“The world isn’t run by weapons anymore, or energy, or money…. It’s run by ones and zeros, little bits of data. It’s all just electrons…. There’s a war out there, old friend, a world war. And it’s not about who’s got the most bullets. It’s about the information: what we see and hear, how we work, what we think. It’s all about the information,” said Ben Kingsley in the 1992 movie Sneakers.
This quote and the 1983 movie WarGames both shed light on the how the digital era would evolve. Cyber warfare wasn’t just a dangerous possibility; it was what was on the horizon. This month, to gain an interesting perspective on the history of cyber warfare and how the U.S. government responded to this new threat, we read Dark Territory: The Secret History of Cyber War by Fred Kaplan.
The scary beginnings of cyber security awareness
Cyber security hasn’t always been on Presidents’ radars. In fact, the first U.S. President who questioned the security of the government’s network was Ronald Reagan. It all started on June 4, 1983, when the president sat down to watch the movie WarGames starring Matthew Broderick. While bits of the movie seemed far-fetched, President Reagan kept thinking about its plausibility.
He brought it up to Congress on June 8, and General John Vessey said he would look into it. A week later, he came back to the President and said, “It is much worse than you think.” Scary to think it took a movie to raise the question of the security of confidential government documents, and since then cyber security has only become a bigger problem.
One significant example the book points to happened on February 3, 1998. A hacker infiltrated the government system through Andrews Air Force Base, using a well-known UNIX vulnerability Sun Solaris 2.4. For the next four days, the government tracked the hacker’s activity and watched as he moved from network to network by creating backdoors and installing a “packet sniffer” that collected usernames and passwords. The hacker’s path was traced to the Emirnet, an internet provider in the United Arab Emirates, which caused the government to panic.
Four days later, the attack was traced back to two 16-year-old boys in San Francisco and a known 18-year-old hacker named Ehud Tenenbaum. While they were only hacking into the government’s system as a game to see who could get into the Pentagon first, the hack showed the government that security measures needed to be tightened. If a handful of boys in the United States could enter the network, other countries could, too.
Cyber warfare isn’t just about protecting confidential information and government plans, though. It’s also about seeing what intelligence you can gather, which includes creating and exploiting known vulnerabilities to enter other countries’ networks.
Kaplan’s book points to Stuxnet, a 650,000 line computer worm designed by the government to do just that. This piece of malware was sophisticated enough to get into a network and “swipe files, monitor key strokes and screens, turn on the machine’s microphone to record conversations nearby, turn on its Bluetooth function to steal data from most smartphones within 20 meters, among other tricks,” the book states. This cyber weapon was developed under President George W. Bush, and the plan was carried out to learn more about the Iranians when President Obama took office. The worm worked, but in 2010 it spread out of the network and was discovered—and given the name Stuxnet. This sophisticated piece of code shows that while the government can use technology as a way to gain intelligence, if it is detected and gets out of control, it can have adverse effects.
What this means for MSPs
While you may not have clients in the government sector, it is important to know how your clients’ industries are affected by cybercrime and what you can do to prevent it. As an MSP, encourage your SMB clients to follow best practices to keep their data safe. In addition, make sure your clients are doing these three things:
- Use strong passwords. Always change or have clients change default passwords for any device that has access to a network. This includes firewalls, IoT devices, computers, administrator passwords, and more. Often, these passwords can be easily Googled, which can give hackers an easy way into a network.
- Have someone monitor their network in real-time. If you don’t currently offer this service to your clients, partner with someone who does. When a hacker finds a backdoor into a network, the sooner it is detected, the better chance you have of preventing data loss. Monitoring in real-time can help you stop a hacker in their tracks.
- Encourage clients to adopt a multilayered security strategy. An email spam filter and a basic firewall aren’t enough anymore. Instead, encourage your clients to adopt a robust multilayered approach to security. This could include solutions that detect Advanced Persistent Threats (APT), zero-day attacks, malware, phishing scams, and more.
While cyber security and cyber warfare have come a long way, there are still attacks and threats that have yet to strike. As Fred Kaplan writes, “We are all wandering in dark territory, more of us only recently, and even now dimly, aware of it.”
The Secret History of Cyber War
By Fred Kaplan
342 pages. Simon & Schuster Inc. $11.55.
Have suggestions for what we should read next? Tell us which book we should read next on our MSP bookshelf.
Photo: Gorodenkoff / Shutterstock.