Sunday, May 21, 2017

Zero Days (2016), a very interesting and well done documentary about Stuxnet

Here is my IMDb review for the film: A gold standard in documentary films and a very interesting story
Once you go beyond the automatic dislike of computer screen hexadecimals turning into beautiful 3D animations, which is the norm in all popularizing documentaries, you can see not only how interesting the story is and how well the film is done, but how much effort came into the gathering of the information in it.

This two hour film describes how Stuxnet changed the world, first from the eyes of malware researchers and how they discovered the worm and how they started to analyse it and realize how advanced it is and what it does, then goes into the political realm, describing how the US and Israel did this to Iran, then narrows down, showing not only how this was something the US did to prevent the Israelis to do even worse things, but how Stuxnet came back to bite its creators in the ass. In the end we are shown the true reality of a world in which anyone can do horrible damage with no attribution while the security institutions keep everything secret and out of public discussion and decision.

A very informative movie, filled with useful tidbits, showing the story of Stuxnet from start to end and to later consequences, interesting to both technical people and laymen alike. Well done!

I particularly liked the idea that the more aggressive the worm got, the less effective it was. Israelis pushed and pushed the US until the malware became more autonomous and the whole operation blew wide open and the Stuxnet worm infected American computers. It was funny to see how scared American agencies were about this new sophisticated malware attacking their systems, while other American agencies, the ones that created it, were prohibited by secrecy to reveal it was them.

I also found really interesting the fact that the most effective versions of the worm were subtle pieces of code that attacked very specific targets and needed a human operative to insert them into the system. The "public" version of Stuxnet, the one that became so visible antivirus people noticed it, that is the version that used stolen certificates and four zero-days exploits, but wasn't the one that actually delayed the Iranian nuclear operations for a year with no one the wiser about what was causing the damage. Blunt tinkering in the elegant code of the initial software led to its discovery and, indirectly, the creation of cyber warfare units in all national intelligence agencies.