People have been conducting attacks on, in and through communications systems for a very long time. But there are elements of our interconnected technology systems and attacks in them that can be very hard to understand. Our senses cannot directly observe what happens in our computer systems, unless of course you are jacked in like in a William Gibson novel.
Anyway, perceiving this environment is much harder than understanding the physical world we evolved in, and this lack of perception contributes to a tendency for humans to forget history, forget attacks and discount threats. We call this tendency for people to forget the cyber threat “Cyber Threat Amnesia.” There is only one way to really defeat cyber threat amnesia– through study of history.
Where Does Cyber History Start?
Cyber history is probably older than you think. Both sides in the U.S. Civil War attacked telegraph lines of the other, and there are examples of missions being conducted to insert false orders into adversary communications via that method then too. Every war since has demonstrated that when an adversary wants to use information and information technology as a weapon, they will and with great effect. The same has been continuously demonstrated in the rise of cyber crime.
It is interesting to start the study of cyber history at the U.S. Civil War, and clearly the most important lesson comes from that timeframe (adversaries will get creative and use tech in ways that surprise you). But modern cyber warfare has a different nature. The first modern cyber conflict episode of note is the case of the Hanover Hackers, codified in the book “The Cuckoo’s Egg” by Clift Stoll.
The Hanover Hacker’s case began with intrusions into Lawrence Berkeley National Lab which caused some minor accounting discrepancies. Cliff Stoll was tasked with investigating, leading to the first major international forensic investigation of a cyber-attack. The lessons learned in this thrilling case make this a critical incident to study for all cyber defenders.
This case was different from the many cyber attacks before because it involved digital technologies, including new microchip enabled computers and TCP/IP based communications systems. The thing that was the same as in the past was that adversaries wanted to steal information. But now they could hop through a globally connected network of systems in ways that made it very hard to figure out where they were operating from. Additionally, the way microprocessors and computers were designed meant the actions done to break into the systems were hard to detect. The defender (Stoll), had to invent ways to record what adversaries were doing and in doing so created the first of what would later be called an Intrusion Detection System. The law enforcement officers involved in the Hanover Hackers case also faced challenges. Jurisdictions were crossed in ways that made collaboration and coordination with existing organizations hard.
Cyber attacks and cyber crime accelerated since then. Defenses have accelerated too, but the attackers have been unrelenting in learning new ways to penetrate.
We are tracking the most important gist of all cybercrime and cyber war activities in the ThingsCyber Cyber History section. And we capture lessons relevant for defense in the ThingsCyber Protect Yourself section. Please review both and share the info there with those you know could use some more context on how to defend. We really appreciate that. The history of espionage is also directly related to the history of cyber conflict.What Should I Know About Cyber History?
We should all know this point: History underscores that the threat is dynamic. If an adversary has an objective that can be accomplished by attacking via computers they will attack and will alter their attack to succeed.
Another key point from history, especially modern history, is that cybercrime happens continuously. We might study episodic events, but the attackers are operating non-stop.
For more on the Hanover Hackers, See: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
And to dive deeper into the history of cyber conflict and its many lessons learned for defenders today see: A Fierce Domain: Conflict in Cyberspace