Corps of 'good' cyber hackers used to thwart hacking

Image 1 of 2

OAKLAND (KTVU) -- Preventing computer hacking is an ongoing effort and not just for consumers anymore, but also for large companies and government agencies.

While hackers are perceived in many circles as bad guys trying to steal valuable information, there are many instances of "good hackers" who provide a valuable service.

President Donald Trump recently gathered security experts at the White House to talk about cyber security.

"I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cyber security of their organizations," he told the assembled tech representatives.

Cyber hackers are a threat to everyone and everything in the U.S. and targets range from national defense to a consumer's checking account.

Mark Kuhr, a Silicon Valley tech executive who hires hackers to break into computers, said the team he uses can blow past cyber defenses.

KTVU - White Hat Hackers :20 (Feb 2017) from KTVU Marketing on Vimeo.

"We are successful nearly 100 percent of the time," he told KTVU.

Kuhr is the chief technology officer at Synack, a Redwood City firm that is hired by private companies and government agencies to test the vulnerabilities of their computer systems.

Synack scours the globe to find the best hackers it can to assemble a corps of "white hat hackers," who are good guys looking for bad guys in cyber space.

They only get paid if they're successful. And some can earn hundreds of thousands of dollars a year.

Kuhr says there's a stereotypical hacker profile.

"The typical hacker is in his late 20s," Kuhr said. They have "some experience as a security professional (that) could be self-taught. They live all over the world."

Sometimes when the white hat hackers break in to computer networks they discover the networks they are scoping out have already been breached by malevolent hackers.

"You can see evidence that they've left software there to allow remote command and control," Kuhr said, adding that most cyber intrusions into private computer systems are by organized crime figures looking for ways to get money.

But other hackers have different agendas; something Kuhr calls "strategic outcomes."

Said Kuhr: "Russia wanted to cause some outcome in the election. What that outcome was, did they get the one they wanted? We don't know. We think they wanted Trump elected but is that true? Who knows?"

Kuhr says he's convinced Russia did in fact carry out the hacks because of his ties to the intelligence community. He was involved in cyber operations at the National Security Agency.

There's a history of foreign hacks into American government and corporate systems. And Kuhr notes there have been some well documented successes.

"If you notice the new stealth fighter in China looks exactly like an F-35. That's not a coincidence," he said.

But he says the worst is yet to come.

"I do think we're going to see a devastating cyber attack in 2017," Kuhr said.

Kuhr says much of America's infrastructure, everything from power grids to dams to water systems to commuter rails, are all connected to the Internet and they are not as secure as they should be.

"If we're talking about the Hoover Dam and somebody hacks into the Hoover Dam and opens that up and we don't want it to, we've got big problems."

And such a cyber attack can be done on the cheap, with hacker brain power and a few keystrokes on the computer keyboard.

Something Kuhr says terrorist organizations that are losing ground in traditional warfare are no doubt planning.

"It's a very cost effective solution where you can't buy tanks, you can't compete on the military battlefield. You have to find another way... and cause tremendous harm."

Kuhr says the modern war in cyber space will be never ending and the U.S. needs to keep its guard -- and defenses -- up.

"There will always be this problem. There will always be a cat-and-mouse game between the attacker and the defender."

By KTVU reporter Ken Wayne.