WSJ+ Presents the New York Premiere of ZERO DAYS
Alex Gibney attends a premiere of his film ZERO DAYS in New York City. Paul Bruinooge—Patrick McMullan via Getty Image

How Alex Gibney Made the Most Chilling Documentary Film of the Year

Aug 14, 2016

Earlier this summer, Alex Gibney released Zero Days, a documentary about cyberwar.

The prolific filmmaker who brought you Going Clear (on Scientology), The Smartest Guys in the Room (the downfall of Enron), Steve Jobs (well, Steve Jobs), turned his attention to the electronic spy versus spy battles that countries are secretly waging against one another. Zero Days centers on the unraveling of a particular cyber operation—code-named Olympic Games—designed to knock offline Iranian nuclear centrifuges beginning the mid-'00s. The covert action was allegedly conducted by the United States and Israel, although no one who was involved will speak on the matter—as Gibney was to discover.

Get Data Sheet, Fortune’s technology newsletter.

I interviewed Gibney months ago, shortly after viewing the film. We spoke about the documentary's creation, his thoughts on the evolution of cyberwar, and whether another secret cyber operation his reporting uncovered—Nitro Zeus—could possibly be a crazy disinformation campaign on the part of the U.S. government that's designed to instill fear and paranoia abroad (as well as at home?). Who knows, maybe I'm just paranoid.

Anyway, here is my endorsement: go see this film. It is brilliant, and great, and terrifying, and important. (Full disclosure about my movie taste; the best films I've seen recently are: Ex Machina, The Big Short, 10 Cloverfield Lane, and Zero Days.)

For more on futuristic movies, watch:

Here's what Gibney said, edited and condensed for clarity. Caution, spoilers ahead!

Fortune: How challenging was it for you to craft a movie about software, visually and cinematically?

Gibney: It was maybe the hardest challenge I've ever had as a documentary filmmaker. You're trying to make code come to life. That was particularly important in this film because so few people were willing to talk on the record. The code really needed to be a character. We used some of the real excerpts from the Stuxnet code, but we had to render it in a way that felt pretty much alive and also fit into our detective story.

How frustrating was it for you to receive "nos" consistently? The opening montage of the film was just "no," "no," "no," "no," "no."

It was incredibly frustrating. I had to comment on it directly, because it was just so persistent. You could understand why someone wouldn't comment on a secret operation that's ongoing. But when something has happened, everybody knows about it, and you refuse to admit that it happened—that is really bizarre.

You must have known that it wouldn't be easy to get people to talk.

I guess I felt there was a moment at this point—post-Snowden and post-WikiLeaks—to confront people with this issue of radical over-classification and the fact that even things that are well-known are secret. We've entered this sort of bizarre world where people in-the-know, people in government, aren't allowed to talk publicly on issues of great public concern at all. I wanted to point out that hypocrisy and absurdity.

How did you arrive upon this subject of Stuxnet? You've done films about intriguing characters, scandals, and companies—yet the subject of this one is a piece of software.

I've been interested more and more in the digital world. I did We Steal Secrets [a story about the whistleblower website WikiLeaks]. I did a biography of Steve Jobs. I thought when I started that it was more of a technical story, and then it ended up being much more of a spy story—a spy thriller and a story about global politics and law. It also seemed very much a story of our time. The very thing that holds us all together—the Internet— is the same thing that makes us all incredibly vulnerable at the same time.

One of the key characters in the film (spoiler alert!) is a character that is a blend of the voices of sources who had to remain anonymous. Where did that conceit come from?

It grew out of a problem, and that problem was, of course, how to get people who were uncomfortable with talking, talking. Talking not just off the record, but on background so that we could use what they were saying, and yet at the same time, protect their identity. The Obama administration, in particular, has become increasingly vicious about going after people who leak classified information.

How much of that testimony by the actress was crafted versus original?

Some sandpapering needed to be done in order to be able to render it. Sometimes language had to be altered in order to protect people's identities. A lot of it is taken verbatim. It very much reflects the points of view of the people who were speaking. We had to collapse it into a single character, so, of course, alterations were made.

When and how did you connect with the key sources?

I can't tell you that. It's a secret. (Laughing)

Come on! The whole point of the movie is no more secrets, right?

No, no, I can't tell you that for obvious reasons. Those are the kinds of secrets that, even with our government, I appreciate. I can't tell you how I connected with the sources.

Okay, well, maybe you can tell me this much. How much did anyone need persuading to offer testimony?

The persuasion took place over time. It helped that we dug out more information that we were able to provide to advance the ball and go to them, so they could either confirm or deny. Over time, they became more comfortable. I think it was a slow process. I think they also felt strongly about certain issues, which helped to motivate them to speak.

By the end of the movie, I was getting quite paranoid. I was thinking, What are the odds that maybe this operation "Nitro Zeus" [the U.S.' plan to embed itself into every facet of Iran's communications infrastructure] is some sort of psychological operations campaign by the U.S. government to scare Iran, and not actually a thing that took place? Did this thought enter your mind?

It had, and it could be. I don't think so. Once you go down the rabbit hole where you think anything is possible and the government is supremely intelligent and always playing games—that it is 24-to-25 steps ahead of everyone else—then I think you've overestimated the capacity of the intelligence of the people on the inside. Our sources were pretty convinced—well, not pretty convinced—they knew that Nitro Zeus was an actual program. We checked it from a number of different ways and everyone agreed that there was a program called Nitro Zeus and agreed that that was real. Your question is a good one, and it's certainly possible that there's some [ psychological operations] stuff going on the in the background. But we're pretty certain that Nitro Zeus was a real program, and that it had the capacity to do as much damage as we laid out in the film.

Who would not sit for an interview that you wish had?

Two people: Keith Alexander [former director of the National Security Agency] and Meir Dagan [former director of the Mossad, Israel's intelligence agency].

During one moment the camera lingered on Alexander and that was all we heard or saw about him for the rest of the film.

We tried very hard to get him to go on the record but he wouldn't. We tried for a year and a half to be permitted inside the NSA. That really is irritating. At a certain moment in time after Snowden, they let 60 Minutes in to videotape the NSA as a way to say look we're open! It's no problem! But of course, it was a shoot that was extremely manipulated.

The U.S. side has claimed that the Israelis let the cat out of the bag by tweaking Stuxnet, making it more aggressive, and then accidentally letting it loose. It seemed that the lack of an official statement on the part of the Israelis contradicting the U.S.'s claim was an omission of sorts?

It's hard for them to get into whether or not they were responsible for leaking it when they don't even admit that they were part of the program. Now, with a wink and a nod, you'll see all sorts of evidence from Israeli intelligence officials that they were a part of it. So far as I'm aware, neither Israel nor the United States has admitted that there was a Stuxnet operation, nor that they were part of it. Somebody blew up with centrifuges in Natanz—who could that have been!

Regular old software bugs.

Yeah, exactly.

You make the case in the film that we should have an open discussion about these cyber weapons and offensive cyber operations. Do you think the world is ready to have that talk?

I think it's imperative. If we don't have it, something nasty could happen. Particularly, when we have such problems of attribution with cyber weapons. The world needs to be ready because these weapons are being increasingly used. If we don't start talking about it, we're not going to be able to fix it, and then something bad is going to happen.

Have you changed any of your own personal security practices since you began working on the film?

(Laughing) Yes. And indeed, there are times when I use pen and paper a lot more, sometimes even an electric typewriter. I also assume that a lot of what I do may ultimately see the light of day, and I operate under those principles. If I really want to keep something secret, I usually go to much more analog modes. I go old school.

What was your favorite part of the film?

Working with the visual effects on this film was really delicious. To figure out a way to give the code a personality, to make it come alive.

You mentioned that you've become much more interested in the digital world recently. Should we expect more films of that nature out of you?

Maybe, maybe.

Okay. If there's one point you wanted to leave the audience with, what would that be?

I guess there are two points. You can't boil it down to a single one. The one is that we need to be aware of how vulnerable we are. And two, we need to demand that our government stops its senseless secrecy so it can figure out a way to make our lives a lot more secure.

By the way, the scene with the balloon and the A-bomb explosion was pure genius.

Thank you. That was really fun to do, and it was fun for the Symantec (symc) guys to do as well.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions