El cibersabotaje, o la posibilidad de afectar al mundo físico a través de un virus informático, es la peor pesadilla de los profesionales de la seguridad. Centrales nucleares que puedan volar por los aires, aviones desviados en pleno vuelo, coches robados usando un simple móvil.
Category
😹
FunTranscript
00:00Internet is a monster, an uncontrollable network.
00:07It is rapidly becoming the medium through which the great catastrophes of the future could occur.
00:13Nuclear power plants, television networks, military infrastructures.
00:17The list of victims is growing every day.
00:20My biggest nightmare is that there are things that we know that we do not know.
00:24I mean that some of the attacks that we face are so sophisticated
00:28that they may have been successful, although we do not know it.
00:31And that is my biggest fear.
00:33The army, the police and the intelligence services are trying to take control of the situation.
00:38But what if they were coming too late?
00:41It's been 15 minutes since someone was officially killed.
00:44We want to get them out of behind their keyboards so they can't hurt anyone.
00:48As someone who has spent a season in jail,
00:50I am of those who think that jail should be only for people who represent a physical danger to others.
00:55Maybe it's too soon to panic,
00:58but we should all take into account how dangerous it is to leave our computer on.
01:04I'm not sure we ever had control of the Internet.
01:07It's true there are a lot of devices on the network that we don't control.
01:11It's true now and it's always been that way.
01:13The question I ask really is,
01:15if they're not proliferating on the Internet,
01:17those devices that we can't control or secure.
01:20Imagine if Paris ran out of electricity for 12 hours.
01:24Out of nowhere?
01:25Do you think there could be a kind of cyber-apocalypse?
01:30I cross my fingers.
01:31I pray that it never happens.
01:33But unfortunately, technically it's possible.
01:42In this documentary, we will discover the other side of the Internet mirror,
01:46the hidden secrets of the network.
01:49But let's go in parts.
01:51It's a beautiful day in the center of Paris.
01:59Jean-Pierre Lesueur is a computer security expert
02:02who became famous when he learned that Bashar al-Assad
02:05had used one of his creations, a spy virus,
02:08to hunt down the Syrian rebels.
02:12Since he was a child, Jean-Pierre has had the same freedom
02:15on the keyboard of a computer as on the piano.
02:22In his teenage years, he perfected a virus called Dark Comet,
02:26a simple and effective virus that became a benchmark
02:29among hackers around the world.
02:32But that success has given Jean-Pierre Lesueur
02:34more than a puzzle.
02:38My goal was never to create a tool that could be used
02:41to fight a cyber-war or carry out cyber-espionage.
02:44I always thought that hackers would use it,
02:46or rather, the script kiddies,
02:48to spy on their friends, their girlfriends,
02:50their classmates, for fun,
02:52but it was never the case.
02:54I always thought that hackers would use it
02:57to spy on their friends, their girlfriends,
03:00their classmates, for fun,
03:02but it was never the case.
03:06Jean-Pierre did not realize until the end of 2012,
03:09when the magazine Wired, the bible of Silicon Valley,
03:12revealed that the spy program he had invented
03:15was being used by the Syrian army
03:17to hunt down the hostile rebels of the Damascus regime.
03:24Jean-Pierre teaches us his baby,
03:27a program that allows us to hack any computer
03:30without its owner knowing it.
03:34Now I'm going to do the total control
03:36of the hacked computer.
03:38Here I have a complete image of the computer.
03:42I can open the files,
03:45explore what it has on the hard drive.
03:50I see that the computer has a webcam,
03:53so I can activate it.
03:56You see? It's done.
03:59I can also activate the microphone.
04:01Now I have audio and video.
04:08There is a bit of coupling,
04:10because the computers are glued.
04:12The hacker can even send a message.
04:15Hello, now I control your computer.
04:19And that's it.
04:21Jean-Pierre likes well-done things,
04:24free and effective,
04:26Dark Comet has become a kind of reference
04:28for the hacker community.
04:31Today on the Internet,
04:33analysts estimate that it is among
04:35the seven most used computer spying programs in the world.
04:40Which means that hundreds of thousands
04:43or even millions of people use it.
04:47I need a pendrive with the Dark Comet code.
04:51When he created the virus,
04:53Jean-Pierre only wanted his talent to be recognized.
04:56But he was playing a dangerous game.
04:59There are those who play this game
05:01just to make themselves known.
05:03I was one of them.
05:05And then there are those who do it for money
05:07and sell products like Black Shades,
05:09whose creator was arrested.
05:15Jean-Pierre's motivation was pure technical achievement.
05:19For his rival, the creator of Black Shades,
05:21was money.
05:45In New York, the FBI put an end
05:47to the rivalry between Dark Comet
05:49and Black Shades.
05:51Federal agent Patrick Hoffman
05:53was in charge of the operation
05:55that led to his arrest.
05:57The Black Shades virus
05:59became very popular on the Internet
06:01because of its simplicity.
06:03Because you didn't have to spend
06:05a lot of time learning the code
06:07or being involved in the world of LAMP
06:10to access someone else's computer.
06:14This essentially allowed an individual
06:16to get information
06:18about the family of another person,
06:21about what the person was doing at that moment.
06:24For example, an ex-husband,
06:26an ex-wife,
06:28or in general, an ex-partner.
06:30It also allowed him to steal
06:32the person's online identity passwords,
06:34such as username and password,
06:36which could then be used
06:38on shopping websites like eBay,
06:40PayPal or Amazon.
06:44A naive French teenager,
06:46some American programmers
06:48who wanted to make some money.
06:50These viruses have the most humble origins.
06:52But the damage caused by these
06:54homemade codes is impressive.
06:56The losses caused by cybercrime
06:58on a global scale
07:00were estimated at $400 billion
07:02only last year.
07:04The creators of Black Shades
07:06were arrested during a FBI raid
07:08two years ago
07:10because they were selling their creation,
07:12which means there was a criminal plot
07:14behind them and that's why they were arrested.
07:16Have you ever been interrogated
07:18in relation to Dark Comet?
07:20Absolutely, never.
07:22However, there have been companies
07:24of the Areva company,
07:26the French nuclear energy experts
07:28who have been victims of attacks
07:30that made use of Dark Comet
07:32and have not been the only ones.
07:34In Syria, for example,
07:36apparently my software
07:38was used to track
07:40the regime's opponents.
07:42It has been used against
07:44video game servers
07:46and against US military bases,
07:48so I have been able to read.
07:50More recently,
07:52the computer of Miss America
07:54Adolescente was hacked
07:56through Dark Comet.
07:58The FBI discovered
08:00the presence of the software,
08:02tracked the hacker who had used it
08:04and is now in prison.
08:08The Dark Comet code is eternal.
08:10It will go hand in hand
08:12without Jean-Pierre Lesueur
08:14being able to do anything
08:16to stop it.
08:18Our mission in the cybercrime department
08:20is to identify, chase and defeat
08:22our cyber-adversaries.
08:24We are not just trying to mitigate
08:26the security gaps.
08:28We want to identify the individuals
08:30who are responsible and get them
08:32out of their keyboards
08:34so they can't do more harm.
08:36Our ultimate goal
08:38is an overriding virus
08:40called Dark Comet.
08:42Are you aware of the existence
08:44of the Dark Comet product?
08:46Yes, I am,
08:48but I'm not authorized
08:50to comment on the detentions
08:52or the investigations
08:54that have been carried out
08:56in relation to Dark Comet.
08:58Jean-Pierre Lesueur
09:00is not on the list of hackers
09:02most wanted by the FBI.
09:04He has been careful
09:06to avoid any illicit activity
09:08on the Internet.
09:10But now he has breakfast
09:12almost daily with the news
09:14of a new victim
09:16of his infernal plot.
09:18When you post a program
09:20on the Internet,
09:22it's forever.
09:24If I had known
09:26that it would end up
09:28having that impact
09:30in the cyberzone,
09:32I would never have posted
09:34on the Internet.
09:44Every year in Monaco
09:46there is a conference
09:48of cyber security experts
09:50who do their best
09:52to keep order in the network.
09:58Eugene Kaspersky
10:00is one of the stars
10:02of these events.
10:08He is one of the few Russian entrepreneurs
10:10who have made a fortune
10:12with technology
10:14and is the director
10:16of the world's leading antivirus company.
10:26Eugene loves to party.
10:28However,
10:30he often gets stuck
10:32with his worst predictions.
10:34My fear is that sooner or later
10:36traditional terrorists
10:38end up hiring
10:40professional cybercriminals
10:42to assist them.
10:44I'm afraid that now
10:46cyber threats
10:48are going to evolve
10:50and from mere cybercrime attacks
10:52they will become
10:54increasingly complex cyberattacks,
10:56orchestrated by criminal organizations,
10:58by states themselves
11:00and by traditional criminal organizations
11:02like the mafia.
11:04All those agents
11:06will occupy the same space
11:08and my fear is that they will end up
11:10working together
11:12and learn from the attacks
11:14commissioned by states
11:16and feed off
11:18the traditional criminal organizations.
11:20I think the next step,
11:22the most logical step,
11:24is cyber sabotage.
11:28I think the next step
11:30is cyber sabotage.
11:58Come on!
12:00Do you know if this place
12:02has a fire alarm?
12:04Don't start fires.
12:06If you start a fire,
12:08you have to share it.
12:28Chris Rock tries to surprise others
12:30and those who have the most
12:32shameless ideas
12:34are sure to succeed.
12:36Some of them, however,
12:38are frankly disturbing.
12:42Chris Rock
12:44comes from Australia
12:46where he was interested in
12:48a somewhat archaic but brilliant industry
12:50the funerals.
12:52He discovered that without
12:54the slightest technical manipulation
12:56we can kill someone
12:58and introduce our name.
13:00Then, with just a computer
13:02and the desire,
13:04we can officially kill
13:06someone we have sworn to.
13:08It takes 15 minutes
13:10to officially kill someone,
13:125 minutes to get the death certificate
13:14and another 10 for the burial.
13:1615 minutes to erase
13:18a name from public records.
13:20A round of applause for Chris Rock.
13:22But this year,
13:24the most daring hacker
13:26is Chris Roberts,
13:28a cyclist and programmer
13:30from Denver.
13:32You know, at DEFCON
13:34there are 10, 15 or 20,000 people.
13:36A lot of them are interested
13:38in the research,
13:40but how is the research regulated?
13:42I think it's what some teams
13:44are trying to negotiate
13:46with the government
13:48and the companies
13:50and with us
13:52I want to try this and see how it works.
13:54I want to see how I can break this.
13:56He jumped to fame
13:58all over the world
14:00for a simple tweet.
14:02In April 2015, Chris Roberts
14:04was on a commercial flight
14:06when he sent a worrying message
14:08in which he explained
14:10that by hacking the audiovisual
14:12entertainment system of his seat
14:14he had managed to penetrate
14:16into the computer of his plane.
14:18His feat ran like wildfire
14:21Would it be possible
14:23for someone to take control
14:25of some kind of transport system,
14:27a plane or something?
14:29I would say yes.
14:31I think it would be.
14:33If they did enough research
14:35and they did enough work,
14:37I think it's possible, yes.
14:39It's a big one.
14:41Is it really possible
14:43to take control of a plane
14:45through a Wi-Fi connection?
14:47Chris Roberts doesn't go into detail
14:49about the FBI's instructions
14:51not to talk about the whole thing.
14:55The law is beckoning us,
14:57there's no doubt about it.
14:59They're taking advantage
15:01of the abuse and computer fraud law
15:03and all kinds of laws
15:05and that makes it difficult
15:07to do the research.
15:09For me personally,
15:11I find it dangerous
15:13to do research on vehicles
15:15and transport systems
15:17so what do I do?
15:19Do I try my theories
15:21or do I test them
15:23and put myself out of the law?
15:25I would much rather
15:27that there was a cooperation
15:29between us and the authorities
15:31but that's not always the case.
15:33In France,
15:35the defense of the most critical
15:37infrastructures
15:39is run by the ANSSI,
15:41the National Security Agency
15:43of Computer Systems.
15:45Taking control of a plane
15:47through a passenger's seat
15:49is totally impossible
15:51for a very simple reason.
15:53The flight control system
15:55is completely isolated
15:57from everything else.
15:59It's physically isolated.
16:01So, honestly,
16:03I don't see how it would be possible
16:05and we've studied it very closely.
16:11We live in the average cyber age.
16:13We have this great invention
16:15which is the internet
16:17but still we don't know
16:19how to use it in a secure way.
16:21Experts don't agree.
16:23Some want to reassure us
16:25while others try to scare us
16:27so that we resort to their services.
16:29Who really understands
16:31what happens inside a computer?
16:33Is it imminent
16:35that a catastrophe occurs
16:37or is it highly improbable?
16:39When an attack occurs,
16:41what happens?
16:43TV5MON has been a victim
16:45of a powerful cyber attack.
16:47This sabotage has produced
16:49a blackout in all our networks.
16:51One thing is clear.
16:53It is a large-scale cyber attack
16:55without precedents.
16:57The self-proclaimed Islamic State
16:59has claimed the authority of the attack
17:01which shows that this terrorist group
17:03has a considerable technological expertise.
17:05TV5MON gives an example
17:07of a cyber attack manual.
17:09In 2015, some hackers
17:11who claimed a supposed cyber caliphate
17:13took control of the antennas
17:15and the entire social networks
17:17of the international public service network.
17:21Everything stopped.
17:23It was the first time
17:25something like this happened
17:27in the history of television.
17:29Our 12 networks,
17:31which reach about 300 million homes
17:33around the world,
17:35suddenly and simultaneously turned off.
17:37It was something never seen
17:39in the history of television.
17:41The Parisian prosecutor's office
17:43has initiated an investigation.
17:45The impact was considerable.
17:47The first affected
17:49were the employees,
17:51but the attack caused damage
17:53worth 15 million euros.
17:55We face certain terrorists
17:57and we are also determined
17:59to defeat them.
18:01After the attack on TV5MON,
18:03at first the Islamic State
18:05did not react.
18:07However, one of the characteristics
18:09of any cyber attack
18:11is precisely its impenetrability.
18:13Can a specific origin be attributed
18:15to an attack?
18:17That is not my problem.
18:19It is not the agency's problem.
18:21We are the firefighters.
18:23The firefighters are running
18:25to put out the fires,
18:27but they do not investigate
18:29who caused them.
18:31Is there anything to hide?
18:33Have you been able to identify
18:35the origin of the attack
18:37on TV5MON?
18:41Since the case of TV5MON
18:43is still being investigated,
18:45I can not say much.
18:47I see, but ...
18:51There have been a series
18:53of official statements
18:55that pointed to a group
18:57of Russian hackers.
18:59Can you confirm it?
19:04Can you navigate
19:06completely anonymously?
19:08Yes, with a good VPN.
19:11Can we see how it works?
19:13It's very simple.
19:15For example, I connect to the Internet.
19:17I already have a network configured.
19:19As you can see,
19:21this is my real location in Paris.
19:23Then, like those
19:25who attacked TV5MON,
19:27Jean-Pierre hides his whereabouts
19:29with a couple of clicks.
19:31Now the location is TelenorNord,
19:33which is in Sweden,
19:35as you can see.
19:37I'm not in Paris anymore,
19:39virtually speaking.
19:41Now I'm in Sweden.
19:43The truth is that
19:45any Internet user
19:47who wants to remain
19:49completely hidden
19:51can do it.
19:53And since 2011,
19:55the United States
19:57has been financing
19:59a new anonymous Internet
20:01under the official network.
20:07This deep web
20:09welcomes everyone
20:11who needs to hide.
20:13Hackers, traffickers, terrorists.
20:17It's hard to access it,
20:19but you can explore it
20:21through TOR.
20:23Originally,
20:25it was a network
20:27that was created
20:29to facilitate anonymity
20:31for good reasons,
20:33for example,
20:35for journalists
20:37who live in countries
20:39where they can fear for their lives
20:41or in countries that filter
20:43Internet access
20:45so that users can only
20:47visit certain pages.
20:49Using TOR,
20:51they can avoid those filters
20:53and obtain real information
20:55that is where
20:57anonymizing activities
20:59clearly makes it difficult
21:01for us to understand
21:03who is actually attacking you
21:05and from where and what they want.
21:07However, the TOR network
21:09is being subsidized by the United States.
21:11Well, you'd need to ask
21:13the Americans.
21:15I understand that the FBI
21:17has found a method
21:19to spy on everything
21:21that is done through TOR.
21:23In the Deep Web,
21:25drugs are sold openly.
21:27You can buy weapons
21:29without leaving a trace.
21:31Documents can be falsified.
21:37And if we do business
21:39in the Deep Web,
21:41the police will see them
21:43and will want them
21:45to throw us the glove.
21:47However, sooner or later
21:49they will end up doing it
21:51to us.
21:55However,
21:57this also has a solution.
21:59In 2009,
22:01a guy named Satoshi Nakamoto
22:03invented a currency
22:05not controlled by banks,
22:07Bitcoin.
22:09I think the thing that makes
22:11Bitcoin unique is the fact
22:13that it's a digital version
22:15of money,
22:17kind of like how the Internet
22:19used to be,
22:21and people didn't realize
22:23that information was free.
22:25I think Bitcoin,
22:27being a form of money
22:29that exists only on the Internet,
22:31will have the same amount
22:33of profound impact on society
22:35because people will start
22:37to realize that now,
22:39commerce on the Internet,
22:41global commerce
22:43without intermediaries
22:45is now possible
22:48Bitcoin
22:50Bitcoin seems like
22:52the dream of every anarchist.
22:54A bunch of programmers
22:56hack their own currency
22:58through a network
23:00that doesn't belong to anyone.
23:02Goodbye to central banks,
23:04bank commissions
23:06and income statements.
23:08However,
23:10no matter how libertarian
23:12this currency is,
23:14it's also a breath of fresh air
23:17Bitcoin
23:19Bitcoin
23:21Bitcoin
23:23Bitcoin
23:25After a period of marginal interest,
23:27Bitcoin soon took root.
23:29Marc Carpelles,
23:31a Frenchman based in Tokyo,
23:33would end up symbolizing
23:35the turbulent adventures of Bitcoin.
23:39This manga and apple pie fan
23:41decided to open a house
23:43in exchange for Bitcoins.
23:46Mt. Gox
23:48Our pie is ready.
23:50Thanks to Mt. Gox,
23:52the pioneers of the virtual currency
23:54could buy and sell Bitcoins
23:56with and in exchange for real money.
24:02It was a total success.
24:04A few months after launching Mt. Gox,
24:06Marc Carpelles was the first surprised
24:08when the price of Bitcoin
24:10rose from $40 to $1,200.
24:13How much real money are we talking about?
24:15How much money does it come and go?
24:17It depends on the day,
24:19but it comes in between
24:21$5 and $20 million in the system.
24:23As for outgoing transfers,
24:25we currently see that they come out
24:27between $300,000 and $1 million a day.
24:29So a lot of money comes in
24:31and not much comes out,
24:33so I guess there's still room
24:35for Bitcoin to raise more.
24:37Tokyo police don't know what to think.
24:39Is Marc's company legal?
24:41And what if Mt. Gox
24:43was nothing more than a new black money launderer?
24:47In August 2015,
24:49the financial police turned
24:51the arrest of the French
24:53into a media circus.
24:55Mt. Gox was bankrupt.
24:57And for the desperation of its clients,
24:59the amount of $500 million
25:01or 650,000 Bitcoins
25:03had evaporated from its safe
25:05in the Deep Web.
25:11I think in the beginning,
25:13the Cybercrime Division
25:15investigated Marc as a victim,
25:17more than as a villain.
25:19But then the Financial Division
25:21came into play and said,
25:23we've lost a lot of money.
25:25Someone has to go to jail.
25:27There must have been some hackers
25:29who got into the system
25:31and realized that if they emptied
25:33all the Bitcoins from the server,
25:35they would be discovered instantly.
25:37So what they did, apparently,
25:39was take them all.
25:41But the fall of Mt. Gox
25:43did not end the Bitcoin.
25:45The fans of the virtual currency
25:47continue to meet regularly
25:49to vent
25:51in this little bar in Roppongi.
25:57Roger Ver,
25:59known as the Bitcoin Christ,
26:01was especially affected
26:03by the unfortunate fall of Marc Carpelles.
26:05I don't know what happened.
26:07I've been to a lot of places
26:09all over the world,
26:11and in that aspect,
26:13he failed,
26:15but we don't know what happened exactly.
26:17I'm sure a lot of things
26:19happened between the bambolins.
26:21Maybe the money
26:23was stolen by a bunch of hackers,
26:25but Marc's job
26:27was to protect us from those hackers.
26:29So the bad guys stole the Bitcoins.
26:31$500 million
26:33went up in smoke.
26:35Julian Laglace
26:37is a close friend of Marc.
26:39This is Marc in his apartment.
26:41He argues
26:43against the accusations made
26:45about his friend and provides
26:47an interesting view of the matter.
26:49If someone,
26:51whatever they are,
26:53manages to get $500 million,
26:55why would they stay in the country
26:57and not do anything to hide,
26:59having plenty of time to do it?
27:02Do you think Japan
27:04has received pressure from other countries?
27:06Yes, I'm sure of it.
27:08What kind of pressure?
27:10Maybe pressure
27:12from the American government
27:14or from the bank lobbies.
27:16The success of Bitcoin
27:18had raised a lot of dust.
27:20In what sense
27:22are the bank lobbies affected by Bitcoin?
27:24It's money they have no access to,
27:26and that pisses them off.
27:28Banks don't like not having access
27:30to Bitcoin,
27:32they don't like not having
27:34any control over it.
27:36Do you mean that there are
27:38important institutions
27:40in the United States,
27:42for example,
27:44that could have attacked
27:46Mt. Gox to take the company
27:48to bankruptcy?
27:50Just an example, but yes.
27:52Could the bank conspire
27:54to organize the fall
27:56of Marc Carteles?
27:58We know that the tax authorities
28:00and the financial institutions
28:02do not exercise any control.
28:04Marc Carteles was playing
28:06a dangerous game
28:08against the interests
28:10of the powerful.
28:12JP Morgan's president,
28:14Jamie Dimon,
28:16the most powerful banker in the world,
28:18answered a question
28:20in a seminar
28:22recently organized
28:24by Fortune magazine.
28:26It's an illegal currency
28:28and it goes against
28:30the US legislation.
28:32If it's used again,
28:34we'll put it in jail.
28:36It's over.
28:38It's my personal opinion.
28:40But I don't think
28:42there will ever be
28:44a currency uncontrolled
28:46in the world.
28:48No government
28:50would accept it
28:52for long.
28:54Bitcoin is a great innovation.
28:56But I'm afraid
28:58the world is not ready
29:00for it.
29:02Because at the state level
29:04and at the criminal level,
29:06cryptocurrencies
29:08generate more problems
29:10than benefits.
29:12I'm afraid
29:14that the world
29:16is not ready
29:18for it.
29:20I'm afraid
29:22that the world
29:24generates more problems
29:26than benefits.
29:28I'm afraid
29:30that the states
29:32are not happy
29:34with what's going on.
29:36I'm not surprised
29:38if there were more regulations,
29:40but the idea
29:42is absolutely brilliant.
29:44And I really think
29:46that our great-grandchildren
29:48will live in a world
29:50where the utopians
29:52all over the world
29:54dream of doing good,
29:56criminals and authorities
29:58rush to return them
30:00to reality.
30:02Cybercriminals
30:04want your money.
30:06Cyber spies
30:08want your data.
30:10And cyber sabotage
30:12and cyber terrorism
30:14want to kill you.
30:16And what about us?
30:18We are transforming
30:20strange hybrids.
30:22Let's imagine, for example,
30:24that a criminal gang
30:26was hired by some spies
30:28to pass through a terrorist group.
30:30Crazy, right?
30:32Well, maybe it doesn't seem so
30:34once we discover the truth
30:36that is hidden behind
30:38the attacks of TV5MOND.
30:40The purpose of this attack
30:42was the destruction
30:44of TV5MOND.
30:46APT28
30:48APT28 is a group of Russian hackers
30:50who have been refining their methods.
30:52Their particular competencies
30:54have a high cost,
30:56but they had no financial interest
30:58in attacking TV5MOND.
31:00So who paid them?
31:02There is no lack of hypotheses.
31:04It is rumored that the Kremlin's
31:06arches could have helped
31:08finance the operation
31:10in a context in which
31:12the issue of the Mistral helicopters
31:14could have been resolved
31:16with a veil of secrecy.
31:18Currently, all the armies
31:20in the world aspire to
31:22endow themselves with cyber weapons.
31:24They are especially attractive
31:26since a country can use them
31:28without the enemy being
31:30100% sure of the origin
31:32of the attack.
31:34The purpose of computer weapons
31:36is to reinforce conventional forces.
31:38It is a new form of intensive attack
31:40whose effects can be
31:42seen and heard.
31:44We have already heard about the virus
31:46Stuxnet, which is introduced
31:48in the heart of a theoretically
31:50well-fortified device,
31:52an Iranian nuclear plant.
31:54Stuxnet was the first
31:56large-scale cyber weapon.
31:58It was conceived in 2010
32:00by Israel and the United States
32:02to put a stop to the nuclear
32:04program of the Islamic Republic
32:06of Iran.
32:08The operation worked wonderfully,
32:10but it was not successful.
32:14The Internet is becoming more military.
32:16In Latin America,
32:18in North America of course,
32:20in many European nations
32:22and also in some Asian nations.
32:24Unfortunately, there are many states
32:26involved in this arms race.
32:28I hope and pray that they never
32:30use that weapon.
32:32What is a cyber weapon?
32:34It is a virus designed to infiltrate
32:36an especially sensitive target.
32:38In the case of Stuxnet,
32:40the goal was to sabotage the centrifuges
32:42intended to enrich uranium,
32:44which could later serve to make
32:46nuclear weapons.
32:50For many years, Stuxnet
32:52disrupted the production of Iranians
32:54without being detected.
32:56How is it possible?
33:00Stuxnet is a super virus that took
33:02advantage of a series of breaches
33:04detected in the centrifuge software.
33:08These weak points are known
33:10as vulnerabilities of day zero,
33:12and cyber weapons can exploit them
33:14because they are undetectable.
33:16Finding those vulnerabilities
33:18of day zero can be a lucrative business,
33:20so there are whole squads
33:22of keyboard virtuosos
33:24who are dedicated to looking for software
33:26failures that allow them to sneak
33:28into certain high-profile machines.
33:30The final race to find
33:32the vulnerabilities of day zero has begun.
33:34The more powerful
33:36is the attack of day zero.
33:38The more extensive
33:40and easy to spread
33:42is the infection.
33:44More money can be demanded for it.
33:52A vulnerability of day zero
33:54is like a sinkhole in a road
33:56through which all drivers pass
33:58and someone finds that hole,
34:00that anomaly causing the accidents,
34:02but instead of warning the authorities,
34:04or a terrorist group,
34:06they can use it to carry out an attack.
34:10The most famous attacker
34:12of day zero in the world
34:14is French.
34:16His name is Chaucky Becquerel.
34:18For years he won
34:20all the international
34:22hackers championships
34:24with his team.
34:26He even presents himself
34:28as the Darth Vader of the Internet.
34:30His company,
34:32Bupen, had its headquarters in Montpellier,
34:34in the south of France,
34:36but in 2012 it was reoriented
34:38after signing a contract
34:40with the National Security Agency
34:42of the United States.
34:44Suddenly Bupen became
34:46one of the most profitable
34:48companies in France,
34:50with profits of more than
34:52one million euros and an
34:54invoicing of a little less
34:56than three million.
34:58He decided to move his company
35:00to a small city located
35:02on the outskirts of Washington D.C.
35:06Despite our repeated attempts
35:08to interview him,
35:10Chaucky Becquerel has repeatedly
35:12refused to comment
35:14on the activities of his company.
35:16We decided to go in his search
35:18to question him
35:20about the destructive capacity
35:22of his weapons.
35:24His last known address
35:26is the U.S.
35:28U.S.
35:30U.S.
35:32U.S.
35:34U.S.
35:36U.S.
35:38U.S.
35:40U.S.
35:42U.S.
35:44U.S.
35:46U.S.
35:50U.S.
35:52U.S.
35:54U.S.
35:56U.S.
35:58U.S.
36:00U.S.
36:02U.S.
36:04U.S.
36:06U.S.
36:08U.S.
36:10U.S.
36:12U.S.
36:16U.S.
36:18U.S.
36:20U.S.
36:22U.S.
36:24U.S.
36:26U.S.
36:28U.S.
36:30U.S.
36:32U.S.
36:34U.S.
36:36U.S.
36:38U.S.
36:40U.S.
36:42U.S.
36:44U.S.
36:46U.S.
36:48U.S.
36:50U.S.
36:52U.S.
36:54U.S.
36:56U.S.
36:58U.S.
37:00U.S.
37:02U.S.
37:04U.S.
37:06U.S.
37:08U.S.
37:10U.S.
37:12U.S.
37:14U.S.
37:16U.S.
37:18Now, it is unlikely that Bekrar would venture to offer a million dollars in exchange for a vulnerability whose exploitation would be a federal crime in the United States.
37:28To be able to venture into that field, he must have sworn loyalty to a state.
37:33And most likely, is that Chauki Bekrar is developing his activity under the umbrella of the National Security Agency.
37:40It remains to be seen if that support will lead to a lasting relationship.
37:46Selling those security gaps to people who will use them for purposes that are probably not very honorable,
37:53is a clear lack of ethics that does not surprise me in modern society.
37:58Since a few years ago, this part of ethics has been shining for its absence, but it is still morally unacceptable.
38:06There is a time to make money, it is very good, but be careful.
38:12And if those vulnerabilities were sold to the French army?
38:15We would be talking about something else, it would be completely different.
38:20Bruce Schneier is a Harvard professor and is one of the most respected experts in cybersecurity in the United States.
38:27Okay, is it your turn?
38:28Yes.
38:29I think so.
38:30Okay, well, the microphone is yours.
38:31His eccentric personality has conquered both hackers and defenders of public liberties.
38:37Right now there is a very flourishing market of vulnerabilities from day zero,
38:41which are being acquired by governments, by companies and by criminals.
38:44This is bad news, because it contributes to making sure that the Internet is not secure.
38:50I think vulnerabilities should be disclosed and fixed.
38:54If governments accumulate vulnerabilities, they are increasing their own vulnerability, as well as that of the whole world.
39:00I would like to see the United States buying them and publishing them to fix them.
39:04We have already seen several cases of very complicated and very professional attacks,
39:08financed by states that spread freely.
39:12And the criminals were able to make copies of those viruses.
39:16And they quickly learned to copy and paste those vulnerabilities from day zero.
39:22Those new techniques and technologies to develop criminal viruses.
39:29It is very important that we understand this.
39:32The software is software.
39:35The digital is digital.
39:37And therefore it is very easy to copy and paste.
39:41The problem is that there are so many nation states and criminal associations that are creating very sophisticated tools.
39:48And I don't think that trend will go away.
39:50The answer is that we have to take the lead and stop those threats before they affect us.
39:56Whether they come from a criminal agent or a nation state,
39:59the threats now can affect both the economy and the families in their homes.
40:04I think that the sale of vulnerabilities from day zero to governments and entities that want to spy on us and basically keep an eye on us is wrong.
40:14A vulnerability can affect millions of computers.
40:17And instead of fixing them and helping everyone navigate better, they use them to spy on 10, 15 or 20 people.
40:23I don't agree with that.
40:25I don't think it's a good way to proceed.
40:29Do you think there could be a kind of cyber-apocalypse?
40:35I pray that it never happens, but unfortunately technically it is possible.
40:43The network develops like a living creature.
40:45Jean-Pierre Lesueur, Marc Carpelles or Chauki Bekrar have seen their lives trampled by the power of a tool they thought they had under control.
40:55Gangsters, spies and terrorists are a legion on the internet.
41:00We could expect a massive attack around the corner.
41:03Are we prepared?
41:07What is your worst nightmare in your activity?
41:11Not being able to deploy the RRT device in time, for example.
41:14You have to be fast enough to intervene on the ground and circumscribe the immediate problem.
41:19And how long does it take to deploy a device?
41:21It's pretty fast. We can estimate that about 72 hours, more or less.
41:2672 hours to deploy a device?
41:28Yes, as long as it takes to make the decision.
41:30What do you mean?
41:31The process takes time. The different NATO nations have to reach an agreement.
41:51For more UN videos visit www.un.org