We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

Learn more
Zero Days Movie

Berlin International Film Festival and Zero-Day Exploits

At the Berlin International Film Festival 2016, Oscar-winning director Alex Gibney takes on the topic of Zero-Day exploits with a prominent example: The computer worm Stuxnet. Many films of this year’s film festival in Berlin are exciting and worth watching. But, we are most excited about the documentary Zero Days, which deals with the steady and fast rising cyber world and its vulnerabilities. What happens when hackers and institutions not only steal and destroy data, but use malware to control machines, systems and networks using zero-day exploits?

Stuxnet: The First Cyber Weapon

The movie centers around the computer worm Stuxnet, which can be described as the first digital weapon and part of Operation NITRO ZEUS, which is said to originate from the US and Israel, with the aim to disrupt the Iranian nuclear program. The worm causes real damage in machines which are controlled by the Computers that are affected. At the Iranian nuclear plant in Natanz centrifuges that separate nuclear material have been destroyed. If the worm was actually designed and spread by the US and Israeli Government – it is vehemently denied, but Gibney aims to prove it by interpreting the code of the worm and other findings – then this means that Stuxnet is part of the first, actual cyber war. Director Gibney calls it the most complex cyber war plan that the US ever designed (German source: Zeit).

Zero-Day Exploits

The title of the film refers to so called zero-day exploits, which are attacks that take advantage of unknown vulnerabilities in software. The name comes from the fact that in the case of an attack there are zero days left – which means no time at all – to fix the vulnerability. The damage is already done. Very often, those vulnerabilities only become publicly known after a zero-day exploit happens. Afterwards, the developer of the software tries to create a patch. Before they do that, even antivirus software cannot protect the system from that malware. According to Wired-author Kim Zetter, who wrote a book about Stuxnet (Countdown to Zero Day), the worm used several zero-day vulnerabilities, for example the print-spooler zero-day exploit, which Kaspersky Lab later found in the Code of the targeted Siemens computers.

Human Hosts Used to Spread the Worm

Another interesting point are the different ways to distribute the worm. The malware was programmed in a way that it could also reach computers which are not online; it can spread over USB flash drives. To reach the nuclear power plant, which operates offline, potential contractors were infected with the worm. Their systems are connected to the internet and their security standards are probably lower than the ones at a military facility. The worm infected the USB drives of those companies and through them found its way to the high security facility. Industrial and military facilities depend on outside contractors and are therefore vulnerable, since many companies don’t train their employees sufficiently in cyber security and risks.

Zero Days offers exciting and scary insights about the possibilities of cyber warfare and directs public attention towards the important topic of cybersecurity. Because of its great investigative efforts it would have more than deserved to be the first documentary to win the Golden Bear at the International Film Festival Berlin.

Share this article

Related Articles

graphics

Our New Chapter with Dropbox: What Boxcryptor Users Need to Know

Last week we already announced that we sold important technology assets to Dropbox. What our customers need to know now, we explain in detail here.

graphics

A letter from our Founders: We’re joining Dropbox!

Almost 12 years ago, we set out to make complex security solutions easy to use. Now we are excited to share that we are set to begin a new chapter with Dropbox, Inc.

Dummies Book Cover and Back

CLOSED We Celebrate Our Book Release: Your Chance to Win

We have published our first book to get even more people excited about the cloud and data security. Celebrating the official launch, you can win printes copies and Boxcryptor licenses in our raffle. Read about the details in our blog post.