Our post-Stuxnet world

  • by Erin Blackwell
  • Tuesday July 5, 2016
Share this Post:

Hillary Clinton makes a brief but telling appearance early in a new documentary about the infamous Stuxnet worm to intone with a straight face, "I categorically deny any U.S. involvement." In retrospect, I guess she was even then practicing the presidential lie as a means of demonstrating her loyalty to the great U.S. tradition of military aggression and its Middle Eastern corollary: enabling Israel's persecution complex as the ultimate rationale for preemptive attack. Just how Israel's Mossad partnered with our own CIA, NSA, and Cyber Command to design and launch globally disruptive malware is the subject of Zero Days, opening July 8 at Landmark Embarcadero.

Writer and director Alex Gibney lays out the complex story in a well-ordered series of chapters that don't draw attention to themselves as such, but simply slide seamlessly from one surreal aspect to another. After a six-minute prologue proffering an elusive mosaic of elements without narrative context, we meet the film's protagonists, cyber sleuths Eric Chien and Liam O Murchu of Symantec Research Labs, in Santa Monica. These guys explain in layperson's terms how they tracked down the perpetrators by reverse-engineering the computer code and deducing which geopolitical actors had the means, motive, and moral arrogance for the deed.

The baton is then passed to New York Times reporter David Sanger, whose beat combines cyberspace, nuclear weapons and espionage. He narrates a condensed history of Iran's nuclear ambitions, starting with the U.S. gift of a nuclear reactor to the Shah in 1967. After the 1979 revolution, the situation reversed itself as Pakistan's A.Q. Khan started sharing nuclear know-how with Middle Easterners the U.S. considered undeserving of the technology. The film's focus then narrows to the Natanz Fuel Enrichment Facility in Iran, which would become Stuxnet's target. The Bush White House decides to disable Iranian centrifuges from inside the computers running them, rather than let Israel start a messy physical fight they'd expect the U.S. to finish. Obama continues the program, and the worm starts wriggling in June 2009.

Chien and O Murchu use a simple air pump blowing up a balloon to demonstrate how Stuxnet achieved its crippling industrial sabotage. A small computer known as a programmable logic controller, or PLC, is universally employed to run programs for power plants, factories, and countless services from healthcare to finances. They programmed a PLC to pump air for five seconds, then infected it with the virus, after which the pump kept going until it popped the balloon. How Stuxnet messed with the centrifuges was more complex but equally destructive. The Symantec Duo were amazed that code had crossed over into "real world physical destruction," having considered the concept "Hollywoodesque."

The coolest thing in Zero Days is an eerie cgi blonde who's a cross between Caitlin Jenner, Patty Hearst, and Dorian Grey. This intriguing entity, modeled on flesh-and-blood actress Joanne Tucker, enunciates the analysis and expresses the frustration of various NSA staff "angry about secrecy but afraid to come forward." See, the thing is, even though everyone knows whodunit, the perps still refuse to come clean. The film's final chapter is devoted to pleading for open debate in our so-called democracy, with an aim to establishing international treaties like those that exist for humanity's other heinous engines of destruction.

Well-researched, meticulously edited, densely informative, Zero Days is utterly riveting as visual display and thoroughly mind-boggling as techno-military history, not to mention scary as hell in terms of just how sneaky, vicious, and ultimately self-defeating our military-cyber complex is. Stuxnet is industrial sabotage on a grand scale now available to any entity with the will and the means to replicate it. So, yeah, the power grid can go down any minute due to an adversary in the network. In the words of erstwhile NSA deputy director Chris Inglis, "It's not really ever secure."