Henry Ea
In a new digital era, cybersecurity is about more than just firewalls and antivirus software. Every employee, client, and connected device presents a potential vulnerability. So, what does it take to protect client trust and a firm’s integrity?
The year was 1988, and the world was on the cusp of a digital revolution. But before the internet could truly connect us all, something else began to spread; an invisible, insidious force born in the quiet hum of servers at NASA Ames Research Center. At the time, there was speculation that it had slipped out of California, a whisper of code travelling on the nascent electronic mail networks, and then it had exploded. Across America, it moved, a phantom contagion infecting machines in its wake.
“It spread very quickly,” exclaimed Mark Eichin, an MIT student and self-proclaimed part-time virus hunter, his voice a mix of awe and alarm. “We believe it was intended to spread more slowly than it did, so that it wouldn’t be noticed as quickly.”
But it was noticed. Soon, the news channels were buzzing. “There are reports in newspapers today that it has made its way to Europe and to Australia,” announced James D. Bruce, an MIT professor.
It arrived at MIT in the dead of night, a silent intruder. “It just ran. It would enter your machine, it would do its thing, it would go to other machines,” a student recounted with frantic energy. Yet, amidst the chaos, a strange consensus began to form. “It’s benign. It’s not malicious. It attempts to do no damage besides propagate itself, and that’s why I think it’s a warning.”
“My personal speculation is that this is somebody who is trying to warn people,” another mused, “to say, ‘it can happen to you’.”
That “somebody” was Robert Tappan Morris, at the time a graduate student and this was the dawn of the infamous Morris Worm, the first computer virus to “break the internet” on 2 November, 1988.
As the chaos unfolded, the spotlight inevitably turned to the source. Though initially obscured, the digital fingerprints eventually pointed back to Cornell University in Ithaca, New York, and then, inevitably, to Morris. This wasn’t just a technical glitch or a harmless prank. This act brought a significant portion of America’s nascent digital infrastructure to its knees.
The legal ramifications were unprecedented. The Computer Fraud and Abuse Act of 1986, a relatively new legislation, suddenly found its first significant test case. Morris was indicted. The public closely watched the court proceedings, and in the end, Morris was convicted. He received a sentence of three years’ probation, 400 hours of community service, and a fine of over US$10,000. While his sentence was relatively lenient, the conviction was monumental, establishing that the digital world was subject to the rule of law. The Morris Worm exposed the vulnerabilities of the early internet and laid the groundwork for the legal framework that would govern cybersecurity for decades.
From curious kids to professional criminals
The evolution of cybercrime is a story from innocent, non-monetised mischief to today’s highly professionalised, financially driven, and state-sponsored attacks.
Richard Buckland, a Professor in Cybercrime, Cyberwar, and Cyberterror at the School of Computer Science and Engineering at UNSW, has provided cybersecurity education and training for the past 20 years.
He amuses the Journal by stating that, in the “really old days,” cyber attackers were primarily “kids in their underpants, in their mum’s basement,” driven by curiosity and a desire to “hack around.”
No comments:
Post a Comment