What is the origin of cyber security? When did Internet privacy become an issue? Answers to these and other internet security questions timed to this Cyber Security Awareness Month.
The History Of Internet Security
The origin of Internet privacy issues date to before the Internet was even launched. The Internet, a protocol for addressing device locations and their connections over public communications line, is the number one threat to personal privacy humankind has ever faced. It facilitates communication and the exchange of information in a way that puts that information, the connections over which it is communicated and the parties involved at risk of theft, damage and worse. When you enter it, connect to it, you send ripples across it that alert others to your presence. Because the net is part of the public domain anyone can use it, for any purpose they wish, and in all too many cases this means no good.
To fully appreciate the Internet and the risks it poses to your safety let’s talk a bit about its origin and what it was meant to do. The Internet is not a physical thing. Yes, it encompasses our computers, devices, servers, routers and other network infrastructure but these things all existed before the Internet came into being. The Internet is the means by which computers and computer networks find and talk to each other. Before the Internet there were computer networks run by the government, the military, private corporations and any other organization with the resources to run one.
To access one of those early networks you had to either be logged into a device on the network or gain access remotely through a modem. In those days this wasn’t like it is today where you just enter a web address in your browser and get taken there automatically. No, in those days users would have to dial each network directly from their phone, wait for the confirming squeal of the connection, and then access it slowly. And if they wanted to go to a different network the process would have to be repeated each time.
The TCP/IP solved problems faced by early computer network users. It provided the means by which computers could identify each other and how to find each other. This is done through IP (Internet Protocol) addresses, one of which is assigned to each and every device on the web. In order to find other devices the IP addresses have to be visible for others to see which raises one of the very first privacy issues: how can you stay private if everyone can see who and where you are?
Because this was such a big issue lots of people were working on it. At heart there were two issues. The first is that IP addresses are visible which makes connections visible, traceable and hack-able. The second is that the data itself was at risk, even if connections could be secured there is still a risk of loss. The final solution is a combination of fixes from private sector and government sources called virtual private network. Virtual private network, VPN, is a means of securing Internet connections when using a public network that solves both issues.
The first, visibility, was solved with the Tunneling Protocol. This protocol is a means of forming connections that mask IP addresses and bypasses local ISP servers in favor of dedicated VPN servers. The VPN servers were run by whichever local network operator had the resources to set one up. The second problem, data integrity, was solved with encryption. All data that is transmitted across enabled VPN networks is encrypted so that if intercepted, it won’t be usable.
Needless to say, the average Internet user did not have access to VPN in the early days of the web. This left them open to many forms of fraud and sparked the industry that we know today as Internet Security.
Origin Of Internet Security – A Timeline
1949 – Hungarian scientist Jon von Neumann publishes “The Theory of Self Reproducing Automata”, the first foray into the world of computer network viruses. His work is later used by others to develop self-replicating software.
1960 – Engineer Paul Baran has a new idea. He argues that a communications network could be set up so that multiple pathways could lead to the same destination, instead of having direct connections as were in place at the time. This solution would allow communication networks to operate even in the event a portion or portions of the network were damaged or destroyed.
1968 – Packet switching theory comes into existence. It is a cornerstone of modern Internet function. Donald Davies, a researcher with Britain’s National Physical Laboratory, argues that data can be chopped up into smaller pieces to make transmission easier. One of the benefits of packet switching is that multiple users can access the same line making a more efficient use of available resources.
1969 – ARPANET sends its first message. ARPANET is one of the first packet switching networks and was developed under the auspices of the US Government. It is considered to be the first precursor to today’s Internet and a fundamental stepping stone of Internet theory.
1971 – The first computer virus appears. It is called the Creeper Virus and infected the network of Digital Equipment Corporations PDP mainframes. Subsequently the first antivirus was created to delete it from the system. It was called the Reaper and was itself a virus targeted at sweeping Creeper out of the system. This marked the beginning of the history of cybercrime.
1973 – Network security is already under fire. Robert Metcalfe, an engineer working on ARPANET who founded 3Com, warns the group the network is too easy to access from outside. He describes several known intrusions, one of which is attributed to high school students. In general, there is little attention paid to cyber security during the ’70’s as Internet use and threats was minimal. The most notable cases involve telecommunications fraud, phreaking, and other attempts at circumventing phone network protocols.
1978 – Computer scientists attempt to incorporate encryption into the TCP/IP protocol suite but face many hurdles. One of which is the National Security Agency. The attempt was eventually given up. In hindsight this is a key fork that could have altered the course of Internet security.
1981 – The Elk Cloner virus appears. This is the first virus since the Creeper to appear in the wild. It attacked Apple II computers and was spread by floppy disk. The virus was created by Rich Skrenta, a 15 year old high school student, as a joke. The first viruses were aimed primarily at replicating themselves and did not have targeted attacks built in. Later, as more and more programmers become knowledgeable, viruses evolve to include all manner of destructive code including the manipulation, theft or destruction of data, software or hardware. Originally transferred by floppy disk they eventually began to spread through email and across the Internet. The first antivirus were simple fixes to a problem; if a virus arose someone created a fix. If you got infected you could buy, borrow or download the fix. Later companies arose whose purpose was fighting viruses. As the number and types of cyber attacks grew the services offered by antivirus companies grew to encompass “cyber security”.
1983 – in 1983 the ARPANET required its users to communicate using the TCP/IP protocol. This standardized the way in which networks communicated with each other and precipitated the rise of the World Wide Web. While this was going on Fred Cohen coins the word computer virus in one of the first ever published academic papers on the subject. He uses the word to describe software that can alter another computer device with a copy and possibly evolved version of itself. This definition is later modified by Péter Ször to “a code that recursively copies a possibly evolved version of itself”.
1986 – As the Internet becomes widespread, its use begins to grow. The first computer clubs begin to pop up. These clubs are groups of like-minded computer enthusiasts with varying degrees of organization. Some are nefarious and begin working on the first viruses as well as other forms of cyber attack. The first virus is called “Brain” and is released this year. Brain is the first IBM compatible virus to occur in the wild and the precursor to exponential growth of virus and malware applications. The Computer Fraud And Abuse Act was passed by Congress. This act is intended to curb data theft, unauthorized network access and other computer related crimes.
1987 – This is an important year for cyber security. First, the first documented case of the removal of an in-the-wild computer virus is performed by Bernd Fix. Fix was a member of the Chaos Computer Club in Hamburg, Germany and now a leading expert in digital security. Second, Andreas Lűning and Kai Figge launch G Data Software and market their first antivirus for the Atari platform. Third, The Ultimate Virus Killer is released and becomes the standard in antivirus. Fourth, John McAfee forms the first antivirus company in the US, later to be bought and incorporated in Intel Security. Fifth, in Czechoslovakia the NOD antivirus is developed. Last, towards the end of the year the first to heuristic antivirus are released, Flushpot and Anti4Us.
- In computer science heuristic applications sacrifice accuracy and precision for speed and can be considered to short-cut traditional methods.
1988/1989 – The proliferation of antivirus companies continues. An email/chat group is started where new viruses and the possibilities for stopping them are discussed. Members include many of the top names in cyber security. Symantec is launched in 1989. The 2.0 version, released in 1990, included the ability to update protection for newly discovered viruses not present at the time the software was written.
1991 – Symantec releases the first version of Norton Antivirus. The European Institute for Antivirus Research is founded. F-Secure lays claims to being the first antivirus company to be established on the web.
1993 – The 1990’s see the birth of the modern cyber security industry as Internet use becomes mainstream. This is the year the first web browser is released which, along with web portals like AOL, made it easy for users to surf, and be targeted for fraud. Labeled Mosaic it allows unskilled users to surf the world wide web with ease but was also susceptible to many forms of attack. Its release leads to geometric growth of the Internet and the first attempts to commercialize it. As the number of users grows, so does the number of online and digital threats. This is also the time we see the first web robots and the distributed denial of service attacks that they facilitate.
1994 – AV Test says there are 28,613 unique malware samples in their database. They’ve been collecting all known viruses for many years.
1996 – The web gets sophisticated. Browser add-on’s like Flash expand on the ability of web browsers. These add-ons fuel animation, music and many other features that enhance user experiences. The downside is that they are also rife with flaws, bugs and vulnerabilities that further degrade Internet security. Experts recommend not to use them. Phishing also becomes a problem. Email allows anyone with an address to receive targeted correspondence aimed at stealing personal information and/or to distribute malware and viruses. The first Linux virus, STAOG, is discovered.
2000 – Got Worm? By this time the spread of worms has become epidemic. ILOVEYOU is only one of thousands to exploit security flaws in major software and security practices of the time. If you haven’t had a worm by now you are not likely using the Internet much. In this decade we also see the rise of major Internet crime. Cyber criminals or hackers have become sophisticated and have learned to hide their digital tracks. Adware and spyware become the tools of choice as it becomes clear that data, and in particular actionable data, is worth billions.
2003 – Internet use skyrockets. The amount of data created on, with or by the Internet in 2003 was more than all the data created in human history up to that point. Internet use has become so entrenched it has begun to alter the face of commerce, business, communication and the very basics of human interaction. As more users flock to the net it attracts more crime. Aggressively self propagating malware spread from machine to machine, phishing attacks become mainstream and the nets worst threat, zero day attacks, come onto the scene.
- A zero day attack is any attack from a new source that goes unreported. These attacks are known hazards that are left free to damage Internet users up to and until their presence becomes widely known. Business and organizations that do not immediately report these threats are complicit in their spread.
2005 – AV Test reports the number of unique malware has risen to 333,425, an 1100% increase over the course of 10 years.
2007 – AV Test reports the number of unique malware has risen to over 5.49 million, for that year alone. In 2012 and 2013 malware firms reported there were 300,000 to 500,000 new malware detected EACH DAY. Cloud based antivirus scanning is created, leading to the next generation of cyber security products.
2010 – A group of scientists working as part of the Pentagon’s JASON project conclude that the Internet is complex far beyond modern understanding. In their report they state that many of the Internets behaviors cannot be explained well and went on to explain that to achieve major cybersecurity breakthroughs a more fundamental understanding of the science behind cybersecurity was needed.
The Present – Since about 2014 the “Next Gen” approach has been to use a signature-less approach in order to help mitigate the zero day risk as well as know malware attacks. There have been many methods, one of which is the white-label approach. White label antivirus will only allow software from known trusted sources so all others are blocked.
How Has Internet Security Changed
Security has changed in many ways. The most noticeable is that cyber security and anti-malware companies have switched from reacting to threats and attacks to working out ways to prevent them from ever happening. The sad truth is that VPN, remember that?, is able to solve many of the problems cyber security companies are trying to fix. The VPN connects to a secure network, you only connect to the trusted websites you know and love, no one else can see you so they can’t attack you. If only you could get one as a retail customer and not have to build and maintain a complicated network on your own…. wait, you can.
VPN services have become commercially available in recent years and are the greatest asset to Internet security no one is talking about. Services like Le VPN cost only a few dollars per month, provide unlimited access to the Internet and protect your connections, data and families with the same security the government uses to protect their connections. Want to be secure? Get Le VPN.
Le VPN Summer Special
Get Le VPN 2-year plan for $69.60 or $2.90/month