Introduction to Cyberwar Threat (01:57)
See an overview of what this episode will explore in regards to recent cyber-attacks and how America can protect itself. (Credits)
Sayano-Shushenskaya Dam (03:55)
On August 17th, 2009, a massive explosion killed 75 people in the plant. Investigators worried it might be cyber sabotage. America races to protect infrastructure and the stock market while hackers anonymously threaten the country's security and economy.
National Security Administration (02:43)
In 2013, Edward Snowden released confidential documentation that described strategies to spy on citizens and plans to launch cyber-attacks. General Michael Hayden describes how the NSA could now go directly to the source of the information.
From Defensive to Offensive (01:14)
Today the NSA can launch attacks, steal information, and plan strategies. Hayden describes how the organization evolved during his tenure. After 9/11 President Bush asked him to prepare offensive weapons for cyberwar— the military created Cyber Command.
Site M (02:19)
New headquarters for the United States Cyber Command is being added on to the existing NSA complex — a $1.5 billion dollar data center is being built in Utah. Kim Zetter describes Stuxnet as the first act of cyber warfare. Eric Chien and Liam O'Murchu of Symantec spent six months studying the virus.
Hidden Programs (02:04)
Hackers hide malware among the programs normally required to run a computer. They trick users into installing the malicious software through email attachments.
Once the Document Is Opened (02:21)
Secret computer code runs on the individual's computer which can spy or interfere with its function. A keylogger documents all user names and passwords of an infected computer. Stuxnet took advantage of a zero-day exploit relating to thumb drives.
Programmable Logic Controller (02:15)
Symatec noticed the name of a German manufacturer (Siemens) and a model number hidden within the malware. PLCs run transportation, energy grids, chemical plants, and NASDEQ.
Purpose of Stuxnet (03:04)
Ralph Langner discovered that Stuxnet was not searching for all PLCs, but looking for a specific arrangement of devices. The computer code was targeting a nuclear enrichment facility in Natanz, Iran.
Hacking a Programmable Logic Controller (03:18)
Symantec mimicked controlling a PLC using Stuxnet computer code. Chien and O'Murchu realized that the virus intercepted the orders from scientists and manipulated the speed of the plant's centrifuges. Over 1,000 centrifuges broke in Natanz during a five month period.
First Real Cyber Sabotage (02:04)
Chien and O'Murchu realized the virus must have been created by a nation state with multiple departments working together. Hayden refuses to speculate who created Stuxnet. In June 2012 The New York Times asserted it was jointly created by the NSA and Israeli Intelligence.
New Type of Threat (02:30)
In retaliation for Stuxnet, Aramco was hit with a wiper virus destroying data on 30,000 targets. The five biggest banks in the United States were targeted; their homepages were removed.
Malicious Code in a Car (02:14)
Tadayoshi Kohno discovers security risks in everyday items. Watch a demonstration of his team installing malware into a car through the emergency calling feature and controlling it remotely.
Home Automation Systems (03:48)
Kohno and his team demonstrate gaining control of a home's security system. The crooks set up an "evil twin" network that mirrors a Wi-Fi network in a coffee shop. When the victim logs into the internet using the network, they steal password and log in information for the system and install a GPS tracer to locate the victim's address.
Internet of Everything (02:10)
In the age of 50 billion microprocessors, users must balance convenience and security. In 2007, Homeland Security tested whether a cyber-attack could destroy critical infrastructure.
Aurora Generator Test (03:12)
Homeland Security tested whether computer code could knock a generator offline. Engineers found both the mechanical and electrical systems compromised within the generator after the attack. A coordinated attack on nine power stations would critically hurt infrastructure and cause a major blackout.
Accidental Hit List of Critical Infrastructures (02:53)
In 2014, Homeland Security released its report on Aurora and included three maps that should have remained classified. Most utility companies refuse to discuss security systems out of fear of an attack. An anonymous source describes an encounter where a utility executive controlled a plant from his iPhone.
Public Perception of Infrastructure Safety (02:03)
Clarke explains that the government does not have a strategy in place for cyber-attacks because of policy, not capability. NSA's projects have code names like Treasure Map and Quantum Theory. Shane Harris explains that these programs allow organization to spread malware quickly throughout the world.
Good Offense or Good Defense? (02:01)
The NSA keeps the weaknesses they discover secret so hackers will not be aware of their methods. Edward Snowden explains that the United States needs to make the internet a safer place instead of launching its own cyber-attacks. The Chinese have stolen several terabytes of data about a US fighter plane in development.
Nation State Against Private Companies (03:48)
In 2014, the Guardians of Peace hacked Sony Pictures and threatened a 9/11 type attack if "The Interview" was released. James Comey, director of the Federal Bureau of Investigation, told reporters he knew it was North Korea. Clarke is confident that a cyberwar between nations will escalate into a conventional war.
Credits: Cyberwar Threat (01:11)
Credits: Cyberwar Threat
For additional digital leasing and purchase options contact a media consultant at 800-257-5126 (press option 3) or firstname.lastname@example.org.