Cyber Security Through The Years
It doesn’t seem like much time passes between agencies breaking news around the latest privacy and data breaches of major brands. Cyber attacks on companies like Yahoo, Equifax, Sony and others seem to be the norm nowadays, but while the frequency of these reports has ramped up dramatically they’re definitely not a new occurrence.
They only seem “new” because of how rapidly media and news spread in today’s connected world.
Unfortunately, the very thing used to rapidly spread news and educational information is also at the center of the greatest threat to personal privacy that people have ever faced. The very nature of how the internet facilitates communication is what has allowed some of the greatest cyber security events in history to take place.
By and large, the internet is a public domain. There are securities and precautions in place, but those don’t protect every access point, server, or the data being transmitted. Anyone can access the web, for any purpose, including those who have every intention of committing a crime.
That’s certainly not what was envisioned in the early days of the web.
Where It All Started – The Dawn of The Internet
There’s no way to credit the creation of the internet we know today to a single person. A technology with so many “moving parts”, even in its early days, owes credit to a multitude of researchers, engineers, and scientists.
In fact, long before we had the technology to make the internet work even on a local level scientists were already hypothesizing about globally connected information and vast networks where data would be shared. In the early 1900’s, Nikola Tesla brought up the concept of a worldwide wireless system. In the 1940’s Paul Otlet and Vannevar Bush conceived a system that allowed books and media to be stored and searchable.
In 1949, Hungarian scientist Jon Von Neumann published The Theory of Self Reproducing Automata. This work was considered the first real look into the world of developing what we know call computer viruses. While dated, his material was still used later as a basis for developing self-replicating software.
Look farther head into the 1960’s and you’ll find where MIT’s J.C.R. Licklider began exploring the possibility of an “intergalactic network” of computers. The more the idea spread, the stronger the foothold among scientists. In the late 60s, scientists developed “packet switching,” a method used to transmit data electronically.
According to Donald Davies, a researcher with Britain’s National Physical Laboratory during the 1960’s, packet switching was like chopping blocks of data into much smaller chunks that would make transmission easier – to the point that multiple users could all have access through the same line allowing for a more efficient use of the then limited resources.
That technology became a building block for the web as we know it today.
Each of these ideas, theories, and discoveries are rooted in developing technology that benefit mankind on a professional and academic level.
In 1969, ARPANET was developed based on that packet-switching technology. While it was an effort supported by the United States Department of Defense, the developers of ARPANET wanted to make communication between universities and laboratories across the U.S. more convenient.
They also wanted to protect the method in which they were transferring data and communicating. Prior to this form of networking, entities communicated through direct connections. In the event of a major conflict any disruption in those connections would terminate communication. With a network, communication could still continue if portions of that network were disrupted or destroyed.
But like all things, it didn’t take long for corruption and criminality to set in.
ARPANET sent its first message across the network it created in 1969. By 1971, the first virus was created.
The Beginning of Cyber Security and Cyber Crime
In 1971, Bob Thomas created an experimental computer program designed to actively move between connected machines (DEC PDP-10 mainframe computers running the TENEX operating system) and simply display a teletype message “I’m the Creeper: catch me if you can.”
It wasn’t malicious in nature and caused no damage to the data or the systems it traveled through. In fact, the Creeper program even erased its older versions as it duplicated itself and moved through connected mainframes.
While it’s widely credited with being the first computer virus, there was no specific definition or concept of a computer virus so soon after the first networks had been created.
Following the creation of the Creeper program, Ray Tomlinson coded a program also designed to travel through the mainframes connected on the network with a singular purpose: remove the Creeper program. Tomlinson’s program, called Reaper, was designed with all the same behaviors of a virus but it targeted the unwanted Creeper software. Many believe this to be the first iteration of an antivirus program.
It’s also widely seen as marking the beginning of the history of cybercrime.
Security Issues From Day One
By 1973 there were already concerns over the security of the limited-scale network. Robert Metcalfe, an ARPANET engineer and founder of 3Com, issued warnings that the network was far too easy to access by outside parties citing a number of intrusions. Unfortunately, those intrusions were small scale – such as breaches by high school students. Because of the nature of the intrusion little attention was given.
At worst, individuals were gaining access in attempts to bypass phone network protocols or commit low-key telecommunications fraud. Had those in charge paid more attention to the potential hazards, we might have a seen a much different kind of internet develop over the last few decades.
As computers slowly gained mainstream attention and personal computers grew in popularity, curious minds began developing programs in the same vein of Bob Thomas’ Creeper virus.
In 1981, 15 year old Rich Skrenta developed a virus as a joke. Dubbed the “Elk Cloner”, his virus targeted Apple II computers and was spread via floppy disk. The virus was attached to a game. When the game was inserted it registered a counter. The 50th time the game was played the virus would trigger. Instead of playing the game, the screen would go blank then display a poem:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
To ensure the virus spread, it was also programmed in a way that if an uninfected floppy disk was inserted into the drive it would copy itself and the entire DOS onto the disk, allowing the spread to continue.
This was how many of the earliest viruses were transferred and spread – through floppy disk. As more programmers and enthusiasts became more knowledgeable, and technology evolved, they began looking for methods that would allow their programs to spread more quickly and with greater reach, such as through email.
In 1983, Fred Cohen coined the term “computer virus” in one of the first academic papers covering the topic. He defined it as software that could alter another computer device and possibly evolve into another version of itself. That definition was later updated to “code that recursively copies a possibly evolved version of itself.”
Three years later, the “Brain” virus was released. It was the first IBM compatible virus that wasn’t intentionally malicious. In fact, it was designed to protect against copyright infringement and replicate so the developers could track pirated copies of their heart monitoring program. Unfortunately, sometimes it used the last of the memory on an Apple floppy and made additional saves to the disk by other programs impossible. It wasn’t until the developers were inundated with phone calls from the UK, United States, and elsewhere that they realized how far the replicating program had traveled.
During this same period, in response to a growing awareness of cyber security and cyber threats, Congress passed The Computer Fraud and Abuse Act. This act intended to control and curb potential data theft, unauthorized access to networks, and a variety of other computer related crimes.
Those crafting programs weren’t just creating them as jokes anymore, and some of the viruses being created were being developed to be far more malicious in nature.
An Industry Is Born
1987 became a year to remember in cyber security. Within a year of Congress passing the Computer Fraud and Abuse Act, a number of developers and organizations emerge to combat the growing threat of viruses:
- Andres Luning and Kai Figge market their first antivirus for the Atari computer, launching G Data Software in the process
- Developers from Czechoslovakia release the NOD antivirus
- Flushpot and Anti4Us, the first heuristic antivirus, are released
- John McAfee forms the first antivirus company in the United States
- The Ultimate Virus Killer is released and sets the bar as the standard in antivirus programming
By 1989, many of the top names in antivirus technology come together and openly communicate through email/chat groups, sharing technology about how to push back threats, the discussion of new viruses, and more. Symantec launched the same year and by 1990 was the first software platform to include updates so the software could continue to protect against viruses that weren’t known when the software was released.
Cyber Threats Advance Alongside Technology
While the 90’s brought us into a new age of cyber security, with firms dedicated to protecting computers and data, it also brought us with more advanced platforms like AOL, new software for browsing, and add-ons like Flash that were intended to improve the user experience.
Unfortunately, each new invention to improve the internet unfortunately also gave virus developers and malicious programmers new channels for distribution along with new resources to work with. Many of the new platforms and add-ons were filled with vulnerabilities that compromised security to such a great extent that experts warned people against using them.
Add in the rapid growth of platforms like AOL and email and the 90s already brought about the dramatic rise in phishing scams along with an easy channel for the distribution of malware and viruses.
One of the larger threats that developed in the 90’s were the first web robots. These programs infiltrated computers acting as Trojans, silently running in the background and using the connected computers resources to perform actions online. When connected, this network of robots (botnet) would participate in distributed denial of service attacks that took down servers with a collective onslaught of activity.
By the year 2000, the web as we knew had evolved considerably. People once connected through dial-up, waiting for their computer to dial into a server, wade through busy signals, wait for the screeching sound of the digital handshake, and finally surf the web or chat. At the turn of the century, users were buying into the first available broadband. Always-on DSL connections allowed for faster speeds and no interruptions to online activity, but they also turned computers into an always-on and often unattended portal for hackers to utilize as a resource.
Around this time we also saw eCommerce begin to grow rapidly alongside data tracking. Where hackers and developers once saw opportunities to create destructive programs there was now something far more valuable.
Data, personal information, credit cards… it was all worth for more and there were plenty of shady groups and organizations willing to pay.
As internet use skyrocketed in the early 2000’s there was a constant flow of new data and personal information filling server banks online – more than the whole of what we had recorded up to that point in human history.
Cyber security wasn’t just about protecting computers from harmful viruses, ransomware, or invasive worms. It was now pertinent to protect people’s information from invasive spyware and adware.
What’s worse is as the number of internet users skyrocketed, so too did the number of crimes being committed – much like a rapidly growing city with insufficient police coverage.
Just how bad was it?
In 1994, AV Test had logged just 28,613 unique malware programs to its database. By 2005, the company reported its database had grown to 333,425. That’s an increase of 1100% in just 10 years.
By 2007, its database had grown to more than 5 million unique malware programs logged.
In 2014, multiple firms tracking the development of malware and logging malicious software revealed that as many as 500k new malware programs were being detected each day.
The proliferation of cyber threats has resulted in admirable efforts to meet the problem on every front. Cyber security brands have advanced technology enough to virtually bury unwanted and unsafe email, screen content for malware and threats as its being uploaded to the cloud (included file sharing services), and they’ve even gone so far as to recommend whitelisting through antivirus programs.
With whitelisting in place, the software only allows approved software from trusted sources to be installed and operate. If it’s not on the list, it’s blocked.
But here’s the rub: cyber security today is a lot different from cyber security and the concerns experts had 30+ years ago… or even 10 years ago. Today, consumers have every reason to be as concerned about private companies as they do about hackers.
Especially when hackers have set their sites on major organizations in an effort to steal as much data as possible. We only hear about major brands because they’re news worthy, but in truth more than 4,500 breaches have been made public since 2005. According to the 2015 Verizon Data Breach Investigations Report, over 2,100 individual breaches occurred among various companies in 2014 alone, compromising more than 700 million records.
Just look at a handful of the data breaches that have occurred since 2005, taken from a detailed infographic shared by Slate:
- AOL (92 million records compromised)
- Citigroup (3.5 million records compromised)
- TJ Maxx (94 million records compromised)
- US Military (76 million records compromised)
- TD Ameritrade (6.3 million records compromised)
- Heartland (130 million records compromised)
- Sony Playstation Network (77 million records compromised)
- Blizzard Entertainment (14 million records compromised)
- Apple (12.3 million records compromised)
- Evernote (50 million records compromised)
- Living Social (50 million records compromised)
- Yahoo (22 million records compromised)
- Facebook (6 million records compromised)
These data breaches come as a result of hacks, accidental publication, mishandling of records, inside jobs, lost or stolen hardware, poor security, and malware.
And that doesn’t even take into account the numerous cases of companies silently compiling user data and selling or sharing it with 3rd parties… which brings to question what’s to come as cyber security evolves. While experts and organizations work endlessly to provide protection against malware, what kind of changes will occur in cyber security to protect personal and professional records from the companies who violate privacy rates?
One thing that’s notable about the evolution of cyber security; the industry has spent many years in a reactive position, tackling threats as they arise and creating fixes for viruses and malware after they’d been released. In the wake of zero-day attacks and companies staying silent after breaches occur, we’re seeing a greater shift toward a proactive approach to cyber security. Rather than waiting for an attack or breach to occur, organizations are developing ways to head off the threats and eliminate opportunities before the attacks can take place. The best way to protect yourself as technology continues to advance at a rapid pace is to utilize the best rated antivirus software, safe-guard your personal information and be mindful of where you share it, and make smart choices about links you click and files you access on the web.