Cybersecurity

Cybersecurity

The MIT Press Essential Knowledge series

A complete list of the titles in this series appears at the back of this book.

Cybersecurity

Duane C. Wilson

The MIT Press | Cambridge, Massachusetts | London, England

© 2021 Massachusetts Institute of Technology

All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.

The MIT Press would like to thank the anonymous peer reviewers who provided comments on drafts of this book. The generous work of academic experts is essential for establishing the authority and quality of our publications. We acknowledge with gratitude the contributions of these otherwise uncredited readers.

This book was set in Chaparral Pro by New Best-set Typesetters Ltd.

Library of Congress Cataloging-in-Publication Data

Names: Wilson, Duane, author.

Title: Cyber security / Duane Wilson.

Description: Cambridge, Massachusetts : The MIT Press, [2021] | Series: The MIT Press essential knowledge series | Includes bibliographical references and index.

Identifiers: LCCN 2020033978 | ISBN 9780262542548 (paperback)

Subjects: LCSH: Computer security. | Internet—Security measures. | Computer networks—Security measures. | Data protection.

Classification: LCC QA76.9.A25 W554 2021 | DDC 005.8—dc23

LC record available at https://lccn.loc.gov/2020033978

10 9 8 7 6 5 4 3 2 1

d_r0

Contents

Series Foreword

1 Cybersecurity Origins

2 Foundations

3 Cryptography Demystified

4 Cybersecurity in Layers

5 Who Attacked Me?

6 Malware in Action

7 Modern-Day Applications

8 Cybersecurity for the Future

Glossary

Notes

Further Reading

Index

Series Foreword

The MIT Press Essential Knowledge series offers accessible, concise, beautifully produced pocket-size books on topics of current interest. Written by leading thinkers, the books in this series deliver expert overviews of subjects that range from the cultural and the historical to the scientific and the technical.

In today’s era of instant information gratification, we have ready access to opinions, rationalizations, and superficial descriptions. Much harder to come by is the foundational knowledge that informs a principled understanding of the world. Essential Knowledge books fill that need. Synthesizing specialized subject matter for nonspecialists and engaging critical topics through fundamentals, each of these compact volumes offers readers a point of access to complex ideas.

1

Cybersecurity Origins

Internet security has become an enormous challenge. Almost everything we see, touch, or use is connected to the internet, including cell phones, wearable devices, home appliances, and even semiautonomous vehicles. The internet is a portal for businesses, governments, and other institutions, providing remote access to trade secrets, medical records, and financial data. And such is the paradox of connectivity: the more connected our computer systems, the more exposed they are to cyberattacks—attempts to steal data, corrupt software, disrupt operations, and even physically damage hardware and networked infrastructures.

The field of cybersecurity exists to meet the challenge of understanding and protecting against such attacks. In this book, I will present the risks associated with internet use, modern methods to defend it, and general principles for safer internet use. These principles, which have been developed over the years by cybersecurity experts, tend to be disseminated to and implemented by businesses, governments, and other organizations for which the stakes are understandably high.

A network, however, is typically only as strong as its weakest link. A cyberattack on an organization often proceeds from a successful attack against just one individual. And if that person has not been trained to identify the key indicators of a cyberattack, they may unwittingly open the back door, or front door, to an intruder. This book aims to arm the reader with the knowledge needed for the front line of the cyberbattle.

The origins of cybersecurity can be traced back to World War II. At that time, cipher machines were used for cryptography—the act of sharing secrets using codes. A cipher machine is a device that is used to keep communications private through encryption—the process of making a message private. These machines were rudimentary but frequently effective methods of secure communication during wartime. During World War II, the primary cipher machine used by Nazi Germany was called Enigma (see figure 1) and the ones used by the Japanese troops were code-named Purple. Both machines had a similar operational protocol:

1. An operator—the sender—at a command post would be given a message to encrypt.

2. The sender would type the message on the machine.

Figure 1 Enigma machine and components.

3. For each key pressed, a lamp would light up. The character corresponding to the lamp that lit up would actually be determined by a pseudorandom substitution cipher (or code). The action of pressing a key also moved one or more rotors inside the machine so that the next key press would trigger a different substitution pattern.

4. On the other end of the message, the receiver would see the lamp corresponding to the encrypted letter.¹

5. An operator—at the receiving command post—would then press the keys associated with the lit letters and piece together the message (e.g., similar to decoding Morse code).

Cipher machines allowed military personnel to encrypt and decrypt communications. That process is called confidentiality, one of six fundamental goals of cybersecurity. (All six are formally introduced in chapter 2.) These days, cybersecurity technologies are much more complex and sophisticated than cipher machines. But it is essential that we understand the basic vulnerabilities of electronic communications.

As computer technologies became more sophisticated and interconnected, they became more susceptible to more pernicious—and malicious—forms of attacks. Malicious software, or malware, emerged as the first class of threats to computer and networked systems. Some of the more commonly known types of malware are viruses, worms, ransomware, spyware, adware, Trojans, and bots. (For an overview of malware, see chapter 6.) The earliest-known cases of malware were viruses and worms. A computer virus infects another computer program and spreads whenever that program is used. A computer worm is a stand-alone program that exploits a vulnerability in a computer system, and spreads itself through vulnerabilities or by tricking the user into executing (or running) it.

The Creeper virus (or technically, the Creeper worm) was created in 1971 by Robert (Bob) H. Thomas, a researcher at BBN Technologies in Cambridge, Massachusetts. (BBN designed the first generation of gateways, or routers, for the Advanced Research Projects Agency Network [ARPANET], the precursor to the modern internet.) Creeper was an experimental self-duplicating program that was designed to demonstrate mobile transmittal of computer applications. It moved between computers connected to the ARPANET (the first version of the internet) and using BBN’s TENEX operating system (OS), infected both computers and printers, displaying the message I’M THE CREEPER: CATCH ME IF YOU CAN.²

In 1982, Richard Skrenta, a curious fifteen year old, wrote the code for Elk Cloner, the first computer virus known to be spread in the wild, meaning outside a closed network or research environment. The virus was installed on floppy diskettes that stored the Apple II OS. When a computer was booted from an infected disk, the virus would copy itself to any uninfected floppy disk it could access—at that time, most computers had dual disk drives, and OS disks were often used to boot up multiple computers. On every fiftieth infected computer, the virus would display the following text (shown here in the groovy style of the 1980s):

Elk Cloner: The program with a personality

It will get on all your disks

It will infiltrate your chips

Yes it’s Cloner!

It will stick to you like glue

It will modify ram too

Send in the Cloner!³

These two cases illustrate how software applications—if they are able to spread uncontrollably—can be irritating and intrusive at best, even if they weren’t meant to be harmful. Yet the Morris worm created in 1988 was deliberately written with malicious intent and arguably led to the cybersecurity field as we know it today. Robert Tappan Morris, then a graduate student at Cornell University, launched his worm surreptitiously from a computer based at MIT that was connected to the then-nascent internet. What made the Morris worm malicious was that it created far more copies of itself than Morris intended, which