I’m “biast” (con): nothing
(what is this about? see my critic’s minifesto)
Cyber warfare is here. And I’m not referring to the Russian hacking of DNC servers during the recent US presidential election. The cyber equivalent of Hiroshima happened several years ago, and it wasn’t the Russians who dropped the bomb. It was the US and Israel, and it’s what outgoing president Barack Obama was referring to when he said, in his farewell speech the other day, that he had “shut down Iran’s nuclear weapons program without firing a shot.” He was talking about Stuxnet, the malware that sneakily threw Iran’s delicate nuclear-fuel-refining centrifuges out of whack in 2010, which preceded more diplomatic efforts to convince Iran to get out of the bomb business.
We are living in the future, and not in a good way.
I don’t think Obama has ever overtly acknowledged that the US was responsible for Stuxnet. And in his latest documentary, the fascinating and horrifying Zero Days, Alex Gibney (The Armstrong Lie, Mea Maxima Culpa: Silence in the House of God) tries to get people — intelligence operatives, politicians, cyber experts, and others in the know — to talk openly about Stuxnet, but everyone’s lips are officially sealed. The film opens with a montage of talking heads spouting variations on “I don’t know anything, and if I did I couldn’t tell you anyway.” It would be funny if it weren’t so frustrating. Gibney wants to use the Stuxnet offensive as the jumping-off point to talk about cyber warfare in a larger, more philosophical, more socially imperative sense, but as he asks with wry irritation, “How can you have a debate if everything is secret?”
We could see for ourselves the impact of nuclear weapons, as Gibney notes, and that fueled the cultural discussion about their use. How do we reach the same level of awareness if no one will talk about nation-state-sponsored malware and if the ordinary person cannot see how it works? So, Gibney suggests, let’s look at the Stuxnet code itself, which is not secret. He turns to the global civilian security industry — which, intriguingly, shares info among itself even across acrimonious borders; Russians and Americans are cooperating in this area — to explain how it is possible to figure out from the code itself who created it and what it does. (When Donald Trump decides he wants a primer on cyber forensics, he could start with this movie.)
You don’t need to be very computer savvy to understand the basics, which are set out very clearly, most centrally and rather entertainingly, by Eric Chien and Liam O’Murchu from Internet security firm Symantec. (It’s from them that we learn what the title refers to: a “zero day exploit” spreads without you having to do anything, like click on a link to download a file; it remains secret until it starts doing whatever it is intended to do, and so there is no patch to fix it.) Among the superscary things we discover is that even though at the time Stuxnet was the most sophisticated malware ever seen (it may now have been surpassed), it wasn’t perfect, and it spread much further and wider than it may have been intended to: it infected millions of computers all around the planet, and while lots of experts could see that it was there, no one knew initially what it would do. (What if it had been designed to shut down the power across an entire country, or targeted other critical infrastructure?) Even more terrifying, malware such as Stuxnet is like a bomb that explodes but can subsequently be picked up and used again. Once the code is out there, anyone can see it and alter it and use it however they want.
And that is indeed what happened with Stuxnet. You’ll have to see Zero Days to get the full story. This is a gripping detective story at “the strange intersection of cyber, nuclear weapons, and espionage,” says Gibney. My favorite muckraking docu-journalist, he digs and pushes and doesn’t give up until he gets answers — some via anonymous CIA sources who will scare the life out of you — about the real-world physical damage computer code can wreck. The public debate Gibney wants to have about cyber warfare needs to start yesterday. And Zero Days is the opening statement.