Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:10,160 --> 00:00:12,280 [atmospheric music plays] 2 00:00:12,360 --> 00:00:16,080 [narrator] Codes and ciphers have been used to protect secrets 3 00:00:16,160 --> 00:00:18,840 from ancient times to modern day. 4 00:00:19,520 --> 00:00:21,960 Breaking these codes and ciphers 5 00:00:22,040 --> 00:00:25,680 is crucial spycraft for successful espionage. 6 00:00:26,200 --> 00:00:28,560 [man 1] And it gave us vital information 7 00:00:28,640 --> 00:00:31,400 that we needed, for example, around the D-Day invasions. 8 00:00:32,320 --> 00:00:34,040 [narrator] As codes are broken, 9 00:00:34,120 --> 00:00:37,320 more complex systems are developed to protect them. 10 00:00:38,400 --> 00:00:43,000 [man 1] They created 11 models of Colossus, 11 00:00:43,080 --> 00:00:46,440 which was the world's first electronic computer. 12 00:00:47,160 --> 00:00:50,960 [narrator] Nevertheless, advancements in technology come with risks. 13 00:00:52,240 --> 00:00:54,560 [man 2] But to go into the ones and zeros 14 00:00:54,640 --> 00:00:57,240 and discover a vulnerability you can exploit. 15 00:00:57,320 --> 00:01:00,480 -That's the next level. -[narrator] Next level technology 16 00:01:00,560 --> 00:01:04,440 seeks to override the safety measures of cryptography. 17 00:01:08,000 --> 00:01:09,800 [man 3] Unlike physical attacks, 18 00:01:09,880 --> 00:01:13,960 cyber-related attacks have a immediate impact. 19 00:01:15,640 --> 00:01:17,400 They don't need to send bombs. 20 00:01:18,360 --> 00:01:21,560 [suspenseful music playing] 21 00:01:21,640 --> 00:01:22,600 How bad can it get? 22 00:01:22,680 --> 00:01:25,600 I've used words catastrophic and existential. 23 00:01:25,680 --> 00:01:28,040 [narrator] As the threat intensifies, 24 00:01:28,120 --> 00:01:30,880 so does the job of the codebreaker. 25 00:01:31,400 --> 00:01:35,040 They always describe the espionage as a chess match. 26 00:01:35,120 --> 00:01:37,080 It's the same thing with electronics. 27 00:01:37,160 --> 00:01:40,320 [theme music] 28 00:02:09,080 --> 00:02:12,160 [narrator] Codes and ciphers have played an important role 29 00:02:12,280 --> 00:02:15,040 in keeping information private throughout history. 30 00:02:16,000 --> 00:02:19,320 What began with secret writings to hide information 31 00:02:19,400 --> 00:02:22,560 has progressed to electro-mechanical ciphers 32 00:02:22,640 --> 00:02:27,760 and then computers to send messages, and to decipher and break them. 33 00:02:28,400 --> 00:02:32,480 Today, cyber espionage is used by intelligence agencies 34 00:02:32,560 --> 00:02:34,520 and adversaries alike, 35 00:02:34,600 --> 00:02:39,120 and has proved a useful strategy in the collection or corruption of data, 36 00:02:39,640 --> 00:02:44,640 stealing technology and patents, disrupting critical infrastructures, 37 00:02:44,720 --> 00:02:48,360 and allowing for advanced warning of an enemy's attack. 38 00:02:48,960 --> 00:02:53,800 Every government in history has prized secrecy, 39 00:02:53,880 --> 00:02:57,560 and has understood the importance of being able to communicate 40 00:02:58,400 --> 00:03:02,080 among the leaders, and among their various embassies, 41 00:03:02,160 --> 00:03:05,840 in a way that could not be read by their opponents. 42 00:03:06,560 --> 00:03:09,600 [narrator] Codes and ciphers can be used to send messages 43 00:03:09,680 --> 00:03:11,880 that can be communicated secretly, 44 00:03:12,480 --> 00:03:14,760 but the two are often confused. 45 00:03:14,840 --> 00:03:17,360 [Melton] So if you use a code word, Geronimo, 46 00:03:17,440 --> 00:03:23,040 it may mean we successfully assassinated Osama Bin Laden. 47 00:03:24,560 --> 00:03:27,520 One word means many things. 48 00:03:27,600 --> 00:03:34,360 A cipher, in the contrast, is a particular type of code which usually means 49 00:03:34,440 --> 00:03:38,440 that letters had been transposed or interchanged, 50 00:03:39,000 --> 00:03:43,240 so that a message that had 550 characters 51 00:03:43,840 --> 00:03:46,280 may still again have 550 characters, 52 00:03:46,360 --> 00:03:48,560 but they've been arranged in a way 53 00:03:48,640 --> 00:03:51,800 that they're unreadable without the key to the cipher. 54 00:03:52,800 --> 00:03:55,320 Ciphers are a form of codes. 55 00:03:57,880 --> 00:03:59,440 Thomas Jefferson, 56 00:03:59,520 --> 00:04:02,400 one of the founding fathers of the United States, 57 00:04:02,480 --> 00:04:04,400 and a great statesman, 58 00:04:04,480 --> 00:04:07,480 realized the value of secret correspondence. 59 00:04:07,560 --> 00:04:09,240 And in his papers, 60 00:04:09,840 --> 00:04:15,440 were found the plans for a device we call the Jeffersonian cipher wheel. 61 00:04:19,560 --> 00:04:21,280 You had a rod, 62 00:04:21,360 --> 00:04:25,480 and you would assemble the disks in a certain order. 63 00:04:25,560 --> 00:04:26,920 Once they were assembled, 64 00:04:27,000 --> 00:04:30,560 you would adjust each disk when properly aligned, 65 00:04:30,640 --> 00:04:34,320 here were now the characters of your message. 66 00:04:34,400 --> 00:04:38,520 You would then arbitrarily pick a number, let's say ten. 67 00:04:38,600 --> 00:04:42,400 You would then go to the 10th row of letters above that, 68 00:04:42,480 --> 00:04:44,440 which'll just be gobbledygook, 69 00:04:44,520 --> 00:04:46,800 and you would write down those letters, 70 00:04:46,880 --> 00:04:50,520 and that is what you would send as your message. 71 00:04:51,120 --> 00:04:53,560 Now the person with the corresponding piece 72 00:04:53,640 --> 00:04:58,000 had to know the order in which the rotors would be assembled. 73 00:04:58,600 --> 00:05:03,880 And once they did that, they would simply align the letters, 74 00:05:03,960 --> 00:05:06,000 so you would read the gobbledygook, 75 00:05:06,080 --> 00:05:09,400 and then they would back off ten characters, 76 00:05:09,480 --> 00:05:11,520 and there would be the precise message. 77 00:05:14,080 --> 00:05:15,800 In fact, it was so clever 78 00:05:16,200 --> 00:05:19,040 that the U.S. government found this in his files, 79 00:05:19,640 --> 00:05:23,960 and in 1920, began producing these for the U.S. Army, 80 00:05:24,040 --> 00:05:27,840 and it was called the M94 Signal Device. 81 00:05:27,920 --> 00:05:30,560 And it was actively used in the U.S. military 82 00:05:30,640 --> 00:05:34,000 between 1920 and the beginning of World War II. 83 00:05:34,600 --> 00:05:36,400 [narrator] Back in Jefferson's time, 84 00:05:36,480 --> 00:05:39,400 ciphers and secret writings depended on algorithms 85 00:05:39,480 --> 00:05:41,320 created by the human mind. 86 00:05:42,280 --> 00:05:45,640 But between 1915 and 1924, 87 00:05:45,720 --> 00:05:48,800 things changed with the advent of a device 88 00:05:48,880 --> 00:05:51,480 called the Hebron Electric Rotor Machine. 89 00:05:51,560 --> 00:05:53,400 For the very first time, 90 00:05:53,480 --> 00:05:58,400 it was possible to produce a stream of ciphers 91 00:05:58,480 --> 00:06:01,800 created by an electromechanical rotor system 92 00:06:02,520 --> 00:06:06,520 that could not be solved by human minds alone. 93 00:06:07,080 --> 00:06:10,600 And it was the first of a series of rotor systems 94 00:06:10,680 --> 00:06:14,160 that would be used over the next 50 years 95 00:06:14,240 --> 00:06:16,600 that would change how ciphers were created. 96 00:06:17,560 --> 00:06:20,960 [narrator] In 1924, a man named Arthur Scherbius 97 00:06:21,040 --> 00:06:24,360 took the same basic concept and created what would be 98 00:06:24,440 --> 00:06:28,720 one of the most important cipher devices of the 20th century, 99 00:06:28,800 --> 00:06:31,360 the German Enigma cipher machine. 100 00:06:33,120 --> 00:06:35,040 And his idea was 101 00:06:35,120 --> 00:06:36,800 that each machine 102 00:06:38,200 --> 00:06:40,360 contained a series of rotors. 103 00:06:40,880 --> 00:06:43,880 Each rotor had 26 settings 104 00:06:44,400 --> 00:06:45,920 that could be changed, 105 00:06:46,520 --> 00:06:49,400 and in the front of the machine 106 00:06:49,480 --> 00:06:52,480 were a series of Stécker or cords 107 00:06:53,080 --> 00:06:55,680 that was a plug board arrangement. 108 00:06:56,320 --> 00:06:58,080 And the idea was, 109 00:06:58,160 --> 00:07:01,080 it would take two people to operate the Enigma. 110 00:07:01,680 --> 00:07:04,840 And the first person would take the clear text message 111 00:07:05,360 --> 00:07:08,040 and he would press the letter A, for example, 112 00:07:08,120 --> 00:07:10,240 if that's the first letter of the message. 113 00:07:11,040 --> 00:07:15,120 And the message would then go from that A, 114 00:07:15,200 --> 00:07:17,400 down to the plug board, and the plug board 115 00:07:17,480 --> 00:07:20,680 would route it to a different number or a different letter. 116 00:07:21,720 --> 00:07:24,360 That letter would in turn go to the first rotor, 117 00:07:24,440 --> 00:07:26,600 into one of 26 permutations. 118 00:07:27,280 --> 00:07:30,360 Then it would go into the second rotor, 26 permutations, 119 00:07:30,440 --> 00:07:34,480 the third rotor, 26 permutations, hit a reflector, 120 00:07:35,040 --> 00:07:38,800 come back times 26, times 26, times 26, 121 00:07:39,320 --> 00:07:40,720 come into the plug board, 122 00:07:41,360 --> 00:07:45,720 and then another light would be lit. 123 00:07:45,800 --> 00:07:51,240 When it had completed its 26 rotations, which was called a jumbo, 124 00:07:51,320 --> 00:07:53,800 then all of the rotors moved. 125 00:07:53,880 --> 00:07:57,560 And the combination of the complexity of this device 126 00:07:58,520 --> 00:08:01,440 was greater than human minds could decipher. 127 00:08:02,040 --> 00:08:04,760 And the advantages of it 128 00:08:04,840 --> 00:08:07,840 quickly were recognized by the German military. 129 00:08:07,920 --> 00:08:10,400 It was adopted in the early 1930s 130 00:08:10,480 --> 00:08:13,080 as the primary communication tool 131 00:08:13,160 --> 00:08:16,560 of the Wehrmacht, the German military, the Luftwaffe. 132 00:08:19,000 --> 00:08:21,520 [siren blaring] 133 00:08:22,160 --> 00:08:24,120 [explosions in distance] 134 00:08:25,160 --> 00:08:27,320 [narrator] The Enigma Machine played a crucial part 135 00:08:27,400 --> 00:08:31,680 in the communication among the Nazi forces during World War II. 136 00:08:33,560 --> 00:08:35,520 In the early 1930s, 137 00:08:35,600 --> 00:08:39,680 Polish codebreakers had developed a machine called the Bomba 138 00:08:39,760 --> 00:08:43,520 that had successfully deciphered some of the Enigma messages, 139 00:08:44,680 --> 00:08:48,600 but the Germans kept modifying it to make it more complex. 140 00:08:49,600 --> 00:08:53,200 The British and their allies were determined to break it, 141 00:08:53,280 --> 00:08:55,240 and in 1939, 142 00:08:55,320 --> 00:08:58,360 the British Government set up a code and cipher school 143 00:08:58,440 --> 00:09:02,640 known as Station X at Bletchley Park just outside of London. 144 00:09:06,200 --> 00:09:09,040 And it was built around the Bletchley Park Manor. 145 00:09:09,120 --> 00:09:11,520 That and a large number of huts. 146 00:09:12,120 --> 00:09:14,640 And the huts contained different groups 147 00:09:14,720 --> 00:09:17,400 which were attacking individual 148 00:09:18,840 --> 00:09:20,080 Enigma ciphers. 149 00:09:21,120 --> 00:09:24,080 [narrator] Every message transmitted by the Nazis 150 00:09:24,160 --> 00:09:26,480 went through British listening posts, 151 00:09:26,560 --> 00:09:29,320 which were copied down in their code groups 152 00:09:29,400 --> 00:09:33,720 and telegraphed to the secret army of codebreakers at Bletchley Park. 153 00:09:34,400 --> 00:09:39,440 The British described any intelligence gained from Enigma as Ultra 154 00:09:39,520 --> 00:09:41,360 and considered it top secret. 155 00:09:42,040 --> 00:09:46,000 [Melton] And it gave us vital information that we needed, for example, 156 00:09:46,080 --> 00:09:48,120 around the D-Day invasions. 157 00:09:48,200 --> 00:09:50,400 And it helped us understand 158 00:09:50,480 --> 00:09:53,920 the success of some of our deception operations 159 00:09:54,000 --> 00:09:59,240 and helped us to tweak them to try to confuse the Germans. 160 00:10:03,840 --> 00:10:06,640 [narrator] But the real game changer was Alan Turing, 161 00:10:06,720 --> 00:10:09,680 a 24-year-old mathematical genius. 162 00:10:14,040 --> 00:10:18,120 [Melton] Turing, during World War II, worked at Bletchley Park, 163 00:10:18,600 --> 00:10:21,080 the government code and cipher school, 164 00:10:21,160 --> 00:10:25,920 and spent his time attacking the German Enigma cipher. 165 00:10:26,520 --> 00:10:29,800 [narrator] Turing came up with the idea behind Colossus, 166 00:10:29,880 --> 00:10:33,840 a set of computers developed to help in cryptanalysis. 167 00:10:39,040 --> 00:10:44,480 During World War II, they created 11 models of Colossus, 168 00:10:45,240 --> 00:10:48,800 which was the world's first electronic computer. 169 00:10:48,880 --> 00:10:51,280 It was one of the great accomplishments of the war. 170 00:10:51,360 --> 00:10:56,120 Historians estimate that it shortened World War II 171 00:10:56,200 --> 00:10:58,640 by between two and four years. 172 00:10:58,720 --> 00:11:04,400 Turing, however, as brilliant as he was, had a very troubled personal life. 173 00:11:04,480 --> 00:11:08,480 He was a homosexual at a time that homosexuality 174 00:11:08,560 --> 00:11:11,960 was seen as a disability 175 00:11:12,040 --> 00:11:16,600 and seen as a vulnerability for recruitment by foreign spies. 176 00:11:16,680 --> 00:11:21,680 His security clearances were revoked in the early 1950s, and very sadly, 177 00:11:22,280 --> 00:11:26,760 he committed suicide by biting into a poisoned apple, 178 00:11:26,840 --> 00:11:29,360 and the world lost one of our great minds. 179 00:11:32,640 --> 00:11:37,240 It's very interesting today and probably only a coincidence, 180 00:11:37,960 --> 00:11:41,440 but if you look at the logo of Apple computer, 181 00:11:42,000 --> 00:11:45,760 you'll see an apple with a bite out of it, 182 00:11:46,320 --> 00:11:50,760 and though they disclaim any association with Alan Turing, 183 00:11:52,160 --> 00:11:54,080 it certainly seems, at one level, 184 00:11:54,160 --> 00:11:57,160 someone was paying homage to Turing 185 00:11:57,240 --> 00:12:01,320 and his role in creating the world's first electronic computer. 186 00:12:01,880 --> 00:12:08,040 [narrator] Enigma's settings offered 158 quintillion possible solutions, 187 00:12:08,120 --> 00:12:12,080 yet the Allies were eventually able to crack its code. 188 00:12:12,840 --> 00:12:17,480 Thanks to the advances made by Alan Turing and other codebreakers today, 189 00:12:17,560 --> 00:12:19,920 mathematicians and scientists 190 00:12:20,000 --> 00:12:23,280 are developing next level quantum computing. 191 00:12:23,360 --> 00:12:25,160 [Bigman] In terms of espionage collection, 192 00:12:25,240 --> 00:12:27,760 quantum computing just basically makes cryptography 193 00:12:28,720 --> 00:12:32,280 potentially more difficult, because now people say, 194 00:12:32,360 --> 00:12:36,600 "Well, you're using algorithms that are known to be breakable." 195 00:12:36,680 --> 00:12:38,520 Yeah, they're known to be breakable, 196 00:12:38,600 --> 00:12:40,880 but it's going to take you a long time to break them. 197 00:12:40,960 --> 00:12:43,760 The information at that point's perishable. 198 00:12:43,840 --> 00:12:47,160 Now we're talking a different game all together. 199 00:12:47,240 --> 00:12:49,840 So if all the encryption algorithms we're using 200 00:12:49,920 --> 00:12:51,680 can be broken by the opposition 201 00:12:51,760 --> 00:12:53,960 at the same speed you're actually using it, 202 00:12:54,040 --> 00:12:55,960 when you're decrypting it with the key 203 00:12:56,040 --> 00:12:58,360 and they're decrypting it with quantum computing, 204 00:12:58,440 --> 00:13:00,720 ugh, that gets a little difficult. 205 00:13:02,360 --> 00:13:04,200 [narrator] Modern computers, 206 00:13:04,280 --> 00:13:07,560 highly advanced versions of the ones used in Bletchley Park, 207 00:13:07,640 --> 00:13:10,240 now dominate the world of cryptology. 208 00:13:15,120 --> 00:13:19,200 In an age when billions of people, governments, and rogue states 209 00:13:19,280 --> 00:13:21,000 are digitally connected, 210 00:13:21,080 --> 00:13:23,800 today's scientists and hackers 211 00:13:23,880 --> 00:13:26,840 have discovered that it is possible to use malware 212 00:13:26,920 --> 00:13:29,480 to steal data off your digital device 213 00:13:29,560 --> 00:13:34,000 that completely evades the protections built with cryptography. 214 00:13:39,800 --> 00:13:43,520 Spyware is a software that can be planted 215 00:13:43,600 --> 00:13:48,040 by adversarial parties on your system. 216 00:13:48,120 --> 00:13:51,360 They have the ability to collect information. 217 00:13:51,440 --> 00:13:53,840 They can collect your passwords. 218 00:13:53,920 --> 00:13:56,800 They can record your conversations. 219 00:13:56,880 --> 00:14:02,320 If you are making webinar calls or phone calls using your computer, 220 00:14:02,400 --> 00:14:08,720 they can turn on your camera and record anything that you are doing. 221 00:14:08,800 --> 00:14:13,480 All these are part of the spyware activities. 222 00:14:14,200 --> 00:14:18,120 And that can be used against the person or against the government. 223 00:14:20,160 --> 00:14:25,800 Foreign entities can use this information about people 224 00:14:25,880 --> 00:14:31,280 who have clearances, for instance, can go and target those people. 225 00:14:34,280 --> 00:14:37,920 [Gosler] It's not just a normal level of technical sophistication 226 00:14:38,000 --> 00:14:40,080 that gives you this kind of capability, 227 00:14:40,160 --> 00:14:44,200 but to go into the micro-electronics, and go into the ones and zeros 228 00:14:44,280 --> 00:14:48,000 and discover a vulnerability within that system that you can exploit. 229 00:14:48,600 --> 00:14:49,520 That's next level. 230 00:14:57,520 --> 00:15:00,520 There are multiple definitions for cyber warfare, 231 00:15:01,160 --> 00:15:04,120 but they generally all come down to the same thing. 232 00:15:04,920 --> 00:15:07,720 It's using techniques 233 00:15:08,480 --> 00:15:11,000 to attack another country 234 00:15:11,520 --> 00:15:14,400 over an electronic or cyber means, 235 00:15:14,480 --> 00:15:18,480 without resulting to physical warfare, 236 00:15:18,560 --> 00:15:24,400 but you're still causing significant damage and harm to the target. 237 00:15:24,480 --> 00:15:27,120 [narrator] Between 2000 and 2003, 238 00:15:27,200 --> 00:15:30,880 a series of widespread cyberespionage attacks 239 00:15:30,960 --> 00:15:32,880 code-named Titan Rain 240 00:15:32,960 --> 00:15:36,680 were launched against the American defense infrastructure, 241 00:15:37,280 --> 00:15:43,320 targeting high-level organizations like NASA, Sandia, and Lockheed Martin. 242 00:15:44,040 --> 00:15:46,280 [Melton] The longest running attack 243 00:15:46,360 --> 00:15:49,200 against the United States has been Titan Rain, 244 00:15:49,960 --> 00:15:53,680 which targeted specifically at our intelligence services. 245 00:15:53,760 --> 00:15:57,240 [narrator] The cyberattacks extradited vital information, 246 00:15:57,320 --> 00:16:02,360 and left behind virtually undetectable beacons on compromised systems, 247 00:16:02,440 --> 00:16:05,040 allowing them to reenter at will. 248 00:16:05,120 --> 00:16:08,840 They averaged approximately 10-30 minutes per attack 249 00:16:09,440 --> 00:16:15,040 and transmitted to drop zones located in South Korea, Hong Kong, and Taiwan 250 00:16:15,120 --> 00:16:18,320 prior to forwarding the data on to mainland China. 251 00:16:19,640 --> 00:16:25,640 And it happens thousands and thousands of times a day, an hour, 252 00:16:25,720 --> 00:16:28,040 repeated attacks against our systems. 253 00:16:28,920 --> 00:16:30,440 And it's never let up. 254 00:16:31,760 --> 00:16:34,680 [narrator] Investigators discovered the cyber breaches 255 00:16:34,760 --> 00:16:38,840 were part of state sponsored cyber espionage attacks 256 00:16:38,920 --> 00:16:41,560 conducted by the People's Republic of China. 257 00:16:42,600 --> 00:16:48,080 Some of the information exfiltrated included aerospace documentation, 258 00:16:48,160 --> 00:16:50,160 schematics from the Mars Orbiter, 259 00:16:50,240 --> 00:16:54,760 and flight planning software used by the United States Air Force. 260 00:16:58,840 --> 00:17:03,640 Another dramatic act of espionage was discovered in 2010 261 00:17:03,720 --> 00:17:06,480 and involved a multi-nation cyberattack 262 00:17:06,560 --> 00:17:08,880 against Iran's nuclear program. 263 00:17:08,960 --> 00:17:10,960 It was called Stuxnet. 264 00:17:13,040 --> 00:17:15,360 [suspenseful music playing] 265 00:17:19,480 --> 00:17:20,880 [Melton] Stuxnet 266 00:17:21,800 --> 00:17:25,360 exists because it was written 267 00:17:25,880 --> 00:17:31,960 to attack the Siemens 7 operating system 268 00:17:32,040 --> 00:17:37,520 that ran in a Windows environment in the plants in Iran 269 00:17:37,600 --> 00:17:41,800 where they spun the centrifuges to enrich the uranium. 270 00:17:52,320 --> 00:17:55,880 [Bigman] The Stuxnet attack, which allegedly was done by combinations 271 00:17:55,960 --> 00:17:58,640 of Israel, the United States, western Europe, 272 00:17:58,720 --> 00:18:04,000 as time goes by, the population gets larger and larger of who was involved, 273 00:18:04,080 --> 00:18:07,280 attacked Iranian development nuclear production capabilities, 274 00:18:07,360 --> 00:18:09,840 and brought down various systems 275 00:18:09,920 --> 00:18:13,040 basically by being able to infect them with a virus. 276 00:18:13,120 --> 00:18:17,000 [narrator] Since the Iranian computer systems didn't connect to the internet, 277 00:18:17,080 --> 00:18:21,960 the Stuxnet virus had to be introduced into the operating system 278 00:18:22,040 --> 00:18:24,680 through other more clandestine means. 279 00:18:24,760 --> 00:18:27,480 I've heard remote maintenance access. 280 00:18:27,560 --> 00:18:31,120 I've heard the laptop, they walked in, connected the laptop. 281 00:18:31,200 --> 00:18:36,320 You know, every possible means will be postulated as an attack. 282 00:18:37,800 --> 00:18:39,440 [narrator] A popular theory 283 00:18:39,520 --> 00:18:43,080 is that the Stuxnet virus was introduced to the system 284 00:18:43,160 --> 00:18:48,320 through infected thumb drives placed around the  nuclear facility in Iran. 285 00:18:56,280 --> 00:18:59,440 If you had a very high-grade thumb drive, 286 00:18:59,520 --> 00:19:01,880 and you drop them selectively in parking lots 287 00:19:01,960 --> 00:19:05,440 or you dropped them from the air, or you somehow introduced them, 288 00:19:05,520 --> 00:19:08,680 someone's going to finally take and put that into the machine 289 00:19:08,760 --> 00:19:10,440 to see who it belongs to. 290 00:19:10,520 --> 00:19:14,400 And that's all it takes is one time to basically infect it. 291 00:19:14,480 --> 00:19:18,360 [narrator] The exact method of how the thumb drives were introduced 292 00:19:18,440 --> 00:19:19,920 has never been revealed, 293 00:19:20,440 --> 00:19:21,840 but the plan worked 294 00:19:21,920 --> 00:19:26,640 and Stuxnet penetrated Iran's operating system and attacked. 295 00:19:26,720 --> 00:19:33,160 [Melton] What the system did was, it went to the Siemens controller, 296 00:19:34,200 --> 00:19:38,240 and it sent a signal then to the operator 297 00:19:38,320 --> 00:19:42,360 who's manning the speed of the centrifuges that says, 298 00:19:42,880 --> 00:19:45,640 "This centrifuge is slowing down," 299 00:19:46,200 --> 00:19:50,080 which would mean the operator would want to turn up the speed 300 00:19:50,840 --> 00:19:52,280 to increase it working. 301 00:19:52,880 --> 00:19:54,880 But that was a fake signal. 302 00:19:54,960 --> 00:19:59,440 And the more he turned it up, the more it appeared to slow down. 303 00:19:59,520 --> 00:20:03,600 And so the operators kept turning up the speed of the centrifuges, 304 00:20:03,680 --> 00:20:05,280 and in effect, 305 00:20:05,360 --> 00:20:07,440 they tore themselves apart, 306 00:20:07,960 --> 00:20:12,080 and literally it destroyed a significant component 307 00:20:12,160 --> 00:20:15,120 of the Iranian system for enriching uranium. 308 00:20:16,080 --> 00:20:20,840 It was a very, very effective attack, 309 00:20:20,920 --> 00:20:24,840 and the world's probably a bit safer for a while longer because of it. 310 00:20:26,520 --> 00:20:28,880 [narrator] It's not only big government installations 311 00:20:28,960 --> 00:20:31,800 and organizations that are getting hit. 312 00:20:31,880 --> 00:20:36,280 Cyberattacks happen wherever there are loopholes or open ports 313 00:20:36,360 --> 00:20:38,160 that can be exploited, 314 00:20:38,240 --> 00:20:40,440 like our own personal devices. 315 00:20:41,360 --> 00:20:44,800 Today, every person carries with them a machine 316 00:20:44,880 --> 00:20:47,440 that's more powerful than Enigma, 317 00:20:47,520 --> 00:20:48,440 a cell phone. 318 00:20:48,520 --> 00:20:51,240 [dialing tones, line calling] 319 00:20:51,320 --> 00:20:55,200 So where you're at, you're usually carrying a cell phone with you. 320 00:20:55,280 --> 00:20:59,440 So all your positioning information, where you've been, where you're going, 321 00:20:59,520 --> 00:21:01,760 you know, 'cause you've got things in your calendar, 322 00:21:01,840 --> 00:21:04,440 you've sent messages to people, um… 323 00:21:04,960 --> 00:21:07,800 all that information, I'm not saying is being collected, 324 00:21:07,880 --> 00:21:10,080 but all that information can be collected. 325 00:21:10,160 --> 00:21:14,440 [Comeleguia] The modern smartphone as we know today, 326 00:21:14,520 --> 00:21:16,760 has evolved over the decade. 327 00:21:17,680 --> 00:21:22,200 The processing power embedded in these systems are immense. 328 00:21:22,280 --> 00:21:26,360 They have the ability to do cryptography on the fly 329 00:21:26,440 --> 00:21:28,080 as a part of the hardware. 330 00:21:28,160 --> 00:21:34,000 This adds significant benefits for individuals but, for adversaries, 331 00:21:34,080 --> 00:21:39,600 it allows them to capture a great deal of private information about you. 332 00:21:40,200 --> 00:21:44,800 [narrator] Not only are adversaries able to exploit information stolen from you, 333 00:21:45,320 --> 00:21:49,240 they can also benefit from some of the same applications. 334 00:21:49,320 --> 00:21:52,560 [tense music playing] 335 00:21:52,640 --> 00:21:56,400 In late November 2008, 336 00:21:57,440 --> 00:21:59,640 the Lashkar-e-Taiba, 337 00:22:00,680 --> 00:22:03,360 the Pakistani terrorist group, 338 00:22:03,440 --> 00:22:08,840 launched a sophisticated coordinated attack 339 00:22:09,520 --> 00:22:11,560 against the city of Mumbai. 340 00:22:13,200 --> 00:22:14,760 It was so effective 341 00:22:15,360 --> 00:22:21,120 that it's the first attack that used cell phones 342 00:22:21,920 --> 00:22:24,680 as weapons of mass disruption. 343 00:22:25,200 --> 00:22:29,000 [narrator] Ten individuals armed only with cell phones, small arms, 344 00:22:29,080 --> 00:22:31,960 and hand grenades were able to paralyze Mumbai, 345 00:22:32,040 --> 00:22:36,400 one of the largest cities in India, and capture the attention of the world. 346 00:22:37,120 --> 00:22:43,080 And it showed how useful cell phones can be 347 00:22:43,680 --> 00:22:47,680 to disrupt communications, to plan an attack. 348 00:22:49,160 --> 00:22:54,000 The Lashkar-e-Taiba layered 16 levels 349 00:22:54,080 --> 00:22:57,240 of commercial off-the-shelf technology, 350 00:22:58,200 --> 00:23:03,120 and enabled the terrorist to communicate secretly, 351 00:23:03,680 --> 00:23:10,240 and to be controlled in real time by their handlers back in Pakistan. 352 00:23:11,080 --> 00:23:15,840 In the same way that our U.S. military has the advanced technology 353 00:23:15,920 --> 00:23:20,720 that we can have cameras on a helmet, or can have an earphone, 354 00:23:20,800 --> 00:23:24,880 and you can talk to your command structure back thousands of miles away 355 00:23:25,600 --> 00:23:28,640 using only commercial technology, 356 00:23:29,440 --> 00:23:31,800 the terrorists were able to do the same thing 357 00:23:31,880 --> 00:23:34,640 from their control points in Pakistan. 358 00:23:35,320 --> 00:23:41,960 By swapping SIM cards, by swapping phones, by taking phones from victims, 359 00:23:42,040 --> 00:23:46,760 they were able to completely confuse, confound, 360 00:23:46,840 --> 00:23:49,080 and befuddle the Mumbai authorities. 361 00:23:49,160 --> 00:23:53,720 They had no idea how many people were attacking them. 362 00:23:53,800 --> 00:23:57,600 Estimates were, it was between one and 200 people. 363 00:23:57,680 --> 00:24:01,720 In reality, it was ten lone individuals. 364 00:24:02,760 --> 00:24:05,440 [narrator] Seven years after the Mumbai attacks, 365 00:24:05,960 --> 00:24:09,640 terrorist attacks on the cafés, soccer stadium, 366 00:24:09,720 --> 00:24:13,760 and Bataclan theater in Paris showed striking similarities. 367 00:24:13,840 --> 00:24:16,240 [sirens blaring] 368 00:24:16,320 --> 00:24:19,680 [Melton] It was all coordinated by a cell 369 00:24:20,760 --> 00:24:23,080 that was in Paris and in Brussels. 370 00:24:23,760 --> 00:24:26,240 And they had known each other for years. 371 00:24:27,000 --> 00:24:31,840 There was no advanced chatter detected on the internet, 372 00:24:32,760 --> 00:24:39,640 and they kept their communications point-to-point encryptioned, 373 00:24:39,720 --> 00:24:40,920 using systems 374 00:24:42,120 --> 00:24:44,840 that were encrypted the entire way, 375 00:24:44,920 --> 00:24:49,360 so there was no way to get any advanced warning of it. 376 00:24:49,440 --> 00:24:53,640 And it has to be the harbinger of future terrorist attacks. 377 00:24:54,240 --> 00:24:56,000 And it's frightening 378 00:24:56,880 --> 00:25:01,880 when we don't have the pre-attack chatter to help us be prepared. 379 00:25:07,360 --> 00:25:11,760 [narrator] As our society becomes more and more dependent on technology, 380 00:25:11,840 --> 00:25:15,360 we also become more vulnerable to potential attacks. 381 00:25:15,440 --> 00:25:18,200 [Comeleguia] As the cities evolve, they become smarter. 382 00:25:18,280 --> 00:25:23,960 Today, your phone has the ability to emit you are a pedestrian 383 00:25:24,480 --> 00:25:26,400 in a smart city environment. 384 00:25:26,480 --> 00:25:29,640 So when cars come too close to the pedestrians, 385 00:25:29,720 --> 00:25:33,680 the smart cars have the ability to break and avoid the accident. 386 00:25:33,760 --> 00:25:35,520 But at the same time, 387 00:25:35,600 --> 00:25:38,360 that information can reveal your identity. 388 00:25:38,960 --> 00:25:42,240 Adversaries can utilize that information 389 00:25:42,320 --> 00:25:48,320 and turn car into assassination device to attack a person. 390 00:25:48,400 --> 00:25:51,240 Instead of stopping, they can accelerate the car. 391 00:25:54,400 --> 00:25:59,160 [narrator] With billions of people online and every government sending out signals, 392 00:25:59,240 --> 00:26:03,440 the sheer scale of the codebreakers' job is mind boggling. 393 00:26:10,560 --> 00:26:14,640 As a result, ciphers have become increasingly complex. 394 00:26:15,200 --> 00:26:20,200 [Bigman] Chess… They always describe the espionage as a chess match, right? 395 00:26:20,280 --> 00:26:22,680 You move, we countermove, you move, we countermove. 396 00:26:22,760 --> 00:26:24,600 Same thing with electronics. 397 00:26:26,240 --> 00:26:30,520 [narrator] A hostile organization having access to detailed information 398 00:26:30,600 --> 00:26:33,760 about a person or government is frightening. 399 00:26:33,840 --> 00:26:37,920 But even more daunting are cyber assaults that have the potential 400 00:26:38,000 --> 00:26:40,800 to shut down a country's infrastructure. 401 00:26:40,880 --> 00:26:44,960 [Melton] The closest we've ever seen to a country being shut down 402 00:26:45,760 --> 00:26:47,880 was the Russian attack on Estonia. 403 00:26:48,680 --> 00:26:54,080 [Joyal] You have also the hacking community in Russia who are told, 404 00:26:54,880 --> 00:26:56,600 "You can steal as much as you want, 405 00:26:56,680 --> 00:26:59,360 but when the knock comes on the door in the middle of the night, 406 00:26:59,440 --> 00:27:01,640 we ask you to do something, you're gonna do it for us." 407 00:27:03,320 --> 00:27:04,680 [narrator] By all accounts, 408 00:27:04,760 --> 00:27:08,320 the knock on the door came for The Republic of Estonia, 409 00:27:08,400 --> 00:27:13,840 a tech-savvy nation of 1.3 million, in April of 2007. 410 00:27:18,200 --> 00:27:22,520 The Russians virtually attacked the infrastructure of Estonia. 411 00:27:22,600 --> 00:27:25,920 They shut down the newspapers, the broadcasts. 412 00:27:26,000 --> 00:27:29,120 They shut down Parliament. They shut down the ministries. 413 00:27:29,880 --> 00:27:33,280 ATMs stopped working. The internet didn't work. 414 00:27:33,360 --> 00:27:35,840 Their society was dependent on it. 415 00:27:37,760 --> 00:27:43,560 [Joyal] They basically shut down the e-conomy, electronic-based economy, 416 00:27:43,640 --> 00:27:45,000 for a period of time. 417 00:27:45,080 --> 00:27:50,320 They did not utilize their military or intelligence assets. 418 00:27:50,400 --> 00:27:52,480 They used the criminal underground 419 00:27:53,520 --> 00:27:59,040 as a… in this covert action that was obviously sanctioned by the government. 420 00:28:00,200 --> 00:28:01,920 [narrator] Cyberattacks on Estonia 421 00:28:02,000 --> 00:28:05,480 targeted websites of Estonian organizations, 422 00:28:05,560 --> 00:28:10,960 including the Parliament, banks, ministries, newspapers, and broadcasters. 423 00:28:11,800 --> 00:28:17,560 They used ping floods and botnets usually used for spam distribution. 424 00:28:18,480 --> 00:28:23,160 Estonia had just rebuilt, coming out of communism, 425 00:28:23,240 --> 00:28:24,920 so everything was relatively new. 426 00:28:25,000 --> 00:28:29,120 They had new infrastructure, but they were dependent on the internet. 427 00:28:29,200 --> 00:28:30,760 Everything was on the internet. 428 00:28:30,840 --> 00:28:37,120 Suddenly that goes down, and they're quickly thrown back decades almost into a, 429 00:28:37,200 --> 00:28:39,000 not the stone age, nothing worked. 430 00:28:39,080 --> 00:28:41,400 You couldn't draw money out. You couldn't get gasoline. 431 00:28:41,480 --> 00:28:42,680 You couldn't get food. 432 00:28:42,760 --> 00:28:44,720 Cities were very vulnerable. They taught that. 433 00:28:44,800 --> 00:28:48,560 The Russians have a very effective cyber warfare capability. 434 00:28:48,640 --> 00:28:52,520 [narrator] Estonia was one victim of cyber warfare by the Russians. 435 00:28:52,600 --> 00:28:54,960 Then in 2016 Crimea, 436 00:28:55,040 --> 00:28:59,840 a disputed territory under the control of the Russian federation became another. 437 00:28:59,920 --> 00:29:06,320 Then you see the culmination of all of this with the Crimea invasion 438 00:29:06,400 --> 00:29:11,600 in which we see the so-called hybrid warfare, 439 00:29:12,320 --> 00:29:15,280 little green men, electronic attacks. 440 00:29:15,360 --> 00:29:19,680 Some of the first targets of the Spetsnaz, 441 00:29:19,760 --> 00:29:23,480 special forces of the Russians working undercover in Crimea 442 00:29:23,560 --> 00:29:28,760 with a… telephone switching stations because they took over those 443 00:29:28,840 --> 00:29:34,280 and they started sending malware into the broader cell phone networks 444 00:29:34,360 --> 00:29:37,640 of Ukraine, 445 00:29:37,720 --> 00:29:40,640 shutting down the ability of legislatures 446 00:29:40,720 --> 00:29:43,920 to use their cell phones, or government officials. 447 00:29:44,440 --> 00:29:47,320 [narrator] Many believe Russia's attack on Crimea 448 00:29:47,400 --> 00:29:49,800 is only the beginning of what's to come. 449 00:29:50,440 --> 00:29:53,840 [Joyal] Today, the war that's going on in the Ukraine, 450 00:29:53,920 --> 00:29:57,160 this is the testing ground for electronic warfare, 451 00:29:57,240 --> 00:30:00,400 for information warfare, for hacking. 452 00:30:00,480 --> 00:30:03,800 They've used malware to shut down the electrical systems. 453 00:30:03,880 --> 00:30:05,600 This is a laboratory 454 00:30:06,280 --> 00:30:12,400 that they are using to perfect their science of new, 455 00:30:12,480 --> 00:30:15,760 integrated, or hybrid warfare. 456 00:30:17,840 --> 00:30:20,920 [Melton] Cyber warfare is a form of asymmetrical warfare, 457 00:30:21,680 --> 00:30:26,000 in that it enables a smaller actor with smart people 458 00:30:26,720 --> 00:30:29,960 to use a bunch of computers and an internet service, 459 00:30:30,040 --> 00:30:34,760 and essentially attack a much larger opponent very effectively. 460 00:30:34,840 --> 00:30:39,040 So at times, depending on the size of your country, 461 00:30:39,160 --> 00:30:42,120 it can be a very good response. 462 00:30:42,200 --> 00:30:46,000 North Korea, Pakistan, China, 463 00:30:46,880 --> 00:30:52,240 they have effective, very effective cyber warfare capabilities. 464 00:30:52,840 --> 00:30:56,440 So, many countries see it as very useful. 465 00:30:57,040 --> 00:31:01,360 Of course, the allies, the U.S., Great Britain, Canada, Australia, 466 00:31:01,440 --> 00:31:05,600 we have very effective cyber warfare capabilities ourselves. 467 00:31:06,600 --> 00:31:10,600 [Comeleguia] Unlike physical attacks, cyber-related attacks, 468 00:31:10,680 --> 00:31:13,520 because of the interconnected world, 469 00:31:14,440 --> 00:31:19,280 can have immediate impact on the performance of a city. 470 00:31:19,880 --> 00:31:23,120 So with attacks in critical infrastructure, 471 00:31:23,840 --> 00:31:29,960 cities can be disabled in a matter of minutes. 472 00:31:30,560 --> 00:31:32,200 They don't need to send bombs. 473 00:31:36,560 --> 00:31:39,840 [narrator] A city's critical infrastructure might include 474 00:31:39,920 --> 00:31:45,840 its power grid, water supply, communications, transportation systems, 475 00:31:45,920 --> 00:31:51,560 food supplies, financial services, and nuclear power plants. 476 00:31:51,640 --> 00:31:56,920 A cyberattack on one or more of these systems could render a city helpless, 477 00:31:57,000 --> 00:32:00,680 while a sustained attack could have devastating consequences. 478 00:32:01,280 --> 00:32:04,360 [Melton] If you stop ATM machines working, 479 00:32:05,000 --> 00:32:07,480 you stop gas going into a city 480 00:32:07,560 --> 00:32:10,720 and deliveries of food in every major city, 481 00:32:10,800 --> 00:32:16,120 within seven days it's expected you'll have full all-on riots. 482 00:32:16,200 --> 00:32:23,080 So the ability to launch a coordinated attack against our infrastructure 483 00:32:23,920 --> 00:32:26,720 could potentially be far worse than Pearl Harbor. 484 00:32:27,920 --> 00:32:30,920 [Gosler] One of the questions that I'm frequently asked is how bad can it get, 485 00:32:31,000 --> 00:32:34,680 and I've mentioned, I've used the words catastrophic and existential 486 00:32:34,760 --> 00:32:38,160 relative to the loss of everything 487 00:32:38,240 --> 00:32:41,800 electrical, computer, power, et cetera. 488 00:32:41,880 --> 00:32:44,920 [alarms blaring] 489 00:32:52,240 --> 00:32:56,280 There's no comms, there's no-- cars are not working, 490 00:32:56,360 --> 00:32:58,280 there's no power to the houses, 491 00:32:58,360 --> 00:33:02,960 that means refrigeration doesn't work, your cooking utensils don't work, 492 00:33:03,040 --> 00:33:04,760 nothing works, and no one knows why. 493 00:33:05,360 --> 00:33:07,960 Most everyone can survive a day or a few days 494 00:33:08,040 --> 00:33:10,800 based upon the supplies they have at home. 495 00:33:10,880 --> 00:33:14,000 When you start getting to a week it starts getting harder, 496 00:33:14,080 --> 00:33:16,800 especially, you know, there's no running water, right? 497 00:33:17,640 --> 00:33:19,920 Very low likelihood that this would happen, 498 00:33:20,000 --> 00:33:23,920 but low likelihood catastrophic impact that's worth thinking about, 499 00:33:24,000 --> 00:33:26,120 so I would recommend that everyone do that. 500 00:33:28,360 --> 00:33:30,960 [Bigman] Anytime now something happens in the world, 501 00:33:31,040 --> 00:33:34,760 you know, an airplane loses power in mid-air, 502 00:33:34,840 --> 00:33:38,600 or something happens to a communications network, 503 00:33:38,680 --> 00:33:42,080 God forbid a local ISP goes down for five seconds, 504 00:33:42,160 --> 00:33:44,760 somebody will be writing, "Oh, this is a potential-- 505 00:33:44,840 --> 00:33:47,600 possibly a hack from Iran." 506 00:33:47,680 --> 00:33:49,440 Well, I don't think so. 507 00:33:49,520 --> 00:33:53,200 You know, these networks are, believe me, are-- 508 00:33:53,280 --> 00:33:55,240 they have some degree of reliability, 509 00:33:55,320 --> 00:34:01,720 but they're sensitive to perturbations of their infrastructure, so… 510 00:34:01,800 --> 00:34:04,920 and lots of moving pieces and things do go wrong. 511 00:34:06,160 --> 00:34:09,160 [Joyal] First of all, the future is here. The future is here. 512 00:34:09,240 --> 00:34:12,720 This is going on, and this is a challenge the U.S. has. 513 00:34:12,800 --> 00:34:16,040 We got out of the business years ago 514 00:34:17,960 --> 00:34:19,320 in electronic warfare, 515 00:34:19,400 --> 00:34:22,080 because we did not believe at the end of the Cold War, 516 00:34:22,160 --> 00:34:24,520 that we would face Russia as a… 517 00:34:25,200 --> 00:34:28,560 in a conventional military setting in Europe. 518 00:34:29,440 --> 00:34:32,520 Now, that has all changed. We have to be concerned about that. 519 00:34:35,000 --> 00:34:36,720 [Gosler] You basically have to deter it. 520 00:34:36,800 --> 00:34:39,320 You can't defend against it, so if you're a target, 521 00:34:39,400 --> 00:34:44,000 if you would be a target of interest of Russia today, or China today, they win. 522 00:34:44,080 --> 00:34:44,920 You lose. 523 00:34:46,600 --> 00:34:48,280 It's best not to be their target. 524 00:34:48,920 --> 00:34:55,440 [Melton] Codes and ciphers are essential for businesses to survive and exist, 525 00:34:55,520 --> 00:34:59,520 for money to be transferred, for our economy to work. 526 00:34:59,600 --> 00:35:01,320 What we're struggling with is, 527 00:35:01,920 --> 00:35:06,600 how do we see that it's available for good use, 528 00:35:07,200 --> 00:35:10,360 but don't have it available so that the bad guys 529 00:35:10,440 --> 00:35:12,760 can exploit it and do bad things? 530 00:35:13,320 --> 00:35:15,920 And we haven't solved that question yet. 531 00:35:16,000 --> 00:35:19,640 [atmospheric music playing] 46080