I’ve wanted for some time to increase the number of book reviews I publish and to get them up a little faster. I’ve been re-reading a bunch of my computer security books and the review for today is Computer Capers: Tales of electronic thievery embezzlement and fraud. This is a great, timely, interesting, and of current interest to anybody who is involved in the information security field. It was also published in 1978.
Based extensively on the work from Stanford Research Institute who looked into computer security and exploitation in the early 1970s the book by anecdote details a long list of crimes and frauds that occurred and the risks and solutions needed for information security. One of the first anecdotes that comes to mind is the misdirection of rail road box cars which was associated with the theft of military goods (p36). This highlights that to steal you don’t have to take something yourself but use the logistical system behind the valuables you wish to purloin to have them deliver it to you.
The issue that the author brings up early is the concept of legal versus computer considerations of crime. The author details what might be the first search warrant on a computing system in 1971 (p46-47). The case was espionage and a company called I.S.D. had property stolen. The police gathered and recorded all the information from another company called U.C.C. this was a case of corporate espionage. This would become a continuing thread of corporations stealing from each other.
The author details an interesting historical story about the Naval Research Laboratory requesting a report on “Subversion of a secure operating system”. This report would be used on a Univac and IBM system. The author LTC Roger R. Schell had been working on this type of security since 1972 (p117). This then became the first red team exercise (as we would call it now) in 1973-74 of penetration testing of systems. It is interesting to note that these people used similar language and methods to how penetration testing is currently done.
Why read these older books? American culture is rife with forms of youth worship and ageism. This is forced upon the intellectual and academic world with the steel hand of idiocy and forgetfulness. In the technology world where generations are measured in weeks and two years can be multiple release cycles a lot of things are lost. This has resulted in a lot of reinvention of security mechanisms as bloat and rot take out the previous security architectures. So, we keep coming back to zero to start running again. Understanding not necessarily the specifics but the patterns of information security history allows us to see the blind alleys, and vistas of previous escapades.