Stop me if this sounds familiar: A lone face, illuminated only by the light of their multiple computer screens, types furiously as multiple windows of Matrix-esque code open and close in front of them. Sweat drips down their forehead as a progress bar approaches 99 per cent. Their furious typing reaches a crescendo as the soundtrack swells dramatically, before finally reaching its peak: 100 per cent. “I’m in.”
Be it CSI, NCIS, or another acronymic police procedural, the figure of the ‘genius hacker’ has become a ubiquitous plot cliché. However, in recent times hacking has been gracing our screens for a different and more sinister reason. Allegations that Russian hackers may have interfered in the 2016 US presidential election rocked the political landscape and cast doubt over the integrity of our political system. Just this month, Lloyds Banking Group suffered a massive breach of its online security, three men were jailed after stealing over £2 million through ATM hacking, and the perpetrator of 2014’s hacks on the personal phones of celebrities, including Jennifer Lawrence and Taylor Swift, was jailed for nine months.
For all the headlines, however, very few of us understand how these attacks actually take place. We entrust all of our personal information to myriad devices, websites, and businesses, and have to rely on faith that our personal information – photos, videos, bank details, text messages, emails – will be secure. As technology and the internet become ever more omnipresent in our day-to-day lives, cybersecurity is going to (or has already) become as important to us as the physical locks on our homes, vehicles, and safes.
However, there is a vital difference between the physical locks we use every day and the cryptographic locks companies use to safeguard our personal information. It is relatively easy to make a spare or replacement key for a physical lock – but doing so for a laptop or mobile phone, as the FBI found out in the case of the 2015 San Bernadino shooter’s iPhone, carries much more risk. Apple’s refusal to create a ‘back-door’ to access data on a locked iPhone was lambasted by many, including FBI Director James Comey – who bafflingly compared Apple’s security measures to a “vicious guard dog” – and The Donald himself, advocating a boycott of all Apple products.
The truth was much more complex. Building a ‘back-door’ into Apple’s stringent, encrypted security would not only have been potentially irreversible, but it would also have jeopardised the security of millions of users’ personal data. As Apple CEO Tim Cook explained to ABC News, “No-one, I don’t believe, would want a master key built that would turn hundreds of millions of locks. Even if that key were in the possession of the person that you trust the most, that key can be stolen.” He went on to describe the requisite software as “the software equivalent of cancer”.
Cook’s analogy is apt. For all its sleek, sexy allure for budding TV writers, the term ‘hacking’ actually betrays the far cruder truth – that often, the process of accessing personal data involves bashing it from all sides until the protections surrounding it break. This type of attack is called a Distributed Denial of Services attack, or DDoS, and is by far the most common form of cyber-attack, usually perpetrated against large websites or corporations: huge breaches at Sony, Tesco, Lloyds, and Yahoo have all been DDoS attacks. The Denial of Service is typically achieved by bombarding the target with superfluous requests in an attempt to overload it. This can prevent access to bank accounts, credit cards, or online gaming accounts – and provide a sufficient smokescreen to steal personal information.
The term ‘computer virus’ was coined by Michel Crichton in his 1973 film, Westworld – a film with a degree of eerie prescience that might be responsible for its recent revival as a TV serial on HBO. Four decades later, computer viruses are still one of the means by which a cyber-criminal can attempt to gain access to ‘secure’ data. Particularly popular are those known as ‘keyloggers’, which covertly record the keystrokes of a computer user, including passwords, PINs, and security question responses. All it takes is for the victim to unintentionally click one wrong link, either in a fraudulent email or online.
At the heart of this issue is an ongoing, constant battle between hackers, who are constantly finding new exploits and bugs in software, and companies like Apple, Samsung, and Microsoft are constantly updating their software to guard against them. Regular software updates can seem like a pain, and many people tend to delay updates until it begins to inconvenience their ability to send Snapchats or play Clash of Clans. Do so at your own peril, however: the hacker is only a few steps behind