Examples: Yahoo!, LinkedIn, eHarmony
Over the last few years barely a week goes by without a well-known website being hacked and customer passwords taken. In 2012 the website LinkedIn had 6.5 million passwords stolen, whilst the dating website eHarmony reportedly also lost 1.5 million passwords in the same week. Sony have been the victim of many security breaches in recent times, including once losing up to 77 million user account details to a hacker.
These cases highlight the importance of not using the same password for each website - if your username and password is stolen from one site then they can be used to get access to your other accounts. It's worth knowing too that one of the reasons security experts suggest making your password strong and unique is that it makes it less likely that hackers will even be able to read it should they manage to steal user account details, thanks to the way in which passwords are (or should be!) stored by websites.
We can't control how websites look after their own security, but we can take steps to ensure if a site is hacked that our data is safe. Learn how to make passwords unique.
Credit card thefts
Examples: TKMaxx, Target, HomeDepot, and Staples
A lot of hacking is financially motivated, with credit card details being a highly prized target. These aren't always taken through hacks on websites but more often by targeting a company's backend systems or the stores themselves. In 2006 the US retailer TKMaxx lost 46 million credit card details through using unsecured wireless devices, whilst more recently HomeDepot, Target, and Staples in the US have all been hit by hackers.
Examples: WannaCry, CryptoLockerHotels: https://www.theregister.co.uk/2017/01/30/austrian_hotel_ransomware_attack/
CryptoLocker is a virus that rather cruelly will prevent access to all files on an infected computer, only releasing them when the victim pays a ransom fee. CryptoLocker may be the most famous virus of its type, however several other similar viruses also exist. This virus is thought to spread mainly through spam emails with infected attachments - another reason to be careful & to think before opening any unexpected email!
One method by which viruses sometimes get onto our computers is through compromised websites - the simple act of visiting a web site could be enough to infect your computer. It's not always only the less well known or "dodgy" websites that get infected either, even some of the internet's largest websites have occasionally been used to help to distribute viruses. Criminals manage to do this by creating booby trapped adverts in an attack known as "malvertising".
It's very rare for a website these days to organise their own adverts; in fact the majority of the adverts on the internet are organised by just a handful of specialist companies such as DoubleClick (part of Google) or AppNexus. Whilst these advertising networks have extensive security checks in place to prevent infected adverts appearing on their network, they're not infallible and in recent years several of the internet's biggest websites have all suffered from malvertising. These include the New York Times, Yahoo, TMZ, as well as the Huffington Post.
You can help prevent yourself from being infected by keeping your computer software up to date (especially your internet browser and any plugins), as well as installing an antivirus program.
Examples: Sarah Palin email hack
During the 2008 US elections the Republican Party's nominee for vice-president, Sarah Palin, had her personal Yahoo! email account hacked and many personal details released. In the end it was revealed that this attack was fairly easily achieved - the hacker got access by simply researching public records to find the answer to Sarah Palin's password reset question.
This case is a great example of how, even if we've set strong passwords, we may have still left the backdoor open for hackers if we've made it easy for a stranger to reset our password. Follow our tips on avoiding this here.
In 2014 the Malaysian Airlines fight MH370 went missing on a flight to Kuala Lumpur. It had still not been found 10 months later in January 2015, when a group of hackers calling themselves the "Lizard Squad" redirected traffic for the Malaysian Airlines website to a page showing a "404 Plane Not Found" error page. This wasn't done by hacking the website itself but by changing the settings of the website address (www.malaysiaairlines.com) to point to a different website elsewhere.
This tasteless page was in fact an attempt at irony - "404" is a common technical error code when a requested web page can't be found, whilst the missing aircraft was the 404th aircraft of its type to have been built by Boeing.
Examples: Stuxnet, Estonia, NotPetya
Whilst a lot of advanced cyberattacks are carried out by criminals to make money, some of the most advanced attacks that have been seen in history have actually come from nation states. Governments have the resources to fund research and development into creating cyberweapons that are highly targeted, highly effective, and remain undetected.
One of the most famous cases to come to light in recent years is that of Stuxnet. Discovered by researchers in June 2010, Stuxnet was a highly advanced piece of malware that was designed to target and disable certain parts of nuclear facilities in Iran. It has never been proven who created it, though the finger of suspicion has point at a joint US and Israeli effort.
There will undoubtedly be many more government sponsored attacks (whether for destructive or for simple reconnaissance) happening all the time, but due to their nature we'll rarely hear of them. Some other notable attacks though that are alleged to have been state-sponsored are the temporary crippling of Estonia's internet in 2007 (allegedly by Russia), and the hacking of Sony Pictures in 2014 which the US accuse North Korea of carrying out.
The nature of war has evolved massively over the course of human history, and cyberspace will undoubtedly be an important element of it in the future. Many governments are already preparing and testing their defences for it (as well as their offensive capability) should they ever be needed.
Gary McKinnon is a UK resident who hit the headlines a few years ago after allegedly hacking into 97 US military and NASA computers between 2001 and 2002, apparently whilst searching for proof of aliens. The media coverage was made all the greater due to the extradition request that the US made against him and the fact that he suffers from Aspergers Syndrome.
Gary is just one example of a lone hacker; there are plenty more out there. Whilst in his case his motivations were relatively harmless, it shows that individuals who have the time and dedication can manage to occasionally gain access into what should be some of the most secure networks in the world.
Microsoft "support calls"
Cyber related scams don't just come on the internet, the good old phone can still sometimes be the tool of choice for fraudsters. In recent years one very widespread scam has involved criminals phoning their victims up (at random) whilst claiming to work for Microsoft, pretending that their monitoring systems have detected a virus on the victim's computer. Ultimately the scam is about trying to convince the victim to hand over their credit card details for some worthless "antivirus" software.
These fraudsters can be very convincing. They'll try to convince you that you really do have a virus by finding a strange sounding file on your computer (perhaps going via a legitimate website that allows them to take remote control of your computer), but which is in fact a genuine standard system file. Some people have even managed to capture the whole call on video - it's certainly worth a watch!
Examples: Heartbleed, Poodle, Shellshock, Spectre
Heartbleed, discovered in 2014, was a security weakness (a "vulnerability") found in a small piece of software that is used by many websites. This particular vulnerability would have allowed attackers to view some user's' data that should otherwise have been encrypted and secured. As soon as it was announced and made public many IT and security staff in organisations around the world raced to identify any of their systems that were affected and to fix them. A lot of overtime money was no doubt earnt worldwide on that day!
Shellshock was another serious software vulnerability found in 2014, and this time had the potential to allow attackers to take full control of the computer. The piece of code with the Shellshock flaw was even thought to have been present and undiscovered in software for 22 years! Just like the Heartbleed bug, the public release of this vulnerability had many IT teams in companies around the world staying up late into the night to update their systems.