Revenge hacking encompasses the expansive set of motivations behind cybercrime. Every victimized industry has seen some form of cyber-attack backed that links back to their own hostile actions or policies toward the attackers.

Motives range from low profile disgruntled ex-employees to self-publicizing groups like Anonymous providing occasional media updates about their attacks on ISIS cybertargets. Sovereign states have long been suspected of hacking behavior and even Vladmir Putin is reported to be in on the act. Sexual revenge or jealousy was behind the infamous theft of subscriber data from the dating site Ashley Madison, specifically set up to facilitate affairs involving married individuals.

The latest set story circles around the Buzzfeed hack that surfaced in retaliation for identifying an alleged Saudi Arabian member of the OneMore hacking group.

Revenge hacking is not confined to the “outlaws”. Corporations have occasionally felt the urge to strike back at their tormentors, which is probably illegal everywhere in the world. Sometimes it’s considered as a pre-emptive strike to ward off a perceived threat. However, taking out a target server that appears to be the source of a threat could be extremely ill-advised. That server could be a component of a public utility, hospital, municipal authority or anything really. Hackers can compromise a server and use it as a proxy for launching attacks originating from half way across the globe.

No network or website can prevent hacking attempts from taking place. Even brand new simple WordPress blog sites are not immune. Automated systems are constantly probing for easily cracked access credentials. Such systems cost practically nothing to run and represent the bottom end of the attack spectrum. Strong passwords represent the simple and obvious defense, easily available through free online password generators.

At the other end of the scale are what could be considered “professional hackers” and the criminal element. Technically minded individuals with varying degrees of talent but with time on their hands occupy the middle ground. Large corporations present a happy hunting ground because the bigger the IT infrastructure, the greater the number of attack surfaces to be explored and exploited. This is the constant battleground between the security experts and technologies that form the defensive zone, and the attackers.

There is no central record for collating data on thwarted hacking attacks. That makes it impossible to measure the success levels of the security defenses. Security teams are only as good as their last failure, as in many walks of life. However, despite the high-profile names of the victims, the count of those that have not yet suffered the same fate greatly outnumbers the number of victims.

Every new technology and every new online service is highly likely to contain security vulnerabilities. The incessant drive to deliver newer functionality to outstrip the competition will constantly expose weaknesses. New functionality means new systems being exposed. The reality is that the game is loaded in favor of the hackers, who only have to breach a security system once to reach the prize and the headlines.

Corporations will continue to spend on security measures because there is no other option if they are to remain ahead of the risk of attack. Add the unpredictable nature of motivation for revenge hacking and the element of surprise is added to the mix. The only unknown is the motive for the next high profile attack.

In the midst of all the hype surrounding next-gen automobile capabilities featured on Tesla vehicles, the company receives its share of bad press when something goes wrong with a sci-fi Tesla feature. Last week was no different, when one Shanghai-based Internet security firm demonstrated vulnerabilities in the Tesla software and performed unauthorized remote control on Tesla cars.

What is startling about these latest exploits is the range of actions that hackers managed to trigger remotely, some while the car was in motion, and one from 12 miles distant.

Here’s what the white hat hackers at Keen Security were able to achieve:

1. On the research car when parked up, they remotely operated the sunroof, the indicator lights and adjusted the position and vertical tilt of the car seat.

The team claimed they had researched several Tesla models and, to demonstrate that claim, they exploited a brand new Tesla S75D to which they had not previously had physical access.

2. While parked up and switched off, with the driver searching for the nearest charging station, the team remotely took control of the system using a laptop and planted a hacked message on the display consoles to prove the point. The driver was unable to regain use of the screens. Then they the unlocked the driver’s door remotely, from the laptop.

The more alarming exploits were demonstrated on the vehicle while it was in motion.

3. From a laptop inside the car, the security researcher was able to switch on the windscreen wipers. Then indicator control was hacked during a lane change maneuver and the researcher was able to fold the wing mirror closed.

A vivid visual came next, again while the car was in motion.

4. From the laptop, the researcher was able to unlock the trunk, which flew open in an abrupt and startling manner when viewed from inside the vehicle.

The final demonstration was the most unsettling. While the previous exploits were amusing and in the parlor game category, none of them could be considered life threatening to other road users.

5. From an office 12 miles away, the researcher was able to remotely activate the emergency stop brake on a moving car. The effect was quite dramatic on the occupants. It was a fitting finale to an extremely interesting demonstration.

Connected cars loaded with automated functionality have already become a commonplace in the world of automobile research and development. Drivers are relieved of mundane tasks that otherwise keep drivers engaged in a traditional car, which means that Tesla drivers are not always in full control of their machines. The recent exploits therefore pose extremely high-risk to Tesla passengers. The security research firm, Keen Security, published a blog article and video detailing their exploits.

It should be noted that it took the Keen Security team many months of focused investigation to uncover the secrets for these contactless remote access exploits. However, it’s not the first time such exploits have been discovered.

Last year, a Tesla was exploited via its entertainment system and there were previous exploits before that. The general consensus is that the Tesla software is now very difficult to crack and that can only be a good thing. Tesla has already updated the firmware and owners are urged to download it as a matter of urgency. Not that your average computer geek will be easily able to uncover exploits. The guys at Keen Security are the crème de la crème of geekdom in that they dedicate 12 hours a day to their chosen career and insist that they work only on the side of the angels.

The best solution for now: Update the Tesla software with (some) patches to these vulnerabilities.

It’s hard to believe that Dropbox is almost 10 years old. It seems to have been around forever. It’s now a $10 billion cap corporation and as close to being a household name as something as mundane as data storage can get for an operation.

The numbers are staggering. Almost 500 million of us use it or have used it at some point. That means a major chunk of social responsibility for Drobox to maintain the robust and impenetrable security required and expected by all us users. But they dropped the ball back in 2012. Security was penetrated and some 68+ million email addresses and hashed (scrambled) passwords were stolen. Fortunately, the repercussions have not been as bad as they could have been because of the scrambled nature of the passwords.

Dropbox advised users to change their passwords at the time but PR and reputation damage limitation now seems to have been uppermost on the priorities list. Last week, four years later, we are told that 60 million users were affected.

The thing is that all of us regular consumers who use online services of any description still have the mentality of the free Internet. We really don’t like paying very much and we are astounded if the service is not rock solid and utterly professional for our $5/mth or whatever.

Many of us, even hardened IT veterans, have not taken on board the vital necessity of using strong, secure passwords. The “it happens to other people, not to me” mentality is deadly because when it does happen, the impact can be scarily bad. I wonder how many people use Dropbox as their automatic backup for their laptops and devices? And of those, how many keep confidential documents like passport scans and bank account details (yes, even passwords too) in a Notepad file. Everything is probably replicated at Dropbox and, over time, users can forget that fact and forget that the security of their data has a massive dependency on an outside agent that is under constant security attack.

The incident at Dropbox stemmed from one user whose email account was hacked. The intruder then managed to locate and retrieve four files that contained the data. The lesson here is that every touchpoint with the outside world is a potential vulnerability. Every corporation invests significantly in security expertise but the defenders have to win 100% of the time 24/7/365. The attackers need to get lucky only once. And passwords with their very human creators and maintainers are still one of the weakest links.

Enterprises do instigate password security processes, such as encouraging users to change passwords frequently. However, users typically access a number of different applications, each of which requires a password, so the temptation to take the convenient route of weak but memorable passwords and reusing them is a constant. It is the individual that needs to change, and changing one’s habits is not something that can be done without an internal driver. That driver does not exist for too many of us.

Dropbox has moved to restrict the downside from the incident. It encourages users to adopt their two-step authentication process, which is a must-do no-brainer for any users of the service who have been made aware of it. Dropbox and their user base were lucky on this occasion because the stolen passwords were salted (obfuscated with a secret text string) before hashing, which means that cracking them is unlikely. However, they are now out there and may be cracked one day. Therefore any reuse of a password that was used for a Dropbox account should be changed immediately.

It goes to show that, as users of Internet services, we simply must take nothing for granted. Any service is a potential victim of a security breach.

If we truly want to create a virtual Fort Knox for our critical and sensitive data, images, plans, or anything else that is in digital format – the best way (and according to many experts, the only way) is to encrypt the data and hold those encryption keys ourselves. Stay tuned for some announcements from us at Scram Software on how we’ll make it easy for you to do exactly that.