Cyber War: Sabotaging the System

60 Minutes: Former Chief of National Intelligence Says U.S. Unprepared for Cyber Attacks

(CBS)  Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it's not only possible, all of that has actually happened, plus a lot more we don't even know about.

International Spy Museum: Weapons of Mass Disruption

Center for Strategic and International Studies
Sandia National Laboratories
IntelFusion

It's why President Obama has made cyber war defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than a blackout.

"Can you imagine your life without electric power?" Retired Admiral Mike McConnell asked correspondent Steve Kroft.

Until February of this year, McConnell was the nation's top spy. As chief of national intelligence, he oversaw the Central Intelligence Agency, the Defense Intelligence Agency and the National Security Agency. Few people know as much about cyber warfare, and our dependency on the power grid, and the computer networks that deliver our oil and gas, pump and purify our water, keep track of our money, and operate our transportation systems.

"If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker," McConnell explained.

"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked.

"I do," McConnell replied.

Asked if the U.S. is prepared for such an attack, McConnell told Kroft, "No. The United States is not prepared for such an attack."

"It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation," President Obama said during a speech.

Four months after taking office, Obama made those concerns part of our national defense policy, declaring the country's digital infrastructure a strategic asset, and confirming that cyber warfare had moved beyond theory.

"We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness," the president said.

President Obama didn't say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil.

Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.

That one in the state of Espirito Santo affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world's largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.

But the people who do these sorts of things are no longer teenagers making mischief. They're now likely to be highly trained soldiers with the Chinese army or part of an organized crime group in Russia, Europe or the Americas.

"They can disrupt critical infrastructure, wipe databases. We know they can rob banks. So, it's a much bigger and more serious threat," explained Jim Lewis, director of the Center for Strategic and International Studies.

Lewis led a group that prepared a major report on cyber security for President Obama.

"What was it that made the government begin to take this seriously?" Kroft asked.

"In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor," Lewis said. "Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

How much is a terabyte?

"The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007," Lewis explained.

"All stolen by foreign countries?" Kroft asked.

"Yeah. This was a serious attack. And that's really what made people wake up and say, 'Hey, we've got to get a grip on this,'" Lewis said.

[kcaamem1]

Just to be clear the comment:

"look how movies have influenced military and swat teams."

was made by Milo55, not Realisticone.

[Marcos989]

As everybody now should know, 3 hours after this story aired electrical power went out for 5 hours in Brazil in 10 States (including Rio & Sao Paulo the worlds 2nd largest metropolis)and parts of Paraguay. When Brazilian officials were asked if there was any connection they discounted the possibility, when pressed for the reason the power was interrupted 3 days ago, they reported they did not know. If you do not know how can you discount the possibility? You can if you expect the majority of your population to not learn about the cyber attacks and do not want to alert them.
I live in Rio de Janeiro State, I was one of those affected by this power loss and the cyber attack in 07 & likely 05 and have never heard any of this information from the media here in Brazil. Thank-you 60 Minutes.
I for one take the cyber attacks seriously and cannot agree more with our US President that they are a looming threat that is as serious as any other terrorist attack. My livelihood depends on the free flow of information. I will be withdrawing $$ from my bank to physically hold in case of emergency. I will not rely on governments to protect me from all of you if our systems go down.

[element51]

One guy on here says that this is nothing but BS and the government guy tells us that a number of our vital organizations were hacked. Is the government guy lying? I don't think so. I think the guy on here is just a blowhard know it all who wants us to think he has all the answers. This is a very serious problem and it is true that the Bush administration ignored it like they did most everything else. The republicans will do nothing and will fight Obama in whatever he tries to do since their goal is to see him fail as stated by their leader Limbaugh. But the past is the past and what we need to do now is address this problem in a serious way. A partial answer would be to let any nation know that if they launch an attack on us we will retaliate in kind. The problem is that "terrorists" are not a nation so who would we retaliate against? If they were smart enough a group as small as 25 could bring us to our knees. Let's hope that this administration is smart enough to realize the threat here and that they will take action.

[kgcoleman1]

This year I ref­er­enced in sev­eral brief­ings and dur­ing my lec­ture at Harvard a study by the European Parliament ? Directorate General for External Policies that was titled ?Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks.? On page 14 of that study in the third para­graph it states the following.

?In 2001, fol­low­ing a dis­pute over dam­age to US and Chinese air­craft in the South China Sea, both coun­tries suf­fered a series of cyber attacks, and at one stage California?s elec­tric­ity grid was almost shut down.?

I won­der if Congressman Langevin knows about that!

Full Report
http://www.isis-europe.org/pdf/2009_artrel_247_09-02-epstudy-cyberterrorism.pdf

[milo55]

throw this story in the trash... where it belongs..wild imaginations are at play here.. come back to earth... there is no computer bogey man...

[Marcos989]

Ok, then why don't you explain to me why my power was disrupted 4 days ago between 22:30 - 03:15 here in Nova Friburgo, RJ, Brazil.
I'm waiting.................hello?.....Hello?.....yea, just as I though!

[Overruled1]

Damn, another cover up issue with the Bush Administration.... Why exactly he wasn't impeached is as disgraceful as the treachery of that administration. We were attacked during a time of war, something people didn't stress enough.....And Brazil was terrorized.....

[bubbadubba]

I like Bush's plans better - never prepare for anything just look like a bug eyed clown when it happens.

[n3td3v]

News just in:

01:59 GMT, Wednesday, 11 November 2009

Major power failures hit Brazil

http://news.bbc.co.uk/1/hi/world/americas/8353878.stm

Conspiracy theories anyone?

[DanielCBotelho]

Message to CBS journalists:

There has been a huge blackout in Brazil for the past 20-25 minutes or so. Has affected over 5 states, leaving millions with no power.

Just spoke to friends and family, and no one know what happened. I'm not able to get in touch with some of them.

Could this be another attack!? Reminded me of the 60minutes report as soon as I heard this news from a family member.

[valerieinto]

I wish you could have taken a little bit of all that time you took scaring people a dozen different ways, and put it toward discussing some really great work being done by at least one independent agency in Canada to catch global cyber-criminals (and how government agencies are kind of putting them off). At least Jesse Brown did on the Search Engine podcast on the public broadcaster TV Ontario. (2nd half of the show) : http://www.tvo.org/cfmx/tvoorg/searchengine/index.cfm?page_id=613&action=blog&subaction=viewPost&post_id=11365&blog_id=485