Bonus material: History of Infosec: a primer.

Transcript

Rick Howard: Hey, everybody. Rick here. While I was working on the history of infosec episode - Season 9, Episode 1 - as you can imagine, I went down several deep, deep rabbit holes of obscure infosec trivia. I had a blast. But when I put all of it into the episode, the running time was, like, 17 hours. Clearly, I needed to cut some things. Most of that hit the cutting room floor. But there were a couple of pieces I thought were interesting that still didn't make the cut of the episode. Still, I figured a handful of you might get some use out of it.

Rick Howard: The first was the specific history of Russian cyber operations all the way back from the original 1988 attacks that Dr. Clifford Stoll chronicled in his excellent book "The Cuckoo's Egg," and all the way up to the 2017 NotPetya attacks against Ukraine. With the current ongoing physical warfare going on right now in that region of the world, I thought this piece was apropos. Also, my buddy and I, Steve Winterfeld, the Akamai advisory CISO, have a running argument about what the best hacker movie is of all time. My favorite is "Hackers," with Angelina Jolie. His is "WarGames," with Matthew Broderick. But since we were working on the history of infosec episode, he sent in some comments on the first ever hacker movie, the 1968 movie "Hot Millions." Since I'm a movie geek, I thought I would throw that in here, too. Enjoy.

(SOUNDBITE OF TV SHOW, "THE ADVENTURES OF ROCKY AND BULLWINKLE AND FRIENDS")

Rick Howard: You all know that I study infosec history so that I can understand the current state of our cybersecurity community. From my view, you can't really understand the significance of some new development unless you know the path of how we got here. Case in point, with the ongoing Russia and Ukraine war in the news, we are hearing a lot of cybersecurity pundits wondering why we haven't seen a massive Russian cyber takedown of Ukraine similar to what we saw in the aftermath of the NotPetya attacks in 2017. From my point of view, those pundits just don't know the history.

(SOUNDBITE OF TV SHOW, "THE ADVENTURES OF ROCKY AND BULLWINKLE AND FRIENDS")

Bill Scott: (As Mr. Peabody) Hello there. Peabody here. Once again, it is time to take another revealing peek back into history.

Rick Howard: So let's set the Wayback Machine to 1988. Back then, the Russians got on the offensive cyber operations board first when they sponsored the first ever public cyber-espionage campaign using East German hacker mercenaries that targeted U.S. governmental agencies. This was made famous by Dr. Clifford Stoll in his paper "Stalking the Wily Hacker" and subsequent Cybersecurity Canon Hall of Fame book "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." By 1991, the Soviet Union had collapsed and subsequently sparked the liberation of Ukraine. By 1996, five years later, the Pentagon, NASA and some affiliated academic and laboratory facilities noticed a series of Russian probes and attacks against their networks. The military gave it a cool codename, Moonlight Maze.

Rick Howard: Fast-forward a decade to 2007, Russia launched DDoS attacks against Estonia in response to Estonia's decision to relocate a Soviet-era war monument from the center of one of its cities, Tallinn. At the time, all the pundits touted the DDoS attack as the first-ever act of cyberwarfare. The next year, 2008, in support of the Russian military rolling tanks into the country of Georgia, they also launched crippling cyberattacks against government agencies, academic institutions and commercial and private financial targets. That same year, they also penetrated the Pentagon's classified networks. Fast-forward another decade to 2013, General Valery Gerasimov, the chief of the general staff of the Russian Federation, established the unofficial Gerasimov Doctrine that advocates for asymmetric targets, physical and virtual critical infrastructure, including outer space, across the spectrum during war.

Rick Howard: In 2014, Russia annexed Crimea, attacked Ukraine's power grid for the first time with cyberweapons and attempted to change Ukraine's election. That same year, the U.S. discovered the Russian cyber forces had penetrated the electrical grid, the White House, the DNC - the Democratic National Committee - and the State Department. The following year, 2015, Russia stole NSA classified documents by backdooring Kaspersky anti-virus software and also penetrated the German lower house of parliament. That same year, they caused a second power outage in Ukraine. By the next year, 2016, the Russians penetrated Secretary Clinton's campaign networks and managed to steal offensive cyberweapons from the NSA's TAO office, or Tailored Access Operations office, and release them to the public via the Shadow Brokers.

Rick Howard: This is not to mention in the same category the massive influence operation they conducted against U.S. citizens to influence the presidential election of that year. They also hit Ukraine's power grid a third time and the World Anti-Doping Agency. The next year, 2017, Russia launched the NotPetya attack against Ukraine that destroyed pieces of the country's critical infrastructure in line with the Gerasimov Doctrine and caused collateral damage to other organizations around the world. They also managed to penetrate the U.S. Wolf Creek Nuclear Operating Corporation, scaring the crap out of all of us for a short bit. They further got into Petro Rabigh, the Saudi petrochemical plant and oil refinery, and the German Defense Ministry.

(SOUNDBITE OF MUSIC)

Rick Howard: Without knowing that history, Pundits have expressed their confusion about the fact that the Russians haven't launched, as of this writing, some massively crippling cyberattack directed against Ukraine along the same lines of the 2017 NotPetya attacks. But as you look at their history conducting espionage, influence operations and low-level cyber conflict operations, you can see that the Russians are absolutely following their own unofficial Gerasimov Doctrine across the spectrum of physical and virtual attacks. Offensive cyber was never going to be the only lever the Russian warfighting machine was going to pull. Offensive cyber was most likely only going to be in support of the main physical tank offensive. That might change if the Ukrainians have success and the West pushes Russia further and further into a corner with sanctions. President Biden and CISA, the Cybersecurity and Infrastructure Security Agency, have said to be ready for that. Here is Jen Easterly, the associate director, getting air viewed on the American news program "60 Minutes" on the 18 of April.

(SOUNDBITE OF TV SHOW, "60 MINUTES")

Jen Easterly: We are seeing evolving intelligence about Russian planning for potential attacks. And we have to assume that there is going to be a breach, there's going to be an incident, there's going to be an attack.

Unidentified Journalist: Jen Easterly is director of the Cybersecurity and Infrastructure Security Agency. Known by its acronym, CISA, the agency helped secure computer networks in 16 sectors deemed vital to national security like energy, finance and communications.

Jen Easterly: Anything that can impact critical infrastructure.

Unidentified Journalist: When you've got someone like Vladimir Putin who just doesn't seem to care about norms, how do you protect against that?

Jen Easterly: Yeah. I think we are dealing with a very dangerous, very sophisticated, very well-resourced cyber actor. And that's why we've been telling everybody consistently, shields up. What does that mean? It means assume there will be disruptive cyber activity and make sure you are prepared for it.

Rick Howard: So far, though, we aren't quite there yet. As I said at the top of this bonus material, Steve Winterfeld sending some comments on the very first hacker movie. Here's Steve.

Steve Winterfeld: So, Rick, I will tell you, the one thing we've probably argued about the most over the years is the best hacker movies or hacker movies in general and what they mean. But a trivia point from a historical note, I think the first hacker movie ever was "Hot Millions" in 1968.

Rick Howard: According to IMDB, "Hot Millions" is about a Cockney con artist named Marcus Pemberton, played by the late, great Sir Peter Ustinov, a two-time Oscar winner for his roles in "Spartacus" in 1960 and "Topkapi" in 1964. But he's probably best known to our audience as the guy who played Prince John in the Disney animated movie "Robin Hood." And he also had a cameo in "The Great Muppet Caper" of 1981. Ustinov, just out of prison, replaces an insurance company's computer programmer and sends claim cheques to himself in various guises at addresses all over Europe.

Steve Winterfeld: It was amazing. It had social engineering. And it had hardware hacking. It was just - it was so ahead of its time. So any of your listeners who haven't seen "Hot Millions," please go and find it. We can debate what the best hacker movies are and that argument goes by generation, but the first one is well worth a watch.

Rick Howard: Thanks for listening to this bonus material of "CSO Perspectives." We'll see you next week.

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.