The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar

00:01

a secret facility in Iran renews fears

00:02

of a nuclear threat the nations of the

00:05

world must not permit the Iranian regime

00:08

to gain nuclear weapons a computer virus

00:10

that has never been seen before this

00:12

isn't two kids in the basement in Kansas

00:13

throwing some code together the virus

00:16

sabotages that secret facility it used

00:18

very Advanced capabilities to cover

00:20

itself or obfuscate itself who built it

00:23

in why is a mystery this was an act of

00:26

War it was an act of War without there

00:28

being a war stuck is the world's first

00:30

known cyber

00:43

[Music]

00:52

weapon there are conflicts being waged

00:54

all around us ones we can't see hackers

00:57

are poised to dominate the 21st century

01:00

reshaping geopolitical

01:02

Landscapes sometimes on behalf of

01:04

terrorists but often for governments or

01:06

just because they think it's

01:08

right as a reporter I've been covering

01:11

National Security for vice and

01:12

increasingly my job is to track these

01:14

digital battles there's one computer

01:17

virus that really showed how far

01:18

everything had come in the early 2000s

01:21

the US began to fear that Iran it's

01:23

sworn enemy since 1979 was secretly

01:26

developing its own nuclear weapons the

01:28

UN responded with San s the US and

01:30

Israel threatened war and then a

01:33

mysterious computer virus dub stuck net

01:36

appeared in June

01:40

2010 we're head to sanch yes the same

01:43

company that's protecting your desktop

01:45

from malware to talk to an engineer and

01:48

expert who forensically took apart stuck

01:50

net and figured out that it wasn't just

01:52

some run-of-the-mill trojan

01:57

virus I got in touch with sanch security

01:59

researcher Eric Chen he did some of the

02:02

most in-depth analysis of the virus when

02:03

it first appeared the average threat

02:05

that we look at can take us 5 to 20

02:07

minutes to look at and we know exactly

02:10

what it does and stet took us months

02:14

more than three months to look at so it

02:15

just can give you a sense of how

02:19

difficult how large and how complicated

02:21

uh the threat was so why don't you tell

02:23

me how you discovered stuck net so

02:25

basically what happened was another

02:27

security company that was based in b Bru

02:30

uh found this binary and it had

02:32

something in it that was called a zero

02:33

day why don't you tell me what a zero

02:35

day is a zero day basically is when you

02:38

have what's called a vulnerability or

02:39

you have a hole sort of in your computer

02:41

a bug of some sort that allows someone

02:43

to execute code on your machine without

02:45

you knowing it your computer just has to

02:47

be on and maybe even connected to the

02:49

internet and that's it you don't have to

02:51

be logged in you don't have to be

02:52

browsing the web you don't have to

02:53

double click on any files and so that

02:54

means you have no way to protect

02:55

yourself what about it had you never

02:57

seen before an average threat doesn't

02:59

have any sort of exploit inside of it

03:01

this thing had four zero days inside of

03:03

it what sets a zero day apart is that

03:05

it's a security flaw that there's no fix

03:07

for Zer days are incredibly rare and for

03:09

that reason incredibly valuable what was

03:12

the specifics of it that set off an

03:15

alarm there's these skada strings inside

03:17

skada basically is technology that's

03:19

controlling uh robots and and automation

03:22

or power plants and and things like that

03:25

and we had never seen a threat that

03:26

mentioned anything to do with scada this

03:28

thing could actually be attacked some

03:30

sort of national critical infrastructure

03:32

this isn't like two kids in the basement

03:33

in Kansas throwing some code together

03:35

this thing had a full-on framework

03:36

clearly had quality assurance behind it

03:39

here we're talking about something that

03:40

is just orders of magnitude greater than

03:42

we've ever seen

03:44

before as their investigation deepened

03:46

Eric and his team realized stuck net was

03:48

designed to Target computers using

03:50

Seaman's proprietary software called

03:52

Step seven what first caught our eye

03:56

were all these strings like S7 and we

03:59

began to sort of Google those sorts of

04:01

strings we saw wicc and we saw step 7

04:04

and when we looked those up we

04:05

determined that this was actually

04:07

software that would control

04:09

plc's plcs are programmable logic

04:11

controllers computer systems used for

04:14

converting digital code into physical

04:16

commands that automate everything from

04:18

Factory Machinery to heating and cooling

04:22

systems Eric now found himself in

04:24

unknown territory so we reached out to

04:26

the International Security Community we

04:28

were sending out blogs

04:30

all throughout that summer telling

04:32

people if you're a PLC expert if you're

04:34

an expert in critical National

04:35

infrastructure contact us because we

04:37

didn't even know what a PLC was at that

04:39

time Eric and his team learned that plcs

04:41

are extremely vulnerable to cyber

04:43

attacks but he still didn't know which

04:45

machines were the targets this

04:47

sophisticated malware or malicious code

04:50

was detected on Industrial Control

04:52

Systems around the

04:53

world cyber security analysts were

04:57

puzzled at the same time Homeland

05:00

Security was also trying to understand

05:01

the virus Sean mcer was the director of

05:04

enck the Cyber branch of the Department

05:06

of Homeland Security when Stu net was

05:08

identified what did your team see when

05:10

they took it apart well the first thing

05:13

we saw was that it was very

05:14

sophisticated and its Communications

05:16

capability so if you think of stuck net

05:18

like a kinetic device like a a missile

05:21

you had um the delivery vehicle you know

05:24

that that which put the payload on

05:26

target if you will and then the payload

05:28

itself and they were very unique

05:29

characteristics to both um Stu Net's

05:32

ability to do digital reconnaissance

05:34

without control it was essentially a a

05:37

digital you know fire and forget type of

05:40

approach the fact that it used you know

05:42

four zero day

05:43

vulnerabilities to gain access to the

05:46

network is something that you had not

05:47

seen in code before uh someone willing

05:50

to risk that many zero days in order to

05:53

get an on place and then when we saw the

05:55

payload part which was actually

05:57

specifically targeting an industrial

05:59

control environment that's really for us

06:02

became a a very significant event

06:05

because Normal malware doesn't go after

06:07

control systems and this was

06:09

specifically focused on Control

06:11

Systems it was non-stop for weeks um

06:14

this was all we thought about all we

06:16

worked on and you can imagine it was a

06:19

really big shift from what we had done

06:21

before the average threat we would

06:22

finish in 5 to 20 minutes and here we

06:24

were sitting on the same threat day

06:26

after day hour after hour night after

06:28

night and you know we weren't getting

06:30

bored every single day every single week

06:34

we were discovering new little Clues new

06:36

little breadcrumbs that kept us going

06:38

and kept us digging and kept us looking

06:40

um until basically November when we

06:42

finally figured out that this thing was

06:44

indeed sabotage uh on the

06:46

towns in what was basically an accident

06:49

Eric and his team found themselves

06:50

embroiled in a real life International

06:52

Spy

06:53

Thriller complex militia code had been

06:56

written specifically to take out Iran's

06:58

nuclear facilities

07:00

while its authors remained in the

07:04

shadows in 2002 the world discovered

07:07

that aan had been building a secret

07:08

uranium enrichment facility near the

07:10

town of

07:12

nutans the stuck computer virus has a

07:15

direct link to this controversial plant

07:17

the fact that Iran never declared the

07:19

plant made it suspicious that was a

07:22

breach of Iran's obligations James Acton

07:24

knows nuclear policy inside out he also

07:27

keeps tabs in the work of the ie a or

07:30

the international atomic energy agency

07:32

the world's nuclear Watchdog can you

07:34

tell me what the climate was around the

07:37

discovery of nans you know Iran's a

07:39

member of the non-proliferation treaty

07:41

and one of the requirements of that is

07:43

that uh you're allowed to do pretty much

07:45

anything you like in the nuclear field

07:47

short of building a bomb but you have to

07:49

declare it uh and not declaring nuclear

07:53

facilities is a violation of your

07:55

agreement with the Ia it found

07:57

activities that look very much like what

07:59

you wanted do if you'd build a nuclear

08:00

weapon and why were they so interested

08:02

in in the N like why was it the straw

08:04

that broke the camels back nans was a

08:06

controversial plant because um you know

08:09

firstly any enrichment is inherently

08:11

sensitive it's inherently dual use you

08:13

can use it for fuel production or you

08:16

can use it for nuclear weapons

08:18

production the size of the plant was

08:20

suspicious the plant's actually too

08:22

small for a civilian plant uh military

08:24

plants don't need to be as large as

08:26

civilian plant so it was scaled as

08:28

though it was right for uh making uh

08:31

enriched uranium for weapons but wasn't

08:33

the right size for uh enriched uranium

08:36

for nuclear reactors the the discovery

08:39

of um um the Iranian program did cause a

08:43

lot of concern I mean there were a lot

08:44

of countries who would genuinely and are

08:47

genuinely very fearful that Iran would

08:49

get the bomb and fearful of the

08:50

consequences of it doing so Iran

08:53

aggressively pursues these weapons and

08:55

exports Terror States like these and

08:58

their terrorist allies

09:00

constitute an AIS of evil arming to

09:02

threaten the Peace of the world Iran

09:05

denied that nans was being used to

09:07

produce nuclear weapons still its

09:09

government bowed to pressure in 2003 and

09:11

temporarily suspended uranium enrichment

09:13

and processing activities at nans then

09:16

in 2005 newly elected president Mahmud

09:19

amadin Jad defiantly restarted the

09:22

program within months the facility at

09:24

nans was up and running and enriching

09:26

uranium all over again concerned the UN

09:29

osed sanctions by 2009 Israeli Prime

09:32

Minister Benjamin Netanyahu challenged

09:34

the us to stop Iran's nuclear

09:37

program the most urgent challenge facing

09:41

this body today is to prevents the

09:43

tyrants of Teran from acquiring nuclear

09:47

weapons Netanyahu was privately

09:49

considering air strikes on

09:52

nans it's during this high stakes

09:54

political standoff that stuck net is

09:56

detected in June 2010 in in fact stuck

10:00

net was found in countries around the

10:01

world but infection rates in Iran were

10:04

off the

10:04

charts and at the plant in N tons

10:07

centrifuges were breaking down at

10:09

unprecedented rates Stu Net's design is

10:12

complex but its operation is deceptively

10:15

simple like a security camera the virus

10:17

records 30 days of normal center fuge

10:20

operation while it hides in the system

10:23

then when stuent attacks the centrifuges

10:25

it plays back the pre-recorded data so

10:28

operators on the outside can't see the

10:29

infection raging within the

10:32

[Music]

10:33

centrifuges and those 30 days were not a

10:36

coincidence that's how long it takes

10:37

basically for a Cascade of centrifuges

10:39

they basically get fully loaded with

10:40

uranium gas so they wanted to basically

10:42

have their sabotage effects happen right

10:45

at the peak moment and caus the most

10:46

damage so the centrifuges in it hands

10:49

normally will spin at 1,000 Hertz and

10:51

what the threat did was spin up the

10:53

centrifuges to either 1400 Herz to be

10:56

really fast or slow them down to two

10:58

Herz to be really slow and what would

11:01

happen is when they spin up really

11:03

really fast centrifuge would basically

11:04

vibrate uncontrollably and just shatter

11:07

and you would have literally shards of

11:08

aluminum flying across the room maybe a

11:10

domino effect of centrifuges falling and

11:12

toppling on each other and uranium gas

11:14

leaking

11:15

everywhere eventually they would hit the

11:17

big red button to cause shutdown stet

11:19

was smart enough to also hijack that

11:22

that big red button went through a

11:23

computer as well and they hijacked that

11:25

code and basically would ignore it and

11:27

allow their payload to take effect once

11:29

it was inside it was Unstoppable they

11:31

were doomed yeah The Operators were

11:32

doomed the plant was

11:34

doomed stuck net was the first digital

11:36

weapon known to have physically

11:38

destroyed its

11:40

targets but the computer systems at nans

11:42

weren't connected to the internet so how

11:45

did stuck net get inside the

11:48

system by 2010 it became evident that

11:51

someone had decided that measures more

11:52

drastic than sanctions and less

11:55

spectacular than air strikes were needed

11:57

to slow down Iran's nuclear program

11:59

because out of nowhere a mysterious

12:01

superv virus named stuck net was

12:03

sabotaging an Irani nuclear facility but

12:06

the computers in the facility weren't

12:07

online so the question remained how the

12:09

virus got inside the

12:11

system I went to find darknet J an

12:14

operational security expert to

12:16

understand how stuck net could have

12:17

infected them so how did stuck net jump

12:21

the air gap and infect niton it jumped

12:24

the air gap by traveling on a USB stick

12:27

that was placed into the computer from

12:30

someone darket J replicated the USB

12:33

exploit to show me how stuck net

12:35

infected the computers and N tons all

12:37

right so what happens is you put in the

12:41

USB you open up the folder Windows looks

12:44

for an icon which is a malicious payload

12:46

that can write to system I have it

12:48

opening calculator so once the intended

12:51

target opens the folder with Stu net

12:54

inside of it what happens next

12:56

essentially you can have complete

12:57

control your computer meaning that can

12:59

write anything to the hard disk it can

13:01

grab credentials from the internet if

13:03

you put them in at the time uh it can

13:05

also propagate itself inside of your

13:06

local area network wow it's Keys of the

13:10

Kingdom that meant someone physically

13:12

walked stuck net into the Iranian

13:14

facility likely an unwitting engineer

13:16

with an infected

13:18

USB inside the virus wreaked havoc

13:21

Center fuses were destroyed and the

13:23

Iranians were clueless but then Eric

13:25

Chen and his team at sanch announced the

13:28

details of stuck net to the the world in

13:29

a blog

13:31

post then naton shut down most assumed

13:34

Iranian authorities finally understood

13:36

the mess they were in and we're trying

13:37

to clean it up after that two Ronan

13:40

nuclear scientists were targeted by

13:42

motorcycle riding assailants who slipped

13:44

a sticky bomb onto one of their cars one

13:47

was killed the other seriously injured

13:49

it appeared whoever was behind stuck net

13:51

went to plan B soon after the Iranian

13:54

president admitted a virus caused the

13:56

shutdown in

13:58

nans

14:02

he blamed Israel but couldn't back it up

14:03

with any hard evidence the assassination

14:06

sent a chill through the cyber security

14:07

community did it make you a little bit

14:09

nervous we would look in our River

14:10

mirrors all the time and you know I

14:12

would see a motorcycle and watch them

14:13

closely it definitely wasn't lost on us

14:16

that we were in the middle of some big

14:18

geopolitical Affair Iran openly accused

14:21

Israel in the US of being the

14:22

masterminds of stuck

14:28

net I want to talk to someone who was

14:30

trying to stop the crisis from

14:31

escalating

14:33

further beautiful

14:36

day Jamal Abdi is a foreign policy

14:39

analyst for the national Iranian

14:40

American Council and has advised

14:42

Congressional members on relations with

14:44

Iran people like myself who were trying

14:46

to broker a diplomatic solution trying

14:49

to figure out an off-ramp from these

14:50

escalatory moves I really thought this

14:52

is a extremely bad term what was the

14:55

reception of stuck net in Iran how did

14:57

people feel about it I I I think the

14:59

Iranians very credibly belied that

15:01

Israel was behind this and then there

15:03

was also just the fact that there were

15:05

all these other sabotage efforts that

15:07

they believed Israel was connected to

15:10

Israel was in many regards the driving

15:14

force against Iran's nuclear program and

15:17

then you have a Hardline government like

15:18

Amad that's essentially inflaming the

15:21

issue it was how do we slow that down as

15:24

much as possible because we know we

15:26

can't stop

15:27

it but it wasn't until 2 years later

15:30

that the New York Times published an

15:31

explosive story revealing the US was

15:34

behind stuck net unnamed officials told

15:37

the paper the US created the virus with

15:39

help from Israel it was part of a covert

15:41

operation dubbed Olympic Games the

15:44

allegation set off a political Firestorm

15:47

so Federal probe was launched to

15:48

investigate the leak but in 2015 the

15:51

investigation was put on ice over us

15:53

fears of what might come out in court

15:55

for me it always comes down to the leak

15:57

investigation you don't launch a leak

15:58

investig for a covert operation you

16:00

didn't do Kim zeter has been covering

16:01

the stuck net story for Wired since the

16:03

virus was first discovered the United

16:06

States like they did stuck net I don't

16:08

think that there's a question that the

16:09

US is behind it I mean it's not even

16:11

something that I think that we you know

16:12

have to sort of debate Stu net was a

16:14

Precision weapon so it would never

16:16

destroy anything except what matched a

16:18

very specific configuration and you can

16:20

see lawyers uh fingerprints are all over

16:23

Stu net I think that's the first time

16:25

I've heard someone say that lawyers

16:26

fingerprints were all over stet you can

16:28

see

16:29

that as they were designing this the

16:30

lawyers would have had very tight uh

16:32

restrictions uh for controlling this

16:34

they would have told the developers this

16:36

can only affect the systems that are

16:38

targeted you have to write this in such

16:39

a way it likely blocks out two major

16:42

nation states that could have done it

16:44

China and Russia I'm not sure they would

16:45

have cared too much about the legal

16:46

implications exactly this was so this

16:48

was one of the reasons that uh people

16:49

were so certain it was the us all of the

16:52

available Clues suggested that stuck net

16:54

was a joint us Israeli operation but

16:57

government officials have gone to Great

16:58

length not to acknowledge it see the

17:01

evidence is lacking I I think that there

17:03

is no clear um complete evidence or uh

17:08

even complete indication that uh it was

17:12

one country or another to this day the

17:14

US government will not confirm or deny

17:16

its role in stuck

17:18

net stuck Net's Architects might want to

17:21

stay in the shadows but around the world

17:23

other governments took notice of the

17:24

Cyber weapon they'

17:27

Unleashed

17:29

when security researchers found stuck

17:31

Ned and publicized the discovery of the

17:33

destructive malware they inadvertently

17:35

brought a covert operation to a

17:36

premature

17:38

End by the time we discovered stet it's

17:41

believed that it already had delivered

17:42

its payload at least once so I'm sure

17:45

the attackers would prefer that it

17:46

wasn't uncovered um because maybe they

17:49

could have continued or or continued

17:50

further operations but it at least

17:52

accomplished its goal at least according

17:54

to the Ia documents that showed that uh

17:56

a few thousand centrifuges were were

17:58

destroyed destroyed um just before

18:01

2010 but what effect did it have on the

18:04

nuclear standoff between Iran Israel and

18:06

the West you know looking back on this

18:08

there's no question that it slowed down

18:10

the program was it a successful attack

18:12

in that sense it kind of partially

18:14

depends what you mean by success I think

18:16

Stu net probably played a role in

18:17

convincing Israel not to attack Iran and

18:19

giving diplomacy more of a

18:21

chance stuck net may have just slowed

18:24

down Iran's nuclear weapons program by 6

18:26

months to 2 years buying time for deploy

18:28

Acy but it didn't exactly stop Iran from

18:31

pursuing the bomb do you think it was

18:33

effective it was you know one step

18:36

forward two steps back it delayed Iran's

18:38

program certainly I think by several

18:40

months maybe a year but it also

18:43

politically it convinced Iran that they

18:46

were under siege it made an argument a

18:48

case for why Iran needed to have

18:51

capabilities to counter cyber warfare as

18:53

well as capabilities to defend the

18:55

country if Iran wants to develop nuclear

18:57

weapons they can nuclear weapons this is

19:00

not a technical decision it's a

19:02

political decision and stuck net was a

19:04

technical response that maybe on a

19:06

technical level slowed the program down

19:09

but on a political level actually helped

19:11

to accelerate the program so I think in

19:13

that regard if you're looking at

19:14

actually preventing Iran from developing

19:16

nuclear weapons or convincing them to

19:17

not go down that route stuck net was a

19:21

failure finally after years of crippling

19:24

un sanctions Iran agreed to limit their

19:26

nuclear program in

19:27

2015 exchange for partial lifting of

19:31

sanctions but by deploying stucks net

19:33

the US and Israel had triggered a

19:34

different kind of arms

19:37

race this was an active war and it was

19:40

an active War without without there

19:42

being a war if you drop a bomb on

19:44

someone they know that they've been

19:45

attacked right but in digital Warfare

19:47

you may never know that you're under

19:49

attack the US opened a door um that

19:51

everyone is going to walk through

19:54

now in Iran was stuck that scene as an

19:58

act war in Iran it was it was seen as an

20:00

act of war and there was sort of a

20:02

question that was opened up did the

20:04

United States just declare war on Iran

20:07

um it's such a gray area though so I

20:09

think that even now people are still

20:11

kind of trying to figure out whether

20:12

this constitutes war or not but

20:14

technically technically it was and I

20:16

think inside of Iran it was really

20:17

viewed that way and I think it really

20:19

opened a lot of eyes inside the

20:20

establishment of Iran that they needed

20:22

to get Savvy in this field to be able to

20:24

defend as well as attack and so you've

20:26

got the you know the formation the Cyber

20:29

Army inside of Iran that was initially

20:31

really much really aimed at activists

20:33

inside the country but then after suet

20:35

it became even more formalized all kinds

20:37

of money was poured into it because this

20:39

was now not just an internal threat but

20:40

an external threat it spurred Iran to be

20:43

more offensive it spurred everyone to be

20:45

more offensive that's the thing it's not

20:47

Iran there are there are other people to

20:49

be worried about than Iran all of that

20:52

together has created this arms race of

20:54

other countries would you agree that it

20:57

was the dawn of a new chapter in cyber

20:59

warfare the expected response is that a

21:02

lot of other countries now are

21:04

establishing offensive cyber operations

21:06

they don't want to be left

21:08

behind stuck net had launched the race

21:10

to militarize

21:12

cyberspace and the more the world is

21:14

connected the more targets there are for

21:17

attack countries around the world are

21:19

racing to design new malware for the

21:21

next generation of

21:22

warfare do you think it's going to

21:24

become another tool in the toolbox of

21:27

War absolutely stuck net to me was the

21:29

Trinity moment and by that I mean the

21:31

first Trinity explosion you know

21:33

demonstration of a of a nuclear

21:34

detonation in New Mexico we demonstrated

21:37

a capability that uh you could have

21:40

devastating physical impacts by cyber

21:43

means it was a bit like the bomb once

21:45

the secret was out people started

21:48

getting it for themselves we started

21:49

recognizing that there's no putting this

21:51

back you know the key was turned the lid

21:53

was opened and everything in Pandora's

21:55

Box was now out in the open and there

21:57

was no way to get it back in

22:02

stuck net was the world's first known

22:03

cyber weapon it set the stage for a new

22:06

kind of War one that will play out on a

22:08

digital

22:18

Battlefield