How about a great story about a cybersecurity incursion in the late 20th century?
What’s instructive about this one is it has all the essential elements of today’s cyber-attacks:
- A global computer network was used by a foreign government to conduct espionage against the US.
- The attackers used multiple hops through several different computers prior to attacking to mask the origin of the attack.
- The cyber attackers illicitly escalated their privileges to “root” (also called “superuser” or “administrator”) on targeted systems.
- Discovery of the attack came as Cliff Stoll tracked down a 75-cent accounting error in the charge back of computing time. This highlights the importance of event logging, conducting regular event reviews, and prompt investigation of suspicious system events.
- The use of a “honeypot” (which is a cache of fake but realistically attractive data files) by Stoll to slow down the attackers long enough to trace their origins (a form of what we now call Active Defense).
- Pioneering coordination of AT&T, the FBI, and the West German government.
- Eventual arrest and conviction of a cyber-attacker, but only through heroic efforts.
This online theft of military technologies by the “Hanover Hackers” was discovered in 1986 and documented in Cliff Stoll’s fantastic book The Cuckoo’s Egg.
I talk about it in the April 2, 2019 episode of my podcast: