Risk is everywhere.  The internet is everywhere.  Therefore the internet is risk … and vice versa.  Q.E.D.

Seriously, you can barely turn around without stubbing your toe on yet another story about how some company or bureaucracy “lost” a couple million social security numbers or credit card numbers.  Even the experts get in on the act.  In December 2011, it was reported that an Austin, TX-based security firm was hacked by Anonymous:

The personal information of thousands of credit cards users has been compromised after a loosely-knit hacking group called Anonymous struck global security firm Stratfor last weekend.

Now, if a security firm with a name like “Stratfor” can be hacked … then our personal and small business systems certainly must be at risk.  When assessing security risks, we look at what we are trying to protect and who would be attacking and why they are attacking.

What we are trying to protect includes:

  • Your financial information (e.g. bank account information)
  • Your customers’ financial information (e.g. credit card numbers)
  • Information that leads to valuable information (e.g. your passwords)
  • Your privacy

Who are attacking?  Well, bad people.  People who do not respect your privacy, your property, or yourself.  People who would harm you or your loved ones to satisfy themselves or just because they can.  Immoral or amoral people who do things just because they can.

  • Hackers –  solve tricky problems quickly through (ad hoc) programming.  These folks aren’t necessarily bad — in fact there is a certification process for “ethical hackers”.  That said, they create an ecosystem wherein the bad guys can flourish.
  • Crackers –  break software for nefarious ends.  These guys know how to exploit badly written software running on your computer.  They can run whatever program they want on your machine without your knowledge or permission.
  • Malicious hackers – hackers, but with bad intentions.  This is the necessarily bad version of the folks above (see the word “malicious”?).  There is a lot of overlap between the crackers and the malicious hackers.  The cracker figures out how to break the system; the malicious hacker uses that knowledge to actually do it.
  • Script kiddies – download, build and run other people’s programs with malicious intent.  These are the socially-challenged kids that you see perp-walked out of their parents’ houses followed by deputies carrying their computer(s).  Useful idiots for the crackers and malicious hackers.

Why would anybody spend the time and effort to attack your systems?   Remember, these are bad people.  Bad people who want to:

  • Steal your money
  • Steal your data
  • Steal your identity
  • Trash your website
  • Deny people the ability to access your website or your system
  • Use your computer to steal from others
  • Just jack with you

The last one is probably the most difficult one to comprehend.  Why would anybody spend the time and effort just to mess with some body else?  Well, in part that depends on how easy it is to mess with you.  That is, how easy you make it for them to mess with you.  It may also depend on how important you are or whether they have a personal issue with you.

Assuming you are not Mila Kunis and have not done anything to annoy people with these kinds of mad skills … then we are left with how easy a target you make yourself.

Next time we will look at the specific attacks that can be used … and then how to protect yourself from them.