The Undeclared War (2022) s01e06 Episode Script
Episode 6
(SIREN WAILING)
(PEOPLE CLAMOURING)
NEWSREADER: So what
made you decide to leave,
come to Moscow?
JOHN: Because I'm fed up
with lying to the public
about what's really going
on at GCHQ where I work.
I've done 50 years of service
and I've had enough.
It's time for me to
stand up and say my piece.
and I've had enough.
It's time for me to
stand up and say my piece.
NEWSREADER: And what is that?
PHIL: You were friends, weren't you?
Hi. Sorry?
You were friends.
Yeah.
At least I thought so.
So what are you looking for?
SAARA: I don't know.
A clue, anything.
I just can't believe he'd do this to us.
"Us." (SCOFFS)
He goes missing at the same time
as the biggest leak in
intelligence history.
He turns up in Moscow and
admits it on Russian television.
I'd have thought that
was enough evidence,
even for you.
You mean I should get back to work.
That's OK, Saara.
I think we all gave up hope a while back
of you ever actually
doing any work around here.
(INDISTINCT CHATTER)
Don't people hate having
their grammar corrected?
I mean, doesn't it just
make everyone hate you?
If we wrote code as sloppily as we
write English, it would never run.
Some things have to be right.
Is that all you're having?
I'm Muslim.
They don't have anything halal here.
they won't be very welcoming.
- (SAARA CHUCKLES)
- What's funny?
No different to any other
department here then?
Different "from" any other department.
It's "different from, compared with."
No different "from"
any other department.
It's "different from, compared with."
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
because I'm fed up
with lying to the public
about what's really going
on at GCHQ where I work.
I've done
(FAST FORWARDING)
stand up and say my piece.
And what is that?
That we are no different to what
we're always accusing you lot of.
- Yes! (CHUCKLES)
- What is it?
He said "different to."
He would never say "different to."
He would never make that mistake.
It can't be him.
What? Saara, wait.
(INTENSE MUSIC PLAYING)
Where is he?
Danny's on his way to London, Saara.
Shit!
Kathy?
She's not here.
Where is she?
- She's gone.
- What do you mean gone?
What did you say to her?
I didn't say anything. I
came back and she was packing.
She's been recalled to Maryland.
Er
She flew about 25 minutes
ago. She left you this.
What's going on, Saara?
And don't lie to me this time.
You're in love with her, aren't you?
Don't lie, please.
I don't know.
Maybe.
Have you made love here?
Yes.
(EXHALES SHARPLY)
OK.
Where does that leave us?
Do you still love me?
Did you ever really (SNIFFLES) love me?
Don't go, James, please. I'm sorry.
I know you just lost your dad
(SNIFFLES) and I know you're upset,
and I know you say you can't
deal with your emotions.
I've tried to make allowances,
(SNIFFLES)
I really have.
But when you crash into
people's lives, people get hurt.
People who care about
you. People who love you.
Just try and think about that?
(SNIFFLES)
(DOOR CLOSES)
Fuck.
Ah, Mark, welcome.
Sorry, I'm late.
It's fine.
I'm sure I don't need to tell you
the effect of the Yeabsley leak is
devastating.
Most of our tools have
been rendered nugatory
and will have to be
built again from scratch.
Our priority now is to keep what
little we do have left secure.
(EXHALES)
As of 2000 hours today, Eastern Time,
the NSA's intelligence-sharing
arrangement with the UK is withdrawn.
For the foreseeable future.
Er, Mark
It signals cooperation
between our two countries,
it goes back 75 years
and it plays a vital
This decision comes from the
commander-in-chief personally
and is not open for discussion.
The question we're all
asking ourselves here is
why the hell you
re-employed a loose cannon
like John Yeabsley in the first place?
(INDISTINCT RADIO CHATTER)
- Hi.
- You all right?
Where do you want me, Sarge?
Er, get yourself round the back.
Make sure no press are trying
to get in through the garden.
Hey.
You're gonna need a mask, Sandy.
Oh, I'm just going
straight through, thank you.
WOMAN: Hiya.
SANDY: Sorry. Thanks.
SAARA: James, it's me again.
Please call me back.
I know you're angry.
We need to talk.
(INAUDIBLE)
Come on!
GCHQ Intelligence
Analyst, John Yeabsley,
seen yesterday on Russian TV
admitting responsibility for
a massive leak of GCHQ secrets
could not have been in
Moscow yesterday. Back to Dan.
- Yes!
- DAN: That's right, Alan
Yes, yes, yes! I knew it!
in light of what the
police are saying here tonight,
the interview shown yesterday
on Russian TV seems likely now
somehow to have been faked.
As he was clearly already
dead, here in Cheltenham,
when he was supposedly
being taped in Moscow.
(JOHN CHUCKLES)
Oh, dear
A mountain of code.
Perhaps it will make you,
er, check your assumptions.
Remember the Nigerian prince.
If you find yourself scouring through
thousands and thousands of lines of code,
that's probably exactly what
they're expecting you to do.
Don't.
Do something else,
unexpected.
You have to think outside the box.
If you can't, then you have
to find someone who can.
Should I offer to help?
Oh, no, she doesn't need any help.
She knows exactly where everything is.
Don't you, dear?
It's the first time we've had one
of Gabe's work friends to visit.
Isn't it, Gabe?
We'd almost given up hope.
Sorry?
He was turned down by so
many employers before GCHQ.
We moved here so we
could look after him.
(SOFTLY) He can't live alone, obviously.
I know you said you didn't
want to help me any more
- but I'm in trouble.
- What kind of trouble?
What I'm saying is
I've got GCHQ into trouble.
OK, what I mean is
I didn't realise I was being used.
I think there's a
third-stage malware, Gabriel,
hidden inside the code.
I need to find it.
Someone tried to warn me about
it, that it was really dangerous,
but it's only now I think
I know what he meant.
- Who warned you?
- That's not important now.
There's been a massive leak
of data from GCHQ, right?
Incredibly damaging?
I think that's what
the third stage does.
I think there's some hidden
part of the original malware
that was built to steal our data.
But I can't find it.
I've been back through the code
line by line. There's nothing.
That's the puzzle, Gabriel.
- I'm asking if you'd
- It's OK, Saara. I get it.
Where are you going, Gabe?
Sorry.
But what about the curfew?
(INTENSE MUSIC PLAYING)
- It's obfuscated. You don't need to
- GABRIEL: Wait.
I was just trying to say you
don't need to waste time on it.
The original code's obfuscated.
They included all this garbage
so that anti-virus software
wouldn't recognise it as malware.
How many lines of garbage?
I don't know, thousands.
We stripped them out
so we could work on it.
Tea?
Before you stripped them out, you
tried to get it to run in a sandbox.
That's right. How did you know?
GABRIEL: What happened?
SAARA: Nothing. It didn't run.
- They designed it so that it
- Oh, I think it did.
It didn't, Gabriel. I
tried it again and again.
It just sat there.
I watched. Nothing happened.
You need to learn to look at
the garbage in a different way.
It's all about patterns.
Finding the code, hidden
within the garbage.
But in this case
it's more complicated than normal.
Usually, there'd be
one character of code,
and, say, five characters of garbage.
In that case, you just need to write
a script to read one character in six.
So you're saying it's not all garbage?
Then
there's where the number of real
code and garbage characters vary
according to a regular pattern.
Say, one in four, then one in three,
then one in two and back up again.
SAARA: And that's what we've
got here in the BT code?
No.
(CLATTERS)
This is more complicated.
Here, there's no simple pattern.
The code characters
and garbage characters
vary according to an algorithm.
So, we can't extract the hidden
code unless we know the algorithm?
Oh, I've worked out the algorithm.
That's what took me the time.
(KEYBOARD CLACKING)
There's your third stage.
Hidden inside of what you
thought was just garbage.
(SIGHS)
GABRIEL: That's a data scraper.
That's how it mined our files.
That must be the MAC
address of your sandbox.
That's how it broke out into our system.
- SAARA: It can't be.
- GABRIEL: Yes, I think so.
But how could they possibly know that?
A MAC address is like a fingerprint.
How could someone in
Russia know the address
of a particular computer
at GCHQ? It's impossible.
No, it's obvious.
Obvious? How?
Someone must have told them.
OK, even if that is true,
it doesn't explain how
they got the data out.
This malware doesn't communicate.
It exfiltrates as email.
The data goes out as attachments.
The emails get lost in the flood
of all our other email traffic.
No one notices.
They've moved on from
NSA exploits, by the way.
Now they're taking our own stuff.
SAARA: What?
GABRIEL: Your emails
are still going out.
What?
(SPEAKING RUSSIAN)
They must know what we're doing.
Every time I cut a link to a
domain, they set up a new one.
We're losing a massive amount of data
every second.
The scraper you found in the garbage.
Can you can shut it down,
stop all this at source?
Of course.
Then do it!
Please.
- Is that it?
- (EXHALES) Yes.
You've stopped it?
Of course. Why do you
sound so surprised?
SAARA: You're brilliant.
- (EXCLAIMING IN FRUSTRATION)
- (VARVARA SPEAKING RUSSIAN)
(SLOW INSTRUMENTAL MUSIC PLAYING)
I owe you an apology.
You're right, you do.
I'm sorry.
What you did last night was amazing.
NEWSREADER: as well as in Bradford,
the central Mosque in Southall
was fire-bombed while a
service was taking place.
A spokesperson for the Muslim
Council of Britain blamed the attack,
one of dozens reported
in the last 36 hours,
on the breakdown in public order in the
aftermath of the disputed election
What is it?
They're attacking mosques again.
My brother works at a mosque in Swindon.
Well, you should go.
SAJID: We read about it everyday
in the papers and on our phones,
we hear about it on the radio,
we speak about it every
morning with our neighbours
we watch it every night on the TV news.
And of course, when they're
attacking us in the streets,
when they're burning our mosques,
we want to strike back.
Why wouldn't we?
It's only human.
It sounds easy, brothers and sisters,
as do all the words of Shaytan.
He speaks to us when we're angry.
He fans the flames of our
completely reasonable anger
which comes from fear
and the desire to protect those we love.
But we don't protect
them, brothers and sisters,
by meeting violence with violence.
Violence only breeds more
violence, more hatred.
We hit back and they hit us again,
even harder.
The way of Allah, Subhanahu wa-ta'ala,
is the harder way, the
more courageous way.
The voice of Shaytan rages in our
ears, blasting out all other sound.
You will hear the voice of
Allah, Subhanahu wa-ta'ala,
when you are quiet,
when you are at rest,
when you are at peace.
(INDISTINCT CHATTERING)
Saj?
DANNY: Hello, sir.
- Shut the door.
- Yeah.
What is it?
DAVID: I've just been
speaking to the Prime Minister.
Apparently, MI5's found
some compromising material
on the Foreign Secretary's laptop.
(DANNY SIGHS)
What kind of material?
I'm not sure. They're
sending it over, the laptop.
Inappropriate communications
with someone inside
the Russian government,
that's all I've been told.
(SIGHS)
"Highly prejudicial
to national security."
(SCOFFS) For fuck's sake.
Surely even they must know
that's a Russian plant?
I don't know. It looks
authentic, apparently.
None of the usual signs of
crashing around inside a computer.
If it's a plant, it's a clever one,
hard to prove.
Anyway, she's had to resign.
(DANNY SIGHS)
We're being played, aren't we?
Have been. At every stage.
Yeah. Yeah.
And very convenient that we should
lose our best friend in government
at this precise moment.
(SIGHS)
ANDREW: Secretary of State for Defence.
RICHARD: I said after the BT attack
that if we didn't respond robustly,
we'd be hit again and we have been.
Our election has been undermined and
our most sensitive secrets stolen.
By any measure, this
constitutes the cyber equivalent
of an armed attack
on the United Kingdom.
An act of war.
ANDREW: Head of Operations, GCHQ.
I'm not
disagreeing that a strong
response is required
but you should be aware
that if you decide upon
a symmetric cyber-attack,
it will be highly escalatory.
Truth is they've been
one step ahead of us,
provoking us,
anticipating how we'll
react at every stage.
It's vital that we do
not react as expected now.
We should be careful of empty gestures
that have profound consequences.
Empty gestures?
Yes. Especially if there are
other motives for doing it.
ANDREW: What other motives?
Can I speak frankly?
Of course.
To shore up the position of a government
whose legitimacy has been questioned.
- To distract attention.
- (ALL SIGH)
Is that what you think is going on here?
With the greatest respect to our
colleague from GCHQ, Prime Minister,
that is a completely
outrageous suggestion.
This country has either faced an attack
amounting to an act of war or it hasn't.
And if it has,
it is our duty as the properly
constituted government to respond.
It's nothing to do with legitimacy
or any other political considerations.
Can I just remind us that
the then Attorney General
made our red lines absolutely
clear in his 2018 speech.
Use of cyber to manipulate
the electoral system
explicitly constitutes an
intervention in our domestic affairs.
If, after that speech, we do nothing,
we are basically saying it's OK to
just roll your tanks into London.
DAVID: Yes, I see your point.
Of course, if we retaliate, we
might expose some of the things
we ourselves are doing,
within Russia's critical
national infrastructure.
Which would leave us open to the
accusation of double standards.
But if that is the way you wish to go,
Prime Minister, Danny can
lay out some further options.
We don't need your options.
The army will be taking
the lead this time.
(DANNY SIGHS)
Good luck with that.
What was that?
Nothing.
Good, because Russia has effectively
declared war on this country.
And, we, those of us around this table
are charged with the
defence of this nation.
I require your support to do so.
RICHARD: David.
I'm sending you a team from
the National Cyber Force.
I want you to build them an attack,
targeting the Russian arms industry.
And I want it done
today. Can you do that?
Put them out of action?
We can certainly try.
It's time to show us what
we've been paying for at GCHQ.
All this money we've spent,
it's time to show us what you can do.
SAARA: I'm sorry, Saj.
You were right.
I should've thought more carefully
before I took the job at GCHQ.
About the consequences for our family.
I over-reacted.
No, you didn't.
You were right.
I shouldn't have gone there.
I've made a mistake. At work.
What mistake?
I suppose you can't say?
I did something
I thought was really clever.
But it wasn't.
It was incredibly stupid and gullible.
And it's allowed something
terrible to happen.
Are you sure?
Because you always think
everything's your fault.
You have no idea.
Anyway, Dad was my fault.
What? How is that your fault?
He killed himself.
He killed himself because I
went away to uni and left him.
- No, Saar
- He did.
- I abandoned him.
- No, that's not what happened, Saar.
- Yeah, he killed himself.
- He didn't kill himself.
I mean sorry to ruin this "I'm
to blame for everything" thing
you've got going, but no,
he didn't kill himself.
If you'd come home, you'd know that.
It was an accident.
A signalman made a mistake.
He sent a goods train up a line that
was supposed to be out of service.
Dad took a short cut across
the track and the train hit him.
It wasn't suicide.
You're just saying that
because suicide is haram.
No, I swear on Mum's life.
That's what happened.
You may have behaved like
a shit not coming to see him
but he didn't commit suicide.
I liked your sermon.
Thanks.
I mean, I I agreed with I
agreed with everything you said.
(SIGHS IN RELIEF)
Do you think I should resign?
Oh.
That's up to you,
but we'd be losing the last real
voice of moderation around the table.
There'd be nobody left
to protect the staff.
Well, what about you?
Me? (CHUCKLES)
They'd sack me 15 seconds
after you're out the door.
(KNOCKING ON DOOR)
Sorry, they're ready.
They're ready.
(DAVID CLEARS THROAT)
Um, (SMACKS LIPS)
I told Barbara to take the kids and
go and stay with her parents in France.
- You're joking.
- No, absolutely not.
Well, it's not that bad, is it?
I don't know. But I'm pretty
sure this, us attacking them,
it's exactly what they want us to do.
You have to ask yourself why.
Do you think I should get Freddie out?
Maybe.
FINN: Ready, boss.
DANNY: OK, what happens now?
You stand aside and we press the button.
That way it's covered
by the "rules of war"
and you don't end up in the Hague.
DANNY: OK, Finn. Up you get.
Control-E.
(KEYBOARD CLACKING)
FEMALE OFFICER: How long will
it take to have an effect?
No time at all.
It's happening now.
(NEWSREADER SPEAKING RUSSIAN)
Real? I doubt it.
(NEWSREADER CONTINUES IN RUSSIAN)
(OFFICER SPEAKING RUSSIAN ON TV)
I have a word with you?
- What is it?
- A private word.
(CONTINUES INDISTINCTLY ON TV)
(DANNY SMACKS LIPS)
- What is it?
- Our comms are down.
- Sorry?
- All our comms are down.
I wanted to speak to you out here
because I didn't want to create a panic.
- What, just army comms
- To be honest, we're not sure.
I managed to get through to the
MOD on one of your landlines.
They're requesting that GCHQ
help re-establish contact.
- With
- With UK Armed Forces.
FINN: Sorry, Danny.
The Defence Secretary is on the line.
Which channel?
No, I mean he's actually on
the line. He's on the phone.
Richard. We've just heard.
RICHARD: Heard what?
About your loss of comms.
RICHARD: Not that. The nuclear submarine
control system is unresponsive.
It may have been hacked.
What?
Are you Are you absolutely sure?
Richard?
Richard?
If there's anything
still working around here,
try and get me NSA
up on the satellite
- on this one.
- OK.
I've decided to leave.
GCHQ.
OK.
(SIGHS)
But if you've made a mess,
don't leave before you've cleared it up.
You should never leave someone
else to clear up your mess, Saar.
(KEYBOARDS CLACKING)
Mitch.
Danny.
Look, I know you guys aren't
talking to us at the moment
but I thought you should
know somebody just hacked
our nuclear submarine control system.
What? You're kidding?
Plus all of our military comms are down.
The Russians have just
spent the last two hours
exaggerating the effect
of a very targeted attack
on a couple of arms factories to make
whatever it is they're
doing look like self-defence.
And my guess is, they've been
planning this for a long time.
Yeah, the problem is we're seeing those
images of hospital fires too, Danny
Yeah, they're fakes, Mitch.
- Well, they look pretty real to us.
- (SIGHS)
I've gotta tell you,
there's not a lot of warm feelings
towards you guys here at the moment.
We really could do with
some help right now, Mitch.
(MESSAGE NOTIFICATION TONE)
SECURITY: You can't use that in here.
You can't use that
here. Turn it off, now.
OK, but I've got to write this down.
Have you got any paper?
(SECURITY SIGHS)
Saara, wait.
I've got nothing to say to you.
Please.
I think you're about to be attacked.
The UK.
I've got something to
give you that will stop it.
I don't believe you, Vadim.
It's just another provocation.
Anyway, I thought you said
in Harrogate they'd kill you.
I don't care any more.
I don't care what happens to me.
This is too important.
Look at this.
What is that?
It's you. At your desk in GCHQ.
OK, you hacked the CCTV.
So what? What does that prove?
Saara, please. There isn't much time.
You have to trust me. You
have to think outside the box.
What? What did you say?
JSSO's showing unidentified
aircraft entering our airspace.
None of the other systems are showing it
and the RAF doesn't seem
to have been scrambled yet.
But it is possible we are under attack.
It's just another hack,
isn't it? Fake news?
(SIGHS) But what if it's real this
time, you know, like crying wolf?
How can we take that chance?
- What, an invasion?
- Why not?
We've been underestimating
Putin for ten years.
All the way through we've been
asking what's the bigger picture.
The one thing we've never considered
is that he might just be insane enough
to have territorial ambitions.
What if this whole thing is
about separating us from Europe
and the Americans so that when
this moment came, we'd be alone?
Not now, Saara.
SAARA: Danny, you absolutely have
to come and see this. Right now!
It's the CCTV, so what? Saara,
I don't have time for this.
You have to turn it off.
Please.
I can't show you what I've got
to show you until you turn it off.
Shut down the CCTV.
Really?
DANNY: Yeah. Do it.
They hacked the system.
The FSB were watching
everything we're doing.
They can't. It's
air-gapped. How do you know?
Because I've just been
inside their computer.
I'm sending you
something now. Two things.
You can use them to
trade with the Americans,
to bring them back in.
As soon as that happens,
Putin will back down.
During this first phase,
we are degrading the capability
and resolve of our enemy
as well as discrediting
his institutions and
leadership with espionage,
assassination, er,
manipulation of social media,
cyber attacks, faking of imagery
all with the aim of
creating disillusionment,
confusion and chaos.
Er, by the time war is openly declared,
the enemy's ability
to defend himself
War?
VADIM: will be
significantly reduced
RICH: Danny?
- We're receiving a data dump.
- Where from?
Russia.
VADIM: In the next
phase, we engineer
OK, let's go.
er, our enemy's strategic situation.
His, er, relationships with his allies
are fatally undermined, one by one.
(VADIM CONTINUES INDISTINCTLY)
It's mostly code.
There's terabytes of it.
I think it's the FSB's
offensive cyber exploits.
DANNY: My God!
This puts us back in the game.
VADIM: So how is all
this to be achieved?
How do you ensure that, er,
the final phase, the war is won?
The war is won using a technique
called Reflexive Control.
This is, er, the
Predetermining the enemy's
behaviour in Russia's favour.
We define our ultimate objective
We define our ultimate objective,
the total defeat of our enemy.
(SINGING IN FOREIGN LANGUAGE)
(PEOPLE CLAMOURING)
NEWSREADER: So what
made you decide to leave,
come to Moscow?
JOHN: Because I'm fed up
with lying to the public
about what's really going
on at GCHQ where I work.
I've done 50 years of service
and I've had enough.
It's time for me to
stand up and say my piece.
and I've had enough.
It's time for me to
stand up and say my piece.
NEWSREADER: And what is that?
PHIL: You were friends, weren't you?
Hi. Sorry?
You were friends.
Yeah.
At least I thought so.
So what are you looking for?
SAARA: I don't know.
A clue, anything.
I just can't believe he'd do this to us.
"Us." (SCOFFS)
He goes missing at the same time
as the biggest leak in
intelligence history.
He turns up in Moscow and
admits it on Russian television.
I'd have thought that
was enough evidence,
even for you.
You mean I should get back to work.
That's OK, Saara.
I think we all gave up hope a while back
of you ever actually
doing any work around here.
(INDISTINCT CHATTER)
Don't people hate having
their grammar corrected?
I mean, doesn't it just
make everyone hate you?
If we wrote code as sloppily as we
write English, it would never run.
Some things have to be right.
Is that all you're having?
I'm Muslim.
They don't have anything halal here.
they won't be very welcoming.
- (SAARA CHUCKLES)
- What's funny?
No different to any other
department here then?
Different "from" any other department.
It's "different from, compared with."
No different "from"
any other department.
It's "different from, compared with."
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
Different from, compared with.
because I'm fed up
with lying to the public
about what's really going
on at GCHQ where I work.
I've done
(FAST FORWARDING)
stand up and say my piece.
And what is that?
That we are no different to what
we're always accusing you lot of.
- Yes! (CHUCKLES)
- What is it?
He said "different to."
He would never say "different to."
He would never make that mistake.
It can't be him.
What? Saara, wait.
(INTENSE MUSIC PLAYING)
Where is he?
Danny's on his way to London, Saara.
Shit!
Kathy?
She's not here.
Where is she?
- She's gone.
- What do you mean gone?
What did you say to her?
I didn't say anything. I
came back and she was packing.
She's been recalled to Maryland.
Er
She flew about 25 minutes
ago. She left you this.
What's going on, Saara?
And don't lie to me this time.
You're in love with her, aren't you?
Don't lie, please.
I don't know.
Maybe.
Have you made love here?
Yes.
(EXHALES SHARPLY)
OK.
Where does that leave us?
Do you still love me?
Did you ever really (SNIFFLES) love me?
Don't go, James, please. I'm sorry.
I know you just lost your dad
(SNIFFLES) and I know you're upset,
and I know you say you can't
deal with your emotions.
I've tried to make allowances,
(SNIFFLES)
I really have.
But when you crash into
people's lives, people get hurt.
People who care about
you. People who love you.
Just try and think about that?
(SNIFFLES)
(DOOR CLOSES)
Fuck.
Ah, Mark, welcome.
Sorry, I'm late.
It's fine.
I'm sure I don't need to tell you
the effect of the Yeabsley leak is
devastating.
Most of our tools have
been rendered nugatory
and will have to be
built again from scratch.
Our priority now is to keep what
little we do have left secure.
(EXHALES)
As of 2000 hours today, Eastern Time,
the NSA's intelligence-sharing
arrangement with the UK is withdrawn.
For the foreseeable future.
Er, Mark
It signals cooperation
between our two countries,
it goes back 75 years
and it plays a vital
This decision comes from the
commander-in-chief personally
and is not open for discussion.
The question we're all
asking ourselves here is
why the hell you
re-employed a loose cannon
like John Yeabsley in the first place?
(INDISTINCT RADIO CHATTER)
- Hi.
- You all right?
Where do you want me, Sarge?
Er, get yourself round the back.
Make sure no press are trying
to get in through the garden.
Hey.
You're gonna need a mask, Sandy.
Oh, I'm just going
straight through, thank you.
WOMAN: Hiya.
SANDY: Sorry. Thanks.
SAARA: James, it's me again.
Please call me back.
I know you're angry.
We need to talk.
(INAUDIBLE)
Come on!
GCHQ Intelligence
Analyst, John Yeabsley,
seen yesterday on Russian TV
admitting responsibility for
a massive leak of GCHQ secrets
could not have been in
Moscow yesterday. Back to Dan.
- Yes!
- DAN: That's right, Alan
Yes, yes, yes! I knew it!
in light of what the
police are saying here tonight,
the interview shown yesterday
on Russian TV seems likely now
somehow to have been faked.
As he was clearly already
dead, here in Cheltenham,
when he was supposedly
being taped in Moscow.
(JOHN CHUCKLES)
Oh, dear
A mountain of code.
Perhaps it will make you,
er, check your assumptions.
Remember the Nigerian prince.
If you find yourself scouring through
thousands and thousands of lines of code,
that's probably exactly what
they're expecting you to do.
Don't.
Do something else,
unexpected.
You have to think outside the box.
If you can't, then you have
to find someone who can.
Should I offer to help?
Oh, no, she doesn't need any help.
She knows exactly where everything is.
Don't you, dear?
It's the first time we've had one
of Gabe's work friends to visit.
Isn't it, Gabe?
We'd almost given up hope.
Sorry?
He was turned down by so
many employers before GCHQ.
We moved here so we
could look after him.
(SOFTLY) He can't live alone, obviously.
I know you said you didn't
want to help me any more
- but I'm in trouble.
- What kind of trouble?
What I'm saying is
I've got GCHQ into trouble.
OK, what I mean is
I didn't realise I was being used.
I think there's a
third-stage malware, Gabriel,
hidden inside the code.
I need to find it.
Someone tried to warn me about
it, that it was really dangerous,
but it's only now I think
I know what he meant.
- Who warned you?
- That's not important now.
There's been a massive leak
of data from GCHQ, right?
Incredibly damaging?
I think that's what
the third stage does.
I think there's some hidden
part of the original malware
that was built to steal our data.
But I can't find it.
I've been back through the code
line by line. There's nothing.
That's the puzzle, Gabriel.
- I'm asking if you'd
- It's OK, Saara. I get it.
Where are you going, Gabe?
Sorry.
But what about the curfew?
(INTENSE MUSIC PLAYING)
- It's obfuscated. You don't need to
- GABRIEL: Wait.
I was just trying to say you
don't need to waste time on it.
The original code's obfuscated.
They included all this garbage
so that anti-virus software
wouldn't recognise it as malware.
How many lines of garbage?
I don't know, thousands.
We stripped them out
so we could work on it.
Tea?
Before you stripped them out, you
tried to get it to run in a sandbox.
That's right. How did you know?
GABRIEL: What happened?
SAARA: Nothing. It didn't run.
- They designed it so that it
- Oh, I think it did.
It didn't, Gabriel. I
tried it again and again.
It just sat there.
I watched. Nothing happened.
You need to learn to look at
the garbage in a different way.
It's all about patterns.
Finding the code, hidden
within the garbage.
But in this case
it's more complicated than normal.
Usually, there'd be
one character of code,
and, say, five characters of garbage.
In that case, you just need to write
a script to read one character in six.
So you're saying it's not all garbage?
Then
there's where the number of real
code and garbage characters vary
according to a regular pattern.
Say, one in four, then one in three,
then one in two and back up again.
SAARA: And that's what we've
got here in the BT code?
No.
(CLATTERS)
This is more complicated.
Here, there's no simple pattern.
The code characters
and garbage characters
vary according to an algorithm.
So, we can't extract the hidden
code unless we know the algorithm?
Oh, I've worked out the algorithm.
That's what took me the time.
(KEYBOARD CLACKING)
There's your third stage.
Hidden inside of what you
thought was just garbage.
(SIGHS)
GABRIEL: That's a data scraper.
That's how it mined our files.
That must be the MAC
address of your sandbox.
That's how it broke out into our system.
- SAARA: It can't be.
- GABRIEL: Yes, I think so.
But how could they possibly know that?
A MAC address is like a fingerprint.
How could someone in
Russia know the address
of a particular computer
at GCHQ? It's impossible.
No, it's obvious.
Obvious? How?
Someone must have told them.
OK, even if that is true,
it doesn't explain how
they got the data out.
This malware doesn't communicate.
It exfiltrates as email.
The data goes out as attachments.
The emails get lost in the flood
of all our other email traffic.
No one notices.
They've moved on from
NSA exploits, by the way.
Now they're taking our own stuff.
SAARA: What?
GABRIEL: Your emails
are still going out.
What?
(SPEAKING RUSSIAN)
They must know what we're doing.
Every time I cut a link to a
domain, they set up a new one.
We're losing a massive amount of data
every second.
The scraper you found in the garbage.
Can you can shut it down,
stop all this at source?
Of course.
Then do it!
Please.
- Is that it?
- (EXHALES) Yes.
You've stopped it?
Of course. Why do you
sound so surprised?
SAARA: You're brilliant.
- (EXCLAIMING IN FRUSTRATION)
- (VARVARA SPEAKING RUSSIAN)
(SLOW INSTRUMENTAL MUSIC PLAYING)
I owe you an apology.
You're right, you do.
I'm sorry.
What you did last night was amazing.
NEWSREADER: as well as in Bradford,
the central Mosque in Southall
was fire-bombed while a
service was taking place.
A spokesperson for the Muslim
Council of Britain blamed the attack,
one of dozens reported
in the last 36 hours,
on the breakdown in public order in the
aftermath of the disputed election
What is it?
They're attacking mosques again.
My brother works at a mosque in Swindon.
Well, you should go.
SAJID: We read about it everyday
in the papers and on our phones,
we hear about it on the radio,
we speak about it every
morning with our neighbours
we watch it every night on the TV news.
And of course, when they're
attacking us in the streets,
when they're burning our mosques,
we want to strike back.
Why wouldn't we?
It's only human.
It sounds easy, brothers and sisters,
as do all the words of Shaytan.
He speaks to us when we're angry.
He fans the flames of our
completely reasonable anger
which comes from fear
and the desire to protect those we love.
But we don't protect
them, brothers and sisters,
by meeting violence with violence.
Violence only breeds more
violence, more hatred.
We hit back and they hit us again,
even harder.
The way of Allah, Subhanahu wa-ta'ala,
is the harder way, the
more courageous way.
The voice of Shaytan rages in our
ears, blasting out all other sound.
You will hear the voice of
Allah, Subhanahu wa-ta'ala,
when you are quiet,
when you are at rest,
when you are at peace.
(INDISTINCT CHATTERING)
Saj?
DANNY: Hello, sir.
- Shut the door.
- Yeah.
What is it?
DAVID: I've just been
speaking to the Prime Minister.
Apparently, MI5's found
some compromising material
on the Foreign Secretary's laptop.
(DANNY SIGHS)
What kind of material?
I'm not sure. They're
sending it over, the laptop.
Inappropriate communications
with someone inside
the Russian government,
that's all I've been told.
(SIGHS)
"Highly prejudicial
to national security."
(SCOFFS) For fuck's sake.
Surely even they must know
that's a Russian plant?
I don't know. It looks
authentic, apparently.
None of the usual signs of
crashing around inside a computer.
If it's a plant, it's a clever one,
hard to prove.
Anyway, she's had to resign.
(DANNY SIGHS)
We're being played, aren't we?
Have been. At every stage.
Yeah. Yeah.
And very convenient that we should
lose our best friend in government
at this precise moment.
(SIGHS)
ANDREW: Secretary of State for Defence.
RICHARD: I said after the BT attack
that if we didn't respond robustly,
we'd be hit again and we have been.
Our election has been undermined and
our most sensitive secrets stolen.
By any measure, this
constitutes the cyber equivalent
of an armed attack
on the United Kingdom.
An act of war.
ANDREW: Head of Operations, GCHQ.
I'm not
disagreeing that a strong
response is required
but you should be aware
that if you decide upon
a symmetric cyber-attack,
it will be highly escalatory.
Truth is they've been
one step ahead of us,
provoking us,
anticipating how we'll
react at every stage.
It's vital that we do
not react as expected now.
We should be careful of empty gestures
that have profound consequences.
Empty gestures?
Yes. Especially if there are
other motives for doing it.
ANDREW: What other motives?
Can I speak frankly?
Of course.
To shore up the position of a government
whose legitimacy has been questioned.
- To distract attention.
- (ALL SIGH)
Is that what you think is going on here?
With the greatest respect to our
colleague from GCHQ, Prime Minister,
that is a completely
outrageous suggestion.
This country has either faced an attack
amounting to an act of war or it hasn't.
And if it has,
it is our duty as the properly
constituted government to respond.
It's nothing to do with legitimacy
or any other political considerations.
Can I just remind us that
the then Attorney General
made our red lines absolutely
clear in his 2018 speech.
Use of cyber to manipulate
the electoral system
explicitly constitutes an
intervention in our domestic affairs.
If, after that speech, we do nothing,
we are basically saying it's OK to
just roll your tanks into London.
DAVID: Yes, I see your point.
Of course, if we retaliate, we
might expose some of the things
we ourselves are doing,
within Russia's critical
national infrastructure.
Which would leave us open to the
accusation of double standards.
But if that is the way you wish to go,
Prime Minister, Danny can
lay out some further options.
We don't need your options.
The army will be taking
the lead this time.
(DANNY SIGHS)
Good luck with that.
What was that?
Nothing.
Good, because Russia has effectively
declared war on this country.
And, we, those of us around this table
are charged with the
defence of this nation.
I require your support to do so.
RICHARD: David.
I'm sending you a team from
the National Cyber Force.
I want you to build them an attack,
targeting the Russian arms industry.
And I want it done
today. Can you do that?
Put them out of action?
We can certainly try.
It's time to show us what
we've been paying for at GCHQ.
All this money we've spent,
it's time to show us what you can do.
SAARA: I'm sorry, Saj.
You were right.
I should've thought more carefully
before I took the job at GCHQ.
About the consequences for our family.
I over-reacted.
No, you didn't.
You were right.
I shouldn't have gone there.
I've made a mistake. At work.
What mistake?
I suppose you can't say?
I did something
I thought was really clever.
But it wasn't.
It was incredibly stupid and gullible.
And it's allowed something
terrible to happen.
Are you sure?
Because you always think
everything's your fault.
You have no idea.
Anyway, Dad was my fault.
What? How is that your fault?
He killed himself.
He killed himself because I
went away to uni and left him.
- No, Saar
- He did.
- I abandoned him.
- No, that's not what happened, Saar.
- Yeah, he killed himself.
- He didn't kill himself.
I mean sorry to ruin this "I'm
to blame for everything" thing
you've got going, but no,
he didn't kill himself.
If you'd come home, you'd know that.
It was an accident.
A signalman made a mistake.
He sent a goods train up a line that
was supposed to be out of service.
Dad took a short cut across
the track and the train hit him.
It wasn't suicide.
You're just saying that
because suicide is haram.
No, I swear on Mum's life.
That's what happened.
You may have behaved like
a shit not coming to see him
but he didn't commit suicide.
I liked your sermon.
Thanks.
I mean, I I agreed with I
agreed with everything you said.
(SIGHS IN RELIEF)
Do you think I should resign?
Oh.
That's up to you,
but we'd be losing the last real
voice of moderation around the table.
There'd be nobody left
to protect the staff.
Well, what about you?
Me? (CHUCKLES)
They'd sack me 15 seconds
after you're out the door.
(KNOCKING ON DOOR)
Sorry, they're ready.
They're ready.
(DAVID CLEARS THROAT)
Um, (SMACKS LIPS)
I told Barbara to take the kids and
go and stay with her parents in France.
- You're joking.
- No, absolutely not.
Well, it's not that bad, is it?
I don't know. But I'm pretty
sure this, us attacking them,
it's exactly what they want us to do.
You have to ask yourself why.
Do you think I should get Freddie out?
Maybe.
FINN: Ready, boss.
DANNY: OK, what happens now?
You stand aside and we press the button.
That way it's covered
by the "rules of war"
and you don't end up in the Hague.
DANNY: OK, Finn. Up you get.
Control-E.
(KEYBOARD CLACKING)
FEMALE OFFICER: How long will
it take to have an effect?
No time at all.
It's happening now.
(NEWSREADER SPEAKING RUSSIAN)
Real? I doubt it.
(NEWSREADER CONTINUES IN RUSSIAN)
(OFFICER SPEAKING RUSSIAN ON TV)
I have a word with you?
- What is it?
- A private word.
(CONTINUES INDISTINCTLY ON TV)
(DANNY SMACKS LIPS)
- What is it?
- Our comms are down.
- Sorry?
- All our comms are down.
I wanted to speak to you out here
because I didn't want to create a panic.
- What, just army comms
- To be honest, we're not sure.
I managed to get through to the
MOD on one of your landlines.
They're requesting that GCHQ
help re-establish contact.
- With
- With UK Armed Forces.
FINN: Sorry, Danny.
The Defence Secretary is on the line.
Which channel?
No, I mean he's actually on
the line. He's on the phone.
Richard. We've just heard.
RICHARD: Heard what?
About your loss of comms.
RICHARD: Not that. The nuclear submarine
control system is unresponsive.
It may have been hacked.
What?
Are you Are you absolutely sure?
Richard?
Richard?
If there's anything
still working around here,
try and get me NSA
up on the satellite
- on this one.
- OK.
I've decided to leave.
GCHQ.
OK.
(SIGHS)
But if you've made a mess,
don't leave before you've cleared it up.
You should never leave someone
else to clear up your mess, Saar.
(KEYBOARDS CLACKING)
Mitch.
Danny.
Look, I know you guys aren't
talking to us at the moment
but I thought you should
know somebody just hacked
our nuclear submarine control system.
What? You're kidding?
Plus all of our military comms are down.
The Russians have just
spent the last two hours
exaggerating the effect
of a very targeted attack
on a couple of arms factories to make
whatever it is they're
doing look like self-defence.
And my guess is, they've been
planning this for a long time.
Yeah, the problem is we're seeing those
images of hospital fires too, Danny
Yeah, they're fakes, Mitch.
- Well, they look pretty real to us.
- (SIGHS)
I've gotta tell you,
there's not a lot of warm feelings
towards you guys here at the moment.
We really could do with
some help right now, Mitch.
(MESSAGE NOTIFICATION TONE)
SECURITY: You can't use that in here.
You can't use that
here. Turn it off, now.
OK, but I've got to write this down.
Have you got any paper?
(SECURITY SIGHS)
Saara, wait.
I've got nothing to say to you.
Please.
I think you're about to be attacked.
The UK.
I've got something to
give you that will stop it.
I don't believe you, Vadim.
It's just another provocation.
Anyway, I thought you said
in Harrogate they'd kill you.
I don't care any more.
I don't care what happens to me.
This is too important.
Look at this.
What is that?
It's you. At your desk in GCHQ.
OK, you hacked the CCTV.
So what? What does that prove?
Saara, please. There isn't much time.
You have to trust me. You
have to think outside the box.
What? What did you say?
JSSO's showing unidentified
aircraft entering our airspace.
None of the other systems are showing it
and the RAF doesn't seem
to have been scrambled yet.
But it is possible we are under attack.
It's just another hack,
isn't it? Fake news?
(SIGHS) But what if it's real this
time, you know, like crying wolf?
How can we take that chance?
- What, an invasion?
- Why not?
We've been underestimating
Putin for ten years.
All the way through we've been
asking what's the bigger picture.
The one thing we've never considered
is that he might just be insane enough
to have territorial ambitions.
What if this whole thing is
about separating us from Europe
and the Americans so that when
this moment came, we'd be alone?
Not now, Saara.
SAARA: Danny, you absolutely have
to come and see this. Right now!
It's the CCTV, so what? Saara,
I don't have time for this.
You have to turn it off.
Please.
I can't show you what I've got
to show you until you turn it off.
Shut down the CCTV.
Really?
DANNY: Yeah. Do it.
They hacked the system.
The FSB were watching
everything we're doing.
They can't. It's
air-gapped. How do you know?
Because I've just been
inside their computer.
I'm sending you
something now. Two things.
You can use them to
trade with the Americans,
to bring them back in.
As soon as that happens,
Putin will back down.
During this first phase,
we are degrading the capability
and resolve of our enemy
as well as discrediting
his institutions and
leadership with espionage,
assassination, er,
manipulation of social media,
cyber attacks, faking of imagery
all with the aim of
creating disillusionment,
confusion and chaos.
Er, by the time war is openly declared,
the enemy's ability
to defend himself
War?
VADIM: will be
significantly reduced
RICH: Danny?
- We're receiving a data dump.
- Where from?
Russia.
VADIM: In the next
phase, we engineer
OK, let's go.
er, our enemy's strategic situation.
His, er, relationships with his allies
are fatally undermined, one by one.
(VADIM CONTINUES INDISTINCTLY)
It's mostly code.
There's terabytes of it.
I think it's the FSB's
offensive cyber exploits.
DANNY: My God!
This puts us back in the game.
VADIM: So how is all
this to be achieved?
How do you ensure that, er,
the final phase, the war is won?
The war is won using a technique
called Reflexive Control.
This is, er, the
Predetermining the enemy's
behaviour in Russia's favour.
We define our ultimate objective
We define our ultimate objective,
the total defeat of our enemy.
(SINGING IN FOREIGN LANGUAGE)