♪ this is "nightline." >> reporter: tonight, cyber war. w go on the hunt with the red team. >> we need to get in locked computers which are all over the place. >> hock hackers hired. their mission, to protect companies from the criminals. >> we turn off the anti-virus. >> america under attack. gas pipelines to meat plants to your home computer. and we're at the command center for cybersecurity with the president's point man. >> we're not talking about people with conscience, we're talking about criminals who want to make money illegally. >> at stake, billions of dollars and potentially lives. how the biden administration is facing down these threats. >> when you think of cybersecurity, what is the thing that keeps you up at night,
what's the thing you worry about the most? >> this special edition of "nightline"," cyber war," will be right back. then stop. it keeps killing bacteria for 24 hours. just spray and let dry to form a shield that's proven to keep killing bacteria for 24 hours... ...touch after touch. microban 24. ♪ every bubble ♪ ♪ every scrub ♪ ♪ every spray ♪ ♪ every day ♪ ♪ dove and degree fund local youth programs. ♪ every day u does good ♪ unilever ♪ ♪ ♪ ♪ ♪ ♪ hey google, turn up the heat. ♪ ♪ ♪ receive a chargepoint home flex charger
or a public charging credit. see you volvo retailer for details. we made usaa insurance for members like martin. an air force veteran made of doing what's right, not what's easy. so when a hailstorm hit, usaa reached out before he could even inspect the damage. that's how you do it right. usaa insurance is made just the way martin's family needs it with hassle-free claims, he got paid before his neighbor even got started. because doing right by our members, that's what's right. usaa. what you're made of, we're made for. ♪ usaa ♪ ♪ "nightline" "cyber war" continues. here now, pierre thomas. >> thanks for joining us. i'm pierre thomas. the idea of cyber criminals shutting down the country is no longer just a plot from a movie
script. as events from the past few weeks have shown, it's a very real possibility and the attack on the colonial pipeline may have been the wakeup call. tonight we go inside america's cybersecurity command center into the front lines with the hackers for hire. in the dead of night, under the cover of darkness, these men begin their mission. >> four cameras sitting right there. >> don't walk in front of that window. >> i'm plugging in a wireless antenna so that i can start to snoop on their traffic. >> reporter: their target, this minnesota security firm. more specifically, their computers, their data, the lifeblood of their business. >> we just kicked the device off the wi-fi. now we might be able to get a password. >> reporter: brian and jonathan are cyber mercenaries. hackers for hire.
>> three, two, one -- >> reporter: known as a red team, hired by private companies and governments to hack them, before the bad guys ever get the chance. >> the bad guys are getting more sophisticated, coming up with new ways, new tricks of their trade. businesses also have to react fast, have to think fast. >> our economy has suffered more than $350 million in ransomware payments this year. >> reporter: we are in the midst of a cyber war. shocking our national security. gas, food, hospitals, transportation. the very fabric of our society now in the crosshairs of cyber terrorists. >> we're not talking about people with conscience. we're talking about criminals who want to make money illegally. >> we need computers which are all over the place. >> reporter: laptops in place of guns, arming companies with the ammo they need to fight cyber
invaders. >> a fun thing, we can turn off the anti-virus. >> reporter: probing every possible weakness they can find. >> we have 11 minutes before we need to get out. >> got access to whatever their enterprise content management software is. cutting it down to the wire. four minutes left. >> copy. >> reporter: colonial pipeline, the largest fuel conduit in the u.s. 100 million gallons a day, every day, from houston to the new york harbor. 25 miles north of atlanta, colonial pipeline employees discover they can no longer access critical data. cyber criminals targeting their billing system, holding their network hostage in a brazen act of extortion. >> this is the first time a major critical infrastructure stakeholder in the united states has been affected in the physical world, versus the virtual domain.
>> reporter: it's called ransomware. and it's used as a weapon all over the world by underground cyber cartels, illegal hackers breaching systems, cutting off access to crucial data, demanding a king's fee to get it back. >> two types of companis, those that know they've been hacked, and those who don't yet know, but they've all been hacked. >> reporter: in order to contain the breach, colonial applies a tourniquet, shutting down more than 5,000 miles of pipeline. within days, fuel shortages and panic at the pump. >> everywhere i go, it's bags >> reporter: a state of emergency is declared in 17 states and washington, d.c. >> not knowing when gas supplies would come back in a neighborhood or a city -- these are all really tough not only business decisions, but decisions that have cascading effects throughout the country. >> reporter: two days later, the fbi exposes a group of eastern
european cyber criminals believed to be behind the breach. they call themselves darkside. >> the darkside is a ransomware group that is believed to be based largely in russia. they develop malicious code that can then be used to deploy within a network and encrypt all the data. then they supply all the infrastructure to facilitate ransom payments, negotiation with victims. then they basically franchise it out to lots of different affiliates. >> reporter: within three days, colonial announces they've restarted operations. but we would soon learn they paid a $4.4 million ransom in bitcoin to the darkside hackers. >> today, we turned the tables on darkside. >> reporter: more than half since recovered in a first of its kind operation by an fbi ransomware task force created bit biden administration. >> i made the decision to pay. i made the decision to keep the information about the payment as confidential as possible.
it was the hardest decision i've made in my 39 years in the energy industry. >> reporter: the halls of congress, colonial pipeline's chief executive, pressured about that harrowing decision to pay the ransom despite authorities urging him not to. >> we do not support the payment of the ransomware. but at the same time, we understand the challenge that a company faces. >> reporter: secretary alejandro mayorkas, biden's homeland security czar, a top dog in the war against cyber crime. >> the fbi director recently said, we need to rethink the way we are dealing with cybersecurity, in the same way that we have to overhaul the way we thought about security after 9/11 for planes and transportation. do you agree that we have to rethink it to that degree? >> i do. and i'll summarize in my own way as follows. it's not elective. it's not really a choice, should i increase my cybersecurity at home in my place of business, in my life? both for an individual, for a business but i must.
it's an imperative. because the vulnerability that one has, it creates a threat not only for oneself, but for many others with whom one is connected. >> we have approach from the east on eighth avenue -- >> reporter: many private companies are already building up those defenses. >> that's what they can see -- >> reporter: paying big money to red teams, experts in hacking, and offensive security, trained to think like the bad guys, to stay one step ahead. >> how sophisticated are some of the world's best hackers? >> the top of the top -- unfortunately, we kind of are at the point, if they want to get in, they're going to get in. they're very persistent. essentially they can just keep attacking, attacking, attacking. they can spend three weeks until they get in, and eventually they will find that weakness in the armor and get in. >> reporter: their work not just cyber, also focuses on the company's physical security.
explain to people at home why the physical security of the building is important to the hackers that don't just sit thousands of miles away and try to infiltrate networks from afar, that there's sometimes some more traditional methods that they want to use as well. >> i think that oftentimes we put a lot of faith in preventing people from getting in digitally. and so we'll have a firewall, we'll have anti-virus, we've got all these security controls in place for the digital world. but in the office itself they're usually maybe a little more lax. >> this is the building right here. that's the primary objective of tonight, get rts on target. we need to get them to the servers. >> reporter: brian and john invite us inside their world. teammate andrew is an expert in getting into secure places. >> we want to take the greatest strengths of our client's system
and see if we can turn it against itself. >> reporter: the mission, breach two companies in two nights. >> essentially we would do a man in the middle attack. >> reporter: this kind of access is rare. both clients grant us permission to emwed with the red team. >> this is the code for the computer virus. >> reporter: the plan, break into their buildings, get into their server rooms, plant a virus, and get out. >> we brought usb sticks that have payloads on them, that if you see an unlocked computer, plug it in, detonate the payload. >> reporter: no small feat. both companies are well protected. >> an army of motion sensors and cameras, so this went from an easy engagement to near impossible. can we emit something that's going to fry these things? >> possibly, but i'm not sure how we can whip something up fast enough to do that tonight. >> you ready? >> this will be fun. >> yeah.
>> so pull into these spots right here. >> reporter: the first client, intereum incorporated, a commercial furniture supply. >> they are about to enter site. >> reporter: with no immediate networks to hack, the team looks to break into the building. they trudge through the thick woods to find a blind spot in the cameras. >> all set? >> reporter: the company knows they're here, catching them on video. but the point is to find all their weaknesses. so they carry on their mission. >> i am connecting into this five-port switch they got right here. i'm going to see if it gives me an internal ip address so i can get to their internal network. i need a chair. >> reporter: the team carries usb sticks loaded with viruses.
they hunt for unlocked computers. the goal, to inject a ransomware cocktail. >> just inserted one of our usb payloads. we are going to attempt to detonate now. i need to get an image of this, because it's potential data access. give me a shell, please. all right, we have a shell. this is a trojan horse that we just detonated here. and essentially what it did, it called out to our server, now we have remote command and control over the system. >> reporter: mission accomplished. >> we can move on. that was a success, yes. >> reporter: if this were a real breach, the company's defenses were considerable. but the hackers brought their a game. >> we got a successful payload delivered. i think we're good. when we come back --
>> four cameras sitting right there. >> so don't walk in front of that window. >> infrared cameras. alarms. >> they put motion sensors all over the place. >> a game of spy versus spy. >> that's what i thought might happen. get the camera off me for a minute while i enter passwords. >> how far will these hackers go to get the job done? stay with us. people everywhere living with type 2 diabetes are waking up to what's possible with rybelsus®. ♪ you are my sunshine ♪ ♪ my only sunshine... ♪ rybelsus® works differently than any other diabetes pill to lower blood sugar in all 3 of these ways... increases insulin...
decreases sugar... and slows food. the majority of people taking rybelsus® lowered their blood sugar and reached an a1c of less than 7. people taking rybelsus® lost up to 8 pounds. rybelsus® isn't for people with type 1 diabetes or diabetic ketoacidosis. don't take rybelsus® if you or your family ever had medullary thyroid cancer, or have multiple endocrine neoplasia syndrome type 2, or if allergic to it. stop rybelsus® and get medical help right away if you get a lump or swelling in your neck, severe stomach pain, or an allergic reaction. serious side effects may include pancreatitis. tell your provider about vision problems or changes. taking rybelsus® with a sulfonylurea or insulin increases low blood sugar risk. side effects like nausea, vomiting, and diarrhea may lead to dehydration which may worsen kidney problems. wake up to what's possible with rybelsus®. ♪ please don't take my sunshine away ♪
you may pay as little as $10 per prescription. ask your healthcare provider about rybelsus® today. microban 24 doesn't just kill bacteria once, then stop. it keeps killing bacteria for 24 hours. just spray and let dry to form a shield that's proven to keep killing bacteria for 24 hours... ...touch after touch. microban 24. is your family ready for an emergency? you can prepare by mapping out two ways to escape your home, creating a supply kit, and including your whole family in practice drills. for help creating an emergency plan, visit safetyactioncenter.pge.com
midnight. >> where are we moving to first? >> we wanted to try the wi-fi attacks first. >> reporter: red team hackers brian, john, and their crew are trying to breach their second company in two days. hacking them to protect them from cyber criminals. >> four cameras sitting right there. >> so don't bawalk in front of that window. >> reporter: infrared cameras, motion detectors. this won't be easy. the team posts up at a blind spot between some bushes to avoid detection. >> rocks are not super comfortable. >> i thought we were more stealthy here, but i don't know. so i'm plugging in a wireless antenna so that i can start to snoop on their traffic. >> reporter: their tools of the trade strangely named, like something out of "ocean's 11." this is called a pineapple. >> we're going to use it to hopefully get us into the wireless network. >> reporter: in this two-man hacking job, they're also getting some help from a little friend. >> it's called a ponigachi.
actually has software built into it that will listen to the wi-fi. he's being happy, looking around. that's his looking around face. >> reporter: companies pay tens to hundreds of thousands of dollars for professionals like brian and john to hack them, and that can take multiple weeks of dedicated work. but red teaming has become a key tool in the global fight against cyber crime which is estimated to have cost the world economy nearly $1 trillion in damages. an integral part of our day-to-day life is based on the internet. no one is invulnerable if they have a cyber element to their respective lives. >> reporter: worldwide, more than $160 billion spent on cybersecurity last year. network firewalls, anti-virus, intrusion prevention. >> we're being jerks, we're sending fake wi-fi signals over the air so we can get what we need.
>> reporter: the team isn't hitting the jackpot here. they move to breach the building. >> all right, shall we see what we've got? >> yeah. >> three, two, one -- and we got nothing. >> reporter: alarms and cameras catch them in their tracks. this would be game over for criminals. but for the team, this is a test, no police are coming. so the game of spy versus spy continues. >> all right. and we're going to go slow. because they put motion sensors all over the place. >> reporter: booby-traps are everywhere. a digital minefield. >> so they got us stuck. camera right on top of the tv. i was thinking, crawl under. [ alarm ]
okay, that's what i thought might happen. >> reporter: the team makes their way to their main target. >> may need some backup. >> reporter: the server room. >> here we go. >> reporter: gets to work hunting for weaknesses. >> we got a lot of confusion here. i guess i'll start with this one. >> i found where their backup modem is. they put it between everything else. >> you think the top switches or the bottom switches are their more important? top switches definitely. all right, we're good. >> reporter: within ten minutes, brian and john are making their way through the network, implanting this device called a raspberry pie. >> the whole point of those raspberry pies is now that we got credentials, now that that we have access, we have one of our other red team members in another place or ourselves the next morning connect back in, then just start going through and taking over everything. because as much as we want, we can't steal all their ip in a single night. >> reporter: pay dirt. they're in the company's network, sucking out data like a
tick. but they keep going. >> now we have access to all the switch ports, all these lights that are lit up represents another device, and we can now also breach all of those other devices. fun thing, since we're local admin, we can just turn off the anti-virus. now that we've got usernames and passwords, we can just start putting those wherever they need to be and take over the network. >> reporter: they dig deeper and deeper, but time isn't on their side. at 3:00, the real alarm system switches back on. >> got access to whatever their enterprise content management software is. oh, this is light switch -- >> our equipment is under the wire. four minutes to get out of the building. out the same way we came in. what time is it?
>> it is 2:58. >> 2:58, and we are gone. >> reporter: the team makes it out just in the nick of time. in a sense, the last two nights they've been playing high-stakes cyber war games, pitting offense versus defense. doing so makes both parties more aware, more alert, stronger. we may all be vulnerable to the next dark side. but there will also be another red team gearing up, whatever might come next. we'll be right back with "the final thought." that came from me. really. my first idea was “in one quarter of an hour, your savings will tower... over you. figuratively speaking." but that's not catchy, is it? that's not going to swim about in your brain. so i thought, what about... 15 minutes. 15 percent. serendipity.
15 minutes could save you 15% or more on car insurance. [♪] if you have diabetes, it's important to have confidence in the nutritional drink you choose. try boost glucose control. it's clinically shown to help manage blood sugar levels and contains high quality protein to help manage hunger and support muscle health. try boost today. the dove beauty bar makes my skin feel fresh. i've encouraged serena my best friend to switch. feels moisturized and clean. my friend stefanie, her skin was dry. i'm like girl you better get you some dove. she hooked me up. with a quarter moisturising cream, dove cleans effectively and cares beautifully. microban 24 doesn't just kill bacteria once, then stop. it keeps killing bacteria for 24 hours. just spray and let dry to form a shield that's proven to keep killing bacteria
for 24 hours... ...touch after touch. microban 24. right now, she's not thinking about her work or her schedule. hi baby. -hey ma, how are you doing? i'm doing good, how are you? good. we are just on our way back from the beach. she's not thinking about her next appearance or even her book tour. no, she's thinking about something more important. and thankfully so is her automobile. the safest, most technologically advanced car we have ever introduced. cares for what matters. the new s-class. from mercedes-benz.
another day, another chance. it could be the day you break the sales record, or the day there's appointments nonstop. with comcast business, you get the network that can deliver gig speeds to the most businesses, and you can get the advanced cybersecurity solutions you need with comcast business securityedge. every day in business is a big day. we'll keep you ready for what's next. get started with a great offer, and ask how you can add comcast business securityedge. plus, for a limited time,ask how to get a $500 prepaid card when you upgrade. call today.
that's "nightline." you can watch all of our full episodes on hulu. we'll see you right back here at i'm morgan, and there's more to me than hiv. more love, more adventure, more community. but with my hiv treatment, there's not more medicines in my pill. i talked to my doctor and switched to fewer medicines with dovato. dovato is for some adults who are starting hiv-1 treatment or replacing their current hiv-1 regimen. with just 2 medicines in 1 pill, dovato is as effective as a 3-drug regimen... to help you reach and stay undetectable.