The Perfect Weapon (2020) Movie Script
1
New and frightening
warning from the FBI
on hackers using
malicious software
to launch a cyber attack
against US businesses.
In some ways, it's a whole
new way of making warfare,
and I don't think that
that overstates it one bit.
There is a cyber war going on.
The United States
started that cyber war.
The first cyber weapon
to threaten to damage targets
in the real world.
Hackers in places like China,
North Korea, Iran, elsewhere,
are exhibiting the capability
to hit the power grid.
Chinese state-backed hackers
have been mobilized
anything to do with
covid-19 related research.
Many of the threats in the
21st century will be in cyber:
Misinformation, disinformation.
YouTube, Facebook, Twitter.
WhatsApp? Instagram?
We are human species.
We can be hacked.
Russian government hackers
have breached the network
of the DNC.
I don't think anybody knows
it was Russia.
Russia, China,
and other countries
are collecting stolen
information from hackers.
Today we face threats
that have increased
in sophistication,
magnitude, intensity,
volume, and velocity.
What about the confidence
in the vote?
Especially against the backdrop
of the Russian interference
in 2016.
They're involved
going after me on Facebook.
Because Putin knows me,
and I know him, and he
doesn't want me to be president.
President Trump claimed
without evidence,
quote, "rigged 2020 election
will be the scandal of our times."
Are you suggesting that you might
not accept the results of the election?
I have to see.
ANNOUNCER: Madam Speaker,
the President of
the United States.
At the end of the
Bush administration,
president Bush decided
he had to stop
the Iranian nuclear program.
The United Nations has imposed
sanctions on Iran,
and made it clear that the world
will not allow the regime in Tehran
to acquire nuclear weapons.
But he had a problem.
My second purpose today
is to share with you
what the United States knows about
Iraq's weapons of mass destruction...
We had just gone to
a war in Iraq
on the false pretense
that Iraq had a nuclear weapon.
So there was no way
he was going to be able to
publicly convince the world
to get into a conflict with
Iran over its nuclear program.
One day, a group of
intelligence officials
and military officers
came to the president and said,
"sir, we have another way."
They told Bush that a joint
Israeli-American cyber team
had designed some code
that could get into the Iranian
nuclear control system.
Until then, countries were
using cyber to steal data.
To spy on each other.
But almost no one had used
cyber as an offensive weapon.
The plan was
a piece of malware
would be delivered
into the industrial
control systems
running the Iranian
nuclear program.
this network was air gapped.
In other words, it's not
connected to the Internet.
So you had to have ways in which the
code could jump onto those computers.
There's still some mystery
about exactly how this code
made it from the NSA
and the Israeli cyber unit
into the natanz plant.
There are many ways,
including slipping in a USB key.
But we also now know
that the NSA had designed
a brilliant small system,
about the size of a briefcase,
that could work from six
or seven miles away,
beaming computer code
into a computer
that had been set up
with a receiver chip.
And that device could be used
not only to put code in,
but later to replace it
and update it.
HULTQUIST: Once they got in,
the code started
unlocking itself,
and it started two major tasks.
The first one was to record
everything that the operator
would be saying,
and essentially,
put that on a loop.
So that every day, when
the operator came in to work,
everything would look just fine.
It's sort of like
a classic heist movie
where the surveillance video
is run on a loop,
and the guard never knows
what's actually going on.
While at the same time, somebody's
breaking in and stealing something.
The Iranians were thinking
the whole time
that they're making progress.
That they're moving
towards their goal,
when in fact,
these systems are deadlined.
Because the second task
for the code
was to take the centrifuges
and break them.
This code was so ingenious
that not only did it have
this sort of fake video,
pay no attention
to what's going on here,
it would lie in wait.
And so days would go by,
where the centrifuges were spinning
exactly as they were supposed to.
And then all of a sudden,
they'd speed up really fast.
And then when
you'd turn to look,
they would slow down
to the regular speed.
And eventually what
happens when you do this
to these finely tuned machines,
is that they break
themselves apart.
When President Obama
had that traditional meeting
with his predecessor,
George Bush,
Bush told him that
there were two programs
he had to make sure
that he preserved.
One of them was
the drone program.
The second program
was "olympic games,"
the code name for the program
against Iran.
suddenly, in his
first months in office,
President Obama finds himself
in the situation room,
picking out centrifuges
to attack.
For a while, the Iranians
had no idea what was going on.
They didn't know if they had
made engineering errors,
whether they had bad parts.
They suspected sabotage,
but couldn't prove it.
Until one day,
when the code got out.
This code is only supposed
to go into one facility,
and it was never supposed to be
known to the rest of the world.
Instead, it escapes the box.
It gets out of that facility and
begins to spread around the world.
These are the letters
and numbers
behind the so-called
stuxnet virus.
It begins with
a simple USB key.
Then with surgical precision,
penetrates some of the world's
most advanced computer security.
Its creators hid
their tracks so well,
experts say we will likely
never know who created it.
As we began to hear about
this incredibly sophisticated
piece of code
that the industry
was calling stuxnet,
I began to reconstruct the story
of who authorized
this code to be written.
Neither Israel nor the US
had publicly admitted that
this was designed by them.
You did that without at all
mentioning Stuxnet or Olympic Games.
That was, that was impressive.
I never heard of those.
Can you talk about Stuxnet?
-It's years ago.
That-- One thing that--
I don't want to
talk about it, okay?
It's just that, it's a mystery.
I don't want to talk about it.
Let me know if I'm not--
If I'm being too subtle, okay?
This is the first worm designed
to damage the physical world.
It's a new dimension
in sabotage and warfare.
The implications and
the possible consequences
are only now coming to light.
The stuxnet attack on Iran
was the first time a major state
used a powerful cyber weapon
in a very aggressive way.
People knew that
the US government
had been developing tools
that can manipulate
computer systems
to create effects
in the real world.
Stuxnet was the first big
example of that happening.
Here's what it looks like,
here's how sophisticated it is,
and here's what it can do.
You take that same principle,
you could shut down
an airport with a similar tool.
You could shut down an
electrical grid with a similar tool.
You could shut down a gas
pipeline with a similar tool.
So these things
that were speculative
suddenly become real.
The question is,
if you're the first mover there,
have you now said, "That's
fair game for everybody."
They've crossed the Rubicon.
The United States had
basically legitimized
the use of cyber
as a weapon against
another country
against whom you
had not declared war.
It pushed the world into
an entirely new territory.
Once the Iranians
took the punch,
Iran said, "Oh, that's the way
the game is played.
All right, I get this now."
And then they started to unleash
against the United States.
In 2013, it's clear that Iran
is still working towards
a nuclear weapon.
And the Obama administration
in the US
is trying to start negotiations
to sort of coax them
away from that.
In October of 2013,
there's a panel.
There are several people on it,
but the really
interesting person
that comes to talk
on the panel is Sheldon Adelson.
Sheldon adelson is one of
the richest men in the world.
He's a casino magnate.
He's got casinos off China,
he's got a major casino
in Singapore.
He's got two major casinos
in Las Vegas,
and that's really
where he made his money.
The billionaire businessman
who made a fortune with casinos
gave more than $92 million
to conservative candidates
in the 2012 race.
One of his most
famous things is
an effort to spend
a hundred million dollars
to make sure that Obama doesn't
get elected to a second term.
You've got to really
dislike me...
...to spend that kind of money.
And he's very clear, and,
and full-throated
about his opinions.
How are you able to be
so outspoken?
I flunked diplomacy 101.
Especially when it
comes to Iran,
and when it comes to these
negotiations in particular.
Wait, so you would support
negotiations with Iran
currently,
so long as they first seized
all enrichment of uranium?
No. What do you mean
support nego--
What are we going to
negotiate about?
What I would say is... Listen.
You see that desert out there?
I want to show you something.
You pick up your cell phone,
and you call somewhere
in Nebraska,
and you say, "Okay, let it go."
So there's an atomic weapon
goes over ballistic missiles
in the middle of the desert
that doesn't hurt a soul.
Maybe a couple of rattlesnakes
and scorpions or whatever.
And then, and then you say,
"See?
The next one is in
the middle of Tehran."
So, we mean business.
And that was not
taken well in Iran.
See? The next one is in
the middle of Tehran.
Somebody gets a
YouTube clip of this.
It goes up.
Doesn't take long before
Iran notices it.
It's clear that Iran
wants to punish adelson.
And they want to make it hurt.
Casinos are basically
big banks, right?
The amount of money that goes
in and out of a casino in a day
is millions and millions
of dollars.
And so, casinos spend an enormous
amount of money on physical security.
On cameras, on security guards,
on vaults.
Like, the things that
you would do to protect
chips and cash.
But as far as their
it infrastructure,
what does that look like?
So, around December 2013,
hackers in Iran start
looking for a weak link
into sands corp's network.
And the hackers just
ultimately get lucky.
A senior software engineer
had come from Las Vegas,
was working at a small casino
in Bethlehem, Pennsylvania,
that's part of
the sands corp empire,
and had used his credentials
to get onto one of the machines
in Bethlehem,
and the hackers found him.
Those credentials allowed them
to get into the Bethlehem network.
And then, from Bethlehem,
to Las Vegas, which is really
where they wanted to be.
They'd start kind of slowly,
but by early February,
they release a few hundred
lines of code,
which is designed to,
not to steal information,
but to destroy computers.
To, to override information.
To really create chaos
within Sands Corp's network.
I received a phone call
from a support desk manager
at about 4:00 A.M.
The support desk manager
had been receiving calls
telling her that people's emails
were getting locked up.
Some of the engineers
tried to look into
what might be the cause of it,
and they couldn't get in.
I wouldn't say that
they were panicked.
I would say that there was, um,
an extreme sense of urgency.
In the morning,
sometimes I check my email.
And I couldn't get to anything.
First thing I thought is, someone's
gonna call me and yell at me,
because probably
the software is down.
Minutes of a software outage
can amount to a loss of
a serious amount of money.
We were getting reports
left and right
of people not being able
to access their computers.
Our internal systems, our email,
our way to communicate.
Accounting, was,
like, paralyzed,
and that place is
all accountants.
I mean, everybody in the back
that isn't Iis in some kind of finance team.
As the guys kept digging
into it more and more,
a sense of, like,
"Holy shit, this is huge.
Like, the damage is massive."
At some point in time,
we made a decision
that everybody needs to
turn off their computers.
We basically had teams go out
and unplug desktop machines.
We were going to pcs
on the casino floor
in the pits,
and at the player's club,
and in the cage,
and taking them offline
one at a time.
Scanning 'em, cleaning 'em.
We knew at that time
this was a possible hack.
But I still thought
it was a singular event.
That we were basically
doing damage control.
But there were things
that popped up
that indicated that it wasn't
somebody hacking
just for the sake of hacking.
It was a political statement.
The Las Vegas sands website
had been defaced,
to show an image of the globe
with various locations
of the world on fire.
I remember flames,
and something about adelson
and cutting off his tongue.
We were all curious
as to who did it,
and then when we saw what
had happened to the website,
it was like, "oh.
Well, this is a reaction
to what Mr. Adelson had said."
You know, my stomach sank.
It was like,
excuse my language,
like, "Holy shit."
this is real.
A cascading attack.
Servers shut down.
Screens go blank.
A rush to unplug computers.
This attack hit the world's
largest casino operation
ten months ago.
Sands Corp was able to
keep it secret for months,
and to keep the scale, especially,
of the attacks, secret for months.
CNN has learned on
February 10th of this year,
thousands of employees
at sands casinos in Las Vegas
and Bethlehem, Pennsylvania,
had their computers hit.
They didn't want to
get this out.
They wanted controlled
communications,
is what I will say.
That comment that adelson
made on that stage
was a very expensive
comment to make.
the cost of the attack
and recovering from the attack
was about $40 million.
It cost the Iranians
far less than $40 million.
I mean, that's the thing about
the asymmetry of these attacks
is hackers working in a team
for a few days,
You know, they started
probing in December.
You know, a couple of teams got
really active for a few days in January,
and in February,
they unleashed the attack.
You know, that's a very low-cost attack
from a nation-state point of view.
The sands casino attack
was a warning shot.
It was a reinforcement
of the thought
that a middling power like Iran
could shut down a big
economic enterprise
in the United States.
And that if the sands casino
could be brought down,
so could the rest of Vegas.
And what happened in Vegas
wouldn't stay in Vegas.
The evolution of cyber
has happened very quickly,
in terms of its importance
to the United States,
and the organizational dimension
of it in the US government.
In 2007, the director of
national intelligence
issues a threat assessment of
all the threats against the country.
The word "cyber" isn't in it
a single time.
Fast forward just
a couple of years,
you had the creation
of cyber command.
Fast forward a couple
more years, it's 2012.
Suddenly cyber has gone from
not being mentioned at all
in those threat assessments,
to being one of
the top three threats
facing the United States.
Secretary of defense panetta
goes on board the intrepid, which
is an aircraft carrier museum--
I think the background
is not a coincidence--
and talks about
a cyber Pearl harbor.
We know that foreign
cyber actors
Are probing america's
critical infrastructure networks.
They are targeting the
computer control systems
that operate chemical,
electricity, and water plants,
and those that
guide transportation
throughout this country.
The collective result
of these kinds of attacks
could be a cyber Pearl harbor.
And as people were warned about
this notion of the cyber Pearl harbor,
what they seem to miss was,
in fact,
that the US had set up
a regime where,
if they, if Russia took down
the electrical grid
or if China took down
a, a gas pipeline,
they should expect
a military response.
The government had plans
for a massive, kind of,
major attack against
the electrical grid.
What they didn't really
have plans for was
this kind of, like,
incremental, hit a company,
you know, destroy its brand.
Destroy its capacity
to do business.
How are we gonna respond,
as the US government,
to those kinds of attacks?
I started with just
a huge fascination
with North Korea.
Me and my writing partner Evan
would read articles and books
and watch documentaries,
and it was just, like,
endlessly fascinating to us.
Uh, who is it?
It is, uh, Kim Jong-un.
What?
And then when
Kim Jong-un took over
is when the idea really
expanded in our heads,
because we realized
he was around our age,
um, and we read more
about his life,
and he weirdly was like
a very sympathetic character
in, in some ways.
We came up with this story
about a guy who hosts
a very exploitative
late night talk show.
Kim Jong-un is a big fan
of his TV show.
So we get an interview with him.
And then the CIA says,
because we are gonna be
the first Americans,
you know, face-to-face with him
in a long time,
uh, we could kill him.
We pitched the idea to Sony,
and they basically said, like,
"If you get James Franco
in this,
we'll make this movie
right away."
And we were like, "Okay."
If I recall correctly,
it was them who suggested
that we make it actually
Kim Jong-un.
It was something that, like,
we were maybe, we were like,
"Should we make up a guy?
Is that too much?" Um, and,
Sony suggested, like, "Well,
just call him Kim Jong-un.
It's probably funnier that way."
Okay.
So, when the trailer comes out,
North Korea releases
a statement through the UN
condemning the movie.
North Korea is accusing
the United States
of "provocative insanity."
An "act of war."
And promising "a decisive
and merciless countermeasure"
if the US supports
the release of the film.
We were trying to understand
how seriously to take this
and whether there was something
that we should be concerned about.
I called a friend of mine
at the State Department
who directed me to the person
who knew about the subject.
They said the
North Korean government
tends to be prone to
make a lot of threats.
But almost never carried out
on those threats.
And they would certainly never
be able to carry out
on a threat on US soil.
There was no mention
whatsoever of cyber.
Around then, conversations
started to come up,
of like, "should we
tone it down a bit?"
The idea that maybe, uh,
killing Kim Jong-un
so graphically was maybe, um,
extra antagonistic.
LYNTON: Seth Rogen and his group
were very resistant.
They felt that it added
to the satire.
It was a lot of back and forth and there
was a little bit of argument about it.
But we ultimately
came to a compromise, I think.
At that point, we felt that we had
taken all the necessary precautions.
We made the changes
to the picture that,
you know, Sony felt, or that my,
my employer felt was,
was necessary and, you know,
the rest was about
getting the movie out.
In North Korea,
the reconnaissance
general bureau,
which is the North Korean
equivalent of the CIA,
dispatched a young hacker
to go to China
and Southeast Asia
and put together a team that
would break into Sony's systems.
Jim clapper went to North Korea
during the middle
of the Sony hack,
and met the head of the
reconnaissance general bureau.
He was trying to get the
release of two Americans there
while the hack was underway.
And he never raised it because
he never knew it was happening.
The North Koreans
went about this patiently,
and somewhat brilliantly.
In September of 2014, they
broke into the Sony systems.
But they didn't then just
turn around and attack.
They spent weeks examining
how each element
of Sony's operations
were tied into
the computer system.
They lurked in the system
long enough
to figure out how they
could do maximum damage.
And it wasn't until
just around Thanksgiving,
two months later,
that they struck.
LYNTON: I was driving to work.
My phone rang in the car.
The chief financial officer
of the company rang me up
and he said, "we have
a real problem at work.
All the email has gone down."
Nobody was able
to retrieve any data.
And as the day progressed,
it became quickly evident
that it was way beyond that.
That in fact, we had...
Pretty much 70 percent of our computers
had been knocked out of action.
Had been ruined, frankly.
Serious breach at
Sony pictures last week.
A skeleton appeared
on the Sony picture computers
with a small message that claimed
they'd been hacked by a group
calling itself
"guardians of peace."
Whoever they are,
the guardians of peace
have already done real damage.
Employees communicated
with a phone tree,
and paid people with paper checks
cut by a machine pulled from storage.
Sony, by the time this is done,
is gonna lose
tens of millions of dollars
just recovering from
this attack.
It's a huge cost, just in terms of
the impact of the IT infrastructure.
But more importantly,
it's a huge cost to the brand,
because they steal
a lot of data in this attack,
and then they start
releasing it publicly.
Tinseltown's dirty laundry
is laid out in plain view.
And it is not pretty.
The studio's co-chairman
and a powerful
Hollywood producer
used racial jokes to mock
President Obama.
A top producer criticizing
Angelina Jolie's talent and ego.
These are juicy.
We had seen criminal hackers
and hacktivists
use this hack and dump technique
to intimidate victims
on a small scale.
That was the first time
we had seen a nation-state
do it very effectively.
The first thing that
the North Koreans did
was give it to reporters.
And then, when they've
exhausted that channel,
they gave it to WikiLeaks.
This was all very valuable
information to the company.
Trade secrets, like scripts
before movies were released,
detailed contract information
about what had been paid to whom.
By the way, Seth Rogen made
two million dollars more
-than co-star James Franco.
-Mm...
You wouldn't assume
someone's stolen property
was instantly going to be made
available for public consumption
by the media.
Sony were the victims
of a crime.
And then the media
took the victims of a crime
and made it a hundred
million times worse.
You want us to assassinate
the leader of North Korea?
-Yes.
-What?
James Franco, Seth Rogen
here right now.
And that's what the whole world
is doing right now, saying, "What?"
I go to New York
to, like, do the final week
of promotion for the film.
It's a very weird thing to do.
To promote a thing
that is causing the world
distress at that moment.
And that's when, like,
it really ratcheted up a notch.
The hackers made a threat against
anyone who goes to see Sony's new film.
This message warns movie-goers
to stay away from theaters.
The group is threatening to deliver
what it calls its "Christmas gift."
I literally got on a plane and left New
York in the middle of my press tour.
I think I was, like,
on the way to do "Jimmy Fallon,"
and I was like, "Let's
go to the airport. Like...
I don't think this movie's
coming out, guys."
And I went back to la,
and went to Sony,
and was like, "what's the plan? Like,
is it gonna be pulled from theaters?
It seems like people don't
want to play the movie anymore."
LYNTON: When the email came out
that involved physical threats,
there was a lot of conversations
with the theaters that happened
where they were asking to
delay the release of the picture.
I think Michael Lynton didn't
want to leave the theater owners,
you know,
looking like the bad guy.
So, he then was like,
"I'm gonna pull the movie.
"I'm just gonna say...
it's... it's, it's pulled.
"And we all need to come
as like a united front,
and say that
that's what we want."
And we were like,
"Absolutely not."
Today, Sony cancelled
the Christmas day release
of "the interview."
The hackers win.
I don't know
how else to frame it
now that Sony has cancelled
the release of "the interview,"
that spoof about North Korea
starring James Franco
and Seth Rogen.
A couple days later,
we were all gathered
in our bungalow on the Sony lot.
And they were like, "There's
a press conference coming,
and Obama's gonna
talk about it, I think."
And we, we were like,
"He's not gonna talk about it."
Like, and it was like
the first question.
Thank you, Mr. President. Uh,
let's start on North Korea,
'cause that seems to be
the, uh, biggest topic today.
Uh, what does a proportional
response look like,
uh, to the Sony hack?
The question at that time was,
well, how serious a deal is this?
And before you knew it, it was
an international security incident
that involved the president
of the United States.
HURD: If North Korea
launched a missile
into San Francisco,
everybody knows what the United States
of America, our response would be.
Right? That's a
physical-on-physical attack.
But what is a
digital-on-digital attack,
and what is the
appropriate response?
John McCain at the time said,
"This is an act of war."
It's a new form of warfare
that we're involved in,
and we need to react,
and react vigorously.
President Obama
didn't want to go there.
When we were in
those conversations
both in the
department of defense
and in the white house,
you fear that if you go too hard
against the North Koreans,
it becomes a real
military conflict.
The last thing you want
is to do something
that escalates it,
and the North Koreans
then hit the US back
in our critical
infrastructure, right?
We didn't know whether
they were in the grid
and could take something down.
We will respond. Uh, we
will respond proportionally,
and we'll respond, uh,
in a place and time,
uh, and manner, that we choose.
It's not something that
I will announce,
uh, here today
at a press conference.
No one really knows what the
US government did to North Korea.
There are press reports
that suggest that
not long after the Sony hack,
suddenly, uh, North Korea's
internet went down.
Even if it were the
United States government
that shut down the Internet
of North Korea,
at the time, North Korea
had 28 websites.
So the United States
is far more vulnerable
to cyber attacks than many of the
countries that are trying to attack us.
LYNTON: The president
didnt necessarily
have a response to that,
to them,
And so, he chose
to talk about Sony.
We cannot have a society
in which some dictator someplace
can start imposing censorship
here in the United States.
He was like, "Yeah,
theaters should play it."
Um, "We shouldn't succumb
to these threats."
And we were all like, "Great!"
But everyone just bailed.
LYNTON: There was certainly
disappointment
on the part of the filmmakers
that they weren't gonna
see the movie in, you know,
in theaters
all across the country.
We reassured them that we
intended to put the movie out.
I called Eric Schmidt at Google.
He and the folks at Google
felt that it was important
that the picture get out, and they
offered to put it out on their platform.
Ultimately,
they let the theaters
who wanted to play it play it.
It was in, like, 20 theaters
or something like that.
Um, I think it is
still Google Play's
number one ever
downloaded movie.
And also, the scene
is released.
"The Verge"
or something like that
goes through the hacked footage,
finds the shot of
Kim Jong-un's head exploding,
and releases just that online
for everyone to just see.
This was a big deal.
That a country that is so poor,
and has only ten percent of
its population with cell phones,
could actually wage
a cyber attack
against one of our most
powerful movie studios
and a major corporation, and
create an international crisis.
HURD: The Sony attack changed
the publics perception
of what a cyber attack was.
Prior to Sony, people believed,
"oh, somebody's trying to
steal my credit card information."
"They're trying to steal my social
security in order to commit fraud."
Sony was purely an attack
to destroy.
2014 saw, for the first time,
destructive cyber attacks
carried out on US soil
by nation-state entities.
Marked first by
the Iranian attack
against the Las Vegas sands
casino corporation
a year ago this month,
and the North Korean attack
against Sony in November.
While the both of these nations
have lesser technical capabilities
in comparison to Russia
and China,
these destructive attacks
demonstrate that
Iran and North Korea are motivated
and unpredictable cyber actors.
Russia and China
continue to develop
very sophisticated
cyber programs.
And while I can't go
into detail here,
the Russian cyber threat
is more severe
than we had previously assessed.
These days, one must always
get hired by the lawyers,
because the lawyers are the first
call of a company that gets hacked.
Because there might be
lawsuits that would follow
from, uh, from the announcement
over the breach,
so, very, very typically we get
a call from a law firm that says,
"One of our clients, uh,
thinks they may have an issue.
Can you come in and help them?"
In this case, it was the DNC.
The call came on a Friday,
so it took US a few days
for US to go into the network
and find infected machines
on the network.
This wasn't just on one system.
There were hundreds of systems
that were being impacted.
We start looking at the malware
and immediately realized that this was
malware we had seen many times before.
That we had high confidence
attribution to the GRU,
the Russian
military intelligence.
We're seeing them spread
from system to system,
touch files, take those files
out of the network,
stealing data,
monitoring everything.
You can't just shut down
one machine
because they're everywhere.
So you have to shut
everything down, um,
and spend several days
rebuilding all the infrastructure.
We told, um, the DNC, "When do
you want us to do this remediation?"
At the time, the primaries
were in full swing.
Hillary Clinton had not yet
locked down her nomination,
so they said, "Let's plan for
four or five weeks from now,
um, when the primaries are
over and we're not under the gun."
Waiting a few weeks
did not seem outrageous.
Of course over
that period of time,
the Russians continued
stealing documents,
and we're sort of helplessly
watching them.
I was really confused
and disturbed
by what was happening.
But initially, uh, the FBI
didn't take it all that seriously,
and so, it wasn't rising
to the level of,
of urgent, you know,
five-alarm fire, uh, drill.
I want to congratulate
Hillary Clinton
on making history as the
presumptive Democratic nominee
-for president of
the United States.
Finally, in June of 2016,
we kicked the Russians
out of the DNC network.
This just in to CNN.
Russian hackers
managed to infiltrate
the computer network at the
Democratic National Committee.
The researchers were roaming
around the network for about a year,
but were removed this weekend.
We've talked to DNC officials.
We've also talked to the outside
firm that the DNC brought in
when they recognized
that there was an issue here.
That firm called CrowdStrike.
There was a small blip on
the, on the, on the news cycle
that day, of, "Oh,
Russia's hacking the DNC,"
but national media
moved on within hours,
and, uh, I thought that was
gonna be the end of the story.
But then on the Eve of the
Democratic national convention...
Wikileaks dumps the emails.
Good evening. Their party's
chairman off the program,
an apparent Russian email hack,
and now a revolt among
Bernie Sanders supporters.
Welcome to day one of the
Democratic National Convention.
The information stolen
from those servers in the DNC,
suddenly it begins to
surface in this way
that was presaged by
the Sony attack,
and the Sands Corp attack.
emails released by wikileaks,
proving the DNC had favored
Hillary Clinton over Sanders.
Comes out through WikiLeaks, which
makes everything searchable so you'd be,
you know, there'll be a dump
of 20,000 emails
and you just type in some names
if you're a reporter,
and suddenly you've got a story.
The thousands of hacked emails
leaked to wikileaks
rocked the Democratic
national committee.
I'm so proud--
One of the things
they were doing
was trying to stir up trouble
between the Bernie delegates
and, and, and our forces.
Bernie Sanders supporters
say the emails proved
the party favored
Hillary Clinton all along.
It just validated
everything we thought.
That this was completely rigged
right from the beginning.
By using that stolen material,
the media injected the idea that
the DNC had rigged the entire process
against Bernie Sanders.
And there's a kernel of truth.
Clearly there are people in the
DNC who didn't like Bernie Sanders.
But that doesn't mean
the whole process is rigged.
And the media allowed them to go
from the kernel of truth
to the conventional wisdom,
Because it sold papers,
and it got people to watch TV.
But they were amplifying the messages
that the Russians wanted amplified.
In that pile of information
that's come from the DNC,
there were some documents that
were campaign finance documents
from the campaign that would--
had been unlikely
to be at the DNC.
So, the campaign
began to look at
where might those
have originated.
turned out, in the spring,
one of my colleagues who
had access to my email account
had seen what was
a fairly professional
phishing operation,
looking to be from Google.
She reported that to the people
in the tech security side
of the campaign.
He sent back an email to my
assistant saying that it was real,
and that I should change
my credentials.
She then clicked on the link,
and that's how I was hacked
by the Russians.
But at that point, we weren't sure
what the extent of the breach had been.
In the summer and fall of 2016,
there were many meetings
about the Russians.
There was a lot of
back and forth about what to do.
We began to get information
about cyber activity that was focused
on our voter registration databases.
And we realized that it was
probably about disrupting
the integrity of that data.
The Russians could go into
a voter registration database
and change that data,
so that on election day,
when voters show up to vote,
they are turned away.
There is chaos
at the voting place,
because the name doesn't
match the identification,
and you could
disrupt election day
to the degree that
the American public
would doubt the legitimacy
of the process,
and then potentially,
the legitimacy of the outcome.
That's what Obama's focus was.
When Obama saw putin
in September,
he basically threatened him
that if they tried
something like that,
there'd be severe consequences.
What I think they
underappreciated
was how much effect the Russians
could have from the hacking,
and from their massive
disinformation operation.
STAMOS: During the election,
we had a dedicated team
at Facebook
whose job it was to
look for Russian actors.
And we had found GRU activity.
We had found DCLeaks.
We had found them pushing
disinformation,
but not really at scale.
And we didn't really understand
what was behind the vast
majority of this fake news.
But right after the election,
we took all of the
political ads that were run
in the United States
in the year before the election.
And then we figured out all the
accounts that were possibly tied to it.
So this is the people who
ran the ad, but then also,
people who used the same
computer as the person who ran an ad.
Or people who have used the same
phone as the person who ran the ad.
And then for every single one
of those accounts,
we looked for possible links
to Russia.
We start pulling that thread, and
then we eventually find this cluster
that we can all link together, and
that was the Internet Research Agency.
The Internet research
agency, llc
is basically a building
in St. Petersburg
with a bunch of trolls
sitting there
trying to drive divisions
in US society.
It's existed for years
and years at this point.
And they've done
propaganda work in Russia,
and Ukraine, and the like.
The ira specifically sent people
to the United States to study
the political sphere in the US
and to understand what
the pressure points were.
So in 2016,
they were creating
these fake American personas,
and then running ads
as political groups.
The depth of the content
was surprising.
Our assumption was that all of this
content would be on one side, politically.
But what they had done
very effectively
was find a friction point
and then try to manipulate
people on both sides.
The number-one topic was
actually black lives matter.
They created a fake persona
to pretend to be
a pro-black lives matter
activist.
And to push narratives
that both would maybe radicalize
people who were supportive
of black lives matter,
but also look radical
to more moderate people
who could say, like,
"oh, look at these people.
Yeah, they're, they're
they're really nuts."
They even, in a couple of cases,
tried to create protests
where a pro-immigration group
and an anti-immigration group
protest one another by inviting people
to events that were at the same time.
Down with the racists!
Down with the Nazis!
We were surprised that
putin would care so much
about who the
next president was.
That he was so intent
upon damaging me,
Damaging my campaign,
preventing me, if he could,
from becoming president.
And also how adept they were
in sowing disinformation,
misinformation.
It was unlike anything
we'd ever seen.
STAMOS: None of us kind of
conceptualized this
as the kind of groups
we should be looking for.
Intelligence teams
at the companies,
and in places like NSA
and the US government,
were focused on very
traditional threat actors.
General clapper's this old
cold warrior.
Grew up as the son of
an air force officer,
becomes an air force
intelligence officer.
And yet, the cyber conflicts
that are springing up
during his time
as director of
National Intelligence
Are an entirely different
kind of threat
that he's just trying
to keep on top of.
And time and time again,
he keeps getting caught
by surprise.
It's not his fault.
We had never built
an intelligence network
designed to pick this stuff up.
But there he is in North Korea
while the North Koreans
are inside Sony.
And there he was,
sitting on a system
that failed to raise
a timely alarm
to the president
of the United States
that the Russians were inside
the Democratic national committee.
Much less inside Facebook.
You know, 20/20 hindsight,
it's all, it's perfect vision.
At the time, there was concern
about publicizing this,
because by doing so, we'd
simply amplify its importance.
And I think, as well,
there was reluctance
to be seen by the
last administration as
putting its hand on the scale
in favor of one candidate,
or appearing to do that,
To the disfavor of the other.
The system, folks, is rigged.
It's a rigged, disgusting,
dirty system.
It's a dirty system.
Then candidate Trump
was alleging
that if he didn't win
the election, it was rigged.
So, there was reluctance to,
you know, to play to that--
to play to that narrative.
But the magnitude of what
the Russians were doing
grew both in expanse
and clarity.
And on the 7th of October,
we finally came out
with a public statement,
which was a pretty
forthcoming statement
about the Russian interference.
there's more breaking news
we're following tonight.
The United States
now openly saying
that Russia is directly behind
a series of cyber attacks
targeting the upcoming
presidential election.
Well, unfortunately our message
was completely emasculated.
A recording of Donald Trump
made more than a decade ago...
Because that's the same day that the
"Access Hollywood" audio tape came out.
You won't want young children
to hear it.
The letter from the intelligence
community comes out.
The "Access Hollywood"
tape comes out
all in one day.
And WikiLeaks starts
dumping my emails
an hour after the "Access
Hollywood" tape comes out.
You can judge whether
that's a coincidence.
Two thousand more emails
have been posted online,
apparently from
the hacked account
Of Hillary Clinton's
campaign chairman John podesta.
Thousands of hacked emails from
her campaign chairman, John Podesta.
Third installment
of the hacked emails
from Hillary Clinton's
campaign chairman John Podesta,
and so far, the messages
have provided a look
into the inner workings
of the Clinton camp.
Most of those ended up
being of little import.
I'm a boring sort of guy.
One email reveals
a disagreement
between top Clinton aide
huma abedin
and podesta over Clinton's
press strategy.
A lot of this was gossip.
In another email,
a longtime Clinton aide
refers to Chelsea Clinton
as a, quote, "spoiled brat."
But people thought, well,
if it's secret,
or if it's stolen,
it must be more sexy.
It's kind of shadowy.
"They didn't want you
to know this much."
Like any good peek
behind the curtains,
they show things the campaign
obviously would rather keep under wraps.
The Clinton emails
are fascinating
and hilarious reading
in some ways.
So is it more like "Veep"
or is it more like "West Wing"?
We were very frustrated.
The fact that this was
a hostile foreign government
interfering in the election
was never really part of
what the coverage was.
I would just add, you know, this
should be of concern to everyone
that the Russians are trying to
influence our election.
You know, everybody
was clearly informed
about my email mistakes,
but they didn't know
there was an active campaign
against us by the Russians.
they did not know that
the trump campaign had personnel
associated with it, who
were also being investigated.
If you look at trump's campaign
the last month,
he mentioned WikiLeaks
over 160 times.
And they used the most perverse
Twisting of anything
in John podesta's emails
to create controversy,
and, uh, sow distrust.
A Russian news outlet just totally
misrepresented one of these emails,
and then Donald Trump read it.
She's now admitting that
they could have
done something about Benghazi.
This just came out
a little while ago.
There was, like,
an email story every day,
and then Comey drops
this hand grenade on us.
The October surprise
came in the form
of a three-paragraph
letter to congress
from FBI director James comey,
who wrote that agents
on an unrelated case
had learned of the
existence of emails
that appear to be pertinent
to the Clinton investigation.
It's the wilderness
of mirrors now,
in terms of investigation
upon investigation.
We have to investigate
Hillary Clinton,
and we have to investigate
the investigation.
This is out of
a Russian playbook.
"When nothing is real,
everything is possible,"
as one of Putin's critics said.
I don't think anybody knows
it was Russia
that broke into the DNC. She's
saying Russia, Russia, Russia.
But I don't-- Maybe it was.
It also could be somebody
sitting on their bed
that weighs 400 pounds, okay?
It begins to kind of
destroy any trust
that people have.
Do you make the same commitment
that you will absolutely accept
the result of this election?
I will look at it at the time.
And that really destroys
the credibility of democracy.
That's what Putin wants.
We look at our electronic
superimposed map of the nation
here out back
30 rockefeller Plaza
in New York,
where the sun will be rising,
uh, on the president-elect
Donald John trump
of queens, New York.
I felt like, you know,
my insides had fallen out.
It's like, I mean...
devastating.
For months, the newly elected
president is under fire
for how he's dealing
with Russia.
I know a lot about hacking.
And hacking is a very
hard thing to prove.
So, it could be somebody else.
And I also know things that
other people don't know,
and so, they cannot be sure
of this situation.
And everybody is awaiting his
first meeting ever with Vladimir Putin.
Which took place in
Hamburg, Germany.
So we all fly into Hamburg.
Trump meets putin, first time.
Has a long conversation
with him.
Then at the dinner that night,
goes off and has a separate
conversation with him
that no one else has witnessed.
President Putin and I have been
discussing various things,
and I think it's going
very well.
We've had some very,
very good talks.
I head back to my hotel room,
and as I'm checking out,
my cell phone rings.
It's the president.
"David, I just had the most
remarkable conversation
"with Vladimir Putin.
"And he tells me,
"that if it had been
the Russians
"who had meddled
in the election,
"we never would have seen them.
"And therefore,
it couldn't have been them,
"because they wouldn't
have been this sloppy.
"You write about this stuff.
You know about all of this.
He must be right."
The president was actually
looking for affirmation.
He was looking for
any way to deny
or cast doubt about
the question of whether
the Russians
were behind the hack.
And at that moment you knew
that the United States
government
was not going to organize itself
to push back on the Russians.
Let's be clear from the outset.
This is unlike any cyber attack
that we have seen before.
We want to start on this
Wednesday morning
with that crippling
cyber attack.
It's a new form of ransomware...
It is hitting companies
around the world
holding their computer systems
hostage for money.
In 2017, shortly after
trump came into office,
we saw a dramatic escalation
in the scale and the scope
and the nature of cyber attacks.
There was a massive
ransomware attack called "notpetya"
that started in Ukraine.
It was June 2017.
I'm deputy head of the
presidential administration.
Took a few days' vacation to drop
my, uh, kids to the summer camp.
And in the morning, I start receiving
text messages from my team.
"We think Ukraine
is under attack."
"Our infrastructure
is registering attacks.
The virus is destroying
computers."
You know, atm machines
were not working.
Hospitals reported
their computers being down.
TV station, grocery stores...
It was devastating.
It was spreading like fire.
Ukraine is Vladimir putin's
petri dish.
It's where he experiments
on every single technique
that he ultimately ended up
using in the United States.
Breaking into emails,
and making them public.
Sowing chaos
with disinformation.
Russia was constantly testing
different strategies,
and different approaches,
in Ukraine.
attacks on the electrical grid,
2015, 2016.
Attack on the transportation
infrastructure.
Odessa airport,
Ukrainian subway in Kiev.
You don't see the regular war.
But war is taking place,
and it's devastating.
With its notpetya attack,
what the Russians
didn't count on
is that the spreading
algorithms that they put in
were so aggressive that
it wouldn't just contain itself
to the network of one company.
any firms with any
links to Ukraine
are being contaminated
by this contagious virus.
It would quickly jump out,
and compromise contractors,
other networks that you
may be connected with.
It escapes the box, and it
begins to hit the corporations
and companies
all around the world.
Maersk shipping was one.
Fedex was another.
They lost hundreds of millions
of dollars of business
just from the loss
of business operations
and the money they had
to pay to remediate
the damage to their systems.
There was one other aspect
to the notpetya attacks
that made this story
really complicated.
It turned out that
a component of the attacks
had relied on code
that had been stolen
from inside the NSA.
In the summer of 2016,
a group that called itself
theshadowbrokers
began posting thousands
of lines of this code
to make it clear to the NSA
that they had the crown jewels.
Before long, the North Koreans
used parts of the
shadowbrokers code
when they attacked with
a weapon called wannacry.
This specific worm that was
leaked from the NSA's toolkit
targeted Microsoft windows.
Windows-based computers
in the US
and across the globe
could be at risk.
I will always remember
on that morning,
sitting in the meeting of
Microsoft's senior leadership team.
And all of a sudden,
people are seeing emails
pop up on their screen.
Reports from one customer
after another. "What's going on?"
We're getting details of this massive
international cyber attack today.
Hackers demanding money
have paralyzed computers
In at least 99 countries.
You could almost see this worm
moving with the time zones
across the Atlantic ocean
from Europe to North America.
It was as if we had lost
the blueprints
for an American missile.
The North Koreans
and the Russians had grabbed it,
improved upon it,
designed a prototype,
and shot it back at
American allies and friends.
It attacked 155 countries
in one day.
In the history of humanity,
no weapon has ever been fired
by a single country
in a way that hit so many
other nations simultaneously.
The volume of attacks
is escalating.
The sophistication
of attacks is escalating.
And the debate about
how to go deal with it
is only getting
more and more confusing.
It was my first day
as council president.
It was about 12 o'clock
in the morning.
I'm on my work phone
and I try to get into my email,
and it doesn't work.
And then I get onto my
Surface Pro, and it doesn't work.
And so I start to call some
other folks that I knew would be up
and I was told that
we had been hacked.
We had been hit by
a ransomware attack.
We were advised by--
uh, the administration but also
from the federal government--
that we should not
pay that ransom.
We couldn't communicate with the people
that we normally communicate with.
People couldn't come in
and fill out for their permits.
Real estate deals
could not be done.
Bills could not be paid.
Parking tickets could
not be paid.
Fines could not be paid.
We're talking about lots
and lots of business in the city
that could not be done
because the systems
were crippled
and pushed down to a halt.
I lost, you know,
literally 12 years of files.
What was the cost to Baltimore,
ultimately?
Yeah, it was upwards
of $15 million,
is what we had to, to pay out and
to rebuild, and build better systems.
And the original ransom
was far less than that.
Far less than that,
but, you know,
the mayor made a decision
based on the advice of,
uh, public safety experts
to not pay it.
Cites across america
have been paralyzed.
And some of them, including
one small town in Florida,
decided it was cheaper
to pay the ransom
than to try to go rebuild
the databases.
SCOTT: cities and governments
around the country,
businesses around the country,
non-profits around the country,
school systems
around the country,
have to understand that this
is the world that we live in now.
Right? This is the new normal.
Secretary Nielsen,
looking ahead to 2018,
what is DHS's current estimation
of the threat to our elections,
from Russia, or any other
hostile actor?
We think the threat
remains high.
Uh, we think vigilance
is important,
and we think there's a lot
that we all need to do,
uh, at all levels of government,
uh, before we have
the midterm elections.
When it comes to elections,
the president never,
uh, understandably,
never wanted the results
of the elec--
of the election
to be questioned.
It was very difficult,
but those who need to be
focused on the elections,
they know what they need to do.
The people who need to do
the work that needs to be done,
have really dug in and,
and recognized the, the threat.
When he was running
for president,
trump had not really
thought about cyber.
I don't think he had even
heard about stuxnet.
He certainly never registered
what it was all about.
He said to me at one point,
"Oh. The cyber.
The cyber is very powerful."
But candidate trump said he
wanted to pull American troops
out of the middle east, out
of South Korea, out of Japan.
So he saw cyber as
this magic bullet.
Today I'm convening this meeting
to follow through
on my promise to secure
crucial infrastructure.
And the networks that
we've been talking so much about
over the last period of time
of the federal government
against cyber threats.
By the time trump
became president,
the United States had built up this
massive, offensive cyber program.
It had gone after
North Korea's missiles.
North Korea has once again
attempted to launch
a ballistic missile, and failed.
They Mark the second
and third launch failures.
Another failure.
Using code to send those
missiles spinning into the sea.
It had gone after the Isis
recruitment system.
It was called
"operation glowing symphony."
And the idea basically
was to knock Isis offline.
But one of the key lessons
of the Obama administration
was that despite developing
all these new capabilities,
it took far too long to get
cyber operations approved.
During the time I was in
the department of defense,
not even the
secretary of defense
could approve an offensive
cyber operation.
That was only the president of
the United States.
President Trump has taken
a very different approach,
where he's delegated
the approval authority
to a lot of offensive
cyber operations,
not only to
the secretary of defense,
but to the commander
of cyber command.
What do you think our
adversaries think right now?
If you do a cyber attack on
America, what's gonna happen to 'em?
So, basically, uh,
I would say right now, um,
they do not, um, think that
much will happen to them.
-They don't fear us.
-They don't fear us.
Once general nakasone
took over at the NSA
and cyber command,
he put together
within the organization
something called the
Russia small group,
who were determined to take an
aggressive stance against the Russians.
For several years,
the United States had warned
that Russian hackers were
inside the US electric grid.
In 2018,
the NSA took American-made code
and put it inside the Russian
electric grid.
And they designed some of it
in a way to make sure
the Russians saw them.
It was supposed to say,
"we're not gonna do this
in a covert way.
"We're gonna make you understand
what the price will be."
There were also
a series of messages
sent to Russian
influence operatives
that said, "we know who you are.
"If you continue to conduct
cyber attacks,
"and if you try to target
the election in 2018,
there will be repercussions."
There were very targeted
cyber operations
to make it clear that
we knew who was doing what,
and we were gonna degrade
their capability to succeed.
HEALEY: In 2018, in the lead-up
to election day,
cyber command takes down the
Russian Internet research agency.
They got in there, and really
took apart their home network.
Really disabled it,
so that they wouldn't be able
to conduct their
social media campaign.
HULTQUIST: This was a very
forward-leaning operation.
It looked to be
pretty successful.
Russian actors were somewhat
quiet during that period.
The question is,
how long will that last?
Can we defend forward against
every, you know, potential actor?
Good morning,
Sandra and ed.
And now it is up to
the Iowa voters.
Iowans in more than
1,600 precincts are gathering
to back the person they want to win
the Democratic presidential nomination.
My purpose here is very simple.
It's to come before you
one more time
and ask you to caucus for me.
we are still awaiting
the first official results
given to US by the party.
Obviously, things are going
a bit slow for them.
Sixteen hours since
the Iowa caucuses began.
We're still waiting for
the results.
The app didn't work.
No one knew if it would.
This is, so far, not so good.
Iowa was exactly my worst fear.
The biggest concern was that voters
would not be able to trust the system.
What about the confidence
in the vote?
Especially with,
against the backdrop
of the Russian
interference in 2016.
What Iowa is demonstrating to
adversaries of the United States is
all they have to do
is create that appearance.
And they probably don't even have
to create their own disinformation.
American partisans
will do it for them.
NEWS ANCHOR: The presidents son
was saying its rigged.
The president's
campaign manager.
The Biden campaign
is out there
openly saying they don't trust
what the results will be.
They've created what's called
a perception hack.
Our mind immediately
goes to the question,
"Are the Russians
messing with our election?"
It doesn't matter whether
they are or they aren't.
This is one of the confusing
aspects of election security.
It's not just about
trying to hack into computers.
There's another aspect
of election interference
that's about trying to
hack into your brain.
They're ultimately trying
to get the American people
to lose confidence
in the system.
That the system
is beyond repair.
That the system is broken,
and their vote doesn't matter.
US officials have now told, uh,
Senator Bernie Sanders that Russia
is trying to help his
presidential campaign.
How do you think
it came out now,
if you had the briefing
a month ago?
Well, I'll let you guess
about one day before the, uh,
Nevada caucus. Why do you think
it came out?
'Cause the "Washington Post"?
Good friends.
Joe, what do you say
to the Russians?
I'm comin'.
They're continuing to meddle.
They're involved in this race,
and in my primary.
They're involved
going after me on Facebook.
They've already been taken down.
Because Putin knows me
and I know him,
and he doesn't want me
to be president.
The Russians want everyone in
this country to mistrust everything.
Whether or not
the Russians are involved,
these next few months
are gonna be tense.
We do have breaking news.
The coronavirus outbreak
is now a global pandemic.
No country is untouched.
No part of our everyday lives
is untouched.
We will see more cases,
and things will get worse.
The coronavirus
has reordered the competition
for world power.
And so, it's not surprising
that it's reordered
cyber power, as well.
Bad information is now
spreading online
faster than
the coronavirus itself.
Cyber experts and
public health officials
warm this so-called
info-demic is dangerous,
and needs to be contained.
In the midst of covid-19,
disinformation gets
super caffeinated.
And we see it play out
in Russia's favorite
petri dish once again,
In Ukraine.
As the coronavirus began
spreading across the world,
Ukraine quickly moved
to start bringing
some of its citizens back
from Wuhan,
to serve out 14 days
of self-isolation
in this tiny little town
in central Ukraine.
These people were not
infected with the virus.
But people on social media
began spreading this misinformation
that these Ukrainians that are
coming home from Wuhan are infected.
People started using viber,
and Instagram and Facebook
to warn each other.
Some of the messages
went even further in saying
we need to go out
into the streets and protest.
We need to turn these buses of
people around to protect our children.
Or else we're going to wake up in
the morning, and we'll all be dead.
-This disinformation
actually fueled
a real-life protest
in the streets.
Police came out in response.
Clashes ensued.
When something like this
happens, in Ukraine especially,
the entity that is always
pointed at first is Russia.
There are signs that Russia
could be involved.
But there are real people
in these groups.
Real people who I interviewed,
who said, "I also shared
messages in this group
"to go out and protest,
to protect myself,
to protect my family."
And it just spiraled out of
control very, very, very quickly.
Within hours.
There's a lesson in
what happened in Ukraine.
The Russians are already
changing the playbook.
They're targeting people
who might be susceptible
to the message,
the conspiracy.
And repeat it themselves.
And it's not just the Russians.
The pandemic now becoming
even more than a public health crisis.
It is turning into a major
diplomatic clash
as the blame game unfolds
on the origins of the virus.
I would like to begin
by announcing some
important developments
in our war against
the Chinese virus.
The Chinese in 2020
have used disinformation
brilliantly
as people have been
casting blame for COVID-19.
There was a story spread
that the virus didn't begin
in a wet market in Wuhan.
But instead that it began with
a US army exercise in China.
There's absolutely
no evidence for this at all.
But the Chinese saw
how well the Russians were
able to plant this information,
And watch it take off naturally
among conspiracy theorists
and others.
STAMOS: I think weve been
highly distracted as a country
by focusing just on Russia
since 2016.
When the real long-term
strategic challenge for us
is going to be China globally.
Russian foreign policy
is to take others down,
and cause disruption
in the system.
China has very
different priorities.
They're trying to work within the
system and take over the system,
so they're not interested
in chaos. It's all about theft.
And primarily theft of
intellectual property
that can be used to further
build up the Chinese economy.
There was one time we were
brought into a company
that was in the satellite
communications business.
They had discovered a hack,
and, uh, they asked us
to analyze it,
and ultimately help
protect them.
We saw that the email address
that was being used to register
a bunch of this infrastructure
was being reused continuously.
It was a gmail address.
And we tracked it to
an individual in China.
They had a social persona,
and had a Picasa album,
which at the time was a photo
album that was owned by Google.
It was open, and he had a
bunch of pictures of his girlfriend,
and his family, and himself.
And he had pictures
of his dorm room.
And in the corner
of the dorm room we saw a hat.
We started doing
imagery analysis,
and we noticed that
the hat was pla officer's hat.
We thought,
"this might be interesting."
We might have someone
from the Chinese military
on our hands here that may
be responsible for these attacks.
We found other pictures
that he had posted online
that were labeled "office."
There was a picture of this
big white building behind him
that had huge antennae dishes,
had reflective coating
on the windows,
that would prevent
signal interception.
We started doing satellite
imagery analysis
to try to locate this building.
We tracked it down to Shanghai.
To a particular area
of Shanghai.
We started looking at the
imagery. We said, "wait a second.
There's military guard gates
all over this building."
We got the address
of that building,
and we started looking into
Chinese government materials.
And sure enough, we discovered
there was the headquarters
of the 12th bureau
of the third department
of the general staff
of the people's liberation army,
giving US pretty
high-level confidence
that this hack had come from
the Chinese military.
This is actually
part of a plan.
They lay it out in their,
their five-year plans
for the technology
they want to acquire.
If they can generate it
indigenously, great.
If they can't,
because they want to
get it fast, they'll steal it.
China alone is
responsible for hacks
to almost 700 public
and private targets in the US
in the last five years.
One of the reasons why
China's most sophisticated
airplane
looks like the f-35
joint strike fighter
is because they stole
some of the technology
from the F-35
Joint Strike Fighter.
When you look at pictures of it,
you go, "Man, that looks familiar."
And that's just
the tip of the iceberg,
from the Chinese side.
Google says it and at least
20 other companies
were victims of a targeted
cyber attack originating in China.
A very sophisticated cyber attack
on the health insurer Anthem.
This intrusion is once again
the work of state-sponsored
espionage groups based in China.
And then the Chinese escalated.
They spent a year inside the
office of personnel management,
the most boring
bureaucracy in America.
they stole 22 million files
of highly classified
security clearance applications.
That is an intelligence
nightmare.
The Chinese now have all
sorts of detailed information
about your family members,
foreign friends
that you may have,
that could be used
to actually recruit assets
for the Chinese government
sometime in the future.
By 2020,
they were back at it in a
much more sophisticated way.
NEWS ANCHOR: The FBI and federal
cyber security agents
are warning that hackers linked
to the Chinese government
are trying to steal research on
coronavirus vaccines and therapies.
The way jet fighter designs
might have been
a decade ago,
coronavirus has become
the holy grail.
Because the country
that wins the race
for the vaccine and
the treatment of covid-19
will become a new kind of power,
able to spread that vaccine
around the world.
Finally, and perhaps
most importantly,
as China has spread its economic
tentacles through the world,
It has recognized that
the networks
it is selling to everybody else
across fiber optic cable
and 5g networks
gives them an element of control
that a few years ago they could
scarcely have even imagined.
you could see a future where
every device that you can
imagine is on the Internet,
and is connected to
the 5G cellular network.
WARNER: 5G is like moving from
radio to television
in terms of how we use
our telecommunication system,
and if we're thinking about,
you know, driverless cars,
or our, our refrigerator that's
connected to the Internet,
and all of the possibilities
that come with a totally
interconnected world,
that rides on a 5G network.
So who controls that network
is extraordinarily important, and
I think what we're waking up to
Is we're confronting China
that has a national champion
in its company huawei
that is a long-term
security threat.
HURD: This company Huawei is the
largest provider of 5G equipment.
They're the ones building
the antennas that you need.
They're the ones that are building
the systems that moves the data.
The United States'
position on this is that
any information that is
able to transmit
across Huawei technology
will ultimately be accessible
by the Chinese government.
And what is
the Chinese government
going to do with
that information
is the ultimate question.
Thank you.
So we begin, Oklahoma. We begin.
Thank you, Oklahoma.
And thank you to
Vice President Mike Pence.
We begin. We begin our campaign.
MAN SINGING:
That's nice.
Thank you.
I have spent the last year
gaming out the 2020 election.
Trying to get ahead of it.
Really trying to think through
what, what's next.
What's next, what's next.
My nightmare scenario
is ransomware.
That a ransomware actor would gain
access to a voter registration database,
lock it up, and say,
"Hey, election official.
"I've locked this up.
I'm not giving it back to you
unless you give me $3 million."
This is what gets me up
every morning.
It's the last thing
I think about at night.
I wake up in the middle
of the night
and think about it.
When I'm walking the dog.
Up here, oh,
it's a hellscape right now.
When you have a government
led by someone
who appears to be beholden
to Vladimir putin,
you don't have much confidence
that your own government
is going to protect
the integrity of our election.
I'm somebody who thinks that
putin should have paid a price.
I don't know if
we're gonna find out
exactly what the threat is
until, once again,
it's too late.
In 2020, the Russians are back,
but so are the Chinese.
And the Iranians.
And the North Koreans.
All of these countries
are just experimenting
with things that they learned
from watching the Russians.
They realize that they
can do damage to us,
by merely opening up
the chasms that already exist
in American society.
If it were going to be
a nation-state actor
who's gonna disrupt
the elections in 2020,
I think mostly likely
it would be the North Koreans
or the Iranians.
If we were going to look for
an Iranian attack, for example,
all they would have to do
is destroy one thing
in one state or one county,
in conjunction with an information
operation that would say,
"We are the holy warriors
of Iran,
and we successfully
locked up this server."
The press would cover it. There
would be all these questions,
and America would be
wrapped in knots.
At the same time, you know,
certain political leaders
might also take
advantage of that.
One final question. Our
intelligence agencies have said
that your country
is among the countries
that are attempting to interfere
in our election.
We don't interfere in the
internal affairs of another country,
but there is a cyber war
going on.
The United States started
that cyber war.
You remember Stuxnet.
Any war that
the United States starts,
it won't be able to finish.
New and frightening
warning from the FBI
on hackers using
malicious software
to launch a cyber attack
against US businesses.
In some ways, it's a whole
new way of making warfare,
and I don't think that
that overstates it one bit.
There is a cyber war going on.
The United States
started that cyber war.
The first cyber weapon
to threaten to damage targets
in the real world.
Hackers in places like China,
North Korea, Iran, elsewhere,
are exhibiting the capability
to hit the power grid.
Chinese state-backed hackers
have been mobilized
anything to do with
covid-19 related research.
Many of the threats in the
21st century will be in cyber:
Misinformation, disinformation.
YouTube, Facebook, Twitter.
WhatsApp? Instagram?
We are human species.
We can be hacked.
Russian government hackers
have breached the network
of the DNC.
I don't think anybody knows
it was Russia.
Russia, China,
and other countries
are collecting stolen
information from hackers.
Today we face threats
that have increased
in sophistication,
magnitude, intensity,
volume, and velocity.
What about the confidence
in the vote?
Especially against the backdrop
of the Russian interference
in 2016.
They're involved
going after me on Facebook.
Because Putin knows me,
and I know him, and he
doesn't want me to be president.
President Trump claimed
without evidence,
quote, "rigged 2020 election
will be the scandal of our times."
Are you suggesting that you might
not accept the results of the election?
I have to see.
ANNOUNCER: Madam Speaker,
the President of
the United States.
At the end of the
Bush administration,
president Bush decided
he had to stop
the Iranian nuclear program.
The United Nations has imposed
sanctions on Iran,
and made it clear that the world
will not allow the regime in Tehran
to acquire nuclear weapons.
But he had a problem.
My second purpose today
is to share with you
what the United States knows about
Iraq's weapons of mass destruction...
We had just gone to
a war in Iraq
on the false pretense
that Iraq had a nuclear weapon.
So there was no way
he was going to be able to
publicly convince the world
to get into a conflict with
Iran over its nuclear program.
One day, a group of
intelligence officials
and military officers
came to the president and said,
"sir, we have another way."
They told Bush that a joint
Israeli-American cyber team
had designed some code
that could get into the Iranian
nuclear control system.
Until then, countries were
using cyber to steal data.
To spy on each other.
But almost no one had used
cyber as an offensive weapon.
The plan was
a piece of malware
would be delivered
into the industrial
control systems
running the Iranian
nuclear program.
this network was air gapped.
In other words, it's not
connected to the Internet.
So you had to have ways in which the
code could jump onto those computers.
There's still some mystery
about exactly how this code
made it from the NSA
and the Israeli cyber unit
into the natanz plant.
There are many ways,
including slipping in a USB key.
But we also now know
that the NSA had designed
a brilliant small system,
about the size of a briefcase,
that could work from six
or seven miles away,
beaming computer code
into a computer
that had been set up
with a receiver chip.
And that device could be used
not only to put code in,
but later to replace it
and update it.
HULTQUIST: Once they got in,
the code started
unlocking itself,
and it started two major tasks.
The first one was to record
everything that the operator
would be saying,
and essentially,
put that on a loop.
So that every day, when
the operator came in to work,
everything would look just fine.
It's sort of like
a classic heist movie
where the surveillance video
is run on a loop,
and the guard never knows
what's actually going on.
While at the same time, somebody's
breaking in and stealing something.
The Iranians were thinking
the whole time
that they're making progress.
That they're moving
towards their goal,
when in fact,
these systems are deadlined.
Because the second task
for the code
was to take the centrifuges
and break them.
This code was so ingenious
that not only did it have
this sort of fake video,
pay no attention
to what's going on here,
it would lie in wait.
And so days would go by,
where the centrifuges were spinning
exactly as they were supposed to.
And then all of a sudden,
they'd speed up really fast.
And then when
you'd turn to look,
they would slow down
to the regular speed.
And eventually what
happens when you do this
to these finely tuned machines,
is that they break
themselves apart.
When President Obama
had that traditional meeting
with his predecessor,
George Bush,
Bush told him that
there were two programs
he had to make sure
that he preserved.
One of them was
the drone program.
The second program
was "olympic games,"
the code name for the program
against Iran.
suddenly, in his
first months in office,
President Obama finds himself
in the situation room,
picking out centrifuges
to attack.
For a while, the Iranians
had no idea what was going on.
They didn't know if they had
made engineering errors,
whether they had bad parts.
They suspected sabotage,
but couldn't prove it.
Until one day,
when the code got out.
This code is only supposed
to go into one facility,
and it was never supposed to be
known to the rest of the world.
Instead, it escapes the box.
It gets out of that facility and
begins to spread around the world.
These are the letters
and numbers
behind the so-called
stuxnet virus.
It begins with
a simple USB key.
Then with surgical precision,
penetrates some of the world's
most advanced computer security.
Its creators hid
their tracks so well,
experts say we will likely
never know who created it.
As we began to hear about
this incredibly sophisticated
piece of code
that the industry
was calling stuxnet,
I began to reconstruct the story
of who authorized
this code to be written.
Neither Israel nor the US
had publicly admitted that
this was designed by them.
You did that without at all
mentioning Stuxnet or Olympic Games.
That was, that was impressive.
I never heard of those.
Can you talk about Stuxnet?
-It's years ago.
That-- One thing that--
I don't want to
talk about it, okay?
It's just that, it's a mystery.
I don't want to talk about it.
Let me know if I'm not--
If I'm being too subtle, okay?
This is the first worm designed
to damage the physical world.
It's a new dimension
in sabotage and warfare.
The implications and
the possible consequences
are only now coming to light.
The stuxnet attack on Iran
was the first time a major state
used a powerful cyber weapon
in a very aggressive way.
People knew that
the US government
had been developing tools
that can manipulate
computer systems
to create effects
in the real world.
Stuxnet was the first big
example of that happening.
Here's what it looks like,
here's how sophisticated it is,
and here's what it can do.
You take that same principle,
you could shut down
an airport with a similar tool.
You could shut down an
electrical grid with a similar tool.
You could shut down a gas
pipeline with a similar tool.
So these things
that were speculative
suddenly become real.
The question is,
if you're the first mover there,
have you now said, "That's
fair game for everybody."
They've crossed the Rubicon.
The United States had
basically legitimized
the use of cyber
as a weapon against
another country
against whom you
had not declared war.
It pushed the world into
an entirely new territory.
Once the Iranians
took the punch,
Iran said, "Oh, that's the way
the game is played.
All right, I get this now."
And then they started to unleash
against the United States.
In 2013, it's clear that Iran
is still working towards
a nuclear weapon.
And the Obama administration
in the US
is trying to start negotiations
to sort of coax them
away from that.
In October of 2013,
there's a panel.
There are several people on it,
but the really
interesting person
that comes to talk
on the panel is Sheldon Adelson.
Sheldon adelson is one of
the richest men in the world.
He's a casino magnate.
He's got casinos off China,
he's got a major casino
in Singapore.
He's got two major casinos
in Las Vegas,
and that's really
where he made his money.
The billionaire businessman
who made a fortune with casinos
gave more than $92 million
to conservative candidates
in the 2012 race.
One of his most
famous things is
an effort to spend
a hundred million dollars
to make sure that Obama doesn't
get elected to a second term.
You've got to really
dislike me...
...to spend that kind of money.
And he's very clear, and,
and full-throated
about his opinions.
How are you able to be
so outspoken?
I flunked diplomacy 101.
Especially when it
comes to Iran,
and when it comes to these
negotiations in particular.
Wait, so you would support
negotiations with Iran
currently,
so long as they first seized
all enrichment of uranium?
No. What do you mean
support nego--
What are we going to
negotiate about?
What I would say is... Listen.
You see that desert out there?
I want to show you something.
You pick up your cell phone,
and you call somewhere
in Nebraska,
and you say, "Okay, let it go."
So there's an atomic weapon
goes over ballistic missiles
in the middle of the desert
that doesn't hurt a soul.
Maybe a couple of rattlesnakes
and scorpions or whatever.
And then, and then you say,
"See?
The next one is in
the middle of Tehran."
So, we mean business.
And that was not
taken well in Iran.
See? The next one is in
the middle of Tehran.
Somebody gets a
YouTube clip of this.
It goes up.
Doesn't take long before
Iran notices it.
It's clear that Iran
wants to punish adelson.
And they want to make it hurt.
Casinos are basically
big banks, right?
The amount of money that goes
in and out of a casino in a day
is millions and millions
of dollars.
And so, casinos spend an enormous
amount of money on physical security.
On cameras, on security guards,
on vaults.
Like, the things that
you would do to protect
chips and cash.
But as far as their
it infrastructure,
what does that look like?
So, around December 2013,
hackers in Iran start
looking for a weak link
into sands corp's network.
And the hackers just
ultimately get lucky.
A senior software engineer
had come from Las Vegas,
was working at a small casino
in Bethlehem, Pennsylvania,
that's part of
the sands corp empire,
and had used his credentials
to get onto one of the machines
in Bethlehem,
and the hackers found him.
Those credentials allowed them
to get into the Bethlehem network.
And then, from Bethlehem,
to Las Vegas, which is really
where they wanted to be.
They'd start kind of slowly,
but by early February,
they release a few hundred
lines of code,
which is designed to,
not to steal information,
but to destroy computers.
To, to override information.
To really create chaos
within Sands Corp's network.
I received a phone call
from a support desk manager
at about 4:00 A.M.
The support desk manager
had been receiving calls
telling her that people's emails
were getting locked up.
Some of the engineers
tried to look into
what might be the cause of it,
and they couldn't get in.
I wouldn't say that
they were panicked.
I would say that there was, um,
an extreme sense of urgency.
In the morning,
sometimes I check my email.
And I couldn't get to anything.
First thing I thought is, someone's
gonna call me and yell at me,
because probably
the software is down.
Minutes of a software outage
can amount to a loss of
a serious amount of money.
We were getting reports
left and right
of people not being able
to access their computers.
Our internal systems, our email,
our way to communicate.
Accounting, was,
like, paralyzed,
and that place is
all accountants.
I mean, everybody in the back
that isn't Iis in some kind of finance team.
As the guys kept digging
into it more and more,
a sense of, like,
"Holy shit, this is huge.
Like, the damage is massive."
At some point in time,
we made a decision
that everybody needs to
turn off their computers.
We basically had teams go out
and unplug desktop machines.
We were going to pcs
on the casino floor
in the pits,
and at the player's club,
and in the cage,
and taking them offline
one at a time.
Scanning 'em, cleaning 'em.
We knew at that time
this was a possible hack.
But I still thought
it was a singular event.
That we were basically
doing damage control.
But there were things
that popped up
that indicated that it wasn't
somebody hacking
just for the sake of hacking.
It was a political statement.
The Las Vegas sands website
had been defaced,
to show an image of the globe
with various locations
of the world on fire.
I remember flames,
and something about adelson
and cutting off his tongue.
We were all curious
as to who did it,
and then when we saw what
had happened to the website,
it was like, "oh.
Well, this is a reaction
to what Mr. Adelson had said."
You know, my stomach sank.
It was like,
excuse my language,
like, "Holy shit."
this is real.
A cascading attack.
Servers shut down.
Screens go blank.
A rush to unplug computers.
This attack hit the world's
largest casino operation
ten months ago.
Sands Corp was able to
keep it secret for months,
and to keep the scale, especially,
of the attacks, secret for months.
CNN has learned on
February 10th of this year,
thousands of employees
at sands casinos in Las Vegas
and Bethlehem, Pennsylvania,
had their computers hit.
They didn't want to
get this out.
They wanted controlled
communications,
is what I will say.
That comment that adelson
made on that stage
was a very expensive
comment to make.
the cost of the attack
and recovering from the attack
was about $40 million.
It cost the Iranians
far less than $40 million.
I mean, that's the thing about
the asymmetry of these attacks
is hackers working in a team
for a few days,
You know, they started
probing in December.
You know, a couple of teams got
really active for a few days in January,
and in February,
they unleashed the attack.
You know, that's a very low-cost attack
from a nation-state point of view.
The sands casino attack
was a warning shot.
It was a reinforcement
of the thought
that a middling power like Iran
could shut down a big
economic enterprise
in the United States.
And that if the sands casino
could be brought down,
so could the rest of Vegas.
And what happened in Vegas
wouldn't stay in Vegas.
The evolution of cyber
has happened very quickly,
in terms of its importance
to the United States,
and the organizational dimension
of it in the US government.
In 2007, the director of
national intelligence
issues a threat assessment of
all the threats against the country.
The word "cyber" isn't in it
a single time.
Fast forward just
a couple of years,
you had the creation
of cyber command.
Fast forward a couple
more years, it's 2012.
Suddenly cyber has gone from
not being mentioned at all
in those threat assessments,
to being one of
the top three threats
facing the United States.
Secretary of defense panetta
goes on board the intrepid, which
is an aircraft carrier museum--
I think the background
is not a coincidence--
and talks about
a cyber Pearl harbor.
We know that foreign
cyber actors
Are probing america's
critical infrastructure networks.
They are targeting the
computer control systems
that operate chemical,
electricity, and water plants,
and those that
guide transportation
throughout this country.
The collective result
of these kinds of attacks
could be a cyber Pearl harbor.
And as people were warned about
this notion of the cyber Pearl harbor,
what they seem to miss was,
in fact,
that the US had set up
a regime where,
if they, if Russia took down
the electrical grid
or if China took down
a, a gas pipeline,
they should expect
a military response.
The government had plans
for a massive, kind of,
major attack against
the electrical grid.
What they didn't really
have plans for was
this kind of, like,
incremental, hit a company,
you know, destroy its brand.
Destroy its capacity
to do business.
How are we gonna respond,
as the US government,
to those kinds of attacks?
I started with just
a huge fascination
with North Korea.
Me and my writing partner Evan
would read articles and books
and watch documentaries,
and it was just, like,
endlessly fascinating to us.
Uh, who is it?
It is, uh, Kim Jong-un.
What?
And then when
Kim Jong-un took over
is when the idea really
expanded in our heads,
because we realized
he was around our age,
um, and we read more
about his life,
and he weirdly was like
a very sympathetic character
in, in some ways.
We came up with this story
about a guy who hosts
a very exploitative
late night talk show.
Kim Jong-un is a big fan
of his TV show.
So we get an interview with him.
And then the CIA says,
because we are gonna be
the first Americans,
you know, face-to-face with him
in a long time,
uh, we could kill him.
We pitched the idea to Sony,
and they basically said, like,
"If you get James Franco
in this,
we'll make this movie
right away."
And we were like, "Okay."
If I recall correctly,
it was them who suggested
that we make it actually
Kim Jong-un.
It was something that, like,
we were maybe, we were like,
"Should we make up a guy?
Is that too much?" Um, and,
Sony suggested, like, "Well,
just call him Kim Jong-un.
It's probably funnier that way."
Okay.
So, when the trailer comes out,
North Korea releases
a statement through the UN
condemning the movie.
North Korea is accusing
the United States
of "provocative insanity."
An "act of war."
And promising "a decisive
and merciless countermeasure"
if the US supports
the release of the film.
We were trying to understand
how seriously to take this
and whether there was something
that we should be concerned about.
I called a friend of mine
at the State Department
who directed me to the person
who knew about the subject.
They said the
North Korean government
tends to be prone to
make a lot of threats.
But almost never carried out
on those threats.
And they would certainly never
be able to carry out
on a threat on US soil.
There was no mention
whatsoever of cyber.
Around then, conversations
started to come up,
of like, "should we
tone it down a bit?"
The idea that maybe, uh,
killing Kim Jong-un
so graphically was maybe, um,
extra antagonistic.
LYNTON: Seth Rogen and his group
were very resistant.
They felt that it added
to the satire.
It was a lot of back and forth and there
was a little bit of argument about it.
But we ultimately
came to a compromise, I think.
At that point, we felt that we had
taken all the necessary precautions.
We made the changes
to the picture that,
you know, Sony felt, or that my,
my employer felt was,
was necessary and, you know,
the rest was about
getting the movie out.
In North Korea,
the reconnaissance
general bureau,
which is the North Korean
equivalent of the CIA,
dispatched a young hacker
to go to China
and Southeast Asia
and put together a team that
would break into Sony's systems.
Jim clapper went to North Korea
during the middle
of the Sony hack,
and met the head of the
reconnaissance general bureau.
He was trying to get the
release of two Americans there
while the hack was underway.
And he never raised it because
he never knew it was happening.
The North Koreans
went about this patiently,
and somewhat brilliantly.
In September of 2014, they
broke into the Sony systems.
But they didn't then just
turn around and attack.
They spent weeks examining
how each element
of Sony's operations
were tied into
the computer system.
They lurked in the system
long enough
to figure out how they
could do maximum damage.
And it wasn't until
just around Thanksgiving,
two months later,
that they struck.
LYNTON: I was driving to work.
My phone rang in the car.
The chief financial officer
of the company rang me up
and he said, "we have
a real problem at work.
All the email has gone down."
Nobody was able
to retrieve any data.
And as the day progressed,
it became quickly evident
that it was way beyond that.
That in fact, we had...
Pretty much 70 percent of our computers
had been knocked out of action.
Had been ruined, frankly.
Serious breach at
Sony pictures last week.
A skeleton appeared
on the Sony picture computers
with a small message that claimed
they'd been hacked by a group
calling itself
"guardians of peace."
Whoever they are,
the guardians of peace
have already done real damage.
Employees communicated
with a phone tree,
and paid people with paper checks
cut by a machine pulled from storage.
Sony, by the time this is done,
is gonna lose
tens of millions of dollars
just recovering from
this attack.
It's a huge cost, just in terms of
the impact of the IT infrastructure.
But more importantly,
it's a huge cost to the brand,
because they steal
a lot of data in this attack,
and then they start
releasing it publicly.
Tinseltown's dirty laundry
is laid out in plain view.
And it is not pretty.
The studio's co-chairman
and a powerful
Hollywood producer
used racial jokes to mock
President Obama.
A top producer criticizing
Angelina Jolie's talent and ego.
These are juicy.
We had seen criminal hackers
and hacktivists
use this hack and dump technique
to intimidate victims
on a small scale.
That was the first time
we had seen a nation-state
do it very effectively.
The first thing that
the North Koreans did
was give it to reporters.
And then, when they've
exhausted that channel,
they gave it to WikiLeaks.
This was all very valuable
information to the company.
Trade secrets, like scripts
before movies were released,
detailed contract information
about what had been paid to whom.
By the way, Seth Rogen made
two million dollars more
-than co-star James Franco.
-Mm...
You wouldn't assume
someone's stolen property
was instantly going to be made
available for public consumption
by the media.
Sony were the victims
of a crime.
And then the media
took the victims of a crime
and made it a hundred
million times worse.
You want us to assassinate
the leader of North Korea?
-Yes.
-What?
James Franco, Seth Rogen
here right now.
And that's what the whole world
is doing right now, saying, "What?"
I go to New York
to, like, do the final week
of promotion for the film.
It's a very weird thing to do.
To promote a thing
that is causing the world
distress at that moment.
And that's when, like,
it really ratcheted up a notch.
The hackers made a threat against
anyone who goes to see Sony's new film.
This message warns movie-goers
to stay away from theaters.
The group is threatening to deliver
what it calls its "Christmas gift."
I literally got on a plane and left New
York in the middle of my press tour.
I think I was, like,
on the way to do "Jimmy Fallon,"
and I was like, "Let's
go to the airport. Like...
I don't think this movie's
coming out, guys."
And I went back to la,
and went to Sony,
and was like, "what's the plan? Like,
is it gonna be pulled from theaters?
It seems like people don't
want to play the movie anymore."
LYNTON: When the email came out
that involved physical threats,
there was a lot of conversations
with the theaters that happened
where they were asking to
delay the release of the picture.
I think Michael Lynton didn't
want to leave the theater owners,
you know,
looking like the bad guy.
So, he then was like,
"I'm gonna pull the movie.
"I'm just gonna say...
it's... it's, it's pulled.
"And we all need to come
as like a united front,
and say that
that's what we want."
And we were like,
"Absolutely not."
Today, Sony cancelled
the Christmas day release
of "the interview."
The hackers win.
I don't know
how else to frame it
now that Sony has cancelled
the release of "the interview,"
that spoof about North Korea
starring James Franco
and Seth Rogen.
A couple days later,
we were all gathered
in our bungalow on the Sony lot.
And they were like, "There's
a press conference coming,
and Obama's gonna
talk about it, I think."
And we, we were like,
"He's not gonna talk about it."
Like, and it was like
the first question.
Thank you, Mr. President. Uh,
let's start on North Korea,
'cause that seems to be
the, uh, biggest topic today.
Uh, what does a proportional
response look like,
uh, to the Sony hack?
The question at that time was,
well, how serious a deal is this?
And before you knew it, it was
an international security incident
that involved the president
of the United States.
HURD: If North Korea
launched a missile
into San Francisco,
everybody knows what the United States
of America, our response would be.
Right? That's a
physical-on-physical attack.
But what is a
digital-on-digital attack,
and what is the
appropriate response?
John McCain at the time said,
"This is an act of war."
It's a new form of warfare
that we're involved in,
and we need to react,
and react vigorously.
President Obama
didn't want to go there.
When we were in
those conversations
both in the
department of defense
and in the white house,
you fear that if you go too hard
against the North Koreans,
it becomes a real
military conflict.
The last thing you want
is to do something
that escalates it,
and the North Koreans
then hit the US back
in our critical
infrastructure, right?
We didn't know whether
they were in the grid
and could take something down.
We will respond. Uh, we
will respond proportionally,
and we'll respond, uh,
in a place and time,
uh, and manner, that we choose.
It's not something that
I will announce,
uh, here today
at a press conference.
No one really knows what the
US government did to North Korea.
There are press reports
that suggest that
not long after the Sony hack,
suddenly, uh, North Korea's
internet went down.
Even if it were the
United States government
that shut down the Internet
of North Korea,
at the time, North Korea
had 28 websites.
So the United States
is far more vulnerable
to cyber attacks than many of the
countries that are trying to attack us.
LYNTON: The president
didnt necessarily
have a response to that,
to them,
And so, he chose
to talk about Sony.
We cannot have a society
in which some dictator someplace
can start imposing censorship
here in the United States.
He was like, "Yeah,
theaters should play it."
Um, "We shouldn't succumb
to these threats."
And we were all like, "Great!"
But everyone just bailed.
LYNTON: There was certainly
disappointment
on the part of the filmmakers
that they weren't gonna
see the movie in, you know,
in theaters
all across the country.
We reassured them that we
intended to put the movie out.
I called Eric Schmidt at Google.
He and the folks at Google
felt that it was important
that the picture get out, and they
offered to put it out on their platform.
Ultimately,
they let the theaters
who wanted to play it play it.
It was in, like, 20 theaters
or something like that.
Um, I think it is
still Google Play's
number one ever
downloaded movie.
And also, the scene
is released.
"The Verge"
or something like that
goes through the hacked footage,
finds the shot of
Kim Jong-un's head exploding,
and releases just that online
for everyone to just see.
This was a big deal.
That a country that is so poor,
and has only ten percent of
its population with cell phones,
could actually wage
a cyber attack
against one of our most
powerful movie studios
and a major corporation, and
create an international crisis.
HURD: The Sony attack changed
the publics perception
of what a cyber attack was.
Prior to Sony, people believed,
"oh, somebody's trying to
steal my credit card information."
"They're trying to steal my social
security in order to commit fraud."
Sony was purely an attack
to destroy.
2014 saw, for the first time,
destructive cyber attacks
carried out on US soil
by nation-state entities.
Marked first by
the Iranian attack
against the Las Vegas sands
casino corporation
a year ago this month,
and the North Korean attack
against Sony in November.
While the both of these nations
have lesser technical capabilities
in comparison to Russia
and China,
these destructive attacks
demonstrate that
Iran and North Korea are motivated
and unpredictable cyber actors.
Russia and China
continue to develop
very sophisticated
cyber programs.
And while I can't go
into detail here,
the Russian cyber threat
is more severe
than we had previously assessed.
These days, one must always
get hired by the lawyers,
because the lawyers are the first
call of a company that gets hacked.
Because there might be
lawsuits that would follow
from, uh, from the announcement
over the breach,
so, very, very typically we get
a call from a law firm that says,
"One of our clients, uh,
thinks they may have an issue.
Can you come in and help them?"
In this case, it was the DNC.
The call came on a Friday,
so it took US a few days
for US to go into the network
and find infected machines
on the network.
This wasn't just on one system.
There were hundreds of systems
that were being impacted.
We start looking at the malware
and immediately realized that this was
malware we had seen many times before.
That we had high confidence
attribution to the GRU,
the Russian
military intelligence.
We're seeing them spread
from system to system,
touch files, take those files
out of the network,
stealing data,
monitoring everything.
You can't just shut down
one machine
because they're everywhere.
So you have to shut
everything down, um,
and spend several days
rebuilding all the infrastructure.
We told, um, the DNC, "When do
you want us to do this remediation?"
At the time, the primaries
were in full swing.
Hillary Clinton had not yet
locked down her nomination,
so they said, "Let's plan for
four or five weeks from now,
um, when the primaries are
over and we're not under the gun."
Waiting a few weeks
did not seem outrageous.
Of course over
that period of time,
the Russians continued
stealing documents,
and we're sort of helplessly
watching them.
I was really confused
and disturbed
by what was happening.
But initially, uh, the FBI
didn't take it all that seriously,
and so, it wasn't rising
to the level of,
of urgent, you know,
five-alarm fire, uh, drill.
I want to congratulate
Hillary Clinton
on making history as the
presumptive Democratic nominee
-for president of
the United States.
Finally, in June of 2016,
we kicked the Russians
out of the DNC network.
This just in to CNN.
Russian hackers
managed to infiltrate
the computer network at the
Democratic National Committee.
The researchers were roaming
around the network for about a year,
but were removed this weekend.
We've talked to DNC officials.
We've also talked to the outside
firm that the DNC brought in
when they recognized
that there was an issue here.
That firm called CrowdStrike.
There was a small blip on
the, on the, on the news cycle
that day, of, "Oh,
Russia's hacking the DNC,"
but national media
moved on within hours,
and, uh, I thought that was
gonna be the end of the story.
But then on the Eve of the
Democratic national convention...
Wikileaks dumps the emails.
Good evening. Their party's
chairman off the program,
an apparent Russian email hack,
and now a revolt among
Bernie Sanders supporters.
Welcome to day one of the
Democratic National Convention.
The information stolen
from those servers in the DNC,
suddenly it begins to
surface in this way
that was presaged by
the Sony attack,
and the Sands Corp attack.
emails released by wikileaks,
proving the DNC had favored
Hillary Clinton over Sanders.
Comes out through WikiLeaks, which
makes everything searchable so you'd be,
you know, there'll be a dump
of 20,000 emails
and you just type in some names
if you're a reporter,
and suddenly you've got a story.
The thousands of hacked emails
leaked to wikileaks
rocked the Democratic
national committee.
I'm so proud--
One of the things
they were doing
was trying to stir up trouble
between the Bernie delegates
and, and, and our forces.
Bernie Sanders supporters
say the emails proved
the party favored
Hillary Clinton all along.
It just validated
everything we thought.
That this was completely rigged
right from the beginning.
By using that stolen material,
the media injected the idea that
the DNC had rigged the entire process
against Bernie Sanders.
And there's a kernel of truth.
Clearly there are people in the
DNC who didn't like Bernie Sanders.
But that doesn't mean
the whole process is rigged.
And the media allowed them to go
from the kernel of truth
to the conventional wisdom,
Because it sold papers,
and it got people to watch TV.
But they were amplifying the messages
that the Russians wanted amplified.
In that pile of information
that's come from the DNC,
there were some documents that
were campaign finance documents
from the campaign that would--
had been unlikely
to be at the DNC.
So, the campaign
began to look at
where might those
have originated.
turned out, in the spring,
one of my colleagues who
had access to my email account
had seen what was
a fairly professional
phishing operation,
looking to be from Google.
She reported that to the people
in the tech security side
of the campaign.
He sent back an email to my
assistant saying that it was real,
and that I should change
my credentials.
She then clicked on the link,
and that's how I was hacked
by the Russians.
But at that point, we weren't sure
what the extent of the breach had been.
In the summer and fall of 2016,
there were many meetings
about the Russians.
There was a lot of
back and forth about what to do.
We began to get information
about cyber activity that was focused
on our voter registration databases.
And we realized that it was
probably about disrupting
the integrity of that data.
The Russians could go into
a voter registration database
and change that data,
so that on election day,
when voters show up to vote,
they are turned away.
There is chaos
at the voting place,
because the name doesn't
match the identification,
and you could
disrupt election day
to the degree that
the American public
would doubt the legitimacy
of the process,
and then potentially,
the legitimacy of the outcome.
That's what Obama's focus was.
When Obama saw putin
in September,
he basically threatened him
that if they tried
something like that,
there'd be severe consequences.
What I think they
underappreciated
was how much effect the Russians
could have from the hacking,
and from their massive
disinformation operation.
STAMOS: During the election,
we had a dedicated team
at Facebook
whose job it was to
look for Russian actors.
And we had found GRU activity.
We had found DCLeaks.
We had found them pushing
disinformation,
but not really at scale.
And we didn't really understand
what was behind the vast
majority of this fake news.
But right after the election,
we took all of the
political ads that were run
in the United States
in the year before the election.
And then we figured out all the
accounts that were possibly tied to it.
So this is the people who
ran the ad, but then also,
people who used the same
computer as the person who ran an ad.
Or people who have used the same
phone as the person who ran the ad.
And then for every single one
of those accounts,
we looked for possible links
to Russia.
We start pulling that thread, and
then we eventually find this cluster
that we can all link together, and
that was the Internet Research Agency.
The Internet research
agency, llc
is basically a building
in St. Petersburg
with a bunch of trolls
sitting there
trying to drive divisions
in US society.
It's existed for years
and years at this point.
And they've done
propaganda work in Russia,
and Ukraine, and the like.
The ira specifically sent people
to the United States to study
the political sphere in the US
and to understand what
the pressure points were.
So in 2016,
they were creating
these fake American personas,
and then running ads
as political groups.
The depth of the content
was surprising.
Our assumption was that all of this
content would be on one side, politically.
But what they had done
very effectively
was find a friction point
and then try to manipulate
people on both sides.
The number-one topic was
actually black lives matter.
They created a fake persona
to pretend to be
a pro-black lives matter
activist.
And to push narratives
that both would maybe radicalize
people who were supportive
of black lives matter,
but also look radical
to more moderate people
who could say, like,
"oh, look at these people.
Yeah, they're, they're
they're really nuts."
They even, in a couple of cases,
tried to create protests
where a pro-immigration group
and an anti-immigration group
protest one another by inviting people
to events that were at the same time.
Down with the racists!
Down with the Nazis!
We were surprised that
putin would care so much
about who the
next president was.
That he was so intent
upon damaging me,
Damaging my campaign,
preventing me, if he could,
from becoming president.
And also how adept they were
in sowing disinformation,
misinformation.
It was unlike anything
we'd ever seen.
STAMOS: None of us kind of
conceptualized this
as the kind of groups
we should be looking for.
Intelligence teams
at the companies,
and in places like NSA
and the US government,
were focused on very
traditional threat actors.
General clapper's this old
cold warrior.
Grew up as the son of
an air force officer,
becomes an air force
intelligence officer.
And yet, the cyber conflicts
that are springing up
during his time
as director of
National Intelligence
Are an entirely different
kind of threat
that he's just trying
to keep on top of.
And time and time again,
he keeps getting caught
by surprise.
It's not his fault.
We had never built
an intelligence network
designed to pick this stuff up.
But there he is in North Korea
while the North Koreans
are inside Sony.
And there he was,
sitting on a system
that failed to raise
a timely alarm
to the president
of the United States
that the Russians were inside
the Democratic national committee.
Much less inside Facebook.
You know, 20/20 hindsight,
it's all, it's perfect vision.
At the time, there was concern
about publicizing this,
because by doing so, we'd
simply amplify its importance.
And I think, as well,
there was reluctance
to be seen by the
last administration as
putting its hand on the scale
in favor of one candidate,
or appearing to do that,
To the disfavor of the other.
The system, folks, is rigged.
It's a rigged, disgusting,
dirty system.
It's a dirty system.
Then candidate Trump
was alleging
that if he didn't win
the election, it was rigged.
So, there was reluctance to,
you know, to play to that--
to play to that narrative.
But the magnitude of what
the Russians were doing
grew both in expanse
and clarity.
And on the 7th of October,
we finally came out
with a public statement,
which was a pretty
forthcoming statement
about the Russian interference.
there's more breaking news
we're following tonight.
The United States
now openly saying
that Russia is directly behind
a series of cyber attacks
targeting the upcoming
presidential election.
Well, unfortunately our message
was completely emasculated.
A recording of Donald Trump
made more than a decade ago...
Because that's the same day that the
"Access Hollywood" audio tape came out.
You won't want young children
to hear it.
The letter from the intelligence
community comes out.
The "Access Hollywood"
tape comes out
all in one day.
And WikiLeaks starts
dumping my emails
an hour after the "Access
Hollywood" tape comes out.
You can judge whether
that's a coincidence.
Two thousand more emails
have been posted online,
apparently from
the hacked account
Of Hillary Clinton's
campaign chairman John podesta.
Thousands of hacked emails from
her campaign chairman, John Podesta.
Third installment
of the hacked emails
from Hillary Clinton's
campaign chairman John Podesta,
and so far, the messages
have provided a look
into the inner workings
of the Clinton camp.
Most of those ended up
being of little import.
I'm a boring sort of guy.
One email reveals
a disagreement
between top Clinton aide
huma abedin
and podesta over Clinton's
press strategy.
A lot of this was gossip.
In another email,
a longtime Clinton aide
refers to Chelsea Clinton
as a, quote, "spoiled brat."
But people thought, well,
if it's secret,
or if it's stolen,
it must be more sexy.
It's kind of shadowy.
"They didn't want you
to know this much."
Like any good peek
behind the curtains,
they show things the campaign
obviously would rather keep under wraps.
The Clinton emails
are fascinating
and hilarious reading
in some ways.
So is it more like "Veep"
or is it more like "West Wing"?
We were very frustrated.
The fact that this was
a hostile foreign government
interfering in the election
was never really part of
what the coverage was.
I would just add, you know, this
should be of concern to everyone
that the Russians are trying to
influence our election.
You know, everybody
was clearly informed
about my email mistakes,
but they didn't know
there was an active campaign
against us by the Russians.
they did not know that
the trump campaign had personnel
associated with it, who
were also being investigated.
If you look at trump's campaign
the last month,
he mentioned WikiLeaks
over 160 times.
And they used the most perverse
Twisting of anything
in John podesta's emails
to create controversy,
and, uh, sow distrust.
A Russian news outlet just totally
misrepresented one of these emails,
and then Donald Trump read it.
She's now admitting that
they could have
done something about Benghazi.
This just came out
a little while ago.
There was, like,
an email story every day,
and then Comey drops
this hand grenade on us.
The October surprise
came in the form
of a three-paragraph
letter to congress
from FBI director James comey,
who wrote that agents
on an unrelated case
had learned of the
existence of emails
that appear to be pertinent
to the Clinton investigation.
It's the wilderness
of mirrors now,
in terms of investigation
upon investigation.
We have to investigate
Hillary Clinton,
and we have to investigate
the investigation.
This is out of
a Russian playbook.
"When nothing is real,
everything is possible,"
as one of Putin's critics said.
I don't think anybody knows
it was Russia
that broke into the DNC. She's
saying Russia, Russia, Russia.
But I don't-- Maybe it was.
It also could be somebody
sitting on their bed
that weighs 400 pounds, okay?
It begins to kind of
destroy any trust
that people have.
Do you make the same commitment
that you will absolutely accept
the result of this election?
I will look at it at the time.
And that really destroys
the credibility of democracy.
That's what Putin wants.
We look at our electronic
superimposed map of the nation
here out back
30 rockefeller Plaza
in New York,
where the sun will be rising,
uh, on the president-elect
Donald John trump
of queens, New York.
I felt like, you know,
my insides had fallen out.
It's like, I mean...
devastating.
For months, the newly elected
president is under fire
for how he's dealing
with Russia.
I know a lot about hacking.
And hacking is a very
hard thing to prove.
So, it could be somebody else.
And I also know things that
other people don't know,
and so, they cannot be sure
of this situation.
And everybody is awaiting his
first meeting ever with Vladimir Putin.
Which took place in
Hamburg, Germany.
So we all fly into Hamburg.
Trump meets putin, first time.
Has a long conversation
with him.
Then at the dinner that night,
goes off and has a separate
conversation with him
that no one else has witnessed.
President Putin and I have been
discussing various things,
and I think it's going
very well.
We've had some very,
very good talks.
I head back to my hotel room,
and as I'm checking out,
my cell phone rings.
It's the president.
"David, I just had the most
remarkable conversation
"with Vladimir Putin.
"And he tells me,
"that if it had been
the Russians
"who had meddled
in the election,
"we never would have seen them.
"And therefore,
it couldn't have been them,
"because they wouldn't
have been this sloppy.
"You write about this stuff.
You know about all of this.
He must be right."
The president was actually
looking for affirmation.
He was looking for
any way to deny
or cast doubt about
the question of whether
the Russians
were behind the hack.
And at that moment you knew
that the United States
government
was not going to organize itself
to push back on the Russians.
Let's be clear from the outset.
This is unlike any cyber attack
that we have seen before.
We want to start on this
Wednesday morning
with that crippling
cyber attack.
It's a new form of ransomware...
It is hitting companies
around the world
holding their computer systems
hostage for money.
In 2017, shortly after
trump came into office,
we saw a dramatic escalation
in the scale and the scope
and the nature of cyber attacks.
There was a massive
ransomware attack called "notpetya"
that started in Ukraine.
It was June 2017.
I'm deputy head of the
presidential administration.
Took a few days' vacation to drop
my, uh, kids to the summer camp.
And in the morning, I start receiving
text messages from my team.
"We think Ukraine
is under attack."
"Our infrastructure
is registering attacks.
The virus is destroying
computers."
You know, atm machines
were not working.
Hospitals reported
their computers being down.
TV station, grocery stores...
It was devastating.
It was spreading like fire.
Ukraine is Vladimir putin's
petri dish.
It's where he experiments
on every single technique
that he ultimately ended up
using in the United States.
Breaking into emails,
and making them public.
Sowing chaos
with disinformation.
Russia was constantly testing
different strategies,
and different approaches,
in Ukraine.
attacks on the electrical grid,
2015, 2016.
Attack on the transportation
infrastructure.
Odessa airport,
Ukrainian subway in Kiev.
You don't see the regular war.
But war is taking place,
and it's devastating.
With its notpetya attack,
what the Russians
didn't count on
is that the spreading
algorithms that they put in
were so aggressive that
it wouldn't just contain itself
to the network of one company.
any firms with any
links to Ukraine
are being contaminated
by this contagious virus.
It would quickly jump out,
and compromise contractors,
other networks that you
may be connected with.
It escapes the box, and it
begins to hit the corporations
and companies
all around the world.
Maersk shipping was one.
Fedex was another.
They lost hundreds of millions
of dollars of business
just from the loss
of business operations
and the money they had
to pay to remediate
the damage to their systems.
There was one other aspect
to the notpetya attacks
that made this story
really complicated.
It turned out that
a component of the attacks
had relied on code
that had been stolen
from inside the NSA.
In the summer of 2016,
a group that called itself
theshadowbrokers
began posting thousands
of lines of this code
to make it clear to the NSA
that they had the crown jewels.
Before long, the North Koreans
used parts of the
shadowbrokers code
when they attacked with
a weapon called wannacry.
This specific worm that was
leaked from the NSA's toolkit
targeted Microsoft windows.
Windows-based computers
in the US
and across the globe
could be at risk.
I will always remember
on that morning,
sitting in the meeting of
Microsoft's senior leadership team.
And all of a sudden,
people are seeing emails
pop up on their screen.
Reports from one customer
after another. "What's going on?"
We're getting details of this massive
international cyber attack today.
Hackers demanding money
have paralyzed computers
In at least 99 countries.
You could almost see this worm
moving with the time zones
across the Atlantic ocean
from Europe to North America.
It was as if we had lost
the blueprints
for an American missile.
The North Koreans
and the Russians had grabbed it,
improved upon it,
designed a prototype,
and shot it back at
American allies and friends.
It attacked 155 countries
in one day.
In the history of humanity,
no weapon has ever been fired
by a single country
in a way that hit so many
other nations simultaneously.
The volume of attacks
is escalating.
The sophistication
of attacks is escalating.
And the debate about
how to go deal with it
is only getting
more and more confusing.
It was my first day
as council president.
It was about 12 o'clock
in the morning.
I'm on my work phone
and I try to get into my email,
and it doesn't work.
And then I get onto my
Surface Pro, and it doesn't work.
And so I start to call some
other folks that I knew would be up
and I was told that
we had been hacked.
We had been hit by
a ransomware attack.
We were advised by--
uh, the administration but also
from the federal government--
that we should not
pay that ransom.
We couldn't communicate with the people
that we normally communicate with.
People couldn't come in
and fill out for their permits.
Real estate deals
could not be done.
Bills could not be paid.
Parking tickets could
not be paid.
Fines could not be paid.
We're talking about lots
and lots of business in the city
that could not be done
because the systems
were crippled
and pushed down to a halt.
I lost, you know,
literally 12 years of files.
What was the cost to Baltimore,
ultimately?
Yeah, it was upwards
of $15 million,
is what we had to, to pay out and
to rebuild, and build better systems.
And the original ransom
was far less than that.
Far less than that,
but, you know,
the mayor made a decision
based on the advice of,
uh, public safety experts
to not pay it.
Cites across america
have been paralyzed.
And some of them, including
one small town in Florida,
decided it was cheaper
to pay the ransom
than to try to go rebuild
the databases.
SCOTT: cities and governments
around the country,
businesses around the country,
non-profits around the country,
school systems
around the country,
have to understand that this
is the world that we live in now.
Right? This is the new normal.
Secretary Nielsen,
looking ahead to 2018,
what is DHS's current estimation
of the threat to our elections,
from Russia, or any other
hostile actor?
We think the threat
remains high.
Uh, we think vigilance
is important,
and we think there's a lot
that we all need to do,
uh, at all levels of government,
uh, before we have
the midterm elections.
When it comes to elections,
the president never,
uh, understandably,
never wanted the results
of the elec--
of the election
to be questioned.
It was very difficult,
but those who need to be
focused on the elections,
they know what they need to do.
The people who need to do
the work that needs to be done,
have really dug in and,
and recognized the, the threat.
When he was running
for president,
trump had not really
thought about cyber.
I don't think he had even
heard about stuxnet.
He certainly never registered
what it was all about.
He said to me at one point,
"Oh. The cyber.
The cyber is very powerful."
But candidate trump said he
wanted to pull American troops
out of the middle east, out
of South Korea, out of Japan.
So he saw cyber as
this magic bullet.
Today I'm convening this meeting
to follow through
on my promise to secure
crucial infrastructure.
And the networks that
we've been talking so much about
over the last period of time
of the federal government
against cyber threats.
By the time trump
became president,
the United States had built up this
massive, offensive cyber program.
It had gone after
North Korea's missiles.
North Korea has once again
attempted to launch
a ballistic missile, and failed.
They Mark the second
and third launch failures.
Another failure.
Using code to send those
missiles spinning into the sea.
It had gone after the Isis
recruitment system.
It was called
"operation glowing symphony."
And the idea basically
was to knock Isis offline.
But one of the key lessons
of the Obama administration
was that despite developing
all these new capabilities,
it took far too long to get
cyber operations approved.
During the time I was in
the department of defense,
not even the
secretary of defense
could approve an offensive
cyber operation.
That was only the president of
the United States.
President Trump has taken
a very different approach,
where he's delegated
the approval authority
to a lot of offensive
cyber operations,
not only to
the secretary of defense,
but to the commander
of cyber command.
What do you think our
adversaries think right now?
If you do a cyber attack on
America, what's gonna happen to 'em?
So, basically, uh,
I would say right now, um,
they do not, um, think that
much will happen to them.
-They don't fear us.
-They don't fear us.
Once general nakasone
took over at the NSA
and cyber command,
he put together
within the organization
something called the
Russia small group,
who were determined to take an
aggressive stance against the Russians.
For several years,
the United States had warned
that Russian hackers were
inside the US electric grid.
In 2018,
the NSA took American-made code
and put it inside the Russian
electric grid.
And they designed some of it
in a way to make sure
the Russians saw them.
It was supposed to say,
"we're not gonna do this
in a covert way.
"We're gonna make you understand
what the price will be."
There were also
a series of messages
sent to Russian
influence operatives
that said, "we know who you are.
"If you continue to conduct
cyber attacks,
"and if you try to target
the election in 2018,
there will be repercussions."
There were very targeted
cyber operations
to make it clear that
we knew who was doing what,
and we were gonna degrade
their capability to succeed.
HEALEY: In 2018, in the lead-up
to election day,
cyber command takes down the
Russian Internet research agency.
They got in there, and really
took apart their home network.
Really disabled it,
so that they wouldn't be able
to conduct their
social media campaign.
HULTQUIST: This was a very
forward-leaning operation.
It looked to be
pretty successful.
Russian actors were somewhat
quiet during that period.
The question is,
how long will that last?
Can we defend forward against
every, you know, potential actor?
Good morning,
Sandra and ed.
And now it is up to
the Iowa voters.
Iowans in more than
1,600 precincts are gathering
to back the person they want to win
the Democratic presidential nomination.
My purpose here is very simple.
It's to come before you
one more time
and ask you to caucus for me.
we are still awaiting
the first official results
given to US by the party.
Obviously, things are going
a bit slow for them.
Sixteen hours since
the Iowa caucuses began.
We're still waiting for
the results.
The app didn't work.
No one knew if it would.
This is, so far, not so good.
Iowa was exactly my worst fear.
The biggest concern was that voters
would not be able to trust the system.
What about the confidence
in the vote?
Especially with,
against the backdrop
of the Russian
interference in 2016.
What Iowa is demonstrating to
adversaries of the United States is
all they have to do
is create that appearance.
And they probably don't even have
to create their own disinformation.
American partisans
will do it for them.
NEWS ANCHOR: The presidents son
was saying its rigged.
The president's
campaign manager.
The Biden campaign
is out there
openly saying they don't trust
what the results will be.
They've created what's called
a perception hack.
Our mind immediately
goes to the question,
"Are the Russians
messing with our election?"
It doesn't matter whether
they are or they aren't.
This is one of the confusing
aspects of election security.
It's not just about
trying to hack into computers.
There's another aspect
of election interference
that's about trying to
hack into your brain.
They're ultimately trying
to get the American people
to lose confidence
in the system.
That the system
is beyond repair.
That the system is broken,
and their vote doesn't matter.
US officials have now told, uh,
Senator Bernie Sanders that Russia
is trying to help his
presidential campaign.
How do you think
it came out now,
if you had the briefing
a month ago?
Well, I'll let you guess
about one day before the, uh,
Nevada caucus. Why do you think
it came out?
'Cause the "Washington Post"?
Good friends.
Joe, what do you say
to the Russians?
I'm comin'.
They're continuing to meddle.
They're involved in this race,
and in my primary.
They're involved
going after me on Facebook.
They've already been taken down.
Because Putin knows me
and I know him,
and he doesn't want me
to be president.
The Russians want everyone in
this country to mistrust everything.
Whether or not
the Russians are involved,
these next few months
are gonna be tense.
We do have breaking news.
The coronavirus outbreak
is now a global pandemic.
No country is untouched.
No part of our everyday lives
is untouched.
We will see more cases,
and things will get worse.
The coronavirus
has reordered the competition
for world power.
And so, it's not surprising
that it's reordered
cyber power, as well.
Bad information is now
spreading online
faster than
the coronavirus itself.
Cyber experts and
public health officials
warm this so-called
info-demic is dangerous,
and needs to be contained.
In the midst of covid-19,
disinformation gets
super caffeinated.
And we see it play out
in Russia's favorite
petri dish once again,
In Ukraine.
As the coronavirus began
spreading across the world,
Ukraine quickly moved
to start bringing
some of its citizens back
from Wuhan,
to serve out 14 days
of self-isolation
in this tiny little town
in central Ukraine.
These people were not
infected with the virus.
But people on social media
began spreading this misinformation
that these Ukrainians that are
coming home from Wuhan are infected.
People started using viber,
and Instagram and Facebook
to warn each other.
Some of the messages
went even further in saying
we need to go out
into the streets and protest.
We need to turn these buses of
people around to protect our children.
Or else we're going to wake up in
the morning, and we'll all be dead.
-This disinformation
actually fueled
a real-life protest
in the streets.
Police came out in response.
Clashes ensued.
When something like this
happens, in Ukraine especially,
the entity that is always
pointed at first is Russia.
There are signs that Russia
could be involved.
But there are real people
in these groups.
Real people who I interviewed,
who said, "I also shared
messages in this group
"to go out and protest,
to protect myself,
to protect my family."
And it just spiraled out of
control very, very, very quickly.
Within hours.
There's a lesson in
what happened in Ukraine.
The Russians are already
changing the playbook.
They're targeting people
who might be susceptible
to the message,
the conspiracy.
And repeat it themselves.
And it's not just the Russians.
The pandemic now becoming
even more than a public health crisis.
It is turning into a major
diplomatic clash
as the blame game unfolds
on the origins of the virus.
I would like to begin
by announcing some
important developments
in our war against
the Chinese virus.
The Chinese in 2020
have used disinformation
brilliantly
as people have been
casting blame for COVID-19.
There was a story spread
that the virus didn't begin
in a wet market in Wuhan.
But instead that it began with
a US army exercise in China.
There's absolutely
no evidence for this at all.
But the Chinese saw
how well the Russians were
able to plant this information,
And watch it take off naturally
among conspiracy theorists
and others.
STAMOS: I think weve been
highly distracted as a country
by focusing just on Russia
since 2016.
When the real long-term
strategic challenge for us
is going to be China globally.
Russian foreign policy
is to take others down,
and cause disruption
in the system.
China has very
different priorities.
They're trying to work within the
system and take over the system,
so they're not interested
in chaos. It's all about theft.
And primarily theft of
intellectual property
that can be used to further
build up the Chinese economy.
There was one time we were
brought into a company
that was in the satellite
communications business.
They had discovered a hack,
and, uh, they asked us
to analyze it,
and ultimately help
protect them.
We saw that the email address
that was being used to register
a bunch of this infrastructure
was being reused continuously.
It was a gmail address.
And we tracked it to
an individual in China.
They had a social persona,
and had a Picasa album,
which at the time was a photo
album that was owned by Google.
It was open, and he had a
bunch of pictures of his girlfriend,
and his family, and himself.
And he had pictures
of his dorm room.
And in the corner
of the dorm room we saw a hat.
We started doing
imagery analysis,
and we noticed that
the hat was pla officer's hat.
We thought,
"this might be interesting."
We might have someone
from the Chinese military
on our hands here that may
be responsible for these attacks.
We found other pictures
that he had posted online
that were labeled "office."
There was a picture of this
big white building behind him
that had huge antennae dishes,
had reflective coating
on the windows,
that would prevent
signal interception.
We started doing satellite
imagery analysis
to try to locate this building.
We tracked it down to Shanghai.
To a particular area
of Shanghai.
We started looking at the
imagery. We said, "wait a second.
There's military guard gates
all over this building."
We got the address
of that building,
and we started looking into
Chinese government materials.
And sure enough, we discovered
there was the headquarters
of the 12th bureau
of the third department
of the general staff
of the people's liberation army,
giving US pretty
high-level confidence
that this hack had come from
the Chinese military.
This is actually
part of a plan.
They lay it out in their,
their five-year plans
for the technology
they want to acquire.
If they can generate it
indigenously, great.
If they can't,
because they want to
get it fast, they'll steal it.
China alone is
responsible for hacks
to almost 700 public
and private targets in the US
in the last five years.
One of the reasons why
China's most sophisticated
airplane
looks like the f-35
joint strike fighter
is because they stole
some of the technology
from the F-35
Joint Strike Fighter.
When you look at pictures of it,
you go, "Man, that looks familiar."
And that's just
the tip of the iceberg,
from the Chinese side.
Google says it and at least
20 other companies
were victims of a targeted
cyber attack originating in China.
A very sophisticated cyber attack
on the health insurer Anthem.
This intrusion is once again
the work of state-sponsored
espionage groups based in China.
And then the Chinese escalated.
They spent a year inside the
office of personnel management,
the most boring
bureaucracy in America.
they stole 22 million files
of highly classified
security clearance applications.
That is an intelligence
nightmare.
The Chinese now have all
sorts of detailed information
about your family members,
foreign friends
that you may have,
that could be used
to actually recruit assets
for the Chinese government
sometime in the future.
By 2020,
they were back at it in a
much more sophisticated way.
NEWS ANCHOR: The FBI and federal
cyber security agents
are warning that hackers linked
to the Chinese government
are trying to steal research on
coronavirus vaccines and therapies.
The way jet fighter designs
might have been
a decade ago,
coronavirus has become
the holy grail.
Because the country
that wins the race
for the vaccine and
the treatment of covid-19
will become a new kind of power,
able to spread that vaccine
around the world.
Finally, and perhaps
most importantly,
as China has spread its economic
tentacles through the world,
It has recognized that
the networks
it is selling to everybody else
across fiber optic cable
and 5g networks
gives them an element of control
that a few years ago they could
scarcely have even imagined.
you could see a future where
every device that you can
imagine is on the Internet,
and is connected to
the 5G cellular network.
WARNER: 5G is like moving from
radio to television
in terms of how we use
our telecommunication system,
and if we're thinking about,
you know, driverless cars,
or our, our refrigerator that's
connected to the Internet,
and all of the possibilities
that come with a totally
interconnected world,
that rides on a 5G network.
So who controls that network
is extraordinarily important, and
I think what we're waking up to
Is we're confronting China
that has a national champion
in its company huawei
that is a long-term
security threat.
HURD: This company Huawei is the
largest provider of 5G equipment.
They're the ones building
the antennas that you need.
They're the ones that are building
the systems that moves the data.
The United States'
position on this is that
any information that is
able to transmit
across Huawei technology
will ultimately be accessible
by the Chinese government.
And what is
the Chinese government
going to do with
that information
is the ultimate question.
Thank you.
So we begin, Oklahoma. We begin.
Thank you, Oklahoma.
And thank you to
Vice President Mike Pence.
We begin. We begin our campaign.
MAN SINGING:
That's nice.
Thank you.
I have spent the last year
gaming out the 2020 election.
Trying to get ahead of it.
Really trying to think through
what, what's next.
What's next, what's next.
My nightmare scenario
is ransomware.
That a ransomware actor would gain
access to a voter registration database,
lock it up, and say,
"Hey, election official.
"I've locked this up.
I'm not giving it back to you
unless you give me $3 million."
This is what gets me up
every morning.
It's the last thing
I think about at night.
I wake up in the middle
of the night
and think about it.
When I'm walking the dog.
Up here, oh,
it's a hellscape right now.
When you have a government
led by someone
who appears to be beholden
to Vladimir putin,
you don't have much confidence
that your own government
is going to protect
the integrity of our election.
I'm somebody who thinks that
putin should have paid a price.
I don't know if
we're gonna find out
exactly what the threat is
until, once again,
it's too late.
In 2020, the Russians are back,
but so are the Chinese.
And the Iranians.
And the North Koreans.
All of these countries
are just experimenting
with things that they learned
from watching the Russians.
They realize that they
can do damage to us,
by merely opening up
the chasms that already exist
in American society.
If it were going to be
a nation-state actor
who's gonna disrupt
the elections in 2020,
I think mostly likely
it would be the North Koreans
or the Iranians.
If we were going to look for
an Iranian attack, for example,
all they would have to do
is destroy one thing
in one state or one county,
in conjunction with an information
operation that would say,
"We are the holy warriors
of Iran,
and we successfully
locked up this server."
The press would cover it. There
would be all these questions,
and America would be
wrapped in knots.
At the same time, you know,
certain political leaders
might also take
advantage of that.
One final question. Our
intelligence agencies have said
that your country
is among the countries
that are attempting to interfere
in our election.
We don't interfere in the
internal affairs of another country,
but there is a cyber war
going on.
The United States started
that cyber war.
You remember Stuxnet.
Any war that
the United States starts,
it won't be able to finish.