The 06th March is the day that the Michelangelo virus (a virus I came across back in the early nineties) would overwrite disk sectors, and it apparently caused quite a frenzy back in January 1992. I was thinking, here we are 25 years later, and what have we done? (Look out — this is another one of my non-technical posts!)
I figured that the Michelangelo Virus’ day of destruction was a good time to look back and see what we have done in the 25 years since it caused quite a panic back in January 1992.
We networked (the Internet) home PC/computers making it easier for viruses and other malicious software to spread around the world — the Michelangelo Virus Wikipedia article reckons that only 10,000 – 20,000 cases of data loss were reported in 1992, compared to 2016 with the Locky ransomware and it’s variants which Wikipedia’s Timeline of Computer Viruses and Worms reckons infected several million computers and ‘at the height of the spread over five thousand computers per hour were infected in Germany alone.’.
We created smarter phones — capable of running malicious software — and added them to the Internet; we’re making more and more devices ‘smart’ (see Mirai botnet), and connecting them to the Internet; and we’re storing more and more information about ourselves — and worse, about other people — on these networked computers and devices.
I have an analogy: making it easy for everyone to access the Internet and to connect new devices to it, is a bit like a toy manufacturer giving those little plastic pedal cars to kids and telling them “here you go — now you can ride on the roads like mummy and daddy” — yes they can, but they really shouldn’t!
In other words, we’re making it easy for people to do something, without educating them about the dangers of doing so. We seem to feel the need to warn people that hot water will burn them — something which people should have learnt before starting school, let alone before starting work — yet we’re not so good at warning them about phishing sites that can steal their Internet banking credentials; malicious software that can steal their personal information and use it against them; about malicious software that will allow their computers/devices to spy on them and/or attack other devices on the Internet; or about why it is not a good idea to send people’s personal information over the Internet without first encrypting it (using a decent encryption algorithm and key material too I might add).
Sticking with the ‘driving on the road’ analogy, remember the Green Cross Code? Well I’m wondering if we need a version geared towards modern technology:
- Stop: before connecting a device to, or putting information on, the Internet and think ‘how can this device/information be used against me?’.
- Look: at what has happened to other devices that have been connected to the Internet, and how private and sensitive information has been leaked and/or used against people in the past. Also look up the definition of ‘paranoia’ ready for the next point.
- Listen: to security professionals and other people who are aware of what is happening, and has happened, on the Internet. Take their advice seriously (it is often based on past events and related trends) rather than dismiss them as being ‘paranoid’.
The Internet has made it a lot easier for people to communicate with other people — often whether the recipient of the communication wanted them to or not — and for people to share information, but like most things that are made for good, it can also be used for bad. If you want to go driving your pedal car on the highway, that is up to you — but please don’t go putting other people at risk in the process.