Back in 2010, I described what I called the ‘first rule of the internet‘:
Against a sophisticated attacker, nothing connected to the internet is secure.
To this, I feel like I should add a second item:
Everything is internet now.
While there were once large numbers of electronic systems entirely disconnected from the internet, nowadays virtually everything is either connected to the internet constantly or occasionally connected to a device that is online. Your cell phone is probably always accessible to a sophisticated attacker using the internet, and the same is probably true for landlines using VoIP. Many of your computers are probably constantly connected to wireless networks (themselves targets for attack) and exposed to the wider internet through your broadband connection at all times.
Web integration with computers has reached the point that Google’s Chrome browser now treats ‘search’ and ‘GMail’ as apps within the Chrome environment.
The implication of combining the first and second rules is pretty plain. If you manage to attract the attention of a sophisticated attacker, they can probably get into the contents of your cell phone and your GMail account, as well as the hard drive of your PC and laptop, the ubiquitous webcams now built into computers, and so on. There is also a good chance they can take over your email, websites, Twitter accounts, and the like and use them for their own purposes.