High Profile Hacks
It seems as though huge corporations, government agencies, media outlets and even the little guy with a personal website need playbooks devoted to dodging the myriad ways serious digital hacks may occur.
Big-time hacking is an ongoing problem that any creative talent agency and all who seek web design careers need to be prepared to protect against both for themselves and clients. Designers and agencies need to pay attention to up-to-date tips for avoiding devastating hacks and help educate clients so they are better able to thwart cyber break-ins.
Some High-Profile Hacks of the Year
High profile hacks of 2013 have included:
- Invasions of U.S. government and defense contractor computer systems by the Chinese government;
- Robberies of bank accounts, incursions into private data of celebrities including First Lady Michelle Obama and cyber hostage-taking of digital business records by Russians; and
- Corruption of major Twitter accounts, including the Associated Press, by a group of cyber activists called the Syrian Electronic Army.
You don’t have to be a celebrity, a huge corporation or a government agency storing classified information and massive amounts of personal data to be included in a devastating high-profile hack.
For example, Russian hackers have targeted smaller entities, such as individual medical offices that store sensitive patient information. The hackers make the records of these health providers inaccessible to the providers by overwriting and encrypting the files. Then they charge a ransom to decrypt the information.
Insights from a Tech Journalist
The hack of a single journalist by teenagers in summer 2012 offers major insights into how to improve internet security.
In his November 2012 article ‘Kill the Password: Why a String of Characters Can’t Protect Us Anymore,’ Wired magazine journalist Mat Honan recounts how it took only an hour for a group of ‘bored kids’ to destroy his ‘entire digital life’ via information gained from his social media accounts.
Honan fought back by researching and writing about how the hack occurred and what needs to be done to improve security. He detailed the hacking process, as well as steps that anyone who has a ‘serious web presence’ should take to avoid similar attacks.
Honan notes that most internet users are unaware of how vulnerable their logins and passwords are. Here are some of his basic pointers to share with web design clients:
- Never use an email address as a login.
- Never use short passwords or ones containing a single dictionary word. They are quickly crackable.
- Never use a login or password on multiple sites. This creates a daisy chain of information allowing hackers into your other sites to harvest personal information and finances.
- Protect against easily obtainable pieces of personal information, such as your mother’s maiden name, by providing bogus answers to security questions.
- Any password can be cracked, so it is futile to rely solely complicated or lengthy passwords for security.
- Say “yes” if a website offers you multiple-factor authentication, such as a pin number in addition to a password, but don’t be misled into thinking that the combination of a password and second verifier is all you need to protect against hacks.
Acid Burn from Java Hacks
In January 2013, as a result of several high profile hacks, the U.S. Department of Homeland Security recommended that computer users disable web-surfing Java software. Despite numerous corrections by Oracle, the company supporting Java, new as well as old versions of the software remain vulnerable to malware hacks. This has led to identity theft and use of the infected computers as zombies to attack other digital equipment.
By mid-February, even Apple corporate officers were hacked via Java. Now, aside from counseling OSX users to install Java updates, Apple also recommends a somewhat complicated process of enabling then disabling Java within browser preference files based on need.
Website designers should consider sharing caveats about Java as well as information about the spring 2013 hacks by the Syrian Electronic Army, a group that supports Syrian President Bashar al-Assad and is angry about international press coverage of its country’s civil war
Political Unrest and Twitter
The SEA made headlines by hijacking Twitter accounts of news agencies such as AP, National Public Radio and the British Broadcasting Corporation. The AP breach, which occurred in late April, falsely reported that explosions had occurred at the White House.
Buzzfeed, a media website, refers to these Twitter invasions as being more like tricks than hacks, because of the simple phishing scheme their perpetrators used to access accounts.
A month following the AP attack, Twitter announced a new, opt-in, two-factor verification process for logging on. It involves receipt of a 6-digit numerical code on a cell phone each time you login. After inputting this second piece of verification, your Twitter page opens.
However, a day after Twitter made its announcement, reports surfaced about how its two-factor process could be hacked. For Twitter, it’s back to brainstorming about how to improve the verification process. As to the creative talent agency and anyone in web design careers, it means vigilance in following news reports about the constantly shifting schemes of hackers. In time, it may also mean seeking liability insurance.
Alicia R is a freelance writer available on WriterAccess, a marketplace where clients and expert writers connect for assignments.
Thank you for reading this article about high profile hacks.
Artisan Talent is a Digital, Marketing and Creative Staffing Firm placing talent in jobs perfectly matched with their skills all over the US.