02,054
of double clicking in
order for it to spread

1500
01:16:02,056 --> 01:16:03,589
from one computer to another.

1501
01:16:03,591 --> 01:16:05,858
And, so, what we believe
after looking at that code

1502
01:16:05,860 --> 01:16:06,993
is two things,

1503
01:16:07,394 --> 01:16:09,695
one, either they
didn't get in to Natanz

1504
01:16:09,697 --> 01:16:10,930
with that earlier version,

1505
01:16:10,932 --> 01:16:12,531
because it simply
wasn't aggressive enough,

1506
01:16:12,533 --> 01:16:14,267
wasn't able to jump
over that air gap,

1507
01:16:15,235 --> 01:16:18,070
and... or two, that payload as well

1508
01:16:18,072 --> 01:16:21,374
didn't work properly,
didn't work to their satisfaction,

1509
01:16:21,642 --> 01:16:23,476
maybe was not
explosive enough.

1510
01:16:24,044 --> 01:16:26,279
There were slightly
different versions

1511
01:16:26,281 --> 01:16:28,614
which were aimed
at different parts

1512
01:16:28,616 --> 01:16:30,249
of the centrifuge cascade.

1513
01:16:30,251 --> 01:16:33,252
But the guys at Symantec
figured you changed the code

1514
01:16:33,254 --> 01:16:35,054
because the first
variations couldn't get in

1515
01:16:35,056 --> 01:16:36,222
and didn't work right.

1516
01:16:36,490 --> 01:16:37,490
Bullshit.

1517
01:16:38,292 --> 01:16:40,559
We always found a way
to get across the air gap.

1518
01:16:40,561 --> 01:16:42,828
At TAO, we laughed when
people thought they were

1519
01:16:42,830 --> 01:16:44,497
protected by an air gap.

1520
01:16:45,165 --> 01:16:48,200
And for OG, the early versions
of the payload did work.

1521
01:16:48,669 --> 01:16:50,469
But what NSA did...

1522
01:16:52,072 --> 01:16:54,874
Was always low-key and subtle.

1523
01:16:55,976 --> 01:16:59,245
The problem was that
Unit 8200, the Israelis,

1524
01:16:59,247 --> 01:17:01,380
kept pushing us to
be more aggressive.

1525
01:17:03,016 --> 01:17:05,651
The later version of STUXnet 1.1,

1526
01:17:05,653 --> 01:17:07,787
that version had multiple
ways of spreading.

1527
01:17:07,789 --> 01:17:09,989
Had the four zero days
inside of it, for example,

1528
01:17:09,991 --> 01:17:11,791
that allowed it to
spread all by itself

1529
01:17:11,793 --> 01:17:12,925
without you doing anything.

1530
01:17:12,927 --> 01:17:14,527
It could spread via
network shares.

1531
01:17:14,529 --> 01:17:16,429
It could spread via USB keys.

1532
01:17:16,431 --> 01:17:18,831
It was able to spread
via network exploits.

1533
01:17:18,833 --> 01:17:20,366
That's the sample
that introduced us

1534
01:17:20,368 --> 01:17:22,368
to stolen digital certificates.

1535
01:17:22,370 --> 01:17:24,804
That is the sample that,
all of a sudden,

1536
01:17:24,806 --> 01:17:26,972
became so noisy

1537
01:17:26,974 --> 01:17:30,076
and caught the attention
of the antivirus guys.

1538
01:17:30,977 --> 01:17:33,612
In the first sample
we don't find that.

1539
01:17:34,948 --> 01:17:41,020
And this is very strange,
because it tells us that

1540
01:17:41,022 --> 01:17:43,289
in the process of
this development

1541
01:17:43,824 --> 01:17:46,392
the attackers were
less concerned

1542
01:17:46,394 --> 01:17:48,227
with operational security.

1543
01:17:53,700 --> 01:17:56,268
STUXnet actually kept
a log inside of itself

1544
01:17:56,970 --> 01:17:59,405
of all the machines that
it infected along the way

1545
01:17:59,407 --> 01:18:01,474
as it jumped from one
machine to another

1546
01:18:01,476 --> 01:18:02,641
to another to another.

1547
01:18:03,076 --> 01:18:05,044
And we were able to gather up

1548
01:18:05,046 --> 01:18:07,079
all the samples that
we could acquire,

1549
01:18:07,247 --> 01:18:10,516
tens of thousands of samples.
We extracted all of those logs.

1550
01:18:10,518 --> 01:18:13,219
We could see the exact
path that STUXnet took.

1551
01:18:15,355 --> 01:18:17,390
Eventually, we were
able to trace back

1552
01:18:17,392 --> 01:18:19,558
this version of
STUXnet to ground zero,

1553
01:18:19,860 --> 01:18:22,395
to the first five
infections in the world.

1554
01:18:23,230 --> 01:18:26,065
The first five infections are
all outside a Natanz plant,

1555
01:18:26,233 --> 01:18:29,068
all inside of
organizations inside of Iran,

1556
01:18:29,836 --> 01:18:32,104
all organizations
that are involved in

1557
01:18:32,106 --> 01:18:34,540
industrial control
systems and construction

1558
01:18:34,542 --> 01:18:36,175
of industrial control facilities,

1559
01:18:36,443 --> 01:18:40,012
clearly contractors who were
working on the Natanz facility.

1560
01:18:40,014 --> 01:18:41,747
And the attackers knew that.

1561
01:18:42,349 --> 01:18:45,084
They were electrical companies.
They were piping companies.

1562
01:18:45,086 --> 01:18:46,685
They were, you know,
these sorts of companies.

1563
01:18:46,887 --> 01:18:48,521
And they knew... the technicians

1564
01:18:48,523 --> 01:18:50,256
from those companies
would visit Natanz.

1565
01:18:50,258 --> 01:18:51,824
So they would infect
these companies

1566
01:18:52,025 --> 01:18:55,060
and then technicians
would take their computer

1567
01:18:55,062 --> 01:18:56,362
or their laptop or their USB...

1568
01:18:56,364 --> 01:18:58,130
That operator then
goes down to Natanz

1569
01:18:58,132 --> 01:19:00,299
and he plugs in his USB key,
which has some code

1570
01:19:00,301 --> 01:19:02,201
that he needs to
update into Natanz,

1571
01:19:02,203 --> 01:19:03,769
into the Natanz network,

1572
01:19:03,771 --> 01:19:05,438
and now STUXnet is
able to get inside Natanz

1573
01:19:05,440 --> 01:19:06,806
and conduct its attack.

1574
01:19:08,041 --> 01:19:10,409
These five companies
were specifically targeted

1575
01:19:10,411 --> 01:19:12,278
to spread STUXnet into Natanz

1576
01:19:12,479 --> 01:19:15,714
and that it wasn't that...
STUXnet escaped out of Natanz

1577
01:19:15,716 --> 01:19:17,216
and then spread
all over the world

1578
01:19:17,218 --> 01:19:19,652
and it was this big mistake
and, oh, it wasn't meant

1579
01:19:19,654 --> 01:19:21,387
to spread that far
but it really did.

1580
01:19:21,389 --> 01:19:23,122
No, that's not the way we see it.

1581
01:19:23,124 --> 01:19:26,058
The way we see it is that
they wanted it to spread far

1582
01:19:26,060 --> 01:19:27,726
so that they could
get it into Natanz.

1583
01:19:27,928 --> 01:19:31,831
Someone decided that we're
gonna create something new,

1584
01:19:32,065 --> 01:19:33,132
something evolved,

1585
01:19:33,767 --> 01:19:35,901
that's gonna be far, far,
far more aggressive.

1586
01:19:36,570 --> 01:19:40,005
And we're okay, frankly,

1587
01:19:40,007 --> 01:19:42,708
with it spreading all over the
world to innocent machines

1588
01:19:42,943 --> 01:19:44,510
in order to go after our target.

1589
01:19:50,251 --> 01:19:55,421
The Mossad had the role,
had the... assignment

1590
01:19:56,122 --> 01:20:02,027
to deliver the virus to
make sure that STUXnet

1591
01:20:02,029 --> 01:20:06,899
would be put in place in
Natanz to affect the centrifuges.

1592
01:20:08,768 --> 01:20:10,970
Meir Dagan, the head of Mossad,

1593
01:20:10,972 --> 01:20:14,273
was under growing pressure
from the prime minister,

1594
01:20:14,275 --> 01:20:17,142
Benjamin Netanyahu,
to produce results.

1595
01:20:19,046 --> 01:20:20,212
Inside The Roc,

1596
01:20:20,214 --> 01:20:22,281
we were furious.

1597
01:20:24,017 --> 01:20:26,852
The Israelis took our code
for the delivery system

1598
01:20:27,454 --> 01:20:28,754
and changed it.

1599
01:20:30,156 --> 01:20:32,658
Then, on their own,
without our agreement,

1600
01:20:32,660 --> 01:20:34,460
they just fucking launched it.

1601
01:20:35,128 --> 01:20:37,029
2010 around the same time

1602
01:20:37,031 --> 01:20:38,831
they started killing
Iranian scientists...

1603
01:20:38,833 --> 01:20:40,566
And they fucked up the code!

1604
01:20:41,001 --> 01:20:42,535
Instead of hiding,

1605
01:20:42,537 --> 01:20:45,004
the code started
shutting down computers,

1606
01:20:45,006 --> 01:20:46,772
so naturally, people noticed.

1607
01:20:48,708 --> 01:20:51,710
Because they were in a hurry,
they opened Pandora's Box.

1608
01:20:52,746 --> 01:20:53,846
They let it out

1609
01:20:53,848 --> 01:20:57,149
and it spread all over the world.

1610
01:21:02,322 --> 01:21:04,123
The worm spread quickly

1611
01:21:04,391 --> 01:21:06,225
but somehow it remained unseen

1612
01:21:06,227 --> 01:21:08,260
until it was identified in Belarus.

1613
01:21:09,262 --> 01:21:11,830
Soon after, Israeli
intelligence confirmed

1614
01:21:11,832 --> 01:21:13,832
that it had made its
way into the hands

1615
01:21:13,834 --> 01:21:15,834
of the Russian federal
security service,

1616
01:21:15,836 --> 01:21:17,803
a successor to the KGB.

1617
01:21:19,372 --> 01:21:22,775
So it happened that the formula
for a secret cyber weapon

1618
01:21:22,777 --> 01:21:24,443
designed by the U.S. and Israel

1619
01:21:24,445 --> 01:21:25,978
fell into the hands of Russia

1620
01:21:26,513 --> 01:21:28,514
and the very country
it was meant to attack.

1621
01:21:31,256 --> 01:21:35,466
They managed to create minor
problems for a few of our centrifuges

1622
01:21:35,844 --> 01:21:39,974
through the software that they
had installed on electronic parts.

1623
01:21:40,933 --> 01:21:43,313
It was a naughty and
immoral move by them

1624
01:21:43,518 --> 01:21:46,188
but fortunately our
experts discovered it

1625
01:21:46,480 --> 01:21:49,110
and today they are not
capable of ever doing it again.

1626
01:21:51,072 --> 01:21:52,605
In international law,

1627
01:21:52,607 --> 01:21:56,141
when some country or
a coalition of countries

1628
01:21:56,376 --> 01:22:00,846
targets a nuclear facility,
it's a act of war.

1629
01:22:01,748 --> 01:22:04,650
Please, let's be frank here.

1630
01:22:05,318 --> 01:22:08,020
If it wasn't Iran,

1631
01:22:08,655 --> 01:22:11,357
let's say a nuclear
facility in United States...

1632
01:22:12,626 --> 01:22:14,360
Was targeted in the same way...

1633
01:22:16,563 --> 01:22:18,197
The American government

1634
01:22:18,598 --> 01:22:21,333
would not sit by and let this go.

1635
01:22:22,168 --> 01:22:24,737
STUXnet is an
attack in peacetime

1636
01:22:24,739 --> 01:22:25,859
on critical infrastructures.

1637
01:22:26,006 --> 01:22:29,108
Yes, it is. I'm... look,
when I read about it,

1638
01:22:29,110 --> 01:22:31,810
I read it, I go,
whoa, this is a big deal.

1639
01:22:31,812 --> 01:22:33,545
Yeah.

1640
01:22:35,248 --> 01:22:37,783
The people who were
running this program,

1641
01:22:37,785 --> 01:22:39,251
including Leon Panetta,

1642
01:22:39,253 --> 01:22:41,253
the Director of the
CIA at the time,

1643
01:22:41,855 --> 01:22:44,490
had to go down into
the Situation Room

1644
01:22:44,492 --> 01:22:46,692
and face President Obama,

1645
01:22:46,694 --> 01:22:50,229
Vice President Biden and
explain that this program

1646
01:22:50,497 --> 01:22:53,065
was suddenly on the loose.

1647
01:22:54,367 --> 01:22:55,868
Vice President Biden,

1648
01:22:55,870 --> 01:22:58,437
at one point during
this discussion,

1649
01:22:59,272 --> 01:23:01,974
sort of exploded in
Biden-esque fashion

1650
01:23:01,976 --> 01:23:03,542
and blamed the Israelis.

1651
01:23:03,544 --> 01:23:05,944
He said, it must
have been the Israelis

1652
01:23:05,946 --> 01:23:08,013
who made a change in the code

1653
01:23:08,015 --> 01:23:10,115
that enabled it to get out.

1654
01:23:11,985 --> 01:23:14,186
President Obama said
to the senior leadership,

1655
01:23:14,188 --> 01:23:17,222
you told me it wouldn't get
out of the network. It did.

1656
01:23:17,224 --> 01:23:19,391
You told me the Iranians
would never figure out

1657
01:23:19,393 --> 01:23:21,360
it was the United
States. They did.

1658
01:23:21,661 --> 01:23:23,362
You told me it would
have a huge affect

1659
01:23:23,364 --> 01:23:27,032
on their nuclear
program, and it didn't.

1660
01:23:28,735 --> 01:23:32,237
The Natanz plant is inspected
every couple of weeks

1661
01:23:32,539 --> 01:23:35,741
by the International Atomic
Energy Agency inspectors.

1662
01:23:36,176 --> 01:23:38,877
And if you line up what
you know about the attacks

1663
01:23:39,145 --> 01:23:42,047
with the inspection reports,
you can see the effects.

1664
01:23:43,383 --> 01:23:45,584
If you go to the IAEA reports,

1665
01:23:45,586 --> 01:23:47,853
they really show that
all of those centrifuges

1666
01:23:47,855 --> 01:23:50,756
were switched off and
they were removed.

1667
01:23:51,357 --> 01:23:54,727
As much as almost couple of
thousand got compromised.

1668
01:23:55,895 --> 01:23:57,362
When you put this altogether,

1669
01:23:57,364 --> 01:24:00,165
I wouldn't be surprised if
their program got delayed

1670
01:24:00,167 --> 01:24:01,333
by the one year.

1671
01:24:01,701 --> 01:24:05,504
But go then to year 2012-13

1672
01:24:05,506 --> 01:24:08,807
and looking how the centrifuges
started to come up again.

1673
01:24:09,075 --> 01:24:10,676
Iran's number of centrifuges

1674
01:24:10,678 --> 01:24:12,544
went up exponentially,

1675
01:24:12,546 --> 01:24:16,615
to 20,000, with a stockpile
of low enriched uranium.

1676
01:24:16,617 --> 01:24:18,917
This isn't... these
are high numbers.

1677
01:24:19,786 --> 01:24:22,254
Iran's nuclear facilities expanded

1678
01:24:22,256 --> 01:24:24,857
with the construction of Fordow

1679
01:24:24,859 --> 01:24:27,459
and other highly
protected facilities.

1680
01:24:29,529 --> 01:24:32,297
So ironically, cyber warfare...

1681
01:24:33,099 --> 01:24:35,701
Assassination of its
nuclear scientists,

1682
01:24:36,136 --> 01:24:39,404
economic sanctions,
political isolation...

1683
01:24:41,275 --> 01:24:43,776
Iran has gone through "a" to "x"

1684
01:24:43,778 --> 01:24:48,380
of every chorus of
policy that the U.S., Israel,

1685
01:24:48,382 --> 01:24:52,518
and those who ally with
them have placed on Iran,

1686
01:24:53,052 --> 01:24:55,988
and they have actually
made Iran's nuclear program

1687
01:24:55,990 --> 01:24:58,724
more advanced today
than it was ever before.

1688
01:25:02,897 --> 01:25:04,630
This is a very

1689
01:25:04,632 --> 01:25:07,766
very dangerous minefield
that we are walking,

1690
01:25:07,768 --> 01:25:10,669
and nations who decide

1691
01:25:10,671 --> 01:25:12,871
to take these covert actions

1692
01:25:14,007 --> 01:25:17,042
should be taking
into consideration

1693
01:25:17,677 --> 01:25:22,481
all the effects,
including the moral effects.

1694
01:25:23,116 --> 01:25:27,152
I would say that this is the price

1695
01:25:27,154 --> 01:25:31,490
that we have to pay
in this... war,

1696
01:25:31,825 --> 01:25:34,359
and our blade of righteousness

1697
01:25:34,361 --> 01:25:35,761
shouldn't be so sharp.

1698
01:25:41,601 --> 01:25:44,002
In Israel and in the United States,

1699
01:25:44,004 --> 01:25:46,338
the blade of
righteousness cut both ways,

1700
01:25:46,873 --> 01:25:49,408
wounding the targets
and the attackers.

1701
01:25:50,476 --> 01:25:52,878
When STUXnet infected
American computers,

1702
01:25:52,880 --> 01:25:54,947
the Department of
Homeland Security,

1703
01:25:55,281 --> 01:25:58,217
unaware of the cyber
weapons launch by the NSA,

1704
01:25:58,484 --> 01:26:01,653
devoted enormous resources
trying to protect Americans

1705
01:26:01,655 --> 01:26:02,955
from their own government.

1706
01:26:03,456 --> 01:26:05,891
We had met the
enemy and it was us.

1707
01:26:11,664 --> 01:26:13,332
The purpose of the
watch stations that

1708
01:26:13,334 --> 01:26:15,500
you see in front of you
is to aggregate the data

1709
01:26:15,502 --> 01:26:16,969
coming in from multiple feeds

1710
01:26:16,971 --> 01:26:18,704
of what the cyber
threats could be,

1711
01:26:18,706 --> 01:26:20,138
so if we see threats

1712
01:26:20,140 --> 01:26:22,708
we can provide real-time
recommendations

1713
01:26:22,710 --> 01:26:25,944
for both private companies,
as well as federal agencies.

1714
01:26:26,833 --> 01:26:30,308
Can you give us a readout
on this Stuxnet virus?

1715
01:26:30,550 --> 01:26:32,985
Yep, absolutely. We'd be more
than happy to discuss that.

1716
01:26:32,987 --> 01:26:34,052
Seán, is it...

1717
01:26:34,054 --> 01:26:36,655
Early July of 2010 we
received a call

1718
01:26:36,657 --> 01:26:39,258
that said that this piece of
malware was discovered

1719
01:26:39,260 --> 01:26:40,659
and could we take a look at it.

1720
01:26:42,263 --> 01:26:43,762
When we first
started the analysis,

1721
01:26:43,764 --> 01:26:46,098
there was that 'oh crap'
moment, you know,

1722
01:26:46,100 --> 01:26:47,933
where we sat there and
said, this is something

1723
01:26:47,935 --> 01:26:49,067
that's significant.

1724
01:26:49,069 --> 01:26:50,802
It's impacting industrial control.

1725
01:26:51,037 --> 01:26:53,505
It can disrupt it to the point
where it could cause harm

1726
01:26:53,507 --> 01:26:55,574
and not only damage
to the equipment,

1727
01:26:55,576 --> 01:26:57,643
but potentially
harm or loss of life.

1728
01:26:58,411 --> 01:27:00,612
We were very concerned
because STUXnet

1729
01:27:00,614 --> 01:27:02,381
was something that
we had not seen before.

1730
01:27:02,383 --> 01:27:04,516
So there wasn't a lot
of sleep that night.

1731
01:27:04,518 --> 01:27:07,419
Basically, light up the phones,
call everybody we know,

1732
01:27:07,421 --> 01:27:10,656
inform the secretary,
inform the White House,

1733
01:27:10,857 --> 01:27:12,925
inform the other
departments and agencies,

1734
01:27:13,092 --> 01:27:15,794
wake up the world,
and figure out what's going on

1735
01:27:15,796 --> 01:27:17,996
with this particular malware.

1736
01:27:19,799 --> 01:27:21,066
Good morning,
Chairman Lieberman,

1737
01:27:21,068 --> 01:27:22,334
ranking member Collins.

1738
01:27:22,902 --> 01:27:24,703
Something as simple
and innocuous as this

1739
01:27:24,705 --> 01:27:26,872
becomes a challenge
for all of us to maintain

1740
01:27:26,874 --> 01:27:29,841
accountability control of our
critical infrastructure systems.

1741
01:27:30,310 --> 01:27:32,444
This actually contains
the STUXnet virus.

1742
01:27:32,645 --> 01:27:34,112
I've been asked on a
number of occasions,

1743
01:27:34,114 --> 01:27:35,948
did you ever think this was us?

1744
01:27:35,950 --> 01:27:39,651
And at... no point did that
ever really cross our mind,

1745
01:27:39,653 --> 01:27:42,454
because we were looking
at it from the standpoint of,

1746
01:27:42,789 --> 01:27:44,756
is this something that's
coming after the homeland?

1747
01:27:44,758 --> 01:27:47,326
You know,... what's
going to potentially impact,

1748
01:27:47,328 --> 01:27:50,128
you know, our industrial control
based here in the United States?

1749
01:27:50,563 --> 01:27:53,498
You know, I liken it to,
you know, field of battle.

1750
01:27:53,666 --> 01:27:55,634
You don't think the
sniper that's behind you

1751
01:27:55,636 --> 01:27:57,135
is gonna be shooting at you,

1752
01:27:57,303 --> 01:27:58,943
'cause you expect
him to be on your side.

1753
01:27:59,439 --> 01:28:03,141
We really don't know
who the attacker was

1754
01:28:03,143 --> 01:28:04,543
in the STUXnet case.

1755
01:28:04,744 --> 01:28:06,979
So help us
understand a little more

1756
01:28:07,246 --> 01:28:09,414
what this thing is

1757
01:28:10,116 --> 01:28:15,520
whose origin and destination
we don't understand.

1758
01:28:16,756 --> 01:28:18,857
Did anybody ever
give you any indication

1759
01:28:18,859 --> 01:28:21,026
that it was something that
they already knew about?

1760
01:28:21,028 --> 01:28:23,762
No, at no time did I get the
impression from someone

1761
01:28:23,764 --> 01:28:26,631
that that's okay, you know,
get the little pat on the head,

1762
01:28:26,633 --> 01:28:28,100
and... scooted out the door.

1763
01:28:28,102 --> 01:28:29,968
I never received a
stand-down order.

1764
01:28:29,970 --> 01:28:33,605
I never... no one ever asked,
stop looking at this.

1765
01:28:34,207 --> 01:28:38,010
Do we think that this
was a nation-state actor

1766
01:28:38,012 --> 01:28:40,445
and that there are a limited
number of nation-states

1767
01:28:40,447 --> 01:28:43,849
that have such
advanced capacity?

1768
01:28:45,685 --> 01:28:47,953
Seán McGurk,
the Director of Cyber

1769
01:28:47,955 --> 01:28:49,688
for the Department
of Homeland Security,

1770
01:28:49,690 --> 01:28:52,524
testified before the Senate
about how he thought

1771
01:28:52,526 --> 01:28:55,627
STUXnet was a terrifying
threat to the United States.

1772
01:28:55,895 --> 01:28:57,162
Is that not a problem?

1773
01:28:57,164 --> 01:28:59,064
I don't... and... and
how... how do you mean?

1774
01:28:59,332 --> 01:29:01,733
That STUXnet was a bad idea?

1775
01:29:02,135 --> 01:29:04,803
No, no, no, just that
before he knew what it was

1776
01:29:04,805 --> 01:29:06,638
- and what it attacks...
- Oh, I... I get it.

1777
01:29:06,640 --> 01:29:08,040
- Yeah...
- Yeah,

1778
01:29:08,042 --> 01:29:09,641
he was responding to
something that we...

1779
01:29:09,643 --> 01:29:10,143
He thought it was a threat

1780
01:29:10,977 --> 01:29:12,844
to critical infrastructure
in the United States.

1781
01:29:12,846 --> 01:29:14,546
Yeah. The worm is loose!

1782
01:29:14,548 --> 01:29:16,415
The worm is loose. I understand.

1783
01:29:16,417 --> 01:29:19,418
But there's... a further theory

1784
01:29:19,420 --> 01:29:21,019
having to do with whether or not,

1785
01:29:21,021 --> 01:29:23,255
following upon David Sanger...

1786
01:29:23,257 --> 01:29:25,157
I got the subplot,
and who did that?

1787
01:29:25,159 --> 01:29:27,059
Was it the Israelis? And, yeah, I...

1788
01:29:27,660 --> 01:29:30,562
I truly don't know,
and even though I don't know,

1789
01:29:30,564 --> 01:29:32,264
I still can't talk about it, all right?

1790
01:29:32,565 --> 01:29:36,101
STUXnet was somebody's
covert action, all right?

1791
01:29:36,335 --> 01:29:38,003
And the definition
of covert action

1792
01:29:38,005 --> 01:29:40,906
is an activity in which
you want to have the hand

1793
01:29:40,908 --> 01:29:42,908
of the actor forever hidden.

1794
01:29:43,276 --> 01:29:46,445
So by definition,
it's gonna end up in this

1795
01:29:46,447 --> 01:29:48,346
we don't talk about
these things box.

1796
01:29:54,020 --> 01:29:56,888
To this day, the United
States government

1797
01:29:56,890 --> 01:29:59,024
has never acknowledged

1798
01:29:59,026 --> 01:30:03,495
conducting any offensive cyber
attack anywhere in the world.

1799
01:30:05,531 --> 01:30:10,435
But thanks to Mr.
Snowden, we know that in 2012

1800
01:30:10,437 --> 01:30:12,838
President Obama
issued an Executive Order

1801
01:30:13,039 --> 01:30:15,774
that laid out some
of the conditions

1802
01:30:15,776 --> 01:30:18,243
under which cyber
weapons can be used.

1803
01:30:18,245 --> 01:30:21,813
And interestingly,
every use of a cyber weapon

1804
01:30:21,815 --> 01:30:24,850
requires presidential sign-off.

1805
01:30:26,085 --> 01:30:29,921
That is only true in
the physical world

1806
01:30:29,923 --> 01:30:31,790
for nuclear weapons.

1807
01:30:43,102 --> 01:30:45,403
Nuclear war and nuclear
weapons are vastly different

1808
01:30:45,405 --> 01:30:47,272
from cyber war
and cyber weapons.

1809
01:30:47,274 --> 01:30:50,242
Having said that,
there are some similarities.

1810
01:30:50,244 --> 01:30:52,644
And in the early 1960s,

1811
01:30:53,079 --> 01:30:54,980
the United States
government suddenly realized

1812
01:30:54,982 --> 01:30:57,048
it had thousands of
nuclear weapons,

1813
01:30:57,250 --> 01:30:58,917
big ones and little ones,

1814
01:30:58,919 --> 01:31:01,253
weapons on jeeps,
weapons on submarines,

1815
01:31:02,121 --> 01:31:04,256
and it really didn't
have a doctrine.

1816
01:31:04,258 --> 01:31:06,091
It really didn't have a strategy.

1817
01:31:06,093 --> 01:31:07,859
It really didn't have
an understanding

1818
01:31:08,127 --> 01:31:10,262
at the policy level about
how he was going to use

1819
01:31:10,264 --> 01:31:11,429
all of these things.

1820
01:31:11,998 --> 01:31:13,999
And so academics

1821
01:31:14,001 --> 01:31:16,835
started publishing
unclassified documents

1822
01:31:16,837 --> 01:31:20,705
about nuclear war
and nuclear weapons.

1823
01:31:23,177 --> 01:31:24,442
And the result was

1824
01:31:24,810 --> 01:31:27,145
more than 20 years,
in the United States,

1825
01:31:27,147 --> 01:31:29,848
of very vigorous national debates

1826
01:31:30,383 --> 01:31:33,919
about how we want to
go use nuclear weapons.

1827
01:31:37,291 --> 01:31:39,558
And not only did that
cause the Congress

1828
01:31:39,560 --> 01:31:41,960
and people in the executive
branch in Washington

1829
01:31:41,962 --> 01:31:43,695
to think about these things,

1830
01:31:43,697 --> 01:31:46,965
it caused the Russians to
think about these things.

1831
01:31:47,900 --> 01:31:51,136
And out of that grew
nuclear doctrine,

1832
01:31:51,138 --> 01:31:52,804
mutual assured destruction,

1833
01:31:52,806 --> 01:31:57,943
all of that complicated
set of nuclear dynamics.

1834
01:31:58,544 --> 01:32:01,513
Today, on this vital issue at least,

1835
01:32:01,515 --> 01:32:03,582
we have seen what
can be accomplished

1836
01:32:03,584 --> 01:32:05,250
when we pull together.

1837
01:32:05,252 --> 01:32:09,421
We can't have that discussion
in a sensible way right now

1838
01:32:09,689 --> 01:32:11,756
about cyber war
and cyber weapons

1839
01:32:11,758 --> 01:32:13,124
because everything is secret.

1840
01:32:14,060 --> 01:32:17,262
And when you get
into a discussion

1841
01:32:17,264 --> 01:32:20,365
with people in the government,
people still in the government,

1842
01:32:20,367 --> 01:32:21,900
people who have
security clearances,

1843
01:32:22,168 --> 01:32:23,401
you run into a brick wall.

1844
01:32:23,669 --> 01:32:25,003
Trying to stop Iran

1845
01:32:25,005 --> 01:32:28,340
is really the... my number
one job, and I think...

1846
01:32:28,342 --> 01:32:29,741
And let me ask you,
in that context,

1847
01:32:29,743 --> 01:32:31,776
about the STUXnet
computer virus potentially...

1848
01:32:31,778 --> 01:32:33,345
You can ask,
but I won't comment.

1849
01:32:34,414 --> 01:32:35,513
Can you tell us anything?

1850
01:32:35,515 --> 01:32:36,681
No.

1851
01:32:36,683 --> 01:32:39,117
What do you think has
had the most impact

1852
01:32:39,119 --> 01:32:41,253
on their nuclear decision-making,

1853
01:32:41,255 --> 01:32:42,954
the STUXnet virus?

1854
01:32:42,956 --> 01:32:45,223
I can't talk about STUXnet.

1855
01:32:45,225 --> 01:32:49,628
I can't even talk about the
operation of Iran centrifuges.

1856
01:32:49,795 --> 01:32:52,030
Was the U.S. involved in any way

1857
01:32:52,032 --> 01:32:53,632
in the development of STUXnet?

1858
01:32:54,100 --> 01:32:56,801
It's hard to get into any
kind of comment on that

1859
01:32:56,803 --> 01:32:58,937
till we've finished
any... our examination.

1860
01:32:59,772 --> 01:33:01,106
But, sir, I'm not asking you

1861
01:33:01,108 --> 01:33:03,074
if you think another
country was involved.

1862
01:33:03,076 --> 01:33:05,076
I'm asking you if the
U.S. was involved.

1863
01:33:05,078 --> 01:33:07,445
And we're... this is not something

1864
01:33:07,447 --> 01:33:09,407
that we're gonna be able
to answer at this point.

1865
01:33:09,749 --> 01:33:12,083
Look, for the longest
time, I was in fear that

1866
01:33:12,085 --> 01:33:13,585
I couldn't actually say the phrase

1867
01:33:13,587 --> 01:33:15,253
computer network attack.

1868
01:33:15,255 --> 01:33:18,123
This stuff is hideously
overclassified,

1869
01:33:18,125 --> 01:33:20,258
and it gets into the way of a...

1870
01:33:20,260 --> 01:33:23,061
Of a mature public discussion

1871
01:33:23,063 --> 01:33:25,597
as to what it is we
as a democracy

1872
01:33:25,599 --> 01:33:29,768
want our nation to be doing
up here in the cyber domain.

1873
01:33:29,770 --> 01:33:32,604
Now, this is a former
director of NSA and CIA

1874
01:33:32,606 --> 01:33:34,572
saying this stuff is overclassified.

1875
01:33:34,807 --> 01:33:38,310
One of the reasons this
is highly classified as it is

1876
01:33:38,312 --> 01:33:39,911
this is a peculiar
weapons system.

1877
01:33:39,913 --> 01:33:41,913
This is a weapons
system that's come out of

1878
01:33:41,915 --> 01:33:43,248
the espionage community,

1879
01:33:43,250 --> 01:33:46,518
and... and so those people
have a habit of secrecy.

1880
01:33:46,520 --> 01:33:48,820
Secrecy is still
justifiable in certain cases

1881
01:33:48,822 --> 01:33:52,023
to protect sources or to
protect national security

1882
01:33:52,025 --> 01:33:55,193
but when we deal with
secrecy, don't hide behind it

1883
01:33:55,195 --> 01:33:59,130
to use as an excuse to not
disclose something properly

1884
01:33:59,132 --> 01:34:01,166
that you know should be

1885
01:34:01,168 --> 01:34:02,434
or that the American people

1886
01:34:02,436 --> 01:34:03,702
need ultimately to see.

1887
01:34:06,372 --> 01:34:08,440
While most government
officials refused

1888
01:34:08,442 --> 01:34:09,908
to acknowledge the operation,

1889
01:34:10,509 --> 01:34:13,278
at least one key insider
did leak parts of the story

1890
01:34:13,280 --> 01:34:14,379
to the press.

1891
01:34:14,381 --> 01:34:18,283
In 2012, David Sanger
wrote a detailed account

1892
01:34:18,285 --> 01:34:21,619
of Olympic Games that unmasked
the extensive joint operation

1893
01:34:21,621 --> 01:34:23,555
between the U.S. and Israel

1894
01:34:23,557 --> 01:34:25,790
to launch cyber
attacks on Natanz.

1895
01:34:26,659 --> 01:34:28,526
The publication of this story

1896
01:34:28,528 --> 01:34:30,562
coming at a time that
turned out that there were

1897
01:34:30,564 --> 01:34:33,365
a number of other unrelated
national security stories

1898
01:34:33,367 --> 01:34:36,034
being published,
lead to the announcement

1899
01:34:36,036 --> 01:34:39,404
of investigations by
the Attorney General.

1900
01:34:39,872 --> 01:34:42,173
In... into the press
and into the leaks?

1901
01:34:42,175 --> 01:34:43,708
Into the press and into the leaks.

1902
01:34:46,178 --> 01:34:47,345
Soon after the article,

1903
01:34:47,347 --> 01:34:49,514
the Obama
administration targeted

1904
01:34:49,516 --> 01:34:52,550
General James Cartwright
in a criminal investigation

1905
01:34:52,552 --> 01:34:53,818
for allegedly leaking

1906
01:34:53,820 --> 01:34:56,154
classified details about STUXnet.

1907
01:34:57,523 --> 01:34:59,023
There are reports
of cyber attacks

1908
01:34:59,025 --> 01:35:01,826
on the Iranian nuclear
program that you ordered.

1909
01:35:01,828 --> 01:35:03,328
What's your reaction to
this information getting out?

1910
01:35:03,330 --> 01:35:04,929
Well, first of all, I'm not
gonna comment on the...

1911
01:35:04,931 --> 01:35:08,299
The details of... what are...

1912
01:35:10,669 --> 01:35:14,973
Supposed to be classified items.

1913
01:35:15,775 --> 01:35:18,143
Since I've been in office,
my attitude has been

1914
01:35:18,377 --> 01:35:21,646
zero tolerance for
these kinds of leaks.

1915
01:35:22,248 --> 01:35:23,915
We have mechanisms in place

1916
01:35:24,216 --> 01:35:27,752
where, if we can root out
folks who have leaked,

1917
01:35:28,554 --> 01:35:29,988
they will suffer consequences.

1918
01:35:30,356 --> 01:35:32,757
It became a significant issue

1919
01:35:32,759 --> 01:35:35,026
and a very
wide-ranging investigation

1920
01:35:35,028 --> 01:35:37,462
in which I think most of the
people who were cleared

1921
01:35:37,464 --> 01:35:39,030
for Olympic Games at some point

1922
01:35:39,032 --> 01:35:40,899
had been, you know,
interviewed and so forth.

1923
01:35:40,901 --> 01:35:42,600
When STUXnet hit the media,

1924
01:35:42,602 --> 01:35:44,803
they polygraphed
everyone in our office,

1925
01:35:44,805 --> 01:35:46,404
including people
who didn't know shit.

1926
01:35:46,406 --> 01:35:48,540
You know, they polyed
the interns, for God's sake.

1927
01:35:49,074 --> 01:35:50,475
These are criminal acts

1928
01:35:50,477 --> 01:35:52,110
when they release
information like this,

1929
01:35:52,645 --> 01:35:56,481
and we will conduct
thorough investigations

1930
01:35:57,082 --> 01:35:58,850
as we have in the past.

1931
01:36:00,886 --> 01:36:03,121
The administration
never filed charges,

1932
01:36:03,456 --> 01:36:05,256
possibly afraid that a prosecution

1933
01:36:05,258 --> 01:36:08,126
would reveal classified
details about STUXnet.

1934
01:36:09,061 --> 01:36:12,497
To this day, no one in the
U.S. or Israeli governments

1935
01:36:12,499 --> 01:36:14,566
has officially
acknowledged the existence

1936
01:36:14,568 --> 01:36:16,034
of the joint operation.

1937
01:36:18,003 --> 01:36:19,471
I would never compromise

1938
01:36:19,473 --> 01:36:21,239
ongoing operations in the field,

1939
01:36:21,241 --> 01:36:25,310
but we should be able
to talk about capability.

1940
01:36:26,679 --> 01:36:28,179
We can talk about our...

1941
01:36:29,315 --> 01:36:32,083
Bunker busters,
why not our cyber weapons?

1942
01:36:32,451 --> 01:36:33,518
I mean, the secrecy

1943
01:36:33,520 --> 01:36:35,220
of the operation has been blown.

1944
01:36:36,755 --> 01:36:38,790
Our friends in
Israel took a weapon

1945
01:36:38,792 --> 01:36:40,258
that we jointly developed,

1946
01:36:40,260 --> 01:36:42,393
in part to keep Israel from
doing something crazy,

1947
01:36:42,828 --> 01:36:44,629
and then used it on
their own in a way

1948
01:36:44,631 --> 01:36:45,997
that blew the cover
of the operation

1949
01:36:45,999 --> 01:36:47,165
and could have led to war.

1950
01:36:47,167 --> 01:36:48,600
And we can't talk about that?

1951
01:36:53,138 --> 01:36:55,218
There's a way to
talk about STUXnet.

1952
01:36:55,608 --> 01:36:56,975
It happened.

1953
01:36:56,977 --> 01:36:59,844
That... to deny that it
happened is... is foolish.

1954
01:36:59,846 --> 01:37:01,779
So the fact it happened

1955
01:37:01,781 --> 01:37:03,281
is really what we're
talking about here.

1956
01:37:03,283 --> 01:37:05,116
What does... what
are the implications

1957
01:37:05,118 --> 01:37:07,952
of the fact that we now are
in a post-STUXnet world?

1958
01:37:08,454 --> 01:37:10,889
What I said to David Sanger was,

1959
01:37:10,891 --> 01:37:13,591
I understand the difference
in destruction is dramatic,

1960
01:37:13,826 --> 01:37:16,294
but this has the
whiff of August 1945.

1961
01:37:17,129 --> 01:37:18,696
Somebody just
used a new weapon,

1962
01:37:19,064 --> 01:37:21,799
and this weapon will not
be put back into the box.

1963
01:37:22,234 --> 01:37:24,903
I know no operational details

1964
01:37:24,905 --> 01:37:27,839
and don't know what
anyone did or didn't do

1965
01:37:27,841 --> 01:37:30,475
before someone decided
to use the weapon, all right.

1966
01:37:30,809 --> 01:37:32,043
I do know this.

1967
01:37:32,045 --> 01:37:33,945
If we go out and do something,

1968
01:37:34,713 --> 01:37:36,814
most of the rest of
the world now thinks

1969
01:37:37,016 --> 01:37:38,396
that's the new standard

1970
01:37:38,584 --> 01:37:41,452
and it's something that they now
feel legitimated to do as well.

1971
01:37:42,855 --> 01:37:44,322
But the rules of engagement,

1972
01:37:44,324 --> 01:37:46,891
international norms,
treaty standards,

1973
01:37:46,893 --> 01:37:48,726
they don't exist right now.

1974
01:37:52,565 --> 01:37:55,733
The law of war, because it
began to develop so long ago

1975
01:37:55,735 --> 01:37:59,304
is really dependent on
thinking of things kinetically

1976
01:37:59,672 --> 01:38:01,172
and the physical realm.

1977
01:38:01,440 --> 01:38:04,842
So for example,
we think in terms of attacks.

1978
01:38:05,778 --> 01:38:08,012
You know an attack when it
happens in the kinetic world.

1979
01:38:08,014 --> 01:38:09,747
It's not really much of a mystery.

1980
01:38:09,749 --> 01:38:12,684
But in cyberspace it is
sort of confusing to think,

1981
01:38:13,252 --> 01:38:14,719
how far do we have to go

1982
01:38:14,721 --> 01:38:16,921
before something is
considered an attack?

1983
01:38:17,089 --> 01:38:20,858
So we have to take
all the vocabulary

1984
01:38:21,360 --> 01:38:24,195
and the terms that
we use in strategy

1985
01:38:24,197 --> 01:38:25,830
and military operations

1986
01:38:26,065 --> 01:38:29,133
and adapt them
into the cyber realm.

1987
01:38:30,469 --> 01:38:31,903
For nuclear we have these

1988
01:38:31,905 --> 01:38:33,838
extensive inspection regimes.

1989
01:38:34,139 --> 01:38:36,207
The Russians come
and look at our silos.

1990
01:38:36,542 --> 01:38:38,142
We go and look at their silos.

1991
01:38:38,611 --> 01:38:40,612
Bad as things get
between the two countries,

1992
01:38:40,813 --> 01:38:42,714
those inspection
regimes have held up.

1993
01:38:42,716 --> 01:38:45,617
But working that
our for... for cyber

1994
01:38:45,619 --> 01:38:47,185
would be virtually impossible.

1995
01:38:47,486 --> 01:38:48,853
Where do you send
your inspector?

1996
01:38:49,221 --> 01:38:51,289
Inside the laptop of, you know...

1997
01:38:51,624 --> 01:38:53,984
How many laptops are there in
the United States and Russia?

1998
01:38:54,259 --> 01:38:56,461
It's much more
difficult in the cyber area

1999
01:38:56,463 --> 01:38:58,796
to construct an
international regime

2000
01:38:58,798 --> 01:39:01,833
based on treaty commitments
and rules of the road

2001
01:39:01,835 --> 01:39:03,001
and so forth.

2002
01:39:03,003 --> 01:39:06,304
Although, we've tried to have
discussions with the Chinese

2003
01:39:06,306 --> 01:39:08,339
and Russians and
so forth about that,

2004
01:39:08,341 --> 01:39:09,707
but it's very difficult.

2005
01:39:10,809 --> 01:39:14,312
Right now,
the norm in cyberspace is

2006
01:39:14,314 --> 01:39:15,674
do whatever you
can get away with.

2007
01:39:16,649 --> 01:39:19,050
That's not a good norm,
but it's the norm that we have.

2008
01:39:19,618 --> 01:39:21,686
That's the norm that's
preferred by states

2009
01:39:21,688 --> 01:39:24,322
that are engaging in lots of
different kinds of activities

2010
01:39:24,324 --> 01:39:26,564
that they feel are benefitting
their national security.

2011
01:39:27,593 --> 01:39:30,194
Those who excel in cyber

2012
01:39:30,196 --> 01:39:32,997
are trying to slow
down the process

2013
01:39:32,999 --> 01:39:34,666
of creating regulation.

2014
01:39:35,134 --> 01:39:38,970
Those who are victims
we like the regulation

2015
01:39:38,972 --> 01:39:42,707
to be in the open as...
as soon as possible.

2016
01:39:44,877 --> 01:39:47,712
International law in this
area is written by custom,

2017
01:39:47,714 --> 01:39:50,815
and customary law
requires a nation to say,

2018
01:39:50,817 --> 01:39:52,697
this is what we did and
this is why we did it.

2019
01:39:53,352 --> 01:39:56,287
And the U.S. doesn't want to
push the law in that direction

2020
01:39:56,289 --> 01:39:58,723
and so it chooses not to
disclose its involvement.

2021
01:39:59,291 --> 01:40:01,492
And one of the reasons that
I thought it was important

2022
01:40:01,494 --> 01:40:04,362
to tell the story
of Olympic Games

2023
01:40:04,364 --> 01:40:07,165
was not simply because
it's a cool spy story,

2024
01:40:07,167 --> 01:40:10,401
it is, but it's
because as a nation...

2025
01:40:11,570 --> 01:40:15,139
We need to have a debate about
how we want to use cyber weapons

2026
01:40:15,374 --> 01:40:18,876
because we are the most
vulnerable nation on earth

2027
01:40:19,044 --> 01:40:20,878
to cyber-attack ourselves.

2028
01:40:24,850 --> 01:40:27,351
If you get up in the morning
and turn off your alarm

2029
01:40:27,353 --> 01:40:31,723
and make coffee and
pump gas and use the ATM,

2030
01:40:32,257 --> 01:40:34,058
you've touched
industrial control systems.

2031
01:40:34,060 --> 01:40:35,727
It's what powers our lives.

2032
01:40:36,061 --> 01:40:38,696
And unfortunately,
these systems are connected

2033
01:40:38,698 --> 01:40:42,366
and interconnected in some
ways that make them vulnerable.

2034
01:40:42,368 --> 01:40:45,103
Critical infrastructure
systems generally were built

2035
01:40:45,105 --> 01:40:47,739
years and years and years
ago without security in mind

2036
01:40:47,741 --> 01:40:49,841
and they didn't realize how
things were gonna change,

2037
01:40:49,843 --> 01:40:52,076
maybe they weren't even meant
to be connected to the Internet.

2038
01:40:52,078 --> 01:40:55,179
And we've seen, through
a lot of experimentation

2039
01:40:55,181 --> 01:40:57,815
and through also,
unfortunately, a lot of attacks

2040
01:40:58,117 --> 01:41:00,451
that most of these
systems are relatively easy

2041
01:41:00,453 --> 01:41:03,121
for a sophisticated
hacker to get into.

2042
01:41:05,091 --> 01:41:06,891
Let's say you took
over the control system

2043
01:41:06,893 --> 01:41:09,627
of a railway.
You could switch tracks.

2044
01:41:10,095 --> 01:41:12,396
You could cause
derailments of trains

2045
01:41:12,398 --> 01:41:14,198
carrying explosive materials.

2046
01:41:15,400 --> 01:41:18,636
What if you were in the
control system of gas pipelines

2047
01:41:18,971 --> 01:41:21,539
and when a valve was
supposed to be open,

2048
01:41:21,541 --> 01:41:24,208
it was closed and
the pressure built up

2049
01:41:24,409 --> 01:41:25,943
and the pipeline exploded?

2050
01:41:26,912 --> 01:41:30,848
There are companies that
run electric power generation

2051
01:41:31,250 --> 01:41:33,151
or electric power distribution

2052
01:41:33,418 --> 01:41:35,453
that we know have been hacked

2053
01:41:35,821 --> 01:41:38,256
by foreign entities
that have the ability

2054
01:41:38,258 --> 01:41:39,891
to shut down the power grid.

2055
01:41:40,459 --> 01:41:42,560
Imagine for a moment

2056
01:41:42,562 --> 01:41:45,329
that not only all the power
went off on the east coast,

2057
01:41:45,631 --> 01:41:47,665
but the entire
Internet came down.

2058
01:41:48,333 --> 01:41:50,868
Imagine what the
economic impact of that is

2059
01:41:51,336 --> 01:41:53,471
even if it only lasted for 24 hours.

2060
01:41:55,841 --> 01:41:57,508
According to the officials,

2061
01:41:57,510 --> 01:42:00,745
Iran is the first country
ever in the Middle East

2062
01:42:00,747 --> 01:42:03,247
to actually be
engaged in a cyber war

2063
01:42:03,249 --> 01:42:05,449
with the United States and Israel.

2064
01:42:05,451 --> 01:42:08,820
If anything they said
the recent cyber attacks

2065
01:42:08,822 --> 01:42:10,988
were what encouraged
them to plan to set up

2066
01:42:10,990 --> 01:42:14,325
the cyber army, which will
gather computer scientists,

2067
01:42:14,327 --> 01:42:17,161
programmers,
software engineers...

2068
01:42:17,163 --> 01:42:20,097
If you are a youth and
you see assassination

2069
01:42:20,099 --> 01:42:21,732
of a nuclear scientist,

2070
01:42:22,134 --> 01:42:24,602
your nuclear facilities
are getting attacked,

2071
01:42:25,304 --> 01:42:28,606
wouldn't you join your
national cyber Army?

2072
01:42:29,308 --> 01:42:30,608
Well, many did.

2073
01:42:30,876 --> 01:42:34,045
And that's why today,
Iran has one of the largest...

2074
01:42:35,214 --> 01:42:37,615
Cyber armies in the world.

2075
01:42:38,116 --> 01:42:40,518
So whoever initiated this

2076
01:42:40,520 --> 01:42:43,020
and was very proud of
themselves to see that little dip

2077
01:42:43,522 --> 01:42:47,758
in Iran's centrifuge numbers,
should look back now

2078
01:42:48,227 --> 01:42:51,796
and acknowledge that
it was a major mistake.

2079
01:42:52,397 --> 01:42:55,633
Very quickly, Iran sent a message

2080
01:42:55,635 --> 01:42:59,337
to the United States,
very sophisticated message,

2081
01:42:59,339 --> 01:43:02,139
and they did that
with two attacks.

2082
01:43:02,808 --> 01:43:05,610
First, they attacked
Saudi Aramco,

2083
01:43:05,911 --> 01:43:07,879
the biggest oil
company in the world,

2084
01:43:08,213 --> 01:43:10,915
and wiped out every
piece of software,

2085
01:43:10,917 --> 01:43:15,319
every line of code,
on 30,000 computer devices.

2086
01:43:16,688 --> 01:43:22,260
Then Iran did a surge attack
on the American banks.

2087
01:43:22,262 --> 01:43:25,196
The most extensive attack
on American banks ever

2088
01:43:25,198 --> 01:43:28,032
launched from the Middle
East, happening right now.

2089
01:43:28,034 --> 01:43:29,354
Millions of customers

2090
01:43:29,568 --> 01:43:32,937
trying to bank online this week
blocked, among the targets,

2091
01:43:33,171 --> 01:43:36,007
Bank of America,
PNC, and Wells Fargo.

2092
01:43:36,275 --> 01:43:39,677
The U.S. suspects hackers
in Iran may be involved.

2093
01:43:41,580 --> 01:43:43,614
When Iran hit our banks,

2094
01:43:43,616 --> 01:43:46,017
we could have shut
down their botnet,

2095
01:43:46,019 --> 01:43:48,185
but the state
department got nervous,

2096
01:43:48,387 --> 01:43:51,088
because the servers
weren't actually in Iran.

2097
01:43:51,757 --> 01:43:54,091
So until there was a
diplomatic solution,

2098
01:43:54,526 --> 01:43:57,161
Obama let the private
sector deal with the problem.

2099
01:43:57,763 --> 01:44:00,698
I imagine that in the White
House Situation Room

2100
01:44:01,033 --> 01:44:03,100
people sat around and said...

2101
01:44:03,769 --> 01:44:06,804
Let me be clear,
I don't imagine, I know.

2102
01:44:07,139 --> 01:44:09,707
People sat around in the
White House Situation Room

2103
01:44:09,709 --> 01:44:12,743
and said, the Iranians
have sent us a message

2104
01:44:12,745 --> 01:44:16,981
which is essentially,
stop attacking us in cyberspace

2105
01:44:16,983 --> 01:44:19,517
the way you did at
Natanz with STUXnet.

2106
01:44:19,952 --> 01:44:21,319
We can do it, too.

2107
01:44:23,221 --> 01:44:25,790
There are unintended
consequences

2108
01:44:25,792 --> 01:44:27,858
of the STUXnet attack.

2109
01:44:28,293 --> 01:44:32,063
You wanted to cause confusion
and damage to the other side,

2110
01:44:32,065 --> 01:44:34,832
but then the other side
can do the same to you.

2111
01:44:35,600 --> 01:44:38,502
The monster turned
against its creators,

2112
01:44:38,504 --> 01:44:40,905
and now everyone
is in this game.

2113
01:44:41,807 --> 01:44:44,275
They did a good job
in showing the world,

2114
01:44:44,277 --> 01:44:47,678
including the bad guys,
what you would need to do

2115
01:44:47,680 --> 01:44:49,814
in order to cause serious trouble

2116
01:44:50,082 --> 01:44:52,583
that could lead to
injuries and death.

2117
01:44:52,851 --> 01:44:55,653
It's inevitable that more
countries will acquire

2118
01:44:55,655 --> 01:44:57,955
the capacity to use cyber,

2119
01:44:57,957 --> 01:45:01,425
both for espionage and
for destructive activities.

2120
01:45:02,194 --> 01:45:04,528
And we've seen this in
some of the recent conflicts

2121
01:45:04,530 --> 01:45:05,997
that Russia's been involved in.

2122
01:45:06,198 --> 01:45:08,866
If there's a war, then
somebody will try to knock out

2123
01:45:08,868 --> 01:45:11,268
our communication
system or the radar.

2124
01:45:11,270 --> 01:45:13,838
State-sponsored
cyber sleeper cells,

2125
01:45:14,272 --> 01:45:16,107
they're out there
everywhere today.

2126
01:45:16,341 --> 01:45:18,676
It could be for
communications purposes.

2127
01:45:18,678 --> 01:45:20,878
It could be for data exfiltration.

2128
01:45:21,146 --> 01:45:24,749
It could be to, you know,
Shepherd in the next STUXnet.

2129
01:45:25,150 --> 01:45:27,018
I mean, you've been
focusing on STUXnet,

2130
01:45:27,020 --> 01:45:28,552
but that was just a small part

2131
01:45:28,554 --> 01:45:30,721
of a much larger Iranian mission.

2132
01:45:31,456 --> 01:45:33,176
There was a larger
Iranian mission?

2133
01:45:36,228 --> 01:45:39,463
Nitro Zeus. NZ.

2134
01:45:40,832 --> 01:45:45,036
We spent hundreds of
millions, maybe billions on it.

2135
01:45:47,639 --> 01:45:51,208
In the event the
Israelis did attack Iran,

2136
01:45:51,210 --> 01:45:53,878
we assumed we would
be drawn into the conflict.

2137
01:45:55,247 --> 01:45:58,716
We built in attacks on Iran's
command-and-control system

2138
01:45:58,718 --> 01:46:01,085
so the Iranians couldn't
talk to each other in a fight.

2139
01:46:01,586 --> 01:46:05,122
We infiltrated their iads,
military air defense systems,

2140
01:46:05,424 --> 01:46:07,664
so they couldn't shoot down
our planes if we flew over.

2141
01:46:08,226 --> 01:46:11,328
We also went after their
civilian support systems,

2142
01:46:11,330 --> 01:46:13,898
power grids, transportation,

2143
01:46:14,266 --> 01:46:17,068
communications,
financial systems.

2144
01:46:17,669 --> 01:46:20,971
We were inside
waiting, watching,

2145
01:46:21,239 --> 01:46:24,241
ready to disrupt, degrade,
and destroy those systems

2146
01:46:24,243 --> 01:46:25,576
with cyber-attacks.

2147
01:46:29,214 --> 01:46:30,681
And in comparison,

2148
01:46:30,916 --> 01:46:33,150
STUXnet was a
back alley operation.

2149
01:46:34,286 --> 01:46:37,788
NZ was the plan for
a full-scale cyber war

2150
01:46:37,790 --> 01:46:39,657
with no attribution.

2151
01:46:40,425 --> 01:46:41,926
The question is,
is that the kind of world

2152
01:46:41,928 --> 01:46:43,068
we want to live in?

2153
01:46:43,462 --> 01:46:47,231
And if we don't, as citizens,
how do we go about a process

2154
01:46:47,233 --> 01:46:49,233
where we have a
more sane discussion?

2155
01:46:49,235 --> 01:46:51,635
We need an entirely new
way of thinking about

2156
01:46:51,637 --> 01:46:53,204
how we're gonna
solve this problem.

2157
01:46:54,139 --> 01:46:56,273
You're not going to get
an entirely new way

2158
01:46:56,275 --> 01:46:57,675
of solving this problem

2159
01:46:57,976 --> 01:47:00,778
until you begin to have an
open acknowledgement

2160
01:47:01,279 --> 01:47:03,614
that we have cyber
weapons as well,

2161
01:47:04,483 --> 01:47:07,518
and that we may have to agree
to some limits on their use

2162
01:47:08,053 --> 01:47:10,387
if we're going to get other
nations to limit their use.

2163
01:47:10,389 --> 01:47:11,956
It's not gonna be
a one-way street.

2164
01:47:12,157 --> 01:47:14,825
I'm old enough to have
worked on nuclear arms control

2165
01:47:15,160 --> 01:47:17,661
and biological
weapons arms control

2166
01:47:17,663 --> 01:47:19,830
and chemical
weapons arms control.

2167
01:47:20,999 --> 01:47:25,469
And I was told in each of
those types of arms control,

2168
01:47:25,471 --> 01:47:26,804
when we were beginning,

2169
01:47:27,105 --> 01:47:30,074
it's too hard,
there are all these problems.

2170
01:47:30,342 --> 01:47:32,443
It's technical.
There's engineering.

2171
01:47:32,445 --> 01:47:34,111
There's science involved.

2172
01:47:34,113 --> 01:47:36,447
There are real
verification difficulties.

2173
01:47:36,449 --> 01:47:37,982
You'll never get there.

2174
01:47:38,416 --> 01:47:40,818
Well, it took 20,
30 years in some cases,

2175
01:47:41,253 --> 01:47:43,020
but we have a
biological weapons treaty

2176
01:47:43,022 --> 01:47:44,421
that's pretty damn good.

2177
01:47:44,423 --> 01:47:45,923
We have a chemical
weapons treaty

2178
01:47:45,925 --> 01:47:47,324
that's pretty damn good.

2179
01:47:47,492 --> 01:47:49,827
We've got three or four
nuclear weapons treaties.

2180
01:47:50,128 --> 01:47:51,729
Yes, it may be hard,

2181
01:47:51,997 --> 01:47:54,098
and it may take 20 or 30 years,

2182
01:47:54,499 --> 01:47:57,067
but it'll never happen unless
you get serious about it,

2183
01:47:57,536 --> 01:47:59,503
and it'll never happen
unless you start it.

2184
01:48:05,310 --> 01:48:08,279
Today, after two
years of negotiations,

2185
01:48:08,713 --> 01:48:12,016
the United States, together
with our international partners,

2186
01:48:12,484 --> 01:48:15,886
has achieved something that
decades of animosity has not,

2187
01:48:16,521 --> 01:48:18,422
a comprehensive, long-term deal

2188
01:48:18,857 --> 01:48:22,526
with Iran that will prevent it
from obtaining a nuclear weapon.

2189
01:48:22,727 --> 01:48:25,196
It was reached in
Lausanne, Switzerland,

2190
01:48:25,198 --> 01:48:27,698
by Iran, the U.S., Britain, France,

2191
01:48:27,700 --> 01:48:29,633
Germany, Russia, and China.

2192
01:48:29,635 --> 01:48:32,736
It is a deal in which Iran will cut

2193
01:48:32,738 --> 01:48:36,941
its installed centrifuges
by more than two thirds.

2194
01:48:37,142 --> 01:48:40,377
Iran will not enrich uranium
with its advanced centrifuges

2195
01:48:40,379 --> 01:48:42,379
for at least the next ten years.

2196
01:48:42,381 --> 01:48:45,015
It will make our
country, our allies,

2197
01:48:45,017 --> 01:48:46,650
and our world safer.

2198
01:48:47,552 --> 01:48:51,555
Seventy years after the
murder of 6 million Jews

2199
01:48:51,557 --> 01:48:56,627
Iran's rulers promised
to destroy my country,

2200
01:48:56,928 --> 01:49:00,664
and the response from nearly
every one of the governments

2201
01:49:00,666 --> 01:49:04,735
represented here has
been utter silence.

2202
01:49:05,370 --> 01:49:07,171
Deafening silence.

2203
01:49:14,879 --> 01:49:16,947
Perhaps you can now understand

2204
01:49:17,682 --> 01:49:21,185
why Israel is not joining
you in celebrating this deal.

2205
01:49:22,354 --> 01:49:24,755
History shows that
America must lead,

2206
01:49:24,757 --> 01:49:27,691
not just with our might,
but with our principles.

2207
01:49:28,627 --> 01:49:31,795
It shows we're are stronger,
not when we are alone,

2208
01:49:31,797 --> 01:49:33,964
but when we bring
the world together.

2209
01:49:35,133 --> 01:49:37,401
Today's announcement
marks one more chapter

2210
01:49:37,403 --> 01:49:41,672
in this pursuit of a
safer and more helpful,

2211
01:49:42,040 --> 01:49:45,376
more hopeful world. Thank you.

2212
01:49:45,910 --> 01:49:49,146
God bless you, and God bless
the United States of America.

2213
01:49:53,551 --> 01:49:55,319
Everyone I know is basically

2214
01:49:55,321 --> 01:49:56,854
thrilled with the Iran deal.

2215
01:49:57,422 --> 01:49:59,290
Sanctions and diplomacy worked.

2216
01:49:59,658 --> 01:50:01,925
But behind that deal
was a lot of confidence

2217
01:50:01,927 --> 01:50:03,527
in our cyber capability.

2218
01:50:04,596 --> 01:50:07,464
We were everywhere
inside Iran. Still are.

2219
01:50:08,333 --> 01:50:10,567
I'm not gonna tell you
the operational details

2220
01:50:10,569 --> 01:50:13,203
of what we can do
going forward or where...

2221
01:50:14,739 --> 01:50:18,842
But the science fiction
cyber war scenario is here.

2222
01:50:18,844 --> 01:50:20,311
That's Nitro Zeus.

2223
01:50:21,746 --> 01:50:24,415
But my concern and
the reason I'm talking...

2224
01:50:25,917 --> 01:50:28,852
Is because when you shut
down a country's power grid...

2225
01:50:30,155 --> 01:50:33,123
It doesn't just pop
back up, you know?

2226
01:50:33,125 --> 01:50:34,925
It's more like humpty-dumpty...

2227
01:50:36,294 --> 01:50:40,164
And if all the king's men
can't turn the lights back on

2228
01:50:40,166 --> 01:50:42,066
or filter the water for weeks,

2229
01:50:42,267 --> 01:50:44,168
then lots of people die.

2230
01:50:46,438 --> 01:50:48,372
And something we
can do to others,

2231
01:50:48,673 --> 01:50:50,207
they can do to us too.

2232
01:50:51,609 --> 01:50:54,278
Is that something that
we should keep quiet?

2233
01:50:55,447 --> 01:50:57,114
Or should we talk about it?

2234
01:50:58,049 --> 01:50:59,950
I've gone to many
people in this film,

2235
01:50:59,952 --> 01:51:01,719
even friends of mine,
who won't talk to me

2236
01:51:01,721 --> 01:51:03,887
about the NSA or
STUXnet even off the record

2237
01:51:03,889 --> 01:51:05,189
for fear of going to jail.

2238
01:51:05,557 --> 01:51:07,358
Is that fear protecting us?

2239
01:51:08,526 --> 01:51:11,128
No, but it protects me.

2240
01:51:11,896 --> 01:51:13,297
Or should I say we?

2241
01:51:14,632 --> 01:51:16,367
I'm an actor playing a role

2242
01:51:16,369 --> 01:51:18,502
written from the testimony
of a small number of people

2243
01:51:18,504 --> 01:51:20,037
from NSA and CIA,

2244
01:51:20,372 --> 01:51:22,740
all of whom are angry
about the secrecy

2245
01:51:22,742 --> 01:51:24,475
but too scared to come forward.

2246
01:51:24,809 --> 01:51:26,243
Now, we're forward.

2247
01:51:27,512 --> 01:51:30,314
Well, forward-leaning.