How to Survive the Year of the Hack

RELATED: Anonymous Knocks Australian Spy Site Offline in Digital Protest

What It Looks Like: This is another, more clandestine way to get people to download malware, and that was likely the type of hack (probably from China) that infiltrated the internal servers at Facebook, Apple, and possibly Twitter, as the companies reported, like dominoes, in February. This type of hack doesn't target an individual but a website that many individuals visit — you know, like when the people visit the watering hole. When trying to target Facebook's developers, for example, hackers planted "malicious code injected into the HTML of the site used an exploit in Oracle's Java plug-in," as AllThingsD's Mike Isaac explained. 

Fear Factor: High. Once you visit an infected site, well, that's pretty much the end of the attack. That's the thing that trips up a lot of people writing about and spreading fears around hacking, and the Facebooks and Twitters of the world are pretty good at protecting their accounts when they get played. But if you're looking for a solution, a lot of people have suggested that getting rid of Java might help your situation, since a lot of malware exploits that code deployment platform. Then again, it might not really be that easy, since the malware spreads so fast and to such large sites. 

What It Looks Like: Denial-of-service attacks have received a lot of attention this week because of the fight between Spamhaus and Cyberbunker, which resulted in the biggest ever DDoS attack ever. These rapid-fire attacks, which infect computers with malware to overwhelm and then shut down websites, were also responsible for the big bank attacks over the last few months, including Thursday's AmEx breach, which likely came from an Iranian hacker group called the Izz ad-Din al-Qassam Cyber Fighters. That South Korean hack the other day from North Korea was also likely of the DDoS variety. And denials of service are getting more powerful. The AmEx hack, for example, infected "infected powerful, commercial data centers with sophisticated malware and directed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack," as The New York Times's Nicole Perlroth and David Sanger explain.

Fear Factor: Very High. While some have accused the Times of being sensationalist with its use of "cyber warfare," the DDoS attacks have become more and more powerful, which is cause for concern. There are ways to close certain holes on the web's DNS servers that could ease the flood of relatively tame denial-of-service attacks, but when it comes to national security the U.S. is no match for China's hackers, who are trying to take down some of America's most crucial infrastructure. President Obama acknowledged the threat in his State of the Union address and recently met with major business leaders about cyber attacks. In addition to clandestine efforts to fight back against China's cyber fighters, though, the White House is now looking at something like sanctions: The latest government funding bill would make it harder for Chinese companies to sell tech products to a few federal agencies, according to Politico, although that's only minorly comforting. But Obama has ordered cyber attacks on Iran, after the famous Stuxnet worm targeted U.S. computer infrastructure.

What It Looks Like: Nothing like a vague legal term to get the people talking. "Unauthorized access" can blanket pretty much any computer related crime, as federal investigators have made blatantly clear in the high-profile cases of three men facing lots of prison time for not a lot of hacking. In theory, "unauthorized access" means getting into a person or an organization's computer even though you're not supposed to — even though that's pretty much the point of hacking. But the term has been used very differently in accusing each of the three men: Swartz literally went inside an MIT server room and assigned himself IP addresses, Keys gave up some access to the content management system of the Los Angeles Times website, and it's not even clear what Weev accessed without authority. Many, many people, from inside the hacking community and out, have accused the government of using the "unauthorized access" charge to prove a point.

Fear Factor: Low. The scary part is how vague the definition of a not scary hacking act has become. Authorities and bigger organizations and businesses tend to fear these kinds of attacks more than individuals, because it's usually the individuals (or Anonymous) use the highly illegal tactics to make often mundane points of their own. 

What It Looks Like: Forget cyber hacks, people are still hacking actual Internet cable lines! In an attempt to take an entire continent offline, three scuba diving hackers have now gone straight to the source and literally cut the chords in Egypt. 

Fear Factor: Medium. It's definitely the most effective way to take out an entire country or continent's Internet. But, it's pretty conspicuous and not very precise. You've got to be a pretty smart underwater hacker to be an effective one.

There are certainly other types of "hacks" out there, but this should help clarify things the next time you're facing three frightening headlines about technology in one newspaper. China isn't coming after your Netflix account. But you should still probably dump that stupid password, beef up your email and computer security, and avoid the MIT server room. And the North Koreans. Those guys are up to no good.