Documentary film “Zero Days” presents an inconvenient truth to chill and alarm us. While cyber-attack has been a familiar issue during recent years, the documentary shows us that cyber-attack technology has advanced far more than we think, and it is quite disturbing to see what will be the beginning of a new era of modern warfare. This is no longer what may happen in the distant future; it is happening around us even at this point, with more dangerous possibilities to come.
In 2010 June, a malware which was later named Stuxnet was detected in Belarus, and we meet several technicians who analyzed this malware at that time. During their analysis, they were quite amazed by its many sophisticated technical aspects, and it became quite clear to them that Stuxnet was not a mere work of some cyber criminals or hacker activists but a cyber weapon on the level of state-nation.
It was virtually impossible to pinpoint which government agency was involved in the development and release of Stuxnet, but its insidious purpose was gradually revealed through several months of analysis and research. Although it was designed to infiltrate into a common control hardware widely used in various industrial fields, Stuxnet did not cause any particular damage to many computer networks infected with it while being quickly spread around the world, and it looked like it had some specific target to attack.
As the aforementioned technicians gathered the numerous cases of Stuxnet infection around the world step by step, it turned out that the country with the most infected cases was none other than Iran, and they came to notice several questionable malfunction incidents which recently happened there. One of them happened at one of the main nuclear facilities in Iran, and this suggested that Stuxnet was developed by the US government, and, possibly, the Israeli government.
Neither the US government nor the Israeli government has ever recognized that, but there is not much doubt about their culpability considering their geopolitical conflict with Iran. The nuclear program of Iran has been a serious trouble for them since the 1980s, and, as Iran came quite closer to having nuclear weapons during the 2000s, the US government concluded that something should be done as soon as possible for avoiding far worse situations.
Mainly due to his increasingly difficult political circumstance due to the wars in Iraq and Afghanistan, President George W. Bush was reluctant to bomb the nuclear facilities in Iran, and that was how cyber-attack came into the picture as another option. When the decisive power came to President Barack Obama a few years later, he showed some misgivings, but that did not stop him from authorizing the use of Stuxnet, which was called ‘Olympic Games’ by its developers.
The documentary gives us a detailed account of how the fuel enrichment plant located in Natanz, Iran was infiltrated and then damaged by Stuxnet. The target of Stuxnet was the control system for the uranium gas centrifuges in the plant, and we get a graphic presentation of how the system in question malfunctioned as covertly manipulated by Stuxnet. Once the right condition was set, Stuxnet started to increase or decrease the speed of those ultrahigh-speed centrifuges too much while nothing seemed to be wrong in the control room, and then the centrifuges eventually broke themselves apart as causing considerable damages to the system.
This cyber-attack itself was as successful as intended while the Iranian government and its scientists and engineers were baffled by what happened, but this did not deter Iran at all. Sure, it did put a temporary dent on the nuclear program of Iran, but then the nuclear program of Iran came to be far more accelerated than before – especially after Stuxnet came to be exposed in public to the embarrassment of US and Israel. In addition, Iran also established its own cyber military unit, and it soon gave a clear warning to the US government via two massive cyber-attacks.
Several US government officials, who are anonymously represented by one actress as acknowledged at the end of the documentary, talked to the director Alex Gibney about Stuxnet and their classified cyber programs, and their testimonies reveal that Stuxnet is just a tip of iceberg. As a matter of fact, they already developed a far more powerful cyber weapon called ‘Nitro Zeus’, and Stuxnet looks like a child’s play compared to what Nitro Zeus is capable of.
It is apparent that there should be more open debates on cyber weapon, but US and many other countries around the world are still reluctant to recognize this urgent matter. As many things remain classified in the name of national security, most of government officials interviewed in the documentary are evasive to Gibney’s questions on Stuxnet, but they show concerns over that dangerously uncertain territory of cyber warfare. Like nuclear weapon or chemical weapon, cyber weapon definitely needs to be regulated via something like international treaty, but that will not be easy at all as cyber-attack technology rapidly keeps advancing as usual. After all, how can you possibly trace or inspect something which can be easily hidden in any computer or storage device?
After drawing my attention for the first time through “Enron: The Smartest Guys in the Room” (2005) and “Taxi to the Dark Side” (2007), Gibney has continued to impressed me with his subsequent documentary films including “Going Clear: Scientology and the Prison of Belief” (2015), a scathing and alarming exposé on the Church of Scientology. What he reveals here in “Zero Days” is equally alarming to say the least, and it also chillingly resonates with that recent hacking case possibly associated with the Russian government, which might have attempted to influence the US presidential election of this year as circumstantial evidences suggest. Yes, we have indeed entered the era of cyber warfare, and we can only hope we will be able to do something about that before it is too late for us.
Sidenote: As explained in the documentary, zero day is a technical term for undisclosed computer-software vulnerabilities which can be exploited by hackers.