Cyber War: Sabotaging the Systemby DanielCBotelho November, cbsnews.com
November 8th 2009
- Play CBS Video Video Web Extra: Hacking the ATMs
Former State Department official Jim Lewis with extreme--and illegal--examples of getting money from an ATM.
- Video Web Extra: Hacking the D.O.D.
Jim Lewis is a former State Department official who directed a major study on cyber security for President Obama.
(CBS) Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.
Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.
Today it's not only possible, all of that has actually happened, plus a lot more we don't even know about.
It's why President Obama has made cyber war defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than a blackout.
"Can you imagine your life without electric power?" Retired Admiral Mike McConnell asked correspondent Steve Kroft.
Until February of this year, McConnell was the nation's top spy. As chief of national intelligence, he oversaw the Central Intelligence Agency, the Defense Intelligence Agency and the National Security Agency. Few people know as much about cyber warfare, and our dependency on the power grid, and the computer networks that deliver our oil and gas, pump and purify our water, keep track of our money, and operate our transportation systems.
"If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker," McConnell explained.
"Do you believe our adversaries have the capability of bringing down a power grid?" Kroft asked.
"I do," McConnell replied.
Asked if the U.S. is prepared for such an attack, McConnell told Kroft, "No. The United States is not prepared for such an attack."
"It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation," President Obama said during a speech.
Four months after taking office, Obama made those concerns part of our national defense policy, declaring the country's digital infrastructure a strategic asset, and confirming that cyber warfare had moved beyond theory.
"We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness," the president said.
President Obama didn't say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil.
Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.
That one in the state of Espirito Santo affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world's largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.
But the people who do these sorts of things are no longer teenagers making mischief. They're now likely to be highly trained soldiers with the Chinese army or part of an organized crime group in Russia, Europe or the Americas.
"They can disrupt critical infrastructure, wipe databases. We know they can rob banks. So, it's a much bigger and more serious threat," explained Jim Lewis, director of the Center for Strategic and International Studies.
Lewis led a group that prepared a major report on cyber security for President Obama.
"What was it that made the government begin to take this seriously?" Kroft asked.
"In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor," Lewis said. "Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."
How much is a terabyte?
"The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007," Lewis explained.
"All stolen by foreign countries?" Kroft asked.
"Yeah. This was a serious attack. And that's really what made people wake up and say, 'Hey, we've got to get a grip on this,'" Lewis said.
Produced by Graham Messick
© MMIX, CBS Interactive Inc. All Rights Reserved.
Shared from Read It Later