How to Survive the Hacking Wars
Update: 17 January 2015
An 18 year old Lizard Squad member has been arrested in Southport, Merseyside as a result of a joint investigation between UK law enforcement agencies and the FBI. He was arrested on computer misuse charges and threats to kill.
Original post: 13 January 2015
Unless you've been avoiding all forms of news for over a month, you'll have heard that there's been a lot of high profile hacking going on. Hacking's been going on for a long time, it's just that we hear about it a lot more than we used to as it's reported by old media. Just don't expect them to understand anything relating to new media, let alone report it fairly. 'Hacking' isn't even a good way of describing everything going on. It's a catch-all term that can cover everything from defacing a website, to seizing control of a site, to bludgeoning a site so hard it's unusable. Here's a quick refresh of some of the most significant hacks that have either occurred recently, or the full details of which have emerged recently.
- Target: US military companies. Perpetrator: China, possibly others too. Type: Theft. What happened: Targets were completely compromised with the hackers making off with huge swathes of data, saving them who knows how many billions in research costs.
- Target: Sony Pictures. Perpetrator: Uncertain. Type: Theft and sabotage. What happened: Sony Pictures systems were first compromised, with everything from emails to complete films being stolen, and then every system becoming unusable.
- Targets: Sony's Playstation Network and Microsoft's XBox Live. Perpetrator: Lizard Squad. Type: Distributed Denial of Service (DDoS). What happened: Lizard Squad appears to have used a DDoS attack (where multiple compromised computers are forced to flood a target system with more traffic than it can handle) to knock both networks offline on Christmas day. With countless people trying to login in on Christmas with their new Playstation 4s and XBox Ones, the motivation appears to be simple maliciousness. That they were easily bought off by Kim Dotcom indicates that there was no principle in play.
- Target: US Central Command's Twitter and YouTube accounts: Type: Access. What happened: someone identifying with IS (ISIS) gained access to the US Central Command's Twitter and YouTube accounts, and posted their own statements and images. Both accounts were quickly suspended and are now back to normal. It appears to be a political hack and not a very significant one either.
So where does this leave you. There's something very important that you need to know:
There are 2 reasons you don't need to panic:
1) Individuals or small businesses aren't likely to be targets of industrial espionage. Unlike the US, you aren't likely to have research worth 400 billion on your computer. To hackers then, you're not likely to be worth bothering with.
2) The only security threats you're likely to come across are ones you can easily defend yourself against. Windows has had its own free firewall since Windows XP Service Pack 2. Personally, I use a third party one that comes with anti-virus software. There are lots of options on this front. Whilst it may not be the absolute best option available, Microsoft Security Essentials is free and pretty easy to use. Also, don't fall for common tricks. Don't click on links emailed to you by people you don't recognise. Banks and the like don't email or phone you to ask you for your account number and online banking password. These can be attempts to illegally access your accounts, so don't be part of the problem!
When free options exist to mitigate the likelihood of your computer being compromised, why not take advantage of them? As Orac said in Blake's 7: