1 00:00:02,803 --> 00:00:06,038 NARRATOR: Will the next devastating attack against the United States 2 00:00:06,040 --> 00:00:10,709 be delivered with the tap of a key? 3 00:00:10,711 --> 00:00:12,244 RICHARD CLARKE: Instead of bullets and bombs, 4 00:00:12,246 --> 00:00:13,879 you use bits and bytes. 5 00:00:13,881 --> 00:00:16,582 NARRATOR: Using only a computer, 6 00:00:16,584 --> 00:00:19,985 a terrorist or a nation can attack 7 00:00:19,987 --> 00:00:24,089 critical infrastructure like the power grid. 8 00:00:24,091 --> 00:00:25,758 KIM ZETTER: That could result in a blackout 9 00:00:25,760 --> 00:00:29,094 for the majority of the U.S. that could last weeks or months. 10 00:00:30,998 --> 00:00:33,365 NARRATOR: The enemies are anonymous. 11 00:00:33,367 --> 00:00:36,702 Their reach is global. 12 00:00:36,704 --> 00:00:41,440 As internet connections multiply so does the threat. 13 00:00:41,442 --> 00:00:44,510 DAVID ROTHKOPF: Imagine a world with 50 billion microprocessors 14 00:00:44,512 --> 00:00:45,878 attached to the Internet. 15 00:00:45,880 --> 00:00:48,247 That's 50 billion points of attack. 16 00:00:48,249 --> 00:00:51,116 NARRATOR: The targets are everywhere. 17 00:00:51,118 --> 00:00:54,086 YOSHI KOHNO: Computers are permeating our environments. 18 00:00:54,088 --> 00:00:56,555 There are potential security risks anywhere 19 00:00:56,557 --> 00:00:58,457 there is one of these computing devices. 20 00:00:58,459 --> 00:01:00,426 And we'll be applying your brakes shortly. 21 00:01:00,428 --> 00:01:03,896 NARRATOR: Even in your car. 22 00:01:03,898 --> 00:01:05,798 KOHNO: Right about now. 23 00:01:05,800 --> 00:01:07,166 (car screeches) 24 00:01:07,168 --> 00:01:09,234 Yeah, that worked. 25 00:01:09,236 --> 00:01:13,038 NARRATOR: Cyber weapons have already been unleashed. 26 00:01:13,040 --> 00:01:15,674 ERIC CHIEN: It was the first real cyber sabotage 27 00:01:15,676 --> 00:01:19,278 that affected the real world. 28 00:01:19,280 --> 00:01:23,582 MICHAEL HAYDEN: Somebody has used an entirely new class of weapon 29 00:01:23,584 --> 00:01:25,684 to affect destruction. 30 00:01:25,686 --> 00:01:29,121 NARRATOR: Is it too late to put the genie back in the bottle? 31 00:01:29,123 --> 00:01:32,858 When we put the little evil virus in the big pool, 32 00:01:32,860 --> 00:01:35,727 it tends to escape and go Jurassic Park on us. 33 00:01:35,729 --> 00:01:39,965 NARRATOR: Can we survive the "Cyber War Threat"? 34 00:01:39,967 --> 00:01:41,934 Right now, on NOVA. 35 00:01:57,384 --> 00:02:00,352 Major funding for NOVA is provided by the following... 36 00:02:02,156 --> 00:02:04,823 Shouldn't what makes each of us unique 37 00:02:04,825 --> 00:02:08,594 Supporting NOVA and promoting public understanding of science. 38 00:02:11,465 --> 00:02:13,532 And the Corporation for Public Broadcasting. 39 00:02:13,534 --> 00:02:15,000 And by PBS viewers like you. 40 00:02:15,002 --> 00:02:16,802 Thank you. 41 00:02:16,804 --> 00:02:18,637 Millicent Bell, 42 00:02:18,639 --> 00:02:22,241 through the Millicent and Eugene Bell Foundation. 43 00:02:22,243 --> 00:02:24,776 And the George D. Smith Fund. 44 00:02:26,247 --> 00:02:29,381 Additional funding from the Montgomery Family Foundation. 45 00:02:32,920 --> 00:02:38,557 NARRATOR: The Sayano-Shushenskaya dam in remote Siberia-- 46 00:02:38,559 --> 00:02:42,728 the ninth largest hydroelectric plant on earth 47 00:02:42,730 --> 00:02:45,898 and the scene of a catastrophic event 48 00:02:45,900 --> 00:02:47,866 that may foreshadow the future of war. 49 00:02:49,603 --> 00:02:54,940 On August 17, 2009, all seems normal 50 00:02:54,942 --> 00:02:57,743 in the power plant at the base of the dam. 51 00:02:59,079 --> 00:03:02,814 30 million tons of water pressure spin massive turbines 52 00:03:02,816 --> 00:03:07,886 generating more than 6,000 megawatts of electric power. 53 00:03:07,888 --> 00:03:13,458 Suddenly, without warning, something goes terribly wrong. 54 00:03:13,460 --> 00:03:15,427 (loud bang) 55 00:03:17,631 --> 00:03:20,098 A plume of water. 56 00:03:20,100 --> 00:03:21,967 (loud bang) 57 00:03:21,969 --> 00:03:24,403 Followed by a wave of destruction. 58 00:03:24,405 --> 00:03:25,704 (screaming) 59 00:03:25,706 --> 00:03:29,341 In the end, 75 people perish. 60 00:03:37,184 --> 00:03:39,151 In the aftermath, a hellish vision. 61 00:03:41,255 --> 00:03:45,424 One of the 1,500-ton turbines had burst through the floor, 62 00:03:45,426 --> 00:03:48,193 rocketing 50 feet into the air... 63 00:03:48,195 --> 00:03:51,663 (loud bang) 64 00:03:51,665 --> 00:03:56,034 Punching a hole in the base of the dam. 65 00:03:56,036 --> 00:04:00,305 Investigators eventually identify poor maintenance 66 00:04:00,307 --> 00:04:03,775 and worn anchor bolts as the cause. 67 00:04:03,777 --> 00:04:06,378 But at first, this scenario-- 68 00:04:06,380 --> 00:04:09,982 a machine self-destructing with lethal consequences-- 69 00:04:09,984 --> 00:04:14,786 led some to wonder if this might be a new kind of sabotage, 70 00:04:14,788 --> 00:04:19,258 one that targets the computers in our most critical machines, 71 00:04:19,260 --> 00:04:23,228 sending them out of control in a cyber-era attack. 72 00:04:24,632 --> 00:04:26,498 We're living in an era now where we have to wonder 73 00:04:26,500 --> 00:04:29,768 whether people can cause damage with computer code 74 00:04:29,770 --> 00:04:32,137 that before they could only cause with a bomb. 75 00:04:32,139 --> 00:04:36,742 NARRATOR: Computer code that could even be delivered anonymously 76 00:04:36,744 --> 00:04:39,177 over the internet. 77 00:04:39,179 --> 00:04:42,180 We think of the Web as an indispensable tool 78 00:04:42,182 --> 00:04:46,418 that delivers the world to our doorstep. 79 00:04:46,420 --> 00:04:50,055 But it's also a wide-open conduit for attack. 80 00:04:50,057 --> 00:04:53,358 We've learned to live with cyber crime-- 81 00:04:53,360 --> 00:04:56,728 identity theft, credit card fraud, 82 00:04:56,730 --> 00:05:00,866 hacking, and stealing personal information. 83 00:05:00,868 --> 00:05:03,869 But now there's a threat that's much more frightening 84 00:05:03,871 --> 00:05:06,438 and destructive. 85 00:05:06,440 --> 00:05:07,873 CLARKE: You can get into a network 86 00:05:07,875 --> 00:05:09,875 which has control of some physical thing. 87 00:05:09,877 --> 00:05:12,210 Think about a pipeline, for example. 88 00:05:12,212 --> 00:05:13,645 You get into that network 89 00:05:13,647 --> 00:05:15,347 which controls the pipeline, 90 00:05:15,349 --> 00:05:18,150 and you can cause the pipeline to explode... 91 00:05:18,152 --> 00:05:20,819 (explosion) 92 00:05:20,821 --> 00:05:24,489 ...just as though it were attacked by a kinetic weapon. 93 00:05:24,491 --> 00:05:26,958 (explosion) 94 00:05:26,960 --> 00:05:29,728 NARRATOR: And traditional kinetic, physical weapons 95 00:05:29,730 --> 00:05:33,665 may be impotent against a cyber attack. 96 00:05:33,667 --> 00:05:38,804 Because digital weapons can be anonymous and instantaneous-- 97 00:05:38,806 --> 00:05:42,841 no reports of troop movements to signal a threat 98 00:05:42,843 --> 00:05:46,812 or air raid sirens to give warning. 99 00:05:46,814 --> 00:05:51,883 Just a sudden, out-of-the-blue digital takedown 100 00:05:51,885 --> 00:05:57,856 of dams, power plants, factories, 101 00:05:57,858 --> 00:06:04,062 air traffic control, the financial system, and more. 102 00:06:04,064 --> 00:06:08,500 Instead of bullets and bombs, you use bits and bytes. 103 00:06:08,502 --> 00:06:11,737 NARRATOR: We are in a digital arms race 104 00:06:11,739 --> 00:06:16,441 against nations, hackers, and terrorists. 105 00:06:16,443 --> 00:06:18,176 Cyber is the poor man's atom bomb. 106 00:06:18,178 --> 00:06:19,945 (explosion) 107 00:06:19,947 --> 00:06:23,215 NARRATOR: Welcome to the frightening new world of cyber war. 108 00:06:29,490 --> 00:06:31,256 In the United States, 109 00:06:31,258 --> 00:06:34,593 the command center for cyber operations is here, 110 00:06:34,595 --> 00:06:38,764 at the ultra-secret National Security Agency 111 00:06:38,766 --> 00:06:42,267 in Fort Meade, Maryland. 112 00:06:42,269 --> 00:06:47,706 Some joke NSA should stand for "No Such Agency." 113 00:06:47,708 --> 00:06:48,907 For most of its history, 114 00:06:48,909 --> 00:06:52,711 the NSA was so shrouded in secrecy, 115 00:06:52,713 --> 00:06:55,547 most Americans didn't even know it existed. 116 00:06:57,484 --> 00:07:00,051 But that all changed in 2013 117 00:07:00,053 --> 00:07:02,487 when whistleblower Edward Snowden 118 00:07:02,489 --> 00:07:07,092 walked out the door with a huge cache of top-secret documents. 119 00:07:08,862 --> 00:07:11,296 I've been following NSA for 30 years or so 120 00:07:11,298 --> 00:07:13,532 and every now and then there's a little leak here, 121 00:07:13,534 --> 00:07:16,368 a little leak there, but nothing like this. 122 00:07:16,370 --> 00:07:18,203 This is extraordinary. 123 00:07:18,205 --> 00:07:22,441 Hundreds of thousands of documents released all at once. 124 00:07:22,443 --> 00:07:27,179 NARRATOR: Some of them famously revealed the existence of programs 125 00:07:27,181 --> 00:07:30,549 that empower the NSA programs to spy on Americans citizens 126 00:07:30,551 --> 00:07:36,455 by collecting emails, phone calls, and other personal data. 127 00:07:36,457 --> 00:07:39,024 What we've seen over the last decade 128 00:07:39,026 --> 00:07:41,259 is we've seen a departure from sort of the traditional work 129 00:07:41,261 --> 00:07:43,094 of the National Security Agency. 130 00:07:43,096 --> 00:07:47,432 They've become the National Hacking Agency. 131 00:07:47,434 --> 00:07:49,668 NARRATOR: Other documents reveal that the agency 132 00:07:49,670 --> 00:07:51,870 is moving into new territory, 133 00:07:51,872 --> 00:07:56,274 developing offensive weapons to penetrate global networks 134 00:07:56,276 --> 00:07:59,244 in preparation for launching cyber attacks. 135 00:08:03,083 --> 00:08:05,383 That's a far cry from the original mission 136 00:08:05,385 --> 00:08:08,353 intended by President Truman in 1952. 137 00:08:11,859 --> 00:08:15,760 In those days, the NSA was all ears. 138 00:08:17,898 --> 00:08:22,000 Its listening posts eavesdropped on foreign radio, 139 00:08:22,002 --> 00:08:24,169 and satellite transmissions 140 00:08:24,171 --> 00:08:27,038 and tapped underwater telephone cables. 141 00:08:27,040 --> 00:08:32,143 HAYDEN: Traditional signals intelligence was fairly passive. 142 00:08:32,145 --> 00:08:35,747 It was an antenna or an alligator clip, 143 00:08:35,749 --> 00:08:38,016 and you had to wait for somebody to send a message, 144 00:08:38,018 --> 00:08:39,417 and you hope you're fortunate enough to be 145 00:08:39,419 --> 00:08:42,220 in the right place at the right time. 146 00:08:42,222 --> 00:08:44,723 NARRATOR: But then the digital revolution and the internet 147 00:08:44,725 --> 00:08:47,359 gave the NSA new powers 148 00:08:47,361 --> 00:08:51,897 and a way to hack into distant computer networks. 149 00:08:51,899 --> 00:08:53,965 HAYDEN: In the cyber domain, you didn't have to wait 150 00:08:53,967 --> 00:08:55,667 for them to send a message. 151 00:08:55,669 --> 00:08:57,202 You could commute to their target. 152 00:08:57,204 --> 00:09:00,071 You could commute to where the information was stored 153 00:09:00,073 --> 00:09:03,074 and extract it from that network, 154 00:09:03,076 --> 00:09:06,044 even if they never intended to transmit it. 155 00:09:09,783 --> 00:09:13,318 NARRATOR: Today, the agency appears to have transformed 156 00:09:13,320 --> 00:09:16,288 from a passive listener into an active spy. 157 00:09:18,358 --> 00:09:21,560 Able to infiltrate, steal, 158 00:09:21,562 --> 00:09:28,533 and, when necessary, attack in cyberspace. 159 00:09:28,535 --> 00:09:31,736 General Michael Hayden helped shape that transformation 160 00:09:31,738 --> 00:09:35,941 beginning in 1999 when he became director. 161 00:09:38,211 --> 00:09:40,812 I get to Fort Meade about the turn of the millennium, 162 00:09:40,814 --> 00:09:42,747 we're focused on cyber. 163 00:09:42,749 --> 00:09:44,482 Cyber is espionage, 164 00:09:44,484 --> 00:09:47,218 but also the potential of cyber as a weapon, 165 00:09:47,220 --> 00:09:50,188 computer network attack. 166 00:09:54,094 --> 00:09:59,598 NARRATOR: Then came 9/11, and President George W. Bush 167 00:09:59,600 --> 00:10:02,867 ordered the NSA to begin planning in earnest 168 00:10:02,869 --> 00:10:05,537 for offensive cyber war. 169 00:10:05,539 --> 00:10:10,108 Eventually, to meet that need, the military created 170 00:10:10,110 --> 00:10:14,279 a new strategic unit, a partner to the NSA called 171 00:10:14,281 --> 00:10:16,581 Cyber Command. 172 00:10:16,583 --> 00:10:19,851 Its mission: to go beyond espionage 173 00:10:19,853 --> 00:10:24,823 using computers as weapons. 174 00:10:24,825 --> 00:10:29,094 Site M is the cover name for its massive new headquarters. 175 00:10:29,096 --> 00:10:32,330 It will eventually cover more than a million square feet, 176 00:10:32,332 --> 00:10:36,101 enough to add to NSA's headquarters complex 177 00:10:36,103 --> 00:10:39,704 some 14 new buildings 178 00:10:39,706 --> 00:10:44,242 and thousands of additional staff. 179 00:10:44,244 --> 00:10:50,048 Plus a $1.5 billion data center in Utah. 180 00:10:50,050 --> 00:10:56,154 By 2010, Cyber Command was ready for action. 181 00:10:56,156 --> 00:10:59,491 About the same time that the world got a glimpse 182 00:10:59,493 --> 00:11:02,260 of the first true cyber weapon, 183 00:11:02,262 --> 00:11:05,363 a surprisingly destructive computer worm, 184 00:11:05,365 --> 00:11:11,202 a self-replicating program that came to be called Stuxnet. 185 00:11:11,204 --> 00:11:15,306 Stuxnet is what we consider the first confirmed 186 00:11:15,308 --> 00:11:18,543 digital weapon and the first act of cyber warfare. 187 00:11:18,545 --> 00:11:23,114 NARRATOR: Stuxnet first showed up infecting desktop computers 188 00:11:23,116 --> 00:11:26,484 and laptops in Iran and the Near East, 189 00:11:26,486 --> 00:11:30,121 but it soon spread further, using the internet 190 00:11:30,123 --> 00:11:34,159 to copy itself from system to system. 191 00:11:34,161 --> 00:11:38,897 Eventually it ended up in the crosshairs of Symantec, 192 00:11:38,899 --> 00:11:42,333 maker of anti-virus security software. 193 00:11:42,335 --> 00:11:46,271 There it grabbed the attention of security experts 194 00:11:46,273 --> 00:11:50,241 Liam O'Murchu and Eric Chien. 195 00:11:50,243 --> 00:11:53,878 Right away they saw that Stuxnet was more complicated 196 00:11:53,880 --> 00:11:58,717 than any other malicious software, so-called malware. 197 00:11:58,719 --> 00:12:02,253 CHIEN: We had never seen a threat that was so large 198 00:12:02,255 --> 00:12:03,521 and so dense. 199 00:12:03,523 --> 00:12:05,890 I mean this threat was maybe 20 times the normal size 200 00:12:05,892 --> 00:12:08,059 of any threat that we had seen before. 201 00:12:08,061 --> 00:12:10,895 Normally, we can analyze malware in a very short period of time, 202 00:12:10,897 --> 00:12:13,565 from five minutes maybe up to a week. 203 00:12:13,567 --> 00:12:16,534 But with Stuxnet, we spent six months. 204 00:12:20,774 --> 00:12:22,774 NARRATOR: With computer users around the world 205 00:12:22,776 --> 00:12:25,744 sending millions of suspicious pieces of malware 206 00:12:25,746 --> 00:12:28,012 to Symantec's server farm, 207 00:12:28,014 --> 00:12:32,417 Eric and Liam get to examine a huge variety. 208 00:12:32,419 --> 00:12:36,888 But nearly all of them have one thing in common: 209 00:12:36,890 --> 00:12:39,758 they're all programs that try to worm themselves 210 00:12:39,760 --> 00:12:44,262 into an unwitting computer and hide. 211 00:12:44,264 --> 00:12:47,132 Most people don't realize that when they use their computer 212 00:12:47,134 --> 00:12:48,733 for browsing the web or checking their email 213 00:12:48,735 --> 00:12:50,668 there is a lot more going on in the background, 214 00:12:50,670 --> 00:12:52,470 lots of hidden programs. 215 00:12:52,472 --> 00:12:55,440 For the most part, they're never seen. 216 00:12:55,442 --> 00:12:57,242 NARRATOR: Bringing up a list of these programs 217 00:12:57,244 --> 00:12:59,677 reveals unfamiliar names. 218 00:12:59,679 --> 00:13:01,780 They come and go as needed 219 00:13:01,782 --> 00:13:05,717 and there can be dozens running at any given time. 220 00:13:05,719 --> 00:13:08,620 Some carry out simple tasks 221 00:13:08,622 --> 00:13:13,391 deep in the computer's operating system, hidden from view. 222 00:13:13,393 --> 00:13:15,460 Others are complex and obvious, 223 00:13:15,462 --> 00:13:19,397 the applications we see running on our screens. 224 00:13:19,399 --> 00:13:22,400 They all co-exist, sharing the computer's memory 225 00:13:22,402 --> 00:13:25,603 and constantly communicating with each other 226 00:13:25,605 --> 00:13:28,973 like a digital ecosystem. 227 00:13:28,975 --> 00:13:31,342 Hackers or attackers take advantage 228 00:13:31,344 --> 00:13:33,344 of all of these hidden programs on your computer 229 00:13:33,346 --> 00:13:35,313 by hiding their malicious software, 230 00:13:35,315 --> 00:13:37,649 otherwise known as malware, in and amongst them 231 00:13:37,651 --> 00:13:39,784 so that you don't even notice. 232 00:13:39,786 --> 00:13:43,254 NARRATOR: The first challenge for an attacker 233 00:13:43,256 --> 00:13:47,725 is to get the malware installed on the victim's computer. 234 00:13:47,727 --> 00:13:52,764 A common ploy is to trick users into doing it themselves. 235 00:13:52,766 --> 00:13:55,300 One way hackers are able to do this 236 00:13:55,302 --> 00:13:56,935 is by simply sending you an email 237 00:13:56,937 --> 00:14:00,605 with a legitimate document inside. 238 00:14:00,607 --> 00:14:01,973 NARRATOR: Even though the document 239 00:14:01,975 --> 00:14:03,508 doesn't look suspicious, 240 00:14:03,510 --> 00:14:07,745 it actually contains malicious computer code. 241 00:14:07,747 --> 00:14:11,983 Liam plays the part of the victim. 242 00:14:11,985 --> 00:14:14,552 So, first thing in the morning, I'm going to log into my email 243 00:14:14,554 --> 00:14:17,856 and check if I have anything new. 244 00:14:17,858 --> 00:14:20,592 So I have received an email 245 00:14:20,594 --> 00:14:23,828 about open enrollment for my benefits, 246 00:14:23,830 --> 00:14:25,663 and even though I don't know who the sender is 247 00:14:25,665 --> 00:14:27,832 I'm going to open this up. 248 00:14:27,834 --> 00:14:30,034 NARRATOR: Downloading and opening the booby-trapped document 249 00:14:30,036 --> 00:14:32,770 generates an error message. 250 00:14:32,772 --> 00:14:34,706 (dings) 251 00:14:34,708 --> 00:14:36,808 But what the victim doesn't realize 252 00:14:36,810 --> 00:14:40,278 is that clicking on it also invisibly installs malware 253 00:14:40,280 --> 00:14:42,146 onto the computer. 254 00:14:47,220 --> 00:14:49,153 CHIEN: Once my victim opens up that document, 255 00:14:49,155 --> 00:14:51,489 that secret computer code inside has started to run 256 00:14:51,491 --> 00:14:54,092 on his computer without him even knowing it 257 00:14:54,094 --> 00:14:56,160 and it's connected back to my computer 258 00:14:56,162 --> 00:15:00,899 to a program that I'm running called Nuclear RAT. 259 00:15:00,901 --> 00:15:02,800 NARRATOR: Stealthy programs like this 260 00:15:02,802 --> 00:15:05,837 allow for a shocking behind-the-lines invasion 261 00:15:05,839 --> 00:15:10,642 where the attacker can spy or disrupt at will. 262 00:15:10,644 --> 00:15:12,977 CHIEN: I can even take screenshots of his computer 263 00:15:12,979 --> 00:15:14,779 and watch all of his keystrokes 264 00:15:14,781 --> 00:15:16,381 via something called a key logger. 265 00:15:16,383 --> 00:15:18,016 He's logging in to his email right now 266 00:15:18,018 --> 00:15:21,019 and I can actually get his username and his password. 267 00:15:21,021 --> 00:15:23,154 Not only that, but we can also get video 268 00:15:23,156 --> 00:15:25,857 by turning on the webcam and I can actually see 269 00:15:25,859 --> 00:15:29,661 what my victim looks like, all without him knowing. 270 00:15:29,663 --> 00:15:32,163 NARRATOR: Nuclear RAT takes advantage of a well-known weakness 271 00:15:32,165 --> 00:15:36,467 in computers with the Windows operating system. 272 00:15:36,469 --> 00:15:39,437 And security experts have devised defenses against it. 273 00:15:42,943 --> 00:15:46,444 But when Liam and Eric looked at Stuxnet, 274 00:15:46,446 --> 00:15:48,313 they saw that the program was taking advantage 275 00:15:48,315 --> 00:15:51,282 of a weakness that no one had ever seen before. 276 00:15:53,687 --> 00:15:58,656 It's what hackers refer to as a zero-day exploit. 277 00:15:58,658 --> 00:16:00,058 ZETTER: A zero-day exploit is 278 00:16:00,060 --> 00:16:02,327 malicious code that is used against a vulnerability 279 00:16:02,329 --> 00:16:05,129 that is at the time unknown to the vendor 280 00:16:05,131 --> 00:16:07,732 and unknown to antivirus companies. 281 00:16:07,734 --> 00:16:09,767 Because it's unknown, the vendor can't patch it 282 00:16:09,769 --> 00:16:13,871 and antivirus companies don't have signatures to detect it. 283 00:16:13,873 --> 00:16:17,842 NARRATOR: In other words, it's a flaw that has been detected 284 00:16:17,844 --> 00:16:22,313 and fixed for "zero days," meaning not at all. 285 00:16:22,315 --> 00:16:27,552 Stuxnet used a zero-day to take advantage of a vulnerability 286 00:16:27,554 --> 00:16:32,857 related to USB thumb drives, also called memory sticks. 287 00:16:32,859 --> 00:16:37,929 Plugging in a Stuxnet-infected thumb drive causes the program 288 00:16:37,931 --> 00:16:41,032 to copy itself onto the target computer 289 00:16:41,034 --> 00:16:43,835 without the user's knowledge. 290 00:16:43,837 --> 00:16:49,107 Zero-days are extremely hard to find and can command 291 00:16:49,109 --> 00:16:52,176 huge sums on illicit markets. 292 00:16:52,178 --> 00:16:54,979 Your average threat doesn't use any zero-days at all. 293 00:16:54,981 --> 00:17:01,786 NARRATOR: But Stuxnet represented a major investment by someone. 294 00:17:01,788 --> 00:17:03,654 ZETTER: At the time that Stuxnet was launched, 295 00:17:03,656 --> 00:17:06,491 zero-days weren't used that often in attacks. 296 00:17:06,493 --> 00:17:10,428 Stuxnet used five zero-days, and that was really remarkable. 297 00:17:10,430 --> 00:17:16,434 NARRATOR: And still Stuxnet had an even bigger surprise in store: 298 00:17:16,436 --> 00:17:17,468 its purpose. 299 00:17:17,470 --> 00:17:19,137 CHIEN: What's its payload? 300 00:17:19,139 --> 00:17:20,705 What's its motivation? 301 00:17:20,707 --> 00:17:23,041 What's it actually going to do when it's on your system? 302 00:17:23,043 --> 00:17:27,111 And it wasn't until November of 2010 we really uncovered 303 00:17:27,113 --> 00:17:28,713 its primary motivation. 304 00:17:28,715 --> 00:17:33,084 NARRATOR: The first clue came from a close examination 305 00:17:33,086 --> 00:17:37,855 of Stuxnet's computer code-- all 15,000 lines of it. 306 00:17:37,857 --> 00:17:40,558 O'MURCHU: When we looked inside the code, 307 00:17:40,560 --> 00:17:41,959 we saw the name 308 00:17:41,961 --> 00:17:45,897 of a German industrial control equipment manufacturer. 309 00:17:45,899 --> 00:17:48,166 We saw Siemens in there. 310 00:17:51,838 --> 00:17:55,373 NARRATOR: Siemens makes factory automation equipment. 311 00:17:55,375 --> 00:17:59,143 Also in the code was a reference to a specific model number 312 00:17:59,145 --> 00:18:01,479 of one of its products, 313 00:18:01,481 --> 00:18:05,216 a mysterious device called a PLC. 314 00:18:07,187 --> 00:18:08,219 CHIEN: I didn't even know what a PLC was. 315 00:18:08,221 --> 00:18:10,421 I had to Google for what is a PLC. 316 00:18:10,423 --> 00:18:14,125 That even baseline knowledge, we just did not have. 317 00:18:15,595 --> 00:18:18,229 NARRATOR: What they learned is that a PLC 318 00:18:18,231 --> 00:18:21,165 is a programmable logic controller-- 319 00:18:21,167 --> 00:18:24,402 some kind of computer used in industry. 320 00:18:24,404 --> 00:18:25,536 CHIEN: We basically ordered one 321 00:18:25,538 --> 00:18:26,671 off an auction site. 322 00:18:26,673 --> 00:18:28,706 And I was expecting something 323 00:18:28,708 --> 00:18:30,842 the size of a mini refrigerator to show up, 324 00:18:30,844 --> 00:18:32,577 something you might see in a university dorm room. 325 00:18:32,579 --> 00:18:35,213 But instead, what showed up was one of these: 326 00:18:35,215 --> 00:18:38,583 a tiny, tiny box that basically has a mini computer inside 327 00:18:38,585 --> 00:18:42,620 that controls things like the power grid, pipelines, 328 00:18:42,622 --> 00:18:45,089 factories that are building cars. 329 00:18:45,091 --> 00:18:47,291 So PLCs are kind of the unsung component 330 00:18:47,293 --> 00:18:50,228 that makes the world go round. 331 00:18:50,230 --> 00:18:53,731 They are used to make elevators go up and down. 332 00:18:53,733 --> 00:18:55,800 They are used in chemical plants, 333 00:18:55,802 --> 00:18:56,868 they control the recipe 334 00:18:56,870 --> 00:18:59,904 that gets put into drugs and chemicals. 335 00:18:59,906 --> 00:19:02,540 They control water distribution plants. 336 00:19:02,542 --> 00:19:05,610 They're used in the electrical grid to control equipment. 337 00:19:05,612 --> 00:19:10,548 They're used surprisingly in NASDAQ, in the trading systems. 338 00:19:10,550 --> 00:19:13,050 They're used in traffic lights. 339 00:19:13,052 --> 00:19:16,053 They're used to control trains. 340 00:19:16,055 --> 00:19:19,757 So you can see that these components are really crucial 341 00:19:19,759 --> 00:19:23,494 and these systems were never created with security in mind. 342 00:19:25,932 --> 00:19:28,900 NARRATOR: So what was Stuxnet ultimately after? 343 00:19:30,670 --> 00:19:33,838 The answer was discovered in Hamburg, Germany, 344 00:19:33,840 --> 00:19:36,574 by a security expert. 345 00:19:36,576 --> 00:19:41,846 I had let's just say, 20 or 30 "holy cow" moments. 346 00:19:41,848 --> 00:19:45,583 What really blew my mind was to see from day one 347 00:19:45,585 --> 00:19:47,518 how sophisticated the thing was. 348 00:19:49,255 --> 00:19:52,590 NARRATOR: When he examined the code, Ralph Langner saw that Stuxnet 349 00:19:52,592 --> 00:19:56,294 was not designed to tamper with Siemens PLCs 350 00:19:56,296 --> 00:19:58,329 wherever it found them. 351 00:19:58,331 --> 00:20:01,232 It was hunting for specialized equipment 352 00:20:01,234 --> 00:20:03,868 in a specific configuration, 353 00:20:03,870 --> 00:20:07,972 likely targeting a single factory. 354 00:20:07,974 --> 00:20:11,075 I was like, "Holy cow, this is a targeted attack?" 355 00:20:11,077 --> 00:20:13,211 And certainly we started to wonder, 356 00:20:13,213 --> 00:20:18,049 "Wow, somebody's writing the most sophisticated worm 357 00:20:18,051 --> 00:20:20,885 "that we have ever seen only to hit one target? 358 00:20:20,887 --> 00:20:25,156 That must be quite a significant target." 359 00:20:25,158 --> 00:20:26,724 NARRATOR: But where? 360 00:20:26,726 --> 00:20:28,893 Stuxnet had come to the attention of the world 361 00:20:28,895 --> 00:20:31,095 when a security expert found it 362 00:20:31,097 --> 00:20:33,364 infecting a client's malfunctioning computer 363 00:20:33,366 --> 00:20:36,133 located in Iran. 364 00:20:36,135 --> 00:20:38,869 He then shared it with other experts. 365 00:20:38,871 --> 00:20:41,172 For Langner, the apparent epicenter 366 00:20:41,174 --> 00:20:45,643 of that original outbreak proved a vital clue. 367 00:20:45,645 --> 00:20:47,812 LANGER: In Iran, you don't have an awful lot 368 00:20:47,814 --> 00:20:51,682 of significant industrial facilities. 369 00:20:51,684 --> 00:20:56,153 Then the number of potential targets that could be worth 370 00:20:56,155 --> 00:20:59,857 such an effort shrinks down to just a few. 371 00:20:59,859 --> 00:21:03,928 And certainly the one potential target that popped up 372 00:21:03,930 --> 00:21:06,197 was the Iranian nuclear program. 373 00:21:06,199 --> 00:21:11,102 NARRATOR: Langner turned his attention to two known nuclear facilities 374 00:21:11,104 --> 00:21:14,338 in Iran: a power plant at Bushehr, 375 00:21:14,340 --> 00:21:19,110 and an enrichment plant at Natanz. 376 00:21:19,112 --> 00:21:22,613 Natanz is an underground, fortified facility, 377 00:21:22,615 --> 00:21:26,417 housing cylindrical centrifuges used to isolate 378 00:21:26,419 --> 00:21:28,886 a rare form of uranium, 379 00:21:28,888 --> 00:21:31,722 a precursor to fueling a power plant 380 00:21:31,724 --> 00:21:35,860 or making a nuclear weapon. 381 00:21:35,862 --> 00:21:38,596 The machines spin at very high speed 382 00:21:38,598 --> 00:21:41,899 with little room for error, 383 00:21:41,901 --> 00:21:43,434 and their motors and safety systems 384 00:21:43,436 --> 00:21:47,672 are under the control of PLCs. 385 00:21:47,674 --> 00:21:51,409 Examining photos from Natanz made public 386 00:21:51,411 --> 00:21:53,678 by Iran's press office, 387 00:21:53,680 --> 00:21:56,947 and comparing the equipment in them to the computer worm's code 388 00:21:56,949 --> 00:22:01,285 helped confirm the identity of the target. 389 00:22:01,287 --> 00:22:04,455 LANGNER: At the end of 2010, we were able to show 390 00:22:04,457 --> 00:22:07,024 100% proof 391 00:22:07,026 --> 00:22:10,094 that we had a complete match from the attack codes 392 00:22:10,096 --> 00:22:15,433 with the configuration of the enrichment cascades in Natanz. 393 00:22:18,504 --> 00:22:21,372 NARRATOR: This was conclusive proof that a computer virus 394 00:22:21,374 --> 00:22:24,642 has been unleashed against a military target. 395 00:22:24,644 --> 00:22:28,479 A true digital weapon. 396 00:22:28,481 --> 00:22:33,184 Langner circulated his discovery among other security experts, 397 00:22:33,186 --> 00:22:35,086 who were stunned. 398 00:22:35,088 --> 00:22:37,722 CHIEN: We weren't just protecting 16-digit credit card numbers, 399 00:22:37,724 --> 00:22:39,190 but potentially stumbling into 400 00:22:39,192 --> 00:22:42,493 something that had geopolitical implications. 401 00:22:42,495 --> 00:22:49,333 NARRATOR: But they still didn't understand how the weapon worked. 402 00:22:49,335 --> 00:22:54,538 So Eric and Liam set out to hack their own PLC. 403 00:22:54,540 --> 00:22:57,775 So here, I have a PLC, a programmable logic controller. 404 00:22:57,777 --> 00:23:01,579 This model is a Siemens S300, and that's the exact same model 405 00:23:01,581 --> 00:23:03,714 that was targeted by Stuxnet. 406 00:23:03,716 --> 00:23:05,616 Inside the PLC, there's a small computer, 407 00:23:05,618 --> 00:23:09,320 and it's used for controlling equipment in the real world 408 00:23:09,322 --> 00:23:11,789 like conveyor belts, motors, 409 00:23:11,791 --> 00:23:13,924 and, in this case, I have an air pump. 410 00:23:13,926 --> 00:23:16,694 NARRATOR: Turning the knob starts a program 411 00:23:16,696 --> 00:23:19,697 that turns on the pump, waits three seconds 412 00:23:19,699 --> 00:23:23,567 and then turns it off. 413 00:23:23,569 --> 00:23:27,204 What Stuxnet did was it targeted this PLC. 414 00:23:27,206 --> 00:23:29,106 And even though you'd download a program that says 415 00:23:29,108 --> 00:23:31,075 "operate an air pump for three seconds," 416 00:23:31,077 --> 00:23:34,111 in the background, Stuxnet changes that code. 417 00:23:34,113 --> 00:23:36,213 It intercepts your request and it puts malicious code 418 00:23:36,215 --> 00:23:38,416 onto the PLC instead. 419 00:23:38,418 --> 00:23:44,455 NARRATOR: Liam has infected the laptop with a Stuxnet-like virus. 420 00:23:44,457 --> 00:23:49,493 So now when he loads his program onto the PLC... 421 00:23:49,495 --> 00:23:52,463 the virus steps in. 422 00:23:52,465 --> 00:23:58,135 (machine whirring) 423 00:23:58,137 --> 00:24:02,139 And something goes very wrong. 424 00:24:02,141 --> 00:24:06,177 (popping) 425 00:24:06,179 --> 00:24:07,912 In this case, we popped a balloon, 426 00:24:07,914 --> 00:24:10,748 but imagine if that was a gas pipeline or a power plant. 427 00:24:10,750 --> 00:24:13,584 That's what's at stake in cyber attacks like this. 428 00:24:15,655 --> 00:24:20,057 NARRATOR: Finally they understood enough to reconstruct the attack. 429 00:24:22,628 --> 00:24:25,463 The Natanz plant was not connected to the internet-- 430 00:24:25,465 --> 00:24:28,265 a security measure. 431 00:24:28,267 --> 00:24:32,470 That explained why Stuxnet was designed to copy itself 432 00:24:32,472 --> 00:24:37,741 via thumb drives, which could be plugged into a computer 433 00:24:37,743 --> 00:24:43,147 on the internal network by a spy or an unwitting plant worker. 434 00:24:43,149 --> 00:24:45,983 Once on the plant's internal network of computers, 435 00:24:45,985 --> 00:24:50,955 Stuxnet would search for PLCs in control of centrifuges. 436 00:24:50,957 --> 00:24:56,160 When it found a target, it would lie in wait for weeks. 437 00:24:56,162 --> 00:25:01,198 But then Stuxnet would begin tampering with the centrifuges, 438 00:25:01,200 --> 00:25:06,003 causing them to gradually speed up and slow down, 439 00:25:06,005 --> 00:25:10,374 operating out of safe limits until they broke. 440 00:25:13,546 --> 00:25:17,348 It's not clear how long Stuxnet was active. 441 00:25:17,350 --> 00:25:21,185 But according to international nuclear regulatory authorities, 442 00:25:21,187 --> 00:25:27,691 1,000 centrifuges mysteriously failed over five months. 443 00:25:27,693 --> 00:25:31,462 There's no evidence the Iranians even knew 444 00:25:31,464 --> 00:25:33,898 that they were under attack. 445 00:25:33,900 --> 00:25:38,802 But eventually the worm escaped, spread using the internet, 446 00:25:38,804 --> 00:25:43,073 and was spotted and decoded by security experts. 447 00:25:43,075 --> 00:25:47,378 Suddenly the stakes in cyber security had gone way up. 448 00:25:47,380 --> 00:25:49,547 O'MURCHU: I'm looking at a piece of code 449 00:25:49,549 --> 00:25:51,615 that could blow something up in Iran. 450 00:25:51,617 --> 00:25:53,217 It was very, very scary to realize 451 00:25:53,219 --> 00:25:54,785 that that's the destruction that's possible now 452 00:25:54,787 --> 00:25:55,986 with this type of software. 453 00:25:55,988 --> 00:26:00,257 It was the first real cyber sabotage threat 454 00:26:00,259 --> 00:26:02,526 that we've ever seen that affected the real world. 455 00:26:04,263 --> 00:26:06,864 NARRATOR: But unlike a traditional weapon-- 456 00:26:06,866 --> 00:26:08,399 a missile or a bomb-- 457 00:26:08,401 --> 00:26:10,768 (explosion) 458 00:26:10,770 --> 00:26:15,606 it's almost impossible to know for sure who launched it. 459 00:26:15,608 --> 00:26:20,411 But its complexity was a big clue. 460 00:26:20,413 --> 00:26:22,012 CHIEN: It was immediately obvious to us 461 00:26:22,014 --> 00:26:24,014 when we began looking at this code that this was not 462 00:26:24,016 --> 00:26:26,317 two kids in the basement in Kansas somewhere 463 00:26:26,319 --> 00:26:28,452 who had written this particular threat. 464 00:26:28,454 --> 00:26:31,388 This was multiple teams with different expertise 465 00:26:31,390 --> 00:26:35,259 who had come together to create this one weapon. 466 00:26:35,261 --> 00:26:37,261 It was very clear to us that this was at the level 467 00:26:37,263 --> 00:26:38,462 of a nation state. 468 00:26:38,464 --> 00:26:42,766 HAYDEN: Someone-- probably a nation-state, 469 00:26:42,768 --> 00:26:45,269 because it's too hard to do from a garage or a basement-- 470 00:26:45,271 --> 00:26:49,873 just used a weapon comprised of ones and zeros 471 00:26:49,875 --> 00:26:53,310 during a time of peace to destroy what another nation 472 00:26:53,312 --> 00:26:55,479 could only describe as critical infrastructure. 473 00:26:55,481 --> 00:26:58,749 LANGER: Who would have the motivation to do something 474 00:26:58,751 --> 00:27:01,819 against the Iranian nuclear program? 475 00:27:01,821 --> 00:27:04,254 Obviously not Venezuela. 476 00:27:04,256 --> 00:27:06,490 I also say for somebody of my background-- 477 00:27:06,492 --> 00:27:07,858 director of CIA-- 478 00:27:07,860 --> 00:27:10,394 crashing 1,000 centrifuges at Natanz, 479 00:27:10,396 --> 00:27:12,863 almost an absolute good. 480 00:27:12,865 --> 00:27:17,234 LANGNER: If you think about who would have the capabilities 481 00:27:17,236 --> 00:27:21,805 to launch such an attack of that sophistication, 482 00:27:21,807 --> 00:27:25,275 completely unprecedented, 483 00:27:25,277 --> 00:27:27,978 you would certainly think about the United States 484 00:27:27,980 --> 00:27:28,946 in the first place. 485 00:27:32,518 --> 00:27:34,585 HAYDEN: I say with great sincerity 486 00:27:34,587 --> 00:27:37,988 that it would be irresponsible for someone of my background 487 00:27:37,990 --> 00:27:39,757 to even speculate who may have done this. 488 00:27:42,595 --> 00:27:46,363 NARRATOR: In June 2012, the New York Times reported that Stuxnet 489 00:27:46,365 --> 00:27:49,033 was created jointly by the NSA 490 00:27:49,035 --> 00:27:52,403 and Israeli intelligence. 491 00:27:52,405 --> 00:27:57,908 Then, in apparent retaliation, the Saudi oil company Aramco 492 00:27:57,910 --> 00:28:02,312 was hit with a computer virus in August 2012. 493 00:28:02,314 --> 00:28:04,615 They sent what's called a wiper virus, 494 00:28:04,617 --> 00:28:08,519 which is actually sort of a Fisher-Price, 495 00:28:08,521 --> 00:28:10,821 baby's first hack kind of a cyber campaign. 496 00:28:10,823 --> 00:28:13,323 It's not sophisticated, it's not elegant. 497 00:28:15,594 --> 00:28:17,695 NARRATOR: But it was effective, 498 00:28:17,697 --> 00:28:22,166 destroying the data on 30,000 computers. 499 00:28:22,168 --> 00:28:25,135 Then followed a coordinated attack against American targets. 500 00:28:27,707 --> 00:28:32,476 CLARKE: One by one, American banks-- Citibank, Bank of America, 501 00:28:32,478 --> 00:28:35,145 J.P. Morgan, SunTrust, Wells Fargo-- 502 00:28:35,147 --> 00:28:39,950 all had their web-facing customer interface pages 503 00:28:39,952 --> 00:28:43,220 knocked offline. 504 00:28:43,222 --> 00:28:45,756 In other words, if you were a Citibank customer 505 00:28:45,758 --> 00:28:48,358 and you went online to do some banking, 506 00:28:48,360 --> 00:28:51,228 you couldn't get through. 507 00:28:51,230 --> 00:28:53,197 NARRATOR: Attack and counterattack. 508 00:28:56,469 --> 00:28:59,036 But that's not the end of the story. 509 00:28:59,038 --> 00:29:02,139 In fact, it may be just the beginning. 510 00:29:02,141 --> 00:29:04,708 ZETTER: Stuxnet was the blueprint 511 00:29:04,710 --> 00:29:08,212 that provided proof of concept that such attack is possible. 512 00:29:08,214 --> 00:29:10,614 It's opened the door onto a new era of warfare 513 00:29:10,616 --> 00:29:13,817 and I don't think we fully understand now 514 00:29:13,819 --> 00:29:17,221 what the repercussions of it will be. 515 00:29:17,223 --> 00:29:20,324 HAYDEN: This is an incredibly important event in our history. 516 00:29:20,326 --> 00:29:25,162 Theoretically, this smells like August of 1945. 517 00:29:25,164 --> 00:29:27,231 (explosion) 518 00:29:27,233 --> 00:29:31,702 Somebody has used an entirely new class of weapon 519 00:29:31,704 --> 00:29:33,470 to affect destruction. 520 00:29:33,472 --> 00:29:37,674 (loud explosion) 521 00:29:37,676 --> 00:29:42,012 NARRATOR: The U.S. and Soviet Union took decades to reach agreements 522 00:29:42,014 --> 00:29:45,849 to limit the buildup of their nuclear arsenals. 523 00:29:45,851 --> 00:29:52,756 But with cyber weapons, we may not have the luxury of time. 524 00:29:52,758 --> 00:29:55,726 The capability is spreading and the number of targets exploding. 525 00:30:01,167 --> 00:30:03,734 Stuxnet exposed the vulnerability 526 00:30:03,736 --> 00:30:08,739 of one kind of embedded computer in industrial PLCs. 527 00:30:08,741 --> 00:30:13,777 But now there are embedded computers all around us-- 528 00:30:13,779 --> 00:30:16,747 from power stations to pacemakers. 529 00:30:25,291 --> 00:30:27,825 Yoshi Kohno is a security researcher 530 00:30:27,827 --> 00:30:32,095 who has an uncanny ability to find frightening vulnerabilities 531 00:30:32,097 --> 00:30:37,901 in everyday technology-- like cars. 532 00:30:37,903 --> 00:30:40,204 KOHNO: Modern automobiles have ten sometimes up to 100 533 00:30:40,206 --> 00:30:41,772 different computers inside them. 534 00:30:41,774 --> 00:30:43,207 Essentially, what we wanted to know, 535 00:30:43,209 --> 00:30:46,410 what might an unauthorized party be able to do 536 00:30:46,412 --> 00:30:49,880 with an automobile straight off the lot? 537 00:30:49,882 --> 00:30:53,717 NARRATOR: Recently, he and his graduate students demonstrated 538 00:30:53,719 --> 00:30:57,454 how a hacker could seize control of a car. 539 00:30:58,591 --> 00:31:00,791 The model they chose had a built-in 540 00:31:00,793 --> 00:31:05,462 emergency communication system that works like a cell phone. 541 00:31:05,464 --> 00:31:10,500 They used that system to call the car 542 00:31:10,502 --> 00:31:14,571 and remotely force malware into its embedded computers, 543 00:31:14,573 --> 00:31:15,873 giving them control 544 00:31:15,875 --> 00:31:20,844 over electrical and mechanical systems like door locks, 545 00:31:20,846 --> 00:31:23,914 and lights. 546 00:31:23,916 --> 00:31:28,118 Even the brakes. 547 00:31:28,120 --> 00:31:29,786 KOHNO: Okay, Alexei, we've unlocked the brake controller 548 00:31:29,788 --> 00:31:32,823 and just to verify, you have your helmet on 549 00:31:32,825 --> 00:31:34,291 and all your safety precautions in place, right? 550 00:31:34,293 --> 00:31:38,061 That's right, helmet on, gloves on, strapped in and ready to go. 551 00:31:38,063 --> 00:31:40,964 Great, okay, go ahead and go, and we will apply your brakes 552 00:31:40,966 --> 00:31:42,599 when you get to the checkered flag area. 553 00:31:42,601 --> 00:31:45,068 NARRATOR: By sending malicious code to the car, 554 00:31:45,070 --> 00:31:48,972 they will try to lock up the brakes. 555 00:31:55,581 --> 00:31:57,481 And we'll be applying your brakes shortly. 556 00:32:00,986 --> 00:32:01,852 Right about now. 557 00:32:02,988 --> 00:32:05,055 (tires screeching) 558 00:32:05,057 --> 00:32:06,089 Oh, ooh, yeah, that worked! 559 00:32:06,091 --> 00:32:07,958 Ooh, is he going to go to the wall? 560 00:32:07,960 --> 00:32:09,793 (laughing): Are you okay, Alexei? 561 00:32:09,795 --> 00:32:16,667 NARRATOR: In some cars, the steering, air bags and accelerator 562 00:32:16,669 --> 00:32:18,535 are also hackable. 563 00:32:18,537 --> 00:32:22,773 And as more cars become connected to the internet, 564 00:32:22,775 --> 00:32:27,077 the opportunities for attack will increase. 565 00:32:27,079 --> 00:32:30,681 So far, many car-makers have not made defense 566 00:32:30,683 --> 00:32:33,317 against cyber weapons a top priority. 567 00:32:33,319 --> 00:32:36,353 (screeches) 568 00:32:36,355 --> 00:32:42,292 And the same may be true for countless other companies, 569 00:32:42,294 --> 00:32:45,329 all racing to connect their products to what's being called 570 00:32:45,331 --> 00:32:48,198 "the internet of everything." 571 00:32:48,200 --> 00:32:52,736 WOMAN: Tailio turns any litter box into a smart monitoring system. 572 00:32:52,738 --> 00:32:54,037 We have computers in medical devices. 573 00:32:54,039 --> 00:32:55,539 We have computers in automobiles. 574 00:32:55,541 --> 00:32:56,807 We have computers in airplanes 575 00:32:56,809 --> 00:32:58,775 and we actually have computers in our homes. 576 00:32:58,777 --> 00:33:01,511 Home automation systems are becoming increasingly popular. 577 00:33:01,513 --> 00:33:04,915 NARRATOR: These are systems that wirelessly link 578 00:33:04,917 --> 00:33:09,119 common appliances like light switches, furnaces 579 00:33:09,121 --> 00:33:14,558 and door alarms to the internet for remote control. 580 00:33:14,560 --> 00:33:18,428 But Yoshi wonders if the rush towards convenience 581 00:33:18,430 --> 00:33:20,864 is stampeding over security. 582 00:33:22,634 --> 00:33:25,769 KOHNO: You know, there's a lot of drive towards pushing functionality, 583 00:33:25,771 --> 00:33:27,037 coming out with new technologies 584 00:33:27,039 --> 00:33:29,906 that do, you know, amazing new and greater things. 585 00:33:29,908 --> 00:33:32,909 But not enough people are stepping back and asking 586 00:33:32,911 --> 00:33:35,912 how might I also abuse it? 587 00:33:35,914 --> 00:33:38,081 And together with some students that I work with 588 00:33:38,083 --> 00:33:40,484 at the University of Washington, we wanted to figure out 589 00:33:40,486 --> 00:33:43,020 how secure are these home automation systems actually. 590 00:33:46,291 --> 00:33:49,893 NARRATOR: They decide to set up in a Seattle coffee shop. 591 00:33:49,895 --> 00:33:52,929 WOMAN: Got a 16-ounce latte. 592 00:33:52,931 --> 00:33:55,966 NARRATOR: The kind of place where people like to hang out 593 00:33:55,968 --> 00:33:57,868 because it offers free Wi-Fi. 594 00:34:01,273 --> 00:34:04,374 Alex Takakuwa has an automation system at home 595 00:34:04,376 --> 00:34:06,343 and plays the innocent victim. 596 00:34:08,447 --> 00:34:11,515 Meanwhile, playing the part of the attackers, 597 00:34:11,517 --> 00:34:14,484 are students Tope Oluwafemi and Tariq Yusuf. 598 00:34:18,357 --> 00:34:21,558 This is an ideal public spot to demonstrate how an attacker 599 00:34:21,560 --> 00:34:25,729 could gain control of a complete stranger's home. 600 00:34:25,731 --> 00:34:30,400 They've set up a wireless hotspot that masquerades 601 00:34:30,402 --> 00:34:32,369 as the coffee shop's own Wi-Fi. 602 00:34:35,407 --> 00:34:39,176 It's a notorious hacking ploy and aptly named. 603 00:34:39,178 --> 00:34:42,045 It's called an evil twin network. 604 00:34:42,047 --> 00:34:45,749 A really evil twin. 605 00:34:47,352 --> 00:34:49,853 NARRATOR: The victim connects to the evil twin 606 00:34:49,855 --> 00:34:55,859 and what's called a man-in-the-middle attack begins. 607 00:34:55,861 --> 00:34:59,396 The attackers can now spy on everything flowing to and from 608 00:34:59,398 --> 00:35:04,334 the victim's laptop. 609 00:35:04,336 --> 00:35:07,504 They observe that Alex is connecting 610 00:35:07,506 --> 00:35:09,739 to a home automation system. 611 00:35:09,741 --> 00:35:13,810 They're able to see his private login information. 612 00:35:14,880 --> 00:35:16,680 We're able to get credentials 613 00:35:16,682 --> 00:35:20,450 to access his home automation system without him knowing. 614 00:35:20,452 --> 00:35:24,721 The next phase gives the location of the house. 615 00:35:24,723 --> 00:35:29,993 They insert malicious code into the home automation system. 616 00:35:29,995 --> 00:35:32,796 That code tricks it into reporting 617 00:35:32,798 --> 00:35:35,565 the victim's GPS coordinates back to the attackers 618 00:35:35,567 --> 00:35:39,569 every time the victim logs in on his laptop. 619 00:35:39,571 --> 00:35:43,140 It takes a few days, but eventually they're able 620 00:35:43,142 --> 00:35:45,108 to deduce where the victim lives. 621 00:35:47,479 --> 00:35:49,379 We're able to get his house coordinates, 622 00:35:49,381 --> 00:35:52,682 his GPS coordinates, and paid him a nice little visit. 623 00:35:54,786 --> 00:35:57,420 NARRATOR: Even in a simple demonstration like this, 624 00:35:57,422 --> 00:35:59,322 bad things can happen. 625 00:36:01,093 --> 00:36:02,692 With a few key strokes from their car, 626 00:36:02,694 --> 00:36:05,662 they unlock the doors and stroll right in. 627 00:36:15,674 --> 00:36:17,374 In today's world, embedded devices tend to be 628 00:36:17,376 --> 00:36:18,909 stripped-down computers that are meant to do 629 00:36:18,911 --> 00:36:20,210 some set of specific tasks-- 630 00:36:20,212 --> 00:36:22,312 automating things like locks and lights. 631 00:36:22,314 --> 00:36:23,580 Oftentimes, that means they stripped down 632 00:36:23,582 --> 00:36:25,015 the security as well. 633 00:36:25,017 --> 00:36:30,420 NARRATOR: In the "internet of everything," every new device 634 00:36:30,422 --> 00:36:35,625 connected to the Web brings both promise and peril. 635 00:36:35,627 --> 00:36:38,962 ROTHKOPF: Imagine a world with 50 billion microprocessors 636 00:36:38,964 --> 00:36:41,298 attached to the internet in just five years. 637 00:36:41,300 --> 00:36:43,767 That's 50 billion vulnerabilities, 638 00:36:43,769 --> 00:36:48,171 50 billion points of entry, 50 billion points of attack. 639 00:36:48,173 --> 00:36:51,975 NARRATOR: The trick is to find the right balance 640 00:36:51,977 --> 00:36:56,846 between convenience and security. 641 00:36:56,848 --> 00:36:58,715 You can have a solid concrete structure, 642 00:36:58,717 --> 00:37:02,719 and there's no way to get in, no way to get out. 643 00:37:02,721 --> 00:37:04,788 That's secure, not necessarily useful 644 00:37:04,790 --> 00:37:06,823 because no one can access it. 645 00:37:06,825 --> 00:37:10,393 As you add doors, as you add windows, 646 00:37:10,395 --> 00:37:12,662 as you add ventilation, 647 00:37:12,664 --> 00:37:15,799 they become multiple points of entry 648 00:37:15,801 --> 00:37:18,868 and multiple points to monitor and figure out what's going on. 649 00:37:21,373 --> 00:37:24,241 NARRATOR: Windows and doors are easy to lock. 650 00:37:24,243 --> 00:37:27,110 Not so for devices with embedded computers. 651 00:37:27,112 --> 00:37:29,012 KOHNO: So let's say that you have a children's toy 652 00:37:29,014 --> 00:37:32,816 and you suddenly start to add some computer capabilities to it 653 00:37:32,818 --> 00:37:34,284 or a light switch and you start adding 654 00:37:34,286 --> 00:37:35,885 computer capabilities to that. 655 00:37:35,887 --> 00:37:37,387 And it's the introduction of computation 656 00:37:37,389 --> 00:37:38,788 and the ability for someone-- 657 00:37:38,790 --> 00:37:41,458 if they have the ability to connect to those computers-- 658 00:37:41,460 --> 00:37:43,426 to force those computers to misbehave. 659 00:37:43,428 --> 00:37:45,996 That's kind of the first step in creating a potential 660 00:37:45,998 --> 00:37:47,364 for an attack scenario. 661 00:37:51,536 --> 00:37:55,205 NARRATOR: Cyber attack scenarios against critical infrastructure 662 00:37:55,207 --> 00:37:59,342 have been a concern for the Department of Homeland Security 663 00:37:59,344 --> 00:38:03,580 at least since 2007, when the agency commissioned 664 00:38:03,582 --> 00:38:06,883 an experiment called Aurora. 665 00:38:06,885 --> 00:38:10,620 The question experts wanted to answer was a simple one: 666 00:38:10,622 --> 00:38:16,359 could a purely digital cyber attack disrupt or disable 667 00:38:16,361 --> 00:38:19,329 a large generator connected to the power grid? 668 00:38:21,566 --> 00:38:24,868 PERRY PEDERSON: I was the director of the control system security program 669 00:38:24,870 --> 00:38:28,271 at the Department of Homeland Security. 670 00:38:28,273 --> 00:38:32,309 And during that time, I ran the project 671 00:38:32,311 --> 00:38:35,445 that many people are familiar with called Aurora. 672 00:38:35,447 --> 00:38:41,051 NARRATOR: A team of electrical engineers brought a 27-ton, heavy-duty 673 00:38:41,053 --> 00:38:44,354 diesel generator to a specially built testing facility 674 00:38:44,356 --> 00:38:47,390 at the Idaho National Lab. 675 00:38:47,392 --> 00:38:51,561 After connecting the generator to the power grid, 676 00:38:51,563 --> 00:38:54,731 they challenged a team of computer security experts 677 00:38:54,733 --> 00:38:59,135 to use computer code to knock the generator offline. 678 00:38:59,137 --> 00:39:03,573 The test was monitored via closed circuit TV. 679 00:39:03,575 --> 00:39:06,843 PEDERSON: In the video, you'll see it running, humming along normally. 680 00:39:06,845 --> 00:39:10,013 And then you see the first hit. 681 00:39:13,118 --> 00:39:15,318 The first jump. 682 00:39:15,320 --> 00:39:17,654 You see the generator shudder. 683 00:39:19,925 --> 00:39:22,525 NARRATOR: The jump occurred almost immediately after 684 00:39:22,527 --> 00:39:24,294 the attackers sent the first packet 685 00:39:24,296 --> 00:39:27,731 of malicious computer code. 686 00:39:27,733 --> 00:39:30,800 We wanted to hit it and then wait and collect data 687 00:39:30,802 --> 00:39:34,170 and see what was happening and then hit it again, 688 00:39:34,172 --> 00:39:37,340 collect some data and kind of watch the progression 689 00:39:37,342 --> 00:39:40,777 of the damage to the generator. 690 00:39:44,416 --> 00:39:48,218 NARRATOR: After the second attack, the generator lurched again, 691 00:39:48,220 --> 00:39:52,222 belched ominous smoke and ground to a halt. 692 00:39:52,224 --> 00:39:54,924 Not only was it knocked off the grid, 693 00:39:54,926 --> 00:39:58,061 it was rendered completely inoperable. 694 00:39:58,063 --> 00:40:04,334 JOE WEISS: What they found when they opened the generator was just failures 695 00:40:04,336 --> 00:40:07,070 with almost all parts of the generator, 696 00:40:07,072 --> 00:40:09,439 both mechanical and electrical. 697 00:40:09,441 --> 00:40:13,276 So what you're really talking about is essentially 698 00:40:13,278 --> 00:40:18,014 what you would do with pieces of dynamite. 699 00:40:20,185 --> 00:40:22,752 PEDERSON: So this was a tough machine. 700 00:40:22,754 --> 00:40:25,088 This was heavy duty. 701 00:40:25,090 --> 00:40:29,259 And it was designed to run in severe conditions. 702 00:40:29,261 --> 00:40:31,194 If you were actually doing that attack, 703 00:40:31,196 --> 00:40:35,398 there's no reason to pause and wait in between. 704 00:40:35,400 --> 00:40:38,501 You simply put your software on a loop, 705 00:40:38,503 --> 00:40:41,004 and you just keep hitting it until it breaks. 706 00:40:43,809 --> 00:40:46,709 NARRATOR: An attack like this could take less than a minute. 707 00:40:46,711 --> 00:40:52,081 But leave consequences that would last for months. 708 00:40:52,083 --> 00:40:54,417 WEISS: If you damage or destroy these, 709 00:40:54,419 --> 00:40:58,354 you can't just go down to your neighborhood hardware store 710 00:40:58,356 --> 00:40:59,789 and buy another. 711 00:40:59,791 --> 00:41:03,026 It could take you maybe six to nine months 712 00:41:03,028 --> 00:41:05,361 to get another one of these. 713 00:41:05,363 --> 00:41:09,265 NARRATOR: And according to a government study, 714 00:41:09,267 --> 00:41:12,769 a coordinated attack on fewer than a dozen power stations 715 00:41:12,771 --> 00:41:17,173 could cause a massive outage-- far more devastating 716 00:41:17,175 --> 00:41:22,846 even than the historic blackout that hit the Northeast in 2003. 717 00:41:22,848 --> 00:41:25,882 WOMAN: The brightness of car headlights the only visible sight 718 00:41:25,884 --> 00:41:28,084 on 42nd Street tonight as thousands wait 719 00:41:28,086 --> 00:41:30,119 under a cloud of total darkness. 720 00:41:30,121 --> 00:41:35,959 ZETTER: All you would need to do is take out about nine substations 721 00:41:35,961 --> 00:41:38,495 in an attack that could result in a blackout 722 00:41:38,497 --> 00:41:41,431 for the majority of the U.S. that could last weeks or months 723 00:41:41,433 --> 00:41:43,399 depending on how the attack was designed. 724 00:41:47,339 --> 00:41:50,640 NARRATOR: And it's not only the power grid that's at risk. 725 00:41:50,642 --> 00:41:54,944 In 2014, seven years after Aurora, 726 00:41:54,946 --> 00:41:59,148 DHS inexplicably released an 800-page report 727 00:41:59,150 --> 00:42:01,618 on the Idaho demonstration. 728 00:42:01,620 --> 00:42:07,056 Inside were three alarming maps, perhaps included by mistake. 729 00:42:09,327 --> 00:42:11,861 These were never supposed to be declassified. 730 00:42:11,863 --> 00:42:15,899 NARRATOR: The maps identify targets like refineries 731 00:42:15,901 --> 00:42:19,135 and gas and water lines that could be destroyed 732 00:42:19,137 --> 00:42:21,504 by rapidly disconnecting and reconnecting them 733 00:42:21,506 --> 00:42:23,840 to the power grid. 734 00:42:23,842 --> 00:42:29,879 WEISS: This is using the electric grid as a means of attacking 735 00:42:29,881 --> 00:42:34,684 the industries connected to the electric grid. 736 00:42:34,686 --> 00:42:41,591 You now have essentially a hit list of critical infrastructure. 737 00:42:41,593 --> 00:42:44,827 NARRATOR: Surprisingly, our most critical facilities 738 00:42:44,829 --> 00:42:48,298 like this electric power plant must fend for themselves 739 00:42:48,300 --> 00:42:51,968 when it comes to defending against cyber attack. 740 00:42:51,970 --> 00:42:56,039 Less than a third of electricity generating facilities 741 00:42:56,041 --> 00:42:58,575 are big enough to be required to abide 742 00:42:58,577 --> 00:43:01,844 by the strictest cyber security rules. 743 00:43:03,715 --> 00:43:06,249 Yet the threat from cyber is so worrisome 744 00:43:06,251 --> 00:43:08,885 that few power company executives are willing 745 00:43:08,887 --> 00:43:11,020 to discuss the problem on the record 746 00:43:11,022 --> 00:43:15,491 for fear of being targeted by hackers. 747 00:43:15,493 --> 00:43:17,794 MAN: I don't know how real or how probable 748 00:43:17,796 --> 00:43:19,996 a cyber attack is. 749 00:43:19,998 --> 00:43:24,701 But I do know that protecting against it is prudent. 750 00:43:24,703 --> 00:43:28,071 Just because I don't know how likely something is... 751 00:43:28,073 --> 00:43:29,839 I don't know how likely an earthquake is. 752 00:43:29,841 --> 00:43:31,641 I don't know how likely a tornado is. 753 00:43:31,643 --> 00:43:35,478 I want to make it as hard as possible for someone 754 00:43:35,480 --> 00:43:39,382 to attack our generators and disrupt our society. 755 00:43:41,052 --> 00:43:44,787 NARRATOR: There is a fix available to defend against 756 00:43:44,789 --> 00:43:46,889 an Aurora-style attack. 757 00:43:46,891 --> 00:43:50,259 The cost for new equipment is relatively low, 758 00:43:50,261 --> 00:43:52,528 but not many utilities have installed it. 759 00:43:52,530 --> 00:43:57,000 Security remains alarmingly lax at many power stations. 760 00:43:59,037 --> 00:44:02,238 MAN: I was at a conference and one of the engineers 761 00:44:02,240 --> 00:44:06,609 showed me how he had his iPhone set up so he could control 762 00:44:06,611 --> 00:44:10,213 multiple power plants at the same time. 763 00:44:10,215 --> 00:44:12,782 I went to look at it and he said, "Be really careful. 764 00:44:12,784 --> 00:44:15,485 If you push that button, they'll all trip off." 765 00:44:15,487 --> 00:44:18,655 I was speechless. 766 00:44:18,657 --> 00:44:21,424 I asked him, "What do we do about security?" 767 00:44:21,426 --> 00:44:23,893 And he says, "I make sure no one gets this." 768 00:44:23,895 --> 00:44:28,531 NARRATOR: Until recently, controls at power stations 769 00:44:28,533 --> 00:44:32,535 were mechanical switches and immune to cyber attack. 770 00:44:32,537 --> 00:44:35,805 But now the drive to put everything online 771 00:44:35,807 --> 00:44:38,474 has created a hole in our defenses 772 00:44:38,476 --> 00:44:42,145 that no one seems able to plug. 773 00:44:42,147 --> 00:44:44,847 CLARKE: I think the public believes that the U.S. government-- 774 00:44:44,849 --> 00:44:48,718 Cyber Command, NSA, FBI, Homeland Security-- 775 00:44:48,720 --> 00:44:53,656 have the capability to defend the electric power grid, 776 00:44:53,658 --> 00:44:57,493 pipelines, trains, banks that could be attacked 777 00:44:57,495 --> 00:45:01,330 by other nations through cyber. 778 00:45:01,332 --> 00:45:03,199 The truth is the government doesn't have the capability, 779 00:45:03,201 --> 00:45:04,600 doesn't have the legal authority, 780 00:45:04,602 --> 00:45:06,602 and doesn't have a plan to do it. 781 00:45:06,604 --> 00:45:10,973 HAYDEN: And it's not a question yet of resources. 782 00:45:10,975 --> 00:45:13,376 It's a question of policy. 783 00:45:13,378 --> 00:45:14,777 What do you want these guys to do? 784 00:45:14,779 --> 00:45:18,981 What is it will you tolerate them doing to defend you 785 00:45:18,983 --> 00:45:22,285 on a network in which your emails and mine 786 00:45:22,287 --> 00:45:25,354 are skidding about freely? 787 00:45:25,356 --> 00:45:30,359 NARRATOR: Policymakers have not given the NSA and Cyber Command 788 00:45:30,361 --> 00:45:33,496 the mission of securing the internet, 789 00:45:33,498 --> 00:45:36,466 which may be fine with them. 790 00:45:36,468 --> 00:45:39,602 Because these agencies are deploying ambitious 791 00:45:39,604 --> 00:45:44,607 offensive programs that exploit common security weaknesses. 792 00:45:44,609 --> 00:45:48,911 NSA documents contain references to programs 793 00:45:48,913 --> 00:45:53,182 with fanciful codenames Like "TREASUREMAP" 794 00:45:53,184 --> 00:45:55,985 an attempt to identify and track every device 795 00:45:55,987 --> 00:46:01,591 connected to the Web-- anywhere, all the time. 796 00:46:01,593 --> 00:46:05,461 And "QUANTUMTHEORY," a suite of programs that aims 797 00:46:05,463 --> 00:46:09,398 to insert malware implants into computers and networks 798 00:46:09,400 --> 00:46:13,269 around the world. 799 00:46:13,271 --> 00:46:14,971 And Quantum you can think of as almost this sort of 800 00:46:14,973 --> 00:46:18,508 industrial-scale spread of computer viruses. 801 00:46:18,510 --> 00:46:21,177 It's a system that the NSA developed that allows it to, 802 00:46:21,179 --> 00:46:24,580 in a very quick and efficient manner, implant viruses, 803 00:46:24,582 --> 00:46:27,283 what are known as malware or malicious software 804 00:46:27,285 --> 00:46:28,718 on computers around the world. 805 00:46:28,720 --> 00:46:30,787 Think of it sort of as a big launching platform 806 00:46:30,789 --> 00:46:32,054 for cyber weapons. 807 00:46:32,056 --> 00:46:35,758 NARRATOR: The ultimate goal is to establish 808 00:46:35,760 --> 00:46:40,696 hundreds of thousands of stealthy access points globally 809 00:46:40,698 --> 00:46:46,736 to spy or to deal a devastating cyber counterstrike. 810 00:46:46,738 --> 00:46:50,306 But the emphasis on offense comes at a price. 811 00:46:50,308 --> 00:46:52,775 To ensure they'll always have a back door 812 00:46:52,777 --> 00:46:56,412 into their target's systems, the NSA and Cyber Command 813 00:46:56,414 --> 00:46:58,548 keep the computer vulnerabilities 814 00:46:58,550 --> 00:47:00,416 they exploit secret. 815 00:47:00,418 --> 00:47:05,488 But that leaves the same back doors open everywhere-- 816 00:47:05,490 --> 00:47:10,593 even here at home undefended against attack. 817 00:47:10,595 --> 00:47:13,262 Which raises a question-- what's more important: 818 00:47:13,264 --> 00:47:17,133 a good offense or a good defense? 819 00:47:17,135 --> 00:47:22,538 SNOWDEN: Defending ourselves from internet-originated attacks 820 00:47:22,540 --> 00:47:26,943 is much, much more important than our ability 821 00:47:26,945 --> 00:47:29,045 to launch attacks 822 00:47:29,047 --> 00:47:30,746 because when it comes to the internet, 823 00:47:30,748 --> 00:47:32,982 when it comes to our technical economy, 824 00:47:32,984 --> 00:47:36,786 we have more to lose than any other nation on earth. 825 00:47:36,788 --> 00:47:41,724 So we shouldn't be making the internet a more hostile, 826 00:47:41,726 --> 00:47:45,728 a more aggressive territory. 827 00:47:45,730 --> 00:47:47,630 We should be making it a more trusted environment, 828 00:47:47,632 --> 00:47:49,332 making it a more secure environment. 829 00:47:49,334 --> 00:47:54,170 NARRATOR: The U.S. economy depends on the internet. 830 00:47:54,172 --> 00:47:59,442 Failures to defend it are already costing us dearly. 831 00:47:59,444 --> 00:48:03,846 Every day foreign hackers make thousands of digital forays 832 00:48:03,848 --> 00:48:08,184 against targets inside the US. 833 00:48:08,186 --> 00:48:11,621 Some of these are like spying on steroids 834 00:48:11,623 --> 00:48:14,790 and can do real military damage-- 835 00:48:14,792 --> 00:48:17,827 something kept hidden from the public. 836 00:48:17,829 --> 00:48:19,795 A secret document in the Snowden archive 837 00:48:19,797 --> 00:48:24,300 reveals that the Chinese have stolen "many terabytes of data" 838 00:48:24,302 --> 00:48:26,736 related to the design of one of America's 839 00:48:26,738 --> 00:48:31,807 most advanced fighter planes-- the Joint Strike Fighter. 840 00:48:31,809 --> 00:48:35,077 HARRIS: And when they investigated this, they found that hackers 841 00:48:35,079 --> 00:48:37,713 were stealing this information not from military networks, 842 00:48:37,715 --> 00:48:40,216 but from the companies that are building these systems 843 00:48:40,218 --> 00:48:41,350 for the military. 844 00:48:41,352 --> 00:48:43,853 The extent of damage was pretty significant. 845 00:48:48,159 --> 00:48:51,360 NARRATOR: And it's not only defense contractors. 846 00:48:51,362 --> 00:48:53,029 There's a new kind of attack-- 847 00:48:53,031 --> 00:48:57,300 a nation-state going after a purely civilian business-- 848 00:48:57,302 --> 00:49:01,938 using cyber as a weapon of intimidation and blackmail. 849 00:49:03,808 --> 00:49:08,177 In late 2014, Sony Pictures releases a trailer 850 00:49:08,179 --> 00:49:12,081 for a political comedy called The Interview. 851 00:49:12,083 --> 00:49:13,416 JAMES FRANCO: Three weeks from tonight 852 00:49:13,418 --> 00:49:17,186 I will be traveling to Pyongyang, North Korea! 853 00:49:17,188 --> 00:49:19,255 Hello, North Korea! 854 00:49:19,257 --> 00:49:21,824 NARRATOR: The absurd premise involves an assassination plot 855 00:49:21,826 --> 00:49:25,394 against Kim Jung Un, leader of North Korea. 856 00:49:25,396 --> 00:49:27,396 You want us to kill the leader of North Korea?" 857 00:49:27,398 --> 00:49:28,064 Yes. 858 00:49:28,066 --> 00:49:30,566 What? 859 00:49:30,568 --> 00:49:35,004 NARRATOR: Shortly before the movie's release-- a cyber attack. 860 00:49:35,006 --> 00:49:38,407 The FBI is investigating that destructive cyber attack 861 00:49:38,409 --> 00:49:40,009 at Sony Pictures. 862 00:49:41,579 --> 00:49:45,047 NARRATOR: Hackers calling themselves the "Guardians of Peace" 863 00:49:45,049 --> 00:49:46,983 reveal that they have broken into 864 00:49:46,985 --> 00:49:49,018 Sony's corporate computer network 865 00:49:49,020 --> 00:49:53,756 and seem to threaten a 9/11 type attack on theatergoers 866 00:49:53,758 --> 00:49:55,825 if Sony releases the film. 867 00:49:55,827 --> 00:50:01,697 Within weeks, the FBI claimed to have top-secret intelligence 868 00:50:01,699 --> 00:50:05,234 that pointed to North Korea as the culprit. 869 00:50:05,236 --> 00:50:07,436 JAMES COMEY: There is not much in life 870 00:50:07,438 --> 00:50:09,138 that I have high confidence about. 871 00:50:09,140 --> 00:50:12,975 I have very high confidence about this attribution. 872 00:50:12,977 --> 00:50:15,611 As does the entire intelligence community. 873 00:50:15,613 --> 00:50:18,547 They caused a lot of damage. 874 00:50:18,549 --> 00:50:23,019 And we will respond. 875 00:50:23,021 --> 00:50:25,688 We will respond proportionally, and we'll respond 876 00:50:25,690 --> 00:50:29,792 in a place and time and manner that we choose. 877 00:50:29,794 --> 00:50:32,561 HARRIS: The hard part for the White House 878 00:50:32,563 --> 00:50:36,532 was not attributing the Sony attack to North Korea. 879 00:50:36,534 --> 00:50:38,601 The hard thing was what do you do about it? 880 00:50:38,603 --> 00:50:40,236 Because if the president of the United States 881 00:50:40,238 --> 00:50:42,338 is going to come out and publicly point the finger 882 00:50:42,340 --> 00:50:44,540 at a country for being behind a cyber attack, 883 00:50:44,542 --> 00:50:46,308 there are going to have to be consequences. 884 00:50:46,310 --> 00:50:52,014 NARRATOR: But calibrating that response is difficult. 885 00:50:52,016 --> 00:50:54,884 ROTHKOPF: The White House has suggested 886 00:50:54,886 --> 00:50:58,387 that one centerpiece of their response to cyber attacks 887 00:50:58,389 --> 00:51:00,956 would be what they called naming and shaming. 888 00:51:00,958 --> 00:51:03,726 Well, you know, naming and shaming may work 889 00:51:03,728 --> 00:51:06,295 in a kindergarten class when somebody steals cookies 890 00:51:06,297 --> 00:51:08,030 that were intended for another child, 891 00:51:08,032 --> 00:51:10,733 but it's not going to work with Vladimir Putin, 892 00:51:10,735 --> 00:51:14,737 the supreme leader in Iran, or the Chinese. 893 00:51:18,076 --> 00:51:19,809 NARRATOR: Cyber war has plunged the world 894 00:51:19,811 --> 00:51:23,012 into chaotic, uncharted territory. 895 00:51:23,014 --> 00:51:27,683 Today, a single spy can stealthily steal secrets 896 00:51:27,685 --> 00:51:29,819 in volumes larger than all the books 897 00:51:29,821 --> 00:51:32,788 in the library of Congress. 898 00:51:34,859 --> 00:51:38,961 And nation states are playing a dangerous game 899 00:51:38,963 --> 00:51:44,233 using cyber weapons that could trigger a wider war. 900 00:51:44,235 --> 00:51:46,702 ZETTER: There have been officials in the past that have said, 901 00:51:46,704 --> 00:51:48,971 you know, "If you take down our power grid, 902 00:51:48,973 --> 00:51:51,407 you can expect a missile down your smokestacks." 903 00:51:54,045 --> 00:51:56,879 I think it's highly likely that any war that began 904 00:51:56,881 --> 00:52:01,650 as a cyber war would ultimately end up being a conventional war, 905 00:52:01,652 --> 00:52:03,352 where the United States 906 00:52:03,354 --> 00:52:07,456 was engaged with bombers and missiles. 907 00:52:09,694 --> 00:52:14,463 NARRATOR: The number of nations armed with cyber weapons is in the dozens, 908 00:52:14,465 --> 00:52:18,534 not to mention terrorists and criminal hackers. 909 00:52:18,536 --> 00:52:21,537 And unless we find a way to counter these threats, 910 00:52:21,539 --> 00:52:25,007 there is a very real danger that we will turn 911 00:52:25,009 --> 00:52:28,244 one of our greatest inventions-- the internet-- 912 00:52:28,246 --> 00:52:31,447 into a dangerous battlefield. 913 00:52:42,326 --> 00:52:44,293 On NOVA's website, find in-depth interviews 914 00:52:44,295 --> 00:52:47,129 with Edward Snowden and other experts. 915 00:52:47,131 --> 00:52:49,565 Check out some of the NSA's astonishing 916 00:52:49,567 --> 00:52:51,300 cyber spying gadgets. 917 00:52:51,302 --> 00:52:53,269 Or try our cyber security game 918 00:52:53,271 --> 00:52:55,604 and learn how to keep your digital life safe, 919 00:52:55,606 --> 00:52:59,608 spot cyber security scams, and defend against cyber attacks. 920 00:52:59,610 --> 00:53:02,077 Also, watch original video shorts, 921 00:53:02,079 --> 00:53:06,048 explore in-depth reporting, and dive into interactives. 922 00:53:06,050 --> 00:53:08,551 Find us at pbs.org/nova. 923 00:53:08,553 --> 00:53:10,553 Follow us on Facebook and Twitter. 924 00:53:12,089 --> 00:53:14,990 They come from below. 925 00:53:28,272 --> 00:53:31,207 This NOVA program is available on DVD. 926 00:53:31,209 --> 00:53:36,212 To order, visit shopPBS.org, or call 1-800-play-PBS. 927 00:53:36,214 --> 00:53:36,212 NOVA is also available for download on iTunes.