Zero Days

Stuxnet was malware that flashed around the world via Microsoft computers, triggering arbitrary BSODs and random reboots. In 2010 cybersecurity firms captured and began analyzing the worm. Stuxnet (name derived from merging two random lines in the code) had digital certificates. Digital certificates require biometrics (human identification) and pass codes. But Stuxnet could attain access without that. It ominously coded multiple zero days exploit. Symantec's investigators see maybe one a year, looking at thousands of lines of code. Stuxnet had four. As we learn in the documentary, it also had undoubtedly stolen product identity codes for PLCs (programmable logic controls) from Siemens. Where were these PLCs? Installed on centrifuges at Natanz, an Iranian nuclear site. And the game's afoot. Whose program? To what purpose? Gibney does an excellent job of gearing us up for the technowizardry with hunter/seekers Eric Chien and Liam O'Munchu (Symantec) as geek guides to the nation-state business of cyber espionage and, as General Michael Hayden, former CIA and NSA director calls it, the "hideously classified" world of cyber weaponry. We meet the journalists, bench players and sideline government officialdom who were not a part of, or even aware of, Stuxnet. The documentary is a mild, entertaining but serious call to start a dialogue about cyber weapons and deployment of same. How do countries begin to arbitrate treaties regarding use of life-threatening coding? Filmed well, the effects shrouding the unnamed informant are great viewing. The on-camera personnel are well-chosen, entertaining and as informative as they're able to be. There are enough tech buzzwords to keep nontechs like me interested, and enough about how dangerous coding with a mission to DISRUPT DEGRADE DESTROY can be for those of us who count on critical infrastructure systems.