It’s not just banks and retailers that get hacked. As we saw recently, even celebrities and movie studios can be targets.
We spoke to multiple people who work in online security about the threats they see to companies, and asked them what kind of clients have been signing up for increased security following the Sony Pictures hack. Here are the targets that are most in danger of getting hacked:
One of the most damaging types of data to emerge in the Sony Pictures hack was the cache of emails sent between Sony executives. Sony Pictures co-chairwoman Amy Pascal was found to have sent emails that many people considered to be racist.
A fear of internal conversations becoming public has led many sports teams to invest in increased cybersecurity. Matt Little, VP of product development at PKWARE, a company that sells encryption technology to businesses, says sports teams are starting to buy increased protection. “It’s more Sony-style, there’s a lot of conversations happening behind the teams about these athletes, about their contracts, maybe even with sports betting,” he said. “They don’t want to be the next Sony.”
Banks are still the biggest target for hackers. They possess huge databases of customer data, including credit card information and email addresses. So if someone is going to get hacked next, there’s a big chance that a major bank will be the target.
Hackers have a long history of getting into the servers for banks and making away with personal data. Hackers broke into the servers of JP Morgan and made away with information regarding 76 million households and 7 million small businesses. The bank only realised that the hack had taken place when it noticed that the website for its corporate charity challenge had been compromised.
The 2014 iCloud hack that targeted female celebrities was one of the most high-profile hacks of recent years. Stars like Jennifer Lawrence and Kate Upton were hit by hacks that leaked their private, naked photographs online. It wasn’t a single hack that did it, however, but an underground of hackers who had figured out how to bypass the weak password reset system Apple uses to guard its iCloud service.
Apple’s iCloud service is still a frequent target for hackers. A hacker posted a free tool online in January that used a “painfully obvious” flaw in Apple’s iCloud service to repeatedly guess user passwords. Apple’s system is designed to stop hackers “brute forcing” a password by trying to enter long lists of common passwords, but the iDict software found a way through.
Apple eventually closed the loopholes that let the original iCloud hackers and the iDict tool through, but that doesn’t mean that hackers have stopped trying.
Many companies are worried that their competitors are paying hackers to try and break through their online security in search of trade secrets.
FBI director James Comey warned in a TV interview that Chinese hackers had gained access to many US companies. “There are two kinds of big companies in the United States,” he said. “There are those who’ve been hacked by the Chinese and those who don’t know they have been hacked by the Chinese.” Comey went on to claim that hackers weren’t looking for credit card information, but instead were searching for valuable trade secrets. “[They’re looking for] information that’s useful to them so they don’t have to invent [it]. They can copy or steal to learn about how a company might approach negotiations with a Chinese company, all manner of things.”
PKWARE CEO V. Miller Newton says that the threat of corporate espionage is prompting customers around the world to shore up their digital defences:
We’ve got a customer in Germany who is a chip manufacturer, and the peer of a CEO in another chip company that was breached. And what was stolen there was actually their intellectual property. What stimulated them to start encrypting data on the desktop was that breach of a peer company.
The New York Times
Hackers are almost always looking for some kind of information. Usually, network intrusions come from people looking for credit card information or personal details. One threat that has people in the cybersecurity industry worried is the relative weakness of the online security of news organisations. An expert told us that, in general, news organisations have poor security because they have always believed that they are legally protected from spying.
But some news organisations have started to ramp up their online security. Gawker is the latest publisher to run its own SecureDrop system, a technology originally developed by Aaraon Swartz. SecureDrop lets whistleblowers send files over the Deep Web, making it incredibly difficult for law enforcement to intercept their documents and figure out who they are.
The naked photographs of celebrities that were posted online following the iCloud hack had previously been traded for several hundreds of dollars. But they aren’t the most valuable kind of pornography being sold online. Child porn is regularly traded for thousands of dollars, driving a higher price due to the illegal and abusive nature of the images.
An event nicknamed “The Snappening”saw a vast collection of thousands of photos and videos sent through ephemeral messaging app Snapchat posted online. Many of the files depicted children, and some were child pornography. Messages sent through Snapchat are supposed to be automatically deleted upon receipt, but the photos leaked in the “snappening” were saved after a third-party client named SnapSaved had been secretly storing everything that users were viewing.
The developers of SnapSaved claimed in an interview with the New York Times that they had created the site after being contacted by an anonymous man on a web forum. He was based in Hong Kong, they said, and vanished when news of the hack broke. That means that whoever was behind the Snapchat hack is still at large, and could hire more contractors to replicate the SnapSaved breach.
A nuclear power plant
For a hacker looking to cause maximum damage, there’s no better place to look than a nuclear power plant. Sure, the control systems for nuclear plants are almost always air-gapped (not connected to the internet), but hackers can still get their software inside by, say, loading it onto a USB stick and leaving that in the parking lot.
A recent study from researchers at Ben Gurion University in Israel showed how it’s possible to interact with air-gapped computers by controlling the fans of internet-connected computers to create tiny changes in temperature.
Stuxnet was a computer program discovered in 2010 that was designed to seriously hamper the efforts of Iran’s nuclear development, tampering with the software that controlled centrifuges within nuclear plants to destroy around 20% of the devices.
The Stuxnet worm was spread in nuclear power plants by infecting a USB stick with the malware and waiting for engineers to plug that stick into a device which was connected to the plant’s network. It was reported in 2012 that Stuxnet was a program jointly run by the US and Israel, with authorisation from Presidents George W. Bush and Barack Obama.
It’s not just young companies with virtually no experience or budget for cybersecurity that get hacked. One expert told us that it’s often very old companies using legacy IT systems that are most vulnerable. If a company has been using computers for decades, then chances are that at least one component of its IT system is seriously out of date. Proper audits can catch those weak links, but many large businesses choose to overlook the maintenance of IT departments, or IT staff leave, meaning that new employees are unaware of vulnerabilities.
British chef Jamie Oliver has already had his website hacked twice in two months, so it could happen again. Oliver’s online recipe site was found to be infected with malware, potentially infecting the computers of anyone who went looking for meal ideas.
Oliver’s representative told us after the first hack in February that “the site is now safe to use.” But then it was hacked again in March. It looked like the same hackers that had been using jamieoliver.com to spread malware had returned and were still doing it. Oliver’s representative told us after the second hack that “the site is now safe to visit.”
A security expert theorised that the reason why Oliver’s website is being repeatedly hacked is that whoever runs it hasn’t figured out how to shut the hackers out, meaning they can keep returning and spreading malware.
Cars are becoming more complex, and that means that they also have more ways for hackers to gain access to them. Modern vehicles like electric Tesla roadsters come equipped with on-board computers that control many different aspects of the way the cars work.
One of the weak points in modern cars is the way that they receive software updates. Cars regularly check to see if a new update is available, making them vulnerable to outsiders. However, that update process can also make cars more secure, as manufacturers can quickly issue fixes to newly discovered security flaws.
German motoring organisation ADAC discovered in February that it was possible to break through the door locking software of BMW and Rolls Royce cars and unlock them using a blank car key. The trouble with owning a car that runs on complicated software is that it opens up more ways for people to hack you. ADAC contacted the vehicle manufacturers, who issued an update to the cars’ software. But that update only reached cars driving in a place that can receive the signal. Any Rolls Royce or BMW cars that were stored in underground parking lots were left vulnerable.
The global financial market is ruled by computer algorithms trading securities faster than any human can, using a global network of microwave towers to send information through the air. Since 1999, HFT has become one of the biggest forms of trading.
Hackers have focused on high-frequency trading in the past. In 2013, hackers managed to insert software into a hedge fund’s HFT trading system that delayed the transfer of information. BAE Systems was called in to investigate the hack, and it concluded that it was likely a “for-profit attack” by organised criminals.
Another way to disrupt HFT is to gain access to the sources of information that algorithms use to make trades. The Associated Press’ Twitter account was hacked in 2013, and hackers posted a tweet that claimed President Obama had been injured after two explosions at the White House. HFT systems saw the tweet and immediately decided to sell, impacting the market.
Business Insider Emails & Alerts
Site highlights each day to your inbox.