1 00:00:06,000 --> 00:00:09,840 It's a rather unlikely group of scientists. 2 00:00:09,840 --> 00:00:12,480 They're experts in codes and code-breaking... 3 00:00:14,240 --> 00:00:18,800 ..leading researchers in the baffling world of quantum physics. 4 00:00:18,800 --> 00:00:22,600 They may have built the most advanced computer in the universe. 5 00:00:24,960 --> 00:00:29,040 And together, they're taking on one common enemy... 6 00:00:32,000 --> 00:00:33,400 ..hackers. 7 00:00:39,920 --> 00:00:43,360 The greatest threat today to the world is the keyboard. 8 00:00:43,360 --> 00:00:45,600 In the past, it may have been nuclear weapons 9 00:00:45,600 --> 00:00:47,640 or weapons of mass destruction. 10 00:00:47,640 --> 00:00:51,120 Today, we see that same level of capability being exercised 11 00:00:51,120 --> 00:00:54,800 by lone individuals using keyboards as opposed to bombs. 12 00:00:55,800 --> 00:00:59,080 Hackers are trying to devise ways to steal our money, 13 00:00:59,080 --> 00:01:03,520 our identities, our secrets. 14 00:01:03,520 --> 00:01:05,440 The internet is a bad neighbourhood. 15 00:01:05,440 --> 00:01:08,080 How often are ne'er-do-wells coming by to rattle the door? 16 00:01:09,560 --> 00:01:12,760 In the digital world, they're rattling the door knobs all the time. 17 00:01:15,040 --> 00:01:17,240 But it's not just criminals. 18 00:01:17,240 --> 00:01:21,120 Recently, the extent of government eavesdropping has been revealed. 19 00:01:23,440 --> 00:01:27,640 And now, powerful cyber-weapons are being uncovered. 20 00:01:30,880 --> 00:01:34,000 My mouth was, like, wide open, going, "Oh, my God. 21 00:01:34,000 --> 00:01:36,000 "Oh, my God. Oh, my God." 22 00:01:36,000 --> 00:01:40,040 In this murky world, scientists are trying to harness 23 00:01:40,040 --> 00:01:45,120 the laws of physics and mathematics to protect us from the hackers. 24 00:01:59,800 --> 00:02:03,000 Mat Honan considered himself to be pretty savvy 25 00:02:03,000 --> 00:02:05,880 when it came to security and the internet. 26 00:02:07,680 --> 00:02:12,320 But last year, he discovered just how devious hackers can be. 27 00:02:20,080 --> 00:02:23,200 The first clue that something bad was happening 28 00:02:23,200 --> 00:02:25,920 came when he tried to charge his phone. 29 00:02:25,920 --> 00:02:31,200 When I went to plug it in, the phone had this icon on it, 30 00:02:31,200 --> 00:02:34,680 an iTunes icon and a plug, that's the same kind of thing that you see 31 00:02:34,680 --> 00:02:36,800 the very first time you turn on an iPhone. 32 00:02:39,720 --> 00:02:43,000 And so I went to connect it to my computer and when I opened up 33 00:02:43,000 --> 00:02:48,280 my computer, the screen turned grey and it asked for a four-digit PIN. 34 00:02:48,280 --> 00:02:50,800 And I knew I didn't have a four-digit PIN, I hadn't set up 35 00:02:50,800 --> 00:02:52,160 a four-digit PIN. 36 00:02:52,160 --> 00:02:54,240 I grabbed my iPad out of my bag. 37 00:02:57,600 --> 00:03:00,080 And my iPad was also in this reset state 38 00:03:00,080 --> 00:03:01,880 that wanted a password to proceed 39 00:03:01,880 --> 00:03:04,720 and the password that I knew should have worked didn't work. 40 00:03:04,720 --> 00:03:07,880 At that point, I knew that I was being hacked. 41 00:03:10,200 --> 00:03:11,600 That was pretty terrifying. 42 00:03:11,600 --> 00:03:14,120 I didn't know what they were doing at this point. 43 00:03:14,120 --> 00:03:16,320 I had no idea what their motivation was. 44 00:03:18,760 --> 00:03:21,560 The whole hack took less than 45 minutes. 45 00:03:22,640 --> 00:03:26,760 By five o'clock, basically, my entire digital life was wiped out. 46 00:03:26,760 --> 00:03:30,960 Every device I own, everything I had had been taken over 47 00:03:30,960 --> 00:03:33,760 and almost all of it completely deleted. 48 00:03:36,240 --> 00:03:38,640 Just about every picture I'd ever taken of my daughter, 49 00:03:38,640 --> 00:03:42,240 old emails, emails from people who were no longer alive even. 50 00:03:42,240 --> 00:03:44,880 All kinds of stuff that was very precious to me. 51 00:03:47,240 --> 00:03:49,880 Mat thought he was the victim of a classic hack. 52 00:03:49,880 --> 00:03:52,320 Someone had repeatedly tried to crack his password 53 00:03:52,320 --> 00:03:54,600 and eventually succeeded. 54 00:03:54,600 --> 00:03:57,720 He went online to write about what happened 55 00:03:57,720 --> 00:04:01,880 and then unexpectedly, the hackers got in touch with him. 56 00:04:04,160 --> 00:04:07,240 They saw it, they saw that I had speculated that they had brute-forced 57 00:04:07,240 --> 00:04:09,600 my password and this hacker got in touch with me to say, 58 00:04:09,600 --> 00:04:11,160 "No, that's not how we did it." 59 00:04:11,160 --> 00:04:14,040 And at that point, I tried to strike up a dialogue with them 60 00:04:14,040 --> 00:04:17,320 because I wanted to understand both how things had happened 61 00:04:17,320 --> 00:04:20,080 and why they had happened. 62 00:04:20,080 --> 00:04:23,120 And I basically made a deal that I wouldn't press charges 63 00:04:23,120 --> 00:04:24,560 if they told me how it was done. 64 00:04:26,800 --> 00:04:30,200 I was angry. I was scared. I was concerned. 65 00:04:30,200 --> 00:04:32,280 I was a lot of things like that. 66 00:04:32,280 --> 00:04:37,280 But I also realised pretty quickly that this was an interesting story 67 00:04:37,280 --> 00:04:38,800 from a journalist's perspective. 68 00:04:40,440 --> 00:04:43,040 For Mat, it wasn't just personal. 69 00:04:43,040 --> 00:04:45,720 He's also a writer for Wired Magazine. 70 00:04:46,880 --> 00:04:50,800 His hackers had discovered a series of loopholes in the internet 71 00:04:50,800 --> 00:04:54,320 which taken together, left him completely unprotected. 72 00:04:57,480 --> 00:05:00,320 It wasn't like they used some crazy cracking programme 73 00:05:00,320 --> 00:05:02,960 to hack into all my stuff. They didn't make my password. 74 00:05:02,960 --> 00:05:04,640 They didn't break any encryption. 75 00:05:04,640 --> 00:05:06,520 They didn't do any of that kind of stuff. 76 00:05:06,520 --> 00:05:09,960 What they did was they socially engineered all of my accounts. 77 00:05:09,960 --> 00:05:14,080 And social engineering is basically just a fancy term for a con job. 78 00:05:14,080 --> 00:05:19,200 Basically, you con your way in to a company's or a person's 79 00:05:19,200 --> 00:05:21,840 security system by making them think 80 00:05:21,840 --> 00:05:24,680 that an attacker is actually a customer. 81 00:05:29,360 --> 00:05:32,120 The first step was to find a way of stealing his identity 82 00:05:32,120 --> 00:05:34,240 for one of his many online accounts. 83 00:05:35,680 --> 00:05:39,680 Their way in was a simple phone call to the online shopping service 84 00:05:39,680 --> 00:05:40,920 Amazon. 85 00:05:44,400 --> 00:05:48,240 They gave Amazon a fake credit card number and added it to my account. 86 00:05:48,240 --> 00:05:51,440 They hung up. They called Amazon back and they told them 87 00:05:51,440 --> 00:05:55,360 they were locked out of my account and gave them the credit card number 88 00:05:55,360 --> 00:05:57,240 they had just added to my account. 89 00:05:59,840 --> 00:06:04,120 Once they did that, they were able to get a temporary password from Amazon. 90 00:06:04,120 --> 00:06:06,960 It was a simple deception, but effective. 91 00:06:06,960 --> 00:06:09,760 The hackers now owned his Amazon account. 92 00:06:11,000 --> 00:06:13,240 They didn't go on a shopping spree. 93 00:06:13,240 --> 00:06:17,040 What they were after were the last four numbers of his credit card 94 00:06:17,040 --> 00:06:19,120 to pull off the next stage of the con. 95 00:06:20,760 --> 00:06:23,400 On those recent orders, they could see the last four digits 96 00:06:23,400 --> 00:06:25,760 of the credit card that I had used to pay. 97 00:06:27,280 --> 00:06:30,480 At the time, Apple was using those last four digits 98 00:06:30,480 --> 00:06:33,120 as an identity verification method. 99 00:06:33,120 --> 00:06:35,640 Once they had those, Apple gave my password reset. 100 00:06:38,720 --> 00:06:41,280 They now owned Mat's Apple accounts. 101 00:06:41,280 --> 00:06:44,920 Now, they could access pretty much all of his digital life. 102 00:06:44,920 --> 00:06:50,200 The ultimate prize was his Twitter account, @mat. 103 00:06:50,200 --> 00:06:52,400 For the hackers, a trophy. 104 00:06:52,400 --> 00:06:55,280 And to keep this prize, with a few clicks, 105 00:06:55,280 --> 00:06:57,720 they destroyed his digital life. 106 00:07:00,040 --> 00:07:02,920 My computer, my iPhone, my iPad. 107 00:07:02,920 --> 00:07:06,040 They deleted my Google account so that I couldn't get back in there 108 00:07:06,040 --> 00:07:08,160 and kick them out of the Twitter account again. 109 00:07:10,720 --> 00:07:12,560 It was an interesting chain. 110 00:07:12,560 --> 00:07:15,200 They went from Amazon to Apple to Google to Twitter. 111 00:07:18,040 --> 00:07:20,800 These hackers knew the security flaws of the net 112 00:07:20,800 --> 00:07:23,360 and how to use them, one after another, 113 00:07:23,360 --> 00:07:25,560 to pull off this con. 114 00:07:25,560 --> 00:07:28,480 And they were just teenagers. 115 00:07:30,440 --> 00:07:31,840 It's just online vandalism. 116 00:07:31,840 --> 00:07:35,320 They thought that this was going to be funny and they were teenagers, 117 00:07:35,320 --> 00:07:39,000 so they didn't think about the implications of deleting everything someone owns 118 00:07:39,000 --> 00:07:41,920 and how much precious data you may have in your life. 119 00:07:41,920 --> 00:07:44,480 Data's quite precious to people now, 120 00:07:44,480 --> 00:07:47,880 it's valuable and they didn't really see that. 121 00:07:53,080 --> 00:07:55,600 What happened to Mat is now rather routine. 122 00:07:59,040 --> 00:08:02,960 Credit card stolen, social media accounts broken into. 123 00:08:04,280 --> 00:08:05,960 These loopholes are now fixed, 124 00:08:05,960 --> 00:08:08,600 but in the anonymous realm of the internet, 125 00:08:08,600 --> 00:08:11,840 there will always be ways to steal someone's identity. 126 00:08:17,080 --> 00:08:20,080 But if you thought the havoc that a couple of teenagers can wreak 127 00:08:20,080 --> 00:08:24,040 is unsettling, wait till you see what the big boys can do. 128 00:08:39,520 --> 00:08:43,560 It was probably the most sophisticated hack in history 129 00:08:43,560 --> 00:08:46,200 and it could have gone completely unexplained... 130 00:08:47,400 --> 00:08:53,520 but for cyber-security experts Eric Chien and Liam O Murchu. 131 00:08:53,520 --> 00:08:57,960 Right from the word go, there was just red flags going up everywhere. 132 00:08:57,960 --> 00:09:01,240 You can really feel it. The hairs on the back of your neck stand up 133 00:09:01,240 --> 00:09:03,600 if it's something really, really big. 134 00:09:05,360 --> 00:09:08,080 Their job is to investigate the viruses that pop up 135 00:09:08,080 --> 00:09:09,920 on your computer. 136 00:09:09,920 --> 00:09:13,600 Most malicious software they see is pretty run-of-the-mill. 137 00:09:13,600 --> 00:09:15,840 But then along came Stuxnet. 138 00:09:17,880 --> 00:09:19,960 This was probably the biggest puzzle we'd ever seen. 139 00:09:19,960 --> 00:09:22,600 There was no way we were going to step away until we understood 140 00:09:22,600 --> 00:09:25,520 what was happening with this particular piece of malware. 141 00:09:25,520 --> 00:09:29,040 Back in 2010, they had no idea of the significance 142 00:09:29,040 --> 00:09:31,920 of what had just landed on their desks. 143 00:09:31,920 --> 00:09:36,560 They were just curious because Stuxnet contained something rare - 144 00:09:36,560 --> 00:09:39,080 a zero-day exploit. 145 00:09:39,080 --> 00:09:41,920 That's a flaw in the code that no-one is aware of. 146 00:09:43,280 --> 00:09:45,920 Zero days are extremely uncommon. 147 00:09:45,920 --> 00:09:50,320 For Microsoft Windows, there was only 12 zero-days in all of 2010. 148 00:09:50,320 --> 00:09:52,560 Four of those 12 were inside of Stuxnet. 149 00:09:54,240 --> 00:09:57,280 It was the most sophisticated code they had ever seen. 150 00:09:58,520 --> 00:10:01,360 And it was dense. Every bit of code in there was code 151 00:10:01,360 --> 00:10:02,680 that was doing something. 152 00:10:04,200 --> 00:10:07,400 Much of it was written in a strange programming language. 153 00:10:08,880 --> 00:10:11,880 What we discovered were big chunks of code 154 00:10:11,880 --> 00:10:14,680 that we just did not recognise. We had no idea what it was. 155 00:10:14,680 --> 00:10:16,600 We realised it was code for PLCs, 156 00:10:16,600 --> 00:10:20,320 Programmable Logic Controllers, which are small computers 157 00:10:20,320 --> 00:10:24,160 that control factory equipment and things like power plants. 158 00:10:26,400 --> 00:10:29,800 Every time Stuxnet infected a new computer, 159 00:10:29,800 --> 00:10:32,840 it would start hunting for one of these Programmable Logic Controllers. 160 00:10:34,640 --> 00:10:38,320 Then it would fingerprint them. It had to be the right model, have certain key magic numbers, 161 00:10:38,320 --> 00:10:40,120 the right peripherals, 162 00:10:40,120 --> 00:10:43,400 or things attached to those PLCs had to have the right hardware. 163 00:10:43,400 --> 00:10:46,840 Once it found that, it would copy itself onto the PLCs 164 00:10:46,840 --> 00:10:49,880 and then just sit there for a while. They'd actually sit there 165 00:10:49,880 --> 00:10:53,080 for almost a month just watching what was going on. 166 00:10:53,080 --> 00:10:56,000 And it had to observe what it believed was normal operation 167 00:10:56,000 --> 00:10:58,400 of the targeted plant, of the targeted facility. 168 00:11:02,600 --> 00:11:06,440 Our first theory was that this was actually trying to commit espionage. 169 00:11:06,440 --> 00:11:08,920 It was trying to steal design documents 170 00:11:08,920 --> 00:11:11,840 and some sort of industrial control facility. 171 00:11:11,840 --> 00:11:14,720 But when they discovered where Stuxnet was spying, 172 00:11:14,720 --> 00:11:16,600 things took a sinister turn. 173 00:11:18,240 --> 00:11:20,440 Basically, when Stuxnet infects a machine, 174 00:11:20,440 --> 00:11:24,640 it contacts a server to say, "Look, I've infected a machine." 175 00:11:24,640 --> 00:11:27,480 And we were able to get access to the logs on those machines 176 00:11:27,480 --> 00:11:30,120 to find out where the most infections were and it was in Iran. 177 00:11:33,400 --> 00:11:36,200 And so that gave us a hint that it was trying to attack 178 00:11:36,200 --> 00:11:38,040 something in Iran. 179 00:11:39,800 --> 00:11:43,520 Iran was suspected to be concealing a nuclear weapons programme. 180 00:11:44,760 --> 00:11:48,400 Now, Eric and Liam had a clue to what Stuxnet could be hunting for. 181 00:11:50,640 --> 00:11:52,840 But the final piece of the puzzle came 182 00:11:52,840 --> 00:11:56,720 when they realised two ID numbers held huge significance. 183 00:12:00,160 --> 00:12:05,400 And then in November, we got a tip-off from a guy in Holland 184 00:12:05,400 --> 00:12:08,440 who was an expert in the communication protocol 185 00:12:08,440 --> 00:12:11,360 between the PLCs and the peripherals that are attached to it. 186 00:12:11,360 --> 00:12:14,160 He had mentioned, "Hey, you know these peripherals, 187 00:12:14,160 --> 00:12:16,920 "they all have these magic IDs associated with them 188 00:12:16,920 --> 00:12:20,760 "and there's a catalogue that you can go look up, these magic IDs." 189 00:12:22,720 --> 00:12:25,760 It would turn out to be the defining moment of their investigation. 190 00:12:27,200 --> 00:12:30,400 There was quite a moment. I mean, Liam was searching online 191 00:12:30,400 --> 00:12:33,280 and I was just standing behind him watching what was coming up 192 00:12:33,280 --> 00:12:37,760 on the screen and when it first came, immediately there was... 193 00:12:37,760 --> 00:12:40,040 I felt a rush of blood to my face 194 00:12:40,040 --> 00:12:44,560 because I was like, "Oh. This is not good." 195 00:12:44,560 --> 00:12:49,320 They realised that they'd stumbled across something of global significance. 196 00:12:49,320 --> 00:12:53,200 My mouth literally dropped. People say that, but it literally dropped. 197 00:12:53,200 --> 00:12:57,360 My mouth was wide open, going, "Oh, my God. Oh, my God. Oh, my God." 198 00:12:59,640 --> 00:13:02,840 The magic numbers were IDs for frequency converters, 199 00:13:02,840 --> 00:13:06,400 devices which change the speed of machinery. 200 00:13:06,400 --> 00:13:10,520 But these were specific models with a dedicated task - 201 00:13:10,520 --> 00:13:13,480 they spin centrifuges in nuclear facilities. 202 00:13:15,880 --> 00:13:19,600 I was just like, "Oh, no. This is it. It's uranium enrichment. 203 00:13:19,600 --> 00:13:20,600 "It's nothing else." 204 00:13:24,800 --> 00:13:27,320 By matching up clues from the code to data 205 00:13:27,320 --> 00:13:29,840 from the International Atomic Energy Agency, 206 00:13:29,840 --> 00:13:34,440 they could even narrow it down to one specific nuclear plant, 207 00:13:34,440 --> 00:13:36,840 A place called Natanz. 208 00:13:39,320 --> 00:13:41,440 Once the network was infected, 209 00:13:41,440 --> 00:13:45,080 Stuxnet's devious attack was designed to unfold like this. 210 00:13:46,760 --> 00:13:50,040 It would then, basically, try to attack mechanisms. 211 00:13:50,040 --> 00:13:53,080 One is it would speed up the centrifuges to 1,410 hertz... 212 00:13:56,760 --> 00:14:00,360 ..which would cause those aluminium tubes inside of the centrifuges 213 00:14:00,360 --> 00:14:02,920 to vibrate uncontrollably and to shatter apart. 214 00:14:08,200 --> 00:14:10,800 And the other was to lower the speed to two hertz. 215 00:14:10,800 --> 00:14:14,640 So, you can imagine a kid's top that you spin 216 00:14:14,640 --> 00:14:17,280 and when it gets really slow, it begins to wobble and fall over. 217 00:14:19,920 --> 00:14:23,760 As the centrifuges span out of control, Stuxnet would start 218 00:14:23,760 --> 00:14:25,440 to play back data it had recorded 219 00:14:25,440 --> 00:14:27,360 when everything was working normally. 220 00:14:29,480 --> 00:14:32,480 It's like you see in the movies where there's a guy watching 221 00:14:32,480 --> 00:14:36,560 CCTV cameras and they patch in fake footage, 222 00:14:36,560 --> 00:14:38,720 so that the security guards don't realise 223 00:14:38,720 --> 00:14:42,680 they're currently robbing the safe. It's exactly what Stuxnet did, 224 00:14:42,680 --> 00:14:44,880 but sort of in this virtual computer environment. 225 00:14:47,040 --> 00:14:48,760 But the final trick would come 226 00:14:48,760 --> 00:14:52,400 when the operators tried to shut down the plant. 227 00:14:52,400 --> 00:14:54,560 When they tried to hit their big red button 228 00:14:54,560 --> 00:14:57,520 that would send a signal to those PLCs to tell the system 229 00:14:57,520 --> 00:14:59,080 to shut down gracefully. 230 00:14:59,080 --> 00:15:01,840 But Stuxnet infected those PLCs and cut off that signal 231 00:15:01,840 --> 00:15:04,800 and basically, allowed the attack to continue to operate. 232 00:15:05,920 --> 00:15:08,240 And it seems to have worked. 233 00:15:08,240 --> 00:15:11,960 Stuxnet reportedly destroyed around 1,000 centrifuges, 234 00:15:11,960 --> 00:15:15,480 setting Iran's nuclear programme back by about two years. 235 00:15:17,960 --> 00:15:21,680 But there's one rather important question left - 236 00:15:21,680 --> 00:15:23,560 who built Stuxnet? 237 00:15:25,680 --> 00:15:27,760 I guess the realisation for me was, 238 00:15:27,760 --> 00:15:31,000 this is not hackers in their basement who are doing this. 239 00:15:31,000 --> 00:15:33,520 This is the big guns here who are doing this. 240 00:15:33,520 --> 00:15:37,320 We don't have, unfortunately, any evidence that tells us if it's any particular country. 241 00:15:37,320 --> 00:15:39,560 I would say that it's pretty clear to us 242 00:15:39,560 --> 00:15:41,520 it's at the level of a nation state 243 00:15:41,520 --> 00:15:46,520 and pretty clear someone who is not an ally of Iran. 244 00:15:47,680 --> 00:15:51,960 And politically motivated to stop uranium enrichment in Iran, 245 00:15:51,960 --> 00:15:54,720 so that narrows it down, pretty much narrows it down. 246 00:15:58,080 --> 00:16:02,320 No-one has officially admitted to being behind it, 247 00:16:02,320 --> 00:16:06,920 but it's been widely reported that Stuxnet was built by the US 248 00:16:06,920 --> 00:16:08,400 with help from Israel... 249 00:16:10,440 --> 00:16:12,920 ..something that neither country has denied. 250 00:16:14,480 --> 00:16:18,360 Eric and Liam have managed to take part and understand 251 00:16:18,360 --> 00:16:21,400 the world's first cyber-weapon. 252 00:16:23,960 --> 00:16:25,840 Stuxnet was definitely a seminal moment. 253 00:16:25,840 --> 00:16:27,600 It really opened Pandora's box. 254 00:16:27,600 --> 00:16:30,400 Before Stuxnet occurred, people weren't really 255 00:16:30,400 --> 00:16:35,440 practically thinking about the existence of cyber warfare, 256 00:16:35,440 --> 00:16:39,800 of malicious programmes being able to literally blow things up. 257 00:16:39,800 --> 00:16:43,640 Stuxnet opened that door and every country today is talking 258 00:16:43,640 --> 00:16:45,920 both about offence and defence now 259 00:16:45,920 --> 00:16:48,840 on nation to nation, state cyber-warfare. 260 00:16:51,120 --> 00:16:55,520 In today's digital world, no-one's quite sure who is hacking who... 261 00:16:59,200 --> 00:17:02,840 ..whether it's criminals, teenagers or even governments. 262 00:17:05,480 --> 00:17:08,360 But with so much at stake, it's not surprising that 263 00:17:08,360 --> 00:17:12,400 some of the most inventive minds in science are trying to make it secure... 264 00:17:13,800 --> 00:17:17,840 ..hoping to stay one step ahead of the hackers. 265 00:17:28,880 --> 00:17:31,680 This man spends much of his time trying to understand 266 00:17:31,680 --> 00:17:34,520 the murkier world of the internet. 267 00:17:34,520 --> 00:17:36,920 He's worked with some of the world's largest 268 00:17:36,920 --> 00:17:41,320 and most secretive organisations, trying to protect their secrets. 269 00:17:49,120 --> 00:17:51,880 He started off life as a mathematician 270 00:17:51,880 --> 00:17:55,800 and became fascinated with the world of codes and code breaking. 271 00:18:00,720 --> 00:18:05,080 We've never actually been at a time where codes were more important. 272 00:18:05,080 --> 00:18:07,440 Almost everything you do today uses a code. 273 00:18:07,440 --> 00:18:11,080 Every time you log onto an internet service like Twitter or Facebook 274 00:18:11,080 --> 00:18:15,160 and send your password, every time you log into internet banking, 275 00:18:15,160 --> 00:18:18,600 all of that information is protected using encryption code. 276 00:18:20,840 --> 00:18:24,400 Codes have long fascinated mathematicians 277 00:18:24,400 --> 00:18:26,720 because they are some of the most beautiful 278 00:18:26,720 --> 00:18:29,160 and addictive problems they can wrestle with. 279 00:18:31,200 --> 00:18:34,000 And at the heart of everything that we do on the web 280 00:18:34,000 --> 00:18:36,880 is one sort of number - 281 00:18:36,880 --> 00:18:39,040 prime numbers. 282 00:18:39,040 --> 00:18:42,640 We're surrounded by them every day. 283 00:18:42,640 --> 00:18:44,600 Numbers like seven 284 00:18:44,600 --> 00:18:45,800 and 13. 285 00:18:47,240 --> 00:18:49,440 What's so special about them is that 286 00:18:49,440 --> 00:18:53,520 they can only be divided by themselves and by one. 287 00:18:53,520 --> 00:18:56,160 But what makes them so important to codes 288 00:18:56,160 --> 00:18:58,200 is when you combine two of them. 289 00:18:59,880 --> 00:19:04,440 If you take two prime numbers and multiply them together, 290 00:19:04,440 --> 00:19:06,800 you get something called a semiprime. 291 00:19:10,960 --> 00:19:15,680 What's interesting about semiprimes is that it is really difficult 292 00:19:15,680 --> 00:19:19,120 to calculate the numbers that could have been multiplied together 293 00:19:19,120 --> 00:19:22,880 to form them to get back to the original values. 294 00:19:22,880 --> 00:19:24,920 Here's an example. 295 00:19:24,920 --> 00:19:28,680 If you multiply two primes like 11 and 13, 296 00:19:28,680 --> 00:19:32,200 you get 143. That's the easy bit. 297 00:19:33,440 --> 00:19:36,600 But if you're given 143 and you've got to work out 298 00:19:36,600 --> 00:19:38,720 the two original primes, 299 00:19:38,720 --> 00:19:41,280 that takes a long time to figure out. 300 00:19:42,960 --> 00:19:45,600 Easy multiplication one way and hard the other. 301 00:19:46,760 --> 00:19:49,200 This is the key to internet codes. 302 00:19:49,200 --> 00:19:51,800 You can make a big semiprime very quickly, 303 00:19:51,800 --> 00:19:55,400 but try to calculate the two primes that it's made of 304 00:19:55,400 --> 00:19:56,960 takes a very long time. 305 00:19:58,640 --> 00:20:03,000 So it's a bit like un-frying an egg. Easy one way, really hard the other. 306 00:20:05,640 --> 00:20:08,280 And the bigger the number, the longer it takes. 307 00:20:10,320 --> 00:20:14,400 It takes mere seconds to go one way, but the other way would take 308 00:20:14,400 --> 00:20:16,600 thousands of computers millions of years. 309 00:20:21,520 --> 00:20:23,560 It's something we all use every day. 310 00:20:27,000 --> 00:20:30,080 A big semiprime is used as a code word, a key, 311 00:20:30,080 --> 00:20:33,880 to scramble your credit card details when you buy something online. 312 00:20:35,720 --> 00:20:39,360 But only you and your bank know the two original primes 313 00:20:39,360 --> 00:20:40,760 that can unscramble it. 314 00:20:42,000 --> 00:20:45,280 These keys are private and secure 315 00:20:45,280 --> 00:20:48,440 because it would take longer than the age of the universe 316 00:20:48,440 --> 00:20:50,960 for any hacker to figure them out. 317 00:20:52,920 --> 00:20:55,600 This system of public and private keys 318 00:20:55,600 --> 00:20:58,680 is known as the RSA algorithm. 319 00:20:59,880 --> 00:21:03,160 So that beautiful piece of mathematics 320 00:21:03,160 --> 00:21:06,800 has fundamentally changed the world around us. 321 00:21:06,800 --> 00:21:11,120 Without this technology, without the ability to look up public keys 322 00:21:11,120 --> 00:21:16,440 and form these connections, internet banking, social media, stock trading, 323 00:21:16,440 --> 00:21:20,480 all the things we take for granted online, fundamentally wouldn't work. 324 00:21:20,480 --> 00:21:24,040 Our information would be far too accessible to any prying neighbour. 325 00:21:29,760 --> 00:21:33,600 It's made the hunt for very, very large prime numbers 326 00:21:33,600 --> 00:21:36,560 one of the most important quests in maths. 327 00:21:38,320 --> 00:21:41,280 And here's the current largest... 328 00:21:41,280 --> 00:21:44,200 all 5,000 pages of it. 329 00:21:44,200 --> 00:21:50,040 17.5 million digits. A very big prime number indeed. 330 00:21:51,480 --> 00:21:54,720 Yet divisible only by itself and one. 331 00:21:57,800 --> 00:22:00,440 But as prime numbers get bigger, 332 00:22:00,440 --> 00:22:02,840 so do the computers trying to crack them. 333 00:22:04,320 --> 00:22:07,040 All the time, computers are gaining in power. 334 00:22:07,040 --> 00:22:10,360 All the time, new mathematical methods are being discovered. 335 00:22:10,360 --> 00:22:14,320 So far, we've stayed ahead of the code crackers. 336 00:22:14,320 --> 00:22:16,440 But that could just be a matter of time. 337 00:22:21,240 --> 00:22:24,800 Codes like RSA are effectively uncrackable 338 00:22:24,800 --> 00:22:27,440 because however powerful today's PCs are, 339 00:22:27,440 --> 00:22:30,040 they can only process one computation at a time. 340 00:22:31,280 --> 00:22:35,520 But now scientists are working on a new form of computer 341 00:22:35,520 --> 00:22:39,600 that harnesses the most complex physics in the universe. 342 00:22:45,880 --> 00:22:49,560 The world we are all used to is a rather reassuring place. 343 00:22:52,400 --> 00:22:56,200 The laws of physics mean we can know where things are, 344 00:22:56,200 --> 00:22:58,920 how fast they are moving 345 00:22:58,920 --> 00:23:01,280 and predict where they're going to go. 346 00:23:04,200 --> 00:23:07,760 But as things get smaller, a lot smaller, 347 00:23:07,760 --> 00:23:11,280 they also get a whole lot weirder 348 00:23:11,280 --> 00:23:14,520 as you enter the world of quantum mechanics. 349 00:23:16,880 --> 00:23:19,840 Quantum is like trying to see music. 350 00:23:19,840 --> 00:23:24,480 It's like even trying to hear colour. It's very weird. 351 00:23:26,960 --> 00:23:31,320 It's the world that Erik Lucero studies every day. 352 00:23:31,320 --> 00:23:34,840 Take a single grain of sand and in that single grain of sand, 353 00:23:34,840 --> 00:23:37,040 there are billions and billions of atoms 354 00:23:37,040 --> 00:23:40,440 and what we're interested in is looking at what happens with a single atom. 355 00:23:42,960 --> 00:23:46,440 These kinds of scales are where nature shows itself 356 00:23:46,440 --> 00:23:47,800 in a completely different way 357 00:23:47,800 --> 00:23:50,080 and that is this quantum mechanical nature. 358 00:23:53,320 --> 00:23:57,000 The laws of quantum physics have baffled the greatest scientists, 359 00:23:57,000 --> 00:23:59,000 even Einstein. 360 00:23:59,000 --> 00:24:03,120 At the smallest scales, the idea that we can know exactly 361 00:24:03,120 --> 00:24:06,160 where anything is starts to break down. 362 00:24:06,160 --> 00:24:10,000 The mathematics that describes the world of the very small 363 00:24:10,000 --> 00:24:14,240 means things can be in many places at the same time. 364 00:24:17,560 --> 00:24:20,400 One of the very important features of quantum mechanics 365 00:24:20,400 --> 00:24:22,800 is this idea of superposition. 366 00:24:22,800 --> 00:24:26,040 Superposition is the idea that a particle can be both 367 00:24:26,040 --> 00:24:28,480 in one place or another place at the same time. 368 00:24:32,320 --> 00:24:36,240 We speak about it even in a binary sense, like zero or one. 369 00:24:36,240 --> 00:24:40,040 It can be both zero and one at the same time which is a very odd idea. 370 00:24:41,520 --> 00:24:46,040 Superposition means that objects have no fixed location. 371 00:24:46,040 --> 00:24:50,000 They really are in several places all at the same time. 372 00:25:06,080 --> 00:25:10,280 Quantum physics may be mind-bogglingly weird, 373 00:25:10,280 --> 00:25:14,000 but it's starting to be very useful indeed 374 00:25:14,000 --> 00:25:17,880 and it might be a way for Erik to crack the world's 375 00:25:17,880 --> 00:25:19,920 most powerful codes. 376 00:25:22,800 --> 00:25:25,520 Here at the University of Santa Barbara, 377 00:25:25,520 --> 00:25:28,600 Erik has constructed a machine that operates 378 00:25:28,600 --> 00:25:30,720 within this fantastical world. 379 00:25:31,840 --> 00:25:36,480 He's built one of the world's most advanced quantum computers. 380 00:25:47,280 --> 00:25:49,880 He's harnessed this quantum weirdness 381 00:25:49,880 --> 00:25:53,040 to design a computer that has the potential to become 382 00:25:53,040 --> 00:25:55,200 the ultimate code-cracking machine. 383 00:25:56,240 --> 00:26:00,280 But first, it has to get very, very cold. 384 00:26:02,920 --> 00:26:06,160 We have a dilution refrigerator and this base plate right here 385 00:26:06,160 --> 00:26:09,240 is what gets a fraction above absolute zero - 386 00:26:09,240 --> 00:26:11,880 orders of magnitude colder than space. 387 00:26:13,080 --> 00:26:18,320 All of this machinery exists just to cool down the computer chip, 388 00:26:18,320 --> 00:26:20,200 the processor. 389 00:26:20,200 --> 00:26:23,280 So, inside of this specially-engineered box, 390 00:26:23,280 --> 00:26:27,120 we have a quantum processor, a solid-state quantum processor. 391 00:26:27,120 --> 00:26:29,560 On this chip, there are four cubits. 392 00:26:29,560 --> 00:26:33,920 The cubits themselves are what are performing the calculation. 393 00:26:33,920 --> 00:26:37,720 Classical computers use data in the form of bits, 394 00:26:37,720 --> 00:26:40,320 each a zero or a one. 395 00:26:40,320 --> 00:26:45,320 But quantum bits, called cubits, use the feature of quantum physics 396 00:26:45,320 --> 00:26:48,960 that means things can be in two places at once. 397 00:26:48,960 --> 00:26:53,120 It can be a zero and a one and everything in-between 398 00:26:53,120 --> 00:26:55,960 all at the same time. 399 00:26:55,960 --> 00:27:00,920 This gives it the power to do many calculations simultaneously. 400 00:27:02,120 --> 00:27:06,000 We mount this quantum processor onto the base plate here 401 00:27:06,000 --> 00:27:08,160 and we then make all these electrical connections. 402 00:27:08,160 --> 00:27:11,600 Then we're able to move the quantum information 403 00:27:11,600 --> 00:27:15,200 all around that chip and actually extract the answer. 404 00:27:19,640 --> 00:27:22,560 From a scientist's point of view, it's a very exciting tool 405 00:27:22,560 --> 00:27:23,760 that we can probe nature. 406 00:27:25,920 --> 00:27:29,720 It's so fast that it could be the kind of computer 407 00:27:29,720 --> 00:27:32,520 that finally cracks RSA encryption. 408 00:27:33,880 --> 00:27:39,240 To prove it in principle, Erik used his computer to find 409 00:27:39,240 --> 00:27:42,800 the two prime numbers making up a small semiprime. 410 00:27:44,080 --> 00:27:47,760 And so it's sort of at the level of technology 411 00:27:47,760 --> 00:27:50,160 that I would say is maybe like an Atari. 412 00:27:50,160 --> 00:27:52,120 It's kind of 8-bit technology. 413 00:27:52,120 --> 00:27:56,280 It was a very neat toy problem and we tried to find, 414 00:27:56,280 --> 00:27:59,560 using a quantum processor, the factors of 15. 415 00:27:59,560 --> 00:28:02,120 I'll let everyone think about that for a minute, 416 00:28:02,120 --> 00:28:05,280 but that is probably something that we all can do, even in grade school. 417 00:28:05,280 --> 00:28:09,680 And it took me seven years to get my physics PhD to do that 418 00:28:09,680 --> 00:28:11,520 with a quantum processor. 419 00:28:12,760 --> 00:28:17,000 What's remarkable is not the answer, but the way the computer does it. 420 00:28:18,640 --> 00:28:21,680 The quantum chip considers every possible solution 421 00:28:21,680 --> 00:28:25,120 all at the same time, instead of sequentially. 422 00:28:26,360 --> 00:28:29,960 And you're collapsing to this one answer that will actually be 423 00:28:29,960 --> 00:28:33,040 the answer you're after which is a huge speed up. 424 00:28:33,040 --> 00:28:35,880 You explore all of these possible places and possible answers 425 00:28:35,880 --> 00:28:38,840 and you get the one that you want. 426 00:28:38,840 --> 00:28:41,960 And we learn, yes, indeed, 15 = 3 x 5. 427 00:28:43,760 --> 00:28:48,400 Erik's proved that quantum computing has the potential to smash 428 00:28:48,400 --> 00:28:50,720 the codes that protect the internet. 429 00:28:54,160 --> 00:28:56,840 It blows the doors off of RSA encryption. 430 00:28:56,840 --> 00:29:00,240 All we need is more and more cubits. We just need a larger quantum computer. 431 00:29:01,680 --> 00:29:03,760 Really, all that's left to do is to scale up 432 00:29:03,760 --> 00:29:06,560 this particular architecture. It's a big task 433 00:29:06,560 --> 00:29:08,800 and there's a lot of very, very bright people 434 00:29:08,800 --> 00:29:10,640 that are all working towards that. 435 00:29:10,640 --> 00:29:13,320 I think that what's exciting is that it really puts 436 00:29:13,320 --> 00:29:16,160 kind of a milestone in the ground about where things are 437 00:29:16,160 --> 00:29:17,600 and what we need to do next. 438 00:29:22,600 --> 00:29:26,520 You do realise you've broken the internet now? 439 00:29:26,520 --> 00:29:29,280 Oh, yeah. I'm sorry about that. 440 00:29:32,000 --> 00:29:35,600 For now, at least, the web survives. 441 00:29:35,600 --> 00:29:39,760 But if quantum computing holds the possibility someday 442 00:29:39,760 --> 00:29:42,120 of breaking the world's most-secure codes, 443 00:29:42,120 --> 00:29:48,000 it may also provide an even cleverer way of keeping secrets safe. 444 00:29:52,280 --> 00:29:56,960 Quantum mechanics is funky in a kind of James Brown kind of way. 445 00:29:56,960 --> 00:29:59,040 Very, very funky. 446 00:30:01,600 --> 00:30:04,240 It's strange and counter-intuitive. 447 00:30:06,280 --> 00:30:07,480 Seth Lloyd runs the 448 00:30:07,480 --> 00:30:11,560 Center for Extreme Quantum Information Theory at MIT. 449 00:30:13,080 --> 00:30:15,720 It's sometimes hard to appreciate 450 00:30:15,720 --> 00:30:18,640 just how extreme this research can be. 451 00:30:18,640 --> 00:30:21,520 Quantum computers are particularly fine for teasing out 452 00:30:21,520 --> 00:30:24,360 the subtle interactions between atoms and molecules 453 00:30:24,360 --> 00:30:25,720 in elementary particles, 454 00:30:25,720 --> 00:30:29,640 or for simulating what happens as a black hole collapses. 455 00:30:29,640 --> 00:30:32,080 Or, for that matter, a recent experiment that we did to 456 00:30:32,080 --> 00:30:34,360 actually implement a version of time travel. 457 00:30:34,360 --> 00:30:38,560 So, you can use quantum computers for all kinds of exciting things. 458 00:30:38,560 --> 00:30:43,640 And you can use the laws of quantum physics to create the ultimate 459 00:30:43,640 --> 00:30:45,480 way of sharing secrets. 460 00:30:47,320 --> 00:30:51,160 Current codes that are used to send information securely over 461 00:30:51,160 --> 00:30:54,800 the internet are called public key codes, 462 00:30:54,800 --> 00:30:58,760 and they could be broken by a quantum computer. 463 00:30:58,760 --> 00:31:01,960 But quantum mechanics also supplies methods for communicating 464 00:31:01,960 --> 00:31:05,160 securely in a way that's guaranteed by the laws of physics. 465 00:31:05,760 --> 00:31:09,040 So, these methods go under the name of quantum cryptography. 466 00:31:13,320 --> 00:31:14,920 It's really a way of telling 467 00:31:14,920 --> 00:31:17,880 if someone is eavesdropping on your conversations. 468 00:31:21,240 --> 00:31:24,080 In the weird world of the very small, 469 00:31:24,080 --> 00:31:27,680 things can be in more than one place as once. 470 00:31:30,560 --> 00:31:33,400 But all that changes at the moment that you actually look 471 00:31:33,400 --> 00:31:35,040 and measure where something is. 472 00:31:37,880 --> 00:31:40,320 It's known as the 'Observer Effect'. 473 00:31:42,360 --> 00:31:45,360 One of the basic principles about quantum mechanics is that, 474 00:31:45,360 --> 00:31:48,480 when you look at something, you change it. 475 00:31:48,480 --> 00:31:51,720 And this simple feature allows you to communicate in a way 476 00:31:51,720 --> 00:31:53,000 that's provably secure. 477 00:31:54,120 --> 00:31:57,280 But the reason it's useful is that this theory applies to 478 00:31:57,280 --> 00:31:59,240 a photon of light, 479 00:31:59,240 --> 00:32:02,480 which can be used to carry a message, a one or a zero. 480 00:32:04,160 --> 00:32:06,720 It means that if you were sending a quantum message, 481 00:32:06,720 --> 00:32:09,360 you can tell if someone else is observing it. 482 00:32:11,000 --> 00:32:13,480 If there is an eavesdropper on the line. 483 00:32:15,880 --> 00:32:18,280 A good way to understand quantum cryptography is to 484 00:32:18,280 --> 00:32:22,800 think of three people - Alice, Bob and Eve. 485 00:32:22,800 --> 00:32:26,440 Alice wants to send secret information to Bob 486 00:32:26,440 --> 00:32:29,520 and Eve wants to listen in - to eavesdrop. 487 00:32:31,040 --> 00:32:35,440 Alice takes her information, a string of zeros and ones, 488 00:32:35,440 --> 00:32:40,880 or bits, and encodes them on photons - particles of light. 489 00:32:40,880 --> 00:32:44,200 Now, the encoding is done in such a way that Eve, 490 00:32:44,200 --> 00:32:49,240 if she looks at these photons, will inevitably mess them up. 491 00:32:49,240 --> 00:32:53,240 She'll change them in a way that Alice and Bob can figure out. 492 00:32:53,240 --> 00:32:57,320 So, after Alice has sent the photons to Bob, 493 00:32:57,320 --> 00:32:59,920 she and Bob can confer to find out 494 00:32:59,920 --> 00:33:03,000 which photons have been tampered with. 495 00:33:04,240 --> 00:33:08,480 The photons that haven't been tampered with, the pristine photons, 496 00:33:08,480 --> 00:33:13,920 now constitute a secret key shared only by Alice and Bob, 497 00:33:13,920 --> 00:33:17,400 whose security is guaranteed by the laws of physics. 498 00:33:21,480 --> 00:33:24,600 Alice and Bob now have a secret code word, 499 00:33:24,600 --> 00:33:30,840 one they know no-one had listened to, which they and only they know, 500 00:33:30,840 --> 00:33:34,680 and they can use this code word to send their messages. 501 00:33:35,680 --> 00:33:38,960 This system, using the behaviour of some of the smallest 502 00:33:38,960 --> 00:33:42,400 particles in the universe, is already being used. 503 00:33:43,840 --> 00:33:50,160 Quantum cryptography is already used by folks who want extreme security, 504 00:33:50,160 --> 00:33:55,720 by banks and by agencies whose job is to protect information. 505 00:33:55,720 --> 00:33:59,840 And, nowadays, there are a number of companies who build quantum 506 00:33:59,840 --> 00:34:02,400 cryptographic systems and, for a fee, 507 00:34:02,400 --> 00:34:04,560 you too can communicate in complete 508 00:34:04,560 --> 00:34:07,560 and utter privacy guaranteed by the laws of quantum mechanics. 509 00:34:09,200 --> 00:34:11,360 But whatever the technology, 510 00:34:11,360 --> 00:34:16,120 all codes ultimately have one very human vulnerability. 511 00:34:16,120 --> 00:34:18,480 No matter what you do with quantum cryptography, 512 00:34:18,480 --> 00:34:22,440 or any cryptographic system, there are always going to be... 513 00:34:22,440 --> 00:34:25,680 They are always going to be susceptible to attack where 514 00:34:25,680 --> 00:34:27,760 Eve ties up Alice and imitates her, 515 00:34:27,760 --> 00:34:30,720 so when Bob thinks he's communicating with Alice, 516 00:34:30,720 --> 00:34:32,760 he's actually communicating with Eve. 517 00:34:36,040 --> 00:34:41,640 So, even if you can't crack a code, it may be possible to get around it. 518 00:34:41,640 --> 00:34:43,440 To pull off an inside job, 519 00:34:43,440 --> 00:34:47,360 whether by someone leaking or selling secrets. 520 00:34:47,360 --> 00:34:51,480 Perhaps the greatest vulnerability for anyone trying to keep 521 00:34:51,480 --> 00:34:53,880 a secret isn't the science...but us. 522 00:34:56,520 --> 00:35:00,880 Out there are scientists thinking dark, paranoid thoughts, 523 00:35:00,880 --> 00:35:03,960 imagining a future where every computer 524 00:35:03,960 --> 00:35:06,280 in the universe is infected. 525 00:35:06,280 --> 00:35:10,760 Your phone, your laptop, your work or bank. 526 00:35:10,760 --> 00:35:15,360 In this nightmarish scenario, the things that scares people most 527 00:35:15,360 --> 00:35:17,920 is not knowing who is at the other end. 528 00:35:23,320 --> 00:35:26,400 ACOUSTIC GUITAR MUSIC PLAYS 529 00:35:33,880 --> 00:35:38,400 On the face of it, Patrick Lincoln's real life is rather peaceful... 530 00:35:38,400 --> 00:35:40,200 even content. 531 00:35:40,200 --> 00:35:44,080 But the world that he spends his life imagining is one in which 532 00:35:44,080 --> 00:35:46,440 threats lurk around every corner. 533 00:35:54,440 --> 00:35:56,880 If you think of it as a neighbourhood and asking, 534 00:35:56,880 --> 00:36:00,120 "How often are ne'er-do-wells coming by to rattle the door?" 535 00:36:00,120 --> 00:36:02,960 Trying the doorknob to see if they can get into your house. 536 00:36:02,960 --> 00:36:06,000 In the digital world, they are rattling doorknobs all the time. 537 00:36:07,000 --> 00:36:09,040 And therefore I think it is appropriate for us 538 00:36:09,040 --> 00:36:12,080 to start to be paranoid about what devices can we really trust 539 00:36:12,080 --> 00:36:15,280 our personal, private, corporate information to. 540 00:36:15,280 --> 00:36:18,760 And, in the end, moving into an ultra paranoid mindset where 541 00:36:18,760 --> 00:36:20,440 I can't trust any one device. 542 00:36:23,040 --> 00:36:28,360 He's a leading researcher in a field called ultra paranoid computing. 543 00:36:30,480 --> 00:36:36,480 Ultra paranoid computing is taking a point of view that no one 544 00:36:44,400 --> 00:36:47,000 In the past, we've relied on the unique quality 545 00:36:47,000 --> 00:36:48,440 of a human fingerprint... 546 00:36:50,000 --> 00:36:52,880 ..the unique quality of an iris... 547 00:36:52,880 --> 00:36:54,800 but even these things can be stolen. 548 00:36:56,520 --> 00:37:00,320 Unfortunately, those systems are subject to theft or copying, 549 00:37:00,320 --> 00:37:02,320 so folks can copy a fingerprint 550 00:37:02,320 --> 00:37:04,720 and make something that fools a fingerprint reader. 551 00:37:04,720 --> 00:37:07,880 Even making copies of irises, photographs, in some cases, 552 00:37:07,880 --> 00:37:09,760 can fool iris scanners. 553 00:37:09,760 --> 00:37:13,240 So, those are imperfect ways to try to authenticate that the user 554 00:37:13,240 --> 00:37:14,720 is who they say they are. 555 00:37:16,920 --> 00:37:21,560 So, Patrick turned to a part of the body that no-one can steal. 556 00:37:23,520 --> 00:37:27,040 He started exploring whether he could implant 557 00:37:27,040 --> 00:37:30,800 a password into an unconscious portion of the mind. 558 00:37:32,880 --> 00:37:36,000 Modern cognitive science has found portions of the brain 559 00:37:36,000 --> 00:37:39,720 that are able to record sequence information like muscle memory. 560 00:37:39,720 --> 00:37:42,320 The way you learn to ride a bike or the way to learn to play 561 00:37:42,320 --> 00:37:46,920 a musical instrument, that allows one to remember long sequences, 562 00:37:46,920 --> 00:37:49,040 but not necessarily have conscious access to 563 00:37:49,040 --> 00:37:51,880 details of the inside information in that sequence. 564 00:37:54,240 --> 00:37:56,720 What is the 13th note of Beethoven's Symphony? 565 00:37:56,720 --> 00:37:58,760 Even if you can play the symphony on a violin, 566 00:37:58,760 --> 00:38:01,360 you may need to start at the beginning in order to have 567 00:38:01,360 --> 00:38:05,680 your muscle memory continue through to that note and then reveal it. 568 00:38:07,040 --> 00:38:09,920 But how do you get the password in there? 569 00:38:13,840 --> 00:38:18,440 MUSIC: "Eruption" by Van Halen 570 00:38:18,440 --> 00:38:21,280 Now his dark imaginings are taking shape. 571 00:38:22,680 --> 00:38:24,600 In this paranoid world, 572 00:38:24,600 --> 00:38:28,000 it's not been easy to find a way of logging on. 573 00:38:34,600 --> 00:38:39,080 But Daniel Sanchez may have found an intriguing solution. 574 00:38:45,760 --> 00:38:47,680 We have a guitar interface that's 575 00:38:47,680 --> 00:38:51,040 based off of popular rhythm videogames that people play. 576 00:38:51,040 --> 00:38:54,200 And, essentially, what this is, is these keys correspond to the 577 00:38:54,200 --> 00:38:56,720 four different targets on the screen. 578 00:38:56,720 --> 00:39:00,120 The left hand responds to the order that the circles are scrolling, 579 00:39:00,120 --> 00:39:02,960 and the right hand responds to the timing. So, essentially, 580 00:39:02,960 --> 00:39:05,760 what you're doing is you're making a bi-manually coordinated 581 00:39:05,760 --> 00:39:09,240 interception response to the circles as they cross through the targets. 582 00:39:10,640 --> 00:39:13,280 In other words, using both hands. 583 00:39:16,520 --> 00:39:19,960 The game looks utterly random... 584 00:39:19,960 --> 00:39:22,520 but buried within it is a pattern... 585 00:39:22,520 --> 00:39:25,760 one that repeats nearly 200 times. 586 00:39:27,240 --> 00:39:29,760 Your conscious mind can't pick it out 587 00:39:29,760 --> 00:39:33,800 but what this is doing is creating a unique muscle memory. 588 00:39:35,440 --> 00:39:37,680 What we're doing is, the sequence is repeating. 589 00:39:37,680 --> 00:39:39,640 We don't tell people the sequence is repeating 590 00:39:39,640 --> 00:39:41,520 and, as they perform it over and over again, 591 00:39:41,520 --> 00:39:43,760 they become able to perform a sequence even though 592 00:39:43,760 --> 00:39:45,600 they don't know that they're learning it. 593 00:39:47,440 --> 00:39:50,760 So, that's how we're able to sort of store information in people's 594 00:39:50,760 --> 00:39:53,320 brains without them knowing it's being stored there. 595 00:39:53,320 --> 00:39:57,760 After 45 minutes, the password is embedded in your muscle memory, 596 00:39:57,760 --> 00:40:03,360 right here in the basal ganglia, a deep, unconscious part of the brain. 597 00:40:03,360 --> 00:40:05,280 To prove your identity, 598 00:40:05,280 --> 00:40:08,320 you play along with the same task as before but, this time, 599 00:40:08,320 --> 00:40:10,360 you're actually playing your password 600 00:40:10,360 --> 00:40:12,000 in your own signature style. 601 00:40:12,000 --> 00:40:14,840 So, essentially, what someone would do is sit down at a computer 602 00:40:14,840 --> 00:40:17,280 and start performing it. And what the computer does 603 00:40:17,280 --> 00:40:19,920 is it takes that data and it will look at their performance 604 00:40:19,920 --> 00:40:21,920 on the trained sequence versus novel sequences 605 00:40:21,920 --> 00:40:23,360 they've never performed before. 606 00:40:23,360 --> 00:40:26,920 And you can use that information to say this participant knows 607 00:40:26,920 --> 00:40:30,880 that particular data, or knows that particular information, 608 00:40:30,880 --> 00:40:33,880 therefore it's Bob. You would have to know nothing else about them. 609 00:40:33,880 --> 00:40:36,600 It's simply their performance and their motor abilities that 610 00:40:36,600 --> 00:40:38,720 can tell you who they are based on what they know. 611 00:40:39,960 --> 00:40:41,840 It may seem strange, 612 00:40:41,840 --> 00:40:45,720 but this could be how you log on in a paranoid future. 613 00:40:49,960 --> 00:40:53,200 After this entire protocol is done, a participant will leave 614 00:40:53,200 --> 00:40:56,360 the lab knowing something they don't know that they know. 615 00:40:58,840 --> 00:41:01,920 That's the password and the information that we're able 616 00:41:01,920 --> 00:41:04,600 to store that they can't divulge to anyone else, 617 00:41:04,600 --> 00:41:07,880 and that's essentially how the cortical cryptography works. 618 00:41:11,440 --> 00:41:15,360 Right now, were in the grip of a new arms race. 619 00:41:17,600 --> 00:41:20,960 On one side, the code makers and scientists, 620 00:41:20,960 --> 00:41:23,480 defenders of our digital lives. 621 00:41:24,760 --> 00:41:28,720 On the other side, the hackers are becoming ever more devious. 622 00:41:31,000 --> 00:41:35,680 Quantum physics and ultra paranoid computing are just the latest 623 00:41:35,680 --> 00:41:38,720 place where this battle is being fought out... 624 00:41:41,200 --> 00:41:44,200 ..but it is one that is constantly shifting. 625 00:41:52,120 --> 00:41:57,000 Noisebridge, San Francisco, a workshop for hackers... 626 00:41:57,000 --> 00:41:58,960 in the original sense of the idea. 627 00:42:02,480 --> 00:42:07,560 A place for pioneers. People taking apart technology, improving it, 628 00:42:07,560 --> 00:42:10,040 upgrading it, having fun. 629 00:42:13,240 --> 00:42:15,040 But you don't have to look far 630 00:42:15,040 --> 00:42:17,720 to see how connected everything has become. 631 00:42:17,720 --> 00:42:20,560 Phones with powerful computers, 632 00:42:20,560 --> 00:42:22,800 cars with satellite navigation, 633 00:42:22,800 --> 00:42:25,560 electronic books, even fridges. 634 00:42:26,920 --> 00:42:30,720 And this world of connected devices is the latest 635 00:42:30,720 --> 00:42:32,960 battleground for the hackers. 636 00:42:45,960 --> 00:42:48,200 Barnaby Jack has been probing this world 637 00:42:48,200 --> 00:42:51,440 of connected devices, looking for weakness. 638 00:42:54,120 --> 00:42:58,760 His aim, to hack these devices before the hackers do. 639 00:43:01,960 --> 00:43:05,440 I've always been doing research, so I would look at 640 00:43:05,440 --> 00:43:08,120 devices or software, 641 00:43:08,120 --> 00:43:11,760 and I would try and find ways to break into that code. 642 00:43:11,760 --> 00:43:15,000 And once I found out a way to break into the code, 643 00:43:15,000 --> 00:43:17,960 I'd write the software that did it. 644 00:43:17,960 --> 00:43:21,280 Hacking proficiently, I guess I would say, 645 00:43:21,280 --> 00:43:26,360 so I take the same route that a normal hacker would take 646 00:43:26,360 --> 00:43:29,000 to find these vulnerabilities and exploit them. 647 00:43:35,120 --> 00:43:39,360 Like any hacker, Barnaby set out to find the weak points. 648 00:43:39,360 --> 00:43:42,960 The easiest way to bypass the security systems. 649 00:43:44,040 --> 00:43:47,680 Everyone has wanted to jump on the wireless bandwagon. 650 00:43:53,320 --> 00:43:55,160 But by going wireless like this, 651 00:43:55,160 --> 00:43:59,680 a lot of people haven't realised the security ramifications of doing so. 652 00:44:07,600 --> 00:44:10,480 Everything that has a wireless capability 653 00:44:10,480 --> 00:44:13,040 can potentially be hacked remotely. 654 00:44:15,760 --> 00:44:18,760 So, I decided to look at software that runs on these devices 655 00:44:18,760 --> 00:44:21,000 because, once you compromise those devices, 656 00:44:21,000 --> 00:44:23,240 there's a very immediate and real world effect. 657 00:44:26,200 --> 00:44:29,400 His target was something we all rely on every day. 658 00:44:31,720 --> 00:44:35,040 Something you might think had the ultimate security... 659 00:44:36,440 --> 00:44:38,120 Banks. 660 00:44:38,120 --> 00:44:43,720 Or, more precisely, a certain form of stand alone cash machine. 661 00:44:43,720 --> 00:44:48,840 I decided to look at ATMs because, you know, they're full of money. 662 00:44:48,840 --> 00:44:50,080 And I looked online, 663 00:44:50,080 --> 00:44:53,720 and I basically just bought them directly from the distributor. 664 00:44:58,440 --> 00:45:01,040 I took the software off the ATM 665 00:45:01,040 --> 00:45:03,880 and then I reverse engineered that software, 666 00:45:03,880 --> 00:45:08,960 and I saw that there was a remote update mechanism. 667 00:45:08,960 --> 00:45:13,840 This was the undefended part of the system, the way in. 668 00:45:13,840 --> 00:45:16,680 Typically, it would require... 669 00:45:16,680 --> 00:45:20,160 usernames and passwords to access, but I found a vulnerability which 670 00:45:20,160 --> 00:45:23,480 let me bypass all the username and password requirements, 671 00:45:23,480 --> 00:45:25,760 and would let me remotely access the ATM 672 00:45:25,760 --> 00:45:28,040 and upload my own software anonymously. 673 00:45:29,720 --> 00:45:32,520 Now, the machine was his to control. 674 00:45:33,720 --> 00:45:37,760 It may sound farfetched, but here's the proof it worked. 675 00:45:37,760 --> 00:45:41,880 And put my software here, I'd go here and add a group, 676 00:45:41,880 --> 00:45:44,120 so add San Francisco. 677 00:45:45,160 --> 00:45:48,120 I then go ahead and add an ATM, 678 00:45:48,120 --> 00:45:50,160 so I put the name Barnaby's ATM. 679 00:45:52,200 --> 00:45:57,680 So, now I can go ahead and upload my own software to that ATM. 680 00:45:59,520 --> 00:46:03,600 It connects to the ATM, it sends the authentication bypass, it succeeds. 681 00:46:10,480 --> 00:46:13,320 And now I could dispense money from the cassettes, 682 00:46:13,320 --> 00:46:16,000 I could capture people's credit card details, 683 00:46:16,000 --> 00:46:17,400 I could do all that remotely. 684 00:46:18,960 --> 00:46:21,480 So the software is now uploaded, 685 00:46:21,480 --> 00:46:24,440 so we could go ahead and issue a remote jackpot command. 686 00:46:24,440 --> 00:46:27,920 That way, anyone near the ATM at the time can get some money. 687 00:46:40,840 --> 00:46:44,200 So, that could be carried out over the phone line or over 688 00:46:44,200 --> 00:46:46,200 the...network, whatever it may be. 689 00:46:47,760 --> 00:46:52,960 This flaw, which only affected some of these sorts of stand alone ATMs, 690 00:46:52,960 --> 00:46:55,800 has, needless to say, now been fixed. 691 00:46:55,800 --> 00:47:00,880 And Barnaby hopes he gets to these flaws before the hackers. 692 00:47:00,880 --> 00:47:04,560 We're hoping, by actually releasing these details 693 00:47:04,560 --> 00:47:07,680 and actually demonstrating some of these risks, 694 00:47:07,680 --> 00:47:11,680 that the security of these devices will actually improve quite a bit. 695 00:47:11,680 --> 00:47:14,280 We're working with these manufacturers to actually 696 00:47:14,280 --> 00:47:15,920 help them improve their codes. 697 00:47:19,960 --> 00:47:24,640 It's estimated there are now over a billion Wi-Fi-enabled devices, 698 00:47:24,640 --> 00:47:27,280 and hacking and defending these gadgets 699 00:47:27,280 --> 00:47:29,520 is just the latest battleground. 700 00:47:35,640 --> 00:47:39,880 But perhaps the greatest danger we face doesn't come from any 701 00:47:39,880 --> 00:47:42,600 one computer, but from the giant networks 702 00:47:42,600 --> 00:47:44,960 of interconnected computers that 703 00:47:44,960 --> 00:47:47,560 run the most complex systems on the planet. 704 00:47:49,000 --> 00:47:54,480 From power grids to banking systems to transport networks. 705 00:47:54,480 --> 00:47:57,320 Because once someone has hacked one part of it, 706 00:47:57,320 --> 00:47:59,800 they may have hacked the whole network. 707 00:48:16,640 --> 00:48:18,880 It began with just one computer. 708 00:48:25,160 --> 00:48:29,600 And now it's spreading through our networks like wildfire. 709 00:48:38,160 --> 00:48:41,000 Power stations are being targeted, 710 00:48:41,000 --> 00:48:43,040 plunging the nation into darkness. 711 00:48:52,120 --> 00:48:54,840 The transport networks are being targeted, too. 712 00:49:00,120 --> 00:49:03,360 And now the infection is spreading all across the world. 713 00:49:09,800 --> 00:49:13,080 But this attack isn't real. 714 00:49:13,080 --> 00:49:16,080 It is a simulation being run by some of Britain's 715 00:49:16,080 --> 00:49:17,960 top cyber security experts. 716 00:49:19,800 --> 00:49:24,200 Cyber security in the UK is considered to be a tier one threat 717 00:49:24,200 --> 00:49:25,760 alongside terrorism. 718 00:49:25,760 --> 00:49:30,680 This drill is part of a strategy to pinpoint weaknesses in a network. 719 00:49:30,680 --> 00:49:35,360 They're attacking it to see if, and where, it breaks. 720 00:49:35,360 --> 00:49:37,680 If we're going to defend our networks, 721 00:49:37,680 --> 00:49:40,920 we need to understand what an attacker might do to us. 722 00:49:43,320 --> 00:49:46,200 You need to understand what the threats are to you, 723 00:49:46,200 --> 00:49:49,280 and you need to understand what your own vulnerabilities are that 724 00:49:49,280 --> 00:49:50,920 someone might take advantage of. 725 00:49:50,920 --> 00:49:54,080 And if you don't understand what the attacker might be able to do to you, 726 00:49:54,080 --> 00:49:56,160 you will not develop the best defences. 727 00:49:56,160 --> 00:49:57,760 The Cyber Range helps us do that. 728 00:50:01,480 --> 00:50:05,360 Once, the only way to test a network was for a company to attack it 729 00:50:05,360 --> 00:50:06,520 from the inside. 730 00:50:08,240 --> 00:50:13,680 But today, you can come to this Cyber Range, Europe's first. 731 00:50:15,920 --> 00:50:20,360 This black box is a kind of internet firing range. 732 00:50:20,360 --> 00:50:25,000 Engineers can programme these 120 computers to create a perfect 733 00:50:25,000 --> 00:50:27,840 mirror image of the company's global network. 734 00:50:27,840 --> 00:50:31,080 One rack houses their existing cyber defences, 735 00:50:31,080 --> 00:50:34,960 the other contains the nastiest malware on earth. 736 00:50:34,960 --> 00:50:38,240 Then the two banks of computers go to war. 737 00:50:43,160 --> 00:50:47,560 You can emulate a normal day-to-day email interconnection that 738 00:50:47,560 --> 00:50:49,200 a company would have and, 739 00:50:49,200 --> 00:50:52,160 at the same time, you can introduce malware into the system. 740 00:50:52,160 --> 00:50:54,480 You can have a look at the effect it would have. 741 00:50:54,480 --> 00:50:57,120 You can introduce new software to the system to see how 742 00:50:57,120 --> 00:50:58,760 effective it is against malware. 743 00:50:58,760 --> 00:51:02,200 You can test new intrusion detection capabilities, 744 00:51:02,200 --> 00:51:06,400 so you can test how well they perform against intrusions that you 745 00:51:06,400 --> 00:51:09,040 introduce yourself, all in a safe environment. 746 00:51:11,640 --> 00:51:15,360 The hope is, that by hacking yourself, you can find those 747 00:51:15,360 --> 00:51:19,600 security flaws and patch them before a hacker works out how to get in. 748 00:51:34,680 --> 00:51:38,400 Sean McGurk works to protect America's complex networks, 749 00:51:38,400 --> 00:51:41,800 like power stations and water companies from attack. 750 00:51:47,280 --> 00:51:50,360 The greatest threat today to the world is the keyboard. 751 00:51:50,360 --> 00:51:52,960 In the past, it may have been nuclear weapons 752 00:51:52,960 --> 00:51:54,800 or weapons of mass destruction. 753 00:51:54,800 --> 00:51:57,720 Today, we see that same level of capability being 754 00:51:57,720 --> 00:52:01,720 exercised by lone individuals using keyboards, as opposed to bombs. 755 00:52:03,920 --> 00:52:06,800 They can hack into transportation networks, 756 00:52:06,800 --> 00:52:10,440 into computer networks, emergency communications networks, 757 00:52:10,440 --> 00:52:14,120 even air transportation are all susceptible to hackers today. 758 00:52:16,160 --> 00:52:20,000 It's Sean's job to try and find the unexpected, surprising 759 00:52:20,000 --> 00:52:24,040 weak points that an attacker could exploit to get into these networks. 760 00:52:28,000 --> 00:52:30,960 What were look at, as far as vulnerabilities are concerned, 761 00:52:30,960 --> 00:52:34,600 are really three things - people, processes and technology. 762 00:52:34,600 --> 00:52:35,840 The technology is great. 763 00:52:35,840 --> 00:52:38,360 The encryption is great - it's very difficult to break. 764 00:52:38,360 --> 00:52:40,960 It takes a tremendous amount of computing capability, 765 00:52:40,960 --> 00:52:42,200 but the bottom line is 766 00:52:42,200 --> 00:52:46,080 a person can circumvent any layer of security simply by their actions. 767 00:52:50,960 --> 00:52:55,320 So, in spite of the complex and sophisticated technology, 768 00:52:55,320 --> 00:52:58,760 once again, it's the people who are the weak part. 769 00:53:00,600 --> 00:53:04,480 All it can take is something costing just a few pounds to 770 00:53:04,480 --> 00:53:06,920 get inside the best protected network. 771 00:53:08,880 --> 00:53:12,800 Removable media is one of the largest security challenges that we 772 00:53:12,800 --> 00:53:16,240 face today, simply because it comes in so many shapes and sizes, 773 00:53:16,240 --> 00:53:17,480 so many different forms, 774 00:53:17,480 --> 00:53:20,080 and people are unfamiliar with its capabilities. 775 00:53:20,080 --> 00:53:23,360 They believe that it's just used to store files but, unfortunately, 776 00:53:23,360 --> 00:53:25,560 it can also be used to introduce malicious code 777 00:53:25,560 --> 00:53:26,960 into a network environment. 778 00:53:28,080 --> 00:53:32,920 It may seem unlikely that such a simple tactic would be effective, 779 00:53:32,920 --> 00:53:38,200 so it's one that Sean was asked by the US government to test. 780 00:53:38,200 --> 00:53:41,160 When we took as USB stick that had a corporate logo on it 781 00:53:41,160 --> 00:53:43,480 and placed it in a public area, 782 00:53:43,480 --> 00:53:47,960 we had been a 70 and 80% assurance that someone would take that 783 00:53:47,960 --> 00:53:50,680 device and insert it in the corporate network. 784 00:53:50,680 --> 00:53:53,200 When we did the experiment with a CD ROM 785 00:53:53,200 --> 00:53:55,440 that had the year and pay 786 00:53:55,440 --> 00:53:59,720 and compensation tables just written with a Sharpie on the disk, 787 00:53:59,720 --> 00:54:03,440 we had almost a 100% guarantee that piece of media, that CD, 788 00:54:03,440 --> 00:54:06,880 would be introduced into a corporate environment. 789 00:54:11,680 --> 00:54:14,960 And it is this tactic, using a removable media device, 790 00:54:14,960 --> 00:54:17,320 which seems to have launched the world's 791 00:54:17,320 --> 00:54:19,080 most powerful cyber weapon... 792 00:54:20,120 --> 00:54:21,680 Stuxnet. 793 00:54:25,120 --> 00:54:29,880 In 2010, this sophisticated piece of malware 794 00:54:29,880 --> 00:54:33,840 struck at a uranium enrichment plant in Iran, 795 00:54:33,840 --> 00:54:35,440 causing significant damage. 796 00:54:37,280 --> 00:54:42,960 This nuclear facility at Natanz was in a highly secure environment, 797 00:54:42,960 --> 00:54:45,400 cut off from the internet, 798 00:54:45,400 --> 00:54:48,480 but still vulnerable to someone bringing in a removable 799 00:54:48,480 --> 00:54:50,120 device into the plant. 800 00:54:52,120 --> 00:54:55,960 Whether it was spies or unwitting accomplices, 801 00:54:55,960 --> 00:54:58,360 we will probably never know. 802 00:55:02,160 --> 00:55:04,400 The challenge with Stuxnet, for instance, 803 00:55:04,400 --> 00:55:07,600 was it didn't take advantage or try to break any of the encryption 804 00:55:07,600 --> 00:55:09,200 or the security boundaries, 805 00:55:09,200 --> 00:55:12,240 because it actually exploited the natural communications 806 00:55:12,240 --> 00:55:14,040 capability of the network. 807 00:55:14,040 --> 00:55:17,520 So, when you plug devices together, they want to identify each other, 808 00:55:17,520 --> 00:55:21,120 that's part of this plug and play technology that we use today. 809 00:55:21,120 --> 00:55:24,880 So, these particular individuals took advantage of that. 810 00:55:24,880 --> 00:55:28,280 They wrote the code to insert into a network environment 811 00:55:28,280 --> 00:55:30,320 inside the security perimeter, 812 00:55:30,320 --> 00:55:33,160 so you were already within the walls of the keep, if you will. 813 00:55:33,160 --> 00:55:35,600 And then it just used the natural communications 814 00:55:35,600 --> 00:55:37,000 capability of the network, 815 00:55:37,000 --> 00:55:38,880 and it moved from computer to computer 816 00:55:38,880 --> 00:55:41,560 until it found specifically what it was looking for. 817 00:55:42,520 --> 00:55:46,680 But nothing in this world of high stakes hacking... 818 00:55:46,680 --> 00:55:48,640 is quite as simple as it seems... 819 00:55:50,880 --> 00:55:53,920 ..because Stuxnet has escaped. 820 00:55:57,960 --> 00:56:01,960 It has now been found outside its intended target. 821 00:56:05,440 --> 00:56:07,080 What's interesting about Stuxnet 822 00:56:07,080 --> 00:56:09,520 and how we were able to discover it to begin with is 823 00:56:09,520 --> 00:56:13,320 that it didn't just target machines in Iran, 824 00:56:13,320 --> 00:56:16,400 it didn't just target machines in that Natanz facility, 825 00:56:16,400 --> 00:56:19,880 Stuxnet has the ability to spread to any machine, 826 00:56:19,880 --> 00:56:22,320 any Windows machine across the world. 827 00:56:22,320 --> 00:56:25,960 It has now infected more than 100,000 machines. 828 00:56:30,000 --> 00:56:33,920 It was never intended to get in the wild but, unfortunately, 829 00:56:33,920 --> 00:56:36,120 once it did get into the wild, 830 00:56:36,120 --> 00:56:39,240 it demonstrated a level of sophistication and capability 831 00:56:39,240 --> 00:56:42,200 that up to that point, no-one had taken advantage of. 832 00:56:44,760 --> 00:56:47,720 This was truly a digital Pandora's box. 833 00:56:47,720 --> 00:56:50,520 Once it was opened, you could not put the lid back on. 834 00:56:52,560 --> 00:56:56,040 Stuxnet is now out in the public domain. 835 00:56:58,680 --> 00:57:01,760 You can take the modules which are most effective for you 836 00:57:01,760 --> 00:57:04,960 and actually repurpose them, or retool them, 837 00:57:04,960 --> 00:57:08,120 and launch them against a private company, 838 00:57:08,120 --> 00:57:11,920 an individual, potentially, a host nation. 839 00:57:11,920 --> 00:57:14,920 It just depends upon what your intent and what your desire is. 840 00:57:16,960 --> 00:57:21,040 It highlights the risks of developing these sorts of weapons. 841 00:57:21,040 --> 00:57:24,280 That they may indeed become uncontrollable... 842 00:57:24,280 --> 00:57:28,120 and even be used against the nations that developed them. 843 00:57:34,200 --> 00:57:39,080 There's nothing new about codes and trying to keep secrets... 844 00:57:40,240 --> 00:57:43,960 ..but the advent of global digital communications 845 00:57:43,960 --> 00:57:47,640 has created a new battleground... 846 00:57:47,640 --> 00:57:49,240 without borders. 847 00:57:51,080 --> 00:57:53,920 One where teenagers... 848 00:57:53,920 --> 00:57:56,000 nation states... 849 00:57:56,000 --> 00:58:01,760 and organised criminals go head-to-head as equals. 850 00:58:03,880 --> 00:58:07,920 This murky world is set to become the defining 851 00:58:07,920 --> 00:58:11,600 battleground of the 21st century. 852 00:58:17,680 --> 00:58:20,720 Subtitles by Red Bee Media Ltd