need to add title here

Sabotaging The System

November 8, 2009 5:00 PM

Could hackers get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal? Steve Kroft reports.

Recent Segments
Scroll Left Scroll Right
Add a Comment See all 55 Comments
by CISSP-CISA November 21, 2009 5:35 PM EST
I am a certified Information Security professional and Information Systems auditor who has been engaged in the field of information security for 15 years. I?ve worked for the largest defense contractors and banks.

I wrote Congressman Langevin, who was prominently featured in this report, nearly a year ago describing a horrendous security gap in the protections applied to a data repository managed by a private-sector organization. That repository contains the most sensitive personal information imaginable on 98% of the officers in all branches of the military, most of the enlisted personnel, and most of the personnel currently employed by the CIA, NSA, and FBI (along with most other federal agencies). My report explained how the most privileged levels of access to that data had been turned over to personnel in a foreign country, and how the organization?s other security countermeasures where both woefully inadequate and naive.

As a taxpayer and citizen, I was horrified by what I had found. I felt that I had a moral obligation to inform someone that serious security gaps exposed sensitive personal information pertaining to the people who defend this nation.

I never received any kind of reply. After waiting more than a month, I called Congressman Langevin?s office and was referred by an aid to the Dept. of Homeland Security (DHS), where my call was then routed to voice mail. DHS never returned my call.

From my personal perspective, I have difficulty believing that Congress is doing little more than grandstanding and FUD (fear, uncertainty and doubt) mongering on the issues of information security.
Reply to this comment
by sockamin November 19, 2009 2:47 PM EST
I agree with the commenter who asked,"HOW can these critical systems be connected to the internet?" But of course big business(system operators) can do pretty much whatever they want. The bought and paid for Congress just lets them. The part of the story that said chips made in China were found to have something fishy in their circuits sounds as if the story about the Chinese general who said that "if a war breaks out with the U.S. they only have to shut off the electricity," could be true. This country does NOTHING about safety, unless and until some disaster happens. Then everyone gets all patriotic and wants a solution yesterday. Just don't be surprized when something terrible does happen.
Reply to this comment
by antihacker101 November 17, 2009 3:30 AM EST
i dont know the full extent out there, but i guess this explains why i get no answers for 15 months of fighting a hacker. 2 days ago things changed with the worm for the first time ever that affected all computers and phone systems. i found an artical that 3 hours ago was put on site about an arrest for dns theft. called p2p that was the same service the hacker used and the codes used in phone and computer hackings were $danielle$ and $chicago$, the timing of everything, the extent, and the details are way to much to ignore. i been pinging over 2000 an hour ips starting with port 53 ending with ip from icmp packet where the hacker connects 2 ways. through a frequency in phone through kernel then through graphics card. and the other through port 80 using all exploits in a list starting with adobe popups... and hijacks all compters. then gave code to kid hacker which now the community sites are stealing password files. while the hacker is hacking bigger sites undetected...
Reply to this comment
by Editorial_Response November 15, 2009 2:52 PM EST
I hardly ever watch this kind of BS and I live security all day. I find it hard to believe that the US, the most technologically savvy country that there is - is a ship with no rudder, no leadership in this area. If the fools that managed us through the implementations of Mil.net and Arpa.net to the Internet, and that created the TCP/IP stack still use known open protocols to transfer information they should be taken out and shot. TCP/IP is nothing other than a nice set of rail road tracks, and you can put any car on those tracks that will fit on the tracks...so I am confused?

As for CBS News implementation of this site... it s*cks. Either follow Google/YouTube or fire the goons running this site and find someone who can push the data to a user with limited resources.
Reply to this comment
by Kiwi_ME November 13, 2009 7:39 PM EST
From an engineering perspective it's amazing to me that any critical system control loops are exposed to the internet.
Reply to this comment
by marstyle November 13, 2009 9:59 AM EST
60 Minutes, you are the highlight of my week and have always been. While it's amazing how forthcoming you are with all the information, these times are sometimes too crazy. I was born and raised in Toronto, Canada, but feel as American as Canadian. I grew up enjoying all the most wonderful benefits of living across the border...greater variety in product available in the US, that it has always been "cowboy country" where anyone can succeed at anything if they try, and the diversity of climate thruout the 50 states!!
At the risk of seeming naive, the segment on hacking the US computer system to death, I was shaken hearing it laid out like that in a step-by-step format, with experiments and examples to back it up....as if it were a scientific experiment. It's not that I think it was new information, and the huge and serious hackers of course know all this but I fear the smaller, more radical, hate-trained cowards (my word for terrorist) would have the stupidity and the stones to actually learn from this.
I love America for its obssession with truth, as that is how I too conduct my life, but really? Do we need to lay it out that clearly?
America has been a tremendous ally to Canada and a good neighbor, and I'd like to think it'll be around and healthy for as long as we know freedom.
Sincerely, Marlene Shiff, Toronto, Canada
Reply to this comment
by expatinasia November 13, 2009 7:01 AM EST
Unlike Jake, I prefer to hire people who understand the mechanisms of attack. On the other hand, we can hire people like Jake, and then wonder why things went from bad to worse.
Reply to this comment
by JakeinCali November 12, 2009 3:56 PM EST
CONFLICT OF INTEREST!
Until Febury 2009 John M. (Mike) McConnell was Cheif of National Inteligence and oversaw the Central Inteligence Agency the Defense Inteligence Agency and the National Security Agency.

This guy was responsible for the problem and now his company will profit from the solution!

John M. (Mike) McConnell is NOW Executive Vice President and leader of the National Security Business for Booz Allen Hamilton!

How convenient!

They will probably use this scare tactic to put limitations on the internet. Just like they used scare tactics to convince us to wage war.

Take the damn systems off of the internet for crying out loud, ***?!!!
Reply to this comment
by roshmb0 November 11, 2009 4:32 PM EST
Nice commercial skycatchersolutions
Reply to this comment
by concernd November 11, 2009 11:37 AM EST
http://news.yahoo.com/s/afp/20091111/wl_afp/brazilenergyblackout

I think everyone needs to read this article that just so happened to be 3 days after the airing of the Sabotage hackers.-A concerned citizen
Reply to this comment
by scotsdavie November 11, 2009 6:16 AM EST
Gary McKinnon,from Wood Green, north London, faces up to 70 years in an American high-security prison if he is extradited and convicted of hacking into nearly 100 US military computers shortly after the September 11 attacks. Apparently many if not all high security systems had effectively left the back door open/ Security code settings were still on makers default e.g 111111.
Reply to this comment
by cpawoods November 10, 2009 3:09 PM EST
Well well, Mike McConnell told you he would not talk to you if you distorted the facts. You have managed to blame this shorfallon the Bush Administration when in fact it was President Bush that approved the 17.5 Billion dollars funding and initated the program to deal with the problem, it is the Obama administration that has yet to appoint a czar to manage the problem, why can't you stick to the facts.
Reply to this comment
by phist November 9, 2009 11:13 PM EST
1. Power company to shut down power at most inconvenient time for customers.
2. Blame computer/network hackers
3. ....
4. profit

or better yet

1. scare everyone into believing computer/network hackers can shut down power
2. raise power rates to fund war against hackers
3. ...
4. profit
Reply to this comment
by slipperyslopenslidingdown November 9, 2009 6:32 PM EST
Bla, bla, bla...I'm a security professional of 25 years with more training, certifications and experience that I can shake a stick at. Though NERC is a start... it was voluntary (at the outset). The standards grew out of the Ohio Blackout - NERC was and is kneee-jerk. As to the threats... environmental, idiots... that want us to live in the dark up to nation-sponsored, trained, equiped and waiting for the "trigger". After all you know (Katrina...) do you really expect your government (any government - this is for the naive Cheney knocker) to protect you from all threats? Ever heard the term self-reliance? Sheeple
Reply to this comment
by thurston2001 November 9, 2009 2:54 PM EST
The corporate pigs that lied to congress only emphasizes the fact that the government is not the enemy, corporate America is, corporate America is the very definition of pure evil. I know you don't have the guts to post anything that would dare to question your corporate masters.
Reply to this comment
by sechristiansen November 9, 2009 2:29 PM EST
Part of the problem is inter-agency communications, both between DoD monitored systems and systems that fall under state and federal jurisdiction. If communication on that level isn't difficult enough, imagine all of the individual states and or DoD agencies (or even different bases within the same DoD branch) sharing information.

To give a good analogy, think of the inter agency information sharing issues that became public after 9/11. This same problem exists within the territories of cyber space, within the borders of the US.

On a positive note, the Federal Government and the DoD have recognized their deficiencies and are putting measures in place to indentify and recruit professional that both understand these hacking techniques and know how to defend against them.

To find out more information on this visit the below links:

http://www.sans.org/netwars/
http://daegoblog.com

Scott E Christiansen
http://www.linkedin.com/in/scottchristiansen
Reply to this comment
by gowildchild November 9, 2009 1:33 PM EST
As an IT professional, working in security, together with my background and education in power circuits ; I cannot believe those computer systems ARE EVEN CONNECTED to the Internet as they are called "Mission Critical Systems".

How would you feel, your pacemaker is connected to the Internet? Would you feel as safe as it would be operating alone? Think similar with your power, gas and anything mission critical that could damage in the millions.

So, my question will stay ... Why connect mission critical machines on the Internet in the first place? Why isn't this a seperate network, loose from any network so it cannot be accessed in the first place? Banks can do it, so why shouldn't such infrastructures?

FWC
Reply to this comment
by bni999 November 9, 2009 1:14 PM EST
People, people settle down for heavens sake. This is rope-a-dope and even outright fabrication in one instance
(terabytes moved out of a government site, across the internet and no one noticed??. Hmmm, thats alot of data, what size was that pipe I wonder?).

CBS exposed nothing new to anyone out there interested in hacking US targets and it is childishly naive to think otherwise.
This stuff and a whole lot more has been well known for many years. I think what we have here is a desire to curry fear in the general populace and provide a basis for funding. This also makes a case for further eroding our freedoms regarding the internet and usage. Don't give in to fear. If this was so easy why hasn't it happened more often? Break-ins happen but don't surrender to this bogus propaganda. Indeed, the US has as much and more intel on networks elsewhere and if anything presents a kind of deadly embrace - hit me and Ill hit you back.
Does anyone think the Cold War ended? We will always need a war. Jobs depend on it.
Stiff upper lip.
Reply to this comment
by Virgil-1 November 9, 2009 10:50 AM EST
With all the high tech.being bragged about,why can't you come up
with a fool proof solution?Maybe we should call it low tech.
Reply to this comment
by mwarnock55 November 9, 2009 10:23 AM EST
AS AN I.T.GUY I CAN TELL YOU INTELLIGENTLY THAT THIS SITUATION IS VERY REAL. IT CONCERNS ME A GREAT DEAL AS IT SHOULD EVERYBODY. I FEEL OUR EFFORTS NOW ARE TOO LITTLE TO LATE. THIS HAS BEEN BROUGHT UP NUMEROUS TIMES AND IGNORED BY PAST ADMINISTRATIONS THEREFORE EXPLOITING YET ANOTHER ACHILLES HEAL THAT COULD SERVE TO BE CATASTROPHIC FOR AMERICA!! I FELT 60 MINUTES AND STEVE KROFT ESPECIALLY DID AN EXCELLENT JOB REPORTING ON SUCH A VAST SUBJECT. IT MAY SERVE TO SAVE AMERICA YET. FOR THOSE OF YOU THAT THINK THIS REPORT FURTHER EXPLOITS AMERICA YOU SHOULD RECONSIDER. THATS ALREADY OCCURRED!! WE HAVE WOVEN THE INTERNET INTO EVERYTHING AROUND US WITHOUT TAKING INTELLIGENT STEPS TO ELIMINATE THE VULNERABILITIES BEFORE BENEFITING FROM NETWORKING TECHNOLOGY. SIMPLY REACTING TO EXPLOITATIONS AFTER THE DAMAGE IS DONE IS NOT SUFFICIENT. THERE IS NOTHING WE CAN DO NOW AS AMERICANS TO PREVENT A MASSIVE CYBER ATTACK. THE ASSAILANTS ARE IN, AND WAITING FOR THE PRECISE TIME. THERE IS NO WAY OF FINDING THE MANY LOOP HOLES THEY ARE USING. ITS LIKE TRYING TO FIND NEEDLES IN A VERY VERY VAST HAY STACK. WE ARE ALL SITTING DUCKS. ALL WE CAN DO IS PREPARE FOR YET ANOTHER CATASTROPHIC EVENT. EXCEPT THIS ONE WILL BE THE BIGGEST AMERICA HAS EVER SEEN. I THINK IT'S ABOUT TIME TO START PRAYING, BUT I WILL ALSO CONTINUE TO HOPE FOR THE BEST.
Reply to this comment
See all 55 Comments
  • Web Extra: Bomb Squad Training Web Extra: Bomb Squad Training

    3:15 November 15, 2009

  • Web Extra: The Deadliest Job Web Extra: The Deadliest Job

    2:01 November 15, 2009

  • Web Extra: 5 Bombs in Two Days Web Extra: 5 Bombs in Two Days

    1:21 November 15, 2009

  • Sabotaging The System Sabotaging The System

    18:36 November 8, 2009

  • Web Extra: Hacking the ATMs Web Extra: Hacking the ATMs

    1:32 November 8, 2009

  • Web Extra: The Holy Grail Web Extra: The Holy Grail

    2:16 November 8, 2009