Nova (1974) s43e04 Episode Script
Cyberwar Threat
NARRATOR: Will the next devastating attack against the United States be delivered with the tap of a key? RICHARD CLARKE: Instead of bullets and bombs, you use bits and bytes.
NARRATOR: Using only a computer, a terrorist or a nation can attack critical infrastructure like the power grid.
KIM ZETTER: That could result in a blackout for the majority of the U.
S.
that could last weeks or months.
NARRATOR: The enemies are anonymous.
Their reach is global.
As internet connections multiply so does the threat.
DAVID ROTHKOPF: Imagine a world with 50 billion microprocessors attached to the Internet.
That's 50 billion points of attack.
NARRATOR: The targets are everywhere.
YOSHI KOHNO: Computers are permeating our environments.
There are potential security risks anywhere there is one of these computing devices.
And we'll be applying your brakes shortly.
NARRATOR: Even in your car.
KOHNO: Right about now.
(car screeches) Yeah, that worked.
NARRATOR: Cyber weapons have already been unleashed.
ERIC CHIEN: It was the first real cyber sabotage that affected the real world.
MICHAEL HAYDEN: Somebody has used an entirely new class of weapon to affect destruction.
NARRATOR: Is it too late to put the genie back in the bottle? When we put the little evil virus in the big pool, it tends to escape and go Jurassic Park on us.
NARRATOR: Can we survive the "Cyber War Threat"? Right now, on NOVA.
Major funding for NOVA is provided by the following Shouldn't what makes each of us unique Supporting NOVA and promoting public understanding of science.
And the Corporation for Public Broadcasting.
And by PBS viewers like you.
Thank you.
Millicent Bell, through the Millicent and Eugene Bell Foundation.
And the George D.
Smith Fund.
Additional funding from the Montgomery Family Foundation.
NARRATOR: The Sayano-Shushenskaya dam in remote Siberia-- the ninth largest hydroelectric plant on earth and the scene of a catastrophic event that may foreshadow the future of war.
On August 17, 2009, all seems normal in the power plant at the base of the dam.
30 million tons of water pressure spin massive turbines generating more than 6,000 megawatts of electric power.
Suddenly, without warning, something goes terribly wrong.
(loud bang) A plume of water.
(loud bang) Followed by a wave of destruction.
(screaming) In the end, 75 people perish.
In the aftermath, a hellish vision.
One of the 1,500-ton turbines had burst through the floor, rocketing 50 feet into the air (loud bang) Punching a hole in the base of the dam.
Investigators eventually identify poor maintenance and worn anchor bolts as the cause.
But at first, this scenario-- a machine self-destructing with lethal consequences-- led some to wonder if this might be a new kind of sabotage, one that targets the computers in our most critical machines, sending them out of control in a cyber-era attack.
We're living in an era now where we have to wonder whether people can cause damage with computer code that before they could only cause with a bomb.
NARRATOR: Computer code that could even be delivered anonymously over the internet.
We think of the Web as an indispensable tool that delivers the world to our doorstep.
But it's also a wide-open conduit for attack.
We've learned to live with cyber crime-- identity theft, credit card fraud, hacking, and stealing personal information.
But now there's a threat that's much more frightening and destructive.
CLARKE: You can get into a network which has control of some physical thing.
Think about a pipeline, for example.
You get into that network which controls the pipeline, and you can cause the pipeline to explode (explosion) just as though it were attacked by a kinetic weapon.
(explosion) NARRATOR: And traditional kinetic, physical weapons may be impotent against a cyber attack.
Because digital weapons can be anonymous and instantaneous-- no reports of troop movements to signal a threat or air raid sirens to give warning.
Just a sudden, out-of-the-blue digital takedown of dams, power plants, factories, air traffic control, the financial system, and more.
Instead of bullets and bombs, you use bits and bytes.
NARRATOR: We are in a digital arms race against nations, hackers, and terrorists.
Cyber is the poor man's atom bomb.
(explosion) NARRATOR: Welcome to the frightening new world of cyber war.
In the United States, the command center for cyber operations is here, at the ultra-secret National Security Agency in Fort Meade, Maryland.
Some joke NSA should stand for "No Such Agency.
" For most of its history, the NSA was so shrouded in secrecy, most Americans didn't even know it existed.
But that all changed in 2013 when whistleblower Edward Snowden walked out the door with a huge cache of top-secret documents.
I've been following NSA for 30 years or so and every now and then there's a little leak here, a little leak there, but nothing like this.
This is extraordinary.
Hundreds of thousands of documents released all at once.
NARRATOR: Some of them famously revealed the existence of programs that empower the NSA programs to spy on Americans citizens by collecting emails, phone calls, and other personal data.
What we've seen over the last decade is we've seen a departure from sort of the traditional work of the National Security Agency.
They've become the National Hacking Agency.
NARRATOR: Other documents reveal that the agency is moving into new territory, developing offensive weapons to penetrate global networks in preparation for launching cyber attacks.
That's a far cry from the original mission intended by President Truman in 1952.
In those days, the NSA was all ears.
Its listening posts eavesdropped on foreign radio, and satellite transmissions and tapped underwater telephone cables.
HAYDEN: Traditional signals intelligence was fairly passive.
It was an antenna or an alligator clip, and you had to wait for somebody to send a message, and you hope you're fortunate enough to be in the right place at the right time.
NARRATOR: But then the digital revolution and the internet gave the NSA new powers and a way to hack into distant computer networks.
HAYDEN: In the cyber domain, you didn't have to wait for them to send a message.
You could commute to their target.
You could commute to where the information was stored and extract it from that network, even if they never intended to transmit it.
NARRATOR: Today, the agency appears to have transformed from a passive listener into an active spy.
Able to infiltrate, steal, and, when necessary, attack in cyberspace.
General Michael Hayden helped shape that transformation beginning in 1999 when he became director.
I get to Fort Meade about the turn of the millennium, we're focused on cyber.
Cyber is espionage, but also the potential of cyber as a weapon, computer network attack.
NARRATOR: Then came 9/11, and President George W.
Bush ordered the NSA to begin planning in earnest for offensive cyber war.
Eventually, to meet that need, the military created a new strategic unit, a partner to the NSA called Cyber Command.
Its mission: to go beyond espionage using computers as weapons.
Site M is the cover name for its massive new headquarters.
It will eventually cover more than a million square feet, enough to add to NSA's headquarters complex some 14 new buildings and thousands of additional staff.
Plus a $1.
5 billion data center in Utah.
By 2010, Cyber Command was ready for action.
About the same time that the world got a glimpse of the first true cyber weapon, a surprisingly destructive computer worm, a self-replicating program that came to be called Stuxnet.
Stuxnet is what we consider the first confirmed digital weapon and the first act of cyber warfare.
NARRATOR: Stuxnet first showed up infecting desktop computers and laptops in Iran and the Near East, but it soon spread further, using the internet to copy itself from system to system.
Eventually it ended up in the crosshairs of Symantec, maker of anti-virus security software.
There it grabbed the attention of security experts Liam O'Murchu and Eric Chien.
Right away they saw that Stuxnet was more complicated than any other malicious software, so-called malware.
CHIEN: We had never seen a threat that was so large and so dense.
I mean this threat was maybe 20 times the normal size of any threat that we had seen before.
Normally, we can analyze malware in a very short period of time, from five minutes maybe up to a week.
But with Stuxnet, we spent six months.
NARRATOR: With computer users around the world sending millions of suspicious pieces of malware to Symantec's server farm, Eric and Liam get to examine a huge variety.
But nearly all of them have one thing in common: they're all programs that try to worm themselves into an unwitting computer and hide.
Most people don't realize that when they use their computer for browsing the web or checking their email there is a lot more going on in the background, lots of hidden programs.
For the most part, they're never seen.
NARRATOR: Bringing up a list of these programs reveals unfamiliar names.
They come and go as needed and there can be dozens running at any given time.
Some carry out simple tasks deep in the computer's operating system, hidden from view.
Others are complex and obvious, the applications we see running on our screens.
They all co-exist, sharing the computer's memory and constantly communicating with each other like a digital ecosystem.
Hackers or attackers take advantage of all of these hidden programs on your computer by hiding their malicious software, otherwise known as malware, in and amongst them so that you don't even notice.
NARRATOR: The first challenge for an attacker is to get the malware installed on the victim's computer.
A common ploy is to trick users into doing it themselves.
One way hackers are able to do this is by simply sending you an email with a legitimate document inside.
NARRATOR: Even though the document doesn't look suspicious, it actually contains malicious computer code.
Liam plays the part of the victim.
So, first thing in the morning, I'm going to log into my email and check if I have anything new.
So I have received an email about open enrollment for my benefits, and even though I don't know who the sender is I'm going to open this up.
NARRATOR: Downloading and opening the booby-trapped document generates an error message.
(dings) But what the victim doesn't realize is that clicking on it also invisibly installs malware onto the computer.
CHIEN: Once my victim opens up that document, that secret computer code inside has started to run on his computer without him even knowing it and it's connected back to my computer to a program that I'm running called Nuclear RAT.
NARRATOR: Stealthy programs like this allow for a shocking behind-the-lines invasion where the attacker can spy or disrupt at will.
CHIEN: I can even take screenshots of his computer and watch all of his keystrokes via something called a key logger.
He's logging in to his email right now and I can actually get his username and his password.
Not only that, but we can also get video by turning on the webcam and I can actually see what my victim looks like, all without him knowing.
NARRATOR: Nuclear RAT takes advantage of a well-known weakness in computers with the Windows operating system.
And security experts have devised defenses against it.
But when Liam and Eric looked at Stuxnet, they saw that the program was taking advantage of a weakness that no one had ever seen before.
It's what hackers refer to as a zero-day exploit.
ZETTER: A zero-day exploit is malicious code that is used against a vulnerability that is at the time unknown to the vendor and unknown to antivirus companies.
Because it's unknown, the vendor can't patch it and antivirus companies don't have signatures to detect it.
NARRATOR: In other words, it's a flaw that has been detected and fixed for "zero days," meaning not at all.
Stuxnet used a zero-day to take advantage of a vulnerability related to USB thumb drives, also called memory sticks.
Plugging in a Stuxnet-infected thumb drive causes the program to copy itself onto the target computer without the user's knowledge.
Zero-days are extremely hard to find and can command huge sums on illicit markets.
Your average threat doesn't use any zero-days at all.
NARRATOR: But Stuxnet represented a major investment by someone.
ZETTER: At the time that Stuxnet was launched, zero-days weren't used that often in attacks.
Stuxnet used five zero-days, and that was really remarkable.
NARRATOR: And still Stuxnet had an even bigger surprise in store: its purpose.
CHIEN: What's its payload? What's its motivation? What's it actually going to do when it's on your system? And it wasn't until November of 2010 we really uncovered its primary motivation.
NARRATOR: The first clue came from a close examination of Stuxnet's computer code-- all 15,000 lines of it.
O'MURCHU: When we looked inside the code, we saw the name of a German industrial control equipment manufacturer.
We saw Siemens in there.
NARRATOR: Siemens makes factory automation equipment.
Also in the code was a reference to a specific model number of one of its products, a mysterious device called a PLC.
CHIEN: I didn't even know what a PLC was.
I had to Google for what is a PLC.
That even baseline knowledge, we just did not have.
NARRATOR: What they learned is that a PLC is a programmable logic controller-- some kind of computer used in industry.
CHIEN: We basically ordered one off an auction site.
And I was expecting something the size of a mini refrigerator to show up, something you might see in a university dorm room.
But instead, what showed up was one of these: a tiny, tiny box that basically has a mini computer inside that controls things like the power grid, pipelines, factories that are building cars.
So PLCs are kind of the unsung component that makes the world go round.
They are used to make elevators go up and down.
They are used in chemical plants, they control the recipe that gets put into drugs and chemicals.
They control water distribution plants.
They're used in the electrical grid to control equipment.
They're used surprisingly in NASDAQ, in the trading systems.
They're used in traffic lights.
They're used to control trains.
So you can see that these components are really crucial and these systems were never created with security in mind.
NARRATOR: So what was Stuxnet ultimately after? The answer was discovered in Hamburg, Germany, by a security expert.
I had let's just say, 20 or 30 "holy cow" moments.
What really blew my mind was to see from day one how sophisticated the thing was.
NARRATOR: When he examined the code, Ralph Langner saw that Stuxnet was not designed to tamper with Siemens PLCs wherever it found them.
It was hunting for specialized equipment in a specific configuration, likely targeting a single factory.
I was like, "Holy cow, this is a targeted attack?" And certainly we started to wonder, "Wow, somebody's writing the most sophisticated worm "that we have ever seen only to hit one target? That must be quite a significant target.
" NARRATOR: But where? Stuxnet had come to the attention of the world when a security expert found it infecting a client's malfunctioning computer located in Iran.
He then shared it with other experts.
For Langner, the apparent epicenter of that original outbreak proved a vital clue.
LANGER: In Iran, you don't have an awful lot of significant industrial facilities.
Then the number of potential targets that could be worth such an effort shrinks down to just a few.
And certainly the one potential target that popped up was the Iranian nuclear program.
NARRATOR: Langner turned his attention to two known nuclear facilities in Iran: a power plant at Bushehr, and an enrichment plant at Natanz.
Natanz is an underground, fortified facility, housing cylindrical centrifuges used to isolate a rare form of uranium, a precursor to fueling a power plant or making a nuclear weapon.
The machines spin at very high speed with little room for error, and their motors and safety systems are under the control of PLCs.
Examining photos from Natanz made public by Iran's press office, and comparing the equipment in them to the computer worm's code helped confirm the identity of the target.
LANGNER: At the end of 2010, we were able to show 100% proof that we had a complete match from the attack codes with the configuration of the enrichment cascades in Natanz.
NARRATOR: This was conclusive proof that a computer virus has been unleashed against a military target.
A true digital weapon.
Langner circulated his discovery among other security experts, who were stunned.
CHIEN: We weren't just protecting 16-digit credit card numbers, but potentially stumbling into something that had geopolitical implications.
NARRATOR: But they still didn't understand how the weapon worked.
So Eric and Liam set out to hack their own PLC.
So here, I have a PLC, a programmable logic controller.
This model is a Siemens S300, and that's the exact same model that was targeted by Stuxnet.
Inside the PLC, there's a small computer, and it's used for controlling equipment in the real world like conveyor belts, motors, and, in this case, I have an air pump.
NARRATOR: Turning the knob starts a program that turns on the pump, waits three seconds and then turns it off.
What Stuxnet did was it targeted this PLC.
And even though you'd download a program that says "operate an air pump for three seconds," in the background, Stuxnet changes that code.
It intercepts your request and it puts malicious code onto the PLC instead.
NARRATOR: Liam has infected the laptop with a Stuxnet-like virus.
So now when he loads his program onto the PLC the virus steps in.
(machine whirring) And something goes very wrong.
(popping) In this case, we popped a balloon, but imagine if that was a gas pipeline or a power plant.
That's what's at stake in cyber attacks like this.
NARRATOR: Finally they understood enough to reconstruct the attack.
The Natanz plant was not connected to the internet-- a security measure.
That explained why Stuxnet was designed to copy itself via thumb drives, which could be plugged into a computer on the internal network by a spy or an unwitting plant worker.
Once on the plant's internal network of computers, Stuxnet would search for PLCs in control of centrifuges.
When it found a target, it would lie in wait for weeks.
But then Stuxnet would begin tampering with the centrifuges, causing them to gradually speed up and slow down, operating out of safe limits until they broke.
It's not clear how long Stuxnet was active.
But according to international nuclear regulatory authorities, 1,000 centrifuges mysteriously failed over five months.
There's no evidence the Iranians even knew that they were under attack.
But eventually the worm escaped, spread using the internet, and was spotted and decoded by security experts.
Suddenly the stakes in cyber security had gone way up.
O'MURCHU: I'm looking at a piece of code that could blow something up in Iran.
It was very, very scary to realize that that's the destruction that's possible now with this type of software.
It was the first real cyber sabotage threat that we've ever seen that affected the real world.
NARRATOR: But unlike a traditional weapon-- a missile or a bomb-- (explosion) it's almost impossible to know for sure who launched it.
But its complexity was a big clue.
CHIEN: It was immediately obvious to us when we began looking at this code that this was not two kids in the basement in Kansas somewhere who had written this particular threat.
This was multiple teams with different expertise who had come together to create this one weapon.
It was very clear to us that this was at the level of a nation state.
HAYDEN: Someone-- probably a nation-state, because it's too hard to do from a garage or a basement-- just used a weapon comprised of ones and zeros during a time of peace to destroy what another nation could only describe as critical infrastructure.
LANGER: Who would have the motivation to do something against the Iranian nuclear program? Obviously not Venezuela.
I also say for somebody of my background-- director of CIA-- crashing 1,000 centrifuges at Natanz, almost an absolute good.
LANGNER: If you think about who would have the capabilities to launch such an attack of that sophistication, completely unprecedented, you would certainly think about the United States in the first place.
HAYDEN: I say with great sincerity that it would be irresponsible for someone of my background to even speculate who may have done this.
NARRATOR: In June 2012, the New York Times reported that Stuxnet was created jointly by the NSA and Israeli intelligence.
Then, in apparent retaliation, the Saudi oil company Aramco was hit with a computer virus in August 2012.
They sent what's called a wiper virus, which is actually sort of a Fisher-Price, baby's first hack kind of a cyber campaign.
It's not sophisticated, it's not elegant.
NARRATOR: But it was effective, destroying the data on 30,000 computers.
Then followed a coordinated attack against American targets.
CLARKE: One by one, American banks-- Citibank, Bank of America, J.
P.
Morgan, SunTrust, Wells Fargo-- all had their web-facing customer interface pages knocked offline.
In other words, if you were a Citibank customer and you went online to do some banking, you couldn't get through.
NARRATOR: Attack and counterattack.
But that's not the end of the story.
In fact, it may be just the beginning.
ZETTER: Stuxnet was the blueprint that provided proof of concept that such attack is possible.
It's opened the door onto a new era of warfare and I don't think we fully understand now what the repercussions of it will be.
HAYDEN: This is an incredibly important event in our history.
Theoretically, this smells like August of 1945.
(explosion) Somebody has used an entirely new class of weapon to affect destruction.
(loud explosion) NARRATOR: The U.
S.
and Soviet Union took decades to reach agreements to limit the buildup of their nuclear arsenals.
But with cyber weapons, we may not have the luxury of time.
The capability is spreading and the number of targets exploding.
Stuxnet exposed the vulnerability of one kind of embedded computer in industrial PLCs.
But now there are embedded computers all around us-- from power stations to pacemakers.
Yoshi Kohno is a security researcher who has an uncanny ability to find frightening vulnerabilities in everyday technology-- like cars.
KOHNO: Modern automobiles have ten sometimes up to 100 different computers inside them.
Essentially, what we wanted to know, what might an unauthorized party be able to do with an automobile straight off the lot? NARRATOR: Recently, he and his graduate students demonstrated how a hacker could seize control of a car.
The model they chose had a built-in emergency communication system that works like a cell phone.
They used that system to call the car and remotely force malware into its embedded computers, giving them control over electrical and mechanical systems like door locks, and lights.
Even the brakes.
KOHNO: Okay, Alexei, we've unlocked the brake controller and just to verify, you have your helmet on and all your safety precautions in place, right? That's right, helmet on, gloves on, strapped in and ready to go.
Great, okay, go ahead and go, and we will apply your brakes when you get to the checkered flag area.
NARRATOR: By sending malicious code to the car, they will try to lock up the brakes.
And we'll be applying your brakes shortly.
Right about now.
(tires screeching) Oh, ooh, yeah, that worked! Ooh, is he going to go to the wall? (laughing): Are you okay, Alexei? NARRATOR: In some cars, the steering, air bags and accelerator are also hackable.
And as more cars become connected to the internet, the opportunities for attack will increase.
So far, many car-makers have not made defense against cyber weapons a top priority.
(screeches) And the same may be true for countless other companies, all racing to connect their products to what's being called "the internet of everything.
" WOMAN: Tailio turns any litter box into a smart monitoring system.
We have computers in medical devices.
We have computers in automobiles.
We have computers in airplanes and we actually have computers in our homes.
Home automation systems are becoming increasingly popular.
NARRATOR: These are systems that wirelessly link common appliances like light switches, furnaces and door alarms to the internet for remote control.
But Yoshi wonders if the rush towards convenience is stampeding over security.
KOHNO: You know, there's a lot of drive towards pushing functionality, coming out with new technologies that do, you know, amazing new and greater things.
But not enough people are stepping back and asking how might I also abuse it? And together with some students that I work with at the University of Washington, we wanted to figure out how secure are these home automation systems actually.
NARRATOR: They decide to set up in a Seattle coffee shop.
WOMAN: Got a 16-ounce latte.
NARRATOR: The kind of place where people like to hang out because it offers free Wi-Fi.
Alex Takakuwa has an automation system at home and plays the innocent victim.
Meanwhile, playing the part of the attackers, are students Tope Oluwafemi and Tariq Yusuf.
This is an ideal public spot to demonstrate how an attacker could gain control of a complete stranger's home.
They've set up a wireless hotspot that masquerades as the coffee shop's own Wi-Fi.
It's a notorious hacking ploy and aptly named.
It's called an evil twin network.
A really evil twin.
NARRATOR: The victim connects to the evil twin and what's called a man-in-the-middle attack begins.
The attackers can now spy on everything flowing to and from the victim's laptop.
They observe that Alex is connecting to a home automation system.
They're able to see his private login information.
We're able to get credentials to access his home automation system without him knowing.
The next phase gives the location of the house.
They insert malicious code into the home automation system.
That code tricks it into reporting the victim's GPS coordinates back to the attackers every time the victim logs in on his laptop.
It takes a few days, but eventually they're able to deduce where the victim lives.
We're able to get his house coordinates, his GPS coordinates, and paid him a nice little visit.
NARRATOR: Even in a simple demonstration like this, bad things can happen.
With a few key strokes from their car, they unlock the doors and stroll right in.
In today's world, embedded devices tend to be stripped-down computers that are meant to do some set of specific tasks-- automating things like locks and lights.
Oftentimes, that means they stripped down the security as well.
NARRATOR: In the "internet of everything," every new device connected to the Web brings both promise and peril.
ROTHKOPF: Imagine a world with 50 billion microprocessors attached to the internet in just five years.
That's 50 billion vulnerabilities, 50 billion points of entry, 50 billion points of attack.
NARRATOR: The trick is to find the right balance between convenience and security.
You can have a solid concrete structure, and there's no way to get in, no way to get out.
That's secure, not necessarily useful because no one can access it.
As you add doors, as you add windows, as you add ventilation, they become multiple points of entry and multiple points to monitor and figure out what's going on.
NARRATOR: Windows and doors are easy to lock.
Not so for devices with embedded computers.
KOHNO: So let's say that you have a children's toy and you suddenly start to add some computer capabilities to it or a light switch and you start adding computer capabilities to that.
And it's the introduction of computation and the ability for someone-- if they have the ability to connect to those computers-- to force those computers to misbehave.
That's kind of the first step in creating a potential for an attack scenario.
NARRATOR: Cyber attack scenarios against critical infrastructure have been a concern for the Department of Homeland Security at least since 2007, when the agency commissioned an experiment called Aurora.
The question experts wanted to answer was a simple one: could a purely digital cyber attack disrupt or disable a large generator connected to the power grid? PERRY PEDERSON: I was the director of the control system security program at the Department of Homeland Security.
And during that time, I ran the project that many people are familiar with called Aurora.
NARRATOR: A team of electrical engineers brought a 27-ton, heavy-duty diesel generator to a specially built testing facility at the Idaho National Lab.
After connecting the generator to the power grid, they challenged a team of computer security experts to use computer code to knock the generator offline.
The test was monitored via closed circuit TV.
PEDERSON: In the video, you'll see it running, humming along normally.
And then you see the first hit.
The first jump.
You see the generator shudder.
NARRATOR: The jump occurred almost immediately after the attackers sent the first packet of malicious computer code.
We wanted to hit it and then wait and collect data and see what was happening and then hit it again, collect some data and kind of watch the progression of the damage to the generator.
NARRATOR: After the second attack, the generator lurched again, belched ominous smoke and ground to a halt.
Not only was it knocked off the grid, it was rendered completely inoperable.
JOE WEISS: What they found when they opened the generator was just failures with almost all parts of the generator, both mechanical and electrical.
So what you're really talking about is essentially what you would do with pieces of dynamite.
PEDERSON: So this was a tough machine.
This was heavy duty.
And it was designed to run in severe conditions.
If you were actually doing that attack, there's no reason to pause and wait in between.
You simply put your software on a loop, and you just keep hitting it until it breaks.
NARRATOR: An attack like this could take less than a minute.
But leave consequences that would last for months.
WEISS: If you damage or destroy these, you can't just go down to your neighborhood hardware store and buy another.
It could take you maybe six to nine months to get another one of these.
NARRATOR: And according to a government study, a coordinated attack on fewer than a dozen power stations could cause a massive outage-- far more devastating even than the historic blackout that hit the Northeast in 2003.
WOMAN: The brightness of car headlights the only visible sight on 42nd Street tonight as thousands wait under a cloud of total darkness.
ZETTER: All you would need to do is take out about nine substations in an attack that could result in a blackout for the majority of the U.
S.
that could last weeks or months depending on how the attack was designed.
NARRATOR: And it's not only the power grid that's at risk.
In 2014, seven years after Aurora, DHS inexplicably released an 800-page report on the Idaho demonstration.
Inside were three alarming maps, perhaps included by mistake.
These were never supposed to be declassified.
NARRATOR: The maps identify targets like refineries and gas and water lines that could be destroyed by rapidly disconnecting and reconnecting them to the power grid.
WEISS: This is using the electric grid as a means of attacking the industries connected to the electric grid.
You now have essentially a hit list of critical infrastructure.
NARRATOR: Surprisingly, our most critical facilities like this electric power plant must fend for themselves when it comes to defending against cyber attack.
Less than a third of electricity generating facilities are big enough to be required to abide by the strictest cyber security rules.
Yet the threat from cyber is so worrisome that few power company executives are willing to discuss the problem on the record for fear of being targeted by hackers.
MAN: I don't know how real or how probable a cyber attack is.
But I do know that protecting against it is prudent.
Just because I don't know how likely something is I don't know how likely an earthquake is.
I don't know how likely a tornado is.
I want to make it as hard as possible for someone to attack our generators and disrupt our society.
NARRATOR: There is a fix available to defend against an Aurora-style attack.
The cost for new equipment is relatively low, but not many utilities have installed it.
Security remains alarmingly lax at many power stations.
MAN: I was at a conference and one of the engineers showed me how he had his iPhone set up so he could control multiple power plants at the same time.
I went to look at it and he said, "Be really careful.
If you push that button, they'll all trip off.
" I was speechless.
I asked him, "What do we do about security?" And he says, "I make sure no one gets this.
" NARRATOR: Until recently, controls at power stations were mechanical switches and immune to cyber attack.
But now the drive to put everything online has created a hole in our defenses that no one seems able to plug.
CLARKE: I think the public believes that the U.
S.
government-- Cyber Command, NSA, FBI, Homeland Security-- have the capability to defend the electric power grid, pipelines, trains, banks that could be attacked by other nations through cyber.
The truth is the government doesn't have the capability, doesn't have the legal authority, and doesn't have a plan to do it.
HAYDEN: And it's not a question yet of resources.
It's a question of policy.
What do you want these guys to do? What is it will you tolerate them doing to defend you on a network in which your emails and mine are skidding about freely? NARRATOR: Policymakers have not given the NSA and Cyber Command the mission of securing the internet, which may be fine with them.
Because these agencies are deploying ambitious offensive programs that exploit common security weaknesses.
NSA documents contain references to programs with fanciful codenames Like "TREASUREMAP" an attempt to identify and track every device connected to the Web-- anywhere, all the time.
And "QUANTUMTHEORY," a suite of programs that aims to insert malware implants into computers and networks around the world.
And Quantum you can think of as almost this sort of industrial-scale spread of computer viruses.
It's a system that the NSA developed that allows it to, in a very quick and efficient manner, implant viruses, what are known as malware or malicious software on computers around the world.
Think of it sort of as a big launching platform for cyber weapons.
NARRATOR: The ultimate goal is to establish hundreds of thousands of stealthy access points globally to spy or to deal a devastating cyber counterstrike.
But the emphasis on offense comes at a price.
To ensure they'll always have a back door into their target's systems, the NSA and Cyber Command keep the computer vulnerabilities they exploit secret.
But that leaves the same back doors open everywhere-- even here at home undefended against attack.
Which raises a question-- what's more important: a good offense or a good defense? SNOWDEN: Defending ourselves from internet-originated attacks is much, much more important than our ability to launch attacks because when it comes to the internet, when it comes to our technical economy, we have more to lose than any other nation on earth.
So we shouldn't be making the internet a more hostile, a more aggressive territory.
We should be making it a more trusted environment, making it a more secure environment.
NARRATOR: The U.
S.
economy depends on the internet.
Failures to defend it are already costing us dearly.
Every day foreign hackers make thousands of digital forays against targets inside the US.
Some of these are like spying on steroids and can do real military damage-- something kept hidden from the public.
A secret document in the Snowden archive reveals that the Chinese have stolen "many terabytes of data" related to the design of one of America's most advanced fighter planes-- the Joint Strike Fighter.
HARRIS: And when they investigated this, they found that hackers were stealing this information not from military networks, but from the companies that are building these systems for the military.
The extent of damage was pretty significant.
NARRATOR: And it's not only defense contractors.
There's a new kind of attack-- a nation-state going after a purely civilian business-- using cyber as a weapon of intimidation and blackmail.
In late 2014, Sony Pictures releases a trailer for a political comedy called The Interview.
JAMES FRANCO: Three weeks from tonight I will be traveling to Pyongyang, North Korea! Hello, North Korea! NARRATOR: The absurd premise involves an assassination plot against Kim Jung Un, leader of North Korea.
You want us to kill the leader of North Korea?" Yes.
What? NARRATOR: Shortly before the movie's release-- a cyber attack.
The FBI is investigating that destructive cyber attack at Sony Pictures.
NARRATOR: Hackers calling themselves the "Guardians of Peace" reveal that they have broken into Sony's corporate computer network and seem to threaten a 9/11 type attack on theatergoers if Sony releases the film.
Within weeks, the FBI claimed to have top-secret intelligence that pointed to North Korea as the culprit.
JAMES COMEY: There is not much in life that I have high confidence about.
I have very high confidence about this attribution.
As does the entire intelligence community.
They caused a lot of damage.
And we will respond.
We will respond proportionally, and we'll respond in a place and time and manner that we choose.
HARRIS: The hard part for the White House was not attributing the Sony attack to North Korea.
The hard thing was what do you do about it? Because if the president of the United States is going to come out and publicly point the finger at a country for being behind a cyber attack, there are going to have to be consequences.
NARRATOR: But calibrating that response is difficult.
ROTHKOPF: The White House has suggested that one centerpiece of their response to cyber attacks would be what they called naming and shaming.
Well, you know, naming and shaming may work in a kindergarten class when somebody steals cookies that were intended for another child, but it's not going to work with Vladimir Putin, the supreme leader in Iran, or the Chinese.
NARRATOR: Cyber war has plunged the world into chaotic, uncharted territory.
Today, a single spy can stealthily steal secrets in volumes larger than all the books in the library of Congress.
And nation states are playing a dangerous game using cyber weapons that could trigger a wider war.
ZETTER: There have been officials in the past that have said, you know, "If you take down our power grid, you can expect a missile down your smokestacks.
" I think it's highly likely that any war that began as a cyber war would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.
NARRATOR: The number of nations armed with cyber weapons is in the dozens, not to mention terrorists and criminal hackers.
And unless we find a way to counter these threats, there is a very real danger that we will turn one of our greatest inventions-- the internet-- into a dangerous battlefield.
On NOVA's website, find in-depth interviews with Edward Snowden and other experts.
Check out some of the NSA's astonishing cyber spying gadgets.
Or try our cyber security game and learn how to keep your digital life safe, spot cyber security scams, and defend against cyber attacks.
Also, watch original video shorts, explore in-depth reporting, and dive into interactives.
Find us at pbs.
org/nova.
Follow us on Facebook and Twitter.
They come from below.
This NOVA program is available on DVD.
To order, visit shopPBS.
org, or call 1-800-play-PBS.
NOVA is also available for download on iTunes.
NARRATOR: Using only a computer, a terrorist or a nation can attack critical infrastructure like the power grid.
KIM ZETTER: That could result in a blackout for the majority of the U.
S.
that could last weeks or months.
NARRATOR: The enemies are anonymous.
Their reach is global.
As internet connections multiply so does the threat.
DAVID ROTHKOPF: Imagine a world with 50 billion microprocessors attached to the Internet.
That's 50 billion points of attack.
NARRATOR: The targets are everywhere.
YOSHI KOHNO: Computers are permeating our environments.
There are potential security risks anywhere there is one of these computing devices.
And we'll be applying your brakes shortly.
NARRATOR: Even in your car.
KOHNO: Right about now.
(car screeches) Yeah, that worked.
NARRATOR: Cyber weapons have already been unleashed.
ERIC CHIEN: It was the first real cyber sabotage that affected the real world.
MICHAEL HAYDEN: Somebody has used an entirely new class of weapon to affect destruction.
NARRATOR: Is it too late to put the genie back in the bottle? When we put the little evil virus in the big pool, it tends to escape and go Jurassic Park on us.
NARRATOR: Can we survive the "Cyber War Threat"? Right now, on NOVA.
Major funding for NOVA is provided by the following Shouldn't what makes each of us unique Supporting NOVA and promoting public understanding of science.
And the Corporation for Public Broadcasting.
And by PBS viewers like you.
Thank you.
Millicent Bell, through the Millicent and Eugene Bell Foundation.
And the George D.
Smith Fund.
Additional funding from the Montgomery Family Foundation.
NARRATOR: The Sayano-Shushenskaya dam in remote Siberia-- the ninth largest hydroelectric plant on earth and the scene of a catastrophic event that may foreshadow the future of war.
On August 17, 2009, all seems normal in the power plant at the base of the dam.
30 million tons of water pressure spin massive turbines generating more than 6,000 megawatts of electric power.
Suddenly, without warning, something goes terribly wrong.
(loud bang) A plume of water.
(loud bang) Followed by a wave of destruction.
(screaming) In the end, 75 people perish.
In the aftermath, a hellish vision.
One of the 1,500-ton turbines had burst through the floor, rocketing 50 feet into the air (loud bang) Punching a hole in the base of the dam.
Investigators eventually identify poor maintenance and worn anchor bolts as the cause.
But at first, this scenario-- a machine self-destructing with lethal consequences-- led some to wonder if this might be a new kind of sabotage, one that targets the computers in our most critical machines, sending them out of control in a cyber-era attack.
We're living in an era now where we have to wonder whether people can cause damage with computer code that before they could only cause with a bomb.
NARRATOR: Computer code that could even be delivered anonymously over the internet.
We think of the Web as an indispensable tool that delivers the world to our doorstep.
But it's also a wide-open conduit for attack.
We've learned to live with cyber crime-- identity theft, credit card fraud, hacking, and stealing personal information.
But now there's a threat that's much more frightening and destructive.
CLARKE: You can get into a network which has control of some physical thing.
Think about a pipeline, for example.
You get into that network which controls the pipeline, and you can cause the pipeline to explode (explosion) just as though it were attacked by a kinetic weapon.
(explosion) NARRATOR: And traditional kinetic, physical weapons may be impotent against a cyber attack.
Because digital weapons can be anonymous and instantaneous-- no reports of troop movements to signal a threat or air raid sirens to give warning.
Just a sudden, out-of-the-blue digital takedown of dams, power plants, factories, air traffic control, the financial system, and more.
Instead of bullets and bombs, you use bits and bytes.
NARRATOR: We are in a digital arms race against nations, hackers, and terrorists.
Cyber is the poor man's atom bomb.
(explosion) NARRATOR: Welcome to the frightening new world of cyber war.
In the United States, the command center for cyber operations is here, at the ultra-secret National Security Agency in Fort Meade, Maryland.
Some joke NSA should stand for "No Such Agency.
" For most of its history, the NSA was so shrouded in secrecy, most Americans didn't even know it existed.
But that all changed in 2013 when whistleblower Edward Snowden walked out the door with a huge cache of top-secret documents.
I've been following NSA for 30 years or so and every now and then there's a little leak here, a little leak there, but nothing like this.
This is extraordinary.
Hundreds of thousands of documents released all at once.
NARRATOR: Some of them famously revealed the existence of programs that empower the NSA programs to spy on Americans citizens by collecting emails, phone calls, and other personal data.
What we've seen over the last decade is we've seen a departure from sort of the traditional work of the National Security Agency.
They've become the National Hacking Agency.
NARRATOR: Other documents reveal that the agency is moving into new territory, developing offensive weapons to penetrate global networks in preparation for launching cyber attacks.
That's a far cry from the original mission intended by President Truman in 1952.
In those days, the NSA was all ears.
Its listening posts eavesdropped on foreign radio, and satellite transmissions and tapped underwater telephone cables.
HAYDEN: Traditional signals intelligence was fairly passive.
It was an antenna or an alligator clip, and you had to wait for somebody to send a message, and you hope you're fortunate enough to be in the right place at the right time.
NARRATOR: But then the digital revolution and the internet gave the NSA new powers and a way to hack into distant computer networks.
HAYDEN: In the cyber domain, you didn't have to wait for them to send a message.
You could commute to their target.
You could commute to where the information was stored and extract it from that network, even if they never intended to transmit it.
NARRATOR: Today, the agency appears to have transformed from a passive listener into an active spy.
Able to infiltrate, steal, and, when necessary, attack in cyberspace.
General Michael Hayden helped shape that transformation beginning in 1999 when he became director.
I get to Fort Meade about the turn of the millennium, we're focused on cyber.
Cyber is espionage, but also the potential of cyber as a weapon, computer network attack.
NARRATOR: Then came 9/11, and President George W.
Bush ordered the NSA to begin planning in earnest for offensive cyber war.
Eventually, to meet that need, the military created a new strategic unit, a partner to the NSA called Cyber Command.
Its mission: to go beyond espionage using computers as weapons.
Site M is the cover name for its massive new headquarters.
It will eventually cover more than a million square feet, enough to add to NSA's headquarters complex some 14 new buildings and thousands of additional staff.
Plus a $1.
5 billion data center in Utah.
By 2010, Cyber Command was ready for action.
About the same time that the world got a glimpse of the first true cyber weapon, a surprisingly destructive computer worm, a self-replicating program that came to be called Stuxnet.
Stuxnet is what we consider the first confirmed digital weapon and the first act of cyber warfare.
NARRATOR: Stuxnet first showed up infecting desktop computers and laptops in Iran and the Near East, but it soon spread further, using the internet to copy itself from system to system.
Eventually it ended up in the crosshairs of Symantec, maker of anti-virus security software.
There it grabbed the attention of security experts Liam O'Murchu and Eric Chien.
Right away they saw that Stuxnet was more complicated than any other malicious software, so-called malware.
CHIEN: We had never seen a threat that was so large and so dense.
I mean this threat was maybe 20 times the normal size of any threat that we had seen before.
Normally, we can analyze malware in a very short period of time, from five minutes maybe up to a week.
But with Stuxnet, we spent six months.
NARRATOR: With computer users around the world sending millions of suspicious pieces of malware to Symantec's server farm, Eric and Liam get to examine a huge variety.
But nearly all of them have one thing in common: they're all programs that try to worm themselves into an unwitting computer and hide.
Most people don't realize that when they use their computer for browsing the web or checking their email there is a lot more going on in the background, lots of hidden programs.
For the most part, they're never seen.
NARRATOR: Bringing up a list of these programs reveals unfamiliar names.
They come and go as needed and there can be dozens running at any given time.
Some carry out simple tasks deep in the computer's operating system, hidden from view.
Others are complex and obvious, the applications we see running on our screens.
They all co-exist, sharing the computer's memory and constantly communicating with each other like a digital ecosystem.
Hackers or attackers take advantage of all of these hidden programs on your computer by hiding their malicious software, otherwise known as malware, in and amongst them so that you don't even notice.
NARRATOR: The first challenge for an attacker is to get the malware installed on the victim's computer.
A common ploy is to trick users into doing it themselves.
One way hackers are able to do this is by simply sending you an email with a legitimate document inside.
NARRATOR: Even though the document doesn't look suspicious, it actually contains malicious computer code.
Liam plays the part of the victim.
So, first thing in the morning, I'm going to log into my email and check if I have anything new.
So I have received an email about open enrollment for my benefits, and even though I don't know who the sender is I'm going to open this up.
NARRATOR: Downloading and opening the booby-trapped document generates an error message.
(dings) But what the victim doesn't realize is that clicking on it also invisibly installs malware onto the computer.
CHIEN: Once my victim opens up that document, that secret computer code inside has started to run on his computer without him even knowing it and it's connected back to my computer to a program that I'm running called Nuclear RAT.
NARRATOR: Stealthy programs like this allow for a shocking behind-the-lines invasion where the attacker can spy or disrupt at will.
CHIEN: I can even take screenshots of his computer and watch all of his keystrokes via something called a key logger.
He's logging in to his email right now and I can actually get his username and his password.
Not only that, but we can also get video by turning on the webcam and I can actually see what my victim looks like, all without him knowing.
NARRATOR: Nuclear RAT takes advantage of a well-known weakness in computers with the Windows operating system.
And security experts have devised defenses against it.
But when Liam and Eric looked at Stuxnet, they saw that the program was taking advantage of a weakness that no one had ever seen before.
It's what hackers refer to as a zero-day exploit.
ZETTER: A zero-day exploit is malicious code that is used against a vulnerability that is at the time unknown to the vendor and unknown to antivirus companies.
Because it's unknown, the vendor can't patch it and antivirus companies don't have signatures to detect it.
NARRATOR: In other words, it's a flaw that has been detected and fixed for "zero days," meaning not at all.
Stuxnet used a zero-day to take advantage of a vulnerability related to USB thumb drives, also called memory sticks.
Plugging in a Stuxnet-infected thumb drive causes the program to copy itself onto the target computer without the user's knowledge.
Zero-days are extremely hard to find and can command huge sums on illicit markets.
Your average threat doesn't use any zero-days at all.
NARRATOR: But Stuxnet represented a major investment by someone.
ZETTER: At the time that Stuxnet was launched, zero-days weren't used that often in attacks.
Stuxnet used five zero-days, and that was really remarkable.
NARRATOR: And still Stuxnet had an even bigger surprise in store: its purpose.
CHIEN: What's its payload? What's its motivation? What's it actually going to do when it's on your system? And it wasn't until November of 2010 we really uncovered its primary motivation.
NARRATOR: The first clue came from a close examination of Stuxnet's computer code-- all 15,000 lines of it.
O'MURCHU: When we looked inside the code, we saw the name of a German industrial control equipment manufacturer.
We saw Siemens in there.
NARRATOR: Siemens makes factory automation equipment.
Also in the code was a reference to a specific model number of one of its products, a mysterious device called a PLC.
CHIEN: I didn't even know what a PLC was.
I had to Google for what is a PLC.
That even baseline knowledge, we just did not have.
NARRATOR: What they learned is that a PLC is a programmable logic controller-- some kind of computer used in industry.
CHIEN: We basically ordered one off an auction site.
And I was expecting something the size of a mini refrigerator to show up, something you might see in a university dorm room.
But instead, what showed up was one of these: a tiny, tiny box that basically has a mini computer inside that controls things like the power grid, pipelines, factories that are building cars.
So PLCs are kind of the unsung component that makes the world go round.
They are used to make elevators go up and down.
They are used in chemical plants, they control the recipe that gets put into drugs and chemicals.
They control water distribution plants.
They're used in the electrical grid to control equipment.
They're used surprisingly in NASDAQ, in the trading systems.
They're used in traffic lights.
They're used to control trains.
So you can see that these components are really crucial and these systems were never created with security in mind.
NARRATOR: So what was Stuxnet ultimately after? The answer was discovered in Hamburg, Germany, by a security expert.
I had let's just say, 20 or 30 "holy cow" moments.
What really blew my mind was to see from day one how sophisticated the thing was.
NARRATOR: When he examined the code, Ralph Langner saw that Stuxnet was not designed to tamper with Siemens PLCs wherever it found them.
It was hunting for specialized equipment in a specific configuration, likely targeting a single factory.
I was like, "Holy cow, this is a targeted attack?" And certainly we started to wonder, "Wow, somebody's writing the most sophisticated worm "that we have ever seen only to hit one target? That must be quite a significant target.
" NARRATOR: But where? Stuxnet had come to the attention of the world when a security expert found it infecting a client's malfunctioning computer located in Iran.
He then shared it with other experts.
For Langner, the apparent epicenter of that original outbreak proved a vital clue.
LANGER: In Iran, you don't have an awful lot of significant industrial facilities.
Then the number of potential targets that could be worth such an effort shrinks down to just a few.
And certainly the one potential target that popped up was the Iranian nuclear program.
NARRATOR: Langner turned his attention to two known nuclear facilities in Iran: a power plant at Bushehr, and an enrichment plant at Natanz.
Natanz is an underground, fortified facility, housing cylindrical centrifuges used to isolate a rare form of uranium, a precursor to fueling a power plant or making a nuclear weapon.
The machines spin at very high speed with little room for error, and their motors and safety systems are under the control of PLCs.
Examining photos from Natanz made public by Iran's press office, and comparing the equipment in them to the computer worm's code helped confirm the identity of the target.
LANGNER: At the end of 2010, we were able to show 100% proof that we had a complete match from the attack codes with the configuration of the enrichment cascades in Natanz.
NARRATOR: This was conclusive proof that a computer virus has been unleashed against a military target.
A true digital weapon.
Langner circulated his discovery among other security experts, who were stunned.
CHIEN: We weren't just protecting 16-digit credit card numbers, but potentially stumbling into something that had geopolitical implications.
NARRATOR: But they still didn't understand how the weapon worked.
So Eric and Liam set out to hack their own PLC.
So here, I have a PLC, a programmable logic controller.
This model is a Siemens S300, and that's the exact same model that was targeted by Stuxnet.
Inside the PLC, there's a small computer, and it's used for controlling equipment in the real world like conveyor belts, motors, and, in this case, I have an air pump.
NARRATOR: Turning the knob starts a program that turns on the pump, waits three seconds and then turns it off.
What Stuxnet did was it targeted this PLC.
And even though you'd download a program that says "operate an air pump for three seconds," in the background, Stuxnet changes that code.
It intercepts your request and it puts malicious code onto the PLC instead.
NARRATOR: Liam has infected the laptop with a Stuxnet-like virus.
So now when he loads his program onto the PLC the virus steps in.
(machine whirring) And something goes very wrong.
(popping) In this case, we popped a balloon, but imagine if that was a gas pipeline or a power plant.
That's what's at stake in cyber attacks like this.
NARRATOR: Finally they understood enough to reconstruct the attack.
The Natanz plant was not connected to the internet-- a security measure.
That explained why Stuxnet was designed to copy itself via thumb drives, which could be plugged into a computer on the internal network by a spy or an unwitting plant worker.
Once on the plant's internal network of computers, Stuxnet would search for PLCs in control of centrifuges.
When it found a target, it would lie in wait for weeks.
But then Stuxnet would begin tampering with the centrifuges, causing them to gradually speed up and slow down, operating out of safe limits until they broke.
It's not clear how long Stuxnet was active.
But according to international nuclear regulatory authorities, 1,000 centrifuges mysteriously failed over five months.
There's no evidence the Iranians even knew that they were under attack.
But eventually the worm escaped, spread using the internet, and was spotted and decoded by security experts.
Suddenly the stakes in cyber security had gone way up.
O'MURCHU: I'm looking at a piece of code that could blow something up in Iran.
It was very, very scary to realize that that's the destruction that's possible now with this type of software.
It was the first real cyber sabotage threat that we've ever seen that affected the real world.
NARRATOR: But unlike a traditional weapon-- a missile or a bomb-- (explosion) it's almost impossible to know for sure who launched it.
But its complexity was a big clue.
CHIEN: It was immediately obvious to us when we began looking at this code that this was not two kids in the basement in Kansas somewhere who had written this particular threat.
This was multiple teams with different expertise who had come together to create this one weapon.
It was very clear to us that this was at the level of a nation state.
HAYDEN: Someone-- probably a nation-state, because it's too hard to do from a garage or a basement-- just used a weapon comprised of ones and zeros during a time of peace to destroy what another nation could only describe as critical infrastructure.
LANGER: Who would have the motivation to do something against the Iranian nuclear program? Obviously not Venezuela.
I also say for somebody of my background-- director of CIA-- crashing 1,000 centrifuges at Natanz, almost an absolute good.
LANGNER: If you think about who would have the capabilities to launch such an attack of that sophistication, completely unprecedented, you would certainly think about the United States in the first place.
HAYDEN: I say with great sincerity that it would be irresponsible for someone of my background to even speculate who may have done this.
NARRATOR: In June 2012, the New York Times reported that Stuxnet was created jointly by the NSA and Israeli intelligence.
Then, in apparent retaliation, the Saudi oil company Aramco was hit with a computer virus in August 2012.
They sent what's called a wiper virus, which is actually sort of a Fisher-Price, baby's first hack kind of a cyber campaign.
It's not sophisticated, it's not elegant.
NARRATOR: But it was effective, destroying the data on 30,000 computers.
Then followed a coordinated attack against American targets.
CLARKE: One by one, American banks-- Citibank, Bank of America, J.
P.
Morgan, SunTrust, Wells Fargo-- all had their web-facing customer interface pages knocked offline.
In other words, if you were a Citibank customer and you went online to do some banking, you couldn't get through.
NARRATOR: Attack and counterattack.
But that's not the end of the story.
In fact, it may be just the beginning.
ZETTER: Stuxnet was the blueprint that provided proof of concept that such attack is possible.
It's opened the door onto a new era of warfare and I don't think we fully understand now what the repercussions of it will be.
HAYDEN: This is an incredibly important event in our history.
Theoretically, this smells like August of 1945.
(explosion) Somebody has used an entirely new class of weapon to affect destruction.
(loud explosion) NARRATOR: The U.
S.
and Soviet Union took decades to reach agreements to limit the buildup of their nuclear arsenals.
But with cyber weapons, we may not have the luxury of time.
The capability is spreading and the number of targets exploding.
Stuxnet exposed the vulnerability of one kind of embedded computer in industrial PLCs.
But now there are embedded computers all around us-- from power stations to pacemakers.
Yoshi Kohno is a security researcher who has an uncanny ability to find frightening vulnerabilities in everyday technology-- like cars.
KOHNO: Modern automobiles have ten sometimes up to 100 different computers inside them.
Essentially, what we wanted to know, what might an unauthorized party be able to do with an automobile straight off the lot? NARRATOR: Recently, he and his graduate students demonstrated how a hacker could seize control of a car.
The model they chose had a built-in emergency communication system that works like a cell phone.
They used that system to call the car and remotely force malware into its embedded computers, giving them control over electrical and mechanical systems like door locks, and lights.
Even the brakes.
KOHNO: Okay, Alexei, we've unlocked the brake controller and just to verify, you have your helmet on and all your safety precautions in place, right? That's right, helmet on, gloves on, strapped in and ready to go.
Great, okay, go ahead and go, and we will apply your brakes when you get to the checkered flag area.
NARRATOR: By sending malicious code to the car, they will try to lock up the brakes.
And we'll be applying your brakes shortly.
Right about now.
(tires screeching) Oh, ooh, yeah, that worked! Ooh, is he going to go to the wall? (laughing): Are you okay, Alexei? NARRATOR: In some cars, the steering, air bags and accelerator are also hackable.
And as more cars become connected to the internet, the opportunities for attack will increase.
So far, many car-makers have not made defense against cyber weapons a top priority.
(screeches) And the same may be true for countless other companies, all racing to connect their products to what's being called "the internet of everything.
" WOMAN: Tailio turns any litter box into a smart monitoring system.
We have computers in medical devices.
We have computers in automobiles.
We have computers in airplanes and we actually have computers in our homes.
Home automation systems are becoming increasingly popular.
NARRATOR: These are systems that wirelessly link common appliances like light switches, furnaces and door alarms to the internet for remote control.
But Yoshi wonders if the rush towards convenience is stampeding over security.
KOHNO: You know, there's a lot of drive towards pushing functionality, coming out with new technologies that do, you know, amazing new and greater things.
But not enough people are stepping back and asking how might I also abuse it? And together with some students that I work with at the University of Washington, we wanted to figure out how secure are these home automation systems actually.
NARRATOR: They decide to set up in a Seattle coffee shop.
WOMAN: Got a 16-ounce latte.
NARRATOR: The kind of place where people like to hang out because it offers free Wi-Fi.
Alex Takakuwa has an automation system at home and plays the innocent victim.
Meanwhile, playing the part of the attackers, are students Tope Oluwafemi and Tariq Yusuf.
This is an ideal public spot to demonstrate how an attacker could gain control of a complete stranger's home.
They've set up a wireless hotspot that masquerades as the coffee shop's own Wi-Fi.
It's a notorious hacking ploy and aptly named.
It's called an evil twin network.
A really evil twin.
NARRATOR: The victim connects to the evil twin and what's called a man-in-the-middle attack begins.
The attackers can now spy on everything flowing to and from the victim's laptop.
They observe that Alex is connecting to a home automation system.
They're able to see his private login information.
We're able to get credentials to access his home automation system without him knowing.
The next phase gives the location of the house.
They insert malicious code into the home automation system.
That code tricks it into reporting the victim's GPS coordinates back to the attackers every time the victim logs in on his laptop.
It takes a few days, but eventually they're able to deduce where the victim lives.
We're able to get his house coordinates, his GPS coordinates, and paid him a nice little visit.
NARRATOR: Even in a simple demonstration like this, bad things can happen.
With a few key strokes from their car, they unlock the doors and stroll right in.
In today's world, embedded devices tend to be stripped-down computers that are meant to do some set of specific tasks-- automating things like locks and lights.
Oftentimes, that means they stripped down the security as well.
NARRATOR: In the "internet of everything," every new device connected to the Web brings both promise and peril.
ROTHKOPF: Imagine a world with 50 billion microprocessors attached to the internet in just five years.
That's 50 billion vulnerabilities, 50 billion points of entry, 50 billion points of attack.
NARRATOR: The trick is to find the right balance between convenience and security.
You can have a solid concrete structure, and there's no way to get in, no way to get out.
That's secure, not necessarily useful because no one can access it.
As you add doors, as you add windows, as you add ventilation, they become multiple points of entry and multiple points to monitor and figure out what's going on.
NARRATOR: Windows and doors are easy to lock.
Not so for devices with embedded computers.
KOHNO: So let's say that you have a children's toy and you suddenly start to add some computer capabilities to it or a light switch and you start adding computer capabilities to that.
And it's the introduction of computation and the ability for someone-- if they have the ability to connect to those computers-- to force those computers to misbehave.
That's kind of the first step in creating a potential for an attack scenario.
NARRATOR: Cyber attack scenarios against critical infrastructure have been a concern for the Department of Homeland Security at least since 2007, when the agency commissioned an experiment called Aurora.
The question experts wanted to answer was a simple one: could a purely digital cyber attack disrupt or disable a large generator connected to the power grid? PERRY PEDERSON: I was the director of the control system security program at the Department of Homeland Security.
And during that time, I ran the project that many people are familiar with called Aurora.
NARRATOR: A team of electrical engineers brought a 27-ton, heavy-duty diesel generator to a specially built testing facility at the Idaho National Lab.
After connecting the generator to the power grid, they challenged a team of computer security experts to use computer code to knock the generator offline.
The test was monitored via closed circuit TV.
PEDERSON: In the video, you'll see it running, humming along normally.
And then you see the first hit.
The first jump.
You see the generator shudder.
NARRATOR: The jump occurred almost immediately after the attackers sent the first packet of malicious computer code.
We wanted to hit it and then wait and collect data and see what was happening and then hit it again, collect some data and kind of watch the progression of the damage to the generator.
NARRATOR: After the second attack, the generator lurched again, belched ominous smoke and ground to a halt.
Not only was it knocked off the grid, it was rendered completely inoperable.
JOE WEISS: What they found when they opened the generator was just failures with almost all parts of the generator, both mechanical and electrical.
So what you're really talking about is essentially what you would do with pieces of dynamite.
PEDERSON: So this was a tough machine.
This was heavy duty.
And it was designed to run in severe conditions.
If you were actually doing that attack, there's no reason to pause and wait in between.
You simply put your software on a loop, and you just keep hitting it until it breaks.
NARRATOR: An attack like this could take less than a minute.
But leave consequences that would last for months.
WEISS: If you damage or destroy these, you can't just go down to your neighborhood hardware store and buy another.
It could take you maybe six to nine months to get another one of these.
NARRATOR: And according to a government study, a coordinated attack on fewer than a dozen power stations could cause a massive outage-- far more devastating even than the historic blackout that hit the Northeast in 2003.
WOMAN: The brightness of car headlights the only visible sight on 42nd Street tonight as thousands wait under a cloud of total darkness.
ZETTER: All you would need to do is take out about nine substations in an attack that could result in a blackout for the majority of the U.
S.
that could last weeks or months depending on how the attack was designed.
NARRATOR: And it's not only the power grid that's at risk.
In 2014, seven years after Aurora, DHS inexplicably released an 800-page report on the Idaho demonstration.
Inside were three alarming maps, perhaps included by mistake.
These were never supposed to be declassified.
NARRATOR: The maps identify targets like refineries and gas and water lines that could be destroyed by rapidly disconnecting and reconnecting them to the power grid.
WEISS: This is using the electric grid as a means of attacking the industries connected to the electric grid.
You now have essentially a hit list of critical infrastructure.
NARRATOR: Surprisingly, our most critical facilities like this electric power plant must fend for themselves when it comes to defending against cyber attack.
Less than a third of electricity generating facilities are big enough to be required to abide by the strictest cyber security rules.
Yet the threat from cyber is so worrisome that few power company executives are willing to discuss the problem on the record for fear of being targeted by hackers.
MAN: I don't know how real or how probable a cyber attack is.
But I do know that protecting against it is prudent.
Just because I don't know how likely something is I don't know how likely an earthquake is.
I don't know how likely a tornado is.
I want to make it as hard as possible for someone to attack our generators and disrupt our society.
NARRATOR: There is a fix available to defend against an Aurora-style attack.
The cost for new equipment is relatively low, but not many utilities have installed it.
Security remains alarmingly lax at many power stations.
MAN: I was at a conference and one of the engineers showed me how he had his iPhone set up so he could control multiple power plants at the same time.
I went to look at it and he said, "Be really careful.
If you push that button, they'll all trip off.
" I was speechless.
I asked him, "What do we do about security?" And he says, "I make sure no one gets this.
" NARRATOR: Until recently, controls at power stations were mechanical switches and immune to cyber attack.
But now the drive to put everything online has created a hole in our defenses that no one seems able to plug.
CLARKE: I think the public believes that the U.
S.
government-- Cyber Command, NSA, FBI, Homeland Security-- have the capability to defend the electric power grid, pipelines, trains, banks that could be attacked by other nations through cyber.
The truth is the government doesn't have the capability, doesn't have the legal authority, and doesn't have a plan to do it.
HAYDEN: And it's not a question yet of resources.
It's a question of policy.
What do you want these guys to do? What is it will you tolerate them doing to defend you on a network in which your emails and mine are skidding about freely? NARRATOR: Policymakers have not given the NSA and Cyber Command the mission of securing the internet, which may be fine with them.
Because these agencies are deploying ambitious offensive programs that exploit common security weaknesses.
NSA documents contain references to programs with fanciful codenames Like "TREASUREMAP" an attempt to identify and track every device connected to the Web-- anywhere, all the time.
And "QUANTUMTHEORY," a suite of programs that aims to insert malware implants into computers and networks around the world.
And Quantum you can think of as almost this sort of industrial-scale spread of computer viruses.
It's a system that the NSA developed that allows it to, in a very quick and efficient manner, implant viruses, what are known as malware or malicious software on computers around the world.
Think of it sort of as a big launching platform for cyber weapons.
NARRATOR: The ultimate goal is to establish hundreds of thousands of stealthy access points globally to spy or to deal a devastating cyber counterstrike.
But the emphasis on offense comes at a price.
To ensure they'll always have a back door into their target's systems, the NSA and Cyber Command keep the computer vulnerabilities they exploit secret.
But that leaves the same back doors open everywhere-- even here at home undefended against attack.
Which raises a question-- what's more important: a good offense or a good defense? SNOWDEN: Defending ourselves from internet-originated attacks is much, much more important than our ability to launch attacks because when it comes to the internet, when it comes to our technical economy, we have more to lose than any other nation on earth.
So we shouldn't be making the internet a more hostile, a more aggressive territory.
We should be making it a more trusted environment, making it a more secure environment.
NARRATOR: The U.
S.
economy depends on the internet.
Failures to defend it are already costing us dearly.
Every day foreign hackers make thousands of digital forays against targets inside the US.
Some of these are like spying on steroids and can do real military damage-- something kept hidden from the public.
A secret document in the Snowden archive reveals that the Chinese have stolen "many terabytes of data" related to the design of one of America's most advanced fighter planes-- the Joint Strike Fighter.
HARRIS: And when they investigated this, they found that hackers were stealing this information not from military networks, but from the companies that are building these systems for the military.
The extent of damage was pretty significant.
NARRATOR: And it's not only defense contractors.
There's a new kind of attack-- a nation-state going after a purely civilian business-- using cyber as a weapon of intimidation and blackmail.
In late 2014, Sony Pictures releases a trailer for a political comedy called The Interview.
JAMES FRANCO: Three weeks from tonight I will be traveling to Pyongyang, North Korea! Hello, North Korea! NARRATOR: The absurd premise involves an assassination plot against Kim Jung Un, leader of North Korea.
You want us to kill the leader of North Korea?" Yes.
What? NARRATOR: Shortly before the movie's release-- a cyber attack.
The FBI is investigating that destructive cyber attack at Sony Pictures.
NARRATOR: Hackers calling themselves the "Guardians of Peace" reveal that they have broken into Sony's corporate computer network and seem to threaten a 9/11 type attack on theatergoers if Sony releases the film.
Within weeks, the FBI claimed to have top-secret intelligence that pointed to North Korea as the culprit.
JAMES COMEY: There is not much in life that I have high confidence about.
I have very high confidence about this attribution.
As does the entire intelligence community.
They caused a lot of damage.
And we will respond.
We will respond proportionally, and we'll respond in a place and time and manner that we choose.
HARRIS: The hard part for the White House was not attributing the Sony attack to North Korea.
The hard thing was what do you do about it? Because if the president of the United States is going to come out and publicly point the finger at a country for being behind a cyber attack, there are going to have to be consequences.
NARRATOR: But calibrating that response is difficult.
ROTHKOPF: The White House has suggested that one centerpiece of their response to cyber attacks would be what they called naming and shaming.
Well, you know, naming and shaming may work in a kindergarten class when somebody steals cookies that were intended for another child, but it's not going to work with Vladimir Putin, the supreme leader in Iran, or the Chinese.
NARRATOR: Cyber war has plunged the world into chaotic, uncharted territory.
Today, a single spy can stealthily steal secrets in volumes larger than all the books in the library of Congress.
And nation states are playing a dangerous game using cyber weapons that could trigger a wider war.
ZETTER: There have been officials in the past that have said, you know, "If you take down our power grid, you can expect a missile down your smokestacks.
" I think it's highly likely that any war that began as a cyber war would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.
NARRATOR: The number of nations armed with cyber weapons is in the dozens, not to mention terrorists and criminal hackers.
And unless we find a way to counter these threats, there is a very real danger that we will turn one of our greatest inventions-- the internet-- into a dangerous battlefield.
On NOVA's website, find in-depth interviews with Edward Snowden and other experts.
Check out some of the NSA's astonishing cyber spying gadgets.
Or try our cyber security game and learn how to keep your digital life safe, spot cyber security scams, and defend against cyber attacks.
Also, watch original video shorts, explore in-depth reporting, and dive into interactives.
Find us at pbs.
org/nova.
Follow us on Facebook and Twitter.
They come from below.
This NOVA program is available on DVD.
To order, visit shopPBS.
org, or call 1-800-play-PBS.
NOVA is also available for download on iTunes.