Cyber War: Sabotaging the System

60 Minutes: Former Chief of National Intelligence Says U.S. Unprepared for Cyber Attacks

CBS All Access
This video is available on CBS All Access
"There are thousands of attempted attacks every day, tens of thousands of attacks," Sean Henry, an assistant director of the FBI in charge of the bureau's cyber division, told Kroft.

Henry's job is to police potential targets all over the United States. He told "60 Minutes" that criminals have used the Internet to steal more than $100 million from U.S. banks so far this year and they did it without ever having to draw a gun or pass a note to a teller.

"The FBI became famous stopping bank robberies. Are there more bank robberies in terms of the amount of money stolen on the Internet than there are guys walking into branches with guns?" Kroft asked.

"Absolutely," Henry said. "I've seen attacks where there's been $10 million lost in one 24-hour period. If that had happened in a bank robbery where people walked in with guns blazing, that would've been headline news all over the world."

"And the bank probably didn't want it known," Kroft remarked.

"Certainly when there's a network breach, the owners of the network are not keen to have it known that their network was breached because of their concern that it might impact their business," Henry said.

The case Henry mentioned didn't involve just one bank - it involved 130, all of them victimized through an international network of ATMs, an international caper that required dozens of participants on three different continents.

Asked how they did it, Henry said, "It was a sophisticated operation. Clearly organized where adversaries accessed a computer network, were able to gain information from multiple accounts. They were able to decrypt PIN numbers and then taking that data, able to manufacture white plastic that enabled them access to get into ATM accounts."

Asked what white plastic is, Henry said, "Take a piece of plastic that's similar in size and shape and weight to an ATM card."

"They've got the card. They've got the PIN number and they just drained the accounts?" Kroft asked.

"Almost $10 million in 24-hour period," Henry said.

According to Henry, the cyber heist happened in 49 cities around the world, in Europe, North America, South America, and Asia.

Henry told Kroft they have an idea from which country the perpetrators were from, but he would not divulge that information during the interview.

Asked if they have caught any of the suspects yet, Henry said, "Workin' on it."

Another case you have probably not heard anything about involves an extortion plot against the state of Virginia. Earlier this year, a hacker got into a medical database and stole millions of patients' prescription records and then followed it up with a ransom note.

"The note said, 'I have your…' - I can't say that word on television - stuff, we'll call it 'in my possession right now,'" Kroft said.

The hacker went on to write, "I've made an encrypted backup and deleted the original. For $10 million, I will gladly send along the password."

The state of Virginia says it was eventually able to restore the system. But the stolen information, including names, Social Security numbers and prescriptions can be used, sold or exploited according to the FBI.

"Did the Virginia Prescription Monitoring Program pay the $10 million?" Kroft asked Henry.

"I can't discuss that," he replied.

"But you say this is an active investigation. I mean, this is a matter of public record. I mean, this actually happened," Kroft remarked.

"This is an active investigation that we're still involved in, and we are coordinating with the victim. They're cooperating with us, and we're actively involved with them and other state and local law enforcement agencies," Henry said.

Asked whoever did this is still at large, Henry told Kroft, "I imagine."