1
00:00:02,803 --> 00:00:06,038
NARRATOR:
Will the next devastating attack
against the United States
2
00:00:06,040 --> 00:00:10,709
be delivered
with the tap of a key?
3
00:00:10,711 --> 00:00:12,244
RICHARD CLARKE:
Instead of bullets and bombs,
4
00:00:12,246 --> 00:00:13,879
you use bits and bytes.
5
00:00:13,881 --> 00:00:16,582
NARRATOR:
Using only a computer,
6
00:00:16,584 --> 00:00:19,985
a terrorist or a nation
can attack
7
00:00:19,987 --> 00:00:24,089
critical infrastructure
like the power grid.
8
00:00:24,091 --> 00:00:25,758
KIM ZETTER:
That could result in a blackout
9
00:00:25,760 --> 00:00:29,094
for the majority of the U.S.
that could last weeks or months.
10
00:00:30,998 --> 00:00:33,365
NARRATOR:
The enemies are anonymous.
11
00:00:33,367 --> 00:00:36,702
Their reach is global.
12
00:00:36,704 --> 00:00:41,440
As internet connections multiply
so does the threat.
13
00:00:41,442 --> 00:00:44,510
DAVID ROTHKOPF:
Imagine a world
with 50 billion microprocessors
14
00:00:44,512 --> 00:00:45,878
attached to the Internet.
15
00:00:45,880 --> 00:00:48,247
That's 50 billion
points of attack.
16
00:00:48,249 --> 00:00:51,116
NARRATOR:
The targets are everywhere.
17
00:00:51,118 --> 00:00:54,086
YOSHI KOHNO:
Computers are permeating
our environments.
18
00:00:54,088 --> 00:00:56,555
There are potential
security risks anywhere
19
00:00:56,557 --> 00:00:58,457
there is one of these
computing devices.
20
00:00:58,459 --> 00:01:00,426
And we'll be applying
your brakes shortly.
21
00:01:00,428 --> 00:01:03,896
NARRATOR:
Even in your car.
22
00:01:03,898 --> 00:01:05,798
KOHNO:
Right about now.
23
00:01:05,800 --> 00:01:07,166
(car screeches)
24
00:01:07,168 --> 00:01:09,234
Yeah, that worked.
25
00:01:09,236 --> 00:01:13,038
NARRATOR:
Cyber weapons
have already been unleashed.
26
00:01:13,040 --> 00:01:15,674
ERIC CHIEN:
It was the first
real cyber sabotage
27
00:01:15,676 --> 00:01:19,278
that affected the real world.
28
00:01:19,280 --> 00:01:23,582
MICHAEL HAYDEN:
Somebody has used
an entirely new class of weapon
29
00:01:23,584 --> 00:01:25,684
to affect destruction.
30
00:01:25,686 --> 00:01:29,121
NARRATOR:
Is it too late to put the genie
back in the bottle?
31
00:01:29,123 --> 00:01:32,858
When we put the little evil
virus in the big pool,
32
00:01:32,860 --> 00:01:35,727
it tends to escape
and go Jurassic Park on us.
33
00:01:35,729 --> 00:01:39,965
NARRATOR:
Can we survive
the "Cyber War Threat"?
34
00:01:39,967 --> 00:01:41,934
Right now, on NOVA.
35
00:01:57,384 --> 00:02:00,352
Major funding for NOVA is
provided by the following...
36
00:02:02,156 --> 00:02:04,823
Shouldn't what makes
each of us unique
37
00:02:04,825 --> 00:02:08,594
Supporting NOVA and promoting
public understanding of science.
38
00:02:11,465 --> 00:02:13,532
And the Corporation
for Public Broadcasting.
39
00:02:13,534 --> 00:02:15,000
And by PBS viewers like you.
40
00:02:15,002 --> 00:02:16,802
Thank you.
41
00:02:16,804 --> 00:02:18,637
Millicent Bell,
42
00:02:18,639 --> 00:02:22,241
through the Millicent
and Eugene Bell Foundation.
43
00:02:22,243 --> 00:02:24,776
And the George D. Smith Fund.
44
00:02:26,247 --> 00:02:29,381
Additional funding from the
Montgomery Family Foundation.
45
00:02:32,920 --> 00:02:38,557
NARRATOR:
The Sayano-Shushenskaya dam
in remote Siberia--
46
00:02:38,559 --> 00:02:42,728
the ninth largest
hydroelectric plant on earth
47
00:02:42,730 --> 00:02:45,898
and the scene
of a catastrophic event
48
00:02:45,900 --> 00:02:47,866
that may foreshadow
the future of war.
49
00:02:49,603 --> 00:02:54,940
On August 17, 2009,
all seems normal
50
00:02:54,942 --> 00:02:57,743
in the power plant
at the base of the dam.
51
00:02:59,079 --> 00:03:02,814
30 million tons of water
pressure spin massive turbines
52
00:03:02,816 --> 00:03:07,886
generating more than 6,000
megawatts of electric power.
53
00:03:07,888 --> 00:03:13,458
Suddenly, without warning,
something goes terribly wrong.
54
00:03:13,460 --> 00:03:15,427
(loud bang)
55
00:03:17,631 --> 00:03:20,098
A plume of water.
56
00:03:20,100 --> 00:03:21,967
(loud bang)
57
00:03:21,969 --> 00:03:24,403
Followed by a wave
of destruction.
58
00:03:24,405 --> 00:03:25,704
(screaming)
59
00:03:25,706 --> 00:03:29,341
In the end, 75 people perish.
60
00:03:37,184 --> 00:03:39,151
In the aftermath,
a hellish vision.
61
00:03:41,255 --> 00:03:45,424
One of the 1,500-ton turbines
had burst through the floor,
62
00:03:45,426 --> 00:03:48,193
rocketing 50 feet into the
air...
63
00:03:48,195 --> 00:03:51,663
(loud bang)
64
00:03:51,665 --> 00:03:56,034
Punching a hole
in the base of the dam.
65
00:03:56,036 --> 00:04:00,305
Investigators eventually
identify poor maintenance
66
00:04:00,307 --> 00:04:03,775
and worn anchor bolts
as the cause.
67
00:04:03,777 --> 00:04:06,378
But at first, this scenario--
68
00:04:06,380 --> 00:04:09,982
a machine self-destructing
with lethal consequences--
69
00:04:09,984 --> 00:04:14,786
led some to wonder if this might
be a new kind of sabotage,
70
00:04:14,788 --> 00:04:19,258
one that targets the computers
in our most critical machines,
71
00:04:19,260 --> 00:04:23,228
sending them out of control
in a cyber-era attack.
72
00:04:24,632 --> 00:04:26,498
We're living in an era now
where we have to wonder
73
00:04:26,500 --> 00:04:29,768
whether people can cause damage
with computer code
74
00:04:29,770 --> 00:04:32,137
that before they could
only cause with a bomb.
75
00:04:32,139 --> 00:04:36,742
NARRATOR:
Computer code that could
even be delivered anonymously
76
00:04:36,744 --> 00:04:39,177
over the internet.
77
00:04:39,179 --> 00:04:42,180
We think of the Web
as an indispensable tool
78
00:04:42,182 --> 00:04:46,418
that delivers the world
to our doorstep.
79
00:04:46,420 --> 00:04:50,055
But it's also a wide-open
conduit for attack.
80
00:04:50,057 --> 00:04:53,358
We've learned to live
with cyber crime--
81
00:04:53,360 --> 00:04:56,728
identity theft,
credit card fraud,
82
00:04:56,730 --> 00:05:00,866
hacking, and stealing
personal information.
83
00:05:00,868 --> 00:05:03,869
But now there's a threat
that's much more frightening
84
00:05:03,871 --> 00:05:06,438
and destructive.
85
00:05:06,440 --> 00:05:07,873
CLARKE:
You can get into a network
86
00:05:07,875 --> 00:05:09,875
which has control
of some physical thing.
87
00:05:09,877 --> 00:05:12,210
Think about a pipeline,
for example.
88
00:05:12,212 --> 00:05:13,645
You get into that network
89
00:05:13,647 --> 00:05:15,347
which controls the pipeline,
90
00:05:15,349 --> 00:05:18,150
and you can cause
the pipeline to explode...
91
00:05:18,152 --> 00:05:20,819
(explosion)
92
00:05:20,821 --> 00:05:24,489
...just as though it were
attacked by a kinetic weapon.
93
00:05:24,491 --> 00:05:26,958
(explosion)
94
00:05:26,960 --> 00:05:29,728
NARRATOR:
And traditional kinetic,
physical weapons
95
00:05:29,730 --> 00:05:33,665
may be impotent
against a cyber attack.
96
00:05:33,667 --> 00:05:38,804
Because digital weapons can be
anonymous and instantaneous--
97
00:05:38,806 --> 00:05:42,841
no reports of troop movements
to signal a threat
98
00:05:42,843 --> 00:05:46,812
or air raid sirens
to give warning.
99
00:05:46,814 --> 00:05:51,883
Just a sudden,
out-of-the-blue digital takedown
100
00:05:51,885 --> 00:05:57,856
of dams, power plants,
factories,
101
00:05:57,858 --> 00:06:04,062
air traffic control,
the financial system, and more.
102
00:06:04,064 --> 00:06:08,500
Instead of bullets and bombs,
you use bits and bytes.
103
00:06:08,502 --> 00:06:11,737
NARRATOR:
We are in a digital arms race
104
00:06:11,739 --> 00:06:16,441
against nations, hackers,
and terrorists.
105
00:06:16,443 --> 00:06:18,176
Cyber is the poor man's
atom bomb.
106
00:06:18,178 --> 00:06:19,945
(explosion)
107
00:06:19,947 --> 00:06:23,215
NARRATOR:
Welcome to the frightening
new world of cyber war.
108
00:06:29,490 --> 00:06:31,256
In the United States,
109
00:06:31,258 --> 00:06:34,593
the command center
for cyber operations is here,
110
00:06:34,595 --> 00:06:38,764
at the ultra-secret
National Security Agency
111
00:06:38,766 --> 00:06:42,267
in Fort Meade, Maryland.
112
00:06:42,269 --> 00:06:47,706
Some joke NSA should stand for
"No Such Agency."
113
00:06:47,708 --> 00:06:48,907
For most of its history,
114
00:06:48,909 --> 00:06:52,711
the NSA was so shrouded
in secrecy,
115
00:06:52,713 --> 00:06:55,547
most Americans
didn't even know it existed.
116
00:06:57,484 --> 00:07:00,051
But that all changed in 2013
117
00:07:00,053 --> 00:07:02,487
when whistleblower
Edward Snowden
118
00:07:02,489 --> 00:07:07,092
walked out the door with a huge
cache of top-secret documents.
119
00:07:08,862 --> 00:07:11,296
I've been following NSA
for 30 years or so
120
00:07:11,298 --> 00:07:13,532
and every now and then
there's a little leak here,
121
00:07:13,534 --> 00:07:16,368
a little leak there,
but nothing like this.
122
00:07:16,370 --> 00:07:18,203
This is extraordinary.
123
00:07:18,205 --> 00:07:22,441
Hundreds of thousands of
documents released all at once.
124
00:07:22,443 --> 00:07:27,179
NARRATOR:
Some of them famously revealed
the existence of programs
125
00:07:27,181 --> 00:07:30,549
that empower the NSA programs
to spy on Americans citizens
126
00:07:30,551 --> 00:07:36,455
by collecting emails, phone
calls, and other personal data.
127
00:07:36,457 --> 00:07:39,024
What we've seen
over the last decade
128
00:07:39,026 --> 00:07:41,259
is we've seen a departure from
sort of the traditional work
129
00:07:41,261 --> 00:07:43,094
of the National Security Agency.
130
00:07:43,096 --> 00:07:47,432
They've become
the National Hacking Agency.
131
00:07:47,434 --> 00:07:49,668
NARRATOR:
Other documents reveal
that the agency
132
00:07:49,670 --> 00:07:51,870
is moving into new territory,
133
00:07:51,872 --> 00:07:56,274
developing offensive weapons
to penetrate global networks
134
00:07:56,276 --> 00:07:59,244
in preparation
for launching cyber attacks.
135
00:08:03,083 --> 00:08:05,383
That's a far cry
from the original mission
136
00:08:05,385 --> 00:08:08,353
intended by President Truman
in 1952.
137
00:08:11,859 --> 00:08:15,760
In those days,
the NSA was all ears.
138
00:08:17,898 --> 00:08:22,000
Its listening posts eavesdropped
on foreign radio,
139
00:08:22,002 --> 00:08:24,169
and satellite transmissions
140
00:08:24,171 --> 00:08:27,038
and tapped underwater
telephone cables.
141
00:08:27,040 --> 00:08:32,143
HAYDEN:
Traditional signals intelligence
was fairly passive.
142
00:08:32,145 --> 00:08:35,747
It was an antenna
or an alligator clip,
143
00:08:35,749 --> 00:08:38,016
and you had to wait for somebody
to send a message,
144
00:08:38,018 --> 00:08:39,417
and you hope you're fortunate
enough to be
145
00:08:39,419 --> 00:08:42,220
in the right place
at the right time.
146
00:08:42,222 --> 00:08:44,723
NARRATOR:
But then the digital revolution
and the internet
147
00:08:44,725 --> 00:08:47,359
gave the NSA new powers
148
00:08:47,361 --> 00:08:51,897
and a way to hack
into distant computer networks.
149
00:08:51,899 --> 00:08:53,965
HAYDEN:
In the cyber domain,
you didn't have to wait
150
00:08:53,967 --> 00:08:55,667
for them to send a message.
151
00:08:55,669 --> 00:08:57,202
You could commute
to their target.
152
00:08:57,204 --> 00:09:00,071
You could commute to where
the information was stored
153
00:09:00,073 --> 00:09:03,074
and extract it
from that network,
154
00:09:03,076 --> 00:09:06,044
even if they never intended
to transmit it.
155
00:09:09,783 --> 00:09:13,318
NARRATOR:
Today, the agency appears
to have transformed
156
00:09:13,320 --> 00:09:16,288
from a passive listener
into an active spy.
157
00:09:18,358 --> 00:09:21,560
Able to infiltrate, steal,
158
00:09:21,562 --> 00:09:28,533
and, when necessary,
attack in cyberspace.
159
00:09:28,535 --> 00:09:31,736
General Michael Hayden
helped shape that transformation
160
00:09:31,738 --> 00:09:35,941
beginning in 1999
when he became director.
161
00:09:38,211 --> 00:09:40,812
I get to Fort Meade about
the turn of the millennium,
162
00:09:40,814 --> 00:09:42,747
we're focused on cyber.
163
00:09:42,749 --> 00:09:44,482
Cyber is espionage,
164
00:09:44,484 --> 00:09:47,218
but also the potential
of cyber as a weapon,
165
00:09:47,220 --> 00:09:50,188
computer network attack.
166
00:09:54,094 --> 00:09:59,598
NARRATOR:
Then came 9/11,
and President George W. Bush
167
00:09:59,600 --> 00:10:02,867
ordered the NSA to begin
planning in earnest
168
00:10:02,869 --> 00:10:05,537
for offensive cyber war.
169
00:10:05,539 --> 00:10:10,108
Eventually, to meet that need,
the military created
170
00:10:10,110 --> 00:10:14,279
a new strategic unit,
a partner to the NSA called
171
00:10:14,281 --> 00:10:16,581
Cyber Command.
172
00:10:16,583 --> 00:10:19,851
Its mission:
to go beyond espionage
173
00:10:19,853 --> 00:10:24,823
using computers as weapons.
174
00:10:24,825 --> 00:10:29,094
Site M is the cover name for
its massive new headquarters.
175
00:10:29,096 --> 00:10:32,330
It will eventually cover
more than a million square feet,
176
00:10:32,332 --> 00:10:36,101
enough to add to NSA's
headquarters complex
177
00:10:36,103 --> 00:10:39,704
some 14 new buildings
178
00:10:39,706 --> 00:10:44,242
and thousands
of additional staff.
179
00:10:44,244 --> 00:10:50,048
Plus a $1.5 billion data center
in Utah.
180
00:10:50,050 --> 00:10:56,154
By 2010, Cyber Command
was ready for action.
181
00:10:56,156 --> 00:10:59,491
About the same time
that the world got a glimpse
182
00:10:59,493 --> 00:11:02,260
of the first true cyber weapon,
183
00:11:02,262 --> 00:11:05,363
a surprisingly destructive
computer worm,
184
00:11:05,365 --> 00:11:11,202
a self-replicating program
that came to be called Stuxnet.
185
00:11:11,204 --> 00:11:15,306
Stuxnet is what we consider
the first confirmed
186
00:11:15,308 --> 00:11:18,543
digital weapon and the first act
of cyber warfare.
187
00:11:18,545 --> 00:11:23,114
NARRATOR:
Stuxnet first showed up
infecting desktop computers
188
00:11:23,116 --> 00:11:26,484
and laptops in Iran
and the Near East,
189
00:11:26,486 --> 00:11:30,121
but it soon spread further,
using the internet
190
00:11:30,123 --> 00:11:34,159
to copy itself
from system to system.
191
00:11:34,161 --> 00:11:38,897
Eventually it ended up
in the crosshairs of Symantec,
192
00:11:38,899 --> 00:11:42,333
maker of anti-virus
security software.
193
00:11:42,335 --> 00:11:46,271
There it grabbed the attention
of security experts
194
00:11:46,273 --> 00:11:50,241
Liam O'Murchu
and Eric Chien.
195
00:11:50,243 --> 00:11:53,878
Right away they saw that Stuxnet
was more complicated
196
00:11:53,880 --> 00:11:58,717
than any other malicious
software, so-called malware.
197
00:11:58,719 --> 00:12:02,253
CHIEN:
We had never seen a threat
that was so large
198
00:12:02,255 --> 00:12:03,521
and so dense.
199
00:12:03,523 --> 00:12:05,890
I mean this threat was maybe
20 times the normal size
200
00:12:05,892 --> 00:12:08,059
of any threat
that we had seen before.
201
00:12:08,061 --> 00:12:10,895
Normally, we can analyze malware
in a very short period of time,
202
00:12:10,897 --> 00:12:13,565
from five minutes
maybe up to a week.
203
00:12:13,567 --> 00:12:16,534
But with Stuxnet,
we spent six months.
204
00:12:20,774 --> 00:12:22,774
NARRATOR:
With computer users
around the world
205
00:12:22,776 --> 00:12:25,744
sending millions
of suspicious pieces of malware
206
00:12:25,746 --> 00:12:28,012
to Symantec's server farm,
207
00:12:28,014 --> 00:12:32,417
Eric and Liam get to examine
a huge variety.
208
00:12:32,419 --> 00:12:36,888
But nearly all of them
have one thing in common:
209
00:12:36,890 --> 00:12:39,758
they're all programs
that try to worm themselves
210
00:12:39,760 --> 00:12:44,262
into an unwitting computer
and hide.
211
00:12:44,264 --> 00:12:47,132
Most people don't realize that
when they use their computer
212
00:12:47,134 --> 00:12:48,733
for browsing the web
or checking their email
213
00:12:48,735 --> 00:12:50,668
there is a lot more going on
in the background,
214
00:12:50,670 --> 00:12:52,470
lots of hidden programs.
215
00:12:52,472 --> 00:12:55,440
For the most part,
they're never seen.
216
00:12:55,442 --> 00:12:57,242
NARRATOR:
Bringing up a list
of these programs
217
00:12:57,244 --> 00:12:59,677
reveals unfamiliar names.
218
00:12:59,679 --> 00:13:01,780
They come and go as needed
219
00:13:01,782 --> 00:13:05,717
and there can be dozens running
at any given time.
220
00:13:05,719 --> 00:13:08,620
Some carry out simple tasks
221
00:13:08,622 --> 00:13:13,391
deep in the computer's operating
system, hidden from view.
222
00:13:13,393 --> 00:13:15,460
Others are complex and obvious,
223
00:13:15,462 --> 00:13:19,397
the applications we see
running on our screens.
224
00:13:19,399 --> 00:13:22,400
They all co-exist,
sharing the computer's memory
225
00:13:22,402 --> 00:13:25,603
and constantly communicating
with each other
226
00:13:25,605 --> 00:13:28,973
like a digital ecosystem.
227
00:13:28,975 --> 00:13:31,342
Hackers or attackers
take advantage
228
00:13:31,344 --> 00:13:33,344
of all of these hidden programs
on your computer
229
00:13:33,346 --> 00:13:35,313
by hiding
their malicious software,
230
00:13:35,315 --> 00:13:37,649
otherwise known as malware,
in and amongst them
231
00:13:37,651 --> 00:13:39,784
so that you don't even notice.
232
00:13:39,786 --> 00:13:43,254
NARRATOR:
The first challenge
for an attacker
233
00:13:43,256 --> 00:13:47,725
is to get the malware installed
on the victim's computer.
234
00:13:47,727 --> 00:13:52,764
A common ploy is to trick users
into doing it themselves.
235
00:13:52,766 --> 00:13:55,300
One way hackers
are able to do this
236
00:13:55,302 --> 00:13:56,935
is by simply sending you
an email
237
00:13:56,937 --> 00:14:00,605
with a legitimate document
inside.
238
00:14:00,607 --> 00:14:01,973
NARRATOR:
Even though the document
239
00:14:01,975 --> 00:14:03,508
doesn't look suspicious,
240
00:14:03,510 --> 00:14:07,745
it actually contains
malicious computer code.
241
00:14:07,747 --> 00:14:11,983
Liam plays the part
of the victim.
242
00:14:11,985 --> 00:14:14,552
So, first thing in the morning,
I'm going to log into my email
243
00:14:14,554 --> 00:14:17,856
and check if I have
anything new.
244
00:14:17,858 --> 00:14:20,592
So I have received an email
245
00:14:20,594 --> 00:14:23,828
about open enrollment
for my benefits,
246
00:14:23,830 --> 00:14:25,663
and even though I don't know
who the sender is
247
00:14:25,665 --> 00:14:27,832
I'm going to open this up.
248
00:14:27,834 --> 00:14:30,034
NARRATOR:
Downloading and opening
the booby-trapped document
249
00:14:30,036 --> 00:14:32,770
generates an error message.
250
00:14:32,772 --> 00:14:34,706
(dings)
251
00:14:34,708 --> 00:14:36,808
But what the victim
doesn't realize
252
00:14:36,810 --> 00:14:40,278
is that clicking on it
also invisibly installs malware
253
00:14:40,280 --> 00:14:42,146
onto the computer.
254
00:14:47,220 --> 00:14:49,153
CHIEN:
Once my victim opens up
that document,
255
00:14:49,155 --> 00:14:51,489
that secret computer code inside
has started to run
256
00:14:51,491 --> 00:14:54,092
on his computer
without him even knowing it
257
00:14:54,094 --> 00:14:56,160
and it's connected back
to my computer
258
00:14:56,162 --> 00:15:00,899
to a program that I'm running
called Nuclear RAT.
259
00:15:00,901 --> 00:15:02,800
NARRATOR:
Stealthy programs like this
260
00:15:02,802 --> 00:15:05,837
allow for a shocking
behind-the-lines invasion
261
00:15:05,839 --> 00:15:10,642
where the attacker can spy
or disrupt at will.
262
00:15:10,644 --> 00:15:12,977
CHIEN:
I can even take screenshots
of his computer
263
00:15:12,979 --> 00:15:14,779
and watch all of his keystrokes
264
00:15:14,781 --> 00:15:16,381
via something called
a key logger.
265
00:15:16,383 --> 00:15:18,016
He's logging in
to his email right now
266
00:15:18,018 --> 00:15:21,019
and I can actually get
his username and his password.
267
00:15:21,021 --> 00:15:23,154
Not only that,
but we can also get video
268
00:15:23,156 --> 00:15:25,857
by turning on the webcam
and I can actually see
269
00:15:25,859 --> 00:15:29,661
what my victim looks like,
all without him knowing.
270
00:15:29,663 --> 00:15:32,163
NARRATOR:
Nuclear RAT takes advantage
of a well-known weakness
271
00:15:32,165 --> 00:15:36,467
in computers with the Windows
operating system.
272
00:15:36,469 --> 00:15:39,437
And security experts have
devised defenses against it.
273
00:15:42,943 --> 00:15:46,444
But when Liam and Eric
looked at Stuxnet,
274
00:15:46,446 --> 00:15:48,313
they saw that the program
was taking advantage
275
00:15:48,315 --> 00:15:51,282
of a weakness that no one
had ever seen before.
276
00:15:53,687 --> 00:15:58,656
It's what hackers refer to
as a zero-day exploit.
277
00:15:58,658 --> 00:16:00,058
ZETTER:
A zero-day exploit is
278
00:16:00,060 --> 00:16:02,327
malicious code that is used
against a vulnerability
279
00:16:02,329 --> 00:16:05,129
that is at the time
unknown to the vendor
280
00:16:05,131 --> 00:16:07,732
and unknown
to antivirus companies.
281
00:16:07,734 --> 00:16:09,767
Because it's unknown,
the vendor can't patch it
282
00:16:09,769 --> 00:16:13,871
and antivirus companies don't
have signatures to detect it.
283
00:16:13,873 --> 00:16:17,842
NARRATOR:
In other words, it's a flaw
that has been detected
284
00:16:17,844 --> 00:16:22,313
and fixed for "zero days,"
meaning not at all.
285
00:16:22,315 --> 00:16:27,552
Stuxnet used a zero-day to take
advantage of a vulnerability
286
00:16:27,554 --> 00:16:32,857
related to USB thumb drives,
also called memory sticks.
287
00:16:32,859 --> 00:16:37,929
Plugging in a Stuxnet-infected
thumb drive causes the program
288
00:16:37,931 --> 00:16:41,032
to copy itself
onto the target computer
289
00:16:41,034 --> 00:16:43,835
without the user's knowledge.
290
00:16:43,837 --> 00:16:49,107
Zero-days are extremely hard
to find and can command
291
00:16:49,109 --> 00:16:52,176
huge sums on illicit markets.
292
00:16:52,178 --> 00:16:54,979
Your average threat doesn't use
any zero-days at all.
293
00:16:54,981 --> 00:17:01,786
NARRATOR:
But Stuxnet represented
a major investment by someone.
294
00:17:01,788 --> 00:17:03,654
ZETTER:
At the time that Stuxnet
was launched,
295
00:17:03,656 --> 00:17:06,491
zero-days weren't used
that often in attacks.
296
00:17:06,493 --> 00:17:10,428
Stuxnet used five zero-days,
and that was really remarkable.
297
00:17:10,430 --> 00:17:16,434
NARRATOR:
And still Stuxnet had an even
bigger surprise in store:
298
00:17:16,436 --> 00:17:17,468
its purpose.
299
00:17:17,470 --> 00:17:19,137
CHIEN:
What's its payload?
300
00:17:19,139 --> 00:17:20,705
What's its motivation?
301
00:17:20,707 --> 00:17:23,041
What's it actually going to do
when it's on your system?
302
00:17:23,043 --> 00:17:27,111
And it wasn't until November
of 2010 we really uncovered
303
00:17:27,113 --> 00:17:28,713
its primary motivation.
304
00:17:28,715 --> 00:17:33,084
NARRATOR:
The first clue came
from a close examination
305
00:17:33,086 --> 00:17:37,855
of Stuxnet's computer code--
all 15,000 lines of it.
306
00:17:37,857 --> 00:17:40,558
O'MURCHU:
When we looked inside the code,
307
00:17:40,560 --> 00:17:41,959
we saw the name
308
00:17:41,961 --> 00:17:45,897
of a German industrial control
equipment manufacturer.
309
00:17:45,899 --> 00:17:48,166
We saw Siemens in there.
310
00:17:51,838 --> 00:17:55,373
NARRATOR:
Siemens makes factory
automation equipment.
311
00:17:55,375 --> 00:17:59,143
Also in the code was a reference
to a specific model number
312
00:17:59,145 --> 00:18:01,479
of one of its products,
313
00:18:01,481 --> 00:18:05,216
a mysterious device
called a PLC.
314
00:18:07,187 --> 00:18:08,219
CHIEN:
I didn't even know
what a PLC was.
315
00:18:08,221 --> 00:18:10,421
I had to Google for
what is a PLC.
316
00:18:10,423 --> 00:18:14,125
That even baseline knowledge,
we just did not have.
317
00:18:15,595 --> 00:18:18,229
NARRATOR:
What they learned is that a PLC
318
00:18:18,231 --> 00:18:21,165
is a programmable
logic controller--
319
00:18:21,167 --> 00:18:24,402
some kind of computer
used in industry.
320
00:18:24,404 --> 00:18:25,536
CHIEN:
We basically ordered one
321
00:18:25,538 --> 00:18:26,671
off an auction site.
322
00:18:26,673 --> 00:18:28,706
And I was expecting something
323
00:18:28,708 --> 00:18:30,842
the size of a mini refrigerator
to show up,
324
00:18:30,844 --> 00:18:32,577
something you might see
in a university dorm room.
325
00:18:32,579 --> 00:18:35,213
But instead, what showed up
was one of these:
326
00:18:35,215 --> 00:18:38,583
a tiny, tiny box that basically
has a mini computer inside
327
00:18:38,585 --> 00:18:42,620
that controls things
like the power grid, pipelines,
328
00:18:42,622 --> 00:18:45,089
factories
that are building cars.
329
00:18:45,091 --> 00:18:47,291
So PLCs are kind of
the unsung component
330
00:18:47,293 --> 00:18:50,228
that makes the world go round.
331
00:18:50,230 --> 00:18:53,731
They are used to make elevators
go up and down.
332
00:18:53,733 --> 00:18:55,800
They are used
in chemical plants,
333
00:18:55,802 --> 00:18:56,868
they control the recipe
334
00:18:56,870 --> 00:18:59,904
that gets put into drugs
and chemicals.
335
00:18:59,906 --> 00:19:02,540
They control
water distribution plants.
336
00:19:02,542 --> 00:19:05,610
They're used in the electrical
grid to control equipment.
337
00:19:05,612 --> 00:19:10,548
They're used surprisingly in
NASDAQ, in the trading systems.
338
00:19:10,550 --> 00:19:13,050
They're used in traffic lights.
339
00:19:13,052 --> 00:19:16,053
They're used to control trains.
340
00:19:16,055 --> 00:19:19,757
So you can see that these
components are really crucial
341
00:19:19,759 --> 00:19:23,494
and these systems were never
created with security in mind.
342
00:19:25,932 --> 00:19:28,900
NARRATOR:
So what was Stuxnet
ultimately after?
343
00:19:30,670 --> 00:19:33,838
The answer was discovered
in Hamburg, Germany,
344
00:19:33,840 --> 00:19:36,574
by a security expert.
345
00:19:36,576 --> 00:19:41,846
I had let's just say,
20 or 30 "holy cow" moments.
346
00:19:41,848 --> 00:19:45,583
What really blew my mind
was to see from day one
347
00:19:45,585 --> 00:19:47,518
how sophisticated the thing was.
348
00:19:49,255 --> 00:19:52,590
NARRATOR:
When he examined the code,
Ralph Langner saw that Stuxnet
349
00:19:52,592 --> 00:19:56,294
was not designed
to tamper with Siemens PLCs
350
00:19:56,296 --> 00:19:58,329
wherever it found them.
351
00:19:58,331 --> 00:20:01,232
It was hunting
for specialized equipment
352
00:20:01,234 --> 00:20:03,868
in a specific configuration,
353
00:20:03,870 --> 00:20:07,972
likely targeting
a single factory.
354
00:20:07,974 --> 00:20:11,075
I was like, "Holy cow,
this is a targeted attack?"
355
00:20:11,077 --> 00:20:13,211
And certainly we started
to wonder,
356
00:20:13,213 --> 00:20:18,049
"Wow, somebody's writing
the most sophisticated worm
357
00:20:18,051 --> 00:20:20,885
"that we have ever seen
only to hit one target?
358
00:20:20,887 --> 00:20:25,156
That must be quite
a significant target."
359
00:20:25,158 --> 00:20:26,724
NARRATOR:
But where?
360
00:20:26,726 --> 00:20:28,893
Stuxnet had come
to the attention of the world
361
00:20:28,895 --> 00:20:31,095
when a security expert found it
362
00:20:31,097 --> 00:20:33,364
infecting a client's
malfunctioning computer
363
00:20:33,366 --> 00:20:36,133
located in Iran.
364
00:20:36,135 --> 00:20:38,869
He then shared it
with other experts.
365
00:20:38,871 --> 00:20:41,172
For Langner,
the apparent epicenter
366
00:20:41,174 --> 00:20:45,643
of that original outbreak
proved a vital clue.
367
00:20:45,645 --> 00:20:47,812
LANGER:
In Iran, you don't have
an awful lot
368
00:20:47,814 --> 00:20:51,682
of significant
industrial facilities.
369
00:20:51,684 --> 00:20:56,153
Then the number of potential
targets that could be worth
370
00:20:56,155 --> 00:20:59,857
such an effort
shrinks down to just a few.
371
00:20:59,859 --> 00:21:03,928
And certainly the one
potential target that popped up
372
00:21:03,930 --> 00:21:06,197
was the Iranian nuclear program.
373
00:21:06,199 --> 00:21:11,102
NARRATOR:
Langner turned his attention
to two known nuclear facilities
374
00:21:11,104 --> 00:21:14,338
in Iran:
a power plant at Bushehr,
375
00:21:14,340 --> 00:21:19,110
and an enrichment plant
at Natanz.
376
00:21:19,112 --> 00:21:22,613
Natanz is an underground,
fortified facility,
377
00:21:22,615 --> 00:21:26,417
housing cylindrical centrifuges
used to isolate
378
00:21:26,419 --> 00:21:28,886
a rare form of uranium,
379
00:21:28,888 --> 00:21:31,722
a precursor to fueling
a power plant
380
00:21:31,724 --> 00:21:35,860
or making a nuclear weapon.
381
00:21:35,862 --> 00:21:38,596
The machines spin
at very high speed
382
00:21:38,598 --> 00:21:41,899
with little room for error,
383
00:21:41,901 --> 00:21:43,434
and their motors
and safety systems
384
00:21:43,436 --> 00:21:47,672
are under the control of PLCs.
385
00:21:47,674 --> 00:21:51,409
Examining photos from Natanz
made public
386
00:21:51,411 --> 00:21:53,678
by Iran's press office,
387
00:21:53,680 --> 00:21:56,947
and comparing the equipment in
them to the computer worm's code
388
00:21:56,949 --> 00:22:01,285
helped confirm
the identity of the target.
389
00:22:01,287 --> 00:22:04,455
LANGNER:
At the end of 2010,
we were able to show
390
00:22:04,457 --> 00:22:07,024
100% proof
391
00:22:07,026 --> 00:22:10,094
that we had a complete match
from the attack codes
392
00:22:10,096 --> 00:22:15,433
with the configuration of the
enrichment cascades in Natanz.
393
00:22:18,504 --> 00:22:21,372
NARRATOR:
This was conclusive proof
that a computer virus
394
00:22:21,374 --> 00:22:24,642
has been unleashed
against a military target.
395
00:22:24,644 --> 00:22:28,479
A true digital weapon.
396
00:22:28,481 --> 00:22:33,184
Langner circulated his discovery
among other security experts,
397
00:22:33,186 --> 00:22:35,086
who were stunned.
398
00:22:35,088 --> 00:22:37,722
CHIEN:
We weren't just protecting
16-digit credit card numbers,
399
00:22:37,724 --> 00:22:39,190
but potentially stumbling into
400
00:22:39,192 --> 00:22:42,493
something that had
geopolitical implications.
401
00:22:42,495 --> 00:22:49,333
NARRATOR:
But they still didn't understand
how the weapon worked.
402
00:22:49,335 --> 00:22:54,538
So Eric and Liam set out
to hack their own PLC.
403
00:22:54,540 --> 00:22:57,775
So here, I have a PLC, a
programmable logic controller.
404
00:22:57,777 --> 00:23:01,579
This model is a Siemens S300,
and that's the exact same model
405
00:23:01,581 --> 00:23:03,714
that was targeted by Stuxnet.
406
00:23:03,716 --> 00:23:05,616
Inside the PLC,
there's a small computer,
407
00:23:05,618 --> 00:23:09,320
and it's used for controlling
equipment in the real world
408
00:23:09,322 --> 00:23:11,789
like conveyor belts, motors,
409
00:23:11,791 --> 00:23:13,924
and, in this case,
I have an air pump.
410
00:23:13,926 --> 00:23:16,694
NARRATOR:
Turning the knob
starts a program
411
00:23:16,696 --> 00:23:19,697
that turns on the pump,
waits three seconds
412
00:23:19,699 --> 00:23:23,567
and then turns it off.
413
00:23:23,569 --> 00:23:27,204
What Stuxnet did
was it targeted this PLC.
414
00:23:27,206 --> 00:23:29,106
And even though you'd download
a program that says
415
00:23:29,108 --> 00:23:31,075
"operate an air pump
for three seconds,"
416
00:23:31,077 --> 00:23:34,111
in the background,
Stuxnet changes that code.
417
00:23:34,113 --> 00:23:36,213
It intercepts your request
and it puts malicious code
418
00:23:36,215 --> 00:23:38,416
onto the PLC instead.
419
00:23:38,418 --> 00:23:44,455
NARRATOR:
Liam has infected the laptop
with a Stuxnet-like virus.
420
00:23:44,457 --> 00:23:49,493
So now when he loads his program
onto the PLC...
421
00:23:49,495 --> 00:23:52,463
the virus steps in.
422
00:23:52,465 --> 00:23:58,135
(machine whirring)
423
00:23:58,137 --> 00:24:02,139
And something goes very wrong.
424
00:24:02,141 --> 00:24:06,177
(popping)
425
00:24:06,179 --> 00:24:07,912
In this case,
we popped a balloon,
426
00:24:07,914 --> 00:24:10,748
but imagine if that was
a gas pipeline or a power plant.
427
00:24:10,750 --> 00:24:13,584
That's what's at stake
in cyber attacks like this.
428
00:24:15,655 --> 00:24:20,057
NARRATOR:
Finally they understood enough
to reconstruct the attack.
429
00:24:22,628 --> 00:24:25,463
The Natanz plant was not
connected to the internet--
430
00:24:25,465 --> 00:24:28,265
a security measure.
431
00:24:28,267 --> 00:24:32,470
That explained why Stuxnet
was designed to copy itself
432
00:24:32,472 --> 00:24:37,741
via thumb drives, which could be
plugged into a computer
433
00:24:37,743 --> 00:24:43,147
on the internal network by a spy
or an unwitting plant worker.
434
00:24:43,149 --> 00:24:45,983
Once on the plant's
internal network of computers,
435
00:24:45,985 --> 00:24:50,955
Stuxnet would search for PLCs
in control of centrifuges.
436
00:24:50,957 --> 00:24:56,160
When it found a target,
it would lie in wait for weeks.
437
00:24:56,162 --> 00:25:01,198
But then Stuxnet would begin
tampering with the centrifuges,
438
00:25:01,200 --> 00:25:06,003
causing them to gradually
speed up and slow down,
439
00:25:06,005 --> 00:25:10,374
operating out of safe limits
until they broke.
440
00:25:13,546 --> 00:25:17,348
It's not clear
how long Stuxnet was active.
441
00:25:17,350 --> 00:25:21,185
But according to international
nuclear regulatory authorities,
442
00:25:21,187 --> 00:25:27,691
1,000 centrifuges mysteriously
failed over five months.
443
00:25:27,693 --> 00:25:31,462
There's no evidence
the Iranians even knew
444
00:25:31,464 --> 00:25:33,898
that they were under attack.
445
00:25:33,900 --> 00:25:38,802
But eventually the worm escaped,
spread using the internet,
446
00:25:38,804 --> 00:25:43,073
and was spotted and decoded
by security experts.
447
00:25:43,075 --> 00:25:47,378
Suddenly the stakes in
cyber security had gone way up.
448
00:25:47,380 --> 00:25:49,547
O'MURCHU:
I'm looking at a piece of code
449
00:25:49,549 --> 00:25:51,615
that could blow something up
in Iran.
450
00:25:51,617 --> 00:25:53,217
It was very, very scary
to realize
451
00:25:53,219 --> 00:25:54,785
that that's the destruction
that's possible now
452
00:25:54,787 --> 00:25:55,986
with this type of software.
453
00:25:55,988 --> 00:26:00,257
It was the first
real cyber sabotage threat
454
00:26:00,259 --> 00:26:02,526
that we've ever seen
that affected the real world.
455
00:26:04,263 --> 00:26:06,864
NARRATOR:
But unlike
a traditional weapon--
456
00:26:06,866 --> 00:26:08,399
a missile or a bomb--
457
00:26:08,401 --> 00:26:10,768
(explosion)
458
00:26:10,770 --> 00:26:15,606
it's almost impossible to know
for sure who launched it.
459
00:26:15,608 --> 00:26:20,411
But its complexity
was a big clue.
460
00:26:20,413 --> 00:26:22,012
CHIEN:
It was immediately obvious to us
461
00:26:22,014 --> 00:26:24,014
when we began looking
at this code that this was not
462
00:26:24,016 --> 00:26:26,317
two kids in the basement
in Kansas somewhere
463
00:26:26,319 --> 00:26:28,452
who had written
this particular threat.
464
00:26:28,454 --> 00:26:31,388
This was multiple teams
with different expertise
465
00:26:31,390 --> 00:26:35,259
who had come together
to create this one weapon.
466
00:26:35,261 --> 00:26:37,261
It was very clear to us
that this was at the level
467
00:26:37,263 --> 00:26:38,462
of a nation state.
468
00:26:38,464 --> 00:26:42,766
HAYDEN:
Someone--
probably a nation-state,
469
00:26:42,768 --> 00:26:45,269
because it's too hard to do
from a garage or a basement--
470
00:26:45,271 --> 00:26:49,873
just used a weapon
comprised of ones and zeros
471
00:26:49,875 --> 00:26:53,310
during a time of peace
to destroy what another nation
472
00:26:53,312 --> 00:26:55,479
could only describe
as critical infrastructure.
473
00:26:55,481 --> 00:26:58,749
LANGER:
Who would have the motivation
to do something
474
00:26:58,751 --> 00:27:01,819
against the Iranian
nuclear program?
475
00:27:01,821 --> 00:27:04,254
Obviously not Venezuela.
476
00:27:04,256 --> 00:27:06,490
I also say for somebody
of my background--
477
00:27:06,492 --> 00:27:07,858
director of CIA--
478
00:27:07,860 --> 00:27:10,394
crashing 1,000 centrifuges
at Natanz,
479
00:27:10,396 --> 00:27:12,863
almost an absolute good.
480
00:27:12,865 --> 00:27:17,234
LANGNER:
If you think about
who would have the capabilities
481
00:27:17,236 --> 00:27:21,805
to launch such an attack
of that sophistication,
482
00:27:21,807 --> 00:27:25,275
completely unprecedented,
483
00:27:25,277 --> 00:27:27,978
you would certainly think about
the United States
484
00:27:27,980 --> 00:27:28,946
in the first place.
485
00:27:32,518 --> 00:27:34,585
HAYDEN:
I say with great sincerity
486
00:27:34,587 --> 00:27:37,988
that it would be irresponsible
for someone of my background
487
00:27:37,990 --> 00:27:39,757
to even speculate
who may have done this.
488
00:27:42,595 --> 00:27:46,363
NARRATOR:
In June 2012, the New York Times
reported that Stuxnet
489
00:27:46,365 --> 00:27:49,033
was created jointly
by the NSA
490
00:27:49,035 --> 00:27:52,403
and Israeli intelligence.
491
00:27:52,405 --> 00:27:57,908
Then, in apparent retaliation,
the Saudi oil company Aramco
492
00:27:57,910 --> 00:28:02,312
was hit with a computer virus
in August 2012.
493
00:28:02,314 --> 00:28:04,615
They sent what's called
a wiper virus,
494
00:28:04,617 --> 00:28:08,519
which is actually sort of
a Fisher-Price,
495
00:28:08,521 --> 00:28:10,821
baby's first hack
kind of a cyber campaign.
496
00:28:10,823 --> 00:28:13,323
It's not sophisticated,
it's not elegant.
497
00:28:15,594 --> 00:28:17,695
NARRATOR:
But it was effective,
498
00:28:17,697 --> 00:28:22,166
destroying the data
on 30,000 computers.
499
00:28:22,168 --> 00:28:25,135
Then followed a coordinated
attack against American targets.
500
00:28:27,707 --> 00:28:32,476
CLARKE:
One by one, American banks--
Citibank, Bank of America,
501
00:28:32,478 --> 00:28:35,145
J.P. Morgan, SunTrust,
Wells Fargo--
502
00:28:35,147 --> 00:28:39,950
all had their web-facing
customer interface pages
503
00:28:39,952 --> 00:28:43,220
knocked offline.
504
00:28:43,222 --> 00:28:45,756
In other words,
if you were a Citibank customer
505
00:28:45,758 --> 00:28:48,358
and you went online
to do some banking,
506
00:28:48,360 --> 00:28:51,228
you couldn't get through.
507
00:28:51,230 --> 00:28:53,197
NARRATOR:
Attack and counterattack.
508
00:28:56,469 --> 00:28:59,036
But that's not
the end of the story.
509
00:28:59,038 --> 00:29:02,139
In fact, it may be
just the beginning.
510
00:29:02,141 --> 00:29:04,708
ZETTER:
Stuxnet was the blueprint
511
00:29:04,710 --> 00:29:08,212
that provided proof of concept
that such attack is possible.
512
00:29:08,214 --> 00:29:10,614
It's opened the door
onto a new era of warfare
513
00:29:10,616 --> 00:29:13,817
and I don't think
we fully understand now
514
00:29:13,819 --> 00:29:17,221
what the repercussions of it
will be.
515
00:29:17,223 --> 00:29:20,324
HAYDEN:
This is an incredibly important
event in our history.
516
00:29:20,326 --> 00:29:25,162
Theoretically,
this smells like August of 1945.
517
00:29:25,164 --> 00:29:27,231
(explosion)
518
00:29:27,233 --> 00:29:31,702
Somebody has used
an entirely new class of weapon
519
00:29:31,704 --> 00:29:33,470
to affect destruction.
520
00:29:33,472 --> 00:29:37,674
(loud explosion)
521
00:29:37,676 --> 00:29:42,012
NARRATOR:
The U.S. and Soviet Union
took decades to reach agreements
522
00:29:42,014 --> 00:29:45,849
to limit the buildup
of their nuclear arsenals.
523
00:29:45,851 --> 00:29:52,756
But with cyber weapons, we
may not have the luxury of time.
524
00:29:52,758 --> 00:29:55,726
The capability is spreading and
the number of targets exploding.
525
00:30:01,167 --> 00:30:03,734
Stuxnet exposed
the vulnerability
526
00:30:03,736 --> 00:30:08,739
of one kind of embedded computer
in industrial PLCs.
527
00:30:08,741 --> 00:30:13,777
But now there are embedded
computers all around us--
528
00:30:13,779 --> 00:30:16,747
from power stations
to pacemakers.
529
00:30:25,291 --> 00:30:27,825
Yoshi Kohno
is a security researcher
530
00:30:27,827 --> 00:30:32,095
who has an uncanny ability to
find frightening vulnerabilities
531
00:30:32,097 --> 00:30:37,901
in everyday technology--
like cars.
532
00:30:37,903 --> 00:30:40,204
KOHNO:
Modern automobiles have
ten sometimes up to 100
533
00:30:40,206 --> 00:30:41,772
different computers inside them.
534
00:30:41,774 --> 00:30:43,207
Essentially,
what we wanted to know,
535
00:30:43,209 --> 00:30:46,410
what might an unauthorized party
be able to do
536
00:30:46,412 --> 00:30:49,880
with an automobile
straight off the lot?
537
00:30:49,882 --> 00:30:53,717
NARRATOR:
Recently, he and his graduate
students demonstrated
538
00:30:53,719 --> 00:30:57,454
how a hacker could seize control
of a car.
539
00:30:58,591 --> 00:31:00,791
The model they chose
had a built-in
540
00:31:00,793 --> 00:31:05,462
emergency communication system
that works like a cell phone.
541
00:31:05,464 --> 00:31:10,500
They used that system
to call the car
542
00:31:10,502 --> 00:31:14,571
and remotely force malware
into its embedded computers,
543
00:31:14,573 --> 00:31:15,873
giving them control
544
00:31:15,875 --> 00:31:20,844
over electrical and mechanical
systems like door locks,
545
00:31:20,846 --> 00:31:23,914
and lights.
546
00:31:23,916 --> 00:31:28,118
Even the brakes.
547
00:31:28,120 --> 00:31:29,786
KOHNO:
Okay, Alexei, we've unlocked
the brake controller
548
00:31:29,788 --> 00:31:32,823
and just to verify,
you have your helmet on
549
00:31:32,825 --> 00:31:34,291
and all your safety precautions
in place, right?
550
00:31:34,293 --> 00:31:38,061
That's right, helmet on, gloves
on, strapped in and ready to go.
551
00:31:38,063 --> 00:31:40,964
Great, okay, go ahead and go,
and we will apply your brakes
552
00:31:40,966 --> 00:31:42,599
when you get
to the checkered flag area.
553
00:31:42,601 --> 00:31:45,068
NARRATOR:
By sending malicious code
to the car,
554
00:31:45,070 --> 00:31:48,972
they will try
to lock up the brakes.
555
00:31:55,581 --> 00:31:57,481
And we'll be applying
your brakes shortly.
556
00:32:00,986 --> 00:32:01,852
Right about now.
557
00:32:02,988 --> 00:32:05,055
(tires screeching)
558
00:32:05,057 --> 00:32:06,089
Oh, ooh, yeah, that worked!
559
00:32:06,091 --> 00:32:07,958
Ooh, is he going to go
to the wall?
560
00:32:07,960 --> 00:32:09,793
(laughing):
Are you okay, Alexei?
561
00:32:09,795 --> 00:32:16,667
NARRATOR:
In some cars, the steering,
air bags and accelerator
562
00:32:16,669 --> 00:32:18,535
are also hackable.
563
00:32:18,537 --> 00:32:22,773
And as more cars become
connected to the internet,
564
00:32:22,775 --> 00:32:27,077
the opportunities for attack
will increase.
565
00:32:27,079 --> 00:32:30,681
So far, many car-makers
have not made defense
566
00:32:30,683 --> 00:32:33,317
against cyber weapons
a top priority.
567
00:32:33,319 --> 00:32:36,353
(screeches)
568
00:32:36,355 --> 00:32:42,292
And the same may be true
for countless other companies,
569
00:32:42,294 --> 00:32:45,329
all racing to connect their
products to what's being called
570
00:32:45,331 --> 00:32:48,198
"the internet of everything."
571
00:32:48,200 --> 00:32:52,736
WOMAN:
Tailio turns any litter box
into a smart monitoring system.
572
00:32:52,738 --> 00:32:54,037
We have computers
in medical devices.
573
00:32:54,039 --> 00:32:55,539
We have computers in
automobiles.
574
00:32:55,541 --> 00:32:56,807
We have computers in airplanes
575
00:32:56,809 --> 00:32:58,775
and we actually have computers
in our homes.
576
00:32:58,777 --> 00:33:01,511
Home automation systems are
becoming increasingly popular.
577
00:33:01,513 --> 00:33:04,915
NARRATOR:
These are systems
that wirelessly link
578
00:33:04,917 --> 00:33:09,119
common appliances
like light switches, furnaces
579
00:33:09,121 --> 00:33:14,558
and door alarms to the internet
for remote control.
580
00:33:14,560 --> 00:33:18,428
But Yoshi wonders
if the rush towards convenience
581
00:33:18,430 --> 00:33:20,864
is stampeding over security.
582
00:33:22,634 --> 00:33:25,769
KOHNO:
You know, there's a lot of drive
towards pushing functionality,
583
00:33:25,771 --> 00:33:27,037
coming out with new technologies
584
00:33:27,039 --> 00:33:29,906
that do, you know,
amazing new and greater things.
585
00:33:29,908 --> 00:33:32,909
But not enough people
are stepping back and asking
586
00:33:32,911 --> 00:33:35,912
how might I also abuse it?
587
00:33:35,914 --> 00:33:38,081
And together with some students
that I work with
588
00:33:38,083 --> 00:33:40,484
at the University of Washington,
we wanted to figure out
589
00:33:40,486 --> 00:33:43,020
how secure are these home
automation systems actually.
590
00:33:46,291 --> 00:33:49,893
NARRATOR:
They decide to set up
in a Seattle coffee shop.
591
00:33:49,895 --> 00:33:52,929
WOMAN:
Got a 16-ounce latte.
592
00:33:52,931 --> 00:33:55,966
NARRATOR:
The kind of place where people
like to hang out
593
00:33:55,968 --> 00:33:57,868
because it offers free Wi-Fi.
594
00:34:01,273 --> 00:34:04,374
Alex Takakuwa
has an automation system at home
595
00:34:04,376 --> 00:34:06,343
and plays the innocent victim.
596
00:34:08,447 --> 00:34:11,515
Meanwhile, playing the part
of the attackers,
597
00:34:11,517 --> 00:34:14,484
are students Tope Oluwafemi
and Tariq Yusuf.
598
00:34:18,357 --> 00:34:21,558
This is an ideal public spot
to demonstrate how an attacker
599
00:34:21,560 --> 00:34:25,729
could gain control
of a complete stranger's home.
600
00:34:25,731 --> 00:34:30,400
They've set up a wireless
hotspot that masquerades
601
00:34:30,402 --> 00:34:32,369
as the coffee shop's own Wi-Fi.
602
00:34:35,407 --> 00:34:39,176
It's a notorious hacking ploy
and aptly named.
603
00:34:39,178 --> 00:34:42,045
It's called
an evil twin network.
604
00:34:42,047 --> 00:34:45,749
A really evil twin.
605
00:34:47,352 --> 00:34:49,853
NARRATOR:
The victim connects
to the evil twin
606
00:34:49,855 --> 00:34:55,859
and what's called a
man-in-the-middle attack begins.
607
00:34:55,861 --> 00:34:59,396
The attackers can now spy on
everything flowing to and from
608
00:34:59,398 --> 00:35:04,334
the victim's laptop.
609
00:35:04,336 --> 00:35:07,504
They observe
that Alex is connecting
610
00:35:07,506 --> 00:35:09,739
to a home automation system.
611
00:35:09,741 --> 00:35:13,810
They're able to see
his private login information.
612
00:35:14,880 --> 00:35:16,680
We're able to get credentials
613
00:35:16,682 --> 00:35:20,450
to access his home automation
system without him knowing.
614
00:35:20,452 --> 00:35:24,721
The next phase gives
the location of the house.
615
00:35:24,723 --> 00:35:29,993
They insert malicious code
into the home automation system.
616
00:35:29,995 --> 00:35:32,796
That code tricks it
into reporting
617
00:35:32,798 --> 00:35:35,565
the victim's GPS coordinates
back to the attackers
618
00:35:35,567 --> 00:35:39,569
every time the victim
logs in on his laptop.
619
00:35:39,571 --> 00:35:43,140
It takes a few days,
but eventually they're able
620
00:35:43,142 --> 00:35:45,108
to deduce
where the victim lives.
621
00:35:47,479 --> 00:35:49,379
We're able to get
his house coordinates,
622
00:35:49,381 --> 00:35:52,682
his GPS coordinates, and paid
him a nice little visit.
623
00:35:54,786 --> 00:35:57,420
NARRATOR:
Even in a simple demonstration
like this,
624
00:35:57,422 --> 00:35:59,322
bad things can happen.
625
00:36:01,093 --> 00:36:02,692
With a few key strokes
from their car,
626
00:36:02,694 --> 00:36:05,662
they unlock the doors
and stroll right in.
627
00:36:15,674 --> 00:36:17,374
In today's world,
embedded devices tend to be
628
00:36:17,376 --> 00:36:18,909
stripped-down computers
that are meant to do
629
00:36:18,911 --> 00:36:20,210
some set of specific tasks--
630
00:36:20,212 --> 00:36:22,312
automating things
like locks and lights.
631
00:36:22,314 --> 00:36:23,580
Oftentimes,
that means they stripped down
632
00:36:23,582 --> 00:36:25,015
the security as well.
633
00:36:25,017 --> 00:36:30,420
NARRATOR:
In the "internet of everything,"
every new device
634
00:36:30,422 --> 00:36:35,625
connected to the Web
brings both promise and peril.
635
00:36:35,627 --> 00:36:38,962
ROTHKOPF: Imagine a world with
50 billion microprocessors
636
00:36:38,964 --> 00:36:41,298
attached to the internet
in just five years.
637
00:36:41,300 --> 00:36:43,767
That's 50 billion
vulnerabilities,
638
00:36:43,769 --> 00:36:48,171
50 billion points of entry,
50 billion points of attack.
639
00:36:48,173 --> 00:36:51,975
NARRATOR:
The trick is to find
the right balance
640
00:36:51,977 --> 00:36:56,846
between convenience
and security.
641
00:36:56,848 --> 00:36:58,715
You can have
a solid concrete structure,
642
00:36:58,717 --> 00:37:02,719
and there's no way to get in,
no way to get out.
643
00:37:02,721 --> 00:37:04,788
That's secure,
not necessarily useful
644
00:37:04,790 --> 00:37:06,823
because no one can access it.
645
00:37:06,825 --> 00:37:10,393
As you add doors,
as you add windows,
646
00:37:10,395 --> 00:37:12,662
as you add ventilation,
647
00:37:12,664 --> 00:37:15,799
they become multiple points
of entry
648
00:37:15,801 --> 00:37:18,868
and multiple points to monitor
and figure out what's going on.
649
00:37:21,373 --> 00:37:24,241
NARRATOR:
Windows and doors
are easy to lock.
650
00:37:24,243 --> 00:37:27,110
Not so for devices
with embedded computers.
651
00:37:27,112 --> 00:37:29,012
KOHNO:
So let's say that you have
a children's toy
652
00:37:29,014 --> 00:37:32,816
and you suddenly start to add
some computer capabilities to it
653
00:37:32,818 --> 00:37:34,284
or a light switch
and you start adding
654
00:37:34,286 --> 00:37:35,885
computer capabilities to that.
655
00:37:35,887 --> 00:37:37,387
And it's the introduction
of computation
656
00:37:37,389 --> 00:37:38,788
and the ability for someone--
657
00:37:38,790 --> 00:37:41,458
if they have the ability to
connect to those computers--
658
00:37:41,460 --> 00:37:43,426
to force those computers
to misbehave.
659
00:37:43,428 --> 00:37:45,996
That's kind of the first step
in creating a potential
660
00:37:45,998 --> 00:37:47,364
for an attack scenario.
661
00:37:51,536 --> 00:37:55,205
NARRATOR:
Cyber attack scenarios
against critical infrastructure
662
00:37:55,207 --> 00:37:59,342
have been a concern for the
Department of Homeland Security
663
00:37:59,344 --> 00:38:03,580
at least since 2007,
when the agency commissioned
664
00:38:03,582 --> 00:38:06,883
an experiment called Aurora.
665
00:38:06,885 --> 00:38:10,620
The question experts wanted
to answer was a simple one:
666
00:38:10,622 --> 00:38:16,359
could a purely digital cyber
attack disrupt or disable
667
00:38:16,361 --> 00:38:19,329
a large generator
connected to the power grid?
668
00:38:21,566 --> 00:38:24,868
PERRY PEDERSON:
I was the director of the
control system security program
669
00:38:24,870 --> 00:38:28,271
at the Department
of Homeland Security.
670
00:38:28,273 --> 00:38:32,309
And during that time,
I ran the project
671
00:38:32,311 --> 00:38:35,445
that many people are familiar
with called Aurora.
672
00:38:35,447 --> 00:38:41,051
NARRATOR:
A team of electrical engineers
brought a 27-ton, heavy-duty
673
00:38:41,053 --> 00:38:44,354
diesel generator to a specially
built testing facility
674
00:38:44,356 --> 00:38:47,390
at the Idaho National Lab.
675
00:38:47,392 --> 00:38:51,561
After connecting the generator
to the power grid,
676
00:38:51,563 --> 00:38:54,731
they challenged a team
of computer security experts
677
00:38:54,733 --> 00:38:59,135
to use computer code
to knock the generator offline.
678
00:38:59,137 --> 00:39:03,573
The test was monitored
via closed circuit TV.
679
00:39:03,575 --> 00:39:06,843
PEDERSON:
In the video, you'll see it
running, humming along normally.
680
00:39:06,845 --> 00:39:10,013
And then you see the first hit.
681
00:39:13,118 --> 00:39:15,318
The first jump.
682
00:39:15,320 --> 00:39:17,654
You see the generator shudder.
683
00:39:19,925 --> 00:39:22,525
NARRATOR:
The jump occurred
almost immediately after
684
00:39:22,527 --> 00:39:24,294
the attackers sent
the first packet
685
00:39:24,296 --> 00:39:27,731
of malicious computer code.
686
00:39:27,733 --> 00:39:30,800
We wanted to hit it
and then wait and collect data
687
00:39:30,802 --> 00:39:34,170
and see what was happening
and then hit it again,
688
00:39:34,172 --> 00:39:37,340
collect some data and kind of
watch the progression
689
00:39:37,342 --> 00:39:40,777
of the damage to the generator.
690
00:39:44,416 --> 00:39:48,218
NARRATOR:
After the second attack,
the generator lurched again,
691
00:39:48,220 --> 00:39:52,222
belched ominous smoke
and ground to a halt.
692
00:39:52,224 --> 00:39:54,924
Not only was it knocked off
the grid,
693
00:39:54,926 --> 00:39:58,061
it was rendered
completely inoperable.
694
00:39:58,063 --> 00:40:04,334
JOE WEISS:
What they found when they opened
the generator was just failures
695
00:40:04,336 --> 00:40:07,070
with almost all parts
of the generator,
696
00:40:07,072 --> 00:40:09,439
both mechanical and electrical.
697
00:40:09,441 --> 00:40:13,276
So what you're really
talking about is essentially
698
00:40:13,278 --> 00:40:18,014
what you would do
with pieces of dynamite.
699
00:40:20,185 --> 00:40:22,752
PEDERSON:
So this was a tough machine.
700
00:40:22,754 --> 00:40:25,088
This was heavy duty.
701
00:40:25,090 --> 00:40:29,259
And it was designed to run
in severe conditions.
702
00:40:29,261 --> 00:40:31,194
If you were actually
doing that attack,
703
00:40:31,196 --> 00:40:35,398
there's no reason to pause
and wait in between.
704
00:40:35,400 --> 00:40:38,501
You simply put your software
on a loop,
705
00:40:38,503 --> 00:40:41,004
and you just keep hitting it
until it breaks.
706
00:40:43,809 --> 00:40:46,709
NARRATOR:
An attack like this could take
less than a minute.
707
00:40:46,711 --> 00:40:52,081
But leave consequences
that would last for months.
708
00:40:52,083 --> 00:40:54,417
WEISS:
If you damage or destroy these,
709
00:40:54,419 --> 00:40:58,354
you can't just go down to your
neighborhood hardware store
710
00:40:58,356 --> 00:40:59,789
and buy another.
711
00:40:59,791 --> 00:41:03,026
It could take you
maybe six to nine months
712
00:41:03,028 --> 00:41:05,361
to get another one of these.
713
00:41:05,363 --> 00:41:09,265
NARRATOR:
And according
to a government study,
714
00:41:09,267 --> 00:41:12,769
a coordinated attack on fewer
than a dozen power stations
715
00:41:12,771 --> 00:41:17,173
could cause a massive outage--
far more devastating
716
00:41:17,175 --> 00:41:22,846
even than the historic blackout
that hit the Northeast in 2003.
717
00:41:22,848 --> 00:41:25,882
WOMAN:
The brightness of car headlights
the only visible sight
718
00:41:25,884 --> 00:41:28,084
on 42nd Street tonight
as thousands wait
719
00:41:28,086 --> 00:41:30,119
under a cloud of total darkness.
720
00:41:30,121 --> 00:41:35,959
ZETTER:
All you would need to do is
take out about nine substations
721
00:41:35,961 --> 00:41:38,495
in an attack that could result
in a blackout
722
00:41:38,497 --> 00:41:41,431
for the majority of the U.S.
that could last weeks or months
723
00:41:41,433 --> 00:41:43,399
depending on
how the attack was designed.
724
00:41:47,339 --> 00:41:50,640
NARRATOR:
And it's not only the power grid
that's at risk.
725
00:41:50,642 --> 00:41:54,944
In 2014,
seven years after Aurora,
726
00:41:54,946 --> 00:41:59,148
DHS inexplicably released
an 800-page report
727
00:41:59,150 --> 00:42:01,618
on the Idaho demonstration.
728
00:42:01,620 --> 00:42:07,056
Inside were three alarming maps,
perhaps included by mistake.
729
00:42:09,327 --> 00:42:11,861
These were never supposed to be
declassified.
730
00:42:11,863 --> 00:42:15,899
NARRATOR:
The maps identify targets
like refineries
731
00:42:15,901 --> 00:42:19,135
and gas and water lines
that could be destroyed
732
00:42:19,137 --> 00:42:21,504
by rapidly disconnecting
and reconnecting them
733
00:42:21,506 --> 00:42:23,840
to the power grid.
734
00:42:23,842 --> 00:42:29,879
WEISS:
This is using the electric grid
as a means of attacking
735
00:42:29,881 --> 00:42:34,684
the industries connected
to the electric grid.
736
00:42:34,686 --> 00:42:41,591
You now have essentially a hit
list of critical infrastructure.
737
00:42:41,593 --> 00:42:44,827
NARRATOR: Surprisingly,
our most critical facilities
738
00:42:44,829 --> 00:42:48,298
like this electric power plant
must fend for themselves
739
00:42:48,300 --> 00:42:51,968
when it comes to defending
against cyber attack.
740
00:42:51,970 --> 00:42:56,039
Less than a third of electricity
generating facilities
741
00:42:56,041 --> 00:42:58,575
are big enough
to be required to abide
742
00:42:58,577 --> 00:43:01,844
by the strictest
cyber security rules.
743
00:43:03,715 --> 00:43:06,249
Yet the threat from cyber
is so worrisome
744
00:43:06,251 --> 00:43:08,885
that few power company
executives are willing
745
00:43:08,887 --> 00:43:11,020
to discuss the problem
on the record
746
00:43:11,022 --> 00:43:15,491
for fear of being targeted
by hackers.
747
00:43:15,493 --> 00:43:17,794
MAN:
I don't know how real
or how probable
748
00:43:17,796 --> 00:43:19,996
a cyber attack is.
749
00:43:19,998 --> 00:43:24,701
But I do know that protecting
against it is prudent.
750
00:43:24,703 --> 00:43:28,071
Just because I don't know
how likely something is...
751
00:43:28,073 --> 00:43:29,839
I don't know how likely
an earthquake is.
752
00:43:29,841 --> 00:43:31,641
I don't know how likely
a tornado is.
753
00:43:31,643 --> 00:43:35,478
I want to make it as hard
as possible for someone
754
00:43:35,480 --> 00:43:39,382
to attack our generators
and disrupt our society.
755
00:43:41,052 --> 00:43:44,787
NARRATOR:
There is a fix available
to defend against
756
00:43:44,789 --> 00:43:46,889
an Aurora-style attack.
757
00:43:46,891 --> 00:43:50,259
The cost for new equipment
is relatively low,
758
00:43:50,261 --> 00:43:52,528
but not many utilities
have installed it.
759
00:43:52,530 --> 00:43:57,000
Security remains alarmingly lax
at many power stations.
760
00:43:59,037 --> 00:44:02,238
MAN:
I was at a conference
and one of the engineers
761
00:44:02,240 --> 00:44:06,609
showed me how he had his iPhone
set up so he could control
762
00:44:06,611 --> 00:44:10,213
multiple power plants
at the same time.
763
00:44:10,215 --> 00:44:12,782
I went to look at it and
he said, "Be really careful.
764
00:44:12,784 --> 00:44:15,485
If you push that button,
they'll all trip off."
765
00:44:15,487 --> 00:44:18,655
I was speechless.
766
00:44:18,657 --> 00:44:21,424
I asked him,
"What do we do about security?"
767
00:44:21,426 --> 00:44:23,893
And he says,
"I make sure no one gets this."
768
00:44:23,895 --> 00:44:28,531
NARRATOR:
Until recently,
controls at power stations
769
00:44:28,533 --> 00:44:32,535
were mechanical switches
and immune to cyber attack.
770
00:44:32,537 --> 00:44:35,805
But now the drive
to put everything online
771
00:44:35,807 --> 00:44:38,474
has created a hole
in our defenses
772
00:44:38,476 --> 00:44:42,145
that no one seems able to plug.
773
00:44:42,147 --> 00:44:44,847
CLARKE:
I think the public believes
that the U.S. government--
774
00:44:44,849 --> 00:44:48,718
Cyber Command, NSA, FBI,
Homeland Security--
775
00:44:48,720 --> 00:44:53,656
have the capability to defend
the electric power grid,
776
00:44:53,658 --> 00:44:57,493
pipelines, trains,
banks that could be attacked
777
00:44:57,495 --> 00:45:01,330
by other nations through cyber.
778
00:45:01,332 --> 00:45:03,199
The truth is the government
doesn't have the capability,
779
00:45:03,201 --> 00:45:04,600
doesn't have
the legal authority,
780
00:45:04,602 --> 00:45:06,602
and doesn't have a plan
to do it.
781
00:45:06,604 --> 00:45:10,973
HAYDEN: And it's not a question
yet of resources.
782
00:45:10,975 --> 00:45:13,376
It's a question of policy.
783
00:45:13,378 --> 00:45:14,777
What do you want
these guys to do?
784
00:45:14,779 --> 00:45:18,981
What is it will you tolerate
them doing to defend you
785
00:45:18,983 --> 00:45:22,285
on a network in which
your emails and mine
786
00:45:22,287 --> 00:45:25,354
are skidding about freely?
787
00:45:25,356 --> 00:45:30,359
NARRATOR:
Policymakers have not given
the NSA and Cyber Command
788
00:45:30,361 --> 00:45:33,496
the mission of securing
the internet,
789
00:45:33,498 --> 00:45:36,466
which may be fine with them.
790
00:45:36,468 --> 00:45:39,602
Because these agencies
are deploying ambitious
791
00:45:39,604 --> 00:45:44,607
offensive programs that exploit
common security weaknesses.
792
00:45:44,609 --> 00:45:48,911
NSA documents contain references
to programs
793
00:45:48,913 --> 00:45:53,182
with fanciful codenames
Like "TREASUREMAP"
794
00:45:53,184 --> 00:45:55,985
an attempt to identify
and track every device
795
00:45:55,987 --> 00:46:01,591
connected to the Web--
anywhere, all the time.
796
00:46:01,593 --> 00:46:05,461
And "QUANTUMTHEORY,"
a suite of programs that aims
797
00:46:05,463 --> 00:46:09,398
to insert malware implants
into computers and networks
798
00:46:09,400 --> 00:46:13,269
around the world.
799
00:46:13,271 --> 00:46:14,971
And Quantum you can think of
as almost this sort of
800
00:46:14,973 --> 00:46:18,508
industrial-scale spread
of computer viruses.
801
00:46:18,510 --> 00:46:21,177
It's a system that the NSA
developed that allows it to,
802
00:46:21,179 --> 00:46:24,580
in a very quick and efficient
manner, implant viruses,
803
00:46:24,582 --> 00:46:27,283
what are known as malware
or malicious software
804
00:46:27,285 --> 00:46:28,718
on computers around the world.
805
00:46:28,720 --> 00:46:30,787
Think of it sort of
as a big launching platform
806
00:46:30,789 --> 00:46:32,054
for cyber weapons.
807
00:46:32,056 --> 00:46:35,758
NARRATOR:
The ultimate goal
is to establish
808
00:46:35,760 --> 00:46:40,696
hundreds of thousands of
stealthy access points globally
809
00:46:40,698 --> 00:46:46,736
to spy or to deal a devastating
cyber counterstrike.
810
00:46:46,738 --> 00:46:50,306
But the emphasis on offense
comes at a price.
811
00:46:50,308 --> 00:46:52,775
To ensure they'll always
have a back door
812
00:46:52,777 --> 00:46:56,412
into their target's systems,
the NSA and Cyber Command
813
00:46:56,414 --> 00:46:58,548
keep the computer
vulnerabilities
814
00:46:58,550 --> 00:47:00,416
they exploit secret.
815
00:47:00,418 --> 00:47:05,488
But that leaves the same
back doors open everywhere--
816
00:47:05,490 --> 00:47:10,593
even here at home
undefended against attack.
817
00:47:10,595 --> 00:47:13,262
Which raises a question--
what's more important:
818
00:47:13,264 --> 00:47:17,133
a good offense
or a good defense?
819
00:47:17,135 --> 00:47:22,538
SNOWDEN:
Defending ourselves
from internet-originated attacks
820
00:47:22,540 --> 00:47:26,943
is much, much more important
than our ability
821
00:47:26,945 --> 00:47:29,045
to launch attacks
822
00:47:29,047 --> 00:47:30,746
because when it comes to the
internet,
823
00:47:30,748 --> 00:47:32,982
when it comes
to our technical economy,
824
00:47:32,984 --> 00:47:36,786
we have more to lose
than any other nation on earth.
825
00:47:36,788 --> 00:47:41,724
So we shouldn't be making
the internet a more hostile,
826
00:47:41,726 --> 00:47:45,728
a more aggressive territory.
827
00:47:45,730 --> 00:47:47,630
We should be making it a
more trusted environment,
828
00:47:47,632 --> 00:47:49,332
making it a more
secure environment.
829
00:47:49,334 --> 00:47:54,170
NARRATOR:
The U.S. economy
depends on the internet.
830
00:47:54,172 --> 00:47:59,442
Failures to defend it
are already costing us dearly.
831
00:47:59,444 --> 00:48:03,846
Every day foreign hackers
make thousands of digital forays
832
00:48:03,848 --> 00:48:08,184
against targets inside the US.
833
00:48:08,186 --> 00:48:11,621
Some of these
are like spying on steroids
834
00:48:11,623 --> 00:48:14,790
and can do real
military damage--
835
00:48:14,792 --> 00:48:17,827
something kept hidden
from the public.
836
00:48:17,829 --> 00:48:19,795
A secret document
in the Snowden archive
837
00:48:19,797 --> 00:48:24,300
reveals that the Chinese have
stolen "many terabytes of data"
838
00:48:24,302 --> 00:48:26,736
related to the design
of one of America's
839
00:48:26,738 --> 00:48:31,807
most advanced fighter planes--
the Joint Strike Fighter.
840
00:48:31,809 --> 00:48:35,077
HARRIS:
And when they investigated this,
they found that hackers
841
00:48:35,079 --> 00:48:37,713
were stealing this information
not from military networks,
842
00:48:37,715 --> 00:48:40,216
but from the companies
that are building these systems
843
00:48:40,218 --> 00:48:41,350
for the military.
844
00:48:41,352 --> 00:48:43,853
The extent of damage
was pretty significant.
845
00:48:48,159 --> 00:48:51,360
NARRATOR:
And it's not only
defense contractors.
846
00:48:51,362 --> 00:48:53,029
There's a new kind of attack--
847
00:48:53,031 --> 00:48:57,300
a nation-state going after
a purely civilian business--
848
00:48:57,302 --> 00:49:01,938
using cyber as a weapon
of intimidation and blackmail.
849
00:49:03,808 --> 00:49:08,177
In late 2014, Sony Pictures
releases a trailer
850
00:49:08,179 --> 00:49:12,081
for a political comedy
called The Interview.
851
00:49:12,083 --> 00:49:13,416
JAMES FRANCO:
Three weeks from tonight
852
00:49:13,418 --> 00:49:17,186
I will be traveling to
Pyongyang, North Korea!
853
00:49:17,188 --> 00:49:19,255
Hello, North Korea!
854
00:49:19,257 --> 00:49:21,824
NARRATOR:
The absurd premise involves
an assassination plot
855
00:49:21,826 --> 00:49:25,394
against Kim Jung Un,
leader of North Korea.
856
00:49:25,396 --> 00:49:27,396
You want us to kill
the leader of North Korea?"
857
00:49:27,398 --> 00:49:28,064
Yes.
858
00:49:28,066 --> 00:49:30,566
What?
859
00:49:30,568 --> 00:49:35,004
NARRATOR:
Shortly before the movie's
release-- a cyber attack.
860
00:49:35,006 --> 00:49:38,407
The FBI is investigating
that destructive cyber attack
861
00:49:38,409 --> 00:49:40,009
at Sony Pictures.
862
00:49:41,579 --> 00:49:45,047
NARRATOR:
Hackers calling themselves
the "Guardians of Peace"
863
00:49:45,049 --> 00:49:46,983
reveal that they have
broken into
864
00:49:46,985 --> 00:49:49,018
Sony's corporate
computer network
865
00:49:49,020 --> 00:49:53,756
and seem to threaten a 9/11 type
attack on theatergoers
866
00:49:53,758 --> 00:49:55,825
if Sony releases the film.
867
00:49:55,827 --> 00:50:01,697
Within weeks, the FBI claimed
to have top-secret intelligence
868
00:50:01,699 --> 00:50:05,234
that pointed to North Korea
as the culprit.
869
00:50:05,236 --> 00:50:07,436
JAMES COMEY:
There is not much in life
870
00:50:07,438 --> 00:50:09,138
that I have high confidence
about.
871
00:50:09,140 --> 00:50:12,975
I have very high confidence
about this attribution.
872
00:50:12,977 --> 00:50:15,611
As does the entire
intelligence community.
873
00:50:15,613 --> 00:50:18,547
They caused a lot of damage.
874
00:50:18,549 --> 00:50:23,019
And we will respond.
875
00:50:23,021 --> 00:50:25,688
We will respond proportionally,
and we'll respond
876
00:50:25,690 --> 00:50:29,792
in a place and time
and manner that we choose.
877
00:50:29,794 --> 00:50:32,561
HARRIS:
The hard part
for the White House
878
00:50:32,563 --> 00:50:36,532
was not attributing
the Sony attack to North Korea.
879
00:50:36,534 --> 00:50:38,601
The hard thing
was what do you do about it?
880
00:50:38,603 --> 00:50:40,236
Because if the president
of the United States
881
00:50:40,238 --> 00:50:42,338
is going to come out
and publicly point the finger
882
00:50:42,340 --> 00:50:44,540
at a country for being behind
a cyber attack,
883
00:50:44,542 --> 00:50:46,308
there are going to have to be
consequences.
884
00:50:46,310 --> 00:50:52,014
NARRATOR:
But calibrating that response
is difficult.
885
00:50:52,016 --> 00:50:54,884
ROTHKOPF:
The White House has suggested
886
00:50:54,886 --> 00:50:58,387
that one centerpiece of their
response to cyber attacks
887
00:50:58,389 --> 00:51:00,956
would be what they called
naming and shaming.
888
00:51:00,958 --> 00:51:03,726
Well, you know,
naming and shaming may work
889
00:51:03,728 --> 00:51:06,295
in a kindergarten class
when somebody steals cookies
890
00:51:06,297 --> 00:51:08,030
that were intended
for another child,
891
00:51:08,032 --> 00:51:10,733
but it's not going to work
with Vladimir Putin,
892
00:51:10,735 --> 00:51:14,737
the supreme leader in Iran,
or the Chinese.
893
00:51:18,076 --> 00:51:19,809
NARRATOR:
Cyber war has plunged the world
894
00:51:19,811 --> 00:51:23,012
into chaotic,
uncharted territory.
895
00:51:23,014 --> 00:51:27,683
Today, a single spy
can stealthily steal secrets
896
00:51:27,685 --> 00:51:29,819
in volumes larger
than all the books
897
00:51:29,821 --> 00:51:32,788
in the library of Congress.
898
00:51:34,859 --> 00:51:38,961
And nation states
are playing a dangerous game
899
00:51:38,963 --> 00:51:44,233
using cyber weapons
that could trigger a wider war.
900
00:51:44,235 --> 00:51:46,702
ZETTER:
There have been officials
in the past that have said,
901
00:51:46,704 --> 00:51:48,971
you know, "If you take down
our power grid,
902
00:51:48,973 --> 00:51:51,407
you can expect a missile
down your smokestacks."
903
00:51:54,045 --> 00:51:56,879
I think it's highly likely
that any war that began
904
00:51:56,881 --> 00:52:01,650
as a cyber war would ultimately
end up being a conventional war,
905
00:52:01,652 --> 00:52:03,352
where the United States
906
00:52:03,354 --> 00:52:07,456
was engaged with bombers
and missiles.
907
00:52:09,694 --> 00:52:14,463
NARRATOR:
The number of nations armed with
cyber weapons is in the dozens,
908
00:52:14,465 --> 00:52:18,534
not to mention terrorists
and criminal hackers.
909
00:52:18,536 --> 00:52:21,537
And unless we find a way
to counter these threats,
910
00:52:21,539 --> 00:52:25,007
there is a very real danger
that we will turn
911
00:52:25,009 --> 00:52:28,244
one of our greatest inventions--
the internet--
912
00:52:28,246 --> 00:52:31,447
into a dangerous battlefield.
913
00:52:42,326 --> 00:52:44,293
On NOVA's website,
find in-depth interviews
914
00:52:44,295 --> 00:52:47,129
with Edward Snowden
and other experts.
915
00:52:47,131 --> 00:52:49,565
Check out some of
the NSA's astonishing
916
00:52:49,567 --> 00:52:51,300
cyber spying gadgets.
917
00:52:51,302 --> 00:52:53,269
Or try our cyber security game
918
00:52:53,271 --> 00:52:55,604
and learn how to keep
your digital life safe,
919
00:52:55,606 --> 00:52:59,608
spot cyber security scams, and
defend against cyber attacks.
920
00:52:59,610 --> 00:53:02,077
Also, watch
original video shorts,
921
00:53:02,079 --> 00:53:06,048
explore in-depth reporting,
and dive into interactives.
922
00:53:06,050 --> 00:53:08,551
Find us at pbs.org/nova.
923
00:53:08,553 --> 00:53:10,553
Follow us on Facebook
and Twitter.
924
00:53:12,089 --> 00:53:14,990
They come from below.
925
00:53:28,272 --> 00:53:31,207
This NOVA program is available
on DVD.
926
00:53:31,209 --> 00:53:36,212
To order, visit shopPBS.org,
or call 1-800-play-PBS.
927
00:53:36,214 --> 00:53:36,212
NOVA is also available
for download on iTunes.