Wednesday, 9 September 2015

Is Hacking Getting Worse?

Is Hacking Getting Worse?

Mark Oakley looks at hacking’s murky recent headlines and wonders if things really were better in the ‘good old days’

August’s Ashley Madison data dump was something of a wake-up call for adulterers everywhere. Since news of the site’s hacking surfaced in July, the online dating site has received the sort of media attention that no company wants. Those registered to the site, meanwhile, would have been nervously keeping one eye on internet forums to check that their names and email addresses hadn’t gone public.


Well, now they have, and many times over too. Indeed, the group behind the hack first posted 10GB of data onto the dark web, complete with names, email addresses and credit card details. Then more data dumps happened, and the headlines began. In Australia, a radio station decided that it would be quite the wheeze to reveal one of the chaps from that database to his wife because, you know, ruining a married couple’s life is so entertaining. At the time of writing, various names were being named in the press as being included in the link, and online databases allowing people to search to see if their name was on it were being overrun by the high volume of visitors. Then, news came of suicides related to the data breach, and the scale of the impact of the data breach took on an altogether more serious tone.

What’s certain is that this is threatening to become one of the hacking stories of recent years.

Whatever your own personal take on the Ashley Madison affair, from my point of view it’s just another in an increasingly long line of high-profile and widespread hacking cases to have made headlines the world over.

Last year, in particular, seemed an especially fruitful one for hackers.

2014: Hacking’s Worst Year?


Throughout the course of 2014, the computer systems of Sony, eBay, Kickstarter and Tesco were just some of the many, many hacking stories that seemed to dominate news pages.

It’s fair to say, certainly in terms of column inches, that hacking was one of the major tech stories of last year. Looking at perhaps the biggest of those stories, the Sony hack was notable for suggestions at the time that it could have been related (bizarrely) to one of its upcoming films, the underwhelming The Interview. Said movie took a comedic look at Kim Jong-Un, and when the FBI confirmed that the hack did indeed originate from North Korea, those theories seemed more watertight.

You’d think Sony would have learned. This particular attack was borne out of hackers managing to install wiper malware on its systems, but back in 2011, hackers had already exploited its systems by entirely different means, causing a mighty outage on the PlayStation Network. When that massive outage happened, consumers made their disgruntled voices heard very loudly, and you would have expected those in control of its cyber security to have shored things up.

Sony is obviously one of the more high-profile companies out there and is therefore more susceptible to hacking than most. On that basis, surely it should keep an eye on the more sophisticated methods and keep them out?

What was notable for the big headlines in 2014 was that each of the firms involved were major companies providing services used by millions. For hackers, the targets have just got bigger, and while Sony is one example of where lessons don’t seem to have been learned, on a wider scale there are plenty more.

Celebrity Hacking


In 2014 (when else?), a store of nude photos of celebrities was leaked. Involving hundreds of explicit snaps of celebrities, this was major news and not least because of the scale of the photos involved and the high profile of many of those affected. Also, the fact that these images were being stored via iCloud was headlinefodder for the media, which reportedly led to a rethink of Apple’s service, with additional security steps including notifications regarding account access.

With the FBI getting involved, there can be no doubt of the seriousness of this. It’s hardly the first time that celebrities and technology have mixed with bad results, though. In 2011, private photos of Hollywood celebrities including Scarlett Johansson were leaked online, and the man responsible, Christopher Chaney, was sent to the clink for ten years for his crimes. Thankfully, this kind of thing does lead to prison time if you get caught, but it’s clearly deeply upsetting for people to learn that the cyber security they thought was protecting their private information wasn’t actually strong enough to stop horrible people from doing horrible things.

And people have been at this game for years.

Hacktivism Begins


One of the earliest cases of high-profile hacking with a purpose was probably in 1989. Nasa was on the victim side of the coin, as the ‘Worms Against Nuclear Killers’ worm was unleashed on its computers.

The worm with the faintly incendiary name (we’ll let you work out the rude acronym for yourselves) was put to work by Australian hackers in protest at America’s involvement with the Galileo space probe, fuelled by plutonium.

Spin on a decade and the US Department of Defense was under attack – by a high school student. Jonathan James from Florida managed to embarrass the US military by compromising the department’s computer system. James intercepted a bunch of highly classified emails by installing backdoor software, including gaining some information about the International Space Station. In the end, he was caught and placed under house arrest because of his age rather than spending time behind bars. Tragically, he committed suicide in 2008.

As for other historical events of note, the Morris Worm is another that’s worth a mention. Robert Tappan Morris created the worm to find out its reach, hence ascertaining the sheer scale of the World Wide Web. The worm reportedly infected around 6,000 systems and caused hundreds of thousands of dollars worth of damage.

Hackers Make Headlines


While last year and, indeed, this one have undoubtedly been standout years for hacking stories, they’re not alone.

Alongside the already mentioned attack on Sony’s PlayStation Network in 2011, that same year saw its own fair share of major incidents. Epsilon, one of the world’s largest email marketing firms, was targeted by hackers, which meant access to millions of users’ email records. The company was said at the time to handle over 40 billion emails every year and customers of various credit card, and finance companies were warned to keep an eye out.

In that year too, aerospace and defence firm Lockheed Martin was compromised, as hackers used SecurID codes stolen by an attack earlier in the year on security firm RSA. Luckily, the hack was found out before any lasting damage occurred. Then there were the Chinese hackers who targeted Gmail in an attempt to get into the personal accounts of various members within the US government. And let’s not forget that this was the year that hacker group LulzSec was born.

So while the last couple of years have been notable for cybersecurity attacks, you could easily argue that many of the years in recent times have similarly been havens of hacking activity. Take 2012’s attacks on Foxconn and MasterCard. Or 2010’s data breaches at VeriSign and Gawker Media. Hacking has had many a good/bad year, although last year and 2011 remain real stand-out ones.

It’s Getting Worse All The Time?


While the actual incidents are occurring year after year, it’s probably fair to say that the actual numbers of affected/exposed records are increasing. For example, according to research from US analytics firm Risk Based Security, the number of exposed records in 2013 was 823 million, compared with around (just) 265 million in 2012, and under 100 million in 2010 (there were over 400 million exposed records in 2011). It does appear generally that more records are being exposed as time goes on.

It stands to reason too that as more and more of us obtain and use web-connected devices, the possibility of consumers being lax with their own online security increases. Our dependance on cloud services has led to a culture, among many, of placing all sorts in the web space without giving it a second thought. That’s worrying and a real boost to hackers looking to take advantage.

Digital services, like Ashley Madison, obviously have to be accountable for looking after our data. The bottom line, though, is that no cloud-based or web-based service is 100% foolproof. We were all warned against putting all our faith in the cloud when big firms like Apple started to rely on it so much. We all enjoy the convenience these services offer us, but too often consumers are then prepared to turn a blind eye when it comes the security of that data, happy to leave it up to someone else to deal with. In some respects, it’s a bit of a cheek for consumers to rail at the companies for not looking after our data sufficiently when things go wrong. Surely we all have to take some responsibility for our own information? Much in the same way that you’d protect your own storage and data at home, why not take measures to carefully select and protect the data we place in the cloud?

What I am also certain of is that sections of the British media have an appetite for the destruction that comes with hackingstories. It makes excellent column inches and attracts a sentiment among a certain readership that panders to a culture of worry and chaos. Fearing the unknown is nothing new, and news of stolen data, ruined lives and comeuppances is unfortunately exactly the kind of thing that sells newspapers and drives web traffic.

While hacking on a wider scale does seem to have become greater as our reliance on the cloud has increased alongside the adoption of online services and profiles, hackers themselves have become more determined to upset some of the world’s corporations in a bid to upset the status quo. There are various core reasons behind hacking: hacking for disrupting people’s lives, hacking for hacking’s sake, and hacking for protest. With the creation of groups like LulzSec, hacking with a purpose has certainly increased in recent years.

It’s also fair to say that the reporting on hacking has become more sensationalist. Going back to the Ashley Madison data breach for a moment, a selection of headlines included ‘The Ashley Madison Hack Ruined My Life’, ‘What to say if your spouse finds your name on the list’, ‘Do YOU trust your partner?’ All of these are designed to get people clicking to those web pages and buying the print editions of those media sources concerned. The Ashley Madison case is a particularly ‘sexy’ one for media outlets to grab hold of, and it has undoubtedly brought hacking into the mainstream consciousness.

Hacking does, in general, seem to be getting more widespread, and the targets are certainly getting bigger. As for whether it’s getting worse, hacking has been a problem for years and, unfortunately, it’s likely to remain that way.