Play Live Radio
Next Up:
Available On Air Stations
Watch Live

KPBS Midday Edition

Amid CIA Hack Probe, Expert Examines Ongoing Cyber Security Threats

Amid CIA Hack Probe, Expert Examines Ongoing Cyber Security Threats
Amid CIA Hack Probe, Expert Examines Ongoing Cyber Security Threats
Amid CIA Hack Probe, Expert Examines Ongoing Cyber Security Threats GUEST: Darin Andersen, president/CEO, CyberTECH

Is not the best way to celebrate cyber security awareness month. Monday we learned that a teenage hacker compromised the personal email account of the head of the CIA. He also hacked the email account of the head of Homeland security. It stores like that that highlight the digital dangers we all face online and the risks we face as a nation. Joining me is Darin Andersen, President of Finder of Cybertek a San Diego-based national coalition of nearly 50 cyber security firms. He also serves on California's cyber security task force. Karen, welcome to the program. If someone can hack the personal email of the head of the CIA, do any of us stand a chance of keeping our information safe? It's a growing challenge but it has been for a long time. We definitely have challenges and keeping that information safe and we have to be ever vigilant. Do we know how this boy did that? We always have to be careful. It's early days. Apparently the teenage hacker working with other young hackers compromise the phone number of the CIA chief and use that to reverse, look up and obtain his credit card information and then call the ISP provider and actually gotten to change the account. So once they had the directors credentials, they were able to login is down. It had been a pitched battle back and forth with him trying to gain control back in seizing control multiple times. You know, that kind of they call that social engineering. So somebody actually follows the trail to -- until they can get to your account and basically take it over. It's just like trickery that we have seen for centuries. Someone conning another person out of information and actually taking advantage of knowledge they may have. And then making that person do something that they would not normally do if they were either clearheaded or were not being tracked. I read the way hackers managed to pick data breach at target in 2013 was the break-in to the system of a subcontractor working on the companies air-conditioning. That's correct. Is that a continuing threat? Is one of the biggest attack we see now. It also has many partners. Those partners can be a different size, caliber and not necessarily having their security well thought out or put together. Many times with hot -- target, Lockheed Martin, and other companies, that third-party was hacked into and they used information obtained there to get into the target network and then they were able to traverse laterally and get additional information and then still credit card data. Hundreds of thousands of people. You have a lot of reputation and brand damage. About $260 million to date has been the losses sustained by target. It does have a significant financial and reputational consequence. If you could, give us the scope of the threat of cyber security. How widespread is the threat? I believe that pretty much everyone in America has been hacked. I was out an event this morning and asked how many people have gotten that letter or notification that their credit card and literally every hand in the room was raise. I've been doing that for over five years. Has changed dramatically from hardly anyone raising their hands almost everyone. That being said, this is another form of crime. We have to think of it in the context of that. These are people trying to the take advantage from a criminal standpoint and gain access to money or ideas our intellectual property, etc. The nature continues to become more challenging because there are more ways to back guys are trying to get to our stuff. We are all affected. How big a problem is cyber security for American business? It's $1 trillion problem. We are seeing significant losses. There's been a study done by a large research Institute that indicates that if our intellectual property is being taken at a certain rate that within 10 to 15 years, theoretically we will have no intellectual property. So think of intellectual property as a fuel that runs our economy and the way we create new products and services provided to market. If someone can obtain those at little or no cost and reproduce them inexpensively they can have an and their competitive advantage. Speaking of intellectual property, the US and China recently reached the security agreement. China being one of the most accused of hacking and stealing, what is your assessment of that treaty? I think that it's good were talking about it. If perhaps start to create rules of engagement. If you think about the way we treat nuclear weapons, to weapons have nuclear weapons second district advocate catastrophic damage to one another, rules of engagement through things like the Taunton salt and some of those famous treaties start to define the rules of engagement. One of the biggest challenges we have in the cyber world is attributing who conducted the hack. China regular Lee suggests they do not do that hack and we can attributed to them and then they say the US is hacking them. How do people track back who is hacking? There's a number of technical ways to do it. We can trace email routes through multiple servers and we can look at the flow of malware. We can use behavioral techniques to see why is that person or the computer suddenly talking to a person a computer that they wouldn't normally. We try to create a trace route of where that came from. Of course the back guys often escape that by having multiple servers and firewalls that they bounce through. Is difficult to uncover. Your also won the California's cyber security task force. You would think the California home of Silicon Valley would be all over cyber security. Is that the case? California has really stood up a significant initiative to be part of this voice. San Diego one other regions with in California are on the cutting edge of cyber security on the mobile and national basis San Diego has a number of unique attributes that make it very much is cyber hug. The state of California has recognized that in if you think about it, all the devices that we are starting to wear, drive-in N, are being connected to the Internet. If you think about where many of those products are coming from it Silicon Valley, Los Angeles and places in California. California's working to position itself as the Internet of things of both secure and private. There is a large initiative called cyber California that the state is supporting the governors offices supporting to actually start to manage this issue of be thought of on the forefront of being a secure private place to build the new things getting connected to the Internet. If as you say and as it seems, this is just a new form of crime, is there any reason to believe as the Internet of all things actually becomes a deeper part of our lives, that there is any way to actually be Dave when you have all of your information basically all of your life interconnected digitally? Certainly our lives are now 100% digital peak we create a digital footprint in the world every day. Much as we do a physical manifestation, we now digitally manifest who we are online. That is a footprint that follows is around probably for the rest of our lives. We all know about the pictures that the kids should not post on Facebook but is potentially much more serious and that. Think about the recent Ashley Madison breach. You have a lot of high profile, high professional people who got their reputations damaged and their futures altered because he made a choice to participate in something that was not secure. There is a big cyber security conference coming to San Diego next month. Can you tell us about that? Cybertek has been evolved as a regional host of bringing the cyber security conference to California. San Diego a particular. It's the first time it's happened in the six-year history of the program. It's a national initiative for security education and is a federal governments way to organize all the folks that work in cyber security be a government, students, commercial workers, in cyber. How do we train the cyber warriors of the future. This conference brings together thought leaders from across the world to have that discussion. And for the first time is being held in San Diego on November 3 and fourth at Paradise point and we will have probably 4500 cyber security experts there a great representation from federal state and local cyber security community. Thank you very much. I've been speaking with Daniel Anderson. You're listening to KPBS Midday Edition.

As the U.S. marks National Cyber Security Awareness month, the federal government is investigating reports that a teenager hacked into the personal email accounts of the CIA director and the head of the Department of Homeland Security.

These stories highlight the digital dangers people face online and the risks the U.S. faces as a nation. According to a recent study, the average total cost of a data breach jumped 23 percent over the past two years to nearly $4 million.

Darin Andersen, president of CyberTECH and a member of California's Cyber Security Task Force said Tuesday on Midday Edition that hacking has touched all sectors of society.


"I believe that pretty much everyone in America has been hacked," said Andersen. "We're all effected."

However, Andersen said work is being done to address cyber attacks, from new credit card technology to a special pact between the U.S. and China.

KPBS has created a public safety coverage policy to guide decisions on what stories we prioritize, as well as whose narratives we need to include to tell complete stories that best serve our audiences. This policy was shaped through months of training with the Poynter Institute and feedback from the community. You can read the full policy here.