60 Minutes - 4/17/2016: Not Paid, Rikers Island, Hacking Your Phone
Episode Date: April 18, 2016Lesley Stahl investigates the life insurance industry; then, Bill Whitaker reports on a disturbing pattern of neglect and excessive force at Rikers Island; and, everything is hackable -- including you...r phone. To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices
Transcript
Discussion (0)
Why do fintechs like Float choose Visa?
As a more trusted, more secure payments network,
Visa provides scale, expertise, and innovative payment solutions.
Learn more at visa.ca slash fintech.
What's better than a well-marbled ribeye sizzling on the barbecue?
A well-marbled ribeye sizzling on the barbecue
that was carefully selected by an Instacart shopper and delivered to your door.
A well-marbled ribeye you ordered without even leaving the kiddie pool. on the barbecue that was carefully selected by an Instacart shopper and delivered to your door.
A well-marbled ribeye you ordered without even leaving the kiddie pool.
Whatever groceries your summer calls for, Instacart has you covered. Download the Instacart app and enjoy $0 delivery fees on your first three orders. Service fees, exclusions, and terms apply.
Instacart. Groceries that over-deliver.
If your model is built upon the fact that you're not going to pay a dead person's loved ones for a policy that they've completely paid in full, to me that's just a bad policy.
He's talking about insurance companies that don't pay out life insurance policies
even when they know their customer has died.
And this man's investigation found it's more widespread than you can imagine.
When you found that, what went on inside you?
Unleash the hounds of hell.
Let's go after them and expose them for the unconscionable, indefensible behavior.
Rikers Island holds about 10,000 inmates on 400 acres in the shadow of Manhattan's skyline.
It is known as one of the worst jails in America with a history of violence.
What happened in the case captured on this video is a vivid and horrible example of how bad it can get.
They watched him languish for seven days as he died, and they did nothing. It was
the functional equivalent of torture. They killed him.
You've probably been warned to be careful about what you say and do on your phone.
Do I need to connect?
Yeah.
Okay.
But after you see what we found, you won't need to be warned again.
So are you connected?
I am.
And I have your email.
And more importantly, I have all the credit cards associated with that account.
The President of the United States called me on my cell phone.
So if the hackers were listening in,
they would know that phone conversation.
And that's immensely troubling.
Is everything hackable?
Yes.
We live in a world where we can't trust the technology that we use.
I'm Steve Kruft.
I'm Leslie Stahl.
I'm Bill Whitaker.
I'm Sharon Alfonsi.
I'm Scott Pelley.
Those stories tonight on 60 Minutes.
When you take out a life insurance policy, you pay premiums and the expectation that when you die, your spouse or your children will receive the benefit.
But audits of the nation's leading insurance companies have uncovered a systematic, industry-wide practice of not paying significant numbers of beneficiaries.
In a little-known series of settlements, 25 of the nation's biggest life insurance companies have agreed to pay more than $7.5 billion in back death benefits. However, about 35 insurance companies have not settled
and remain under investigation for not paying
when the beneficiary is unaware there was a policy,
something that is not at all uncommon.
The beneficiary never comes forward
because he or she doesn't know the policy exists.
But the companies know, says Kevin McCarty,
the insurance commissioner of Florida, who led the National Task Force investigating the industry.
And the companies don't pay, he says, unless a beneficiary makes a claim.
And what we found is that companies have actual knowledge in their files that people have died,
yet they have neglected to initiate an investigation and pay the claim. So in other words, life insurance companies are failing to pay out
death benefits when they know the person is dead and they're claiming they don't know.
In many cases, that has been exactly what we have found. When you found that, what went on inside you?
My first instinct, of course, is unleash the hounds of hell.
Let's go after them and expose them for the unconscionable, indefensible behavior that was going on.
He says some of the policies are worth more than a million dollars,
but most are valued at less than $10,000.
Good morning, Joe.
As a result of the audits, Joseph Bigany of West Virginia
recently got a long overdue payment of more than $5,000
from his sister's policy.
I was the administrator of her estate when she died in June of 1990, and we didn't know
anything about this at all. Oh, you're talking about millions of policies, hundreds of thousands
of policies that we're dealing with just here in Florida. Jeff Atwater is the chief financial
officer of Florida in charge of regulating the state's insurance industry. You can assume from
what we have found that the policies that should have been paid out
in the 60s, in the 70s, in the 80s, in the 90s
were never paid.
And you're saying it's part of their plan.
After all we've looked at, Leslie,
it would be hard to imagine.
This is not a small dollar amount.
These are billions of dollars that now stay
in the investment accounts of these insurance companies
rather than return money to those families.
Tell us some of the big names.
It would be all the large brand names that you're familiar with.
John Hancock, MetLife, Prudential.
Many of these companies have sat down with us and made right.
No one disputes that the insurers pay out on policies when the beneficiary files a proper claim.
But, says Kevin McCarty of Florida, many of the companies
routinely and deliberately disregarded evidence in their own files that the policyholders had died.
Unless someone filed a claim, he says, the companies would cancel the policy and keep
the death benefit for themselves. Here is a life insurance policy that's issued in Florida in January 2002.
The insurer died in April of 2008.
We actually have in the insurance company's file a copy, a scanned copy of the death certificate
and the accompanying envelope which displayed the spouse's return address.
With the spouse's address on it?
Right here.
Let me see.
Less than one month after the death, the policy was terminated for nonpayment.
Industry lobbyists, like this one at a recent hearing in Florida,
argue that the burden falls on the beneficiaries.
We all enter into contracts every day.
And if you sign that contract, you're obligated to know what's in it.
The companies argue that in the policies that these people signed, it says black and white that they have to make the claim and show up with a copy or the policy itself.
And if they don't do that, we don't have an obligation. But Florida law says something, too. And you have to look at it not just in terms of the contract, but your responsibilities under the Florida Insurance Code.
And I'm here to say that you have a responsibility to investigate a claim if you know someone has died.
And if you have a letter that says you're deceased, you have actual knowledge the person has died.
Insurance companies are regulated
separately by each state, and he says similar laws are on the books across the country.
You see right there? State regulators first got wind of the insurance industry practice
from Jim Hartley and Jeff Drubner, who run a technology and auditing company called
Veris Financial. Based on an insider tip in 2006,
Drubner, employing techniques he had used as an FBI agent,
combed through insurance company data
and discovered that the insurers were routinely using
the Social Security Death Master file,
which is a constantly updated list of people
who have died in the United States.
What was the significance to you that they were using the death master file for something?
I knew at that point that they knew.
They knew who was alive and dead is what you're saying?
Yeah, because they know who they've insured,
and if they have a list of everybody that's passed away, I knew that they knew.
So what was the next step?
The next step was speak to the state. There wasn't
one treasurer, one controller, or one attorney general who didn't have a reaction that this
shouldn't be allowed to happen and we have to fix it. Drubner went on to discover that most
insurance companies use the death master file only when it was to their advantage to cut off
annuity or retirement payments once the policyholder died.
But they didn't then notify the life insurance side of the company.
We have actual cases, Leslie, where a policyholder had both an annuity and a life policy,
and they terminated the annuity, and of course they knew the person was dead.
Claimed over here that they didn't know he was dead. Leslie, when we went in and looked at the memos, the right side told the
left side and the other side said. And you saw it in the audits. We saw it in the audits.
Something else they saw in the audits related to whole life insurance policies that, in addition to a death benefit,
build up a cash nest egg, like a 401k.
What they found is that when a beneficiary did not come forward,
the company continued to pay themselves
premiums out of the dead person's nest egg.
In this $20,000 policy, for instance,
the nest egg was drained down more than $9,000 to zero after the person had died.
California Comptroller Betty Yee says that kind of siphoning off was widespread in cases where beneficiaries did not come forward.
How can you not be outraged by this?
She says that in about a third of the cases, there was evidence of death
in the file. Here we have a policyholder. Is this the actual file that you saw with the word
deceased? Yes. In large, large, unmistakable letters? Yes. Deceased with the date of death.
And still they didn't stop paying themselves? No, no. And you would have thought with that
kind of indication, the next step would be to confirm that by looking at the death master file and beginning the claims process with the family member.
And they didn't?
They didn't.
When the cash was all used up, the companies canceled the policy.
Under the law, they're allowed to pay themselves premiums using their customers' accumulated cash while they're alive. Florida's
McCarty says the law was originally intended as a way to protect consumers. For instance,
if you have a life policy and you lose your job and you can't make your premium payment,
they will take some of the cash value that's built up in your policy and pay the premium,
which is great for consumer protection.
But in this situation, after they died...
I think it's tantamount to stealing when you know in your books and records the person
is dead and you drain the policy.
Now, if you think about that, if you would have explained that, trying to sell that policy
at the beginning, you're sitting in your kitchen and saying, you know, you've got all of these symbols of security and financial stability,
and we're going to be there for you with your family in their grief.
But they say, oh, by the way, if you stick that policy in a shoebox and stick it in your closet,
not only are we not going to look for you, but we're
going to take all the cash value in it.
Give it back to the company.
Give it back to the company and leave you with your beneficiary with nothing.
Here, sign here.
The 25 insurance companies that have settled with the states admitted no wrongdoing, but
agreed to pay out more than $7.5 billion, either directly to the unpaid beneficiaries or to the states,
which then try to find the beneficiaries by phone.
We have received some funds from an insurance company that's in your name.
Or online.
Thousands of Oklahomans are owed money from life insurance policies.
None of the life insurance companies we contacted would give us an interview.
But speaking on their behalf, the Industry Trade Association, the American Council of Life Insurers, told us, quote,
most life insurers are going well beyond what the law requires to identify policy owners who have died and left unclaimed benefits.
Ken Miller, the treasurer of Oklahoma,
says there are still about 35 insurance companies that have not settled,
and some are fighting tooth and nail.
At stake, he says, is up to $3 billion more in unclaimed benefits nationwide.
Who's fighting the hardest? Kemper is the main one. Kemper,
a Chicago-based insurance company, has been pushing for legislation around the country
that would bar the states from forcing Kemper to go back and search for unpaid beneficiaries.
When we called Kemper, they referred us to Steve Weisbart of the Insurance Information Institute, who says making companies like Kemper pay now would be unfair.
If we can say, do something today that you didn't expect to do
and didn't plan to do and didn't collect money to do 30 years ago,
what else can we say today that they should be doing retroactively?
I mean, it's potentially an open door.
I mean, slippery slope is what you're saying.
A slippery slope.
Kemper has argued in court filings that it's never used the Death Master file
to identify deceased policyholders,
and that finding and paying their beneficiaries now
would result in a substantial financial loss
and require the company to substantially alter its business practices.
If your model is built upon the fact that you're not going to pay a dead person's loved ones
for a policy that they've completely paid in full, to me that's just a bad policy.
An Oklahoma woman, Sherry Sanders, didn't know about her husband's policy until about a year ago,
when, because of a settlement, she got a check worth $22,000.
We asked Oklahoma Treasurer Miller how much an insurance company can make by holding on to the $22,000.
Well, Leslie, now you've hit on something that's the most important issue, and that's the time value of money, because that's what this is all about.
This is about money.
That $22,000 invested for 50 years at an 8% return becomes $1.2 million.
That the company gets because it sat there.
And that's just one small policy.
If you expand that over all the policies, that's just due to my state.
It's a tremendous
amount of money, billions and billions of dollars. The American Council of Life Insurers says that
the industry has paid out more than $600 billion in death benefits over the last 10 years,
so the companies are doing a good job. I don't think we should pat them on the back for doing what they're supposed to do. But the companies say that this is only 1% of the life insurance policies.
Then why fight it?
If it's so inconsequential, if it's such a small amount,
then why be spending your reputation to not pay dead people's loved ones money that's rightfully due them?
Sometimes historic events suck. But what shouldn't suck is learning about history. I do that through
storytelling. History That Doesn't Suck is a chart-topping history-telling podcast chronicling
the epic story of America, decade by decade. Right now, I'm digging into the history of
incredible infrastructure projects of the 1930s, including the Right now, I'm digging into the history of incredible infrastructure
projects of the 1930s, including the Hoover Dam, the Empire State Building, the Golden Gate Bridge,
and more. The promise is in the title, History That Doesn't Suck, available on the free Odyssey
app or wherever you get your podcasts. There has been a lot of talk about criminal justice reform
in America, and it would be hard to find a place more in need of reform than Rikers Island,
the most important jail in New York City.
Located in the middle of the East River, Rikers holds about 10,000 inmates.
It's a volatile mix.
Some have been convicted of minor crimes, but as many as 80% are awaiting trial.
Many are there because they can't make bail.
And in a trend that
reflects a growing national problem, Rikers holds a rising number of mentally ill inmates.
The mentally ill now make up more than 40 percent of the population. Correction officers are not
adequately trained to deal with this population. The result is a disturbing pattern of neglect and excessive force that
is the focus of our story tonight. It has led the U.S. attorney, Preet Bharara, to intervene.
What you really had, we found, was a culture of violence on top of a code of silence, and
that is a deadly combination, and I mean that literally, as we found in a number of
cases that we have brought in connection with Rikers Island. Concerned by those deaths and a
stream of alarming reports about Rikers Island, Preet Bharara, who is the U.S. attorney for the
Southern District of New York, launched a two-year investigation into the jail complex. We found in
an alarming number of cases,
there was no discipline with respect to officers at all. You had an officer who had dozens of complaints against him and was never disciplined once or maybe just one time. And that's something
that has to change. People have to understand that there are consequences for their actions,
not just the inmates, but the officers as well. How long has this been going on?
Years and years. Too long.
Rikers is a 400-acre island just off the tarmac of LaGuardia Airport in the shadows of Manhattan
skyscrapers. One bridge leads in and out. It's surrounded by its own moat. The inmate population
has come down dramatically, from a high of 20,000 to 10,000. But despite the decrease,
city data shows violence has gone up over the last decade. Because of the U.S. attorney's
findings, an unusual collaboration was formed. Barrara, the prosecutor, teamed up with plaintiff's
lawyers, the Legal Aid Society, and private attorney Jonathan Abadie in a class action lawsuit on behalf of a dozen Rikers inmates.
The number of facial fractures, of traumatic brain injury, of broken bones,
of serious physical injury is just out of control.
Compounding the problems at Rikers is that increase in the number of mentally ill inmates.
And that just complicates issues relating to violence and issues relating to care
and issues relating to discipline. So it's a problem.
What was captured on this video, obtained by 60 Minutes,
helps illustrate what U.S. Attorney Barrera is talking about.
It has not been seen in public before.
Bradley Ballard, who was schizophrenic and diabetic, was brought to Rikers in 2013
on charges of violating parole for an assault conviction. In the video, he was observed
twisting his shirt into a phallic symbol and making lewd gestures, and then was taken back
to his cell, according to an investigation by the New York State Commission of Correction.
He was placed in the functional equivalent of solitary confinement.
They put him in a cell, they locked the cell, and they basically threw away the key.
Abadie represents Ballard's family in a pending wrongful death suit against the city.
The commission's report found that Ballard was locked in his cell for six days prior to his death
and was denied access to his life-supporting prescription medications,
and that day after day, officers, supervisors, and clinicians walked by,
observed his deteriorating state, but failed to help him.
After repeated floodings of Ballard's toilet,
a maintenance worker turned off the water running into Ballard's cell.
The report found that Ballard was lying in his own waste.
He's spraying a deodorizer?
Yes. The reports are that corrections officers were bringing aerosol cans from home
because the stench was so bad coming from that cell.
Here, an inmate who delivered a food tray pulled his shirt up over his nose. The report
found the videotape indicated Ballard's cell was grossly unsanitary. Finally, on the sixth day,
medical workers were called. According to the report, an officer asked Ballard if he could get
up on his own. I need help, Ballard said. Inmate workers carried him out of his cell and
put him on a gurney. Records show Ballard went into cardiac arrest soon after. He died hours later.
They watched him languish for seven days as he died, and they did nothing. It was
the functional equivalent of torture. They killed him. The city's medical
examiner declared Ballard's death a homicide, according to the commission report. It called
Ballard's medical and custodial treatment from the time he entered Rikers so incompetent and
inadequate as to shock the conscience. The Department of Correction issued a statement
that it adjusted its practices to
ensure that a similar tragedy doesn't happen again. But to this day, no criminal charges
have been filed against any of the officers, supervisors, or health workers involved.
It's impossible to know if anyone stepped forward, but if they did, it wasn't enough
to help Bradley Ballard. That's inhumane, in my opinion. That should never have happened.
Norman Seabrook is president of the union that represents the correction officers,
but not the higher-ranking supervisors. We showed him the Ballard video.
Who's responsible?
The supervisor.
What about your officers?
The officers followed the instructions of the supervisor. What about your officers? The officers followed the instructions of the supervisor.
In another incident captured on surveillance video, inmate Jose Bautista tried to hang himself.
He had been arrested on domestic charges and was awaiting trial.
He couldn't post the $250 bail.
When he jumped up suddenly, officers beat him so severely he suffered a perforated bowel
and needed emergency surgery, according to case records.
Bautista's case was one of 129 serious injuries over an 11-month period
documented in a revealing report by the New York City Department of Health and Mental Hygiene
that was intended for internal use only, but 60 Minutes managed to get a copy.
The report found 77% of the injuries involved mentally ill inmates,
and their injuries were severe enough to require care
beyond the capacity of jail medical doctors.
You could take a third of the 77% and say that, okay,
it was the inmate who was just being violent and needed to be subdued.
But 77% is, I think, tells the story. It's a problem.
Dr. Daniel Selling, who is now in private practice,
was the executive director of mental health at Rikers for five years until he left in 2014.
Is it fair to say that Rikers is a mental institution? Sure, it's probably one of the
largest mental institutions in the nation, if not the largest. Can you tell me about the case of
Bradley Ballard? What does that say about how things work on Rikers? It's probably the worst case that I've experienced, been a part of.
That was a case in which all systems failed. Selling said the staff of the private medical
contractor failed to do the required daily rounds and never informed him about Ballard's
deteriorating condition. The city's contract with the private medical firm was not renewed.
Bradley Ballard is not the only mentally ill inmate to have died in custody in recent years.
In 2014, U.S. Attorney Preet Bharara filed the first criminal civil rights case in a decade
against a Rikers officer or supervisor,
in connection with the poisoning of mentally
ill inmate Jason Echeverria, who died after ingesting toxic soap while in solitary confinement.
As seen in this video that was entered into evidence, Echeverria, a robbery suspect who
was also awaiting trial, was escorted to a cell where he swallowed the toxic soap that
was given to him for cleaning his cell.
His father, Ramon, told us he believes he ate the soap in a desperate effort to get out of
solitary confinement. My son was screaming. He was burning up inside. He's dying. He's dying.
A few hours later, according to court documents, correction officer Raymond Castro alerted unit supervisor Captain Terrence
Pendergrass that Echeverria needed medical attention. According to Castro's testimony,
Captain Pendergrass said, don't call me if you have live breathing bodies. Only call me if you
need a cell extraction or if you have a dead body. Another correction officer, Angel Lizarte, testified as to what
happened next. A pharmacy technician on her rounds said Echeverria could die. He then approached
Pendergrass, and Pendergrass told him to write an injury report. You can see on the tape,
Pendergrass then went to look into Echeverria's cell himself. He returned and interrupted the writing of the report.
Pendergrass led Lazarte away from the desk. After they talked, Lazarte pocketed the report.
According to court records, the report was never filed. Echeverria was discovered dead the next
morning. The medical examiner ruled his death a homicide due to neglect and denial of medical care.
He saw him. He was in pain and everything.
Why couldn't you just call an ambulance for him?
Okay, he's a prisoner. He's an inmate. He's a human being. He's a human being.
It both breaks your heart and it makes your blood boil.
Because you're thinking to yourself, here's somebody who had responsibility
for making sure that peace was enforced, but also responsible for the safety and protection of those under his charge.
And that report was never filed.
One of the conclusions we found in our investigation was that in case after case after case, sometimes you would have individuals who would witness things, and they would get together and they would coach each other into what their response should be, which makes it very difficult to hold
anyone accountable. That culture you're describing seems so entrenched that the officers felt almost
comfortable behaving like that, even with the cameras running. What does that say to you
about that culture? It says that the culture is broken.
It says that the institution is broken. Captain Pendergrass was convicted in December 2014.
A jury found that Pendergrass violated Jason Echevarria's constitutional rights by deliberately
ignoring his pleas for help and depriving him of urgent medical care, leaving Echeverria to die alone
in his cell. Pendergrass was sentenced to five years in prison. Officers Castro and
Lazarte have since been fired. Union President Norman Seabrook said his officers don't have
the training to deal with mentally ill inmates like Jason Echeverria and Bradley Ballard.
Your men are not trained? And women. No,
they're not trained. Men and women are not trained to deal with mental illness? Not at all. We asked
Norman Seabrook about the internal report showing the vast majority of excessive force cases
involving mentally ill inmates. At the end of the day, shouldn't the question be,
why didn't these individuals receive their medication so that they wouldn't attack a correction officer?
If you're talking about an inmate that has a mental health problem,
then certainly something set this person off.
Seabrook says it's not just an issue of the mentally ill.
Rikers is a dangerous place, and many of his officers are assaulted every year.
Seabrook wanted to show us the conditions his officers have to contend with, but when he
took us out to Rikers, Department of Correction staffers stopped us from going inside with our
cameras to see the problems Seabrook is talking about. This is as far as we got, walking around
the perimeter of one of the buildings with him. We wanted to talk to the commissioner of the
Correction Department about the problems at Rikers, but our three scheduled interviews all were postponed.
The city recently initiated a number of policy changes,
like installing more cameras and reducing the use of solitary confinement.
A federal monitor was appointed to ensure the reforms are implemented.
U.S. Attorney Barrera is going to hold the city to it.
Is there a decrease in violence?
You know, it remains to be seen how much that decrease will be over time. I think
the training will take some time and is happening as we speak.
It's taken some time to build up this culture of violence.
Yes, it has.
How long do you think it will take to unravel it?
I'm not going to put a clock on it, but I will say that we're impatient people,
and we like to see results. That's why we got involved in the first place.
A lot of modern life is interconnected through the Internet of Things,
a global empire of billions of devices and machines, automobile navigation systems,
smart TVs, thermostats, telephone networks, home security systems, online banking.
Almost everything you can imagine is linked to the World Wide Web, and the emperor of it all is the smartphone.
You've probably been warned to be careful about what you say and do on your phone.
But after you see what we've found, you won't need to be warned again.
We heard we could find some of the world's best hackers in Germany.
So we headed for Berlin.
Just off a trendy street and through this alley, we rang the bell at the door of a former factory.
Hi.
Hi, I'm Karsten.
That's where we met Karsten Noll.
Yeah, come on in.
A German hacker with a doctorate in computer engineering from the University of Virginia.
You can lead the way there if you want.
We were invited for a rare look at the inner workings of security research labs.
During the day, the lab advises Fortune 500 companies on computer security. That is not your local address in the VPN.
But at night, this international team of hackers looks for flaws in the devices we use every day.
Smartphones, USB sticks and SIM cards. They're trying to find vulnerabilities
before the bad guys do. So they can warn the public about risks. At computer terminals and
workbenches equipped with micro lasers, they physically and digitally break into systems and devices.
Now, Noel's team is probing the security of mobile phone networks.
Is one phone more secure than another?
Is an iPhone more secure than an Android?
All phones are the same.
If you just have somebody's phone number, what could you do?
Track their whereabouts, know where they go for work, which other people they meet.
You can spy on whom they call and what they say over the phone, and you can read their texts.
We wanted to see whether Knoll's group could actually do what they claimed,
so we sent an off-the-shelf iPhone from 60 Minutes in New York to Representative Ted Lieu,
a congressman from California.
He has a computer science degree from Stanford and is a member of the House Committee that oversees information technology. He agreed to use our phone to talk to his staff,
knowing they would be hacked. And they were. All we gave Knoll was the number of the 60 Minutes
iPhone that we lent the congressman.
Hello, congressman? It's Sharon Alfonsi from 60 Minutes.
As soon as I called Congressman Liu on his phone...
Good, how are you doing?
Noel and his team were listening and recording both ends of our conversation.
I'm calling from Berlin, and I wonder if I might talk to you about this.
I wonder if I might talk to you about this patent story we were working on.
What happens now?
They were able to do it by exploiting a security flaw they discovered in Signaling System 7, or SS7.
It is a little-known but vital global network that connects phone carriers.
Congressman, thank you so much for helping us.
Every person with a cell phone needs SS7 to call or text each other,
though most of us have never heard of it.
Knoll says attacks on cell phones are growing as the number of mobile devices explodes.
But SS7 is not the way most hackers break into your phone.
Those hacks are on display in Las Vegas. Three days of non-stop hacking.
That's where John Herring guided us through the unconventional convention,
where 20,000 hackers get together every year to share secrets and test their skills.
You know, it's proving what's possible. Any system can be broken. It's just about knowing
how to break it.
Herring is a hacker himself.
He's the 30-something whiz who co-founded the mobile security company Lookout when he was 23.
Lookout has developed a free app that scans your mobile phone for malware and alerts the user to an attack.
How likely is it that somebody's phone has been hacked?
In today's world, there's
really only two types of companies or two types of people, which are those who have been hacked
and realize it and those who have been hacked and haven't. How much do you think people have
been kind of ignoring the security of their cell phones, thinking, I have got a passcode,
I must be fine? I think that most people have not really thought about their phones as computers,
and that's really starting to shift. And that's what you think of? It's like having a laptop now. I think that most people have not really thought about their phones as computers,
and that's really starting to shift.
And that's what you think of it. It's like having a laptop now.
Oh, absolutely. I mean, your mobile phone is effectively a supercomputer in your pocket.
There's more technology in your mobile phone than was in the spacecraft that took man to the moon.
I mean, it's really unbelievable.
Is everything hackable?
Yes.
Everything? Yes. Everything?
Yes.
If somebody tells you you can't do it?
I don't believe it.
John Herring offered to prove it.
So he gathered a group of ace hackers at our Las Vegas hotel,
each of them a specialist in cracking mobile devices and figuring out how to protect them.
Would you put your money in a bank that didn't test the locks on their safes?
We need to try and break it to make sure that the bad guys can't.
How easy is it to break the phone right now?
Very easy.
As you've seen, pretty trivial.
So do I need to connect to it? Yeah.
Okay.
It started when we logged on to the hotel Wi-Fi.
At least, it looked like the hotel Wi-Fi.
Herring had created a ghost version. It's called
spoofing. I mean, this looks legitimate. It looks very legitimate. So you're connected? I am. And
I have your email. You have access to my email right now? Yeah, it's coming through right now.
I actually can, I now have a ride-sharing application up here, all the information that's being transmitted, including your account ID, your mobile phone, which I just got the mobile number, then more importantly, I have all the credit cards associated with that account.
John Oberheide pointed out the greatest weakness in mobile security is human nature.
With social engineering, you can't really fix the human element.
Humans are gullible.
They install malicious applications.
They give up their passwords every day.
And it's really hard to fix that human element.
John Herring warned us he could spy on anyone through their own phone
as long as the phone's camera had a clear view.
We propped up the phone on my desk and set up cameras to record a demonstration.
First, he sent a text message with an attachment to download.
You're in business.
Then, Herring called from San Francisco.
And proved the hack worked.
You installed some malware in your device that's broadcasting your video from your phone.
My phone's not even lit up. I understand, yeah. Weird. That's so creepy. It's pitch black for us.
In this case, when I downloaded the attachment, Herring was able to take control of my phone.
But Congressman Liu didn't have to do anything to get attacked. All Carson Knoll's team in Berlin needed to get into
the congressman's phone was the number. Remember SS7, that little-known global phone network
we told you about earlier? There's a flaw in it that allowed Knoll to intercept and
record the congressman's calls and track his movements in Washington and back home. The congressman has been in California, more specifically the L.A. area.
Let's zoom in here a little bit.
Torrance.
The SS7 network is the heart of the worldwide mobile phone system.
Phone companies use SS7 to exchange billing information.
Billions of calls and text messages travel through its arteries daily.
It is also the network that allows phones to roam. Are you able to track his movements even if he
moves the location services and turns that off? Yes, the mobile network independent from the
little GPS chip in your phone knows where you are. So any choices that a congressman could have made
choosing a phone, choosing a PIN number,
installing or not installing certain apps,
have no influence over what we are showing
because this is targeting the mobile network
that, of course, is not controlled by any one customer.
Despite him making good choices,
you're still able to get to his phone.
Exactly.
Carson Dole and his team were legally granted access to SS7
by several international cell phone carriers.
In exchange, the carriers wanted Knoll to test the network's vulnerability to attack.
That's because criminals have proven they can get into SS7.
Mobile networks are the only place in which this problem can be solved.
There is no global policing of SS7.
Each mobile network has to move to protect their customers on their networks.
And that is hard.
Knoll and others told us some U.S. carriers are easier to access through SS7 than others.
60 Minutes contacted the Cellular Phone Trade Association to ask about a tax on the SS7 network.
They acknowledged there have been reports of security breaches abroad,
but assured us that all U.S. cell phone networks were secure.
Congressman Lew was on a U.S. network using the phone we lent him when he was part of
our hacking demonstration from Berlin. I just want to play for you something we were able to capture
off your phone. Hey, Ted, it's Mark. How are you? I'm good. I sent you some revisions on the letter
to the NSA regarding the data collection, you know, keeping it national security.
What is your reaction to knowing that they were listening to all of your calls?
I have two. First, it's really creepy.
And second, it makes me angry.
Makes you angry. Why?
They could hear any call of pretty much anyone that has a smartphone.
It could be stock trades. You want someone to execute.
It could be calls with a smartphone. It could be stock trades. You want someone to execute. It could be calls with a bank.
Karsten Knoll's team automatically logged the numbers of every phone that called Congressman
Liu, which means there's a lot more damage that could be done than just intercepting that one
phone call. A malicious hacker would be able to target and attack every one of the other phones,
too. So give us an idea, without being too specific one of the other phones, too.
So give us an idea, without being too specific,
of the types of people that would be in a congressman's phone.
There are other members of Congress, other elected officials.
Last year, the president of the United States called me on my cell phone,
and we discussed some issues.
So if the hackers were listening in, they would know that phone conversation,
and that's immensely troubling.
Knoll told us the SS7 flaw is a significant risk,
mostly to political leaders and business executives, whose private communications could be of high value to hackers.
The ability to intercept cell phone calls through the SS7 network
is an open secret among the world's intelligence agencies, including ours.
And they don't necessarily want that hole plugged.
If you end up hearing from the intelligence agencies that this flaw is extremely valuable to them and to the information that they're able to get from it, what would you say to that?
That the people who knew about this flaw
and saying that should be fired. Should be fired. Absolutely. Why? You cannot have 300 some million
Americans and really, right, the global citizenry be at risk of having their phone conversations
intercepted with a known flaw simply because some intelligence agencies might get some data. That is not acceptable.
I'd say that the average person is not going to be exposed to the types of attacks we showed you today.
Our goal was to show you what's possible so people can really understand if we don't address security issues, what the state of the world will be.
Which will be what?
We live in a world where we can't trust the technology that we use.
In the mail this week, viewers dove in with comments about our story on Skylar Baylor,
the transgender swimmer on the Harvard men's team.
The Skylar story should be treasured by all.
What an impressive young man and role model.
Other viewers criticized us for reporting the story
at all. A cringeworthy piece of propaganda, truly a low point for 60 Minutes. And there was this.
I was disappointed that Ms. Stahl found the need to question this young man about his anatomy.
Would she have asked this question of another guest? I'm Leslie Stahl. We'll be back next week with another edition of 60 Minutes.