Nova (1974) s42e02 Episode Script
Rise of the Hackers
NARRATOR: The digital world.
We rely on it more deeply every day for our shopping, our banking, travel and every kind of communication.
But with so much of our lives now online, how vulnerable are we? PATRICK LINCOLN: The Internet is a bad neighborhood.
In the digital world, there are ne'er-do-wells coming by to rattle the door all the time.
NARRATOR: If you become a target, how much could you lose? My entire digital life was wiped out: every device, everything I had, almost all of it completely deleted.
NARRATOR: Now, computer hacking is rising to a whole other level.
A new generation of cyber weapons aren't just for stealing your credit cards ERIC CHIEN: My mouth was wide open going, "Oh, my God, oh, my God, oh, my God!" NARRATOR: but are designed for mass destruction, targeting factories, water supplies, power grids, and now, they're on the loose.
SEAN McGURK: It was never intended to get in the wild, but unfortunately it did.
NARRATOR: It's a digital arms race, and the stakes couldn't be higher.
McGURK: This was a digital Pandora's box.
Once it was opened, you could not put the lid back on.
NARRATOR: How can we protect ourselves on this new battlefield? "Rise of the Hackers," right now on NOVA.
Major funding for NOVA is provided by the following: Supporting NOVA and promoting public understanding of science.
And by the Corporation for Public Broadcasting.
And by contributions to your PBS station from: And Millicent Bell, through: Additional funding from: NARRATOR: It's an intriguing group of scientists from many different backgrounds.
Some are experts in codes and code breaking.
Others are leading researchers in quantum physics.
A few are trying to build the world's most advanced computer.
But together, they're all taking on one common enemy: hackers.
The greatest threat today to the world is the keyboard.
In the past, it may have been nuclear weapons or weapons of mass destruction.
Today, we see that same level of capability being exercised by lone individuals using keyboards as opposed to bombs.
NARRATOR: Hackers are trying to devise ways to steal our money, our identities, our secrets.
But it's not just criminals.
Now we know that governments are in on the action, eavesdropping on an epic scale and even launching powerful cyber weapons.
In this murky world, can scientists harness the laws of physics and mathematics to protect us from the hackers? Mat Honan considers himself to be pretty savvy when it comes to security and the Internet, but recently, he discovered just how devious hackers can be.
The first clue that something bad was happening came when he tried to charge his phone.
When I went to plug it in, the phone had this icon on it, an iTunes icon and a plug.
And so I went to connect it to my computer, and when I opened up my computer, the screen turned grey and it asked for a four-digit pin, and I knew I didn't have a four-digit pin.
I hadn't set up a four-digit pin.
I grabbed my iPad out of my bag, and my iPad was also in this reset state that wanted a password to proceed, and the password that I knew should have worked didn't work.
At that point, I knew that I was being hacked.
That was pretty terrifying, you know? I didn't know what they were doing at this point.
I had no idea what their motivation was.
NARRATOR: The whole hack took less than 45 minutes.
HONAN: By 5:00, basically my entire digital life was wiped out.
My every device I owned, everything I had had been taken over and almost all of it completely deleted.
Just about every picture I'd ever taken of my daughter, old emails, emails from people who were no longer alive, all kinds of stuff that was very precious to me.
NARRATOR: Mat thought he was the victim of a classic hack: someone had repeatedly tried to crack his password and eventually succeeded.
He went online to write about what happened.
And then, unexpectedly, the hackers got in touch with him.
HONAN: They saw it.
They saw that I'd speculated that they had brute-forced my password, and this hacker got in touch with me to say, "No, that's not how we did it.
" And at that point, I basically tried to strike up a dialogue with them because I wanted to understand both how things had happened and why they had happened, and I basically made a deal that I wouldn't press charges if they told me how it was done.
I was angry, I was scared.
I mean, I was concerned.
I was a lot of things like that, but I also realized pretty quickly that this was an interesting story from a journalist's perspective.
NARRATOR: For Mat, it was personal, but also professional because he happens to be a writer for Wired magazine.
His hackers had discovered a series of loopholes in the Internet which, taken together, left him completely unprotected.
HONAN: It wasn't like they used some crazy cracking program to hack into all my stuff.
They didn't, you know, they didn't break my password.
They didn't break any encryption.
They didn't do any of that kind of stuff.
What they did was they socially engineered all of my accounts, and social engineering is basically just a fancy term for a con job.
Basically, you con your way into a company's or a person's security system by making them think that an attacker is actually a customer.
NARRATOR: The first step was to find a way of stealing his identity from one of his many online accounts.
Their way in was a simple phone call to the online shopping service Amazon.
They gave Amazon a fake credit card number and added it to my account, and they hung up.
They called Amazon back and they told them they were locked out of my account and gave them the credit card number they had just added to my account.
Once they did that, they were able to get a temporary password from Amazon.
NARRATOR: It was a simple deception, but effective.
The hackers now owned his Amazon account.
But they didn't go on a shopping spree.
What they were after were the last four numbers of his credit card to pull off the next stage of their con.
On those recent orders, they could see the last four digits of the credit card that I had used to pay.
At the time, Apple was using those last four digits as an identity verification method.
Once they had those, Apple gave them a password reset.
NARRATOR: They now owned Mat's Apple accounts, so they could access pretty much all of his digital life.
The ultimate prize was his Twitter account, @Mat.
For the hackers, a trophy.
And to keep this prize, with just a few clicks, they destroyed his digital life.
HONAN: My computer, my iPhone and my iPad, and they deleted my Google account so that I couldn't get back in there and, you know, kick them out of the Twitter account again.
It was an interesting chain.
They went from Amazon to Apple to Google to Twitter.
NARRATOR: These hackers knew the security flaws of the Net and how to use them, one after another, to pull off this con.
And they were just teenagers.
HONAN: It's just online vandalism.
They thought that this was going to be funny, and they were teenagers, and so they didn't think about the implications of deleting everything someone owns and how much kind of precious data you may have in your life.
You know, I mean, data's quite precious to people now.
It's valuable, and they didn't really see that.
NARRATOR: Once revealed, the loopholes involved in this hack were quickly closed.
But in the anonymous realm of the Internet, there will always be ways to steal someone's identity.
Using the Internet to take control of valuable data is now pretty routine.
And the victims aren't just individuals like Mat.
Hackers have stolen millions of credit card numbers from big companies like Target and Bank of America and broken into social media accounts.
But even this pales in comparison to what the big boys can do.
It was probably the most sophisticated hack in history, and it could have gone completely unexplained but for a small group of cyber-security sleuths, including Eric Chien and Liam O'Murchu.
O'MURCHU: Right from the word "go," there was just red flags going up everywhere.
You can really feel it.
Like, the hairs on the back of your neck stand up if it's, like, really something really, really big.
NARRATOR: As analysts for the giant cyber security firm Symantec, Eric and Liam investigate the viruses that pop up on computers around the world.
Most malicious software, or malware, they see is pretty run-of-the-mill.
But in July 2010, they started analyzing a baffling and crafty piece of code that another security company had just posted online: a virus nicknamed Stuxnet.
CHIEN: This was probably the biggest puzzle we'd ever seen.
There was no way we were going to step away until we understood what was happening with this particular piece of malware.
NARRATOR: At first, they had no idea of the significance of what had just landed on their desks.
They were just curious because Stuxnet contained something rare: a zero day exploit.
That's a weakness in a computer program or an operating system like Microsoft Windows that not even the software maker knows about.
CHIEN: Zero days are extremely uncommon.
You know, for Microsoft Windows, there was only 12 zero days in all of 2010.
Four of those 12 were inside of Stuxnet.
NARRATOR: It was the most sophisticated code they had ever seen.
CHIEN: And it was dense.
Every bit of code in there was code that was doing something.
NARRATOR: Much of it was written in a strange programming language.
CHIEN: What we discovered were features in this code that we just did not recognize.
We had no idea what it was, and we realized it was code for PLCs, programmable logic controllers, which are small computers that control, you know, factory equipment and things like power plants.
NARRATOR: Every time Stuxnet infected a new computer, it would start hunting for PLCs: devices that control machines.
Then it would fingerprint them.
Had to be the right model, had to have certain key magic numbers, had to have the right what's called peripherals or things attached to those PLCs, had to have basically the right hardware.
Once it found that, it would copy itself onto the PLCs and then just sit there for a while.
It would actually sit there for almost a month just watching what was going on, and it had to observe what it believed was a normal operation of the targeted plant, of the targeted facility.
Our first theory was this was actually trying to commit espionage.
It was trying to steal design documents in some sort of industrial control facility.
NARRATOR: But when they discovered where Stuxnet was spying, things took a more sinister turn.
CHIEN: Basically, when Stuxnet infects a machine, it contacts a server to say, "Look, I've infected a machine," and we were able to get access to the logs on those machines to find out where most of the infections were, and it was in Iran.
So that gave us a hint that it was trying to attack something in Iran.
NARRATOR: They found another piece of the puzzle when they realized two ID numbers in the code held huge significance.
CHIEN: And then in November, we got a tip-off from a guy in Holland who was an expert in the communication protocol between the PLCs and the peripherals that are attached to it, and he had mentioned, "Hey, you know, these peripherals, "they all have these magic IDs associated with them, and there's a catalogue that you can go look up these magic IDs.
" NARRATOR: It would turn out to be the defining moment of their investigation.
CHIEN: It was quite a moment.
I mean, Liam was searching online and I was actually just standing behind him watching what was coming up on the screen, and when it first came up, immediately there was I felt, like, a rush of blood to my face because I was like, "Oh, this is not good.
" (laughing) NARRATOR: They had discovered evidence of exactly what kind of machine Stuxnet was targeting.
CHIEN: My mouth literally dropped.
You know, people say it, but it literally dropped.
My mouth was, like, wide open going, "Oh, my God, oh, my God, oh, my God!" NARRATOR: The magic numbers were IDs for frequency converters, devices which change the speed of machinery, but these were specific models with a dedicated task.
They spin centrifuges in nuclear facilities.
It was just like, "Oh no, this is it.
It's uranium enrichment, it's nothing else.
" NARRATOR: By matching up clues from the code to data from the International Atomic Energy Agency, they could even narrow it down to one specific nuclear plant: a place called Natanz.
Iran was suspected to be secretly enriching uranium to develop nuclear weapons.
Stuxnet seemed to be designed to thwart such a plan in an attack that would unfold like this.
CHIEN: It would then basically try two attack mechanisms.
One is it would speed up the centrifuges to 1,410 hertz (whooshing) which would cause those aluminum tubes inside the centrifuges to vibrate uncontrollably and to shatter apart.
And the other was to lower the speed to two hertz.
So you can imagine a top, a kid's top that you spin.
When it gets really slow, it begins to wobble and fall over.
NARRATOR: As the centrifuges spun out of control, Stuxnet would guard against detection with a strategy straight out of the movies.
It's a clever con like you see in heist films such as Ocean's Eleven.
Here we go now.
NARRATOR: When the robbers want to rob a carefully watched vault, they seize control of the security cameras.
They patch in fake footage And we're up and running.
NARRATOR: The security guards are watching video previously recorded when all was well.
So the security guards don't realize they're currently robbing the safe.
NARRATOR: Meanwhile, behind the door, havoc reigns.
CHIEN: It's exactly what Stuxnet did, but sort of in this virtual computer environment.
NARRATOR: While Stuxnet was directing the centrifuges to spin at dangerous speeds, at the same time, it was playing back data that made it appear as if everything were operating normally.
But the final trick would come if the operators noticed something was wrong and tried to shut things down.
CHIEN: When they tried to hit their big red button, that would send a signal to those PLCs to tell the system to shut down gracefully, but Stuxnet infected those PLCs and cut off that signal and basically allow the attack to continue to operate.
NARRATOR: And it seems to have worked.
Stuxnet reportedly destroyed around 1,000 centrifuges, setting Iran's nuclear program back perhaps by several months.
But there's one important question left: Who built Stuxnet? I guess the realization for me was, like, this is not hackers in their basement who are doing this.
This is the big guns here who are doing this.
CHIEN: We don't have, unfortunately, any evidence that tells us if it's any particular country.
I would say that it's pretty clear to us it's, you know, at the level of a nation state and pretty clear it's someone who is not an ally of Iran.
O'MURCHU: And politically motivated to stop uranium enrichment in Iran, so that narrows it down, pretty much narrows it down.
NARRATOR: No nation has officially admitted to being behind it, but it's been widely reported that Stuxnet was built by the U.
S.
with help from Israel, something that neither country has denied.
Eric and Liam had played a vital role in taking apart and understanding the world's first cyber-weapon.
CHIEN: Stuxnet was definitely a seminal moment.
It really opened Pandora's box.
Before Stuxnet occurred, people weren't really practically thinking about the existence of cyber-warfare, of malicious programs being able to literally blow things up, and Stuxnet now opened that door, and every country today is talking both about offense and defense now on nation to nation-state sort of cyber-warfare.
NARRATOR: In today's digital world, no one's quite sure who is hacking who whether it's criminals, teenagers or even governments.
But with so much at stake, it's not surprising that some of the most inventive minds in science are trying to make the digital realm secure, hoping to stay one step ahead of the hackers.
(water dripping) (siren blaring in distance) NARRATOR: This man spends much of his time trying to understand the murky world of the Internet.
He's worked with some of the world's largest and most secretive organizations, trying to protect their secrets.
He started out as a mathematician and became fascinated with the world of codes and code breaking.
JAMES LYNE: We've never actually been at a time where codes were more important.
Almost everything you do today uses a code.
Every time you log onto an Internet service like Twitter or Facebook and send your password, every time you log into Internet banking, all of that information is protected using encryption code.
NARRATOR: Codes have long intrigued mathematicians because they are some of the most beautiful and addictive problems they can wrestle with, and at the heart of almost everything we do on the Web is a special kind of number: a prime number.
We're surrounded by primes every day, numbers like seven and 13.
What's so special about them is they can only be divided by themselves and by one, but what makes them so important to codes is when you combine two of them.
If you take two prime numbers and multiply them together, you get something called a semiprime.
What's interesting about semiprimes is that it is really difficult to calculate the numbers that could have been multiplied together to form them to get back to the original values.
NARRATOR: Here's an example: if you multiply two primes, like 11 and 13, you get 143.
That's the easy part.
But if you're given 143 and you've got to figure out the two original primes, the only way is by trial and error.
That's harder.
Easy multiplication one way and hard the other.
NARRATOR: This is the key to many Internet codes.
You can make a big semi-prime very quickly, but trying to calculate the two primes that it's made of takes a very long time.
So it's a bit like unfrying an egg.
Easy one way, really hard the other.
NARRATOR: And the bigger the number, the longer it takes.
It takes mere seconds to go one way, but the other way would take thousands of computers millions of years.
NARRATOR: It's a problem many of us take advantage of every day when we buy something online.
An online store's website will take two secret prime numbers and multiply them, resulting in a big semiprime, which is used to create a public key.
The website then uses this key to scramble your credit card details, encrypting them before they travel from your computer over the Internet.
If someone steals that data in transit, they won't be able to unscramble the information unless they know the private key, which is based on the original prime numbers.
This key is private and secure because it would take longer than the age of the universe for any hacker to figure it out.
This system of public and private keys is known as the RSA algorithm, named after the three mathematicians who first published it: Rivest, Shamir and Adleman.
LYNE: So that beautiful piece of mathematics has fundamentally changed the world around us.
Without this technology, without the ability to form these connections, Internet banking, social media, stock trading, all the things we take for granted online fundamentally wouldn't work.
Our information would be far too accessible to any prying neighbor.
NARRATOR: It's made the hunt for very, very large prime numbers one of the most important quests in the field of mathematics.
And here's the current largest, all 5,000 pages of it.
17 and a half million digits.
A very big prime number indeed.
NARRATOR: Yet divisible only by itself and 1.
But as prime numbers get bigger, so do the computers trying to crack them.
LYNE: All the time, computers are gaining in power.
All the time, new mathematical methods are being discovered.
So far, we've stayed ahead of the code crackers, but that could just be a matter of time.
NARRATOR: Codes like RSA are effectively uncrackable because however powerful today's PCs are, they can only process one computation at a time.
But now, scientists are working on a new form of computer that harnesses the most complex physics in the universe.
The world we are all used to is a fairly reassuring place.
The laws of physics mean we can know where things are, how fast they're moving, and predict where they're going to go.
But as things get smaller-- a lot smaller-- they also get a whole lot weirder as you enter the world of quantum mechanics.
ERIK LUCERO: Quantum is like trying to see music.
It's like even trying to hear color, right? It's very weird.
NARRATOR: It's the world that Erik Lucero studies every day.
Take a single grain of sand, and in that single grain of sand, there are billions and billions of atoms, and what we're interested in is looking at what happens with a single atom.
These kinds of scales are where nature shows itself in a completely different way, and that is this, in quantum mechanical nature.
NARRATOR: The laws of quantum physics have baffled the greatest scientists, even Einstein.
At the smallest scales, the idea that we can know exactly where anything is starts to break down.
The mathematics that describes the world of the very small means things can be in many places at the same time.
LUCERO: One of the very important features of quantum mechanics is this idea of superposition, and superposition is the idea that a particle can be both in one place or another place at the same time.
We speak about it even in a binary sense, like of zero or one.
It can be both zero and one at the same time, which is a very odd idea.
NARRATOR: Superposition means that objects have no fixed location.
They really are in several places all at the same time.
These ideas may be mind-bogglingly weird, but they can also be very useful.
And for Erik, they may be a way to crack the world's most powerful codes.
Here at the University of California at Santa Barbara, Erik has constructed a machine that operates within this fantastical world.
Nice, this looks great.
NARRATOR: He's harnessed this quantum weirdness to design a computer chip, a processor, that could be the first big step in creating the ultimate code-cracking machine.
But first, it has to get very, very cold.
LUCERO: We have a dilution refrigerator, and this base plate right here is what gets a fraction above absolute zero, orders of magnitude colder than space.
NARRATOR: All of this machinery exists just to cool down the processor.
LUCERO: So inside of this specially engineered box, we have a quantum processor.
It's a solid-state quantum processor.
On this chip, there are four qubits, and the qubits themselves are what are doing, performing the calculation.
NARRATOR: Classical computers use data in the form of bits, each a zero or a one.
Even with parallel processors tackling a problem at the same time, at the most basic level of computing, there is always a zero or a one.
But a quantum bit, called a qubit, uses the feature of quantum physics that means things can be in two places at once.
It can be a zero and a one, all at the same time.
This gives the quantum processor the power to do many calculations simultaneously.
LUCERO: We mount this quantum processor onto the base plate here, and we then make all these electrical connections, and then we're able to move the quantum information all around that chip and then actually extract the answer.
From a scientist's point of view, it's a very exciting tool that we could probe nature.
NARRATOR: But it's so fast that it could also eventually break the codes that now protect much of our secret data.
To prove it in principle, Erik set out to use his processor to find the two prime numbers, the factors, of a small semiprime.
LUCERO: And so it's sort of at the level of technology that I would say is maybe like an Atari, right? It's kind of eight-bit technology, and it was a very kind of neat toy problem in that we tried to find, using a quantum processor, the factors of 15.
And I'll let everyone kind of think about that for a minute, but that is probably something that we all can do even in grade school, and it took me seven years to get my physics Ph.
D.
to do that with a quantum processor.
NARRATOR: What's remarkable is not the answer but the way the processor does it.
The quantum chip considers every possible solution all at the same time, instead of sequentially.
And you collapse into this one answer that will actually be the answer you're after, right, which is a huge speed-up that you kind of explore all of these possible places and possible answers and you get the one that you want.
And we learn, yes, indeed, 15 equals three times five.
NARRATOR: If the same could be done with giant prime numbers, then quantum computing has the potential to smash the codes that protect the Internet in the form of RSA encryption.
It blows the doors off of RSA encryption, right? All we need is more and more qubits.
We just need a larger quantum computer.
Really, all that's left to do is to scale up this particular architecture.
It's a big task, and there's a lot of very bright people that are all working towards that, and I think that what's exciting is it really puts kind of a milestone in the ground about where things are and kind of what we need to do next.
WOMAN: You do realize you've broken the Internet now? (laughing) Oh, yeah, I'm sorry about that.
NARRATOR: For now at least, the Web survives.
But if quantum computing holds the possibility of someday breaking the world's most secure codes, it may also provide an even cleverer way of keeping secrets safe.
(funk music playing) SETH LLOYD: Quantum mechanics is funky in a kind of James Brown kind of way.
Very, very funky.
It's strange and counterintuitive.
NARRATOR: Seth Lloyd co-directs the Center for Extreme Quantum Information Theory at MIT.
It's sometimes hard to appreciate just how extreme.
LLOYD: Quantum computers are particularly fine for teasing out the subtle interactions between atoms and molecules and elementary particles, so for simulating what happens as a black hole collapses or, for that matter, a recent experiment that we did to actually implement a version of time travel.
So you can use quantum computers for all kinds of exciting things.
NARRATOR: And you can use the laws of quantum physics to create the ultimate way of sharing secrets.
Current codes that are used to send information securely over the Internet are called public key codes, and they could be broken by a quantum computer.
But quantum mechanics also supplies methods for communicating securely in a way that's guaranteed by the laws of physics, so these methods go under the name of quantum cryptography.
NARRATOR: It's really a way of telling if someone is eavesdropping on your conversations.
In the weird world of the very small, things can be in more than one place at once.
But all that changes the moment you actually look and measure where something is.
It's known as the observer effect.
LLOYD: One of the basic principles about quantum mechanics is that when you look at something, you change it.
And this simple feature allows you to communicate in a way that's provably secure.
NARRATOR: But the reason it's useful is that this theory applies to a photon of light which can be used to carry a message: a one or a zero.
It means that if you are sending a quantum message, you can tell if someone else is observing it-- if there is an eavesdropper on the line.
A good way to understand quantum cryptography is to think of three people: Alice, Bob and Eve.
Alice wants to send secret information to Bob, and Eve wants to listen in-- to "Eves-drop.
" Alice takes her information, a string of zeros and ones, or bits, and encodes them on photons, particles of light.
The encoding is done in such a way that Eve, if she looks at these photons, will inevitably mess them up.
She'll change them in a way that Alice and Bob can figure out.
So after Alice has sent the photons to Bob, she and Bob can confer to find out which photons have been tampered with.
The photons that haven't been tampered with, the pristine photons, now constitute a secret key shared only by Alice and Bob, whose security is guaranteed by the laws of physics.
NARRATOR: Alice and Bob now have a secret code word, one they know no one had listened to, which they and only they know.
And they can use this code word to send their messages.
This system, using the behavior of some of the smallest particles in the universe, is already being used.
Quantum cryptography is already used by folks who want extreme security, by banks and by agencies whose job is to protect information, and nowadays, there are a number of commercial companies that actually build quantum cryptographic systems, and for a fee, you too can communicate in complete and utter privacy guaranteed by the laws of quantum mechanics.
NARRATOR: But whatever the technology, all codes ultimately have one very human vulnerability.
LLOYD: No matter what you do with quantum cryptography or any cryptographic system, they're always going to be, you know They're always going to be susceptible to a kind of attack where Eve ties up Alice and imitates her so when Bob thinks he's communicating with Alice, he's actually communicating with Eve.
NARRATOR: So even if you can't crack a code yourself, it may be possible to pull off an inside job either by spying or buying secrets.
Perhaps the greatest vulnerability for anyone trying to keep a secret isn't the science, but us.
So out there, are scientists thinking dark, paranoid thoughts, imagining a future where every computer in the universe is infected: your phone, your laptop, your work or bank? In this nightmare scenario, the thing that scares people most is not knowing who is at the other end.
On the surface, Patrick Lincoln's real life may appear rather peaceful.
But the world that he spends his life imagining is one in which threats lurk around every corner.
LINCOLN: If you think of it as a neighborhood and asking how often are ne'er-do-wells coming by to rattle the door, trying the door knob to see if they can get into your house.
In the digital world, they're rattling at door knobs all the time.
And therefore, I think it is appropriate for us to start to be paranoid about what devices can we really trust our personal, private, corporate information to, and in the end, moving to an ultra-paranoid mindset where I can't trust any one device.
NARRATOR: He's a leading researcher in a field called ultra-paranoid computing.
LINCOLN: Ultra-paranoid computing is taking a point of view that no one machine is something you can count on completely.
NARRATOR: In the past, we've relied on the unique details in a human fingerprint the unique quality of an iris.
But even these things can be stolen.
LINCOLN: Unfortunately, those systems are subject to theft or copying, so folks can copy a fingerprint and make something that fools a fingerprint reader, even making copies of irises.
Photographs in some cases can fool iris scanners.
So those are imperfect ways to try to authenticate that the user is who they say they are.
NARRATOR: So Patrick turned to a part of the body that no one can steal.
He started exploring whether he could implant a password into an unconscious portion of the mind.
Modern cognitive science has found portions of the brain that are able to record sequence information like muscle memory, the way you learn to ride a bike or the way to learn to play a musical instrument, that allows one to remember long sequences but not necessarily have conscious access to details of the inside information in that sequence.
What is the 13th note of Beethoven's symphony? Even if you can play the symphony on a violin, you may need to start at the beginning in order to have your muscle memory continue through to that note and then reveal it.
NARRATOR: But how do you get a password in there? (heavy metal music playing) Now Patrick's dark imaginings are taking shape.
In this paranoid world, it hasn't been easy to find a way of logging on.
But Daniel Sanchez is part of a research team that may have found an intriguing solution.
SANCHEZ: We have a guitar interface that's based off of popular rhythm video games that people play, and essentially what this is is these keys correspond to the four different targets on the screen.
NARRATOR: As circles fall across the screen in four columns, the player tries to press corresponding buttons or keys on the guitar at precisely the moment that each circle passes through its target.
The game looks utterly random, but the order of circles is actually carefully programmed in a pattern-- a sequence of 30 keystrokes-- that repeats over 100 times.
Your conscious mind can't pick it out.
But as you repeat the sequence, your subconscious recognizes it, imprinting a unique "muscle memory" in your brain.
You gradually get better and better at performing the sequence.
SANCHEZ: Now what we're doing is the sequence is repeating, we don't tell people the sequence is repeating, and as they perform it over and over again, they become able to perform a sequence even though they don't know that they're learning it.
So that's how we're able to sort of store information in people's brains without them knowing it's being stored there.
NARRATOR: After 45 minutes, your improved performance on that sequence becomes your subliminal password, embedded in your muscle memory by the basal ganglia, a deep unconscious part of the brain.
To prove your identity, you play along with the same task as before, but this time, you're actually playing your password in your own signature style.
SANCHEZ: So essentially what someone would do is sit down at a computer and start performing it, and what the computer does is it takes that data and it will look at their performance on the trained sequence versus novel sequences they've never performed before, and you could use that information to say this participant knows that particular data or knows that particular information.
Therefore, it's Bob.
You would have to know nothing else about them.
It's simply their performance and their motor abilities that can tell you who they are based on what they know.
NARRATOR: It may seem strange, but this could be how you log on in a paranoid future: with a password you have learned through practice that only your subconscious knows.
SANCHEZ: After this entire protocol is done, a participant will leave the lab knowing something they don't know that they know.
That's the password or the information that we're able to store that they can't divulge to anyone else.
NARRATOR: Right now, we are in the grip of a new arms race.
On one side, the code-makers and scientists, defenders of our digital lives.
On the other side, the hackers are becoming ever more devious.
Quantum physics and ultra-paranoid computing are just the latest places where this battle is being fought out.
But it is one that is constantly shifting.
And perhaps the greatest danger we face doesn't come from any one computer but from the giant networks of interconnected computers that run the most complex systems on the planet, from power grids to banking systems to transportation networks.
Today, these are all vulnerable in an entirely new way.
Sean McGurk works to protect America's complex networks like power stations and water companies from the hackers.
McGURK: They can hack into transportation networks, into computer networks, emergency communications networks, even air transportation are all susceptible to the hackers today.
NARRATOR: It's Sean's job to try and find the unexpected weak points that an attacker could exploit to get into these networks.
McGURK: What we look at as far as vulnerabilities are concerned are really three things: people, processes and technology.
The technology is great.
The encryption is great.
It's very difficult to break.
It takes a tremendous amount of computing capability.
But the bottom line is a person can circumvent any layer of security simply by their actions.
NARRATOR: So in spite of the complex and sophisticated technology, once again, it's people who are the weak link.
Even if computers are cut off from the Internet, hackers can find a way to get their viruses inside.
All it takes is something costing just a few dollars, like a USB thumb drive, and a person to attach it to the targeted computer.
McGURK: Removable media is one of the largest security challenges that we face today simply because it comes in so many different shapes and sizes, so many different forms, and people are unfamiliar with its capabilities.
They believe that it's just used for storing files, but unfortunately it can also be used to introduce malicious code into a network environment.
NARRATOR: It may seem unlikely that such a simple tactic would be effective, so it's one that Sean was asked by the U.
S.
government to test.
McGURK: When we took a USB stick that had a corporate logo on it and placed it in a public area, we had between a 70% and 80% assurance that someone would take that device and insert it in the corporate network.
When we did the experiment with a CD-ROM that had the year and pay and compensation tables, just written with a sharpie on the disc, we had almost a 100% guarantee that that piece of media, that CD, would be introduced into a corporate environment.
NARRATOR: And it is this tactic-- using a removable media device like a USB drive-- which may have launched one of the world's most powerful cyber-weapons: Stuxnet.
Starting in 2009, this sophisticated piece of malware struck at a uranium enrichment plant in Iran, causing significant damage.
(alarm blaring) This nuclear facility at Natanz was in a highly secure environment, cut off from the Internet, but still vulnerable to someone bringing a removable device into the plant.
With the help of one or more spies and even unwitting accomplices, perhaps this simple action unleashed the power of Stuxnet.
McGURK: The challenge with Stuxnet was it didn't take advantage or try to break any of the encryption or the security boundaries because it actually exploited the natural communications capability of the network.
So when you plug devices together, they want to identify each other.
That's part of this plug-and-play technology that we use today, so these particular individuals took advantage of that.
They wrote the code to actually insert into a network environment inside the security perimeter, so you were already within the walls of the keep, if you will.
And then it just used the natural communications capability of the network and it moved from computer to computer until it found specifically what it was looking for.
NARRATOR: But nothing in this world of high stakes hacking is quite as simple as it seems.
Because Stuxnet has escaped.
It has now been found outside its intended target.
ERIC CHIEN: What's interesting about Stuxnet and how we were able to discover it to begin with is that it didn't just target machines in Iran.
It didn't just target machines in the Natanz facility.
Stuxnet has an ability to spread to any machine, any Windows machine across the world.
NARRATOR: It has now infected more than 100,000 machines.
McGURK: It was never intended to get in the wild, but unfortunately once it did get into the wild, it demonstrated a level of sophistication and capability that up to that point no one had taken advantage of.
This was truly a digital Pandora's box.
Once it was opened, you could not put the lid back on.
NARRATOR: Today, Stuxnet is out in the public domain.
And now, this sophisticated weapon offers a blueprint for cyber warfare: a way to target the computers that run machines, to control our water distribution, our power grids, our transportation systems.
In other words, the machines that run our world.
McGURK: You could take the modules which are most effective for you and actually repurpose them or retool them and launch them against a private company, an individual, potentially a host nation.
It just depends on what your intent and what your desire is.
NARRATOR: It highlights the risks of creating these sorts of weapons, that they may indeed become uncontrollable and even be used against the nations that developed them.
There's nothing new about codes and trying to keep secrets.
But the advent of global digital communications has created a new battleground without borders one where mischievous teenagers, nation states and organized criminals go head-to-head as equals.
This murky world is set to become the defining battleground of the 21st century.
The investigation continues online.
Take cyber security into your own hands on the NOVA Labs website.
Learn how to keep your digital life safe, spot cyber security scams and defend against cyber attacks in our cyber security game at pbs.
org/nova/labs.
Also, watch original video shorts, explore in-depth reporting, and dive into interactives.
Find us at pbs.
org/nova.
Follow us on Facebook and Twitter.
This NOVA program is available on DVD To order, visit SHOP PBS.
org or call 1-800-PLAY-PBS NOVA is also available for download on ITunes
We rely on it more deeply every day for our shopping, our banking, travel and every kind of communication.
But with so much of our lives now online, how vulnerable are we? PATRICK LINCOLN: The Internet is a bad neighborhood.
In the digital world, there are ne'er-do-wells coming by to rattle the door all the time.
NARRATOR: If you become a target, how much could you lose? My entire digital life was wiped out: every device, everything I had, almost all of it completely deleted.
NARRATOR: Now, computer hacking is rising to a whole other level.
A new generation of cyber weapons aren't just for stealing your credit cards ERIC CHIEN: My mouth was wide open going, "Oh, my God, oh, my God, oh, my God!" NARRATOR: but are designed for mass destruction, targeting factories, water supplies, power grids, and now, they're on the loose.
SEAN McGURK: It was never intended to get in the wild, but unfortunately it did.
NARRATOR: It's a digital arms race, and the stakes couldn't be higher.
McGURK: This was a digital Pandora's box.
Once it was opened, you could not put the lid back on.
NARRATOR: How can we protect ourselves on this new battlefield? "Rise of the Hackers," right now on NOVA.
Major funding for NOVA is provided by the following: Supporting NOVA and promoting public understanding of science.
And by the Corporation for Public Broadcasting.
And by contributions to your PBS station from: And Millicent Bell, through: Additional funding from: NARRATOR: It's an intriguing group of scientists from many different backgrounds.
Some are experts in codes and code breaking.
Others are leading researchers in quantum physics.
A few are trying to build the world's most advanced computer.
But together, they're all taking on one common enemy: hackers.
The greatest threat today to the world is the keyboard.
In the past, it may have been nuclear weapons or weapons of mass destruction.
Today, we see that same level of capability being exercised by lone individuals using keyboards as opposed to bombs.
NARRATOR: Hackers are trying to devise ways to steal our money, our identities, our secrets.
But it's not just criminals.
Now we know that governments are in on the action, eavesdropping on an epic scale and even launching powerful cyber weapons.
In this murky world, can scientists harness the laws of physics and mathematics to protect us from the hackers? Mat Honan considers himself to be pretty savvy when it comes to security and the Internet, but recently, he discovered just how devious hackers can be.
The first clue that something bad was happening came when he tried to charge his phone.
When I went to plug it in, the phone had this icon on it, an iTunes icon and a plug.
And so I went to connect it to my computer, and when I opened up my computer, the screen turned grey and it asked for a four-digit pin, and I knew I didn't have a four-digit pin.
I hadn't set up a four-digit pin.
I grabbed my iPad out of my bag, and my iPad was also in this reset state that wanted a password to proceed, and the password that I knew should have worked didn't work.
At that point, I knew that I was being hacked.
That was pretty terrifying, you know? I didn't know what they were doing at this point.
I had no idea what their motivation was.
NARRATOR: The whole hack took less than 45 minutes.
HONAN: By 5:00, basically my entire digital life was wiped out.
My every device I owned, everything I had had been taken over and almost all of it completely deleted.
Just about every picture I'd ever taken of my daughter, old emails, emails from people who were no longer alive, all kinds of stuff that was very precious to me.
NARRATOR: Mat thought he was the victim of a classic hack: someone had repeatedly tried to crack his password and eventually succeeded.
He went online to write about what happened.
And then, unexpectedly, the hackers got in touch with him.
HONAN: They saw it.
They saw that I'd speculated that they had brute-forced my password, and this hacker got in touch with me to say, "No, that's not how we did it.
" And at that point, I basically tried to strike up a dialogue with them because I wanted to understand both how things had happened and why they had happened, and I basically made a deal that I wouldn't press charges if they told me how it was done.
I was angry, I was scared.
I mean, I was concerned.
I was a lot of things like that, but I also realized pretty quickly that this was an interesting story from a journalist's perspective.
NARRATOR: For Mat, it was personal, but also professional because he happens to be a writer for Wired magazine.
His hackers had discovered a series of loopholes in the Internet which, taken together, left him completely unprotected.
HONAN: It wasn't like they used some crazy cracking program to hack into all my stuff.
They didn't, you know, they didn't break my password.
They didn't break any encryption.
They didn't do any of that kind of stuff.
What they did was they socially engineered all of my accounts, and social engineering is basically just a fancy term for a con job.
Basically, you con your way into a company's or a person's security system by making them think that an attacker is actually a customer.
NARRATOR: The first step was to find a way of stealing his identity from one of his many online accounts.
Their way in was a simple phone call to the online shopping service Amazon.
They gave Amazon a fake credit card number and added it to my account, and they hung up.
They called Amazon back and they told them they were locked out of my account and gave them the credit card number they had just added to my account.
Once they did that, they were able to get a temporary password from Amazon.
NARRATOR: It was a simple deception, but effective.
The hackers now owned his Amazon account.
But they didn't go on a shopping spree.
What they were after were the last four numbers of his credit card to pull off the next stage of their con.
On those recent orders, they could see the last four digits of the credit card that I had used to pay.
At the time, Apple was using those last four digits as an identity verification method.
Once they had those, Apple gave them a password reset.
NARRATOR: They now owned Mat's Apple accounts, so they could access pretty much all of his digital life.
The ultimate prize was his Twitter account, @Mat.
For the hackers, a trophy.
And to keep this prize, with just a few clicks, they destroyed his digital life.
HONAN: My computer, my iPhone and my iPad, and they deleted my Google account so that I couldn't get back in there and, you know, kick them out of the Twitter account again.
It was an interesting chain.
They went from Amazon to Apple to Google to Twitter.
NARRATOR: These hackers knew the security flaws of the Net and how to use them, one after another, to pull off this con.
And they were just teenagers.
HONAN: It's just online vandalism.
They thought that this was going to be funny, and they were teenagers, and so they didn't think about the implications of deleting everything someone owns and how much kind of precious data you may have in your life.
You know, I mean, data's quite precious to people now.
It's valuable, and they didn't really see that.
NARRATOR: Once revealed, the loopholes involved in this hack were quickly closed.
But in the anonymous realm of the Internet, there will always be ways to steal someone's identity.
Using the Internet to take control of valuable data is now pretty routine.
And the victims aren't just individuals like Mat.
Hackers have stolen millions of credit card numbers from big companies like Target and Bank of America and broken into social media accounts.
But even this pales in comparison to what the big boys can do.
It was probably the most sophisticated hack in history, and it could have gone completely unexplained but for a small group of cyber-security sleuths, including Eric Chien and Liam O'Murchu.
O'MURCHU: Right from the word "go," there was just red flags going up everywhere.
You can really feel it.
Like, the hairs on the back of your neck stand up if it's, like, really something really, really big.
NARRATOR: As analysts for the giant cyber security firm Symantec, Eric and Liam investigate the viruses that pop up on computers around the world.
Most malicious software, or malware, they see is pretty run-of-the-mill.
But in July 2010, they started analyzing a baffling and crafty piece of code that another security company had just posted online: a virus nicknamed Stuxnet.
CHIEN: This was probably the biggest puzzle we'd ever seen.
There was no way we were going to step away until we understood what was happening with this particular piece of malware.
NARRATOR: At first, they had no idea of the significance of what had just landed on their desks.
They were just curious because Stuxnet contained something rare: a zero day exploit.
That's a weakness in a computer program or an operating system like Microsoft Windows that not even the software maker knows about.
CHIEN: Zero days are extremely uncommon.
You know, for Microsoft Windows, there was only 12 zero days in all of 2010.
Four of those 12 were inside of Stuxnet.
NARRATOR: It was the most sophisticated code they had ever seen.
CHIEN: And it was dense.
Every bit of code in there was code that was doing something.
NARRATOR: Much of it was written in a strange programming language.
CHIEN: What we discovered were features in this code that we just did not recognize.
We had no idea what it was, and we realized it was code for PLCs, programmable logic controllers, which are small computers that control, you know, factory equipment and things like power plants.
NARRATOR: Every time Stuxnet infected a new computer, it would start hunting for PLCs: devices that control machines.
Then it would fingerprint them.
Had to be the right model, had to have certain key magic numbers, had to have the right what's called peripherals or things attached to those PLCs, had to have basically the right hardware.
Once it found that, it would copy itself onto the PLCs and then just sit there for a while.
It would actually sit there for almost a month just watching what was going on, and it had to observe what it believed was a normal operation of the targeted plant, of the targeted facility.
Our first theory was this was actually trying to commit espionage.
It was trying to steal design documents in some sort of industrial control facility.
NARRATOR: But when they discovered where Stuxnet was spying, things took a more sinister turn.
CHIEN: Basically, when Stuxnet infects a machine, it contacts a server to say, "Look, I've infected a machine," and we were able to get access to the logs on those machines to find out where most of the infections were, and it was in Iran.
So that gave us a hint that it was trying to attack something in Iran.
NARRATOR: They found another piece of the puzzle when they realized two ID numbers in the code held huge significance.
CHIEN: And then in November, we got a tip-off from a guy in Holland who was an expert in the communication protocol between the PLCs and the peripherals that are attached to it, and he had mentioned, "Hey, you know, these peripherals, "they all have these magic IDs associated with them, and there's a catalogue that you can go look up these magic IDs.
" NARRATOR: It would turn out to be the defining moment of their investigation.
CHIEN: It was quite a moment.
I mean, Liam was searching online and I was actually just standing behind him watching what was coming up on the screen, and when it first came up, immediately there was I felt, like, a rush of blood to my face because I was like, "Oh, this is not good.
" (laughing) NARRATOR: They had discovered evidence of exactly what kind of machine Stuxnet was targeting.
CHIEN: My mouth literally dropped.
You know, people say it, but it literally dropped.
My mouth was, like, wide open going, "Oh, my God, oh, my God, oh, my God!" NARRATOR: The magic numbers were IDs for frequency converters, devices which change the speed of machinery, but these were specific models with a dedicated task.
They spin centrifuges in nuclear facilities.
It was just like, "Oh no, this is it.
It's uranium enrichment, it's nothing else.
" NARRATOR: By matching up clues from the code to data from the International Atomic Energy Agency, they could even narrow it down to one specific nuclear plant: a place called Natanz.
Iran was suspected to be secretly enriching uranium to develop nuclear weapons.
Stuxnet seemed to be designed to thwart such a plan in an attack that would unfold like this.
CHIEN: It would then basically try two attack mechanisms.
One is it would speed up the centrifuges to 1,410 hertz (whooshing) which would cause those aluminum tubes inside the centrifuges to vibrate uncontrollably and to shatter apart.
And the other was to lower the speed to two hertz.
So you can imagine a top, a kid's top that you spin.
When it gets really slow, it begins to wobble and fall over.
NARRATOR: As the centrifuges spun out of control, Stuxnet would guard against detection with a strategy straight out of the movies.
It's a clever con like you see in heist films such as Ocean's Eleven.
Here we go now.
NARRATOR: When the robbers want to rob a carefully watched vault, they seize control of the security cameras.
They patch in fake footage And we're up and running.
NARRATOR: The security guards are watching video previously recorded when all was well.
So the security guards don't realize they're currently robbing the safe.
NARRATOR: Meanwhile, behind the door, havoc reigns.
CHIEN: It's exactly what Stuxnet did, but sort of in this virtual computer environment.
NARRATOR: While Stuxnet was directing the centrifuges to spin at dangerous speeds, at the same time, it was playing back data that made it appear as if everything were operating normally.
But the final trick would come if the operators noticed something was wrong and tried to shut things down.
CHIEN: When they tried to hit their big red button, that would send a signal to those PLCs to tell the system to shut down gracefully, but Stuxnet infected those PLCs and cut off that signal and basically allow the attack to continue to operate.
NARRATOR: And it seems to have worked.
Stuxnet reportedly destroyed around 1,000 centrifuges, setting Iran's nuclear program back perhaps by several months.
But there's one important question left: Who built Stuxnet? I guess the realization for me was, like, this is not hackers in their basement who are doing this.
This is the big guns here who are doing this.
CHIEN: We don't have, unfortunately, any evidence that tells us if it's any particular country.
I would say that it's pretty clear to us it's, you know, at the level of a nation state and pretty clear it's someone who is not an ally of Iran.
O'MURCHU: And politically motivated to stop uranium enrichment in Iran, so that narrows it down, pretty much narrows it down.
NARRATOR: No nation has officially admitted to being behind it, but it's been widely reported that Stuxnet was built by the U.
S.
with help from Israel, something that neither country has denied.
Eric and Liam had played a vital role in taking apart and understanding the world's first cyber-weapon.
CHIEN: Stuxnet was definitely a seminal moment.
It really opened Pandora's box.
Before Stuxnet occurred, people weren't really practically thinking about the existence of cyber-warfare, of malicious programs being able to literally blow things up, and Stuxnet now opened that door, and every country today is talking both about offense and defense now on nation to nation-state sort of cyber-warfare.
NARRATOR: In today's digital world, no one's quite sure who is hacking who whether it's criminals, teenagers or even governments.
But with so much at stake, it's not surprising that some of the most inventive minds in science are trying to make the digital realm secure, hoping to stay one step ahead of the hackers.
(water dripping) (siren blaring in distance) NARRATOR: This man spends much of his time trying to understand the murky world of the Internet.
He's worked with some of the world's largest and most secretive organizations, trying to protect their secrets.
He started out as a mathematician and became fascinated with the world of codes and code breaking.
JAMES LYNE: We've never actually been at a time where codes were more important.
Almost everything you do today uses a code.
Every time you log onto an Internet service like Twitter or Facebook and send your password, every time you log into Internet banking, all of that information is protected using encryption code.
NARRATOR: Codes have long intrigued mathematicians because they are some of the most beautiful and addictive problems they can wrestle with, and at the heart of almost everything we do on the Web is a special kind of number: a prime number.
We're surrounded by primes every day, numbers like seven and 13.
What's so special about them is they can only be divided by themselves and by one, but what makes them so important to codes is when you combine two of them.
If you take two prime numbers and multiply them together, you get something called a semiprime.
What's interesting about semiprimes is that it is really difficult to calculate the numbers that could have been multiplied together to form them to get back to the original values.
NARRATOR: Here's an example: if you multiply two primes, like 11 and 13, you get 143.
That's the easy part.
But if you're given 143 and you've got to figure out the two original primes, the only way is by trial and error.
That's harder.
Easy multiplication one way and hard the other.
NARRATOR: This is the key to many Internet codes.
You can make a big semi-prime very quickly, but trying to calculate the two primes that it's made of takes a very long time.
So it's a bit like unfrying an egg.
Easy one way, really hard the other.
NARRATOR: And the bigger the number, the longer it takes.
It takes mere seconds to go one way, but the other way would take thousands of computers millions of years.
NARRATOR: It's a problem many of us take advantage of every day when we buy something online.
An online store's website will take two secret prime numbers and multiply them, resulting in a big semiprime, which is used to create a public key.
The website then uses this key to scramble your credit card details, encrypting them before they travel from your computer over the Internet.
If someone steals that data in transit, they won't be able to unscramble the information unless they know the private key, which is based on the original prime numbers.
This key is private and secure because it would take longer than the age of the universe for any hacker to figure it out.
This system of public and private keys is known as the RSA algorithm, named after the three mathematicians who first published it: Rivest, Shamir and Adleman.
LYNE: So that beautiful piece of mathematics has fundamentally changed the world around us.
Without this technology, without the ability to form these connections, Internet banking, social media, stock trading, all the things we take for granted online fundamentally wouldn't work.
Our information would be far too accessible to any prying neighbor.
NARRATOR: It's made the hunt for very, very large prime numbers one of the most important quests in the field of mathematics.
And here's the current largest, all 5,000 pages of it.
17 and a half million digits.
A very big prime number indeed.
NARRATOR: Yet divisible only by itself and 1.
But as prime numbers get bigger, so do the computers trying to crack them.
LYNE: All the time, computers are gaining in power.
All the time, new mathematical methods are being discovered.
So far, we've stayed ahead of the code crackers, but that could just be a matter of time.
NARRATOR: Codes like RSA are effectively uncrackable because however powerful today's PCs are, they can only process one computation at a time.
But now, scientists are working on a new form of computer that harnesses the most complex physics in the universe.
The world we are all used to is a fairly reassuring place.
The laws of physics mean we can know where things are, how fast they're moving, and predict where they're going to go.
But as things get smaller-- a lot smaller-- they also get a whole lot weirder as you enter the world of quantum mechanics.
ERIK LUCERO: Quantum is like trying to see music.
It's like even trying to hear color, right? It's very weird.
NARRATOR: It's the world that Erik Lucero studies every day.
Take a single grain of sand, and in that single grain of sand, there are billions and billions of atoms, and what we're interested in is looking at what happens with a single atom.
These kinds of scales are where nature shows itself in a completely different way, and that is this, in quantum mechanical nature.
NARRATOR: The laws of quantum physics have baffled the greatest scientists, even Einstein.
At the smallest scales, the idea that we can know exactly where anything is starts to break down.
The mathematics that describes the world of the very small means things can be in many places at the same time.
LUCERO: One of the very important features of quantum mechanics is this idea of superposition, and superposition is the idea that a particle can be both in one place or another place at the same time.
We speak about it even in a binary sense, like of zero or one.
It can be both zero and one at the same time, which is a very odd idea.
NARRATOR: Superposition means that objects have no fixed location.
They really are in several places all at the same time.
These ideas may be mind-bogglingly weird, but they can also be very useful.
And for Erik, they may be a way to crack the world's most powerful codes.
Here at the University of California at Santa Barbara, Erik has constructed a machine that operates within this fantastical world.
Nice, this looks great.
NARRATOR: He's harnessed this quantum weirdness to design a computer chip, a processor, that could be the first big step in creating the ultimate code-cracking machine.
But first, it has to get very, very cold.
LUCERO: We have a dilution refrigerator, and this base plate right here is what gets a fraction above absolute zero, orders of magnitude colder than space.
NARRATOR: All of this machinery exists just to cool down the processor.
LUCERO: So inside of this specially engineered box, we have a quantum processor.
It's a solid-state quantum processor.
On this chip, there are four qubits, and the qubits themselves are what are doing, performing the calculation.
NARRATOR: Classical computers use data in the form of bits, each a zero or a one.
Even with parallel processors tackling a problem at the same time, at the most basic level of computing, there is always a zero or a one.
But a quantum bit, called a qubit, uses the feature of quantum physics that means things can be in two places at once.
It can be a zero and a one, all at the same time.
This gives the quantum processor the power to do many calculations simultaneously.
LUCERO: We mount this quantum processor onto the base plate here, and we then make all these electrical connections, and then we're able to move the quantum information all around that chip and then actually extract the answer.
From a scientist's point of view, it's a very exciting tool that we could probe nature.
NARRATOR: But it's so fast that it could also eventually break the codes that now protect much of our secret data.
To prove it in principle, Erik set out to use his processor to find the two prime numbers, the factors, of a small semiprime.
LUCERO: And so it's sort of at the level of technology that I would say is maybe like an Atari, right? It's kind of eight-bit technology, and it was a very kind of neat toy problem in that we tried to find, using a quantum processor, the factors of 15.
And I'll let everyone kind of think about that for a minute, but that is probably something that we all can do even in grade school, and it took me seven years to get my physics Ph.
D.
to do that with a quantum processor.
NARRATOR: What's remarkable is not the answer but the way the processor does it.
The quantum chip considers every possible solution all at the same time, instead of sequentially.
And you collapse into this one answer that will actually be the answer you're after, right, which is a huge speed-up that you kind of explore all of these possible places and possible answers and you get the one that you want.
And we learn, yes, indeed, 15 equals three times five.
NARRATOR: If the same could be done with giant prime numbers, then quantum computing has the potential to smash the codes that protect the Internet in the form of RSA encryption.
It blows the doors off of RSA encryption, right? All we need is more and more qubits.
We just need a larger quantum computer.
Really, all that's left to do is to scale up this particular architecture.
It's a big task, and there's a lot of very bright people that are all working towards that, and I think that what's exciting is it really puts kind of a milestone in the ground about where things are and kind of what we need to do next.
WOMAN: You do realize you've broken the Internet now? (laughing) Oh, yeah, I'm sorry about that.
NARRATOR: For now at least, the Web survives.
But if quantum computing holds the possibility of someday breaking the world's most secure codes, it may also provide an even cleverer way of keeping secrets safe.
(funk music playing) SETH LLOYD: Quantum mechanics is funky in a kind of James Brown kind of way.
Very, very funky.
It's strange and counterintuitive.
NARRATOR: Seth Lloyd co-directs the Center for Extreme Quantum Information Theory at MIT.
It's sometimes hard to appreciate just how extreme.
LLOYD: Quantum computers are particularly fine for teasing out the subtle interactions between atoms and molecules and elementary particles, so for simulating what happens as a black hole collapses or, for that matter, a recent experiment that we did to actually implement a version of time travel.
So you can use quantum computers for all kinds of exciting things.
NARRATOR: And you can use the laws of quantum physics to create the ultimate way of sharing secrets.
Current codes that are used to send information securely over the Internet are called public key codes, and they could be broken by a quantum computer.
But quantum mechanics also supplies methods for communicating securely in a way that's guaranteed by the laws of physics, so these methods go under the name of quantum cryptography.
NARRATOR: It's really a way of telling if someone is eavesdropping on your conversations.
In the weird world of the very small, things can be in more than one place at once.
But all that changes the moment you actually look and measure where something is.
It's known as the observer effect.
LLOYD: One of the basic principles about quantum mechanics is that when you look at something, you change it.
And this simple feature allows you to communicate in a way that's provably secure.
NARRATOR: But the reason it's useful is that this theory applies to a photon of light which can be used to carry a message: a one or a zero.
It means that if you are sending a quantum message, you can tell if someone else is observing it-- if there is an eavesdropper on the line.
A good way to understand quantum cryptography is to think of three people: Alice, Bob and Eve.
Alice wants to send secret information to Bob, and Eve wants to listen in-- to "Eves-drop.
" Alice takes her information, a string of zeros and ones, or bits, and encodes them on photons, particles of light.
The encoding is done in such a way that Eve, if she looks at these photons, will inevitably mess them up.
She'll change them in a way that Alice and Bob can figure out.
So after Alice has sent the photons to Bob, she and Bob can confer to find out which photons have been tampered with.
The photons that haven't been tampered with, the pristine photons, now constitute a secret key shared only by Alice and Bob, whose security is guaranteed by the laws of physics.
NARRATOR: Alice and Bob now have a secret code word, one they know no one had listened to, which they and only they know.
And they can use this code word to send their messages.
This system, using the behavior of some of the smallest particles in the universe, is already being used.
Quantum cryptography is already used by folks who want extreme security, by banks and by agencies whose job is to protect information, and nowadays, there are a number of commercial companies that actually build quantum cryptographic systems, and for a fee, you too can communicate in complete and utter privacy guaranteed by the laws of quantum mechanics.
NARRATOR: But whatever the technology, all codes ultimately have one very human vulnerability.
LLOYD: No matter what you do with quantum cryptography or any cryptographic system, they're always going to be, you know They're always going to be susceptible to a kind of attack where Eve ties up Alice and imitates her so when Bob thinks he's communicating with Alice, he's actually communicating with Eve.
NARRATOR: So even if you can't crack a code yourself, it may be possible to pull off an inside job either by spying or buying secrets.
Perhaps the greatest vulnerability for anyone trying to keep a secret isn't the science, but us.
So out there, are scientists thinking dark, paranoid thoughts, imagining a future where every computer in the universe is infected: your phone, your laptop, your work or bank? In this nightmare scenario, the thing that scares people most is not knowing who is at the other end.
On the surface, Patrick Lincoln's real life may appear rather peaceful.
But the world that he spends his life imagining is one in which threats lurk around every corner.
LINCOLN: If you think of it as a neighborhood and asking how often are ne'er-do-wells coming by to rattle the door, trying the door knob to see if they can get into your house.
In the digital world, they're rattling at door knobs all the time.
And therefore, I think it is appropriate for us to start to be paranoid about what devices can we really trust our personal, private, corporate information to, and in the end, moving to an ultra-paranoid mindset where I can't trust any one device.
NARRATOR: He's a leading researcher in a field called ultra-paranoid computing.
LINCOLN: Ultra-paranoid computing is taking a point of view that no one machine is something you can count on completely.
NARRATOR: In the past, we've relied on the unique details in a human fingerprint the unique quality of an iris.
But even these things can be stolen.
LINCOLN: Unfortunately, those systems are subject to theft or copying, so folks can copy a fingerprint and make something that fools a fingerprint reader, even making copies of irises.
Photographs in some cases can fool iris scanners.
So those are imperfect ways to try to authenticate that the user is who they say they are.
NARRATOR: So Patrick turned to a part of the body that no one can steal.
He started exploring whether he could implant a password into an unconscious portion of the mind.
Modern cognitive science has found portions of the brain that are able to record sequence information like muscle memory, the way you learn to ride a bike or the way to learn to play a musical instrument, that allows one to remember long sequences but not necessarily have conscious access to details of the inside information in that sequence.
What is the 13th note of Beethoven's symphony? Even if you can play the symphony on a violin, you may need to start at the beginning in order to have your muscle memory continue through to that note and then reveal it.
NARRATOR: But how do you get a password in there? (heavy metal music playing) Now Patrick's dark imaginings are taking shape.
In this paranoid world, it hasn't been easy to find a way of logging on.
But Daniel Sanchez is part of a research team that may have found an intriguing solution.
SANCHEZ: We have a guitar interface that's based off of popular rhythm video games that people play, and essentially what this is is these keys correspond to the four different targets on the screen.
NARRATOR: As circles fall across the screen in four columns, the player tries to press corresponding buttons or keys on the guitar at precisely the moment that each circle passes through its target.
The game looks utterly random, but the order of circles is actually carefully programmed in a pattern-- a sequence of 30 keystrokes-- that repeats over 100 times.
Your conscious mind can't pick it out.
But as you repeat the sequence, your subconscious recognizes it, imprinting a unique "muscle memory" in your brain.
You gradually get better and better at performing the sequence.
SANCHEZ: Now what we're doing is the sequence is repeating, we don't tell people the sequence is repeating, and as they perform it over and over again, they become able to perform a sequence even though they don't know that they're learning it.
So that's how we're able to sort of store information in people's brains without them knowing it's being stored there.
NARRATOR: After 45 minutes, your improved performance on that sequence becomes your subliminal password, embedded in your muscle memory by the basal ganglia, a deep unconscious part of the brain.
To prove your identity, you play along with the same task as before, but this time, you're actually playing your password in your own signature style.
SANCHEZ: So essentially what someone would do is sit down at a computer and start performing it, and what the computer does is it takes that data and it will look at their performance on the trained sequence versus novel sequences they've never performed before, and you could use that information to say this participant knows that particular data or knows that particular information.
Therefore, it's Bob.
You would have to know nothing else about them.
It's simply their performance and their motor abilities that can tell you who they are based on what they know.
NARRATOR: It may seem strange, but this could be how you log on in a paranoid future: with a password you have learned through practice that only your subconscious knows.
SANCHEZ: After this entire protocol is done, a participant will leave the lab knowing something they don't know that they know.
That's the password or the information that we're able to store that they can't divulge to anyone else.
NARRATOR: Right now, we are in the grip of a new arms race.
On one side, the code-makers and scientists, defenders of our digital lives.
On the other side, the hackers are becoming ever more devious.
Quantum physics and ultra-paranoid computing are just the latest places where this battle is being fought out.
But it is one that is constantly shifting.
And perhaps the greatest danger we face doesn't come from any one computer but from the giant networks of interconnected computers that run the most complex systems on the planet, from power grids to banking systems to transportation networks.
Today, these are all vulnerable in an entirely new way.
Sean McGurk works to protect America's complex networks like power stations and water companies from the hackers.
McGURK: They can hack into transportation networks, into computer networks, emergency communications networks, even air transportation are all susceptible to the hackers today.
NARRATOR: It's Sean's job to try and find the unexpected weak points that an attacker could exploit to get into these networks.
McGURK: What we look at as far as vulnerabilities are concerned are really three things: people, processes and technology.
The technology is great.
The encryption is great.
It's very difficult to break.
It takes a tremendous amount of computing capability.
But the bottom line is a person can circumvent any layer of security simply by their actions.
NARRATOR: So in spite of the complex and sophisticated technology, once again, it's people who are the weak link.
Even if computers are cut off from the Internet, hackers can find a way to get their viruses inside.
All it takes is something costing just a few dollars, like a USB thumb drive, and a person to attach it to the targeted computer.
McGURK: Removable media is one of the largest security challenges that we face today simply because it comes in so many different shapes and sizes, so many different forms, and people are unfamiliar with its capabilities.
They believe that it's just used for storing files, but unfortunately it can also be used to introduce malicious code into a network environment.
NARRATOR: It may seem unlikely that such a simple tactic would be effective, so it's one that Sean was asked by the U.
S.
government to test.
McGURK: When we took a USB stick that had a corporate logo on it and placed it in a public area, we had between a 70% and 80% assurance that someone would take that device and insert it in the corporate network.
When we did the experiment with a CD-ROM that had the year and pay and compensation tables, just written with a sharpie on the disc, we had almost a 100% guarantee that that piece of media, that CD, would be introduced into a corporate environment.
NARRATOR: And it is this tactic-- using a removable media device like a USB drive-- which may have launched one of the world's most powerful cyber-weapons: Stuxnet.
Starting in 2009, this sophisticated piece of malware struck at a uranium enrichment plant in Iran, causing significant damage.
(alarm blaring) This nuclear facility at Natanz was in a highly secure environment, cut off from the Internet, but still vulnerable to someone bringing a removable device into the plant.
With the help of one or more spies and even unwitting accomplices, perhaps this simple action unleashed the power of Stuxnet.
McGURK: The challenge with Stuxnet was it didn't take advantage or try to break any of the encryption or the security boundaries because it actually exploited the natural communications capability of the network.
So when you plug devices together, they want to identify each other.
That's part of this plug-and-play technology that we use today, so these particular individuals took advantage of that.
They wrote the code to actually insert into a network environment inside the security perimeter, so you were already within the walls of the keep, if you will.
And then it just used the natural communications capability of the network and it moved from computer to computer until it found specifically what it was looking for.
NARRATOR: But nothing in this world of high stakes hacking is quite as simple as it seems.
Because Stuxnet has escaped.
It has now been found outside its intended target.
ERIC CHIEN: What's interesting about Stuxnet and how we were able to discover it to begin with is that it didn't just target machines in Iran.
It didn't just target machines in the Natanz facility.
Stuxnet has an ability to spread to any machine, any Windows machine across the world.
NARRATOR: It has now infected more than 100,000 machines.
McGURK: It was never intended to get in the wild, but unfortunately once it did get into the wild, it demonstrated a level of sophistication and capability that up to that point no one had taken advantage of.
This was truly a digital Pandora's box.
Once it was opened, you could not put the lid back on.
NARRATOR: Today, Stuxnet is out in the public domain.
And now, this sophisticated weapon offers a blueprint for cyber warfare: a way to target the computers that run machines, to control our water distribution, our power grids, our transportation systems.
In other words, the machines that run our world.
McGURK: You could take the modules which are most effective for you and actually repurpose them or retool them and launch them against a private company, an individual, potentially a host nation.
It just depends on what your intent and what your desire is.
NARRATOR: It highlights the risks of creating these sorts of weapons, that they may indeed become uncontrollable and even be used against the nations that developed them.
There's nothing new about codes and trying to keep secrets.
But the advent of global digital communications has created a new battleground without borders one where mischievous teenagers, nation states and organized criminals go head-to-head as equals.
This murky world is set to become the defining battleground of the 21st century.
The investigation continues online.
Take cyber security into your own hands on the NOVA Labs website.
Learn how to keep your digital life safe, spot cyber security scams and defend against cyber attacks in our cyber security game at pbs.
org/nova/labs.
Also, watch original video shorts, explore in-depth reporting, and dive into interactives.
Find us at pbs.
org/nova.
Follow us on Facebook and Twitter.
This NOVA program is available on DVD To order, visit SHOP PBS.
org or call 1-800-PLAY-PBS NOVA is also available for download on ITunes