Let’s Do the Time Warp!
Nothing could be more fitting to recap the colorful history of information security than the wonderfully off-kilter theatre of The Rocky Horror Picture Show. What a ride it’s been! The story of our craft now spans at least four decades (depending on how you count it), each one with its own hallmark events and memorable characters.
In order to commemorate Symantec’s 25th year of business, we thought we’d invite you to do the time warp with us. This is the first of a series of blogs that will go back and review the history of Internet security, stretching back to the 70s and all the way up the current age of rampant phishing, rootkits, splogs and SPIT.
The deepest definition of youth is life as yet untouched by tragedy. ~ Alfred North Whitehead
Indeed, the 70s were a time in information security largely untouched by digital calamity but marked by exploration of emerging telecommunications technology. Outside of blowing a vacuum tube or spilling your coffee on a stack of punch cards, the battle back in the days of Nixon had a lot more to do with making things work than thwarting the wily hacker. Nonetheless, hacking the phone system took center stage during this time as phreaking (phone hacking) hit the scene courtesy of the first modern hackers and the folks who set about trying to keep them from making free calls to Guam and other shenanigans. John Draper, a.k.a. Captain Crunch, is credited with the inception of the phreaking era. You might be surprised that a very mainstream duo is a part of our fairly esoteric history: none other than Apple’s Jobs and Wozniak made and sold “blue box” devices for tweaking the nose of telcos by scoring free payphone services.
We live in a Newtonian world of Einsteinian physics ruled by Frankenstein logic. ~ David Russell
Enter the 80s: a patchwork quilt of events marked by technological advancement that Newton and Einstein would no doubt have been proud of, but an odd menagerie of happenings more suitable for Frankenstein’s cobbled-together persona. For starters, computer clubs were forming, one of the most notable being Germany’s Chaos Computer Club. Not to be outdone in the realm of adolescently ominous names, the pimply-faced “Legion of Doom” stepped into the fray, as well as the outlandish “Cult of the Dead Cow”. This decade ushered in the era of malware, marking the first virus, named “Brain”, in ’86 as well as the infamous Morris Worm in ’88. Importantly, the Computer Fraud & Abuse Act was instituted in 1986 and Kevin Poulsen brought hacking into mainstream public consciousness as he scored pole position on an episode of America’s Most Wanted.
My favorite thing about the Internet is that you get to go into the private world of real creeps without having to smell them. ~ Penn Jillette
The 90s were a decade where the real creeps joined us on the Internet and resulted in the dawn of the modern information security industry. Notable threats of the 90s included the Michelangelo virus, Melissa, and Concept. Distributed denial of service attacks and the bots that made them possible were also born in the 90s, with names like Trin00, Tribal Flood network, and Stacheldracht. Beyond malware, AOL suffered through the first real phishing attacks as fraudsters aimed at nabbing user’s credentials. Privacy watchdogs called out in concern as tracking cookies were born, allowing ad networks to monitor user surfing behaviors in a rudimentary fashion. Big personalities and tall-tales marked the 90s, from the L0pht crew and Masters of Deception to hacker anti-hero Kevin Mitnick.
I don't have a bank account, because I don't know my mother's maiden name. ~ Paula Poundstone
The creeps of the 90s turned into criminals of the 00s, with only hardcore Luddites like Paula Poundstone safely able to ignore the onslaught of money-motivated online attacks. Adware and spyware kicked off the decade with their rogue marketeering and digital shoulder-surfing. Programs such as Conducent TimeSink, Aureate/Radiate and Comet Cursor were early players in the adware/spyware games that marked the first half of the decade and simmer on across the globe.
Perhaps even more visible than adware and spyware were the aggressively self-propagating malware that the 00s have brought us. Big name threats such as Code Red, Nimda, Welchia, and Slammer all showed us that unpatched machines and weak firewall policies were no match for rapid-fire vulnerability exploitation from self-replicating malware. While we were busy cleaning up from the mess left behind by those worms, phishers were busily preparing their onslaught on trusted brands in the United States and well beyond.
Conventional wisdom dictated that you shouldn’t be quick to click on email attachments, but it soon came to include a healthy suspicion of any email message purporting to be from an online service with embedded URLs. The era of phishing and malicious Web sites was upon us. And this is the decade where our time warp steps up to warp speed—zero day attacks, rootkits, rogue antispyware, SPIM, clickfraud and other attacks all made their mainstream debut in the current decade.
Step Right Up...
So come aboard our time machine and sit back for the next several weeks, as this blog series maps out the personalities and events of the last 30 years over the weeks that come. Enjoy the ride!
For more on Symantec's 25th anniversary, click here