GO
Loading...

How cybersecurity pros feel about those on the other side

The RSA Security Conference in San Francisco brought together top information security experts from around the globe. But the attention at the conference, which ran Feb. 24 to 28, was often on those not in attendance: malicious hackers and cybercriminals, often referred to as "adversaries."

Those adversaries could cause a lot of damage.

Rep. Mike Rogers, R-Mich., chairman of the House Permanent Select Committee on Intelligence, told CNBC that a sophisticated nation-state malware had targeted U.S. markets.

"Never got to the full implementation, but it was found on networks that would enable them to take advantage of U.S. markets," he said. This threat was a few years ago, but Rogers had revealed it only recently. Neither he nor his aides would disclose further information.

(Read more: From 'Kitten' to 'Panda': Dangerous hacker groups to avoid)

Getting into the minds of hackers

As in any conflict, "know your enemy" is a familiar mantra in cybersecurity. Many professionals aim to get into the hacking mind-set to defend against them.

CNBC asked the ethical hackers exactly how they feel about their archenemies.

"The level of sophistication of some of these attackers it's amazing," said Lee Klarich, senior vice president of product management for the security company Palo Alto Networks. "You see people figuring out how to use radio waves to transmit data, how to turn on the camera on a laptop without the light turning on so a user doesn't know it's on. These are amazingly innovative attacks."

Neal Hindocha, a senior security consultant for the cybersecurity company Trustwave, said playing a hacker—part of his job—gives him a rush.

"When you're bypassing security measures that others have put in place, it's like getting into a place where you're not supposed to be, but, of course, when we do these type of tests, we are committed to having the appropriate permissions," he said.

Hindocha showed CNBC how hackers can remotely access the screens of mobile devices to get users' PIN and other sensitive information stored on them.

But the people CNBC spoke to were keen to point out that while many cyberthreat researchers have the same skills hackers do, they use them for good.

Raj Shah, senior director of cybersecurity for Palo Alto Networks, said hacking for nefarious purposes is simply the evolution of crime.

"People used to rob banks with guns and getaway cars, and now it's easier to do it with a keyboard and software," he said. "They're some smart guys—we can't underestimate the bad guys."

(Read more: Mistakes businesses are still making in cyberspace)

The Snowden effect

Even while he remains under asylum in Russia, Edward Snowden was very much in the thoughts of conference attendees. This was the first RSA Security Conference since his leaks about National Security Agency surveillance.

Rogers would not even speak Snowden's name in a CNBC interview.

"I don't believe someone like that deserves any fame or fortune," he said.

(Read more: Edward Snowden)

Cybersecurity companies face customer scrutiny in the wake of revelations about the NSA's gathering data from U.S. companies.

Asheem Chandna, a partner at venture capitalist firm Greylock Partners, said international clients now prefer that their data stay local.

"No business, large or small, wants its data to be in the hands of the [U.S.] government," he said.

By CNBC's Jennifer Schlesinger and Sabrina Korber. Follow Schlesinger on Twitter @jennyanne211

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained