The Fruits of Civilization (11-2-2) Security

 Security

The men who created the Internet thought they were building a classroom, and it turned into a bank. ~ American historian Janet Abbate

It’s not that we didn’t think about security. We knew that there were untrustworthy people out there, and we thought we could exclude them. ~ American Internet pioneer David Clark on the wishful thinking of Internet pioneers

No innate security was envisioned by the designers of the Internet or World Wide Web. This folly allowed the Internet to repeatedly fall on its knees to malicious intent, providing the means for spreading malware worldwide.

We could have done more, and most of what we did was in response to issues as opposed to in anticipation of issues. ~ Steve Crocker

We didn’t focus on how you could wreck this system intentionally. You could argue with hindsight that we should have. ~ American Internet pioneer Vint Cerf

That’s a perfect formula for the dark side. ~ American Internet pioneer Leonard Kleinrock on the disregard of security concerns when the Internet was evolving during the 1970s and 1980s

Software security slowly emerged ad hoc, using clumsy schemes to encrypt email, and later, encrypting messaging traffic on the Internet.

Secure encryption has been technically feasible for decades and can be done without affecting software usability. Instead, it has been all too common for encryption software to have a “back door”: a way to break the supposed security. A back door may be built in by design, the result of programmer error, created by unauthorized tinkering, or some combination of the 3. The presence of back doors severely weakens encryption.

Damn. I thought I had fixed that bug. ~ American programmer at a leading software company on learning of a flaw in the encryption software he had written, allowing the Morris worm of November 1988, the first Internet security breach to gain mainstream media attention.

A worm is standalone malware that replicates itself to spread to other computers. The Morris worm was a cagey bit of code stupidly written by American programmer Robert Morris, then a graduate student at MIT. Morris wrote the worm as a means of discovering the number of computers connected to the Internet. Instead, the worm wreaked havoc on the computers it infected, crashing thousands of machines and causing millions of dollars in damage.

The fundamental problem is that security is always difficult, and people always say, ‘Oh, we can tackle it later,’ or, we can add it on later.’ But you can’t add it on later. You can’t add security to something that wasn’t designed to be secure. ~ American software scientist Peter Neumann who has been chronicling Internet security threats since 1985

Early Internet attacks – and there were many – were met by handwringing, and the rise of private software security companies exploiting fear, but often not providing adequate protection.

Apple wants to pretend that everything is magic. They need to admit that their products can be used by bad people to do bad things. ~ American software security specialist Alex Stamos

Operating system companies and governments worldwide did effectively nothing to counter the continuing threat. OS companies did belatedly provide lackluster security to their customers; offerings which were bested by 3rd parties.

Meanwhile, government intelligence agencies insistently demanded back door access for private communications, thus crippling Internet security. The US government, which essentially sponsored the Internet, has been incessantly reticent about making decent encryption publicly available.

Much of the business of the Internet is predicated on insecurity. ‘Surveillance capitalism’ – the collection of user data and its sale to advertisers and others – depends on vulnerable Internet practices, as does intelligence collection for national security and law enforcement. ~ American physicist Steven Aftergood

Internet data breaches are a regular event. Robbers are now able to steal from banks without getting near a bank building.

While the bank’s IT staff is scrambling to keep its servers online and running, criminals are transferring money from users’ accounts. ~ Slovenian software security specialist Mitja Kolsek

All told, cybercrime costs the global economy at least $500 billion each year; all because software developers were not smart enough to anticipate an obvious problem, nor take effective steps to thwart malfeasance. 1/3rd of the Internet sites worldwide are under attack at any time.

Half of all Americans are backing away from the Internet due to fears regarding security and privacy. ~ American cybersecurity researcher Dan Kaminsky in 2016

Lack of security is an excellent reason to treat Internet access like kissing something diseased. A recent malware trend is crypto-ransomware, which encrypts all the data files on a user’s computer, making them inaccessible. Once a machine is infected, the malware displays a screen demanding a ransom, which typically runs hundreds of dollars. If the victims don’t pay up in time, the files are destroyed. In 2016, crypto-ransoming accounted for nearly 60% of all infections.

Over the last few years, attackers realized that instead of going through these elaborate hacks – phishing for passwords, breaking into accounts, stealing information, and then selling the data on the Internet’s black market for pennies per record – they could simply target individuals and businesses and treat them like an ATM. ~ American cybersecurity researcher Brian Beyer in 2016

From mid-October 2016, web sites around the world experienced outages as hackers harnessed Internet-attached appliances to assault Internet infrastructure. Security researchers had long warned that hooking devices to the Internet – the so-called Internet of Things – would create a serious security threat; but device manufacturers around the world did not bother installing any security precautions.

◊ ◊ ◊

We’ve ended up at this place of security through individual vigilance. It’s kind of like safe sex. It’s sort of “the Internet is this risky activity, and it’s up to each person to protect themselves from what’s out there.” There’s this sense that the Internet provider’s not going to protect you. The government’s not going to protect you. It’s up to you to protect yourself. ~ Janet Abbate

Even governments regularly have sensitive data stolen from them. The Chinese and Russian are quite adept at snitching data from the hapless American government.

We are living in the dark ages of cyber. ~ Russian cybersecurity specialist Eugene Kaspersky