Cyber War: Sabotaging the System

60 Minutes: Former Chief of National Intelligence Says U.S. Unprepared for Cyber Attacks

(CBS)  Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it's not only possible, all of that has actually happened, plus a lot more we don't even know about.

International Spy Museum: Weapons of Mass Disruption

Center for Strategic and International Studies
Sandia National Laboratories
IntelFusion

It's why President Obama has made cyber war defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than a blackout.

"Can you imagine your life without electric power?" Retired Admiral Mike McConnell asked correspondent Steve Kroft.

Until February of this year, McConnell was the nation's top spy. As chief of national intelligence, he oversaw the Central Intelligence Agency, the Defense Intelligence Agency and the National Security Agency. Few people know as much about cyber warfare, and our dependency on the power grid, and the computer networks that deliver our oil and gas, pump and purify our water, keep track of our money, and operate our transportation systems.

"If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker," McConnell explained.

"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked.

"I do," McConnell replied.

Asked if the U.S. is prepared for such an attack, McConnell told Kroft, "No. The United States is not prepared for such an attack."

"It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation," President Obama said during a speech.

Four months after taking office, Obama made those concerns part of our national defense policy, declaring the country's digital infrastructure a strategic asset, and confirming that cyber warfare had moved beyond theory.

"We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness," the president said.

President Obama didn't say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil.

Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.

That one in the state of Espirito Santo affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world's largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.

But the people who do these sorts of things are no longer teenagers making mischief. They're now likely to be highly trained soldiers with the Chinese army or part of an organized crime group in Russia, Europe or the Americas.

"They can disrupt critical infrastructure, wipe databases. We know they can rob banks. So, it's a much bigger and more serious threat," explained Jim Lewis, director of the Center for Strategic and International Studies.

Lewis led a group that prepared a major report on cyber security for President Obama.

"What was it that made the government begin to take this seriously?" Kroft asked.

"In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor," Lewis said. "Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

How much is a terabyte?

"The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007," Lewis explained.

"All stolen by foreign countries?" Kroft asked.

"Yeah. This was a serious attack. And that's really what made people wake up and say, 'Hey, we've got to get a grip on this,'" Lewis said.

[kcaamem1]

Just to be clear the comment:

"look how movies have influenced military and swat teams."

was made by Milo55, not Realisticone.

[Marcos989]

As everybody now should know, 3 hours after this story aired electrical power went out for 5 hours in Brazil in 10 States (including Rio & Sao Paulo the worlds 2nd largest metropolis)and parts of Paraguay. When Brazilian officials were asked if there was any connection they discounted the possibility, when pressed for the reason the power was interrupted 3 days ago, they reported they did not know. If you do not know how can you discount the possibility? You can if you expect the majority of your population to not learn about the cyber attacks and do not want to alert them.
I live in Rio de Janeiro State, I was one of those affected by this power loss and the cyber attack in 07 & likely 05 and have never heard any of this information from the media here in Brazil. Thank-you 60 Minutes.
I for one take the cyber attacks seriously and cannot agree more with our US President that they are a looming threat that is as serious as any other terrorist attack. My livelihood depends on the free flow of information. I will be withdrawing $$ from my bank to physically hold in case of emergency. I will not rely on governments to protect me from all of you if our systems go down.

[element51]

One guy on here says that this is nothing but BS and the government guy tells us that a number of our vital organizations were hacked. Is the government guy lying? I don't think so. I think the guy on here is just a blowhard know it all who wants us to think he has all the answers. This is a very serious problem and it is true that the Bush administration ignored it like they did most everything else. The republicans will do nothing and will fight Obama in whatever he tries to do since their goal is to see him fail as stated by their leader Limbaugh. But the past is the past and what we need to do now is address this problem in a serious way. A partial answer would be to let any nation know that if they launch an attack on us we will retaliate in kind. The problem is that "terrorists" are not a nation so who would we retaliate against? If they were smart enough a group as small as 25 could bring us to our knees. Let's hope that this administration is smart enough to realize the threat here and that they will take action.

[kgcoleman1]

This year I ref­er­enced in sev­eral brief­ings and dur­ing my lec­ture at Harvard a study by the European Parliament ? Directorate General for External Policies that was titled ?Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks.? On page 14 of that study in the third para­graph it states the following.

?In 2001, fol­low­ing a dis­pute over dam­age to US and Chinese air­craft in the South China Sea, both coun­tries suf­fered a series of cyber attacks, and at one stage California?s elec­tric­ity grid was almost shut down.?

I won­der if Congressman Langevin knows about that!

Full Report
http://www.isis-europe.org/pdf/2009_artrel_247_09-02-epstudy-cyberterrorism.pdf

[milo55]

throw this story in the trash... where it belongs..wild imaginations are at play here.. come back to earth... there is no computer bogey man...

[Marcos989]

Ok, then why don't you explain to me why my power was disrupted 4 days ago between 22:30 - 03:15 here in Nova Friburgo, RJ, Brazil.
I'm waiting.................hello?.....Hello?.....yea, just as I though!

[Overruled1]

Damn, another cover up issue with the Bush Administration.... Why exactly he wasn't impeached is as disgraceful as the treachery of that administration. We were attacked during a time of war, something people didn't stress enough.....And Brazil was terrorized.....

[bubbadubba]

I like Bush's plans better - never prepare for anything just look like a bug eyed clown when it happens.

[n3td3v]

News just in:

01:59 GMT, Wednesday, 11 November 2009

Major power failures hit Brazil

http://news.bbc.co.uk/1/hi/world/americas/8353878.stm

Conspiracy theories anyone?

[DanielCBotelho]

Message to CBS journalists:

There has been a huge blackout in Brazil for the past 20-25 minutes or so. Has affected over 5 states, leaving millions with no power.

Just spoke to friends and family, and no one know what happened. I'm not able to get in touch with some of them.

Could this be another attack!? Reminded me of the 60minutes report as soon as I heard this news from a family member.

[valerieinto]

I wish you could have taken a little bit of all that time you took scaring people a dozen different ways, and put it toward discussing some really great work being done by at least one independent agency in Canada to catch global cyber-criminals (and how government agencies are kind of putting them off). At least Jesse Brown did on the Search Engine podcast on the public broadcaster TV Ontario. (2nd half of the show) : http://www.tvo.org/cfmx/tvoorg/searchengine/index.cfm?page_id=613&action=blog&subaction=viewPost&post_id=11365&blog_id=485

[60Mviewer]

I was puzzled as I watched the large electrical generator self-destruct "via Internet."

In order for that to happen, that equipment had to be designed in such a way that the cooling system could be turned off while the engine continued to run. This seems like poor equipment design more than an issue of Internet security.

Any hairdryer with a U.L. label cannot burn itself up due to a simple but effective safety device. Such safety devices need not be connected to the "brains" of the machinery, due to the risk of disablement.

(Yes, I know that generators and hairdryers are not comparable, but the principle remains.)

It's much easier to believe that generator was altered and we were watching theater. Still, I can't entirely abandon the possibility that the designer so over-computerized that equipment that it's less safe than a hairdryer.

That being the limit of speculation, I wish I had more information. It's the most obvious unanswered question in the entire report.

[jntlw]

And VP Cheney always ciding Obama that Americans aren't safe unt eht obama admin. Mr. cheney you knew all along just how unsafe we were under you and under the cyber attack and yet you still lie lie lie!! Cheney you disgust me more than almost anyone on this planet!

[culturechang]

Consider what the FBI cyber crime unit spends most of its time on.....chasing prostitutes on Craigslist. Of course, they aren't prepared for terroristic or identity theft attacks.

[Superstarzchef]

Hahahaha...so funny, yet hauntingly so true!!

[Superstarzchef]

I want to commend Steve Kroft for his story about this issue. I was enthralled by the lack of disscusion amongst the people in the Federal Gov't about the glaring weaknesses in Americas defense. This is a diaster of Major importence in the works. We need to spend more then the 17 Billion allocated to this endeavor. The Texas Representative was correct in his assertation that this is the "next 9-11" waiting to happen, and that the signs, and signals are there "written on the wall". I was startled as anyone that these things were happening to us; and am equally as frightened that they are now in the realm of the possible. I am aware tho that the USA's Dept. of Defense was developing our own form of Cyber-Warfare. This information is all over the net. Yet it seems to me that whatever resources our DoD has poured into this, was money that was wasted. I saw no evidence that we employed our Cyber-Warfare capabilities against either Iraq or Afghanistan, and both of those nations have no real Cyber-Capability on par with say...China. Our American way of life is now under a threat of instant disruption, and our DoD is capable of being infiltrated by our enemies? These glaring, and frightening loopholes need to be addressed immediately, as the long-term ramifications for our National survival are at stake. The daily doses of espionage committed against us is equally as frightening, as our National Security secrets are being sold on the black market to our enemies, and if you are familiar with the teachings of Sun Tzu, them you can see where that is headed. Our technolocigal advantage militarily is being eroded "drop by drop" and our financial resourses are being drained; even to the point they the enemy is "forcing" us to spend vital DoD dollars on things we may not have even needed! My only hope is in the fact that our CIA, NRO, DIA, FBI, DARPA, and other militaty industrial complexs' organizations are actively doing the very same thing! I can plausibly assume that we are, yet I hope that we are at least evening the playing fields, and thwarting the aspirations of those rogue nations and criminal organizations that threaten us daily. We need to take the handcuffs off our intelligence community, and get after these "perpatrators" at once. When you are sleeping with the enemy, sometimes you need to get dirty, It worked for America in the '40's and '50's in S. America, and it should work for us again in the coming decades. We have the strongest, brigghtest minds here in the USA, let these people do their dirty work, and keep what they do out of the News organizations spotlight, as we can all rest comfortably at nite, knowing that those indidviduals are doing what they do for the National Survival of America, and our way of life.

[Newster1]

"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked."I do," McConnell replied.Asked if the U.S. is prepared for such an attack, McConnell told Kroft, "No. The United States is not prepared for such an attack."


Oh THANKS for telling the entire planet that information

"Did the Virginia Prescription Monitoring Program pay the $10 million?" Kroft asked Henry."I can't discuss that," he replied."

That means they DID

[tom_murphy]

Application whitelisting, only let approved software run, will prevent yesterday's, today's and tomorrow's malware. For the critical infrastructure not currently running application whitelisting ... get on board before it is too late?

Nov 4th InfoWorld article on application whitelisting is a good place to start.

[milo55]

All rubbish.. I suppose those who love spy novels want to beleive any cloak and gagger stories anyone cooks up will buy into this nonsense....

look how movies have influenced military and swat teams.. you can't hardly tell the difference in their look.. and the movies came first..

computers don't control the world.. just a tool for those who make decisions.. its not that complicated..

[realisticone]

Good heavens - remove your head from the sand. Everyday we are being attacked via computer - and where do many major companies host their websites? Try India, etc. Having just retired from a major company in the steel industry, I have seen the destruction first hand. The Chinese army has a large branch that deals only with cyber warfare. It is about time that a President recognized this very real danger. Infrastucture and the internet may not be directly corrected, but any kid over the age of
14 that grew up with a computer, would understand with little training how to link the two. We have been far too trusting. We hire people without doing real searches on their background. We allow folks to wonder around industrial buildings if they have a good 'story'. Wake up because there are people out there that cannot be trusted and are taking advantage of us everyday. You can check the government sites for cyber crime and note that is has exceeded the value of drug money. Cyber crime is now big business and if you start to google it, you will wake up.

[Marcos989]

Milo55 you are seriously out of touch with the 2oth century NTM the 21st.

[kcaamem1]

To Realisticone, It's soo good to read something from a level headed individual on a subject that needs to be taken seriously. After ignoring most of the posts on here as either ignorance or just plain not worth the time it takes to write them, I will look for any other input you may have on this subject. If you're anything like me you believe that humans are inherently good people but there is a handful that were born to stir the pot so to speak, troublemakers if you will. I choose to be open minded and not judgmentally or with immediate criticism.

And the comment "look how movies have influenced military and swat teams." Thats so absurdly rediculous. Do you actually believe that the United States Military consults movies and scripts to get ideas on how to keep our country safe from attacks and other such harm? Seriously!! I'm just absolutely floored by your view.

[icurhuman2]

Considering the last cascading power blackout - the one that took out 30 million people for several days - was due to a fallen tree branch, and the state of disrepair the electrical infrastructure is in, no-one will know whether the next widespread blackout is an attack or simply a breakdown in the patchwork which is the electrical grid. Will it make a difference which of these is the culprit?

[alphaa10000]

MASSIVE DYSFUNCTION

Excellent point-- and yes, the cause of that massive grid disrepair is political. The GOP fought all reform and reconstruction efforts, courtesy to the US Chamber of Commerce and its contributor patrons in Big Energy and Big Oil.

Big Energy, for example, didn't want to make the plant investment, since it would cut into profits.

In the end, the US Chamber of Commerce sported such an irresponsible attitude, even PG&E withdrew its membership in the chamber, saying it did not want to be identified with an organization dedicated to denial in the face of climate disaster.

We might be tempted to believe the GOP would continue to stand idly by while Obama struggles for national recovery and rebuilding our infrastructure. Even modernizing it.

But it gets worse. Not only did the GOP stand idle during its own watch, but it now obstructs reform and reconstruction to address problems it created.

The GOP has become the "jihad" party of sabotage in our midst-- even The Annointed Limbaugh has said he wants our president to fail at national recovery.

And if Limbaugh is not a case of massive dysfunction, nothing is.

[bh2009]

The United States had used the same tactics with the former Soviet Union.
Documented as the Farewell Dossier, the USA sabotaged during the cold war the Soviet Pipeline, producing one of the biggest non nuclear explosion in 1982 in Siberia
We have been payed with the same coin. Maybe the Russians are involved in latest this type of Cyber-crime

[cr_allison]

There is more to consider, much more. Consider someone hacking into truck operations communication systems, and data base systems. What would happen if someone were to redirect a truck of hazardous materials or be able to find out when where the materials ship and when and where they are t deliver. It would not take much for some nut case to be able to figure out where to intercept a load. I think the same would happen with our rail system, diverting high profile loads on rail cars and the like. It is a very serious matter and our company is taking action to do the best job we can do to protect the general public, our shippers and drivers from any sort of devious attacks. I agree completely that all of the transsportation software I have seen and software available on the market leaves much to be desired in the form of security.
C R Allison - Transportation Specialist - Raymond Mississippi