Ask LH: What's With All The Security Breaches?

Dear Lifehacker, It seems that every day I am waking up to more articles in my news feed about another big company being hacked, with the hackers bringing down services or stealing sensitive information. Why is this happening? Are we currently in the midst of some 'hacker revolution' where every man and his dog have decided they want to join 'anonymous' or whoever else to fight 'the man'? Or is a small group of people finding a lot of big holes within the infrastructure of major organisations? Have big companies thought they could get away with providing minimal security on our data all the years, and now it is starting to all fall back on them? I just don't understand the constant stream of 'this was hacked' and 'this was stolen'. Any insights as to what is currently going on in the digital world? Thanks, Concerned and Confused.

Dear C+C (everybody dance now!),

I can't necessarily offer any deep insights, but I can share a few observations about why reports of security incidents have become more common in recent times.

There are a lot of potential targets. Online activity is utterly mainstream. The majority of the population surfs the web; most of us shop online. As a result, a massive amount of personal information are stored by companies. Even if 99 per cent of those are well-secured, the other 1 per cent still provides potentially rich pickings, for both professional criminals and activists who want to highlight security problems.

There is no such thing as perfect security. Modern software is complex, and complexity inevitably leads to security holes. Even with the best-developed security system, exploits are going to emerge. That doesn't mean businesses shouldn't even try; it does mean that problems are going to arise regardless.

Anonymous have been very busy. The loose online collective known as Anonymous has been involved in many high-profile incidents recently. Unlike professional criminal hackers, its motivations are often political. Its willingness to offer statements explaining the reasoning behind its actions also means it gets plenty of media coverage.

Once media hit a vein of popular stories, they keep mining it. Arguably the most prominent hacking incident of recent times was Sony's loss of PlayStation Network customer data last year. That issue got widely covered in the general press, not just the technology media, and created an awareness that stories about hacking could be popular. As I noted in my discussion of how the media covers open source, once a topic becomes "fashionable", coverage often increases for a lengthy period of time.

In practical terms, you shouldn't panic because of this apparent glut -- but you should make sure that you have a sensible approach to security when you are online. Use security software (we have recommendations for ), make sure you have different, difficult-to-guess passwords for web services, and change them regularly. You can't protect yourself against everything, but a little caution goes a long way.

If readers have other theories as to what's caused this upsurge in security hacking (and reporting of it), we'd love to hear them in the comments.

Cheers Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.


Comments

    I think the media are just excited to use the word "hack" so look for any opportunity. It's a bit of a flavour of the month word. A good example would be the News Ltd "phone hacking" scandal. It wasn't really hacking, but the media take the opportunity to let us all know that we're all targets and our precvious voicemails are never safe!

    I'd say more that recent hacks have been by people keen for publicity, rather than what is probably happening anyway which is small-scale hacks on companies that either don't know they've been hacked, or don't tell everyone. Smart but malicious hackers would be more subtle so they can use the same methods again.

    http://xkcd.com/932/

    The Hacks highlights how out of touch the corporations and the politcians are with Web Technology.

    Point two is why I don't think companies should store any more then the bare minimum of my personal information. The hackers generally seem to be a step ahead of the security experts. And the breaches we see on the news are just the ones that we know about.

    On that point, it's amazing the lack of security when it comes to phone transactions. If someone knows your name, date of birth, and street address, it's not very hard for them to compromise peoples your identity, and that sort of information as far as I know is generally not stored by companies in an encrypted manner, like say credit card details and passwords.

    I think another problem is that as the internet has become more and more a mainstream thing, the term 'hack' is now being used very very loosely. Much of what Anonymous is doing now isn't 'hacking' per se, they're just flooding the servers of major websites with requests, overloading them and shutting them down temporarily. In the IT community this is generally called DDoS'ing, not hacking, but the media seems to have merged these concepts, I guess as 'hacking' lends itself more easily towards sensationalism.

    I was a big fan of -Anon back when he just wrote poems and sayings.

    Long live Anonymous!

Join the discussion!