Ninety-four minutes into Zero Days, Alex Gibney’s documentary about the American government’s expanding and largely invisible embrace of offensive cyber weaponry, the image of retired general James Cartwright appears on the screen. From 2007 to 2011 Cartwright was vice-chairman of the Joint Chiefs of Staff and a favorite of President Obama. But when he appears in Gibney’s film, it’s not as an advocate, it’s as a potential enemy of the state, accused of leaking classified information about Stuxnet, the sophisticated software worm that destroyed thousands of centrifuges at Iran’s Natanz nuclear enrichment facility between 2008 and 2010. Stuxnet went rogue in the process and infected computers throughout the world. “These are criminal acts when they release information like this,” President Obama told the press when queried about the leaks at the time, “and we will conduct thorough investigations, as we have in the past.” And then the government dropped the case. To prosecute Cartwright, the United States would have had to acknowledge that it had a hand, along with Israel, in developing and deploying a weapon that blew up the physical assets of another country. “To this day,” Gibney tells us, “no one in the US or Israeli governments has officially acknowledged the existence of the joint operation.” Cyber weapons are stealth weapons. Absent the flash and bang of bombs and guns, they arrive, like all computer code, in 0s and 1s; they are used to silently infiltrate individual machines and entire networks. They have the capacity to strike with great precision, shutting down critical infrastructure, confusing enemy signals, upending communications, and responding to and redirecting military attacks before they occur. The centrifuges targeted in Iran were producing weapons-grade uranium, the material needed to make nuclear bombs. They were sequestered inside a heavily guarded building that was not connected to the Internet. As a consequence, the Iranians assumed they were beyond reach and for years remained unaware that outside forces had taken them over. Equipment was blowing up, yes, but when it did they ascribed it to human error or shoddy workmanship. (People lost their jobs.) That is the signature of cyber weapons: they are written in invisible ink.
For years now, the United States, primarily through the National Security Agency, has devoted considerable resources to cyber spying, putting “back doors” on computers, infecting them with malware, tapping into cable transmissions. But the government’s concerted use of digital tools as ordnance is relatively new. It began—officially, at least—in the midst of the Stuxnet operation (code name “Olympic Games”) with the creation of the US Cyber Command in 2009. The year before, classified military networks…
This is exclusive content for subscribers only.
Get unlimited access to The New York Review for just $1 an issue!
Continue reading this article, and thousands more from our archive, for the low introductory rate of just $1 an issue. Choose a Print, Digital, or All Access subscription.