Eric Chien, a leading cybersecurity expert at Symantec, discusses the Showtime doc' Zero Days ,' how he uncovered the Stuxnet cyberattack on Iran, the election hackers, and much more.”>

The most terrifying film of the year isnt some J-horror mindfuck or Michael Moores stab at stand-up comedy, its Zero Daysa documentary about the state of cyberwarfare.

Acclaimed filmmaker Alex Gibneys latest chronicles the Stuxnet computer virus, a cyberweapon said to be created by the U.S. and Israel that targeted the Natanz nuclear enrichment lab in Iran, decommissioning approximately 1,000 centrifuges and slowing down the countrys nuclear program. Stuxnet was part of Operation Olympic Gamesa covert campaign waged by the two countries against Irans nuclear facilities that began under President George W. Bush in 2006, and continued under President Barack Obama. Olympic Games is likely the most significant covert manipulation of the electromagnetic spectrum since World War II, when cryptanalysts broke the Enigma cipher that allowed access to Nazi codes, wrote The Atlantic.

Zero Days interviews several CIA and NSA employees who assert that Olympic Games was part of a much larger Iranian cyber mission called Nitro Zeus. In the event that Israel launched airstrikes against Iran, the U.S. and Israel allegedly infiltrated Iranian command and control systems so they couldnt speak to each other in a fight; their IADs, or missile defense systems; electricity grid; transportation; and financial systems. We were inside waiting, watching, ready to disrupt, degrade, and destroy those systems with cyberattacks, the agents say in the film. We were everywhere inside Iran. Still are.

One of the computer experts who decoded and investigated Stuxnet was Eric Chien, a cybersecurity expert at Symantec whose job, he tells, consists of anything from protected your 16 -digit credit card number to protecting things like U.S. critical infrastructure. His job, more specifically, is to examine all the latest cyberattacks in order to understand how the attackers work, how their programs work, and how to build protections against them.

The Daily Beast spoke to Chien about state-sponsored cyberwarfare, the hackers on the Democratic National Committee and Clinton campaign chief John Podesta, and why we shouldnt be too worried about hacking on Election Day.

How do you decide attribution in a state-sponsored cyberattack? There seems to be some confusion over this in light of recent events.

Attribution isnt going to happen from looking at things like the binary code thats been created. You can get hints from that, but theres a real big issue with what people call false flags. Even if someone writes in their moniker, or a handle, or use a language operating system, or puts in dates of their working hours, they could be working in the middle of the night to hurl you off. From a binary view, looking at the samples and how the two attacks are conducted, its very difficult. The way attribution has to happen is through old-school intelligence. You have snoops working in different countries get information and discovering that countries have conducted different types of activities. Youre not going to see it purely through cyber forensic analysis.

The issue has come to the fore in the 2016 U.S. general elections. The Department of Homeland Security and the Office of the Director of National Intelligencea blended 17 intelligence agenciesissued a statement saying Russia was behind the election hacking.

It is pretty clear judging by the indicators of compromise[ IOCs ]. The binaries that were used to hack the DNC as well as Podestas email as well as some other Democratic campaign folks, those IOCs match binaries and also infrastructure that was used in assaults that were previously recorded by others as having Russian origin. That much we can confirm. So if you believe other peoplesprimarily governmentsattribution that those previous assaults were Russian, then these attacks are definitely connected. Were talking about the same binaries, the same tools, the same infrastructure.

I understand you and your firm have spent significant day analyzing the DNC and Podesta hackers. What groups are responsible, and how did you decide attribution?

Weve analyzed the tools, the binaries, and the infrastructure that was used in the two attacks, and from that we can confirm that its connected to a group that has two names. One is Sofacy, or Cozy Bear, and The Dukes, which is also known as Fancy Bear. From the binary analysis point of view, I can tell you that the activities of these attackers have been during Russian working hours, either centres on UTC +3 or UTC +4; they dont work Russian holidays; they work Monday to Friday; there are speech identifiers inside that are Russian; when you look at all the victim profiles they would be in interest to the Russian nation-state. So all of that stuff fits the specific characteristics. Now, could all those things be false flags? Sure. Other government entities plainly have come out and said it is the Russian state, and the binary forensics would definitely match that.

Is there linkage between the DNC and Podesta hackers and the 2014 State Department hackers that were also believed to be carried out by Russia?

Yeah, these are being conducted by the same groups. We know that from the IOCsby looking at appropriate tools they use and the infrastructure they use.

The New York Times lately ran a story that concluded while all signs point to Russia in the DNC and Podesta hackers, the Russians only wished to cause chaos and disrupt the political process in America and not elect Trump. It seems like all the attacks are currently underway against the Democrats and Hillary Clinton, so then how are you able reach the conclusion that the Russians arent trying to elect Trump?

Many of these attacks were happening prior to the nomination of Trump. Based on that hypothesi, people believe that there was a general plan for interruption, and it may be the case now that the easiest and best way to do so is in the manner “youre talking about”, but these attacks did not just start happening post-Trumps nomination. So in that sense, there is a feeling that its not a very Trump-specific activity versus an election disruption activity. This is the easiest way for them to disrupt the election.

But theyre trying to disrupt the election of Hillary Clinton , no? Are the Republican also being targeted?

Well, the Republican arent being targeted in a public way where their emails are being leaked. We havent seen that yet. But to say that the Republican campaigners or people havent had their machines infiltrated or documents stolen or things like thatthat we dont know. But I think its fairly reasonable to imagine that endeavors are being attained for that to happen as well. This just might be the easiest wayor the strategyfor the person or persons that want to disrupt the election to do so.

Should the American people be worried about voting machines being hacked on Election Day?

If the race were literally a one vote change, then the country would need to be worried. But the spread is large enough and spread amongst the country enough that it would require quite a conspiracy for it to be conducted. Can an election machine be hacked? Sure. But thats a very isolated opinion. You have to remember that, in many of these jurisdictions, they have policy procedures like bringing out the tapes, having two people review them, etc. Those checks and balances make it much more difficult to do. You find a lot of news that election machines can be hacked, and thats utterly the lawsuit, but there are procedural checks and balances that make it very difficult from succeeding.

[ youtube https :// www.youtube.com/ watch? v= C8lj45IL5J4? fs= 1& wmode =op aque& showinfo= 0& enablejsapi= 1& playsinline= 0& autoplay= 0]

Lets talk about the Stuxnet wormthe U.S ./ Israeli cyberattack against the Natanz nuclear enrichment facility in Iran. How did you come across it?

Get The Beast In Your Inbox!

Daily DigestStart and finish your day with the top stories from The Daily Beast.

Cheat SheetA speedy, smart summary of all the news you need to know( and nothing you don't ).

By clicking “Subscribe, ” you agree to have read the TermsofUse and PrivacyPolicy