Hackers, Cyber Attacks and Malware (Oh My!)


illustration by Alexis Jeffries

We live in an era of unprecedented closeness with technology. Our banking, communication and access to information has all been expedited thanks to the internet. This close relationship, however, comes with a dark side.

In the past year, cyberattacks have emerged from the shadows and into the spotlight. And yet, we know so little about the attackers or how they operate. Their targets range from enormous corporations to anyone unfortunate enough to click the wrong link. You could be under attack right now and not even know it.

The 2016 presidential election, for instance, was plagued with cyberattacks and information leaks. The malware used to hack the Democratic National Committee this past July was even developed by the Russian military. These faceless hackers shaped the narrative of the 2016 presidential election as much as any speech or debate.

These recent large-scale attacks haven’t just been aimed at political institutions. A recent distributed denial of service (or DDoS) attack shut down some of the web’s largest sites, including Netflix, Amazon and Reddit for hours. According to Management Information Systems professor Richard Mislan, these widespread cyberattacks may just be the beginning of something bigger.

“There’s been speculation that our latest attack was just a dry run. Whoever did this, they’re just testing the boundaries to see what’s possible,” said Mislan. “I think there’s a bigger event to come.”

Cybersecurity is further complicated by the increasingly connected nature of technology, known as the internet of things.

“The internet of things is all the different devices that are becoming connected these days,” said Matthew Wright, director of the Center for Cybersecurity at RIT. While having an entirely wireless and connected home feels like a convenient extension of smart technology, the reality can be deeply problematic.

“If you have a reasonably secure laptop, it might not be so easy to break in. But maybe I can get into your smart refrigerator," said Wright.

“If you have a reasonably secure laptop, it might not be so easy to break in. But maybe I can get into your smart refrigerator," said Wright. "Unlike most computers, [they’re] harder to update those as often.”

Although we have become exponentially more connected with technology, attitudes toward cybersecurity have yet to catch up. Many users are vulnerable to attack and ignorant of the risks.

“This is kind of creeping in on us, and I don't think we're really addressing [it],” said Mislan.

A haphazard approach to security can have dire consequences for a company and its customers. In 2013, hackers installed a rudimentary malware onto Target’s payment system just days before Thanksgiving. Although the company was notified by a malware detection program, it refrained from taking action. This led to the theft of 40 million credit card numbers and 70 million pieces of personal information.

“Every time you accept a new technology into your life, do everything you can to protect yourself,” said Mislan. As an example, he brought up internet protocol (IP) cameras — home security cameras that are internet enabled — as an example of vulnerability. IP cameras come with a default password, something that many owners forget to change.

“If you don’t change [the password], and most people don’t, it becomes a product of a website called Insecam,” said Mislan.

Insecam allows anyone to view unsecured IP cameras worldwide. The result is a deeply disturbing visualization of how important cybersecurity really is. By clicking a couple of links, I was able to watch a dog in New Jersey jump onto the living room couch while its owner was gone. The only ones who know what happened are me, the dog and anyone voyeuristic enough to be watching.

But even if you are forward-thinking enough to adopt necessary security measures, no one is ever completely secure.

“You can install your virus scanner, but for every wall, there’s a ladder,” warned Mislan. “And there will always be a taller ladder.”

“You can install your virus scanner, but for every wall, there’s a ladder,” warned Mislan. “And there will always be a taller ladder.”

This is the difficulty of teaching cybersecurity in an academic setting: how can someone learn to defend against an intangible enemy that is constantly changing and evolving?

“The thing that we try to have the students really get out of it is ‘What are the fundamentals?’” said Wright. This includes learning about the methods and ethics of penetration testing, which is an intentional attack on a system to determine its security weak points so that malicious hackers can’t exploit them. 

Despite such attackers' prowess, people can still protect their online assets without a degree in cybersecurity. Multi-step authentication can do a great deal for security. An example of this would be a thumbprint along with a password to unlock your phone, or an email notification alerting you to a new device accessing your account.

“The more ways you can try to secure, the better,” explained Mislan. However, the most important tool the average person has against these attacks may perhaps be decidedly low-tech: our gut. Although our basic human nature makes us ripe for online exploitation, it can also be greatest asset.

“Emails are the starting point for something like 80 or 90 percent of compromises,” noted Wright. Phishing, by which a person is tricked into entering their personal information into a fake website, is often executed through email. 

“You’re not really paying attention, you enter in your name and password and before you know it, someone’s taking money out of your bank account,” said Wright. In this way, a single lapse of judgement or careless move could cost you immeasurably. So if you see something out of place, take a minute to verify that it’s your bank and not a sociopathic teenager in Belarus trying to steal your credit card.

"Be vigilant,” said Mislan. “It’s a judgement call. It’s an instinct. It all boils down to that.”

There’s no telling where technology and cybersecurity will go in the next decade. Think of how important your smartphone — a piece of technology that has only achieved mainstream use in the past decade — has become to your life. But while the tech may change, the people who use it are a constant. As long as there are people, there will be some who wish to exploit and attack the more vulnerable among us. All we can do is prepare accordingly and hope our password has enough characters in it to keep our lives from financial ruination.