Suffering a data breach is like discovering that someone rummaged through your bag when you weren’t looking. It’s a jarring invasion of privacy, whether the information stolen is as impersonal as a Social Security number or as intimate as years of emails, texts, and pics. For years, The Atlantic has been covering cyberattacks that target individuals, companies, and even the U.S. government—and the ways those intrusions affect personal, financial, and national security. We’ve compiled some of our best coverage in a new landing page, “The Atlantic Revisited: Navigating the End of Privacy,” and below are brief descriptions of those 18 pieces from our archives.
Everything Is Hackable ...
- The U.S. presidential election captured the interest of leaders the world over—even inspiring some to try and influence the outcome. The U.S. Intelligence Community accused Russia of trying to manipulate the outcome of the election, but experts are divided on whether the digital interference is just a 21st-century version of politics as usual, or if it represents an unprecedented level of meddling in U.S. domestic affairs. (“What the DNC Hack Could Mean for Democracy,” Uri Friedman, August 2016)
- For millions of people in the U.S., the internet went down for hours one Friday in October. The culprit: A botnet made up of poorly secured DVRs and webcams. Someone had commandeered hundreds of thousands of the internet-connected devices, turning them into pawns in a coordinated attack against a critical piece of the internet’s infrastructure. (“How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit,” Robinson Meyer, October 2016)
- When the Office of Personnel Management was hacked last year, more than 22 million people had their sensitive personal information—including Social Security numbers, addresses, and, in some cases, even fingerprints—stolen. When the victims got letters in the mail saying their information was taken, they had to reckon with the new risk of identity theft, and take action to protect themselves. (“Your Data Is Compromised. (Yes, Yours.) What Now?,” Kaveh Waddell, July 2015)
- An online tool offered by the Internal Revenue Service allows taxpayers to easily check their tax history, but for a while, it didn’t do a good job of verifying users’ identities. Hackers used personal information gleaned from other data breaches to trick the tool into divulging people’s tax documents, which helped them file around $50 million in fraudulent tax returns. The breach was initially estimated to affect about 115,000 people, but after further investigations, the government realized that the victims numbered nearly 725,000. (“The IRS Hack Was Twice as Bad as We Thought,” Kaveh Waddell, February 2016)
- Executives and employees at Sony Pictures woke up one day in 2014 to find their dirty laundry posted online—and indexed for easy searching—after a group calling itself the “Guardians of Peace” stole a trove of emails, salary information, and other sensitive data from the entertainment company. The FBI pointed fingers at North Korea, but security experts questioned whether it was possible to know exactly who was behind the cyberattack. (“We Still Don’t Know Who Hacked Sony,” Bruce Schneier, January 2015)
- When Ashley Madison, a website that helps adults find extramarital affairs, was hacked, it was more than just mortifying for the millions of outed users. It was an introduction to “organizational doxing,” the practice of stealing enormous amounts of data from a company or government agency and publishing it online, heedless of the collateral damage it will cause. (“The Meanest Email You Ever Wrote, Searchable on the Internet,” Bruce Schneier, September 2015)
- A hospital in Los Angeles switched to paper records and started turning patients away after its computer systems were infected with a virus that locked up vital data—and demanded a $3.6 million ransom to return it. (“A Hospital Paralyzed by Hackers,” Kaveh Waddell, February 2016)
- Nude photos of female celebrities ricocheted across the internet after they were stolen from the celebs’ iCloud accounts and released online. But despite years of attempts to pass legislation that would slap special penalties on people distributing explicit images of people without their consent—a practice also known as “revenge porn”—only a few states actually have such laws on the books. (“Why Congress Won’t Help Jennifer Lawrence,” Lucia Graves, September 2014)
- When Deb Fallows found her Gmail account acting funny one day, it wasn’t just a temporary bug: A hacker had gotten into her account and sent fake distress calls to all her closest email contacts, asking for money. In the following days, Deb and her husband, Jim, went on a hunt to regain control of the account, recover years of lost emails, and figure out just what had happened. (“Hacked!,” James Fallows, November 2011)
- How long would it take a fake smart toaster, sitting alone in the massive sea of internet-connected devices, to get hacked? Andrew McGill dressed up a rented server to act like a web-connected toaster to see if any hackers would bite—and watched as the next 12 hours brought more than 300 attempts to take over the fake toaster. (“The Inevitability of Being Hacked,” Andrew McGill, October 2016)
- Use a wireless keyboard at work or at home? Security researchers have found that many low-end models don’t use industry-standard security practices, instead transmitting between keyboard and computer with weak encryption—or no encryption at all. With the right tools, a hacker can spy on every email, password, and credit-card number being typed on a vulnerable keyboard nearby. (“Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away,” Kaveh Waddell, July 2016)
Have you ever been hacked? Were you, for example, one of the 22 million people caught up in the OPM breach? Have you had your email account compromised like Deb’s? Have your photos or other sensitive files been stolen? We would like to hear from you. Please send us a note about the experience to email@example.com and we will aim to post it here in Notes (anonymously, if you prefer).
… So, How Do We Defend Ourselves From the Hacker Onslaught? Here are several pieces that approach that question:
- A team of 600 Homeland Security Department employees (and 400 contractors) works with private companies to secure infrastructure and public utilities around the country, from major-league ballparks to water plants to banks. They prepare for attacks that might be delivered by a suicide bomber driving a truck—or quietly over the internet. (“Meet the People Who Protect America’s Critical Infrastructure, Steven Brill, August 2016)
- China’s cyber army is one of the top two or three online threats to the U.S., experts say. But the best way to contain the danger may be to work with, rather than isolate, China’s leaders. (“Cyber Warriors,” James Fallows, March 2010)
- The two groups most dedicated to keeping the internet safe are sequestered on opposite coasts: the government’s suited and military-uniformed policy wonks in Washington, and hoodie-clad hackers up and down the West Coast. Getting them to work together is crucial, but it isn’t always easy. (“Suits and Hoodies: The Two Cybersecurity Cultures,” Justin Lynch, February 2015)
- One afternoon in late October, teams of college-age hackers assembled in a room in Washington, D.C., and assailed a model water-treatment plant with cyberattacks, quickly bringing it to a screeching halt. Recruiters from Uber, Northrop Grumman, and the federal government flitted from table to table, eager to snap up young talent to help secure their own systems against attacks. (“Inside a Hacking Competition to Take Down a Water-Treatment Plant,” Kaveh Waddell, October 2016)
- Skilled “white-hat” hackers—security researchers who use their computer skills to protect organizations from online threats—are always in short supply. But to keep them from being lured into illegal hacking, companies may have to be willing to pay out bigger salaries and “bounties.” (“When Ethical Hacking Can’t Compete,” Donna Lu, December 2015)
- Apple’s standoff with the FBI over a locked smartphone that belonged to one of the San Bernardino shooters showed off the quality of the iPhone’s security safeguards. Most phones on the market wouldn’t have stood up to the federal government’s attempts to hack them. (“Encryption Is a Luxury,” Kaveh Waddell, March 2016)
- Trump does little to hide his disdain for journalists—or his desire to sue them when he disagrees with what they write. It’s more important than ever for reporters and activists to protect their data and communication from prying eyes, but these tips—which touch on encrypted messaging, managing passwords, and browsing the internet anonymously—are just as relevant for our average reader. (“How Can Journalists Protect Themselves During a Trump Administration?,” Kaveh Waddell, November 2016)
In that last piece, I sketched out some ways you can protect yourself and your data from the prying eyes of hackers:
Signal, a smartphone app, is the medium of choice for privacy-conscious communicators, and is probably the easiest way to call or text securely. Encrypting email using PGP is also an option, but it’s far more cumbersome.
It’s also important to make up complex passwords—and never to reuse a username and password combination for more than one site. Password managers like 1Password, LastPass, and Dashlane can create a different randomized password for every website, and remember them all so that you don’t have to.
Turning on two-factor authentication on every service that supports it—Google, Slack, Dropbox, Amazon, etc.—makes it much harder for hackers to get into your accounts, by requiring you to approve every login with a mobile device. And for those who need to browse the internet securely, a properly configured Tor browser allows users to poke around the web anonymously.
Do you have any additional tips for how to keep your data safe? Please send us a note: firstname.lastname@example.org.