Movie review: Zero Days (2016)

Zero Days is a sobering look at the recent past and our possible future. The documentary is a deep dive into a computer malware attack in 2010—its discovery, its history, and its implications.

The film starts with interviews from security experts associated with Symantec. They explain what they saw and how they teased out information from the malware code itself. This code was unusually bug-free, 20x the size of normal malware code, and very dense. This all suggests a nation-state was behind the malware attack—not cybercriminals, not activists.

The makers of the malware, which is dubbed Stuxnet based on words in the code, left some clues behind. Random numbers in the code turned out to be identification numbers for PLCs (programmable logic controllers), which control critical infrastructure. Certifications in the code came from two companies in close proximity to each other in Taipei, Taiwan.

Although the malware infected computers and systems worldwide, the code was designed to probe for a specific target. Everything not its target it ignored. It ran through certain checks, and if they were not confirmed, then an attack was not initiated. What was its target? Cybersecurity specialists were able to trace the attacks backwards to Iran. Through a series of deductions, they determined that the target was a nuclear facility in Iran.

The documentary interviews a number of officials and experts. Some questions are answered. But some aren’t. No one will confess to being behind Stuxnet or knowing really anything about it. Stuxnet is an open secret. We know it happened, but it is top secret so no one will talk about.

Zero Days gets around that a bit with people who will talk, like the cybersecurity experts who discuss the malware code they analyzed. David Sanger, the National Security Correspondent at the New York Times, describes the history and politics of Iran and the transfer of nuclear technology from Pakistan to Iran. An insider who was part of the organization that created the code at the NSA spills the beans—she is disguised physically and vocally. (In the end, it turns out that she was an actor reading a script of composite information. This information was gleaned from several experts at the CIA and NSA who came forward to set the story straight—the story that everyone was getting wrong.)

Olympic Games, the more official name of the program commonly referred to as Stuxnet, was a collaborative creation between the US, the UK, and Israel. The program was designed to get into systems, spy on them, and infect them—all without ever being detected. The US got involved in this, it seems, in order to reign in Israel’s desire at more destructive tactics against Iran. In the end, the US was not successful in curtailing Israel. Israel changed the code to make the malware more aggressive, which led to the Iranians noticing the malware.

Originally, the program infected an Iranian nuclear facility, waited as it studied the systems, and then began to modify the speed that centrifuges were running, which ultimately caused them to explode. All the while though the malware ran normal data on the computers that the engineers were monitoring, so it seemed as though nothing was wrong even though centrifuges were blowing up. Iran suspected problems with the centrifuges or the engineers, not malware—until the Israelis changed the code to shut down the computers. Then the Iranian discovered the malware.

To get to this point, remember, the malware supposedly harmlessly infected computers as it spread across the world. The malware was only designed to run on computers that met certain criteria, i.e., the Iranian computers in their nuclear facility.

But no one knew this. When Homeland Security discovered that computers across the US were infected, they were trying to figure out how to prevent critical infrastructure from being taken out. No one in the US government told Homeland Security that there was nothing to worry about. Instead, Homeland Security spoke to Congress and spent money and time trying to deal with a red herring. The agencies and people in the US in the know could not admit to involvement in the program. The left hand didn’t know what the right hand was doing.

But that wasn’t the only unintended side effect. Stuxnet attacked in 2010. In 2012, Iran conducted a cyberattack on Saudi oil facilities, erasing all of their programs and disrupting those facilities. In 2013, Iran caused a surge attack on several large American banks, creating a disruption in the banking system. Basically, Iran was telling the US, we can hit you the same way you hit us.

The US had unleashed a Pandora box. Cyberwar was now a game that was acceptable, with no rules, and anyone can play. And what did we achieve with Stuxnet? There was a one-year dip in the number of operating centrifuges in Iran and then a surge in 2012 as the Iranians expanded their nuclear program. So our goal of affecting their nuclear program really failed.

The disguised composite of NSA/CIA agents spoke of a larger program, Nitro Zeus, which is meant to infect all critical infrastructure in Iran—basically as a type of all-out war. The chilling thing is that taking out critical infrastructure wouldn’t just take out military targets. Critical infrastructure is everything needed for a society to function, including power and water. In theory, war is against combatants, not civilians. With Nitro Zeus, there is no distinction. Civilians will likely be the ones that suffer the most.

Ironically, the documentary mentions the 2015 Iran deal concerning its nuclear capabilities—a deal that the US recently walked away from. The dissolution of this deal will likely cause unintended consequences like the use of Stuxnet/Olympic Games did. The US seemingly partnered with Israel on Stuxnet to try to reign in Israeli actions (at least this is the implication that I picked up in the film), but clearly that didn’t work. Since then, Israel demanded the destruction of the Iran nuclear deal. When will we think through the unintended consequences of our actions?

Movie review: Persepolis (2007)

Persepolis relates the experiences of a young girl who lives through the Iranian revolution of 1979, the Iran-Iraq war, and the aftermath of the war. To the average American, Iran is only a repressive Islamic state. Persepolis brings a human face to modern Iran, showing the cost to actual people who lived through the revolution and the war.

Persepolis tells its story through black and white animation. The film is an Iranian-French-American collaboration in French, based on the story by Marjane Satrapi, who is also the heroine of the story.

At the start of the revolution, Marjane is a young girl, brash and courageous as some young girls are. She loves Bruce Lee and wants to be a prophet.

She supports the Shah until her father recounts how the Shah came to power, the repression he conducts, and an uncle imprisoned by the regime. Marjane learns about struggle, political prisoners, and communists—among her own family and in the community at large.

Along the way, we learn about some of modern Iran’s history. In one scene, the political collusion between the Shah-to-be and the British is made explicit—one wants unlimited power, the other oil. (The version of Persepolis I saw was in French with English subtitles. Listening to the British figure speak French was quite comical…and painful.)

The movie also provides brief lessons on the Islamic revolution and the Iran-Iraq war. Initially so hopefully, the revolution quickly turns from freedom to repression under a strict interpretation of Islam. Police to enforce conduct and clothing abound. Women are forced to cover their hair.

Marjane’s parents fear for her safety—she is a headstrong and outspoken girl and people are disappearing left and right. They send her to Vienna, where she bounces from group to group to group trying to fit in…and from residence to residence to residence. She ends up living on the street…and then lands in a hospital. She phones home, asking to return. The war is over so it is semi-safe for her to return to the repressive state that is Iran.

She returns to Iran as a young woman, no longer the little girl her parents knew. The state is as repressive as ever, much worse than anything under the Shah. The silliness of the rules appear in her university art classes. Botticell’s Venus is censored to the point that it really isn’t an artwork to appreciate. Drawing class is a farce with female models fully clothed in headscarves and long shapeless black robes.

Persepolis is ultimately a human story. Like people the world over, Marjane, her family, and others she interacts with just want happiness, enjoyment, and to live a good life. They struggle to attend parties and live life in the midst of the repression and the threat of imprisonment, torture, and death.

My favorite character next to Marjane, who shows such spunk as a girl but loses it to depression and despair in her young adult life, is her ever-present grandmother. So full of wisdom, she seemed to be a steadfast rock in the life of Marjane.

At one point, Marjane was in despair about her marriage ending. Her grandmother put it all in perspective. She herself divorced 55 years ago. Better to be alone than with a jerk. Besides, the tears weren’t for the marriage, her grandmother wisely said, they were for being wrong; admitting mistakes is hard.

I can easily see why Persepolis received the accolades it did. Delve into the chaotic world of Iran during the last couple decades of the 20th century through the eyes of an Iranian girl coming of age. Persepolis shows the experiences of an Iranian girl/woman struggling with the new Iran and with European culture.