Slasher or hacker? 2015's cyberthreats could have been horror flicks

They steal your identity, take control and can't be stopped. The year's cybersecurity threats were so frightening they made your skin crawl.

Laura Hautala Former Senior Writer

Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials

2022 Eddie Award for a single article in consumer technology

See full bio

Laura Hautala

Oct. 30, 2015 11:13 a.m. PT

4 min read

In 2015, hacking had a lot in common with horror flicks.
Chris Turner/Corbis

Beads of sweat form on your forehead. A growing dread gives way to fear, then panic as you come to the realization that someone -- you don't know who -- has gotten inside...

...your computer.

2015's hacks, exploits and breaches are the stuff of horror movies. Regardless of whether hackers targeted your computer or your online accounts, each attack has made our collective skin crawl. With tactics straight out of fright flicks, hackers imitated us and spilled our personal details. Not even our phones were safe; Android users were hit with a zombie bug that won't die.

The financial ramifications of the hacks have been huge. The breaches cost businesses and consumers a total of $445 billion in 2014, according to the Center for Strategic and International Studies. Analysts say hacks in 2015 cost businesses more than ever before.

"It's just kind of terrifying," Jasper Graham, chief executive of cybersecurity firm Darktrace, said of one hack that compromised hundreds of thousands of Social Security numbers. Security questions and passwords are no longer a defense, he said, adding that personal details on social media are often all hackers need to get into your accounts.

Here are the year's scariest attacks, and the creepy movies they remind us of.

IRS hack

Using stolen tidbits of information, like our mothers' maiden names, hackers logged into more than 150,000 IRS accounts and tried to get into even more. Armed with the data in those accounts, the hackers started taking over identities, just like Jennifer Jason Leigh's character did with her roommate in the 1992 flick "Single White Female."

The IRS reportedly handed over roughly $50 million in tax refunds to the hackers, believed to be in Russia, before it detected the breach.

Unlike Leigh's character, however, the hackers haven't gone after anyone with a meat hook... to the best of our knowledge.

Hammertoss malware

Malicious software on your computer could be mimicking your Web browsing habits to disguise itself from antihacking software and receive instructions on where to send your sensitive information. Known as Hammertoss, the malware gets its orders from hackers who put coded messages on Twitter and GitHub. Since you might check the same websites, Hammertoss' efforts to contact its hacker overlords look totally innocent.

No surprise if that mimicking sounds scarily familiar. Hammertoss is not unlike the space pods that invade a California town and reproduce its inhabitants, complete with memories and personalities, in the 1956 classic "Invasion of the Body Snatchers." The aliens, like the computer virus, go undetected.

Hammertoss, which researchers say was the work of Russian cyberspies, underscores how hard it is to detect hackers on the prowl in your computer system. In fact, researchers say bad actors go undetected for more than seven months on average.

And that's just the security breaches we actually know about.

Watch this: The security setting that the best hacker can't crack

01:02

Ashley Madison

In "Fatal Attraction," an extramarital affair comes back to haunt Michael Douglas' character in the form of an obsessed female played by Glenn Close. The users of adultery website Ashley Madison were confronted by their own infidelity too, when hackers dumped data from more than 30 million accounts. The account details were posted on the Internet in August, and soon extortionists started targeting the site's users.

One big difference: Ashley Madison's members are real people and the fallout was real, too.

"Tell your wife and kids you love them tonight," one Ashley Madison user wrote to Troy Hunt, who runs a service that alerts people to hacks. "I shall do the same, as I really don't know if I will have many more chances to do so."

The blackmailers demand money, Hunt said, "Otherwise, public humiliation." Hunt says the scammers are unlikely to follow through on their threats, but plenty of frightened victims pay up immediately.

Stagefright vulnerability

Stagefright gives hackers an easy backdoor into Android phones. By sending a text message, hackers can implant malicious code that can take control of the device. Worse, Stagefright is as hard to kill as the zombies in "The Walking Dead." That's because the fix has to go through multiple companies before it gets to your phone.

Google sent a patch to makers of Android phones months ago. But each manufacturer ships updates to their products on their own schedules, so there's no guarantee your phone is protected. Researchers from Zimperium, who discovered the flaw, believe half of current Android phones will never be patched.

The Stagefright flaw might be even scarier than zombies. Hackers with access to your phone could spy through the camera and microphone, or log passwords. Oh yeah, and unlike the reanimated dead, Stagefright is real.