By the end of 2014 the world had witnessed computer hacking and wide-scale dissemination of commercial and private information on an unprecedented scale.
Sony Pictures Entertainment (SPE) became the target of a never-before-seen digital attack. The PlayStation Network and Xbox Live gaming networks were both brought to their knees. A host of celebrities had personal photos and videos released wholesale onto the internet. And the good ol’ US of A continued to hack everyone’s social media accounts for selfies and pictures of cats.
Let’s just refer to the entire year as ‘The Hackening’.
The fall of Sony Pictures
Following the release of a huge amount of data that hackers claimed was liberated from the entertainment company’s servers, we watched wide-eyed as the headache for SPE unfolded on an almost daily basis.
Then came the hackers’ demand, to halt the release of upcoming stoner flick The Interview.
The hackers wanted the film – which revolves around a US plot to assassinate North Korean leader Kim Jong-Un – to disappear from the face of the earth, lest more dirt on the company be dished up for the world to see.
Seriously, the whole thing played out like a, well, bad movie.
Whether or not North Korea was behind the attack, the fact remains that the biggest digital heist in history was pulled off right under Sony’s nose and no one knew about it until it was too late.
Growing iCloud distrust
The Sony attack came mere months after the mass hacking of celebrity data, which saw the smartphone accounts of scores of international actresses, models and persons of note hacked and pilfered for private photos, video and data, bringing to light serious flaws in cloud storage systems.
The main culprit appeared to be Apple’s iCloud system, which is used to store a user’s smartphone media – a process that happens automatically.
Basically, that iPhone selfie you took while grimacing in front of the office clock; that’s now winging its way to the cloud.
Don’t think you’re alone. When most people first set up a mobile device they accept the manufacturer’s default settings, which usually results in all media and data backed up to a cloud service.
That’s great if you want to access your media from a computer anywhere in the world; not so great if someone cracks your login details and rifles through your privates and unmentionables.
The Lizard Squad
Around the same time, a hacker collective known as the Lizard Squad launched an attack on Sony PlayStation online gaming servers, bringing them to a grinding halt and forcing gamers across the world to go outside and get some vitamin D.
Not content with this small disruption, the Lizard Squad returned in December to take down the gaming servers of both Sony and Microsoft’s Xbox Live network, along with a few more for good measure.
To quote Obi-Wan Kenobi, it was, ‘as if millions of voices suddenly cried out in terror…’
How do the hackers do it?
There are a number of ways hackers penetrate secure networks or computers in search of usernames and passwords, or to insert malware. Sadly, many of these attacks rely on ignorance and blind luck.
Email ‘phishing’ has been around since Moses bought his first iPad (his other tablet was made of stone – *da-boom-tish*). This attack involves sending a bogus email to a user in the hopes to gain their username and password for a known account (like a bank), and is neither sophisticated nor grammatically correct.
Phishing can also be used to deliver malicious software (malware) to a computer, either directly in a file or via a download link. The email may be a virus warning or stock report; you name it, they’ll use it.
Brute force attacks are, as the name implies, as sophisticated as a sledgehammer. This type of assault involves accessing a legitimate system (like iCloud) and using repeated attempts to ‘guess’ a user’s password.
To make life easier for hackers, software to execute this kind of attack is now freely available, for a price, on the dark web. Are you sweating yet?
A combination of these methods was used for each hack we witnessed in 2014.
How to protect yourself
Most computers and networking equipment have built-in protective measures – like a firewall or anti-virus software – which require a certain level of sophistication to overcome.
However, the recent spate of high-profile attacks were so advanced or just plain old lucky that they weren’t detected until they were successful.
But before you take the pinking shears to your internet cable, there are a few ways to minimise your risk.
Check email sources
If you receive an email from your bank asking you to click a link and log in, you can bet it’s a phishing attempt.
Instead, go directly to the source to verify anything suspicious that shows up in your email. For example, log onto your bank’s website directly from your internet browser.
Beware of using a USB stick
Be careful when using a flash drive in a public computer: sophisticated viruses can hitchhike from computer to computer via your USB device, infecting every system as they go.
If you must, make sure you have anti-virus software on your computer that can scan USB devices for malware.
Switch off cloud backup services
Many mobile services come with cloud backup as a default, but it is possible to switch this off and manually save content from your device to your computer.
Protect your email address
Don’t post your email address on public chat forums, public posts on social media or on similar sites, like comment sections on news websites.
Malicious software can be used to crawl the internet (yes, the entire internet), compiling massive databases of stray email addresses, which are then sold on the dark web to be used to target spam and phishing attacks.
Change your passwords, often
Whether your accounts have been compromised or not, change your passwords every few months.
At the end of the day, there is no safety on the net. It’s a digital wild west, where highwaymen have carte blanche to bring the world down around our collective ankles with the click of a mouse.
Just take steps to ensure you’re as secure as you can be and you’ll minimise the chance of ending up a digital statistic.