The Code War: Alex Gibney's Disturbing Film Reveal the Dark Forces Behind the Stuxnet Computer Worm
July 3, 2016 Reviewed by Gar Smith / The Berkeley Daily Planet
Alex Gibney's new film, Zero Days, makes a convincing case that the US (in partnership with Israel) created the Student computer virus in a secret plot to destroy Iran's nuclear processing ability. The suspicion is that US hoped to forestall an impending Israeli air attack that could have spread fallout over the region -- and may well have triggered a major (perhaps cataclysmic) war.
(July 3, 2016) -- Welcome to the Brave New World of Cyber War. Our guide today is Alex Gibney, acclaimed director of Taxi to the Dark Side, We Steal Secrets, and ENRON: The Smartest Guys in the Room. We're in good hands: Gibney has been honored with Oscars, Emmys, Grammys, the Peabody, the Writers Guild of America Award and (in 2013) the International Documentary Association’s Lifetime Achievement Award.
Several weeks ago, Gibney visited San Francisco for a Q&A following a press screening of Zero Days, his edgy new documentary about the Stuxnet computer virus that destroyed Iran's uranium centrifuges and went on to wreak cyber-havoc around the world.
Accompanying Gibney to the SF screening were Eric Chen and Liam O'Murchu, two local computer geeks from Semantec. Chen and O'Murchu are the "heroes" of the film. Their work-day job at Semantec is to protect computers from viruses and malware. To do that, they need to identify and track the nature of each example of cyber-snarkiness that comes their way. But they had never seen anything like the Stuxnet worm. (No one had.) It was these two guys who gave the worm its name.
Gibney's investigation makes a convincing case that the US (in partnership with Israel) created the worm to destroy Iran's nuclear processing ability. The suspicion is that US hoped to forestall an impending Israeli air attack that could have spread fallout over the region -- and may well have triggered a major (perhaps cataclysmic) war.
Zero Days dives behind the algorithmic veils of computer science to troll the complexities of cyberwar with keen eye and a curious mind. In a world of techno-terms and shorthand identifiers -- LLPs, P-1s, IR-2s -- it would be easy to loose track of the proceedings. (Take, for example, this explanation: "The ICS worm now developed would hit every machine on the net in an hour. Stuxnet would affect every Microsoft machine it encountered and would activate once it found a compatible LLP.") Fortunately, Gibney keeps the journey lively with cinematic tricks and lots of key-player interviews.
Watching the film's animated invocations of cyberspace leaves viewers swimming through a dark soup where billions of numbers and letters march and arch in lockstep to some unknowable purpose. Sometimes, in this vast swath of cosmic complexity, a single short line of identifiable code might be spotted. That, in turn, can lead to other bits of traceable data. With enough pieces, a puzzle may begin to emerge. Then the challenge is to "solve" the puzzle. But when you're dealing with terabytes, petabytes, exabytes, zetabytes and yottabytes of data, "connecting the dots" becomes a Heculean task.
Surprise factoid: The Semantecnicians confirmed that you can use a Microsoft word search to look for -- and find -- tell-tale bits of hidden code.
The most memorable effect in Zero Days is an "anonymous" insider who appears as a disembodied female face suspended in a black void and defined by a floating veil of computerized netting. (Gibney explained the character's testimony is a composite of more than a dozen individuals who agreed to be interviewed on the promise of anonymity. He also explained that he chose to make his "insider" a female because "there were no other women in the film." Cyberwar, wouldn't you know, is still largely a "man's world.")
The Growing Problem of Cyberwar Attacks
In today's "connected" world, computers can be targeted for destruction just like the jihadists and "collaterals" on Obama's Tuesday Kill List. But instead of using a "killer drone" (courtesy of General Atomics, at 3 million taxpayer-dollars-per-shot) modern, militarized nation-states use complex codes that can be smuggled into an "enemy country" and covertly injected into a computer system via a thumbdrive. It's a new era of global combat. Call it the Code War.
In August 2012, an unprecedented hack-attack fried 30,000 Internet workstations at Saudi Arabia's massive ARAMCO oil facility. An unknown (and possibly fictitious) group called the "Cutting Sword of Justice" claimed responsibility for the disabling attack.
Beginning in September 2013, a series of cyber attacks began hammering major US banks over a period of weeks. Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, BB&T and HSBC were all hit by sophisticated "distributed denial of service attacks."
In December 2015, when Ukraine's power grid went out for six hours it was clearly seen as a nation-state cyberattack. Desperate operators were forced to switch to manual mode -- flipping physical switches instead of typing orders on a keyboard. (The US generally doesn't have that "luxury" but some older systems made protection possible.)
In New York State, a small dam was attacked by an attempted cyber-strike but, fortunately, no serous damage was done. Were Iranian hackers behind this incident? Russia? China? If anyone knows, they aren't talking.
Cyberwar is a spreading menace: During the Q&A, Semantec's two cyber-sleuths estimated there have been 80 to 100 significant "government actions" over recent years.
The US may not have been the first out-of-the-gate in the cyber-war arms race, but it was soon in the saddle. "Once it happened," one insider recalls, it was a simple matter of realizing, ""Hey, we could be doing this."
So the US secretly devised a "superworm" of unprecedented power. But, something went wrong and, after taking out Iran's centrifuges (by causing them to spin with increasing speed until they self-destructed), the worm began to spread. It quickly spilled beyond Iran's borders and spread around the world, leaping from one hemisphere to the next, taking down thousands of computers as it multiplied and self-replicated. And eventually it "came home to roost," devastating systems in the US itself.
Even the Department of Homeland Security was kept out of the loop. The DHS had no response plan when the Stuxnet virus began to eat its way into the Homeland's computers. A DHS spokesperson later confessed: "We didn't know the threat was homemade."
Why did Stuxnet 'go rogue'? According to Gibney's investigation, it was a case of "blowback." Unbeknownst to the US, its co-partner Israel secretly changed the code to be more aggressive. Three viruses were released. Some had longer play periods before they "activated." In the first version, the program allowed 12 days before activation. The activation trigger was shortened in later versions.
Behind the Wall of Secrecy
"There are so many secrets it's hard to get to the bottom of the story," Gibney told the roomful of reviewers. "Everything is secret. People could be playing games with you. It was not neat and tidy -- and that's what made it exciting."
There is a pervasive fear of prosecution (quietly and before special courts) for anyone who dares to reveal state secrets involving Washington's cyber warfare programs.
Gen. James Cartwright, a four-star general who was vice chair of the Joint Chiefs from 2007 to 2011, ran the cyber operation, (code name: Olympic Games) under the Bush and Obama administrations. In 2010, an attack by the Stuxnet worm disabled 1,000 centrifuges that the Iranians were using to enrich uranium.
Cartwright, the former second ranking officer in the U.S. military became the target of a Justice Department investigation into a politically sensitive leak of classified information about Stuxnet.
Chien and O'Murchu spent months looking for encoded clues encased in the complex, multi-layered depths of the Stuxnet virus. They were virtually on their own: there was no academic or systemic record to explore. As one cyber-warfare insider explains, the whole enterprise is "hideously over-classified."
When the two investigators realized how advanced and complicated the code was, they began to get concerned about their own safety. After all, a number of nuclear scientists had been brutally assassinated in Iran (Israeli agents were suspected). Both Semantecers became convinced their phones were being tapped.
Gibney was also concerned about his own security. He explained that, while writing his screenplay, he relied on "encryption technology" to avoid the possibility that his work might be monitored online. In this case, "encryption technology" meant transcribing audio recordings of his interviews on an old-fashioned electronic typewriter.
Some observers believe the Stuxnet attack played a large role Iran's decision to agree to a nuclear deal with the West.
At the press conference, Gibney mentioned an interview with former Washington Post staffer Brian Krebs who specializes on cybercrime and security topics. The Krebs interview was deleted from the film but you can expect to see it on the "bonus reel" when Zero Days in released on the DVD.)
But don't wait for the DVD. See Zero Days now.
And back up your computer.
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.