Data in the Digital Age
What is data? Simply put, data is information stored in digital form. Why is information so important? Simple, information is the key to modern day society. Information enables us to share ideas, make informed decisions, keep records, speed up processes, etc… Data storage and transfer is more prevalent today then it has ever been as the medium of choice for information transfer. The biggest challenge is no longer getting data from one person to another, but securing that data.
With the introduction of the internet and the movement of storing more and more data onto computer systems, the electronic security age began and has flourished ever since. There are countless of entities all over the world trying to gain unauthorized access to data on every kind of system imaginable, and at the same time there are experts countering these entities.
History of the Internet
In order to gain a better understanding of the internet and interconnected computer systems, one should look at its roots. The first rudimentary computer network that linked geographically separated computer systems was called Arpanet. Arpanet stands for (Advanced Research Projects Agency Network) and was created by DARPA (Defense Advanced Research Projects Agency). The network linked computer systems from universities across the US together. It was the first network to use packet switching, a communications method where data is transmitted in groups rather than the slower, less reliable circuit switching that was prevalent at that time.
As the network grew, more and more people gained access to transferring more data between each other. This brought many advantages and many security concerns. As people started transferring sensitive data, those wishing to gain access to that data illegally started creating ways to do so.
History of Hacking
The modern day term of the words ‘hack’ and ‘hacker’ was first widely introduced in the 1960′s and originated at MIT. Simply, hacking referred to students who created a quick and elaborate and/or bodged solution to a technical obstacle. The term hacking is now almost synonymous with unauthorized access to computer systems, not just by students but by anyone. While hacking does have a rather dark modern day meaning, it does semantically apply to other forms of legal hacking, ex hackaday.com.
Some Notable Hacks in History
Kevin Poulsen aka Dark Dante hacks into Arpanet, the grandfather to the modern day internet. While still a student, Poulsen found a loophole in Arpanet’s architecture and exploited it to gain temporary control of the US wide network.
Robert Morris, a 23 year old Cornell University Graduate student creates the first internet worm. Created with the intent to count how many computers existed on the internet at the time, he creates a program with just 99 lines of code. In order to bypass system administrators to gauge the size correctly, he includes code to evade the administrators and exploit several vulnerabilities in the computer systems. The worms spread rapidly, infecting thousands of computers, crashing them and causing huge potential loss in productivity.
Vladimir Levin, a Russian computer hacker was the first to attempt to hack into a bank. He hacked into Citibank and managed to transfer $10 million dollars into accounts across the world.
Increasing Amount of Data Accessible via the Internet
According to netcraft, there are about 190,000,000 (190 million) websites on the internet, with this number increasing faster and faster every year. This is not surprising given there are nearly 1.6 million programmers in the world with more companies pushing internet based electronic services. The more websites and systems exist that have a connection to secure data and are reachable via the internet, the more chances there are that the data will be compromised.
As companies expand their presence and services on the web, more and more dynamic data is becoming available on the internet (online banking, social networking, accounting and tax software, etc…). Dynamic websites that provide these services, both personal and business, usually store some kind of identifiable information that can be monetized by hackers and spam organizations. Whether it be email addresses, names, social security numbers, credit card numbers, corporate research, etc… this data is sought by those that wish to sell it or use it for other unlawful means or exploitation.
Any system that is connected to the internet that has any kind of sensitive data worth securing is usually at risk of being attacked. This is the reality of today’s data exchange landscape and one that all, not just developers and system administrators, must think about. Every time you send your name, email address, or any other type of information over to a website, you risk your data getting compromised and stolen.
Modern day governance take hacking and data breaches very seriously. Depending on the specific industry, some companies are required to report any hacking/data breach incidents. Huge amounts of money are spent into research and equipment to stop hackers.
Everything from network level firewalls, intrusion detection systems, web application firewalls to password protected accounts, database security triggers, and application security frameworks are modern day countermeasures to try and prevent hackers from gaining unauthorized access to data.
Over the next couple of blogs, I will talk about the different types of security. The following are some of the different topics I will cover.
SQL server security
Web application security
Windows application security
.NET code execution security
Network level security
Social Engineering attacks and security awareness
Recovering from a breach of data security
Hard Drive File Deletion