GO
Loading...

A 12-Year-Old Could Hack Most Companies: Expert

As the White House meets with CEOs on the topic of cybersecurity, one expert said that even young amateurs pose risks to corporate computer systems and the U.S. economy.

"It's so easy to get into corporate networks that a determined 12-year-old with good Internet access could download the tools," said James Lewis, senior fellow at the Center for Strategic and International Studies, who advises Congress and the Obama administration on cybersecurity.

"Ninety percent of the successful attacks require only the most basic techniques. It's time to grow up and admit that the Internet is not a safe neighborhood and we have to do different things than just sort of go on assuming that it's blissfully safe."

"Espionage, crime, that's easy. Physical destruction still turns out to be hard," Lewis said on CNBC's "Squawk on the Street" Wednesday, "But people are developing the skills, people are developing the tools. If we stay on the path we are on now, we will see those attacks and that is why the president is meeting with people."

(Related: BP Fights Off Up to 50,000 Cyber-Attacks a Day: CEO)

There is an increasing fear from U.S. companies that their digital systems are at risk and their corporate secrets or customer information could be stolen by hackers exposing vulnerabilities or infiltrating employee computers.

"Things could not possibly get worse when it comes to economic espionage," Lewis said.

Last year, he noted, included Chinese espionage, Russian cybercrime aimed at financial institutions, and Iran going after U.S. banks. "I think it was those three things together that makes it something that can no longer be put on the back burner," he said.

(Read More: China Says US Hacking Accusations Lack Technical Proof)

Although Lewis said the U.S. government has not yet carried out any pre-emptive attacks on hacking threats, the administration has not ruled out the possibility of doing so, if hackers pose a risk to American lives or the U.S. economy.

"There is real risk to companies in admitting that they have lost valuable intellectual property, and that's not going to change. The C-suite is the focus—you've got to go after the board and the CEO," Lewis said, if there is going to be real change on cybersecurity.

On Wednesday, President Barack Obama meets with several CEOs to discuss the cyberthreats, and although the list of those in attendance has not been made public, CNBC has learned that at least one major CEO, JP Morgan's Jaime Dimon, will be present.

(Read More: As Hacking Against U.S. Rises, Experts Try to Pin Down Motive)

"There are two things they will focus on: The first is measures against China. They're going to hear from the president that the U.S. is going to be ratcheting up pressure on China," Lewis said, "The second thing is an effort to get the C-suite to focus on this. It's not the end of the world, it's not 'death by a thousand cuts,' but it's a big drain on the economy."

Since many services and customer information stores are on the cloud and away from localized servers, Lewis said security depends on the provider. "If you have a good cloud contract and it's a company that's paying attention to security, you'll be better off. If it is a company that doesn't pay attention to security or hasn't figured it out, you'll be in about the same position you are now."

"The cloud gives you a real business advantages but it's not really going to change the situation in the near term. Maybe down the road, cloud providers will make you more secure," he added.

—By CNBC's Paul Toscano. Follow him on Twitter and get the latest stories from "Squawk on the Street" @ToscanoPaul

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained