Advisor, Cardinal Sean omalley. In st. Peters square, he stands out in his humble brown robe and sandals, and stays with the pope that means youre roommates with the pope. Well, yes, you see him at all the meals. Odonnell you knew him before. I mean, did you know that he would be this kind of a leader . I am delighted that he is beyond my expectations. Cooper our lives are filled with distractions email, twitter, texting. Were constantly connected to technology, which is probably why theres a growing movement in america to train people to get around the stresses of daily life. There are a lot of different ways to talk about mindfulness, but what it really means is awareness. Cooper is it being present . It is being present. Thats exactly what it is. Cooper i dont feel im very present. I feel like, every moment, im either thinking about something something thats been in the past. So, ultimately, all of this preparing is for what . Were only alive now. Kroft im steve kroft. Stahl im lesley stahl. Cooper im anderson cooper. Whitaker im bill whitaker. Odonnell im norah odonnell. Pelley im scott pelley. Those stories tonight on 60 minutes. Aque psoriasis made a simple trip to the Grocery Store anything but simple. So finally, i had an important conversation with my dermatologist about humira. He explained that humira works inside my body to target and help block a specific source of inflammation that contributes to my symptoms. In clinical trials, most adults saw 75 skin clearance. And the majority were clear or almost clear in just 4 months. Humira can lower your ability to fight infections, including tuberculosis. Serious, sometimes fatal infections and cancers, including lymphoma, have happened; as have blood, liver, and nervous system problems, serious allergic reactions, and new or worsening heart failure. Before treatment, get tested for tb. Tell your doctor if youve been to areas where certain fungal infections are common, and if youve had tb, hepatitis b, are prone to infections, or have flulike symptoms or sores. Dont start humira if you have an infection. Ask your dermatologist about humira. Because with humira clearer skin is possible. I tried depend last weekend. It really made the difference between a morning around the house and getting a little exercise. Only depend underwear has new confidence Core Technology for fast absorption and the smooth, comfortable fit of fitflex protection. We live in a pick and choose world. Choose, choose, choose. But at bedtime . Why settle for this . Enter sleep number. Right now all beds are on sale. Sleepiq technology tells you how well you slept and what adjustments you can make. You like the bed soft. Hes more hardcore. So your sleep goes from good to great to wow only at a sleep number store. Time is now for the biggest sale of the year, where all beds are on sale. Save 50 on the labor Day Limited Edition bed. Know better sleep with sleep number. We stop arthritis pain, so you dont have to stop. Because you believe in go. Onward. Todays the day. Carpe diem. Tylenol 8hr arthritis pain has two layers of pain relief. The first is fast. The second lasts all day. We give you your day back. What you do with it is up to you. Tylenol. Kroft if most people remember anything about the north korean governments cyber attack against Sony Pictures last november, its probably that there was a lot of juicy gossip in leaked emails about executives. There was also an absurd quality to the whole episode, which was over an illadvised movie comedy about the assassination of north koreas leader, which the North Koreans did not find funny. The weirdness of it all has obscured a much more significant point that an impoverished foreign country had launched a devastating attack against a Major Company on u. S. Soil. And as we first reported last april, not much can be done about it. In some ways, its another milestone in the cyber wars, which are just beginning to heat up, not cool down. The cyber attack on Sony Pictures entertainment exposed a new reality that you dont have to be a superpower to inflict damage on u. S. Corporations, a fact that has been duly noted within Corporate Board rooms and the National Security apparatus. Whats the significance of the sony hack in a nutshell . James lewis the significance is that a foreign power has reached out and touched an american target. The fact that the north korean government felt that it could do something in the United States and get away with it, thats whats significant. Kroft james lewis, a director at the center for strategic and International Studies in washington, has helped shape u. S. Cyber policy for decades, dealing with criminals stealing money, russians stealing intelligence, and the chinese stealing the latest technology. Lewis this was different, because it qualified as the use of force. It qualified as an attack. There was disruption. There was destruction of data. There was an intent to hurt the company. Kroft and it succeeded, bringing a major u. S. Entertainment company to its knees. Like other corporate victims of Cyber Attacks, sony has released very Little Information and declined our requests for interviews. We were allowed to film on sonys 44acre studio lot, and inside this building where technicians were still repairing damaged computers. We do know that when people fired up their computers on the morning of november 24, they were greeted with this skeletal image now referred to as the screen of death. It announced an undetected cyber attack that actually began weeks earlier, when a malicious piece of software began stealing vast amounts of data from the sony computer network. Now, it had begun the job of wiping sonys corporate files. Kevin mandia it was the attacker saying, im going to delete what youve made. Im going to destroy your stuff. Kroft kevin mandia is one of the best known cyber sleuths in the u. S. , and his company, fire eye, was hired by sony to respond immediately to the crisis. But there was only so much they could do. Mandia for lack of a better analogy, the wiping is the grand finale. Thats the infamous, we ran into the house, we took what we wanted, and then we left the detonation charge behind us. And then that detonation charge goes off youre not going back to the house anymore. Kroft and thats what happened . Mandia thats what happened. Kroft more than 3,000 computers and 800 servers were they had made off with mountains of business secrets, several unreleased movies, unfinished scripts, and the personal records of 6,000 employees, all of whom were given a taste of living offline. Sony made the decision to take itself off the grid. All connections to the internet, all connections to the rest of sony, and all connections to third parties were shut off, effectively disconnecting an International Corporation from the outside world, and plunging itself into a predigital age of landline telephones and hand delivered messages written with pen and paper. Mandia immediately, employees start to remember the things they took for granted does the gate let you in the garage . You cant get your email. Peoples benefits cant be processed appropriately, time cards cant be done. What if payrolls the next day . There are so many things that depend on the internet that, quite frankly, most companies dont even know all of them. So they come off the internet and go, oh, wow, didnt see that coming. Kroft to kevin mandia, it looked like a militarystyle operation mounted by a foreign government. And when his Company Began comparing the sony computer virus with the 500 million pieces of malware in its archives, it quickly came up with a nearly identical match, right down to the skull on the calling card. It was a cyber attack two years ago against south koreas banks and broadcast networks called dark seoul that wiped out 40,000 computers and caused 700 million in damage. Mandia we had the malware from the attacks that happened in south korea in 2013. And these things, when put side by side, this looks like whoever hacked south korea in 2013 is hacking sony. And the attribution in those attacks in 2013 was to north korea. Kroft mandias suspicions about north korea, which has a wellestablished cyber capability and a long history of attacking its neighbor, were soon confirmed by the nsa, the fbi, and the white house. And the attackers themselves hinted at it when they contacted matt zeitlin of buzzfeed. Com, and at least a halfadozen other online reporters, offering them everything they had stolen from sony. So this is the first email you got . Matt zeitlin yep. The weekend after thanksgiving. You know, it says that it has all this data from sony. And it has all these links, so that we could download the information. Kroft what followed from zeitlin and others was two weeks of damaging, embarrassing stories from the corporate files and private emails of sony executives, as well as threats and a specific demand from the attackers that sony not release its comedy about the assassination of north Korean Leader kim jongun. They hate us because they aint us laughs kroft soon, all the world will see what an awful movie Sony Pictures entertainment has made. Zeitlin that part may have been true. laughs mandia sony scares ceos, right . I mean, thats the difference. Every ceo is Walking Around going, how do i feel if my emails out on the internet . How would i feel if my machines got disrupted . So all of a sudden, every chief Information Security officer is now talking to their board, because every board wants to know, hey, is this the new normal . Kroft and it may well be. Kevin mandia says even big corporations with sophisticated i. T. Departments are no match for the dozens of countries that now have offensive cyberwar capabilities. Mandia all advantage goes to the offense in cyber. It just does. On the defensive side, you have to say, i must defend all 100,000 machines, all 50,000 employees. The offensive side thinks, i only need to break into one and im on the inside. Kroft and any company or any corporation is as strong as its weakest link. Mandia in a way, yes, in security. The nationstate threat actors, or hackers, target human weakness, not system weakness. Kroft and theres no shortage of weaknesses. Most Company Employees are allowed to browse online or visit facebook on corporate computers. And many take them home for personal use. All it takes to contaminate a network is for one person to file that looks realistic, like an adobe flash player update or an email that pretends to be from apple support. And then what happens when they click on them . Mandia they compromise their machine. And now that machine, being on the inside of a corporate network, can be used as a kroft and thats what happened at sony. Eventually, the North Koreans were able to obtain the passwords and credentials of the companys Computer System administrators and build them right into the malware that carried out the attack. With help from anybody . Mandia you know, anythings possible. I simply dont know. Kroft how sophisticated was the malware that they used . Was this brandnew stuff . Mandia it was sophisticated enough that it works on the vast majority of companies. You know, the f. B. I. Is quoted as saying this would work at over 90 of the companies that they deal with. Kroft if you want to talk about stateoftheart hacking or whats going on in the International Cyber arms market, jon millers a good place to start. He turned down a job with the nsa and a government car while because he says he was already making more money doing private consulting work and honing his skills as a penetration tester. So youre a hacker . Jon miller i was. Now, im, you know, a Computer Security professional. But yeah, i mean, for the majority of my career, i was an ethical hacker, where i would actually go out and hack companies, and then work with them to make sure they didnt get hacked by somebody else. Kroft since miller says hes been well paid to hack into Nuclear Power plants by utility companies, we wanted to know what he thought about the sony attack and the malware the North Koreans used to pull it off. If i set you down and gave you a pencil and paper and said, write a list of a dozen people that could do this. Miller oh, yeah, i mean, there are way more than a dozen people. There are probably 3,000, 4,000, 5,000 people that could do that attack today. Kroft and not all of them are in friendly countries. Miller no, not all of them and the number is growing rapidly. Kroft i mean, its certainly within the realm of possibility that a terrorist group could go out and put together a team and do some real damage. Miller i mean, isis hacked centcoms twitter. The barrier to entry is low. Kroft millers previous job was leading a Research Team for a company that made and sold offensive Cyber Weapons to the u. S. Government. He is currently a Vice President of cylance, a company that makes nextgeneration Antivirus Software for banks and fortune 500 companies. Its currently marketing a product it claims would have detected and stopped the sony hack while it was in progress. How sophisticated was this attack . Miller not very. When you look at it in contrast to the capabilities that the United States government are deploying, it is nowhere close to being sophisticated. My favorite analogy is the malware that was used to hack sony is like a moped, and the malware being deployed by United States intelligence agencies is its much more sophisticated, its much harder to detect. Kroft and yet still, if this is a moped, there were only a handful of companies in the United States that would have been able to survive this attack. Miller and that really is the scary part is it does not take an overly sophisticated attack to compromise these huge global multinational brands. Kroft miller says there have been other major Cyber Attacks like the one against sony, but they didnt get as much attention. In 2012, iran was blamed for an attack against the headquarters of saudi arabias national oil company, aramco, that destroyed 30,000 computers. Iran has also been accused of a cyber assault against a group of casinos owned by sheldon adleson, a vocal enemy of the regime in tehran. And there have been others. Miller ive worked with companies before in the oil and gas space that have had control System Networks get compromised by malware, and theyve lost control of their floating oil platforms. Kroft i dont remember reading about that. Miller yeah, yeah. No, you didnt read about it. No customer information got leaked. More often than the public knows . Miller absolutely. Kroft there is a lot the public doesnt know about, including an active international underground market in Cyber Weapons like the one that was used to take downs sonys computers. Miller took us to a site on the dark web where you can buy them. Miller this is actually a list of black market exploits that i was contacted from a russian hacker that he was trying to sell, and his price, right, so. Kroft what does this one do, flash player . Miller this is a vulnerability in that software that would allow someone to take over control of your computer. Kroft 39,000. 29,000, 39,000. Miller yeah, majority of them are over 30,000. Kroft thats 30,000 payable in bitcoin, the Virtual Currency of choice on the dark web. Miller for the most part, the internet is completely unregulated. Its the wild west; it truly, truly is the wild west right now. What were seeing are people getting pulled out onto the street and shot, and its like, wheres the sheriff . Theres no sheriff. Kroft james lewis of the center for strategic and International Studies knows better than most that there are no easy solutions. He says the u. S. Can deter catastrophic Cyber Attacks from china and russia by responding in kind. But how do you respond to a rogue state like north korea for an attack against major corporations like sony. Lewis turning off the lights in north korea, no one would notice. It happens all the time, right . Going after a north korean movie studio, it would probably be a relief for the people there. The only Pressure Point we really have is going after the leadership, going after the Revenue Streams coming to the leadership. Kroft and thats what the Obama Administration has done, at least publicly. Lewis and others believe that it will take a technological breakthrough in cyberwarfare technology created, but that could take years. Legislation forcing companies to improve Cyber Security has gone nowhere. Lewis well, theres a reluctance in the congress to force companies to do anything. The administration shares that reluctance. We were lucky until this year. Hopefully, well be a little luckier for a bit longer. Kroft in the time being, keep your fingers crossed. Lewis i used to say that the u. S. Had a faithbased defense, when it came to Cyber Security. Because we had faith that the people who didnt like us werent going to do anything bad. Thats what sony has changed is that we had somebody who doesnt like us step out and say, how far can i go with the americans . And thats where faith isnt enough. Cbs money watch update sponsored by lincoln financial, calling all chief life officers. Glor good evening. The slumping stock markets are closed t