Why Is Everyone Getting Hacked?
Turn on the news and you hear about hacking. December 2014 it was Sony Pictures; previously retail giants Home Depot and Target. January 2015 saw social media sites of the U.S. Central Command hacked by the Islamic State. Why so much, and can we protect ourselves?
What Is Hacking? The term computer “hack” is used several ways. It can mean impromptu repairs, or coding for the fun of it. The evil meaning refers to creation or exploitation of security flaws to gain unauthorized access to someone else’s system.
“Evil” hacks used to be juvenile pranks. Some were destructive, but they weren’t designed for theft, espionage or national defense.
Today hacking is big time and done for strategic and economic advantage. Why? Because as Willie Sutton said: “that’s where the money is.”3 With so much business and governmental activity tied to computers, subversion of those systems often is the easiest way for thieves to get what they want.
Hacking also affects the balance of geopolitical power. Only a major country can project military force, but a small group of computer-savvy people can constitute a formidable cyber power. The Defense Intelligence Agency’s director advised the Senate that other countries have cyber capabilities equal to ours and increasingly non-state actors are a threat.4
How does work? A little like the Trojan horse: Greek soldiers hid inside, tricked the Trojans into bringing the horse into their city, then emerged at night and seized control. Similarly a hacker needs to sneak his weapons past the victim’s defenses.
Every time you go on-line or trade files with friends, you open the “gates” to your computer and “bad guys” can get in. Your system’s firewall and anti-
How Can Hacking Succeed? The Greeks tricked the Trojans into letting them in. That’s how hackers often work. For example, the hacker sends an e-mail about package delivery claiming to be from FedEx or UPS. Invariably the e-mail asks you to click a link or open an attachment. If you do, you've opened the gate and become a victim.
Other times the victim is careless, uniterested6 or subverted from within. For example, 130,000,000 customer passwords were stolen from Adobe’s servers in 2013. Adobe’s failure to use best encryption practices made the data vulnerable.7 And some computer security experts believe the 2014 Sony Pictures hack was done by disgruntled former employees, not North Koreans.8
What Can We Do? There’s no need to be paranoid, we all take risks every time we walk outside. But just like we look both ways before crossing the street, there are practical security precautions we all should take:
- Backup your data regularly and don’t keep your only backup with the computer;
- Keep your operating system and software up-to-date;
- Be sure your computer’s firewall is on and your anti-virus software is current;
- don’t open e-mails or attachments you know nothing about;
- When on-line, don’t click pop-ups or alerts you don’t recognize — they may be attempts to get you to authorize access of harmful content;
- Be careful of public wi-fi connections — even with a password the person who set up the network can see what you do;
- Use secure passwords, and don’t use the same for all accounts (remember the Adobe hack); and
- Turn your computer off when you're not using it.
We’ve all heard this nagging advice before, but remember this: the Trojans ignored Cassandra’s warning not to bring the horse inside.
- Image from Helene Cooper, ISIS Is Cited in Hacking of Central Command’s Twitter and YouTube Accounts, N.Y. Times, January 12, 2015.
- Famous Cases & Criminals, F.B.I. web site.
- Woodcut from Rev. Royal Robbins, The World Displayed in its History and Geography, W.W. Reed & Co., 1831. Available at Google Books.
- Testimony by Gen. Michael T. Flynn before the Senate Select Committee on Intelligence, January 29, 2014. DIA web site.
- Cassandra by Evelyn De Morgan 1898, The De Morgan Centre, London, Image from Wikipedia.
- Home Depot managers supposedly told employees concerned about computer security that “we sell hammers.” Julie Creswell and Nicole Perloth, Ex-Employees Say Home Depot Left Data Vulnerable, N.Y. Times, September 19, 2014.
- Dan Goodin, How an epic blunder by Adobe could strengthen hand of password crackers, Ars Technica, November 1, 2013.
- Jemima Kiss, Sony hack: sacked employees could be to blame, researchers claim, The Guardian, December 30, 2014.
This article originally appeared in our free semi-monthly newsletter. To receive future issues, please add your name to the subscription list.