Sunday, November 8, 2009

60 Minutes: CENTCOM Computers Compromised using thumb drives.

CBS) A series of power outages affecting millions of people in Brazil in 2005 and 2007 were the result of cyber attacks, "60 Minutes" has learned. The two-day event in Espirito Santo State affecting more than three million people in 2007 and another, smaller event in three cities north of Rio de Janeiro in January 2005 were perpetrated by hackers manipulating control systems.

The revelation is part of a Steve Kroft investigation into how computers and the Internet can be used as weapons to be broadcast this Sunday, Nov. 8, at 7 p.m. ET/PT.

Former Chief of U.S. National Intelligence Retired Adm. Mike McConnell believes it could happen in America. "If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer," he tells Kroft. "I would probably sack electric power on the U.S. East Coast, maybe the West Coast and attempt to cause a cascading effect."

If hackers did attack the U.S. power grid, "The United States is not prepared for such an attack." says McConnell.

Congressman Jim Langevin (D.- R.I.), who chaired a subcommittee on cyber security, agrees. He says that U.S. power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. "They admit that they misled Congress," says Langevin, and they still haven't made much progress. "The private sector has different priorities than we do in providing security. Their…bottom line is about profits," he tells Kroft. "We need to change their motivation so that when see vulnerability like this, we can require them to fix it."

Computer hackers have struck in the U.S. already. "People talk about cyber Pearl Harbors, …we probably had our electronic Pearl Harbor," says Jim Lewis, director of the Center for Strategic and International Studies which oversaw a study on cyber security for the Obama Administration. He is referring to a breach of computer security resulting in the downloading of huge amounts of critical information from several governmental departments, including Defense, State and Commerce. "So we probably lost the equivalent of a Library of Congress worth of information in 2007," he says.

A bigger event than even that, says Lewis, was a breach of the CENTCOM Network, the U.S. command fighting the wars in Afghanistan and Iraq. "We know it was a foreign country. We don’t know which one…this was a very sophisticated set of skills," Lewis tells Kroft.

Banks are also targets; more money has been stolen by cyber thieves than by those walking into banks so far this year in the U.S. - over $100 million says FBI Agent Sean Henry. But you don't hear much about it. "When there's a network breach, the owners of the network are not keen to have it known…it might impact their business," says Henry.

Money being stolen isn't even the biggest threat says McConnell, because a worse scenario would be if the hackers were to destroy the system that accounts for all the money and its movement. That would create a bank rush and financial pandemonium. McConnell worries it will take some horrific event to get the country focused on shoring up cyber security. "If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there," he tells Kroft.

Watch CBS News Videos Online


Blog Widget by LinkWithin