Director of 'Zero Days' to Post: ‘The cyber-war era is here’

Alex Gibney, director of the documentary ‘Zero Days’ talks to the ‘Post’ about how the US-Israel operation to target Iran’s nuclear program changed cyber warfare forever.

The logo for the cyber hacking group ‘Anonymous’ is seen on computer screens. (photo credit: REUTERS)
The logo for the cyber hacking group ‘Anonymous’ is seen on computer screens.
(photo credit: REUTERS)
The Mossad and Unit 8200 blew a joint US-Israeli operation to damage Iran’s uranium enrichment centrifuges, members of the US intelligence community have charged in a newly released documentary, Zero Days.
In the film, which premiered at the Berlin Film Festival this week, former director of the NSA and CIA Gen. (ret.) Michael Hayden says that Israeli plans to attack Iran were aimed at dragging the US into the war.
I interviewed Alex Gibney, the award-winning director of Zero Days – his film Taxi to the Dark Side won the Academy Award for Best Documentary Feature in 2008 – in Berlin this week. The following are excerpts from the interview.
Award-winning director of Zero Days Alex Gibney. (Courtesy)
Alex Gibney, why did you decide to make this particular film?
Gibney: Marc Shmuger, who produced We Steal Secrets, approached me about doing a film on Stuxnet.
I didn’t know much about it at the time – some three years ago – but it was intriguing to me. The more I researched the story, the more interesting it became for a number of reasons.
First, Stuxnet was a new kind of cyber weapon. It crossed the threshold from cyberspace to the real world, causing actual physical harm. Not only that but it was an autonomous weapon which, once activated, decided when and where to launch its attack without any further human involvement.
Second, it raised important issues about the “rules of the road” regarding cyber: What’s an attack? What kind of attack on “critical infrastructure” constitutes an act of war? The terrifying conclusion, I discovered, is that there are no rules of the road, particularly for those nations – including Israel, the US, Russia and China – who have the most advanced offensive cyber capabilities.

Stay updated with the latest news!

Subscribe to The Jerusalem Post Newsletter


Third, in the making of the film, I discovered that the story was only partly about a technical program developed by the NSA and Israel’s Unit 8200. It was also about the CIA and Mossad which had control of the Stuxnet operation, and raised important issues about secrecy, diplomacy and the US-Israel relationship.
What are your main findings?
1. The cyber-war era is here and it is potentially as scary as the prospect of nuclear war.
2. The danger of unintended consequences in covert operations. The US and Israel saw Stuxnet as a technical fix. At the end of the day, it didn’t shut down Iran’s nuclear program; it actually provoked a radical increase in uranium production capacity.
Worse, it spread the plans for a sophisticated new cyber weapon all over the world.
3. Government secrecy – or overclassification – has become dangerous for the citizens in the US. We have no idea what kind of weapons are being developed in our names and what kind of counterattacks they may provoke. Even in the case of nuclear weapons, we understood the capability of those weapons and, as a result, were able to insist that our representatives negotiate some kind of international treaty system based on their use.
The US is over-reliant on covert operations which, in the name of a quick fix, can create much greater dangers than the ones they were meant to combat. Even worse, when they go wrong, no one is held to account. That’s not the way democracies are supposed to work.
I understand that NSA and other members of the US intelligence community accuse former Mossad director Meir Dagan and their Israeli partners of practically blowing the operation – “Olympic Games.” Is it so? Please explain.
This is not the official position of the NSA, as you know. But a number of US sources we spoke to were furious that Israel changed a code that had been jointly developed, and then launched it. We were told that the order to change the code and launch came from Dagan, who was under some pressure from [Prime Minister Benjamin] Netanyahu to produce more results.
Officially, according to the terms of the development of the weapon, Israel had the right to do what it did. But our sources told us that the US had asked Israel not to release a more aggressive version.
Israel decided to release it anyway.
Since OG was a covert operation, under the authority of the CIA in the US and the Mossad in Israel, the decision to tinker and launch was made by Dagan.
David Sanger, in his book Confront and Conceal, quotes Vice President Joe Biden as having a similar reaction: “Sonofabitch. It’s got to be the Israelis. They went too far.”
The problems with the new Israeli version of the worm were twofold: One, it was very aggressive and spread all over the world; and two, unlike previous versions of the code, it didn’t “hide” on infected computers; it started to shut them down, and so was discovered.
While the “payload” part of the code was directed at Iranian centrifuges, it was a blueprint for a new kind of sophisticated attack which, after spreading, could now be duplicated by others. Of course, the other problem with the discovery of the code was that we lost the intel that the code – while it was secret – provided.
Do you think Operation Olympic Games contributed to the recent nuclear deal with Iran?
That’s very hard for me to say.
Some, like Sanger, who has much better diplomatic sources than I, believe that even though it was discovered, OG made the Iranians aware of the kind of weapons that could be aimed against its nuclear program and therefore contributed to the nuclear deal. Strictly in the case of OG, I disagree. I think that OG just angered the Iranians and provoked them to increase, dramatically, their production of uranium and to launch cyber attacks against Saudi Arabia and the US.
That said, I do believe that other, much more aggressive and destructive cyber weapons subsequently developed by the US Cyber Command (we mention one in the film) undergirded the nuclear deal. I can’t prove it but I believe that the Obama administration may have proceeded with nuclear negotiations with confidence knowing that if Iran violated the agreement, the US had the capability to shut down any incipient nuclear weapons program and cause even greater damage to Iran’s critical infrastructure. In other words, while Netanyahu accused [President Barack] Obama of negotiating a bad deal from a position of weakness, it may be that Obama was negotiating from a position of strength and a willingness to use cyber weapons far more powerful than OG.
Was Olympic Games a failure?
No and yes. In a strictly tactical sense it was a brilliant and successful weapon. It delayed the Iranian program and, even more devastating, it made the Iranian nuclear scientists doubt their own capabilities.
(One of the most brilliant aspects of the code was that even as it damaged the centrifuge operation, it sent a message to the engineers that all was well.) But in strategic terms, it was a failure. It provoked Iran to dramatically increase its production of enriched uranium. It provoked Iran to develop a very impressive group of cyber weapons and cyber warriors. And it leaked all over the world, allowing everyone to have access to the blueprints for this new, devastating kind of weapon.
What do you think are the moral, political and operational lessons the world has to draw from the operation?
Since I am an American, I will tackle this from a US perspective.
Lessons: 1. Stuxnet proves that cyber weapons have a terrifying destructive potential. As such, we need to establish international norms for their use. Right now, there are no rules, which is recklessly dangerous, particularly for Americans who are especially vulnerable to cyber attack.
2. The early experiments with OG may have been legitimate covert operations – both for intelligence (OG collected information about the Iranian nuclear enrichment program) and for limited sabotage. But by the time OG was blowing up 1,000 centrifuges – an attack on critical infrastructure – it may have been an act of war.
I don’t want to give Obama or the CIA the power to declare war in secret! Even more than [former US president George W.] Bush, Obama has decided that it’s legitimate – under the cloak of secrecy – to launch drone strikes or cyber weapons despite their devastating long-term consequences. The US is establishing new norms of international behavior and they are not good norms.
3. As an American, I am deeply concerned that we jointly develop weapons with Israel which has the right to use those weapons, on its own, in a way that may run counter to our interests. Further, I am terrified, from a political perspective, that we are so afraid of what Israel might do (like bombing Iranian nuclear facilities, which would draw us into a war with Iran) that we develop weapons that can destabilize the world and put everyone at risk.
Having criticized Obama, let me praise him now. I think the nuclear deal with Iran was the right thing to do.
At the end of the day, diplomacy is more lasting, more effective – and less prone to unintended consequences – than covert actions.• The writer, The Jerusalem Post’s intelligence analyst, was a consultant to the film and one of its protagonists.