Posts

JAWv7Grt17

We Interrupt Our Movie Coverage for Wikileaks “Zero Year” & Recall Gibney’s ZERO DAYS

by Quendrith Johnson, Los Angeles Correspondent

“Hello World,” is usually a newbie’s first line of code in programming, but as of Wikileaks Vault 7 data dump about CIA covert hacking on Mar. 7, followed by Julian Assange’s “Press Conference” on Mar. 9, the whole world is actually reeling, as in the wake-up call: Hello World!

But fear not, leave it to the much-maligned Entertainment Journalists to tread where no investigative reporter dares to go.JAWv7Om17
Later on, the actual self-conducted Q & A that Julian Assange held via video press conference is included in a very compelling transcript form. Glean from that what you will, it’s like the ultimate star hacker interview.

For now, when you look at Vault 7 in relation to the July 8 release of Alex Gibney’s documentary ZERO DAYS about the Stuxnet virus, it all makes sense. You can read this later, linked here, but for now just stare hard at the self-released description by tricky Wikileaks itself.

Ready? Wikileaks Vault 7 is “The first full part of the series. ‘Year Zero,’ comprises 8,761 documents and files from an [undisclosed internal server at Langley, CIA HQ]. ‘Year Zero’ introduces the scope and direction of the CIA’s global covert” cyber weapons exploits. Zero Days, Year Zero, hmm.ZeroDaysPoster16
Located on the interwebs at https:// wikileaks.org/ciav7p1/ (which is not linked live here for security reasons and not to endorse Wikileaks), Year Zero alone says quite a lot.

So let’s have some fun with it. One reporting agency had a pundit on who sarcastically commended the CIA hacking team on its excellent choice of code names, such as UMBRAGE, whereby the CIA pretends to be other hacking entities by mimicking their stolen code. But they entirely missed out on Year Zero subtext.

Meaning, the bromance between comic nerds and hackers is writ large here. First, for nerd cred, “Year Zero” is also “an alternate reality game (ARG) based on the Nine Inch Nails concept album of the same name.” These internal hackers are toying with us.

As in, how about with an alternative reality game reference twist that is a clue to a shadow alternative government or deep state? But wait, there’s more. “Zero Year” is also “a year-long comic book crossover event published by DC Comics that began in June 2013 and ended in July 2014, featuring the superhero Batman.” Which is the Vault 7, Part One, start date Assange mentions, being 2013.

DC Comics describes this as “The second arc of BATMAN: ZERO YEAR is collected as the New 52 origin of The Dark Knight delves into Bruce Wayne’s past with the Red Hood Gang and his run-ins with aspiring District Attorney Harvey Dent! You won’t want to miss the moment that Bruce becomes Batman! [BATMAN #21-24].”

Red Hood Gang is so close to a hoodie reference, specifically Edward Snowden’s red hoodie he wears in CITIZENFOUR to shield himself while on the interwebs. Not to mention that if Bruce Wayne as Batman goes up against the DA, District Attorney, being the Gotham government, well isn’t that analogous to the CIA defying the actual government with their new cyber hacking superpowers?SnowCit417

Hey, if the Right Wing can have its conspiracy theories, there’s the extent of a comic book conspiracy. InfoWars and those YouTube conspiracy theorists only wish they’d seen these parallels.
Back to reality, or in Wikileaks version of reality, Year Zero must mean a year of undetectable cyber exploits by the CIA, which are now hit hard by daylight.  While the revelations may shock many around the world, Alex Gibney, the documentary filmmaker behind the Eliot Spitzer expose, already bumped up against this internet leviathan, this covert sea monster of cyber space, by landing actual ex-CIA and NSA officials on the record in his documentary about the Stuxnet virus at the center of ZERO DAYS. CIA’s brave Gen. Michael Hayden even uses his actual identity as he hints at an internecine war between spy agencies in ZERO DAYS.

Stuxnet is described in the movie as a “self-replicating computer malware (known as a ‘worm’ for its ability to burrow from computer to computer on its own) that the US and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately [mutated] and spread beyond its intended target.”

Pay close attention to that “computer to computer” line, because Julian Assange will refer to an “air-gap” later, and you need to know what that is to understand the ramifications of this new class of weaponzied programs. Air-gap jumpers mean the virus can literally jump without a wire, through the ether to infect nearby computers, thus a potentially endless domino effect of digital disaster.AlexGibney16
Filmmaker Alex Gibney basically told the world about what was to come in Wikileaks Vault 7 when he categorically stated for ZERO DAYS, the following: “I started out making a small film investigating ‘Stuxnet…’ What I discovered was a massive clandestine operation involving the CIA, the NSA, the US Military and Israel’s intelligence agency Mossad to build and launch secret cyber ‘bombs’ that could plunge the world into a devastating series of… attacks on critical infrastructure, shutting down electricity… this science fiction scenario…”
And it was only Oscar short-listed for 2017, even though, pyrrhic victory, it is now vindicated as a real contender.2016-06-28 11.17.02
Symantec anti-virus whiz Eric Chien, who is in ZERO DAYS, said “when you have black motorcycles, wearing all black following you, behind you, you start to wonder.”

On why Stuxnet wasn’t part of the Snowden leak, he casually mentioned “Edward Snowden didn’t leak this because those files are stored on a different server.” Unbelievably important information, now backed up by Wikileaks Vault 7, and Julian Assange himself.
Speaking of the white-haired, self-conflicted, quasi-programming wizard from Oz, Australian-born Assange speaks here in his own words. Granted, some of his Britishisms have been converted to American English (i.e.; favour to favor).

This is the Mar. 9, transcript, presented in its entirety (typos and all), so as to honor the tradition of unedited versions, that Wikileaks trademark.

Assange tends to be long-winded and overuses the word “problematic” as a euphemism for all hell breaking loose, but it’s worth a read to draw your own conclusions about the Vault 7 data dump that is literally as important as a big budget Hollywood release in its footprint in the media.JAWv7Grt17
(Note the linked ZERO DAYS article at the end, which includes a complete 101 download on hacking terms.)

JULIAN ASSANGE INTERVIEWS HIMSELF, STREAMING ON VAULT 7

JULIAN ASSANGE: We now need a digital Geneva convention that will commit governments to protecting civilians from nation-state attacks in times of peace and just as the Fourth Geneva Convention recognize that the protection of civilians require the active involvement of the Red Cross – protection against nation-state cyber-attacks requires the active assistance of technology companies and companies like Wikileaks which can provide information about these attacks.
The tech-sector plays a unique role as the internets first responders and we therefore should commit ourselves to collective action which will make the internet a safer place affirming a role our role as a neutral digital Switzerland that assists people all over the world to be secure.

So now I will go on to some questions, first of all I confess this is one from me.

Q: Does Wikileaks have a position on this sort of material?

Well Wikileaks has a position on publishing in general – we fight for the rights of publishers to publish, we fight for the rights of sources to be protected and we fight for media accuracy.

Having obtained a perfect record in the last 10 years it’s one of our comparative advantages, but otherwise we don’t have a position on particular issues that we’re publishing about but in this case we do have a position.

We have a position because these types outside the weapons are used to attack the communication technology the journalists use to communicate with their sources and with each other. The sorts of technology that investigative reporters reporting on the national security sector reporting on war crimes use to communicate their information within their media organization and back-and-forth with their sources.

For example the New York Times has put up a tip line – it is based upon the signal protocol.

Now Signals a good encryption system for mobile smart phones, now what’s the problem – well if you control the smart phones it doesn’t matter how good the encryption system is. So signal and telegram from that perspective can simply be bypassed by attacking the endpoints, attacking one of the telephones belonging to the source or one of the telephones belonging to the journalist.

And the New York Times has a central tip-line – one phone that all of its tips go to for the signal protocol and of course that phone can be hacked it doesn’t matter what the security system is, as a result you see the numbers coming into the coming into it and you see the messages exchanged.

So Wikileaks does have a position – we want to secure communications technology because without secure communications technology journalists are not able to effectively hold the state to account.

WikiLeaks protections for its sources, are they affected by this?

No they’re not affected not directly – why is that well because we’re specialists in this area, we’re specialists in source protection and I’ve known in general about this type of problem for a long time. So our systems are developed to not be exposed and not based on smart phones for example we have specialised cryptography that is not susceptible to these types of attacks. On the other hand are our lawyers susceptible to these types of attacks ? Yes they are – a lot of
them are susceptible to these types of attacks. Are our key security security staff ? No because we understand that, but we want to protect all our staff and the rights of journalists and sources to communicate effectively.

Ok so that’s my question now I’ll go onto the others – the question from CNN:

Q: As long as these are overseas targets isn’t it legal for the CIA to do this?

Well first of all I’d just like to .. It’s a legally important question in the United States but there are many questions that might be asked by CNN, and one that seems to defend the interests of the CIA I think is a bit problematic* to have been the first question to be asked.

Well the answer is this – unfortunately the CIA does have a history of attacking not only the political parties operating overseas we just published how the central intelligence agency issued instructions to its staff to penetrate the last French election cycle in 2012, the last French presidential election.

It has a habit of behaving badly inside the United States as well.

That’s an extensive habit going on for years. Most recently in 2014 the CIA was denounced by the US Senate Intelligence Committee because it had hacked their investigation in Congress into the CIA torture program and had used its hackers to retrieve documents that the Senate Intelligence Committee had evidencing what the Central Intelligence Agency did in terms of torture.

Why did it do that ? I mean it’s given various excuses, the answer probably is because it perceived that information would be a threat to itself as an institution. That’s how institutions behave especially intelligence institution – the CIA is the largest intelligence agency in the world by budgetary expenditure and of course it wants to maximize its own institutional power.

And key individuals also want to defend their programs or increase their roles, get themselves into a position where they can cash out and go to work for defense contractors.

What about WikiLeaks material in the first part of Vault 7 – does it demonstrate the CIA attacking targets within the United States ? That’s an interesting question the answer is not known.

There are more than 22,000 IP addresses that we have detected, internet addresses that correspond to computer systems within the United States.

Now one of the large research programs projects we have underway is to discover:

How many of those systems are attack systems that are used to relay and pass attacks from the CIA out into the rest of the world. How many of those intermediary victims – that is say an internet service provider which is hacked in order to create an attack somewhere else overseas. How many are direct victims. How many corresponding to say a visitor to the United States from a foreign country. How many correspond to joint operations between the CIA and the FBI, with the CIA providing technical support . It’s a complex question that is not resolved but there are more than 22,000 IP addresses corresponding to CIA activities in the United States.

Q: Is there proof that the CIA are involving in an internal struggle [vs NSA] – leaking as opposed to something else?

Well we can’t we can’t comment directly on sourcing. As someone who’s studied the behaviour for many years of intelligence agencies in different countries it is an unusual time in the United States to see an intelligence agency so prominently involved in domestic politics.

Now it’s a level of principle that’s quite problematic , there are arguments on the other side that obviously – if there’s an extreme government then perhaps it does call for illegal behaviour by an intelligence agency. We don’t have an opinion on whether that is the case yet or not the United States.

Wikileaks is intellectually intrigued to see this conflict occurring because it does tend to generate whistleblowers and sources on both sides of the equation.

Q: What are the implications for journalists and sources?

I explained previously these types of the technology are used to penetrate the computers and phones that journalists used to communicate with each other and communicate and protect their sources. I think that’s an incredible problem.

In response to the Edward Snowden disclosures and some others much more encryption has been used by individual companies specializing in it like with Whisper Systems, like Telegram but also included into Apple and Microsoft and other products so that is fairly effective at hindering bulk interception, which is what the national security agency’s been doing. Passively taking all the information say that flows from Latin America to North America or from North America to Europe.

But in response the Central Intelligence Agency at least has diversified to specialise on attacking the endpoints prior to encryption occurring or after decryption occurring. And say okay but that at least means that they have to engage in target in attacks which is more more expensive and might have more of an audit trail – that’s true but we have exposed the particular section of the central intelligence agency called the automated implant branch.

So that is not just to develop viruses and other attacks to put into people’s computer systems to facilitate a CIA hacker in doing that but also to automate how that is done.
So you can you can see that between an individual targeted attack which is direct and invasive and massive passive bulk interception the intermediary point which is the increasing automation of targeted attacks. Their automated enough they start to approach the level of bulk capacity intersection we’re not there yet for most countries but we are shifting significantly away from one CIA officer directing one hacker who attacks one target.
Rather we’re seeing systems developed and whole branches of the Central Intelligence Agency to automate attacks and infestations of CIA malware into targets.

Q: How do these practices by the CIA impact on members of the general public?

With android phones, iPhones, Samsung TVs etc, well in a number of ways. So you might think as a member of a kind of average person well is the CIA interested in you? We have this problem that increasing automation of these attacks means that the interest may not have to be that high.
You might be you might know someone who knows someone who say works for the French government will be the target of such an attack because they’re involved in decision-making about large French exports, and we published a previous document showing how the ODNI – that’s the oversight body for all intelligence agencies instructed the CIA to try and get hold of every single French contract valued at over 200 million dollars.
Similarly in the information we revealed about CIA attacks on the French political parties there was two instructions to try and determine where the French political parties will try and go for a more German oriented economic policy of increasing exports. Now really what’s going on is that the Central Intelligence Agency and the ODNI through who they tend to be involved in contracting is close to organizations say like Boeing and then wants to assist Boeing in unfair competition say against Airbus which the French have a stake in.

Q: About redaction, WikiLeaks has often stated they only redact in exceptional cases [i.e.; what is the policy]?

Well there’s been a lot of false reportage about what our redaction policy is. Our redaction policy is essentially the same as the Freedom of Information Act which is – we don’t react unless there are important ground to do so and then we only do so for a limited period of time until those important grounds have elapsed.
In this particular case we redacted some 78,000 pieces of information for Vault 7 part 1. That information corresponds as i said before to IP address of targets and attack machines. Well why did we redact that – well because we want to investigate which ones are targets, which ones are attacking scenes which ones were victims that were attacked to get a place hold to make another attack and if we publish them all immediately it’ll be harder to create that investigation.

Q: What is the time period that these publications relate to?

The time period is 2013 to 2016 for the part 1 publication be published on Tuesday. Other material in Vault 7 is also recent and there is some old material. Interestingly one of the key systems, attack systems developed by the Central Intelligence Agency which affects multiple computer types at once it’s called HIVE and if you look carefully you’ll see that in our publications on Tuesday there’s a reference to HIVE being first started more than a decade ago.
So the CIA has been involved in this for quite a long period of time gradually expanding its capacity as it managed to get budgetary and political pre-eminence over its chief bureaucratic and budgetary rival the National Security Agency. That’s a very interesting story about the conflict between these two rival agencies over time.
The CIA budget used to be smaller than the national security budget and it’s now something like 1.5 times the size of national security budget, as a result the CIA has been able to build its own drone air force and massively expand its hacking operation so it doesn’t need to ask the National Security Agency for favors.
And of course if you also want a favor a favor can be asked back but also a lot of the operations of the CIA conducts are a bit questionable for example that operation conducted against the Senate Intelligence Committee. Now if the CIA had no capacity that it would have had to ask National Security Agency to provide it with hackers to help it attack and try and take those documents off Dianne Feinstein and her staff.
Now it wasn’t able to, didn’t need to disclose that to the National Security Agency because it has the capacity to do it itself and the National Security Agency having been in the media so prominently especially after it’s complications in 2013 , has far more oversight and accountability for its digital operations then the Central Intelligence Agency does. It’s a real question whether in practice there can be meaningful oversight.
I don’t think there can be – I think it’s an illusion that there can be meaningful oversight although one has to try because you can’t leave a regulatory ground unoccupied because it it will simply, the bureaucratic organization will expand into that regulatory ground and occupy it.

Q: So why can’t the CIA hacking operations be effectively regulated?

Well they’re done in secret, its arcane complex technology and look what has happened with the CIA – loss of control over it’s entire cyber weapons arsenal.
So if the CIA which is certainly, it’s highly motivated to try and keep control of it – if it can’t even control its entire cyber weapons arsenal because information can flow without oversight – then what is the chance that it can control how that Arsenal is used ? It can’t, there’s absolutely nothing to stop a random CIA officer or contractor or liaison agent working for the British using that technology against whoever they like whatever personal reasons they like.
The technology is designed to be unaccountable, it’s designed to be untraceable, it’s designed to hide itself, it’s designed to to remove traces of its activity, it’s designed to throw off people looking to see where there are fingerprints that might demonstrate who authored that technology.
And that is done by collecting viruses and malware from mafia and various groups in other states and assembling them, that’s something that we published that there’s a whole section of the CIA working something called umbrage which is designed to do that. And we have quite a lot more material that talks about these attempts to throw off authenticated, sorry to throw off attribution to discover who was really behind a particular cyber attack.

Already an antivirus expert has come forward to say that a sophisticated malware that he had attributed to a state either Iran or China or Russia now he believes actually is from Central Intelligence Agency, because the type of attack system that uses corresponds directly to a description that we published of an attack system and it’s rare enough that it seems unlikely it would be independently discovered discovered.

Unless of course that China has already gotten hold of these parts of the CIA arsenal and that China is using them to pretend to be the CIA.

Q: is the CIA causing commercial damage to companies through these practices?

Yes – potentially billions of dollars of damage because if say you’re in China which is now the world’s largest economy and you run a company and you want to equip all your employees with particular phones or particular computers – do you trust that if you go and buy a dell computer or computer running Microsoft or Apple phone can you trust that it’s not vulnerable to these CIA attacks ?
Well because Apple and Dell and so on are all based in the United States where it’s understood that the u.s. government is breaching previous promises that is made which is to tell us industry about these vulnerabilities – then it starts to look like that the u.s. government and US industry is in cahoots and then you can’t trust any exports from United States.
So one report just at the time of Edward Snowden’s revelations suggested that practice by the National Security Agency of imperiling US industry would cost 40 billion dollars in exports, so this sort of behavior by the Central Intelligence Agency undermining those commitments by the Barrack Obama administration to tell US technology companies about vulnerabilities before they were exploited by foreign intelligence agencies or by cyber Mafia – that breach of promise decreases trust both in the US government but also in US exports.

Q: How do these publications shed light on the ability of the CIA to penetrate high security networks not connected to the internet?

Important question – they’re called air-gapped network so if your worried about being attacked over the internet make your machines internet disconnected that’s what most police network do for example or networks that are inside companies say like Boeing, they disconnect the network so that hackers they think can’t attack them – but the CIA has created a number of viruses one for example called HammerDrill which are air gap jumping virus.
So they sit on a computer waiting – this particular one HammerDrill sits on a computer, windows computer waiting until someone goes to burn a cd-rom, put software on a cd-rom and it jumps onto the cd-rom and infects the executable programs that you put on the cd-rom so they want to go somewhere else it then affects the other computer and starts a channel.
There’s a number of at least 30 different types of malware that the CIA has created to try and do that, some that are designed for CIA hackers and CIA agents to say pretend to go somewhere and pretend to give a presentation or use VLC a video player to play a video to give a presentation, meanwhile behind the scenes the video presentation software and it’s trojanised version of VLC goes into the computers that it’s plugged into – surveys them, infects them and ransacks the material and brings it back.
If you invite someone into your company or government department to give a presentation they put this into the presentation computer and now its infected. Similar to play a video and it’s infected, many other different things. One is even a virus scanner someone is pretending to be a computer security consultant to remove viruses from an organization and in fact the virus checking program is the CIA virus that is used to infest the rest of the computer network and retrieve information.JAWv7l17

Q: Among the list of possible targets are there any references to extremists or transnational criminals?

Not in the material that we published on Tuesday [Mar. 7] – Vault 7 part 1. No. It’s conspicuous, there’s there’s no reference to terrorism theres no reference to extremists, there are references to many other target types for example liaison agents so Allied intelligence agencies that speak to the central intelligence agency.
And the CIA has developed a menu of frequent attacks include attacking the liaison officers coming only from QCHQ or the DGSE which is a French intelligence agency who think that they are cooperating with the CIA but really the CIA is infesting the liaison agent. So they’re all there in a menu called “fine dining” it’s a list which literally describes itself as a menu of frequent attacks and attack types that is given to CIA case officers and they say yeah I want to attack and infest some agent that I control, a liaison, someone working for a foreign government department etc.
What is not there is any reference to terrorists any reference to extremists and that actually shouldn’t be a surprise to anyone , no one no one who studies the intelligence world it shouldn’t surprise them because even if you just look at the budgets that came out in 2013 to the US intelligence black-budget you don’t see anything like the majority of the body going towards extremism even though they are very strong political reasons to try and catch any operation in counter terrorism and counter extremism to get more money despite that political pressure.

Something like a third of the US the entire US intelligence budgets is described as countering various forms of extremism and the overwhelming majority is not but particularly for the CIA the vast majority of the expenditure and attack types are geopolitical. They’re about, you know similar to the information revealed about the attacking of the French election cycle – understanding who could be pals with the CIA , who could you know help out the institution in one way or another so for example spy on Airbus, that information you then pass to the US Chamber of Commerce among others which is listed in the material and US Chamber of Commerce and then adjust what is doing in order to that is Boeing and these companies are closely connected to each other.
It’s not even about what is the policy that can help us industry the most, boost US economy the most, it it’s about which elements of the US economy and or related intelligence organizations in the United States and outside the United States are best able to ask for favors because they have proximity – they have interpersonal proximity or they have institutional proximity.

Q: About the story that’s in the press with possible hacking monitoring of President Donald [Trump] and his team, do these revelation shed any light on what is possible in this regard?

Well that there were earlier Press reports that the Trump cabinet has been using a encryption system called confide where the messages disappear quite quickly it’s sort of like an extra encrypted version of snapchat. Well it doesn’t matter it’s on smartphones the software attacks smartphones, doesn’t matter what encryption you’re running on telegram or signal or confide if you can bypass that encryption you can turn on the microphones, it can monitor movements, it can activate the camera to look at photos that have been taken.

Has the CIA done that ? This material doesn’t comment on whether it has done that to the president Trump.

I suppose a question that is of interest, because there was a lot of press – there were numerous Press reports from New York Times, The Washington Post and some in Politico that people close to Donald Trump had been monitored in a counterintelligence activity. Possibly by some parts of the US government, possibly by the FBI, FBI had been mentioned, NSA had been mentioned – on the other hand it seems that many of the leaks to the media are coming from the Central Intelligence Agency based upon how they’re described.
There are a number of collaborations that are evidenced by the material that we publish between the FBI and CIA and the National Security Agency and CIA so I think there’s a real question whether that technology is being used or has been used in these types of investigations – that is a separate tech question to whether CIA officers have been pressing the button on that technology.
What is often done in the commercial industry, the commercial spying industry – if you’re in the commercial industry you can be prosecuted for hacking someone – so what happens in the commercial industry and we did a big publication we of Hacking Team where we published more than more than million emails from an Italian computer hacking contractor called Hacking Team, it sets up attack sites and it writes the software and then it helps configure it for a hacking attack and then it gives the people they’ve told it to in a government department, Intelligence Agency, Police Service – the ability to press the button so they hope to that removes them from being accountable for the attack.
They’ve just created the system to attack the actual button was pressed by different party so that’s obviously a possibility in the United States in relation to a number of different attacks. Publications don’t say anything directly about the President and cabinet but that is a general phenomenon of people creating attack systems and facilitating attacks in some way but being careful about the legalities of actually pressing the button.

Q: How many parts to the vault 7 series?

What we have a lot of material – it’s a big journalistic investigation from us, from our partners, we need more partners. So that those who engaged in journalistic excellence on reporting and material that we have published so far and there have been some good report, we will look at those people and trying to produce some of them to get them in – there is more work than WikiLeaks can do on its own that’s quite typical with some publications, so we assemble international teams to try and get as much understanding in as many different languages as possible.
And then also finally make sure a lot of the material is published so the public can also catch any angles that us and the combined journalistic have missed – in this case we have extra problem which is that we have quite a lot of exploits that is this key attack code that we want to disarm before we think about publishing it.
And to have that discussion we’re going to work with some of these manufacturers that have called for it to try and get those antidotes out there before we publish more information that can give clues to the cyber mafia or other intelligence agencies on how to do this.
There is a fair criticism I think of that methodology and we’re watching closely which is that the CIA was so careless to produce this material, this enormous cyber weapons arsenal and lose control of it at least once and that it has spread. So does the various Cyber Mafia already have it, do foreign intelligence agencies already have it. Well I think that’s a serious question , they were securing it very well so it’s quite possible that numerous people could have it also it has spread appears to have spread within a number of individuals within the US intelligence community. So how much more will it spread ?
I think it’s quite hard to control even if Wikileaks quickly doesn’t publish any of these cyber weapons I think it is quite hard to stop the spread elsewhere which might have already occurred so therefore what you want is the fastest possible antidotes, and for that to work the fastest way of course it’s just publish everything but at the moment we’re watching to see whether there is a spread, and analyze what we have, work with some of the manufacturers to create, to create antidotes to these weapons.

Q: Why is Wikileaks focusing only on problems from the United States?

That’s not true, we’ve published just in the last few months very significant collections of materials from Germany from Turkey in fact in response to our Turkish publications the Turkish government put seven Turkish journalist who has reported on our publications into prison.
A very serious situation – one of those Turkish journalists is fortunate enough that he was a foreign correspondent for Geseit which is german newspaper and so he’s getting a bit of support from Germany but the the other six are in a serious situation – completely outrageous that they’re simply reporting on what we published and the Turkish government, Erdogan’s government has abused concerns about the coup that occurred a few months ago – to crack down on reporting about corruption.
In this case the emails that were from Erdogan’s son-in-law who was the minister for energy and that’s what we published you can look them up at Baret’s Box. On Russia and China we have published hundreds of thousands of things most of them are critical about 80% critical and more than 2.3 million from the Syrian government including our Bashar Al-Assad’s personal emails.
So all cultures tend to just look at themselves and speak to themselves, they speak their own language and they’re aware of themselves and what other people say about then all what’s being published about their culture. When it’s published about another culture, another country then don’t pay attention. Of course but people raise this for you know distracting reasons to try and question the messenger because the content itself is so powerful.

Ok that’s it .

Let me just break, I’ll just break for about three minutes and see if any other questions that are really important have come in and if so i might answer them…

G’day my name’s Julian Assange , Welcome back to the Wikileaks press conference we have found some other questions from Fox, CBS, ABC and another journalists.

We’ll start first of all with CBS Jeff Pegues who asks:

Q: Why did you release the documents on Tuesday, can you comment on the timing?

We have a description of the timing in the frequently asked questions, it was as soon as we were ready but it wasn’t the weekend anymore. Those were the only factors involved – interestingly the administration says it’s going to prepare some response on cyberwar, not sure exactly when it is they said within 30 days but 30 days might have already elapsed but it didn’t play a part in our timing.
Nothing else played a part in our timing, it’s quite a you know you can imagine it’s quite a difficult effort to pull this kind of thing together. There has been also a number of attacks on our players and on even the various forms of streaming hardware that we used to create these press conferences. Secure systems are all fine, but the streaming system is insecure because it’s for the public.
It went down and we have some workaround for some parts, I’m not sure if some of the other glitches that you’ve seen today if it has anything to do with that probably not, probably just glitches.
What occurred on Tuesday was much more serious, but to be fair I mean we’re publishing an epic scoop on the CIA, the biggest in it’s history and they deserve to have a little comeback.

Ok Bryan Ross from ABC:

Q: Mr. Assange have you ever been paid by the Russian government or state funded outlet RT?

The answer is no, but quite interesting to see the ABC taking that line.
This is the largest publication of Central Intelligence Agency documents – number 1. An enormous journalistic scoop about all sorts of things that affect journalists and almost every individual within the United States and in many other countries about the in some sense the future of what it means to be a state, where is the border between one state and another ?
Borders are created by sea and land, borders are also created by one army meeting another army and then making a truce , that’s where borders come from.
On the internet there’s no borders and if there’s something like the use of force, that’s a very interesting question as to how much state computer hacking is like a use of force in some ways it isn’t in some ways it is, then obviously borders because start to become pretty mushy so enormously interesting that instead here we have a pretty sad question trying to divert from epic publication to something else.

Hillary Vaugn from Fox asks:

Q: How long do you anticipate it will take to help tech companies to issue fixes or secure devices?

What is the timeframe – that is a very important question. My experience as a computer security guy which is what I used to be in my previous profession, well some of those fixes will be fast. Ones that just affect a little part of the system with a little part that you can make a hole in and go through but the fix is just plugging this little hole, tweaking a little, distributing it, testing and distributing. Those can be issued potentially in just two or three days.
Problems that affect more critical aspects of computer code that’s in a telephone or TV or somewhere else, some of them can take a lot longer to fix. And for some systems like Android with many manufacturers possibly like those Samsung TV’s, there is no automatic update this isn’t some people have to manually try and pull something so that the only people who are aware of it can fix the problem. If you’re not aware of it,the problem is not fixed.
That’s a question journalists should be asking of the the various manufacturers involved.
It is an important question and it’s important to put pressure on those companies to make it , basically to make security something that the market cares about and they’ll respond, and they are to a degree already responding.
If they can get away with it they’ll say nothing that’s what that’s what google did initially was to just say nothing at all hoping perhaps that maybe we wouldn’t discuss it because Android is significantly more insecure than iOS – which is the software is used on Iphone. Both of them have severe problems, that are described in these CIA documents that were published but Iphone has slightly slightly less.

Another journalist says :

Q: Is it clear which countries were among the targets of the program?

Partly – we have a lot of records in this part 1 material, a lot more in the others that we’re studying that reveals tens of thousands of targets so yes many of the targets are revealed but many are also not to do with how the CIA split up the different it’s different sections and branches some of the operational branches only within that branch can be quite closely held do they know what the target are .
In other cases there’s collaboration between branches and support of one branch to another and the information about targets can spread further but as we have already stated there are more than 22,000 just in this initial batch of material, IP addresses that correspond to the United States. It’s not clear which are attack infrastructure, intermediary victims or targets.
But there’s also as we’ve stated attacks, numerous attacks on Europe and Latin America including Brazil including Ecuador and we’re still assessing which parts of the those governments and individuals have been attacked but Brazil and Ecuador are not really known for their extremists.JAWv7smrk17

Assange signs off with “Ok that’s it thanks guys, bye.”

If this isn’t a premise for movie, you really wish it was, because the unelected official unauthorized entity known as Wikileaks is really unleashed here. Plus, he implies there will be a sequel Part Two, possibly more.

Whomever gave Assange/Wikileaks the virtual keys to the kingdom at Langley, CIA headquarters, in Virginia is being sought out by any means necessary and dubbed the next Edward Snowden, and it just adds to the political chaos of the moment. So we’re even given a protagonist or anti-hero depending on which way the intel spins on the next data dump.

Luckily we have movies like Alex Gibney’s meticulously researched and prescient documentary ZERO DAYS to sort through the mire. ZERO DAYS should have won Best Documentary, only this was Oscar’s Year Zero, where everything went haywire in Hollywood too, with the wrong winner “leaked,” sigh.

In the end, all we really want is for all government, even a shadow government, to mind its own business, except in the movies, where it’s appropriate to find outlandish scenarios and world-breaking intrigue.

But this is not a movie folks, it’s happening in America right now. Maybe it’s time to pull the cash plug on some of these alphabet agencies, scrub the black ops, and ask for receipts. ZERO DAYS was released by Magnolia Pictures back in July, and can be viewed via links here.

# # #

ZeroDaysPoster16

The Year Nobody Was a Pundit: Hollywood’s Shock, All Governments Lie, But Zero Days & Sparrow Shortlisted

by Quendrith Johnson, Los Angeles Correspondent [FilmFestivals.com]

Cui Bono? That’s the famous Latin line that means “who benefits,” and in the realm of conspiracy theories, this blunt tool ranks right up there with “Historian’s Fallacy” as a go-to. The term historian’s fallacy was minted by Brandeis Professor David Hackett Fischer in 1970, who pointed out the bright idea that even when someone is going through a historic event, or having experienced a historic event, said eyewitness may not have a historical perspective because they have no idea what might hit them next. So since 2016 is The Year Nobody Was a Pundit, as far as the US Presidential Election, and while most of Hollywood is still in shock at the shadow conservative vote in their midst, you’ll forgive a meandering but meaningful segue here into the Oscar Documentary Shortlist and why two films, Zero Days and Hooligan Sparrow, had special resonance. But first, Oliver Stone who executive produced a documentary on investigative journalist, I.F. Stone, directed by Fred Peabody. Unlike Zero Days and Sparrow, this is one that didn’t make the Oscar shortlist, but it’s extremely relevant this year.

unnamed-6Titled ALL GOVERNMENTS LIE: TRUTH, DECEPTION, AND THE SPIRIT OF I.F. STONE, it’s based on the book that examines the influential life of investigative journalist, I.F. Stone “whose long one-man crusade against government deception lives on in the work of such contemporary filmmakers and journalists such as  Amy Goodman, Laura Poitras, Glenn Greenwald, Cenk Uygur, Jeremy Scahill, David Corn, and Matt Taibbi.”

Amy Goodman, as you may know, is the figurehead of Democracy Now, a radio program and media beacon of the American Left that recently stood by the stand-down at the Dakota Access Pipeline. Goodman was even arrested there, but released with charges dropped. Laura Poitras is the filmmaker who brought us CitizenFour, the real-life encounter with Edward Snowden that brought government security to its knees, if only for a moment, while the American Public had their digital eyes peeled open. Glenn Greenwald is her cohort in this endeavor, formerly of the Guardian UK, now of his own media hotspot known as The Intercept. The other names are important, but Matt Taibbi is one journalist who stood firm in dissent as the Donald Trump “Make America Great Again” waves crashed onto voter beachheads. Taibbi is very respected because he stayed up to his ankles in the quick sand of changing poll numbers that made this American US Presidential Election the most highly rated quasi-fiasco in the history of US politics. Election 2016 is the ticket-seller that even Hollywood couldn’t come up with as a plot line: Hamburger Hillary vs The Donald. Initially this match-up looked, as one award-worthy internet troll put it, as “don’t bring a Cheeto to a knife fight” in favor of Hillary Clinton as far as the debates. But a strange thing happened on the way to the ballot box, a swirl of fake news, government reveals, and general discontent took over.

And this is why, although ALL GOVERNMENTS LIE didn’t make anybody’s shortlist, it’s an important film to watch. I.F. Stone’s legacy is the history of dissent in its modern form that we know it. He made his reputation as a journalist by flipping over the hallowed cobblestones of the American Democracy so we could get a view under the sheen of tradition. In fact, in 2015, I.F. Stone’s son Jeremy Stone was behind the release of a Knight Foundation documentary “The Legacy of I.F. Stone” produced out of Canada. According to Glenn Greenwald’s The Intercept, (Greenwald also has a role in this doc) I.F. Stone is known as “The Patron Saint of Bloggers,” and the first known journalist to tap “unofficial sources.”

And here’s where we went collectively, as a voter nation with the rest of the watching-world dragged with us, down a very, very, very long rabbit hole in the 2016 General Election. It was supposed to be a simple contest to determine who would become the next President of the United States, or POTUS in the shorthand. Yet the whole campaign turned into He Said, She Said, fueled by unnamed sources, hacked documents, and purported criminal activity on display.

I.F. Stone’s pioneering “unofficial sources” gambit in the Digital Age became a hellride into inter-party Spy vs Spy, a weltering clash of Anonymous vs Anonymous Global, and a final FBI Director James Comey showdown vs the CIA “counter coup.” Comey is the one whose October Surprise was a November game-changer for the Clinton campaign as it hinted at a 33,000 email-deletion related indictment imminent for her.  Oh wait, he recanted within days. Next, there was even a former US State Department operative, now a sci-fi writer, named Steve Pieczenik who began to leak YouTube videos about the “FBI soft coup” to stop Hillary Clinton, who apparently they’d been tracking for Clinton Foundation fraud, from becoming POTUS. Finally elusive global-hacktivist entity Anonymous really got into the act by flooding YouTube with “Wake Up America” type calls to action to halt the current questions over alleged “Russian” hacking into the US electoral process… exhausting, isn’t it? It’s like everyone on earth and in the media lost the plot in 2016. Even genius poll predictor Nate Silver, who called elections within percentage points in the past, had Donald Trump losing by a 67% chance even as the vote count began.

Again, 2016 is The Year Nobody Was A Pundit. But “unnamed sources” and unsubstantiated allegations, as well as hit videos ruled the day. Although it’s not what was intended by I. F. Stone (no relation to Oliver), this election year is in many ways the slap in the face that Hollywood needed too. When a real life election is more fascinating than any feature film releases on their slate, the Studios can no longer grind out the same rebooted content, folks. People still went to the movie theaters and downloaded filmed content in 2016, but the US Election was beyond gripping – and not in a good way. We’re supposed to be the nation that sets the stage for the much-touted “fair and free elections.” We’re the country that points out the polling stations cheaters in so-called “banana republics,” restores justice when rogue countries go awry and thumbs our nose at humans rights violators with harsh sanctions.

Those very attributes the United States prides itself on came into question in 2016, even the idea that we could shake a fist at corruption in other countries when we ourselves seemed pretty porous as far as scandals from within.

This political preamble is why, in my humble opinion as a critic, two documentaries – Hooligan Sparrow and Zero Days – really mattered on a world-events scale this year. Lynda Weinman and Bruce Heavin, the tech couple behind Lynda.com, an online tutorial empire they have since sold, hosted a very crucial screening of Hooligan Sparrow, a documentary about women’s rights in China that becomes a visual essay on the struggle for human rights and freedoms on a visceral level. Hooligan1sht16

Here’s the official description of the film:

“The danger is palpable as intrepid young filmmaker Nanfu Wang follows maverick activist Ye Haiyan (a.k.a Hooligan Sparrow) and her band of colleagues to Hainan Province in southern China to protest the case of six elementary school girls who were sexually abused by their principal. Marked as enemies of the state, the activists are under constant government surveillance and face interrogation, harassment, and imprisonment. Sparrow, who gained notoriety with her advocacy work for sex workers’ rights, continues to champion girls’ and women’s rights and arms herself with the power and reach of social media.

Filmmaker Wang risks her own life and becomes a target along with Sparrow, as she faces destroyed cameras and intimidation. Yet she bravely and tenaciously keeps shooting, guerrilla-style, with secret recording devices and hidden-camera glasses, and in the process, she exposes a startling number of undercover security agents on the streets. Eventually, through smuggling footage out of the country, Wang is able tell the story of her journey with the extraordinary revolutionary Sparrow, her fellow activists, and their seemingly impossible battle for human rights.”

In covering it earlier this year, I’d asked Nanfu Wang “What is the history of protests in China? And do you think the West influenced this?” Nanfu takes a short breath, she is remarkably composed for someone who literally had to smuggle her footage out of China. “Protests are taboo in China,” she begins. Then she detailed the barriers for giving a proverbial “voice to the voiceless” in her home country. In a modest floral theme red dress, and Nanfu Wang safe in the West, it’s a disconnect to imagine the gritty street fights she’s had to face, even under the pressure of a second language here. Nanfu Wang is definitely someone to watch for more powerful visual essays on film, with Hooligan Sparrow just a first salvo, hopefully.

The connector to the next hugely impactful documentary, Zero Days, is that ripple effect, when an issue for someone like Sparrow’s activist Ye Haiyan ignites a global reaction. In Zero Days, a few watchers on the wall of technology saw something odd, shared it amongst themselves, and didn’t realize they’d discovered the tail of international espionage-made virus that could literally crash the world.

Zero Days is my personal pic for Best Documentary because it reveals the inner workings and internecine fighting going on within the highly insulated and highly secure secret world of CyberSec, including cybersecurity operatives and the divisions between “three letter agencies” which later becomes writ large in the so-called “soft coup” shoot-out between the FBI and the CIA firing back with hacking allegations even you read this. It’s a very dangerous game of Spy Agency vs Spy Agency that has shaken some truly home-grown crazy out of the American woodwork. YouTube is replete with claims and counter-claims of hacking, spying, even purporting to reveal a laundry list of conspiracy theories. Some of these “theories” – from Clinton unspeakable evil-doing to Trump’s Jesus-like magic – make David Aaronvitch’s book “Voodoo Histories, The Role of Conspiracy Theory in Shaping Modern History” look tame. Aaronvitch makes compelling arguments that conspiracy theories actually serve a purpose in the pattern of history as it unfolds… but the 2016 Presidential Election crazy, especially where high-level official discussions and briefings included the possibility of “foreign actors” (read: Russia) hacking Democractic emails, the Election, and the polling machines, well it just went beyond rational human understanding.

Which makes Alex Gibney’s documentary on the events leading to the detection of a computer virus designed to destroy Iran’s nuclear centrifuges in order to sabotage their entire nuclear program, that much more important as an object lesson.

Zero Days stars a range of officials and high-level tech players who unravel the Stuxnet story. Starring Colonel Gary D. Brown, Eric Chien, Richard A. Clarke, General Michael Hayden, Olli Heinonen, Chris Inglis, Vitaly Kamluk, Eugene Kaspersky, Gibney’s “ZERO DAYS is a documentary thriller about the world of cyberwar.” ZeroDaysPoster16

Here’s the official description: “For the first time, the film tells the complete story of Stuxnet, a piece of self-replicating computer malware (known as a “worm” for its ability to burrow from computer to computer on its own) that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. ZERO DAYS is the most comprehensive accounting to date of how a clandestine mission hatched by two allies with clashing agendas opened forever the Pandora’s Box of cyber warfare. Beyond the technical aspects of the story, ZERO DAYS reveals a web of intrigue involving the CIA, the US Military’s new cyber command, Israel’s Mossad and Operations that include both espionage and covert assassinations but also a new generation of cyber weapons whose destructive power is matched only by Nuclear War.”

Some of this is a recap from my earlier coverage and interview with Eric Chien this year, but there’s a lot of implied geopolitics embedded here, and again, along with the hacking component, really cements it as my Best Doc pic for 2016. Before seeing ZERO DAYS, it’s critical to understand the US’s former relationship to the Shah of Iran. Before he was deposed, the Shah of Iran received a key first piece of their nuclear program from the US. It was supposed to be used for energy generation, power plants. The Christian Science Monitor did a round-up once that put dates on the whole mess. “In 1967, under the ‘Atoms for Peace’ program launched by President Eisenhower, the US sold the Shah of Iran’s government a 5-megawatt, light-water type reactor… the foundation of Iran’s nuclear power program.” The Shah reigned from Sept. 16, 1941 until Feb. 11, 1979, when he was toppled by the Iranian Revolution. However questionable the Shah’s regime was, it’s axiomatic that something would go wrong once the largely secular world of his rule fell into theological hands as the 1980’s began.

Next things go from theological to zealot by US estimations. And then there’s 9/11. Allegations are Iran is inching its way toward the “bomb,” because it’s not a huge stretch from power-reactor fuel to weapons grade material. You can see why the US government would consider cyber war in the wake of 9/11, especially since the hardware and software for their nuclear program comes mostly from the West (read: a way in via upgrades to the tech). Plus, would anyone ever find out? Someone high up likely gambled on the wrong side of “No.” So malware was secretly engineered, somewhere, to attack the centrifuges at Iran’s Natanz facility.

Alex Gibney’s take on it is, “I started out making a small film investigating ‘Stuxnet…’ What I discovered was a massive clandestine operation involving the CIA, the NSA, the US military and Israel’s intelligence agency Mossad to build and launch secret cyber ‘bombs’ that could plunge the world into a devastating series of… attacks on critical infrastructure, shutting down electricity… this science fiction scenario…”

That’s Alex Gibney for you, outing the whole gamut of international players from “three-letter agencies” to nation states. But then you talk to someone like Eric Chien, Technical Director of Symantec’s Security Technology and Response division, who was among the first handful to discover and name the Stuxnet virus, and it becomes clear that the message of ZERO DAYS is not rehashing old news about the perils of technology. (As in the current alleged Russian election hacking fracas, and the role of governments in controlling infighting among agencies tasked with cyber security.)

Although it is public record that Belorussian engineer Sergey Ulasen was the first responder to the then-unnamed Stuxnet virus as a BSOD (Blue Screen of Death) reboot over there in the Iranian nuke-related nest of computers; the message of this film is really about the knowledge gap between policy makers and digital purveyors, who, at the speed of technology, will reshape the world for us if we don’t watch out.

In person, Eric Chien is incredibly personable, a youthful exemplar of next-generation digital professionals. “We make Norton Anti-Virus,” he begins, to kind of define Symantec. He also apologies that colleague Liam O’Murchu couldn’t make it. “He had his hands on it first,” Chien adds, meaning Stuxnet. “Normally what we do, day-to-day, is we look at the latest (cyber) attacks. About one million a day. A lot of it is handled through automation, which automatically create fixes for them.”

“When we come across some big attacks, we share (with stakeholders)” pieces of the code for others to monitor or give feedback on. “Recently someone tried to transfer $1 BN from the Bank of Bangladesh,” he said, and this discovery brought back some similarities to the adrenaline of the Stuxnet discovery.

Chien mentions the possible government or shadowy players that he’s encountered in untangling the virus. “When you have black motorcycles, wearing all black following you, behind you, you start to wonder.”

On why Stuxnet wasn’t part of the Snowden leak, he casually mentions, “Edward Snowden didn’t leak this because those files are stored on a different server.” Then, ironically, Chien says he is not under an NDA (non-disclosure agreement), because “we don’t have a two-tiered system. We share this information with our clients… we would never work for hostile nations.” Chien reveals that ‘zero-day’ is a term that basically means the virus is discovered at the same time the vulnerability is revealed that makes the exploit even possible. (Think of it as a hole-in-one golf shot, but nobody knew there was a hole there until the ball hit. Now you’ve got two problems.)

“Stuxnet had not one, but four zero-days in it,” he emphasizes, “even one zero day is rare, but four?” This is how “we knew nation states must be involved.” But breaking the code, finding out what this virus was supposed to do “was the needle in the haystack. I mean it had a (kill) date in it, but it was not easy to figure out.” Tying into the election theme, Stuxnet’s “kill date” mysteriously coincided with the 2012 election.

With all the current election brouhaha, the focus on Russia, Chien made a shocking remark that puts Moscow’s capabilities in perspective. “There’s something to be said for obsolesce,” he revealed. “Because when Russia tried to shut down (the gird) in the Ukraine, their technology was so old, they could actually go to each site and crank it back on by hand.” That’s not in Zero Days, but insider terms like Nitro Zeus are, and maybe what’s most important about this film is that it details the bones of contention, the lines of power, and the factions opposed to one another behind the scenes in our government agencies.

And this comes full circle to the opening focus on the current contested election results… agencies are infighting and all we can do is find our own way back up the rabbit hole, back into the reasonable margin of error that Democracy lives by.

A complete list of the Academy’s Best Documentary shortlist for the 89th Academy Award Presentation to be held  February 26, 2017, can be found on www.oscars.org

# # #

AlexGibney16

From Punch Cards to Stunt Hacking to Alex Gibney’s ZERO DAYS & Symantec’s Eric Chien on Stuxnet

by Quendrith Johnson, Los Angeles Correspondent

You have to hand it to filmmaker Alex Gibney (GOING CLEAR), he has taken on everything from Eliot Spitzer’s political downfall to the Enron debacle to Lance Armstrong’s doping to soft-money “super-lobbyist” Jack Abramoff to Gonzo journalist Hunter S. Thompson, not to mention Nigerian music legend Fela Kuti. So it comes as no surprise that Gibney goes from wrestling Xenu to rattling the NSA’s cage with ZERO DAYS, his new “thriller” documentary about cyber-warfare phenom Stuxnet. ZeroDaysPoster16Released by Magnolia Pictures, Participant Media and Showtime, ZERO DAYS screens in theaters July 8, also on demand at Amazon Video.  Gibney’s doc defines Stuxnet as “self-replicating computer malware (known as a ‘worm’ for its ability to burrow from computer to computer on its own) that the US and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately [mutated] and spread beyond its intended target.”

If that’s not enough to get your smartphone wiretapped, who knows what is? And that’s why this doc is really tricky: it names not only names, but Nation States. Plus it lets us know that among the three probable classes of cyber-attack originators, nation-states are the most dangerous. The two other classes being: cyber-criminals, and hacktivists.

But c’mon, for the rest of us workaday non-security-classified folks out there, it is a little difficult to fully grasp the “Olympic Games”-scale virus unleashed on Iran’s nuclear power facility — as detailed in Alex Gibney’s documentary ZERO DAYS via expert interviews — without some backstory on the issues involved. In a moment, Symantec’s brilliant code-cracker Eric Chien who is featured in this film with his boss Liam O’Murchu will chime in, for now let’s rewind the digital clock to analog times for some perspective.

Clear your mind, take a breath, and think about the technology issues from a long angle. Think about the progression from English mechanical engineer Charles Babbage (1791-1871), who with assistance from mathematician Ada Lovelace (1815-1852), came up with the first mechanical engineering computer, the Difference Engine, as a starting point. Mechanical computing (i.e.; tabulating polynomials, i.e. figuring out huge numbers calculations) in the Industrial Age leads to punch cards that control looms in the textile industry. This hold-over method, punch cards, remains in place even up until the 1980’s as analog goes 100-percent digital. A fast-forward timeline means punch-card key machines to vacuum tubes with wires to British polymath Alan Turing (1912-1954), who in the 1940’s added to the war effort by not only “cracking” the German U-Boat message encoder, Engima, but understood and foresaw the possibilities for “large scale digital technology” via the encrypted telephone messages between Churchill and Roosevelt. That said, all the elements are in place to usher in the world of cyber attacks. Consider the sabotage possibilities in the first punch-card driven looms.

If you’re familiar with “spook hardware” such as the Enigma and its US/UK code-breaking counterparts from WWII, ZERO DAYS scope is an easy leap. You just need an update on the acronyms and players we now face in Cyberwar. Cyber attacks, cyber terrorism, and all other penetrations into our enterprise-grade technology require counter measures — only now we’re talking software, or code, and the stakes are world-breaking with the nuclear weapon card in play.

Another helpful insight before seeing ZERO DAYS is the US’s relation to the Shah of Iran. Because before he was deposed, the Shah of Iran received the first piece of their nuclear technology from the US, in support of power generation. The Christian Science Monitor did a round-up once that put dates on the whole mess. “In 1967, under the ‘Atoms for Peace’ program launched by President Eisenhower, the US sold the Shah of Iran’s government a 5-megawatt, light-water type reactor… the foundation of Iran’s nuclear power program.” The Shah reigned from Sept. 16, 1941 until Feb. 11, 1979, when he was toppled by the Iranian Revolution. However questionable the Shah’s regime was, it’s axiomatic that something would go wrong once the largely secular world of his rule fell into theological hands as the 1980’s began.

Next things go from theological to zealot by US estimations, and then there’s Sept. 11, 2001. Allegations are Iran is inching its way toward the “bomb,” because it’s not a huge stretch from power-reactor fuel to weapons-grade material. You can see why the US Government would consider cyberwar in the wake of 911, especially since the hardware and software for their nuclear program comes mostly from the West (read: a way in via upgrades to the tech). Plus, would anyone ever find out? Someone high up likely gambled on the wrong side of “No.” So malware was secretly engineered, somewhere, to attack the centrifuges at Iran’s Natanz facility. Alex Gibney’s take on it is, “I started out making a small film investigating ‘Stuxnet…’ What I discovered was a massive clandestine operation involving the CIA, the NSA, the US Military and Israel’s intelligence agency Mossad to build and launch secret cyber ‘bombs’ that could plunge the world into a devastating series of… attacks on critical infrastructure, shutting down electricity… this science fiction scenario…”

That’s Mr. Going Clear for you, outing the whole gamut of international players from “three-letter agencies” to nation states. Gibney steps into the lion’s den, where most of us would shiver and recite the Cowardly Lion’s “I do believe in spooks, I do believe in spooks” from the Wizard of Oz. But then you talk to someone like Eric Chien, Technical Director of Symantec’s Security Technology and Response division, who was among the first handful to discover and name the Stuxnet virus, and it becomes clear that the message of ZERO DAYS is not rehashing old news about the perils of technology.

Although it is public record that Belorussian engineer Sergey Ulasen was the first responder to report the then-unnamed Stuxnet virus as a BSOD (Blue Screen of Death) reboot over there in the Iranian nuke-related nest of computers; the message of this film is really about the knowledge gap between policy makers and digital purveyors, who, at the speed of technology, will reshape the world for us if we don’t watch out. 2016-06-28 11.17.02In person, Eric Chien is incredibly personable, a youthful exemplar of next-generation digital professionals (read: Not Nerds) in business casual attire with stand-up bangs and a friendly, open demeanor. He twists his wedding ring briefly, the only sign that being nervous is normal under the weight of the controversial topics involved. Then Chien uses his outdoor voice, launches into a patter that suggests he is used to briefing Subcommittees and Fortune 100 clients on the in’s and out’s of tech topics, which he does in real life. “We make Norton Anti-Virus,” he begins, to kind of define Symantec. He also apologizes that colleague Liam O’Murchu couldn’t make it. “He had his hands on it first,” Chien adds, meaning Stuxnet.

“Normally what we do, day-to-day, is we look at the latest (cyber) attacks. About one million a day. A lot of it is handled through automation, which automatically create fixes for them. When we come across some big attacks, we share (with stakeholders)” pieces of the code for others to monitor or give feedback on. “Recently someone tried to transfer $1 BN from the Bank of Bangladesh,” he said. This discovery brought back some similarities to the adrenaline of the Stuxnet discovery. It’s fascinating to watch Eric speak frankly and transparently from the super-secret cyber-crypto world where “pen tests” — penetration tests of security systems — make these reverse-engineers just as tricky as their malware-making counterparts. “You never want to roll out your own crypto,” he corrects. “You really want it to be peer-reviewed.”

Chien will let slip a few telling details that demonstrate how John le Carré his day job is, like “when you have black motorcycles, wearing all black following you, behind you, you start to wonder.” Or, on why Stuxnet wasn’t part of the Snowden leak, he casually mentions, “Edward Snowden didn’t leak this because those files are stored on a different server.” Then, ironically, Chien says he is not under an NDA (non-disclosure agreement), because “we don’t have a two-tiered system. We share this information with our clients… we would never work for hostile nations.”

This charming ambassador of tech will also note that ‘zero-day’ is a term that basically means the virus is discovered at the same time the vulnerability is revealed that makes the exploit even possible. (Think of it as a hole-in-one golf shot, but nobody knew there was a hole there until the ball hit. Now you’ve got two problems.)  “Stuxnet had not one, but four zero-days in it,” Chien emphasizes, “even one zero day is rare, but four?” This is how “we knew nation states must be involved.” But breaking the code, finding out what this virus was supposed to do “was the needle in the haystack. I mean it had a (kill) date in it, but it was not easy to figure out.” Then Symantec’s wizard recites that oft-quoted refrain that while most attacks take his team about “three minutes to crack, this one took three months.”

“Liam (O’Murchu) is the first one who picked it up. I then pulled it as well.” The first approach was “What is this thing? Is it trying to like hold my computer for ransom? Steal some documents?” But the most impactful theory was covert espionage. “As we began to rip (the code) apart, we saw that it was (targeted at) Siemens PLC.” PLC stands for programmable logic controller, which, from Siemens controls functions for a very specific piece of hardware, in this case the rotating nuclear centrifuge at Natanz in Iran. “We ordered the exact same model of PLC. We were expecting something the size of a mini-frigerator. But when the box came, it was the size of a book!”

There’s something admiring in the way Eric Chien describes the puzzle pieces from the dark side that Alex Gibney has detailed in ZERO DAYS. “The code was perfect, there were no errors in it, that’s how we knew it was a nation state,” Chien admits. “The way Alex incorporated the exact pieces of code (from Stuxnet) at exactly the right moment it is being discussed on screen really impressed us.” By “us” Eric Chien means the super smart people working on encryption, the white hats.

When pressed, Chien adds that most technology-related movies and TV projects are “ridiculously inaccurate,” but not ZERO DAYS. Or the USA Network TV show Mr. Robot, which he admits to watching, a huge endorsement.  But if you ask who his favorite hackers are, Chien demurs. “Today it’s just stunt hacking, I don’t find that interesting. Doing something just so you can show you can do it. Like hacking a PLC to show you can do it.” Then he pauses, “you know Captain Crunch? I liked him.” Captain Crunch (a/k/a John Draper) was Steve Jobs‘ favorite hacker, the guy ‘who stole from Ma Bell’ back in the old days of blueboxing by “whistling” analog tunes into a phone receiver to fool the network into thinking it was a digital tone to allow free long distance. Then if you ask: ‘Do you think smart people will take over the world, since there is such a knowledge gap with policy makers?’ Symantec’s distinguished engineer will smile, and come back with “the world is not a meritocracy,” as if the concept of brains over brawn has been debunked throughout history.

In one parting quote, Chien remarks “there’s something to be said for obsolescence. Because when Russia tried to shut down (the grid) in the Ukraine, their technology was so old, they could actually go to each site and crank it back on by hand.” That’s not in ZERO DAYS, but Nitro Zeus is. So now you’re armed with enough information on the backstory to grasp the enormity of ZERO DAYS. A must-watch, Gibney’s newest premiered at the Berlin Film Festival and opens July 8. To find out more, visit the official site here for screen times and venues.

 

# # #

AlexGibney16

Alex Gibney Has ZERO DAYS, a Stuxnet Doc, on Deck for July 8

SCREENMANCER CYBER/FILM ALERT: Here’s what we know so far — Magnolia Pictures, Participant Media and Showtime will release ZERO DAYS in Theaters, on Demand, on Amazon Video, and on iTunes July 8, 2016. ZERO DAYS is directed by Alex Gibney, the fanatically precise director who helmed STEVE JOBS: MAN IN THE MACHINE and won an Academy Award for 2008’s TAXI TO THE DARK SIDE.

Here’s a Screenmancer First Look

Directed and Written by Alex Gibney

Starring: Colonel Gary D. Brown, Eric Chien, Richard A. Clarke, General Michael Hayden, Olli Heinonen, Chris Inglis, Vitaly Kamluk, Eugene Kaspersky

Official description below…

Alex Gibney’s ZERO DAYS is a documentary thriller about the world of cyberwar. For the first time, the film tells the complete story of Stuxnet, a piece of self-replicating computer malware (known as a “worm” for its ability to burrow from computer to computer on its own) that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target. ZERO DAYS is the most comprehensive accounting to date of how a clandestine mission hatched by two allies with clashing agendas opened forever the Pandora’s Box of cyberwarfare. Beyond the technical aspects of the story, ZERO DAYS reveals a web of intrigue involving the CIA, the US Military’s new cyber command, Israel’s Mossad and Operations that include both espionage and covert assassinations but also a new generation of cyberweapons whose destructive power is matched only by Nuclear War.

For more info: click here.

# # #