4 December 2016

What we learned from Zero Days, a doc about the self-replicating computer virus developed by the U.S. to cripple Iran’s nuclear program

Chris Knight

Alex Gibney has been busy. The documentary director released two films last year – Steve Jobs: The Man in the Machine and Going Clear: Scientology and the Prison of Belief – in addition to TV work and producing credits. His newest, Zero Days, is about a self-replicating computer virus called Stuxnet, developed by the U.S. and Israeli governments to cripple Iran’s nuclear industry, but which ultimately spread around the world.

Here are five things we learned from the doc: It’s not officially called Stuxnet

Actually, it’s not officially called anything, since no one seems willing to go on the record about it. But off the record, says one source, it was known as Olympic Games, or OG. “Saying Stuxnet out loud was like saying Voldemort in Harry Potter.” The next cyber weapon, still in the bottle, is Nitro Zeus, and it is “ready to corrupt, degrade and destroy” civilian as well as military systems.

Zero Day sounds ominous because it is

The film’s title refers to a “zero-day” vulnerability – an undisclosed flaw in a piece of software, which hackers can use to attack a computer system. While taking advantage of one zero-day weakness is fairly common in cyber-attacks, Stuxnet made use of four.

Centrifuges are delicate

If you’ve ever heard about centrifuges being used to enrich uranium for nuclear weapons, you may have pictured something like a souped-up salad spinner. In fact, these machines spin at more than 60,000 revolutions per minutes, approaching the speed of sound, and are made of metal (which expands when heated) and carbon fibre (which contracts). Rev them up to 80,000 rpm or drop them down to 100, as Stuxnet was programmed to do, and the centrifuge becomes unbalanced – like a washing machine, but with far more catastrophic results.

The U.S. government created a new agency for cyber warfare

Founded in 2009, U.S. Cyber Command has the authority to carry out cyber-attacks. But only the National Security Agency has the ability. Conveniently, both are located in the same building in Fort Meade, Maryland, and the director of the NSA also heads up Cyber Command.

No comments: