For some, the history of cyber-attacks might live in their minds as scenes from movies from as far back as Tron or Matthew Broderick in War Games. But in the real-world timeline of attacks in the digital sphere, these classics are preceded by cyber criminals who set the bar for future testers of cyber security. There are too many famous quotes about the need to and benefits of learning from history to include here, but the sentiment is worth repeating - looking back at the history of cyber-attacks helps develop a well-rounded security posture for today.
The Groovy Era of Cyber Attacks
Although criminals of all sorts appear throughout earlier history, in the 1960s, war dialing was one of the first mainstream technological threats. In this technique, the computer scans a list of numbers to search for, say, modems, other computers, fax machines, etc. that the hacker can then exploit to their benefit.
The first reference to the term hacking is in a 1960s MIT student newspaper article about malevolent telephone users who abused the phone system, tying up the lines between MIT and Harvard and racking up huge long distance phone bills that were charged to a local radar installation. The students figured out that they could connect a PDP-1 computer to the phone system to search for a dial tone, indicating an outside line, basically configuring the PDP-1 so that they could make free calls.
Does History Repeat Itself?
In today’s climate, war dialing might sound like benign application of technology. However, the idea behind these techniques, and even this attack application, is still used in brute-force attacks that simply try every possible combination until a username/password that opens doors is found. Understanding the longevity of this penetration method can help users recognize the depth of this threat and the current threatscape as a whole. Awareness is the first line of defense in helping your employees protect your organization. Maybe a walk down memory lane or even a lunch War Games movie session is in order as part of an ongoing cybersecurity training program that increases vigilance and helps keep hackers at bay.