From Worms to Cyber War
The first known virus ever to infect a personal computer was named “Brain.A.” It was developed (dare we say invented?) by two Pakistani brothers Basit and Amjad Alvi. We know this because, amusingly, they signed their work and included contact information in the code of the virus. Brain.A was first detected in January 1986, just over 25 years ago. In its initial form, the virus did no significant harm. It renamed a volume label (in effect a file name) to “Brain” and could freeze a computer. Basit and Amjad say they meant no harm from their creation. How the world has changed! In just a single generation, we have gone from viruses being a novelty, to them being very real threats to cyberspace.
The first notable damaging “attack” on the web occurred by accident, though it was a purposeful accident, if that makes any sense. In late 1988, a Cornell graduate student, Robert Tappan Morris, released a worm intended to demonstrate flaws in the security protocols of the early internet. A worm, as its name implies, burrows through legitimate programs and hides in the dirt of computer code, so to speak. This worm was designed to enter through a security gap, replicate itself, and then move onward to infect more computers. Because of a design flaw in the worm, it spread like wildfire and caused significant damage, effectively clogging the entire internet and preventing information from being transmitted (the internet was much smaller back then). In fact, when Morris realized that he had made a mistake, he tried to send out messages to other internet users telling them how to kill the worm—but his own messages of warning were blocked by the congestion his worm had caused.
Today, the Morris worm would be a mere pinprick. The cyber domain has not yet reached the state where interconnectedness is so great that a Die Hard IV scenario is plausible (for those who have not seen the movie, it imagines a mad cyber scientist who takes down all of the electric and transportation networks of the United States, only to be beat up by Bruce Willis). But the vulnerabilities to both intrusion and attack are real. Criminal theft and espionage occur at the billion dollar-per-terabyte level. And “cyber hacktivists” have waged proxy wars on behalf of Russia against Estonia and Georgia. All educated internet users need to understand what the nature of the threat is and the distinction between intrusions and attacks.
The first notable cyberattack occurred by accident.
In real economic terms, cyber crime is the dominant threat in cyberspace. Everyone by now is familiar with the prevalence of simple Nigerian scams—nobody should fall for them anymore, or so one would hope. But that, unfortunately, is not the case - they are still quite successful. The costs to the scammer of making the effort are so miniscule (pennies for millions of spam sent) that even a tiny success rate makes the scam worthwhile. When the cost-benefit ratio is so skewed by technology in favor of the fraudsters, it is no wonder that fraud continues.