While many consider 2011 as a year of natural disasters and revolutions, it could also be called the year of the hack.
Hacking stories came to the forefront last year. Wikileaks wires were run across Australia’s newspapers. The UK phone hacking scandal almost irreparably damaged the reputation of the media. International companies Sony and Lockheed Martin were hacked and exposed to the world.
Hacking has left a lasting impression on the globe, and in lieu of recent hacking events, it's here to stay.
But with the increased news reporting of hacking has come the opportunity to reinforce some common misconceptions about hackers and their trade.
Web security firm M86 has highlighted five of the major myths of hacking, many of which were busted last year.
1. Commercial companies are impervious to hacking
With companies spending billions on cyber security, you wouldn’t be blamed for believing that any commercial company is impervious to hacking.
But last year’s hacks of Sony and Lockheed Martin proved this is not the case.
Jason Pearce, director of sales engineering at M86 says hack attacks are more commonplace than people realise.
“Most organisations do not publicly report that they have been a victim of a [cyber] attack and this affects brand and consumer confidence,” he says.
As a contingency to this, companies – particularly banks – have taken to hiring mercenary ex-hackers to test their security systems and find chinks in their cyber armour.
Security commentator and Technology Spectator contributor Stilgherrian says that most times these hackers are actually successful at cracking the bank's security, but are usually detected and traced in the process of doing so.
2. Hackers only target high-reward targets
The M86 report highlights that companies, military and governments were at the top of hacker’s hit lists last year.
However, Pearce says the easiest way to crack a secure network is to target the people that use it.
He added that with more people having an online presence through social media, it has become easier than ever to target an individual with the cause to attack an organisation.
3. Social media sites are safe from cyber-crime
Speaking of social media, M86 reports that Facebook has become a hotbed for hacker’s ploys.
Last Christmas, JB Hi Fi was at the forefront of a Facebook scam that offered free gift cards worth up to $500 if they invited their friends to join a particular event group. Despite JB Hi Fi campaigning on their real Facebook page that the event was a scam, just over 40,000 people signed up as participants.
Stilgherrian says the consequences of a hacked Facebook account are much worse.
To give an example, a hacker could get into your Facebook account without you and wait until you are overseas. Then the hacker could lock you out of your account, cut off your email and use Facebook to pilfer your friends for money by posing as you and spinning an unfortunate travel story and requesting cash to supposedly bail you out of it.
4. All hackers are experts with technology and computers
The demographic of exactly who is hacking is changing.
Pearce says that hackers are more likely to create the means to pervade security systems rather than hack it themselves.
“Hackers are the mules, writing the code and capturing the information which is then sold on various underground forums for monetary gain and further exploitation up the food chain,” he says.
Recent reports of the construction of an Android botnet reaffirms this point. A hacker probably constructed that botnet to be rented out to anyone wanting to conduct a cyber attack.
People’s motivations for hacking have also changed over time. While hacking may have previously been about glory or undertaken as a pastime, it has now become a prime means for cyber-crime and activism.
5. The only means to protect against hacking is through sophisticated anti-hacking technology
While the most advanced anti-hack technology will help protect companies from attack, it will not make them impervious.
Having a firewall and the most up-to-date anti-virus software is great, but both Pearce and Stilgherrian agree also having staff that are educated in how to manage their own personal internet security is better.
Good education involves teaching simple habits, like keeping multiple and strong passwords, not opening or clicking through the links of suspicious emails and generally being more wary on the internet.
“You would never give your bank pin to a stranger on the street, but if you get an email that looks like it comes from a bank, people freely give up their details,” Pearce says.
Stilgherrian however is more concerned about future of hacking. Technology is becoming more portable, yet internet security is not keeping up.
“Everyone is getting an iPhone or Android phone, but nobody is getting any protection on them.”