Oscar winner reveals frightening secrets of U.S. government's cyber war
The New York Times generally confines its coverage of documentaries to the Arts section, but not so with Zero Days, Alex Gibney's latest film.
In February, the Times devoted part of its A section to Zero Days, recognizing a startling scoop in the film: the existence of a previously unknown cyber attack program called Nitro Zeus.
It was in the course of working on his documentary about the government's secret cyber weapons program that Gibney uncovered Nitro Zeus -- a malware scheme designed to sabotage Iran in case that country didn't agree to curtail its nuclear weapons program. But the revelations in Zero Days go beyond Nitro Zeus.
I think the Congress by and large is very ill-educated when it comes to cyber warfare. NSA and Cyber Command has done its best to keep as much from the Congress as possible.
Gibney's film also gets to the bottom of stuxnet, a cyber weapon deployed by the U.S. and Israel around 2009-2010 to flummox Iran's processing of nuclear fuel. The documentary makes a persuasive argument that while stuxnet succeeded initially, it wound up opening a Pandora's Box that has left the U.S. vulnerable to counterattack.
Zero Days is now playing in select cities including Austin, Texas and Salt Lake City, Utah [click here for details] and is available on streaming services including iTunes and Amazon Video.
Nonfictionfilm.com spoke with Gibney earlier this month about stuxnet, Nitro Zeus and the potential for a World War triggered in cyberspace.
Nonfictionfilm.com: What percentage of people you meet are aware of stuxnet in some general way?
Alex Gibney: About 50 percent of the people I talk to are aware of it but not many people really know much about it.
Nonfictionfilm.com: In a nutshell, what is stuxnet and what was it designed to do?
AG: Stuxnet is a piece of very sophisticated malware which is autonomous, which was designed to infect the nuclear plant at Natanz in Iran and take control of the machines to govern centrifuges that enriched uranium and make them spin first very fast and then very slowly so that they blew up. It took over the machines and actually commanded them to destroy themselves. And it sent messages to the people running the machines -- the engineers -- that all was well, which was maybe the most ingenious part of the malware. That made [the engineers] doubt themselves and rather than suspect some outside interference they thought they were at fault. And so it slowed down the production of uranium considerably for a period of time.
Nonfictionfilm.com: I think many people -- including me -- when they first heard about stuxnet thought, wow, what an ingenious scheme! Well done, America! However, your film suggests stuxnet may have provided a short term gain but it did longterm damage to our national security.
AG: That's correct. So often this happens with covert action, particularly with what seems to be at the time "cool" new applications of military technology. Drones would be another example.
With stuxnet the device itself was ingenious and it slowed down Iran's march toward enrichment of uranium that would have got them closer to nuclear weapons but it was also an unprovoked attack on critical infrastructure in peacetime. That's sets a very knotty precedent which can then be followed by other countries particularly when it comes to attacking the United States. It also set off an arms race of a new kind of weapon that hadn't been seen before, now a cyber weapon. So for all these reasons it created problems much bigger even than the problem it was intended to solve.
The initial attack was ingenious but all that came after seems rather disastrous in retrospect.
AG: And, by the way, once Iran discovered the U.S. and Israel's role in launching a cyber attack on Natanz they developed their own cyber army, launched counterattacks and also ratcheted up the production of uranium dramatically so the initial attack was ingenious but all that came after seems rather disastrous in retrospect.
Nonfictionfilm.com: Most people's familiarity with cyber warfare probably comes from Hollywood movies. How ignorant do you think people are -- before having seen your film, that is -- about what the government is doing on this front of warfare?
AG: Never mind the public. I think the Congress by and large is very ill-educated when it comes to cyber warfare. NSA and Cyber Command has done its best to keep as much from the Congress as possible. In the case of some of these operations only the top two people in the intelligence committees have been read in on the programs. And more broadly speaking Representatives really aren't aware of what we're doing in this arena.
Nonfictionfilm.com: It is remarkable to see in the film how the Department of Homeland Security became alarmed about the stuxnet malware program, having no idea it had originated in another part of the government.
AG: We have met the enemy and it is us. Homeland Security is desperately looking for a solution for what it sees as an attack on critical infrastructure in the homeland and they even ask NSA. And of course NSA doesn't even give them any clue about what's going on. It's completely opaque even though it's an operation that we launched and now we're having to defend ourselves against ourselves.
Nonfictionfilm.com: Your film also reveals the existence of Nitro Zeus, this successor program to stuxnet that is a good deal more advanced. What is Nitro Zeus?
AG: Nitro Zeus is a much more sophisticated attack program than even stuxnet. It basically targets key portions of the Iranian critical infrastructure -- radar systems, electrical grids -- they basically have the capacity to virtually shut down Iran. And that was a jaw dropper to us which we discovered in the process of making the film. So suddenly in the space of three or four years the sophistication of cyber weapons grew by leaps and bounds. And when we think about cyber weapons that we have developed you have to assume that the other cyber powers -- China, Russia, possibly Iran and others -- are developing equally powerful weapons.
Nonfictionfilm.com: Is there a potential for a World War III, if you will, that is sort of conducted in cyberspace -- or maybe it begins in cyberspace and then it goes to something more like a conventional war?
AG: I think there is. It would be difficult to imagine but at the same time now more plausible. Part of the reason, I think, has to do with the fact that attribution is so difficult to do with cyber weapons and even false flags are so easy to do with cyber weapons. So suddenly you have a situation where an attack on critical infrastructure might be launched -- it might be launched by one party, one country, but attributed to another. A counterattack on that other country might result; that country might then retaliate, so suddenly you have a situation where you have an opportunity for a huge amount of destruction and you don't exactly know where it's going to end.
Nonfictionfilm.com: The Obama Administration has really tried to keep these programs under wraps. Where does Pres. Obama rank in terms of transparency about cyber weaponry and some of the other aspects of international conflict, be it drones --
AG: I think the Obama Administration gets very low grades on transparency when it comes to matters of national security. We still don't know the laws that govern CIA-sponsored drone strikes, so we don't know how or when or why the United States is launching those drone strikes. It defies credulity for me to understand why we can't know the rationale for those actions. We're not asking to know exactly when they're launched but we should at least have access to understanding the legal basis for them. Likewise with cyber weapons. as [former CIA Director] Michael Hayden says in the film, offensive cyber weapons are hideously over-classified and as a result we can't have any kind of informed debate in this country because everything about cyber weapons is being kept rigorously secret. So, no, the Obama Administration when it comes to national security really gets very, very, very low marks -- worse than the Bush Administration in my view. And he [Obama] is a Constitutional lawyer.
Nonfictionfilm.com: What were some of the steps you took to protect the filmmaking process and your sources during the making of the film?
AG: We used encrypted phones. We used encrypted email. And when we had anonymous sources we transcribed interviews on electric typewriters.
Nonfictionfilm.com: You're not one who shies away from taking on subject matter that would not necessarily endear you to powerful entitites, whether it's your film on Wikileaks [We Steal Secrets] or with this film. Or in taking on the Church of Scientology with Going Clear. That never gives you pause that some of these 800=pound gorillas are going to come after you?
AG: I think you have to be sensible when you go after people like that but you also can't be afraid. So I think that's really the light I try to steer by.
Nonfictionfilm.com: Regarding Going Clear, I'm interested in hearing about the kind of continued harassment you get from the Church over your film.
AG: I get a lot of trolling on the web. Obviously they've done hate films on me which they promote assiduously. There's a person who's been assigned to do a documentary on me -- a guy named Randall Stith -- and he shows up at all my public speaking events in Los Angeles. I usually make a point of trying to introduce him.
Nonfictionfilm.com: How are you able to do as many films as you do? Your output is astonishing --last year you had six projects come out that you directed and/or produced.
AG: I have a number of people who work with me on these projects and they're very talented and they're very dedicated. And each one of these projects takes a long period of time. I just think think of it a little bit like a law firm that has a number of different cases that proceed very slowly over time and we keep updating them... But I usually do more than one at a time in part to save myself from having to close the book on a film prematurely because we run out of money. It's ended up being a kind of pragmatic strategy and then sometimes in some years a number of films get released simultaneously -- it's coincidental more than anything. I'm usually at work on all of them for years.
Nonfictionfilm.com: Finally, getting back to Zero Days, what is your hope for the film and the impact it might have?
AG: I hope a lot of people go see it. I think they'll enjoy it. It really is a thriller. And it was intended to play like that. But in terms of its impact I hope it will raise big questions about how dangerous this kind of relentless push toward over-classification has become, where so many secrets are kept that it's actually putting us at risk.
Matthew Carey is a documentary filmmaker and journalist. His work has appeared on CNN, CNN.com, TheWrap.com, NBCNews.com and Documentary.org.