The AI virus that hit communications, transport, power and banks in the US is truth and fiction in cyber thriller Zero Day

Together with TAdviser, the series was watched and discussed in podcast format:

• Gennady Sazonov, Head of Incident Investigation at Solar 4Rays Center, Solar Group of Companies
• Evgeny Chunikhin, Business Head of Cyber ​ ​ Intelligence at F6

In text format, their opinions on the most striking episodes of the series were expressed:

• Roman Semenov, Director of the Department of Monitoring and Response to Cyber ​ ​ Threats of Rostelecom
• Andrey Nuikin, Head of Information Systems Security at Evraz
• Anastasia Gainetdinova, Whoosh Information Security Process Analyst
• Dmitry Kostrov, independent information security expert
• Oleg Shakirov, author of the Telegram channel "Cyber ​ ​ War"

Unprecedented attack

The series begins with a massive attack on communication infrastructure, mobile phones, transport, energy and industrial enterprises, which the mysterious virus disables for one minute. Moreover, a message appears on the hacked phones: "This will happen again."

Each of these episodes is worth considering separately.

Communication and Mobile App Disruption

Here you should immediately clarify that the attack can be carried out either on mobile applications using a working communication infrastructure, or on the communication infrastructure itself in order to disable it. At the same time, both will not work. However, many people perceive the failure of the phone and the inability to use communication services with its help as the inaccessibility of mobile communications, although the device itself connects to the Internet, although it is under the control of attackers.

Cases of mass disconnection of mobile communications were recorded, but more often it is turned off by the operators themselves. This happens at the request of the government, as it was, for example, on May 9, 2025 in Russia, or due to an operator error, as happened in May 2025 with Telefónica in Spain due to an unsuccessful update, as a result of which mobile clients of the country's leading operators suffered: Movistar, Orange, Vodafone, O2. At the same time, mobile phones worked, but they could not call - there was no connection, although the Wi-Fi connection through fixed operators worked.

Turning off mobile communications and Internet access at the level of one operator is a very real task, "explained Roman Semenov, director of the Rostelecom 's cyber threat monitoring and response department, to TAdviser. - As an example, we can cite the events of 2017, when one of the largest operators in Moscow lost communication for a long time. However, simultaneously disabling all operators in the country and displaying a certain message on the screens of all user devices is more of an author's fantasy. It should be understood that the preparatory stage of such an attack, which is not shown in the film, should be extremely large-scale and time-consuming. Its implementation would require colossal time and financial costs

There was no mass simultaneous shutdown of their mobile devices, moreover, on different platforms - Android and iOS, previously recorded. However, this does not mean that it can never be. A case has been recorded when CrowdStrike's built-in Windows protection has disabled a huge number of devices. Modern mobile applications are cross-platform, so disabling their infrastructure can lead to problems on various operating systems. This, in particular, applies to instant messengers, social media and email applications. Exploits for them may well lead to the consequences shown in the series.

Disruption of intelligent transport systems

The most dangerous consequences according to the authors of the series are attacks on intelligent transport networks, the violation of which led to human casualties. In particular, the film shows a situation when, due to a traffic light that is not turned on at the crossing, the car is hit by a diesel locomotive. There is also talk of switching arrows on the railway, with the help of which the attackers achieved a collision of two trains. The personnel of the crash of the aircraft, which could not land due to lack of navigation also for one minute, is also shown.

Hacking traffic lights, in principle, is possible. In April 2025 , 12 smart traffic lights were hacked in Palo Alto, but there were no casualties from it. "Cyber ​ ​ terrorism" is more dangerous for drivers, when attackers showed pornography on hacked billboards. This leads to disorientation of drivers and accidents. Such cases have been recorded several times.

In many cities, people are accustomed to geolocation failures, and a short-term failure will not surprise anyone and does not even annoy much, "says Anastasia Gainetdinova, an information security process analyst at Whoosh, in an interview with TAdviser. - Commercial companies (such as kick-/car-sharing) will receive dissatisfaction from users, because they usually do not know where they are going and navigate exclusively by navigator. In a minute, you can go the wrong way. Or not being able to complete the trip. But the first is solved quite quickly (subject to a minute of downtime) by rebuilding the route, and the second - by technical support of the service

Is it possible to push two oncoming metro trains with the help of a transfer of arrows? Most likely not. The rails of the metro are arranged in such a way that in order to switch to the opposite direction, it is necessary to stop the train and move in the opposite direction. In principle, it is possible to organize an accident of two passing trains, however, there were no such cases. At the same time, the most dangerous, unacceptable from the point of view of transport safety, is the situation of switching arrows under a suitable train, which in metro tunnels can also lead to an oncoming accident. However, so far no such cases have been recorded.

But the disabling of airports has already happened. So in May 2025, Denver International Airport (Colorado) lost contact with pilots for almost 90 seconds when the air traffic control system "went out." A series of similar incidents was recorded at Newark International Airport (New Jersey). So far, no casualties and air accidents have been reported. A communication break of just a few minutes is not critical even for aviation controllers. Vessels on which a decision has already been made to land make it on their own, and those on which a decision has not been made simply enter the second round. With a longer loss of communication, the sides go to an alternative airfield.

Turning off the lights and disabling the diesel generators

Several cyber attacks were shown in the series and almost all of them were accompanied by a power outage. The lights in the subway turned off, the city's neighborhoods and the incident response center plunged into darkness (although computers continued to work). The operation of diesel generators was disrupted.

In reality, when the electricity is turned off, hackers lose control of the equipment and the defender gains the advantage of launching the attacked device in a protected environment and recording traces of the presence of a stranger. Often, it is the defenders who resort to turning off the power, although they turn off not the lighting, but the power of the devices.

If we talk about backup power, then diesel generators are turned on in general for 15 minutes. During this time, critical equipment is powered by uninterruptible power supply batteries. It looks like it is shown in the film - the upper light turns off, the emergency turns on, but the computers recorded from the UPS continue to work. True, at this time they are mainly engaged in backup and preservation of all unsaved data in order to turn off by the time the UPS battery is exhausted. At the same time, diesel generators are launched. And this mode of switching to backup power lasts up to 15 minutes. If, in a minute, as shown in the film, the power supply is restored, then for critical equipment the shutdown will generally pass unnoticed.

In modern enterprises, great attention is paid to industrial safety, labor protection, physical, information security, etc., - explained to TAdviser Andrey Nuikin, head of the security department of Evraz information systems. - Even if the diesel engine was disabled by some miracle (although I do not quite understand how), it is always possible to bring a new one and power critical systems. As for communication, there are also many questions here. Industrial enterprises are not very tied to the Internet. And, accordingly, if the Internet is disabled, then production will continue

Cross-platform malware

When discussing the incident, the headquarters conclude that many exploits of unknown vulnerabilities were used to penetrate various systems, including for various operating systems: Windows, Linux, Mac and Android. Hacking of industrial SCADA and PLC solutions is also mentioned.

There were no examples of industrial accidents with a malfunction of technological equipment or leaks of hazardous substances in the film, although this is exactly what hacking of industrial systems could be dangerous.

There have not been many instances in history of exploits being used simultaneously for more than one operating system. There were examples when the malware used cross-platform technologies to further spread, but primary penetration by exploiting the vulnerability for various operating systems is rarely used. To do this, you need to organize the purchase of unknown exploits ("zero day") and their integration into the already developed exploit management system. The type of attacker mentioned in the film could theoretically afford to follow this path.

An implementation of the scenario of infection of various operating systems is the use of an exploit for cross-platform popular software, which will allow you to gain control over devices of various operating systems. There is an example of such a system - Pegasus spyware developed by the Israeli company NSO Group. It uses zero-day vulnerability exploits for the WhatsApp messenger for penetration, which the company buys up for a lot of money.

NSO Group is not the only company that develops and sells spyware in Israel. They are creating a market for trading zero-day exploits, each of which can cost several million dollars, which makes attacks like those described in the film very expensive.

Moreover, the use of artificial intelligence according to the method described above does not greatly reduce the cost of developing such a malware - AI requires, perhaps, even large resources to develop such an attacking system.

Recently, attacks through supply chains have become widespread, "Andrei Nuikin reminded TAdviser readers. "And that's where things get more complicated. Since it is very difficult to control contractors and not all of them pay attention to safety. The second important point is that monitoring should be configured. Otherwise, you will never know that something is happening to you. The incident shown in the film seems to be related to the supply chain and testing updates. In general, of course, everything is possible, but the option shown to me seems too cinematic

Investigation into the attack

After the first attack and finding out that the special services do not have information on it, a decision is made to create an emergency commission to find the perpetrators and prevent further attacks. At the head of this commission is the ex-president of the United States, who is the main character of the narrative. It is he who is investigating the events that have occurred.

Commission

It should be noted that the creation of an incident response service during the incident itself is not a good idea. As a rule, by the time the attackers switched to active actions, they had already erased traces of their penetration into the system, stole all the data and are already going to monetize the information and access rights received. Therefore, the information for the investigation by this moment, indeed, may not remain, as it is said in the film.

In reality, in the United States, as in a number of other countries, to prevent such incidents, there are special services that control the security, including the information space. Moreover, the principle of separation of powers requires that there are two of these special services - then they will look after each other. This duplication scheme provides the country's leadership with protection against treason in these special services themselves.

So in Russia there is an FSB that monitors the security of data and critical communications. The security of the functioning of the information systems themselves is ensured by FSTEC. At the same time, the National Coordination Center for Computer Incidents (NCCCI), which is accountable to the FSB of Russia, is responsible for the control of critical infrastructure. This Center collects information about all suspicious events from the point of view of information security. It also interacts with similar centers in other countries, which are being created on the eve of the signing of the Convention on International Security, which was prepared with the participation of Russia, and which they plan to ratify at the UN level in October 2025. It is the system of such centers that should respond to such incidents at the state level as usual.

Of course, critical situations may arise, as, for example, in Russia in the spring of 2022, when mass attacks hit the country's infrastructure. At that moment, NCCCI gathered representatives of all Russian companies that work in the field of information security, and jointly developed a strategy for responding to the threat.

Sleeping virus

The investigation showed that the virus, for all its massive spread, managed not to leave traces. This is a very big assumption. The fact is that the spread of information over the network is monitored by a huge number of traps of antivirus companies that analyze any activity on the network. The likelihood that such a virus managed to slip past all these traps, tend to zero, since they accumulate information about the traffic passing through them and allow you to restore the sequence of packets that passed through the network at that moment. If the time of the attack is known, then it will not be difficult to restore the network events that occurred at that moment. Perhaps the authors considered that these traps were also infected with the virus, but the likelihood of this is very minimal.

Any cybercrime leaves its tracks, especially if we are talking about a large-scale incident related to the damage or destruction of the country's infrastructure, "Roman Semenov told TAdviser. - Information security experts carefully analyze every detail in the affected systems, literally under a microscope, and are sure to find evidence of the attack. Behind each such attack is a certain hacker group that has its own tactics, penetration methods, behavior on the network and the tools used. Sooner or later, these features allow us to identify the true culprits

In the real world, it is antivirus companies and information security communities that are the first to find vulnerabilities and warn of danger. While in the universe of the series antivirus companies are completely absent - their place is taken by special services. This, apparently, reflects the fact that US information security companies are completely subordinate to the special services.

The film suggests that the virus is sleeping and waiting for the team to continue the attack. There is clearly a contradiction between the lack of traces of stay and the sleeping regime. The latter means that the virus is still present in the system and may be waiting for the team to continue its activities further.

In reality, such bookmarks are possible, but in one way or another they must communicate with their Command and Control Center (C2C). Moreover, in this case, it is the virus that asks C2C for new commands that is active. This scheme is due to the fact that a virus embedded deep in the corporate infrastructure is not available from the Internet, and it is not possible to transfer a command to it. Therefore, if the malware remains (and then, according to the script of the film, it is activated), then this means that it leaves traces in the form of requests for C2C. Moreover, studying traffic during an incident allows such requests to quickly identify and, as a result, detect control centers.

However, Dmitry Kostrov, an independent information security expert, assured TAdviser that the malware can still be hidden in the infrastructure so that it will be quite difficult to detect it. When attackers enter the infrastructure and are placed there, they can configure the remote control system to wait for the right moment - by timer. Finding such an agent in a large infrastructure is a difficult task.

Retaliatory strike

The first version that the investigators of the incident had was a Russian trace. It was even suggested by a representative of one of the friendly intelligence agencies. And, of course, in response to a cyber attack, the US leadership immediately had a desire to transfer the cyber conflict from virtual to real space - to use traditional weapons.

In reality, the situation is somewhat different. As Oleg Shakirov, the author of the Cyber ​ ​ War Telegram channel, assured TAdviser, in practice we do not see the desire of states to translate hostile actions in cyberspace into the physical world. Firstly, although this is not recorded anywhere, military experts in leading countries are inclined to believe that the threshold for what should be considered an armed attack in cyberspace should be quite high. So a cyber attack can qualify, the consequences of which are comparable to a kinetic attack, in other words, if it inflicts physical resolutions and leads to death. This is the situation shown in the film, so the use of physical weapons seems justified.

There was anything in world practice, and there are several examples when countries used military force, motivating this with hostile actions in cyberspace, "Oleg Shakirov explained to TAdviser readers. - In 2015, the United States twice reported strikes on ISIS members known for hacker attacks and propaganda on the Internet. And in 2019, Israel explained the airstrikes on two sites in the Gaza Strip by the fact that they were used by the Hamas movement to conduct cyber operations. It is easy to see that all these cases occurred in the context of an already ongoing armed conflict and against persons whom the attacking side considered as terrorists

Overall, the military's concern in nuclear-weapon countries about the impact on information systems dates back to the Cold War. The nuclear control system in both the United States and the USSR was a key element of mutual deterrence. With the advent of computer threats, military experts in both countries began to pay attention to the fact that a potential attack on some key element of the control system could actually disable it and deprive the country of the opportunity to launch a retaliatory nuclear strike.

A new wave of fears about the strategic consequences of cyber attacks came in the 2010s. It became clear that digitalization makes different sectors of the economy potentially vulnerable. That is, catastrophic consequences can arise not only due to an attack on the nuclear control system, but also, for example, on the energy system or on hospitals.

During the first Trump administration in the United States, a discussion revived on this basis both in the expert environment and even at the state level about whether it is worth openly declaring that in response to a serious cyber attack, the United States will be ready to use nuclear weapons, Oleg Shakirov recalled. - Strictly speaking, they did not directly prescribe such an opportunity in the key strategic document Nuclear Posture Review. But there is some uncertainty: the United States reserves the right to use nuclear weapons in extraordinary circumstances, which may also include a significant non-nuclear attack.

Hacker data center

Foreign intelligence agencies also led investigators "to a server farm in the Bronx," about which it is said that "with its help you can lure a bunch of bitcoins or arrange a massive cyber attack."

It should be noted that bitcoins are no longer mined using servers. Specialized equipment is more suitable for this - the so-called ASIC miners, recalls Gennady Sazonov. This equipment is built on specialized chips (Application-Specific Integrated Circuit - ASIC), which are traditionally used for hardware acceleration of solving a specific problem. In the case of bitcoin, computing hashes. Such ASIC miners cannot be used for anything else - only for mining bitcoins.

From the point of view of organizing an attack, it also makes no sense to build a server farm, since the attack still needs to be masked, for which either hacked and stretched home computers, stolen cloud resources, or "borrowed" corporate resources are used, the credentials for which are bought on the black market. DoS attacks are generally meaningless to carry out from a single center, since it is enough to block it and the entire attack will choke. Usually, rented capacities in data centers are used to carry out attacks, which are not available to law enforcement officers of the corresponding country.

However, the data center is necessary for the operation of artificial intelligence. Therefore, if we proceed from the assumption that malicious artificial intelligence was trained on this "server farm" and developed the same virus using a large number of exploits, then everything converges. However, this data center could also be used to coordinate the actions of a large number of specialists.

To lay down different systems in which different operating systems, different types of attacks, on different contours - banking, transport, financial, industrial - it takes the work of a large coordinated group with very high skills only to do something, "Anastasia Gainetdinova explained to TAdviser. - For this to happen on all resources at one point in time is surreal: different attacks take a different amount of time. And the defenders of these systems are not sitting idle

It turns out that the friendly special services did not figure out why the server farm they had discovered was actually built, on which the investigators did not find anything - someone had previously cleaned everything up.

Bank hacking

At the same time, the attackers continue to act - they hack and encrypt the data of the eighth bank in the United States, which causes panic among customers and forces the government to impose a ban on banking operations.

It should be noted that banks are the most savvy in terms of information security. Hacking them is not just with the help of a miracle virus with artificial intelligence. Apparently, therefore, the goal of the attackers was the eighth largest bank, and not the entire banking system entirely or someone from the top three.

In reality, there are not very many hacks of banks of this level. The incidents were mainly about stealing money from the accounts of depositors or even the banks themselves. However, the destruction of all banking information in reality was not encountered. An operation of this scale requires money on the one hand, and is poorly monetized on the other. The attacked bank will not even be able to pay the ransom - after all, its accounts will be blocked. This behavior is typical only for terrorists who do not yet have the resources to carry out such a serious attack.

An example is the incident with the Industrial and Commercial Bank of China (ICBC), which was attacked by ransomware in November 2023. The bank even had to notify several customers that due to cybersecurity problems it would be forced to redirect some transactions. Moreover, the Association of the Securities Sector and Financial Markets (SIFMA) due to the incident with the bank ICBC failed to carry out some transactions in the US treasury market.

From 2014 to 2020, our banking sector was a testing ground for many hackers both foreign and within the CIS, "Yevgeny Chunikhin, head of the cyber intelligence department at F6, told TAdviser. - With experience, we strengthen and become more experienced in terms of information security and the systems used within banks. Banks now - for 2025 - the most secure segment in terms of digital and information security

Banks are more likely to go bankrupt or suffer from the actions of the state, for example, if it revokes a banking license from a financial institution than from a hacker attack. To protect customers from such situations, there are various forms of deposit insurance and compensation. In particular, in Russia there is a deposit insurance agency, which is just engaged in the bankruptcy of banks and solving problems with the restoration of deposits. The scenario of a cyber attack on a bank described in the film should in reality be mitigated by such insurance structures.

Outcome

As a result of the investigation, it turns out that the zero-day virus is a stolen development of the National Security Agency (NSA), which was then modified using artificial intelligence technologies to implement all the functionality described above. And this story is partially taken from life, since in reality it met and at one time made a lot of noise.

NSA leak

The story of the stolen exploit EternalBlue began in mid-March 2017, when it was published by The Sadow Brokers. Presumably, the leak occurred not in the NSA itself, but in the contractor of the special services - Equation Group. He exploited a previously unknown vulnerability ("zero day") in the Microsoft SMB protocol, which existed in the company's products for 16 years. The manufacturer fixed a vulnerability that was used in EternalBlue on May 13, 2017.

However, on May 12, there was an epidemic of malware called WannaCry, which was a ransomware worm. He used EternalBlue to distribute inside the corporate network, although he penetrated inside through a phishing email. Computers in Spain and then in other countries were among the first to be attacked. Among them, Russia, Ukraine and India are in the lead in terms of the number of infections. In total, in a short time, 500 thousand computers owned by individuals, commercial organizations and government agencies in more than 200 countries of the world suffered from the worm. As already mentioned, Microsoft released fixes the day after the outbreak of the worm began.

The EternalBlue exploit was also used in the creation of several more worms, which were also widespread. In particular, in June 2017, a modification of a worm known since 2016 called Petya appeared, which also used the EternalBlue exploit. It is alleged that the spread of the worm began in Ukraine, where it was embedded in an update to the accounting program M.E.Doc. However, its distribution was not limited to Ukraine, and it spread across corporate networks of international corporations around the world. After a while, another malware appeared, which was based on EternalBlue - it was named NetPetya to emphasize the difference with the previously spread Petya.

You can recall WannaCry and NotPetya, which used a vulnerability for Windows exploited by EternalBlue to spread, Evgeny Chunikhin recalled the story of the "NSA weapon." - This exploit automatically searched the network for possible ports, found and exploited a vulnerability in the SMB protocol. It allowed running executable code and infecting the system, and then encrypted all data using the RSA algorithm, gave keys to the command center and was deleted. As a result, the computer could not be decrypted. So he moved around the network for a very long time, although on the same day Microsoft released fixes for a vulnerability in the SMB protocol. But the attack has already begun, and as a result, about half a million computers were affected. There was such a story.

Ability to create a virus using artificial intelligence

Perhaps it is the history of EternalBlue that is the prototype of the malware from Zero Day. The film explains that artificial intelligence was used to modify the malware stolen from the NSA, which, theoretically, is possible. However, to do this, you need to implement a whole pipeline of several artificial intelligence, each of which would solve its own problem: finding a vulnerability in the operating system; finding an opportunity to exploit it; writing the exploit itself for each of the vulnerabilities found; development of a control system to coordinate the actions of different exploits so that they perform their actions strictly within a fixed period of time.

The implementation of such a complex scenario requires huge resources for training both from the point of view of specialists and from the point of view of time. Perhaps it was for the work of artificial intelligence that the very server farm in the Bronx was created, but it did not exist for long - according to the plot of the film for only two weeks. During this time, it would hardly have been possible to qualitatively train artificial intelligence to write cross-platform malware. In practice, such pipelines have not yet been built, although there are no restrictions for this, except for the above resources.

The problem is also that before using such malware to implement the events described in the film, it needs time to penetrate all information systems of mobile operators, energy companies, industrial enterprises and airports. Of course, developers of this type of malware in reality use a partnership scheme in which they only prepare the basic tools and infrastructure for conducting an attack, and specific penetrations into the infrastructure of victims are already carried out by partners.

At the moment, viruses that adapt using artificial intelligence are definitely fiction, - said Gennady Sazonov, head of the incident investigation department of the Solar 4Rays center. - In the current realities, artificial intelligence can perform some part of the automation of work. There is even a fork of ChatGPT with disabled ethics restrictions policies that hackers actually use. It is specially for these purposes and created. With its help, you can write very believable texts of phishing emails. You can write individual scripts. But to write some complex malware on your own is not. Even an exploit for a specific vulnerability is already a question

Leaked genetic information

The film also mentions a service for analyzing genetic information, which allows you to establish some related ties between the characters of the film and blackmail them with information disclosure.

This type of threat is already being implemented in reality. In particular, in the fall of 2023, a leak of genetic information from 23andMe was recorded. According to the company itself, outsiders collected data belonging to 6.9 million users of the service. The incident affected 5.5 million people with active DNA Relatives function (comparing people with similar DNA) and 1.4 million with family tree profiles.

However, in order to establish such relationships, it is necessary that information about all relatives be contained in the database of such a service - it is then that it becomes possible to compare the structure of DNA and find out who is a relative to whom. Transferring genetic information from the country's leadership to such a service is hardly a reasonable strategy.

Fix vulnerabilities

As a result of the actions of investigators, the zero-day malware is still activated and completely disables the energy and communication infrastructure. During the recovery process, employees of the same response center are installing mysterious "patches," which, apparently, eliminate all discovered vulnerabilities.

And how do they write them? - asked Gennady Sazonov. "Where do they come from?" In the film, analysts at the operational headquarters are told to write for themselves. Imagine, there is a large monolithic product that has been developed for years or decades. And they say to you: "Write corrections for him." I don't know the source code. I don't know the modules. I don't know the architecture. Who will guarantee that the fixes I wrote will not "put" the main functionality of the application?

In reality, after capturing the operating system after infecting the malware, it is impossible to restore the system's performance by installing vulnerability fixes. First, you need to restore control over the operating system and equipment. This is usually associated with reinstalling operating systems, restoring data from backups. Only after that can we talk about installing fixes to prevent further penetration of the corresponding malware.

In real life, fixes for vulnerabilities are released by the developer, - explained Gennady Sazonov. "How fast?" Depends on the company and the criticality of the vulnerability. Some developers do not even fix critical vulnerabilities for months. If something resonant manufacturers try to at least issue a bulletin that describes actions to minimize the possibility of exploiting the vulnerability. Some vendors do not respond to notifications from information security researchers about the discovered vulnerability and are in no hurry to fix it. This also happens.

However, antivirus software is usually used to remove malware from systems, the presence of which is diligently ignored in the film. When the malware code is received, it is investigated, information security companies develop methods for removing it from computers. Of course, if the malware has artificial intelligence, then it may not be possible to remove it using a classic antivirus. In this case, specialized utilities are being developed to remove malware. This is if there is something to restore.

If the system is destroyed, then you need to recover from backups - of course, you need to create them in advance and not miss saving the current configurations. In any case, this work should be carried out by employees of IT departments with the coordination of information security, and certainly not by specialists of operational centers who are engaged in incident processing. In any case, for the procedures for restoring the health of information systems, it is necessary to draw up all procedures and plans in advance, as well as remember to make backups of both data and runtime configurations.

Radio station 1140 kHz

In the film, the conspirators, who actually create the same zero-day malware, communicate using AM-band radio at 1140 kHz. This is the frequency of an open channel radio station that has the highest level of protection against interference from other stations and is designed to provide inter-country or intercontinental radio communications enshrined in a number of international treaties and regulations.

It is possible that the authors of the film, when using just this method of communication between the conspirators, had in mind the work of the so-called "doomsday radio station" or "The Buzzer." It has been operating since the mid-70s and broadcasts at 4625 kHz. Almost all the time, this radio station "buzzes" - broadcasts the channel marker. Sometimes the buzzing is interrupted - at such moments encoded messages are transmitted, consisting of words and numbers, while words are transmitted by transliteration - by the first letters of names, as, in fact, shown in the film.

Usually, "Buzzers" messages are encrypted using a phonetic alphabet, in which letters are transmitted in words that begin with this very letter. The letters produce either an existing word or similar to the present. Messages begin with the abbreviation NZHTI and are accompanied by a number of numbers. For example, on May 22 of this year, the phrases "NZHTI 37339 Lifeless 4223 7856" and "NZHTI 04315 KHRYUKOSTYAG 4726 4703" were broadcast. On May 19, before the conversation between the presidents of Russia and the United States and right during it, the listeners heard the messages "NZHTI 89905 BLEFOPUF 4097 5573" and "NZHTI 01263 BOLTANKA 4430 9529." For the general public, the purpose of this radio station remains a mystery.

Summary

In general, we can say that the authors of the film did a great job in trying to show in as much detail as possible the scenario for the development of a national cyber attack. It is important to remember that reality can be much more severe than the authors of this film allowed themselves to imagine. In particular, modern cars are very similar in electronic filling to smartphones - they can also be hacked and get much more dangerous consequences than just an inaccessible cellular connection or a frightening message. Similarly, the consequences of an attack by a malware created using artificial intelligence on a dangerous chemical production or nuclear plant can end in the leakage of poisonous or radioactive substances, the damage from which can be much more than shown in the film. Therefore, when using digital technologies in our lives, it is worth remembering their possible reverse side, providing for possible ways to respond to such threats and prepare in advance to prevent them.