How The NSA Killed Internet Security in 1978



Here is a very short summary of Internet security which explains why the current version of the Internet is not secure. It was not built securely from day one because the NSA objected to encryption of the data transfer protocol in 1978 as you will see when you keep on reading.

arpanet

UCLA ARPANET students and staff in lab, circa 1969. Leonard Kleinrock and his students were pioneers of the internet. Photo: Courtesy of Leonard Kleinrock

The internet grew from the work of many people over several decades. Few predicted how essential it would become to our lives or the ways that it would make us more vulnerable to scam artists, snoops and spies. Here are some of the milestones in the development of our insecure online world.

A new kind of network,1960

Engineer Paul Baran argues that a decentralized communications system with many redundant links could help the United States recover from a Soviet nuclear attack. The key is that information can flow across many different paths — much like today's internet — allowing connections even if much of the overall system suffered damage.

 
kleinrock

Leonard Kleinrock stands next to a specialized computer — a forerunner to today's routers — that sent the first message over the internet in 1969. Photo: Bret Hartman / The Washington Post

Key idea: By distributing the connections in a system, it becomes more resilient in the face of outages.

Packet switching theory, 1968

Donald Davies, a top official with Britain's National Physical Laboratory, describes a system for chopping data into smaller pieces to make transmissions more efficient. He calls the pieces "packets" and the technology for transmitting them "packet-switching." The idea remains an essential technology of the internet.

 
Cerf

Vinton Cerf designed key building blocks of the internet in the 1970s and 80s. Now a Google executive, he says he wishes he had been able to build encryption into TCP/IP from the beginning. Photo: Bill O'Leary / The Washington Post

Key idea: Several users can share a single packet-switched line, allowing for better use of scarce computing resources.

Precursor to the internet , 1969

The Pentagon's Advanced Research Projects Agency designs and funds a packet-switched network called the ARPANET — considered the most important precursor to the internet. The first ARPANET message is sent at 10.30pm on October 29, 1969, from the UCLA computer lab of Leonard Kleinrock, a networking pioneer.

An early warning, 1973

Robert Metcalfe, an engineer who would later found hardware maker 3Com, warns the ARPANET Working Group that it is far too easy to gain access to the network. One of several intrusions he describes apparently was the work of high school students.

A road not taken, 1978

Computer scientists Vinton Cerf and Robert Kahn attempt to build encryption technology directly into TCP/IP, a set of protocols that will give rise to the internet several years later. But the scientists run into a series of obstacles, including resistance from the US National Security Agency.

Birth of the internet, 1983

ARPANET requires its network users to communicate via TCP/IP, quickly making it the global standard. Networks all over the world can now communicate easily with each other, creating the internet.

Key idea: Standardizing the way networked machines communicated with each other enabled the internet's massive growth.

Computer Fraud and Abuse Act, 1986

US congress enacts a comprehensive bill establishing legal sanctions against data theft, unauthorized network access and some other computer-related crimes.

The Morris Worm, 1988

A Cornell University graduate student named Robert Tappan Morris releases several dozen lines of code, which replicate wildly and spread to thousands of computers worldwide. The worm crashes about 10 per cent of the 60,000 computers linked to the internet. Morris becomes the first person convicted by a jury under the Computer Fraud and Abuse Act.

(Internet) power to the people, 1993

The first browser, Mosaic, is released, allowing users with little or no technical skill to browse the world wide web. This fuels a new period of massive growth of the internet and also the commercialization of cyberspace. As the community of online users grows, so do security threats.

The web becomes animated, 1996

New drawing and animation tools, such as Macromedia's Flash, dramatically expand the abilities of browsers. This revolutionizes the look and feel of websites. Hackers soon discover that these web tools also can allow them to take remote control of computers on the internet, no matter where they are in the physical world.

Security concern: Flash and other browser add-ons have been a major source of security flaws, with some experts recommending that users disable them entirely.

Insecurity spreads, 2000

A rash of new computer worms, such as ILOVEYOU, spread wildly across the internet, taking advantage of security flaws in widely used software made by Microsoft and other major tech companies. Tens of millions of computers are affected.

No longer a fad, 2003

The amount of data created in this year surpasses the amount of all information created in the rest of human history combined. The internet has become so central to commerce and culture worldwide that the opportunities for hackers grow.

Security concern: The more devices using the internet, the more entry points there are for attacks, and the more difficult it becomes to overhaul how the system works.

The internet in your pocket, 2007

The introduction of Apple's iPhone fuels the rise of mobile devices. Smartphones running Google's Android operating system hit the market the following year. This heralded a new era of snooping, as police, spies and even jealous spouses find ways to monitor people through powerful personal computers doubling as phones.

Internet is deemed complex, unpredictable, 2010

A group of the nation's top scientists conclude in a report to the Pentagon that "the cyber-universe is complex well beyond anyone's understanding and exhibits behavior that no one predicted, and sometimes can't even be explained well." The scientists, part of a Pentagon advisory group called JASON, say, "In order to achieve security breakthroughs we need a more fundamental understanding of the science of cybersecurity."

Car hacking, 2014

Security researchers publish a guide to hacking automobiles, revealing deep flaws in the way automobile electronics communicate with each other. Massachusetts senator Ed Markey's office shortly thereafter finds that nearly all "cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions".

Security Awareness Training

Vint Cerf, you have seen his picture above, was quoted in a book recently: "We never got to production code", which means in software developer language that the code is still in beta. In other words, the current version of the Internet is basically a beta and everyone using it needs to be aware of the dangers. Effective security awareness training is a must for employees at the office and home users alike.  Find out how affordable this is and be pleasantly surprised.


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 
Get A Quote
Request A Demo
 

 

This is a summary of a much larger article in The Washington Post.

 


Topics: IT Security



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews