What do Twitter, The New York Times, Scarlett Johannson, former U.S. President George Bush, LinkedIn, former CIA Director David Petraeus, security expert Mat Honan, and Lady Gaga have in common? No, it's not an overwhelming desire to petition NBC to keep 30 Rock on the airwaves (although they might have that in common, too). They've all been hacked, and quite publicly.
From Hollywood starlets to government officials and corporate giants to people you'd think would know better, no one is immune from the hacker hijinks making headlines on an all-too-regular basis. These events beg the question: "If they're not safe, who is?"
Businesses and consumers alike can learn valuable lessons from these high-profile hacks, attacks that most certainly can happen to you.
China vs. The New York Times
Last month's news of pervasive attacks on The New York Times by Chinese hackers shocked many, but is just another example in a long list of attacks originating from that country. The news came on the heels of a story the Times published following its investigation into the wealth of the Chinese prime minister's family. Chinese officials had warned the Times that there would be consequences for the investigation.
Investigators suspect that hackers penetrated their system using a method called spear-phishing, when a hacker sends an email to employees tricking them into clicking a malicious link that results in the installation of malware. By clicking this link, employees provided the hackers a portal with which to access their system.
Threat level: This type of attack is extremely common. While you may not be sitting on highly confidential information like reporters at the Times, your employees are often sending and sharing sensitive information that could jeopardize your business.
Lesson learned: If you don't recognize the sender or the email looks sketchy (trust your gut in this case) do not click any links within.
The Bushes vs. Guccifer
Embarrassing more than anything, this hack exposed discussions of family matters and private photos the Bushes never expected to be made public. Cell phone numbers, home addresses, security codes, preliminary funeral arrangements for George H. W. Bush and photographs of self-portraits George W. Bush emailed his sister were all fair game when a hacker who calls himself Guccifer began poking around several family members' and friends' personal emails.
Free email accounts provided by Google, Yahoo, and AOL--the email provider of choice for one of the victims, Dorothy Bush Koch--are particularly susceptible to attack. Hackers can easily breach AOL's security measures for resetting an email password simply by guessing at family members' birth years and names of a favorite pet.
Threat level: High. Weak passwords don't stand a chance against hackers. If it happened to the Bushes--a family with two living presidents and plenty of Secret Service protection--it can happen to you.
Lesson learned: Use strong passwords. Never answer security questions with the real answer. Ex: When an email provider's security question is "The name of the city you were born in," enter a combination of letters and numbers, but never the actual name of the city.
Mat Honan vs. ??
It's still unclear who obliterated Wired technology writer Mat Honan's entire digital life in less than an hour, but his experience is a chilling example of one of the worst-case scenarios for the average consumer. He's written about tech for years and he's a whole lot more savvy when it comes to cybersecurity than the average consumer. He's a pro, and it still happened to him.
Hackers gained access to Honan's Apple iCloud, Amazon, and Gmail accounts and remotely wiped his iPad, iPhone, and MacBook clean, all in an effort to seize his Twitter account and wreak havoc. It was icing on the cake that his Twitter was still linked to the Twitter account of his former employer Gizmodo (where hackers posted profanity-laced, racist language), he wrote in his initial recount of the hack. Though Honan acknowledged he could have taken greater precautions on his end, his experience highlights crucial security holes in Apple's and Amazon's customer service system:
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information--a partial credit card number--that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.
Threat level: This was an intricate attack, the extent of which is unlikely to happen to the average business or consumer. However, businesses should take note of particular aspects of this attack--the remote wiping of his devices and the hacking of individual accounts and services--as a wake up call. The impact of similar situations could be even more dire to businesses.
Lesson learned: Two things: 1) Use two-factor authentication--it's simple and you can't afford not to. 2) Back up your stuff. Precious photos, communications, and documents can disappear forever with just a few keystrokes.
In his State of the Union speech, President Barack Obama issued an executive order aimed at improving infrastructure cybersecurity, and the Pentagon recently approved a massive expansion of its cybersecurity force, boosting its current size by more than five times in an effort to address this looming issue. The stakes are rising, the threats multiplying, and the government is stepping up. It's time for you to do the same. Cybersecurity is a shared responsibility. It's on all of us to stay safe.