President john f. Kennedy. People in japan very much admire him. Its one of the ways that many people learned english. Almost every day, somebody comes up to me and wants to quote the inaugural address. Odonnell to walk through the ambassadors official residence is to get a glimpse of history. One photo in particular caught our eye. My mother kept that picture. It was the last picture of the four of us. Justice will be done, rapist keteyian nine years ago this month, three star players on dukes number one Lacrosse Team were accused of rape. It took more than a year for the story to unravel and the three players to be declared innocent. But it was their coach who lost his job and reputation in a rush to judgment. Google up one of the boys names, my name, and then, you know, on the computer you. You saw the word rape, Sexual Assault next to your name. Youre outside, youre outside keteyian tonight, the hard road back for coach Mike Pressler. Im steve kroft. Im lesley stahl. Im bill whitaker. Im armen keteyian. Im norah odonnell. Im scott pelley. Those stores tonight on 60 minutes. Cbs money watch update brought to you in part by glor good evening. With the tax deadline approaching wednesday, the irs says its processed 217 billion in refunds so far. The world bank and imf discussed the Global Economy at their spring meetings in washington friday. And the company that makes kleenex and scott products is launching a line of tissues and towels made with wheat straw and bamboo. Im jeff glor, cbs news. So what about that stock . Sure thing, right . Actually, knowing the kind of risk that youre comfortable with id steer clear. Really . Really. Straight talk. Now based on your strategy i do have some other thoughts. Multiplied by 13,000 Financial Advisors its a big deal. And its how edward jones makes sense of investing. At subway, a great meal starts with a great sandwich on the new simple 6 menu. With six of our best sixinch subs, like the tender turkey breast plus any bag of chips and a 21ounce drink for just 6 every day. Lowes presents how to install a new washing machine with one finger. Maybe a little more that way. Nice now get 10 off select major appliances 396 and more at lowes. The pursuit of healthier. It begins from the second were born. After all, healthier doesnt happen all by itself. It needs to be earned. Every day. Using wellness to keep away illness. And believing that a single life can be made better by millions of others. Healthier takes somebody who can power modern health care. By connecting every single part of it. For as the world keeps on searching for healthier. Were here to make healthier happen. Optum. Healthier is here. Kroft if most people remember anything about the north korean governments cyber attack against Sony Pictures last november, its probably that there was a lot of juicy gossip in leaked emails about movie stars, agents, and studio executives. There was also an absurd quality to the whole episode, which was over an illadvised movie comedy about the assassination of north koreas leader, which the North Koreans did not find funny. The weirdness of it all has obscured a much more significant point that an impoverished foreign country had launched a devastating attack against a Major Company on u. S. Soil, and that not much can be done about it. In some ways, its another milestone in the cyber wars, which are just beginning to heat up, not cool down. The cyber attack on Sony Pictures entertainment exposed a new reality that you dont have to be a superpower to inflict damage on u. S. Corporations, a fact that has been duly noted within Corporate Board rooms and the National Security apparatus. Whats the significance of the sony hack in a nutshell . James lewis the significance is that a foreign power has reached out and touched an american target. The fact that the north korean government felt that it could do something in the United States and get away with it, thats whats significant. Kroft james lewis, a director at the center for strategic and International Studies in washington, has helped shape u. S. Cyber policy for decades, dealing with criminals stealing money russians stealing intelligence and the chinese stealing the latest technology. Lewis this was different because it qualified as the use of force. It qualified as an attack. There was disruption. There was destruction of data. There was an intent to hurt the company. Kroft and it succeeded bringing a major u. S. Entertainment company to its knees. Like other corporate victims of Cyber Attacks, sony has released very Little Information and declined our requests for interviews. We were allowed to film on sonys 44acre studio lot, and inside this building where technicians were still repairing damaged computers. We do know that when people fired up their computers on the morning of november 24, they were greeted with this skeletal image now referred to as the screen of death. It announced an undetected cyber attack that actually began weeks earlier, when a malicious piece of software began stealing vast amounts of data from the sony computer network. Now, it had begun the job of wiping sonys corporate files. Kevin mandia it was the attacker saying, im going to delete what youve made. Im going to destroy your stuff. Kroft kevin mandia is one of the best known cyber sleuths in the u. S. , and his company, fire eye, was hired by sony to respond immediately to the crisis. But there was only so much they could do. Mandia for lack of a better analogy, the wiping is the grand finale. Thats the infamous, we ran into the house, we took what we wanted, and then we left the detonation charge behind us. And then that detonation charge goes off youre not going back to the house anymore. Kroft and thats what happened . Mandia thats what happened. Kroft more than 3,000 computers and 800 servers were destroyed by the attackers after they had made off with mountains of business secrets, several unreleased movies, unfinished scripts, and the personal records of 6,000 employees, all of whom were given a taste of living offline. Sony made the decision to take itself off the grid. All connections to the internet, all connections to the rest of sony, and all connections to third parties were shut off, effectively disconnecting an International Corporation from the outside world, and plunging itself into a predigital age of landline telephones and hand delivered messages written with pen and paper. Mandia immediately employees start to remember the things they took for granted does the gate let you in the garage . You cant get your email. Peoples benefits cant be processed appropriately, time cards cant be done. What if payrolls the next day . There are so many things that depend on the internet that, quite frankly, most companies dont even know all of them. So they come off the internet and go, oh, wow, didnt see that coming. Kroft to kevin mandia, it looked like a militarystyle operation mounted by a foreign government. And when his Company Began comparing the sony computer virus with the 500 million pieces of malware in its archives, it quickly came up with a nearly identical match, right down to the skull on the calling card. It was a cyber attack two years ago against south koreas banks and broadcast networks called dark seoul that wiped out 40,000 computers and caused 700 million in damage. Mandia we had the malware from the attacks that happened in south korea in 2013. And these things, when put side by side, this looks like whoever hacked south korea in 2013 is hacking sony. And the attribution in those attacks in 2013 was to north korea. Kroft mandias suspicions about north korea, which has a wellestablished cyber capability and a long history of attacking its neighbor, were soon confirmed by the nsa, the fbi, and the white house. And the attackers themselves hinted at it when they contacted matt zeitlin of buzzfeed. Com and at least a halfadozen other online reporters, offering them everything they had stolen from sony. So this is the first email you got . Matt zeitlin yep. The weekend after thanksgiving. You know, it says that it has all this data from sony. And have all these links, so that we could download the information. What followed from zeitlin and others was two weeks of damaging, embarrassing stories from the corporate files and private emails of sony executives, as well as threats and a specific demand from the attackers that sony not release its comedy about the assassination of north Korean Leader kim jongun. They hate us because they aint us laughs kroft soon, all the world will see what an awful movie Sony Pictures entertainment has made. Zeitlin that part may have been true. laughs mandia sony scares ceos, right . I mean, thats the difference. Every ceo is Walking Around going, how do i feel if my emails out on the internet . How would i feel if my machines got disrupted . So all of a sudden, every chief Information Security officer is now talking to their board because every board wants to know, hey, is this the new normal . Kroft and it may well be. Kevin mandia says even big corporations with sophisticated i. T. Departments are no match for the dozens of countries that now have offensive cyberwar capabilities. Mandia all advantage goes to the offense in cyber. It just does. On the defensive side, you have to say, i must defend all 100,000 machines, all 50,000 employees. The offense side thinks, i only need to break into one and im on the inside. Kroft and any company or any corporation is as strong as its weakest link. Mandia in a way, yes, in security. The nationstate threat actors or hackers, target human weakness, not system weakness. Kroft and theres no shortage of weaknesses. Most Company Employees are allowed to browse online or visit facebook on corporate computers. And many take them home for personal use. All it takes to contaminate a network is for one person to unwittingly access an infected file that looks realistic, like an adobe flash player update or an email that pretends to be from apple support. And then what happens when they click on them . Mandia they compromise their machine. And now that machine, being on the inside of a corporate network, can be used as a beachhead to increase access. Kroft and thats what happened at sony. Eventually, the North Koreans were able to obtain the passwords and credentials of the companys Computer System administrators and build them right into the malware that carried out the attack. With help from anybody . Mandia you know, anythings possible. I simply dont know. Kroft how sophisticated was the malware that they used . Was this brandnew stuff . Mandia it was sophisticated enough that it works on the vast majority of companies. You know, the f. B. I. Is quoted as saying this would work at over 90 of the companies that they deal with. Jon miller were going to see more and more companies hacked. Were going to see deeper levels of destruction. Kroft so youre saying were at the beginning. Miller yeah, its. Its going to get worse before it gets better. Kroft if you want to talk about stateoftheart hacking or whats going on in the International Cyber arms market, jon millers a good place to start. He turned down a job with the nsa and a government car while he was still in high school, because he says he was already making more money doing private consulting work and honing his skills as a penetration tester. So youre a hacker . Miller i was. Now im, you know, a Computer Security professional. But yeah, i mean, for the majority of my career, i was an ethical hacker, where i would actually go out and hack companies, and then work with them to make sure they didnt get hacked by somebody else. Kroft since miller says hes been well paid to hack into Nuclear Power plants by utility companies, we wanted to know what he thought about the sony attack and the malware the North Koreans used to pull it off. If i set you down and gave you a pencil and paper and said, write a list of a dozen people that could do this. Miller oh, yeah, i mean, there are way more than a dozen people. There are probably 3,000, 4,000, 5,000 people that could do that attack today. Kroft and not all of them are in friendly countries. Miller no, not all of them are in friendly countries. And the number is growing rapidly. Kroft i mean, its certainly within the realm of possibility that a terrorist group could go out and put together a team and do some real damage. Miller i mean, isis hacked centcoms twitter. The barrier to entry is low. Kroft millers previous job was leading a Research Team for a company that made and sold offensive Cyber Weapons to the u. S. Government. He is currently a Vice President of cylance, a company that makes nextgeneration Antivirus Software for banks and fortune 500 companies. Its currently marketing a product it claims would have detected and stopped the sony hack while it was in progress. How sophisticated was this attack . Miller not very. When you look at it in contrast to the capabilities that the United States government are deploying, it is nowhere close to being sophisticated. My favorite analogy is the malware that was used to hack sony is like a moped, and the malware being deployed by United States intelligence agencies is like an f22 fighter jet. Its much more sophisticated its much harder to detect. Kroft and yet still, if this is a moped, there were only a handful of companies in the United States that would have been able to survive this attack. Miller and that really is the scary part is it does not take an overly sophisticated attack to compromise these huge global multinational brands. Kroft miller says there have been other major Cyber Attacks like the one against sony, but they didnt get as much attention. In 2012, iran was blamed for an attack against the headquarters of saudi arabias national oil company, aramco, that destroyed 30,000 computers. Iran has also been accused of a cyber assault against a group of casinos owned by sheldon adleson, a vocal enemy of the regime in tehran. And there have been others. Miller ive worked with companies before in the oil and gas space that have had control System Networks get compromised by malware, and theyve lost control of their floating oil platforms. Kroft i dont remember reading about that. Miller yeah, yeah. No, you didnt read about it. There was no need to disclose, no customer information got leaked. Kroft so these things happen more often than the public knows . Miller absolutely. Kroft there is a lot the public doesnt know about, including an active international, underground market in Cyber Weapons like the one that was used to take downs sonys computers. Miller took us to a site on the dark web where you can buy them. Miller this is actually a list of black market exploits that i was contacted from a russian hacker that he was trying to sell, and his price, right, so. Kroft what does this one do, flash player . Miller this is a vulnerability in that software that would allow someone to take over control of your computer. Kroft 39,000. 29,000, 39,000. Miller yeah, majority of them are over 30,000. Kroft thats 30,000 payable in bitcoin, the Virtual Currency of choice on the dark web. Miller for the most part the internet is completely unregulated. Its the wild west; it truly truly is the wild west right now. What were seeing are people getting pulled out onto the street and shot, and its like wheres the sheriff . Theres no sheriff. Lewis when i started doing this stuff about 20 years ago, there were things that were top secret, you know, only nsa and fbi knew about. And you werent allowed to even talk about them in public. You can download them now for free. Kroft james lewis of the center for strategic and International Studies knows better than most that there are no easy solutions. He says the u. S. Can deter catastrophic Cyber Attacks from china and russia by responding in kind. But how do you respond to a rogue state like north korea for an attack against major corporations like sony. Lewis turning off the lights in north korea, no one would notice. It happens all the time, right . Going after a north korean movie studio, it would probably be a relief for the people there. The only Pressure Point we really have is going after the leadership, going after the Revenue Streams coming to the leadership. Kroft and thats what the Obama Administration has done, at least publicly. Lewis and others believe that it will take a technological breakthrough in cyberwarfare defense to solve a problem technology created, but that could take years. Legislation forcing companies to improve Cyber Security has gone nowhere. Lewis well, theres a reluctance in the congress to force companies to do anything. The administration shares that reluctance. We were lucky until this year. Hopefully, well be a little luckier for a bit longer. Kroft in the time being, keep your fingers crossed. Lewis i used to say that the u. S. Had a faithbased defense when it came to Cyber Security. Because we had faith that the people who didnt like us werent going to do anything bad. Thats what sony has changed is that we had somebody who doesnt like us step out and say, how far can i go with the americans . And thats where faith isnt enough. Visit the because feed newsroom and vis