Cyber War: Sabotaging the System

This segment was first broadcast on Nov. 8, 2009. It was updated on June 10, 2010.

Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it then. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it's not only possible, all of that has actually happened, plus a lot more we don't even know about.

It's why President Obama has made cyber war defense a top national priority and why, as we first reported in November, some people are already saying that the next big war is less likely to begin with a bang than a blackout.

Extra: Hacking The ATMs
Extra: Hacking The D.O.D.
Extra: The Holy Grail
Center for Strategic and International Studies
Sandia National Laboratories
IntelFusion
International Spy Museum:
Weapons of Mass Disruption


"Can you imagine your life without electric power?" Retired Admiral Mike McConnell asked correspondent Steve Kroft.

Until February 2009, McConnell was the nation's top spy. As chief of national intelligence, he oversaw the Central Intelligence Agency, the Defense Intelligence Agency and the National Security Agency. Few people know as much about cyber warfare, and our dependency on the power grid, and the computer networks that deliver our oil and gas, pump and purify our water, keep track of our money, and operate our transportation systems.

"If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker," McConnell explained.

"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked.

"I do," McConnell replied.

Asked if the U.S. is prepared for such an attack, McConnell told Kroft, "No. The United States is not prepared for such an attack."

"It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation," President Obama said during a speech.

Four months after taking office, Obama made those concerns part of our national defense policy, declaring the country's digital infrastructure a strategic asset, and confirming that cyber warfare had moved beyond theory.

"We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness," the president said.

President Obama didn't say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil.

Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.

That one, in the state of Espirito Santo, affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world's largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.

But the people who do these sorts of things are no longer teenagers making mischief. They're now likely to be highly trained soldiers with the Chinese army or part of an organized crime group in Russia, Europe or the Americas.

"They can disrupt critical infrastructure, wipe databases. We know they can rob banks. So, it's a much bigger and more serious threat," explained Jim Lewis, director of the Center for Strategic and International Studies.

Lewis led a group that prepared a major report on cyber security for President Obama.

"What was it that made the government begin to take this seriously?" Kroft asked.

"In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor," Lewis said. "Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

How much is a terabyte?

"The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007," Lewis explained.

"All stolen by foreign countries?" Kroft asked.

"Yeah. This was a serious attack. And that's really what made people wake up and say, 'Hey, we've got to get a grip on this,'" Lewis said.

• 1
• 2
• 3
• 4
• 5
• 6
• Next Page »

[Veteran2]

It also a public health problem Cyber Attacks are a daily activity relating to Medical Centers. I am advising members of the medical community to become proactive and treat your electronic materials as a tool that can kill.

[Alpha4Centauri]

What the article doesn't address is why these sensitive US targets can't simply block all internet traffic from foreign countries. After all, why should anyone in China have access to our power grid computers in the first place?

The answer is that attackers can easily access those targets from US computers, even though they themselves are located overseas. Why? Because otherwise loyal Americans don't think it's worth their trouble to have up-to-date antivirus/antimalware programs, don't think it's worth their while to have different, complex passwords for their various accounts, don't think they should have to pay for movies, software and music when they can download stuff illegally for free, don't think their internet service provider has a right to insist they get their computers off the internet if they're infected, etc. A computer infected with a trojan becomes the attacker's property, and that unauthorized user can then use it to hopscotch malicious commands onward to the target computer. The administators of the target computers can't tell the ultimate source of the attack, and the only way to block the attack is to block IP ranges used by their legitimate users.

How much spam do you get? Probably a lot. And unless you own your own email server and don't use filters, it's probably only a tiny fraction of what is actually being sent to you. Almost every one of those spams comes from a compromised computer. We've taken the attitude that there's no point trying to address the problem, because there are too compromised machines. Well, the too-many-of-them problem is exactly what's going to make it impossible to defend a serious attack when it happens.

The spammers are telling us where our weak points are. We should use the information they are dumping in our lap.

[lilbear925]

There is no such thing as a "friendly recreational hacker". All hackers are malicious and evil. Hackers should either be working to secure our internet from thieves and other hackers, or be in prison. No middle ground.

[consciousnes]

Tell the "WHOLE" world that it is as easy to get into our computers as it is to cross the Mexican boarder into the US.

[josephp5]

Back in the 50s and 60s it was the missile gap...

Now it's the cyber gap.

I don't trust people like Mike McConnell as far as I can throw him. Remember, back when he was head of NSA he lied to Congress about how his lack of ability to spy on all Americans without warrants led to the death of an American soldier in Iraq. He related this story with a dramatic flair---tears welled up in his eyes. Turns out the story was complete baloney---the timeline showed that it was the Bush Administration's own delay that prevented timely monitoring of the Iraqi kidnappers and preventing the rescue of the American soldier. McConnell simply made up the story because he wanted more power for his agency, at the expense of privacy rights for Americans.

And it's the same thing now. McConnell is an executive vice president of Booz Allen Hamilton, which has close connections with our spy agencies. No doubt cyber warfare is a huge part of their business. And McConnell has revealed himself as a man that will say anything, regardless of the truth, in order to advance his agenda.

Booz Allen Hamilton will of course now be making a big proposal to Congress on the heels of this breathless 60 Minutes report, and McConnell's company will make huge profits as a result.

[jtdev1]

They already proved it was possible with the recent stock market "Flash Crash"

How stupid is America? What, your going to wait until the full attack happens to react???

[cac1958]

This is not news for our infrastructure has needed repairs and to be updated for what now over 2 decades. It blows the mind to hear news stories on what is being outsourced!! We are not prepared for anything except giving amnesty to millions of illegals!

[michaelm07]

This is not new information and I recall this being a worry since the mid-80's. Sadly this president, administration and congress are too busy focusing on garbage like healthcare, gays in the military and passing budgets to throw money away in an effort to push ploitical agendas, rather than to do what is best for the country. Healthcare, gays in the military and budget issues are important but without a strong defense and taking care of infrastructure and security, NONE of those other issues or rights matter. It is clear that priorities are upside down.

[paulflorez]

Did you not read in the article where they allocated billions of dollars to beef up U.S. cyber security?

And you call issues like healthcare and "gays in the military" garbage and then in the same paragraph say "[these issues] are important". Well, are they garbage or are they important? Make up your handicapped partisan mind!

ALL those issues are important. We shouldn't have to sacrifice a civil society because "war" in the name of self-defense is always more important. Even if we can stop outside countries from invading us, what good will it do if our country is rotting internally?

And how about not being a partisan blow hole and instead laying blame equally on the Republicans, who had over 8 years to fix all of these issues and instead only made matters worse with the Iraq War, Medicare Part D and massive de-regulation. Not to mention the fact that if Republicans were willing to COMPROMISE on issues like repealing Don't Ask Don't Tell, then less time would be wasted in getting those issues taken care. I mean come on, over 70% of Americans support repealing Don't Ask Don't Tell, but Republicans are STILL obstructing it! Maybe THEIR priorities are upside down?

[rwsmith29456]

What would we do if we wanted to attack a country? Knock out their communications and computer systems right off the bat. One day when we wake up and communications and computers are out we'd better be grabbing guns because other countries probably already have our systems hacked and all they have to do is type a command and we lose everything.

[d.pocius]

In regards to cyber-warfare threats to our military-industrial infrastructure, Isaac Asimov considered this issue many years ago and imagined a code of laws designed to prevent intelligent systems from harming humans. Google "Asimov" and "three laws of robotics" for details. In my opinion, these ought to be taught in freshman engineering classes as a parallel to the Hippocratic Oath taught to budding physicians. Mindful of these laws, an engineer will naturally do the right thing in designing control systems resistant to the sorts of tampering that imperil life and property.