Listening to the echoes of cybersecurity history

Courtesy Gunnar Peterson at 1Raindrop

How we got here

  • In 1976 a book called Computer Capers documented this then-new and scary problem of computer crime. It addressed system vulnerabilities, theft of intellectual property and money, and insider threats.
  • In the mid-1980s The Cuckoo’s Egg was a detailed account of how a telephone billing discrepancy led to the discovery of Soviet intelligence using German hackers to exploit U.S. government and affiliated computer systems.
  • In 1998 series of attacks on DOD computers were detected. The prevailing theory at the time was a preemptive move on the part of the Iraqi government. Ultimately three teenagers with no political-military motivations were identified as the perpetrators.
  • In 2007 over 45 million credit and debit card details were lost in a data breach at TJX companies. At the time it was the largest loss of such data. The biggest breach before that? 40 million records in 2005 at CardSystems Solutions.
  • 1998: Joint Doctrine for Information Operations
  • 2003: National Strategy to Secure Cyberspace
  • 2006: National Infrastructure Protection Plan

Groundhog Day

  • Not a day goes by without yet-another story in the media of how vulnerabilities in computer systems are exploited for at the expense of the legitimate system owner; stories that are indistinguishable from those captured in Computer Capers, a book that is forty years old.
  • 30 years ago, Dr. Stoll related in The Cuckoo’s Egg of how he tried to get both domestic and international law enforcement agencies, intelligence agencies, and private industry to work together to catch the Hanover Hackers. Anyone who works a computer crime case today finds themselves fighting those same battles.
  • Exploiting vulnerabilities in widely-used code was a new thing when the Morris Worm ran roughshod over the Internet in the 80s, yet things like Heartbleed and Shellshock are treated like something novel.

Breaking the cycle

  • Study and appreciate our history. Security was being done before the Internet was a thing. If names like Parker and Neumann are unknown to you, you’ve not gone nearly far back enough.
  • Focus on gaining ground, not scoring points. Like football, this is a business of inches. Make enough small gains and you’ll be surprised where you end up; try to be Doug Flutie every day and you’re going to be sorely disappointed.
  • Aim for the center mass. Your solution for some edge-case may earn you nerd street cred, but it is not going to improve the situation for the 99%. The things that make a real difference are usually the most unglamorous and mundane.
  • Give some thought to design and usability. The people who need the most help when it comes to security will not use the command line. Elegant code that doesn’t get used is not a solution, it’s a hobby.

--

--

--

CxO at Senrio, Kyrus Tech, Carbon Black, Syndis. Former soldier and intelligence officer.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

About our Digital Identity and Data Proe

#SuperDopePunks

GT-Protocol Community Round/Infinity Pad CAMPAIGN IS OPEN NOW

{UPDATE} クイズde料理 Hack Free Resources Generator

Cybersecurity Basics for Beginners

CertiK Security Audit — COMPLETE!

How to Win at “Hack The Box”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Tanji

Michael Tanji

CxO at Senrio, Kyrus Tech, Carbon Black, Syndis. Former soldier and intelligence officer.

More from Medium

Cybersecurity: The Big Picture

[Some Interesting] Cloud ‘n Sec news: 25th Mar 22

What is ARP in Networking?

Cyber Security