If you have ever received email, at some point you may have opened an attachment, only to find it infected your computer with a virus. Email is one of a growing number of ways that hackers use to gain control of personal computers.
With the help of a virus or malicious software hackers can even make personal computers part of a larger robot network or "botnet" – that can be operated remotely and used for broader attacks.
(Graphic illustration of how a botnet can spread)
According to Randy Vickers, acting director of the Computer Emergency Readiness Team (CERT), Department of Homeland Security, many home computers simply don't have adequate, or updated, security software.
“We know good and well that Grandma Smith isn't the bad guy,” said Vickers. “That computer just happened to be compromised and it's just one of the zombies in a botnet, it's one of the hot points that some malicious actor is using.”
[See United States Security and Economic Review Commission’s Annual Report to Congress (pdf)]
More technology, more opportunities for hackers
Computer experts note that just as quickly as technology expands, hackers find ways to exploit it. That is why security software updates are so important, whether on home computers or government and corporate systems.
Vickers points to the earlier lack of now-common safety features in cars, saying cyber security is something many companies add only as problems develop.
"The first car that was built, if you look at the... even something as sophisticated as the Model-T, didn't have seat belts, didn't have a windshield,” says Vickers. “You hit something and ... but over time what have we done? We've learned to anticipate, based on what we've learned in the past."
Steve Lukasik, a national security expert who looks at cyber attack scenarios, says that once hackers get into a network, the range of possibilities are limitless. [see Lukasik on Reducing Threats to Users of the Global Cyber Commons (pdf)]
"I mean it's like, once you get past a guard gate in a building or at a facility, unless there are other locks and security check points, you can go anywhere," Lukasik added.
Threats to critical infrastructure
One of the attack scenarios that Lukasik has studied in depth is a possible attack on infrastructure, such as a power plant and electrical grid.
"The essence of a cyber attack is to break things. Now that's somewhat different from what a lot of people are concerned about,” Lukasik adds. “But if you want to do damage to a country you have to bring things down in a way that makes the recovery time long."
A 2007 U.S. government video of a simulated hacker attack on the electrical power grid shows just how destructive such an event could be.
(Video of turbine reaction to simulated hacker attack)
In the video, the massive turbine first spews out white smoke, then jolts suddenly, and then more smoke comes pouring out as the system is brought to a complete halt. Lukasik says that one attack like this might not be a big problem, but many attacks could be catastrophic.
"If you were to do this 500 times in the course of a day or week or something, the electric power generator manufacturing capacity would say, 'Thank you very much, we'll put you on a list and I think we'll be able to deliver something by May of 2013'," said national security expert Steve Lukasik.
He says that while making preparations to defend critical infrastructure systems such as the electrical and communication system is crucial, there is no one solution in the fight against cyber threats.
Winning, experts say, is more a matter of shoring up critical infrastructure, having the agility to adapt and keep up with attacks as they arise. Fighting cyber threats, they say, is a constant battle that never ends.