What do you do when you need to explain the history of hacking to a busy non-technical manager in five minutes or less? Here is an attempt to make this extremely complex subject into a 5-minute "cliff-note".
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
The History of Hacking in 5minutes (for dummie)
1.
2. What
do
you
do
when
you
need
to
explain
the
history
of
hacking
to
a
busy
non-‐technical
manager
in
five
minutes
or
less?
Here
is
an
a>empt
to
make
this
extremely
complex
subject
into
a
5-‐minute
"cliff-‐note".
Hacking
started
out
as
a
hobby
and
was
a
cool
thing
to
do.
Late
eighEes,
early
nineEes
hacking
was
the
domain
of
young
people
that
were
trying
to
push
the
envelope
and
see
how
deep
they
could
get
into
networks.
They
were
surprised
they
could
get
much
farther
than
expected
and
some
like
Kevin
Mitnick
decided
to
go
all
the
way
down
the
rabbit
hole.
3. 1 A7ack
UNIX
Servers
The
early
hackers
focused
mainly
on
servers
on
the
Internet
which
were
UNIX
machines
at
the
Eme.
But
IT
security
specialists
countered
by
installing
firewalls
to
try
to
keep
hackers
out.
4. 2 A7ack
the
Data
Transport
So
the
hackers
focused
instead
on
trying
to
break
into
how
the
data
was
transported
from
one
computer
to
the
other
(the
Internet's
communicaEon
protocols)
and
get
in
that
way.
However,
firewalls
conEnued
to
improve
and
locked
hackers
out.
5. 3 A7ack
the
Employee
WorkstaDons
Next,
the
hackers
starEng
to
a>ack
the
employee
workstaEons
instead
in
the
early
2000's.
To
block
that
type
of
a>ack,
IT
security
people
started
running
anEvirus
on
all
workstaEons
and
making
sure
the
Windows
OperaEng
System
was
always
patched.
6. 4 A7ack
the
ApplicaDon
SoEware
However,
the
during
the
mid-‐2000's,
the
hackers
changed
their
strategy
once
more
and
started
a>acking
the
applicaEon
soVware
on
the
workstaEon,
things
like
the
browser
or
PDF
reader
soVware.
From
2007
forward
that
trend
really
took
off.
But
IT
security
people
countered
with
automated
tools
to
patch
all
applicaEon
soVware
so
vulnerabiliEes
in
those
soVware
products
were
covered
too.
This
brings
us
to
the
last
few
years
with
the
observaEon
that
criminal
hacking
has
gone
pro
since
about
2005
and
is
a
$3
Billion
industry.
7. 5 A7ack
the
Employee
via
Email
As
their
most
recent
and
very
successful
way
to
a>ack,
the
hackers
are
now
focusing
on
the
real
weak
link
in
IT
security:
the
employee.
They
started
with
sending
phishing
emails
by
the
millions,
trying
to
make
employees
fill
out
a
form
on
a
bogus
website
and
steal
confidenEal
data
that
way.
Today,
they
are
sending
sophisEcated,
personalized
a>acks
via
email
that
we
call
spear-‐phishing.
An
employee
only
has
to
click
one
link
in
one
of
these
spear-‐
phishing
emails
to
get
their
workstaEon
infected
with
malware
which
allows
the
hackers
into
the
network.
8. To
counter
this
most
recent
hacker
strategy,
all
employees
need
effecEve
security
awareness
training
so
that
they
do
not
expose
the
network
to
cyber
criminals.
Note
that
this
is
like
a
game
of
chess,
with
the
bad
guys
having
the
first-‐mover
advantage
and
that
IT
security
is
forced
into
a
defensive
role.
9. The
problem
with
having
a
defensive
role
is
that
the
home
team
has
to
have
a
100%
success
rate,
but
the
a>ackers
only
need
to
succeed
once.
This
is
a
losing
game
for
the
defenders
and
that
is
why
the
hackers
are
winning.
OrganizaEons
need
to
be
fully
focused
on
"defense
in
depth"
and
the
very
first
layer
of
that
defense
is
Policy,
Procedure
and
Awareness.
Hence
the
urgent
need
for
employee
training
and
inoculate
them
against
social
engineering
so
that
they
do
not
fall
for
hacker
tricks.