After three months of headlines from China to the White House and every geek haven in between, this week introduced the world to the cyber attack that may or may not be slowing down the entire Internet, followed by the digital assault on American Express. Yes, 2013 is already the year there were too many hacking incidents to keep track of, but "hacking" has also become a kind of catch-all for nefarious things done on a computer, and it's becoming increasingly difficult to tell apart global headline from personal headache. That kind of vagueness has left average Internet users wondering whether they could be exposed to the same threats as major companies and government systems — and has demonized "hackers" like Aaron Swartz, Matthew Keys, and Weev, who face(d) felonies and jail time for low level computer crimes. With more than a few different kinds of "hacks" dominating the news in just the last couple of weeks alone, it's about time somebody defined the hacking headlines once and for all.
Guccifer and the Personal E-Mail Hack
Fear Factor: Low-Medium. Once someone does get inside an email account, it can be scary just how quickly everything else falls apart. But the technique isn't exactly computer science, and these types of hacks can be avoided — if you have a safe enough email provider. Indeed, email lurkers have publicly exposed security flaws inside some of the most popular inboxes in the world; Guccifer, for the most part, has gone after AOL, Yahoo, and Comcast accounts, which don't have very good security — it only take a few personal details to get an AOL user to fork over a password. Careful password habits like using two-step verification should help the average non-Bush user fend off these kinds of security breaches.
China and the Click-This-Link Hack
Fear Factor: Medium. A lot of different levels of hackers use the link-doom method, from those creeps trying to take over unsuspecting women's webcams to the secret unit apparently linked to the People's Liberation Army in China, which reportedly used very well concealed spear-phishing to get high level people inside various media outlets to download malware and use it for the purposes of international espionage at that drab looking building over there. For the average Twitter user, though, there are various ways to avoid downloading malware, even spear-phishing, which does a very good job at looking legitimate. But basically, don't click things that look fishy (or phishy), don't visit suspect forums, and don't buy suspect things. And make sure your computer's anti-malware program, scripts, and browsers are up to date.
Facebook & Apple and the Trendy 'Watering Hole' Method
What It Looks Like: This is another, more clandestine way to get people to download malware, and that was likely the type of hack (probably from China) that infiltrated the internal servers at Facebook, Apple, and possibly Twitter, as the companies reported, like dominoes, in February. This type of hack doesn't target an individual but a website that many individuals visit — you know, like when the people visit the watering hole. When trying to target Facebook's developers, for example, hackers planted "malicious code injected into the HTML of the site used an exploit in Oracle's Java plug-in," as AllThingsD's Mike Isaac explained.
Fear Factor: High. Once you visit an infected site, well, that's pretty much the end of the attack. That's the thing that trips up a lot of people writing about and spreading fears around hacking, and the Facebooks and Twitters of the world are pretty good at protecting their accounts when they get played. But if you're looking for a solution, a lot of people have suggested that getting rid of Java might help your situation, since a lot of malware exploits that code deployment platform. Then again, it might not really be that easy, since the malware spreads so fast and to such large sites.
North Korea & Iran and the DDoS Attack
What It Looks Like: Denial-of-service attacks have received a lot of attention this week because of the fight between Spamhaus and Cyberbunker, which resulted in the biggest ever DDoS attack ever. These rapid-fire attacks, which infect computers with malware to overwhelm and then shut down websites, were also responsible for the big bank attacks over the last few months, including Thursday's AmEx breach, which likely came from an Iranian hacker group called the Izz ad-Din al-Qassam Cyber Fighters. That South Korean hack the other day from North Korea was also likely of the DDoS variety. And denials of service are getting more powerful. The AmEx hack, for example, infected "infected powerful, commercial data centers with sophisticated malware and directed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack," as The New York Times's Nicole Perlroth and David Sanger explain.
Fear Factor: Very High. While some have accused the Times of being sensationalist with its use of "cyber warfare," the DDoS attacks have become more and more powerful, which is cause for concern. There are ways to close certain holes on the web's DNS servers that could ease the flood of relatively tame denial-of-service attacks, but when it comes to national security the U.S. is no match for China's hackers, who are trying to take down some of America's most crucial infrastructure. President Obama acknowledged the threat in his State of the Union address and recently met with major business leaders about cyber attacks. In addition to clandestine efforts to fight back against China's cyber fighters, though, the White House is now looking at something like sanctions: The latest government funding bill would make it harder for Chinese companies to sell tech products to a few federal agencies, according to Politico, although that's only minorly comforting. But Obama has ordered cyber attacks on Iran, after the famous Stuxnet worm targeted U.S. computer infrastructure.
Aaron Swartz, Matthew Keys & Weev and "Unauthorized Access"
Fear Factor: Low. The scary part is how vague the definition of a not scary hacking act has become. Authorities and bigger organizations and businesses tend to fear these kinds of attacks more than individuals, because it's usually the individuals (or Anonymous) use the highly illegal tactics to make often mundane points of their own.
...and Physical Cable Hacks
Fear Factor: Medium. It's definitely the most effective way to take out an entire country or continent's Internet. But, it's pretty conspicuous and not very precise. You've got to be a pretty smart underwater hacker to be an effective one.
There are certainly other types of "hacks" out there, but this should help clarify things the next time you're facing three frightening headlines about technology in one newspaper. China isn't coming after your Netflix account. But you should still probably dump that stupid password, beef up your email and computer security, and avoid the MIT server room. And the North Koreans. Those guys are up to no good.